Catalyst 3550 Config Guide Full

Catalyst 3550 Multilayer Switch Software Configuration GuideCisco IOS Release 12.1(6)EA1 November 2001

Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100

Customer Order Number: DOC-7811194= Text Part Number: 78-11194-02

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. AccessPath, AtmDirector, Browse with Me, CCIP, CCSI, CD-PAC, CiscoLink, the Cisco Powered Network logo, Cisco Systems Networking Academy, the Cisco Systems Networking Academy logo, Fast Step, Follow Me Browsing, FormShare, FrameShare, GigaStack, IGX, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, MGX, the Networkers logo, Packet, RateMUX, ScriptBuilder, ScriptShare, SlideCast, SMARTnet, TransPath, Unity, Voice LAN, Wavelength Router, and WebViewer are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All Thats Possible, and Empowering the Internet Generation, are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastSwitch, IOS, IP/TV, LightStream, MICA, Network Registrar, PIX, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0108R) Catalyst 3550 Multilayer Switch Software Configuration Guide Copyright 2001, Cisco Systems, Inc. All rights reserved.

C O N T E N T S

Preface

xxv xxv xxv xxvi xxviii xxix

Audience Purpose

Organization Conventions

Related Publications

Obtaining Documentation xxix World Wide Web xxix Documentation CD-ROM xxix Ordering Documentation xxx Documentation Feedback xxx Obtaining Technical Assistance xxx Cisco.com xxxi Technical Assistance Center xxxi Cisco TAC Web Site xxxi Cisco TAC Escalation Center xxxii1

CHAPTER

Overview Features

1-1 1-1

Management Options 1-6 Management Interface Options 1-6 Advantages of Using CMS and Clustering Switches

1-7

Network Configuration Examples 1-8 Design Concepts 1-8 Small to Medium-Sized Network Using Mixed Switches 1-12 Large Network Using Only Catalyst 3550 Switches 1-14 Multidwelling Network Using Catalyst 3550 Switches 1-152

CHAPTER

Using the Command-Line Interface IOS Command Modes Getting Help2-3 2-3 2-1

2-1

Abbreviating Commands

Using no and default Forms of Commands

2-4

Catalyst 3550 Multilayer Switch Software Configuration Guide 78-11194-02

iii

Contents

Understanding CLI Messages

2-4

Using Command History 2-5 Changing the Command History Buffer Size 2-5 Recalling Commands 2-5 Disabling the Command History Feature 2-5 Using Editing Features 2-6 Enabling and Disabling Editing Features 2-6 Editing Commands through Keystrokes 2-6 Editing Command Lines that Wrap 2-8 Searching and Filtering Output of show and more Commands Accessing the CLI32-9 2-8

CHAPTER

Getting Started with CMS Features3-2

3-1

Front Panel View 3-3 Cluster Tree 3-5 Front-Panel Images 3-6 System LED 3-6 Redundant Power System LED Port Modes and LEDs 3-8 Topology View 3-9 Topology Icons 3-11 Device Labels 3-12

3-7

Menus and Toolbar 3-13 Menu Bar 3-13 Toolbar 3-19 Front Panel View Popup Menus 3-20 Port Popup Menu 3-20 Device Popup Menu 3-20 Topology View Popup Menus 3-21 Link Popup Menu 3-21 Device Popup Menus 3-21 Interaction Modes 3-23 Guide Mode 3-23 Expert Mode 3-23 Wizards3-23 3-24

Online Help

Catalyst 3550 Multilayer Switch Software Configuration Guide

iv

78-11194-02

Contents

CMS Window Components Host Name List 3-26 Tabs, Lists, and Tables Buttons 3-26 Accessing CMS 3-27 HTTP Access to CMS

3-25

3-26

3-27

Verifying Your Changes 3-28 Change Notification 3-28 Error Checking 3-28 Saving Your Changes Where to Go Next43-28 3-29

Using Different Versions of Web-Based Switch Management Software3-29

CHAPTER

Assigning the Switch IP Address and Default Gateway Understanding the Boot Process4-1

4-1

Assigning Switch Information 4-2 Default Switch Information 4-3 Understanding DHCP-Based Autoconfiguration DHCP Client Request Process 4-4 Configuring the DHCP Server 4-5 Configuring the TFTP Server 4-5 Configuring the DNS 4-6 Configuring the Relay Device 4-6 Obtaining Configuration Files 4-7 Example Configuration 4-8 Manually Assigning IP Information 4-10 Checking and Saving the Running Configuration

4-3

4-10

Modifying the Startup Configuration 4-12 Default Boot Configuration 4-12 Automatically Downloading a Configuration File 4-12 Specifying the Filename to Read and Write the System Configuration Booting Manually 4-13 Booting a Specific Software Image 4-14 Controlling Environment Variables 4-15 Scheduling a Reload of the Software Image 4-17 Configuring a Scheduled Reload 4-17 Displaying Scheduled Reload Information 4-18

4-13


v

Contents

CHAPTER

5

Clustering Switches

5-1

Understanding Switch Clusters 5-2 Command Switch Characteristics 5-2 Standby Command Switch Characteristics 5-3 Candidate and Member Switches Characteristics

5-3

Planning a Switch Cluster 5-4 Automatic Discovery of Cluster Candidates and Members 5-4 Connectivity Considerations for Automatic Discovery 5-6 HSRP and Standby Command Switches 5-11 Automatic Recovery of Cluster Configuration 5-11 Considerations for Cluster Standby Groups 5-12 IP Addresses 5-13 Host Names 5-13 Passwords 5-14 SNMP Community Strings 5-14 Availability of Switch-Specific Features in Switch Clusters 5-14 Creating a Switch Cluster 5-15 Enabling a Command Switch 5-15 Adding Members Switches 5-16 Creating a Cluster Standby Group 5-18 Verifying a Switch Cluster 5-19 Using the CLI to Manage Switch Clusters 5-20 Catalyst 2820 and Catalyst 1900 CLI Considerations Using SNMP to Manage Switch Clusters65-21 5-20

CHAPTER

Administering the Switch

6-1 6-1

Preventing Unauthorized Access to Your Switch

Protecting Access to Privileged EXEC Commands 6-2 Default Password and Privilege Level Configuration 6-3 Setting or Changing a Static Enable Password 6-3 Protecting Enable and Enable Secret Passwords with Encryption Setting a Telnet Password for a Terminal Line 6-5 Configuring Username and Password Pairs 6-6 Configuring Multiple Privilege Levels 6-7 Setting the Privilege Level for a Command 6-7 Changing the Default Privilege Level for Lines 6-8 Logging into and Exiting a Privilege Level 6-9

6-4


vi

78-11194-02

Contents

Controlling Switch Access with TACACS+ 6-9 Understanding TACACS+ 6-9 TACACS+ Operation 6-11 Configuring TACACS+ 6-12 Default TACACS+ Configuration 6-12 Identifying the TACACS+ Server Host and Setting the Authentication Key 6-12 Configuring TACACS+ Login Authentication 6-13 Configuring TACACS+ Authorization for EXEC Access and Network Services 6-15 Starting TACACS+ Accounting 6-16 Displaying the TACACS+ Configuration 6-16 Configuring the Switch for Local Authentication and Authorization Managing the System Time and Date 6-17 Understanding the System Clock 6-18 Understanding Network Time Protocol 6-18 Configuring NTP 6-20 Default NTP Configuration 6-20 Configuring NTP Authentication 6-21 Configuring NTP Associations 6-22 Configuring NTP Broadcast Service 6-23 Configuring NTP Access Restrictions 6-24 Configuring the Source IP Address for NTP Packets 6-27 Displaying the NTP Configuration 6-27 Configuring Time and Date Manually 6-27 Setting the System Clock 6-28 Displaying the Time and Date Configuration 6-28 Configuring the Time Zone 6-29 Configuring Summer Time (Daylight Saving Time) 6-30 Configuring a System Name and Prompt 6-32 Default System Name and Prompt Configuration Configuring a System Name 6-32 Configuring a System Prompt 6-33 Understanding DNS 6-33 Default DNS Configuration 6-34 Setting Up DNS 6-34 Displaying the DNS Configuration 6-35 Creating a Banner 6-35 Default Banner Configuration 6-35 Configuring a Message-of-the-Day Login Banner Configuring a Login Banner 6-376-32 6-16

6-36


vii

Contents

Managing the MAC Address Table 6-37 Building the Address Table 6-38 MAC Addresses and VLANs 6-38 Default MAC Address Table Configuration 6-39 Changing the Address Aging Time 6-39 Removing Dynamic Address Entries 6-40 Adding and Removing Static Address Entries 6-40 Displaying Address Table Entries 6-41 Optimizing System Resources for User-Selected Features Using the Templates 6-4376-42

CHAPTER

Configuring Interface Characteristics Understanding Interface Types 7-1 Port-Based VLANs 7-2 Switch Ports 7-2 Access Ports 7-2 Trunk Ports 7-3 EtherChannel Port Groups 7-3 Switch Virtual Interfaces 7-4 Routed Ports 7-4 Connecting Interfaces 7-5

7-1

Using the Interface Command 7-6 Procedures for Configuring Interfaces 7-7 Configuring a Range of Interfaces 7-8 Configuring and Using Interface Range Macros

7-11

Configuring Layer 2 Interfaces 7-12 Default Layer 2 Ethernet Interface Configuration 7-13 Configuring Interface Speed and Duplex Mode 7-13 Configuration Guidelines 7-14 Setting the Interface Speed and Duplex Parameters Configuring IEEE 802.3X Flow Control 7-15 Adding a Description for an Interface 7-17 Monitoring and Maintaining the Layer 2 Interface 7-18 Monitoring Interface and Controller Status 7-18 Clearing and Resetting Interfaces and Counters 7-20 Shutting Down and Restarting the Interface 7-20 Configuring Layer 3 Interfaces7-22

7-14


viii

78-11194-02

Contents

CHAPTER

8

Creating and Maintaining VLANs

8-1

Understanding VLANs 8-1 Number of Supported VLANs 8-2 VLAN Port Membership Modes 8-3 Using the VLAN Trunking Protocol 8-3 The VTP Domain and VTP Modes 8-4 VTP Advertisements 8-5 VTP Version 2 8-6 VTP Pruning 8-6 Configuring VTP 8-8 Default VTP Configuration 8-8 VTP Configuration Guidelines 8-8 Configuring a VTP Server 8-10 Configuring a VTP Client 8-11 Disabling VTP (VTP Transparent Mode) Enabling VTP Version 2 8-12 Enabling VTP Pruning 8-13 Monitoring VTP 8-13

8-11

VLANs in the VTP Database 8-15 Token Ring VLANs 8-15 Default VLAN Configuration 8-15 VLAN Configuration Guidelines 8-16 Configuring VLANs in the VTP Database 8-17 Adding an Ethernet VLAN 8-17 Modifying an Ethernet VLAN 8-18 Deleting a VLAN from the Database 8-18 Assigning Static-Access Ports to a VLAN 8-19 Displaying VLANs in the VTP Database 8-21 Understanding VLAN Trunks 8-22 Trunking Overview 8-22 Encapsulation Types 8-23 802.1Q Configuration Considerations 8-24 Default Layer 2 Ethernet Interface VLAN Configuration 8-24 Configuring an Ethernet Interface as a Trunk Port 8-25 Configuring a Trunk Port 8-25 Defining the Allowed VLANs on a Trunk 8-27 Changing the Pruning-Eligible List 8-28 Configuring the Native VLAN for Untagged Traffic 8-29


ix

Contents

Load Sharing Using STP 8-29 Load Sharing Using STP Port Priorities 8-30 Configuring STP Port Priorities and Load Sharing 8-30 Load Sharing Using STP Path Cost 8-32 Configuring STP Path Costs and Load Sharing 8-32 Understanding VMPS 8-33 Dynamic Port VLAN Membership 8-34 VMPS Database Configuration File 8-34 VMPS Configuration Guidelines 8-36 Default VMPS Configuration 8-37 Configuring an Interface as a Layer 2 Dynamic Access Port 8-37 Entering the IP Address of the VMPS 8-37 Configuring Dynamic Access Ports on VMPS Clients 8-38 Reconfirming VLAN Memberships 8-39 Changing the Reconfirmation Interval 8-39 Changing the Retry Count 8-39 Administering and Monitoring the VMPS 8-40 Troubleshooting Dynamic Port VLAN Membership 8-40 Dynamic Port VLAN Membership Configuration Example 8-409

CHAPTER

Configuring STP

9-1

Understanding Basic STP Features 9-1 Supported STP Instances 9-2 STP Overview 9-2 Election of the Root Switch 9-3 Bridge Protocol Data Units 9-3 STP Timers 9-4 Creating the STP Topology 9-4 STP Interface States 9-5 Blocking State 9-6 Listening State 9-7 Learning State 9-7 Forwarding State 9-7 Disabled State 9-7 MAC Address Allocation 9-8 STP Address Management 9-8 STP and IEEE 802.1Q Trunks 9-8 VLAN-Bridge STP 9-8 STP and Redundant Connectivity 9-9


x

78-11194-02

Contents

Accelerated Aging to Retain Connectivity

9-9

Understanding Advanced STP Features 9-10 Understanding Port Fast 9-10 Understanding BPDU Guard 9-11 Understanding UplinkFast 9-12 Understanding Cross-Stack UplinkFast 9-13 How CSUF Works 9-14 Events that Cause Fast Convergence 9-15 Limitations 9-16 Connecting the Stack Ports 9-16 Understanding BackboneFast 9-18 Understanding Root Guard 9-20 Configuring Basic STP Features 9-21 Default STP Configuration 9-21 Disabling STP 9-22 Configuring the Root Switch 9-22 Configuring a Secondary Root Switch 9-24 Configuring STP Port Priority 9-25 Configuring STP Path Cost 9-26 Configuring the Switch Priority of a VLAN 9-27 Configuring the Hello Time 9-28 Configuring the Forwarding-Delay Time for a VLAN 9-28 Configuring the Maximum-Aging Time for a VLAN 9-29 Configuring STP for Use in a Cascaded Stack 9-29 Displaying STP Status 9-30 Configuring Advanced STP Features 9-31 Configuring Port Fast 9-31 Configuring BPDU Guard 9-32 Configuring UplinkFast for Use with Redundant Links Configuring Cross-Stack UplinkFast 9-34 Configuring BackboneFast 9-35 Configuring Root Guard 9-3510

9-33

CHAPTER

Configuring IGMP Snooping and MVR Understanding IGMP Snooping 10-1 Joining a Multicast Group 10-2 Leaving a Multicast Group 10-4 Immediate-Leave Processing 10-4

10-1


xi

Contents

Configuring IGMP Snooping 10-5 Default IGMP Snooping Configuration 10-5 Enabling or Disabling IGMP Snooping 10-5 Setting the Snooping Method 10-6 Configuring a Multicast Router Port 10-7 Configuring a Host Statically to Join a Group 10-8 Enabling IGMP Immediate-Leave Processing 10-9 Displaying IGMP Snooping Information10-9

Understanding Multicast VLAN Registration 10-12 Using MVR in a Multicast Television Application Configuring MVR 10-14 Configuration Guidelines and Limitations 10-14 Default MVR Configuration 10-14 Configuring MVR Global Parameters 10-15 Configuring MVR Interfaces 10-16 Displaying MVR Information1110-18

10-12

CHAPTER

Configuring Traffic Suppression and Traffic Control Understanding Traffic Suppression11-1

11-1

Configuring Traffic Suppression 11-2 Default Traffic Suppression Configuration Enabling Traffic Suppression 11-3 Disabling Traffic Suppression 11-4 Configuring Protected Ports11-5

11-3

Configuring Port Blocking 11-6 Blocking Flooded Traffic on an Interface 11-6 Resuming Normal Forwarding on a Port 11-7 Displaying and Monitoring Traffic Suppression and Control1211-8

CHAPTER

Configuring CDP

12-1 12-1

Understanding CDP

Configuring CDP 12-2 Default CDP Configuration 12-2 Configuring the CDP Characteristics 12-2 Disabling and Enabling CDP 12-3 Disabling and Enabling CDP on an Interface Monitoring and Maintaining CDP12-5

12-4


xii

78-11194-02

Contents

CHAPTER

13

Configuring UDLD

13-1 13-1

Understanding UDLD

Configuring UDLD 13-3 Default UDLD Configuration 13-3 Enabling UDLD Globally 13-3 Enabling UDLD on an Interface 13-4 Resetting an Interface Shut Down by UDLD Displaying UDLD Status1413-5

13-4

CHAPTER

Configuring SPAN

14-1

Understanding SPAN 14-1 SPAN Concepts and Terminology 14-2 SPAN Session 14-2 Traffic Types 14-3 Source Port 14-4 Destination Port 14-4 VLAN-Based SPAN 14-5 SPAN Traffic 14-5 SPAN Interaction with Other Features 14-5 Configuring SPAN 14-6 Default SPAN Configuration 14-7 SPAN Configuration Guidelines 14-7 Creating a SPAN Session and Specifying Ports to Monitor Removing Ports from a SPAN Session 14-10 Specifying VLANs to Monitor 14-11 Specifying VLANs to Filter 14-12 Displaying SPAN Status1514-13

14-8

CHAPTER

Configuring RMON

15-1 15-1

Understanding RMON

Configuring RMON 15-2 Default RMON Configuration 15-3 Configuring RMON Alarms and Events 15-3 Configuring RMON Collection on an Interface Displaying RMON Status15-6

15-5


xiii

Contents

CHAPTER

16

Configuring System Message Logging

16-1 16-1

Understanding System Message Logging

Configuring System Message Logging 16-2 System Log Message Format 16-2 Default System Message Logging Configuration 16-3 Disabling and Enabling Message Logging 16-4 Setting the Message Display Destination Device 16-4 Synchronizing Log Messages 16-6 Enabling and Disabling Timestamps on Log Messages 16-7 Enabling and Disabling Sequence Numbers in Log Messages 16-8 Defining the Message Severity Level 16-8 Limiting Syslog Messages Sent to the History Table and to SNMP 16-10 Configuring UNIX Syslog Servers 16-10 Logging Messages to a UNIX Syslog Daemon 16-11 Configuring the UNIX System Logging Facility 16-11 Displaying the Logging Configuration1716-12

CHAPTER

Configuring SNMP

17-1

Understanding SNMP 17-1 SNMP Versions 17-2 SNMP Manager Functions 17-2 SNMP Agent Functions 17-3 SNMP Community Strings 17-3 Using SNMP to Access MIB Variables

17-3

Configuring SNMP 17-4 Default SNMP Configuration 17-4 Disabling the SNMP Agent 17-5 Configuring Community Strings 17-5 Configuring Trap Managers and Enabling Traps 17-7 Setting the Agent Contact and Location Information 17-9 Limiting TFTP Servers Used Through SNMP 17-9 SNMP Examples 17-10 Displaying SNMP Status1817-10

CHAPTER

Configuring Network Security with ACLs Understanding ACLs 18-1 Supported ACLs 18-2 Router ACLs 18-2 VLAN Maps 18-3

18-1


xiv

78-11194-02

Contents

Handling Fragmented and Unfragmented Traffic

18-4

Configuring Router ACLs 18-5 Hardware and Software Handling of Router ACLs 18-5 Unsupported Features 18-6 Creating Standard and Extended IP ACLs 18-6 Access List Numbers 18-7 Creating a Numbered Standard Access List 18-8 Creating a Numbered Extended Access List 18-9 Creating Standard and Extended Access Lists Using Names Applying Time Ranges to Access Lists 18-15 Including Comments About Entries in ACLs 18-18 Applying the ACL to an Interface or Terminal Line 18-18 Displaying Access Lists and Access Groups 18-20 ACL Configuration Examples 18-22 Numbered Access Lists 18-24 Extended Access Lists 18-24 Named Access Lists 18-24 Time Range Applied to an IP Access List 18-25 Commented IP Access List Entries 18-25 Access List Logging 18-26 Configuring VLAN Maps 18-27 VLAN Map Configuration Guidelines 18-28 Creating Named MAC Extended Access Lists 18-28 Creating a VLAN Map 18-30 Examples of ACLs and VLAN Maps 18-30 Applying a VLAN Map to a VLAN 18-32 Displaying VLAN Map Information 18-33 Using VLAN Maps in Your Network 18-33 Wiring Closet Configuration 18-34 Denying Access to a Server on Another VLAN 18-35

18-14

Using VLAN Maps with Router ACLs 18-36 Guidelines 18-36 Determining if the ACL Configuration Fits in Hardware 18-37 Examples of Router ACLs and VLAN Maps Applied to VLANs 18-39 ACLs and Switched Packets 18-39 ACLs and Bridged Packets 18-40 ACLs and Routed Packets 18-41 ACLs and Multicast Packets 18-42


xv

Contents

CHAPTER

19

Configuring QoS

19-1

Understanding QoS 19-1 Basic QoS Model 19-3 Classification 19-4 Classification Based on QoS ACLs 19-7 Classification Based on Class Maps and Policy Maps 19-7 Policing and Marking 19-8 Mapping Tables 19-10 Queueing and Scheduling 19-11 Queueing and Scheduling on Gigabit-Capable Ports 19-11 Queueing and Scheduling on 10/100 Ethernet Ports 19-14 Packet Modification 19-16 Configuring QoS 19-17 Default QoS Configuration 19-17 Configuration Guidelines 19-19 Enabling QoS Globally 19-20 Configuring Classification Using Port Trust States 19-20 Configuring the Trust State on Ports within the QoS Domain 19-21 Configuring the CoS Value for an Interface 19-23 Configuring the DSCP Trust State on a Port Bordering Another QoS Domain 19-24 Configuring a QoS Policy 19-25 Classifying Traffic by Using ACLs 19-26 Classifying Traffic by Using Class Maps 19-29 Classifying, Policing, and Marking Traffic by Using Policy Maps 19-31 Classifying, Policing, and Marking Traffic by Using Aggregate Policers 19-36 Configuring DSCP Maps 19-38 Configuring the CoS-to-DSCP Map 19-38 Configuring the IP-Precedence-to-DSCP Map 19-39 Configuring the Policed-DSCP Map 19-40 Configuring the DSCP-to-CoS Map 19-41 Configuring the DSCP-to-DSCP-Mutation Map 19-42 Configuring Egress Queues on Gigabit-Capable Ethernet Ports 19-43 Mapping CoS Values to Select Egress Queues 19-44 Configuring the Egress Queue Size Ratios 19-45 Configuring Tail-Drop Threshold Percentages 19-46 Configuring WRED Drop Thresholds Percentages 19-47 Configuring the Egress Expedite Queue 19-49 Allocating Bandwidth among Egress Queues 19-49


xvi

78-11194-02

Contents

Configuring Egress Queues on 10/100 Ethernet Ports 19-50 Mapping CoS Values to Select Egress Queues 19-51 Configuring the Minimum-Reserve Levels 19-52 Configuring the Egress Expedite Queue 19-53 Allocating Bandwidth among Egress Queues 19-53 Displaying QoS Information19-55

QoS Configuration Examples 19-55 QoS Configuration for the Common Wiring Closet 19-56 QoS Configuration for the Intelligent Wiring Closet 19-57 QoS Configuration for the Distribution Layer 19-5820

CHAPTER

Configuring EtherChannel

20-1

Understanding EtherChannel 20-1 Understanding Port-Channel Interfaces 20-2 Understanding the Port Aggregation Protocol 20-3 PAgP Modes 20-4 Physical Learners and Aggregate-Port Learners 20-5 PAgP Interaction with Other Features 20-5 Understanding Load Balancing and Forwarding Methods 20-5 Configuring EtherChannel 20-7 Default EtherChannel Configuration 20-7 EtherChannel Configuration Guidelines 20-8 Configuring Layer 2 EtherChannels 20-9 Configuring Layer 3 EtherChannels 20-11 Creating Port-Channel Logical Interfaces 20-11 Configuring the Physical Interfaces 20-12 Configuring EtherChannel Load Balancing 20-13 Configuring the PAgP Learn Method and Priority 20-14 Displaying EtherChannel and PAgP Status2120-16

CHAPTER

Configuring IP Unicast Routing Understanding Routing21-2

21-1

Steps for Configuring Routing

21-3

Configuring IP Addressing 21-4 Default Addressing Configuration 21-4 Assigning IP Addresses to Network Interfaces Use of Subnet Zero 21-8 Classless Routing 21-8

21-5


xvii

Contents

Configuring Address Resolution Methods 21-10 Define a Static ARP Cache 21-11 Set ARP Encapsulation 21-12 Enable Proxy ARP 21-13 Routing Assistance When IP Routing is Disabled 21-14 Proxy ARP 21-14 Default Gateway 21-15 ICMP Router Discovery Protocol (IRDP) 21-15 Configuring Broadcast Packet Handling 21-17 Enabling Directed Broadcast-to-Physical Broadcast Translation Forwarding UDP Broadcast Packets and Protocols 21-18 Establishing an IP Broadcast Address 21-20 Flooding IP Broadcasts 21-20 Monitoring and Maintaining IP Addressing 21-21 Enabling IP Routing21-24

21-17

Configuring RIP 21-25 RIP Authentication 21-28 Summary Addresses and Split Horizon

21-28

Configuring IGRP 21-30 Load Balancing and Traffic Distribution Control Split Horizon 21-34 Configuring OSPF 21-35 OSPF Interface Parameters 21-38 OSPF Area Parameters 21-39 Other OSPF Behavior Parameters 21-41 Change LSA Group Pacing 21-43 Loopback Interface 21-43 Monitoring OSPF 21-44 Configuring EIGRP 21-46 EIGRP Router Mode Commands 21-48 EIGRP Interface Mode Commands 21-49 Configure EIGRP Route Authentication Monitoring and Maintaining EIGRP 21-51

21-31

21-50

Configuring Protocol-Independent Features 21-53 Configuring Cisco Express Forwarding 21-53 Configuring the Number of Equal-Cost Routing Paths Configuring Static Routes 21-55 Specifying Default Routes 21-56 Specifying a Default Network 21-56Catalyst 3550 Multilayer Switch Software Configuration Guide

21-54

xviii

78-11194-02

Contents

Redistributing Routing Information 21-57 Filtering Routing Information 21-61 Setting Passive Interfaces 21-61 Controlling Advertising and Processing in Routing Updates Filtering Sources of Routing Information 21-62 Managing Authentication Keys 21-63 Monitoring and Maintaining the IP Network2221-64

21-62

CHAPTER

Configuring HSRP

22-1 22-1

Understanding HSRP

Configuring HSRP 22-3 Default HSRP Configuration 22-4 Enabling HSRP 22-4 Configuring HSRP Group Attributes 22-6 Configuring HSRP Priority 22-6 Configuring HSRP Authentication and Timers 22-8 Configuring HSRP Groups and Clustering 22-9 Displaying HSRP Configurations2322-10

CHAPTER

Configuring IP Multicast Routing

23-1

Cisco Implementation of IP Multicast Routing 23-2 Understanding IGMP 23-3 IGMP Version 1 23-3 IGMP Version 2 23-4 Understanding PIM 23-5 PIM Versions 23-5 PIM Modes 23-5 Auto-RP 23-8 Bootstrap Router 23-8 Multicast Forwarding and Reverse Path Check Neighbor Discovery 23-10 Understanding DVMRP 23-11 DVMRP Neighbor Discovery 23-11 DVMRP Route Table 23-11 DVMRP Source Distribution Tree 23-11 Understanding CGMP 23-11 Joining a Group with CGMP 23-12 Leaving a Group with CGMP 23-13

23-9


xix

Contents

Configuring IP Multicast Routing 23-13 Default Multicast Routing Configuration 23-13 Multicast Routing Configuration Guidelines 23-14 PIMv1 and PIMv2 Interoperability 23-14 Auto-RP and BSR Configuration Guidelines 23-15 Configuring Basic Multicast Routing 23-15 Configuring a Rendezvous Point 23-17 Manually Assigning an RP to Multicast Groups 23-17 Configuring Auto-RP 23-18 Configuring PIMv2 BSR 23-22 Using Auto-RP and a BSR 23-27 Monitoring the RP Mapping Information 23-27 Troubleshooting PIMv1 and PIMv2 Interoperability Problems Configuring Advanced PIM Features 23-28 Understanding PIM Shared Tree and Source Tree 23-28 Delaying the Use of PIM Shortest-Path Tree 23-29 Modifying the PIM Router-Query Message Interval 23-30

23-28

Configuring Optional IGMP Features 23-31 Default IGMP Configuration 23-31 Changing the IGMP Version 23-32 Changing the IGMP Query Timeout for IGMPv2 23-32 Changing the Maximum Query Response Time for IGMPv2 23-33 Configuring the Multilayer Switch as a Member of a Group 23-34 Controlling Access to IP Multicast Groups 23-35 Modifying the IGMP Host-Query Message Interval 23-36 Configuring the Multilayer Switch as a Statically Connected Member Configuring Optional Multicast Routing Features 23-37 Enabling CGMP Server Support 23-38 Configuring sdr Listener Support 23-39 Enabling sdr Listener Support 23-39 Limiting How Long an sdr Cache Entry Exists 23-39 Configuring the TTL Threshold 23-40 Configuring an IP Multicast Boundary 23-42 Configuring Basic DVMRP Interoperability Features 23-43 Configuring DVMRP Interoperability 23-44 Controlling Unicast Route Advertisements 23-44 Configuring a DVMRP Tunnel 23-46 Advertising Network 0.0.0.0 to DVMRP Neighbors 23-48 Responding to mrinfo Requests 23-49

23-36


xx

78-11194-02

Contents

Configuring Advanced DVMRP Interoperability Features 23-50 Enabling DVMRP Unicast Routing 23-50 Rejecting a DVMRP Nonpruning Neighbor 23-51 Controlling Route Exchanges 23-53 Limiting the Number of DVMRP Routes Advertised 23-53 Changing the DVMRP Route Threshold 23-54 Configuring a DVMRP Summary Address 23-54 Disabling DVMRP Autosummarization 23-56 Adding a Metric Offset to the DVMRP Route 23-56 Monitoring and Maintaining IP Multicast Routing 23-57 Clearing Caches, Tables, and Databases 23-58 Displaying System and Network Statistics 23-58 Monitoring IP Multicast Routing 23-5924

CHAPTER

Configuring MSDP

24-1

Understanding MSDP 24-1 MSDP Operation 24-2 MSDP Benefits 24-3 Configuring MSDP 24-4 Default MSDP Configuration 24-4 Configuring a Default MSDP Peer 24-4 Caching Source-Active State 24-6 Requesting Source Information from an MSDP Peer 24-8 Controlling Source Information that Your Switch Originates 24-8 Redistributing Sources 24-9 Filtering Source-Active Request Messages 24-11 Controlling Source Information that Your Switch Forwards 24-12 Using a Filter 24-12 Using TTL to Limit the Multicast Data Sent in SA Messages 24-14 Controlling Source Information that Your Switch Receives 24-14 Configuring an MSDP Mesh Group 24-16 Shutting Down an MSDP Peer 24-16 Including a Bordering PIM Dense-Mode Region in MSDP 24-17 Configuring an Originating Address other than the RP Address 24-18 Monitoring and Maintaining MSDP2524-19

CHAPTER

Configuring Fallback Bridging Configuring Fallback Bridging

25-1 25-1

Understanding Fallback Bridging

25-3Catalyst 3550 Multilayer Switch Software Configuration Guide

78-11194-02

xxi

Contents

Default Fallback Bridging Configuration 25-3 Creating a Bridge Group 25-4 Preventing the Forwarding of Dynamically Learned Stations Configuring the Bridge Table Aging Time 25-6 Filtering Frames by a Specific MAC Address 25-6 Adjusting Spanning-Tree Parameters 25-7 Changing the Switch Priority 25-8 Changing the Interface Priority 25-8 Assigning a Path Cost 25-9 Adjusting BPDU Intervals 25-10 Disabling the Spanning Tree on an Interface 25-12 Monitoring and Maintaining the Network2625-12

25-5

CHAPTER

Troubleshooting

26-1

Using Recovery Procedures 26-1 Recovering from Corrupted Software 26-2 Recovering from a Lost or Forgotten Password 26-2 Recovering from a Command Switch Failure 26-4 Replacing a Failed Command Switch with a Cluster Member 26-5 Replacing a Failed Command Switch with Another Switch 26-7 Recovering from Lost Member Connectivity 26-8 Preventing Autonegotiation Mismatches Diagnosing Connectivity Problems 26-9 Understanding Ping 26-9 Executing Ping 26-10 Understanding IP Traceroute 26-11 Executing IP Traceroute 26-11 Using Debug Commands 26-12 Enabling Debugging on a Specific Feature 26-13 Enabling All-System Diagnostics 26-13 Redirecting Debug and Error Message Output 26-14 Using the show forward Command Using the crashinfo FileA26-15 26-14 26-9

APPENDIX

Supported MIBs MIB ListA-1

A-1

Using FTP to Access the MIB Files

A-2


xxii

78-11194-02

Contents

APPENDIX

B

Working with the IOS File System, Configuration Files, and Software Images Working with the Flash File System B-1 Displaying Available File Systems B-2 Setting the Default File System B-3 Displaying Information about Files on a File System B-3 Changing Directories and Displaying the Working Directory Creating and Removing Directories B-4 Copying Files B-4 Deleting Files B-5 Creating, Displaying, and Extracting tar Files B-6 Creating a tar File B-6 Displaying the Contents of a tar File B-6 Extracting a tar File B-7 Displaying the Contents of a File B-8

B-1

B-3

Working with Configuration Files B-8 Guidelines for Creating and Using Configuration Files B-9 Configuration File Types and Location B-9 Creating a Configuration File By Using a Text Editor B-10 Copying Configuration Files By Using TFTP B-10 Preparing to Download or Upload a Configuration File By Using TFTP B-10 Downloading the Configuration File By Using TFTP B-11 Uploading the Configuration File By Using TFTP B-12 Copying Configuration Files By Using FTP B-12 Preparing to Download or Upload a Configuration File By Using FTP B-13 Downloading a Configuration File By Using FTP B-13 Uploading a Configuration File By Using FTP B-15 Copying Configuration Files By Using RCP B-16 Preparing to Download or Upload a Configuration File By Using RCP B-16 Downloading a Configuration File By Using RCP B-17 Uploading a Configuration File By Using RCP B-18 Clearing Configuration Information B-19 Clearing the Startup Configuration File B-19 Deleting a Stored Configuration File B-19 Working with Software Images B-19 Image Location on the Switch B-20 tar File Format of Images on a Server or Cisco.com B-20 Copying Image Files By Using TFTP B-21 Preparing to Download or Upload an Image File By Using TFTP Downloading an Image File By Using TFTP B-22

B-22


xxiii

Contents

Uploading an Image File By Using TFTP B-24 Copying Image Files By Using FTP B-25 Preparing to Download or Upload an Image File By Using FTP B-25 Downloading an Image File By Using FTP B-26 Uploading an Image File By Using FTP B-28 Copying Image Files By Using RCP B-29 Preparing to Download or Upload an Image File By Using RCP B-29 Downloading an Image File By Using RCP B-30 Uploading an Image File By Using RCP B-32C

APPENDIX

Unsupported CLI Commands

C-1

Access Control Lists C-1 Unsupported Privileged EXEC Commands

C-1

ARP Commands C-1 Unsupported Global Configuration Commands C-1 Unsupported Interface Configuration Commands C-1 FallBack Bridging C-2 Unsupported Privileged EXEC Commands C-2 Unsupported Global Configuration Commands C-2 Unsupported Interface Configuration Commands C-2 HSRP C-3 Unsupported Global Configuration Commands C-3 Unsupported Interface Configuration Commands C-3 IP Multicast Routing C-4 Unsupported Privileged EXEC Commands C-4 Unsupported Global Configuration Commands C-4 Unsupported Interface Configuration Commands C-5 IP Unicast Routing C-5 Unsupported Privileged EXEC or User EXEC Commands Unsupported Global Configuration Commands C-5 Unsupported Interface Configuration Commands C-6 Unsupported VPN Configuration Commands C-6 Unsupported VRF Configuration Commands C-6 Unsupported Route Map Commands C-6 MSDP C-7 Unsupported Privileged EXEC Commands C-7 Unsupported Global Configuration Commands C-7C-5

INDEX


xxiv

78-11194-02

PrefaceAudienceThis guide is for the networking professional managing the Catalyst 3550 switch, hereafter referred to as the switch or the multilayer switch (when it has the enhanced multilayer switch image installed). The enhanced multilayer switch image is shipped on all Catalyst 3550 Gigabit Ethernet switches; it is an orderable upgrade for Catalyst 3550 Fast Ethernet switches. Before using this guide, you should have experience working with the Cisco IOS and be familiar with the concepts and terminology of Ethernet and local area networking.

PurposeThis guide provides the information you need to configure Layer 2 and Layer 3 software features on your switch. It provides procedures for using the commands that have been created or changed for use with the Catalyst 3550 switch. It does not provide detailed information about these commands. For detailed information about these commands, refer to the Catalyst 3550 Multilayer Switch Command Reference for this release. For information about the standard IOS Release 12.1 commands, refer to the IOS documentation set available from the Cisco.com home page at Service and Support > Technical Documents. On the Cisco Product Documentation home page, select Release 12.1 from the Cisco IOS Software drop-down list. This guide also includes an overview of the Cluster Management Suite (CMS) web-based, switch management interface, which helps you create and manage clusters of switches. This guide does not provide field-level descriptions of the CMS windows nor does it provide the procedures for configuring switches and switch clusters from CMS. For all CMS window descriptions and procedures, refer to the CMS online help, which is integrated with the software image. This guide does not describe system messages you might encounter or how to install your switch. For more information, refer to the Catalyst 3550 Multilayer Switch System Message Guide for this release and to the Catalyst 3550 Multilayer Switch Hardware Installation Guide.


xxv

Preface Organization

OrganizationThis guide is organized into these chapters: Chapter 1, Overview, lists the software features of this release and provides examples of how the switch can be deployed in a network. Chapter 2, Using the Command-Line Interface, describes how to access the command modes, use the command-line interface (CLI), and describes CLI messages that you might receive. It also describes how to get help, abbreviate commands, use no and default forms of commands, use command history and editing features, and how to search and filter the output of show and more commands. Chapter 3, Getting Started with CMS, describes the Cluster Management Suite (CMS) web-based, switch management interface. For information on configuring your web browser and accessing CMS, refer to the release notes. For field-level descriptions of all CMS windows and procedures for using the CMS windows, refer to the online help. Chapter 4, Assigning the Switch IP Address and Default Gateway, describes how to create the initial switch configuration (for example, assign the switch IP address and default gateway information) by using a variety of automatic and manual methods. It also describes how to modify the switch startup configuration. Chapter 5, Clustering Switches, describes switch clusters and the considerations for creating and maintaining them. The online help provides the CMS procedures for configuring switch clusters. Configuring switch clusters is most easily performed through CMS; therefore, CLI procedures are not provided. Cluster commands are described in the Catalyst 3550 Multilayer Switch Command Reference. Chapter 6, Administering the Switch, describes how to perform one-time operations to administer your switch. It describes how to prevent unauthorized access to your switch through the use of passwords, privilege levels, and the Terminal Access Controller Access Control System Plus (TACACS+). It also describes how to set the system date and time, system name and prompt, create a login banner, how to manage the MAC address table, and how to optimize system resources for user-selected features. Chapter 7, Configuring Interface Characteristics, defines the types of Layer 2 and Layer 3 interfaces on the switch. It describes the interface command and provides procedures for configuring physical interfaces. Chapter 8, Creating and Maintaining VLANs, describes how to create and maintain VLANs. It includes information about VLAN modes, the VLAN Trunking Protocol (VTP) database, and the VLAN Membership Policy Server (VMPS). Chapter 9, Configuring STP, describes how to configure basic and advanced spanning-tree features on your switch. Chapter 10, Configuring IGMP Snooping and MVR, describes how to configure Layer 2 Internet Group Management Protocol (IGMP) snooping on your switch. It also describes Multicast VLAN Registration (MVR), a local IGMP snooping feature available on the switch. Chapter 11, Configuring Traffic Suppression and Traffic Control, describes how to reduce traffic storms by setting broadcast, multicast, and unicast traffic threshold levels; how to configure protected ports; and how to block unknown broadcast and unicast traffic. Chapter 12, Configuring CDP, describes how to configure Cisco Discovery Protocol (CDP) on your switch. Chapter 13, Configuring UDLD, describes how to configure the UniDirectional Link Detection (UDLD) feature. UDLD enables devices connected through fiber-optic or twisted-pair Ethernet cables to monitor the physical configuration of the cables and detect when a unidirectional link exists.


xxvi

78-11194-02

Preface Organization

Chapter 14, Configuring SPAN, describes how to configure Switch Port Analyzer (SPAN), which selects network traffic for analysis by a network analyzer such as a SwitchProbe device or other Remote Monitoring (RMON) probe. SPAN mirrors traffic received or sent (or both) on a source port, or traffic received on one or more source ports or source VLANs, to a destination port. Chapter 15, Configuring RMON, describes how to configure remote monitoring (RMON). The RMON feature, which is used with the Simple Network Management Protocol (SNMP) agent in the switch, means that you can monitor all the traffic flowing among switches on all connected LAN segments. Chapter 16, Configuring System Message Logging, describes how to configure system message logging. It describes the message format, how to change the message display destination device, limit the type of messages sent, configure UNIX server syslog daemon and define the UNIX system logging facility, and timestamp messages. Chapter 17, Configuring SNMP, describes how to configure the Simple Network Management Protocol (SNMP). It describes how to configure community strings, enable trap managers and traps, set the agent contact and location information, and how to limit TFTP servers used through SNMP. Chapter 18, Configuring Network Security with ACLs, describes how to configure network security on your switch using two types of access control lists (ACLs), router ACLs and VLAN maps. It describes how to apply ACLs to interfaces and provides examples. Chapter 19, Configuring QoS, describes how to configure quality of service (QoS) on your switch. With this feature, you can provide preferential treatment to certain traffic at the cost of others. Chapter 20, Configuring EtherChannel, describes how to bundle a set of individual ports into a single logical link on Layer 2 and Layer 3 interfaces. Chapter 21, Configuring IP Unicast Routing, describes how to configuring IP unicast routing on your switch, including configuring IP addressing features, Routing Information Protocol (RIP), Interior Gateway Routing Protocol (IGRP), Open Shortest Path First (OSPF) protocol, and Enhanced IGRP (EIGRP). To use this feature, you must have the enhanced multilayer switch image installed on your switch. Chapter 22, Configuring HSRP, describes how to use Hot Standby Router Protocol (HSRP) to provide routing redundancy for routing IP traffic without depending on the availability of any single router. To use this feature, you must have the enhanced multilayer switch image installed on your switch. Chapter 23, Configuring IP Multicast Routing, how to configuring IP multicast routing. It describes how to use and configure the Internet Group Management Protocol (IGMP), Protocol-Independent Multicast (PIM) protocol, Cisco Group Management Protocol (CGMP) server functionality, and how to inter-operate between PIM and Distance Vector Multicast Routing Protocol (DVMRP) domains. To use this feature, you must have the enhanced multilayer switch image installed on your switch. Chapter 24, Configuring MSDP, describes how to configure the Multicast Source Discovery Protocol (MSDP), which is a mechanism to connect multiple PIM sparse-mode domains. To use this feature, you must have the enhanced multilayer switch image installed on your switch. Chapter 25, Configuring Fallback Bridging, describes how to configure fallback bridging on your switch. With fallback bridging, you can bridge non-IP protocols between VLAN bridge domains and routed ports. To use this feature, you must have the enhanced multilayer switch image installed on your switch Chapter 26, Troubleshooting, describes how to identify and resolve software problems related to the IOS software.


xxvii

Preface Conventions

Appendix A, Supported MIBs, lists the supported MIBs for this release and how to use FTP to access the MIB files. Appendix B, Working with the IOS File System, Configuration Files, and Software Images, describes how to manipulate the Flash file system, how to copy configuration files, and how to archive (upload and download) software images. Appendix C, Unsupported CLI Commands, lists the unsupported command-line interface (CLI) commands that are displayed when you enter the question mark (?) at the switch prompt. The unsupported commands are listed by software feature and command mode.

ConventionsThis publication uses these conventions to convey instructions and information: Command descriptions use these conventions:

Commands and keywords are in boldface text. Arguments for which you supply values are in italic. Square brackets ([ ]) mean optional elements. Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements. Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional element.

Interactive examples use these conventions:

Terminal sessions and system displays are in screen font. Information you enter is in boldfacescreen

font.

Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Notes, cautions, and timesavers use these conventions and symbols:

Note

Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.

Caution

Means reader be careful. In this situation, you might do something that could result equipment damage or loss of data.

Timesaver

Means the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information.


xxviii

78-11194-02

Preface Related Publications

Related PublicationsThese documents provide complete information about the switch and are available from this Cisco.com site: http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/index.htm You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the Ordering Documentation section on page xxx.

Release Notes for the Catalyst 3550 Multilayer Switch (not orderable but available on Cisco.com)

Note

Switch requirements and procedures for initial configurations and software upgrades tend to change and therefore appear only in the release notes. Before installing, configuring, or upgrading the switch, refer to the release notes on Cisco.com for the latest information.

Catalyst 3550 Multilayer Switch Software Configuration Guide (order number DOC-7811194=) Catalyst 3550 Multilayer Switch Command Reference (order number DOC-7811195=) Catalyst 3550 Multilayer Switch System Message Guide (order number DOC-7811196=) Cluster Management Suite (CMS) online help (available only from the switch CMS software) Catalyst 3550 Multilayer Switch Hardware Installation Guide (order number DOC-7811358=) 1000BASE-T Gigabit Interface Converter Installation Note (not orderable but is available on Cisco.com) Catalyst GigaStack Gigabit Interface Converter Hardware Installation Guide (order number DOC-786460=)

Obtaining DocumentationThe following sections explain how to obtain documentation from Cisco Systems.

World Wide WebYou can access the most current Cisco documentation on the World Wide Web at the following URL: http://www.cisco.com Translated documentation is available at the following URL: http://www.cisco.com/public/countries_languages.shtml

Documentation CD-ROMCisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.


xxix

Preface Obtaining Technical Assistance

Ordering DocumentationCisco documentation is available in the following ways:

Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace: http://www.cisco.com/cgi-bin/order/order_root.pl

Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store: http://www.cisco.com/go/subscription

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation FeedbackIf you are reading Cisco product documentation on the World Wide Web, you can send us your comments by completing the online survey. When you display the document listing for this platform, click Give Us Your Feedback. After you display the survey, select the manual that you wish to comment on. Click Submit to send your comments to the Cisco documentation group. You can e-mail your comments to [email protected]. To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address: Cisco Systems, Inc. Attn: Document Resource Connection 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments.

Obtaining Technical AssistanceCisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.


xxx

78-11194-02


Cisco.comCisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world. Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to

Streamline business processes and improve productivity Resolve technical issues with online support Download and test software packages Order Cisco learning materials and merchandise Register for online skill assessment, training, and certification programs

You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL: http://www.cisco.com

Technical Assistance CenterThe Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center. Inquiries to Cisco TAC are categorized according to the urgency of the issue:

Priority level 4 (P4)You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration. Priority level 3 (P3)Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue. Priority level 2 (P2)Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available. Priority level 1 (P1)Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web SiteThe Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL: http://www.cisco.com/tac All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register: http://www.cisco.com/register/


xxxi


If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL: http://www.cisco.com/tac/caseopen If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation CenterThe Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case. To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.


xxxii

78-11194-02

C H A P T E R

1

OverviewThis chapter provides these topics about the Catalyst 3550 multilayer switch software:

Features, page 1-1 Management Options, page 1-6 Network Configuration Examples, page 1-8

FeaturesThe Catalyst 3550 software supports the hardware listed in the release notes. Table 1-1 describes the features supported in this release.

Note

Layer 3 (routing) features require that you have the enhanced multilayer switch image installed on your switch. The enhanced multilayer switch image is shipped on all Catalyst 3550 Gigabit Ethernet switches; it is an orderable upgrade for Catalyst 3550 Fast Ethernet switches.

Table 1-1

Features

Ease of Use and Ease of Deployment

Cluster Management Suite (CMS) software for simplifying switch and switch cluster management through a web browser, such as Netscape Communicator or Microsoft Internet Explorer, from anywhere in your intranet Switch clustering technology, in conjunction with CMS, for Unified configuration, monitoring, authentication, and software upgrade of multiple switches (refer to the release

notes for a list of eligible cluster members). Automatic discovery of candidate switches and creation of clusters of up to 16 switches that can be managed through

a single IP address. Extended discovery of cluster candidates that are not directly connected to the command switch. Note

Hot Standby Router Protocol (HSRP) for command-switch redundancy See the Advantages of Using CMS and Clustering Switches section on page 1-7. Refer to the release notes for the CMS and cluster hardware, software, and browser requirements.


1-1

Chapter 1 Features

Overview

Table 1-1

Features (continued)

Performance Enhancement

Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing bandwidth IEEE 802.3x flow control on all Ethernet ports EtherChannel for enhanced fault tolerance and for providing up to 8 Gbps (Gigabit EtherChannel) or 800 Mbps (Fast EtherChannel) full duplex of bandwidth between switches, routers, and servers Port Aggregation Protocol (PAgP) for automatic creation of EtherChannel links Per-port storm control for preventing broadcast, multicast, and unicast storms Port blocking on forwarding unknown unicast and multicast traffic Cisco Group Management Protocol (CGMP) server support and Internet Group Management Protocol (IGMP) snooping for IGMP versions 1 and 2: (For CGMP devices) CGMP for limiting multicast traffic to specified end stations and reducing overall network

traffic (For IGMP devices) IGMP snooping for limiting flooding of multicast traffic

Multicast VLAN registration (MVR) to continuously send multicast streams in a multicast VLAN while isolating the streams from subscriber VLANs for bandwidth and security reasons System Database Management (SDM) templates for allocating system resources to maximize support for user-selected features Dynamic Host Configuration Protocol (DHCP) for automating configuration of switch information (such as IP address, default gateway, host name, and Domain Name System [DNS] and Trivial File Transfer Protocol [TFTP] server names) Directed unicast requests to a DNS server for identifying a switch through its IP address and its corresponding host name and to a TFTP server for administering software upgrades from a TFTP server Address Resolution Protocol (ARP) for identifying a switch through its IP address and its corresponding Media Access Control (MAC) address Cisco Discovery Protocol (CDP) versions 1 and 2 for network topology discovery and mapping between the switch and other Cisco devices on the network Network Time Protocol (NTP) for providing a consistent timestamp to all switches from an external source Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses In-band management access through CMS In-band management access through up to 16 simultaneous Telnet connections for multiple command-line interface (CLI)-based sessions over the network In-band management access through Simple Network Management Protocol (SNMP) versions 1 and 2c get and set requests Out-of-band management access through the switch console port to a directly attached terminal or to a remote terminal through a serial connection or a modem For additional descriptions of the management interfaces, see the Management Options section on page 1-6.

Manageability Note


1-2

78-11194-02

Chapter 1

Overview Features

Table 1-1


Redundancy

Hot Standby Router Protocol (HSRP) for command switch and Layer 3 router redundancy UniDirectional Link Detection (UDLD) on all Ethernet ports for detecting and disabling unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free networks. STP has these features: Per-VLAN Spanning Tree (PVST) for balancing load across VLANs Port Fast mode for eliminating forward delay by enabling a port to immediately change from a blocking state to a

forwarding state UplinkFast, cross-stack UplinkFast, and BackboneFast for fast convergence after a spanning-tree topology change

and for achieving load balancing between redundant uplinks, including Gigabit uplinks and cross-stack Gigabit uplinks STP root guard for preventing switches outside the core of the network from becoming the STP root Note

The switch supports up to 128 instances of STP. Support for up to 1005 VLANs for assigning users to VLANs associated with appropriate network resources, traffic patterns, and bandwidth VLAN Query Protocol (VQP) for dynamic VLAN membership Inter-Switch Link (ISL) and IEEE 802.1Q trunking encapsulation on all ports for simplified network moves, adds, and changes; better management and control of broadcast and multicast traffic; and improved network security by establishing VLAN groups for high-security users and network resources Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for negotiating the type of trunking encapsulation (802.1Q or ISL) to be used VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting flooded traffic to links destined for stations receiving the traffic

VLAN Support


1-3

Chapter 1 Features

Overview

Table 1-1


Security

Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection against unauthorized configuration changes Multilevel security for a choice of security level, notification, and resulting actions Static MAC addressing for ensuring security Protected port option for restricting the forwarding of traffic to designated ports on the same switch Bridge Protocol Data Unit (BPDU) Guard for shutting down a Port Fast-configured port when an invalid configuration occurs Standard and extended IP access control lists (ACLs) for defining security policies on routed interfaces VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on information in the MAC, IP, and TCP/User Datagram Protocol (UDP) headers Source and destination MAC-based ACLs for filtering non-IP traffic Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for managing network security through a TACACS server

Quality of Service and Class of ServiceClassification

IP type-of-service/Differentiated Services Code Point (IP TOS/DSCP) and 802.1P class of service (CoS) marking priorities on a per-port basis for protecting the performance of mission-critical applications IP TOS/DSCP and 802.1P CoS marking based on flow-based packet classification (classification based on information in the MAC, IP, and TCP/UDP headers) for high-performance quality of service at the network edge, allowing for differentiated service levels for different types of network traffic and for prioritizing mission-critical traffic in the network Traffic-policing policies on the switch port for managing how much of the port bandwidth should be allocated to a specific traffic flow Aggregate policing for policing traffic flows in aggregate to restrict specific applications or traffic flows to metered, predefined rates Up to 128 policers on ingress Gigabit-capable Ethernet ports Up to eight policers on ingress 10/100 ports Up to eight policers per egress port (aggregate policers only) Out-of-profile markdown for packets that exceed bandwidth utilization limits Four egress queues on all switch ports. These queues can either be configured with the Weighted Round Robin (WRR) scheduling algorithm or configured with one queue as a strict priority queue and the other three queues for WRR. The strict priority queue must be empty before the other three queues are serviced. You can use the strict priority queue for mission-critical and time-sensitive traffic. Tail drop and Weight Random Early Detection (WRED) techniques for avoiding congestion on Gigabit Ethernet ports; tail drop for congestion avoidance on Fast Ethernet ports

Policing

Out-of-Profile

Egress Policing and Scheduling of Egress Queues


1-4

78-11194-02

Chapter 1

Overview Features

Table 1-1


Layer 3 Support

Hot Standby Router Protocol (HSRP) for Layer 3 router redundancy IP routing protocols for load balancing and for constructing scalable, routed backbones: Routing Information Protocol (RIP) versions 1 and 2 Open Shortest Path First (OSPF) Interior Gateway Routing Protocol (IGRP) and Enhanced IGRP (EIGRP)

IP routing between VLANs (inter-VLAN routing) for full Layer 3 routing between two or more VLANs, allowing each VLAN to maintain its own autonomous data-link domain Fallback bridging for forwarding non-IP traffic between two or more VLANs Static IP routing for manually building a routing table of network path information Equal-cost routing for load balancing and redundancy Internet Control Message Protocol (ICMP) and ICMP Router Discovery Protocol (IRDP) for using router advertisement and router solicitation messages to discover the addresses of routers on directly attached subnets Protocol-Independent Multicast (PIM) for multicast routing within the network, allowing for devices in the network to receive the multicast feed requested and for switches not participating in the multicast to be pruned. Includes support for PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode. Distance Vector Multicast Routing Protocol (DVMRP) tunnelling for interconnecting two multicast-enabled networks across non-multicast networks DHCP relay for forwarding UDP broadcasts, including IP address requests, from DHCP clients Switch LEDs that provide visual management of port- and switch-level status Switch Port Analyzer (SPAN) for traffic monitoring on any port or VLAN Four groups (history, statistics, alarm, and events) of embedded remote monitoring (RMON) agents for network monitoring and traffic analysis Syslog facility for logging system messages about authentication or authorization errors, resource issues, and time-out events

Monitoring


1-5

Chapter 1 Management Options

Overview

Management OptionsThe Catalyst 3550 switch is designed for plug-and-play operation: you need to configure only basic IP information for the switch and connect it to the other devices in your network. If you have specific network needs, you can configure and monitor the switchon an individual basis or as part of a switch clusterthrough its various management interfaces.

Management Interface OptionsYou can configure and monitor individual switches and switch clusters by using these interfaces:

CMSCMS is a graphical user interface that can be launched from anywhere in your network through a web browser such as Netscape Communicator or Microsoft Internet Explorer. CMS is already installed on the switch. Using CMS, you can fully configure and monitor a standalone switch, a specific cluster member, or an entire switch cluster. You can also display network topologies to gather link information and to display switch images to modify switch- and port-level settings. For more information about CMS, see Chapter 3, Getting Started with CMS.

CLIThe switch IOS CLI software is enhanced to support desktop- and multilayer-switching features. You can fully configure and monitor the switch and switch cluster members from the CLI. You can access the CLI either by connecting your management station directly to the switch console port or by using Telnet from a remote management station. For more information about the CLI, see Chapter 2, Using the Command-Line Interface.

SNMPSNMP provides a means to monitor and control the switch and switch cluster members. You can manage switch configuration settings, performance, security, and collect statistics by using SNMP management applications such as CiscoWorks2000 LAN Management Suite (LMS) and HP OpenView. You can manage the switch from an SNMP-compatible management station that is running platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive set of MIB extensions and four RMON groups. For more information about using SNMP, see Chapter 17, Configuring SNMP.


1-6

78-11194-02

Chapter 1

Overview Management Options

Advantages of Using CMS and Clustering SwitchesUsing CMS and switch clusters can simplify and minimize your configuration and monitoring tasks. You can use Cisco switch clustering technology to manage up to 16 interconnected, supported Catalyst switches through one IP address. This can conserve IP addresses if you have a limited number of them. CMS is the easiest interface to use and makes switch and switch cluster management accessible to authorized users from any PC on your network. By using switch clusters and CMS, you can

Manage and monitor interconnected Catalyst switches (refer to the release notes for a list of supported switches), regardless of their geographic proximity and interconnection media, including Ethernet, Fast Ethernet, Fast EtherChannel, Cisco GigaStack Gigabit Interface Converter (GBIC), Gigabit Ethernet, and Gigabit EtherChannel connections. Accomplish multiple configuration tasks from a single CMS window without needing to remember CLI commands to accomplish specific tasks. Apply actions from CMS to multiple ports and multiple switches at the same time. Here are some examples of configuring and managing multiple ports and switches: Port configuration such as speed and duplex settings Port and console port security NTP, STP, VLAN, and QoS configuration Inventory and statistic reporting and link- and switch-level monitoring and troubleshooting Group software upgrade

View a topology of interconnected devices to identify existing switch clusters and eligible switches that can join a cluster. You can also use the topology to quickly identify link information between switches. Monitor real-time status of a switch or multiple switches from the LEDs on the front-panel images. The system, redundant power system (RPS), and port LED colors on the images are similar to those used on the physical LEDs themselves. Use an interactive mode that takes you step-by-step through configuring complex, Layer 3 features such as: ACLs QoS IP routing Router redundancy

Use wizards that prompt you to provide only minimal required information to configure these features: QoS priorities on ports so that they give high priority to video traffic IP multicast routing on a device so that it can forward multicast packets as a part of a multicast

tree For more information about CMS, see Chapter 3, Getting Started with CMS. For more information about switch clusters, see Chapter 5, Clustering Switches.


1-7

Chapter 1 Network Configuration Examples

Overview

Network Configuration ExamplesThis section provides network configuration concepts and includes examples of using the switch in different network topologies.

Design ConceptsAs your network users compete for network bandwidth, it takes longer to send and receive data. When you configure your network, consider the bandwidth required by your network users and the relative priority of the network applications they use. Table 1-2 describes what can cause network performance to degrade and describes how you can configure your network to increase the bandwidth available to your network users.Table 1-2 Increasing Network Performance

Network Demands Too many users on a single network segment and a growing number of users accessing the Internet

Suggested Design Methods

Create smaller network segments so that fewer users share the bandwidth, and use VLANs and IP subnets to place the network resources in the same logical network as the users who access those resources most. Use full-duplex operation between the switch and its connected workstations. Connect global resourcessuch as servers and routers to which network users require equal accessdirectly to the high-speed switch ports so that they have their own high-speed segment. Use the EtherChannel feature between the switch and its connected servers and routers.

Increased power of new PCs, workstations, and servers High bandwidth demand from networked applications (such as e-mail with large attached files) and from bandwidth-intensive applications (such as multimedia)


1-8

78-11194-02

Chapter 1

Overview Network Configuration Examples

Bandwidth alone is not the only consideration when designing your network. As your network traffic profiles evolve, consider providing network services that can support applications for voice and data integration, multimedia integration, application prioritization, and security. Table 1-3 describes some network demands and how you can meet those demands.Table 1-3 Providing Network Services

Network Demands Efficient bandwidth usage for multimedia applications and guaranteed bandwidth for critical applications

Suggested Design Methods

Use IGMP snooping to efficiently forward multimedia and multicast traffic. Use other QoS mechanisms such as packet classification, marking, scheduling, and congestion avoidance to classify traffic with the appropriate priority level, thereby providing maximum flexibility and support for mission-critical, unicast, and multicast and multimedia applications. Use optional IP multicast routing to design networks better suited for multicast traffic. Use MVR to continuously send multicast streams in a multicast VLAN, but to isolate the streams from subscriber VLANs for bandwidth and security reasons. Use HSRP for router redundancy. Use VLAN trunks, cross-stack UplinkFast, and BackboneFast for traffic-load balancing on the uplink ports so that the uplink port with a lower relative port cost is selected to carry the VLAN traffic. Use QoS to prioritize applications such as IP telephony during congestion and to help control both delay and jitter within the network. Use switches that support at least two queues per port to prioritize voice and data traffic as either high- or low-priority, based on 802.1P/Q. Use voice VLAN IDs (VVIDs) on the Catalyst 2900 XL and 3500 XL switches to provide separate VLANs for voice traffic.

High demand on network redundancy to provide always on mission-critical applications An evolving demand for IP telephony

A growing demand for using existing Use the Catalyst 2900 LRE XL switches to provide up to 15 Mb of IP connectivity over existing infrastructure, such as existing telephone lines. infrastructure to transport data and voice from a home or office to the Note Long-Reach Ethernet (LRE) is the technology used in the Catalyst 2900 LRE Internet or an intranet at higher XL switches. Refer to the Catalyst 2900 XL and 3500 XL documentation set speeds about these switches and the LRE technology.


1-9


Overview

Figure 1-1 shows three configuration examples for using Catalyst switches to create the following:

Cost-effective wiring closetA cost-effective way to connect many users to the wiring closet is to connect a Catalyst switch cluster of up to nine Catalyst 3500 XL switches (or with a mix of Catalyst 2900 XL and 3500 XL switches) through GigaStack GBIC connections. To preserve switch connectivity if one switch in the stack fails, connect the bottom switch to the top switch to create a GigaStack loopback and enable cross-stack UplinkFast on the cross-stack Gigabit uplinks. You can have redundant uplink connections, using Gigabit GBIC modules, from the GigaStack cluster to a Gigabit backbone switch such as the Catalyst 3550-12T switch. You can also create backup paths by using Fast Ethernet, Gigabit, or EtherChannel links. If one of the redundant connections fails, the other can serve as a backup path. You can configure the Catalyst 3550-12T switch as a switch cluster manager to manage stack members through a single IP address. The Catalyst 3550-12T switch can be connected to a Gigabit server through a 1000BASE-T connection.

High-performance workgroupFor high-speed access to network resources, you can use Catalyst 3550 switches in the access layer to provide Gigabit Ethernet to the desktop. To prevent congestion, use QoS DSCP marking priorities on these switches. For high-speed IP forwarding at the distribution layer, connect the Catalyst 3550 switches in the access layer to a Gigabit multilayer switch (such as the Catalyst 3550 multilayer switch) in the backbone. Each switch in this configuration provides users with a dedicated 1-Gbps connection to network resources in the backbone. Compare this with the switches in a GigaStack configuration, where the 1-Gbps connection is shared among the switches in the stack. Using these Gigabit GBIC modules also provides flexibility in media and distance options: 1000BASE-SX GBIC: fiber-optic connections of up to 1804 ft (550 m) 1000BASE-LX/LH GBIC: fiber-optic connections of up to 32,808 ft (10 km) 1000BASE-ZX GBIC: fiber-optic connections of up to 328,084 ft (100 km) 1000BASE-T GBIC: copper connections of up to 328 ft (100 m)

Redundant Gigabit backboneUsing HSRP, you can create backup paths between two Catalyst 3550 multilayer switches to enhance network reliability and load balancing for different VLANs and subnets. Using HSRP also provides faster network convergence if any network failure occurs. You can connect the Catalyst switches, again in a star configuration, to two Catalyst 3550 multilayer backbone switches. If one of the backbone switches fails, the second backbone switch preserves connectivity between the switches and network resources. The Catalyst 2950T-24 and Catalyst 2924M XL in this configuration are connected to the backbone switches through 1000BASE-T connections.


1-10

78-11194-02

Chapter 1


Figure 1-1

Example Configurations

Gigabit server

Catalyst 3550-12T switchSi

Cost-Effective Wiring Closet

Catalyst 3500 XL GigaStack cluster

Catalyst 3550 switchSi

High-Performance Workgroup

Catalyst 3550 cluster

Catalyst 3550 switch 1-Gbps HSRPSi

Catalyst 3550 switchSi

Redundant Gigabit Backbone

Catalyst 2950T-24 or Catalyst 2924M XL switches


50830

1-11


Overview

Small to Medium-Sized Network Using Mixed SwitchesFigure 1-2 shows a configuration for a network of up to 500 employees. This network uses Catalyst 3550 multilayer switches to aggregate up to ten wiring closets through high-speed uplinks. For network reliability and load balancing, this network includes two routers and two Catalyst 3550 multilayer switches, all with HSRP enabled. This ensures connectivity to the Internet, WAN, and mission-critical network resources if one of the routers or Catalyst 3550 multilayer switches fails. The wiring closets have a mix of switches such as the Catalyst 3550, Catalyst 3500 XL, Catalyst 2950, Catalyst 2900 XL, Catalyst 2820, and Catalyst 1900 switches. These switches are connected to workstations, Cisco IP Phones, and local servers. You can cluster these switches into multiple clusters, as shown, or into a single cluster. You can manage a cluster through the IP address of its primary and secondary command switches, regardless of the geographic location of the cluster members. This network uses VLANs to segment the network logically into well-defined broadcast groups and for security management. Data and multimedia traffic are configured on the same VLAN. Voice traffic from the Cisco IP Phones are configured on separate VVIDs. You can have up to four VVIDs per wiring closet. If data, multimedia, and voice traffic are assigned to the same VLAN, only one VLAN can be configured per wiring closet. For any switch port connected to Cisco IP Phones, 802.1P/Q QoS gives voice traffic forwarding-priority over data traffic. When an end station in one VLAN needs to communicate with an end station in another VLAN, a router or multilayer switch routes the traffic to the appropriate destination VLAN. In this network, the Catalyst 3550 multilayer switches provide inter-VLAN routing. VLAN access control lists (VLAN maps) on the Catalyst 3550 switches provide intra-VLAN security and prevent unauthorized users from accessing critical pieces of the network. In addition to inter-VLAN routing, the Catalyst 3550 multilayer switches provide QoS mechanisms such as DSCP priorities to prioritize the different types of network traffic and to deliver high-priority traffic in a predictable manner. If congestion occurs, QoS drops low-priority traffic to allow delivery of high-priority traffic. With the Catalyst 3550 multilayer switches providing inter-VLAN routing and other network services, the routers focus on firewall services, Network Address Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access.


1-12

78-11194-02

Chapter 1


Figure 1-2

Catalyst 3550 Switches in a Collapsed Backbone Configuration

Internet

Cisco 2600 or 3600 routers

Catalyst 3550 multilayer switches

Si

Si

Gigabit servers

Catalyst GigaStack cluster Cisco IP Phones IP IP

Catalyst GigaStack cluster IP

IP Cisco IP Phones

AC power source

Workstations running Cisco SoftPhone software


1-13

50831


Overview

Large Network Using Only Catalyst 3550 SwitchesSwitches in the wiring closet have traditionally been Layer 2-only devices, but as network traffic profiles evolve, switches in the wiring closet are increasingly employing multilayer services such as multicast management and traffic classification. Figure 1-3 shows a configuration for a network exclusively using Catalyst 3550 multilayer switches in the wiring closets and a Catalyst 6000 switch in the backbone to aggregate up to ten wiring closets. In the wiring closet, each Catalyst 3550 switch has IGMP snooping enabled to efficiently forward multimedia and multicast traffic. QoS ACLs that either drop or mark nonconforming traffic based on bandwidth limits are also configured on each switch. VLAN maps provide intra-VLAN security and prevent unauthorized users from accessing critical pieces of the network. QoS features can limit bandwidth on a per-port or per-user basis. The switch ports are configured as either trusted or untrusted. You can configure a trusted port to trust the CoS value, the DSCP value, or the IP precedence. If you configure the port as untrusted, you can use an ACL to mark the frame in accordance with the network policy. Within each wiring closet is a Catalyst 3550 multilayer switch for inter-VLAN routing. These switches provide proxy ARP services to determine IP and MAC address mapping, thereby removing this task from the routers and lessening this type of traffic on the WAN links. These switches also have redundant uplink connections to the backbone switches, with each uplink port configured as a trusted routed uplink to provide faster convergence in case of an uplink failure. The routers and Catalyst 6000 multilayer backbone switches have HSRP enabled for load balancing and redundant connectivity to guarantee mission-critical traffic.


1-14

78-11194-02

Chapter 1


Figure 1-3

Catalyst 3550 Switches in Wiring Closets in a Backbone Configuration

WAN

Cisco 7500 routers

Catalyst 6000 multilayer switches

Si

Si

Catalyst 3550 cluster Cisco IP Phones IP IP

Si

Catalyst 3550 cluster

Si

Gigabit servers

IP

IP50832

IP AC power source

IP

Cisco IP Phones

Multidwelling Network Using Catalyst 3550 SwitchesA growing segment of residential and commercial customers are requiring high-speed access to Ethernet metropolitan-area networks (MANs). Figure 1-4 shows a configuration for a Gigabit Ethernet MAN ring using Catalyst 3550 multilayer switches as aggregation switches in the mini-point-of-presence (POP) location. These switches are connected through 1000BASE-X GBIC ports. The resident switches can be Catalyst 3550 switches, providing customers with high-speed connections to the MAN. Catalyst 2912-LRE or 2924-LRE XL Layer 2-only switches also can be used as residential switches for customers requiring connectivity through existing phone lines. The Catalyst 2912-LRE or 2924-LRE XL switches can then connect to another residential switch or to an aggregation switch. For more information about the LRE switches, refer to the Catalyst 2900 Series XL Hardware Installation Guide. All ports on the residential Catalyst 3550 switches (and Catalyst 2912-LRE XL or 2924-LRE XL switches if they are included) are configured as 802.1Q trunks with protected port and STP root guard features enabled. The protected port feature provides security and isolation between ports on the switch, ensuring that subscribers cannot view packets destined for other subscribers. STP root guard prevents


1-15


Overview

unauthorized devices from becoming the STP root switch. All ports have IGMP snooping or CGMP enabled for multicast traffic management. ACLs on the uplink ports to the aggregating Catalyst 3550 multilayer switches provide security and bandwidth management. The aggregating switches and routers provide services such as those described in the previous examples, Small to Medium-Sized Network Using Mixed Switches and Large Network Using Only Catalyst 3550 Switches.Figure 1-4 Catalyst 3550 Switches in a MAN Configuration

Cisco 12000 Gigabit switch routers

Service Provider POP

Catalyst 6500 switches

Si

Si

Catalyst 3550 multilayer switchesSi

Si

Si

Si

Mini-POP Gigabit MAN

Si

Si

Catalyst switches Set-top box

Residential location

Residential gateway (hub) Set-top box TV50833

PC TV