|
|
The commands shown in this chapter apply to the Catalyst 8540 MSR, Catalyst 8510 MSR, and LightStream 1010. Where an entire command or certain attributes of a command have values specific to a particular switch, an exception is indicated by the following callouts:
To configure the minimum active links for an IMA group to function, use the ima active-links-minimum interface configuration command. To restore the default value,
use the no form of this command.
number | Configures the minimum number (1 to 8) of active links for an IMA group to function. |
1
Interface configuration
An IMA group might be configured to require a minimum amount of bandwidth or active links to function correctly. However, if you reduce the minimum number of active links to below the minimum active links configured, the far-end connection receives an ICP cell with a failure error, and the interface changes to the down state.
The following example uses the ima active-links-minimum command to configure the minimum number of active links that must be active for the IMA group to function correctly.
Switch(config)# interface atm 0/0/ima1 Switch(config-if)# ima active-links-minimum 2
To configure the clocking mode for the IMA group, use the ima clock-mode interface configuration command. To restore the default value, use the no form of this command.
ima clock-mode {common | independent}
common | Configures the clocking as CTC, where the same clocking is used for all interfaces. |
independent | Configures the clocking as ITC, where each interface derives its clocking from a different clock source. |
common
Interface configuration
The transmit clock of members of an IMA group can be derived from one single clock source or driven individually from different sources.
The term ITC is used when the transmit clock on each link is independently derived from a clock source. The transmit clock source for each member interface is configured using the clock source (interface) (Catalyst 8510 MSR and LightStream 1010) command at interface configuration.
The term CTC applies when the same clock is used for all links. In CTC mode, the network clock
as configured by the network-clock-select command is the source that drives the transmit clock of all the members of an IMA group.
The following example uses the ima clock-mode command to configure the IMA group clocking mode as independent.
SwitchA(config)# interface atm 0/0/ima1 SwitchA(config-if)# ima clock-mode independent
The following example uses the ima clock-mode command to configure the IMA group clocking mode as common with network clock from interface ATM 0/0/6.
Switch(config)# network 1 atm 0/0/6 Switch(config)# interface atm 0/0/ima1 Switch(config-if)# ima clock-mode common
clock source (interface) (Catalyst 8510 MSR and LightStream 1010)
network-clock-select
show ima interface
To configure the maximum differential delay used to align the transmission of IMA frames on all links, use the ima differential-delay-maximum interface configuration command. To restore the default value, use the no form of this command.
ima differential-delay-maximum msecs
msecs | Configures the maximum differential delay in milliseconds as follows: · For T1 the range is 25 to 250 milliseconds. · For E1 the range is 25 to 190 milliseconds. |
25 milliseconds
Interface configuration
The transmitter on the T1/E1 IMA port adapter must align the transmission of IMA frames on all interfaces that are members of the IMA group. This allows the receiver to adjust for differential link delays among the interfaces that are members of the IMA group. Based on this required behavior, the receiver can detect the differential delays by measuring the arrival times of the IMA frames on each link.
At the transmitting end, the cells are transmitted continuously. If no ATM layer cells need to be sent between ICP cells within an IMA frame, then the transmit IMA sends filler cells to maintain a continuous stream of cells at the physical layer.
The following example configures the maximum allowable differential delay to 100 milliseconds for all interfaces assigned to the IMA group.
Switch(config)# interface atm 0/0/ima1 Switch(config-if)# ima differential-delay-maximum 100
To configure the IMA interface frame length (number of cells per frame), use the ima frame-length interface configuration command. To restore the default value, use the no form of this command.
ima frame-length {128 | 256 | 32 | 64}
128 | Configures IMA frame length to 128 cells (default). |
256 | Configures IMA frame length to 256 cells. |
32 | Configures IMA frame length to 32 cells. |
64 | Configures IMA frame length to 64 cells. |
128
Interface configuration
An IMA group uses the frame length parameter to set the insertion of the ICP cells at the beginning of frames in the transmit direction.
The following example uses the ima frame-length command to configure the frame length transmitted as 256 cells for the IMA group:
Switch(config)# interface atm 0/0/ima1 Switch(config-if)# ima frame-length 256
To assign an interface as a member of an IMA group, use the ima-group interface configuration command. To remove an interface from an IMA group, use the no form of this command.
ima-group number
number | Specifies the IMA group number (0 to 3). |
Disabled
Interface configuration
Use the ima-group interface command to configure a T1/E1 IMA port adapter interface as part of an IMA group. IMA allows you to aggregate multiple low-speed links into one larger virtual trunk or IMA group and appears to your ATM switch router as one logical pipe. This IMA group provides modular bandwidth for user access to ATM networks for connections between ATM network elements at rates between the traditional order of multiplex levels, such as between T1 or E1, and T3 or E3.
IMA requires inverse multiplexing and demultiplexing of ATM cells in a cyclical fashion among links grouped to form a higher bandwidth logical group with a rate approximately the sum of the link rates. This grouping is called an IMA group.
The following example uses the ima-group command to assign ATM interface 0/0/0 as part of IMA group 1.
Switch(config)# interface atm 0/0/0 Switch(config-if)# shutdown Switch(config-if)# ima-group 1 Switch(config-if)# no shutdown
show ima interface
show interfaces
To configure an IMA group test pattern transmitted in the ICP cells, use the ima test interface configuration command. To restore the default value, use the no form of this command.
ima test [link link-value] [pattern pattern-value]
link | Configures the link transmitting the test pattern. |
link-value | Specifies which IMA group member link is transmitting the test pattern. |
pattern | Configures the test pattern. |
pattern-value | Specifies the test pattern transmitted in the ICP cells. |
The link-value: First link in the IMA group
The pattern-value: Default is the link-value
For example, suppose an IMA group includes ATM interfaces 0/0/3, 0/0/4 and 0/0/6. If the link or pattern value is not specified in the ima test command, then interface 0/0/3 (default) is chosen as test-link, and the pattern value used is 03 (default).
Interface configuration
The test pattern procedure verifies the connectivity of a link within an IMA group.The procedure uses a test pattern sent over one link to verify the connectivity to the other links in the IMA group. The test pattern should be looped over all the other links in the group at the far end of the connection. All of the IMA test pattern procedures are performed over the ICP cells exchanged between both ends of the IMA virtual links.After the test is configured on the IMA group, the test continues until explicitly configured to the default.
The following example uses the ima test command to configure the test pattern 0x010 (octal 8) to transmit over ATM interface 0/0/3 of IMA group 1.
Switch(config)# interface atm 0/0/ima1 Switch(config-if)# ima test link 3 pattern 010
To filter ATM signalling call failures based on the incoming interface of the call, use the incoming-port ATM signalling diagnostics configuration command. To return the incoming
port to the default, use the no form of this command.
card/subcard/port | Specifies the card, subcard, and port number of the ATM interface. The card number is displayed using the show interfaces command. The subcard number can be either 0 or 1. |
0
ATM signalling diagnostics configuration
The default 0 means the incoming interface is not considered during filtering.
The following example configures ATM 0/1/1 so all previous records collected on the incoming port are purged.
Switch# configure terminal Switch(config)# controller atm 0/0/0 Switch(config-if)# atm signalling diagnostics 1 Switch(cfg-atmsig-diag)# incoming-port atm 0/1/1
To configure an interface type and enter interface configuration mode, use the interface global configuration command.
interface type card/subcard/portTo configure a subinterface, use the interface global configuration command.
interface type card/subcard/port.vpt#
type | Specifies the type of interface to be configured. Refer to Table 9-1 for a list of keywords. |
card | Specifies the interface card number. The numbers are assigned at the factory at the time of installation or when added to a system, and can be displayed with the show interfaces command. |
subcard | Specifies the backplane slot number. The value is either 0 or 1. The slots are numbered from left to right. |
port | Specifies the port number of the interface. |
imagroup | Specifies the IMA group number (0 to 3). |
number | Specifies the integer used to identify the interface. |
.vpt# | Specifies the virtual path tunnel number for the subinterface on physical ATM ports. |
.subinterface# | Specifies the subinterface number in the range of 1 to 4294967293. The number that precedes the periods (.) must match the number where this subinterface belongs. |
multipoint | Specifies a multipoint subinterface. This option only applies to the route processor interface ATM 0. |
point-to-point | Specifies a point-to-point subinterface. The default is multipoint. This option only applies to the route processor interface ATM 0. |
Global configuration
Multiple subinterfaces can be configured on a single route processor interface. The route processor and Ethernet interface address is 0 in the ATM switch router environment.
Multiple subinterfaces for VP tunneling can be configured on a single ATM interface (not on a route processor interface). VP tunnels are useful when you want to run signalling, ILMI, and possibly PNNI routing between two switches that are not directly connected to each other. Before configuring the subinterface, a permanent virtual path must be configured on the ATM interface using the
atm pvp command. The subinterface for the VP tunnel is created by specifying the VPI used to define the permanent virtual path as the subinterface number.
Table 9-1 lists typical interface keywords.
| Keyword | Interface Type |
|---|---|
atm | ATM interface. |
async | Auxiliary port line used as an asynchronous interface. |
bvi | Bridge-group virtual interface. |
cbr | CBR interface. |
cable | CMTS interface. |
dialer | Dialer interface. |
ethernet | Ethernet IEEE 802.3 interface. |
group-async | Master asynchronous interface. |
lex | Lex interface. |
loopback | Software-only loopback interface that emulates a continually running interface. All platforms support this virtual interface. The interface number (0 to 2147483647) is the number of the loopback interfaces you want to create or configure. |
null | Null interface. |
Port-channel | Ethernet channel of interfaces. |
serial | Serial interface. |
tunnel | Tunnel interface, used to declare a TSP tunnel interface. The tunnel interface number is in the range of 0 to 2147483647. |
virtual-template | Virtual template interface. |
virtual-tokenring | Virtual Token Ring interface. |
vlan | Catalyst 5000 VLAN interface. |
The following example shows how to begin configuration of the ATM interface on card 0,
subcard 0, and port 1 using the interface global configuration command.
Switch(config)# interface atm 0/0/1 Switch(config-if)#
The following example shows how to create a VP tunnel with VPI 50 on card 0, subcard 0, and
port 1, and enter the subinterface configuration mode for the VP tunnel using the interface global configuration command.
Switch(config)# interface atm 0/0/1 Switch(config-if)# atm pvp 50 Switch(config-if)# interface atm 0/0/1.50 Switch(config-subif)#
The following example shows how to begin configuration of the route processor interface using the interface global configuration command.
Switch(config)# interface atm 0 Switch(config-if)#
The following example shows how to create a point-to-point subinterface on the SAP port and enter the subinterface configuration mode, using the interface global configuration command.
Switch(config)# interface atm 0.1 point-to-point Switch(config-subif)#
The following example shows how to begin configuration of the Ethernet interface on the ATM switch router using the interface global configuration command.
Switch(config)# interface ethernet 0 Switch(config-if)#
The following example shows how to begin configuration of a CBR interface using the interface global configuration command.
Switch(config)# interface cbr 1/1/1 Switch(config-if)#
The following example shows how to use the interface tunnel command to declare a TSP tunnel interface with interface number 2100.
Switch(config)# interface tunnel 2100 Switch(config-if)#
The following example shows how to begin configuration of an IMA group interface using the interface global configuration command.
Switch(config)# interface atm 0/0/ima1 Switch(config-if)#
show interfaces
show ima interface
To set a primary or secondary IP address for an interface, use the ip address interface configuration command. To remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask [secondary]
ip-address | IP address. |
mask | Mask for the associated IP subnet. |
secondary | Specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address. |
No IP address is defined for the interface.
Interface configuration
This command only applies to the interfaces on the route processor card: main Ethernet 0 or
main ATM 0. An interface can have one primary IP address and multiple secondary IP addresses. Packets generated by the switch always use the primary IP address. Therefore, all switches on a segment should share the same primary network number.
Hosts can determine subnet masks using the ICMP Mask Request message. Switches respond to this request with an ICMP Mask Reply message.
You can disable IP processing on a particular interface by removing its IP address with the no ip address command. If the switch detects another host using one of its IP addresses, it prints an error message on the console.
The optional keyword secondary allows you to specify an unlimited number of secondary addresses. Secondary addresses are treated like primary addresses, except the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts
and ARP requests are handled properly, as are interface routes in the IP routing table.
Secondary IP addresses can be used in a variety of situations. The following are the most common applications:
In the following example, 131.108.1.27 is the primary address and 192.31.7.17 and 192.31.8.17 are secondary addresses for main Ethernet 0 interface.
Switch# configure terminal Switch(config)# interface ethernet 0 Switch(config-if)# ip address 131.108.1.27 255.255.255.0 Switch(config-if)# ip address 192.31.7.17 255.255.255.0 secondary Switch(config-if)# ip address 192.31.8.17 255.255.255.0 secondary
show ima interface (Catalyst 8510 MSR and LightStream 1010)
To define a broadcast address for an interface, use the ip broadcast-address interface configuration command. To restore the default IP broadcast address, use the no form of this command.
ip broadcast-address [ip-address]
ip-address | IP broadcast address for a network. |
Default address is 255.255.255.255 (all ones).
Interface configuration
This command only applies to the interfaces on the route processor card: main Ethernet 0 or main ATM 0.
The following example specifies an IP broadcast address of 172.10.50.4.
Switch# configure terminal
Switch(config)# ip broadcast-address 172.10.50.4
show ima interface (Catalyst 8510 MSR and LightStream 1010)
To enable the translation of directed broadcasts to physical broadcasts, use the
ip directed-broadcast interface configuration command. To return the directed broadcast
to the default, use the no form of this command.
access-list-number | Number of the access list. If specified, a broadcast must pass the access list to be forwarded. If not specified, all broadcasts are forwarded. |
Enabled with no list specified.
Interface configuration
This command only applies to the interfaces on the route processor card: main Ethernet 0 or main ATM 0. This feature is enabled only for those protocols configured using the ip forward-protocol global configuration command. An access list might be specified to control which broadcasts are forwarded. When an access list is specified, only those IP packets permitted by the access list are eligible to be translated from directed broadcasts to physical broadcasts.
The following example enables forwarding of IP directed broadcasts on the main Ethernet 0 interface.
Switch# configure terminalSwitch(config)#interface ethernet 0Switch(config-if)#ip directed-broadcast
To set the MTU size of IP packets sent on an interface, use the ip mtu interface configuration command. To restore the default MTU size, use the no form of this command.
ip mtu bytes
bytes | MTU in bytes. |
Minimum: 128 bytes
Maximum: Depends on the interface medium
Interface configuration
This command only applies to the interfaces on the route processor card: main Ethernet 0 or main ATM 0. If an IP packet exceeds the MTU set for the interface of the switch, the switch fragments the packet.
All devices on a physical medium must have the same protocol MTU in order to operate.
The following example sets the maximum IP packet size for the first interface to 300 bytes.
Switch# configure terminal Switch(config)# interface ethernet 0 Switch(config-if)# ip mtu 300
To enable proxy ARP on an interface, use the ip proxy-arp interface configuration command.
To disable proxy ARP on the interface, use the no form of this command.
This command has no arguments or keywords.
Enabled
Interface configuration
This command applies only to the interfaces on the route processor card: main Ethernet 0 or
main ATM 0.
The following example enables proxy ARP on Ethernet interface 0.
Switch# configure terminalSwitch(config)#interface ethernet 0Switch(config-if)#ip proxy-arp
Use the ip rarp-server interface configuration command to allow the switch to act as a RARP server. To return the RARP server to the default, use the no form of this command.
ip rarp-server ip-address
ip-address | IP address that is to be provided in the source protocol address field of the RARP response packet. Normally, this is set to whatever address you configure as the primary address for the interface. |
Disabled
Interface configuration
This command only applies to the interfaces on the route processor card: main Ethernet 0 or main ATM 0. This feature makes diskless booting of clients possible between network subnets where the client and server are on separate subnets.
RARP server support can be configured on a per-interface basis so the switch does not interfere with RARP traffic on subnets that do not need RARP assistance from the switch.
The switch answers incoming RARP requests only if both of the following two conditions are met:
Use the show ip arp EXEC command to display the contents of the IP ARP cache.
Sun Microsystems makes use of RARP-based and UDP-based network services to facilitate network-based booting of SunOS on their workstations. By bridging RARP packets and using both the ip helper-address interface configuration command and the ip forward-protocol global configuration command, the switch should be able to perform the necessary packet switching to enable booting of Sun workstations across subnets. However, some Sun workstations assume that the sender of the RARP response, in this case the switch, is the host that the client can contact to TFTP-load the bootstrap image. This causes the workstations to fail to boot.
By using the ip rarp-server feature, the switch can be configured to answer these RARP requests, and the client machine should be able to reach its server by having its TFTP requests forwarded through the switch that acts as the RARP server.
To establish static routes, use the ip route global configuration command. To remove static routes, use the no form of this command.
ip route destination-prefix destination-prefix-mask [interface-type card/subcard/port]
destination-prefix | IP address of the target network or subnet. |
destination-prefix-mask | Address mask for the destination address. |
interface-type | Interface type, specified as atm, atm-p, cbr, ethernet, or null. |
card/subcard/port | Identifier of the interface specified by interface-type. |
forward-addr | Forwarding router's IP address. |
metric | Distance metric for this route, in the range of 1 to 255. |
permanent | Specifies this route as a permanent route. |
tag-value | Sets the tag value for this route, in the range of 1 to 4294967295. |
No IP route is specified.
Global configuration
This command does not apply to the route processor interface main ATM 0.
In the following example, an administrative distance of 110 was chosen. In this case, packets for network 10.0.0.0 are routed to the switch at 131.108.3.4 if dynamic information with an administrative distance less than 110 is not available.
Switch# configure terminal Switch(config)# ip route 10.0.0.0 255.0.0.0 131.108.3.4 110
In the following example, packets for network 131.108.0.0 are routed to the switch at 131.108.6.6.
Switch(config)# ip route 131.108.0.0 255.255.0.0 131.108.6.6
To add a basic security option to all outgoing packets, use the ip security add interface configuration command. To disable the adding of a basic security option to all outgoing packets, use the no form of this command.
ip security addThis command has no arguments or keywords.
Disabled when the security level of the interface is "Unclassified Genser" (or unconfigured). Otherwise, the default is enabled.
Interface configuration
This command only applies to the interfaces on the route processor card: main Ethernet 0 or main ATM 0. If an outgoing packet does not have a security option present, this interface configuration command adds one as the first IP option. The security label added to the option field is the label that was computed for this packet when it first entered the switch. Because this action is performed after all the security tests have been passed, this label is either the same as or is in the range of the interface.
The following example adds a basic security option to each packet leaving main Ethernet interface 0.
Switch# configure terminal Switch(config)# interface ethernet 0 Switch(config-if)# ip security add
To attach AESOs to an interface, use the ip security aeso interface configuration command. To disable AESOs on an interface, use the no form of this command.
ip security aeso source compartment-bits
source | AESO source. This can be an integer from 0 through 255. |
compartment-bits | Compartment bits, in hexadecimal. |
Disabled
Interface configuration
This command only applies to the interfaces on the route processor card: main Ethernet 0 or main ATM 0. Compartment bits are specified only if this AESO is to be inserted in a packet. On every incoming packet at this level on this interface, these AESOs should be present.
Beyond being recognized, no further processing of AESO information is performed. AESO contents are not checked and are assumed to be valid if the source is listed in the configurable AESO table.
Configuring any per-interface extended IPSO information automatically enables ip security extended-allowed (disabled by default).
In the following example, the extended security option source is defined as 5, and the compartment bits are set to 5.
Switch# configure terminal Switch(config)# interface ethernet 0 Switch(config-if)# ip security aeso 5 5
ip security eso-info
ip security eso-max
To set the level of classification and authority on the interface, use the ip security dedicated interface configuration command. To reset the interface to default (disabled), use the no form of this command.
ip security dedicated level authority [authority...]
level | Degree of sensitivity of information. The level keywords are listed in Table 9-2. |
authority | Organization that defines the set of security levels that is used in a network. The authority keywords are listed in Table 9-3. |
Disabled
Interface configuration
This command only applies to the interfaces on the route processor card: main Ethernet 0 or main ATM 0.
All traffic entering the system on this interface must have a security option that exactly matches this label. Any traffic leaving via this interface has this label attached.
The following definitions apply to the descriptions of the IPSO in this section:
| Level Keyword | Bit Pattern |
|---|---|
Reserved4 | 0000 0001 |
TopSecret | 0011 1101 |
Secret | 0101 1010 |
Confidential | 1001 0110 |
Reserved3 | 0110 0110 |
Reserved2 | 1100 1100 |
Unclassified | 1010 1011 |
Reserved1 | 1111 0001 |
| Authority Keyword | Bit Pattern |
|---|---|
Genser | 1000 0000 |
Siop-Esi | 0100 0000 |
DIA | 0010 0000 |
NSA | 0001 0000 |
DOE | 0000 1000 |
The following example sets a confidential level with Genser authority.
Switch# configure terminal Switch(config)# ip security dedicated confidential Genser
To specify the maximum sensitivity level for an interface, use the ip security eso-max interface configuration command. To return to the default, use the no form of this command.
ip security eso-max source compartment-bits
source | ESO source. This is an integer from 1 through 255. |
compartment-bits | Compartment bits, in hexadecimal. |
Disabled
Interface configuration
This command only applies to the interfaces on the route processor card: main Ethernet 0 or main ATM 0.
This command is used to specify the minimum sensitivity level for a particular interface. Before the per interface compartment information for a particular NLESO source can be configured, the
ip security eso-info global configuration command must be used to specify the default information.
On every incoming packet on the interface, these extended security options should be resent at the minimum level and should match the configured compartment bits. Every outgoing packet must have these ESOs.
On every packet transmitted or received on this interface, any NLESO sources present in the IP header should be bounded by the minimum sensitivity level and bounded by the maximum sensitivity level configured for the interface.
When transmitting locally generated traffic out this interface or adding security information (with the ip security add command), the maximum compartment bit information can be used to construct the NLESO sources placed in the IP header.
A maximum of 16 NLESO sources can be configured per interface. Due to IP header length restrictions, a maximum of nine of these NLESO sources appear in the IP header of a packet.
In the following example, the specified ESO source is 240, and the compartment bits are specified as 500.
Switch# configure terminal Switch(config)# interface ethernet 0 Switch(config-if)# ip security eso-max 240 500
ip security eso-info
ip security add
To alter the TCP maximum read size for Telnet or rlogin, use the ip tcp chunk-size global configuration command. To restore the default value, use the no form of this command.
ip tcp chunk-size characters
characters | Maximum number of characters that Telnet or rlogin can read in one read instruction. |
0, which Telnet and rlogin interpret as the largest possible 32-bit positive number.
Global configuration
Do not use this command unless you understand why you need to change the default value.
The following example sets the maximum TCP read size to 64000 bytes.
Switch# configure terminal Switch(config)# ip tcp chunk-size 64000
To alter the maximum TCP outgoing queue per connection, use the ip tcp queuemax global configuration command. To restore the default value, use the no form of this command.
ip tcp queuemax packets
packets | Outgoing queue size of TCP packets. |
The default value is 5 segments if the connection has a TTY associated with it. If there is no TTY associated with it, the default value is 20 segments.
Global configuration
Changing the default value only changes the queue that has a TTY associated with the connection.
The following example sets the maximum TCP outgoing queue to 10 packets.
Switch(config)# ip tcp queuemax 10
To set a period of time the switch waits while attempting to establish a TCP connection before it times out, use the ip tcp synwait-time global configuration command. To restore the default time, use the no form of this command.
ip tcp synwait-time seconds
seconds | Time in seconds the switch waits while attempting to establish a TCP connection. |
30 seconds
Global configuration
If your network contains PSTN DDR, it is possible that the call setup time exceeds 30 seconds.
This amount of time is not sufficient in networks that have dialup asynchronous connections because it affects your ability to Telnet over the interface (from the switch) if the interface must be brought up. If you have this type of network, you might want to set this value to the UNIX value of 75.
Because this is a host parameter, it does not pertain to traffic going through the switch, just for traffic originating at the switch. Because UNIX has a fixed 75-second timeout, hosts are unlikely to see this problem.
The following example configures the switch to continue attempting to establish a TCP connection for 180 seconds.
Switch(config)# ip tcp synwait-time 180
Posted: Mon May 8 18:36:13 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.