|
|
This chapter describes basic interface configuration for the Layer 3 switch router to help you get your switch router up and running. Also included are sections about virtual LANs (VLANs) and port snooping. For further information about the commands used in this chapter, refer to the command reference publications in the Cisco IOS documentation set and to "Command Reference."
This chapter includes the following sections:
A router's main function is to relay packets from one data link to another. To do that, the characteristics of the interfaces through which the packets are received and sent must be defined. Interface characteristics include, but are not limited to, IP address, address of the port, data encapsulation method, and media type.
Many features are enabled on a per-interface basis. Interface configuration mode contains commands that modify the interface operation, for example, of an Ethernet port. When you issue the interface command, you must define the interface type and number.
Layer 3 interfaces have both a Media Access Control (MAC) address and an interface port ID. The router keeps track of these designators and uses them to route traffic.
 | Tips To find the MAC address for a device, use the show interfaces command. |
The interface port ID designates the physical location of the Layer 3 interface within the chassis. This is the name that you use to identify the interface when configuring it. The system software uses interface port IDs to control activity within the switch router and to display status information. Interface port IDs are not used by other devices in the network; they are specific to the individual switch router and its internal components and software.
You can find the interface port ID on the rear of the switch router. It is composed of three parts, formatted as slot number/0/port number as depicted in Figure 4-1.
The interface port IDs on the Ethernet modules remain the same regardless of whether other modules are installed or removed. However, when you move an interface module to a different slot, the first number in the address changes to reflect the new slot number.
You can identify module ports by physically checking the slot/0/port location on the back of the switch router. You can also use Cisco IOS show commands to display information about a specific interface, or all the interfaces, in the switch router.
The following general configuration instructions apply to all interfaces. Begin in global configuration mode. To configure an interface, follow these steps:
Step 1 Use the configure EXEC command at the privileged EXEC prompt to enter the global configuration mode.
Router> enable Router# configure terminal Router (config)#
Step 2 From global configuration mode, enter the interface command, followed by the interface type (for example, Fast Ethernet or Gigabit Ethernet) and its interface port ID (see the "Interface Port ID" section).
For example, to configure the Gigabit Ethernet port on slot 1, port 2, use this command:
Router(config)# interface gi 1/0/2
Step 3 Follow each interface command with the interface configuration commands required for your particular interface.
The commands you enter define the protocols and applications that will run on the interface. The commands are collected and applied to the interface command until you enter another interface command, a command that is not an interface configuration command, or you enter Ctrl-Z to return to privileged EXEC mode.
Step 4 Once an interface is configured, you can check its status by using the EXEC show commands.
Router# show interface gi 1/0/2 FastEthernet0 is up, line protocol is up Hardware is Lance, address is 0060.4740.c2b6 (bia 0060.4740.c2b6) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 used, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP TImeout 04:00:00
Layer 3 switching supports two different Gigabit Ethernet interfaces, an eight-port module and a two-port module. This section provides some examples of configurations for both interface types.
| Tips Before you configure interfaces, be sure to have the interface network (IP or IPX) addresses and the corresponding subnet mask information. If you do not have this information, consult your network administrator. |
Table 4-1 shows an example of the commands used to configure an IP address and autonegotiation on a two-port Gigabit Ethernet interface. You can also define a bridging boundary and configure IRB and BVI on a two-port Gigabit Ethernet interface, as described in the following section, "Configuring Eight-Port Gigabit Ethernet Interfaces."
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# interface gi x/0/z | From global configuration mode, enter Ethernet interface configuration mode to configure the Gigabit Ethernet interface. | ||
| Router(config-if)# [no] negotiation auto | When you set negotiation mode to auto, the Gigabit Ethernet port attempts to negotiate the link (that is, both port speed and duplex setting) with the partner port. When you set the Gigabit Ethernet interface to no negotiation auto, the port forces the link up no matter what the partner port setting is. This brings up the link with 1000 Mbps and full duplex only. | ||
| Router(config-if)# ip address ip-address subnet-mask | Enter the IP address and IP subnet mask to be assigned to the Gigabit Ethernet interface. | ||
| Router(config-if)# exit | Return to global configuration mode, and repeat steps 1 to 3 to configure the second Gigabit Ethernet interface on this interface module. | ||
| Router(config)# Ctrl-Z | Return to privileged EXEC mode. | ||
| Router# copy running-config startup-config | Save your configuration changes to NVRAM. |
Between ports on the eight-port Gigabit Ethernet interface module itself, local switching at Layer 2 provides nonblocking performance at wire speed. For ports on this module configured as a bridge group, Layer 2 traffic is processed at full Gigabit Ethernet rates. For Layer 3 traffic, however, this interface module provides 2-Gbps routing bandwidth from the switch fabric.
The following configuration sequence for this interface module assumes that you want to optimize throughput by configuring as many ports as possible in a bridge group, and also ensuring those networks are routed using integrated routing and bridging features from Cisco IOS.
For additional configuration considerations, see the "About Integrated Routing and Bridging" section.
Table 4-2 and Table 4-3 show how to define a bridging boundary and configure IRB and BVI on an eight-port Gigabit Ethernet interface.
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# bridge bridge-group protocol ieee | From global configuration mode, define one or more bridge groups. | ||
| Router(config)# interface gi x/0/z | Enter Ethernet interface configuration mode to configure the Gigabit Ethernet interface. | ||
| Router(config-if)# bridge-group bridge-group | Assign bridge groups to appropriate interfaces. | ||
| Router(config-if)# exit | Return to global configuration mode. |
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# bridge irb | Enable IRB so you can route traffic from the bridged interfaces. | ||
| Router(config)# interface bvi bridge-group | Configure the BVI by assigning the corresponding bridge group's number to the BVI. Each bridge group can only have one corresponding BVI. | ||
| Router(config-if)# ip address ip-address subnet-mask | Configure protocol addresses on routed interfaces. This step shows an example for IP. | ||
| Router(config)# bridge bridge-group route protocol | Enable a BVI to accept and route routable packets received from its corresponding bridge group. You must issue this command for each protocol that you want the BVI to route from its corresponding bridge group to other routed interfaces. | ||
| Router(config)# | Optionally, you can configure additional routing attributes to the BVI. | ||
| Router# copy running-config startup-config | Save your configuration changes to NVRAM. |
Use the procedure in Table 4-4 to assign an IP address to the Fast Ethernet 10BaseT or 100BaseT interface of your switch router so that it can be recognized as a device on the Ethernet LAN. The Fast Ethernet interface supports 10-Mbps and 100-Mbps speeds with Cisco 10BaseT and 100BaseT routers, hubs, switches, and switch routers.
| Step | Command | Description |
|---|---|---|
| 1 | Router(config)# interface fa x/0/z | From global configuration mode, enter Ethernet interface configuration mode to configure the Fast Ethernet interfaces. |
| 2 | Router(config-if)# ip address ip-address subnet-mask | Enter the IP address and IP subnet mask to be assigned to the FastEthernet interface. |
| 3 | Router(config-if)# [no] speed | Configure the transmission speed for 10 or 100 Mbps, or for autonegotiation (the default). If you set the speed to auto, you enable autonegotiation, and the switch router matches the speed of the partner node.. |
| 4 | Router(config-if)# [no] duplex [full | half | auto] | Configure for full or half duplex. If you set duplex for auto, the switch router matches the duplex setting of the partner node. |
| 5 | Router(config-if)# Ctrl-Z | Return to privileged EXEC mode. |
| 6 | Router# copy running-config startup-config | Save your configuration changes to NVRAM. |
Virtual LANs enable network managers to group users logically rather than by physical location. A virtual LAN (VLAN) is an emulation of a standard LAN that allows data transfer and communication to occur without the traditional restraints placed on the network. It can also be considered a broadcast domain set up within a switch. With VLANs, switches can support more than one subnet (or VLAN) on each switch, and give routers and switches the opportunity to support multiple subnets on a single physical link. A group of devices on a LAN are configured so that they communicate as if they were attached to the same LAN segment, when they are actually located on different segments. Layer 3 switching supports up to 255 VLANs per system.
VLANs enable efficient traffic separation and provide excellent bandwidth utilization. VLANs also alleviate scaling issues by logically segmenting the physical LAN structure into different subnetworks so that packets are switched only between ports within the same VLAN. This can be very useful for security, broadcast containment, and accounting.
Layer 3 switching software supports a port-based VLAN on a trunk port, which is a port that carries the traffic of multiple VLANs. Each frame transmitted on a trunk link is tagged as belonging to only one VLAN.
Layer 3 switching software supports VLAN frame encapsulation through the Inter-Switch Link (ISL) protocol and the 802.1Q standard.
ISL is a Cisco protocol for interconnecting multiple switches and maintaining VLAN information as traffic travels between switches.
The VLAN configuration example shown in Figure 4-2 depicts the following:
To configure the Layer 3 VLANs shown in Figure 4-2, use the procedure in Table 4-5.
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# interface fa x/0/z.subinterface | From global configuration mode, enter subinterface configuration mode. | ||
| Router(config-subif)# encap isl vlan-id | |||
| Router(config-subif)# bridge-group number | Note When you are configuring VLAN routing, skip this step. | ||
| Router(config-subif)# interface fa x/0/z | Enter interface configuration mode to configure the Fast Ethernet main interface. | ||
| Router(config-if)# bridge-group number | Assign the main interface to the bridge group. | ||
| Router(config-if)# exit | Return to global configuration mode. | ||
| Router(config)# bridge number protocol ieee | Specify that the bridge group will use the IEEE Ethernet Spanning-Tree Protocol. |
The following example shows how to configure the interfaces for VLAN bridging with ISL encapsulation shown in Figure 4-2:
Router(config)#interface fa 1/0/1.1Router(config-subif)#encap isl 50Router(config-subif)#bridge-group 1Router(config-subif)#interface fa 1/0/0Router(config-if)#bridge-group 1Router(config-if)#exitRouter(config)#bridge 1 protocol ieeeRouter(config)#interface fa 1/0/1.2Router(config-subif)#encap isl 100Router(config-subif)#bridge-group 2Router(config-subif)#interface fa 3/0/1Router(config-subif)#bridge-group 2Router(config-subif)#exitRouter(config)#bridge 2 protocol ieeeRouter(config)#exitRouter#copy running-config startup-config
The maximum VLAN bridge group values are as follows:
To monitor the VLANs once they are configured, use the commands in Table 4-7.
The IEEE 802.1Q standard provides a method for secure bridging of data across a shared backbone. IEEE 802.1Q VLAN encapsulation uses an internal, or one level, packet tagging scheme to multiplex VLANs across a single physical link, while maintaining strict adherence to the individual VLAN domains.
On an IEEE 802.1Q trunk port, all transmitted and received frames are tagged except for those on the one VLAN configured as the PVID (port VLAN identifier) or native VLAN for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged.
The VLAN configuration example shown in Figure 4-3 depicts the following:
Table 4-6 shows how to configure the bridging between native VLAN 1 and non-native VLAN 100 depicted in Figure 4-3.
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# interface fa x/0/z.subinterface | From global configuration mode, enter subinterface configuration mode. | ||
| Router(config-subif)# encap dot1q vlan-id native | |||
| Router(config-subif)# bridge-group number | Assign the subinterface a bridge group number. Note When you are configuring VLAN routing, skip this step. | ||
| Router(config-subif)# interface fa x/0/z | Enter interface configuration mode to configure the Fast Ethernet main interface. | ||
| Router(config-if)# bridge-group number | Assign the main interface to the bridge group. | ||
| Router(config-if)# exit | Return to global configuration mode. | ||
| Router(config)# bridge number protocol ieee | Specify that the bridge group will use the IEEE Ethernet Spanning-Tree Protocol. |
The following example shows how to configure the bridging between native and non-native 802.1Q VLANS shown in Figure 4-3:
Router(config)#interface fa 1/0/1.1Router(config-subif)#encap dot1q 1 nativeRouter(config-subif)#bridge-group 1Router(config-subif)#interface fa 1/0/0Router(config-if)#bridge-group 1Router(config-if)#exitRouter(config)#bridge 1 protocol ieeeRouter(config)#interface fa 1/0/1.2Router(config-subif)#encap dot1q 100Router(config-subif)#bridge-group 2Router(config-subif)#interface fa 3/0/1Router(config-subif)#bridge-group 2Router(config-subif)#exitRouter(config)#bridge 2 protocol ieeeRouter(config)#exitRouter#copy running-config startup-config
Once the VLANs are configured on the switch router, you can monitor their operation using the commands in Table 4-7.
| Command | Purpose |
|---|---|
show vlan vlan-id | Display information on all configured VLANs or on a specific VLAN (by VLAN ID number). |
clear vlan vlan-id | Clear the counters for all VLANs, when the VLAN ID is not specified. |
debug vlan packet | Display contents of the packets sent to and exiting from the route processor. |
To configure encapsulation over the EtherChannel, see the "About Encapsulation over EtherChannel" section.
Port snooping augments the first four RMON groups (mini-RMON). For a description of RMON, see the "Remote Monitoring" section.
Port-based snooping features include the following:
The following restrictions apply to port snooping:
The snooping destination port can be any port in the system, except for the management port on the route processor (Ethernet0) and ports configured for Fast EtherChannel. Typically, the destination port has a network analyzer or RMON probe attached to it.
When in snooping mode, all the existing connections to the snooping destination port are set to the down state, and the snooping destination port cannot perform any Layer 2 or Layer 3 operations in this state. The receive side of the snooping destination port is also disabled when in snooping mode. The snooping destination port resumes normal operation only when snooping mode is disabled.
A source port is a port monitored by the snooping operation. The snooping source port can be on any interface module.
The normal operation of a snooping source port is not altered during snooping operations. Any port with bandwidth less than or equal to the bandwidth of the snooping destination port can function as a snooping source port.
Layer 3 switching software supports snooping from multiple source ports to a destination port. The total bandwidth of the snooping source ports must not exceed the bandwidth of the snooping destination port. For example, up to ten Fast Ethernet ports can be configured as snooping source ports to a 1-Gb Ethernet destination port.
To enable port-based snooping on an interface, follow the procedure in Table 4-8.
| Step | Command | Purpose |
|---|---|---|
| 1 | Router(config)# interface destination-port | From global configuration mode, define the interface configuration for the destination (test) port. |
| 2 | Router(config-if)# shutdown | Shut down the destination port. |
| 3 | Router(config-if)# snoop interface source-port direction {receive | transmit | both} | |
| 4 | Router(config-if)# no shutdown | When you bring the destination port back up, snooping mode is fully functional. |
| 5 | Router# copy running-config startup-config | Save your configuration changes to NVRAM. |
To disable port-based snooping on an interface, follow the procedure in Table 4-9.
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# interface destination-port | Go to the interface previously configured as the destination port. Use the standard interface addressing nomenclature: fa x/0z or gi x/0/z. | ||
| Router(config-if)# shutdown | Shut down the destination port. | ||
| Router(config-if)# no snoop interface source-port | The no snoop interface command disables port snooping by the destination port defined in Step 1 on the indicated source port. | ||
| Router(config-if)# no shutdown | When you bring the destination port back up, snooping mode is disabled and any existing configuration and connections are reestablished. | ||
| Router# copy running-config startup-config | Save your configuration changes to NVRAM. |
To monitor the current snooping mode configuration and status, use the commands in Table 4-10.
| Command | Purpose |
|---|---|
show snoop interface destination-port | Display whether the indicated destination port is in snooping mode. If so, it indicates the source (monitored) port and the snooping direction. |
show snoop | Display all the snoop sessions configured on the system. |
show snoop-vc interface destination-port | Display the list of virtual circuits that are being monitored by the destination port. |
Now that you have configured the interfaces on your switch router, see "Networking Protocol Configurations," for instructions on configuring network and routing protocols.
Posted: Wed Dec 22 14:10:20 PST 1999
Copyright 1989-1999©Cisco Systems Inc.