Configuring the Catalyst 8500 Software

• A map of your network topology

• The network protocols you are supporting: IP or Novell IPX (or both)

• The routing protocol you will use for each network protocol

• The IP or IPX addresses and the IP subnet masks for each network interface

• The IP addressing plan for each network protocol

A switch router initially refers to entries about networks or subnetworks that are directly connected. Each interface must be configured with an IP address and IP subnet mask, which the network administrator enters into a configuration file.

The high-level router configuration tasks are as follows:

Step 1 Set up the hardware as described in the Catalyst 8510 Chassis Installation Guide or the Catalyst 8540 Chassis Installation Guide.

Step 2 Initially configure the software as described later in this chapter.

Step 3 Configure any interface or interface management tasks as described in this chapter.

Step 4 Configure protocol-specific features on your switch router as described in the appropriate chapters of the other Cisco IOS software configuration guides.

Step 5 If desired, perform system management tasks to monitor and fine-tune the performance of your switch router in the network.

To use the CLI, your terminal must be connected to the switch router through the console port or one of the TTY lines. By default, the terminal is configured to a basic configuration, which should work for most terminal sessions. However, you may want to alter the terminal settings.

Step 1 Connect a console terminal to the Catalyst 8500 campus switch router, then power up the system.

For instructions, see the Catalyst 8510 Campus Switch Router Processor and Line Module Installation Guide or the Catalyst 8540 Campus Switch Router Processor and Line Module Installation Guide.

Step 2 When you are prompted to enter the initial dialog, answer no to enter configuration mode:

Would you like to enter the initial dialog? [yes]: no

The following user EXEC prompt appears: Router>

Step 3 To access privileged EXEC mode, enter the enable command.

Router> enable

The prompt changes to the privileged EXEC (enable) prompt:

Router#

Step 4 To access configuration mode, enter the configure terminal command:

Router# configure terminal

You can now enter any changes you want to the factory-default configuration file. To exit configuration mode, press Ctrl-Z.

Router# show running-config

To see the configuration in NVRAM, enter the show startup-config command:

Router# show startup-config

The virtual interfaces that Cisco campus switch routers support include subinterfaces and IP tunnels. Configuring multiple virtual interfaces, or subinterfaces, on a single physical interface allows greater flexibility and connectivity on the network. A subinterface is a mechanism that allows a single physical interface to support multiple logical interfaces or networks. That is, several logical interfaces or networks can be associated with a single hardware interface.

To configure an interface, follow these steps:

Step 1 Begin interface configuration in global configuration mode.

Step 2 Enter the configure command at the privileged EXEC prompt to enter global configuration mode.

Step 3 Once in the global configuration mode, start configuring the interface by entering the interface command.

Step 4 Identify the interface type followed by the slot number of the line module, the number 0, and the port number.

For example, to configure the Fast Ethernet port on slot 1, port 2, you enter this command:

Router# interface fa 1/0/2

See the next section, "Configuring the Catalyst 8500 Interfaces," for more information on the physical interface addresses.

     Router# show interfaces 
     Ethernet 0/0/0 is up, line protocol is up 
     Hardware is Sonict, address is 172.68.16.0/24
     MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255 
     Encapsulation ARPA, loopback not set, keepalive set (10 sec) 

Step 5 Follow each interface command with the interface configuration commands your particular interface requires.

The commands you enter define the protocols and applications that will run on the interface. The commands are collected and applied to the interface command until you enter another interface command, a command that is not an interface configuration command, or you enter Ctrl-Z to get out of configuration mode and return to privileged EXEC mode.

Step 6 Once an interface is configured, you can check its status by entering the show commands provided at the end of each configuration section.

A second type of address is the Media Access Control (MAC) address or hardware address, which is a standard data link layer address required for every port or device that connects to a network. Other devices in the network use these addresses to locate specific ports in the network and to create and update routing tables and data structures.

slot number/0/port number

The first number identifies the slot in which the line module is installed. Module slots are numbered 0 to 12, from top to bottom.

The second number indicates the line module. When the module consists of a single card---as in the case of the Catalyst 8500 campus switch router---this number is always 0.

The interface ports on the Ethernet modules maintain the same address regardless of whether other modules are installed or removed. However, when you move a line module to a different slot, the first number in the address changes to reflect the new slot number.

1. Specify an Ethernet, Fast Ethernet, or Gigabit Ethernet interface.

2. Specify an Ethernet encapsulation method.

3. Specify virtual LANs (VLANs).

Step	Command	Description
1	8500# enable Password: password	Enter privileged EXEC mode, then enter the enable password.
2	8500# config terminal 8500(config)#	Enter global configuration mode.
3	8500(config)# interface fa x/0/z 8500(config-if)#	Enter Ethernet interface configuration mode to configure the appropriate Fast Ethernet interface.
4	8500(config-if)# ip address 172.68.16.0 255.255.255.0	Enter the IP address and IP subnet mask to be assigned to the FastEthernet x/0/z interface.
5	8500(config-if)# [no] speed [10 | 100 | auto]	Configure the transmission speed for 10 or 100 Mbps. If you set the speed for auto, you enable autonegotiation on the system---the switch router matches the speed of the partner node. For more information on autonegotiation, see below.
6	8500(config-if)# [no] duplex [full | half | auto]	Configure for full or half duplex. If you set duplex for auto, the switch router matches the duplex setting of the partner node.
7	8500(config-if)# Ctrl-Z 8500#	Return to privileged EXEC mode.

(config-if)# speed auto

When this command is disabled, the saved values for port speed are restored. The speed auto command is unique to the Catalyst 8500 family of switch routers.

Table 4-1: Monitoring 10/100 BaseT Operation

Monitoring Commands	Function
show arp	Verify that you have assigned the correct IP address.
show interface fa x/0/z	Displays the status and global parameters associated with an interface. Enter this command to verify the configured port speed and duplex operation.

Step	Command	Description
1	8500(config)# interface gi x/0/z 8500(config-if)#	From global configuration mode, enter Ethernet interface configuration mode to configure the gigabit Ethernet interface.
2	8500(config-if)# ip address 172.68.16.0 255.255.255.0	Enter the IP address and IP subnet mask to be assigned to the gigabit Ethernet x/0/z interface.
3	8500(config-if)# [no] negotiation auto	When you set negotiation mode to auto, the gigabit port attempts to negotiate the link (that is, both port speed and duplex setting) with the partner port. When you set the gigabit interface to no negotiation auto, the port forces the link up no matter what the partner port setting is. This brings up the link with 1000 Mbps and full duplex only.
4	8500(config-if)# Ctrl-Z 8500#	Return to privileged EXEC mode.

VLANs enable efficient traffic separation and provide excellent bandwidth utilization. VLANs also alleviate scaling issues by logically segmenting the physical LAN structure into different subnetworks so that packets are switched only between ports within the same VLAN. This can be very useful for security, broadcast containment, and accounting.

The Catalyst 8500 supports VLAN frame encapsulation via the Inter-Switch Link (ISL) protocol and the 802.1q standard.

To configure VLANs on the Catalyst 8500 campus switch router as shown in this example, follow these steps:

Step	Command	Description
1	8500# enable Password: password	Enter privileged EXEC mode, then enter the enable password.
2	8500# config terminal 8500(config)#	Enter global configuration mode.
3	8500(config)# interface fa 1/0/2.1 8500(config-subif)#	Enter Ethernet subinterface configuration mode to configure the Fast Ethernet subinterface fa1/0/2.1.
4	8500(config-subif)# encap isl 50 or 8500(config-subif)# encap dot1q 50	Using ISL or 802.1q, encapsulate the Ethernet frames sent from subinterface fa 1/0/2.1 with a header that maintains VLAN ID 50 between network nodes.
5	8500(config-subif)# bridge-group 1	Assign VLAN 50 to bridge group 1. Note When you are configuring VLAN routing, skip this step.
6	8500(config-subif)# interface fa 1/0/2.2	Proceed to configure the Fast Ethernet subinterface fa1/0/2.2.
7	8500(config-subif)# encap isl 100	Assign subinterface fa 1/0/2.2 to VLAN 100.
8	8500(config-subif)# bridge-group 2	Assign VLAN 100 to bridge group 2.
9	8500(config-subif)# Ctrl-Z 8500#	Return to privileged EXEC mode.

• Maximum number of bridge groups: 64

• Maximum number of interfaces per bridge group: 32

• Maximum number of subinterfaces per system: 255

Table 4-2: VLAN Monitoring and Troubleshooting Commands

Monitoring Commands	Displays
show vlan vlan_id	Information on all configured VLANs or on a specific VLAN (by VLAN ID number).
clear vlan vlan_id	When the VLAN ID is not specified, this command clears the counters for all VLANs.
Troubleshooting Command
debug vlan packet	Contents of the packets sent to and exiting from the route processor.

The global tasks include:

• Select a routing protocol, such as the Enhanced Interior Gateway Routing Protocol (EIGRP) or the Routing Information Protocol (RIP).

• Assign IP network numbers without specifying subnet values.

To configure the interface, assign network and subnetwork addresses and the appropriate IP subnet mask.

EIGRP saves bandwidth by sending routing updates only when routing information changes. The updates contain only information about the link that changed, not the entire routing table. EIGRP also takes into consideration the available bandwidth when determining the rate at which it transmits updates.

Step	Command	Description
1	8500(config)# interface fa x/0/z 8500(config-if)#	From global configuration mode, enter Ethernet interface configuration mode to configure a particular Fast Ethernet interface.
2	8500(config-if)# ip address ip_address subnet_mask	Assign an IP address and subnet mask to the interface.
3	8500(config-if)# exit	Exit interface configuration mode and step back one level to global configuration mode.
4	8500(config)# router rip 8500(config-router)#	Use the switch router rip command to define RIP as the routing protocol and start the RIP routing process.
5	8500(config-router)# network net_number 8500(config-router)# exit 8500(config)#	The network command specifies a directly connected network based on the Network Information Center (NIC) network number---not a subnet number or individual address. The routing process associates interfaces with the appropriate addresses and begins processing packets on the specified network.
6	8500# router igrp autonomous_system_number 8500(config-router)#	Use the router igrp command to define IGRP as the IP routing protocol. The autonomous system number is the autonomous system to which this switch router belongs.
7	8500(config-router) # network net_number 8500(config-router)# exit 8500(config)#	The network command defines the directly connected networks that run IGRP.
8	8500(config)# router eigrp autonomous_system_number	Use the router eigrp command to define EIGRP as the IP routing protocol. The autonomous system number is the autonomous system to which this switch router belongs.
9	8500(config-router)# network net_number	Use the network command to define the directly connected networks that run EIGRP. The network number is the number of the network that is advertised by this switch router.
10	8500(config)# router ospf process_ID 8500(config-router)#	Use the router ospf command to define OSPF as the IP routing protocol. The process ID identifies a unique OSPF router process. This number is internal to the switch router only; the process ID does not have to match the process IDs on other routers.
11	8500(config-router)# network net_address | wildcard_mask area area_ID 8500(config-router)# Ctrl-Z 8500#	The network area command is a way of assigning an interface to a specific area. The network address is the address of directly connected networks or subnets. The wildcard mask is an inverse mask used to compare a given address with interface addressing to determine whether OSPF will use this interface. The area parameter identifies the interface as belonging to an area. The area ID specifies the area to be associated with the network address.

Table 4-3: IP Monitoring and Troubleshooting Commands

Monitoring Commands	Displays
show ip protocol	Values about routing timers and network information associated with the entire router. Use this information to identify a router that is suspected of delivering bad router information.
show ip route	Contents of the IP routing table. The routing table contains entries for all known networks and subnetworks, and contains a code that indicates how that information was learned.
show ip interfaces	The status and global parameters associated with an interface. The Cisco IOS automatically enters a directly connected route in the routing table if the interface is one through which a protocol can send and receive packets. Such an interface is marked "up." If the interface is unusable, it is removed from the routing table.
Troubleshooting Command
debug ip rip	RIP routing updates as the updates are sent and received.
debug lss ipucast events | errors | reload	Updates sent to the line module for the IP switching control layer.

• A datagram, connectionless protocol that does not require an acknowledgment for each packet

• A layer 3 (network) protocol that defines the internetwork and internode addresses

• A router specification used to identify the Novell NetWare protocol suite

• Routing Information Protocol (RIP). Facilitates the exchange of routing information

• NetWare Core Protocol (NCP). Provides client-to-server connections and applications

• Sequenced Packet Exchange (SPX). Service for Layer 4 (Transport) connection-oriented services

• Service Advertising Protocol (SAP). Advertises NetWare services and addresses, which makes service availability dynamic

The network number is a 4-byte (32-bit) number that identifies the physical network. The network number is expressed in hexadecimal and must be unique throughout the entire IPX internetwork. When configuring an IPX network number, you can omit the leading zeros.

Since both the network number and the host address are needed to deliver traffic to a host, addresses are usually given as network numbers, followed by host addresses, separated with dots, as in the example: 4a.0000.0c00.23fe. In this example, the network number is 4a, and the host address is 0000.0c00.23fe.

The serial interface does not have a MAC address. It uses the default Novell node address, which is the MAC address of the first activated interface.

1. Start the IPX routing process.

2. Enable load sharing if appropriate for your network.

The interface configuration tasks are:

You can assign multiple network numbers to an interface, allowing support of different encapsulation types. The IPX network number is the number of the Novell network to which the interface is attached. IPX packets received on an interface that does not have a network number are ignored.

2. Set the optional encapsulation type, if it is different from the default.

This section does not describe IPX configuration in detail. Please refer to the IPX documentation on the Cisco Documentation CD for detailed conceptual and configuration information.

Step	Command	Description
1	8500(config)# ipx routing [node]	From global configuration mode, select IPX as the routing protocol and start the routing process. If no node address is specified, the switch router uses the MAC address of the interface.
2	8500(config)# ipx maximum-paths number	Allow load sharing over parallel metric paths to the destination. The maximum number of parallel paths is 2; the default number is 1.
3	8500(config)# interface fa x/0/z 8500(config-if)#	Enter Ethernet interface configuration mode to configure the Fast Ethernet interface.
4	8500(config-if)# ipx network number [encapsulation {type}] [secondary]	Each interface must have a unique hexadecimal IPX network number (up to 8 numbers in length). The encapsulation type is optional. You can specify one of the following types: novell-ether (the default), sap, arpa, or snap.
5	8500(config-if)# Ctrl-Z 8500#	Return to privileged EXEC mode.

Once IPX routing is configured, you can monitor and troubleshoot the protocol operation using the following commands:

Table 4-4: IPX Monitoring Commands

Monitoring Commands	Displays
show ipx cache	The contents of the iPX fast-switching cache.
show ipx interfaces	Status and parameters of the interfaces configured for IPX
show ipx interface fa x/0/z	Status and parameters for the specified Fast Ethernet IPX interface
show ipx route	Contents of the IPX routing table
show ipx servers	The list of IPX servers discovered through SAP advertisements, plus the network address, port number, and the number of hops and ticks to the server
show ipx traffic	Number and type of IPX packets transmitted and received, as well as the number of broadcasts, SAPs, and routing packets received

Table 4-5: IPX Troubleshooting Commands

Troubleshooting Commands	Displays
debug ipx routing activity	Information about RIP update packets
debug ipx sap	Information about SAP update packets

IP multicast routing arose because unicast and broadcast techniques do not effectively handle the requirements of new applications. In addition, multicast addressing supports transmission of a single IP datagram to multiple hosts.

The routing protocols that the switch router uses to discover multicast groups and build routes for each group follow:

• Protocol Independent Multicast (PIM)

• Distance Vector Multicast Routing Protocol (DVMRP)

• Constrained Multicast Flooding (CMF)

The Catalyst 8500 supports interoperability with routers configured for DVMRP.

• Senders and receivers are in close proximity to each other.

• The internetwork has fewer senders than receivers.

• The stream of multicast traffic is constant.

When a sender wants to send data, it first sends the data to the rendezvous point. When a router is ready to receive data, it registers with the rendezvous point. After the data stream begins to flow from the sender to the rendezvous point and then to the receiver, routers in the data path optimize the path by automatically removing any unnecessary hops, including the rendezvous point.

PIM sparse mode is optimized for environments in which there are many multipoint data streams and each multicast stream goes to a relatively small number of LANs in the internetwork. PIM sparse mode is most useful under these conditions:

• There are few receivers in the group.

• Senders and receivers are separated by WAN links.

• The stream of multicast traffic is intermittent.

Step	Command	Description
1	8500(config)# ip multicast-routing	From global configuration mode, enable IP multicast on the Catalyst 8500.
2	8500(config)# interface fa x/0/z 8500(config-if)#	Enter Ethernet interface configuration mode to configure the Fast Ethernet interface.
3	8500(config-if)# ip address ip_address subnet_mask	Assign an IP address and subnet mask to the interface.
4	8500(config-if)# ip pim [dense-mode | sparse mode | sparse-dense-mode]	Enter this command on each interface on which you want to run IP multicast routing. Note that you must indicate dense-mode, sparse-mode, or sparse-dense mode (for internetworks that include both cases).
5	8500(config-if)# Ctrl-Z 8500#	Return to privileged EXEC mode.

Table 4-6: Verifying and Troubleshooting Multicast Operation

Monitoring Commands	Displays
show ip mroute	Complete multicast routing table
show ip mroute count	Combined statistics of packets processed by the RP and the Ethernet line modules
show epc if-entry interface fa x/0/z entry fa x/0/z	The interface table entry for the indicated ingress interface on the egress interface The IP multicast routing flag The IP multicast ttl-threshold
show epc cam int interface fa x/0/z 0 1	The number of forwarding entries in a line module's content-addressable memory (CAM)
show epc ipmcast all int interface fa x/0/z	All forwarding entries in a line module's CAM
show epc ipmcast group_address [all | detail] interface fa x/0/z	A particular forwarding entry in a line module's CAM All---all forwarding entries in this group Detail---virtual circuit information
show epc ipmcast group_address source_address [detail] int interface fa x/0/z	A particular forwarding entry in a line module's CAM Detail---virtual circuit information
show epc patricia int interface fa x/0/z ipmcast [detail]	The IP multicast entries in the line module
Troubleshooting Command
debug lss ipmcast events | errors | reload	Updates sent to the line module for the IP switching control layer

The Catalyst 8500 campus switch router can be configured to serve as both an IP and IPX router and a MAC-level bridge, bridging any traffic that cannot otherwise be routed. For example, a router routing IP traffic can also bridge the Digital local-area transport (LAT) protocol or NetBIOS traffic.

• Global configuration

  • Select Spanning-Tree Protocol.

  • Assign a priority to the bridge (optional).

• Interface configuration

  • Determine which interfaces that you want to belong to the same bridge group.

  These interfaces will be part of the same spanning tree. This allows the switch router to bridge all nonrouted traffic among the network interfaces comprising the bridge group. Interfaces not participating in a bridge group cannot forward bridged traffic.
  

  If the packet's destination address is known in the bridge table, it is forwarded on a single interface in the bridge group. If the packet's destination is unknown in the bridge table, it is flooded on all forwarding interfaces in the bridge group. The bridge places source addresses in the bridge table as it learns them during the process of bridging.
  

  A separate spanning-tree process runs for each configured bridge group. Each bridge group participates in a separate spanning tree. A bridge group establishes a spanning tree based on the BPDUs it receives on only its member interfaces.
  

  • Assign a cost to the outgoing interface (optional).

For additional transparent bridging configuration tasks, such as configuring bridged VLANs and routing between VLANs, as well as adjusting the Spanning-Tree Protocol, refer to the Cisco IOS documents on those subjects.

Because bridging is in the data-link layer (Layer 2) and routing is in the network layer (Layer 3), they have different protocol configuration models. With IP, for example, bridge group interfaces belong to the same network and have a collective IP network address. In contrast, each routed interface represents a distinct network and has its own IP network address. Integrated routing and bridging uses the concept of a Bridge Group Virtual Interface (BVI) to enable these interfaces to exchange packets for a given protocol.

The Catalyst 8500 campus switch router supports the routing of IP and IPX between routed interfaces and bridged interfaces in the same router, in both fast-switching and process-switching paths.

• The default route/bridge behavior in a bridge group when IRB is enabled is to bridge all packets. Make sure you explicitly configure routing on the BVI for protocols that you want routed.

• Packets of nonroutable protocols such as local-area transport (LAT) are always bridged. You cannot disable bridging for the nonroutable traffic.

• When using IRB to bridge and route a given protocol, no protocol attributes should be configured on the bridged interfaces. Bridging attributes cannot be configured on the BVI.

• Because bridges link several segments into one big and flat network and you want to bridge the packet coming from a routed interface among bridged interfaces, the whole bridge group should be represented by one network-layer segment---in the switch router, an interface.

• The BVI has default data-link and network-layer encapsulations. These encapsulations are the same as on the Ethernet, except that you can configure the BVI with some encapsulations that are not supported on a normal Ethernet interface.

1. Configuring bridge groups and routed interfaces

(a) Enable bridging

(b) Assign bridge groups to interfaces

(c) Configure routing for desired protocols

2. Configuring IRB and the BVI

(a) Enable IRB

(b) Configure the BVI

(c) Enable the BVI to accept routed packets

(d) Enable routing on the BVI for desired protocols

The packet is routed to the BVI.From the BVI, the packet is forwarded to the bridging engine. From the bridging engine, the packet exits through a bridged interface.

Similarly, packets that come in on a bridged interface but are sent to a host on a routed interface go first to the BVI. Then the BVI forwards the packets to the routing engine before sending them out on the routed interface.

Step	Command	Description
Configuring Bridge Groups and Routed Interfaces
1	8500(config)# bridge bridge_group protocol ieee	From global configuration mode, define one or more bridge groups.
2	8500(config)# interface fa x/0/z 8500(config-if)#	Enter Ethernet interface configuration mode to configure the Fast Ethernet interface.
3	8500(config-if)# bridge-group bridge_group	Assign bridge groups to appropriate interfaces.
4	8500(config-if)# exit 8500(config)#	Return to global configuration mode.
Configuring IRB and BVI
1	8500(config)# bridge irb	Enable IRB. This provides for the ability to route traffic from the bridged interfaces.
2	8500(config)# interface bvi bridge_group	Configure the BVI by assigning the corresponding bridge group's number to the BVI. Each bridge group can only have one corresponding BVI.
3	8500(config)# bridge bridge_group route protocol	Enable a BVI to accept and route routable packets received from its corresponding bridge group. You must issue this command for each protocol that you want the BVI to route from its corresponding bridge group to other routed interfaces.
4	8500(config-if)# ip address ip_address_mask	Configure protocol addresses on routed interfaces. This step shows an example for IP.
5	8500(config)#	Optionally, you can configure additional routing attributes to the BVI.

Table 4-8: Verifying IRB Operation

Monitoring Commands	Displays
show interfaces bvi interface_name	Information about the BVI such as the BVI MAC address and processing statistics
show interfaces irb	Information about the BVI: Protocols that this bridged interface can route to the other routed interface if this packet is routable Protocols that this bridged interface bridges Entries in the software MAC-address filter

• Logical aggregation of bandwidth

• Load balancing

• Fault tolerance

The Catalyst 8500 campus switch router supports Fast EtherChannel (FEC) and Gigabit EtherChannel (GEC).

1. Create an EtherChannel (port-channel) and assign a network (IP or IPX) address.

2. Assign the Fast Ethernet or gigabit Ethernet interfaces (up to four) to the port-channel.

Step	Command	Description
1	8500(config)# interface port-channel channel_number	Create the EtherChannel interface. The channel number can be from 1 to 64 for FEC and GEC.
2	8500(config-if)# ip address ip_address subnet_mask	Assign an IP address and subnet mask to the Fast EtherChannel interface. For IPX, use the ipx network network_number command.
3	8500(config-if)# exit 8500(config)#	Exit this mode. Optionally, you can remain in interface configuration mode and enable other supported interface commands to meet your requirements.

For information on other configuration tasks for the EtherChannel, refer to the section "Configure an Ethernet or Fast Ethernet Interface" in the chapter "Configuring Interfaces" of the Configuration Fundamentals Configuration Guide.

Step	Command	Description
1	8500(config)# interface fa x/0/z 8500(config-if)# or 8500(config)# interface gi x/0/z 8500(config-if)#	Enter Ethernet interface configuration mode to configure the Fast Ethernet or gigabit Ethernet interface you want to assign to the EtherChannel. You can assign any interface on any line module installed on the system to the EtherChannel.
2	8500(config-if)# no ip address	If the Fast Ethernet or gigabit Ethernet interface already exists and has an IP address assigned, disable the IP address before performing the next step. The Ethernet interface uses the IP address assigned to the EtherChannel interface.
3	8500(config-if)# channel-group channel_number	Assign the Fast Ethernet or gigabit Ethernet interfaces to the EtherChannel. The channel number must be the same channel number you assigned to the EtherChannel interface.
4	8500(config-if)# exit	Exit interface configuration mode and repeat Steps 3 through 6 to add up to four Fast Ethernet or gigabit Ethernet interfaces to the Fast EtherChannel.

Caution The EtherChannel interface is the routed interface. Do not enable Layer 3 addresses on the physical Fast Ethernet or gigabit Ethernet interfaces. Do not assign bridge groups on the physical Fast Ethernet or gigabit Ethernet interfaces because doing so creates loops. Finally, you must disable the Spanning-Tree Protocol.

Step	Command	Description
1	8500(config)# interface fa x/0/z 8500(config-if)# or 8500(config)# interface gi x/0/z 8500(config-if)#	Enter Ethernet interface configuration mode and specify the Fast Ethernet or gigabit Ethernet interface you want to remove from the EtherChannel.
2	8500(config-if)# no channel-group	Remove the interface from the channel group.
3	8500(config-if)# Ctrl-Z	Return to privileged EXEC mode.

The Cisco IOS software automatically removes a Fast Ethernet or gigabit Ethernet interface from the EtherChannel if the interface goes down, and the software automatically adds the interface to the EtherChannel when the interface is back up.

Currently, EtherChannel relies on keepalives to detect whether the line protocol is up or down. Keepalives are enabled by default on the Fast Ethernet and gigabit Ethernet interfaces. If the line protocol on the interface goes down because it did not receive a keepalive signal, the EtherChannel detects that the line protocol is down and removes the interface from the EtherChannel.

However, if the line protocol remains up because keepalives are disabled on the Fast Ethernet or gigabit Ethernet interface, the EtherChannel cannot detect this link failure (other than a cable disconnect) and does not remove the interface from the EtherChannel even if the line protocol goes down. This can result in unpredictable behavior.

To configure encapsulation over Fast EtherChannel or gigabit EtherChannel, follow these steps:

Step	Command	Description
1	8500(config)# interface port-channel channel_number	From global configuration mode, create the EtherChannel (or port-channel) virtual interface. The channel number can be from 1 to 64 for FEC and GEC.
2	8500(config)# interface fa x/0/z 8500(config-if)# or 8500(config)# interface gi x/0/z 8500(config-if)#	Configure the port-channel member.
3	8500(config-if)# channel-group channel_number	Up to four interfaces can be added to the EtherChannel.
4	8500(config)# interface port-channel channel_number.subinterface_number	Configure the subinterface on the port-channel.
5	8500(config-if)# encap isl VLAN_ID	Assign the ISL encapsulation to the subinterface.
6	8500(config-if)# ip address ip_address subnet_mask	Assign the protocol IP address and subnet mask to the subinterface.
7	8500(config-if)# exit 8500(config)#	Exit this mode. Optionally, you can remain in interface configuration mode and enable other supported interface commands to meet your requirements.

To save your configuration changes to NVRAM so that they are not lost during a power cycle or power outage, take these steps:

Step	Command	Description
1	8500# show running-config	Check the settings you have configured so far.
2	8500# copy running-config startup-config	If the settings are what you want, save the configuration to NVRAM.