Catalyst 4003 and 4006 Layer 3 Services Module Installation and Configuration Note

For a complete description of commands to configure and maintain Catalyst 4003 and Catalyst 4006 switches, refer to the Software Configuration Guide and Command Reference publications for your switch. For complete switch hardware configuration and maintenance procedures, refer to the Catalyst 4003 and 4006 Switch Installation Guide. These documents are available on the Documentation CD-ROM, or in print.

Document Contents

This document contains these sections:

Software Requirements

To obtain the software requirements for the Catalyst 4003 and 4006 Layer 3 Services module, take the following action:

The Catalyst 4003 and 4006 Layer 3 Services module requires IOS software version 12.0(7)W5(15d) or later.
The Catalyst 4006 supervisor engine requires software version 5.5(1) or later.

Features

The Catalyst 4003 and 4006 Layer 3 Services module provides multilprotocol switching and routing for the Catalyst 4000 family switches. The 32 10/100 Ethernet interfaces provide full Layer 2 feature support and the Layer 3 Gigabit Ethernet interfaces support Cisco IOS Layer 3 routing, switching, and forwarding. For a complete list of the feature support, refer to the Release Notes for Catalyst 4000 Family Layer 3 Services Module Cisco IOS Release 12.0(7)W5(15d).

Refer to the Software Configuration Guide for your switch for information on feature support on the Catalyst 4000 family switches.

Functional Description

The Catalyst 4003 and 4006 Layer 3 Services module is a 32-port Layer 2 10/100 Ethernet module with a 4-port Gigabit Ethernet Layer 3 uplink module. The Catalyst 4003 and 4006 Layer 3 Services module provides interVLAN routing for the Catalyst 4000 family switch and provides Layer 3 switching between the Gigabit Ethernet interfaces.

The Catalyst 4003 and 4006 Layer 3 Services module occupies a single slot in the chassis and has two internal full-duplex Gigabit Ethernet interfaces that connect directly to the Catalyst 4000 family switch backplane to provide routing capability.

The 32 10/100 Ethernet interfaces are controlled by the Catalyst 4000 switch supervisor engine. Refer to the Software Configuration Guide for your switch for Layer 2 configuration information. The two external and two internal Gigabit Ethernet interfaces are configured from the Layer 3 services module console. To configure the Layer 3 services module for interVLAN routing, you also must configure the internal Layer 2 Gigabit Ethernet interfaces from the supervisor engine console.

You can group the two internal Gigabit Ethernet interfaces into a single Gigabit EtherChannel or configure them as independent interfaces (links). If channeled, the internal Gigabit Ethernet channel supports trunking using the IEEE 802.1Q protocol. You also can configure each Gigabit Ethernet interface (link) independently as a separate VLAN trunk or nontrunked routed interface.

Front Panel Description

Figure 1 shows the Layer 3 services module front panel. The front panel features are described in more detail in the following sections.

Figure 1: Layer 3 Services Module

LEDs

Table 1 describes the LEDs on the Catalyst 4003 and 4006 Layer 3 Services module.

Table 1: Layer 3 Services Module LED Descriptions

LED State Description

STATUS (module)

This LED displays the results of a series of self-tests and diagnostic tests performed by the switch.

Green

All the tests pass.

Red

A test other than an individual port test failed.

Orange

System boot, self-test diagnostics running, or the module is disabled.

LINK

This LED displays the 10/100MGT port status.

Green

A signal is detected.

Off

No signal is detected.

Port Number
G1 and G2¹

These LEDs display individual Gigabit Ethernet port status.

Green

A 1000Mbs link is detected.

Off

No signal is detected.

Port Number 3-34²

These LEDs display individual 10/100 Ethernet port status.

Green

A 100Mbs link is detected.

Orange

A 10Mbs link is detected.

Off

No signal is detected.

¹Each port has an LED labeled with the port number associated with it. This is the link LED that indicates port status.
²Each port has an LED labeled with the port number associated with it. This is the link LED that indicates port status.

LED	State	Description
STATUS (module)		This LED displays the results of a series of self-tests and diagnostic tests performed by the switch.
	Green	All the tests pass.
	Red	A test other than an individual port test failed.
	Orange	System boot, self-test diagnostics running, or the module is disabled.
LINK		This LED displays the 10/100MGT port status.
	Green	A signal is detected.
	Off	No signal is detected.
Port Number G1 and G2¹		These LEDs display individual Gigabit Ethernet port status.
	Green	A 1000Mbs link is detected.
	Off	No signal is detected.
Port Number 3-34²		These LEDs display individual 10/100 Ethernet port status.
	Green	A 100Mbs link is detected.
	Orange	A 10Mbs link is detected.
	Off	No signal is detected.

Connectors

Table 2 lists the front panel connectors on the Catalyst 4003 and 4006 Layer 3 Services module.

Table 2: Layer 3 Services Module Front Panel Connectors

Port Connector

Console

RJ-45

10/100MGT

RJ-45

10/100BaseTX

RJ-45

1000BaseX

SC

Port	Connector
Console	RJ-45
10/100MGT	RJ-45
10/100BaseTX	RJ-45
1000BaseX	SC

Specifications

Table 3 lists the specifications for the Catalyst 4003 and 4006 Layer 3 Services module.

.
Table 3: Layer 3 Services Module Specifications

Specification Description

Dimensions (H x W x D)

1.18 x 15.51 x 16.34 in. (30 x 394 x 415 mm)

Weight

Minimum: 3 lb (1.36 kg)
Maximum: 5 lb (2.27 kg)

Environmental Conditions:

Operating temperature

32 to 104° F (0 to 40° C)

Nonoperating temperature

-40 to 167° F (-40 to 75° C)

Humidity

10 to 90%, noncondensing

Maximum station-to-station cabling distance:

10BASE-T Ethernet, Categories 3-5 UTP¹ and 100-ohm FTP²

328 ft (100 m), half or full duplex

Console: Categories 3-5 UTP and 100-ohm FTP

328 ft (100 m)

10/100BASE-TX Ethernet: Category 5 UTP and 100-ohm FTP

328 ft (100 m), half or full duplex

1000BASE-X

Refer to Table 5

Frame Processing

Transparent Bridging (IEEE 802.1d)

Network Management

Cisco Discovery Protocol, Ethernet MIB (RFC 1398), Interface Table (RFC 1573), Bridge MIB (RFC 1493), Ethernet Repeater MIB (RFC 1516), RMON MIB
(RFC 1757), Cisco Workgroup MIB, and Cisco VLAN Trunk Protocol

¹UTP = unshielded twisted-pair
²FTP = foil twisted-pair

Specification	Description
Dimensions (H x W x D)	1.18 x 15.51 x 16.34 in. (30 x 394 x 415 mm)
Weight	Minimum: 3 lb (1.36 kg) Maximum: 5 lb (2.27 kg)
Environmental Conditions:
Operating temperature	32 to 104° F (0 to 40° C)
Nonoperating temperature	-40 to 167° F (-40 to 75° C)
Humidity	10 to 90%, noncondensing
Maximum station-to-station cabling distance:
10BASE-T Ethernet, Categories 3-5 UTP¹ and 100-ohm FTP²	328 ft (100 m), half or full duplex
Console: Categories 3-5 UTP and 100-ohm FTP	328 ft (100 m)
10/100BASE-TX Ethernet: Category 5 UTP and 100-ohm FTP	328 ft (100 m), half or full duplex
1000BASE-X	Refer to Table 5
Frame Processing	Transparent Bridging (IEEE 802.1d)
Network Management	Cisco Discovery Protocol, Ethernet MIB (RFC 1398), Interface Table (RFC 1573), Bridge MIB (RFC 1493), Ethernet Repeater MIB (RFC 1516), RMON MIB (RFC 1757), Cisco Workgroup MIB, and Cisco VLAN Trunk Protocol

Standards Compliance

The Catalyst 4003 and 4006 Layer 3 Services module complies with the standards listed in Table 4 when properly installed in the chassis.

Table 4: Standards Compliance

Specification Description

Compliance:

CE Marking

Safety

UL¹ 1950, CSA²-C22.2 No. 950, EN³ 60950, IEC⁴ 950, TS⁵ 001, AS/NZS⁶ 3260

EMI⁷

FCC⁸ Class A (47 CFR, Part 15), ICES⁹-003 Class A, EN 55022 Class A, CISPR22 Class A, AS/NZS 3548 Class A, and VCCI¹⁰ Class A with UTP¹¹ cables

EN 55022 Class B; CISPR22 Class B, AS/NZS 3590 Class B, and VCCI Class B with FTP¹² cables

¹UL = Underwriters Laboratories
²CSA = Canadian Standards Association
³EN = Europäische Norm
⁴IEC = International Electrotechnical Commission
⁵TS = Technical Standard
⁶AS/NZS = Australian/New Zealand Standard
⁷EMI = electromagnetic interference
⁸FCC = Federal Communications Commission
⁹ICES = Interference-Causing Equipment Standard
¹⁰VCCI = Voluntary Control Council for Information Technology Equipment
¹¹UTP = unshielded twisted-pair
¹²FTP = foil twisted-pair

Specification	Description
Compliance:	CE Marking
Safety	UL¹ 1950, CSA²-C22.2 No. 950, EN³ 60950, IEC⁴ 950, TS⁵ 001, AS/NZS⁶ 3260
EMI⁷	FCC⁸ Class A (47 CFR, Part 15), ICES⁹-003 Class A, EN 55022 Class A, CISPR22 Class A, AS/NZS 3548 Class A, and VCCI¹⁰ Class A with UTP¹¹ cables EN 55022 Class B; CISPR22 Class B, AS/NZS 3590 Class B, and VCCI Class B with FTP¹² cables

Gigabit Interface Converters

A gigabit interface converter (GBIC), shown in Figure 2, is a hot-swappable input/output (transceiver) device that plugs into the module's Gigabit Ethernet port, linking the port with the fiber-optic network. The following GBIC types are supported:

1000BASE-SX (WS-G5484)
1000BASE-LX/LH (WS-G5486)
1000BASE-ZX (WS-G5487)

Figure 2: Gigabit Interface Converter

Note Cisco 1000BASE-LX/LH interfaces fully comply with the IEEE 802.3z 1000BASE-LX standard. However, their higher optical quality allows them to reach 10 km over single-mode fiber (SMF) versus the 5 km specified in the standard.

Note Cisco does not support GBICs purchased from third-party vendors because of interoperability issues.

GBIC Cabling Distances

Table 5 lists the recommended maximum station-to-station cabling distances for the three types of GBICs.

Table 5: GBIC Station-to-Station Cabling Distances

GBIC Wavelength (nm) Fiber Type Core Size (µm) Modal Bandwidth (MHz/km) Maximum Cable Distance

SX

850

MMF¹

62.5

160

722 ft (220 m)

62.5

200

902 ft (275 m)

50.0

400

1640 ft (500 m)

50.0

500

1804 ft (550 m)

LX/LH

1300

MMF²

62.5

500

1804 ft (550 m)

62.5

500

1804 ft (550 m)

50.0

400

1804 ft (550 m)

50.0

500

1804 ft (550 m)

SMF³

9/10

-

6.2 mi (10 km)

ZX

1550

SMF

9/10

-

43.5 mi (70 km)

SMF⁴

8

-

62.1 mi (100 km)

¹MMF=multimode fiber
²Mode-conditioning patch cord (CAB-GELX-625) is required.
³SMF=single-mode fiber.
⁴Dispersion-shifted single-mode fiber-optic cable required for 100 km distance.

GBIC	Wavelength (nm)	Fiber Type	Core Size (µm)	Modal Bandwidth (MHz/km)	Maximum Cable Distance
SX	850	MMF¹	62.5	160	722 ft (220 m)
			62.5	200	902 ft (275 m)
			50.0	400	1640 ft (500 m)
			50.0	500	1804 ft (550 m)
LX/LH	1300	MMF²	62.5	500	1804 ft (550 m)
			62.5	500	1804 ft (550 m)
			50.0	400	1804 ft (550 m)
			50.0	500	1804 ft (550 m)
		SMF³	9/10	-	6.2 mi (10 km)
ZX	1550	SMF	9/10	-	43.5 mi (70 km)
		SMF⁴	8	-	62.1 mi (100 km)

Note Minimum cabling distance when using GBICs is 6.5 feet (2 meters).

GBIC Optical Power Characteristics

Table 6 provides the GBIC optical power characteristics.

Table 6: GBIC Optical Power Characteristics

Parameter 1000BASE-SX (WS-G5484) 1000BASE-LX/LH (WS-G5486) 1000BASE-ZX (WS-G5487)

Transmitter output power (min/max)

0/-9.5 dBm

-3/-9.5 dBm

0/4.77 dBm

Receiver maximum input power

0 dBm

-3 dBm

-3 dBm

Receiver sensitivity

-17 dBm

-19 dBm

-23 dBm

Channel insertion loss

50/125 micron¹ MMF

3.4 dBm

4.4 dBm

n/a

62.5/125 micron MMF

3.2 dBm

6 dBm

n/a

9/10 micron SMF

n/a

6.5 dBm

21.5 dBm

¹1 micron (µ) equals 1 micrometer or 10^-6 meters

Parameter	1000BASE-SX (WS-G5484)	1000BASE-LX/LH (WS-G5486)	1000BASE-ZX (WS-G5487)
Transmitter output power (min/max)	0/-9.5 dBm	-3/-9.5 dBm	0/4.77 dBm
Receiver maximum input power	0 dBm	-3 dBm	-3 dBm
Receiver sensitivity	-17 dBm	-19 dBm	-23 dBm
Channel insertion loss
50/125 micron¹ MMF	3.4 dBm	4.4 dBm	n/a
62.5/125 micron MMF	3.2 dBm	6 dBm	n/a
9/10 micron SMF	n/a	6.5 dBm	21.5 dBm

GBIC Cabling Restrictions

You must observe the following optical-fiber cabling restrictions when using GBICs:

The minimum cabling distance for 1000BASE-SX and 1000BASE-LX/LH GBICs is 6.5 feet (2 meters).
When using the 1000BASE-LX/LH GBIC with 62.5-micron diameter MMF, you must install a mode-conditioning patch cord between the MMF fiber-optic network and the GBIC whenever the link distance is less than 100 meters or greater than 300 meters. For distances less than 100 meters, the mode-conditioning patch cord reduces the amount of optical power coupled into the MMF. For link distances greater than 300 meters, the mode-conditioning patch cord reduces differential mode delay by offsetting the laser light. The mode-conditioning patch cord (CAB-GELX-625 or equivalent) is required to comply with IEEE standards. The IEEE found that link distances could not be met with certain types of fiber-optic cable cores. The solution is to launch light from the laser at a precise offset from the center by using the mode-conditioning patch cord. At the output of the patch cord, the LX/LH GBIC is compliant with the IEEE 802.3z standard for 1000BASE-LX.
You must insert a 10-dB inline optical attenuator between the single-mode fiber-optic network and the receiving port on the 1000BASE-ZX GBIC at each end of the link if the link length is less than 15.5 miles (25 km).
You must insert a 5-dB inline optical attenuator between the single-mode fiber-optic network and the receiving port on the 1000BASE-ZX GBIC at each end of the link if the link is greater than 15.5 miles (25 km), but less than 31 miles (50 km).

Safety Recommendations

Safety warnings appear throughout this note in procedures that, if performed incorrectly, may harm you. A warning symbol precedes each warning statement.

Warning This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. (To see translations of the warnings that appear in this publication, refer to the appendix, "Translated Safety Warnings," in the installation guide that accompanied this device.)

Waarschuwing Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. (Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het aanhangsel "Translated Safety Warnings" (Vertalingen van veiligheidsvoorschriften) in de installatiegids die bij dit toestel is ingesloten, raadplegen.

Varoitus Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. (Tässä julkaisussa esiintyvien varoitusten käännökset löydät tämän laitteen mukana olevan asennusoppaan liitteestä "Translated Safety Warnings" (käännetyt turvallisuutta koskevat varoitukset).)

Attention Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant entraîner des blessures. Avant d'accéder à cet équipement, soyez conscient des dangers posés par les circuits électriques et familiarisez-vous avec les procédures courantes de prévention des accidents. Pour obtenir les traductions des mises en garde figurant dans cette publication, veuillez consulter l'annexe intitulée « Translated Safety Warnings » (Traduction des avis de sécurité) dans le guide d'installation qui accompagne cet appareil.

Warnung Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewußt. (Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise finden Sie im Anhang mit dem Titel "Translated Safety Warnings" (Übersetzung der Warnhinweise) in der diesem Gerät beiliegenden Installationsanleitung.)

Avvertenza Questo simbolo di avvertenza indica un pericolo. Si è in una situazione che può causare infortuni. Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nell'appendice, "Translated Safety Warnings" (Traduzione delle avvertenze di sicurezza), del manuale d'installazione che accompagna questo dispositivo.

Advarsel Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du utfører arbeid på utstyr, må du være oppmerksom på de faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. (Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i vedlegget "Translated Safety Warnings" [Oversatte sikkerhetsadvarsler] i installasjonsveiledningen som ble levert med denne enheten.)

Aviso Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos fisicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. (Para ver as traduções dos avisos que constam desta publicação, consulte o apêndice "Translated Safety Warnings" - "Traduções dos Avisos de Segurança", no guia de instalação que acompanha este dispositivo).

Advertencia Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes. (Para ver traducciones de las advertencias que aparecen en esta publicación, consultar el apéndice titulado "Translated Safety Warnings," en la guía de instalación que se acompaña con este dispositivo.)

Varning! Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. (Se förklaringar av de varningar som förekommer i denna publikation i appendix "Translated Safety Warnings" [Översatta säkerhetsvarningar] i installationshandboken som medföljer denna anordning.)

Ensuring Safety

This section covers the following topics:

Use the following guidelines to ensure your safety and protect the equipment. This list does not include all potentially hazardous situations that can arise during installation, so be alert.

Warning Only trained and qualified personnel should install, replace, or service this equipment.

Always turn all power supplies off (the position marked zero), and unplug all power cords before installing or removing a chassis.

Note Power supplies in the Catalyst 4003 switch do not have on and off switches.

Keep the chassis area clear and free of dust during and after installation.
Keep tools and chassis components off the floor and away from foot traffic.
Avoid wearing jewelry and securely fasten any loose clothing that could get caught in the chassis.

Warning Before working on equipment that is connected to power lines, remove jewelry (including rings, necklaces, and watches). Metal objects will heat up when connected to power and ground and can cause serious burns or weld the metal object to the terminals.

Warning Ultimate disposal of this product should be handled according to all national laws and regulations.

Following Basic Electrical Safety Guidelines

When working with electrical equipment, follow these basic safety guidelines:

Never install equipment that appears to be damaged.
Locate the emergency power-off switch for the room in which you are working before beginning any procedures that require access to the chassis interior.
Disconnect all power and external cables before installing or removing a chassis.
Do not work alone when potentially hazardous conditions exist.
Never assume that power has been disconnected from a circuit; always check.
Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.
Examine your work area carefully for possible hazards such as moist floors, ungrounded power extension cables, and missing safety grounds.

Warning Do not work on the system or connect or disconnect cables during periods of lightning activity.

Following Telephone Wiring and Network Cabling Safety Rules

Use the following safety rules when working with any equipment that is disconnected from a power source but still connected to telephone wiring or other network cabling:

Never install telephone jacks in wet locations unless the jack is specifically designed for wet locations.
Never touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at the network interface.
Use caution when installing or modifying telephone lines.

Preventing Electrostatic Discharge Damage

Electrostatic discharge (ESD) damage occurs when electronic boards or components are improperly handled. ESD can result in complete or intermittent failures of electronic components. Use the following guidelines to prevent ESD damage:

Always use an antistatic wrist or ankle strap and ensure that it makes good skin contact.
If you use the wrist strap with an alligator clip, connect the alligator clip to one of the captive installation screws on the chassis, an installed module, or a power supply. If you use the wrist strap with a banana-plug connector, insert the banana-plug connector into the grounding receptacle on the rear of the chassis.
Handle switching modules by the metal carrier edges only; the metal carriers have electromagnetic interference (EMI) shielding. Never touch the printed circuit boards or connector pins.
After removing a module, place it component-side up on an antistatic surface or in a static-shielding bag. If you plan to return the module to the factory, immediately place it in a static-shielding bag.
Avoid contact between the modules and clothing; the wrist strap protects the module from ESD voltages on the body, but ESD voltages on clothing can still cause damage.
Handle modules without metal carriers by the edges only.

Caution For safety, periodically check the resistance value of the antistatic strap. The measurement should be between 1 and 10 megohms (Mohms).

Installing the Layer 3 Services Module

This section describes how to remove and install modules, GBICs, and cables:

Catalyst 4003 and 4006 switches support hot swapping, which lets you install, remove, replace, and rearrange modules without turning off the system power. When the system detects that a module has been installed or removed, it runs diagnostic and discovery routines automatically, acknowledges the presence or absence of the module, and resumes system operation with no operator intervention.

Warning Only trained and qualified personnel should install, replace, or service this equipment.

Warning Invisible laser radiation can be emitted from the aperture ports of the single-mode products when no fiber-optic cable is connected. Avoid exposure and do not stare into open apertures. This product meets the Class 1 Laser Emission Requirement.

Required Tools

These tools are required to install modules in the Catalyst 4003 and Catalyst 4006 switches:

Number 1 and number 2 Phillips screwdrivers for the captive installation screws
Antistatic mat or antistatic foam
Wrist strap or other grounding device

Note Whenever you handle modules, you should use a wrist strap or other grounding device to prevent ESD damage. See the "Preventing Electrostatic Discharge Damage" section.

Removing Modules

You might need to remove a module from the switch chassis to make room for the Layer 3 services module. To remove a module from a Catalyst 4003 or Catalyst 4006 switch, perform these steps:

Step 1 Disconnect any network interface cables attached to the ports on the module you intend to remove.

Step 2 Using the Phillips screwdriver, loosen the two captive installation screws, as shown in Figure 3.

Figure 3: Ejector Levers and Captive Installation Screws

Step 3 Attach an ESD wrist strap to your wrist and to the Catalyst 4003 or Catalyst 4006 switch ESD wrist strap connector.

Step 4 Grasp the left and right ejector levers and simultaneously pivot the levers outward to release the module from the backplane connector. Figure 3 shows a close-up of the right ejector lever.

Step 5 Grasp the module front panel with one hand and place your other hand under the carrier to support and guide it out of the slot. Do not touch the printed circuit boards or connector pins.

Caution To prevent ESD damage, handle modules by the carrier edges only.

Step 6 Carefully pull the module straight out of the slot, keeping your other hand under the carrier to guide it.

Step 7 Place the module on an antistatic mat or antistatic foam, or immediately install it in another slot.

Step 8 If the slot is to remain empty, you must install a switching-module filler plate (Cisco part number 800-00292-01) to keep dust out of the chassis, and to maintain proper airflow through the module compartment.

Installing the Layer 3 Services Module

All Catalyst 4003 and Catalyst 4006 modules are installed in horizontal chassis slots that are numbered from top to bottom. Supervisor engines are installed in slots 1 and 2; modules are installed in the remaining slots. Figure 4 shows an example of a supervisor engine and two modules installed in a Catalyst 4003 switch.

Figure 4: Module Placement in a Catalyst 4003 Switch

To install the Layer 3 services module in a Catalyst 4003 or Catalyst 4006 switch, perform these steps:

Step 1 Take the necessary precautions to prevent ESD damage, as described in the "Preventing Electrostatic Discharge Damage" section.

Step 2 Choose a slot for the new module. Ensure you have enough clearance to accommodate any interface equipment that you will connect directly to the module ports. If possible, place modules between empty slots.

Step 3 Holding the module front panel with one hand, and placing your other hand under the carrier to support the module, as shown in Figure 5, align the edges of the module carrier with the slot guides on the sides of the switch chassis and slide the module halfway into the chassis.

Figure 5: Catalyst 4003: Installing the Module in the Chassis

Step 4 Pivot the two module ejector levers out away from the faceplate. The ejector levers are shown pivoted out in Figure 5.

Step 5 Carefully slide the module the rest of the way into the slot until the notches on both ejector levers engage the chassis sides.

Step 6 Using the thumb and forefinger of each hand, simultaneously pivot in both ejector levers, as shown in Figure 6, to fully seat the module in the backplane connector.

Figure 6: Module Ejector Lever Operation

Caution Always use the ejector levers when installing or removing modules. A module that is partially seated in the backplane will cause the system to halt and reset.

Step 7 Use a screwdriver to tighten the captive installation screws on each end of the module faceplate.

Installing a GBIC

This section describes how to install GBICs in the Catalyst 4003 and 4006 Layer 3 Services module.

GBIC Handling Guidelines

When handling a GBIC follow these guidelines:

GBICs are static sensitive. To prevent ESD, see the "Preventing Electrostatic Discharge Damage" section.
GBICs are dust sensitive. When the GBIC is stored or when a fiber-optic cable is not plugged in, always keep plugs in the GBIC optical bores.
The most common source of contaminants in the optical bores is from debris picked up on the ferrules of the optical connectors. Use an alcohol swab or Kim-Wipe to clean the ferrules of the optical connector.

Installing GBICs

GBICs are hot-swappable in the Catalyst 4003 and 4006 Layer 3 Services module. GBICs have a lifetime of 100 to 500 removals and insertions, so to prevent premature failure of the GBIC, do not remove or insert the GBIC unnecessarily.

When removing or inserting a GBIC, always wear an ESD wrist strap connected to the Catalyst 4003 or Catalyst 4006 switch ESD wrist strap connector.

To install a GBIC, perform these steps:

Step 1 Remove the GBIC from its protective packaging.

Step 2 Verify that the GBIC is the correct type for your network by checking the part number: WS-G5484 (1000BASE-SX), WS-G5486 (1000BASE-LX/LH), or WS-G5487 (1000BASE-ZX).

Step 3 Grip the sides of the GBIC with your thumb and forefinger; insert the GBIC into the slot on the front of the module (see Figure 7). GBICs are keyed to prevent incorrect insertion.

Note A maximum of 12 1000BASE-ZX GBICs are supported in a switch chassis.

Figure 7: Installing a GBIC in the Module

Step 4 Slide the GBIC through the flap covering the slot opening. Continue sliding the GBIC into the slot until you hear a click. The click indicates that the GBIC is locked in the slot.

Warning Invisible laser radiation may be emitted from the aperture ports of the single-mode fiber-optic modules when no cable is connected. Avoid exposure and do not stare into open apertures.

Step 5 When you are ready to attach the fiber-optic cable, remove the optical bore plug from the GBIC. Save the plug for future use.

Note If you are connecting the 1000BASE-LX/LH (WS-X5486) GBICs to an MMF network, you must install a mode-conditioning patch cord.

Warning Class 1 laser product.

Mode-Conditioning Cable

When using the LX/LH GBIC with 62.5-micron diameter MMF, you must install a mode-conditioning patch cord (Cisco product number CAB-GELX-625 or equivalent) between the GBIC and the MMF cable on both the transmit and receive ends of the link. The patch cord is required for link distances greater than 984 feet (300 meters). For more information on the patch cord, see the Catalyst 4003 and 4006 Switch Installation Guide.

The patch cord is required to comply with IEEE standards. The IEEE found that link distances could not be met with certain types of fiber-optic cable due to a problem in the center of some fiber-optic cable cores. The solution is to launch light from the laser at a precise offset from the center by using the patch cord. At the output of the patch cord, the LX/LH GBIC is compliant with the IEEE 802.3z standard for 1000BASE-LX. For a detailed description of this problem, refer to the Catalyst 4003 and 4006 Switch Installation Guide.

Note We do not recommend using the LX/LH GBIC with MMF without a patch cord for very short link distances (tens of meters). The result could be an elevated bit error rate (BER).

Attaching Interface Cables to the Layer 3 Services Module

This section describes how to connect the interface cables to the installed Catalyst 4003 and 4006 Layer 3 Services module.

Attaching the Console Port Interface Cable

A console serial port (RJ-45) provides system management using standard console equipment.

For RJ-45 connectors, plug the interface cable connector into the receptacle on the module. Push on the connector until you hear a click, which indicates that the connector is fully inserted and secured in the receptacle.

Attaching the 10/100 MGT Port Cable

The 10/100BASE-T port (RJ-45) supports remote console interfaces. This port is for network management only. This port is not a switching port. There is no connectivity between this port and the Gigabit Ethernet switching ports.

Attaching the GBIC Interface Cable

To connect GBICs to the Gigabit Ethernet or Gigabit EtherChannel ports, perform these steps:

Step 1 Remove the plugs from the GBIC optical bores; store them for future use.

Step 2 Remove the plugs from the SC connector (see Figure 8) on the fiber-optic cable. Insert the connector into the GBIC. When you plug the SC connector into the GBIC, make sure that both the Tx (transmit) and Rx (receive) fiber-optic cables are fully inserted into the SC connector.

Step 3 If you are using the LX/LH GBIC with MMF, install a patch cord between the GBIC and the MMF cable.

Figure 8: SC Connector

Attaching the 10/100 Interface Cables

Booting the Layer 3 Services Module for the First Time

This section explains how to download an image to bootflash, download an image from the network, and download an image using Xmodem or Ymodem:

The Layer 3 services module is configured at the factory to load a Cisco IOS image (router operating system software) automatically the first time you power on (insert) the Layer 3 services module into a Catalyst 4000 family switch. The Layer 3 services module software configuration register, which determines where the Layer 3 services module loads the image from, is set at the factory to load the IOS image from bootflash (configuration register setting 0x0101). Table 7 shows the Layer 3 services module default configuration.

Table 7: Layer 3 Services Module Default Configuration

Feature Default Value

Host name

Router

Interface configuration

None

VLAN configuration

None

Password encryption

Disabled

Break to console

Ignore

After the Layer 3 services module goes through power-on self-test diagnostics, and the front panel Status LED is green, you can access the Gigabit Ethernet ports on the Layer 3 services module by entering the session mod/num command at the Cat4000> prompt. After you enter this command, the module> prompt appears.

After booting the Layer 3 services module for the first time, you need to configure the Layer 3 services module internal interfaces and then save the configuration to a file in NVRAM.

Downloading an Image to Bootflash

If configured, the Layer 3 services module can download its runtime image from a TFTP server. No supervisor engine interaction is required for TFTP image downloads. Network downloads can take place over the out-of-band Ethernet management port, or over the internal Gigabit Ethernet connections. To perform a network download over the internal Gigabit Ethernet connections, you must first bring up these ports and configure them.

Note Before you can download an image, you must first configure the management port. See "Configuring the Management Port" section.

To download an image to bootflash, access the Layer 3 services module using the session command and enter the following command in privileged mode:

Console> (enable) session
copy tftp: [/directory] /filename

Downloading a Syst em Image Using Xmodem or Ymodem

Caution Use Xmodem or Ymodem to download a system image to the Layer 3 services module only if all local images are damaged or erased. Always make sure that a valid image exists in bootflash before you perform a reload.

You can download an image from a local or remote computer (such as a PC, UNIX workstation, or Macintosh) through the console port using the Xmodem or Ymodem protocol.

Xmodem and Ymodem are common protocols used to transfer files and are included in applications such as Windows 3.1 (TERMINAL.EXE), Windows 95 (HyperTerminal), Windows NT 3.5x (TERMINAL.EXE), Windows NT 4.0 (HyperTerminal), and Linux UNIX freeware (minicom).

Xmodem and Ymodem downloads are slow: use them only when the module does not have network access. You can speed up the transfer by setting the console port speed to 57600 bps.

Xmodem file transfers are performed from the ROM monitor with the following command:

xmodem [-cys] [-c  CRC-16] [-y  ymodem-batch protocol]-s<speed> Set speed of download, where speed may be 1200|2400|4800|9600|19200|38400|57600]

The computer from which you transfer the supervisor engine software image must be running terminal emulation software that supports the Xmodem protocol.

Caution A modem connection from the telephone network to your console port introduces security issues that you should consider before enabling the connection. For example, remote users can dial into your modem and access configuration settings.

To transfer a file using Xmodem or Ymodem protocol, follow these steps:

Step 1 Place a Catalyst 4003 and 4006 Layer 3 Services module software image on the computer's hard drive. You can download an image from Cisco Connection Online. See "Cisco Connection Online" section.

Step 2 On Windows 95 or 98, configure a HyperTerminal connection direct to COM1 with the following settings: 9600 baud, 8 data bits, no parity, 1 stop bit, flow control Xon-Xoff.

Step 3 Use a cross-over cable to connect from COM1 to the AUX port on the Catalyst 4003 and 4006 Layer 3 Services module. Use a DB9 connector at the PC to a female RJ45, then cross over the RF45 to the Catalyst 4003 and 4006 Layer 3 Services module.

Step 4 Boot the Catalyst 4003 and 4006 Layer 3 Services module to the ROMMON prompt.

Step 5 Use the HyperTerminal "connect" window to connect to the Catalyst 4003 and 4006 Layer 3 Services module ROMMON. Hit <ENTER> to get to the ROMMON prompt and type the following information to initiate the file transfer connection:

xmodem -y -s57600 <ENTER>

The ROMMON will return with a question asking if you accept 57600 as the download speed. Hit <ENTER> to proceed.

Step 6 You are now ready to initiate the file transfer. At this point, the HyperTerminal session is set to 9600 baud, and the file transfer is requested at 57600 baud. To reset the session speed and reconnect the link, follow these steps:

a. From the HyperTerminal menu, select File, then Properties, then the Configure button. Change the COM1 speed to 57600 baud.

b. Close the COM1 Properties window and the HyperTerminal Properties window.

c. On the HyperTerminal tool bar, select the Disconnect icon and then the Connect icon. The link is now set for 57600 baud.

Step 7 Select the HyperTerminal Transfer drop-down menu and select Send to send a file from the PC to the Catalyst 4003 and 4006 Layer 3 Services module.

Step 8 A menu displays allowing you to select the PC files to send and the transfer protocol to use. Use the Browse button to select the file to transfer to the Catalyst 4003 and 4006 Layer 3 Services module. Select the Ymodem transfer protocol.

Step 9 When the transfer is completed, a message displays requesting you to reset the link speed to 9600. Do not type "y" at this point as requested by the message on the screen.

Step 10 From the HyperTerminal menu, select File, Properties, then Configure and change the COM1 speed from 57600 to 9600. Close the COM1 Properties window and the HyperTerminal Properties window.

Step 11 On the HyperTerminal tool bar, select the Disconnect icon and then the Connect icon. When you are ready to continue and the link speed has been changed back to 9600, press the y key and the <ENTER> key.

After you have completed this procedure, ROMMON boots the image that has been transferred. You may need to recover the bootflash by doing a reformat after the IOS image has been loaded. This is done using the ROMMON format bootflash command.

Note Establish network connectivity to the module to copy an image file from a TFTP server to the flash devices.

Configuring the Layer 3 Services Module Interfaces

This section gives an overview of the Layer 3 services module configuration process. The section is divided into four topics:

Configuring the Console Port

The console port mode switch allows you to connect a terminal to the Layer 3 services module using either a Catalyst 5000 family Supervisor Engine III console cable or the console cable and adapters provided with a Catalyst 4000 family switch. You can also connect a modem to the console port using the cable and adapter provided with the switch.

Note Use a paper clip or a small, pointed object to access the port mode switch.

Use the port mode switch as follows:

Mode 1---Switch in the in position (factory default position) to connect a terminal to the console port using the console cable and data terminal equipment (DTE) adapter (labeled "Terminal") that shipped with the switch.

: You can also use this mode to connect a modem to the console port using the console cable and data communications equipment (DCE) adapter (labeled "Modem") that shipped with the switch.

Mode 2---Switch in the out position to connect a terminal to the console port using the
Catalyst 5000 Family Supervisor Engine III console cable (not provided).

Note You should not have to connect a terminal to the Layer 3 services module console port. When your terminal is connected to the supervisor engine console port, use the session command to access the Layer 3 services module for router configuration.

The console port allows you to access the Layer 3 services module either locally (with a console terminal) or remotely (with a modem). The console port is an EIA/TIA-232 asynchronous, serial connection with an RJ-45 connector.

For complete console port cabling specifications and pinouts, refer to the Catalyst 4003 and 4006 Switch Installation Guide.

Note The accessory kit that shipped with your Catalyst 4000 family switch contains the cable and adapters to connect a terminal or modem to the console port. These cables and adapters are the same as those shipped with the Cisco 2500 series routers and other Cisco products.

Connecting a Terminal

To connect a terminal to the console port using the cable and adapters provided with the
Catalyst 4000 family switch, ensure that the console port mode switch is in the in position (factory default position). Connect to the port using the RJ-45-to-RJ-45 cable and RJ-45-to-DB-25 DTE adapter or RJ-45-to-DB-9 DTE adapter (labeled "Terminal").

To connect a terminal using a Catalyst 5000 Family Supervisor Engine III console cable, place the console port mode switch in the out position. Connect to the port using the Catalyst 5000 Family Supervisor Engine III cable and the appropriate adapter for the terminal connection.

Check the documentation that came with your terminal to determine the baud rate. The baud rate of the terminal must match the default baud rate (9600 baud) of the console port.

Set up the terminal as follows:

9600 baud
8 data bits
No parity
1 stop bit
No flow control

Connectin g a Modem

To connect a modem to the console port, ensure that the console port mode switch is in the in position (factory default position). Connect the modem to the port using the RJ-45-to-RJ-45 cable and the RJ-45-to-DB-25 DCE adapter (labeled "Modem").

Configuring the Management Port

You can manage the Catalyst 4003 and 4006 Layer 3 Services module through the 10/100 management port by assigning it an IP address.

Caution By default, the Fast Ethernet interface does not route data traffic. We do not recommend that you override this default configuration.

You can also manage the Catalyst 4003 and 4006 Layer 3 Services module through one of the Gigabit Ethernet routing ports. If you choose to manage the Layer 3 Services module through a Gigabit Ethernet routing port, any IP address assigned to the corresponding interface can be used for network management purposes if the port is up.

The supervisor engine reports one IP address assigned to the Layer 3 Services module that can be used for network management through the Cisco Stack MIB.

If the 10/100 management port is up and an IP address has been configured, the Layer 3 Services module selects the IP address assigned to the 10/100 management port. If the management port is down or an IP address has not been configured, the Layer 3 services module randomly selects an IP address that has been assigned to one of the Gigabit Ethernet ports or port channels as the network management IP address, provided the interface or subinterface associated with this IP address is up at the time of selection.

If the selected network management IP address is removed or the interface or subinterface associated with this IP address is shut down, the Layer 3 Services module selects another IP address as a replacement.

If all the interfaces are down or no IP address has been assigned to any interface or subinterface that is up, the IP address for network management is 0.0.0.0.

After each IP address selection or change of the IP address, the Layer 3 Services module sends an unsolicited message to the supervisor engine, which then populates the IP address attribute of the Cisco Stack MIB entry of the Layer 3 Services module.

Configuring Layer 2 Ethernet and Fast Ethernet Ports

The following sections briefly describe the commands that you need to configure the features on the Layer 2 Ethernet and Fast Ethernet ports. For complete information on configuring the Layer 2 ports, refer to the Software Configuration Guide for your switch.

Note Both port speed and port duplex mode features default to auto (autonegotiation). To customize the two features, you must first set the port speed to 10 or 100 before you set the port duplex mode to half or full duplex. You cannot have one feature set to auto and the other feature set to a fixed value.

Overview of the Layer 2 Interfaces

The port numbering for the 10/100 ports is as follows: assuming the Layer 3 Services module resides in slot 2, the port numbering is 2/1 and 2/2 for the internal Gigabit Ethernet ports and 2/3 through 2/34 for the external 10/100 ports.

Setting the Layer 3 Services Module Name

You can assign a name to the Layer 3 Services module to improve switch administration.

To assign a name to the Layer 3 Services module, perform this task in privileged mode:

Task Command

Step 1

Assign a name.

set module name mod_num [mod_name]

Step 2

Verify that the name is configured.

show module [mod_num]

	Task	Command
Step 1	Assign a name.	set module name mod_num [mod_name]
Step 2	Verify that the name is configured.	show module [mod_num]

This example shows how to set and verify the name:

Console> (enable) set module name 2 shazaam
Module name set.
Console> (enable)
 
Console> show module 2
Mod Slot Ports Module-Type               Model               Status
 --- ---- ----- ------------------------- ------------------- --------
 2    2    34    Layer 3 Services Card    WS-X4232-L3          ok
 
Mod Module-Name         Serial-Num
--- ------------------- --------------------
2   shazaam             00007285650
 
Mod MAC-Address(es)                    Hw    Fw         Sw
--- -------------------------------------- ------ ---------- -----------------
2   00-e0-1e-38-48-cc to 00-e0-1e-38-48-d7 0.2    4.1(0.53-E 5.1(0.59))
 
Console>

Setting the Port Name

You can assign names to the ports on the Layer 3 Services module to improve switch administration.

To assign a name to a port, perform this task in privileged mode:

Task Command

Step 1

Assign a name.

set port name mod_num [mod_name]
set port name mod_num/port_name [name_string]

Step 2

Verify that the name is configured.

show port [mod_num[/port_num]]

	Task	Command
Step 1	Assign a name.	set port name mod_num [mod_name] set port name mod_num/port_name [name_string]
Step 2	Verify that the name is configured.	show port [mod_num[/port_num]]

This example shows how to assign a name to port 2/4 and how to verify that the port name is configured correctly:

Console> (enable) set port name 2/4 Server Link
Port 2/4 name set.
Console> (enable) show port 2
Port  Name               Status     Vlan       Level  Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
2/4 Server Link        connected  trunk      normal   half   100 100BaseTX
 
<...output truncated...>
 
Last-Time-Cleared
--------------------------
Fri February 11 2000, 16:25:57
Console> (enable)

Setting the Port Priority Level

You can configure the priority level of each port. When ports request access to the switching bus simultaneously, the switch uses the port priority level to determine the order in which ports are given access.

To set the port priority level, perform this task in privileged mode:

Task Command

Step 1

Configure the priority level for a port.

set port level mod_num/port_num {normal | high}

Step 2

Verify that the port priority level is configured correctly.

show port [mod_num[/port_num]]

	Task	Command
Step 1	Configure the priority level for a port.	set port level mod_num/port_num {normal \| high}
Step 2	Verify that the port priority level is configured correctly.	show port [mod_num[/port_num]]

This example shows how to set the port priority level to high for port 2/4 and verify that the port priority is configured correctly:

Console> (enable) set port level 2/4 high
Port 2/4 level set to high.
Console> (enable) show port 2
Port  Name               Status     Vlan       Level  Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
2/4   Server Link        connected  trunk      high   half   100 100BaseTX
 
<...output truncated...>
 
Last-Time-Cleared
--------------------------
Fri February 11,2000 16:25:57
Console> (enable)

Setting the Port Speed

You can configure the port speed on 10/100 Ethernet ports. Use the auto keyword to have the port autonegotiate speed and duplex mode with the neighboring port.

Caution Make sure the device on the other end of the link is also configured for autonegotiation or a port speed or duplex mismatch will result.

Note If the port speed is set to auto on a 10/100-Mbps Fast Ethernet port, both speed and duplex are autonegotiated.

To set the port speed for a 10/100-Mbps port, perform this task in privileged mode:

Task Command

Step 1

Set the port speed of a 10/100-Mbps Fast Ethernet port.

set port speed mod num/port num {10 | 100 | auto}

Step 2

Verify that the speed of the port is configured correctly.

show port [mod_num[/port_num]]

This example shows how to set the port speed to 100 Mbps on port 2/4:

Console> (enable) set port speed 2/4 100
Port 2/4 speed set to 100 Mbps.
Console> (enable)

This example shows how to make port 2/4 autonegotiate speed and duplex with the neighbor port:

Console> (enable) set port speed 2/4 auto
Port 2/4 speed set to auto-sensing mode.
Console> (enable)

Setting the Port Duplex Mode

You can set the port duplex mode to full or half duplex for 10/100-Mbps Ethernet ports.

Note If the port speed is set to auto on a 10/100-Mbps Fast Ethernet port, both speed and duplex are autonegotiated. You cannot change the duplex mode of ports configured for autonegotiation. For information on enabling and disabling autonegotiation on 10/100 Fast Ethernet ports, see the "Setting the Port Speed" section.

To set the duplex mode of a port, perform this task in privileged mode:

Task Command

Step 1

Set the port speed of a 10/100-Mbps Fast Ethernet port.

set port duplex mod num/port num {full | half}

Step 2

Verify that the duplex mode of the port is configured correctly.

show port [mod_num[/port_num]]

This example shows how to set the duplex mode to half duplex on port 2/4:

Console> (enable) set port duplex 2/4 half
Port 2/4 set to half-duplex.
Console> (enable)

Configuring the Layer 3 Gigabit Ethernet Interfaces

The Layer 3 Services module supports two external and two internal Gigabit Ethernet interfaces, which run IOS software. To configure the interfaces, you must first access the the module by entering the session command from the supervisor engine prompt. The internal Gigabit Ethernet uplink ports must also be configured from the supervisor engine. This section provides information on how to configure both the external and internal Gigabit Ethernet ports.

Overview of the Layer 3 Gigabit Ethernet Interfaces

The Layer 3 Services module appears to the Catalyst 400 family switch as an external router connected to the switch through two full-duplex Gigabit Ethernet ports. Conversely, the switch appears to the Layer 3 Services module as a two-port Gigabit Ethernet module.

The port numbering for the external Gigabit Ethernet interfaces on the front panel is Gigabit Ethernet1 and Gigabit Ethernet2. The port numbering for the internal Gigabit Ethernet interfaces is Gigabit Ethernet3 and Gigabit Ethernet4.

If the Layer 3 Services module is installed in slot 2, port 2/1 on the Catalyst switch side is connected to interface Gigabit Ethernet3 on the Layer 3 Services module side and port 2/2 to interface Gigabit Ethernet4. Figure 9 shows the internal interface connections when the Layer 3 Services module is installed in slot 2 in a Catalyst 4003 switch.

Figure 9: Internal Interface Connections---Example 1

If the Layer 3 Services module is installed in slot 6 in a Catalyst 4006 switch, the internal interface connections will be between 6/1 and GigabitEthernet3 and between 6/2 and GigabitEthernet4.

Figure 10: Internal Interface Connection---Example 2

There are two initial configuration options for the Gigabit Ethernet switched and routed interfaces:

Configure the interfaces as Gigabit EtherChannels.
Configure the interfaces as independent links.

These options are described in the Configuration Guidelines.

Configuring the Gigabit Ethernet Interfaces

Note You cannot administratively bring down the internal Gigabit Ethernet interfaces.

To configure a Layer 3 Gigabit Ethernet interface, follow these steps:

Step 1 Use the configure EXEC command at the privileged EXEC prompt to enter global configuration mode.

4232-L3> enable
4232-L3# configure terminal
4232-L3(config)#

Step 2 From global configuration mode, enter the interface command, followed by the interface type (in this case, Gigabit Ethernet) and its interface port ID.

4232-L3(config)# interface g1
4232-L3(interface-if)#

Step 3 Follow each interface command with the interface configuration commands required for your particular interface.

The commands you enter define the protocols and applications that will run on the interface. The commands are collected and applied to the interface command until you enter another interface command, enter a command that is not an interface configuration command, or enter Ctrl-Z to return to privileged EXEC mode.

Step 4 After an interface is configured, check its status by using the EXEC show commands.

4232-L3# show interface g1
Gigabit Ethernet1 is up, line protocol is up
Hardware is xpif_port, address is 0050.3e7b.e907 (bia 0050.3e7b.e907)
Internet address is 11.0.0.2/8
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
Full-duplex, 1000Mb/s, GBIC connected, Force link-up
ARP type:ARPA, ARP Timeout 04:00:00
Last input 03:27:17, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy:fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
945 packets input, 320796 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 watchdog, 927 multicast
0 input packets with dribble condition detected
943 packets output, 319527 bytes, 0 underruns(0/0/0)
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Configuring an IP Address on a Gigabit Ethernet Interface

To configure an IP address on one of the external Gigabit Ethernet interfaces, perform the following task in global configuration mode:

Task Command

Step 1

Enter interface configuration mode to configure the Gigabit Ethernet interface.

interface type number

Step 2

Enter the IP address and IP subnet mask to be assigned to the interface.

ip address ip-address subnet-mask

Step 3

Enable the interface (applies only to Gig1 and Gig2).

no shutdown

Step 4

Return to global configuration mode. Repeat steps 1 through 3 to configure the other interfaces on the Layer 3 Services module.

exit

Step 5

Return to privileged EXEC mode.

Ctrl-Z

Step 6

Save configuration changes to NVRAM.

copy running-config startup-config

Additional Configurations on the Gigabit Ethernet Interfaces

The Gigabit Ethernet interfaces can be configured as trunk ports, nontrunking ports, portchannels, routed ports, or bridged ports. You can group the Gigabit Ethernet interfaces into a single Gigabit EtherChannel or configure them as independent interfaces (links). For configuration information on the Gigabit Ethernet interfaces, refer to the IOS Configuration Guide and Command Reference publications.

Note The internal Gigabit Ethernet interfaces support 802.1Q trunking only. The external Gigabit Ethernet interfaces support both 802.1Q and ISL trunking.

Monitoring Operations on the Gigabit Ethernet Interfaces

To verify the settings after you have configured the Gigabit Ethernet interfaces, use the show interface command. The following output from the show interface command displays the interface status and global parameters and includes port speed and duplex operation:

4232-L3# show interface g1
Gigabit Ethernet1 is up, line protocol is up
Hardware is xpif_port, address is 0050.3e7b.e907 (bia 0050.3e7b.e907)
Internet address is 11.0.0.2/8
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
Full-duplex, 1000Mb/s, GBIC connected, Force link-up
ARP type:ARPA, ARP Timeout 04:00:00
Last input 03:27:17, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy:fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
945 packets input, 320796 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 watchdog, 927 multicast
0 input packets with dribble condition detected
943 packets output, 319527 bytes, 0 underruns(0/0/0)
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Configuring the Layer 3 Services Module for InterVLAN Routing

These sections describe how to configure the Layer 3 Services module for interVLAN routing:

Note Acquire the correct network addresses, such as IP addresses for the Layer 3 Services module interfaces, from your system administrator, or consult your network plan to determine correct addresses before you begin to configure the Layer 3 Services module.

Overview of InterVLAN Routing

Network devices in different VLANs cannot communicate with one another without a router to route traffic between the VLANs. In most network environments, VLANs are associated with individual networks or subnetworks.

For example, in an IP network, each subnetwork is mapped to an individual VLAN. In an IPX network, each VLAN is mapped to an IPX network number.

VLANs help to control the size of the broadcast domain and keep local traffic local. However, when an end station in one VLAN needs to communicate with an end station in another VLAN, interVLAN communication is required. This communication is supported by interVLAN routing. You configure one or more routers to route traffic to the appropriate destination VLAN.

Configuring VTP and VLANs

To configure the Layer 3 Services module for interVLAN routing, you must first configure VTP and create and configure VLANs on the switch.

Note This section describes the basics of VTP and VLAN configuration. For detailed information on configuring VTP and VLANs, refer to the Software Configuration Guide for your switch.

To configure VTP and VLANs on the switch, perform this task in privileged mode:

Task Command

Step 1

Specify the VTP mode.

set vtp mode {client | server | transparent}

Step 2

Configure a VTP domain (if you configured the switch as a VTP client or server).

set vtp domain name

Step 3

Create VLANs on the switch.

set vlan vlan_num

Step 4

Assign ports to the VLAN.

set vlan vlan_num mod_num/port_num

This example shows how to configure VTP, create two VLANs, and assign switch ports to those VLANs:

Console> (enable) set vtp mode server
VTP domain modified
Console> (enable) set vtp domain Corp_Net
VTP domain Corp_Net modified
Console> (enable) set vlan 100
Vlan 100 configuration successful
Console> (enable) set vlan 200
Vlan 200 configuration successful
Console> (enable) set vlan 100 3/1-12
VLAN 100 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
100 2/1-2
      3/1-12
 
Console> (enable) set vlan 200 3/13-24
VLAN 200 modified.
VLAN 1 modified.
VLAN  Mod/Ports
---- -----------------------
200 2/1-2
      3/13-24
 
Console> (enable)

Configuration Guidelines

Note The Layer 3 Services module supports VLAN numbering from 1 to 1000 and can be configured with a maximum of 250 subinterfaces each representing a VLAN interface.

You should view the Layer 3 Services module as an external router with two full-duplex Gigabit Ethernet interfaces. The recommended configuration is to group the two Gigabit Ethernet interfaces into a port-channel. The other configuration options are to configure the interfaces independently and as trunks. The following sections describe the three options and the autostate feature.

Option 1: Configuring the Interfaces Independently

This section describes how to configure a Gigabit Ethernet interface independently on the Layer 3 Services module to provide Layer 3 (routed) gateway Services. The physical, routed interface can provide Layer 3 gateway Services to one or more VLANs. When providing Layer 3 gateway Services for one VLAN on the interface, VLAN trunking is not necessary. The Layer 3 Services module Gigabit Ethernet interface only needs to be included in the specific VLAN, just as you would include a host port. After adding the Layer 3 Services module interface, assign an IP (or IPX) address to the corresponding Layer 3 Services module routed interface (GigE3 or GigE4).

To provide Layer 3 gateway Services for more than one VLAN on an Layer 3 Services module Gigabit Ethernet interface, you must use VLAN trunking. You can use the 802.1Q VLAN trunking method to create the trunk between the Layer 3 Services module interface and the switch.

Option 2: Trunking the Interfaces

This section describes how to enable VLAN trunking on the two internal Gigabit Ethernet interfaces. This option requires you to configure the internal Gigabit Ethernet interfaces from the supervisor engine console as well as from the Layer 3 Services module console. When you enable trunking, you configure a subinterface for each allowed VLAN configured on the Layer 3 Services module trunk.

Note When you configure a native VLAN for 802.1Q trunking, make sure you are using the native VLAN only for management traffic and not for data traffic. If you have data traffic on a native VLAN, you will see a performance drop for this traffic because all traffic coming in over the native VLAN on an 802.1Q trunk is sent to the CPU to be processed by software instead of routed in hardware.

Option 3: Channeling the Interfaces (Recommended Configuration Option)

This section describes how to channel the Gigabit Ethernet interfaces on the Layer 3 Services module using Gigabit EtherChannel to provide Layer 3 (routed) gateway services.

This option involves combining the two Gigabit Ethernet interfaces into a single Gigabit EtherChannel. After the EtherChannel is created between the Layer 3 Services module and a Catalyst 4000 family switch, the channel provides Layer 3 gateway services to one or multiple VLAN interfaces.

While both option 1 and option 2 provide the same service---a routed interface per VLAN on the Layer 3 Services module---option 2 provides a simpler implementation and configuration. By bundling the two Layer 3 Services module Gigabit Ethernet interfaces into one logical port-channel interface, you can configure Layer 3 VLAN gateways by creating multiple subinterfaces on the same logical interface. Creating subinterfaces on one logical interface is less complicated than manually distributing VLANs among multiple physical and logical interfaces on the Layer 3 Services module.

After you configure the internal Gigabit Ethernet interfaces as a channel from the supervisor engine console and specify the trunk type as 802.1Q, enter the session command to access the Catalyst 4003 and 4006 Layer 3 Services module prompt and configure the port-channel interface for 802.1Q trunking and configure one subinterface for every VLAN on the switch to create Layer 3 (routed) gateways for the VLANs.

Autostate Feature

The autostate feature shuts down (or brings up) Layer 3 Services module interfaces or subinterfaces when the following port configuration changes occur on the switch:

When the last external port on a VLAN goes down, all Layer 3 Services module interfaces or subinterfaces on that VLAN shut down by the autostate feature unless sc0 is on the VLAN or there is another Layer 3 Services module in the chassis with an interface or subinterface in the VLAN. When an Layer 3 Services module interface goes down, the following message is reported to the console for each Layer 3 Services module interface:

%AUTOSTATE-6-SHUT_DOWN

When the first external port on the VLAN is brought back up, all Layer 3 Services module interfaces on that VLAN that were previously shut down are brought up. The following message is reported to the console for each Layer 3 Services module interface:

%AUTOSTATE-6-BRING_UP

Use the show autostate entries command to see what Layer 3 Services module interfaces have been shut down or brought up by the autostate feature:

Router# show autostate entries
Port-channel1.5
Port-channel1.6
Port-channel1.4
Router#

It is important to note that the Catalyst 4000 family switch does not have knowledge of, or control over, the Layer 3 Services module configuration (just as the Catalyst switch does not have knowledge of, or control over, external router configurations). Consequently, the autostate feature will not work on Layer 3 Services module interfaces if the Layer 3 Services module is not properly configured. For example, consider the following Layer 3 Services module trunk configuration:

interface GigabitEthernet3.200
    encap dot1Q 200
    .
    .

The Gigabit Ethernet 3.200 interface will not be affected by the autostate feature if any of the following configuration errors are made:

VLAN 200 is not configured on the switch.
Trunking is not configured on the corresponding Gigabit Ethernet switch port.
Trunking is configured but VLAN 200 is not an allowed VLAN on that trunk.

Configuration Procedures

This section describes how to configure the Gigabit Ethernet switched and routed interfaces on the Layer 3 Services module:

To configure the interfaces independently, see "Option 1: Configuring the Interfaces Independently" section.
To configure the interfaces as trunks, see "Option 2: Configuring the Interfaces as Trunks" section
To configure the interfaces as EtherChannels, see "Option 3: Configuring the Interfaces as EtherChannels (Recommended Configuration Option)" section.

Option 1: Configuring the Interfaces Independently

This procedure shows you how to route between two VLANs. VLANs 4 and 5 are configured on a Catalyst 4000 family switch. Trunking is not enabled on any interface because there is only one VLAN on each physical interface. Perform the following steps to configure the interfaces independently (in this procedure the Layer 3 Services module is in slot 2):

Step 1 Use the set vlan vlan_num mod_num/port_num command to add the two Layer 3 Services module interfaces to a VLAN:

Cat4000> (enable) set vlan 4 2/1
VLAN 4 modified.
VLAN 1 modified.
..
Cat4000> (enable) set vlan 5 2/2
VLAN 5 modified.
VLAN 1 modified.

Step 2 Use the session mod_num command to access the Catalyst 4003 and 4006 Layer 3 Services module prompt:

Cat4000> (enable) session 2
Trying Router-2...
Connected to Router-2.
Escape character is \Q^]'.
 
router>

a. At the EXEC prompt, enter enable mode:

router> enable
router#

b. At the privileged EXEC prompt, enter global configuration mode:

router# configure terminal
router(config)#

Step 3 Assign an IP address and subnet mask (or IPX address) to the corresponding routed interface
(g3 and g4).

router(config)# interface g3
router(config-if)# ip address ip_address subnet_mask
router(config-if)# exit
router(config)# interface g4
router(config-if)# ip address ip_address subnet_mask
router(config-if)# exit

Note In the nontrunking case, no VLAN-related configuration is required from the IOS console.

Option 2: Configuring the Interfaces as Trunks

This procedure shows you how to enable VLAN trunking on the two internal Gigabit Ethernet interfaces. Enabling VLAN trunking requires you to configure the internal Gigabit Ethernet interfaces from the supervisor engine console as well as from the Layer 3 Services module console. When you enable trunking, you configure a subinterface for each allowed VLAN configured on the Layer 3 Services module trunk.

Perform the following steps to enable VLAN trunking on the interfaces (in this procedure the Layer 3 Services module is in slot 2):

Step 1 Use the set trunk mod_num/port_num command to enable trunking and specify the encapsulation type on the interface from the supervisor engine prompt:

Cat4000> (enable) set vlan 5 2/1
Vlan 5 modified.
Cat4000> (enable) set trunk 2/1 nonegotiate dot1Q 1-5
Port(s) 2/1 trunk mode set to nonegotiate.
Port(s) 2/1 trunk type set to dot1Q.
Cat4000> (enable) set vlan 6 2/2
Vlan 6 modified.
Cat4000> (enable) set trunk 2/2 nonegotiate dot1Q 6-10
Port(s) 2/2 trunk mode set to nonegotiate.
Port(s) 2/2 trunk type set to dot1Q.
Cat4000> (enable)

Step 2 Use the session mod_num command to access the Layer 3 Services module console prompt:

Cat4000> (enable) session 2
Trying Router...
Connected to Router.
Escape character is \Q^]'.
 
router>

a. At the EXEC prompt, enter enable mode:

router> enable
router#

b. At the privileged EXEC prompt, enter global configuration mode:

router# configure terminal
router(config)#

Step 3 Use the interface command to configure subinterfaces for each VLAN at the Layer 3 Services module console prompt.

Note You are required to use the native keyword in the encapsulation command to create the subinterface for the native VLAN. In this example, VLAN 10 is the native VLAN.

router(config)# interface gigabitethernet3.1
router(config-subif)# encapsulation dot1Q 1
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit
router(config)# interface gigabitethernet3.2
router(config-subif)# encapsulation dot1Q 2
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit
router(config)# interface gigabitethernet3.3
router(config-subif)# encapsulation dot1Q 3
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit
router(config)# interface gigabitethernet3.4
router(config-subif)# encapsulation dot1Q 4
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit
router(config)# interface gigabitethernet3.5
router(config-subif)# encapsulation dot1Q 5 native
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit
router(config)# interface gigabitethernet4.6
router(config-subif)# encapsulation dot1Q 6 native
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit
router(config)# interface gigabitethernet4.7
router(config-subif)# encapsulation dot1Q 7
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit
router(config)# interface gigabitethernet4.8
router(config-subif)# encapsulation dot1Q 8
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit
router(config)# interface gigabitethernet4.9
router(config-subif)# encapsulation dot1Q 9
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit
router(config)# interface gigabitethernet4.10
router(config-subif)# encapsulation dot1Q 10
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# end

Note If a native VLAN is not configured on one of the subinterfaces, the main interface (g3 or g4) will be assigned a native VLAN of 1. If the native VLANs do not match on both sides of the connection, packets will be lost.

Option 3: Configuring the Interfaces as EtherChannels (Recommended Configuration Option)

This procedure shows you how to configure the two Gigabit Ethernet interfaces as channels and then enable VLAN trunking on the channel. You can then configure subinterfaces on the channel interface. You configure a subinterface for each allowed VLAN configured on the Layer 3 Services module trunk. For each subinterface, you specify the type of trunking (same as specified on the channel) and then assign an IP address and subnet mask (or IPX address).

Perform the following steps to configure the interfaces as a channel (in this procedure, the Layer 3 Services module is in slot 2):

Step 1 Use the set port channel mod/ports command to configure a Gigabit EtherChannel. Before you create the channel, ensure that the ports you intend to channel (in this case, 2/1 and 2/2) belong to the same VLAN:

Cat4000> (enable) set port channel 2/1-2 on
Ports 2/1-2 channel mode set to on.
Cat4000> (enable)

Step 2 Use the set trunk mod_num/port_num command to enable trunking and specify an encapsulation type on the EtherChannel ports (specifying the encapsulation type on one of the EtherChannel ports enables trunking and the specified encapsulation on all ports in the channel):

Cat4000> (enable) set trunk 2/1 on dot1Q 1-10
Port(s) 2/1 trunk mode set to on
Port(s) 2/1 trunk type set to dot1Q 1-10
Cat4000> (enable)

Step 3 Use the session mod_num command to access the Layer 3 Services module console prompt:

Cat4000> (enable) session 2
Trying Router...
Connected to Router.
Escape character is \Q^]'.
 
router>

a. At the EXEC prompt, enter enable mode:

router> enable
router#

b. At the privileged EXEC prompt, enter global configuration mode:

router# configure terminal
router(config)#

Step 4 Create an EtherChannel (portchannel) interface (the channel number can be from
1 to 64):

router(config)# interface port-channel channel_number

Step 5 Assign the g3 and g4 interfaces to the port channel:

router(config)# interface g3
router(config-if)# channel-group channel_number
router(config-if)# exit
router(config)#

Repeat this step on the remaining interface.

Step 6 Configure subinterfaces on the port channel interface, one for each allowed VLAN configured on the Layer 3 Services module trunk over which you want to route (specify the same type of encapsulation as in Step 2):

router(config)# interface port-channel channel_number.vlan_id
router(config-subif)# encapsulation dot1Q vlan_id
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit

Repeat this step to create and configure additional subinterfaces on the port channel.

Step 7 Configure a subinterface for the native VLAN by specifying the native keyword in the encapsulation command:

router(config)# interface port-channel channel_number.vlan_id
router(config-subif)# encapsulation dot1Q vlan_id native
router(config-subif)# ip address ip_address subnet_mask
router(config-subif)# exit

Configuring Layer 3 Quality of Service

This section describes the quality of service (QoS) features supported on Gigabit Ethernet interfaces of your Layer 3 Services module. For QoS configuration information on the 10/100 Ethernet switching ports, refer to the Software Configuration Guide for your switch.

This section includes the following topics:

Overview of Layer 3 Switching Quality of Service

Extensive quality of service (QoS) features are built into the Layer 3 Services module architecture to ensure policy enforcement and queuing of the ingress port and weighted round-robin (WRR) scheduling at the egress port.

QoS on the Gigabit Ethernet interfaces is based on IP precedence for partitioning traffic into multiple classes of service. IP precedence uses the three type-of-service precedence bits in the IP header to specify class of service (CoS) assignment for each packet.

IP precedence can be mapped into adjacent technologies (for example, tag switching or ATM) to support end-to-end network QoS policies. This mapping enables service classes to be established with no changes to existing applications and with no complicated network signaling requirements.

The system obtains IP precedence information from the IP header type-of-service (ToS) field. For an incoming IP packet, the first two (most significant) bits of the service type field determine the delay priority. The Gigabit Ethernet interfaces on the Layer 3 Services module recognizes four QoS classes, Q-0 to Q-3, as summarized in Table 8.

Table 8: Queue Classes

IP Precedence Bits Delay Priority Queue Selected

0 0 0

0 0

Q-0

0 0 1

0 0

Q-0

0 1 0

0 1

Q-1

0 1 1

0 1

Q-1

1 0 0

1 0

Q-2

1 0 1

1 0

Q-2

1 1 0

1 1

Q-3

1 1 1

1 1

Q-3

Your Layer 3 Services module can read the precedence field and switch the packet accordingly, but it cannot reclassify traffic. The edge router or switch is expected to set the precedence field according to its local policy.

The Layer 3 Services module queues packets based on the delay priority and the target next-hop interface.

Overview of Scheduling and Weighted Round-Robin

Frame scheduling becomes more important when an outgoing interface is congested. To handle this situation, you can assign weights to each of the different queues. By assigning weights to the different queues, you can allocate bandwidth to higher priority applications (using IP precedence), while still granting access to lower priority queues. The frame schedule provides each queue the bandwidth that is allotted to it. This mapping is configurable both at the system and interface levels (as described later in this section).

The four queues on any destination interface are configured to be part of the same service class. Bandwidth is not explicitly reserved for these four queues. Each of the queues is assigned a different WRR-scheduling weight, which determines the way they share the interface bandwidth. The WRR weight is user configurable; you can assign a different WRR weight for each queue.

Tips The higher the WRR weight, the higher the effective bandwidth for that particular queue.

You can find the effective bandwidth (in Mbps) for a particular queue with the following formula:

(W/S) x B = n Mbps

Table 9 describes the values in the bandwidth calculation formula.

Table 9: Bandwidth Calculation Values

W

WRR weight of the specified queue

S

Sum of the weight of all active queues on the outgoing interface

B

Available bandwidth in Mbps

n

Effective bandwidth in Mbps

For example, if W is 4, S is 15, and B is 100, the formula would be (4/15) x 100 = 26 Mbps, and the effective bandwidth for the specified queue in this example is 26 Mbps.

Configuring Precedence to WRR Scheduling

This section describes the Cisco IOS commands necessary to configure QoS mapping at the system and interface levels. The commands described in this section are unique to Layer 3 Services module software.

The Layer 3 Services module software enables QoS-based forwarding by default. If disabled, enter the following command to enable QoS forwarding:

# [no] qos switching

The no version of this command disables QoS switching on the entire system.

To configure QoS scheduling at the system level, perform the following task in global configuration mode:

Task Command

Step 1

Set the mapping between IP precedence and the WRR weight. See the command syntax description in Table 10.

qos mapping precedence value wrr-weight weight

Step 2

Return to privileged EXEC mode.

Ctrl-Z

Use the following command syntax to configure QoS scheduling at the system level:

Table 10: Global QoS Configuration Command Syntax

value

The precedence value (0 to 3) is the higher 2-bits of the IP precedence field.

weight

The WRR-scheduling weight (1 to 4). This parameter specifies the weight assigned to traffic with the given precedence.

To set the precedence back to the default setting for the Catalyst 4003 and 4006 Layer 3 Services module, use the no version of the qos mapping precedence command.

Table 11 shows the default WRR weights for IP precedence.

Table 11: Default WRR Weights for IP Precedence

IP Precedence WRR Weight

0

1

1

2

2

3

3

4

Mapping QoS Scheduling at the Interface Level

Configuring QoS mapping at the interface level overrides the system-level mapping. By using the qos mapping precedence wrr-weight command, you can assign a different WRR-scheduling weight for a particular precedence traffic destined to any interface.

To configure QoS scheduling at the interface level, perform the following task in interface configuration mode:

Task Command

Step 1

Assign a different WRR-scheduling weight for a particular precedence traffic destined to an interface.

qos mapping [destination dest-interface] precedence value wrr-weight weight

Step 2

Return to privileged EXEC mode.

Ctrl-Z

The QoS commands are applicable to both Gigabit Ethernet and Fast Ethernet interfaces.

To set the precedence back to the system-level default setting for the Catalyst 4003 and 4006 Layer 3 Services module, use the no version of the qos mapping precedence wrr-weight command.

The destination interface parameter is optional. When the destination interface parameter is not specified, system-level QoS mapping is configured. If interface-specific QoS mapping is configured for a certain precedence, it takes priority over the system-level QoS mapping for that precedence.

Monitoring and Verifying the QoS Configuration

Use the following Cisco IOS show commands to verify the QoS configuration:

Task Command

Step 1

Verify if QoS-based switching is enabled.

show qos switching

Step 2

Display effective mapping at either the system level
or interface level.

show qos mapping [destination dest-interface]

Configuring the Switching Database Manager

This section describes the switching database manager (SDM) features built into the Layer 3 Services module. This section includes the following topics:

Overview of the Switching Database Manager

The Gigabit Ethernet interfaces use the forwarding engine and the ternary content addressable memory (TCAM) to implement Layer 3 switching. The switching database manager (SDM) is the Layer 3 software subsystem that manages the Layer 3 switching information maintained in TCAM.

SDM in Layer 3 switching organizes the switching information in TCAM into protocol-specific regions and configures the size of these protocol regions. SDM enables exact-match and longest-match address searches, which result in high-speed forwarding.

SDM Regions

SDM partitions TCAM space into multiple protocol-specific regions and interacts with the individual protocol control layers to store Layer 3 switching information. SDM consists of the following types of regions:

Exact-match region---The exact-match region consists of Layer 3 entries for multiple protocol regions, such as IP adjacencies and IPX node.
Longest-match region---Each longest-match region consists of multiple buckets or groups of Layer 3 address entries organized in decreasing order by mask length. All entries within a bucket share the same mask value and key size. The buckets can change their size dynamically by borrowing address entries from neighboring buckets.

TCAM space consists of 32,000 entries, and each entry is 32 bits wide. Because SDM is responsible for managing TCAM space, SDM partitions the entire TCAM space for each protocol region based on user configuration. Although the maximum size of all protocol regions is fixed, you can reconfigure the size of each protocol region. A change in the partition configuration takes effect only during the next system reboot.

Table 12 lists default partitioning for each protocol region in TCAM.

Table 12: TCAM Protocol Region Default Partitioning

Protocol Region Lookup Type Key Size Default Size No. of TCAM Entries

ipx-bvi-network

Exact-match

32 bits

32

32

ip-adjacency

Exact-match

32 bits

2048

2048

ipx-node

Exact-match

64 bits

2048

4096

ip-prefix

Longest-match

32 bits

8192

8192

ipx-network

Exact-match

32 bits

6144

6144

ip-mcast

Longest-match

64 bits

3072

6144

l2-switching

Exact-match

64 bits

1024

2048

udp-flooding

64 bits

256

512

Configuring SDM

This section describes how to configure SDM. This section includes the commands required to configure the autolearn feature in SDM and the commands required to configure the size of the SDM regions. The commands described in this section are unique to Layer 3 switching software.

Configuring SDM Autolearn

SDM groups entries into buckets based on their mask lengths. The size of each bucket in the protocol region varies. The autolearn feature in SDM automatically saves the mask-length distribution (bucket size distribution) for the longest-match region in the switching database. SDM uses this information to set up the partitions, which are effective during the next system reboot.

The autolearn featureis enabled by default. The no form of the sdm autolearn command disables the SDM autolearn feature. You can reenable autolearn by entering the sdm autolearn command from global configuration mode, as shown in this example:

4232-L3# configure terminal
4232-L3(config)# sdm autolearn
4232-L3(config)# Ctrl-Z

Configuring SDM Regions

The protocol region size in SDM is represented by the number of 32-bit or 64-bit entries. The combined size of all the application regions should be calculated in terms of 32-bit TCAM entries and should not exceed 32,000, which is the total TCAM size.

Note Although the size of the whole protocol region is configured by default, you can reconfigure it. The reconfigured size of the protocol region is effective only at the next system reboot.

To configure the SDM size for each protocol region, perform the following steps in global configuration mode:

Task Command

Step 1

Set the name of the protocol region for which you want to configure the size. You can enter the size either as an absolute number of entries or as multiples of 1K (that is, 1024) entries.

sdm size region-name {num-entries |
k-entries num-k-entries}

Step 2

Return to privileged EXEC mode.

Ctrl-Z

The following output is an example of configuring 2048 entries for the ip-prefix region:

4232-L3# configure terminal
4232-L3(config)# sdm size ip-prefix k-entries 2 
4232-L3(config)# Ctrl-Z

The combined size entered for all the protocol regions should not exceed 32,000, which is the total TCAM size. To display the supported size of SDM, use the show sdm size command from global configuration mode.

4232-L3# show sdm size 
Switching Database Region Sizes :
IPX Direct Network  :256     32-bit entries
IP Adjacency        :2048    32-bit entries
IPX Node            :1024    64-bit entries
IP Prefix           :2048    32-bit entries
IPX Network         :2048    32-bit entries
IP Multicast        :1024    64-bit entries
UDP Flooding        :512     64-bit entries
MAC Addr            :2048    64-bit entries

Obtaining Documentation

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.

Ordering Documentation

Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.

Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).

Obtaining Technical Assistance

Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed docs, or by sending mail to Cisco.

Cisco Connection Online

Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.

CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.

Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.

You can access CCO in the following ways:

WWW: www.cisco.com
Telnet: cco.cisco.com
Modem using standard connection rates and the following terminal settings: VT100 emulation; 8 data bits; no parity; and 1 stop bit.
- From North America, call 408 526-8070
- From Europe, call 33 1 64 46 40 82

You can e-mail questions about using CCO to cco-team@cisco.com.

Technical Assistance Center

The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.

To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.

To contact by e-mail, use one of the following:

Language E-mail Address

English

tac@cisco.com

Hanzi (Chinese)

chinese-tac@cisco.com

Kanji (Japanese)

japan-tac@cisco.com

Hangul (Korean)

korea-tac@cisco.com

Spanish

tac@cisco.com

Thai

thai-tac@cisco.com

In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.

Documentation Feedback

If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:

Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate and value your comments.

Feature	Default Value
Host name	Router
Interface configuration	None
VLAN configuration	None
Password encryption	Disabled
Break to console	Ignore

	Task	Command
Step 1	Set the port speed of a 10/100-Mbps Fast Ethernet port.	set port speed mod num/port num {10 \| 100 \| auto}
Step 2	Verify that the speed of the port is configured correctly.	show port [mod_num[/port_num]]

	Task	Command
Step 1	Set the port speed of a 10/100-Mbps Fast Ethernet port.	set port duplex mod num/port num {full \| half}
Step 2	Verify that the duplex mode of the port is configured correctly.	show port [mod_num[/port_num]]

	Task	Command
Step 1	Enter interface configuration mode to configure the Gigabit Ethernet interface.	interface type number
Step 2	Enter the IP address and IP subnet mask to be assigned to the interface.	ip address ip-address subnet-mask
Step 3	Enable the interface (applies only to Gig1 and Gig2).	no shutdown
Step 4	Return to global configuration mode. Repeat steps 1 through 3 to configure the other interfaces on the Layer 3 Services module.	exit
Step 5	Return to privileged EXEC mode.	Ctrl-Z
Step 6	Save configuration changes to NVRAM.	copy running-config startup-config

	Task	Command
Step 1	Specify the VTP mode.	set vtp mode {client \| server \| transparent}
Step 2	Configure a VTP domain (if you configured the switch as a VTP client or server).	set vtp domain name
Step 3	Create VLANs on the switch.	set vlan vlan_num
Step 4	Assign ports to the VLAN.	set vlan vlan_num mod_num/port_num

IP Precedence Bits	Delay Priority	Queue Selected
0 0 0	0 0	Q-0
0 0 1	0 0	Q-0
0 1 0	0 1	Q-1
0 1 1	0 1	Q-1
1 0 0	1 0	Q-2
1 0 1	1 0	Q-2
1 1 0	1 1	Q-3
1 1 1	1 1	Q-3

W	WRR weight of the specified queue
S	Sum of the weight of all active queues on the outgoing interface
B	Available bandwidth in Mbps
n	Effective bandwidth in Mbps

	Task	Command
Step 1	Set the mapping between IP precedence and the WRR weight. See the command syntax description in Table 10.	qos mapping precedence value wrr-weight weight
Step 2	Return to privileged EXEC mode.	Ctrl-Z

value	The precedence value (0 to 3) is the higher 2-bits of the IP precedence field.
weight	The WRR-scheduling weight (1 to 4). This parameter specifies the weight assigned to traffic with the given precedence.

	Task	Command
Step 1	Assign a different WRR-scheduling weight for a particular precedence traffic destined to an interface.	qos mapping `[`destination dest-interface`]` precedence value wrr-weight weight
Step 2	Return to privileged EXEC mode.	Ctrl-Z

	Task	Command
Step 1	Verify if QoS-based switching is enabled.	show qos switching
Step 2	Display effective mapping at either the system level or interface level.	show qos mapping [destination dest-interface]

Protocol Region	Lookup Type	Key Size	Default Size	No. of TCAM Entries
ipx-bvi-network	Exact-match	32 bits	32	32
ip-adjacency	Exact-match	32 bits	2048	2048
ipx-node	Exact-match	64 bits	2048	4096
ip-prefix	Longest-match	32 bits	8192	8192
ipx-network	Exact-match	32 bits	6144	6144
ip-mcast	Longest-match	64 bits	3072	6144
l2-switching	Exact-match	64 bits	1024	2048
udp-flooding		64 bits	256	512

	Task	Command
Step 1	Set the name of the protocol region for which you want to configure the size. You can enter the size either as an absolute number of entries or as multiples of 1K (that is, 1024) entries.	sdm size region-name {num-entries \| k-entries num-k-entries}
Step 2	Return to privileged EXEC mode.	Ctrl-Z

Language	E-mail Address
English	tac@cisco.com
Hanzi (Chinese)	chinese-tac@cisco.com
Kanji (Japanese)	japan-tac@cisco.com
Hangul (Korean)	korea-tac@cisco.com
Spanish	tac@cisco.com
Thai	thai-tac@cisco.com

Table of Contents

Catalyst 4003 and 4006 Layer 3 Services Module Installation and Configuration Note