122sxscg2

8/9/2019 122sxscg2

1/1012

Corporate Headquarters

Cisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 526-4100

Cisco 7600 Series RouterCisco IOS Software Configuration GuideRelease 12.2(18)SXF and Rebuilds and Earlier Releases

Text Part Number: OL-4266-08
http://www.cisco.com/http://www.cisco.com/

8/9/2019 122sxscg2

2/1012

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALLSTATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUTWARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT

SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSEOR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs publicdomain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITHALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUTLIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OFDEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO D ATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCOOR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network aretrademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are servi ce marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You,Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems,

Cisco Systems Capital, the Cisco Systems l ogo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing,FormShare, GigaDrive, HomeLink, Internet Quotient, IO S, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort l ogo,LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking A cademy, Network Registrar, PCNow, PIX, PowerPanels,ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Q uotient, TransPath, WebEx, and theWebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationshipbetween Cisco and any other company. (0807R)

Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SXF and Rebuilds and Erarlier Releases 20012008, Cisco Systems, Inc. All rights reserved.

8/9/2019 122sxscg2

3/1012

1Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

C O N T E N T S

Preface 30

Audience 30

Organization 30

Related Documentation 33

Conventions 34

Product Overview 1

Supported Hardware and Software 1

User Interfaces 1

Configuring Embedded CiscoView Support 2Understanding Embedded CiscoView 2Installing and Configuring Embedded CiscoView 2Displaying Embedded CiscoView Information 3

Software Features Supported in Hardware by the PFC and DFC 3

Command-Line Interfaces 1

Accessing the CLI 1Accessing the CLI through the EIA/TIA-232 Console Interface 2

Accessing the CLI through Telnet 2Performing Command Line Processing 3

Performing History Substitution 3

Cisco IOS Command Modes 4

Displaying a List of Cisco IOS Commands and Syntax 5

ROM-Monitor Command-Line Interface 6

Configuring the Switch for the First Time 1

Default Configuration 1

Configuring the Switch 2Using the Setup Facility or the setup Command 2Using Configuration Mode 10Checking the Running Configuration Before Saving 10Saving the Running Configuration Settings 11

8/9/2019 122sxscg2

4/1012

Contents


OL-4266-08

Reviewing the Configuration 11Configuring a Default Gateway 11Configuring a Static Route 12Configuring a BOOTP Server 13

Protecting Access to Privileged EXEC Commands 15Setting or Changing a Static Enable Password 15Using the enable password and enable secret Commands 15Setting or Changing a Line Password 16Setting TACACS+ Password Protection for Privileged EXEC Mode 16Encrypting Passwords 17Configuring Multiple Privilege Levels 17

Recovering a Lost Enable Password 19

Modifying the Supervisor Engine Startup Configuration 20

Understanding the Supervisor Engine Boot Configuration 20Configuring the Software Configuration Register 21Specifying the Startup System Image 24Understanding Flash Memory 24CONFIG_FILE Environment Variable 25Controlling Environment Variables 26

Configuring a Supervisor Engine 720 1

Using the Bootflash or Bootdisk on a Supervisor Engine 720 1

Using the Slots on a Supervisor Engine 720 1

Configuring Supervisor Engine 720 Ports 2

Configuring and Monitoring the Switch Fabric Functionality 2Understanding How the Switch Fabric Functionality Works 2Configuring the Switch Fabric Functionality 4Monitoring the Switch Fabric Functionality 4

Configuring a Supervisor Engine 32 1

Flash Memory on a Supervisor Engine 32 1

Supervisor Engine 32 Ports 2

Configuring the Supervisor Engine 2 and the Switch Fabric Module 1

Using the Slots on a Supervisor Engine 2 1

Understanding How the Switch Fabric Module Works 1

8/9/2019 122sxscg2

5/1012

Contents


OL-4266-08

Switch Fabric Module Overview 2Switch Fabric Module Slots 2Switch Fabric Redundancy 2Forwarding Decisions for Layer 3-Switched Traffic 2Switching Modes 3

Configuring the Switch Fabric Module 3Configuring the Switching Mode 4Configuring Fabric-Required Mode 4Configuring an LCD Message 5

Monitoring the Switch Fabric Module 5Displaying the Module Information 6Displaying the Switch Fabric Module Redundancy Status 6Displaying Fabric Channel Switching Modes 6

Displaying the Fabric Status 7Displaying the Fabric Utilization 7Displaying Fabric Errors 7

Configuring NSF with SSO Supervisor Engine Redundancy 1

Understanding NSF with SSO Supervisor Engine Redundancy 1NSF with SSO Supervisor Engine Redundancy Overview 2SSO Operation 2NSF Operation 3Cisco Express Forwarding 3

Multicast MLS NSF with SSO 4Routing Protocols 4NSF Benefits and Restrictions 8

Supervisor Engine Configuration Synchronization 9Supervisor Engine Redundancy Guidelines and Restrictions 9Redundancy Configuration Guidelines and Restrictions 9Hardware Configuration Guidelines and Restrictions 10Configuration Mode Restrictions 10

NSF Configuration Tasks 11

Configuring SSO 11Configuring Multicast MLS NSF with SSO 12Verifying Multicast NSF with SSO 12Configuring CEF NSF 13Verifying CEF NSF 13Configuring BGP NSF 13

8/9/2019 122sxscg2

6/1012

Contents


OL-4266-08

Verifying BGP NSF 14Configuring OSPF NSF 14Verifying OSPF NSF 15Configuring IS-IS NSF 16Verifying IS-IS NSF 16Configuring EIGRP NSF 18Verifying EIGRP NSF 18Synchronizing the Supervisor Engine Configurations 19

Copying Files to the Redundant Supervisor Engine 19

Configuring RPR and RPR+ Supervisor Engine Redundancy 1

Understanding RPR and RPR+ 1Supervisor Engine Redundancy Overview 2RPR Operation 2RPR+ Operation 3Supervisor Engine Configuration Synchronization 3

Supervisor Engine Redundancy Guidelines and Restrictions 4Redundancy Guidelines and Restrictions 4RPR+ Guidelines and Restrictions 5Hardware Configuration Guidelines and Restrictions 6Configuration Mode Restrictions 6

Configuring Supervisor Engine Redundancy 6Configuring Redundancy 7Synchronizing the Supervisor Engine Configurations 7Displaying the Redundancy States 8

Performing a Fast Software Upgrade 8

Copying Files to an MSFC 10

Configuring Interfaces 1

Understanding Interface Configuration 1

Using the Interface Command 2

Configuring a Range of Interfaces 4

Defining and Using Interface-Range Macros 5Configuring Optional Interface Features 6

Configuring Ethernet Interface Speed and Duplex Mode 7Configuring Jumbo Frame Support 10

8/9/2019 122sxscg2

7/1012

Contents


OL-4266-08

Configuring IEEE 802.3x Flow Control 13Configuring the Port Debounce Timer 14Adding a Description for an Interface 15

Understanding Online Insertion and Removal 16

Monitoring and Maintaining Interfaces 16Monitoring Interface Status 17Clearing Counters on an Interface 17Resetting an Interface 18Shutting Down and Restarting an Interface 18

Checking the Cable Status Using the TDR 19

Configuring LAN Ports for Layer 2 Switching 1

Understanding How Layer 2 Switching Works 1

Understanding Layer 2 Ethernet Switching 1Understanding VLAN Trunks 2Layer 2 LAN Port Modes 4

Default Layer 2 LAN Interface Configuration 5

Layer 2 LAN Interface Configuration Guidelines and Restrictions 5

Configuring LAN Interfaces for Layer 2 Switching 6Configuring a LAN Port for Layer 2 Switching 7Configuring a Layer 2 Switching Port as a Trunk 7Configuring a LAN Interface as a Layer 2 Access Port 14

Configuring a Custom IEEE 802.1Q EtherType Field Value 15

Configuring Flex Links 1

Understanding Flex Links 1

Configuring Flex Links 2Flex Links Default Configuration 2Flex Links Configuration Guidelines and Restrictions 2Configuring Flex Links 3

Monitoring Flex Links 3

Configuring EtherChannels 1

Understanding How EtherChannels Work 1EtherChannel Feature Overview 1Understanding How EtherChannels Are Configured 2

8/9/2019 122sxscg2

8/1012

Contents


OL-4266-08

Understanding Port Channel Interfaces 4Understanding Load Balancing 5

EtherChannel Feature Configuration Guidelines and Restrictions 5

Configuring EtherChannels 6Configuring Port Channel Logical Interfaces for Layer 3 EtherChannels 7Configuring Channel Groups 8Configuring the LACP System Priority and System ID 10Configuring EtherChannel Load Balancing 11Configuring the EtherChannel Min-Links Feature 12

Configuring VTP 1

Understanding How VTP Works 1Understanding the VTP Domain 2

Understanding VTP Modes 2Understanding VTP Advertisements 3Understanding VTP Version 2 3Understanding VTP Pruning 3

VTP Default Configuration 5

VTP Configuration Guidelines and Restrictions 5

Configuring VTP 6Configuring VTP Global Parameters 6Configuring the VTP Mode 8Displaying VTP Statistics 10

Configuring VLANs 1

Understanding How VLANs Work 1VLAN Overview 1VLAN Ranges 2Configurable VLAN Parameters 3Understanding Token Ring VLANs 3

VLAN Default Configuration 6

VLAN Configuration Guidelines and Restrictions 8

Configuring VLANs 9VLAN Configuration Options 9Creating or Modifying an Ethernet VLAN 10Assigning a Layer 2 LAN Interface to a VLAN 12

8/9/2019 122sxscg2

9/1012

Contents


OL-4266-08

Configuring the Internal VLAN Allocation Policy 12Configuring VLAN Translation 13Mapping 802.1Q VLANs to ISL VLANs 16

Configuring Private VLANs 1Understanding How Private VLANs Work 1

Private VLAN Domains 2Private VLAN Ports 3Primary, Isolated, and Community VLANs 3Private VLAN Port Isolation 4IP Addressing Scheme with Private VLANs 4Private VLANs Across Multiple Switches 5Private VLAN Interaction with Other Features 5

Private VLAN Configuration Guidelines and Restrictions 6Secondary and Primary VLAN Configuration 7Private VLAN Port Configuration 9Limitations with Other Features 9

Configuring Private VLANs 11Configuring a VLAN as a Private VLAN 11Associating Secondary VLANs with a Primary VLAN 12Mapping Secondary VLANs to the Layer 3 VLAN Interface of a Primary VLAN 13Configuring a Layer 2 Interface as a Private VLAN Host Port 14Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port 15

Monitoring Private VLANs 17

Configuring Cisco IP Phone Support 1

Understanding Cisco IP Phone Support 1Cisco IP Phone Connections 1Cisco IP Phone Voice Traffic 2Cisco IP Phone Data Traffic 3Cisco IP Phone Power Configurations 3

Default Cisco IP Phone Support Configuration 4

Cisco IP Phone Support Configuration Guidelines and Restrictions 4Configuring Cisco IP Phone Support 5

Configuring Voice Traffic Support 5Configuring Data Traffic Support 7

8/9/2019 122sxscg2

10/1012

Contents


OL-4266-08

Configuring Inline Power Support 8

Configuring IEEE 802.1Q Tunneling 1

Understanding How 802.1Q Tunneling Works 1

802.1Q Tunneling Configuration Guidelines and Restrictions 3Configuring 802.1Q Tunneling 6

Configuring 802.1Q Tunnel Ports 6Configuring the Switch to Tag Native VLAN Traffic 6

Configuring Layer 2 Protocol Tunneling 1

Understanding How Layer 2 Protocol Tunneling Works 1

Configuring Support for Layer 2 Protocol Tunneling 2

Configuring Standard-Compliant IEEE MST 1

Understanding MST 1MST Overview 2MST Regions 2IST, CIST, and CST 3Hop Count 6Boundary Ports 6Standard-Compliant MST Implementation 7Interoperability with IEEE 802.1D-1998 STP 9

Understanding RSTP 9

Port Roles and the Active Topology 10Rapid Convergence 11Synchronization of Port Roles 12Bridge Protocol Data Unit Format and Processing 13Topology Changes 15

Configuring MST 15Default MST Configuration 16MST Configuration Guidelines and Restrictions 16Specifying the MST Region Configuration and Enabling MST 17Configuring the Root Bridge 19Configuring a Secondary Root Bridge 20Configuring Port Priority 21Configuring Path Cost 22Configuring the Switch Priority 23Configuring the Hello Time 24

8/9/2019 122sxscg2

11/1012

Contents


OL-4266-08

Configuring the Forwarding-Delay Time 25Configuring the Transmit Hold Count 25Configuring the Maximum-Aging Time 26Configuring the Maximum-Hop Count 26Specifying the Link Type to Ensure Rapid Transitions 26Designating the Neighbor Type 27Restarting the Protocol Migration Process 28

Displaying the MST Configuration and Status 28

Configuring STP and Prestandard IEEE 802.1s MST 1

Understanding How STP Works 1STP Overview 2Understanding the Bridge ID 2Understanding Bridge Protocol Data Units 4Election of the Root Bridge 4STP Protocol Timers 5Creating the Spanning Tree Topology 5STP Port States 6STP and IEEE 802.1Q Trunks 12

Understanding How IEEE 802.1w RSTP Works 13IEEE 802.1w RSTP Overview 13RSTP Port Roles 13RSTP Port States 14

Rapid-PVST 14

Understanding How Prestandard IEEE 802.1s MST Works 14IEEE 802.1s MST Overview 15MST-to-PVST Interoperability 16Common Spanning Tree 18MST Instances 18MST Configuration Parameters 18MST Regions 19Message Age and Hop Count 20

Default STP Configuration 21STP and MST Configuration Guidelines and Restrictions 21

Configuring STP 22Enabling STP 22

8/9/2019 122sxscg2

12/1012

Contents


OL-4266-08

Enabling the Extended System ID 24Configuring the Root Bridge 24Configuring a Secondary Root Bridge 26Configuring STP Port Priority 26Configuring STP Port Cost 28Configuring the Bridge Priority of a VLAN 30Configuring the Hello Time 31Configuring the Forward-Delay Time for a VLAN 32Configuring the Maximum Aging Time for a VLAN 32Enabling Rapid-PVST 33

Configuring Prestandard IEEE 802.1s MST 33Enabling MST 34Displaying MST Configurations 35

Configuring MST Instance Parameters 39Configuring MST Instance Port Parameters 40Restarting Protocol Migration 40

Configuring Optional STP Features 1

Understanding How PortFast Works 2

Understanding How BPDU Guard Works 2

Understanding How PortFast BPDU Filtering Works 2

Understanding How UplinkFast Works 3

Understanding How BackboneFast Works 4

Understanding How EtherChannel Guard Works 6

Understanding How Root Guard Works 6

Understanding How Loop Guard Works 6

Enabling PortFast 8

Enabling PortFast BPDU Filtering 10

Enabling BPDU Guard 11

Enabling UplinkFast 12

Enabling BackboneFast 13

Enabling EtherChannel Guard 14Enabling Root Guard 14

Enabling Loop Guard 15

8/9/2019 122sxscg2

13/1012

Contents


OL-4266-08

Configuring Layer 3 Interfaces 1

Layer 3 Interface Configuration Guidelines and Restrictions 1

Configuring Subinterfaces on Layer 3 Interfaces 2

Configuring IPv4 Routing and Addresses 4Configuring IPX Routing and Network Numbers 7

Configuring AppleTalk Routing, Cable Ranges, and Zones 8

Configuring Other Protocols on Layer 3 Interfaces 9

Configuring UDE and UDLR 1

Understanding UDE and UDLR 1UDE and UDLR Overview 1Supported Hardware 2Understanding UDE 2

Understanding UDLR 3

Configuring UDE and UDLR 3Configuring UDE 3Configuring UDLR 6

Configuring PFC3BXL and PFC3B Mode Multiprotocol Label Switching 1

PFC3BXL and PFC3B Mode MPLS Label Switching 1Understanding MPLS 2Understanding PFC3BXL and PFC3B Mode MPLS Label Switching 2Supported Hardware Features 4Supported Cisco IOS Features 5MPLS Guidelines and Restrictions 7PFC3BXL and PFC3B Mode MPLS Supported Commands 7Configuring MPLS 7MPLS Per-Label Load Balancing 7MPLS Configuration Examples 8

PFC3BXL or PFC3B Mode VPN Switching 9PFC3BXL or PFC3B Mode VPN Switching Operation 10MPLS VPN Guidelines and Restrictions 11

PFC3BXL or PFC3B Mode MPLS VPN Supported Commands 11Configuring MPLS VPN 11MPLS VPN Sample Configuration 12

Any Transport over MPLS 13AToM Load Balancing 14

8/9/2019 122sxscg2

14/1012

Contents


OL-4266-08

Understanding EoMPLS 14EoMPLS Guidelines and Restrictions 14Configuring EoMPLS 16

Configuring IPv4 Multicast VPN Support 1Understanding How MVPN Works 1

MVPN Overview 1Multicast Routing and Forwarding and Multicast Domains 2Multicast Distribution Trees 2Multicast Tunnel Interfaces 5PE Router Routing Table Support for MVPN 6Multicast Distributed Switching Support 6Hardware-Assisted IPv4 Multicast 6

MVPN Configuration Guidelines and Restrictions 7

Configuring MVPN 8Forcing Ingress Multicast Replication Mode (Optional) 8Configuring a Multicast VPN Routing and Forwarding Instance 9Configuring Multicast VRF Routing 15Configuring Interfaces for Multicast Routing to Support MVPN 20

Sample Configurations for MVPN 22MVPN Configuration with Default MDTs Only 22MVPN Configuration with Default and Data MDTs 24

Configuring IP Unicast Layer 3 Switching 1Understanding How Layer 3 Switching Works 1

Understanding Hardware Layer 3 Switching 2Understanding Layer 3-Switched Packet Rewrite 2

Default Hardware Layer 3 Switching Configuration 4

Configuration Guidelines and Restrictions 4

Configuring Hardware Layer 3 Switching 4

Displaying Hardware Layer 3 Switching Statistics 5

Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 1

Features that Support IPv6 Multicast 1

IPv6 Multicast Guidelines and Restrictions 2

New or Changed IPv6 Multicast Commands 3

Configuring IPv6 Multicast Layer 3 Switching 3

8/9/2019 122sxscg2

15/1012

Contents


OL-4266-08

Using show Commands to Verify IPv6 Multicast Layer 3 Switching 3Verifying MFIB Clients 4Displaying the Switching Capability 4Verifying the (S,G) Forwarding Capability 4Verifying the (*,G) Forwarding Capability 5Verifying the Subnet Entry Support Status 5Verifying the Current Replication Mode 5Displaying the Replication Mode Auto Detection Status 5Displaying the Replication Mode Capabilities 5Displaying Subnet Entries 6Displaying the IPv6 Multicast Summary 6Displaying the NetFlow Hardware Forwarding Count 6Displaying the FIB Hardware Bridging and Drop Counts 7

Displaying the Shared and Well-Known Hardware Adjacency Counters 7

Configuring IPv4 Multicast Layer 3 Switching 1

Understanding How IPv4 Multicast Layer 3 Switching Works 1IPv4 Multicast Layer 3 Switching Overview 2Multicast Layer 3 Switching Cache 2Layer 3-Switched Multicast Packet Rewrite 3Partially and Completely Switched Flows 3Non-RPF Traffic Processing 5Multicast Boundary 6

Understanding How IPv4 Bidirectional PIM Works 7Default IPv4 Multicast Layer 3 Switching Configuration 7

IPv4 Multicast Layer 3 Switching Configuration Guidelines and Restrictions 8Restrictions 8Unsupported Features 8

Configuring IPv4 Multicast Layer 3 Switching 9Source-Specific Multicast with IGMPv3, IGMP v3lite, and URD 9Enabling IPv4 Multicast Routing Globally 9Enabling IPv4 PIM on Layer 3 Interfaces 10

Enabling IP Multicast Layer 3 Switching Globally 11Enabling IP Multicast Layer 3 Switching on Layer 3 Interfaces 11Configuring the Replication Mode 11Enabling Local Egress Replication 13Configuring the Layer 3 Switching Global Threshold 14Enabling Installation of Directly Connected Subnets 15

8/9/2019 122sxscg2

16/1012

Contents


OL-4266-08

Specifying the Flow Statistics Message Interval 15Enabling Shortcut-Consistency Checking 16Configuring ACL-Based Filtering of RPF Failures 16Displaying RPF Failure Rate-Limiting Information 16Configuring Multicast Boundary 17Displaying IPv4 Multicast Layer 3 Hardware Switching Summary 18Displaying the IPv4 Multicast Routing Table 20Displaying IPv4 Multicast Layer 3 Switching Statistics 21

Configuring IPv4 Bidirectional PIM 22Enabling IPv4 Bidirectional PIM Globally 22Configuring the Rendezvous Point for IPv4 Bidirectional PIM Groups 23Setting the IPv4 Bidirectional PIM Scan Interval 23Displaying IPv4 Bidirectional PIM Information 24

Using IPv4 Debug Commands 26Clearing IPv4 Multicast Layer 3 Switching Statistics 26

Configuring MLDv2 Snooping for IPv6 Multicast Traffic 1

Understanding How MLDv2 Snooping Works 1MLDv2 Snooping Overview 2MLDv2 Messages 2Source-Based Filtering 3Explicit Host Tracking 3MLDv2 Snooping Proxy Reporting 4

Joining an IPv6 Multicast Group 4Leaving a Multicast Group 6Understanding the MLDv2 Snooping Querier 7

Default MLDv2 Snooping Configuration 8

MLDv2 Snooping Configuration Guidelines and Restrictions 8

MLDv2 Snooping Querier Configuration Guidelines and Restrictions 8

Enabling the MLDv2 Snooping Querier 9

Configuring MLDv2 Snooping 10Enabling MLDv2 Snooping 10

Configuring a Static Connection to a Multicast Receiver 11Configuring a Multicast Router Port Statically 11Configuring the MLD Snooping Query Interval 12Enabling Fast-Leave Processing 13Enabling SSM Safe Reporting 13

8/9/2019 122sxscg2

17/1012

Contents


OL-4266-08

Configuring Explicit Host Tracking 14Configuring Report Suppression 14Displaying MLDv2 Snooping Information 15

Configuring IGMP Snooping for IPv4 Multicast Traffic 1Understanding How IGMP Snooping Works 1

IGMP Snooping Overview 2Joining a Multicast Group 2Leaving a Multicast Group 4Understanding the IGMP Snooping Querier 5Understanding IGMP Version 3 Support 5

Default IGMP Snooping Configuration 7

IGMP Snooping Configuration Guidelines and Restrictions 8

IGMP Snooping Querier Configuration Guidelines and Restrictions 8Enabling the IGMP Snooping Querier 9

Configuring IGMP Snooping 9Enabling IGMP Snooping 10Configuring a Static Connection to a Multicast Receiver 11Configuring a Multicast Router Port Statically 11Configuring the IGMP Snooping Query Interval 11Enabling IGMP Fast-Leave Processing 12Configuring Source Specific Multicast (SSM) Mapping 12Enabling SSM Safe Reporting 13Configuring IGMPv3 Explicit Host Tracking 13Displaying IGMP Snooping Information 14

Configuring PIM Snooping 1

Understanding How PIM Snooping Works 1

Default PIM Snooping Configuration 4

PIM Snooping Configuration Guidelines and Restrictions 4

Configuring PIM Snooping 4Enabling PIM Snooping Globally 5

Enabling PIM Snooping in a VLAN 5Disabling PIM Snooping Designated-Router Flooding 6

Configuring RGMP 1

Understanding How RGMP Works 1

Default RGMP Configuration 2

8/9/2019 122sxscg2

18/1012

Contents


OL-4266-08

RGMP Configuration Guidelines and Restrictions 2

Enabling RGMP on Layer 3 Interfaces 3

Configuring Network Security 1

Configuring MAC Address-Based Traffic Blocking 1Configuring TCP Intercept 2

Configuring Unicast Reverse Path Forwarding Check 2Understanding PFC3 Unicast RPF Check Support 2Understanding PFC2 Unicast RPF Check Support 3Unicast RPF Check Guidelines and Restrictions 3Configuring Unicast RPF Check 3

Understanding Cisco IOS ACL Support 1

Cisco IOS ACL Configuration Guidelines and Restrictions 1

Hardware and Software ACL Support 2

Configuring IPv6 Address Compression 3

Optimized ACL Logging with a PFC3 4Understanding OAL 5OAL Guidelines and Restrictions 5Configuring OAL 5

Guidelines and Restrictions for Using Layer 4 Operators in ACLs 7Determining Layer 4 Operation Usage 7Determining Logical Operation Unit Usage 8

Configuring VLAN ACLs 1

Understanding VACLs 1VACL Overview 2Bridged Packets 2Routed Packets 3Multicast Packets 4

Configuring VACLs 4VACL Configuration Overview 5

Defining a VLAN Access Map 5Configuring a Match Clause in a VLAN Access Map Sequence 6Configuring an Action Clause in a VLAN Access Map Sequence 7Applying a VLAN Access Map 8Verifying VLAN Access Map Configuration 8VLAN Access Map Configuration and Verification Examples 9

8/9/2019 122sxscg2

19/1012

Contents


OL-4266-08

Configuring a Capture Port 9

Configuring VACL Logging 11

Configuring Denial of Service Protection 1

Understanding How DoS Protection Works 2DoS Protection with a PFC2 2DoS Protection with a PFC3 10

DoS Protection Default Configuration 21

DoS Protection Configuration Guidelines and Restrictions 22PFC2 22PFC3 23Monitoring Packet Drop Statistics 24Displaying Rate-Limiter Information 26

Understanding How Control Plane Policing Works 27CoPP Default Configuration 28

CoPP Configuration Guidelines and Restrictions 28

Configuring CoPP 29

Monitoring CoPP 30

Defining Traffic Classification 31Traffic Classification Overview 31Traffic Classification Guidelines 33Sample Basic ACLs for CoPP Traffic Classification 33

Configuring Sticky ARP 34

Configuring DHCP Snooping 1

Understanding DHCP Snooping 1Overview of DHCP Snooping 2Trusted and Untrusted Sources 2DHCP Snooping Binding Database 2Packet Validation 3DHCP Snooping Option-82 Data Insertion 3Overview of the DHCP Snooping Database Agent 5

Default Configuration for DHCP Snooping 6

DHCP Snooping Configuration Restrictions and Guidelines 7DHCP Snooping Configuration Restrictions 7DHCP Snooping Configuration Guidelines 7

8/9/2019 122sxscg2

20/1012

Contents


OL-4266-08

Minimum DHCP Snooping Configuration 8

Configuring DHCP Snooping 9Enabling DHCP Snooping Globally 9Enabling DHCP Option-82 Data Insertion 10Enabling the DHCP Option-82 on Untrusted Port Feature 10Enabling DHCP Snooping MAC Address Verification 11Enabling DHCP Snooping on VLANs 12Configuring the DHCP Trust State on Layer 2 LAN Interfaces 13Configuring DHCP Snooping Rate Limiting on Layer 2 LAN Interfaces 14Configuring the DHCP Snooping Database Agent 14Configuration Examples for the Database Agent 15Displaying a Binding Table 18

Configuring Dynamic ARP Inspection 1

Understanding DAI 1Understanding ARP 1Understanding ARP Spoofing Attacks 2Understanding DAI and ARP Spoofing Attacks 2Interface Trust States and Network Security 3Rate Limiting of ARP Packets 4Relative Priority of ARP ACLs and DHCP Snooping Entries 4Logging of Dropped Packets 4

Default DAI Configuration 5

DAI Configuration Guidelines and Restrictions 5

Configuring DAI 6Enabling DAI on VLANs 7Configuring the DAI Interface Trust State 7Applying ARP ACLs for DAI Filtering 8Configuring ARP Packet Rate Limiting 9Enabling DAI Error-Disabled Recovery 10Enabling Additional Validation 11Configuring DAI Logging 12

Displaying DAI Information 15DAI Configuration Samples 16

Sample One: Two Switches Support DAI 16Sample Two: One Switch Supports DAI 20

8/9/2019 122sxscg2

21/1012

Contents


OL-4266-08

Configuring Traffic Storm Control 1

Understanding Traffic Storm Control 1

Default Traffic Storm Control Configuration 2

Traffic Storm Control Guidelines and Restrictions 3Enabling Traffic Storm Control 3

Displaying Traffic Storm Control Settings 5

Unknown Unicast Flood Blocking 1

Understanding UUFB 1

Configuring UUFB 1

Configuring PFC QoS 1

Understanding How PFC QoS Works 2

Port Types Supported by PFC QoS 2Overview 2Component Overview 6Understanding Classification and Marking 16Policers 19Understanding Port-Based Queue Types 22

PFC QoS Default Configuration 29PFC QoS Global Settings 29Default Values With PFC QoS Enabled 30Default Values With PFC QoS Disabled 49

PFC QoS Configuration Guidelines and Restrictions 49General Guidelines 50PFC3 Guidelines 52PFC2 Guidelines 52Class Map Command Restrictions 53Policy Map Command Restrictions 53Policy Map Class Command Restrictions 53Supported Granularity for CIR and PIR Rate Values 54Supported Granularity for CIR and PIR Token Bucket Sizes 54

IP Precedence and DSCP Values 55Configuring PFC QoS 55

Enabling PFC QoS Globally 56Enabling Ignore Port Trust 57Configuring DSCP Transparency 58

8/9/2019 122sxscg2

22/1012

Contents


OL-4266-08

Enabling Queueing-Only Mode 58Enabling Microflow Policing of Bridged Traffic 59Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports 60Enabling Egress ACL Support for Remarked DSCP 61Creating Named Aggregate Policers 61Configuring a PFC QoS Policy 64Configuring Egress DSCP Mutation on a PFC3 82Configuring Ingress CoS Mutation on IEEE 802.1Q Tunnel Ports 84Configuring DSCP Value Maps 86Configuring the Trust State of Ethernet LAN and OSM Ports 90Configuring the Ingress LAN Port CoS Value 92Configuring Standard-Queue Drop Threshold Percentages 92Mapping QoS Labels to Queues and Drop Thresholds 98

Allocating Bandwidth Between Standard Transmit Queues 108Setting the Receive-Queue Size Ratio 110Configuring the Transmit-Queue Size Ratio 111

Common QoS Scenarios 112Sample Network Design Overview 112Classifying Traffic from PCs and IP Phones in the Access Layer 113Accepting the Traffic Priority Value on Interswitch Links 116Prioritizing Traffic on Interswitch Links 117Using Policers to Limit the Amount of Traffic from a PC 120

PFC QoS Glossary 122

Configuring PFC3BXL or PFC3B Mode MPLS QoS 1

Terminology 2

PFC3BXL or PFC3B Mode MPLS QoS Features 3MPLS Experimental Field 3Trust 3Classification 3Policing and Marking 4Preserving IP ToS 4

EXP Mutation 4MPLS DiffServ Tunneling Modes 4

PFC3BXL or PFC3B Mode MPLS QoS Overview 4Specifying the QoS in the IP Precedence Field 5

PFC3BXL or PFC3B Mode MPLS QoS 5

8/9/2019 122sxscg2

23/1012

Contents


OL-4266-08

LERs at the Input Edge of an MPLS Network 6LSRs in the Core of an MPLS Network 7LERs at the Output Edge of an MPLS Network 7

Understanding PFC3BXL or PFC3B Mode MPLS QoS 8LERs at the EoMPLS Edge 8LERs at the IP Edge (MPLS, MPLS VPN) 9LSRs at the MPLS Core 13

PFC3BXL or PFC3B MPLS QoS Default Configuration 15

MPLS QoS Commands 16

PFC3BXL or PFC3B Mode MPLS QoS Restrictions and Guidelines 17

Configuring PFC3BXL or PFC3B Mode MPLS QoS 18Enabling QoS Globally 18Enabling Queueing-Only Mode 19Configuring a Class Map to Classify MPLS Packets 20Configuring the MPLS Packet Trust State on Ingress Ports 22Configuring a Policy Map 23Displaying a Policy Map 28Configuring PFC3BXL or PFC3B Mode MPLS QoS Egress EXP Mutation 29Configuring EXP Value Maps 30

MPLS DiffServ Tunneling Modes 31Short Pipe Mode 32Uniform Mode 33

MPLS DiffServ Tunneling Restrictions and Usage Guidelines 35Configuring Short Pipe Mode 35

Ingress PE RouterCustomer Facing Interface 35Configuring Ingress PE RouterP Facing Interface 36Configuring the P RouterOutput Interface 38Configuring the Egress PE RouterCustomer Facing Interface 39

Configuring Uniform Mode 40Configuring the Ingress PE RouterCustomer Facing Interface 40Configuring the Ingress PE RouterP Facing Interface 41

Configuring the Egress PE RouterCustomer Facing Interface 42Configuring PFC QoS Statistics Data Export 1

Understanding PFC QoS Statistics Data Export 1

PFC QoS Statistics Data Export Default Configuration 2

Configuring PFC QoS Statistics Data Export 2

8/9/2019 122sxscg2

24/1012

Contents


OL-4266-08

Configuring the Cisco IOS Firewall Feature Set 1

Cisco IOS Firewall Feature Set Support Overview 1

Cisco IOS Firewall Guidelines and Restrictions 2

Additional CBAC Configuration 3

Configuring Network Admission Control 1

Understanding NAC 1NAC Overview 1NAC Device Roles 2AAA Down Policy 3NAC Layer 2 IP Validation 4

Configuring NAC 11Default NAC Configuration 11

NAC Layer 2 IP Guidelines, Limitations, and Restrictions 11Configuring NAC Layer 2 IP Validation 13Configuring EAPoUDP 16Configuring Identity Profiles and Policies 17Configuring a NAC AAA Down Policy 17

Monitoring and Maintaining NAC 21Clearing Table Entries 21Displaying NAC Information 21

Configuring IEEE 802.1X Port-Based Authentication 1

Understanding 802.1X Port-Based Authentication 1Device Roles 2Authentication Initiation and Message Exchange 3Ports in Authorized and Unauthorized States 4Supported Topologies 4

Default 802.1X Port-Based Authentication Configuration 5

802.1X Port-Based Authentication Guidelines and Restrictions 6

Configuring 802.1X Port-Based Authentication 7Enabling 802.1X Port-Based Authentication7

Configuring Switch-to-RADIUS-Server Communication8Enabling Periodic Reauthentication 10Manually Reauthenticating the Client Connected to a Port 11Initializing Authentication for the Client Connected to a Port 11Changing the Quiet Period 11Changing the Switch-to-Client Retransmission Time 12

8/9/2019 122sxscg2

25/1012

Contents


OL-4266-08

Setting the Switch-to-Client Retransmission Time for EAP-Request Frames 13Setting the Switch-to-Authentication-Server Retransmission Time for Layer 4 Packets 13Setting the Switch-to-Client Frame Retransmission Number 14Enabling Multiple Hosts 14Resetting the 802.1X Configuration to the Default Values 15

Displaying 802.1X Status 15

Configuring Port Security 1

Understanding Port Security 1Port Security with Dynamically Learned and Static MAC Addresses 1Port Security with Sticky MAC Addresses 2

Default Port Security Configuration 3

Port Security Guidelines and Restrictions 3

Configuring Port Security 4Enabling Port Security 4Configuring the Port Security Violation Mode on a Port 6Configuring the Port Security Rate Limiter 7Configuring the Maximum Number of Secure MAC Addresses on a Port 9Enabling Port Security with Sticky MAC Addresses on a Port 10Configuring a Static Secure MAC Address on a Port 11Configuring Secure MAC Address Aging on a Port 12

Displaying Port Security Settings 13

Configuring CDP 1Understanding How CDP Works 1

Configuring CDP 1Enabling CDP Globally 2Displaying the CDP Global Configuration 2Enabling CDP on a Port 2Displaying the CDP Interface Configuration 3Monitoring and Maintaining CDP 3

Configuring UDLD 1

Understanding How UDLD Works 1UDLD Overview 1UDLD Aggressive Mode 2

Default UDLD Configuration 3

Configuring UDLD 3

8/9/2019 122sxscg2

26/1012

Contents


OL-4266-08

Enabling UDLD Globally 3Enabling UDLD on Individual LAN Interfaces 4Disabling UDLD on Fiber-Optic LAN Interfaces 4Configuring the UDLD Probe Message Interval 5Resetting Disabled LAN Interfaces 5

Configuring NetFlow 1

Understanding NetFlow 1NetFlow Overview 1NetFlow on the MSFC 2NetFlow on the PFC 3

Default NetFlow Configuration 5

NetFlow Configuration Guidelines and Restrictions 5

Configuring NetFlow 6Configuring NetFlow on the PFC 6Configuring NetFlow on the MSFC 10

Configuring NDE 1

Understanding NDE 1NDE Overview 1NDE on the MSFC 2NDE on the PFC 2

Default NDE Configuration 10

NDE Configuration Guidelines and Restrictions 10

Configuring NDE 10Configuring NDE on the PFC 11Configuring NDE on the MSFC 13Enabling NDE for Ingress-Bridged IP Traffic 15Displaying the NDE Address and Port Configuration 15Configuring NDE Flow Filters 16Displaying the NDE Configuration 18

Configuring Local SPAN, RSPAN, and ERSPAN 1

Understanding How Local SPAN, RSPAN, and ERSPAN Work 1Local SPAN, RSPAN, and ERSPAN Overview 2Local SPAN, RSPAN, and ERSPAN Sources 5Local SPAN, RSPAN, and ERSPAN Destination Ports 6

Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions 6

8/9/2019 122sxscg2

27/1012

Contents


OL-4266-08

Feature Incompatiblities 6Local SPAN, RSPAN, and ERSPAN Session Limits 7Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions 9VSPAN Guidelines and Restrictions 10RSPAN Guidelines and Restrictions 11ERSPAN Guidelines and Restrictions 11

Configuring Local SPAN, RSPAN, and ERSPAN 13Configuring Destination Port Permit Lists (Optional) 14Configuring Local SPAN 14Configuring RSPAN 16Configuring ERSPAN 18Configuring Source VLAN Filtering for Local SPAN and RSPAN 23Configuring a Destination Port as an Unconditional Trunk 23

Configuring Destination Trunk Port VLAN Filtering 24Verifying the Configuration 25Configuration Examples 26

Configuring SNMP IfIndex Persistence 1

Understanding SNMP IfIndex Persistence 1

Configuring SNMP IfIndex Persistence 2Enabling SNMP IfIndex Persistence Globally 2Disabling SNMP IfIndex Persistence Globally 2Enabling and Disabling SNMP IfIndex Persistence on Specific Interfaces 2

Clearing SNMP IfIndex Persistence Configuration from a Specific Interface 3

Power Management and Environmental Monitoring 1

Understanding How Power Management Works 1Enabling or Disabling Power Redundancy 2Powering Modules Off and On 3Viewing System Power Status 4Power Cycling Modules 5Determining System Power Requirements 5Determining System Hardware Capacity 5Determining Sensor Temperature Threshold 9

Understanding How Environmental Monitoring Works 10Monitoring System Environmental Status 10Understanding LED Environmental Indications 12

8/9/2019 122sxscg2

28/1012

Contents


OL-4266-08

Configuring Generic Online Diagnostics 1

Understanding How Online Diagnostics Work 1

Configuring Online Diagnostics 2Setting Bootup Online Diagnostics Level 2Configuring On-Demand Online Diagnostics 2Scheduling Online Diagnostics 4Configuring Health-Monitoring Diagnostics 5

Running Online Diagnostic Tests 5Starting and Stopping Online Diagnostic Tests 6Displaying Online Diagnostic Tests and Test Results 7

Performing Memory Tests 10

Configuring Web Cache Services Using WCCP 1

Understanding WCCP 2WCCP Overview 2Hardware Acceleration 2Understanding WCCPv1 Configuration 3Understanding WCCPv2 Configuration 4WCCPv2 Features 5

Restrictions for WCCPv2 7

Configuring WCCP 7Specifying a Version of WCCP 7

Configuring a Service Group Using WCCPv2 8

Excluding Traffic on a Specific Interface from Redirection 9Registering a Router to a Multicast Address 10Using Access Lists for a WCCP Service Group 10Setting a Password for a Router and Cache Engines 11

Verifying and Monitoring WCCP Configuration Settings 11

WCCP Configuration Examples 11Changing the Version of WCCP on a Router Example 12Performing a General WCCPv2 Configuration Example 12Running a Web Cache Service Example 12Running a Reverse Proxy Service Example 13Registering a Router to a Multicast Address Example 13Using Access Lists Example 13Setting a Password for a Router and Cache Engines Example 14

8/9/2019 122sxscg2

29/1012

Contents


OL-4266-08

Verifying WCCP Settings Example 14

Using the Top N Utility 1

Understanding the Top N Utility 1

Top N Utility Overview 1Understanding Top N Utility Operation 2

Using the Top N Utility 2Enabling Top N Utility Report Creation 3Displaying the Top N Utility Reports 3Clearing Top N Utility Reports 4

Using the Layer 2 Traceroute Utility 1

Understanding the Layer 2 Traceroute Utility 1

Usage Guidelines 1

Using the Layer 2 Traceroute Utility 2

A P P E N D I X A Online Diagnostic Tests 1

Global Health-Monitoring Tests 2TestSPRPInbandPing 2TestScratchRegister 3TestMacNotification 3

Per-Port Tests 4TestNonDisruptiveLoopback 4TestLoopback 5TestActiveToStandbyLoopback 5TestTransceiverIntegrity 6TestNetflowInlineRewrite 6

PFC Layer 2 Forwarding Engine Tests 7TestNewIndexLearn 7TestDontConditionalLearn 7TestBadBpduTrap 8TestMatchCapture 8

TestStaticEntry 9DFC Layer 2 Forwarding Engine Tests 9

TestDontLearn 9TestNewLearn 10TestIndexLearn 10TestConditionalLearn 11TestTrap 11

8/9/2019 122sxscg2

30/1012

Contents


OL-4266-08

TestBadBpdu 12TestProtocolMatchChannel 13TestCapture 13TestStaticEntry 14

PFC Layer 3 Forwarding Engine Tests 14TestFibDevices 14TestIPv4FibShortcut 15TestIPv6FibShortcut 15TestMPLSFibShortcut 16TestNATFibShortcut 16TestL3Capture2 17TestAclPermit 17TestAclDeny 18

TestNetflowShortcut 18TestQoS 19

DFC Layer 3 Forwarding Engine Tests 19TestFibDevices 19TestIPv4FibShortcut 20TestIPv6FibShortcut 20TestMPLSFibShortcut 21TestNATFibShortcut 21TestL3Capture2 22TestAclPermit 22TestAclDeny 23TestQoS 23TestNetflowShortcut 24

Replication Engine Tests 24TestL3VlanMet 24TestIngressSpan 25TestEgressSpan 25

Fabric Tests 26TestFabricSnakeForward 26

TestFabricSnakeBackward 27TestSynchedFabChannel 27TestFabricCh0Health 28TestFabricCh1Health 28

Exhaustive Memory Tests 28TestFibTcamSSRAM 29TestAsicMemory 29

8/9/2019 122sxscg2

31/1012

Contents


OL-4266-08

TestAclQosTcam 30TestNetflowTcam 30TestQoSTcam 30

IPSEC Services Modules Tests 32TestIPSecClearPkt 32TestHapiEchoPkt 32TestIPSecEncryptDecryptPkt 33

Stress Tests 33TestTrafficStress 33TestEobcStressPing 34

Critical Recovery Tests 34TestL3HealthMonitoring 34TestTxPathMonitoring 35

TestSynchedFabChannel 35

General Tests 36ScheduleSwitchover 36TestFirmwareDiagStatus 36

A P P E N D I X B Acronyms 1

I N D E X

8/9/2019 122sxscg2

32/1012


OL-4266-08

Preface

This preface describes who should read the Cisco 7600 Series Router Cisco IOS Software ConfigurationGuide , Release 12.2SX, how it is organized, and its document conventions.

AudienceThis guide is for experienced network administrators who are responsible for configuring andmaintaining Cisco 7600 series routers.

OrganizationThis guide is organized as follows:

Chapter Title Description

Chapter 1 Product Overview Presents an overview of the Cisco 7600 seriesrouters.

Chapter 2 Command-Line Interfaces Describes how to use the command-line interface(CLI).

Chapter 3 Configuring the Switch for theFirst Time

Describes how to perform a baseline configuration.

Chapter 4 Configuring aSupervisor Engine 720

Describes how to configure aSupervisor Engine 720.

Chapter 5 Configuring aSupervisor Engine 32

Describes how to configure a Supervisor Engine 32.

Chapter 6 Configuring the SupervisorEngine 2 and the Switch FabricModule

Describes how to configure a Supervisor Engine 2and the Switch Fabric Module.

Chapter 7 Configuring NSF with SSOSupervisor Engine Redundancy

Describes how to configure NSF with SSOsupervisor engine redundancy.

Chapter 8 Configuring RPR and RPR+Supervisor Engine Redundancy

Describes how to configure RPR and RPR+supervisor engine redundancy.

8/9/2019 122sxscg2

33/1012


OL-4266-08

PrefaceOrganization

Chapter 9 Configuring Interfaces Describes how to configure non-layer-specificfeatures on LAN interfaces.

Chapter 10 Configuring LAN Ports for Layer2 Switching

Describes how to configure LAN interfaces tosupport Layer 2 features, including VLAN trunks.

Chapter 11 Configuring Flex Links Describes how to configure Flex Links.

Chapter 12 Configuring EtherChannels Describes how to configure Layer 2 and Layer 3EtherChannel port bundles.

Chapter 13 Configuring VTP Describes how to configure the VLAN TrunkingProtocol (VTP).

Chapter 14 Configuring VLANs Describes how to configure VLANs.

Chapter 15 Configuring Private VLANs Describes how to configure private VLANs.

Chapter 16 Configuring Cisco IP PhoneSupport

Describes how to configure Cisco IP Phone support.

Chapter 17 Configuring IEEE 802.1QTunneling

Describes how to configure IEEE 802.1Q tunneling.

Chapter 18 Configuring Layer 2 ProtocolTunneling

Describes how to configure Layer 2 protocoltunneling.

Chapter 19 Configuring Standard-CompliantIEEE MST

Describes how to configure standard-compliantIEEE MST.

Chapter 20 Configuring STP and PrestandardIEEE 802.1s MST

Describes how to configure the Spanning TreeProtocol (STP) and Prestandard IEEE 802.1sMultiple Spanning Tree (MST).

Chapter 21 Configuring Optional STPFeatures

Describes how to configure the STP PortFast,UplinkFast, and BackboneFast features.

Chapter 22 Configuring Layer 3 Interfaces Describes how to configure LAN interfaces tosupport Layer 3 features.

Chapter 23 Configuring UDE and UDLR Describes how to configure unidirectional Ethernet(UDE) and unidirectional link routing (UDLR).

Chapter 24 Configuring PFC3BXL andPFC3B Mode Multiprotocol LabelSwitching

Describes how to configure PFC3BXL or PFC3BMultiprotocol Label Switching (MPLS).

Chapter 25 Configuring IPv4 Multicast VPNSupport

Describes how to configure IPv4 Multicast VirtualPrivate Network (MVPN).

Chapter 26 Configuring IP Unicast Layer 3Switching

Describes how to configure IP unicast Layer 3switching.

Chapter 27 Configuring IPv6 Multicast PFC3and DFC3 Layer 3 Switching Describes how to configure IPv6 MulticastMultilayer Switching (MMLS).

Chapter 28 Configuring IPv4 MulticastLayer 3 Switching

Describes how to configure IPv4 MulticastMultilayer Switching (MMLS).

Chapter 29 Configuring MLDv2 Snooping forIPv6 Multicast Traffic

Describes how to configure Multicast ListenerDiscovery version 2 (MLDv2) snooping.

Chapter 30 Configuring IGMP Snooping forIPv4 Multicast Traffic

Describes how to configure Internet GroupManagement Protocol (IGMP) snooping.


8/9/2019 122sxscg2

34/1012


OL-4266-08

PrefaceOrganization

Chapter 31 Configuring PIM Snooping Describes how to configure protocol independentmulticast (PIM) snooping.

Chapter 32 Configuring RGMP Describes how to configure Router-Port GroupManagement Protocol (RGMP).

Chapter 33 Configuring Network Security Describes how to configure network securityfeatures that are unique to the Cisco 7600 seriesrouters.

Chapter 34 Understanding Cisco IOS ACLSupport

Describes how Cisco 7600 series routers supportCisco IOS ACLs.

Chapter 35 Configuring VLAN ACLs Describes how to configure VLAN ACLs.

Chapter 36 Configuring Denial of ServiceProtection

Describes how to configure denial of serviceprotection.

Chapter 37 Configuring DHCP Snooping Describes how to configure DHCP snooping.

Chapter 38 Configuring Dynamic ARP

Inspection

Describes how to configure dynamic ARP

inspection.Chapter 39 Configuring Traffic Storm Control Describes how to configure traffic storm control.

Chapter 40 Unknown Unicast Flood Blocking Describes how to configure unknown unicast floodblocking.

Chapter 41 Configuring PFC QoS Describes how to configure quality of service (QoS).

Chapter 42 Configuring PFC3BXL or PFC3BMode MPLS QoS

Describes how to configure MPLS QoS.

Chapter 43 Configuring PFC QoS StatisticsData Export

Describes how to configure PFC QoS statistics dataexport.

Chapter 44 Configuring the Cisco IOSFirewall Feature Set

Describes how to configure the Cisco IOS Firewallfeature set.

Chapter 45 Configuring Network AdmissionControl

Describes how to configure Network AdmissionControl.

Chapter 46 Configuring IEEE 802.1XPort-Based Authentication

Describes how to configure IEEE 802.1X port-basedauthentication.

Chapter 47 Configuring Port Security Describes how to configure port security.

Chapter 48 Configuring CDP Describes how to configure Cisco DiscoveryProtocol (CDP).

Chapter 49 Configuring UDLD Describes how to configure the UniDirectional Link Detection (UDLD) protocol.

Chapter 50 Configuring NetFlow Describes how to configure the NetFlow table

Chapter 51 Configuring NDE Describes how to configure Netflow Data Export(NDE).

Chapter 52 Configuring Local SPAN,RSPAN, and ERSPAN

Describes how to configure the Switch PortAnalyzer (SPAN).

Chapter 53 Configuring SNMP IfIndexPersistence

Describes how to configure SNMP ifIndexpersistence.


8/9/2019 122sxscg2

35/1012


OL-4266-08

PrefaceRelated Documentation

Related DocumentationThe following publications are available for the Cisco 7600 series routers:

Cisco 7600 Series Router Installation Guide

Cisco 7600 Series Router Module Installation Guide

Cisco 7600 Series Router Cisco IOS Command Reference

Cisco 7600 Series Router Cisco IOS System Message Guide

Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32,and Supervisor Engine 2

Cisco IOS Configuration Guides and Command References Use these publications to help you

configure Cisco IOS software features not described in the Cisco 7600 series router publications: Configuration Fundamentals Configuration Guide Configuration Fundamentals Command Reference Bridging and IBM Networking Configuration Guide Bridging and IBM Networking Command Reference Interface Configuration Guide Interface Command Reference Network Protocols Configuration Guide , Part 1, 2, and 3 Network Protocols Command Reference , Part 1, 2, and 3

Security Configuration Guide Security Command Reference Switching Services Configuration Guide Switching Services Command Reference Voice, Video, and Home Applications Configuration Guide Voice, Video, and Home Applications Command Reference Software Command Summary

Chapter 54 Power Management andEnvironmental Monitoring

Describes how to configure power management andenvironmental monitoring features.

Chapter 55 Configuring Generic OnlineDiagnostics

Describes how to configure online diagnostics andrun diagnostic tests.

Chapter 56 Configuring Web Cache ServicesUsing WCCP

Describes how to configure the Web CacheCommunication Protocol (WCCP).

Chapter 57 Using the Top N Utility Describes how to use the Top N utility.

Chapter 58 Using the Layer 2 TracerouteUtility

Describes how to use the Layer 2 traceroute utility.

Appendix A Online Diagnostic Tests Provides recommendations for how to use the onlinediagnostic tests.

Appendix B Acronyms Defines the acronyms used in this publication.


8/9/2019 122sxscg2

36/1012


OL-4266-08

PrefaceConventions

Software System Error Messages Debug Command Reference Internetwork Design Guide Internetwork Troubleshooting Guide

Configuration Builder Getting Started Guide The Cisco IOS Configuration Guides and Command References are located at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/index.htm

For information about MIBs, go to this URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

ConventionsThis document uses the following conventions:

Notes use the following conventions:

Note Means reader take note . Notes contain helpful suggestions or references to material not covered in thepublication.

Convention Description

boldface font Commands, command options, and keywords are in boldface .

italic font Arguments for which you supply values are in italics .

[ ] Elements in square brackets are optional.

{ x | y | z } Alternative keywords are grouped in braces and separated by vertical bars.

[ x | y | z ] Optional alternative keywords are grouped in brackets and separated byvertical bars.

string A nonquoted set of characters. Do not use quotation marks around thestring or the string will include the quotation marks.

screen font Terminal sessions and information the system displays are in screen font. boldface screen font

Information you must enter is in boldface screen font.

italic screen font Arguments for which you supply values are in italic screen font.

This pointer highlights an important line of text in an example.

^ The symbol represents the key labeled Controlfor example, the keycombination ^D in a screen display means hold down the Control keywhile you press the D key.

< > Nonprinting characters, such as passwords are in angle brackets.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/index.htmhttp://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlhttp://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/index.htm

8/9/2019 122sxscg2

37/1012


OL-4266-08

PrefaceConventions

Cautions use the following conventions:

Caution Means reader be careful . In this situation, you might do something that could result in equipmentdamage or loss of data.

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additionalinformation, see the monthly Whats New in Cisco Product Documentation , which also lists all new andrevised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the Whats New in Cisco Product Documentation as a Really Simple Syndication (RSS) feedand set content to be delivered directly to your desktop using a reader application. The RSS feeds are a freeservice and Cisco currently supports RSS version 2.0.
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.htmlhttp://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

8/9/2019 122sxscg2

38/1012


OL-4266-08

PrefaceConventions

8/9/2019 122sxscg2

39/1012

C H A P T E R

1-1Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

1Product Overview

This chapter consists of these sections:

Supported Hardware and Software, page 1-1

User Interfaces, page 1-1

Configuring Embedded CiscoView Support, page 1-2

Software Features Supported in Hardware by the PFC and DFC, page 1-3

Supported Hardware and SoftwareFor complete information about the chassis, modules, and software features supported by the Cisco 7600series routers, refer to the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720,Supervisor Engine 32, and Supervisor Engine 2 :

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/ol_4164.htm

User InterfacesRelease 12.2SX supports configuration using the following interfaces:

CLISee Chapter 2, Command-Line Interfaces.

SNMPRefer to the Release 12.2 IOS Configuration Fundamentals Configuration Guide andCommand Reference at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htm

Cisco IOS web browser interfaceRefer to Using the Cisco Web Browser in the IOSConfiguration Fundamentals Configuration Guide at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htm

Embedded CiscoViewSee the Configuring Embedded CiscoView Support section on page 1-2
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/ol_4164.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htmhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/ol_4164.htm

8/9/2019 122sxscg2

40/1012


OL-4266-08

Chapter 1 Product OverviewConfiguring Embedded CiscoView Support

Configuring Embedded CiscoView SupportThese sections describe configuring Embedded CiscoView support:

Understanding Embedded CiscoView, page 1-2

Installing and Configuring Embedded CiscoView, page 1-2 Displaying Embedded CiscoView Information, page 1-3

Understanding Embedded CiscoViewThe Embedded CiscoView network management system is a web-based interface that uses HTTP andSNMP to provide a graphical representation of the router and to provide a GUI-based management andconfiguration interface. You can download the Java Archive (JAR) files for Embedded CiscoView atthis URL:

http://www.cisco.com/cgi-bin/Software/CiscoView/cvplanner.cgi

Installing and Configuring Embedded CiscoViewTo install and configure Embedded CiscoView, perform this task:

Note The default password for accessing the router web page is the enable-level password of the router.

Command Purpose

Step 1 Router# dir device_name Displays the contents of the device.

If you are installing Embedded CiscoView for the firsttime, or if the CiscoView directory is empty, skip toStep 4 .

Step 2 Router# delete device_name :cv/* Removes existing files from the CiscoView directory.

Step 3 Router# squeeze device_name : Recovers the space in the file system.

Step 4 Router# archive tar /xtract tftp://ip_address_of_tftp_server /ciscoview.tardevice_name :cv

Extracts the CiscoView files from the tar file on the TFTPserver to the CiscoView directory.

Step 5 Router# dir device_name : Displays the contents of the device.

In a redundant configuration, repeat Step 1 throughStep 5 for the file system on the redundant supervisorengine.

Step 6 Router# configure terminal Enters global configuration mode.

Step 7 Router(config)# ip http server Enables the HTTP web server.

Step 8 Router(config)# snmp-server community string ro Configures the SNMP password for read-only operation.Step 9 Router(config)# snmp-server community string rw Configures the SNMP password for read/write operation.
http://www.cisco.com/cgi-bin/Software/CiscoView/cvplanner.cgihttp://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://-/?-http://www.cisco.com/cgi-bin/Software/CiscoView/cvplanner.cgi

8/9/2019 122sxscg2

41/1012


OL-4266-08

Chapter 1 Product OverviewSoftware Features Supported in Hardware by the PFC and DFC

For more information about web access to the router, refer to Using the Cisco Web Browser in the IOSConfiguration Fundamentals Configuration Guide at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htm

Displaying Embedded CiscoView InformationTo display the Embedded CiscoView information, enter the following EXEC commands:

Software Features Supported in Hardware by the PFC and DFCThese sections describe the hardware support provided by Policy Feature Card 3 (PFC3), Policy FeatureCard 2 (PFC2), Distributed Forwarding Card 3 (DFC3) and Distributed Forwarding Card (DFC):

Software Features Supported in Hardware by the PFC3, PFC2, DFC3, and DFC, page 1-3

Software Features Supported in Hardware by the PFC3 and DFC3, page 1-4

Software Features Supported in Hardware by the PFC3, PFC2, DFC3, and DFC

The PFC3, PFC2, DFC3, and DFC provide hardware support for these Cisco IOS software features:

Access Control Lists (ACLs) for Layer 3 ports and VLAN interfaces Permit and deny actions of input and output standard and extended ACLs

Note Flows that require ACL logging are processed in software on the MSFC.

Except on MPLS interfaces, reflexive ACL flows after the first packet in a session is processedin software on the MSFC

Dynamic ACL flows

Note Idle timeout is processed in software on the MSFC.

For more information about PFC and DFC support for ACLs, see Chapter 34, Understanding Cisco

IOS ACL Support.For complete information about configuring ACLs, refer to the Cisco IOS Security ConfigurationGuide, Release 12.2, Traffic Filtering and Firewalls, at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/index.htm

VLAN ACLs (VACLs)To configure VACLs, see Chapter 35, Configuring VLAN ACLs.

Command PurposeRouter# show ciscoview package Displays information about the Embedded CiscoView files.Router# show ciscoview version Displays the Embedded CiscoView version.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/index.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/index.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htm

8/9/2019 122sxscg2

42/1012


OL-4266-08


Policy-based routing (PBR) for route-map sequences that use the match ip address , set ipnext-hop , and ip default next-hop PBR keywords.

To configure PBR, refer to the Cisco IOS Quality of Service Solutions Configuration Guide , Release12.2, Classification, Configuring Policy-Based Routing, at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm

Note If the MSFC3 address falls within the range of a PBR ACL, traffic addressed to the MSFC3is policy routed in hardware instead of being forwarded to the MSFC3. To prevent policyrouting of traffic addressed to the MSFC3, configure PBR ACLs to deny traffic addressed tothe MSFC3.

Except on MPLS interfaces, TCP interceptTo configure TCP intercept, see the Configuring TCPIntercept section on page 33-2 .

Firewall feature set images provide these features: Context-Based Access Control (CBAC) The PFC installs entries in the NetFlow table to

direct flows that require CBAC to the MSFC where the CBAC is applied in software on theMSFC.

Authentication ProxyAfter authentication on the MSFC, the PFC provides TCAM support forthe authentication policy.

Port-to-Application Mapping (PAM)PAM is done in software on the MSFC.

To configure firewall features, see Chapter 44, Configuring the Cisco IOS Firewall Feature Set.

Hardware-assisted NetFlow AggregationRefer to this URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/nde.htm#1081085

Software Features Supported in Hardware by the PFC3 and DFC3

The PFC3 and DFC3 provide hardware support for these Cisco IOS software features: Bidirectional Protocol Independent Multicast (PIM) in hardwareSee Understanding How IPv4

Bidirectional PIM Works section on page 28-7 .

Multiple-path Unicast Reverse Path Forwarding (RPF) CheckTo configure Unicast RPF Check,see the Configuring Unicast Reverse Path Forwarding Check section on page 33-2 .

Except on MPLS interfaces, Network Address Translation (NAT) for IPv4 unicast and multicasttraffic.

Note the following information about hardware-assisted NAT: NAT of UDP traffic is supported only in PFC3BXL or PFC3B mode. The PFC3 does not support NAT of multicast traffic.

The PFC3 does not support NAT configured with a route-map that specifies length. When you configure NAT and NDE on an interface, the PFC3 sends all traffic in fragmented

packets to the MSFC3 to be processed in software. (CSCdz51590)

To configure NAT, refer to the Cisco IOS IP Configuration Guide , Release 12.2, IP Addressing andServices, Configuring IP Addressing, Configuring Network Address Translation, at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfipadr.htm#1042290
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htmhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/nde.htm#1081085http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfipadr.htm#1042290http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfipadr.htm#1042290http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfipadr.htm#1042290http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfipadr.htm#1042290http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/nde.htm#1081085http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm

8/9/2019 122sxscg2

43/1012


OL-4266-08


To prevent a significant volume of NAT traffic from being sent to the MSFC3, due to either a DoSattack or a misconfiguration, enter the mls rate-limit unicast acl {ingress | egress } commanddescribed at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#56404

(CSCea23296)

With Release 12.2(18)SXE and later releases, IPv4 Multicast over point-to-point generic routeencapsulation (GRE) TunnelsRefer to the publication at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htm

Releases earlier than Release 12.2(18)SXE support IPv4 multicast over point-to-point GRE tunnelsin software on the MSFC.

Note The PFC3 does not provide hardware acceleration for tunnels configured with the tunnel key command.

GRE Tunneling and IP in IP TunnelingThe PFC3 and DFC3s support the following tunnel commands:

tunnel destination tunnel mode gre tunnel mode ipip tunnel source tunnel ttl tunnel tos

Other supported types of tunneling run in software on the MSFC3.

The tunnel ttl command (default 255) sets the TTL of encapsulated packets.

The tunnel tos command, if present, sets the ToS byte of a packet when it is encapsulated. If the

tunnel tos command is not present and QoS is not enabled, the ToS byte of a packet sets the ToSbyte of the packet when it is encapsulated. If the tunnel tos command is not present and QoS isenabled, the ToS byte of a packet as modified by PFC QoS sets the ToS byte of the packet when itis encapsulated.

To configure GRE Tunneling and IP in IP Tunneling, refer to these publications:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_r/irfshoip.htm

To configure the tunnel tos and tunnel ttl commands, refer to this publication:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s17 /12s_tos.htm

Note the following information about tunnels: Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot

share a source even if the destinations are different. Use secondary addresses on loopback interfaces or create multiple loopback interfaces. (CSCdy72539)

Each tunnel interface uses one internal VLAN. Each tunnel interface uses one additional router MAC address entry per router MAC address. The PFC3A does not support any PFC QoS features on tunnel interfaces.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#56404http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_r/irfshoip.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s17/12s_tos.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s17/12s_tos.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s17/12s_tos.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s17/12s_tos.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_r/irfshoip.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htmhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#56404

8/9/2019 122sxscg2

44/1012


OL-4266-08


The PFC3B and PFC3BXL support PFC QoS features on tunnel interfaces. The MSFC3 supports tunnels configured with egress features on the tunnel interface. Examples

of egress features are output Cisco IOS ACLs, NAT (for inside to outside translation), TCPintercept, CBAC, and encryption.

8/9/2019 122sxscg2

45/1012

C H A P T E R


OL-4266-08

2Command-Line Interfaces

This chapter describes the command-line interfaces (CLIs) you use to configure the Cisco 7600 seriesrouters.

Note For complete syntax and usage information for the commands used in this chapter, refer to thesepublications:

The Cisco 7600 Series Router Cisco IOS Command Reference at this URL:

http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html

The Release 12.2 publications at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm

This chapter consists of these sections:

Accessing the CLI, page 2-1

Performing Command Line Processing, page 2-3

Performing History Substitution, page 2-3

Cisco IOS Command Modes, page 2-4

Displaying a List of Cisco IOS Commands and Syntax, page 2-5

ROM-Monitor Command-Line Interface, page 2-6

Accessing the CLIThese sections describe accessing the CLI:

Accessing the CLI through the EIA/TIA-232 Console Interface, page 2-2

Accessing the CLI through Telnet, page 2-2
http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.htmlhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htmhttp://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.htmlhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm

8/9/2019 122sxscg2

46/1012


OL-4266-08

Chapter 2 Command-Line InterfacesAccessing the CLI

Accessing the CLI through the EIA/TIA-232 Console Interface

Note EIA/TIA-232 was known as recommended standard 232 (RS-232) before its acceptance as a standard bythe Electronic Industries Alliance (EIA) and Telecommunications Industry Association (TIA).

Perform initial configuration over a connection to the EIA/TIA-232 console interface. Refer to theCisco 7600 Series Router Module Installation Guide for console interface cable connection procedures.

To make a console connection, perform this task:

After making a console connection, you see this display:

Press Return for Console prompt

Router> enable Password:Router#

Accessing the CLI through Telnet

Note Before you can make a Telnet connection to the router, you must configure an IP address (see theConfiguring IPv4 Routing and Addresses section on page 22-4 ).

The router supports up to eight simultaneous Telnet sessions. Telnet sessions disconnect automaticallyafter remaining idle for the period specified with the exec-timeout command.

To make a Telnet connection to the router, perform this task:

Command Purpose

Step 1 Press Return. Brings up the prompt.

Step 2 Router> enable Initiates enable mode enable.

Step 3 Password: password Router#

Completes enable mode enable.

Step 4 Router# quit Exits the session when finished.

Command Purpose

Step 1 telnet { hostname | ip_addr } Makes a Telnet connection from the remote host to therouter you want to access.


Initiates authentication.Note If no password has been configured, press Return.

Step 3 Router> enable Initiates enable mode enable.


Completes enable mode enable.

Step 5 Router# quit Exits the session when finished.

8/9/2019 122sxscg2

47/1012


OL-4266-08

Chapter 2 Command-Line InterfacesPerforming Command Line Processing

This example shows how to open a Telnet session to the router:

unix_host% telnet Router_1 Trying 172.20.52.40...Connected to 172.20.52.40.Escape character is '^]'.

User Access Verification

Password:Router_1> enable Password:Router_1#

Performing Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters if the abbreviationscontain enough letters to be different from any other currently available commands or parameters. Youcan scroll through the last 20 commands stored in the history buffer, and enter or edit the command atthe prompt. Table 2-1 lists the keyboard shortcuts for entering and editing commands.

Performing History SubstitutionThe history buffer stores the last 20 commands you entered. History substitution allows you to accessthese commands without retyping them, by using special abbreviated commands. Table 2-2 lists thehistory substitution commands.

Table 2-1 Keyboard Shortcuts

Keystrokes Purpose

Press Ctrl-B orpress the left arrow key 1

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Moves the cursor back one character.

Press Ctrl-F or press the right arrow key 1

Moves the cursor forward one character.

Press Ctrl-A Moves the cursor to the beginning of the command line.

Press Ctrl-E Moves the cursor to the end of the command line.

Press Esc B Moves the cursor back one word.

Press Esc F Moves the cursor forward one word.
http://-/?-http://-/?-http://-/?-http://-/?-

8/9/2019 122sxscg2

48/1012


OL-4266-08

Chapter 2 Command-Line InterfacesCisco IOS Command Modes

Cisco IOS Command Modes

Note For complete information about Cisco IOS command modes, refer to the Cisco IOS ConfigurationFundamentals Configuration Guide at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htm

The Cisco IOS user interface is divided into many different modes. The commands available to youdepend on which mode you are currently in. To get a list of the commands in a given mode, type aquestion mark (?) at the system prompt. See the Displaying a List of Cisco IOS Commands and Syntaxsection on page 2-5 .

When you start a session on the router, you begin in user mode, often called user EXEC mode. Only alimited subset of the commands are available in EXEC mode. To have access to all commands, you mustenter privileged EXEC mode. Normally, you must type in a password to access privileged EXEC mode.From privileged EXEC mode, you can type in any EXEC command or access global configuration mode.

The configuration modes allow you to make changes to the running configuration. If you later save theconfiguration, these commands are stored across reboots. You must start at global configuration mode.From global configuration mode, you can enter interface configuration mode, subinterface configurationmode, and a variety of protocol-specific modes.

Note With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-levelcommands by entering the do keyword before the EXEC mode-level command.

ROM-monitor mode is a separate mode used when the router cannot boot properly. For example, therouter might enter ROM-monitor mode if it does not find a valid system image when it is booting, or if its configuration file is corrupted at startup. See the ROM-Monitor Command-Line Interface sectionon page 2-6 .

Table 2-3 lists and describes frequently used Cisco IOS modes.

Table 2-2 History Substitution Commands

Command Purpose

Ctrl-P or the up arrow key. 1

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Recalls commands in the history buffer, beginningwith the most recent command. Repeat the keysequence to recall successively older commands.

Ctrl-N or the down arrow key. 1 Returns to more recent commands in the historybuffer after recalling commands with Ctrl-P or theup arrow key. Repeat the key sequence to recallsuccessively more recent commands.

Router# show history While in EXEC mode, lists the last severalcommands you have just entered.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htmhttp://-/?-http://-/?-http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htm

8/9/2019 122sxscg2

49/1012


OL-4266-08

Chapter 2 Command-Line InterfacesDisplaying a List of Cisco IOS Commands and Syntax

The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands you enter.You can abbreviate commands and keywords by entering just enough characters to make the commandunique from other commands. For example, you can abbreviate the show command to sh and theconfigure terminal command to config t .

When you type exit , the router backs out one level. To exit configuration mode completely and return toprivileged EXEC mode, press Ctrl-Z .

Displaying a List of Cisco IOS Commands and SyntaxIn any command mode, you can display a list of available commands by entering a question mark (?).Router> ?

To display a list of commands that begin with a particular character sequence, type in those charactersfollowed by the question mark (?). Do not include a space. This form of help is called word help becauseit completes a word for you.Router# co? collect configure connect copy

To display keywords or arguments, enter a question mark in place of a keyword or argument. Include aspace before the question mark. This form of help is called command syntax help because it reminds youwhich keywords or arguments are applicable based on the command, keywords, and arguments you havealready entered.

Table 2-3 Frequently Used Cisco IOS Command Modes

Mode Description of Use How to Access Prompt

User EXEC Connect to remote devices, changeterminal settings on a temporarybasis, perform basic tests, anddisplay system information.

Log in. Router>

Privileged EXEC (enable) Set operating parameters. Theprivileged command set includesthe commands in user EXECmode, as well as the configure command. Use this command toaccess the other command modes.

From the user EXEC mode, enterthe enable command and theenable password.

Router#

Global configuration Configure features that affect thesystem as a whole.

From the privileged EXEC mode,enter the configure terminal command.

Router(config)#

Interface configuration Many features are enabled for aparticular interface. Interfacecommands enable or modify theoperation of an interface.

From global configuration mode,enter the interface type slot/port command.

Router(config-if)#

Console configuration From the directly connectedconsole or the virtual terminalused with Telnet, use thisconfiguration mode to configurethe console interface.

From global configuration mode,enter the line console 0 command.

Router(config-line)#

8/9/2019 122sxscg2

50/1012


OL-4266-08

Chapter 2 Command-Line InterfacesROM-Monitor Command-Line Interface

For example:

Router# configure ? memory Configure from NV memory

network Configure from a TFTP network hostoverwrite-network Overwrite NV memory from TFTP network hostterminal Configure from the terminal

To redisplay a command you previously entered, press the up arrow key or Ctrl-P . You can continue topress the up arrow key to see the last 20 commands you entered.

Tip If you are having trouble entering a command, check the system prompt, and enter the question mark (?)for a list of available commands. You might be in the wrong command mode or using incorrect syntax.

Enter exit to return to the previous mode. Press Ctrl-Z or enter the end command in any mode toimmediately return to privileged EXEC mode.

ROM-Monitor Command-Line InterfaceThe ROM-monitor is a ROM-based program that executes upon platform power-up, reset, or when a fatalexception occurs. The router enters ROM-monitor mode if it does not find a valid software image, if theNVRAM configuration is corrupted, or if the configuration register is set to enter ROM-monitor mode.From the ROM-monitor mode, you can load a software image manually from Flash memory, from anetwork server file, or from bootflash.

You can also enter ROM-monitor mode by restarting and pressing the Break key during the first 60seconds of startup.

Note The Break key is always enabled for 60 seconds after rebooting, regardless of whether the Break key is

configured to be off by configuration register settings.

To access the ROM-monitor mode through a terminal server, you can escape to the Telnet prompt andenter the send break command for your terminal emulation program to break into ROM-monitor mode.

Once you are in ROM-monitor mode, the prompt changes to rommon 1>. Enter a question mark ( ? ) tosee the available ROM-monitor commands.

For more information about the ROM-monitor commands, refer to the Cisco 7600 Series Router Cisco IOS Command Reference .

8/9/2019 122sxscg2

51/1012

C H A P T E R


OL-4266-08

3Configuring the Router for the First Time

This chapter contains information about how to initially configure the Cisco 7600 series router, whichsupplements the administration information and procedures in these publications:

Cisco IOS Configuration Fundamentals Configuration Guide , Release 12.2, at this URL:

http://www.cisco.com/univercd/cc/td/d

122sxscg2

Documents