You are on page 1of 2436

Consolidated Platform Configuration Guide, Cisco IOS XE 3.

6E
(Catalyst 3850 Switches)
First Published: 2014-06-27
Last Modified: 2016-06-24

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
2014 Cisco Systems, Inc. All rights reserved.
CONTENTS

Preface Preface xciii


Document Conventions xciii
Related Documentation xcv
Obtaining Documentation and Submitting a Service Request xcv

CHAPTER 1 Using the Command-Line Interface 1


Information About Using the Command-Line Interface 1
Command Modes 1
Understanding Abbreviated Commands 3
No and Default Forms of Commands 4
CLI Error Messages 4
Configuration Logging 4
Using the Help System 5
How to Use the CLI to Configure Features 6
Configuring the Command History 6
Changing the Command History Buffer Size 6
Recalling Commands 7
Disabling the Command History Feature 7
Enabling and Disabling Editing Features 8
Editing Commands Through Keystrokes 8
Editing Command Lines That Wrap 10
Searching and Filtering Output of show and more Commands 11
Accessing the CLI on a Switch Stack 11
Accessing the CLI Through a Console Connection or Through Telnet 12

CHAPTER 2 Using the Web Graphical User Interface 13


Prerequisites for Using the Web GUI 13

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
iii
Contents

Information About Using The Web GUI 13


Web GUI Features 14
Connecting the Console Port of the Switch 15
Logging On to the Web GUI 15
Enabling Web and Secure Web Modes 15
Configuring the Switch Web GUI 16

PART I CleanAir 21

CHAPTER 3 Configuring Cisco CleanAir 23


Finding Feature Information 23
Prerequisites for CleanAir 23
Restrictions for CleanAir 24
Information About CleanAir 25
Cisco CleanAir Components 26
Terms Used in Cisco CleanAir 27
Interference Types that Cisco CleanAir can Detect 28
Interference Device Merging 29
Persistent Devices 29
Persistent Devices Detection 29
Persistent Device Avoidance 29
EDRRM and AQR Update Mode 29
CleanAir High Availability 30
How to Configure CleanAir 30
Enabling CleanAir for 2.4-GHz Band 30
Configuring a CleanAir Alarm for 2.4-GHz Air-Quality and Devices 31
Configuring Interference Reporting for 2.4-GHz Devices 33
Enabling CleanAir for 5-GHz Band 34
Configuring a CleanAir Alarm for 5-GHz Air-Quality and Devices 35
Configuring Interference Reporting for 5-GHz devices 36
Configuring EDRRM for CleanAir-Events 37
Configuring Persistent Device Avoidance 38
Configuring Cisco CleanAir using the Controller GUI 39
Configuring Cisco CleanAir on the Cisco Wireless LAN Controller (GUI) 39
Configuring Cisco CleanAir on an Access Point (GUI) 41

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
iv
Contents

Configuring Cisco Spectrum Expert 42


Configuring Spectrum Expert (GUI) 42
Configuring Spectrum Expert (CLI) 43
Monitoring CleanAir Parameters 44
Monitoring the Interference Devices 47
Monitoring the Interference Devices (GUI) 47
Monitoring the Worst Air Quality of Radio Bands (GUI) 48
Configuration Examples for Configuring CleanAir 49
CleanAir FAQs 49
Additional References 51

PART II Interface and Hardware Component 53

CHAPTER 4 Configuring Interface Characteristics 55


Finding Feature Information 55
Information About Configuring Interface Characteristics 55
Interface Types 55
Port-Based VLANs 56
Switch Ports 56
Access Ports 56
Trunk Ports 57
Tunnel Ports 57
Routed Ports 57
Switch Virtual Interfaces 58
SVI Autostate Exclude 58
EtherChannel Port Groups 59
10-Gigabit Ethernet Interfaces 59
Power over Ethernet Ports 59
Using the Switch USB Ports 60
USB Mini-Type B Console Port 60
Console Port Change Logs 60
USB Type A Port 61
Interface Connections 61
Interface Configuration Mode 62
Default Ethernet Interface Configuration 63

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
v
Contents

Interface Speed and Duplex Mode 64


Speed and Duplex Configuration Guidelines 64
IEEE 802.3x Flow Control 65
Layer 3 Interfaces 66
How to Configure Interface Characteristics 67
Configuring Interfaces 67
Adding a Description for an Interface 68
Configuring a Range of Interfaces 69
Configuring and Using Interface Range Macros 70
Configuring Ethernet Interfaces 72
Setting the Interface Speed and Duplex Parameters 72
Configuring IEEE 802.3x Flow Control 74
Configuring Layer 3 Interfaces 75
Configuring SVI Autostate Exclude 77
Shutting Down and Restarting the Interface 78
Configuring the Console Media Type 80
Configuring the USB Inactivity Timeout 81
Monitoring Interface Characteristics 82
Monitoring Interface Status 82
Clearing and Resetting Interfaces and Counters 83
Configuration Examples for Interface Characteristics 84
Adding a Description to an Interface: Example 84
Configuring a Range of Interfaces: Examples 84
Configuring and Using Interface Range Macros: Examples 84
Setting Interface Speed and Duplex Mode: Example 85
Configuring Layer 3 Interfaces: Example 85
Configuring the Console Media Type: Example 85
Configuring the USB Inactivity Timeout: Example 86
Additional References for the Interface Characteristics Feature 86
Feature History and Information for Configuring Interface Characteristics 87

CHAPTER 5 Configuring Auto-MDIX 89


Prerequisites for Auto-MDIX 89
Restrictions for Auto-MDIX 89
Information about Configuring Auto-MDIX 90

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
vi
Contents

Auto-MDIX on an Interface 90
How to Configure Auto-MDIX 90
Configuring Auto-MDIX on an Interface 90
Example for Configuring Auto-MDIX 92
Additional References 92
Feature History and Information for Auto-MDIX 93

CHAPTER 6 Configuring Ethernet Management Port 95


Finding Feature Information 95
Prerequisites for Ethernet Management Ports 95
Information about the Ethernet Management Port 95
Ethernet Management Port Direct Connection to a Switch 96
Ethernet Management Port Connection to Stack Switches using a Hub 96
Ethernet Management Port and Routing 97
Supported Features on the Ethernet Management Port 97
How to Configure the Ethernet Management Port 98
Disabling and Enabling the Ethernet Management Port 98
Additional References 99
Feature Information for Ethernet Management Ports 100

CHAPTER 7 Configuring LLDP, LLDP-MED, and Wired Location Service 101


Finding Feature Information 101
LLDP, LLDP-MED, and Wired Location Service Overview 101
LLDP 101
LLDP Supported TLVs 102
LLDP and Cisco Switch Stacks 102
LLDP and Cisco Medianet 102
LLDP-MED 102
LLDP-MED Supported TLVs 102
Wired Location Service 104
Default LLDP Configuration 105
Restrictions for LLDP 105
How to Configure LLDP, LLDP-MED, and Wired Location Service 106
Enabling LLDP 106
Configuring LLDP Characteristics 107

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
vii
Contents

Configuring LLDP-MED TLVs 109


Configuring Network-Policy TLV 111
Configuring Location TLV and Wired Location Service 114
Enabling Wired Location Service on the Switch 116
Configuration Examples for LLDP, LLDP-MED, and Wired Location Service 118
Configuring Network-Policy TLV: Examples 118
Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service 118
Additional References for LLDP, LLDP-MED, and Wired Location Service 119
Feature Information for LLDP, LLDP-MED, and Wired Location Service 120

CHAPTER 8 Configuring System MTU 121


Configuring System MTU 121
Finding Feature Information 121
Information about the MTU 121
Restrictions for System MTU 121
System MTU Value Application 122
Configuring the System MTU 122
Configuring the System MTU 122
Configuring Protocol-Specific MTU 123
Configuration Examples for System MTU 124
Example: Configuring the System MTU 124
Example: Configuring Protocol-Specific MTU 124
Additional References for System MTU 125
Feature Information for System MTU 125

CHAPTER 9 Configuring Internal Power Supplies 127


Information About Internal Power Supplies 127
How to Configure Internal Power Supplies 127
Configuring Internal Power Supply 127
Monitoring Internal Power Supplies 128
Configuration Examples for Internal Power Supplies 128
Additional References 129
Feature History and Information for Internal Power Supplies 130

CHAPTER 10 Configuring PoE 131

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
viii
Contents

Finding Feature Information 131


Information about PoE 131
Power over Ethernet Ports 131
Supported Protocols and Standards 132
Powered-Device Detection and Initial Power Allocation 132
Power Management Modes 134
Power Monitoring and Power Policing 135
Power Consumption Values 135
Cisco Universal Power Over Ethernet 136
How to Configure PoE 137
Configuring a Power Management Mode on a PoE Port 137
Enabling Power on Signal/Spare Pairs 139
Configuring Power Policing 139
Monitoring Power Status 142
Additional References 142
Feature Information for PoE 143

CHAPTER 11 Configuring EEE 145


Finding Feature Information 145
Information About EEE 145
EEE Overview 145
Default EEE Configuration 146
Restrictions for EEE 146
How to Configure EEE 146
Enabling or Disabling EEE 146
Monitoring EEE 147
Configuration Examples for Configuring EEE 148
Additional References 148
Feature History and Information for Configuring EEE 149

PART III IPv6 151

CHAPTER 12 Configuring MLD Snooping 153


Finding Feature Information 153
Information About Configuring IPv6 MLD Snooping 153

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
ix
Contents

Understanding MLD Snooping 154


MLD Messages 155
MLD Queries 155
Multicast Client Aging Robustness 155
Multicast Router Discovery 156
MLD Reports 156
MLD Done Messages and Immediate-Leave 156
Topology Change Notification Processing 157
MLD Snooping in Switch Stacks 157
How to Configure IPv6 MLD Snooping 158
Default MLD Snooping Configuration 158
MLD Snooping Configuration Guidelines 158
Enabling or Disabling MLD Snooping on the Switch (CLI) 159
Enabling or Disabling MLD Snooping on a VLAN (CLI) 160
Configuring a Static Multicast Group (CLI) 160
Configuring a Multicast Router Port (CLI) 162
Enabling MLD Immediate Leave (CLI) 162
Configuring MLD Snooping Queries (CLI) 163
Disabling MLD Listener Message Suppression (CLI) 165
Displaying MLD Snooping Information 165
Configuration Examples for Configuring MLD Snooping 167
Configuring a Static Multicast Group: Example 167
Configuring a Multicast Router Port: Example 167
Enabling MLD Immediate Leave: Example 167
Configuring MLD Snooping Queries: Example 167

CHAPTER 13 Configuring IPv6 Unicast Routing 169


Finding Feature Information 169
Information About Configuring IPv6 Unicast Routing 169
Understanding IPv6 169
IPv6 Addresses 170
Supported IPv6 Unicast Routing Features 170
128-Bit Wide Unicast Addresses 170
DNS for IPv6 171
Path MTU Discovery for IPv6 Unicast 171

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
x
Contents

ICMPv6 171
Neighbor Discovery 171
Default Router Preference 171
IPv6 Stateless Autoconfiguration and Duplicate Address Detection 172
IPv6 Applications 172
DHCP for IPv6 Address Assignment 172
Static Routes for IPv6 172
RIP for IPv6 173
OSPF for IPv6 173
Configuring HSRP for IPv6 173
EIGRP IPv6 173
EIGRPv6 Stub Routing 173
SNMP and Syslog Over IPv6 174
HTTP(S) Over IPv6 175
Unsupported IPv6 Unicast Routing Features 175
IPv6 Feature Limitations 175
IPv6 and Switch Stacks 175
Default IPv6 Configuration 176
Configuring IPv6 Addressing and Enabling IPv6 Routing (CLI) 177
Configuring IPv4 and IPv6 Protocol Stacks (CLI) 180
Configuring Default Router Preference (CLI) 183
Configuring IPv6 ICMP Rate Limiting (CLI) 184
Configuring CEF and dCEF for IPv6 185
Configuring Static Routing for IPv6 (CLI) 185
Configuring RIP for IPv6 (CLI) 187
Configuring OSPF for IPv6 (CLI) 189
Configuring EIGRP for IPv6 191
Configuring IPv6 Unicast Reverse Path Forwarding 192
Displaying IPv6 192
Configuring DHCP for IPv6 Address Assignment 193
Default DHCPv6 Address Assignment Configuration 193
DHCPv6 Address Assignment Configuration Guidelines 193
Enabling DHCPv6 Server Function (CLI) 194
Enabling DHCPv6 Client Function (CLI) 196
Configuration Examples for IPv6 Unicast Routing 197

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xi
Contents

Configuring IPv6 Addressing and Enabling IPv6 Routing: Example 197


Configuring Default Router Preference: Example 198
Configuring IPv4 and IPv6 Protocol Stacks: Example 198
Enabling DHCPv6 Server Function: Example 198
Enabling DHCPv6 Client Function: Example 199
Configuring IPv6 ICMP Rate Limiting: Example 199
Configuring Static Routing for IPv6: Example 199
Configuring RIP for IPv6: Example 199
Displaying IPv6: Example 199

CHAPTER 14 Implementing IPv6 Multicast 201


Finding Feature Information 201
Information About Implementing IPv6 Multicast Routing 201
IPv6 Multicast Overview 201
IPv6 Multicast Routing Implementation 202
IPv6 Multicast Listener Discovery Protocol 202
Multicast Queriers and Hosts 202
MLD Access Group 203
Explicit Tracking of Receivers 203
Protocol Independent Multicast 203
PIM-Sparse Mode 203
IPv6 BSR: Configure RP Mapping 204
PIM-Source Specific Multicast 204
Routable Address Hello Option 205
PIM IPv6 Stub Routing 205
Static Mroutes 206
MRIB 206
MFIB 206
MFIB 207
IPv6 Multicast Process Switching and Fast Switching 207
Multiprotocol BGP for the IPv6 Multicast Address Family 208
Implementing IPv6 Multicast 208
Enabling IPv6 Multicast Routing 208
Customizing and Verifying the MLD Protocol 209
Customizing and Verifying MLD on an Interface 209

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xii
Contents

Implementing MLD Group Limits 211


Implementing MLD Group Limits Globally 211
Implementing MLD Group Limits per Interface 212
Configuring Explicit Tracking of Receivers to Track Host Behavior 212
Resetting the MLD Traffic Counters 213
Clearing the MLD Interface Counters 213
Configuring PIM 214
Configuring PIM-SM and Displaying PIM-SM Information for a Group Range 214
Configuring PIM Options 215
Resetting the PIM Traffic Counters 217
Clearing the PIM Topology Table to Reset the MRIB Connection 217
Configuring PIM IPv6 Stub Routing 219
PIM IPv6 Stub Routing Configuration Guidelines 219
Default IPv6 PIM Routing Configuration 219
Enabling IPV6 PIM Stub Routing 220
Monitoring IPv6 PIM Stub Routing 222
Configuring a BSR 222
Configuring a BSR and Verifying BSR Information 222
Sending PIM RP Advertisements to the BSR 223
Configuring BSR for Use Within Scoped Zones 224
Configuring BSR Switches to Announce Scope-to-RP Mappings 225
Configuring SSM Mapping 225
Configuring Static Mroutes 226
Using MFIB in IPv6 Multicast 227
Verifying MFIB Operation in IPv6 Multicast 227
Resetting MFIB Traffic Counters 228

CHAPTER 15 Configuring IPv6 Client IP Address Learning 231


Prerequisites for IPv6 Client Address Learning 231
Information About IPv6 Client Address Learning 232
SLAAC Address Assignment 232
Stateful DHCPv6 Address Assignment 233
Static IP Address Assignment 234
Router Solicitation 235
Router Advertisement 235

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xiii
Contents

Neighbor Discovery 235


Neighbor Discovery Suppression 235
RA Guard 236
RA Throttling 237
Configuring IPv6 Unicast (CLI) 237
Configuring RA Guard Policy (CLI) 238
Applying RA Guard Policy (CLI) 239
Configuring RA Throttle Policy (CLI) 240
Applying RA Throttle Policy on VLAN (CLI) 241
Configuring IPv6 Snooping (CLI) 242
Configuring IPv6 ND Suppress Policy (CLI) 243
Configuring IPv6 Snooping on VLAN/PortChannel 244
Configuring IPv6 on Switch (CLI) 245
Configuring DHCP Pool (CLI) 246
Configuring Stateless Auto Address Configuration Without DHCP (CLI) 247
Configuring Stateless Auto Address Configuration With DHCP (CLI) 248
Configuring Stateful DHCP Locally (CLI) 249
Configuring Stateful DHCP Externally (CLI) 251
Monitoring IPv6 Clients (GUI) 253
Verifying IPv6 Address Learning Configuration 254
Additional References 255
Feature Information for IPv6 Client Address Learning 256

CHAPTER 16 Configuring IPv6 WLAN Security 257


Prerequisites for IPv6 WLAN Security 257
Restrictions for IPv6 WLAN Security 257
Information About IPv6 WLAN Security 258
How to Configure IPv6 WLAN Security 260
Configuring Local Authentication 260
Creating a Local User 260
Creating an Client VLAN and Interface 261
Configuring a EAP Profile 262
Creating a Local Authentication Model 265
Creating a Client WLAN 266
Configuring Local Authentication with WPA2+AES 268

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xiv
Contents

Creating Client VLAN for WPA2+AES 269


Creating WLAN for WPA2+AES 271
Configuring External RADIUS Server 272
Configuring RADIUS Authentication Server Host 272
Configuring RADIUS Authentication Server Group 273
Creating a Client VLAN 275
Creating 802.1x WLAN Using an External RADIUS Server 276
Additional References 278
Feature Information for IPv6 WLAN Security 279

CHAPTER 17 Configuring IPv6 ACL 281


Prerequisites for IPv6 ACL 281
Restrictions for IPv6 ACL 281
Information About IPv6 ACL 282
Understanding IPv6 ACLs 282
Types of ACL 283
Per User IPv6 ACL 283
Filter ID IPv6 ACL 283
Downloadable IPv6 ACL 283
IPv6 ACLs and Switch Stacks 284
Configuring IPv6 ACLs 284
Default IPv6 ACL Configuration 285
Interaction with Other Features and Switches 285
How To Configure an IPv6 ACL 285
Creating IPv6 ACL 285
Applying an IPv6 to an Interface 289
Creating WLAN IPv6 ACL 291
Verifying IPv6 ACL 291
Displaying IPv6 ACLs 291
Configuration Examples for IPv6 ACL 292
Example: Creating IPv6 ACL 292
Example: Applying IPv6 ACLs 292
Example: Displaying IPv6 ACLs 293
Example: Configuring RA Throttling and NS Suppression 293
Example: Configuring RA Guard Policy 295

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xv
Contents

Example: Configuring IPv6 Neighbor Binding 296


Additional References 297
Feature Information for IPv6 ACLs 298

CHAPTER 18 Configuring IPv6 Web Authentication 299


Prerequisites for IPv6 Web Authentication 299
Restrictions for IPv6 Web Authentication 299
Information About IPv6 Web Authentication 300
Web Authentication Process 300
How to Configure IPv6 Web Authentication 301
Disabling WPA 301
Enabling Security on the WLAN 302
Enabling a Parameter Map on the WLAN 303
Enabling Authentication List on WLAN 303
Configuring a Global WebAuth WLAN Parameter Map 304
Configuring the WLAN 305
Enabling IPv6 in Global Configuration Mode 306
Verifying IPv6 Web Authentication 307
Verifying the Parameter Map 307
Verifying Authentication List 307
Additional References 308
Feature Information for IPv6 Web Authentication 309

CHAPTER 19 Configuring IPv6 Client Mobility 311


Prerequisites for IPv6 Client Mobility 311
Restrictions For IPv6 Client Mobility 311
Information About IPv6 Client Mobility 312
Using Router Advertisment 312
RA Throttling and NS suppression 313
IPv6 Address Learning 314
Handling Multiple IP Addresses 314
IPv6 Configuration 314
High Availability 315
Verifying IPv6 Client Mobility 315
Monitoring IPv6 Client Mobility 316

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xvi
Contents

Additional References 316


Feature Information For IPv6 Client Mobility 317

CHAPTER 20 Configuring IPv6 Mobility 319


Pre-requisites for IPv6 Mobility 319
Information About IPv6 Mobility 319
Inter Controller Roaming 320
Intra Subnet Roaming with Sticky Anchoring, and Inter Subnet Roaming 320
How to Configure IPv6 Mobility 320
Monitoring IPv6 Mobility 320
Additional References 322
Feature Information for IPv6 Mobility 323

PART IV Layer 2/3 325

CHAPTER 21 Configuring Spanning Tree Protocol 327


Finding Feature Information 327
Restrictions for STP 327
Information About Spanning Tree Protocol 328
Spanning Tree Protocol 328
Spanning-Tree Topology and BPDUs 329
Bridge ID, Device Priority, and Extended System ID 331
Port Priority Versus Path Cost 332
Spanning-Tree Interface States 332
Blocking State 333
Listening State 334
Learning State 334
Forwarding State 334
Disabled State 334
How a Switch or Port Becomes the Root Switch or Root Port 335
Spanning Tree and Redundant Connectivity 335
Spanning-Tree Address Management 336
Accelerated Aging to Retain Connectivity 336
Spanning-Tree Modes and Protocols 337
Supported Spanning-Tree Instances 337

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xvii
Contents

Spanning-Tree Interoperability and Backward Compatibility 338


STP and IEEE 802.1Q Trunks 338
VLAN-Bridge Spanning Tree 338
Spanning Tree and Switch Stacks 339
Default Spanning-Tree Configuration 339
How to Configure Spanning-Tree Features 340
Changing the Spanning-Tree Mode (CLI) 340
Disabling Spanning Tree (CLI) 342
Configuring the Root Switch (CLI) 343
Configuring a Secondary Root Device (CLI) 344
Configuring Port Priority (CLI) 345
Configuring Path Cost (CLI) 347
Configuring the Device Priority of a VLAN (CLI) 348
Configuring the Hello Time (CLI) 350
Configuring the Forwarding-Delay Time for a VLAN (CLI) 350
Configuring the Maximum-Aging Time for a VLAN (CLI) 351
Configuring the Transmit Hold-Count (CLI) 352
Monitoring Spanning-Tree Status 353
Additional References for Spanning-Tree Protocol 354
Feature Information for STP 355

CHAPTER 22 Configuring Multiple Spanning-Tree Protocol 357


Finding Feature Information 357
Prerequisites for MSTP 357
Restrictions for MSTP 358
Information About MSTP 359
MSTP Configuration 359
MSTP Configuration Guidelines 359
Root Switch 360
Multiple Spanning-Tree Regions 361
IST, CIST, and CST 361
Operations Within an MST Region 362
Operations Between MST Regions 362
IEEE 802.1s Terminology 363
Illustration of MST Regions 364

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xviii
Contents

Hop Count 364


Boundary Ports 365
IEEE 802.1s Implementation 365
Port Role Naming Change 366
Interoperation Between Legacy and Standard Switches 366
Detecting Unidirectional Link Failure 367
MSTP and Switch Stacks 367
Interoperability with IEEE 802.1D STP 367
RSTP Overview 368
Port Roles and the Active Topology 368
Rapid Convergence 369
Synchronization of Port Roles 370
Bridge Protocol Data Unit Format and Processing 371
Processing Superior BPDU Information 372
Processing Inferior BPDU Information 372
Topology Changes 372
Protocol Migration Process 373
Default MSTP Configuration 373
How to Configure MSTP Features 374
Specifying the MST Region Configuration and Enabling MSTP (CLI) 374
Configuring the Root Switch (CLI) 377
Configuring a Secondary Root Switch (CLI) 378
Configuring Port Priority (CLI) 379
Configuring Path Cost (CLI) 381
Configuring the Switch Priority (CLI) 383
Configuring the Hello Time (CLI) 384
Configuring the Forwarding-Delay Time (CLI) 385
Configuring the Maximum-Aging Time (CLI) 386
Configuring the Maximum-Hop Count (CLI) 387
Specifying the Link Type to Ensure Rapid Transitions (CLI) 388
Designating the Neighbor Type (CLI) 390
Restarting the Protocol Migration Process (CLI) 391
Additional References for MSTP 392
Feature Information for MSTP 393

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xix
Contents

CHAPTER 23 Configuring Optional Spanning-Tree Features 395


Finding Feature Information 395
Restriction for Optional Spanning-Tree Features 395
Information About Optional Spanning-Tree Features 396
PortFast 396
BPDU Guard 396
BPDU Filtering 397
UplinkFast 398
Cross-Stack UplinkFast 399
How Cross-Stack UplinkFast Works 400
Events That Cause Fast Convergence 402
BackboneFast 402
EtherChannel Guard 405
Root Guard 405
Loop Guard 406
How to Configure Optional Spanning-Tree Features 406
Enabling PortFast (CLI) 406
Enabling BPDU Guard (CLI) 408
Enabling BPDU Filtering (CLI) 409
Enabling UplinkFast for Use with Redundant Links (CLI) 411
Disabling UplinkFast (CLI) 412
Enabling BackboneFast (CLI) 413
Enabling EtherChannel Guard (CLI) 415
Enabling Root Guard (CLI) 416
Enabling Loop Guard (CLI) 417
Monitoring the Spanning-Tree Status 418
Additional References for Optional Spanning Tree Features 419
Feature Information for Optional Spanning-Tree Features 420

CHAPTER 24 Configuring EtherChannels 421


Finding Feature Information 421
Restrictions for EtherChannels 421
Information About EtherChannels 422
EtherChannel Overview 422

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xx
Contents

EtherChannel Modes 423


EtherChannel on Switches 424
EtherChannel Link Failover 426
Channel Groups and Port-Channel Interfaces 426
Port Aggregation Protocol 428
PAgP Modes 428
Silent Mode 429
PAgP Learn Method and Priority 429
PAgP Interaction with Other Features 430
Link Aggregation Control Protocol 430
LACP Modes 431
LACP and Link Redundancy 431
LACP Interaction with Other Features 432
EtherChannel On Mode 432
Load-Balancing and Forwarding Methods 432
MAC Address Forwarding 433
IP Address Forwarding 433
Load-Balancing Advantages 434
EtherChannel and Switch Stacks 436
Switch Stack and PAgP 437
Switch Stacks and LACP 437
Default EtherChannel Configuration 437
EtherChannel Configuration Guidelines 438
Layer 2 EtherChannel Configuration Guidelines 440
Layer 3 EtherChannel Configuration Guidelines 441
Auto-LAG 441
Auto-LAG Configuration Guidelines 442
How to Configure EtherChannels 442
Configuring Layer 2 EtherChannels (CLI) 442
Configuring Layer 3 EtherChannels (CLI) 445
Configuring EtherChannel Load-Balancing (CLI) 447
Configuring EtherChannel Extended Load-Balancing (CLI) 448
Configuring the PAgP Learn Method and Priority (CLI) 449
Configuring LACP Hot-Standby Ports 451
Configuring the LACP Max Bundle Feature (CLI) 451

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxi
Contents

Configuring LACP Port-Channel Standalone Disable 452


Configuring the Port Channel Min-Links Feature (CLI) 453
Configuring the LACP System Priority (CLI) 454
Configuring the LACP Port Priority (CLI) 455
Configuring Auto-LAG Globally 457
Configuring Auto-LAG on a Port Interface 458
Configuring Persistence with Auto-LAG 459
Monitoring EtherChannel, PAgP, and LACP Status 460
Configuration Examples for Configuring EtherChannels 461
Configuring Layer 2 EtherChannels: Examples 461
Configuring Layer 3 EtherChannels: Examples 462
Configuring LACP Hot-Standby Ports: Example 463
Configuring Auto LAG: Examples 463
Additional References for EtherChannels 464
Feature Information for EtherChannels 465

CHAPTER 25 Configuring Flex Links and the MAC Address-Table Move Update Feature 467
Finding Feature Information 467
Restrictions for Configuring Flex Links and MAC Address-Table Move Update 467
Information About Flex Links and MAC Address-Table Move Update 468
Flex Links 468
Flex Links Configuration 469
VLAN Flex Links Load Balancing and Support 470
Multicast Fast Convergence with Flex Links Failover 470
Learning the Other Flex Links Port as the mrouter Port 471
Generating IGMP Reports 471
Leaking IGMP Reports 471
MAC Address-Table Move Update 471
Flex Links VLAN Load Balancing Configuration Guidelines 474
MAC Address-Table Move Update Configuration Guidelines 474
Default Flex Links and MAC Address-Table Move Update Configuration 474
How to Configure Flex Links and the MAC Address-Table Move Update Feature 475
Configuring Flex Links (CLI) 475
Configuring a Preemption Scheme for a Pair of Flex Links (CLI) 476
Configuring VLAN Load Balancing on Flex Links (CLI) 478

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxii
Contents

Configuring MAC Address-Table Move Update (CLI) 479


Configuring a Switch to Obtain and Process MAC Address-Table Move Update
Messages (CLI) 480
Monitoring Flex Links, Multicast Fast Convergence, and MAC Address-Table Move
Update 481
Configuration Examples for Flex Links 482
Configuring Flex Links: Examples 482
Configuring VLAN Load Balancing on Flex Links: Examples 482
Configuring the MAC Address-Table Move Update: Examples 484
Configuring Multicast Fast Convergence with Flex Links Failover: Examples 484
Additional References for Flex Links and MAC Address-Table Move Update 486
Feature Information for Flex Links and MAC Address-Table Move Update 488

CHAPTER 26 Configuring UniDirectional Link Detection 489


Finding Feature Information 489
Restrictions for Configuring UDLD 489
Information About UDLD 490
Modes of Operation 490
Normal Mode 490
Aggressive Mode 491
Methods to Detect Unidirectional Links 491
Neighbor Database Maintenance 491
Event-Driven Detection and Echoing 492
UDLD Reset Options 492
Default UDLD Configuration 493
How to Configure UDLD 493
Enabling UDLD Globally (CLI) 493
Enabling UDLD on an Interface (CLI) 494
Monitoring and Maintaining UDLD 496
Additional References for UDLD 496
Feature Information for UDLD 497

PART V Lightweight Access Point 499

CHAPTER 27 Configuring the Switch for Access Point Discovery 501

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxiii
Contents

Finding Feature Information 501


Prerequisites for Configuring the Switch for Access Point Discovery 501
Restrictions for Configuring the Switch for Access Point Discovery 502
Information About Configuring the Switch for Access Point Discovery 502
Access Point Communication Protocols 502
Viewing Access Point Join Information 503
Troubleshooting the Access Point Join Process 503
How to Configure Access Point Discovery 504
Configuring the Syslog Server for Access Points (GUI) 504
Configuring the Syslog Server for Access Points (CLI) 504
Monitoring Access Point Join Information (CLI) 505
Searching for Access Point Radios (GUI) 506
Monitoring the Interface Details (GUI) 506
Configuration Examples for Configuring the Switch for Access Point Discovery 506
Displaying the MAC Addresses of all Access Points: Example 506
DHCP Option 43 for Lightweight Cisco Aironet Access Points Configuration
Example 507
Configuring AP Pass Through 508
Information About AP Pass Through 508
Configuring AP Pass Through 508

CHAPTER 28 Configuring Data Encryption 511


Finding Feature Information 511
Prerequisites for Configuring Data Encryption 511
Restrictions for Configuring Data Encryption 511
Information About Data Encryption 512
How to Configure Data Encryption 512
Configuring Data Encryption (CLI) 512
Configuring Data Encryption (GUI) 513
Configuration Examples for Configuring Data Encryption 513
Displaying Data Encryption States for all Access Points: Examples 513

CHAPTER 29 Configuring Retransmission Interval and Retry Count 515


Finding Feature Information 515

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxiv
Contents

Prerequisites for Configuring the Access Point Retransmission Interval and Retry Count 515
Information About Retransmission Interval and Retry Count 516
How to Configure Access Point Retransmission Interval and Retry Count 516
Configuring the Access Point Retransmission Interval and Retry Count (CLI) 516
Configuring the Access Point Retransmission Interval and Retry Count (GUI) 517
Viewing CAPWAP Maximum Transmission Unit Information (CLI) 518
Viewing CAPWAP Maximum Transmission Unit Information (GUI) 518
Configuration Examples for Configuring Access Point Retransmission Interval and Retry
Count 519
Viewing the CAPWAP Retransmission Details: Example 519
Viewing Maximum Transmission Unit Information: Example 519

CHAPTER 30 Configuring Adaptive Wireless Intrusion Prevention System 521


Finding Feature Information 521
Prerequisites for Configuring wIPS 521
How to Configure wIPS on Access Points 522
Configuring wIPS on an Access Point (CLI) 522
Configuring wIPS on an Access Point (GUI) 523
Monitoring wIPS Information 524
Configuration Examples for Configuring wIPS on Access Points 525
Displaying the Monitor Configuration Channel Set: Example 525
Displaying wIPS Information: Examples 525

CHAPTER 31 Configuring Authentication for Access Points 527


Finding Feature Information 527
Prerequisites for Configuring Authentication for Access Points 527
Restrictions for Configuring Authentication for Access Points 528
Information about Configuring Authentication for Access Points 528
How to Configure Authentication for Access Points 529
Configuring Global Credentials for Access Points (CLI) 529
Configuring Global Credentials for Access Points (GUI) 530
Configuring Authentication for Access Points (CLI) 531
Configuring Authentication for Access Points (GUI) 533
Configuring the Switch for Authentication (CLI) 534
Configuration Examples for Configuring Authentication for Access Points 536

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxv
Contents

Displaying the Authentication Settings for Access Points: Examples 536

CHAPTER 32 Converting Autonomous Access Points to Lightweight Mode 537


Finding Feature Information 537
Prerequisites for Converting Autonomous Access Points to Lightweight Mode 537
Information About Autonomous Access Points Converted to Lightweight Mode 538
Reverting from Lightweight Mode to Autonomous Mode 538
Using DHCP Option 43 and DHCP Option 60 538
How Converted Access Points Send Crash Information to the Switch 539
Uploading Memory Core Dumps from Converted Access Points 539
Displaying MAC Addresses for Converted Access Points 539
Configuring a Static IP Address for a Lightweight Access Point 539
How to Convert a Lightweight Access Point Back to an Autonomous Access Point 540
Converting a Lightweight Access Point Back to an Autonomous Access Point
(CLI) 540
Converting a Lightweight Access Point Back to an Autonomous Access Point (Using
the Mode Button and a TFTP Server) 540
Authorizing Access Points (CLI) 541
Authorizing Access Points (GUI) 542
Disabling the Reset Button on Converted Access Points (CLI) 543
Monitoring the AP Crash Log Information 544
How to Configure a Static IP Address on an Access Point 545
Configuring a Static IP Address on an Access Point (CLI) 545
Configuring a Static IP Address on an Access Point (GUI) 546
Recovering the Access Point Using the TFTP Recovery Procedure 547
Configuration Examples for Converting Autonomous Access Points to Lightweight
Mode 547
Displaying the IP Address Configuration for Access Points: Example 547
Displaying Access Point Crash File Information: Example 548

CHAPTER 33 Using Cisco Workgroup Bridges 549


Finding Feature Information 549
Information About Cisco Workgroup Bridges and non-Cisco Workgroup bridges 549
Monitoring the Status of Workgroup Bridges 550
Debugging WGB Issues (CLI) 550

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxvi
Contents

Configuration Examples for Configuring Workgroup Bridges 552


WGB Configuration: Example 552

CHAPTER 34 Configuring Probe Request Forwarding 553


Finding Feature Information 553
Information About Configuring Probe Request Forwarding 553
How to Configure Probe Request Forwarding (CLI) 553

CHAPTER 35 Optimizing RFID Tracking 555


Finding Feature Information 555
Optimizing RFID Tracking on Access Points 555
How to Optimize RFID Tracking on Access Points 556
Optimizing RFID Tracking on Access Points (CLI) 556
Configuration Examples for Optimizing RFID Tracking 557
Displaying all the Access Points in Monitor Mode: Example 557

CHAPTER 36 Configuring Country Codes 559


Finding Feature Information 559
Prerequisites for Configuring Country Codes 559
Information About Configuring Country Codes 560
How to Configure Country Codes (CLI) 560
Configuration Examples for Configuring Country Codes 563
Displaying Channel List for Country Codes: Example 563

CHAPTER 37 Configuring Link Latency 565


Finding Feature Information 565
Prerequisites for Configuring Link Latency 565
Restrictions for Configuring Link Latency 566
Information About Configuring Link Latency 566
TCP MSS 566
Link Tests 566
How to Configure Link Latency 567
Configuring Link Latency (CLI) 567
Configuring Link Latency (GUI) 569
How to Configure TCP MSS 570

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxvii
Contents

Configuring TCP MSS (CLI) 570


Configuring TCP MSS (GUI) 570
Performing a Link Test (CLI) 571
Configuration Examples for Configuring Link Latency 572
Running a Link Test: Example 572
Displaying Link Latency Information: Example 572
Displaying TCP MSS Settings: Example 573

CHAPTER 38 Configuring Power over Ethernet 575


Finding Feature Information 575
Information About Configuring Power over Ethernet 575
How to Configure Power over Ethernet 576
Configuring Power over Ethernet (CLI) 576
Configuring Power over Ethernet (GUI) 577
Configuration Examples for Configuring Power over Ethernet 578
Displaying Power over Ethernet Information: Example 578

PART VI Mobility 579

CHAPTER 39 Information About Mobility 581


Overview 581
Wired and Wireless Mobility 582
Features of Mobility 582
Sticky Anchoring for Low Latency Roaming 584
Bridge Domain ID and L2/L3 Roaming 584
Link Down Behavior 584
Platform Specific Scale Requirement for the Mobility Controller 584

CHAPTER 40 Mobility Network Elements 587


Mobility Agent 587
Mobility Controller 588
Mobility Oracle 589
Guest Controller 589

CHAPTER 41 Mobility Control Protocols 591

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxviii
Contents

About Mobility Control Protocols 591


Initial Association and Roaming 591
Initial Association 592
Intra Switch Handoff 593
Intra Switch Peer Group Handoff 593
Inter Switch Peer Group Handoff 594
Inter Sub Domain Handoff 596
Inter Mobility Group Handoff 597

CHAPTER 42 Configuring Mobility 599


Configuring Mobility Controller 599
Configuring Converged Access Controllers 599
Creating Peer Groups, Peer Group Member, and Bridge Domain ID (CLI) 599
Creating Peer Groups, Peer Group Member, and Bridge Domain ID (GUI) 601
Configuring Local Mobility Group (CLI) 601
Configuring Local Mobility Group (GUI) 602
Adding a Peer Mobility Group (CLI) 603
Adding a Peer Mobility Group (GUI) 603
Configuring Optional Parameters for Roaming Behavior 604
Pointing the Mobility Controller to a Mobility Oracle (CLI) 604
Pointing the Mobility Controller to a Mobility Oracle (GUI) 605
Configuring Guest Controller 605
Configuring Guest Anchor 607
Configuring Mobility Agent 607
Configuring Mobility Agent by Pointing to Mobility Controller (CLI) 607
Configuring Mobility Agent by Pointing to Mobility Controller (GUI) 608
Configuring the Mobility Controller for the Mobility Agent (CLI) 609
Adding a Mobility Controller Role to the Mobility Agent 610
Configuring Optional Parameters on a Mobility Agent (CLI) 610

PART VII Network Management 611

CHAPTER 43 Configuring Cisco IOS Configuration Engine 613


Finding Feature Information 613
Prerequisites for Configuring the Configuration Engine 613

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxix
Contents

Restrictions for Configuring the Configuration Engine 614


Information About Configuring the Configuration Engine 614
Cisco Configuration Engine Software 614
Configuration Service 615
Event Service 616
NameSpace Mapper 616
Cisco Networking Services IDs and Device Hostnames 616
ConfigID 616
DeviceID 617
Hostname and DeviceID 617
Hostname, DeviceID, and ConfigID 617
Cisco IOS CNS Agents 618
Initial Configuration 618
Incremental (Partial) Configuration 619
Synchronized Configuration 619
Automated CNS Configuration 619
How to Configure the Configuration Engine 620
Enabling the CNS Event Agent 620
Enabling the Cisco IOS CNS Agent 622
Enabling an Initial Configuration for Cisco IOS CNS Agent 624
Refreshing DeviceIDs 629
Enabling a Partial Configuration for Cisco IOS CNS Agent 631
Monitoring CNS Configurations 633
Additional References 634
Feature History and Information for the Configuration Engine 635

CHAPTER 44 Configuring the Cisco Discovery Protocol 637


Finding Feature Information 637
Information About CDP 637
CDP Overview 637
CDP and Stacks 638
Default CDP Configuration 638
How to Configure CDP 638
Configuring CDP Characteristics 638
Disabling CDP 640

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxx
Contents

Enabling CDP 642


Disabling CDP on an Interface 643
Enabling CDP on an Interface 645
Monitoring and Maintaining CDP 647
Additional References 648
Feature History and Information for Cisco Discovery Protocol 649

CHAPTER 45 Configuring Simple Network Management Protocol 651


Finding Feature Information 651
Prerequisites for SNMP 651
Restrictions for SNMP 654
Information About SNMP 654
SNMP Overview 654
SNMP Manager Functions 654
SNMP Agent Functions 655
SNMP Community Strings 655
SNMP MIB Variables Access 655
SNMP Notifications 656
SNMP ifIndex MIB Object Values 656
Default SNMP Configuration 657
SNMP Configuration Guidelines 657
How to Configure SNMP 658
Disabling the SNMP Agent 658
Configuring Community Strings 660
Configuring SNMP Groups and Users 662
Configuring SNMP Notifications 665
Setting the Agent Contact and Location Information 670
Limiting TFTP Servers Used Through SNMP 671
Configuring Trap Flags for SNMP 673
Enabling SNMP Wireless Trap Notification 675
Monitoring SNMP Status 676
SNMP Examples 676
Additional References 677
Feature History and Information for Simple Network Management Protocol 678

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxxi
Contents

CHAPTER 46 Configuring Service Level Agreements 679


Finding Feature Information 679
Restrictions on SLAs 679
Information About SLAs 680
Cisco IOS IP Service Level Agreements (SLAs) 680
Network Performance Measurement with Cisco IOS IP SLAs 681
IP SLA Responder and IP SLA Control Protocol 682
Response Time Computation for IP SLAs 683
IP SLAs Operation Scheduling 684
IP SLA Operation Threshold Monitoring 684
UDP Jitter 685
How to Configure IP SLAs Operations 686
Default Configuration 686
Configuration Guidelines 686
Configuring the IP SLA Responder 687
Implementing IP SLA Network Performance Measurement 688
Analyzing IP Service Levels by Using the UDP Jitter Operation 692
Analyzing IP Service Levels by Using the ICMP Echo Operation 695
Monitoring IP SLA Operations 699
Monitoring IP SLA Operation Examples 700
Additional References 701
Feature History and Information for Service Level Agreements 702

CHAPTER 47 Configuring Local Policies 703


Finding Feature Information 703
Restrictions for Configuring Local Policies 703
Information About Configuring Local Policies 704
How to Configure Local Policies 705
Configuring Local Policies (CLI) 705
Creating a Service Template (CLI) 706
Creating an Interface Template (CLI) 707
Creating a Parameter Map (CLI) 707
Creating a Class Map (CLI) 709
Creating a Policy Map (CLI) 709

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxxii
Contents

Applying a Local Policy for a Device on a WLAN (CLI) 711


Configuring Local Policies (GUI) 712
Creating a Service Template (GUI) 712
Creating a Policy Map (GUI) 713
Applying Local Policies to WLAN (GUI) 714
Monitoring Local Policies 714
Examples: Local Policies Configuration 715
Additional References for Configuring Local Policies 717
Feature History for Performing Local Policies Configuration 718

CHAPTER 48 Configuring SPAN and RSPAN 719


Finding Feature Information 719
Prerequisites for SPAN and RSPAN 719
Restrictions for SPAN and RSPAN 720
Information About SPAN and RSPAN 721
SPAN and RSPAN 721
Local SPAN 722
Remote SPAN 723
SPAN and RSPAN Concepts and Terminology 724
SPAN Sessions 725
Monitored Traffic 726
Source Ports 727
Source VLANs 727
VLAN Filtering 727
Destination Port 728
RSPAN VLAN 729
SPAN and RSPAN Interaction with Other Features 729
SPAN and RSPAN and Device Stacks 730
Flow-Based SPAN 731
Default SPAN and RSPAN Configuration 731
Configuration Guidelines 732
SPAN Configuration Guidelines 732
RSPAN Configuration Guidelines 732
FSPAN and FRSPAN Configuration Guidelines 733
How to Configure SPAN and RSPAN 733

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxxiii
Contents

Creating a Local SPAN Session 733


Creating a Local SPAN Session and Configuring Incoming Traffic 736
Specifying VLANs to Filter 738
Configuring a VLAN as an RSPAN VLAN 740
Creating an RSPAN Source Session 742
Specifying VLANs to Filter 744
Creating an RSPAN Destination Session 746
Creating an RSPAN Destination Session and Configuring Incoming Traffic 748
Configuring an FSPAN Session 750
Configuring an FRSPAN Session 753
Monitoring SPAN and RSPAN Operations 756
SPAN and RSPAN Configuration Examples 756
Example: Configuring Local SPAN 756
Examples: Creating an RSPAN VLAN 758
Additional References 759
Feature History and Information for SPAN and RSPAN 760

CHAPTER 49 Configuring Wireshark 763


Finding Feature Information 763
Prerequisites for Wireshark 763
Restrictions for Wireshark 764
Information About Wireshark 765
Wireshark Overview 765
Capture Points 765
Attachment Points 766
Filters 767
Actions 767
Storage of Captured Packets to Buffer in Memory 768
Storage of Captured Packets to a .pcap File 768
Packet Decoding and Display 769
Packet Storage and Display 769
Wireshark Capture Point Activation and Deactivation 769
Wireshark Features 770
Guidelines for Wireshark 771
Default Wireshark Configuration 774

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxxiv
Contents

How to Configure Wireshark 775


Defining a Capture Point 775
Adding or Modifying Capture Point Parameters 780
Deleting Capture Point Parameters 782
Deleting a Capture Point 784
Activating and Deactivating a Capture Point 786
Clearing the Capture Point Buffer 787
Monitoring Wireshark 789
Configuration Examples for Wireshark 789
Example: Displaying a Brief Output from a .pcap File 789
Example: Displaying Detailed Output from a .pcap File 791
Example: Simple Capture and Display 793
Example: Simple Capture and Store 795
Example: Using Buffer Capture 796
Example: Capture Sessions 800
Example: Capture and Store in Lock-step Mode 801
Example: Simple Capture and Store of Packets in Egress Direction 802
Additional References 804
Feature History and Information for WireShark 805

PART VIII QoS 807

CHAPTER 50 Configuring QoS 809


Finding Feature Information 809
Prerequisites for QoS 810
QoS Components 810
QoS Terminology 811
Information About QoS 811
QoS Overview 811
Modular QoS Command-Line Interface 811
Wireless QoS Overview 812
QoS and IPv6 for Wireless 813
Wired and Wireless Access Supported Features 813
Supported QoS Features on Wireless Targets 815
Port Policies 817

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxxv
Contents

Port Policy Format 817


Radio Policies 819
SSID Policies 820
Client Policies 820
Hierarchical QoS 821
Hierarchical Wireless QoS 822
Wireless Packet Format 822
Hierarchical AFD 823
QoS Implementation 823
Layer 2 Frame Prioritization Bits 824
Layer 3 Packet Prioritization Bits 825
End-to-End QoS Solution Using Classification 825
Packet Classification 825
Classification Based on Information That is Propagated with the Packet 826
Classification Based on Layer 3 or Layer 4 Header 826
Classification Based on Layer 2 Header 827
Classification Based on Information that is Device Specific (QoS Groups) 827
Hierarchical Classification 827
QoS Wired Model 827
Ingress Port Activity 828
Egress Port Activity 828
Classification 828
Access Control Lists 829
Class Maps 829
Policy Maps 830
Policy Map on Physical Port 831
Policy Map on VLANs 831
Wireless QoS Multicast 831
Policing 832
Token-Bucket Algorithm 832
Marking 833
Packet Header Marking 833
Switch Specific Information Marking 833
Table Map Marking 833
Traffic Conditioning 835

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxxvi
Contents

Policing 835
Single-Rate Two-Color Policing 836
Dual-Rate Three-Color Policing 836
Shaping 837
Class-Based Traffic Shaping 837
Average Rate Shaping 837
Hierarchical Shaping 837
Queueing and Scheduling 838
Bandwidth 838
Bandwidth Percent 838
Bandwidth Remaining Ratio 838
Weighted Tail Drop 839
Weighted Tail Drop Default Values 839
Priority Queues 840
Queue Buffer 840
Queue Buffer Allocation 841
Dynamic Threshold and Scaling 841
Queuing in Wireless 842
Trust Behavior 843
Trust Behavior for Wired and Wireless Ports 843
Port Security on a Trusted Boundary for Cisco IP Phones 844
Wireless QoS Mobility 845
Inter-Switch Roaming 845
Intra-Switch Roaming 845
Precious Metal Policies for Wireless QoS 846
Standard QoS Default Settings 846
Default Wired QoS Configuration 846
DSCP Maps 846
Default CoS-to-DSCP Map 846
Default IP-Precedence-to-DSCP Map 847
Default DSCP-to-CoS Map 848
Default Wireless QoS Configuration 848
Guidelines for QoS Policies 848
Restrictions for QoS on Wired Targets 849
Restrictions for QoS on Wireless Targets 851

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxxvii
Contents

How to Configure QoS 854


Configuring Class, Policy, and Table Maps 854
Creating a Traffic Class (CLI) 854
Creating a Traffic Policy (CLI) 857
Configuring Client Policies (GUI) 862
Configuring Client Policies 864
Configuring Class-Based Packet Marking (CLI) 865
Configuring Class Maps for Voice and Video (CLI) 870
Attaching a Traffic Policy to an Interface (CLI) 871
Configuring SSID Policies (GUI) 873
Applying an SSID or Client Policy on a WLAN (CLI) 874
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps
(CLI) 875
Classifying, Policing, and Marking Traffic on SVIs by Using Policy Maps
(CLI) 879
Configuring Table Maps (CLI) 882
Configuring Trust 885
Configuring Trust Behavior for Wireless Traffic (CLI) 885
Configuring QoS Features and Functionality 886
Configuring Call Admission Control (CLI) 886
Configuring Bandwidth (CLI) 893
Configuring Police (CLI) 895
Configuring Priority (CLI) 898
Configuring Queues and Shaping 900
Configuring Egress Queue Characteristics 900
Configuring Queue Buffers (CLI) 900
Configuring Queue Limits (CLI) 903
Configuring Shaping (CLI) 905
Configuring Precious Metal Policies (CLI) 907
Configuring QoS Policies for Multicast Traffic (CLI) 908
Configuring Port Policies (GUI) 909
Applying or Changing Port Policies (GUI) 910
Applying a QoS Policy on a WLAN (GUI) 911
Monitoring QoS 912
Monitoring SSID and Client Policies Statistics (GUI) 915

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxxviii
Contents

Configuration Examples for QoS 916


Examples: Classification by Access Control Lists 916
Examples: Class of Service Layer 2 Classification 917
Examples: Class of Service DSCP Classification 917
Examples: VLAN ID Layer 2 Classification 917
Examples: Classification by DSCP or Precedence Values 917
Examples: Hierarchical Classification 918
Examples: Hierarchical Policy Configuration 918
Examples: Classification for Voice and Video 919
Examples: Wireless QoS Policy Classified by Voice, Video, and Multicast Traffic 920
Examples: Configuring Downstream SSID Policy 921
Examples: Ingress SSID Policies 922
Examples: Client Policies 922
Examples: Average Rate Shaping Configuration 925
Examples: Queue-limit Configuration 926
Examples: Queue Buffers Configuration 926
Examples: Policing Action Configuration 927
Examples: Policer VLAN Configuration 928
Examples: Policing Units 928
Examples: Single-Rate Two-Color Policing Configuration 929
Examples: Dual-Rate Three-Color Policing Configuration 929
Examples: Table Map Marking Configuration 929
Example: Table Map Configuration to Retain CoS Markings 930
Where to Go Next 931
Additional References for QoS 931
Feature History and Information for QoS 933

CHAPTER 51 Configuring Auto-QoS 935


Finding Feature Information 935
Prerequisites for Auto-QoS 935
Restrictions for Auto-QoS 936
Information About Configuring Auto-QoS 937
Auto-QoS Overview 937
Auto-QoS Compact Overview 937
Auto-QoS Global Configuration Templates 937

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xxxix
Contents

Auto-QoS Policy and Class Maps 937


Effects of Auto-QoS on Running Configuration 938
Effects of Auto-Qos Compact on Running Configuration 938
How to Configure Auto-QoS 939
Configuring Auto-QoS (CLI) 939
Upgrading Auto-QoS (CLI) 941
Enabling Auto-Qos Compact 943
Monitoring Auto-QoS 945
Troubleshooting Auto-QoS 945
Configuration Examples for Auto-QoS 945
Example: auto qos trust cos 945
Example: auto qos trust dscp 948
Example: auto qos video cts 950
Example: auto qos video ip-camera 953
Example: auto qos video media-player 955
Example: auto qos voip trust 957
Example: auto qos voip cisco-phone 960
Example: auto qos voip cisco-softphone 963
auto qos classify police 967
auto qos global compact 971
Where to Go Next for Auto-QoS 971
Additional References for Auto-QoS 972
Feature History and Information for Auto-QoS 973

PART IX Radio Resource Management 975

CHAPTER 52 Configuring Radio Resource Management 977


Finding Feature Information 977
Prerequisites for Configuring Radio Resource Management 977
Restrictions for Radio Resource Management 978
Information About Radio Resource Management 978
Radio Resource Monitoring 978
Information About RF Groups 979
RF Group Leader 979
RF Group Name 981

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xl
Contents

Mobility Controller 981


Mobility Agent 982
Information About Rogue Access Point Detection in RF Groups 982
Transmit Power Control 982
Overriding the TPC Algorithm with Minimum and Maximum Transmit Power
Settings 983
Dynamic Channel Assignment 983
Coverage Hole Detection and Correction 985
How to Configure RRM 985
Configuring Advanced RRM CCX Parameters (CLI) 985
Configuring Neighbor Discovery Type (CLI) 986
Configuring RRM Profile Thresholds, Monitoring Channels, and Monitoring Intervals
(GUI) 986
Configuring RF Groups 987
Configuring the RF Group Mode (GUI) 988
Configuring RF Group Selection Mode (CLI) 989
Configuring an RF Group Name (CLI) 989
Configuring an RF Group Name (GUI) 990
Configuring Members in a 802.11 Static RF Group (CLI) 990
Configuring Transmit Power Control 991
Configuring the Tx-Power Control Threshold (CLI) 991
Configuring the Tx-Power Level (CLI) 992
Configuring Transmit Power Control (GUI) 993
Configuring 802.11 RRM Parameters 994
Configuring Advanced 802.11 Channel Assignment Parameters (CLI) 994
Configuring Dynamic Channel Assignment (GUI) 996
Configuring 802.11 Coverage Hole Detection (CLI) 999
Configuring Coverage Hole Detection (GUI) 1001
Configuring 802.11 Event Logging (CLI) 1002
Configuring 802.11 Statistics Monitoring (CLI) 1003
Configuring the 802.11 Performance Profile (CLI) 1004
Configuring Rogue Access Point Detection in RF Groups 1005
Configuring Rogue Access Point Detection in RF Groups (CLI) 1005
Enabling Rogue Access Point Detection in RF Groups (GUI) 1007
Monitoring RRM Parameters and RF Group Status 1007

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xli
Contents

Monitoring RRM Parameters 1007


Monitoring RF Group Status (CLI) 1009
Monitoring RF Group Status (GUI) 1009
Examples: RF Group Configuration 1010
Information About ED-RRM 1010
Configuring ED-RRM on the Cisco Wireless LAN Controller (CLI) 1010
Configuring ED-RRM (GUI) 1011
Additional References for Radio Resource Management 1011
Feature History and Information For Performing Radio Resource Management
Configuration 1012

PART X Routing 1013

CHAPTER 53 Configuring MSDP 1015


Finding Feature Information 1015
Information About Configuring MSDP 1015
MSDP Overview 1016
MSDP Operation 1016
MSDP Benefits 1017
How to Configure MSDP 1018
Default MSDP Configuration 1018
Configuring a Default MSDP Peer 1018
Caching Source-Active State 1019
Requesting Source Information from an MSDP Peer 1021
Controlling Source Information that Your Switch Originates 1022
Redistributing Sources 1022
Filtering Source-Active Request Messages 1024
Controlling Source Information that Your Switch Forwards 1026
Using a Filter 1026
Using TTL to Limit the Multicast Data Sent in SA Messages 1028
Controlling Source Information that Your Switch Receives 1029
Configuring an MSDP Mesh Group 1031
Shutting Down an MSDP Peer 1033
Including a Bordering PIM Dense-Mode Region in MSDP 1034
Configuring an Originating Address other than the RP Address 1035

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xlii
Contents

Monitoring and Maintaining MSDP 1036


Configuration Examples for Configuring MSDP 1037
Configuring a Default MSDP Peer: Example 1037
Caching Source-Active State: Example 1038
Requesting Source Information from an MSDP Peer: Example 1038
Controlling Source Information that Your Switch Originates: Example 1038
Controlling Source Information that Your Switch Forwards: Example 1038
Controlling Source Information that Your Switch Receives: Example 1038

CHAPTER 54 Configuring IP Unicast Routing 1041


Finding Feature Information 1042
Information About Configuring IP Unicast Routing 1042
Information About IP Routing 1042
Types of Routing 1043
IP Routing and Switch Stacks 1044
Classless Routing 1045
Address Resolution 1047
Proxy ARP 1047
ICMP Router Discovery Protocol 1047
UDP Broadcast Packets and Protocols 1048
Broadcast Packet Handling 1048
IP Broadcast Flooding 1049
How to Configure IP Routing 1049
How to Configure IP Addressing 1050
Default IP Addressing Configuration 1051
Assigning IP Addresses to Network Interfaces 1052
Using Subnet Zero 1053
Disabling Classless Routing 1054
Configuring Address Resolution Methods 1055
Defining a Static ARP Cache 1055
Setting ARP Encapsulation 1057
Enabling Proxy ARP 1058
Routing Assistance When IP Routing is Disabled 1059
Proxy ARP 1060
Default Gateway 1060

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xliii
Contents

ICMP Router Discovery Protocol (IRDP) 1061


Configuring Broadcast Packet Handling 1063
Enabling Directed Broadcast-to-Physical Broadcast Translation 1063
Forwarding UDP Broadcast Packets and Protocols 1065
Establishing an IP Broadcast Address 1066
Flooding IP Broadcasts 1067
Monitoring and Maintaining IP Addressing 1069
How to Configure IP Unicast Routing 1070
Enabling IP Unicast Routing 1070
Example of Enabling IP Routing 1071
What to Do Next 1071
Information About RIP 1071
Summary Addresses and Split Horizon 1072
How to Configure RIP 1072
Default RIP Configuration 1072
Configuring Basic RIP Parameters 1073
Configuring RIP Authentication 1075
Configuring Summary Addresses and Split Horizon 1077
Configuring Split Horizon 1078
Configuration Example for Summary Addresses and Split Horizon 1079
Information About OSPF 1080
OSPF Nonstop Forwarding 1080
OSPF NSF Awareness 1081
OSPF NSF Capability 1081
OSPF Area Parameters 1081
Other OSPF Parameters 1082
LSA Group Pacing 1082
Loopback Interfaces 1083
How to Configure OSPF 1083
Default OSPF Configuration 1083
Configuring Basic OSPF Parameters 1085
Configuring OSPF Interfaces 1086
Configuring OSPF Area Parameters 1088
Configuring Other OSPF Parameters 1090
Changing LSA Group Pacing 1093

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xliv
Contents

Configuring a Loopback Interface 1094


Monitoring OSPF 1094
Configuration Examples for OSPF 1095
Example: Configuring Basic OSPF Parameters 1095
Information About EIGRP 1095
EIGRP Features 1096
EIGRP Components 1096
EIGRP Nonstop Forwarding 1097
EIGRP NSF Awareness 1097
EIGRP NSF Capability 1097
EIGRP Stub Routing 1098
How to Configure EIGRP 1099
Default EIGRP Configuration 1099
Configuring Basic EIGRP Parameters 1101
Configuring EIGRP Interfaces 1102
Configuring EIGRP Route Authentication 1104
Monitoring and Maintaining EIGRP 1106
Information About BGP 1107
BGP Network Topology 1107
Nonstop Forwarding Awareness 1108
Information About BGP Routing 1108
Routing Policy Changes 1109
BGP Decision Attributes 1110
Route Maps 1111
BGP Filtering 1111
Prefix List for BGP Filtering 1111
BGP Community Filtering 1112
BGP Neighbors and Peer Groups 1112
Aggregate Routes 1112
Routing Domain Confederations 1113
BGP Route Reflectors 1113
Route Dampening 1113
More BGP Information 1114
How to Configure BGP 1114
Default BGP Configuration 1114

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xlv
Contents

Enabling BGP Routing 1117


Managing Routing Policy Changes 1119
Configuring BGP Decision Attributes 1120
Configuring BGP Filtering with Route Maps 1122
Configuring BGP Filtering by Neighbor 1123
Configuring BGP Filtering by Access Lists and Neighbors 1124
Configuring Prefix Lists for BGP Filtering 1125
Configuring BGP Community Filtering 1126
Configuring BGP Neighbors and Peer Groups 1128
Configuring Aggregate Addresses in a Routing Table 1131
Configuring Routing Domain Confederations 1132
Configuring BGP Route Reflectors 1134
Configuring Route Dampening 1135
Monitoring and Maintaining BGP 1136
Configuration Examples for BGP 1138
Example: Configuring BGP on Routers 1138
Information About ISO CLNS Routing 1139
Connectionless Routing 1139
IS-IS Dynamic Routing 1139
Nonstop Forwarding Awareness 1140
IS-IS Global Parameters 1140
IS-IS Interface Parameters 1141
How to Configure ISO CLNS Routing 1142
Default IS-IS Configuration 1142
Enabling IS-IS Routing 1143
Configuring IS-IS Global Parameters 1145
Configuring IS-IS Interface Parameters 1148
Monitoring and Maintaining ISO IGRP and IS-IS 1151
Configuration Examples for ISO CLNS Routing 1153
Example: Configuring IS-IS Routing 1153
Information About Multi-VRF CE 1153
Understanding Multi-VRF CE 1154
Network Topology 1154
Packet-Forwarding Process 1155
Network Components 1156

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xlvi
Contents

VRF-Aware Services 1156


How to Configure Multi-VRF CE 1156
Default Multi-VRF CE Configuration 1156
Multi-VRF CE Configuration Guidelines 1157
Configuring VRFs 1158
Configuring VRF-Aware Services 1159
Configuring VRF-Aware Services for ARP 1160
Configuring VRF-Aware Services for Ping 1160
Configuring VRF-Aware Services for SNMP 1160
Configuring VRF-Aware Servcies for uRPF 1162
Configuring VRF-Aware RADIUS 1163
Configuring VRF-Aware Services for Syslog 1163
Configuring VRF-Aware Services for Traceroute 1164
Configuring VRF-Aware Services for FTP and TFTP 1164
Configuring Multicast VRFs 1165
Configuring a VPN Routing Session 1167
Configuring BGP PE to CE Routing Sessions 1169
Monitoring Multi-VRF CE 1170
Configuration Examples for Multi-VRF CE 1170
Multi-VRF CE Configuration Example 1170
Configuring Unicast Reverse Path Forwarding 1174
Protocol-Independent Features 1174
Distributed Cisco Express Forwarding 1174
Information About Cisco Express Forwarding 1174
How to Configure Cisco Express Forwarding 1175
Number of Equal-Cost Routing Paths 1177
Information About Equal-Cost Routing Paths 1177
How to Configure Equal-Cost Routing Paths 1178
Static Unicast Routes 1178
Information About Static Unicast Routes 1178
Configuring Static Unicast Routes 1179
Default Routes and Networks 1181
Information About Default Routes and Networks 1181
How to Configure Default Routes and Networks 1181
Route Maps to Redistribute Routing Information 1182

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xlvii
Contents

Information About Route Maps 1182


How to Configure a Route Map 1182
How to Control Route Distribution 1186
Policy-Based Routing 1188
Information About Policy-Based Routing 1188
How to Configure PBR 1189
Filtering Routing Information 1192
Setting Passive Interfaces 1192
Controlling Advertising and Processing in Routing Updates 1194
Filtering Sources of Routing Information 1195
Managing Authentication Keys 1196
Prerequisites 1196
How to Configure Authentication Keys 1196
Monitoring and Maintaining the IP Network 1197

PART XI Security 1199

CHAPTER 55 Preventing Unauthorized Access 1201


Finding Feature Information 1201
Preventing Unauthorized Access 1201

CHAPTER 56 Controlling Switch Access with Passwords and Privilege Levels 1203
Finding Feature Information 1203
Restrictions for Controlling Switch Access with Passwords and Privileges 1203
Information About Passwords and Privilege Levels 1204
Default Password and Privilege Level Configuration 1204
Additional Password Security 1204
Password Recovery 1205
Terminal Line Telnet Configuration 1205
Username and Password Pairs 1205
Privilege Levels 1205
How to Control Switch Access with Passwords and Privilege Levels 1206
Setting or Changing a Static Enable Password 1206
Protecting Enable and Enable Secret Passwords with Encryption 1208
Disabling Password Recovery 1210

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xlviii
Contents

Setting a Telnet Password for a Terminal Line 1211


Configuring Username and Password Pairs 1213
Setting the Privilege Level for a Command 1215
Changing the Default Privilege Level for Lines 1217
Logging into and Exiting a Privilege Level 1218
Monitoring Switch Access 1219
Configuration Examples for Setting Passwords and Privilege Levels 1219
Example: Setting or Changing a Static Enable Password 1219
Example: Protecting Enable and Enable Secret Passwords with Encryption 1219
Example: Setting a Telnet Password for a Terminal Line 1220
Example: Setting the Privilege Level for a Command 1220
Additional References 1220

CHAPTER 57 Configuring TACACS+ 1223


Finding Feature Information 1223
Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control
System Plus (TACACS+) 1223
Information About TACACS+ 1225
TACACS+ and Switch Access 1225
TACACS+ Overview 1225
TACACS+ Operation 1227
Method List 1228
TACACS+ Configuration Options 1228
TACACS+ Login Authentication 1228
TACACS+ Authorization for Privileged EXEC Access and Network Services 1228
TACACS+ Accounting 1229
Default TACACS+ Configuration 1229
How to Configure TACACS+ 1229
Identifying the TACACS+ Server Host and Setting the Authentication Key 1229
Configuring TACACS+ Login Authentication 1231
Configuring TACACS+ Authorization for Privileged EXEC Access and Network
Services 1234
Starting TACACS+ Accounting 1236
Establishing a Session with a Router if the AAA Server is Unreachable 1237
Monitoring TACACS+ 1238

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xlix
Contents

Additional References 1238

CHAPTER 58 Configuring RADIUS 1241


Finding Feature Information 1241
Prerequisites for Controlling Switch Access with RADIUS 1241
Restrictions for Controlling Switch Access with RADIUS 1242
Information about RADIUS 1243
RADIUS and Switch Access 1243
RADIUS Overview 1243
RADIUS Operation 1244
RADIUS Change of Authorization 1245
Change-of-Authorization Requests 1245
RFC 5176 Compliance 1246
CoA Request Response Code 1247
Session Identification 1247
CoA ACK Response Code 1248
CoA NAK Response Code 1248
CoA Request Commands 1248
Session Reauthentication 1248
Session Reauthentication in a Switch Stack 1249
Session Termination 1249
CoA Disconnect-Request 1249
CoA Request: Disable Host Port 1249
CoA Request: Bounce-Port 1250
Stacking Guidelines for Session Termination 1250
Stacking Guidelines for CoA-Request Bounce-Port 1250
Stacking Guidelines for CoA-Request Disable-Port 1251
Default RADIUS Configuration 1251
RADIUS Server Host 1251
RADIUS Login Authentication 1252
AAA Server Groups 1252
AAA Authorization 1253
RADIUS Accounting 1253
Vendor-Specific RADIUS Attributes 1253
Vendor-Proprietary RADIUS Server Communication 1254

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
l
Contents

How to Configure RADIUS 1254


Identifying the RADIUS Server Host 1254
Configuring RADIUS Login Authentication 1256
Defining AAA Server Groups 1259
Configuring RADIUS Authorization for User Privileged Access and Network Services 1261
Starting RADIUS Accounting 1263
Configuring Settings for All RADIUS Servers 1265
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 1266
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 1268
Configuring CoA on the Switch 1270
Monitoring CoA Functionality 1272
Configuration Examples for Controlling Switch Access with RADIUS 1273
Examples: Identifying the RADIUS Server Host 1273
Example: Using Two Different RADIUS Group Servers 1273
Examples: Configuring the Switch to Use Vendor-Specific RADIUS Attributes 1274
Example: Configuring the Switch for Vendor-Proprietary RADIUS Server
Communication 1274
Additional References 1274

CHAPTER 59 Configuring Kerberos 1277


Finding Feature Information 1277
Prerequisites for Controlling Switch Access with Kerberos 1277
Information about Kerberos 1278
Kerberos and Switch Access 1278
Kerberos Overview 1278
Kerberos Operation 1281
Authenticating to a Boundary Switch 1281
Obtaining a TGT from a KDC 1281
Authenticating to Network Services 1281
How to Configure Kerberos 1282
Monitoring the Kerberos Configuration 1282
Additional References 1282

CHAPTER 60 Configuring Local Authentication and Authorization 1285


Finding Feature Information 1285

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
li
Contents

How to Configure Local Authentication and Authorization 1285


Configuring the Switch for Local Authentication and Authorization 1285
Monitoring Local Authentication and Authorization 1288
Additional References 1288

CHAPTER 61 Configuring Secure Shell (SSH) 1291


Finding Feature Information 1291
Prerequisites for Configuring the Switch for Secure Shell (SSH) and Secure Copy Protocol
(SCP) 1291
Restrictions for Configuring the Switch for SSH 1292
Information about SSH 1292
SSH and Switch Access 1292
SSH Servers, Integrated Clients, and Supported Versions 1293
SSH Configuration Guidelines 1293
Secure Copy Protocol Overview 1294
Secure Copy Protocol 1294
How to Configure SSH 1294
Setting Up the Switch to Run SSH 1294
Configuring the SSH Server 1296
Monitoring the SSH Configuration and Status 1298
Additional References 1299

CHAPTER 62 Configuring Secure Socket Layer HTTP 1301


Finding Feature Information 1301
Information about Secure Sockets Layer (SSL) HTTP 1301
Secure HTTP Servers and Clients Overview 1301
Certificate Authority Trustpoints 1302
CipherSuites 1303
Default SSL Configuration 1304
SSL Configuration Guidelines 1304
How to Configure Secure HTTP Servers and Clients 1304
Configuring a CA Trustpoint 1304
Configuring the Secure HTTP Server 1307
Configuring the Secure HTTP Client 1310
Monitoring Secure HTTP Server and Client Status 1311

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lii
Contents

Additional References 1312

CHAPTER 63 Configuring IPv4 ACLs 1315


Finding Feature Information 1315
Prerequisites for Configuring Network Security with ACLs 1315
Restrictions for Configuring Network Security with ACLs 1316
Information about Network Security with ACLs 1317
ACL Overview 1317
Access Control Entries 1317
ACL Supported Types 1317
Supported ACLs 1318
ACL Precedence 1318
Port ACLs 1318
Router ACLs 1320
VLAN Maps 1320
ACEs and Fragmented and Unfragmented Traffic 1321
Example: ACEs and Fragmented and Unfragmented Traffic 1321
ACLs and Switch Stacks 1322
Active Switch and ACL Functions 1322
Stack Member and ACL Functions 1322
Active Switch Failure and ACLs 1322
Standard and Extended IPv4 ACLs 1322
IPv4 ACL Switch Unsupported Features 1323
Access List Numbers 1323
Numbered Standard IPv4 ACLs 1324
Numbered Extended IPv4 ACLs 1324
Named IPv4 ACLs 1325
ACL Logging 1325
Hardware and Software Treatment of IP ACLs 1326
VLAN Map Configuration Guidelines 1326
VLAN Maps with Router ACLs 1327
VLAN Maps and Router ACL Configuration Guidelines 1327
VACL Logging 1328
Time Ranges for ACLs 1328
IPv4 ACL Interface Considerations 1329

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
liii
Contents

How to Configure ACLs 1329


Configuring IPv4 ACLs 1329
Creating a Numbered Standard ACL 1330
Creating a Numbered Extended ACL 1331
Creating Named Standard ACLs 1335
Creating Extended Named ACLs 1336
Configuring Time Ranges for ACLs 1338
Applying an IPv4 ACL to a Terminal Line 1340
Applying an IPv4 ACL to an Interface 1342
Creating Named MAC Extended ACLs 1343
Applying a MAC ACL to a Layer 2 Interface 1345
Configuring VLAN Maps 1347
Creating a VLAN Map 1349
Applying a VLAN Map to a VLAN 1351
Monitoring IPv4 ACLs 1352
Configuration Examples for ACLs 1353
Examples: Using Time Ranges with ACLs 1353
Examples: Including Comments in ACLs 1354
IPv4 ACL Configuration Examples 1354
ACLs in a Small Networked Office 1355
Examples: ACLs in a Small Networked Office 1355
Example: Numbered ACLs 1356
Examples: Extended ACLs 1356
Examples: Named ACLs 1357
Examples: Time Range Applied to an IP ACL 1358
Examples: Commented IP ACL Entries 1358
Examples: ACL Logging 1358
Configuration Examples for ACLs and VLAN Maps 1360
Example: Creating an ACL and a VLAN Map to Deny a Packet 1360
Example: Creating an ACL and a VLAN Map to Permit a Packet 1360
Example: Default Action of Dropping IP Packets and Forwarding MAC
Packets 1360
Example: Default Action of Dropping MAC Packets and Forwarding IP
Packets 1361
Example: Default Action of Dropping All Packets 1361

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
liv
Contents

Configuration Examples for Using VLAN Maps in Your Network 1362


Example: Wiring Closet Configuration 1362
Example: Restricting Access to a Server on Another VLAN 1363
Example: Denying Access to a Server on Another VLAN 1363
Configuration Examples of Router ACLs and VLAN Maps Applied to VLANs 1364
Example: ACLs and Switched Packets 1364
Example: ACLs and Bridged Packets 1364
Example: ACLs and Routed Packets 1365
Example: ACLs and Multicast Packets 1366
Additional References 1366

CHAPTER 64 Configuring IPv6 ACLs 1369


Finding Feature Information 1369
IPv6 ACLs Overview 1369
Switch Stacks and IPv6 ACLs 1370
Interactions with Other Features and Switches 1370
Restrictions for IPv6 ACLs 1370
Default Configuration for IPv6 ACLs 1371
Configuring IPv6 ACLs 1371
Attaching an IPv6 ACL to an Interface 1375
Monitoring IPv6 ACLs 1377
Additional References 1377

CHAPTER 65 Configuring DHCP 1379


Finding Feature Information 1379
Information About DHCP 1379
DHCP Server 1379
DHCP Relay Agent 1379
DHCP Snooping 1380
Option-82 Data Insertion 1381
Cisco IOS DHCP Server Database 1384
DHCP Snooping Binding Database 1384
DHCP Snooping and Switch Stacks 1386
How to Configure DHCP Features 1386
Default DHCP Snooping Configuration 1386

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lv
Contents

DHCP Snooping Configuration Guidelines 1387


Configuring the DHCP Server 1387
DHCP Server and Switch Stacks 1387
Configuring the DHCP Relay Agent 1387
Specifying the Packet Forwarding Address 1389
Prerequisites for Configuring DHCP Snooping and Option 82 1391
Enabling DHCP Snooping and Option 82 1392
Enabling the Cisco IOS DHCP Server Database 1396
Monitoring DHCP Snooping Information 1396
Configuring DHCP Server Port-Based Address Allocation 1396
Information About Configuring DHCP Server Port-Based Address Allocation 1396
Default Port-Based Address Allocation Configuration 1397
Port-Based Address Allocation Configuration Guidelines 1397
Enabling the DHCP Snooping Binding Database Agent 1397
Enabling DHCP Server Port-Based Address Allocation 1399
Monitoring DHCP Server Port-Based Address Allocation 1401
Additional References 1401

CHAPTER 66 Configuring IP Source Guard 1403


Finding Feature Information 1403
Information About IP Source Guard 1403
IP Source Guard 1403
IP Source Guard for Static Hosts 1404
IP Source Guard Configuration Guidelines 1405
How to Configure IP Source Guard 1406
Enabling IP Source Guard 1406
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port 1407
Monitoring IP Source Guard 1409
Additional References 1410

CHAPTER 67 Configuring Dynamic ARP Inspection 1411


Finding Feature Information 1411
Restrictions for Dynamic ARP Inspection 1411
Understanding Dynamic ARP Inspection 1413
Interface Trust States and Network Security 1414

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lvi
Contents

Rate Limiting of ARP Packets 1415


Relative Priority of ARP ACLs and DHCP Snooping Entries 1416
Logging of Dropped Packets 1416
Default Dynamic ARP Inspection Configuration 1416
Relative Priority of ARP ACLs and DHCP Snooping Entries 1417
Configuring ARP ACLs for Non-DHCP Environments 1417
Configuring Dynamic ARP Inspection in DHCP Environments 1420
Limiting the Rate of Incoming ARP Packets 1423
Performing Dynamic ARP Inspection Validation Checks 1425
Monitoring DAI 1427
Verifying the DAI Configuration 1428
Additional References 1428

CHAPTER 68 Configuring IEEE 802.1x Port-Based Authentication 1431


Finding Feature Information 1431
Information About 802.1x Port-Based Authentication 1431
Port-Based Authentication Process 1432
Port-Based Authentication Initiation and Message Exchange 1434
Authentication Manager for Port-Based Authentication 1436
Port-Based Authentication Methods 1436
Per-User ACLs and Filter-Ids 1437
Port-Based Authentication Manager CLI Commands 1438
Ports in Authorized and Unauthorized States 1439
Port-Based Authentication and Switch Stacks 1440
802.1x Host Mode 1441
802.1x Multiple Authentication Mode 1441
Multi-auth Per User VLAN assignment 1442
Limitation in Multi-auth Per User VLAN assignment 1443
MAC Move 1443
MAC Replace 1444
802.1x Accounting 1444
802.1x Accounting Attribute-Value Pairs 1445
802.1x Readiness Check 1446
Switch-to-RADIUS-Server Communication 1446
802.1x Authentication with VLAN Assignment 1446

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lvii
Contents

802.1x Authentication with Per-User ACLs 1448


802.1x Authentication with Downloadable ACLs and Redirect URLs 1449
Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL 1451
Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs 1451
VLAN ID-based MAC Authentication 1451
802.1x Authentication with Guest VLAN 1452
802.1x Authentication with Restricted VLAN 1453
802.1x Authentication with Inaccessible Authentication Bypass 1454
Inaccessible Authentication Bypass Support on Multiple-Authentication Ports 1454
Inaccessible Authentication Bypass Authentication Results 1454
Inaccessible Authentication Bypass Feature Interactions 1455
802.1x Critical Voice VLAN 1456
802.1x User Distribution 1456
802.1x User Distribution Configuration Guidelines 1457
IEEE 802.1x Authentication with Voice VLAN Ports 1457
IEEE 802.1x Authentication with Port Security 1458
IEEE 802.1x Authentication with Wake-on-LAN 1458
IEEE 802.1x Authentication with MAC Authentication Bypass 1458
Network Admission Control Layer 2 IEEE 802.1x Validation 1459
Flexible Authentication Ordering 1460
Open1x Authentication 1460
Multidomain Authentication 1461
Limiting Login for Users 1462
802.1x Supplicant and Authenticator Switches with Network Edge Access Topology
(NEAT) 1462
Voice Aware 802.1x Security 1464
Common Session ID 1464
How to Configure 802.1x Port-Based Authentication 1465
Default 802.1x Authentication Configuration 1465
802.1x Authentication Configuration Guidelines 1466
802.1x Authentication 1466
VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible
Authentication Bypass 1467
MAC Authentication Bypass 1468
Maximum Number of Allowed Devices Per Port 1468

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lviii
Contents

Configuring 802.1x Readiness Check 1469


Configuring Voice Aware 802.1x Security 1471
Configuring 802.1x Violation Modes 1472
Configuring 802.1x Authentication 1474
Configuring 802.1x Port-Based Authentication 1475
Configuring the Switch-to-RADIUS-Server Communication 1478
Configuring the Host Mode 1479
Configuring Periodic Re-Authentication 1481
Changing the Quiet Period 1482
Changing the Switch-to-Client Retransmission Time 1483
Setting the Switch-to-Client Frame-Retransmission Number 1485
Setting the Re-Authentication Number 1486
Enabling MAC Move 1487
Enabling MAC Replace 1488
Configuring 802.1x Accounting 1490
Configuring a Guest VLAN 1491
Configuring a Restricted VLAN 1493
Configuring Number of Authentication Attempts on a Restricted VLAN 1494
Configuring 802.1x Inaccessible Authentication Bypass with Critical Voice VLAN 1496
Example of Configuring Inaccessible Authentication Bypass 1499
Configuring 802.1x Authentication with WoL 1500
Configuring MAC Authentication Bypass 1501
Configuring 802.1x User Distribution 1502
Example of Configuring VLAN Groups 1503
Configuring NAC Layer 2 802.1x Validation 1504
Configuring Limiting Login for Users 1506
Configuring an Authenticator Switch with NEAT 1507
Configuring a Supplicant Switch with NEAT 1509
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs 1512
Configuring Downloadable ACLs 1512
Configuring a Downloadable Policy 1514
Configuring VLAN ID-based MAC Authentication 1517
Configuring Flexible Authentication Ordering 1517
Configuring Open1x 1519
Disabling 802.1x Authentication on the Port 1521

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lix
Contents

Resetting the 802.1x Authentication Configuration to the Default Values 1522


Monitoring 802.1x Statistics and Status 1523
Additional References 1524

CHAPTER 69 Configuring Web-Based Authentication 1527


Finding Feature Information 1527
Information About Web-Based Authentication 1527
Device Roles 1528
Host Detection 1528
Session Creation 1529
Authentication Process 1529
Local Web Authentication Banner 1530
Web Authentication Customizable Web Pages 1532
Guidelines 1532
Authentication Proxy Web Page Guidelines 1534
Redirection URL for Successful Login Guidelines 1535
Custom Web Authentication Guidelines 1535
Web-based Authentication Interactions with Other Features 1535
Port Security 1535
LAN Port IP 1536
Gateway IP 1536
ACLs 1536
Context-Based Access Control 1536
EtherChannel 1536
How to Configure Web-Based Authentication 1536
Default Web-Based Authentication Configuration 1536
Web-Based Authentication Configuration Guidelines and Restrictions 1537
Configuring the Authentication Rule and Interfaces 1538
Configuring AAA Authentication 1540
Configuring Switch-to-RADIUS-Server Communication 1542
Configuring the HTTP Server 1544
Customizing the Authentication Proxy Web Pages 1545
Specifying a Redirection URL for Successful Login 1547
Configuring the Web-Based Authentication Parameters 1548
Configuring a Web Authentication Local Banner 1549

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lx
Contents

Removing Web-Based Authentication Cache Entries 1550


Downloading Web Authentication Tar Bundle (CLI) 1551
Downloading Web Authentication Tar Bundle (GUI) 1552
Integrating Customized Web Authentication Pages into a Parameter Map (CLI) 1553
Linking Image in Custom Pages 1554
Sample Web Authentication Login HTML 1555
Configuring a Parameter Map for Local Web Authentication (CLI) 1557
Monitoring Web-Based Authentication Status 1560

CHAPTER 70 Configuring Port-Based Traffic Control 1561


Overview of Port-Based Traffic Control 1561
Finding Feature Information 1562
Information About Storm Control 1562
Storm Control 1562
How Traffic Activity is Measured 1562
Traffic Patterns 1563
How to Configure Storm Control 1564
Configuring Storm Control and Threshold Levels 1564
Configuring Small-Frame Arrival Rate 1566
Information About Protected Ports 1569
Protected Ports 1569
Default Protected Port Configuration 1569
Protected Ports Guidelines 1569
How to Configure Protected Ports 1569
Configuring a Protected Port 1569
Monitoring Protected Ports 1571
Information About Port Blocking 1571
Port Blocking 1571
How to Configure Port Blocking 1572
Blocking Flooded Traffic on an Interface 1572
Monitoring Port Blocking 1574
Prerequisites for Port Security 1574
Restrictions for Port Security 1574
Information About Port Security 1574
Port Security 1574

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxi
Contents

Types of Secure MAC Addresses 1575


Sticky Secure MAC Addresses 1575
Security Violations 1575
Port Security Aging 1576
Port Security and Switch Stacks 1577
Default Port Security Configuration 1577
Port Security Configuration Guidelines 1577
Overview of Port-Based Traffic Control 1579
How to Configure Port Security 1579
Enabling and Configuring Port Security 1579
Enabling and Configuring Port Security Aging 1583
Finding Feature Information 1585
Information About Storm Control 1586
Storm Control 1586
How Traffic Activity is Measured 1586
Traffic Patterns 1587
How to Configure Storm Control 1587
Configuring Storm Control and Threshold Levels 1587
Configuring Small-Frame Arrival Rate 1590
Information About Protected Ports 1592
Protected Ports 1592
Default Protected Port Configuration 1593
Protected Ports Guidelines 1593
How to Configure Protected Ports 1593
Configuring a Protected Port 1593
Monitoring Protected Ports 1594
Information About Port Blocking 1595
Port Blocking 1595
How to Configure Port Blocking 1595
Blocking Flooded Traffic on an Interface 1595
Monitoring Port Blocking 1597
Configuration Examples for Port Security 1597

CHAPTER 71 Configuring IPv6 First Hop Security 1599


Finding Feature Information 1599

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxii
Contents

Prerequisites for First Hop Security in IPv6 1599


Restrictions for First Hop Security in IPv6 1600
Information about First Hop Security in IPv6 1600
How to Configure an IPv6 Snooping Policy 1602
How to Attach an IPv6 Snooping Policy to an Interface 1604
How to Attach an IPv6 Snooping Policy to a Layer 2 EtherChannel Interface 1605
How to Attach an IPv6 Snooping Policy to VLANs Globally 1606
How to Configure the IPv6 Binding Table Content 1607
How to Configure an IPv6 Neighbor Discovery Inspection Policy 1608
How to Attach an IPv6 Neighbor Discovery Inspection Policy to an Interface 1610
How to Attach an IPv6 Neighbor Discovery Inspection Policy to a Layer 2 EtherChannel
Interface 1612
How to Attach an IPv6 Neighbor Discovery Inspection Policy to VLANs Globally 1613
How to Configure an IPv6 Router Advertisement Guard Policy 1614
How to Attach an IPv6 Router Advertisement Guard Policy to an Interface 1616
How to Attach an IPv6 Router Advertisement Guard Policy to a Layer 2 EtherChannel
Interface 1617
How to Attach an IPv6 Router Advertisement Guard Policy to VLANs Globally 1618
How to Configure an IPv6 DHCP Guard Policy 1619
How to Attach an IPv6 DHCP Guard Policy to an Interface or a VLAN on an Interface 1621
How to Attach an IPv6 DHCP Guard Policy to a Layer 2 EtherChannel Interface 1622
How to Attach an IPv6 DHCP Guard Policy to VLANs Globally 1624
Additional References 1624

CHAPTER 72 Configuring Cisco TrustSec 1627


Information about Cisco TrustSec 1627
Finding Feature Information 1627
Feature Information for Cisco TrustSec 1628

CHAPTER 73 Configuring Wireless Guest Access 1629


Finding Feature Information 1629
Prerequisites for Guest Access 1629
Restrictions for Guess Access 1630
Information about Wireless Guest Access 1630
Fast Secure Roaming 1630

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxiii
Contents

How to Configure Guest Access 1631


Creating a Lobby Administrator Account 1631
Configuring Guest User Accounts 1632
Configuring Mobility Agent (MA) 1633
Configuring Mobility Controller 1635
Obtaining a Web Authentication Certificate 1636
Displaying a Web Authentication Certificate 1637
Choosing the Default Web Authentication Login Page 1637
Choosing a Customized Web Authentication Login Page from an External Web
Server 1639
Assigning Login, Login Failure, and Logout Pages per WLAN 1640
Configuring AAA-Override 1642
Configuring Client Load Balancing 1643
Configuring Preauthentication ACL 1644
Configuring IOS ACL Definition 1645
Configuring Webpassthrough 1646
Configuration Examples for Guest Access 1647
Example: Creating a Lobby Ambassador Account 1647
Example: Obtaining Web Authentication Certificate 1647
Example: Displaying a Web Authentication Certificate 1648
Example: Configuring Guest User Accounts 1649
Example: Configuring Mobility Controller 1649
Example: Choosing the Default Web Authentication Login Page 1650
Example: Choosing a Customized Web Authentication Login Page from an External
Web Server 1650
Example: Assigning Login, Login Failure, and Logout Pages per WLAN 1651
Example: Configuring AAA-Override 1651
Example: Configuring Client Load Balancing 1651
Example: Configuring Preauthentication ACL 1651
Example: Configuring IOS ACL Definition 1652
Example: Configuring Webpassthrough 1652
Additional References for Guest Access 1652
Feature History and Information for Guest Access 1653

CHAPTER 74 Managing Rogue Devices 1655

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxiv
Contents

Finding Feature Information 1655


Information About Rogue Devices 1655
Validating Rogue Devices Using MSE 1659
How to Configure Rogue Detection 1660
Configuring Rogue Detection (CLI) 1660
Configuring Rogue Detection (GUI) 1661
Monitoring Rogue Detection 1662
Examples: Rogue Detection Configuration 1663
Additional References for Rogue Detection 1664
Feature History and Information For Performing Rogue Detection Configuration 1665

CHAPTER 75 Classifying Rogue Access Points 1667


Finding Feature Information 1667
Information About Classifying Rogue Access Points 1667
Restrictions for Classifying Rogue Access Points 1670
How to Classify Rogue Access Points 1671
Configuring Rogue Classification Rules (CLI) 1671
Configuring Rogue Classification Rules (GUI) 1674
Viewing and Classifying Rogue Devices (GUI) 1676
Examples: Classifying Rogue Access Points 1678
Additional References for Classifying Rogue Access Points 1678
Feature History and Information For Classifying Rogue Access Points 1679

CHAPTER 76 Configuring wIPS 1681


Finding Feature Information 1681
Information About wIPS 1681
How to Configure wIPS on an Access Point 1688
Configuring wIPS on an Access Point (CLI) 1688
Configuring wIPS on an Access Point (GUI) 1689
Monitoring wIPS Information 1689
Examples: wIPS Configuration 1690
Additional References for Configuring wIPS 1690
Feature History for Performing wIPS Configuration 1691

CHAPTER 77 Configuring Intrusion Detection System 1693

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxv
Contents

Finding Feature Information 1693


Information About Intrusion Detection System 1693
How to Configure Intrusion Detection System 1694
Configuring IDS Sensors 1694
Monitoring Intrusion Detection System 1695

PART XII Stack Manager and High Availability 1697

CHAPTER 78 Managing Switch Stacks 1699


Finding Feature Information 1699
Prerequisites for Switch Stacks 1699
Restrictions for Switch Stacks 1700
Information About Switch Stacks 1700
Switch Stack Overview 1700
Supported Features in a Switch Stack 1700
Encryption Features 1700
StackWise-480 1700
Fast Stack Convergence 1701
StackPower 1701
Switch Stack Membership 1701
Changes to Switch Stack Membership 1701
Stack Member Numbers 1702
Stack Member Priority Values 1703
Switch Stack Bridge ID and MAC Address 1703
Persistent MAC Address on the Switch Stack 1703
Active and Standby Switch Election and Reelection 1704
Switch Stack Configuration Files 1705
Offline Configuration to Provision a Stack Member 1706
Effects of Adding a Provisioned Switch to a Switch Stack 1707
Effects of Replacing a Provisioned Switch in a Switch Stack 1708
Effects of Removing a Provisioned Switch from a Switch Stack 1708
Upgrading a Switch Running Incompatible Software 1708
Auto-Upgrade 1708
Auto-Advise 1709
Examples of Auto-Advise Messages 1710

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxvi
Contents

SDM Template Mismatch in Switch Stacks 1710


Switch Stack Management Connectivity 1711
Connectivity to Specific Stack Members 1711
Connectivity to the Switch Stack Through an IP Address 1711
Connectivity to the Switch Stack Through Console Ports or Ethernet Management
Ports 1711
How to Configure a Switch Stack 1712
Enabling the Persistent MAC Address Feature 1712
Assigning a Stack Member Number 1713
Setting the Stack Member Priority Value 1714
Provisioning a New Member for a Switch Stack 1716
Removing Provisioned Switch Information 1717
Displaying Incompatible Switches in the Switch Stack 1718
Upgrading an Incompatible Switch in the Switch Stack 1718
Troubleshooting the Switch Stack 1719
Accessing the Diagnostic Console of a Stack Member 1719
Temporarily Disabling a Stack Port 1719
Reenabling a Stack Port While Another Member Starts 1720
Monitoring the Switch Stack 1721
Configuration Examples for Switch Stacks 1721
Switch Stack Configuration Scenarios 1721
Enabling the Persistent MAC Address Feature: Example 1723
Provisioning a New Member for a Switch Stack: Example 1724
show switch stack-ports summary Command Output: Example 1724
Software Loopback: Examples 1726
Software Loopback with Connected Stack Cables: Examples 1727
Software Loopback with no Connected Stack Cable: Example 1727
Finding a Disconnected Stack Cable: Example 1728
Fixing a Bad Connection Between Stack Ports: Example 1728
Additional References for Switch Stacks 1729

CHAPTER 79 Configuring Cisco NSF with SSO 1731


Finding Feature Information 1731
Prerequisites for NSF with SSO 1731
Restrictions for NSF with SSO 1732

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxvii
Contents

Information About NSF with SSO 1732


Overview of NSF with SSO 1732
SSO Operation 1733
NSF Operation 1734
Cisco Express Forwarding 1735
BGP Operation 1735
OSPF Operation 1736
EIGRP Operation 1737
How to Configure Cisco NSF with SSO 1738
Configuring SSO 1738
Configuring SSO Example 1739
Verifying CEF NSF 1739
Configuring BGP for NSF 1740
Verifying BGP NSF 1740
Configuring OSPF NSF 1741
Verifying OSPF NSF 1742
Configuring EIGRP NSF 1743
Verifying EIGRP NSF 1743

CHAPTER 80 Configuring Wireless High Availability 1745


Finding Feature Information 1745
Information about High Availability 1745
Information About Redundancy 1746
Configuring Redundancy in Access Points 1746
Configuring Heartbeat Messages 1747
Information about Access Point Stateful Switch Over 1748
Initiating Graceful Switchover 1748
Configuring EtherChannels for High Availability 1749
Configuring LACP 1749
Troubleshooting High Availability 1750
Access the Standby Console 1750
Before a Switchover 1751
After a Switchover 1753
Viewing Redundancy Switchover History (GUI) 1753
Viewing Switchover States (GUI) 1754

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxviii
Contents

Monitoring the Switch Stack 1755


LACP Configuration: Example 1756
Flex Link Configuration: Example 1758

PART XIII System Management 1761

CHAPTER 81 Administering the System 1763


Finding Feature Information 1763
Information About Administering the Switch 1763
System Time and Date Management 1763
System Clock 1764
Network Time Protocol 1764
NTP Stratum 1766
NTP Associations 1766
NTP Security 1766
NTP Implementation 1766
NTP Version 4 1767
System Name and Prompt 1768
Stack System Name and Prompt 1768
Default System Name and Prompt Configuration 1768
DNS 1768
Default DNS Settings 1769
Login Banners 1769
Default Banner Configuration 1769
MAC Address Table 1769
MAC Address Table Creation 1770
MAC Addresses and VLANs 1770
MAC Addresses and Switch Stacks 1770
Default MAC Address Table Settings 1770
ARP Table Management 1771
How to Administer the Switch 1771
Configuring the Time and Date Manually 1771
Setting the System Clock 1771
Configuring the Time Zone 1772
Configuring Summer Time (Daylight Saving Time) 1773

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxix
Contents

1775

Configuring a System Name 1777


Setting Up DNS 1778
Configuring a Message-of-the-Day Login Banner 1780
Configuring a Login Banner 1781
Managing the MAC Address Table 1783
Changing the Address Aging Time 1783
Configuring MAC Address Change Notification Traps 1784
Configuring MAC Address Move Notification Traps 1786
Configuring MAC Threshold Notification Traps 1788
Adding and Removing Static Address Entries 1791
Configuring Unicast MAC Address Filtering 1792
Monitoring and Maintaining Administration of the Switch 1793
Configuration Examples for Switch Administration 1795
Example: Setting the System Clock 1795
Examples: Configuring Summer Time 1795
Example: Configuring a MOTD Banner 1795
Example: Configuring a Login Banner 1796
Example: Configuring MAC Address Change Notification Traps 1796
Example: Configuring MAC Threshold Notification Traps 1796
Example: Adding the Static Address to the MAC Address Table 1796
Example: Configuring Unicast MAC Address Filtering 1797
Additional References for Switch Administration 1797
Feature History and Information for Switch Administration 1798

CHAPTER 82 Performing Switch Setup Configuration 1799


Finding Feature Information 1799
Information About Performing Switch Setup Configuration 1799
Switch Boot Process 1799
Software Installer Features 1800
Software Boot Modes 1801
Installed Boot Mode 1801
Bundle Boot Mode 1801
Boot Mode for a Switch Stack 1802
Switches Information Assignment 1802

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxx
Contents

Default Switch Information 1803


DHCP-Based Autoconfiguration Overview 1803
DHCP Client Request Process 1804
DHCP-based Autoconfiguration and Image Update 1805
Restrictions for DHCP-based Autoconfiguration 1805
DHCP Autoconfiguration 1805
DHCP Auto-Image Update 1806
DHCP Server Configuration Guidelines 1806
Purpose of the TFTP Server 1807
Purpose of the DNS Server 1807
How to Obtain Configuration Files 1807
How to Control Environment Variables 1808
Common Environment Variables 1809
Environment Variables for TFTP 1811
Scheduled Reload of the Software Image 1811
How to Perform Switch Setup Configuration 1812
Configuring DHCP Autoconfiguration (Only Configuration File) 1812
Configuring DHCP Auto-Image Update (Configuration File and Image) 1814
Configuring the Client to Download Files from DHCP Server 1818
Manually Assigning IP Information to Multiple SVIs 1819
Modifying the Switch Startup Configuration 1821
Specifying the Filename to Read and Write the System Configuration 1821
Manually Booting the Switch 1822
Booting the Switch in Installed Mode 1823
Booting the Switch in Bundle Mode 1825
Booting a Specific Software Image On a Switch Stack 1826
Configuring a Scheduled Software Image Reload 1827
Monitoring Switch Setup Configuration 1828
Example: Verifying the Switch Running Configuration 1828
Examples: Displaying Software Bootup in Install Mode 1829
Example: Emergency Installation 1831
Configuration Examples for Performing Switch Setup 1832
Example: Configuring a Switch as a DHCP Server 1832
Example: Configuring DHCP Auto-Image Update 1832
Example: Configuring a Switch to Download Configurations from a DHCP Server 1833

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxi
Contents

Examples: Scheduling Software Image Reload 1833


Additional References For Performing Switch Setup 1834
Feature History and Information For Performing Switch Setup Configuration 1835

CHAPTER 83 Configuring Right-To-Use Licenses 1837


Finding Feature Information 1837
Restrictions for Configuring RTU Licenses 1837
Information About Configuring RTU Licenses 1838
Right-To-Use Licensing 1838
Right-To-Use Image-Based Licenses 1838
Right-To-Use License States 1839
License Activation for Switch Stacks 1839
Mobility Controller Mode 1839
Right-To-Use AP-Count Licensing 1840
Right-to-Use AP-Count Evaluation Licenses 1840
Right-To-Use Adder AP-Count Rehosting Licenses 1841
How to Configure RTU Licenses 1841
Activating an Imaged Based License 1841
Activating an AP-Count License 1843
Obtaining an Upgrade or Capacity Adder License 1843
Rehosting a License 1844
Changing Mobility Mode 1845
Monitoring and Maintaining RTU Licenses 1846
Configuration Examples for RTU Licensing 1847
Examples: Activating RTU Image Based Licenses 1847
Examples: Displaying RTU Licensing Information 1847
Example: Displaying RTU License Details 1849
Example: Displaying RTU License Mismatch 1850
Example: Displaying RTU Licensing Usage 1851
Additional References for RTU Licensing 1852
Feature History and Information for RTU Licensing 1853

CHAPTER 84 Configuring Administrator Usernames and Passwords 1855


Finding Feature Information 1855
Information About Configuring Administrator Usernames and Passwords 1855

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxii
Contents

Configuring Administrator Usernames and Passwords 1856


Examples: Administrator Usernames and Passwords Configuration 1858
Additional References for Administrator Usernames and Passwords 1858
Feature History and Information For Performing Administrator Usernames and Passwords
Configuration 1859

CHAPTER 85 Configuring 802.11 parameters and Band Selection 1861


Finding Feature Information 1861
Restrictions on Band Selection, 802.11 Bands, and Parameters 1861
Information About Configuring Band Selection, 802.11 Bands, and Parameters 1862
Band Selection 1862
802.11 Bands 1862
802.11n Parameter 1862
802.11h Parameter 1863
How to Configure 802.11 Bands and Parameters 1863
Configuring Band Selection (CLI) 1863
Configuring the 802.11 Bands (CLI) 1864
Configuring the 802.11 Bands (GUI) 1867
Configuring 802.11n Parameters (CLI) 1868
Configuring the 802.11n Parameters (GUI) 1871
Configuring 802.11h Parameters (CLI) 1872
Configuring the 802.11h Parameters (GUI) 1873
Monitoring Configuration Settings for Band Selection, 802.11 Bands, and Parameters 1874
Monitoring Configuration Settings Using Band Selection and 802.11 Bands
Commands 1874
Example: Viewing the Configuration Settings for 5-GHz Band 1874
Example: Viewing the Configuration Settings for 24-GHz Band 1876
Example: Viewing the status of 802.11h Parameters 1877
Example: Verifying the Band Selection Settings 1877
Configuration Examples for Band Selection, 802.11 Bands, and Parameters 1878
Examples: Band Selection Configuration 1878
Examples: 802.11 Bands Configuration 1878
Examples: 802.11n Configuration 1879
Examples: 802.11h Configuration 1879
Additional References for 802.11 Parameters and Band Selection 1880

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxiii
Contents

Feature History and Information For Performing 802.11 parameters and Band Selection
Configuration 1881

CHAPTER 86 Configuring Aggressive Load Balancing 1883


Finding Feature Information 1883
Restrictions for Aggressive Load Balancing 1883
Information for Configuring Aggressive Load Balancing Parameters 1884
Aggressive Load Balancing 1884
How to Configure Aggressive Load Balancing 1885
Configuring Aggressive Load Balancing 1885
Monitoring Aggressive Load Balancing 1886
Examples: Aggressive Load Balancing Configuration 1886
Additional References for Aggressive Load Balancing 1887
Feature History and Information For Performing Aggressive Load Balancing Configuration
1888

CHAPTER 87 Configuring Client Roaming 1889


Finding Feature Information 1889
Restrictions for Configuring Client Roaming 1889
Information About Client Roaming 1890
Inter-Subnet Roaming 1891
Voice-over-IP Telephone Roaming 1891
CCX Layer 2 Client Roaming 1891
How to Configure Layer 2 or Layer 3 Roaming 1892
Configuring Layer 2 or Layer 3 Roaming 1892
Configuring CCX Client Roaming Parameters (CLI) 1893
Configuring Mobility Oracle 1895
Configuring Mobility Controller 1896
Configuring Mobility Agent 1898
Monitoring Client Roaming Parameters 1899
Monitoring Mobility Configurations 1899
Additional References for Configuring Client Roaming 1901
Feature History and Information For Performing Client Roaming Configuration 1902

CHAPTER 88 Configuring Application Visibility and Control 1903

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxiv
Contents

Finding Feature Information 1903


Information About Application Visibility and Control 1903
Supported AVC Class Map and Policy Map Formats 1905
Prerequisites for Application Visibility and Control 1907
Guidelines for Inter-Switch Roaming with Application Visibility and Control 1907
Restrictions for Application Visibility and Control 1907
How to Configure Application Visibility and Control 1909
Configuring Application Visibility and Control (CLI) 1909
Creating a Flow Record 1909
Creating a Flow Exporter (Optional) 1911
Creating a Flow Monitor 1913
Creating AVC QoS Policy 1914
Creating a Class Map 1915
Creating a Policy Map 1916
Configuring Local Policies (CLI) 1917
Configuring Local Policies (CLI) 1917
Creating a Service Template (CLI) 1917
Creating a Parameter Map (CLI) 1919
Creating a Policy Map (CLI) 1920
Applying a Local Policy for a Device on a WLAN (CLI) 1921
Configuring Local Policies (GUI) 1923
Configuring Local Policies (GUI) 1923
Creating a Service Template (GUI) 1923
Creating a Policy Map (GUI) 1924
Applying Local Policies to WLAN (GUI) 1925
Configuring WLAN to Apply Flow Monitor in IPV4 Input/Output Direction 1926
Configuring Application Visibility and Control (GUI) 1926
Configuring Application Visibility (GUI) 1926
Configuring Application Visibility and Control (GUI) 1927
Monitoring Application Visibility and Control 1929
Monitoring Application Visibility and Control (CLI) 1929
Monitoring Application Visibility and Control (GUI) 1930
Monitoring SSID and Client Policies Statistics (GUI) 1931
Examples: Application Visibility and Control 1931
Examples: Application Visibility Configuration 1931

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxv
Contents

Examples: Application Visibility and Control QoS Configuration 1932


Example: Configuring QoS Attribute for Local Profiling Policy 1933
Additional References for Application Visibility and Control 1934
Feature History and Information For Application Visibility and Control 1935

CHAPTER 89 Configuring Voice and Video Parameters 1937


Finding Feature Information 1937
Prerequisites for Voice and Video Parameters 1937
Restrictions for Voice and Video Parameters 1938
Information About Configuring Voice and Video Parameters 1938
Call Admission Control 1938
Static-Based CAC 1939
Load-Based CAC 1939
IOSd Call Admission Control 1940
Expedited Bandwidth Requests 1940
U-APSD 1941
Traffic Stream Metrics 1941
Information About Configuring Voice Prioritization Using Preferred Call Numbers 1942
Information About EDCA Parameters 1942
How to Configure Voice and Video Parameters 1943
Configuring Voice Parameters (CLI) 1943
Configuring Video Parameters (CLI) 1947
Configuring SIP-Based CAC (CLI) 1949
Configuring a Preferred Call Number (CLI) 1951
Configuring EDCA Parameters (CLI) 1952
Configuring EDCA Parameters (GUI) 1954
Monitoring Voice and Video Parameters 1955
Configuration Examples for Voice and Video Parameters 1957
Example: Configuring Voice and Video 1957
Additional References for Voice and Video Parameters 1958
Feature History and Information For Performing Voice and Video Parameters
Configuration 1959

CHAPTER 90 Configuring RFID Tag Tracking 1961


Finding Feature Information 1961

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxvi
Contents

Information About Configuring RFID Tag Tracking 1961


How to Configure RFID Tag Tracking 1962
Configuring RFID Tag Tracking (CLI) 1962
Monitoring RFID Tag Tracking Information 1963
Additional References RFID Tag Tracking 1963
Feature History and Information For Performing RFID Tag Tracking Configuration 1964

CHAPTER 91 Configuring Location Settings 1965


Finding Feature Information 1965
Information About Configuring Location Settings 1965
How to Configure Location Settings 1966
Configuring Location Settings (CLI) 1966
Modifying the NMSP Notification Interval for Clients, RFID Tags, and Rogues (CLI) 1968
Modifying the NMSP Notification threshold for Clients, RFID Tags, and Rogues
(CLI) 1969
Monitoring Location Settings and NMSP Settings 1970
Monitoring Location Settings (CLI) 1970
Monitoring NMSP Settings (CLI) 1970
Examples: Location Settings Configuration 1971
Examples: NMSP Settings Configuration 1971
Additional References for Location Settings 1972
Feature History and Information For Performing Location Settings Configuration 1973

CHAPTER 92 Monitoring Flow Control 1975


Finding Feature Information 1975
Information About Flow Control 1975
Monitoring Flow Control 1975
Examples: Monitoring Flow Control 1976
Additional References for Monitoring Flow Control 1977
Feature History and Information For Monitoring Flow Control 1978

CHAPTER 93 Configuring SDM Templates 1979


Finding Feature Information 1979
Information About Configuring SDM Templates 1979
SDM Templates 1979

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxvii
Contents

SDM Templates and Switch Stacks 1981


How to Configure SDM Templates 1981
Configuring SDM Templates 1981
Configuring the Switch SDM Template 1981
Setting the SDM Template 1981
Monitoring and Maintaining SDM Templates 1982
Configuration Examples for SDM Templates 1983
Examples: Configuring SDM Templates 1983
Examples: Displaying SDM Templates 1983
Additional References for SDM Templates 1984
Feature History and Information for Configuring SDM Templates 1985

CHAPTER 94 Configuring System Message Logs 1987


Finding Feature Information 1987
Information About Configuring System Message Logs 1987
System Messsage Logging 1987
System Log Message Format 1988
Default System Message Logging Settings 1989
Syslog Message Limits 1990
How to Configure System Message Logs 1990
Setting the Message Display Destination Device 1990
Synchronizing Log Messages 1992
Disabling Message Logging 1993
Enabling and Disabling Time Stamps on Log Messages 1994
Enabling and Disabling Sequence Numbers in Log Messages 1995
Defining the Message Severity Level 1996
Limiting Syslog Messages Sent to the History Table and to SNMP 1997
Logging Messages to a UNIX Syslog Daemon 1998
Monitoring and Maintaining System Message Logs 1999
Monitoring Configuration Archive Logs 1999
Configuration Examples for System Message Logs 2000
Example: Stacking System Message 2000
Example: Switch System Message 2000
Additional References for System Message Logs 2000
Feature History and Information For System Message Logs 2002

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxviii
Contents

CHAPTER 95 Configuring Online Diagnostics 2003


Finding Feature Information 2003
Information About Configuring Online Diagnostics 2003
Online Diagnostics 2003
How to Configure Online Diagnostics 2004
Starting Online Diagnostic Tests 2004
Configuring Online Diagnostics 2005
Scheduling Online Diagnostics 2005
Configuring Health-Monitoring Diagnostics 2006
Monitoring and Maintaining Online Diagnostics 2009
Displaying Online Diagnostic Tests and Test Results 2009
Configuration Examples for Online Diagnostic Tests 2010
Examples: Start Diagnostic Tests 2010
Example: Configure a Health Monitoring Test 2010
Examples: Schedule Diagnostic Test 2010
Examples: Displaying Online Diagnostics 2010
Additional References for Online Diagnostics 2012
Feature History and Information for Configuring Online Diagnostics 2013

CHAPTER 96 Managing Configuration Files 2015


Prerequisites for Managing Configuration Files 2015
Restrictions for Managing Configuration Files 2015
Information About Managing Configuration Files 2015
Types of Configuration Files 2015
Configuration Mode and Selecting a Configuration Source 2016
Configuration File Changes Using the CLI 2016
Location of Configuration Files 2016
Copy Configuration Files from a Network Server to the Switch 2017
Copying a Configuration File from the Switch to a TFTP Server 2017
Copying a Configuration File from the Switch to an RCP Server 2017
Restrictions 2018
Requirements for the RCP Username 2019
Copying a Configuration File from the Switch to an FTP Server 2019
Understanding the FTP Username and Password 2019

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxix
Contents

Configuration Files Larger than NVRAM 2020


Compressing the Configuration File 2020
Storing the Configuration in Flash Memory on Class A Flash File Systems 2020
Loading the Configuration Commands from the Network 2020
Configuring the Switch to Download Configuration Files 2021
Network Versus Host Configuration Files 2021
How to Manage Configuration File Information 2021
Displaying Configuration File Information (CLI) 2021
Modifying the Configuration File (CLI) 2022
Copying a Configuration File from the Switch to a TFTP Server (CLI) 2024
What to Do Next 2025
Copying a Configuration File from the Switch to an RCP Server (CLI) 2025
Examples 2026
Storing a Running Configuration File on an RCP Server 2026
Storing a Startup Configuration File on an RCP Server 2027
What to Do Next 2027
Copying a Configuration File from the Switch to the FTP Server (CLI) 2027
Examples 2028
Storing a Running Configuration File on an FTP Server 2028
Storing a Startup Configuration File on an FTP Server 2029
What to Do Next 2029
Copying a Configuration File from a TFTP Server to the Switch (CLI) 2029
What to Do Next 2030
Copying a Configuration File from the rcp Server to the Switch (CLI) 2030
Examples 2032
Copy RCP Running-Config 2032
Copy RCP Startup-Config 2032
What to Do Next 2032
Copying a Configuration File from an FTP Server to the Switch (CLI) 2032
Examples 2034
Copy FTP Running-Config 2034
Copy FTP Startup-Config 2034
What to Do Next 2034
Maintaining Configuration Files Larger than NVRAM 2035
Compressing the Configuration File (CLI) 2035

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxx
Contents

Storing the Configuration in Flash Memory on Class A Flash File Systems (CLI) 2036
Loading the Configuration Commands from the Network (CLI) 2038
Copying Configuration Files from Flash Memory to the Startup or Running Configuration
(CLI) 2040
Copying Configuration Files Between Flash Memory File Systems (CLI) 2041
Copying a Configuration File from an FTP Server to Flash Memory Devices (CLI) 2042
What to Do Next 2044
Copying a Configuration File from an RCP Server to Flash Memory Devices (CLI) 2044
Copying a Configuration File from a TFTP Server to Flash Memory Devices (CLI) 2045
Re-executing the Configuration Commands in the Startup Configuration File (CLI) 2046
Clearing the Startup Configuration (CLI) 2046
Deleting a Specified Configuration File (CLI) 2047
Specifying the CONFIG_FILE Environment Variable on Class A Flash File Systems
(CLI) 2048
What to Do Next 2050
Configuring the Switch to Download Configuration Files 2050
Configuring the Switch to Download the Network Configuration File (CLI) 2050
Configuring the Switch to Download the Host Configuration File (CLI) 2052
Additional References 2054

CHAPTER 97 Configuration Replace and Configuration Rollback 2057


Prerequisites for Configuration Replace and Configuration Rollback 2057
Restrictions for Configuration Replace and Configuration Rollback 2058
Information About Configuration Replace and Configuration Rollback 2058
Configuration Archive 2058
Configuration Replace 2058
Configuration Rollback 2059
Configuration Rollback Confirmed Change 2060
Benefits of Configuration Replace and Configuration Rollback 2060
How to Use Configuration Replace and Configuration Rollback 2060
Creating a Configuration Archive (CLI) 2060
Performing a Configuration Replace or Configuration Rollback Operation (CLI) 2062
Monitoring and Troubleshooting the Feature (CLI) 2064
Configuration Examples for Configuration Replace and Configuration Rollback 2066
Creating a Configuration Archive 2066

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxxi
Contents

Replacing the Current Running Configuration with a Saved Cisco IOS Configuration
File 2067
Reverting to the Startup Configuration File 2067
Performing a Configuration Replace Operation with the configure confirm
Command 2067
Performing a Configuration Rollback Operation 2068
Additional References 2069

CHAPTER 98 Working with the Flash File System 2071


Information About the Flash File System 2071
Displaying Available File Systems 2071
Setting the Default File System 2074
Displaying Information About Files on a File System 2074
Changing Directories and Displaying the Working Directory (CLI) 2075
Creating Directories (CLI) 2076
Removing Directories 2077
Copying Files 2077
Copying Files from One Switch in a Stack to Another Switch in the Same Stack 2078
Deleting Files 2079
Creating, Displaying and Extracting Files (CLI) 2079
Additional References 2081

CHAPTER 99 Working with Cisco IOS XE Software Bundles 2083


About Software Bundles and Packages 2083
Bundle and Package File Location on the Switch 2083
Upgrading Cisco IOS XE Software 2084
Upgrading Cisco IOS XE Software: Install Mode 2084
Upgrading Cisco IOS XE Software Install Mode Example 2084
Upgrading Cisco IOS XE Software: Bundle Mode 2085
Upgrading Cisco IOS XE Software Bundle Mode Example 2085
Converting from the Bundle Running Mode to the Install Running Mode 2086
Converting from the Bundle Running Mode to the Install Running Mode
Example 2086
Copying IOS XE Package and Bundle Files from One Stack Member to Another 2087

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxxii
Contents

Copying IOS XE Package and Bundle Files from One Stack Member to Another
Example 2087
Upgrading a Switch Running Incompatible Software 2088
Upgrading a Switch Running Incompatible Software Example 2089
Upgrading a Switch Running in Incompatible Running Mode 2090
Upgrading a Switch Running in Incompatible Running Mode Example 2090
Additional References 2091

CHAPTER 100 Troubleshooting the Software Configuration 2095


Finding Feature Information 2095
Information About Troubleshooting the Software Configuration 2096
Software Failure on a Switch 2096
Lost or Forgotten Password on a Switch 2096
Power over Ethernet Ports 2096
Disabled Port Caused by Power Loss 2097
Disabled Port Caused by False Link-Up 2097
Ping 2097
Layer 2 Traceroute 2097
Layer 2 Traceroute Guidelines 2098
IP Traceroute 2099
Time Domain Reflector Guidelines 2099
Debug Commands 2100
Crashinfo Files 2101
System Reports 2102
Onboard Failure Logging on the Switch 2102
Fan Failures 2103
Possible Symptoms of High CPU Utilization 2103
How to Troubleshoot the Software Configuration 2103
Recovering from a Software Failure 2103
Recovering from a Lost or Forgotten Password 2105
Procedure with Password Recovery Enabled 2107
Procedure with Password Recovery Disabled 2108
Preventing Switch Stack Problems 2110
Preventing Autonegotiation Mismatches 2111
Troubleshooting SFP Module Security and Identification 2111

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxxiii
Contents

Monitoring SFP Module Status 2112


Executing Ping 2112
Monitoring Temperature 2113
Monitoring the Physical Path 2113
Executing IP Traceroute 2113
Running TDR and Displaying the Results 2114
Redirecting Debug and Error Message Output 2114
Using the show platform forward Command 2114
Configuring OBFL 2114
Verifying Troubleshooting of the Software Configuration 2115
Displaying OBFL Information 2115
Example: Verifying the Problem and Cause for High CPU Utilization 2116
Scenarios for Troubleshooting the Software Configuration 2118
Scenarios to Troubleshoot Power over Ethernet (PoE) 2118
Configuration Examples for Troubleshooting Software 2120
Example: Pinging an IP Host 2120
Example: Performing a Traceroute to an IP Host 2121
Example: Enabling All System Diagnostics 2122
Additional References for Troubleshooting Software Configuration 2123
Feature History and Information for Troubleshooting Software Configuration 2124

PART XIV VideoStream 2125

CHAPTER 101 Configuring VideoStream 2127


Finding Feature Information 2127
Prerequisites for VideoStream 2127
Restrictions for Configuring VideoStream 2127
Information about VideoStream 2128
How to Configure VideoStream 2128
Configuring Multicast-Direct Globally for Media-Stream 2128
Configuring Media-Stream for 802.11 bands 2130
Configuring WLAN to Stream Video 2132
Deleting a Media-Stream 2133
Monitoring Media Streams 2133

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxxiv
Contents

CHAPTER 102 Configuring VideoStream GUI 2135


Configuring VideoStream (GUI) 2135

PART XV VLAN 2139

CHAPTER 103 Configuring VTP 2141


Finding Feature Information 2141
Prerequisites for VTP 2141
Restrictions for VTP 2142
Information About VTP 2142
VTP 2142
VTP Domain 2143
VTP Modes 2143
VTP Advertisements 2144
VTP Version 2 2145
VTP Version 3 2145
VTP Pruning 2146
VTP and Switch Stacks 2148
VTP Configuration Guidelines 2148
VTP Configuration Requirements 2148
VTP Settings 2148
Domain Names for Configuring VTP 2149
Passwords for the VTP Domain 2149
VTP Version 2150
How to Configure VTP 2151
Configuring VTP Mode (CLI) 2151
Configuring a VTP Version 3 Password (CLI) 2153
Configuring a VTP Version 3 Primary Server (CLI) 2154
Enabling the VTP Version (CLI) 2155
Enabling VTP Pruning (CLI) 2157
Configuring VTP on a Per-Port Basis (CLI) 2158
Adding a VTP Client Switch to a VTP Domain (CLI) 2160
Monitoring VTP 2162
Configuration Examples for VTP 2163

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxxv
Contents

Example: Configuring a Switch as the Primary Server 2163


Where to Go Next 2163
Additional References 2164
Feature History and Information for VTP 2165

CHAPTER 104 Configuring VLANs 2167


Finding Feature Information 2167
Prerequisites for VLANs 2167
Restrictions for VLANs 2168
Information About VLANs 2168
Logical Networks 2168
Supported VLANs 2169
VLAN Port Membership Modes 2170
VLAN Configuration Files 2171
Normal-Range VLAN Configuration Guidelines 2172
Extended-Range VLAN Configuration Guidelines 2173
How to Configure VLANs 2174
How to Configure Normal-Range VLANs 2174
Creating or Modifying an Ethernet VLAN (CLI) 2175
Deleting a VLAN (CLI) 2178
Assigning Static-Access Ports to a VLAN (CLI) 2179
How to Configure Extended-Range VLANs 2182
Creating an Extended-Range VLAN (CLI) 2182
How to Configure VLANs (GUI) 2184
Creating Layer2 VLAN (GUI) 2184
Creating Layer3 Interface (GUI) 2185
Viewing Layer2 VLAN (GUI) 2185
Viewing Layer3 Interface (GUI) 2186
Removing Layer2 VLAN (GUI) 2187
Removing Layer3 Interface (GUI) 2187
Monitoring VLANs 2188
Where to Go Next 2190
Additional References 2191
Feature History and Information for VLANs 2193

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxxvi
Contents

CHAPTER 105 Configuring VLAN Groups 2195


Finding Feature Information 2195
Prerequisites for VLAN Groups 2195
Restrictions for VLAN Groups 2196
Information About VLAN Groups 2196
How to Configure VLAN Groups 2197
Creating VLAN Groups (CLI) 2197
Removing VLAN Group (CLI) 2197
Creating VLAN Groups (GUI) 2198
Adding a VLAN Group to WLAN (CLI) 2199
Adding a VLAN Group to WLAN (GUI) 2199
Removing VLAN Groups (GUI) 2200
Viewing VLANs in VLAN Groups (CLI) 2200
Viewing VLAN Groups (GUI) 2200
Where to Go Next 2201
Additional References 2201
Feature History and Information for VLAN Groups 2203

CHAPTER 106 Configuring VLAN Trunks 2205


Finding Feature Information 2205
Prerequisites for VLAN Trunks 2205
Restrictions for VLAN Trunks 2206
Information About VLAN Trunks 2207
Trunking Overview 2207
Trunking Modes 2207
Layer 2 Interface Modes 2207
Allowed VLANs on a Trunk 2208
Load Sharing on Trunk Ports 2209
Network Load Sharing Using STP Priorities 2209
Network Load Sharing Using STP Path Cost 2209
Feature Interactions 2209
How to Configure VLAN Trunks 2210
Configuring an Ethernet Interface as a Trunk Port 2210
Configuring a Trunk Port (CLI) 2210

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxxvii
Contents

Defining the Allowed VLANs on a Trunk (CLI) 2213


Changing the Pruning-Eligible List (CLI) 2214
Configuring the Native VLAN for Untagged Traffic (CLI) 2216
Configuring Trunk Ports for Load Sharing 2217
Configuring Load Sharing Using STP Port Priorities (CLI) 2217
Configuring Load Sharing Using STP Path Cost (CLI) 2221
Where to Go Next 2224
Additional References 2225
Feature History and Information for VLAN Trunks 2226

CHAPTER 107 Configuring Voice VLANs 2227


Finding Feature Information 2227
Prerequisites for Voice VLANs 2227
Restrictions for Voice VLANs 2228
Information About Voice VLAN 2228
Voice VLANs 2228
Cisco IP Phone Voice Traffic 2228
Cisco IP Phone Data Traffic 2229
Voice VLAN Configuration Guidelines 2229
How to Configure Voice VLAN 2230
Configuring Cisco IP Phone Voice Traffic (CLI) 2230
Configuring the Priority of Incoming Data Frames (CLI) 2232
Monitoring Voice VLAN 2234
Where to Go Next 2234
Additional References 2235
Feature History and Information for Voice VLAN 2236

PART XVI WLAN 2237

CHAPTER 108 Configuring DHCP for WLANs 2239


Finding Feature Information 2239
Prerequisites for Configuring DHCP for WLANs 2239
Restrictions for Configuring DHCP for WLANs 2241
Information About the Dynamic Host Configuration Protocol 2241
Internal DHCP Servers 2241

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxxviii
Contents

External DHCP Servers 2242


DHCP Assignments 2242
Information About DHCP Option 82 2243
Configuring DHCP Scopes 2244
Information About DHCP Scopes 2244
How to Configure DHCP for WLANs 2244
Configuring DHCP for WLANs (CLI) 2244
Configuring DHCP Scopes (CLI) 2247
Additional References 2248
Feature Information for DHCP for WLANs 2249

CHAPTER 109 Configuring WLAN Security 2251


Finding Feature Information 2251
Prerequisites for Layer 2 Security 2251
Information About AAA Override 2252
How to Configure WLAN Security 2252
Configuring Static WEP + 802.1X Layer 2 Security Parameters (CLI) 2252
Configuring Static WEP Layer 2 Security Parameters (CLI) 2254
Configuring WPA + WPA2 Layer 2 Security Parameters (CLI) 2255
Configuring 802.1X Layer 2 Security Parameters (CLI) 2256
Configuring Layer 2 Parameters (GUI) 2257
Additional References 2261
Feature Information about WLAN Layer 2 Security 2262

CHAPTER 110 Setting Client Count Per WLAN 2263


Finding Feature Information 2263
Restrictions for Setting Client Count for WLANs 2263
Information About Setting the Client Count per WLAN 2264
How to Configure Client Count Per WLAN 2264
Configuring Client Count per WLAN (CLI) 2264
Configuring Client Count Per AP Per WLAN (CLI) 2265
Configuring Client Count per AP Radio per WLAN (CLI) 2266
Monitoring Client Connections (CLI) 2267
Additional References for Client Connections 2268
Feature Information about Client Connections Per WLAN 2269

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
lxxxix
Contents

CHAPTER 111 Configuring 802.11w 2271


Finding Feature Information 2271
Prerequisites for 802.11w 2271
Restrictions for 802.11w 2272
Information About 802.11w 2272
How to Configure 802.11w 2273
Configuring 802.11w (CLI) 2273
Disabling 802.11w (CLI) 2275
Monitoring 802.11w (CLI) 2276
Additional References for 802.11w 2277
Feature Information for 802.11w 2278

CHAPTER 112 Configuring Wi-Fi Direct Client Policy 2281


Finding Feature Information 2281
Restrictions for the Wi-Fi Direct Client Policy 2281
Information About the Wi-Fi Direct Client Policy 2281
How to Configure Wi-Fi Direct Client Policy 2282
Configuring the Wi-Fi Direct Client Policy (CLI) 2282
Disabling Wi-Fi Direct Client Policy (CLI) 2283
Monitoring Wi-Fi Direct Client Policy (CLI) 2284
Additional References for Wi-Fi Direct Client Policy 2285
Feature Information about Wi-Fi Direct Client Policy 2286

CHAPTER 113 Configuring 802.11r BSS Fast Transition 2287


Finding Feature Information 2287
Restrictions for 802.11r Fast Transition 2287
Information About 802.11r Fast Transition 2288
How to Configure 802.11r Fast Transition 2291
Configuring 802.11r Fast Transition in an Open WLAN (CLI) 2291
Configuring 802.11r BSS Fast Transition on a Dot1x Security Enabled WLAN
(CLI) 2292
Configuring 802.11r Fast Transition on a PSK Security Enabled WLAN (CLI) 2294
Configuring 802.11 Fast Transition (GUI) 2295
Disabling 802.11r Fast Transition (CLI) 2296

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xc
Contents

Monitoring 802.11r Fast Transition (GUI) 2297


Monitoring 802.11r Fast Transition (CLI) 2297
Additional References for 802.11r Fast Transition 2299
Feature Information for 802.11r Fast Transition 2300

CHAPTER 114 Configuring Assisted Roaming 2301


Finding Feature Information 2301
Restrictions for Assisted Roaming 2301
Information About Assisted Roaming 2302
How to Configure Assisted Roaming 2303
Configuring Assisted Roaming (CLI) 2303
Monitoring Assisted Roaming 2305
Configuration Examples for Assisted Roaming 2305
Additional References for Assisted Roaming 2306
Feature History and Information For Performing Assisted Roaming Configuration 2307

CHAPTER 115 Configuring Access Point Groups 2309


Finding Feature Information 2309
Prerequisites for Configuring AP Groups 2309
Restrictions for Configuring Access Point Groups 2310
Information About Access Point Groups 2310
How to Configure Access Point Groups 2311
Creating Access Point Groups 2311
Assigning an Access Point to an AP Group 2312
Viewing Access Point Group 2312
Additional References 2313
Feature History and Information for Access Point Groups 2314

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xci
Contents

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xcii
Preface
Document Conventions, page xciii
Related Documentation, page xcv
Obtaining Documentation and Submitting a Service Request, page xcv

Document Conventions
This document uses the following conventions:

Convention Description
^ or Ctrl Both the ^ symbol and Ctrl represent the Control (Ctrl) key on a keyboard. For
example, the key combination ^D or Ctrl-D means that you hold down the Control
key while you press the D key. (Keys are indicated in capital letters but are not
case sensitive.)

bold font Commands and keywords and user-entered text appear in bold font.

Italic font Document titles, new or emphasized terms, and arguments for which you supply
values are in italic font.

Courier font Terminal sessions and information the system displays appear in courier font.

Bold Courier font Bold Courier font indicates text that the user must enter.

[x] Elements in square brackets are optional.

... An ellipsis (three consecutive nonbolded periods without spaces) after a syntax
element indicates that the element can be repeated.

| A vertical line, called a pipe, indicates a choice within a set of keywords or


arguments.

[x | y] Optional alternative keywords are grouped in brackets and separated by vertical


bars.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xciii
Preface
Document Conventions

Convention Description
{x | y} Required alternative keywords are grouped in braces and separated by vertical
bars.

[x {y | z}] Nested set of square brackets or braces indicate optional or required choices
within optional or required elements. Braces and a vertical bar within square
brackets indicate a required choice within an optional element.

string A nonquoted set of characters. Do not use quotation marks around the string or
the string will include the quotation marks.

<> Nonprinting characters such as passwords are in angle brackets.

[] Default responses to system prompts are in square brackets.

!, # An exclamation point (!) or a pound sign (#) at the beginning of a line of code
indicates a comment line.

Reader Alert Conventions


This document may use the following conventions for reader alerts:

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.

Tip Means the following information will help you solve a problem.

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage
or loss of data.

Timesaver Means the described action saves time. You can save time by performing the action described in the
paragraph.

Warning IMPORTANT SAFETY INSTRUCTIONS


This warning symbol means danger. You are in a situation that could cause bodily injury. Before you
work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with
standard practices for preventing accidents. Use the statement number provided at the end of each warning
to locate its translation in the translated safety warnings that accompanied this device. Statement 1071
SAVE THESE INSTRUCTIONS

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xciv
Preface
Related Documentation

Related Documentation

Note Before installing or upgrading the switch, refer to the switch release notes.

Cisco Catalyst 3850 Switch documentation, located at:


http://www.cisco.com/go/cat3850_docs

Cisco SFP and SFP+ modules documentation, including compatibility matrixes, located at:
http://www.cisco.com/en/US/products/hw/modules/ps5455/tsd_products_support_series_home.html
Cisco Validated Designs documents, located at:
http://www.cisco.com/go/designzone
Error Message Decoder, located at:
https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi

Obtaining Documentation and Submitting a Service Request


For information on obtaining documentation, submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xcv
Preface
Obtaining Documentation and Submitting a Service Request

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
xcvi
CHAPTER 1
Using the Command-Line Interface
Information About Using the Command-Line Interface, page 1
How to Use the CLI to Configure Features, page 6

Information About Using the Command-Line Interface

Command Modes
The Cisco IOS user interface is divided into many different modes. The commands available to you depend
on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands
available for each command mode.
You can start a CLI session through a console connection, through Telnet, an SSH, or by using the browser.
When you start a session, you begin in user mode, often called user EXEC mode. Only a limited subset of
the commands are available in user EXEC mode. For example, most of the user EXEC commands are one-time
commands, such as show commands, which show the current configuration status, and clear commands,
which clear counters or interfaces. The user EXEC commands are not saved when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password
to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enter
global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to the running configuration.
If you save the configuration, these commands are stored and used when the switch reboots. To access the
various configuration modes, you must start at global configuration mode. From global configuration mode,
you can enter interface configuration mode and line configuration mode .
This table describes the main command modes, how to access each one, the prompt you see in that mode, and
how to exit the mode.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
1
Using the Command-Line Interface
Command Modes

Table 1: Command Mode Summary

Mode Access Method Prompt Exit Method About This Mode


User EXEC Begin a session Enter logout or Use this mode to
Switch>
using Telnet, SSH, quit.
or console. Change
terminal
settings.
Perform basic
tests.
Display system
information.

Privileged EXEC While in user Enter disable Use this mode to


Switch#
EXEC mode, enter to exit. verify commands
the enable that you have
command. entered. Use a
password to protect
access to this mode.
Use this mode to
execute privilege
EXEC commands
for access points.
These commands are
not part of the
running config of the
controller, they are
sent to the IOS
config of the access
point.

Global While in privileged To exit to Use this mode to


Switch(config)#
configuration EXEC mode, enter privileged configure parameters
the configure EXEC mode, that apply to the
command. enter exit or entire switch.
end, or press Use this mode to
Ctrl-Z. configure access
point commands that
are part of the
running config of the
controller.

VLAN While in global


Switch(config-vlan)#
configuration configuration
mode, enter the
vlan vlan-id
command.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
2
Using the Command-Line Interface
Understanding Abbreviated Commands

Mode Access Method Prompt Exit Method About This Mode


To exit to Use this mode to
global configure VLAN
configuration parameters. When
mode, enter the VTP mode is
exit command. transparent, you can
create
To return to
extended-range
privileged
VLANs (VLAN IDs
EXEC mode,
greater than 1005)
press Ctrl-Z or
and save
enter end.
configurations in the
switch startup
configuration file.

Interface While in global To exit to Use this mode to


Switch(config-if)#
configuration configuration global configure parameters
mode, enter the configuration for the Ethernet
interface command mode, enter ports.
(with a specific exit.
interface). To return to
privileged
EXEC mode,
press Ctrl-Z or
enter end.

Line configuration While in global To exit to Use this mode to


Switch(config-line)#
configuration global configure parameters
mode, specify a line configuration for the terminal line.
with the line vty or mode, enter
line console exit.
command. To return to
privileged
EXEC mode,
press Ctrl-Z or
enter end.

Understanding Abbreviated Commands


You need to enter only enough characters for the switch to recognize the command as unique.
This example shows how to enter the show configuration privileged EXEC command in an abbreviated form:

Switch# show conf

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
3
Using the Command-Line Interface
No and Default Forms of Commands

No and Default Forms of Commands


Almost every configuration command also has a no form. In general, use the no form to disable a feature or
function or reverse the action of a command. For example, the no shutdown interface configuration command
reverses the shutdown of an interface. Use the command without the keyword no to reenable a disabled feature
or to enable a feature that is disabled by default.
Configuration commands can also have a default form. The default form of a command returns the command
setting to its default. Most commands are disabled by default, so the default form is the same as the no form.
However, some commands are enabled by default and have variables set to certain default values. In these
cases, the default command enables the command and sets variables to their default values.

CLI Error Messages


This table lists some error messages that you might encounter while using the CLI to configure your switch.

Table 2: Common CLI Error Messages

Error Message Meaning How to Get Help


% Ambiguous command: "show You did not enter enough Reenter the command followed by
con"
characters for your switch to a question mark (?) without any
recognize the command. space between the command and
the question mark.
The possible keywords that you can
enter with the command appear.

% Incomplete command. You did not enter all of the Reenter the command followed by
keywords or values required by this a question mark (?) with a space
command. between the command and the
question mark.
The possible keywords that you can
enter with the command appear.

% Invalid input detected at You entered the command Enter a question mark (?) to display
^ marker.
incorrectly. The caret (^) marks the all of the commands that are
point of the error. available in this command mode.
The possible keywords that you can
enter with the command appear.

Configuration Logging
You can log and view changes to the switch configuration. You can use the Configuration Change Logging
and Notification feature to track changes on a per-session and per-user basis. The logger tracks each
configuration command that is applied, the user who entered the command, the time that the command was
entered, and the parser return code for the command. This feature includes a mechanism for asynchronous

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
4
Using the Command-Line Interface
Using the Help System

notification to registered applications whenever the configuration changes. You can choose to have the
notifications sent to the syslog.

Note Only CLI or HTTP changes are logged.

Using the Help System


You can enter a question mark (?) at the system prompt to display a list of commands available for each
command mode. You can also obtain a list of associated keywords and arguments for any command.

SUMMARY STEPS

1. help
2. abbreviated-command-entry ?
3. abbreviated-command-entry <Tab>
4. ?
5. command ?
6. command keyword ?

DETAILED STEPS

Command or Action Purpose


Step 1 help Obtains a brief description of the help system in any
command mode.
Example:
Switch# help

Step 2 abbreviated-command-entry ? Obtains a list of commands that begin with a particular


character string.
Example:
Switch# di?
dir disable disconnect

Step 3 abbreviated-command-entry <Tab> Completes a partial command name.

Example:
Switch# sh conf<tab>
Switch# show configuration

Step 4 ? Lists all commands available for a particular command


mode.
Example:
Switch> ?

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
5
Using the Command-Line Interface
How to Use the CLI to Configure Features

Command or Action Purpose


Step 5 command ? Lists the associated keywords for a command.

Example:
Switch> show ?

Step 6 command keyword ? Lists the associated arguments for a keyword.

Example:
Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver
must keep this packet

How to Use the CLI to Configure Features


Configuring the Command History
The software provides a history or record of commands that you have entered. The command history feature
is particularly useful for recalling long or complex commands or entries, including access lists. You can
customize this feature to suit your needs.

Changing the Command History Buffer Size


By default, the switch records ten command lines in its history buffer. You can alter this number for a current
terminal session or for all sessions on a particular line. This procedure is optional.

SUMMARY STEPS

1. terminal history [size number-of-lines]

DETAILED STEPS

Command or Action Purpose


Step 1 terminal history [size number-of-lines] Changes the number of command lines that the switch records during
the current terminal session in privileged EXEC mode. You can
Example: configure the size from 0 to 256.
Switch# terminal history size 200

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
6
Using the Command-Line Interface
Configuring the Command History

Recalling Commands
To recall commands from the history buffer, perform one of the actions listed in this table. These actions are
optional.

Note The arrow keys function only on ANSI-compatible terminals such as VT100s.

SUMMARY STEPS

1. Ctrl-P or use the up arrow key


2. Ctrl-N or use the down arrow key
3. show history

DETAILED STEPS

Command or Action Purpose


Step 1 Ctrl-P or use the up arrow key Recalls commands in the history buffer, beginning with the most recent command.
Repeat the key sequence to recall successively older commands.

Step 2 Ctrl-N or use the down arrow key Returns to more recent commands in the history buffer after recalling commands
with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively
more recent commands.

Step 3 show history Lists the last several commands that you just entered in privileged EXEC mode.
The number of commands that appear is controlled by the setting of the terminal
Example: history global configuration command and the history line configuration
Switch# show history command.

Disabling the Command History Feature


The command history feature is automatically enabled. You can disable it for the current terminal session or
for the command line. This procedure is optional.

SUMMARY STEPS

1. terminal no history

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
7
Using the Command-Line Interface
Enabling and Disabling Editing Features

DETAILED STEPS

Command or Action Purpose


Step 1 terminal no history Disables the feature during the current terminal session in
privileged EXEC mode.
Example:
Switch# terminal no history

Enabling and Disabling Editing Features


Although enhanced editing mode is automatically enabled, you can disable it and reenable it.

SUMMARY STEPS

1. terminal editing
2. terminal no editing

DETAILED STEPS

Command or Action Purpose


Step 1 terminal editing Reenables the enhanced editing mode for the current terminal
session in privileged EXEC mode.
Example:
Switch# terminal editing

Step 2 terminal no editing Disables the enhanced editing mode for the current terminal
session in privileged EXEC mode.
Example:
Switch# terminal no editing

Editing Commands Through Keystrokes


The keystrokes help you to edit the command lines. These keystrokes are optional.

Note The arrow keys function only on ANSI-compatible terminals such as VT100s.

Table 3: Editing Commands

Editing Commands Description

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
8
Using the Command-Line Interface
Enabling and Disabling Editing Features

Ctrl-B or use the left arrow key Moves the cursor back one character.

Ctrl-F or use the right arrow key Moves the cursor forward one character.

Ctrl-A Moves the cursor to the beginning of the command


line.

Ctrl-E Moves the cursor to the end of the command line.

Esc B Moves the cursor back one word.

Esc F Moves the cursor forward one word.

Ctrl-T Transposes the character to the left of the cursor with


the character located at the cursor.

Delete or Backspace key Erases the character to the left of the cursor.

Ctrl-D Deletes the character at the cursor.

Ctrl-K Deletes all characters from the cursor to the end of


the command line.

Ctrl-U or Ctrl-X Deletes all characters from the cursor to the beginning
of the command line.

Ctrl-W Deletes the word to the left of the cursor.

Esc D Deletes from the cursor to the end of the word.

Esc C Capitalizes at the cursor.

Esc L Changes the word at the cursor to lowercase.

Esc U Capitalizes letters from the cursor to the end of the


word.

Ctrl-V or Esc Q Designates a particular keystroke as an executable


command, perhaps as a shortcut.

Return key Scrolls down a line or screen on displays that are


longer than the terminal screen can display.
Note The More prompt is used for any output that
has more lines than can be displayed on the
terminal screen, including show command
output. You can use the Return and Space
bar keystrokes whenever you see the More
prompt.
Space bar Scrolls down one screen.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
9
Using the Command-Line Interface
Enabling and Disabling Editing Features

Ctrl-L or Ctrl-R Redisplays the current command line if the switch


suddenly sends a message to your screen.

Editing Command Lines That Wrap


You can use a wraparound feature for commands that extend beyond a single line on the screen. When the
cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first ten
characters of the line, but you can scroll back and check the syntax at the beginning of the command. The
keystroke actions are optional.
To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You can
also press Ctrl-A to immediately move to the beginning of the line.

Note The arrow keys function only on ANSI-compatible terminals such as VT100s.

The following example shows how to wrap a command line that extends beyond a single line on the screen.

SUMMARY STEPS

1. access-list
2. Ctrl-A
3. Return key

DETAILED STEPS

Command or Action Purpose


Step 1 access-list Displays the global configuration command entry that extends beyond
one line.
Example: When the cursor first reaches the end of the line, the line is shifted ten
Switch(config)# access-list 101 permit tcp spaces to the left and redisplayed. The dollar sign ($) shows that the
10.15.22.25 255.255.255.0 10.15.22.35 line has been scrolled to the left. Each time the cursor reaches the end
Switch(config)# $ 101 permit tcp of the line, the line is again shifted ten spaces to the left.
10.15.22.25 255.255.255.0 10.15.22.35
255.25
Switch(config)# $t tcp 10.15.22.25
255.255.255.0 131.108.1.20 255.255.255.0
eq
Switch(config)# $15.22.25 255.255.255.0
10.15.22.35 255.255.255.0 eq 45

Step 2 Ctrl-A Checks the complete syntax.


The dollar sign ($) appears at the end of the line to show that the line
Example: has been scrolled to the right.
Switch(config)# access-list 101 permit tcp
10.15.22.25 255.255.255.0 10.15.2$

Step 3 Return key Execute the commands.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
10
Using the Command-Line Interface
Searching and Filtering Output of show and more Commands

Command or Action Purpose


The software assumes that you have a terminal screen that is 80 columns
wide. If you have a different width, use the terminal width privileged
EXEC command to set the width of your terminal.
Use line wrapping with the command history feature to recall and
modify previous complex command entries.

Searching and Filtering Output of show and more Commands


You can search and filter the output for show and more commands. This is useful when you need to sort
through large amounts of output or if you want to exclude output that you do not need to see. Using these
commands is optional.

SUMMARY STEPS

1. {show | more} command | {begin | include | exclude} regular-expression

DETAILED STEPS

Command or Action Purpose


Step 1 {show | more} command | {begin | include | exclude} Searches and filters the output.
regular-expression Expressions are case sensitive. For example, if you enter
| exclude output, the lines that contain output are not
Example: displayed, but the lines that contain output appear.
Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
GigabitEthernet1/0/1 is up, line protocol is down
GigabitEthernet1/0/2 is up, line protocol is up

Accessing the CLI on a Switch Stack


You can access the CLI through a console connection, through Telnet, a SSH, or by using the browser.
You manage the switch stack and the stack member interfaces through the active switch. You cannot manage
stack members on an individual switch basis. You can connect to the active switch through the console port
or the Ethernet management port of one or more stack members. Be careful with using multiple CLI sessions
on the active switch. Commands that you enter in one session are not displayed in the other sessions. Therefore,
it is possible to lose track of the session from which you entered commands.

Note We recommend using one CLI session when managing the switch stack.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
11
Using the Command-Line Interface
Accessing the CLI Through a Console Connection or Through Telnet

If you want to configure a specific stack member port, you must include the stack member number in the CLI
command interface notation.
To debug the standby switch, use the session standby ios privileged EXEC command from the active switch
to access the IOS console of the standby switch. To debug a specific stack member, use the session switch
stack-member-number privileged EXEC command from the active switch to access the diagnostic shell of
the stack member. For more information about these commands, see the switch command reference.
To debug a specific stack member, you can start a CLI session from the stack master by using the session
stack-member-number privileged EXEC command. The stack member number is appended to the system
prompt. For example, Switch-2# is the prompt for stack member 2 where the system prompt for the stack
master is Switch. Only the show and debug commands are available in a CLI session to a specific stack
member. You can also use the remote command stack-member-number LINE privileged EXEC command
on the stack master to enable debugging on a member switch without first starting a session.

Accessing the CLI Through a Console Connection or Through Telnet


Before you can access the CLI, you must connect a terminal or a PC to the switch console or connect a PC to
the Ethernet management port and then power on the switch, as described in the hardware installation guide
that shipped with your switch.
If your switch is already configured, you can access the CLI through a local console connection or through a
remote Telnet session, but your switch must first be configured for this type of access.
You can use one of these methods to establish a connection with the switch:
Connect the switch console port to a management station or dial-up modem, or connect the Ethernet
management port to a PC. For information about connecting to the console or Ethernet management
port, see the switch hardware installation guide.
Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management station.
The switch must have network connectivity with the Telnet or SSH client, and the switch must have an
enable secret password configured.
The switch supports up to 16 simultaneous Telnet sessions. Changes made by one Telnet user are
reflected in all other Telnet sessions.
The switch supports up to five simultaneous secure SSH sessions.

After you connect through the console port, through the Ethernet management port, through a Telnet
session or through an SSH session, the user EXEC prompt appears on the management station.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
12
CHAPTER 2
Using the Web Graphical User Interface
Prerequisites for Using the Web GUI, page 13
Information About Using The Web GUI, page 13
Connecting the Console Port of the Switch , page 15
Logging On to the Web GUI, page 15
Enabling Web and Secure Web Modes , page 15
Configuring the Switch Web GUI, page 16

Prerequisites for Using the Web GUI


Operating Systems:
Windows 7
Windows 8
Mac OS X 10.8

Browsers:
Google Chrome, version 35
Microsoft Internet Explorer, versions 10 or 11
Mozilla Firefox, version 30 or later
Safari, version 6.1

Information About Using The Web GUI


A web browser, or graphical user interface (GUI), is built into each switch.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
13
Using the Web Graphical User Interface
Web GUI Features

You can use either the service port interface or the management interface to access the GUI. We recommend
that you use the service-port interface. Click Help at the top of any page in the GUI to display online help.
You might need to disable your browsers pop-up blocker to view the online help.

Web GUI Features


The switch web GUI supports the following:
The Configuration WizardAfter initial configuration of the IP address and the local username/password or
auth via the authentication server (privilege 15 needed), the wizard provides a method to complete the initial
wireless configuration. Start the wizard through Configuration -> Wizard and follow the nine-step process to
configure the following:
Admin Users
SNMP System Summary
Management Port
Wireless Management
RF Mobility and Country code
Mobility configuration
WLANs
802.11 Configuration
Set Time

The Monitor tab:


Displays summary details of switch, clients, and access points.
Displays all radio and AP join statistics.
Displays air quality on access points.
Displays list of all Cisco Discovery Protocol (CDP) neighbors on all interfaces and the CDP traffic
information.
Displays all rogue access points based on their classification-friendly, malicious, ad hoc, classified, and
unclassified.

The Configuration tab:


Enables you to configure the switch for all initial operation using the web Configuration Wizard. The
wizard allows you to configure user details, management interface, and so on.
Enables you to configure the system, internal DHCP server, management, and mobility management
parameters.
Enables you to configure the switch, WLAN, and radios.
Enables you to configure and set security policies on your switch.
Enables you to access the switch operating system software management commands.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
14
Using the Web Graphical User Interface
Connecting the Console Port of the Switch

The Administration tab enables you to configure system logs.

Connecting the Console Port of the Switch


Before You Begin
Before you can configure the switch for basic operations, you need to connect it to a PC that uses a VT-100
terminal emulation program (such as HyperTerminal, ProComm, Minicom, or Tip).

Step 1 Connect one end of a null-modem serial cable to the switch's RJ-45 console port and the other end to your PC's serial
port.
Step 2 Plug the AC power cord into the switch and a grounded 100 to 240 VAC, 50/60-Hz electrical outlet. Turn on the power
supply. The bootup script displays operating system software initialization (code download and power-on self-test
verification) and basic configuration. If the switch passes the power-on self-test, the bootup script runs the configuration
wizard, which prompts you for basic configuration input.
Step 3 Enter yes. Proceed with basic initial setup configuration parameters in the CLI setup wizard. Specify the IP address for
the service port which is the gigabitethernet 0/0 interface.
After entering the configuration parameters in the configuration wizard, you can access the Web GUI. Now, the switch
is configured with the IP address for service port.

Logging On to the Web GUI

Step 1 Enter the switch IP address in your browsers address bar. For a secure connection, enter https://ip-address. For a less
secure connection, enter http://ip-address.
Step 2 When prompted, enter a valid username and password and click OK.
Note The administrative username and password that you created in the configuration wizard are case sensitive. The
default username is admin, and the default password is cisco.
The Accessing page appears.

Enabling Web and Secure Web Modes

Step 1 Choose Configuration > Controller > Switch > Management > Protocol Management > HTTP-HTTPS.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
15
Using the Web Graphical User Interface
Configuring the Switch Web GUI

The HTTP-HTTPS Configuration page appears.

Step 2 To enable web mode, which allows users to access the switch GUI using http://ip-address, choose Enabled from the
HTTP Access drop-down list. Otherwise, choose Disabled. Web mode (HTTP) is not a secure connection.

Step 3 To enable secure web mode, which allows users to access the switch GUI using https://ip-address, choose Enabled
from the HTTPS Access drop-down list. Otherwise, choose Disabled. Secure web mode (HTTPS) is a secure connection.
Step 4 Choose to track the device in the IP Device Tracking check box.
Step 5 Choose to enable the trust point in the Enable check box.
Step 6 Choose the trustpoints from the Trustpoints drop-down list.
Step 7 Enter the amount of time, in seconds, before the web session times out due to inactivity in the HTTP Timeout-policy (1
to 600 sec) text box.
The valid range is from 1 to 600 seconds.

Step 8 Enter the server life time in the Server Life Time (1 to 86400 sec) text box.
The valid range is from1 to 86400 seconds.

Step 9 Enter the maximum number of connection requests that the server can accept in the Maximum number of Requests (1
to 86400) text box.
The valid range is from 1 to 86400 connections.

Step 10 Click Apply.


Step 11 Click Save Configuration.

Configuring the Switch Web GUI


The configuration wizard enables you to configure basic settings on the switch. You can run the wizard after
you receive the switch from the factory or after the switch has been reset to factory defaults. The configuration
wizard is available in both GUI and CLI formats.

Step 1 Connect your PC to the service port and configure an IPv4 address to use the same subnet as the switch. The switch is
loaded with IOS XE image and the service port interface is configured as gigabitethernet 0/0.

Step 2 Start Internet Explorer 10 (or later), Firefox 2.0.0.11 (or later), or Google Chrome on your PC and enter the management
interface IP address on the browser window. The management interface IP address is same as the gigabitethernet 0/0
(also known as service port interface). When you log in for the first time, you need to enter HTTP username and password.
By default, the username is admin and the password is cisco.
You can use both HTTP and HTTPS when using the service port interface. HTTPS is enabled by default and HTTP can
also be enabled.
When you log in for the first time, the Accessing Cisco Switch Accessing Cisco Controller <Model Number>
<Hostname> page appears.

Step 3 On the Accessing Cisco SwitchAccessing Cisco Controller page, click the Wireless Web GUI link to access switch
web GUI Home page.
Step 4 Choose Configuration > Wizard to perform all steps that you need to configure the switch initially.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
16
Using the Web Graphical User Interface
Configuring the Switch Web GUI

The Admin Users page appears.

Step 5 On the Admin Users page, enter the administrative username to be assigned to this switch in the User Name text box
and the administrative password to be assigned to this switch in the Password and Confirm Password text boxes. Click
Next.
The default username is admin and the default password is cisco. You can also create a new administrator user for the
switch. You can enter up to 24 ASCII characters for username and password.
The SNMP System Summary page appears.

Step 6 On the SNMP System Summary page, enter the following SNMP system parameters for the switch, and click Next:
Customer-definable switch location in the Location text box.
Customer-definable contact details such as phone number with names in the Contact text box.
Choose enabled to send SNMP notifications for various SNMP traps or disabled not to send SNMP notifications
for various SNMP traps from the SNMP Global Trap drop-down list.
Choose enabled to send system log messages or disabled not to send system log messages from the SNMP Logging
drop-down list.

Note The SNMP trap server, must be reachable through the distribution ports (and not through the gigabitethernet0/0
service or management interface).
The Management Port page appears.

Step 7 In the Management Port page, enter the following parameters for the management port interface (gigabitethernet 0/0)
and click Next.
Interface IP address that you assigned for the service port in the IP Address text box.
Network mask address of the management port interface in the Netmask text box.
The IPv4 Dynamic Host Configuration Protocol (DHCP) address for the selected port in the IPv4 DHCP Server
text box.

The Wireless Management page appears.

Step 8 In the Wireless Management page, enter the following wireless interface management details, and click Next.
Choose the interfaceVLAN, or Ten Gigabit Ethernet from the Select Interface drop-down list.
VLAN tag identifier, or 0 for no VLAN tag in the VLAN id text box.
IP address of wireless management interface where access points are connected in the IP Address text box.
Network mask address of the wireless management interface in the Netmask text box.
DHCP IPv4 IP address in the IPv4 DHCP Server text box.

When selecting VLAN as interface, you can specify the ports as Trunk or Access ports from the selected list displayed
in the Switch Port Configuration text box.
The RF Mobility and Country Code page appears.

Step 9 In the RF Mobility and Country Code page, enter the RF mobility domain name in the RF Mobility text box, choose
current country code from the Country Code drop-down list, and click Next. From the GUI, you can select only one
country code.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
17
Using the Web Graphical User Interface
Configuring the Switch Web GUI

Note Before configuring RF grouping parameters and mobility configuration, ensure that you refer to the relevant
conceptual content and then proceed with the configuration.
The Mobility Configuration page with mobility global configuration settings appears.

Step 10 In the Mobility Configuration page, view and enter the following mobility global configuration settings, and click Next.
Displays Mobility Controller in the Mobility Role text box.
Displays mobility protocol port number in the Mobility Protocol Port text box.
Displays the mobility group name in the Mobility Group Name text box.
Displays whether DTLS is enabled in the DTLS Mode text box.
DTLS is a standards-track Internet Engineering Task Force (IETF) protocol based on TLS.
Displays mobility domain identifier for 802.11 radios in the Mobility Domain ID for 802.11 radios text box.
Displays the number of members configured on the switch in the Mobility Domain Member Count text box.
To enable the controller as a Mobility Oracle, select the Mobility Oracle Enabled check box.
Note Only the controller can be configured as Mobility Oracle. You cannot configure the switch as Mobility
Oracle.
The Mobility Oracle is optional, it maintains the client database under one complete mobility domain.
The amount of time (in seconds) between each ping request sent to an peer switch in the Mobility Keepalive Interval
(1-30)sec text box.
Valid range is from 1 to 30 seconds, and the default value is 10 seconds.
Number of times a ping request is sent to an peer switch before the peer is considered to be unreachable in the
Mobility Keepalive Count (3-20) text box.
The valid range is from 3 to 20, and the default value is 3.
The DSCP value that you can set for the mobility switch in the Mobility Control Message DSCP Value (0-63) text
box.
The valid range is 0 to 63, and the default value is 0.

The WLANs page appears.

Step 11 In the Mobility Configuration page, view and enter the following mobility global configuration settings, and click Next.
Choose Mobility Controller or Mobility Agent from the Mobility Role drop-down list:
If Mobility Agent is chosen, enter the mobility controller IP address in the Mobility Controller IP Address
text box and mobility controller IP address in the Mobility Controller Public IP Address text box.
If Mobility Controller is chosen, then the mobility controller IP address and mobility controller public IP
address are displayed in the respective text boxes.

Displays mobility protocol port number in the Mobility Protocol Port text box.
Displays the mobility switch peer group name in the Mobility Switch Peer Group Name text box.
Displays whether DTLS is enabled in the DTLS Mode text box.
DTLS is a standards-track Internet Engineering Task Force (IETF) protocol based on TLS.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
18
Using the Web Graphical User Interface
Configuring the Switch Web GUI

Displays mobility domain identifier for 802.11 radios in the Mobility Domain ID for 802.11 radios text box.
The amount of time (in seconds) between each ping request sent to an peer switch in the Mobility Keepalive Interval
(1-30)sec text box.
Valid range is from 1 to 30 seconds, and the default value is 10 seconds.
Number of times a ping request is sent to an peer switch before the peer is considered to be unreachable in the
Mobility Keepalive Count (3-20) text box.
The valid range is from 3 to 20, and the default value is 3.
The DSCP value that you can set for the mobility switch in the Mobility Control Message DSCP Value (0-63) text
box.
The valid range is 0 to 63, and the default value is 0.
Displays the number of mobility switch peer group member configured in the Switch Peer Group Members
Configured text box.

The WLANs page appears.

Step 12 In the WLANs page, enter the following WLAN configuration parameters, and click Next.
WLAN identifier in the WLAN ID text box.
SSID of the WLAN that the client is associated with in the SSID text box.
Name of the WLAN used by the client in the Profile Name text box.

The 802.11 Configuration page appears.

Step 13 In the 802.11 Configuration page, check either one or both 802.11a/n/ac and 802.11b/g/n check boxes to enable the
802.11 radios, and click Next.
The Set Time page appears.

Step 14 In the Set Time page, you can configure the time and date on the switch based on the following parameters, and click
Next.
Displays current timestamp on the switch in the Current Time text box.
Choose either Manual or NTP from the Mode drop-down list.
On using the NTP server, all access points connected to the switch, synchronizes its time based on the NTP server
settings available.
Choose date on the switch from the Year, Month, and Day drop-down list.
Choose time from the Hours, Minutes, and Seconds drop-down list.
Enter the time zone in the Zone text box and select the off setting required when compared to the current time
configured on the switch from the Offset drop-down list.

The Save Wizard page appears.

Step 15 In the Save Wizard page, you can review the configuration settings performed on the switch using these steps, and if
you wish to change any configuration value, click Previous and navigate to that page.
You can save the switch configuration created using the wizard only if a success message is displayed for all the wizards.
If the Save Wizard page displays errors, you must recreate the wizard for initial configuration of the switch.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
19
Using the Web Graphical User Interface
Configuring the Switch Web GUI

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
20
PART I
CleanAir
Configuring Cisco CleanAir, page 23
CHAPTER 3
Configuring Cisco CleanAir
Finding Feature Information, page 23
Prerequisites for CleanAir, page 23
Restrictions for CleanAir, page 24
Information About CleanAir, page 25
How to Configure CleanAir, page 30
Configuring Cisco CleanAir using the Controller GUI, page 39
Configuring Cisco Spectrum Expert, page 42
Monitoring CleanAir Parameters, page 44
Configuration Examples for Configuring CleanAir, page 49
CleanAir FAQs, page 49
Additional References, page 51

Finding Feature Information


Your software release may not support all of the features documented in this module. For the latest feature
information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Prerequisites for CleanAir


You can configure Cisco CleanAir only on CleanAir-enabled access points.
Only Cisco CleanAir-enabled access points using the following access point modes can perform Cisco CleanAir
spectrum monitoring:
LocalIn this mode, each Cisco CleanAir-enabled access point radio provides air quality and interference
detection reports for the current operating channel only.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
23
Restrictions for CleanAir

MonitorWhen Cisco CleanAir is enabled in monitor mode, the access point provides air quality and
interference detection reports for all monitored channels.
The following options are available:
All All channels
DCAChannel selection governed by the DCA list
CountryAll channel legal within a regulatory domain

Note The access point does not participate in AQ HeatMap in Prime Infrastructure.

SE-ConnectThis mode enables a user to connect a Spectrum Expert application running on an external
Microsoft Windows XP or Vista PC to a Cisco CleanAir-enabled access point in order to display and
analyze detailed spectrum data. The Spectrum Expert application connects directly to the access point,
bypassing the switch. An access point in SE-Connect mode does not provide any Wi-Fi, RF, or spectrum
data to the switch. All CleanAir system functionality is suspended while the AP is in this mode, and no
clients are served. This mode is intended for remote troubleshooting only. Up to three active Spectrum
Expert connections are possible.
Only Cisco Catalyst 3850 and Switches can function as a Mobility Agent.
Cisco Catalyst 3850 Switches and Cisco 5760 Wireless LAN Controllers can function as Mobility
Controllers.

Related Topics
Enabling CleanAir for 2.4-GHz Band, on page 30
Configuring a CleanAir Alarm for 2.4-GHz Air-Quality and Devices, on page 31
Configuring Interference Reporting for 2.4-GHz Devices, on page 33
Enabling CleanAir for 5-GHz Band, on page 34
Configuring a CleanAir Alarm for 5-GHz Air-Quality and Devices, on page 35
Configuring Interference Reporting for 5-GHz devices, on page 36

Restrictions for CleanAir


Access points in monitor mode do not transmit Wi-Fi traffic or 802.11 packets. They are excluded from
radio resource management (RRM) planning and are not included in the neighbor access point list. IDR
clustering depends on the switchs ability to detect neighboring in-network access points. Correlating
interference device detections from multiple access points is limited between monitor-mode access
points.
SE-connect is an access point mode similar to local mode or monitor mode. The access point provides
spectrum information to Spectrum Expert only for the current channel(s). The spectrum data is available
for the current active channel(s) and the common monitored channel list is available. The access point
continues to send AQ (Air Quality) and IDR (Interference Device Reports) reports to the switch and
perform normal activities according to the current mode. Sniffer and rogue detections access point modes
are incompatible with all types of CleanAir spectrum monitoring.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
24
Information About CleanAir

Local Mode access pointServes WLAN clients with the time slicing off-channel scanning and listens
for 50 ms on each channel, and scans configurable feature scanning for all/country/DCA channels.
Monitor Mode access pointDoes not serve WLAN clients and are dedicated to scanning only. These
access points listen for 1.2 s on each channel, and scans all channels.
Cisco recommends a ratio of 1 monitor mode access point for every 5 local mode access points, this
may also vary based on the network design and expert guidance for best coverage.
Spectrum Expert (Windows XP laptop client) and AP should be pingable, otherwise; it will not work.

Related Topics
Enabling CleanAir for 2.4-GHz Band, on page 30
Configuring a CleanAir Alarm for 2.4-GHz Air-Quality and Devices, on page 31
Configuring Interference Reporting for 2.4-GHz Devices, on page 33
Enabling CleanAir for 5-GHz Band, on page 34
Configuring a CleanAir Alarm for 5-GHz Air-Quality and Devices, on page 35
Configuring Interference Reporting for 5-GHz devices, on page 36

Information About CleanAir


Cisco CleanAir is a spectrum intelligence solution designed to proactively manage the challenges of a shared
wireless spectrum. All of the users of the shared spectrum can be seen (both native devices and foreign
interferers). It also enables the network to act upon this information. For example, the interfering device can
be manually removed or the system can automatically change the channel away from the interference.
A Cisco CleanAir system consists of CleanAir-enabled access points, wireless controller modules, mobility
controllers, mobility anchors and next generation switches. The access points join the mobility controller
directly or through the mobility anchor. They collect information about all devices that operate in the industrial,
scientific, and medical (ISM) bands, identify and evaluate the information as a potential interference source,
and forward it to the switch. The switch controls the access points, collects spectrum data, and forwards
information to Cisco Prime Infrastructure (PI) or a Cisco Mobility Services Engine (MSE) upon request.
Any networking configurations can be performed only on the mobility controller, configurations cannot be
performed in the MA mode. However, any radio level CleanAir configurations can be done using mobility
anchor.
For every device operating in the unlicensed band, Cisco CleanAir tells what it is, where it is, how it is
impacting the wireless network, and what actions should be taken. It simplifies RF.
Wireless LAN systems operate in unlicensed 2.4-GHz and 5-GHz ISM bands. Many devices like microwave
ovens, cordless phones, and Bluetooth devices also operate in these bands and can negatively affect the Wi-Fi
operations.
Some of the most advanced WLAN services, such as voice over wireless and IEEE 802.11n radio
communications, could be significantly impaired by the interference caused by other legal users of the ISM
bands. The integration of Cisco CleanAir functionality addresses this problem of radio frequency (RF)
interference.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
25
Information About CleanAir

Cisco CleanAir Components


The basic Cisco CleanAir architecture consists of Cisco CleanAir-enabled APs and switch. Cisco Prime
Infrastructure (PI), Mobility Services Engine (MSE) and Cisco Spectrum Expert are optional system
components. Cisco PI and MSE provide user interfaces for advanced spectrum capabilities such as historic
charts, tracking interference devices, location services and impact analysis.

Figure 1: Cisco CleanAir Solution

An access point equipped with Cisco CleanAir technology collects information about non-Wi-Fi interference
sources, processes it, and forwards it to the MA. The access point sends AQR and IDR reports to the controller.
The mobility controller (MC) controls and configures CleanAir-capable access points, collects and processes
spectrum data, and provides it to the PI and/or the MSE. The MC provides local user interfaces (GUI and
CLI) to configure basic CleanAir features and services and display current spectrum information. The MC
also does detection, merging and mitigation of interference devices using RRM TPC and DCM. For details
on Interference Device Merging, see Interference Device Merging, on page 29.
Cisco PI provides advanced user interfaces for CleanAir that include feature enabling and configuration,
consolidated display information, historic AQ records and reporting engines. PI also shows charts of interference
devices, AQ trends, and alerts.
Cisco MSE is required for location and historic tracking of interference devices, and provides coordination
and consolidation of interference reports across multiple controllers. MSE also provides adaptive Wireless
Intrusion Prevention System (WIPS) service that provides comprehensive over-the-air threat detection, location
and mitigation. MSE also merges all the interference data.
To obtain detailed spectrum data that can be used to generate RF analysis plots similar to those provided by
a spectrum analyzer, you can configure a Cisco CleanAir-enabled access point to connect directly to a Microsoft
Windows XP or Vista PC running the Cisco Spectrum Expert application.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
26
Information About CleanAir

The switch performs the following tasks in a Cisco CleanAir system:


Configures Cisco CleanAir capabilities on the access point.
Provides interfaces (GUI, CLI, and SNMP) for configuring Cisco CleanAir features and retrieving data.
Displays spectrum data.
Collects and processes AQRs from the access point and stores them in the air quality database. AQRs
contains information about the total interference from all identified sources represented by Air Quality
Index (AQI) and summary for the most severe interference categories. The CleanAir system can also
include unclassified interference information under per interference type reports which enable you to
take action in cases where the interference due to unclassified interfering devices is frequent.
Collects and processes Interference Device Reports (IDRs) from the access point and stores them in the
interference device database.
Forwards spectrum data to Prime Infrastructure and the MSE.

Terms Used in Cisco CleanAir


Table 4: CleanAir-related Terms

Term Decription
AQI Air Quality Index. The AQI is an indicator of air quality, based on the air pollutants. An AQI
of 0 is bad and an AQI > 85 is good.
AQR Air Quality Report. AQRs contain information about the total interference from all identified
sources represented by AQI and summary of the most severe interference categories. AQRs
are sent every 15 minutes to the Mobility Controller and every 30 seconds in the Rapid mode.
DC Duty Cycle. Percentage of time that the channel is utilized by a device.
EDRRM EDRRM Event Driven RRM. EDRRM allows an access point in distress to bypass normal
RRM intervals and immediately change channels.
IDR Interference Device Reports that the access point sends to the controller.
ISI Interference Severity Index. The ISI is an indicator of the severity of the interference.
MA Mobility Agent. An MA is either an access switch that has a wireless module running on it or
an MC with an internal MA running on it. An MA is the wireless component that maintains
client mobility state machine for a mobile client that is connected to an access point to the
device that the MA is running on.
MC Mobility Controller. An MC provides mobility management services for inter-peer group
roaming events. The MC provides a central point of contact for management and sends the
configuration to all the mobility agents under its sub-domain of their mobility configuration,
peer group membership and list of members.
RSSI Received Signal Strength Indicator. RSSI is a measurement of the power present in a received
radio signal. It is the power at which an access point sees the interferer device.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
27
Information About CleanAir

Interference Types that Cisco CleanAir can Detect


Cisco CleanAir can detect interference, report on the location and severity of the interference, and recommend
different mitigation strategies. Two such mitigation strategies are persistent device avoidance and spectrum
event-driven RRM. New
Wi-Fi chip-based RF management systems share these characteristics:
Any RF energy that cannot be identified as a Wi-Fi signal is reported as noise.
Noise measurements that are used to assign a channel plan tend to be averaged over a period of time to
avoid instability or rapid changes that can be disruptive to certain client devices.
Averaging measurements reduces the resolution of the measurement. As such, a signal that disrupts
clients might not look like it needs to be mitigated after averaging.
All RF management systems available today are reactive in nature.

Cisco CleanAir is different and can positively identify not only the source of the noise but also its location
and potential impact to a WLAN. Having this information allows you to consider the noise within the context
of the network and make intelligent and, where possible, proactive decisions. For CleanAir, two types of
interference events are common:
Persistent interference
Spontaneous interference

Persistent interference events are created by devices that are stationary in nature and have intermittent but
largely repeatable patterns of interference. For example, consider the case of a microwave oven located in a
break room. Such a device might be active for only 1 or 2 minutes at a time. When operating, however, it can
be disruptive to the performance of the wireless network and associated clients. Using Cisco CleanAir, you
can positively identify the device as a microwave oven rather than indiscriminate noise. You can also determine
exactly which part of the band is affected by the device, and because you can locate it, you can understand
which access points are most severely affected. You can then use this information to direct RRM in selecting
a channel plan that avoids this source of interference for the access points within its range. Because this
interference is not active for a large portion of the day, existing RF management applications might attempt
to again change the channels of the affected access points. Persistent device avoidance is unique, however,
in that it remains in effect as long as the source of interference is periodically detected to refresh the persistent
status. The Cisco CleanAir system knows that the microwave oven exists and includes it in all future planning.
If you move either the microwave oven or the surrounding access points, the algorithm updates RRM
automatically.

Note Spectrum event-driven RRM can be triggered only by Cisco CleanAir-enabled access points in local mode.

Spontaneous interference is interference that appears suddenly on a network, perhaps jamming a channel or
a range of channels completely. The Cisco CleanAir spectrum event-driven RRM feature allows you to set a
threshold for air quality (AQ) that, if exceeded, triggers an immediate channel change for the affected access
point. Most RF management systems can avoid interference, but this information takes time to propagate
through the system. Cisco CleanAir relies on AQ measurements to continuously evaluate the spectrum and
can trigger a move within 30 seconds. For example, if an access point detects interference from a video camera,
it can recover by changing channels within 30 seconds of the camera becoming active. Cisco CleanAir also

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
28
Information About CleanAir

identifies and locates the source of interference so that more permanent mitigation of the device can be
performed at a later time.
In the case of Bluetooth devices, Cisco CleanAir-enabled access points can detect and report interference only
if the devices are actively transmitting. Bluetooth devices have extensive power save modes. For example,
interference can be detected when data or voice is being streamed between the connected devices.

Interference Device Merging


The Interference Devices (ID) messages are processed on a Mobility Controller (MC). The Mobility Anchor
(MA) forwards the ID messages from APs and hence they are processed on the MC. The MC has visibility
of the neighbor information across APs connected to different MAs.
ID merging logic requires AP neighbor information. Neighbor information is obtained from the RRM module.
This api only gives neighbor information to the APs directly connected to MC.
Currently the AP neighbor list on MA is synced to MC once every 3 minutes; hence the AP neighbor list
obtained by this api could be at most 3 mins old. This delay results in delay in merging of Devices as they
are discovered. The subsequent periodic merge will pick up the updated neighbor information and merge is
performed

Persistent Devices
Some interference devices such as outdoor bridges and Microwave Ovens only transmit when needed. These
devices can cause significant interference to the local WLAN due to short duration and periodic operation
remain largely undetected by normal RF management metrics. With CleanAir the RRM DCA algorithm can
detect, measure, register and remember the impact and adjust the DCA algorithm. This minimizes the use of
channels affected by the persistent devices in the channel plan local to the interference source. Cisco CleanAir
detects and stores the persistent device information in the switch and this information is used to mitigate
interfering channels.

Persistent Devices Detection


CleanAir-capable Monitor Mode access point collects information about persistent devices on all configured
channels and store the information in controller. Local/Bridge mode AP detects interference devices on the
serving channels only.

Persistent Device Avoidance


When a Persistent Device (PD) is detected in the CleanAir module, it is reported to the RRM module on the
MA. This information is used in the channel selection by the subsequent EDRRM Event Driven RRM
(ED-RRM) signal sent to the RRM module.

EDRRM and AQR Update Mode


EDRRM is a feature that allows an access point that is in distress to bypass normal RRM intervals and
immediately change channels. A CleanAir access point always monitors AQ and reports the AQ every 15
minutes. AQ only reports classified interference devices. The key benefit of EDRRM is very fast action time.
If an interfering device is operating on an active channel and causes enough AQ degradation to trigger an
EDRRM, then no clients will be able to use that channel or the access point. You must remove the access

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
29
How to Configure CleanAir

point from the channel. EDRRM is not enabled by default, you must first enable CleanAir and then enable
EDRRM.
AQRs are only available on the MC. The mode configuration and timers are held in Radio Control Block
(RCB) on MA (for APs connected to MA). There is no change to the current API available for EMS/NMS.
No change is required for directly connected APs as RCB (spectrum config and timers) is available locally.
For remote APs (APs connected to MA), three new control messages are added. These three messages are for
enable, restart timer and disable rapid update mode for a given AP MAC address and slot.

Related Topics
Configuring EDRRM for CleanAir-Events, on page 37

CleanAir High Availability


CleanAir configuration (network and radio) is stateful during the switchover. On the MC, Embedded
Instrumentation Core (EICORE) provides the sync on network configurations across active and standby nodes.
The radio configurations are synced using the HA Infrastructre. The CleanAir configurations on MA are
pulled from the MC upon joining. The network configuration is not stored in the EICORE on MA, hence it
is synced using HA Infrastructure.
CleanAir Data (AQ and IDR) reports are not stateful, that is, the standby and active nodes are not synced. On
switchover, the APs send the reports to the current active slot. The RRM Client (HA Infra Client) is used for
CleanAir HA sync.

How to Configure CleanAir

Enabling CleanAir for 2.4-GHz Band

SUMMARY STEPS

1. configure terminal
2. ap dot11 24ghz cleanair
3. end

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ap dot11 24ghz cleanair Enables the CleanAir feature on 802.11b network. Add no in
the command to disable CleanAir on the 802.11b network.
Example:
Switch(config)#ap dot11 24ghz cleanair

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
30
How to Configure CleanAir

Command or Action Purpose

Switch(config)#no ap dot11 24ghz cleanair

Step 3 end Returns to privileged EXEC mode. Alternatively, you can also
press Ctrl-Z to exit global configuration mode.
Example:
Switch(config)# end

Related Topics
Prerequisites for CleanAir, on page 23
Restrictions for CleanAir, on page 24
CleanAir FAQs, on page 49

Configuring a CleanAir Alarm for 2.4-GHz Air-Quality and Devices

SUMMARY STEPS

1. configure terminal
2. ap dot11 24ghz cleanair alarm air-quality threshold threshold_value
3. ap dot11 24ghz cleanair alarm device {bt-discovery | bt-link | canopy | cont-tx | dect-like | fh | inv |
jammer | mw-oven | nonstd | report | superag | tdd-tx | video | wimax-fixed | wimax-mobile | xbox |
zigbee }
4. end

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ap dot11 24ghz cleanair alarm air-quality Configures the alarm for the threshold value for air-quality for all the
threshold threshold_value 2.4-GHz devices. Add the no form of this command to disable the
alarm.
Example:
Switch(config)#ap dot11 24ghz cleanair
alarm air-quality threshold 50

Step 3 ap dot11 24ghz cleanair alarm device Configures the alarm for the 2.4-GHz devices. Add the no form
{bt-discovery | bt-link | canopy | cont-tx | command to disable the alarm.
dect-like | fh | inv | jammer | mw-oven | nonstd
bt-discoveryBluetooth Discovery.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
31
How to Configure CleanAir

Command or Action Purpose


| report | superag | tdd-tx | video | wimax-fixed bt-linkBluetooth Link.
| wimax-mobile | xbox | zigbee }
canopyCanopy devices.

Example: cont-txContinuous Transmitter.

Switch(config)#ap dot11 24ghz cleanair dect-likeDigital Enhanced Cordless Communication


alarm device canopy (DECT)-like phone.
fh802.11 frequency hopping devices.
invDevices using spectrally inverted WiFi signals.
jammerJammer.
mw-ovenMicrowave oven.
nonstdDevices using non standard Wi-Fi channels.
reportInterference device reporting.
superag802.11 SuperAG devices.
tdd-txTDD Transmitter.
videoVideo cameras.
wimax-fixedWiMax Fixed.
wimax-mobileWiMax Mobile.
xboxXbox.
zigbee802.15.4 devices.

Step 4 end Returns to privileged EXEC mode. Alternatively, you can also press
Ctrl-Z to exit global configuration mode.
Example:
Switch(config)# end

Related Topics
Prerequisites for CleanAir, on page 23
Restrictions for CleanAir, on page 24
CleanAir FAQs, on page 49

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
32
How to Configure CleanAir

Configuring Interference Reporting for 2.4-GHz Devices

SUMMARY STEPS

1. configure terminal
2. ap dot11 24ghz cleanair device{bt-discovery | bt-link | canopy | cont-tx | dect-like | fh | inv | jammer
| mw-oven | nonstd | report | superag | tdd-tx | video | wimax-fixed | wimax-mobile | xbox | zigbee }
3. end

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ap dot11 24ghz cleanair device{bt-discovery | bt-link | canopy Configures the 2.4 GHz interference devices to report to
| cont-tx | dect-like | fh | inv | jammer | mw-oven | nonstd | the switch. Use the no form of this command to disable
report | superag | tdd-tx | video | wimax-fixed | wimax-mobile the configuration.
| xbox | zigbee }
bt-discoveryBluetooth Discovery
Example: bt-linkBluetooth Link
Switch(config)# ap dot11 24ghz cleanair device canopyCanopy devices
bt-discovery
cont-tx- Continuous Transmitter
Switch(config)# ap dot11 24ghz cleanair device bt-link
dect-like- Digital Enhanced Cordless
Switch(config)# ap dot11 24ghz cleanair device canopy
Communication (DECT) like phone
Switch(config)# ap dot11 24ghz cleanair device cont-tx
fh- 802.11 frequency hopping devices
Switch(config)# ap dot11 24ghz cleanair device dect-like
inv- Devices using spectrally inverted WiFi signals
Switch(config)# ap dot11 24ghz cleanair device fh
jammer- Jammer
Switch(config)# ap dot11 24ghz cleanair device inv
mw-oven- Microwave Oven
Switch(config)# ap dot11 24ghz cleanair device jammer

Switch(config)# ap dot11 24ghz cleanair device mw-oven


nonstd- Devices using non-standard WiFi channels

Switch(config)# ap dot11 24ghz cleanair device nonstd report- no description

Switch(config)# ap dot11 24ghz cleanair device report superag- 802.11 SuperAG devices
Switch(config)# ap dot11 24ghz cleanair device superag tdd-tx- TDD Transmitter
Switch(config)# ap dot11 24ghz cleanair device tdd-tx video- Video cameras
Switch(config)# ap dot11 24ghz cleanair device video wimax-fixed- WiMax Fixed
Switch(config)# ap dot11 24ghz cleanair device wimax-mobile- WiMax Mobile
wimax-fixed

Switch(config)# ap dot11 24ghz cleanair device


xbox- Xbox
wimax-mobile

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
33
How to Configure CleanAir

Command or Action Purpose


zigbee- 802.15.4 devices
Switch(config)# ap dot11 24ghz cleanair device xbox

Switch(config)# ap dot11 24ghz cleanair device zigbee

Step 3 end Returns to privileged EXEC mode. Alternatively, you can


also press Ctrl-Z to exit global configuration mode.
Example:
Switch(config)# end

Related Topics
Prerequisites for CleanAir, on page 23
Restrictions for CleanAir, on page 24
CleanAir FAQs, on page 49
Monitoring the Interference Devices (GUI), on page 47

Enabling CleanAir for 5-GHz Band

SUMMARY STEPS

1. configure terminal
2. ap dot11 5ghz cleanair
3. end

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ap dot11 5ghz cleanair Enables the CleanAir feature on 802.11a network. Add no in
the command to disable CleanAir on the 802.11a network.
Example:
Switch(config)#ap dot11 5ghz cleanair

Switch(config)#no ap dot11 5ghz cleanair

Step 3 end Returns to privileged EXEC mode. Alternatively, you can also
press Ctrl-Z to exit global configuration mode.
Example:
Switch(config)# end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
34
How to Configure CleanAir

Related Topics
Prerequisites for CleanAir, on page 23
Restrictions for CleanAir, on page 24
CleanAir FAQs, on page 49

Configuring a CleanAir Alarm for 5-GHz Air-Quality and Devices

SUMMARY STEPS

1. configure terminal
2. ap dot11 5ghz cleanair alarm air-quality threshold threshold_value
3. ap dot11 5ghz cleanair alarm device{canopy | cont-tx | dect-like | inv | jammer | nonstd | radar |
report | superag | tdd-tx | video | wimax-fixed | wimax-mobile}
4. end

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ap dot11 5ghz cleanair alarm air-quality Configures the alarm for the threshold value for air-quality for all the
threshold threshold_value 5-GHz devices. Add the No form of the command to disable the alarm.

Example:
Switch(config)#ap dot11 5ghz cleanair
alarm air-quality threshold 50

Step 3 ap dot11 5ghz cleanair alarm device{canopy | Configures the alarm for the 5-GHz devices. Add the no form of the
cont-tx | dect-like | inv | jammer | nonstd | command to disable the alarm.
radar | report | superag | tdd-tx | video |
wimax-fixed | wimax-mobile} canopyCanopy devices.
cont-txContinuous Transmitter.
Example:
dect-likeDigital Enhanced Cordless Communication (DECT)
Switch(config)#ap dot11 5ghz cleanair like phone.
alarm device
fh802.11 frequency hopping devices.
invDevices using spectrally inverted WiFi signals.
jammerJammer.
nonstdDevices using non-standard WiFi channels.
radarRadars.
reportInterference device reporting.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
35
How to Configure CleanAir

Command or Action Purpose


superag802.11 SuperAG devices.
tdd-txTDD Transmitter.
videoVideo cameras.
wimax-fixedWiMax Fixed.
wimax-mobileWiMax Mobile.

Step 4 end Returns to privileged EXEC mode. Alternatively, you can also press
Ctrl-Z to exit global configuration mode.
Example:
Switch(config)# end

Related Topics
Prerequisites for CleanAir, on page 23
Restrictions for CleanAir, on page 24
CleanAir FAQs, on page 49

Configuring Interference Reporting for 5-GHz devices

SUMMARY STEPS

1. configure terminal
2. ap dot11 5ghz cleanair device{canopy | cont-tx | dect-like | inv | jammer | nonstd | radar | report |
superag | tdd-tx | video | wimax-fixed | wimax-mobile}
3. end

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ap dot11 5ghz cleanair device{canopy | cont-tx | dect-like Configures the 5-GHz interference devices to report to the
| inv | jammer | nonstd | radar | report | superag | tdd-tx | switch. Add the no form of the command to disable
video | wimax-fixed | wimax-mobile} interference device reporting.
canopyCanopy devices
Example:
cont-txContinuous Transmitter

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
36
How to Configure CleanAir

Command or Action Purpose


Switch(config)#ap dot11 5ghz cleanair device canopy dect-likeDigital Enhanced Cordless Communication
Switch(config)#ap dot11 5ghz cleanair device cont-tx
(DECT) like phone

Switch(config)#ap dot11 5ghz cleanair device fh802.11 frequency hopping devices


dect-like
invDevices using spectrally inverted WiFi signals
Switch(config)#ap dot11 5ghz cleanair device inv
jammerJammer
Switch(config)#ap dot11 5ghz cleanair device jammer
nonstdDevices using non-standard WiFi channels
Switch(config)#ap dot11 5ghz cleanair device nonstd
radarRadars
Switch(config)#ap dot11 5ghz cleanair device radar

Switch(config)#ap dot11 5ghz cleanair device report reportInterference device reporting

Switch(config)#ap dot11 5ghz cleanair device superag superag802.11 SuperAG devices


Switch(config)#ap dot11 5ghz cleanair device tdd-tx tdd-txTDD Transmitter
Switch(config)#ap dot11 5ghz cleanair device video videoVideo cameras
Switch(config)#ap dot11 5ghz cleanair device wimax-fixedWiMax Fixed
wimax-fixed

Switch(config)#ap dot11 5ghz cleanair device


wimax-mobileWiMax Mobile
wimax-mobile

Step 3 end Returns to privileged EXEC mode. Alternatively, you can


also press Ctrl-Z to exit global configuration mode.
Example:
Switch(config)# end

Related Topics
Prerequisites for CleanAir, on page 23
Restrictions for CleanAir, on page 24
CleanAir FAQs, on page 49
Monitoring the Interference Devices (GUI), on page 47

Configuring EDRRM for CleanAir-Events

SUMMARY STEPS

1. configure terminal
2. ap dot11 {24ghz | 5ghz} rrm channel cleanair-event
3. ap dot11 {24ghz | 5ghz} rrm channel cleanair-event [sensitivity {high | low | medium}]
4. end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
37
How to Configure CleanAir

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ap dot11 {24ghz | 5ghz} rrm channel cleanair-event Enables EDRRM cleanair-event. Add the no form of the
command to disable EDRRM.
Example:
Switch(config)#ap dot11 24ghz rrm channel
cleanair-event

Switch(config)#no ap dot11 24ghz rrm channel


cleanair-event

Step 3 ap dot11 {24ghz | 5ghz} rrm channel cleanair-event Configures the EDRRM sensitivity of cleanair-event.
[sensitivity {high | low | medium}]
HighSpecifies the most sensitivity to non WiFi
interference as indicated by the air quality (AQ) value.
Example:
LowSpecifies the least sensitivity to non WiFi
Switch(config)#ap dot11 24ghz rrm channel
cleanair-event sensitivity high interference as indicated by the AQ value.
MediumSpecifies medium sensitivity to non WiFi
interference as indicated by the AQ value.

Step 4 end Returns to privileged EXEC mode. Alternatively, you can also
press Ctrl-Z to exit global configuration mode.
Example:
Switch(config)# end

Related Topics
EDRRM and AQR Update Mode, on page 29

Configuring Persistent Device Avoidance

SUMMARY STEPS

1. configure terminal
2. ap dot11 {24ghz | 5ghz} rrm channel device
3. end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
38
Configuring Cisco CleanAir using the Controller GUI

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ap dot11 {24ghz | 5ghz} rrm channel device Enables the persistent non WiFi device avoidance in the 802.11
channel assignment. Add the no form of the command to disable
Example: the persistent device avoidance.

Switch(config)#ap dot11 24ghz rrm channel


device

Step 3 end Returns to privileged EXEC mode. Alternatively, you can also
press Ctrl-Z to exit global configuration mode.
Example:
Switch(config)# end

Configuring Cisco CleanAir using the Controller GUI

Configuring Cisco CleanAir on the Cisco Wireless LAN Controller (GUI)

Step 1 Choose Configuration > Wireless > 802.11a/n or 802.11b/g/n > CleanAir to open the 802.11a (or 802.11b) > CleanAir
page.
Step 2 Select the CleanAir check box to enable Cisco CleanAir functionality on the 802.11a/n or 802.11b/g/n network, or
unselect it to prevent the switch from detecting spectrum interference. By default, the Cisco CleanAir is disabled.
Step 3 Select the Report Interferers check box to enable the Cisco CleanAir system to report any detected sources of interference,
or unselect it to prevent the switch from reporting interferers. The default value is selected.
Note Device Security alarms, Event Driven RRM, and the Persistence Device Avoidance algorithm do not work if
Report Interferers are disabled.
Step 4 Select the Persistent Device Propagation check box to enable propagation of information about persistent devices that
can be detected by CleanAir. Persistent device propagation enables you to propagate information about persistent devices
to the neighboring access points connected to the same switch. Persistent interferers are present at the location and
interfere with the WLAN operations even if they are not detectable at all times.
Step 5 Ensure that any sources of interference that need to be detected and reported by the Cisco CleanAir system appear in the
Interferences to Detect box and any that do not need to be detected appear in the Interferences to Ignore box. Use the >
and < buttons to move interference sources between these two boxes. By default, all interference sources are detected.
The sources of interference that you can choose depend on the type of radio, 802.11a/n/ac or 802.11b/g/n, and are as
follows:
802.11 FHA 802.11 FH device
802.15.4A 802.15.4 or ZigBee device

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
39
Configuring Cisco CleanAir using the Controller GUI

Continuous TransmitterA continuous transmitter


Bluetooth DiscoveryA Bluetooth device
DECT-like PhoneA digital enhanced cordless communication (DECT)-compatible phone
MicrosoftA Microsoft device
SuperAGA 802.11a/g SuperAG device
Microwave PhoneA microwave phone
JammerA jamming device
CanopyA canopy bridge device
TDD TransmitterA time division duplex (TDD) transmitter device
Video CameraAn analog video camera
WiFi Invalid ChannelA WiFi invalid channel
WiFi InvertedA device using spectrally inverted Wi-Fi signals (I and Q signals of the RF signal are inverted)
WiMAX FixedA WiMAX fixed device (802.11a/n only)
WiMAX MobileA WiMAX mobile device (802.11a/n only)

Note Access points that are associated to the switch send interference reports only for the interferers that appear in
the Interferences to Detect box. This functionality allows you to filter out interferers that you do not want as
well as any that may be flooding the network and causing performance problems for the switch or Prime
Infrastructure. Filtering allows the system to resume normal performance levels.
Step 6 Configure Cisco CleanAir alarms as follows:
a) Select the Enable AQI (Air Quality Index) Trap check box to enable the triggering of air quality alarms, or unselect
the box to disable this feature. The default value is selected.
b) If you selected the Enable AQI Trap check box in Step a, enter a value between 1 and 100 (inclusive) in the AQI
Alarm Threshold text box to specify the threshold at which you want the air quality alarm to be triggered. When the
air quality falls below the threshold level, the alarm is triggered. A value of 1 represents the worst air quality, and
100 represents the best. The default value is 35.
c) Enter the AQI threshold in the AQI Alarm Threshold text box. An alarm is generated when the air quality reaches
a threshold value. The default is 35. The range is from 1 and 100.
d) Select the Enable Interference For Security Alarm check box to trigger interferer alarms when the switch detects
specified device types, or unselect it to disable this feature. The default value is selected
e) Make sure that any sources of interference that need to trigger interferer alarms appear in the Trap on These Types
box and any that do not need to trigger interferer alarms appear in the Do Not Trap on These Types box. Use the
> and < buttons to move interference sources between these two boxes. By default, all interference sources trigger
interferer alarms.
For example, if you want the switch to send an alarm when it detects a jamming device, select the Enable Interference
For Security Alarm check box and move the jamming device to the Trap on These Types box.

Step 7 Click Apply.


Step 8 Trigger spectrum event-driven radio resource management (RRM) to run when a Cisco CleanAir-enabled access point
detects a significant level of interference as follows:

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
40
Configuring Cisco CleanAir using the Controller GUI

a) Look at the EDRRM field to see the current status of spectrum event-driven RRM and, if enabled, the Sensitivity
Threshold field to see the threshold level at which event-driven RRM is invoked.
b) If you want to change the current status of event-driven RRM or the sensitivity level, go to the 802.11a (or 802.11b)
> RRM > Dynamic Channel Assignment (DCA) page.
c) Select the EDRRM check box to trigger RRM to run when an access point detects a certain level of interference, or
unselect it to disable this feature. The default value is selected.
d) If you selected the EDRRM check box in Step c, choose Low, Medium, High , or Custom from the Sensitivity
Threshold drop-down list to specify the threshold at which you want RRM to be triggered. When the interference
for the access point rises above the threshold level, RRM initiates a local dynamic channel assignment (DCA) run
and changes the channel of the affected access point radio if possible to improve network performance. EDRRM
prevents the access point from returning to the original channel for three hours after the event.
HighRepresents an increased sensitivity to changes in the environment.
CustomAllows you to set a threshold value in the Custom Sensitivity Threshold field. The default sensitivity is
35.
LowRepresents a decreased sensitivity to changes in the environment.
The EDRRM AQ threshold value for low sensitivity is 35, medium sensitivity is 50, and high sensitivity is 60.
e) Click Apply.
Step 9 Click Save Configuration.

Configuring Cisco CleanAir on an Access Point (GUI)

Step 1 Choose Configuration > Wireless > Access Points > Radios > 802.11a/n or 802.11b/g/n to open the 802.11a/n (or
802.11b/g/n) Radios page.
Step 2 Select the check box adjacent to the desired access point and click Configure. The 802.11a/n (or 802.11b/g/n) Radios
page appears.
The CleanAir Capable field shows whether this access point can support CleanAir functionality. If it can, go to the next
step to enable or disable CleanAir for this access point. If the access point cannot support CleanAir functionality, you
cannot enable CleanAir for this access point.
Note By default, the Cisco CleanAir functionality is enabled on the
radios.
Step 3 Enable Cisco CleanAir functionality for this access point by choosing Enable from the CleanAir Admin Status drop-down
list. To disable CleanAir functionality for this access point, choose Disable. The default value is Enable. This setting
overrides the global CleanAir configuration for this access point.
Step 4 Click Apply.
Step 5 Click Save Configuration.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
41
Configuring Cisco Spectrum Expert

Configuring Cisco Spectrum Expert

Configuring Spectrum Expert (GUI)


Before You Begin
Spectrum Expert (Windows XP laptop client) and access point should be pingable, otherwise; it will
not work.
Prior to establishing a connection between the Spectrum Expert console and the access point, make sure
that IP address routing is properly configured and the network spectrum interface (NSI) ports are open
in any intervening firewalls.
The access point must be a TCP server listening on ports 37540 for 2.4 GHz and 37550 for 5 GHz
frequencies. These ports must be opened for the spectrum expert application to connect to the access
point using the NSI protocol.
You can view the NSI key from the switch CLI by using the show ap name ap_name config dot11
{24ghz | 5ghz} command.

Step 1 Ensure that Cisco CleanAir functionality is enabled for the access point that will be connected to the Spectrum Expert
console.
Note The SE-Connect mode is set for the entire access point, not just a single radio. However, the Spectrum Expert
console connects to a single radio at a time.

Step 2 Choose Configuration > Wireless > Access Points > All APs to open the All APs page.
Step 3 Click the name of the desired access point to open the All APs > Details page.
Step 4 Choose SE-Connect from the AP Mode drop-down list. This mode is available only for access points that are capable
of supporting Cisco CleanAir functionality. For the SE-Connect mode to appear as an available option, the access point
must have at least one spectrum-capable radio in the Enable state.
Step 5 Click Apply to commit your changes.
Step 6 Click OK when prompted to reboot the access point.
Step 7 On the Windows PC, access the Cisco Software Center from this URL:
http://www.cisco.com/cisco/software/navigator.html

Step 8 Click Product > Wireless > Cisco Spectrum Intelligence > Cisco Spectrum Expert > Cisco Spectrum Expert Wi-Fi,
and then download the Spectrum Expert 4.1.11 executable (*.exe) file.
Step 9 Run the Spectrum Expert application on the PC.
Step 10 When the Connect to Sensor dialog box appears, enter the IP address of the access point, choose the access point radio,
and enter the 16-byte network spectrum interface (NSI) key to authenticate. The Spectrum Expert application opens a
TCP/IP connection directly to the access point using the NSI protocol.
When an access point in SE-Connect mode joins a switch, it sends a Spectrum Capabilities notification message, and
the switch responds with a Spectrum Configuration Request. The request contains the 16-byte random NSI key generated
by the switch for NSI authentication. The switch generates one key per access point, which the access point stores until
it is rebooted.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
42
Configuring Cisco Spectrum Expert

Note You can establish up to three Spectrum Expert console connections per access point
radio.
Step 11 Verify that the Spectrum Expert console is connected to the access point by selecting the Slave Remote Sensor text box
in the bottom right corner of the Spectrum Expert application. If the two devices are connected, the IP address of the
access point appears in this text box.
Step 12 Use the Spectrum Expert application to view and analyze spectrum data from the access point.

Configuring Spectrum Expert (CLI)


Before You Begin
Spectrum Expert (Windows XP laptop client) and access point should be pingable, otherwise; it will
not work.
Prior to establishing a connection between the Spectrum Expert console and the access point, make sure
that IP address routing is properly configured and the network spectrum interface (NSI) ports are open
in any intervening firewalls.
The access point must be a TCP server listening on ports 37540 for 2.4-GHz and 37550 for 5-GHz
frequencies. These ports must be opened for the spectrum expert application to connect to the access
point using the NSI protocol.
You can view the NSI key from the switch CLI by using the show ap name ap_name config dot11
{24ghz | 5ghz} command.

Step 1 To configure the access point for SE-Connect mode, enter this command:
ap name ap_name mode se-connect

Example:
Switch#ap name Cisco_AP3500 mode se-connect
Step 2 When prompted to reboot the access point, enter Y.
Step 3 To view the NSI key for the access point, enter this command:
show ap name ap_name config dot11 {24ghz | 5ghz}

Example:
Switch#show ap name Cisco_AP3500 config dot11 24ghz

<snippet>
CleanAir Management Information
CleanAir Capable : Yes
CleanAir Management Admin State : Enabled
CleanAir Management Operation State : Up
CleanAir NSI Key : 274F1F9B1A5206683FAF57D87BFFBC9B
CleanAir Sensor State : Configured

<snippet>

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
43
Monitoring CleanAir Parameters

What to Do Next
On the Windows PC, download Cisco Spectrum Expert:
Access the Cisco Software Center from this URL: http://www.cisco.com/cisco/software/navigator.html
Click Product > Wireless > Cisco Spectrum Intelligence > Cisco Spectrum Expert > Cisco Spectrum
Expert Wi-Fi, and then download the Spectrum Expert 4.1.11 executable (*.exe) file.
Run the Spectrum Expert application on the PC.
When the Connect to Sensor dialog box appears, enter the IP address of the access point, choose the
access point radio, and enter the 16-byte network spectrum interface (NSI) key to authenticate. The
Spectrum Expert application opens a TCP/IP connection directly to the access point using the NSI
protocol.
When an access point in SE-Connect mode joins a switch, it sends a Spectrum Capabilities notification
message, and the switch responds with a Spectrum Configuration Request. The request contains the
16-byte random NSI key generated by the switch for use in NSI authentication. The switch generates
one key per access point, which the access point stores until it is rebooted.

Note You can establish up to three Spectrum Expert console connections per access point
radio.

Verify that the Spectrum Expert console is connected to the access point by selecting the Slave Remote
Sensor text box in the bottom right corner of the Spectrum Expert application. If the two devices are
connected, the IP address of the access point appears in this text box.
Use the Spectrum Expert application to view and analyze spectrum data from the access point.

Monitoring CleanAir Parameters


You can monitor CleanAir parameters using the following commands:

Table 5: Commands for Monitoring CleanAir

Commands Description
show ap dot11 24ghz cleanair air-quality summary Displays CleanAir Air Quality (AQ) data for 2.4-GHz
band

show ap dot11 24ghz cleanair air-quality worst Displays CleanAir Air Quality (AQ) worst data for
2.4-GHz band

show ap dot11 24ghz cleanair config Displays CleanAir Configuration for 2.4-GHz band

show ap dot11 24ghz cleanair device type all Displays all CleanAir Interferers for 2.4-GHz band

show ap dot11 24ghz cleanair device type Displays CleanAir Interferers of type BT Discovery
bt-discovery for 2.4-GHz band

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
44
Monitoring CleanAir Parameters

Commands Description
show ap dot11 24ghz cleanair device type bt-link Displays CleanAir Interferers of type BT Link for
2.4-GHz band

show ap dot11 24ghz cleanair device type canopy Displays CleanAir Interferers of type Canopy for
2.4-GHz band

show ap dot11 24ghz cleanair device type cont-tx Displays CleanAir Interferers of type Continuous
transmitter for 2.4-GHz band

show ap dot11 24ghz cleanair device type dect-like Displays CleanAir Interferers of type DECT Like for
2.4-GHz band

show ap dot11 24ghz cleanair device type fh Displays CleanAir Interferers of type 802.11FH for
2.4-GHz band

show ap dot11 24ghz cleanair device type inv Displays CleanAir Interferers of type WiFi Inverted
for 2.4-GHz band

show ap dot11 24ghz cleanair device type jammer Displays CleanAir Interferers of type Jammer for
2.4-GHz band

show ap dot11 24ghz cleanair device type mw-oven Displays CleanAir Interferers of type MW Oven for
2.4-GHz band

show ap dot11 24ghz cleanair device type nonstd Displays CleanAir Interferers of type WiFi Inv. Ch
for 2.4-GHz band

show ap dot11 24ghz cleanair device type persistent Displays CleanAir Interferers of type Persistent for
2.4-GHz band

show ap dot11 24ghz cleanair device type superag Displays CleanAir Interferers of type SuperAG for
2.4-GHz band

show ap dot11 24ghz cleanair device type tdd-tx Displays CleanAir Interferers of type TDD Transmit
for 2.4-GHz band

show ap dot11 24ghz cleanair device type video Displays CleanAir Interferers of type Video Camera
for 2.4-GHz band

show ap dot11 24ghz cleanair device type Displays CleanAir Interferers of type WiMax Fixed
wimax-fixed for 2.4-GHz band

show ap dot11 24ghz cleanair device type Displays CleanAir Interferers of type WiMax Mobile
wimax-mobile for 2.4-GHz band

show ap dot11 24ghz cleanair device type xbox Displays CleanAir Interferers of type Xbox for
2.4-GHz band

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
45
Monitoring CleanAir Parameters

Commands Description
show ap dot11 24ghz cleanair device type zigbee Displays CleanAir Interferers of type zigbee for
2.4-GHz band

show ap dot11 5ghz cleanair air-quality summary Displays CleanAir Air Quality (AQ) data for 5-GHz
band

show ap dot11 5ghz cleanair air-quality worst Displays CleanAir Air Quality (AQ) worst data for
5-GHz band

show ap dot11 5ghz cleanair config Displays CleanAir Configuration for 5-GHz band

show ap dot11 5ghz cleanair device type all Displays all CleanAir Interferers for 5-GHz band

show ap dot11 5ghz cleanair device type canopy Displays CleanAir Interferers of type Canopy for
5-GHz band

show ap dot11 5ghz cleanair device type cont-tx Displays CleanAir Interferers of type Continuous TX
for 5-GHz band

show ap dot11 5ghz cleanair device type dect-like Displays CleanAir Interferers of type DECT Like for
5-GHz band

show ap dot11 5ghz cleanair device type inv Displays CleanAir Interferers of type WiFi Inverted
for 5-GHz band

show ap dot11 5ghz cleanair device type jammer Displays CleanAir Interferers of type Jammer for
5-GHz band

show ap dot11 5ghz cleanair device type nonstd Displays CleanAir Interferers of type WiFi Inv. Ch
for 5-GHz band

show ap dot11 5ghz cleanair device type persistent Displays CleanAir Interferers of type Persistent for
5-GHz band

show ap dot11 5ghz cleanair device type superag Displays CleanAir Interferers of type SuperAG for
5-GHz band

show ap dot11 5ghz cleanair device type tdd-tx Displays CleanAir Interferers of type TDD Transmit
for 5-GHz band

show ap dot11 5ghz cleanair device type video Displays CleanAir Interferers of type Video Camera
for 5-GHz band

show ap dot11 5ghz cleanair device type wimax-fixed Displays CleanAir Interferers of type WiMax Fixed
for 5-GHz band

show ap dot11 5ghz cleanair device type Displays CleanAir Interferers of type WiMax Mobile
wimax-mobile for 5-GHz band

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
46
Monitoring CleanAir Parameters

You can also check the CleanAir status of the access points using the switch GUI:

Choose Monitor > Wireless > Access Points > 802.11 a/n/acor 802.11 b/g/n.
The Radios page is displayed showing a list of access points that are associated with the switch. You can see the CleanAir
Admin and CleanAir Status.
The Cisco CleanAir status is one of the following:
UPThe spectrum sensor for the access point radio is currently operational (error code 0).
DOWNThe spectrum sensor for the access point radio is currently not operational because an error has occurred.
The most likely reason for the error is that the access point radio is disabled (error code 8). To correct this error,
enable the radio.
ERRORThe spectrum sensor for the access point radio has crashed (error code 128), making CleanAir monitoring
nonoperational for this radio. If this error occurs, reboot the access point. If the error continues to appear, you might
want to disable Cisco CleanAir functionality on the radio.
N/AThis access point radio is not capable of supporting Cisco CleanAir functionality.

Monitoring the Interference Devices


When a CleanAir-enabled access point detects interference devices, detections of the same device from multiple
sensors are merged together to create clusters. Each cluster is given a unique ID. Some devices conserve
power by limiting the transmit time until actually needed which results in the spectrum sensor to temporarily
stop detecting the device. This device is then correctly marked as down. A down device is correctly removed
from the spectrum database. In cases when all the interferer detections for a specific devices are reported, the
cluster ID is kept alive for an extended period of time to prevent possible device detection bouncing. If the
same device is detected again, it is merged with the original cluster ID and the device detection history is
preserved.
For example, some bluetooth headsets operate on battery power. These devices employ methods to reduce
power consumption, such as turning off the transmitter when not actually needed. Such devices can appear
to come and go from the classification. To manage these devices, CleanAir keeps the cluster IDs longer and
they are remerged into a single record upon detection. This process smoothens the user records and accurately
represents the device history.

Monitoring the Interference Devices (GUI)

Before You Begin


You can configure Cisco CleanAir only on CleanAir-enabled access points.

Step 1 Choose Monitor > Interferers > Cisco CleanAir > 802.11a/n or 802.11b/g/n > Interference Devices to open the Cisco
APs > Interference Devices page.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
47
Monitoring CleanAir Parameters

This page shows the following information:


AP NameThe name of the access point where the interference device is detected.
Interferer TypeType of the interferer.
Affected ChannelChannel that the device affects.
SeveritySeverity index of the interfering device.
Duty Cycle (%)Proportion of time during which the interfering device was active.
RSSIReceive signal strength indicator (RSSI) of the access point.
DevIDDevice identification number that uniquely identified the interfering device.
ClusterIDCluster identification number that uniquely identifies the type of the devices.

Step 2 Click the Filter icon or choose the Quick Filter option from the Show drop-down list to display the information about
interference devices based on a particular criteria.

Related Topics
Configuring Interference Reporting for 2.4-GHz Devices, on page 33
Configuring Interference Reporting for 5-GHz devices, on page 36

Monitoring the Worst Air Quality of Radio Bands (GUI)

Choose Monitor > Cisco CleanAir > Worst Air-Quality to open the Air Quality Report page.
This page shows the air quality of both the 802.11a/n and 802.11b/g/n radio bands. This page displays the following
information:
AP NameName of the access point that reported the worst air quality for the 802.11 radio band.
Channel NumberRadio channel with the worst reported air quality.
Minimum Air Quality IndexMinimum air quality for this radio channel. The range is from 1 to 100. An air
quality index (AQI) value of 100 is the best, and 1 is the worst.
Average Air Quality IndexAverage air quality for this radio channel. The range is from 1 to 100. An air quality
index (AQI) value of 100 is the best, and 1 is the worst.
Interference Device CountNumber of interferers detected by the radios on the 802.11 radio band.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
48
Configuration Examples for Configuring CleanAir

Configuration Examples for Configuring CleanAir


Enabling CleanAir on 2.4-GHz Band and an Access Point: Example
This example shows how to enable CleanAir on the 2.4-GHz band and an access point operating in the channel:
Switch#configure terminal
Switch(config)#ap dot11 24ghz cleanair
Switch(config)#exit
Switch#ap name TAP1 dot11 24ghz cleanair
Switch#end

Configuring a CleanAir Alarm for 2.4-GHz Air-Quality and Devices: Example


This example shows how to configure a CleanAir Alarm for 2.4-GHz Air-Quality threshold of 50 dBm and
an Xbox device:
Switch#configure terminal
Switch(config)#ap dot11 24ghz cleanair alarm air-quality threshold 50
Switch(config)#ap dot11 24ghz cleanair alarm device xbox
Switch(config)#end

Configuring Interference Reporting for 5-GHz Devices: Example


This example shows how to configure interference reporting for 5-GHz devices:
Switch#configure terminal
Switch(config)#ap dot11 5ghz cleanair alarm device xbox
Switch(config)#end

Configuring EDRRM for CleanAir-Events: Example


This example shows how to enable an EDRRM cleanair-event in the 2.4-GHz band and configure high
sensitivity to non WiFi interference:
Switch#configure terminal
Switch(config)#ap dot11 24ghz rrm channel cleanair-event
Switch(config)#ap dot11 24ghz rrm channel cleanair-event sensitivity high
Switch(config)#end

Configuring Persistent Device Avoidance: Example


This example shows how to enable persistent non WiFi device avoidance in the 2.4-GHz band:
Switch#configure terminal
Switch(config)#ap dot11 24ghz rrm channel device
Switch(config)#end

Configuring an Access Point for SE-Connect Mode: Example


This example shows how to configure an access point in the SE-Connect mode:
Switch#ap name Cisco_AP3500 mode se-connect

CleanAir FAQs

Q. How do I check if my MC is up?


A. To check if the MC is up, use the command: show wireless mobility summary.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
49
CleanAir FAQs

This example shows how to display the mobility summary:


Switch#show wireless mobility summary

Mobility Controller Summary:


Mobility Role : Mobility Controller
Mobility Protocol Port : 16666
Mobility Group Name : MG-AK
Mobility Oracle : Disabled
Mobility Oracle IP Address : 0.0.0.0
DTLS Mode : Enabled
Mobility Domain ID for 802.11r : 0x39b2
Mobility Keepalive Interval : 10
Mobility Keepalive Count : 3
Mobility Control Message DSCP Value : 48
Mobility Domain Member Count : 2
Link Status is Control Link Status : Data Link Status
Controllers configured in the Mobility Domain:
IP Public IP Group Name Multicast IP Link Status
-------------------------------------------------------------------------------
9.6.136.10 - MG-AK 0.0.0.0 UP : UP

Q. Multiple access points detect the same interference device, however, the switch shows them as separate
clusters or different suspected devices clustered together. Why does this happen?
A. Access points must be RF neighbors for the switch to consider the merging of devices that are detected by
these access points. The access point takes time to establish neighbor relationships. A few minutes after
the switch reboots or a change in the RF group and similar events, clustering will not be very accurate.

Q. Can I merge two monitor mode access points using a switch?


A. No, you cannot merge two monitor mode access points using a switch. You can merge the monitor mode
access points only using MSE.

Q. How do I view neighbor access points?


A. To view neighbor access points, use the command: show ap ap_name auto-rf dot11{24ghz | 5ghz}
This example shows how to display the neighbor access points:
Switch#show ap name AS-5508-5-AP3 auto-rf dot11 24ghz

<snippet>
Nearby APs
AP 0C85.259E.C350 slot 0 : -12 dBm on 1 (10.10.0.5)
AP 0C85.25AB.CCA0 slot 0 : -24 dBm on 6 (10.10.0.5)
AP 0C85.25C7.B7A0 slot 0 : -26 dBm on 11 (10.10.0.5)
AP 0C85.25DE.2C10 slot 0 : -24 dBm on 6 (10.10.0.5)
AP 0C85.25DE.C8E0 slot 0 : -14 dBm on 11 (10.10.0.5)
AP 0C85.25DF.3280 slot 0 : -31 dBm on 6 (10.10.0.5)
AP 0CD9.96BA.5600 slot 0 : -44 dBm on 6 (10.0.0.2)
AP 24B6.5734.C570 slot 0 : -48 dBm on 11 (10.0.0.2)
<snippet>

Q. What are the debug commands available for CleanAir?


A. The debug commands for CleanAir are:
debug cleanair {all | error | event | internal-event | nmsp | packet}
debug rrm {all | channel | detail | error | group | ha | manager | message | packet | power | prealarm
| profile | radar | rf-change | scale | spectrum}

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
50
Additional References

Q. Why are CleanAir Alarms not generated for interferer devices?


A. Verify that the access points are CleanAir-capable and CleanAir is enabled both on the access point and
the switch.

Q. Can the Cisco Catalyst 3850 Series Switches function as a Mobility Agent (MA)?
A. Yes, the Cisco Catalyst 3850 Series Switches can function as an MA.

Q. Are CleanAir configurations available on the MA?


A. From Release 3.3 SE, CleanAir configurations are available on the MA. You can use the following two
CleanAir commands on the MA:
show ap dot11 5ghz cleanair config
show ap dot11 24ghz cleanair config

Related Topics
Enabling CleanAir for 2.4-GHz Band, on page 30
Configuring a CleanAir Alarm for 2.4-GHz Air-Quality and Devices, on page 31
Configuring Interference Reporting for 2.4-GHz Devices, on page 33
Enabling CleanAir for 5-GHz Band, on page 34
Configuring a CleanAir Alarm for 5-GHz Air-Quality and Devices, on page 35
Configuring Interference Reporting for 5-GHz devices, on page 36

Additional References
Related Documents

Related Topic Document Title


CleanAir commands and their details CleanAir Command Reference, Cisco IOS XE Release
3SE (Cisco WLC 5700 Series)CleanAir Command
Reference, Cisco IOS XE Release 3SE (Catalyst 3850
Switches)
High Availability configurations High Availability Configuration Guide, Cisco IOS
XE Release 3SE (Cisco 5700 Series Wireless
Controllers)
High Availability commands and their details High Availability Command Reference, Cisco IOS
XE Release 3SE (Cisco 5700 Series Wireless
Controllers)

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
51
Additional References

Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

MIBs

MIB MIBs Link


All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
52
PART II
Interface and Hardware Component
Configuring Interface Characteristics, page 55
Configuring Auto-MDIX, page 89
Configuring Ethernet Management Port, page 95
Configuring LLDP, LLDP-MED, and Wired Location Service, page 101
Configuring System MTU, page 121
Configuring Internal Power Supplies, page 127
Configuring PoE, page 131
Configuring EEE, page 145
CHAPTER 4
Configuring Interface Characteristics
Finding Feature Information, page 55
Information About Configuring Interface Characteristics, page 55
How to Configure Interface Characteristics, page 67
Monitoring Interface Characteristics, page 82
Configuration Examples for Interface Characteristics, page 84
Additional References for the Interface Characteristics Feature, page 86
Feature History and Information for Configuring Interface Characteristics, page 87

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Information About Configuring Interface Characteristics

Interface Types
This section describes the different types of interfaces supported by the switch. The rest of the chapter describes
configuration procedures for physical interface characteristics.

Note The stack ports on the rear of the stacking-capable switches are not Ethernet ports and cannot be configured.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
55
Information About Configuring Interface Characteristics

Port-Based VLANs
A VLAN is a switched network that is logically segmented by function, team, or application, without regard
to the physical location of the users. Packets received on a port are forwarded only to ports that belong to the
same VLAN as the receiving port. Network devices in different VLANs cannot communicate with one another
without a Layer 3 device to route traffic between the VLANs.
VLAN partitions provide hard firewalls for traffic in the VLAN, and each VLAN has its own MAC address
table. A VLAN comes into existence when a local port is configured to be associated with the VLAN, when
the VLAN Trunking Protocol (VTP) learns of its existence from a neighbor on a trunk, or when a user creates
a VLAN. VLANs can be formed with ports across the stack.
To configure VLANs, use the vlan vlan-id global configuration command to enter VLAN configuration mode.
The VLAN configurations for normal-range VLANs (VLAN IDs 1 to 1005) are saved in the VLAN database.
If VTP is version 1 or 2, to configure extended-range VLANs (VLAN IDs 1006 to 4094), you must first set
VTP mode to transparent. Extended-range VLANs created in transparent mode are not added to the VLAN
database but are saved in the switch running configuration. With VTP version 3, you can create extended-range
VLANs in client or server mode. These VLANs are saved in the VLAN database.
In a switch stack, the VLAN database is downloaded to all switches in a stack, and all switches in the stack
build the same VLAN database. The running configuration and the saved configuration are the same for all
switches in a stack.
Add ports to a VLAN by using the switchport interface configuration commands:
Identify the interface.
For a trunk port, set trunk characteristics, and, if desired, define the VLANs to which it can belong.
For an access port, set and define the VLAN to which it belongs.
For a tunnel port, set and define the VLAN ID for the customer-specific VLAN tag.

Switch Ports
Switch ports are Layer 2-only interfaces associated with a physical port. Switch ports belong to one or more
VLANs. A switch port can be an access port or a trunk port. You can configure a port as an access port or
trunk port or let the Dynamic Trunking Protocol (DTP) operate on a per-port basis to set the switchport mode
by negotiating with the port on the other end of the link. switch ports are used for managing the physical
interface and associated Layer 2 protocols and do not handle routing or bridging.
Configure switch ports by using the switchport interface configuration commands.

Access Ports
An access port belongs to and carries the traffic of only one VLAN (unless it is configured as a voice VLAN
port). Traffic is received and sent in native formats with no VLAN tagging. Traffic arriving on an access port
is assumed to belong to the VLAN assigned to the port. If an access port receives a tagged packet (Inter-Switch
Link [ISL] or IEEE 802.1Q tagged), the packet is dropped, and the source address is not learned.
The types of access ports supported are:
Static access ports are manually assigned to a VLAN (or through a RADIUS server for use with IEEE
802.1x.

You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and
another VLAN for data traffic from a device attached to the phone.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
56
Information About Configuring Interface Characteristics

Trunk Ports
A trunk port carries the traffic of multiple VLANs and by default is a member of all VLANs in the VLAN
database. These trunk port types are supported:
In an ISL trunk port, all received packets are expected to be encapsulated with an ISL header, and all
transmitted packets are sent with an ISL header. Native (non-tagged) frames received from an ISL trunk
port are dropped.
An IEEE 802.1Q trunk port supports simultaneous tagged and untagged traffic. An IEEE 802.1Q trunk
port is assigned a default port VLAN ID (PVID), and all untagged traffic travels on the port default
PVID. All untagged traffic and tagged traffic with a NULL VLAN ID are assumed to belong to the port
default PVID. A packet with a VLAN ID equal to the outgoing port default PVID is sent untagged. All
other traffic is sent with a VLAN tag.

Although by default, a trunk port is a member of every VLAN known to the VTP, you can limit VLAN
membership by configuring an allowed list of VLANs for each trunk port. The list of allowed VLANs does
not affect any other port but the associated trunk port. By default, all possible VLANs (VLAN ID 1 to 4094)
are in the allowed list. A trunk port can become a member of a VLAN only if VTP knows of the VLAN and
if the VLAN is in the enabled state. If VTP learns of a new, enabled VLAN and the VLAN is in the allowed
list for a trunk port, the trunk port automatically becomes a member of that VLAN and traffic is forwarded
to and from the trunk port for that VLAN. If VTP learns of a new, enabled VLAN that is not in the allowed
list for a trunk port, the port does not become a member of the VLAN, and no traffic for the VLAN is forwarded
to or from the port.

Tunnel Ports
Tunnel ports are used in IEEE 802.1Q tunneling to segregate the traffic of customers in a service-provider
network from other customers who are using the same VLAN number. You configure an asymmetric link
from a tunnel port on a service-provider edge switch to an IEEE 802.1Q trunk port on the customer switch.
Packets entering the tunnel port on the edge switch, already IEEE 802.1Q-tagged with the customer VLANs,
are encapsulated with another layer of an IEEE 802.1Q tag (called the metro tag), containing a VLAN ID
unique in the service-provider network, for each customer. The double-tagged packets go through the
service-provider network keeping the original customer VLANs separate from those of other customers. At
the outbound interface, also a tunnel port, the metro tag is removed, and the original VLAN numbers from
the customer network are retrieved.
Tunnel ports cannot be trunk ports or access ports and must belong to a VLAN unique to each customer.

Routed Ports
A routed port is a physical port that acts like a port on a router; it does not have to be connected to a router.
A routed port is not associated with a particular VLAN, as is an access port. A routed port behaves like a
regular router interface, except that it does not support VLAN subinterfaces. Routed ports can be configured
with a Layer 3 routing protocol. A routed port is a Layer 3 interface only and does not support Layer 2
protocols, such as DTP and STP.
Configure routed ports by putting the interface into Layer 3 mode with the no switchport interface configuration
command. Then assign an IP address to the port, enable routing, and assign routing protocol characteristics
by using the ip routing and router protocol global configuration commands.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
57
Information About Configuring Interface Characteristics

Note Entering a no switchport interface configuration command shuts down the interface and then re-enables
it, which might generate messages on the device to which the interface is connected. When you put an
interface that is in Layer 2 mode into Layer 3 mode, the previous configuration information related to the
affected interface might be lost.

The number of routed ports that you can configure is not limited by software. However, the interrelationship
between this number and the number of other features being configured might impact CPU performance
because of hardware limitations.

Note The IP Base image supports static routing and the Routing Information Protocol (RIP). For full Layer 3
routing or for fallback bridging, you must enable the IP Services image on the standalone switch, or the
active switch.

Switch Virtual Interfaces


A switch virtual interface (SVI) represents a VLAN of switch ports as one interface to the routing or bridging
function in the system. You can associate only one SVI with a VLAN. You configure an SVI for a VLAN
only to route between VLANs or to provide IP host connectivity to the switch. By default, an SVI is created
for the default VLAN (VLAN 1) to permit remote switch administration. Additional SVIs must be explicitly
configured.

Note You cannot delete interface VLAN 1.

SVIs provide IP host connectivity only to the system. SVIs are created the first time that you enter the vlan
interface configuration command for a VLAN interface. The VLAN corresponds to the VLAN tag associated
with data frames on an ISL or IEEE 802.1Q encapsulated trunk or the VLAN ID configured for an access
port. Configure a VLAN interface for each VLAN for which you want to route traffic, and assign it an IP
address.
Although the switch stack or switch supports a total of 1005 VLANs and SVIs, the interrelationship between
the number of SVIs and routed ports and the number of other features being configured might impact CPU
performance because of hardware limitations.
When you create an SVI, it does not become active until it is associated with a physical port.

SVI Autostate Exclude


The line state of an SVI with multiple ports on a VLAN is in the up state when it meets these conditions:
The VLAN exists and is active in the VLAN database on the switch
The VLAN interface exists and is not administratively down.
At least one Layer 2 (access or trunk) port exists, has a link in the up state on this VLAN, and is in the
spanning-tree forwarding state on the VLAN.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
58
Information About Configuring Interface Characteristics

Note The protocol link state for VLAN interfaces come up when the first switchport belonging to the
corresponding VLAN link comes up and is in STP forwarding state.

The default action, when a VLAN has multiple ports, is that the SVI goes down when all ports in the VLAN
go down. You can use the SVI autostate exclude feature to configure a port so that it is not included in the
SVI line-state up-or-down calculation. For example, if the only active port on the VLAN is a monitoring port,
you might configure autostate exclude on that port so that the VLAN goes down when all other ports go down.
When enabled on a port, autostate exclude applies to all VLANs that are enabled on that port.
The VLAN interface is brought up when one Layer 2 port in the VLAN has had time to converge (transition
from STP listening-learning state to forwarding state). This prevents features such as routing protocols from
using the VLAN interface as if it were fully operational and minimizes other problems, such as routing black
holes.

EtherChannel Port Groups


EtherChannel port groups treat multiple switch ports as one switch port. These port groups act as a single
logical port for high-bandwidth connections between switches or between switches and servers. An
EtherChannel balances the traffic load across the links in the channel. If a link within the EtherChannel fails,
traffic previously carried over the failed link changes to the remaining links. You can group multiple trunk
ports into one logical trunk port, group multiple access ports into one logical access port, group multiple tunnel
ports into one logical tunnel port, or group multiple routed ports into one logical routed port. Most protocols
operate over either single ports or aggregated switch ports and do not recognize the physical ports within the
port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol
(PAgP), which operate only on physical ports.
When you configure an EtherChannel, you create a port-channel logical interface and assign an interface to
the EtherChannel. For Layer 3 interfaces, you manually create the logical interface by using the interface
port-channel global configuration command. Then you manually assign an interface to the EtherChannel by
using the channel-group interface configuration command. For Layer 2 interfaces, use the channel-group
interface configuration command to dynamically create the port-channel logical interface. This command
binds the physical and logical ports together.

10-Gigabit Ethernet Interfaces


A 10-Gigabit Ethernet interface operates only in full-duplex mode. The interface can be configured as a
switched or routed port.
For more information about the Cisco TwinGig Converter Module, see the switch hardware installation guide
and your transceiver module documentation.

Power over Ethernet Ports


A PoE-capable switch port automatically supplies power to one of these connected devices if the switch senses
that there is no power on the circuit:
a Cisco pre-standard powered device (such as a Cisco IP Phone or a Cisco Aironet Access Point)
an IEEE 802.3af-compliant powered device

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
59
Information About Configuring Interface Characteristics

A powered device can receive redundant power when it is connected to a PoE switch port and to an AC power
source. The device does not receive redundant power when it is only connected to the PoE port.

Using the Switch USB Ports


The switch has two USB ports on the front panel a USB mini-Type B console port and a USB Type A
port.

USB Mini-Type B Console Port


The switch has the following console ports:
USB mini-Type B console connection
RJ-45 console port

Console output appears on devices connected to both ports, but console input is active on only one port at a
time. By default, the USB connector takes precedence over the RJ-45 connector.

Note Windows PCs require a driver for the USB port. See the hardware installation guide for driver installation
instructions.

Use the supplied USB Type A-to-USB mini-Type B cable to connect a PC or other device to the switch. The
connected device must include a terminal emulation application. When the switch detects a valid USB
connection to a powered-on device that supports host functionality (such as a PC), input from the RJ-45
console is immediately disabled, and input from the USB console is enabled. Removing the USB connection
immediately reenables input from the RJ-45 console connection. An LED on the switch shows which console
connection is in use.

Console Port Change Logs


At software startup, a log shows whether the USB or the RJ-45 console is active. Each switch in a stack issues
this log. Every switch always first displays the RJ-45 media type.
In the sample output, Switch 1 has a connected USB console cable. Because the bootloader did not change
to the USB console, the first log from Switch 1 shows the RJ-45 console. A short time later, the console
changes and the USB console log appears. Switch 2 and Switch 3 have connected RJ-45 console cables.

switch-stack-1
*Mar 1 00:01:00.171: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.
*Mar 1 00:01:00.431: %USB_CONSOLE-6-MEDIA_USB: Console media-type is USB.

switch-stack-2
*Mar 1 00:01:09.835: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.

switch-stack-3
*Mar 1 00:01:10.523: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.
When the USB cable is removed or the PC de-activates the USB connection, the hardware automatically
changes to the RJ-45 console interface:

switch-stack-1
Mar 1 00:20:48.635: %USB_CONSOLE-6-MEDIA_RJ45: Console media-type is RJ45.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
60
Information About Configuring Interface Characteristics

You can configure the console type to always be RJ-45, and you can configure an inactivity timeout for the
USB connector.

USB Type A Port


The USB Type A port provides access to external USB flash devices, also known as thumb drives or USB
keys. The port supports Cisco USB flash drives with capacities from 128 MB to 8 GB (USB devices with
port densities of 128 MB, 256 MB, 1 GB, 4 GB, 8 GB are supported). You can use standard Cisco IOS
command- line interface (CLI) commands to read, write, erase, and copy to or from the flash device. You can
also configure the switch to boot from the USB flash drive.

Interface Connections
Devices within a single VLAN can communicate directly through any switch. Ports in different VLANs cannot
exchange data without going through a routing device. With a standard Layer 2 switch, ports in different
VLANs have to exchange information through a router. By using the switch with routing enabled, when you
configure both VLAN 20 and VLAN 30 with an SVI to which an IP address is assigned, packets can be sent
from Host A to Host B directly through the switch with no need for an external router.

Figure 2: Connecting VLANs with the Switch

Note Switches running the LAN Base image support configuring only 16 static routes on SVIs.
When the IP Services image is running on the switch or the active switch, the switch uses two methods to
forward traffic between interfaces: routing and fallback bridging. If the IP Base image is on the switch or the
active switch, only basic routing (static routing and RIP) is supported. Whenever possible, to maintain high
performance, forwarding is done by the switch hardware. However, only IPv4 packets with Ethernet II
encapsulation are routed in hardware. Non-IP traffic and traffic with other encapsulation methods are
fallback-bridged by hardware.
The routing function can be enabled on all SVIs and routed ports. The switch routes only IP traffic.
When IP routing protocol parameters and address configuration are added to an SVI or routed port, any
IP traffic received from these ports is routed.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
61
Information About Configuring Interface Characteristics

Fallback bridging forwards traffic that the switch does not route or traffic belonging to a nonroutable
protocol, such as DECnet. Fallback bridging connects multiple VLANs into one bridge domain by
bridging between two or more SVIs or routed ports. When configuring fallback bridging, you assign
SVIs or routed ports to bridge groups with each SVI or routed port assigned to only one bridge group.
All interfaces in the same group belong to the same bridge domain.

Interface Configuration Mode


The switch supports these interface types:
Physical portsswitch ports and routed ports
VLANsswitch virtual interfaces
Port channelsEtherChannel interfaces

You can also configure a range of interfaces.


To configure a physical interface (port), specify the interface type, stack member number (only stacking-capable
switches), module number, and switch port number, and enter interface configuration mode.
TypeGigabit Ethernet (gigabitethernet or gi) for 10/100/1000 Mb/s Ethernet ports, 10-Gigabit Ethernet
(tengigabitethernet or te) for 10,000 Mb/s, or small form-factor pluggable (SFP) module Gigabit Ethernet
interfaces (gigabitethernet or gi).
Stack member numberThe number that identifies the switch within the stack. The switch number
range is 1 to 9 and is assigned the first time the switch initializes. The default switch number, before it
is integrated into a switch stack, is 1. When a switch has been assigned a stack member number, it keeps
that number until another is assigned to it.
You can use the switch port LEDs in Stack mode to identify the stack member number of a switch.
Module numberThe module or slot number on the switch: switch (downlink) ports are 0, and uplink
ports are 1.
Port numberThe interface number on the switch. The 10/100/1000 port numbers always begin at 1,
starting with the far left port when facing the front of the switch, for example, gigabitethernet1/0/1 or
gigabitethernet1/0/8.
On a switch with SFP uplink ports, the module number is 1 and the port numbers restart. For example,
if the switch has 24 10/100/1000 ports, the SFP module ports are gigabitethernet1/1/1 through
gigabitethernet1/1/4 or tengigabitethernet1/1/1 through tengigabitethernet1/1/4.

You can identify physical interfaces by physically checking the interface location on the switch. You can also
use the show privileged EXEC commands to display information about a specific interface or all the interfaces
on the switch. The remainder of this chapter primarily provides physical interface configuration procedures.
These are examples of how to identify interfaces on a stacking-capable switch:
To configure 10/100/1000 port 4 on a standalone switch, enter this command:

Switch(config)# interface gigabitethernet1/0/4

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
62
Information About Configuring Interface Characteristics

To configure 10-Gigabit Ethernet port 1 on a standalone switch, enter this command:

Switch(config)# interface tengigabitethernet1/0/1

To configure 10-Gigabit Ethernet port on stack member 3, enter this command:

Switch(config)# interface tengigabitethernet3/0/1

To configure the first SFP module (uplink) port on a standalone switch, enter this command:

Switch(config)# interface gigabitethernet1/1/1

Default Ethernet Interface Configuration


To configure Layer 2 parameters, if the interface is in Layer 3 mode, you must enter the switchport interface
configuration command without any parameters to put the interface into Layer 2 mode. This shuts down the
interface and then re-enables it, which might generate messages on the device to which the interface is
connected. When you put an interface that is in Layer 3 mode into Layer 2 mode, the previous configuration
information related to the affected interface might be lost, and the interface is returned to its default
configuration.
This table shows the Ethernet interface default configuration, including some features that apply only to Layer
2 interfaces.

Table 6: Default Layer 2 Ethernet Interface Configuration

Feature Default Setting


Operating mode Layer 2 or switching mode (switchport command).

Allowed VLAN range VLANs 1 4094.

Default VLAN (for access ports) VLAN 1 (Layer 2 interfaces only).

Native VLAN (for IEEE 802.1Q trunks) VLAN 1 (Layer 2 interfaces only).

VLAN trunking Switchport mode dynamic auto (supports DTP) (Layer


2 interfaces only).

Port enable state All ports are enabled.

Port description None defined.

Speed Autonegotiate. (Not supported on the 10-Gigabit


interfaces.)

Duplex mode Autonegotiate. (Not supported on the 10-Gigabit


interfaces.)

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
63
Information About Configuring Interface Characteristics

Feature Default Setting


Flow control Flow control is set to receive: off. It is always off for
sent packets.

EtherChannel (PAgP) Disabled on all Ethernet ports.

Port blocking (unknown multicast and unknown Disabled (not blocked) (Layer 2 interfaces only).
unicast traffic)

Broadcast, multicast, and unicast storm control Disabled.

Protected port Disabled (Layer 2 interfaces only).

Port security Disabled (Layer 2 interfaces only).

Port Fast Disabled.

Auto-MDIX Enabled.
Note The switch might not support a pre-standard
powered devicesuch as Cisco IP phones
and access points that do not fully support
IEEE 802.3afif that powered device is
connected to the switch through a crossover
cable. This is regardless of whether
auto-MIDX is enabled on the switch port.
Power over Ethernet (PoE) Enabled (auto).

Interface Speed and Duplex Mode


Ethernet interfaces on the switch operate at 10, 100, 1000, or 10,000 Mb/s and in either full- or half-duplex
mode. In full-duplex mode, two stations can send and receive traffic at the same time. Normally, 10-Mb/s
ports operate in half-duplex mode, which means that stations can either receive or send traffic.
Switch models include Gigabit Ethernet (10/100/1000-Mb/s) ports, 10-Gigabit Ethernet ports, and small
form-factor pluggable (SFP) module slots supporting SFP modules.

Speed and Duplex Configuration Guidelines


When configuring an interface speed and duplex mode, note these guidelines:
The 10-Gigabit Ethernet ports do not support the speed and duplex features. These ports operate only
at 10,000 Mb/s and in full-duplex mode.
Gigabit Ethernet (10/100/1000-Mb/s) ports support all speed options and all duplex options (auto, half,
and full). However, Gigabit Ethernet ports operating at 1000 Mb/s do not support half-duplex mode.
For SFP module ports, the speed and duplex CLI options change depending on the SFP module type:

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
64
Information About Configuring Interface Characteristics

The 1000BASE-x (where -x is -BX, -CWDM, -LX, -SX, and -ZX) SFP module ports support the
nonegotiate keyword in the speed interface configuration command. Duplex options are not
supported.
The 1000BASE-T SFP module ports support the same speed and duplex options as the
10/100/1000-Mb/s ports.

If both ends of the line support autonegotiation, we highly recommend the default setting of auto
negotiation.
If one interface supports autonegotiation and the other end does not, configure duplex and speed on both
interfaces; do not use the auto setting on the supported side.
When STP is enabled and a port is reconfigured, the switch can take up to 30 seconds to check for loops.
The port LED is amber while STP reconfigures.

Caution Changing the interface speed and duplex mode configuration might shut down and re-enable the interface
during the reconfiguration.

IEEE 802.3x Flow Control


Flow control enables connected Ethernet ports to control traffic rates during congestion by allowing congested
nodes to pause link operation at the other end. If one port experiences congestion and cannot receive any more
traffic, it notifies the other port by sending a pause frame to stop sending until the condition clears. Upon
receipt of a pause frame, the sending device stops sending any data packets, which prevents any loss of data
packets during the congestion period.

Note The switch ports can receive, but not send, pause frames.

You use the flowcontrol interface configuration command to set the interfaces ability to receive pause frames
to on, off, or desired. The default state is off.
When set to desired, an interface can operate with an attached device that is required to send flow-control
packets or with an attached device that is not required to but can send flow-control packets.
These rules apply to flow control settings on the device:
receive on (or desired): The port cannot send pause frames but can operate with an attached device that
is required to or can send pause frames; the port can receive pause frames.
receive off: Flow control does not operate in either direction. In case of congestion, no indication is
given to the link partner, and no pause frames are sent or received by either device.

Note For details on the command settings and the resulting flow control resolution on local and remote ports,
see the flowcontrol interface configuration command in the command reference for this release.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
65
Information About Configuring Interface Characteristics

Layer 3 Interfaces
The switch supports these types of Layer 3 interfaces:
SVIs: You should configure SVIs for any VLANs for which you want to route traffic. SVIs are created
when you enter a VLAN ID following the interface vlan global configuration command. To delete an
SVI, use the no interface vlan global configuration command. You cannot delete interface VLAN 1.

Note When you create an SVI, it does not become active until it is associated with a physical
port.

When configuring SVIs, you can also configure SVI autostate exclude on a port in the SVI to exclude
that port from being included in determining SVI line-state status.
Routed ports: Routed ports are physical ports configured to be in Layer 3 mode by using the no switchport
interface configuration command.
Layer 3 EtherChannel ports: EtherChannel interfaces made up of routed ports.

A Layer 3 switch can have an IP address assigned to each routed port and SVI.
There is no defined limit to the number of SVIs and routed ports that can be configured in a switch or in a
switch stack. However, the interrelationship between the number of SVIs and routed ports and the number of
other features being configured might have an impact on CPU usage because of hardware limitations. If the
switch is using its maximum hardware resources, attempts to create a routed port or SVI have these results:
If you try to create a new routed port, the switch generates a message that there are not enough resources
to convert the interface to a routed port, and the interface remains as a switchport.
If you try to create an extended-range VLAN, an error message is generated, and the extended-range
VLAN is rejected.
If the switch is notified by VLAN Trunking Protocol (VTP) of a new VLAN, it sends a message that
there are not enough hardware resources available and shuts down the VLAN. The output of the show
vlan user EXEC command shows the VLAN in a suspended state.
If the switch attempts to boot up with a configuration that has more VLANs and routed ports than
hardware can support, the VLANs are created, but the routed ports are shut down, and the switch sends
a message that this was due to insufficient hardware resources.

All Layer 3 interfaces require an IP address to route traffic. This procedure shows how to configure an interface
as a Layer 3 interface and how to assign an IP address to an interface.

Note If the physical port is in Layer 2 mode (the default), you must enter the no switchport interface
configuration command to put the interface into Layer 3 mode. Entering a no switchport command
disables and then re-enables the interface, which might generate messages on the device to which the
interface is connected. Furthermore, when you put an interface that is in Layer 2 mode into Layer 3 mode,
the previous configuration information related to the affected interface might be lost, and the interface is
returned to its default configuration

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
66
How to Configure Interface Characteristics

How to Configure Interface Characteristics

Configuring Interfaces
These general instructions apply to all interface configuration processes.

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Switch> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Switch# configure terminal

Step 3 interface Identifies the interface type, the switch number (only on stacking-capable
switches), and the number of the connector.
Example: Note You do not need to add a space between the interface type and
Switch(config)# interface the interface number. For example, in the preceding line, you can
gigabitethernet1/0/1 specify either gigabitethernet 1/0/1, gigabitethernet1/0/1,
Switch(config-if)# gi 1/0/1, or gi1/0/1.

Step 4 Follow each interface command with the Defines the protocols and applications that will run on the interface. The
interface configuration commands that the commands are collected and applied to the interface when you enter another
interface requires. interface command or enter end to return to privileged EXEC mode.

Step 5 interface range or interface range macro (Optional) Configures a range of interfaces.
Note Interfaces configured in a range must be the same type and must
be configured with the same feature options.

Step 6 show interfaces Displays a list of all interfaces on or configured for the switch. A report
is provided for each interface that the device supports or for the specified
interface.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
67
How to Configure Interface Characteristics

Adding a Description for an Interface

SUMMARY STEPS

1. enable
2. configure terminal
3. interface interface-id
4. description string
5. end
6. show interfaces interface-id description
7. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password
if prompted.
Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface interface-id Specifies the interface for which you are adding a
description, and enter interface configuration mode.
Example:
Switch(config)# interface gigabitethernet1/0/2

Step 4 description string Adds a description (up to 240 characters) for an


interface.
Example:
Switch(config-if)# description Connects to
Marketing

Step 5 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
68
How to Configure Interface Characteristics

Command or Action Purpose


Step 6 show interfaces interface-id description Verifies your entry.

Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring a Range of Interfaces


To configure multiple interfaces with the same configuration parameters, use the interface range global
configuration command. When you enter the interface-range configuration mode, all command parameters
that you enter are attributed to all interfaces within that range until you exit this mode.

SUMMARY STEPS

1. enable
2. configure terminal
3. interface range {port-range | macro macro_name}
4. end
5. show interfaces [interface-id]
6. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface range {port-range | macro Specifies the range of interfaces (VLANs or physical ports) to be
macro_name} configured, and enter interface-range configuration mode.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
69
How to Configure Interface Characteristics

Command or Action Purpose


You can use the interface range command to configure up to five
Example: port ranges or a previously defined macro.

Switch(config)# interface range macro The macro variable is explained in the Configuring and Using
Interface Range Macros, on page 70.
In a comma-separated port-range, you must enter the interface type
for each entry and enter spaces before and after the comma.
In a hyphen-separated port-range, you do not need to re-enter the
interface type, but you must enter a space before the hyphen.

Note Use the normal configuration commands to apply the


configuration parameters to all interfaces in the range. Each
command is executed as it is entered.
Step 4 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 5 show interfaces [interface-id] Verifies the configuration of the interfaces in the range.

Example:
Switch# show interfaces

Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config
startup-config

Configuring and Using Interface Range Macros


You can create an interface range macro to automatically select a range of interfaces for configuration. Before
you can use the macro keyword in the interface range macro global configuration command string, you
must use the define interface-range global configuration command to define the macro.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
70
How to Configure Interface Characteristics

SUMMARY STEPS

1. enable
2. configure terminal
3. define interface-range macro_name interface-range
4. interface range macro macro_name
5. end
6. show running-config | include define
7. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 define interface-range macro_name Defines the interface-range macro, and save it in NVRAM.
interface-range
The macro_name is a 32-character maximum character string.
Example: A macro can contain up to five comma-separated interface
ranges.
Switch(config)# define interface-range
enet_list gigabitethernet1/0/1 - 2 Each interface-range must consist of the same port type.

Note Before you can use the macro keyword in the interface
range macro global configuration command string, you
must use the define interface-range global configuration
command to define the macro.
Step 4 interface range macro macro_name Selects the interface range to be configured using the values saved
in the interface-range macro called macro_name.
Example: You can now use the normal configuration commands to apply the
Switch(config)# interface range macro configuration to all interfaces in the defined macro.
enet_list

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
71
How to Configure Interface Characteristics

Command or Action Purpose


Step 5 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 6 show running-config | include define Shows the defined interface range macro configuration.

Example:
Switch# show running-config | include
define

Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring Ethernet Interfaces

Setting the Interface Speed and Duplex Parameters

SUMMARY STEPS

1. enable
2. configure terminal
3. interface interface-id
4. speed {10 | 100 | 1000 | auto [10 | 100 | 1000] | nonegotiate}
5. duplex {auto | full | half}
6. end
7. show interfaces interface-id
8. copy running-config startup-config
9. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
72
How to Configure Interface Characteristics

Command or Action Purpose

Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface interface-id Specifies the physical interface to be configured, and enter interface
configuration mode.
Example:
Switch(config)# interface
gigabitethernet1/0/3

Step 4 speed {10 | 100 | 1000 | auto [10 | 100 | 1000] This command is not available on a 10-Gigabit Ethernet interface.
| nonegotiate} Enter the appropriate speed parameter for the interface:

Example: Enter 10, 100, or 1000 to set a specific speed for the interface.
The 1000 keyword is available only for 10/100/1000 Mb/s ports.
Switch(config-if)# speed 10
Enter auto to enable the interface to autonegotiate speed with the
connected device. If you use the 10, 100, or the 1000 keywords
with the auto keyword, the port autonegotiates only at the
specified speeds.
The nonegotiate keyword is available only for SFP module ports.
SFP module ports operate only at 1000 Mb/s but can be configured
to not negotiate if connected to a device that does not support
autonegotiation.

Step 5 duplex {auto | full | half} This command is not available on a 10-Gigabit Ethernet interface.
Enter the duplex parameter for the interface.
Example:
Enable half-duplex mode (for interfaces operating only at 10 or
Switch(config-if)# duplex half 100 Mb/s). You cannot configure half-duplex mode for interfaces
operating at 1000 Mb/s.
You can configure the duplex setting when the speed is set to auto.

Step 6 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
73
How to Configure Interface Characteristics

Command or Action Purpose


Step 7 show interfaces interface-id Displays the interface speed and duplex mode configuration.

Example:
Switch# show interfaces
gigabitethernet1/0/3

Step 8 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config
startup-config

Step 9 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config
startup-config

Configuring IEEE 802.3x Flow Control

SUMMARY STEPS

1. configure terminal
2. interface interface-id
3. flowcontrol {receive} {on | off | desired}
4. end
5. show interfaces interface-id
6. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode

Example:
Switch# configure terminal

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
74
How to Configure Interface Characteristics

Command or Action Purpose


Step 2 interface interface-id Specifies the physical interface to be configured, and
enter interface configuration mode.
Example:
Switch(config)# interface gigabitethernet1/0/1

Step 3 flowcontrol {receive} {on | off | desired} Configures the flow control mode for the port.

Example:
Switch(config-if)# flowcontrol receive on

Step 4 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Step 5 show interfaces interface-id Verifies the interface flow control settings.

Example:
Switch# show interfaces gigabitethernet1/0/1

Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration
file.
Example:
Switch# copy running-config startup-config

Configuring Layer 3 Interfaces

SUMMARY STEPS

1. enable
2. configure terminal
3. interface {gigabitethernet interface-id} | {vlan vlan-id} | {port-channel port-channel-number}
4. no switchport
5. ip address ip_address subnet_mask
6. no shutdown
7. end
8. show interfaces [interface-id]
9. copy running-config startup-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
75
How to Configure Interface Characteristics

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password
if prompted.
Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface {gigabitethernet interface-id} | {vlan vlan-id} | Specifies the interface to be configured as a Layer 3
{port-channel port-channel-number} interface, and enter interface configuration mode.

Example:
Switch(config)# interface gigabitethernet1/0/2

Step 4 no switchport For physical ports only, enters Layer 3 mode.

Example:
Switch(config-if)# no switchport

Step 5 ip address ip_address subnet_mask Configures the IP address and IP subnet.

Example:
Switch(config-if)# ip address 192.20.135.21
255.255.255.0

Step 6 no shutdown Enables the interface.

Example:
Switch(config-if)# no shutdown

Step 7 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Step 8 show interfaces [interface-id] Verifies the configuration.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
76
How to Configure Interface Characteristics

Command or Action Purpose


Step 9 copy running-config startup-config (Optional) Saves your entries in the configuration
file.
Example:
Switch# copy running-config startup-config

Configuring SVI Autostate Exclude

SUMMARY STEPS

1. enable
2. configure terminal
3. interface interface-id
4. switchport autostate exclude
5. end
6. show running config interface interface-id
7. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if
prompted.
Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface interface-id Specifies a Layer 2 interface (physical port or port channel),
and enter interface configuration mode.
Example:
Switch(config)# interface gigabitethernet1/0/2

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
77
How to Configure Interface Characteristics

Command or Action Purpose


Step 4 switchport autostate exclude Excludes the access or trunk port when defining the status
of an SVI line state (up or down)
Example:
Switch(config-if)# switchport autostate
exclude

Step 5 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Step 6 show running config interface interface-id (Optional) Shows the running configuration.
Verifies the configuration.

Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Shutting Down and Restarting the Interface


Shutting down an interface disables all functions on the specified interface and marks the interface as unavailable
on all monitoring command displays. This information is communicated to other network servers through all
dynamic routing protocols. The interface is not mentioned in any routing updates.

SUMMARY STEPS

1. enable
2. configure terminal
3. interface {vlan vlan-id} | { gigabitethernetinterface-id} | {port-channel port-channel-number}
4. shutdown
5. no shutdown
6. end
7. show running-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
78
How to Configure Interface Characteristics

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your
password if prompted.
Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface {vlan vlan-id} | { gigabitethernetinterface-id} | Selects the interface to be configured.


{port-channel port-channel-number}

Example:
Switch(config)# interface gigabitethernet1/0/2

Step 4 shutdown Shuts down an interface.

Example:
Switch(config-if)# shutdown

Step 5 no shutdown Restarts an interface.

Example:
Switch(config-if)# no shutdown

Step 6 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Step 7 show running-config Verifies your entries.

Example:
Switch# show running-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
79
How to Configure Interface Characteristics

Configuring the Console Media Type


Follow these steps to set the console media type to RJ-45. If you configure the console as RJ-45, USB console
operation is disabled, and input comes only through the RJ-45 connector.
This configuration applies to all switches in a stack.

SUMMARY STEPS

1. enable
2. configure terminal
3. line console 0
4. media-type rj45
5. end
6. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if
prompted.
Example:
Switch> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Switch# configure terminal

Step 3 line console 0 Configures the console and enters line configuration mode.

Example:
Switch(config)# line console 0

Step 4 media-type rj45 Configures the console media type to be only RJ-45 port. If
you do not enter this command and both types are connected,
Example: the USB port is used by default.

Switch(config-line)# media-type rj45

Step 5 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
80
How to Configure Interface Characteristics

Command or Action Purpose


Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring the USB Inactivity Timeout


The configurable inactivity timeout reactivates the RJ-45 console port if the USB console port is activated
but no input activity occurs on it for a specified time period. When the USB console port is deactivated due
to a timeout, you can restore its operation by disconnecting and reconnecting the USB cable.

Note The configured inactivity timeout applies to all switches in a stack. However, a timeout on one switch
does not cause a timeout on other switches in the stack.

SUMMARY STEPS

1. enable
2. configure terminal
3. line console 0
4. usb-inactivity-timeout timeout-minutes
5. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if
prompted.
Example:
Switch> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Switch# configure terminal

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
81
Monitoring Interface Characteristics

Command or Action Purpose


Step 3 line console 0 Configures the console and enters line configuration mode.

Example:
Switch(config)# line console 0

Step 4 usb-inactivity-timeout timeout-minutes Specify an inactivity timeout for the console port. The
range is 1 to 240 minutes. The default is to have no timeout
Example: configured.

Switch(config-line)# usb-inactivity-timeout 30

Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Monitoring Interface Characteristics

Monitoring Interface Status


Commands entered at the privileged EXEC prompt display information about the interface, including the
versions of the software and the hardware, the configuration, and statistics about the interfaces.

Table 7: Show Commands for Interfaces

Command Purpose
show interfaces interface-id status [err-disabled] Displays interface status or a list of interfaces in the
error-disabled state.

show interfaces [interface-id] switchport Displays administrative and operational status of


switching (nonrouting) ports. You can use this
command to find out if a port is in routing or in
switching mode.

show interfaces [interface-id] description Displays the description configured on an interface


or all interfaces and the interface status.

show ip interface [interface-id] Displays the usability status of all interfaces


configured for IP routing or the specified interface.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
82
Monitoring Interface Characteristics

Command Purpose
show interface [interface-id] stats Displays the input and output packets by the switching
path for the interface.

show interfaces interface-id (Optional) Displays speed and duplex on the interface.

show interfaces transceiver dom-supported-list (Optional) Displays Digital Optical Monitoring


(DOM) status on the connect SFP modules.

show interfaces transceiver properties (Optional) Displays temperature, voltage, or amount


of current on the interface.

show interfaces [interface-id] [{transceiver Displays physical and operational status about an SFP
properties | detail}] module number] module.

show running-config interface [interface-id] Displays the running configuration in RAM for the
interface.

show version Displays the hardware configuration, software


version, the names and sources of configuration files,
and the boot images.

show controllers ethernet-controller interface-id Displays the operational state of the auto-MDIX
phy feature on the interface.

Clearing and Resetting Interfaces and Counters


Table 8: Clear Commands for Interfaces

Command Purpose
clear counters [interface-id] Clears interface counters.

clear interface interface-id Resets the hardware logic on an interface.

clear line [number | console 0 | vty number] Resets the hardware logic on an asynchronous serial
line.

Note The clear counters privileged EXEC command does not clear counters retrieved by using Simple Network
Management Protocol (SNMP), but only those seen with the show interface privileged EXEC command.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
83
Configuration Examples for Interface Characteristics

Configuration Examples for Interface Characteristics

Adding a Description to an Interface: Example


Switch# configure terminal
Enter configuration commands, one per line. End with CNTRL/Z.
Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# description Connects to Marketing
Switch(config-if)# end
Switch# show interfaces gigabitethernet1/0/2 description
Interface Status Protocol Description
Gi1/0/2 admin down down Connects to Marketing

Configuring a Range of Interfaces: Examples


This example shows how to use the interface range global configuration command to set the speed to 100
Mb/s on ports 1 to 4 on switch 1:

Switch# configure terminal


Switch(config)# interface range gigabitethernet1/0/1 - 4
Switch(config-if-range)# speed 100

This example shows how to use a comma to add different interface type strings to the range to enable Gigabit
Ethernet ports 1 to 3 and 10-Gigabit Ethernet ports 1 and 2 to receive flow-control pause frames:

Switch# configure terminal


Switch(config)# interface range gigabitethernet1/0/1 - 3 , tengigabitethernet1/0/1 - 2
Switch(config-if-range)# flowcontrol receive on

If you enter multiple configuration commands while you are in interface-range mode, each command is
executed as it is entered. The commands are not batched and executed after you exit interface-range mode. If
you exit interface-range configuration mode while the commands are being executed, some commands might
not be executed on all interfaces in the range. Wait until the command prompt reappears before exiting
interface-range configuration mode.

Configuring and Using Interface Range Macros: Examples


This example shows how to define an interface-range named enet_list to include ports 1 and 2 on switch 1
and to verify the macro configuration:

Switch# configure terminal


Switch(config)# define interface-range enet_list gigabitethernet1/0/1 - 2
Switch(config)# end
Switch# show running-config | include define
define interface-range enet_list GigabitEthernet1/0/1 - 2
This example shows how to create a multiple-interface macro named macro1:

Switch# configure terminal


Switch(config)# define interface-range macro1 gigabitethernet1/0/1 - 2, gigabitethernet1/0/5
- 7, tengigabitethernet1/0/1 -2
Switch(config)# end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
84
Configuration Examples for Interface Characteristics

This example shows how to enter interface-range configuration mode for the interface-range macro enet_list:

Switch# configure terminal


Switch(config)# interface range macro enet_list
Switch(config-if-range)#

This example shows how to delete the interface-range macro enet_list and to verify that it was deleted.

Switch# configure terminal


Switch(config)# no define interface-range enet_list
Switch(config)# end
Switch# show run | include define
Switch#

Setting Interface Speed and Duplex Mode: Example


This example shows how to set the interface speed to 100 Mb/s and the duplex mode to half on a 10/100/1000
Mb/s port:

Switch# configure terminal


Switch(config)# interface gigabitethernet1/0/3
Switch(config-if)# speed 10
Switch(config-if)# duplex half

This example shows how to set the interface speed to 100 Mb/s on a 10/100/1000 Mb/s port:

Switch# configure terminal


Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# speed 100

Configuring Layer 3 Interfaces: Example


Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# no switchport
Switch(config-if)# ip address 192.20.135.21 255.255.255.0
Switch(config-if)# no shutdown

Configuring the Console Media Type: Example


This example disables the USB console media type and enables the RJ-45 console media type.

Switch# configure terminal


Switch(config)# line console 0
Switch(config-line)# media-type rj45

This configuration terminates any active USB console media type in the stack. A log shows that this termination
has occurred. This example shows that the console on switch 1 reverted to RJ-45.

*Mar 1 00:25:36.860: %USB_CONSOLE-6-CONFIG_DISABLE: Console media-type USB disabled by


system configuration, media-type reverted to RJ45.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
85
Additional References for the Interface Characteristics Feature

At this point no switches in the stack allow a USB console to have input. A log entry shows when a console
cable is attached. If a USB console cable is connected to switch 2, it is prevented from providing input.

*Mar 1 00:34:27.498: %USB_CONSOLE-6-CONFIG_DISALLOW: Console media-type USB is disallowed


by system configuration, media-type remains RJ45. (switch-stk-2)
This example reverses the previous configuration and immediately activates any USB console that is connected.

Switch# configure terminal


Switch(config)# line console 0
Switch(config-line)# no media-type rj45

Configuring the USB Inactivity Timeout: Example


This example configures the inactivity timeout to 30 minutes:

Switch# configure terminal


Switch(config)# line console 0
Switch(config-line)# usb-inactivity-timeout 30

To disable the configuration, use these commands:

Switch# configure terminal


Switch(config)# line console 0
Switch(config-line)# no usb-inactivity-timeout

If there is no (input) activity on a USB console port for the configured number of minutes, the inactivity
timeout setting applies to the RJ-45 port, and a log shows this occurrence:

*Mar 1 00:47:25.625: %USB_CONSOLE-6-INACTIVITY_DISABLE: Console media-type USB disabled


due to inactivity, media-type reverted to RJ45.
At this point, the only way to reactivate the USB console port is to disconnect and reconnect the cable.
When the USB cable on the switch has been disconnected and reconnected, a log similar to this appears:

*Mar 1 00:48:28.640: %USB_CONSOLE-6-MEDIA_USB: Console media-type is USB.

Additional References for the Interface Characteristics Feature


Related Documents

Related Topic Document Title


Platform-independent command reference Interface and Hardware Command Reference, Cisco IOS
XE Release 3.2SE (Catalyst 3850 Switches)

Platform-independent configuration information Interface and Hardware Component Configuration


Guide, Cisco IOS XE Release 3SE (Catalyst 3850
Switches)

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
86
Feature History and Information for Configuring Interface Characteristics

Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

Standards and RFCs

Standard/RFC Title
None --

MIBs

MIB MIBs Link


All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature History and Information for Configuring Interface Characteristics


Release Modification
Cisco IOS XE 3.2SECisco IOS XE 3.2SE This feature was introduced.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
87
Feature History and Information for Configuring Interface Characteristics

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
88
CHAPTER 5
Configuring Auto-MDIX
Prerequisites for Auto-MDIX, page 89
Restrictions for Auto-MDIX, page 89
Information about Configuring Auto-MDIX, page 90
How to Configure Auto-MDIX, page 90
Example for Configuring Auto-MDIX, page 92
Additional References, page 92
Feature History and Information for Auto-MDIX, page 93

Prerequisites for Auto-MDIX


To configure Layer 2 parameters, if the interface is in Layer 3 mode, you must enter the switchport interface
configuration command without any parameters to put the interface into Layer 2 mode. This shuts down the
interface and then re-enables it, which might generate messages on the device to which the interface is
connected. When you put an interface that is in Layer 3 mode into Layer 2 mode, the previous configuration
information related to the affected interface might be lost, and the interface is returned to its default
configuration.
Automatic medium-dependent interface crossover (auto-MDIX) is enabled by default.
Auto-MDIX is supported on all 10/100/1000-Mb/s and on 10/100/1000BASE-TX small form-factor pluggable
(SFP)-module interfaces. It is not supported on 1000BASE-SX or -LX SFP module interfaces.

Restrictions for Auto-MDIX


The switch might not support a pre-standard powered devicesuch as Cisco IP phones and access points that
do not fully support IEEE 802.3afif that powered device is connected to the switch through a crossover
cable. This is regardless of whether auto-MIDX is enabled on the switch port.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
89
Information about Configuring Auto-MDIX

Information about Configuring Auto-MDIX

Auto-MDIX on an Interface
When automatic medium-dependent interface crossover (auto-MDIX) is enabled on an interface, the interface
automatically detects the required cable connection type (straight through or crossover) and configures the
connection appropriately. When connecting switches without the auto-MDIX feature, you must use
straight-through cables to connect to devices such as servers, workstations, or routers and crossover cables
to connect to other switches or repeaters. With auto-MDIX enabled, you can use either type of cable to connect
to other devices, and the interface automatically corrects for any incorrect cabling. For more information about
cabling requirements, see the hardware installation guide.
This table shows the link states that result from auto-MDIX settings and correct and incorrect cabling.

Table 9: Link Conditions and Auto-MDIX Settings

Local Side Auto-MDIX Remote Side Auto-MDIX With Correct Cabling With Incorrect Cabling
On On Link up Link up

On Off Link up Link up

Off On Link up Link up

Off Off Link up Link down

How to Configure Auto-MDIX

Configuring Auto-MDIX on an Interface

SUMMARY STEPS

1. enable
2. configure terminal
3. interface interface-id
4. speed auto
5. duplex auto
6. end
7. copy running-config startup-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
90
How to Configure Auto-MDIX

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if
prompted.
Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode

Example:

Switch# configure terminal

Step 3 interface interface-id Specifies the physical interface to be configured, and enter
interface configuration mode.
Example:

Switch(config)# interface gigabitethernet1/0/1

Step 4 speed auto Configures the interface to autonegotiate speed with the
connected device.
Example:

Switch(config-if)# speed auto

Step 5 duplex auto Configures the interface to autonegotiate duplex mode


with the connected device.
Example:

Switch(config-if)# duplex auto

Step 6 end Returns to privileged EXEC mode.

Example:

Switch(config-if)# end

Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
91
Example for Configuring Auto-MDIX

Example for Configuring Auto-MDIX


This example shows how to enable auto-MDIX on a port:

Switch# configure terminal


Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# speed auto
Switch(config-if)# duplex auto
Switch(config-if)# mdix auto
Switch(config-if)# end

Additional References
Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

MIBs

MIB MIBs Link


All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
92
Feature History and Information for Auto-MDIX

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature History and Information for Auto-MDIX


Release Modification
Cisco IOS XE 3.2SECisco IOS XE 3.2SE This feature was introduced.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
93
Feature History and Information for Auto-MDIX

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
94
CHAPTER 6
Configuring Ethernet Management Port
Finding Feature Information, page 95
Prerequisites for Ethernet Management Ports, page 95
Information about the Ethernet Management Port, page 95
How to Configure the Ethernet Management Port, page 98
Additional References, page 99
Feature Information for Ethernet Management Ports, page 100

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Prerequisites for Ethernet Management Ports


When connecting a PC to the Ethernet management port, you must first assign an IP address.

Information about the Ethernet Management Port


The Ethernet management port, also referred to as the Gi0/0 or GigabitEthernet0/0 port, is a VRF (VPN
routing/forwarding) interface to which you can connect a PC. You can use the Ethernet management port
instead of the switch console port for network management. When managing a switch stack, connect the PC
to the Ethernet management port on a stack member.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
95
Information about the Ethernet Management Port

Ethernet Management Port Direct Connection to a Switch

This figure displays how to connect the Ethernet management port to the PC for a switch or a standalone
switch.
Figure 3: Connecting a Switch to a PC

Ethernet Management Port Connection to Stack Switches using a Hub


In a stack with only stack switches, all the Ethernet management ports on the stack members are connected
to a hub to which the PC is connected. The active link is from the Ethernet management port on the active
switchthrough the hub, to the PC. If the activeswitch fails and a new active switch is elected, the active link
is now from the Ethernet management port on the new active switch to the PC.

This figure displays how a PC uses a hub to connect to a switch stack.


Figure 4: Connecting a Switch Stack to a PC

1 Switch stack 3 Hub

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
96
Information about the Ethernet Management Port

2 Management port 4 PC

Ethernet Management Port and Routing


By default, the Ethernet management port is enabled. The switch cannot route packets from the Ethernet
management port to a network port, and the reverse. Even though the Ethernet management port does not
support routing, you may need to enable routing protocols on the port.

Enable routing protocols on the Ethernet management port when the PC is multiple hops away from the switch
and the packets must pass through multiple Layer 3 devices to reach the PC.
Figure 5: Network Example with Routing Protocols Enabled

In the above figure , if the Ethernet management port and the network ports are associated with the same
routing process, the routes are propagated as follows:
The routes from the Ethernet management port are propagated through the network ports to the network.
The routes from the network ports are propagated through the Ethernet management port to the network.

Because routing is not supported between the Ethernet management port and the network ports, traffic between
these ports cannot be sent or received. If this happens, data packet loops occur between the ports, which disrupt
the switch and network operation. To prevent the loops, configure route filters to avoid routes between the
Ethernet management port and the network ports.

Supported Features on the Ethernet Management Port


The Ethernet management port supports these features:
Express Setup (only in switch stacks)
Network Assistant
Telnet with passwords
TFTP
Secure Shell (SSH)
DHCP-based autoconfiguration
SMNP (only the ENTITY-MIB and the IF-MIB)

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
97
How to Configure the Ethernet Management Port

IP ping
Interface features
Speed10 Mb/s, 100 Mb/s, 1000 Mb/s, and autonegotiation
Duplex modeFull, half, and autonegotiation
Loopback detection

Cisco Discovery Protocol (CDP)


DHCP relay agent
IPv4 and IPv6 access control lists (ACLs)
Routing protocols

Caution Before enabling a feature on the Ethernet management port, make sure that the feature is supported. If
you try to configure an unsupported feature on the Ethernet Management port, the feature might not work
properly, and the switch might fail.

How to Configure the Ethernet Management Port

Disabling and Enabling the Ethernet Management Port

SUMMARY STEPS

1. configure terminal
2. interface gigabitethernet0/0
3. shutdown
4. no shutdown
5. exit
6. show interfaces gigabitethernet0/0

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
98
Additional References

Command or Action Purpose


Step 2 interface gigabitethernet0/0 Specifies the Ethernet management port in the CLI.

Example:
Switch(config)# interface gigabitethernet0/0

Step 3 shutdown Disables the Ethernet management port.

Example:
Switch(config-if)# shutdown

Step 4 no shutdown Enables the Ethernet management port.

Example:
Switch(config-if)# no shutdown

Step 5 exit Exits interface configuration mode.

Example:
Switch(config-if)# exit

Step 6 show interfaces gigabitethernet0/0 Displays the link status.


To find out the link status to the PC, you can monitor the
Example: LED for the Ethernet management port. The LED is green
Switch# show interfaces gigabitethernet0/0
(on) when the link is active, and the LED is off when the link
is down. The LED is amber when there is a POST failure.

What to Do Next
Proceed to manage or configure your switch using the Ethernet management port. Refer to the Network
Management Configuration Guide (Catalyst 3850 Switches).

Additional References
Related Documents

Related Topic Document Title


Bootloader configuration System Management Configuration Guide (Catalyst
3850 Switches)System Management Configuration
Guide (Cisco WLC 5700 Series)

Bootloader commands System Management Command Reference (Catalyst


3850 Switches)System Management Command
Reference (Cisco WLC 5700 Series)

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
99
Feature Information for Ethernet Management Ports

Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

MIBs

MIB MIBs Link


All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature Information for Ethernet Management Ports


Release Modification
Cisco IOS XE 3.2SECisco IOS XE 3.2SE This feature was introduced.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
100
CHAPTER 7
Configuring LLDP, LLDP-MED, and Wired
Location Service
Finding Feature Information, page 101
LLDP, LLDP-MED, and Wired Location Service Overview, page 101
How to Configure LLDP, LLDP-MED, and Wired Location Service, page 106
Configuration Examples for LLDP, LLDP-MED, and Wired Location Service, page 118
Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service, page 118
Additional References for LLDP, LLDP-MED, and Wired Location Service, page 119
Feature Information for LLDP, LLDP-MED, and Wired Location Service, page 120

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

LLDP, LLDP-MED, and Wired Location Service Overview

LLDP
The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer)
on all Cisco-manufactured devices (routers, bridges, access servers, switches, and controllers). CDP allows
network management applications to automatically discover and learn about other Cisco devices connected
to the network.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
101
LLDP, LLDP-MED, and Wired Location Service Overview

To support non-Cisco devices and to allow for interoperability between other devices, the switch supports the
IEEE 802.1AB Link Layer Discovery Protocol (LLDP). LLDP is a neighbor discovery protocol that is used
for network devices to advertise information about themselves to other devices on the network. This protocol
runs over the data-link layer, which allows two systems running different network layer protocols to learn
about each other.

LLDP Supported TLVs


LLDP supports a set of attributes that it uses to discover neighbor devices. These attributes contain type,
length, and value descriptions and are referred to as TLVs. LLDP supported devices can use TLVs to receive
and send information to their neighbors. This protocol can advertise details such as configuration information,
device capabilities, and device identity.
The switch supports these basic management TLVs. These are mandatory LLDP TLVs.
Port description TLV
System name TLV
System description TLV
System capabilities TLV
Management address TLV

These organizationally specific LLDP TLVs are also advertised to support LLDP-MED.
Port VLAN ID TLV (IEEE 802.1 organizationally specific TLVs)
MAC/PHY configuration/status TLV (IEEE 802.3 organizationally specific TLVs)

LLDP and Cisco Switch Stacks


A switch stack appears as a single switch in the network. Therefore, LLDP discovers the switch stack, not
the individual stack members.

LLDP and Cisco Medianet


When you configure LLDP or CDP location information on a per-port basis, remote devices can send Cisco
Medianet location information to the switch. For information, go to http://www.cisco.com/en/US/docs/ios/
netmgmt/configuration/guide/nm_cdp_discover.html.

LLDP-MED
LLDP for Media Endpoint Devices (LLDP-MED) is an extension to LLDP that operates between endpoint
devices such as IP phones and network devices such as switches. It specifically provides support for voice
over IP (VoIP) applications and provides additional TLVs for capabilities discovery, network policy, Power
over Ethernet, inventory management and location information. By default, all LLDP-MED TLVs are enabled.

LLDP-MED Supported TLVs


LLDP-MED supports these TLVs:

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
102
LLDP, LLDP-MED, and Wired Location Service Overview

LLDP-MED capabilities TLV


Allows LLDP-MED endpoints to determine the capabilities that the connected device supports and has
enabled.
Network policy TLV
Allows both network connectivity devices and endpoints to advertise VLAN configurations and associated
Layer 2 and Layer 3 attributes for the specific application on that port. For example, the switch can
notify a phone of the VLAN number that it should use. The phone can connect to any switch, obtain its
VLAN number, and then start communicating with the call control.
By defining a network-policy profile TLV, you can create a profile for voice and voice-signaling by
specifying the values for VLAN, class of service (CoS), differentiated services code point (DSCP), and
tagging mode. These profile attributes are then maintained centrally on the switch and propagated to the
phone.
Power management TLV
Enables advanced power management between LLDP-MED endpoint and network connectivity devices.
Allows switches and phones to convey power information, such as how the device is powered, power
priority, and how much power the device needs.
LLDP-MED also supports an extended power TLV to advertise fine-grained power requirements,
end-point power priority, and end-point and network connectivity-device power status. LLDP is enabled
and power is applied to a port, the power TLV determines the actual power requirement of the endpoint
device so that the system power budget can be adjusted accordingly. The switch processes the requests
and either grants or denies power based on the current power budget. If the request is granted, the switch
updates the power budget. If the request is denied, the switch turns off power to the port, generates a
syslog message, and updates the power budget. If LLDP-MED is disabled or if the endpoint does not
support the LLDP-MED power TLV, the initial allocation value is used throughout the duration of the
connection.
You can change power settings by entering the power inline {auto [max max-wattage] | never | static
[max max-wattage]} interface configuration command. By default the PoE interface is in auto mode;
If no value is specified, the maximum is allowed (30 W).
Inventory management TLV
Allows an endpoint to send detailed inventory information about itself to the switch, including information
hardware revision, firmware version, software version, serial number, manufacturer name, model name,
and asset ID TLV.
Location TLV
Provides location information from the switch to the endpoint device. The location TLV can send this
information:
Civic location information
Provides the civic address information and postal information. Examples of civic location
information are street address, road name, and postal community name information.
ELIN location information
Provides the location information of a caller. The location is determined by the Emergency location
identifier number (ELIN), which is a phone number that routes an emergency call to the local
public safety answering point (PSAP) and which the PSAP can use to call back the emergency
caller.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
103
LLDP, LLDP-MED, and Wired Location Service Overview

Geographic location information


Provides the geographical details of a switch location such as latitude, longitude, and altitude of a
switch.
custom location
Provides customized name and value of a switch location.

Wired Location Service


The switch uses the location service feature to send location and attachment tracking information for its
connected devices to a Cisco Mobility Services Engine (MSE). The tracked device can be a wireless endpoint,
a wired endpoint, or a wired switch or controller. The switch notifies the MSE of device link up and link down
events through the Network Mobility Services Protocol (NMSP) location and attachment notifications.
The MSE starts the NMSP connection to the switch, which opens a server port. When the MSE connects to
the switch there are a set of message exchanges to establish version compatibility and service exchange
information followed by location information synchronization. After connection, the switch periodically sends
location and attachment notifications to the MSE. Any link up or link down events detected during an interval
are aggregated and sent at the end of the interval.
When the switch determines the presence or absence of a device on a link-up or link-down event, it obtains
the client-specific information such as the MAC address, IP address, and username. If the client is LLDP-MED-
or CDP-capable, the switch obtains the serial number and UDI through the LLDP-MED location TLV or
CDP.
Depending on the device capabilities, the switch obtains this client information at link up:
Slot and port specified in port connection
MAC address specified in the client MAC address
IP address specified in port connection
802.1X username if applicable
Device category is specified as a wired station
State is specified as new
Serial number, UDI
Model number
Time in seconds since the switch detected the association

Depending on the device capabilities, the switch obtains this client information at link down:
Slot and port that was disconnected
MAC address
IP address
802.1X username if applicable
Device category is specified as a wired station
State is specified as delete

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
104
LLDP, LLDP-MED, and Wired Location Service Overview

Serial number, UDI


Time in seconds since the switch detected the disassociation

When the switch shuts down, it sends an attachment notification with the state delete and the IP address before
closing the NMSP connection to the MSE. The MSE interprets this notification as disassociation for all the
wired clients associated with the switch.
If you change a location address on the switch, the switch sends an NMSP location notification message that
identifies the affected ports and the changed address information.

Default LLDP Configuration


Table 10: Default LLDP Configuration

Feature Default Setting


LLDP global state Disabled

LLDP holdtime (before discarding) 120 seconds

LLDP timer (packet update frequency) 30 seconds

LLDP reinitialization delay 2 seconds

LLDP tlv-select Disabled to send and receive all TLVs

LLDP interface state Disabled

LLDP receive Disabled

LLDP transmit Disabled

LLDP med-tlv-select Disabled to send all LLDP-MED TLVs. When LLDP is globally
enabled, LLDP-MED-TLV is also enabled.

Restrictions for LLDP


If the interface is configured as a tunnel port, LLDP is automatically disabled.
If you first configure a network-policy profile on an interface, you cannot apply the switchport voice
vlan command on the interface. If the switchport voice vlan vlan-id is already configured on an interface,
you can apply a network-policy profile on the interface. This way the interface has the voice or
voice-signaling VLAN network-policy profile applied on the interface.
You cannot configure static secure MAC addresses on an interface that has a network-policy profile.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
105
How to Configure LLDP, LLDP-MED, and Wired Location Service

How to Configure LLDP, LLDP-MED, and Wired Location Service

Enabling LLDP

SUMMARY STEPS

1. enable
2. configure terminal
3. lldp run
4. interface interface-id
5. lldp transmit
6. lldp receive
7. end
8. show lldp
9. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password
if prompted.
Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 lldp run Enables LLDP globally on the switch.

Example:
Switch (config)# lldp run

Step 4 interface interface-id Specifies the interface on which you are enabling LLDP,
and enter interface configuration mode.
Example:
Switch (config)# interface
gigabitethernet2/0/1

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
106
How to Configure LLDP, LLDP-MED, and Wired Location Service

Command or Action Purpose


Step 5 lldp transmit Enables the interface to send LLDP packets.

Example:
Switch(config-if)# lldp transmit

Step 6 lldp receive Enables the interface to receive LLDP packets.

Example:
Switch(config-if)# lldp receive

Step 7 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Step 8 show lldp Verifies the configuration.

Example:
Switch# show lldp

Step 9 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring LLDP Characteristics


You can configure the frequency of LLDP updates, the amount of time to hold the information before discarding
it, and the initialization delay time. You can also select the LLDP and LLDP-MED TLVs to send and receive.

Note Steps 2 through 5 are optional and can be performed in any order.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
107
How to Configure LLDP, LLDP-MED, and Wired Location Service

SUMMARY STEPS

1. enable
2. configure terminal
3. lldp holdtime seconds
4. lldp reinit delay
5. lldp timer rate
6. lldp tlv-select
7. interface interface-id
8. lldp med-tlv-select
9. end
10. show lldp
11. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if
prompted.
Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 lldp holdtime seconds (Optional) Specifies the amount of time a receiving device
should hold the information from your device before discarding
Example: it.

Switch(config)# lldp holdtime 120 The range is 0 to 65535 seconds; the default is 120 seconds.

Step 4 lldp reinit delay (Optional) Specifies the delay time in seconds for LLDP to
initialize on an interface.
Example: The range is 2 to 5 seconds; the default is 2 seconds.
Switch(config)# lldp reinit 2

Step 5 lldp timer rate (Optional) Sets the sending frequency of LLDP updates in
seconds.
Example: The range is 5 to 65534 seconds; the default is 30 seconds.
Switch(config)# lldp timer 30

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
108
How to Configure LLDP, LLDP-MED, and Wired Location Service

Command or Action Purpose


Step 6 lldp tlv-select (Optional) Specifies the LLDP TLVs to send or receive.

Example:
Switch(config)# tlv-select

Step 7 interface interface-id Specifies the interface on which you are enabling LLDP, and
enter interface configuration mode.
Example:
Switch (config)# interface
gigabitethernet2/0/1

Step 8 lldp med-tlv-select (Optional) Specifies the LLDP-MED TLVs to send or receive.

Example:
Switch (config-if)# lldp
med-tlv-select inventory management

Step 9 end Returns to privileged EXEC mode.

Example:
Switch (config-if)# end

Step 10 show lldp Verifies the configuration.

Example:
Switch# show lldp

Step 11 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring LLDP-MED TLVs


By default, the switch only sends LLDP packets until it receives LLDP-MED packets from the end device.
It then sends LLDP packets with MED TLVs, as well. When the LLDP-MED entry has been aged out, it again
only sends LLDP packets.
By using the lldp interface configuration command, you can configure the interface not to send the TLVs
listed in the following table.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
109
How to Configure LLDP, LLDP-MED, and Wired Location Service

Table 11: LLDP-MED TLVs

LLDP-MED TLV Description


inventory-management LLDP-MED inventory management TLV

location LLDP-MED location TLV

network-policy LLDP-MED network policy TLV

power-management LLDP-MED power management TLV

Follow these steps to enable a TLV on an interface:

SUMMARY STEPS

1. enable
2. configure terminal
3. interface interface-id
4. lldp med-tlv-select
5. end
6. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password
if prompted.
Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface interface-id Specifies the interface on which you are enabling
LLDP, and enter interface configuration mode.
Example:
Switch (config)# interface
gigabitethernet2/0/1

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
110
How to Configure LLDP, LLDP-MED, and Wired Location Service

Command or Action Purpose


Step 4 lldp med-tlv-select Specifies the TLV to enable.

Example:
Switch(config-if)# lldp med-tlv-select
inventory management

Step 5 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring Network-Policy TLV

SUMMARY STEPS

1. enable
2. configure terminal
3. network-policy profile profile number
4. {voice | voice-signaling} vlan [vlan-id {cos cvalue | dscp dvalue}] | [[dot1p {cos cvalue | dscp dvalue}]
| none | untagged]
5. exit
6. interface interface-id
7. network-policy profile number
8. lldp med-tlv-select network-policy
9. end
10. show network-policy profile
11. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
111
How to Configure LLDP, LLDP-MED, and Wired Location Service

Command or Action Purpose

Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 network-policy profile profile number Specifies the network-policy profile number, and enter network-policy
configuration mode. The range is 1 to 4294967295.
Example:
Switch(config)# network-policy profile
1

Step 4 {voice | voice-signaling} vlan [vlan-id {cos Configures the policy attributes:
cvalue | dscp dvalue}] | [[dot1p {cos cvalue |
dscp dvalue}] | none | untagged] voiceSpecifies the voice application type.
voice-signalingSpecifies the voice-signaling application type.
Example:
vlanSpecifies the native VLAN for voice traffic.
Switch(config-network-policy)# voice vlan
100 cos 4 vlan-id(Optional) Specifies the VLAN for voice traffic. The
range is 1 to 4094.
cos cvalue(Optional) Specifies the Layer 2 priority class of
service (CoS) for the configured VLAN. The range is 0 to 7;
the default is 5.
dscp dvalue(Optional) Specifies the differentiated services
code point (DSCP) value for the configured VLAN. The range
is 0 to 63; the default is 46.
dot1p(Optional) Configures the telephone to use IEEE 802.1p
priority tagging and use VLAN 0 (the native VLAN).
none(Optional) Do not instruct the IP telephone about the
voice VLAN. The telephone uses the configuration from the
telephone key pad.
untagged(Optional) Configures the telephone to send
untagged voice traffic. This is the default for the telephone.
untagged(Optional) Configures the telephone to send
untagged voice traffic. This is the default for the telephone.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
112
How to Configure LLDP, LLDP-MED, and Wired Location Service

Command or Action Purpose


Step 5 exit Returns to global configuration mode.

Example:
Switch(config)# exit

Step 6 interface interface-id Specifies the interface on which you are configuring a network-policy
profile, and enter interface configuration mode.
Example:
Switch (config)# interface
gigabitethernet2/0/1

Step 7 network-policy profile number Specifies the network-policy profile number.

Example:
Switch(config-if)# network-policy 1

Step 8 lldp med-tlv-select network-policy Specifies the network-policy TLV.

Example:
Switch(config-if)# lldp med-tlv-select
network-policy

Step 9 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 10 show network-policy profile Verifies the configuration.

Example:
Switch# show network-policy profile

Step 11 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config
startup-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
113
How to Configure LLDP, LLDP-MED, and Wired Location Service

Configuring Location TLV and Wired Location Service


Beginning in privileged EXEC mode, follow these steps to configure location information for an endpoint
and to apply it to an interface.

SUMMARY STEPS

1. configure terminal
2. location {admin-tag string | civic-location identifier {id | host} | elin-location string identifier id |
custom-location identifier {id | host} | geo-location identifier {id | host}}
3. exit
4. interface interface-id
5. location {additional-location-information word | civic-location-id {id | host} | elin-location-id id |
custom-location-id {id | host} | geo-location-id {id | host} }
6. end
7. Use one of the following:
show location admin-tag string
show location civic-location identifier id
show location elin-location identifier id

8. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 location {admin-tag string | civic-location identifier Specifies the location information for an endpoint.
{id | host} | elin-location string identifier id |
custom-location identifier {id | host} | geo-location admin-tagSpecifies an administrative tag or site
identifier {id | host}} information.
civic-locationSpecifies civic location information.
Example:
elin-locationSpecifies emergency location information
Switch(config)# location civic-location (ELIN).
identifier 1
custom-locationSpecifies custom location information.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
114
How to Configure LLDP, LLDP-MED, and Wired Location Service

Command or Action Purpose


Switch(config-civic)# number 3550 geo-locationSpecifies geo-spatial location information.
Switch(config-civic)# primary-road-name "Cisco
Way" identifier idSpecifies the ID for the civic, ELIN,
Switch(config-civic)# city "San Jose"
Switch(config-civic)# state CA custom, or geo location.
Switch(config-civic)# building 19
Switch(config-civic)# room C6 hostSpecifies the host civic, custom, or geo location.
Switch(config-civic)# county "Santa Clara"
Switch(config-civic)# country US stringSpecifies the site or location information in
alphanumeric format.

Step 3 exit Returns to global configuration mode.

Example:
Switch(config-civic)# exit

Step 4 interface interface-id Specifies the interface on which you are configuring the location
information, and enter interface configuration mode.
Example:
Switch (config)# interface gigabitethernet2/0/1

Step 5 location {additional-location-information word | Enters location information for an interface:


civic-location-id {id | host} | elin-location-id id |
custom-location-id {id | host} | geo-location-id {id | additional-location-informationSpecifies additional
host} } information for a location or place.
civic-location-idSpecifies global civic location
Example: information for an interface.
Switch(config-if)# location elin-location-id 1 elin-location-idSpecifies emergency location
information for an interface.
custom-location-idSpecifies custom location
information for an interface.
geo-location-idSpecifies geo-spatial location
information for an interface.
hostSpecifies the host location identifier.
wordSpecifies a word or phrase with additional location
information.
idSpecifies the ID for the civic, ELIN, custom, or geo
location. The ID range is 1 to 4095.

Step 6 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
115
How to Configure LLDP, LLDP-MED, and Wired Location Service

Command or Action Purpose


Step 7 Use one of the following: Verifies the configuration.
show location admin-tag string
show location civic-location identifier id
show location elin-location identifier id

Example:
Switch# show location admin-tag

or

Switch# show location civic-location


identifier

or

Switch# show location elin-location


identifier

Step 8 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config
startup-config

Enabling Wired Location Service on the Switch

Before You Begin


For wired location to function, you must first enter the ip device tracking global configuration command.

SUMMARY STEPS

1. enable
2. configure terminal
3. nmsp notification interval {attachment | location} interval-seconds
4. end
5. show network-policy profile
6. copy running-config startup-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
116
How to Configure LLDP, LLDP-MED, and Wired Location Service

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if
prompted.
Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 nmsp notification interval {attachment | location} Specifies the NMSP notification interval.
interval-seconds
attachmentSpecifies the attachment notification interval.

Example: locationSpecifies the location notification interval.

Switch(config)# nmsp notification interval


interval-secondsDuration in seconds before the switch sends
location 10 the MSE the location or attachment updates. The range is 1
to 30; the default is 30.

Step 4 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 5 show network-policy profile Verifies the configuration.

Example:
Switch# show network-policy profile

Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
117
Configuration Examples for LLDP, LLDP-MED, and Wired Location Service

Configuration Examples for LLDP, LLDP-MED, and Wired Location Service

Configuring Network-Policy TLV: Examples


This example shows how to configure VLAN 100 for voice application with CoS and to enable the
network-policy profile and network-policy TLV on an interface:

Switch# configure terminal


Switch(config)# network-policy 1
Switch(config-network-policy)# voice vlan 100 cos 4
Switch(config-network-policy)# exit
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# network-policy profile 1
Switch(config-if)# lldp med-tlv-select network-policy

This example shows how to configure the voice application type for the native VLAN with priority tagging:

Switchconfig-network-policy)# voice vlan dot1p cos 4


Switchconfig-network-policy)# voice vlan dot1p dscp 34

Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service


Commands for monitoring and maintaining LLDP, LLDP-MED, and wired location service.

Command Description
clear lldp counters Resets the traffic counters to zero.

clear lldp table Deletes the LLDP neighbor information table.

clear nmsp statistics Clears the NMSP statistic counters.

show lldp Displays global information, such as frequency of


transmissions, the holdtime for packets being sent,
and the delay time before LLDP initializes on an
interface.

show lldp entry entry-name Displays information about a specific neighbor.


You can enter an asterisk (*) to display all neighbors,
or you can enter the neighbor name.

show lldp interface [interface-id] Displays information about interfaces with LLDP
enabled.
You can limit the display to a specific interface.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
118
Additional References for LLDP, LLDP-MED, and Wired Location Service

Command Description
show lldp neighbors [interface-id] [detail] Displays information about neighbors, including
device type, interface type and number, holdtime
settings, capabilities, and port ID.
You can limit the display to neighbors of a specific
interface or expand the display for more detailed
information.

show lldp traffic Displays LLDP counters, including the number of


packets sent and received, number of packets
discarded, and number of unrecognized TLVs.

show location admin-tag string Displays the location information for the specified
administrative tag or site.

show location civic-location identifier id Displays the location information for a specific global
civic location.

show location elin-location identifier id Displays the location information for an emergency
location

show network-policy profile Displays the configured network-policy profiles.

show nmsp Displays the NMSP information

Additional References for LLDP, LLDP-MED, and Wired Location Service


Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

MIBs

MIB MIBs Link


All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
119
Feature Information for LLDP, LLDP-MED, and Wired Location Service

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature Information for LLDP, LLDP-MED, and Wired Location Service


Release Modification
Cisco IOS XE 3.2SECisco IOS XE This feature was introduced.
3.2SE

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
120
CHAPTER 8
Configuring System MTU
Configuring System MTU, page 121

Configuring System MTU


This module describes how to configure the Maximum Transmission Unit for a system on Catalyst 3650
Series Switches and Catalyst 3850 Series Switches.

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Information about the MTU


The default maximum transmission unit (MTU) size for frames received and sent on all switch interfaces is
1500 bytes.

Restrictions for System MTU


When configuring the system MTU values, follow these guidelines:
The switch does not support the MTU on a per-interface basis.
If you enter the system mtu bytes global configuration command, the command does not take effect on
the switch. This command only affects the system MTU size on Fast Ethernet switch ports.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
121
Configuring System MTU

System MTU Value Application


This table shows how the MTU values are applied.

Table 12: MTU Values

Configuration system mtu command ip mtu command ipv6 mtu command


Standalone switch or You can enter the system Use the ip mtu bytes Use the ipv6 mtu bytes
switch stack mtu command on a command. command.
switch or switch stack, The range is from 68 up The range is from 1280 to
but system MTU value to the system MTU value the system jumbo MTU
does not take effect. (in bytes). value (in bytes).
The range is from 1500 to Note The IP MTU Note The IPv6 MTU
9198 bytes. value is the value is the
applied value, applied value,
not the not the
configured configured
value. value.

The upper limit of the IP or IPv6 MTU value is based on the switch or switch stack configuration and refers
to the currently applied system MTU value. For more information about setting the MTU sizes, see the system
mtu global configuration command in the command reference for this release.

Configuring the System MTU

Configuring the System MTU

SUMMARY STEPS

1. enable
2. configure terminal
3. system mtu bytes
4. exit
5. show system mtu

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode.
Enter your password if prompted.
Example:
Switch> enable

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
122
Configuring System MTU

Command or Action Purpose


Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 system mtu bytes Applies the Maximum Transmission Unit (MTU) size for all
Ethernet interfaces on the switch or the switch stack.
Example: The MTU range is from 1500 to 9198. The default is 1500.
Switch(config)# system mtu 1600

Step 4 exit Exits global configuration mode and returns to privileged EXEC
mode.
Example:
Switch(config)# exit

Step 5 show system mtu Displays the configured global MTU size.

Example:
Switch# show system mtu

Configuring Protocol-Specific MTU


When system MTU changes, the range for the ip mtu command for interface also changes.

SUMMARY STEPS

1. enable
2. configure terminal
3. interface type number
4. ip mtu bytes
5. ipv6 mtu bytes
6. end
7. show system mtu

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode.
Enter your password if prompted.
Example:
Switch> enable

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
123
Configuring System MTU

Command or Action Purpose


Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface type number Configures an interface and enters interface configuration
mode.
Example:
Switch(config)# interface gigabitethernet
0/0

Step 4 ip mtu bytes Sets the maximum transmission unit (MTU) size of IP packets
sent on an interface.
Example: The range is from 832 to 1500.
Switch(config-if)# ip mtu 900

Step 5 ipv6 mtu bytes Set the MTU size of IPv6 packets sent on an interface.
The range is from 1280 to 1500.
Example:
Switch(config-if)# ipv6 mtu 1300

Step 6 end Exits interface configuration mode and returns to privileged


EXEC mode.
Example:
Switch(config-if)# end

Step 7 show system mtu Displays the configured global MTU size.

Example:
Switch# show system mtu

Configuration Examples for System MTU

Example: Configuring the System MTU


Switch# configure terminal
Switch(config)# system mtu 1600
Switch(config)# exit

Example: Configuring Protocol-Specific MTU


Switch# configure terminal
Switch(config)# interface gigabitethernet 0/0
Switch(config-if)# ip mtu 900
Switch(config-if)# ipv6 mtu 1286
Switch(config-if)# end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
124
Configuring System MTU

Additional References for System MTU

Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

MIBs

MIB MIBs Link


All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature Information for System MTU


Release Modification
Cisco IOS XE 3.2SECisco IOS XE This feature was introduced.
3.2SE

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
125
Configuring System MTU

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
126
CHAPTER 9
Configuring Internal Power Supplies
Information About Internal Power Supplies , page 127
How to Configure Internal Power Supplies, page 127
Monitoring Internal Power Supplies, page 128
Configuration Examples for Internal Power Supplies, page 128
Additional References, page 129
Feature History and Information for Internal Power Supplies, page 130

Information About Internal Power Supplies


See the switch installation guide for information about the power supplies.

How to Configure Internal Power Supplies

Configuring Internal Power Supply


You can use the power supply EXEC command to configure and manage the internal power supply on the
switch. The switch does not support the no power supply EXEC command.
Follow these steps beginning in user EXEC mode:

SUMMARY STEPS

1. power supply switch_number slot{A | B} { off | on }


2. show environment power

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
127
Monitoring Internal Power Supplies

DETAILED STEPS

Command or Action Purpose


Step 1 power supply switch_number slot{A | B} { Sets the specified power supply to off or on by using one of these
off | on } keywords:
A Selects the power supply in slot A.
Example:
B Selects power supply in slot B.
Switch# power supply 1 slot A on
Note Power supply slot B is the closest to the outer edge of
the switch.
off Set the power supply off.
on Set the power supply on.

By default, the switch power supply is on.

Step 2 show environment power Verifies your settings.

Example:
Switch# show environment power

Monitoring Internal Power Supplies


Table 13: Show Commands for Power Supplies

Command Purpose
show environment power [ all | switch (Optional) Displays the status of the internal power
switch_number ] supplies for each switch in the stack or for the
specified switch. The range is 1 to 9, depending on
the switch member numbers in the stack.

Configuration Examples for Internal Power Supplies


This example shows how to set the power supply in slot A to off:

Switch# power supply 1 slot A off


Disabling Power supply A may result in a power loss to PoE devices and/or switches ...
Continue? (yes/[no]): yes
Switch#
Jun 10 04:52:54.389: %PLATFORM_ENV-6-FRU_PS_OIR: FRU Power Supply 1 powered off
Jun 10 04:52:56.717: %PLATFORM_ENV-1-FAN_NOT_PRESENT: Fan is not present
Switch#

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
128
Additional References

This example shows how to set the power supply in slot A to on:

Switch# power supply 1 slot A on


Jun 10 04:54:39.600: %PLATFORM_ENV-6-FRU_PS_OIR: FRU Power Supply 1 powered on

This example shows the output of the show env power command:

Switch# show env power

SW PID Serial# Status Sys Pwr PoE Pwr Watts


--- ------------------ ---------- --------------- ------- ------- -----
1A PWR-C1-715WAC LIT161010UE OK Good Good 715
1B Not Present

Switch#

Table 14: show env power Status Descriptions

Field Description
OK The power supply is present and power is good.

Not Present No power supply is installed.

No Input Power The power supply is present but there is no input power.

Disabled The power supply and input power are present, but power supply is switched
off by CLI.

Not Responding The power supply is not recognizable or is faulty.

Failure-Fan The power supply fan is faulty.

Additional References
Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
129
Feature History and Information for Internal Power Supplies

MIBs

MIB MIBs Link


All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature History and Information for Internal Power Supplies


Release Modification
Cisco IOS XE 3.2SECisco IOS XE 3.2SE This feature was introduced.

Cisco IOS XE 3.3SE The slot keyword replaced the


frufep keyword.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
130
CHAPTER 10
Configuring PoE
Finding Feature Information, page 131
Information about PoE, page 131
How to Configure PoE, page 137
Monitoring Power Status, page 142
Additional References, page 142
Feature Information for PoE, page 143

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Information about PoE

Power over Ethernet Ports


A PoE-capable switch port automatically supplies power to one of these connected devices if the switch senses
that there is no power on the circuit:
a Cisco pre-standard powered device (such as a Cisco IP Phone or a Cisco Aironet Access Point)
an IEEE 802.3af-compliant powered device

A powered device can receive redundant power when it is connected to a PoE switch port and to an AC power
source. The device does not receive redundant power when it is only connected to the PoE port.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
131
Information about PoE

Supported Protocols and Standards


The switch uses these protocols and standards to support PoE:
CDP with power consumptionThe powered device notifies the switch of the amount of power it is
consuming. The switch does not reply to the power-consumption messages. The switch can only supply
power to or remove power from the PoE port.
Cisco intelligent power managementThe powered device and the switch negotiate through
power-negotiation CDP messages for an agreed-upon power-consumption level. The negotiation allows
a high-power Cisco powered device, which consumes more than 7 W, to operate at its highest power
mode. The powered device first boots up in low-power mode, consumes less than 7 W, and negotiates
to obtain enough power to operate in high-power mode. The device changes to high-power mode only
when it receives confirmation from the switch.
High-power devices can operate in low-power mode on switches that do not support power-negotiation
CDP.
Cisco intelligent power management is backward-compatible with CDP with power consumption; the
switch responds according to the CDP message that it receives. CDP is not supported on third-party
powered devices; therefore, the switch uses the IEEE classification to determine the power usage of the
device.
IEEE 802.3afThe major features of this standard are powered-device discovery, power administration,
disconnect detection, and optional powered-device power classification. For more information, see the
standard.
The Cisco UPOE feature provides the capability to source up to 60 W of power (2 x 30 W) over both
signal and spare pairs of the RJ-45 Ethernet cable by using the Layer-2 power negotiation protocols
such as CDP or LLDP. An LLDP and CDP request of 30 W and higher in presence of the 4-wire Cisco
Proprietary spare-pair power TLV can provide power on the spare pair.

Related Topics
Cisco Universal Power Over Ethernet, on page 136

Powered-Device Detection and Initial Power Allocation


The switch detects a Cisco pre-standard or an IEEE-compliant powered device when the PoE-capable port is
in the no-shutdown state, PoE is enabled (the default), and the connected device is not being powered by an
AC adaptor.
After device detection, the switch determines the device power requirements based on its type:
The initial power allocation is the maximum amount of power that a powered device requires. The switch
initially allocates this amount of power when it detects and powers the powered device. As the switch
receives CDP messages from the powered device and as the powered device negotiates power levels
with the switch through CDP power-negotiation messages, the initial power allocation might be adjusted.
The switch classifies the detected IEEE device within a power consumption class. Based on the available
power in the power budget, the switch determines if a port can be powered. Table 15: IEEE Power
Classifications, on page 133 lists these levels.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
132
Information about PoE

Table 15: IEEE Power Classifications

Class Maximum Power Level Required from the Switch


0 (class status unknown) 15.4 W

1 4W

2 7W

3 15.4 W

4 30 W (For IEEE 802.3at Type 2 powered devices)

The switch monitors and tracks requests for power and grants power only when it is available. The switch
tracks its power budget (the amount of power available on the switch for PoE). Theswitch performs
power-accounting calculations when a port is granted or denied power to keep the power budget up to date.
After power is applied to the port, the switch uses CDP to determine the CDP-specific power consumption
requirement of the connected Cisco powered devices, which is the amount of power to allocate based on the
CDP messages. The switch adjusts the power budget accordingly. This does not apply to third-party PoE
devices. The switch processes a request and either grants or denies power. If the request is granted, the switch
updates the power budget. If the request is denied, the switch ensures that power to the port is turned off,
generates a syslog message, and updates the LEDs. Powered devices can also negotiate with the switch for
more power.
With PoE+, powered devices use IEEE 802.3at and LLDP power with media dependent interface (MDI) type,
length, and value descriptions (TLVs), Power-via-MDI TLVs, for negotiating power up to 30 W. Cisco
pre-standard devices and Cisco IEEE powered devices can use CDP or the IEEE 802.3at power-via-MDI
power negotiation mechanism to request power levels up to 30 W.

Note The initial allocation for Class 0, Class 3, and Class 4 powered devices is 15.4 W. When a device starts
up and uses CDP or LLDP to send a request for more than 15.4 W, it can be allocated up to the maximum
of 30 W.

Note The CDP-specific power consumption requirement is referred to as the actual power consumption
requirement in the software configuration guides and command references.

If the switch detects a fault caused by an undervoltage, overvoltage, overtemperature, oscillator-fault, or


short-circuit condition, it turns off power to the port, generates a syslog message, and updates the power
budget and LEDs.
The PoE feature operates the same whether or not the switch is a stack member. The power budget is per
switch and independent of any other switch in the stack. Election of a new active switch does not affect PoE
operation. The active switch keeps track of the PoE status for all switches and ports in the stack and includes
the status in output displays.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
133
Information about PoE

The stacking-capable switch also supports StackPower, which allows the power supplies to share the load
across multiple systems in a stack when you connect the switches with power stack cables. You can manage
the power supplies of up to four stack members as a one large power supply.

Power Management Modes


The switch supports these PoE modes:
autoThe switch automatically detects if the connected device requires power. If the switch discovers
a powered device connected to the port and if the switch has enough power, it grants power, updates the
power budget, turns on power to the port on a first-come, first-served basis, and updates the LEDs. For
LED information, see the hardware installation guide.
If the switch has enough power for all the powered devices, they all come up. If enough power is available
for all powered devices connected to the switch, power is turned on to all devices. If there is not enough
available PoE, or if a device is disconnected and reconnected while other devices are waiting for power,
it cannot be determined which devices are granted or are denied power.
If granting power would exceed the system power budget, the switch denies power, ensures that power
to the port is turned off, generates a syslog message, and updates the LEDs. After power has been denied,
the switch periodically rechecks the power budget and continues to attempt to grant the request for
power.
If a device being powered by the switch is then connected to wall power, the switch might continue to
power the device. The switch might continue to report that it is still powering the device whether the
device is being powered by the switch or receiving power from an AC power source.
If a powered device is removed, the switch automatically detects the disconnect and removes power
from the port. You can connect a nonpowered device without damaging it.
You can specify the maximum wattage that is allowed on the port. If the IEEE class maximum wattage
of the powered device is greater than the configured maximum value, the switch does not provide power
to the port. If the switch powers a powered device, but the powered device later requests through CDP
messages more than the configured maximum value, the switch removes power to the port. The power
that was allocated to the powered device is reclaimed into the global power budget. If you do not specify
a wattage, the switch delivers the maximum value. Use the auto setting on any PoE port. The auto mode
is the default setting.
staticThe switch pre-allocates power to the port (even when no powered device is connected) and
guarantees that power will be available for the port. The switch allocates the port configured maximum
wattage, and the amount is never adjusted through the IEEE class or by CDP messages from the powered
device. Because power is pre-allocated, any powered device that uses less than or equal to the maximum
wattage is guaranteed to be powered when it is connected to the static port. The port no longer participates
in the first-come, first-served model.
However, if the powered-device IEEE class is greater than the maximum wattage, the switch does not
supply power to it. If the switch learns through CDP messages that the powered device is consuming
more than the maximum wattage, the switch shuts down the powered device.
If you do not specify a wattage, the switch pre-allocates the maximum value. The switch powers the
port only if it discovers a powered device. Use the static setting on a high-priority interface.
neverThe switch disables powered-device detection and never powers the PoE port even if an
unpowered device is connected. Use this mode only when you want to make sure that power is never
applied to a PoE-capable port, making the port a data-only port.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
134
Information about PoE

For most situations, the default configuration (auto mode) works well, providing plug-and-play operation. No
further configuration is required. However, perform this task to configure a PoE port for a higher priority, to
make it data only, or to specify a maximum wattage to disallow high-power powered devices on a port.
Stacking-capable switches also support StackPower, which allows switch power supplies to share the load
across multiple systems in a stack by connecting up to four switches with power stack cables.

Power Monitoring and Power Policing


When policing of the real-time power consumption is enabled, the switch takes action when a powered device
consumes more power than the maximum amount allocated, also referred to as the cutoff-power value.
When PoE is enabled, the switch senses the real-time power consumption of the powered device. The switch
monitors the real-time power consumption of the connected powered device; this is called power monitoring
or power sensing. The switch also polices the power usage with the power policing feature.
Power monitoring is backward-compatible with Cisco intelligent power management and CDP-based power
consumption. It works with these features to ensure that the PoE port can supply power to the powered device.
The switch senses the real-time power consumption of the connected device as follows:
1 The switch monitors the real-time power consumption on individual ports.
2 The switch records the power consumption, including peak power usage. The switch reports the information
through the CISCO-POWER-ETHERNET-EXT-MIB.
3 If power policing is enabled, the switch polices power usage by comparing the real-time power consumption
to the maximum power allocated to the device. The maximum power consumption is also referred to as
the cutoff power on a PoE port.
If the device uses more than the maximum power allocation on the port, the switch can either turn off
power to the port, or the switch can generate a syslog message and update the LEDs (the port LED is now
blinking amber) while still providing power to the device based on the switch configuration. By default,
power-usage policing is disabled on all PoE ports.
If error recovery from the PoE error-disabled state is enabled, the switch automatically takes the PoE port
out of the error-disabled state after the specified amount of time.
If error recovery is disabled, you can manually re-enable the PoE port by using the shutdown and no
shutdown interface configuration commands.
4 If policing is disabled, no action occurs when the powered device consumes more than the maximum
power allocation on the PoE port, which could adversely affect the switch.

Power Consumption Values


You can configure the initial power allocation and the maximum power allocation on a port. However, these
values are only the configured values that determine when the switch should turn on or turn off power on the
PoE port. The maximum power allocation is not the same as the actual power consumption of the powered
device. The actual cutoff power value that the switch uses for power policing is not equal to the configured
power value.
When power policing is enabled, the switch polices the power usage at the switch port, which is greater than
the power consumption of the device. When you are manually set the maximum power allocation, you must
consider the power loss over the cable from the switch port to the powered device. The cutoff power is the
sum of the rated power consumption of the powered device and the worst-case power loss over the cable.
We recommend that you enable power policing when PoE is enabled on your switch. For example, if policing
is disabled and you set the cutoff-power value by using the power inline auto max 6300 interface configuration
command, the configured maximum power allocation on the PoE port is 6.3 W (6300 mW). The switch

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
135
Information about PoE

provides power to the connected devices on the port if the device needs up to 6.3 W. If the CDP-power
negotiated value or the IEEE classification value exceeds the configured cutoff value, the switch does not
provide power to the connected device. After the switch turns on power on the PoE port, the switch does not
police the real-time power consumption of the device, and the device can consume more power than the
maximum allocated amount, which could adversely affect the switch and the devices connected to the other
PoE ports.
Because a standalone switch supports internal power supplies, the total amount of power available for the
powered devices varies depending on the power supply configuration.
If a power supply is removed and replaced by a new power supply with less power and the switch does
not have enough power for the powered devices, the switch denies power to the PoE ports in auto mode
in descending order of the port numbers. If the switch still does not have enough power, the switch then
denies power to the PoE ports in static mode in descending order of the port numbers.
If the new power supply supports more power than the previous one and the switch now has more power
available, the switch grants power to the PoE ports in static mode in ascending order of the port numbers.
If it still has power available, the switch then grants power to the PoE ports in auto mode in ascending
order of the port numbers.

The stacking-capable switch also supports StackPower, which allows power supplies to share the load across
multiple systems in a stack by connecting the switches with power stack cables. You can collectively manage
the power supplies of up to four stack members as a one large power supply.

Cisco Universal Power Over Ethernet


Cisco Universal Power Over Ethernet (Cisco UPOE) is a Cisco proprietary technology that extends the IEEE
802.at PoE standard to provide the capability to source up to 60 W of power over standard Ethernet cabling
infrastructure (Class D or better) by using the spare pair of an RJ-45 cable (wires 4,5,7,8) with the signal pair
(wires 1,2,3,6). Power on the spare pair is enabled when the switch port and end device mutually identify
themselves as Cisco UPOE-capable using CDP or LLDP and the end device requests for power to be enabled
on the spare pair. When the spare pair is powered, the end device can negotiate up to 60 W of power from the
switch using CDP or LLDP.
If the end device is PoE-capable on both signal and spare pairs but does not support the CDP or LLDP
extensions required for Cisco UPOE, a 4-pair forced mode configuration automatically enables power on both
signal and spare pairs from the switch port.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
136
How to Configure PoE

How to Configure PoE

Configuring a Power Management Mode on a PoE Port

Note When you make PoE configuration changes, the port being configured drops power. Depending on the
new configuration, the state of the other PoE ports, and the state of the power budget, the port might not
be powered up again. For example, port 1 is in the auto and on state, and you configure it for static mode.
The switch removes power from port 1, detects the powered device, and repowers the port. If port 1 is in
the auto and on state and you configure it with a maximum wattage of 10 W, the switch removes power
from the port and then redetects the powered device. The switch repowers the port only if the powered
device is a class 1, class 2, or a Cisco-only powered device.

SUMMARY STEPS

1. enable
2. configure terminal
3. interface interface-id
4. power inline {auto [max max-wattage] | never | static [max max-wattage]}
5. end
6. show power inline [interface-id | module switch-number]
7. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface interface-id Specifies the physical port to be configured, and enters interface configuration
mode.
Example:
Switch(config)# interface
gigabitethernet2/0/1

Step 4 power inline {auto [max max-wattage] Configures the PoE mode on the port. The keywords have these meanings:
| never | static [max max-wattage]}

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
137
How to Configure PoE

Command or Action Purpose


autoEnables powered-device detection. If enough power is available,
Example: automatically allocates power to the PoE port after device detection.
Switch(config-if)# power inline This is the default setting.
auto
max max-wattageLimits the power allowed on the port. If no value
is specified, the maximum is allowed.
max max-wattageLimits the power allowed on the port. The range
for Cisco UPOE ports is 4000 to 60000 mW. If no value is specified,
the maximum is allowed.
never Disables device detection, and disable power to the port.

Note If a port has a Cisco powered device connected to it, do not use the
power inline never command to configure the port. A false link-up
can occur, placing the port into the error-disabled state.
staticEnables powered-device detection. Pre-allocate (reserve) power
for a port before the switch discovers the powered device. The switch
reserves power for this port even when no device is connected and
guarantees that power will be provided upon device detection.

The switch allocates power to a port configured in static mode before it


allocates power to a port configured in auto mode.

Step 5 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Step 6 show power inline [interface-id | module Displays PoE status for a switch or a switch stack, for the specified interface,
switch-number] or for a specified stack member.
The module switch-number keywords are supported only on stacking-capable
Example: switches.
Switch# show power inline

Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config
startup-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
138
How to Configure PoE

Enabling Power on Signal/Spare Pairs

Note Do not enter this command if the end device cannot source inline power on the spare pair or if the end
device supports the CDP or LLDP extensions for Cisco UPOE.

SUMMARY STEPS

1. configure terminal
2. interface interface-id
3. power inline four-pair forced
4. end

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 interface interface-id Specifies the physical port to be configured, and enters
interface configuration mode.
Example:
Switch(config)# interface gigabitethernet2/0/1

Step 3 power inline four-pair forced Enables power on both signal and spare pairs from a
switch port.
Example:
Switch(config-if)# power inline four-pair forced

Step 4 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Configuring Power Policing


By default, the switch monitors the real-time power consumption of connected powered devices. You can
configure the switch to police the power usage. By default, policing is disabled.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
139
How to Configure PoE

SUMMARY STEPS

1. enable
2. configure terminal
3. interface interface-id
4. power inline police [action{log | errdisable}]
5. exit
6. Use one of the following:
errdisable detect cause inline-power
errdisable recovery cause inline-power
errdisable recovery interval interval

7. exit
8. Use one of the following:
show power inline police
show errdisable recovery

9. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password if prompted.

Example:
Switch> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface interface-id Specifies the physical port to be configured, and enter interface
configuration mode.
Example:
Switch(config)# interface
gigabitethernet2/0/1

Step 4 power inline police [action{log | errdisable}] If the real-time power consumption exceeds the maximum power
allocation on the port, configures the switch to take one of these
Example: actions:
Switch(config-if)# power inline police
power inline policeShuts down the PoE port, turns off power
to it, and puts it in the error-disabled state.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
140
How to Configure PoE

Command or Action Purpose


Note You can enable error detection for the PoE error-disabled
cause by using the errdisable detect cause inline-power
global configuration command. You can also enable the timer
to recover from the PoE error-disabled state by using the
errdisable recovery cause inline-power interval interval
global configuration command.
power inline police action errdisableTurns off power to the
port if the real-time power consumption exceeds the maximum
power allocation on the port.
power inline police action logGenerates a syslog message
while still providing power to the port.

If you do not enter the action log keywords, the default action shuts
down the port and puts the port in the error-disabled state.

Step 5 exit Returns to global configuration mode.

Example:
Switch(config-if)# exit

Step 6 Use one of the following: (Optional) Enables error recovery from the PoE error-disabled state,
and configures the PoE recover mechanism variables.
errdisable detect cause inline-power
By default, the recovery interval is 300 seconds.
errdisable recovery cause inline-power
For interval interval, specifies the time in seconds to recover from
errdisable recovery interval interval the error-disabled state. The range is 30 to 86400.

Example:
Switch(config)# errdisable detect cause
inline-power

Switch(config)# errdisable recovery cause


inline-power

Switch(config)# errdisable recovery


interval 100

Step 7 exit Returns to privileged EXEC mode.

Example:
Switch(config)# exit

Step 8 Use one of the following: Displays the power monitoring status, and verify the error recovery
settings.
show power inline police
show errdisable recovery

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
141
Monitoring Power Status

Command or Action Purpose

Example:
Switch# show power inline police

Switch# show errdisable recovery

Step 9 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Monitoring Power Status


Table 16: Show Commands for Power Status

Command Purpose
show env power switch [switch-number] (Optional) Displays the status of the internal power
supplies for each switch in the stack or for the
specified switch.
The range is 1 to 9, depending on the switch member
numbers in the stack. These keywords are available
only on stacking-capable switches.

show power inline [interface-id | module Displays PoE status for a switch or switch stack, for
switch-number] an interface, or for a specific switch in the stack.

show power inline police Displays the power policing data.

Additional References
Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
142
Feature Information for PoE

MIBs

MIB MIBs Link


All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature Information for PoE


Release Modification
Cisco IOS XE 3.2SECisco IOS XE 3.2SE This feature was introduced.

Cisco IOS XE 3.3SE The four-pair forced keywords


were added.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
143
Feature Information for PoE

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
144
CHAPTER 11
Configuring EEE
Finding Feature Information, page 145
Information About EEE, page 145
Restrictions for EEE, page 146
How to Configure EEE, page 146
Monitoring EEE, page 147
Configuration Examples for Configuring EEE, page 148
Additional References, page 148
Feature History and Information for Configuring EEE, page 149

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Information About EEE

EEE Overview
Energy Efficient Ethernet (EEE) is an IEEE 802.3az standard that is designed to reduce power consumption
in Ethernet networks during idle periods.
EEE can be enabled on devices that support low power idle (LPI) mode. Such devices can save power by
entering LPI mode during periods of low utilization. In LPI mode, systems on both ends of the link can save

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
145
Restrictions for EEE

power by shutting down certain services. EEE provides the protocol needed to transition into and out of LPI
mode in a way that is transparent to upper layer protocols and applications.

Default EEE Configuration


EEE is disabled by default.

Restrictions for EEE


EEE has the following restrictions:
Changing the EEE configuration resets the interface because the device has to restart Layer 1
autonegotiation.
You might want to enable the Link Layer Discovery Protocol (LLDP) for devices that require longer
wakeup times before they are able to accept data on their receive paths. Doing so enables the device to
negotiate for extended system wakeup times from the transmitting link partner.

How to Configure EEE


You can enable or disable EEE on an interface that is connected to an EEE-capable link partner.

Enabling or Disabling EEE

SUMMARY STEPS

1. configure terminal
2. interface interface-id
3. power efficient-ethernet auto
4. no power efficient-ethernet auto
5. end
6. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
146
Monitoring EEE

Command or Action Purpose


Step 2 interface interface-id Specifies the interface to be configured, and enter
interface configuration mode.
Example:
Switch(config)# interface gigabitethernet1/0/1

Step 3 power efficient-ethernet auto Enables EEE on the specified interface. When EEE is
enabled, the device advertises and autonegotiates EEE
Example: to its link partner.

Switch(config-if)# power efficient-ethernet auto

Step 4 no power efficient-ethernet auto Disables EEE on the specified interface.

Example:
Switch(config-if)# no power efficient-ethernet
auto

Step 5 end Returns to privileged EXEC mode.

Example:
Switch(config-if)# end

Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Monitoring EEE
Table 17: Commands for Displaying EEE Settings

Command Purpose
show eee capabilities interface interface-id Displays EEE capabilities for the specified interface.

show eee status interface interface-id Displays EEE status information for the specified interface.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
147
Configuration Examples for Configuring EEE

Configuration Examples for Configuring EEE


This example shows how to enable EEE for an interface:

Switch# configure terminal


Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# power efficient-ethernet auto

This example shows how to disable EEE for an interface:

Switch# configure terminal


Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# no power efficient-ethernet auto

Additional References
Error Message Decoder

Description Link
To help you research and resolve system error https://www.cisco.com/cgi-bin/Support/Errordecoder/
messages in this release, use the Error Message index.cgi
Decoder tool.

MIBs

MIB MIBs Link


All supported MIBs for this release. To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
148
Feature History and Information for Configuring EEE

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/support
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature History and Information for Configuring EEE


Release Modification
Cisco IOS XE 3.2SECisco IOS XE 3.2SE This feature was introduced.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
149
Feature History and Information for Configuring EEE

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
150
PART III
IPv6
Configuring MLD Snooping, page 153
Configuring IPv6 Unicast Routing, page 169
Implementing IPv6 Multicast, page 201
Configuring IPv6 Client IP Address Learning, page 231
Configuring IPv6 WLAN Security, page 257
Configuring IPv6 ACL, page 281
Configuring IPv6 Web Authentication , page 299
Configuring IPv6 Client Mobility, page 311
Configuring IPv6 Mobility, page 319
CHAPTER 12
Configuring MLD Snooping
This module contains details of configuring MLD snooping

Finding Feature Information, page 153


Information About Configuring IPv6 MLD Snooping, page 153
How to Configure IPv6 MLD Snooping, page 158
Displaying MLD Snooping Information, page 165
Configuration Examples for Configuring MLD Snooping, page 167

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Information About Configuring IPv6 MLD Snooping

Note To use IPv6 MLD Snooping, the switch must be running the LAN Base image.
You can use Multicast Listener Discovery (MLD) snooping to enable efficient distribution of IP Version 6
(IPv6) multicast data to clients and routers in a switched network on the switch. Unless otherwise noted, the
term switch refers to a standalone switch and to a switch stack.

Note Stacking is supported only on Catalyst 2960-X switches running the LAN base image.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
153
Information About Configuring IPv6 MLD Snooping

Note To use IPv6, you must configure the dual IPv4 and IPv6 Switch Database Management (SDM) template
on the switch.
On switches running the LAN Base feature set, the routing template is not supported.

Note For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release or the Cisco IOS documentation referenced in the procedures.

Understanding MLD Snooping


In IP Version 4 (IPv4), Layer 2 switches can use Internet Group Management Protocol (IGMP) snooping to
limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic
is forwarded to only those interfaces associated with IP multicast devices. In IPv6, MLD snooping performs
a similar function. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that
want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping
IPv6 multicast control packets.
MLD is a protocol used by IPv6 multicast routers to discover the presence of multicast listeners (nodes wishing
to receive IPv6 multicast packets) on the links that are directly attached to the routers and to discover which
multicast packets are of interest to neighboring nodes. MLD is derived from IGMP; MLD Version 1 (MLDv1)
is equivalent to IGMPv2, and MLD Version 2 (MLDv2) is equivalent to IGMPv3. MLD is a subprotocol of
Internet Control Message Protocol Version 6 (ICMPv6), and MLD messages are a subset of ICMPv6 messages,
identified in IPv6 packets by a preceding Next Header value of 58.
The switch supports two versions of MLD snooping:
MLDv1 snooping detects MLDv1 control packets and sets up traffic bridging based on IPv6 destination
multicast addresses.
MLDv2 basic snooping (MBSS) uses MLDv2 control packets to set up traffic forwarding based on IPv6
destination multicast addresses.

The switch can snoop on both MLDv1 and MLDv2 protocol packets and bridge IPv6 multicast data based on
destination IPv6 multicast addresses.

Note The switch does not support MLDv2 enhanced snooping, which sets up IPv6 source and destination
multicast address-based forwarding.

MLD snooping can be enabled or disabled globally or per VLAN. When MLD snooping is enabled, a per-VLAN
IPv6 multicast address table is constructed in software and hardware. The switch then performs IPv6
multicast-address based bridging in hardware.
According to IPv6 multicast standards, the switch derives the MAC multicast address by performing a
logical-OR of the four low-order octets of the switch MAC address with the MAC address of 33:33:00:00:00:00.
For example, the IPv6 MAC address of FF02:DEAD:BEEF:1:3 maps to the Ethernet MAC address of
33:33:00:01:00:03.
A multicast packet is unmatched when the destination IPv6 address does not match the destination MAC
address. The switch forwards the unmatched packet in hardware based the MAC address table. If the destination

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
154
Information About Configuring IPv6 MLD Snooping

MAC address is not in the MAC address table, the switch floods the packet to all ports in the same VLAN as
the receiving port.

MLD Messages
MLDv1 supports three types of messages:
Listener Queries are the equivalent of IGMPv2 queries and are either General Queries or
Multicast-Address-Specific Queries (MASQs).
Multicast Listener Reports are the equivalent of IGMPv2 reports
Multicast Listener Done messages are the equivalent of IGMPv2 leave messages.

MLDv2 supports MLDv2 queries and reports, as well as MLDv1 Report and Done messages.
Message timers and state transitions resulting from messages being sent or received are the same as those of
IGMPv2 messages. MLD messages that do not have valid link-local IPv6 source addresses are ignored by
MLD routers and switches.

MLD Queries
The switch sends out MLD queries, constructs an IPv6 multicast address database, and generates MLD
group-specific and MLD group-and-source-specific queries in response to MLD Done messages. The switch
also supports report suppression, report proxying, Immediate-Leave functionality, and static IPv6 multicast
group address configuration.
When MLD snooping is disabled, all MLD queries are flooded in the ingress VLAN.
When MLD snooping is enabled, received MLD queries are flooded in the ingress VLAN, and a copy of the
query is sent to the CPU for processing. From the received query, MLD snooping builds the IPv6 multicast
address database. It detects multicast router ports, maintains timers, sets report response time, learns the querier
IP source address for the VLAN, learns the querier port in the VLAN, and maintains multicast-address aging.

Note When the IPv6 multicast router is a Catalyst 6500 switch and you are using extended VLANs (in the range
1006 to 4094), IPv6 MLD snooping must be enabled on the extended VLAN on the Catalyst 6500 switch
in order for the Catalyst 2960, 2960-S, 2960-C, 2960-X or 2960-CX switch to receive queries on the
VLAN. For normal-range VLANs (1 to 1005), it is not necessary to enable IPv6 MLD snooping on the
VLAN on the Catalyst 6500 switch.

When a group exists in the MLD snooping database, the switch responds to a group-specific query by sending
an MLDv1 report. When the group is unknown, the group-specific query is flooded to the ingress VLAN.
When a host wants to leave a multicast group, it can send out an MLD Done message (equivalent to IGMP
Leave message). When the switch receives an MLDv1 Done message, if Immediate- Leave is not enabled,
the switch sends an MASQ to the port from which the message was received to determine if other devices
connected to the port should remain in the multicast group.

Multicast Client Aging Robustness


You can configure port membership removal from addresses based on the number of queries. A port is removed
from membership to an address only when there are no reports to the address on the port for the configured
number of queries. The default number is 2.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
155
Information About Configuring IPv6 MLD Snooping

Multicast Router Discovery


Like IGMP snooping, MLD snooping performs multicast router discovery, with these characteristics:
Ports configured by a user never age out.
Dynamic port learning results from MLDv1 snooping queries and IPv6 PIMv2 packets.
If there are multiple routers on the same Layer 2 interface, MLD snooping tracks a single multicast
router on the port (the router that most recently sent a router control packet).
Dynamic multicast router port aging is based on a default timer of 5 minutes; the multicast router is
deleted from the router port list if no control packet is received on the port for 5 minutes.
IPv6 multicast router discovery only takes place when MLD snooping is enabled on the switch.
Received IPv6 multicast router control packets are always flooded to the ingress VLAN, whether or not
MLD snooping is enabled on the switch.
After the discovery of the first IPv6 multicast router port, unknown IPv6 multicast data is forwarded
only to the discovered router ports (before that time, all IPv6 multicast data is flooded to the ingress
VLAN).

MLD Reports
The processing of MLDv1 join messages is essentially the same as with IGMPv2. When no IPv6 multicast
routers are detected in a VLAN, reports are not processed or forwarded from the switch. When IPv6 multicast
routers are detected and an MLDv1 report is received, an IPv6 multicast group address is entered in the VLAN
MLD database. Then all IPv6 multicast traffic to the group within the VLAN is forwarded using this address.
When MLD snooping is disabled, reports are flooded in the ingress VLAN.
When MLD snooping is enabled, MLD report suppression, called listener message suppression, is automatically
enabled. With report suppression, the switch forwards the first MLDv1 report received by a group to IPv6
multicast routers; subsequent reports for the group are not sent to the routers. When MLD snooping is disabled,
report suppression is disabled, and all MLDv1 reports are flooded to the ingress VLAN.
The switch also supports MLDv1 proxy reporting. When an MLDv1 MASQ is received, the switch responds
with MLDv1 reports for the address on which the query arrived if the group exists in the switch on another
port and if the port on which the query arrived is not the last member port for the address.

MLD Done Messages and Immediate-Leave


When the Immediate-Leave feature is enabled and a host sends an MLDv1 Done message (equivalent to an
IGMP leave message), the port on which the Done message was received is immediately deleted from the
group.You enable Immediate-Leave on VLANs and (as with IGMP snooping), you should only use the feature
on VLANs where a single host is connected to the port. If the port was the last member of a group, the group
is also deleted, and the leave information is forwarded to the detected IPv6 multicast routers.
When Immediate Leave is not enabled in a VLAN (which would be the case when there are multiple clients
for a group on the same port) and a Done message is received on a port, an MASQ is generated on that port.
The user can control when a port membership is removed for an existing address in terms of the number of
MASQs. A port is removed from membership to an address when there are no MLDv1 reports to the address
on the port for the configured number of queries.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
156
Information About Configuring IPv6 MLD Snooping

The number of MASQs generated is configured by using the ipv6 mld snooping last-listener-query count
global configuration command. The default number is 2.
The MASQ is sent to the IPv6 multicast address for which the Done message was sent. If there are no reports
sent to the IPv6 multicast address specified in the MASQ during the switch maximum response time, the port
on which the MASQ was sent is deleted from the IPv6 multicast address database. The maximum response
time is the time configured by using the ipv6 mld snooping last-listener-query-interval global configuration
command. If the deleted port is the last member of the multicast address, the multicast address is also deleted,
and the switch sends the address leave information to all detected multicast routers.
When Immediate Leave is not enabled and a port receives an MLD Done message, the switch generates
MASQs on the port and sends them to the IPv6 multicast address for which the Done message was sent. You
can optionally configure the number of MASQs that are sent and the length of time the switch waits for a
response before deleting the port from the multicast group.
When you enable MLDv1 Immediate Leave, the switch immediately removes a port from a multicast group
when it detects an MLD Done message on that port. You should only use the Immediate-Leave feature when
there is a single receiver present on every port in the VLAN. When there are multiple clients for a multicast
group on the same port, you should not enable Immediate-Leave in a VLAN.

Topology Change Notification Processing


When topology change notification (TCN) solicitation is enabled by using the ipv6 mld snooping tcn query
solicit global configuration command, MLDv1 snooping sets the VLAN to flood all IPv6 multicast traffic
with a configured number of MLDv1 queries before it begins sending multicast data only to selected ports.
You set this value by using the ipv6 mld snooping tcn flood query count global configuration command.
The default is to send two queries. The switch also generates MLDv1 global Done messages with valid
link-local IPv6 source addresses when the switch becomes the STP root in the VLAN or when it is configured
by the user. This is same as done in IGMP snooping.

MLD Snooping in Switch Stacks


The MLD IPv6 group address databases are maintained on all switches in the stack, regardless of which switch
learns of an IPv6 multicast group. Report suppression and proxy reporting are done stack-wide. During the
maximum response time, only one received report for a group is forwarded to the multicast routers, regardless
of which switch the report arrives on.
The election of a new stack master does not affect the learning or bridging of IPv6 multicast data; bridging
of IPv6 multicast data does not stop during a stack master re-election. When a new switch is added to the
stack, it synchronizes the learned IPv6 multicast information from the stack master. Until the synchronization
is complete, data ingress on the newly added switch is treated as unknown multicast data.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
157
How to Configure IPv6 MLD Snooping

How to Configure IPv6 MLD Snooping

Default MLD Snooping Configuration


Table 18: Default MLD Snooping Configuration

Feature Default Setting


MLD snooping (Global) Disabled.

MLD snooping (per VLAN) Enabled. MLD snooping must be globally enabled for VLAN
MLD snooping to take place.

IPv6 Multicast addresses None configured.

IPv6 Multicast router ports None configured.

MLD snooping Immediate Leave Disabled.

MLD snooping robustness variable Global: 2; Per VLAN: 0.


Note The VLAN value overrides the global setting. When
the VLAN value is 0, the VLAN uses the global count.
Last listener query count Global: 2; Per VLAN: 0.
Note The VLAN value overrides the global setting. When
the VLAN value is 0, the VLAN uses the global count.
Last listener query interval Global: 1000 (1 second); VLAN: 0.
Note The VLAN value overrides the global setting. When
the VLAN value is 0, the VLAN uses the global interval.
TCN query solicit Disabled.

TCN query count 2.

MLD listener suppression Disabled.

MLD Snooping Configuration Guidelines


When configuring MLD snooping, consider these guidelines:
You can configure MLD snooping characteristics at any time, but you must globally enable MLD
snooping by using the ipv6 mld snooping global configuration command for the configuration to take
effect.
When the IPv6 multicast router is a Catalyst 6500 switch and you are using extended VLANs (in the
range 1006 to 4094), IPv6 MLD snooping must be enabled on the extended VLAN on the Catalyst 6500

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
158
How to Configure IPv6 MLD Snooping

switch in order for the switch to receive queries on the VLAN. For normal-range VLANs (1 to 1005),
it is not necessary to enable IPv6 MLD snooping on the VLAN on the Catalyst 6500 switch.
MLD snooping and IGMP snooping act independently of each other. You can enable both features at
the same time on the switch.
The maximum number of multicast entries allowed on the switch or switch stack is determined by the
configured SDM template.
The maximum number of address entries allowed for the switch or switch stack is 4000.

Enabling or Disabling MLD Snooping on the Switch (CLI)


By default, IPv6 MLD snooping is globally disabled on the switch and enabled on all VLANs. When MLD
snooping is globally disabled, it is also disabled on all VLANs. When you globally enable MLD snooping,
the VLAN configuration overrides the global configuration. That is, MLD snooping is enabled only on VLAN
interfaces in the default state (enabled).
You can enable and disable MLD snooping on a per-VLAN basis or for a range of VLANs, but if you globally
disable MLD snooping, it is disabled in all VLANs. If global snooping is enabled, you can enable or disable
VLAN snooping.
Beginning in privileged EXEC mode, follow these steps to globally enable MLD snooping on the switch:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ipv6 mld snooping Enables MLD snooping on the switch.

Example:
Switch(config)# ipv6 mld snooping

Step 3 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 4 copy running-config startup-config (Optional) Save your entries in the configuration
file.
Example:
Switch(config)# copy running-config startup-config

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
159
How to Configure IPv6 MLD Snooping

Command or Action Purpose


Step 5 reload Reload the operating system.

Example:
Switch(config)# reload

Enabling or Disabling MLD Snooping on a VLAN (CLI)


Beginning in privileged EXEC mode, follow these steps to enable MLD snooping on a VLAN.

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ipv6 mld snooping Enables MLD snooping on the switch.

Example:
Switch(config)# ipv6 mld snooping

Step 3 ipv6 mld snooping vlan vlan-id Enables MLD snooping on the VLAN. The VLAN ID range
is 1 to 1001 and 1006 to 4094.
Example: Note MLD snooping must be globally enabled for
Switch(config)# ipv6 mld snooping vlan 1 VLAN snooping to be enabled.

Step 4 end Returns to privileged EXEC mode.

Example:
Switch(config)# ipv6 mld snooping vlan 1

Configuring a Static Multicast Group (CLI)


Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also statically configure an
IPv6 multicast address and member ports for a VLAN.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
160
How to Configure IPv6 MLD Snooping

Beginning in privileged EXEC mode, follow these steps to add a Layer 2 port as a member of a multicast
group:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode

Example:
Switch# configure terminal

Step 2 ipv6 mld snooping vlan vlan-id static Configures a multicast group with a Layer 2 port as a member
ipv6_multicast_address interface interface-id of a multicast group:
vlan-id is the multicast group VLAN ID. The VLAN
Example: ID range is 1 to 1001 and 1006 to 4094.
Switch(config)# ipv6 mld snooping vlan 1 static
FF12::3 interface gigabitethernet ipv6_multicast_address is the 128-bit group IPv6
0/1 address. The address must be in the form specified in
RFC 2373.
interface-id is the member port. It can be a physical
interface or a port channel (1 to 48).

Step 3 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 4 Use one of the following: Verifies the static member port and the IPv6 address.
show ipv6 mld snooping address
show ipv6 mld snooping address vlan vlan-id

Example:
Switch# show ipv6 mld snooping address
or
Switch# show ipv6 mld snooping vlan 1

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
161
How to Configure IPv6 MLD Snooping

Configuring a Multicast Router Port (CLI)

Note Static connections to multicast routers are supported only on switch ports.

Beginning in privileged EXEC mode, follow these steps to add a multicast router port to a VLAN:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ipv6 mld snooping vlan vlan-id mrouter interface Specifies the multicast router VLAN ID, and specify the
interface-id interface to the multicast router.
The VLAN ID range is 1 to 1001 and 1006 to 4094.
Example:
Switch(config)# ipv6 mld snooping vlan 1 mrouter The interface can be a physical interface or a port
interface gigabitethernet
0/2
channel. The port-channel range is 1 to 48.

Step 3 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 4 show ipv6 mld snooping mrouter [ vlan vlan-id ] Verifies that IPv6 MLD snooping is enabled on the VLAN
interface.
Example:
Switch# show ipv6 mld snooping mrouter vlan 1

Enabling MLD Immediate Leave (CLI)


Beginning in privileged EXEC mode, follow these steps to enable MLDv1 Immediate Leave:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
162
How to Configure IPv6 MLD Snooping

Command or Action Purpose


Step 2 ipv6 mld snooping vlan vlan-id immediate-leave Enables MLD Immediate Leave on the VLAN
interface.
Example:
Switch(config)# ipv6 mld snooping vlan 1
immediate-leave

Step 3 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 4 show ipv6 mld snooping vlan vlan-id Verifies that Immediate Leave is enabled on the
VLAN interface.
Example:
Switch# show ipv6 mld snooping vlan 1

Configuring MLD Snooping Queries (CLI)


Beginning in privileged EXEC mode, follow these steps to configure MLD snooping query characteristics
for the switch or for a VLAN:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ipv6 mld snooping robustness-variable value (Optional) Sets the number of queries that are sent before switch
will deletes a listener (port) that does not respond to a general query.
Example: The range is 1 to 3; the default is 2.
Switch(config)# ipv6 mld snooping
robustness-variable 3

Step 3 ipv6 mld snooping vlan vlan-id (Optional) Sets the robustness variable on a VLAN basis, which
robustness-variable value determines the number of general queries that MLD snooping sends
before aging out a multicast address when there is no MLD report
Example: response. The range is 1 to 3; the default is 0. When set to 0, the
Switch(config)# ipv6 mld snooping vlan 1 number used is the global robustness variable value.
robustness-variable 3

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
163
How to Configure IPv6 MLD Snooping

Command or Action Purpose


Step 4 ipv6 mld snooping last-listener-query-count (Optional) Sets the number of MASQs that the switch sends before
count aging out an MLD client. The range is 1 to 7; the default is 2. The
queries are sent 1 second apart.
Example:
Switch(config)# ipv6 mld snooping
last-listener-query-count 7

Step 5 ipv6 mld snooping vlan vlan-id (Optional) Sets the last-listener query count on a VLAN basis. This
last-listener-query-count count value overrides the value configured globally. The range is 1 to 7;
the default is 0. When set to 0, the global count value is used.
Example: Queries are sent 1 second apart.
Switch(config)# ipv6 mld snooping vlan 1
last-listener-query-count 7

Step 6 ipv6 mld snooping last-listener-query-interval (Optional) Sets the maximum response time that the switch waits
interval after sending out a MASQ before deleting a port from the multicast
group. The range is 100 to 32,768 thousands of a second. The
Example: default is 1000 (1 second).
Switch(config)# ipv6 mld snooping
last-listener-query-interval 2000

Step 7 ipv6 mld snooping vlan vlan-id (Optional) Sets the last-listener query interval on a VLAN basis.
last-listener-query-interval interval This value overrides the value configured globally. The range is 0
to 32,768 thousands of a second. The default is 0. When set to 0,
Example: the global last-listener query interval is used.
Switch(config)# ipv6 mld snooping vlan 1
last-listener-query-interval 2000

Step 8 ipv6 mld snooping tcn query solicit (Optional) Enables topology change notification (TCN) solicitation,
which means that VLANs flood all IPv6 multicast traffic for the
Example: configured number of queries before sending multicast data to only
Switch(config)# ipv6 mld snooping tcn query those ports requesting to receive it. The default is for TCN to be
solicit disabled.

Step 9 ipv6 mld snooping tcn flood query count count (Optional) When TCN is enabled, specifies the number of TCN
queries to be sent. The range is from 1 to 10; the default is 2.
Example:
Switch(config)# ipv6 mld snooping tcn flood
query count 5

Step 10 end Returns to privileged EXEC mode.

Step 11 show ipv6 mld snooping querier [ vlan vlan-id] (Optional) Verifies that the MLD snooping querier information for
the switch or for the VLAN.
Example:
Switch(config)# show ipv6 mld snooping
querier vlan 1

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
164
Displaying MLD Snooping Information

Disabling MLD Listener Message Suppression (CLI)


MLD snooping listener message suppression is enabled by default. When it is enabled, the switch forwards
only one MLD report per multicast router query. When message suppression is disabled, multiple MLD reports
could be forwarded to the multicast routers.
Beginning in privileged EXEC mode, follow these steps to disable MLD listener message suppression:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enter global configuration mode.

Example:
Switch# configure terminal

Step 2 no ipv6 mld snooping listener-message-suppression Disable MLD message suppression.

Example:
Switch(config)# no ipv6 mld snooping
listener-message-suppression

Step 3 end Return to privileged EXEC mode.

Example:
Switch(config)# end

Step 4 show ipv6 mld snooping Verify that IPv6 MLD snooping report suppression
is disabled.
Example:
Switch# show ipv6 mld snooping

Displaying MLD Snooping Information


You can display MLD snooping information for dynamically learned and statically configured router ports
and VLAN interfaces. You can also display IPv6 group address multicast entries for a VLAN configured for
MLD snooping.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
165
Displaying MLD Snooping Information

Table 19: Commands for Displaying MLD Snooping Information

Command Purpose
show ipv6 mld snooping [ vlan vlan-id ] Displays the MLD snooping configuration
information for all VLANs on the switch or for a
specified VLAN.
(Optional) Enter vlan vlan-id to display information
for a single VLAN. The VLAN ID range is 1 to 1001
and 1006 to 4094.

show ipv6 mld snooping mrouter [ vlan vlan-id Displays information on dynamically learned and
] manually configured multicast router interfaces. When
you enable MLD snooping, the switch automatically
learns the interface to which a multicast router is
connected. These are dynamically learned interfaces.
(Optional) Enters vlan vlan-id to display information
for a single VLAN. The VLAN ID range is 1 to 1001
and 1006 to 4094.

show ipv6 mld snooping querier [ vlan vlan-id ] Displays information about the IPv6 address and
incoming port for the most-recently received MLD
query messages in the VLAN.
(Optional) Enters vlan vlan-id to display information
for a single VLAN.The VLAN ID range is 1 to 1001
and 1006 to 4094.

show ipv6 mld snooping address [ vlan vlan-id ] Displays all IPv6 multicast address information or
[ count | dynamic | user ] specific IPv6 multicast address information for the
switch or a VLAN.
Enters count to show the group count on the
switch or in a VLAN.
Enters dynamic to display MLD snooping
learned group information for the switch or for
a VLAN.
Entesr user to display MLD snooping
user-configured group information for the
switch or for a VLAN.

show ipv6 mld snooping address vlan vlan-id [ Displays MLD snooping for the specified VLAN and
ipv6-multicast-address ] IPv6 multicast address.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
166
Configuration Examples for Configuring MLD Snooping

Configuration Examples for Configuring MLD Snooping

Configuring a Static Multicast Group: Example


This example shows how to statically configure an IPv6 multicast group:

Switch# configure terminal


Switch(config)# ipv6 mld snooping vlan 2 static FF12::3 interface gigabitethernet

1/0/1
Switch(config)# end

Configuring a Multicast Router Port: Example


This example shows how to add a multicast router port to VLAN 200:

Switch# configure terminal


Switch(config)# ipv6 mld snooping vlan 200 mrouter interface gigabitethernet

0/2
Switch(config)# exit

Enabling MLD Immediate Leave: Example


This example shows how to enable MLD Immediate Leave on VLAN 130:

Switch# configure terminal


Switch(config)# ipv6 mld snooping vlan 130 immediate-leave
Switch(config)# exit

Configuring MLD Snooping Queries: Example


This example shows how to set the MLD snooping global robustness variable to 3:

Switch# configure terminal


Switch(config)# ipv6 mld snooping robustness-variable 3
Switch(config)# exit

This example shows how to set the MLD snooping last-listener query count for a VLAN to 3:

Switch# configure terminal


Switch(config)# ipv6 mld snooping vlan 200 last-listener-query-count 3
Switch(config)# exit

This example shows how to set the MLD snooping last-listener query interval (maximum response time) to
2000 (2 seconds):

Switch# configure terminal


Switch(config)# ipv6 mld snooping last-listener-query-interval 2000
Switch(config)# exit

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
167
Configuration Examples for Configuring MLD Snooping

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
168
CHAPTER 13
Configuring IPv6 Unicast Routing
Finding Feature Information, page 169
Information About Configuring IPv6 Unicast Routing, page 169
Configuring DHCP for IPv6 Address Assignment, page 193
Configuration Examples for IPv6 Unicast Routing, page 197

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Information About Configuring IPv6 Unicast Routing


This chapter describes how to configure IPv6 unicast routing on the switch.

Note To use all IPv6 features in this chapter, the switch or stack master must be running the IP services feature
set. Switches running the IP base feature set support IPv6 static routing, RIP for IPv6, and OSPF. Switches
running the LAN base feature set support only IPv6 host functionality.

Understanding IPv6
IPv4 users can move to IPv6 and receive services such as end-to-end security, quality of service (QoS), and
globally unique addresses. The IPv6 address space reduces the need for private addresses and Network Address
Translation (NAT) processing by border routers at network edges.
For information about how Cisco Systems implements IPv6, go to:

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
169
Information About Configuring IPv6 Unicast Routing

http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html
For information about IPv6 and other features in this chapter
See the Cisco IOS IPv6 Configuration Library.
Use the Search field on Cisco.com to locate the Cisco IOS software documentation. For example, if you
want information about static routes, you can enter Implementing Static Routes for IPv6 in the search
field to learn about static routes.

IPv6 Addresses
The switch supports only IPv6 unicast addresses. It does not support site-local unicast addresses, or anycast
addresses.
The IPv6 128-bit addresses are represented as a series of eight 16-bit hexadecimal fields separated by colons
in the format: n:n:n:n:n:n:n:n. This is an example of an IPv6 address:
2031:0000:130F:0000:0000:09C0:080F:130B
For easier implementation, leading zeros in each field are optional. This is the same address without leading
zeros:
2031:0:130F:0:0:9C0:80F:130B
You can also use two colons (::) to represent successive hexadecimal fields of zeros, but you can use this short
version only once in each address:
2031:0:130F::09C0:080F:130B
For more information about IPv6 address formats, address types, and the IPv6 packet header, see the
Implementing IPv6 Addressing and Basic Connectivity chapter of Cisco IOS IPv6 Configuration Library
on Cisco.com.
In the Information About Implementing Basic Connectivity for IPv6 chapter, these sections apply to the
switch:
IPv6 Address Formats
IPv6 Address Type: Unicast
IPv6 Address Type: Multicast
IPv6 Address Output Display
Simplified IPv6 Packet Header

Supported IPv6 Unicast Routing Features


These sections describe the IPv6 protocol features supported by the switch:
The switch provides IPv6 routing capability over Routing Information Protocol (RIP) for IPv6, and Open
Shortest Path First (OSPF) Version 3 Protocol. It supports up to 16 equal-cost routes and can simultaneously
forward IPv4 and IPv6 frames at line rate.

128-Bit Wide Unicast Addresses


The switch supports aggregatable global unicast addresses and link-local unicast addresses. It does not support
site-local unicast addresses.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
170
Information About Configuring IPv6 Unicast Routing

Aggregatable global unicast addresses are IPv6 addresses from the aggregatable global unicast prefix.
The address structure enables strict aggregation of routing prefixes and limits the number of routing
table entries in the global routing table. These addresses are used on links that are aggregated through
organizations and eventually to the Internet service provider.
These addresses are defined by a global routing prefix, a subnet ID, and an interface ID. Current global
unicast address allocation uses the range of addresses that start with binary value 001 (2000::/3). Addresses
with a prefix of 2000::/3(001) through E000::/3(111) must have 64-bit interface identifiers in the extended
unique identifier (EUI)-64 format.
Link local unicast addresses can be automatically configured on any interface by using the link-local
prefix FE80::/10(1111 1110 10) and the interface identifier in the modified EUI format. Link-local
addresses are used in the neighbor discovery protocol (NDP) and the stateless autoconfiguration process.
Nodes on a local link use link-local addresses and do not require globally unique addresses to
communicate. IPv6 routers do not forward packets with link-local source or destination addresses to
other links.

For more information, see the section about IPv6 unicast addresses in the Implementing IPv6 Addressing
and Basic Connectivity chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.

DNS for IPv6


IPv6 supports Domain Name System (DNS) record types in the DNS name-to-address and address-to-name
lookup processes. The DNS AAAA resource record types support IPv6 addresses and are equivalent to an A
address record in IPv4. The switch supports DNS resolution for IPv4 and IPv6.

Path MTU Discovery for IPv6 Unicast


The switch supports advertising the system maximum transmission unit (MTU) to IPv6 nodes and path MTU
discovery. Path MTU discovery allows a host to dynamically discover and adjust to differences in the MTU
size of every link along a given data path. In IPv6, if a link along the path is not large enough to accommodate
the packet size, the source of the packet handles the fragmentation.

ICMPv6
The Internet Control Message Protocol (ICMP) in IPv6 generates error messages, such as ICMP destination
unreachable messages, to report errors during processing and other diagnostic functions. In IPv6, ICMP
packets are also used in the neighbor discovery protocol and path MTU discovery.

Neighbor Discovery
The switch supports NDP for IPv6, a protocol running on top of ICMPv6, and static neighbor entries for IPv6
stations that do not support NDP. The IPv6 neighbor discovery process uses ICMP messages and solicited-node
multicast addresses to determine the link-layer address of a neighbor on the same network (local link), to
verify the reachability of the neighbor, and to keep track of neighboring routers.
The switch supports ICMPv6 redirect for routes with mask lengths less than 64 bits. ICMP redirect is not
supported for host routes or for summarized routes with mask lengths greater than 64 bits.
Neighbor discovery throttling ensures that the switch CPU is not unnecessarily burdened while it is in the
process of obtaining the next hop forwarding information to route an IPv6 packet. The switch drops any
additional IPv6 packets whose next hop is the same neighbor that the switch is actively trying to resolve. This
drop avoids further load on the CPU.

Default Router Preference


The switch supports IPv6 default router preference (DRP), an extension in router advertisement messages.
DRP improves the ability of a host to select an appropriate router, especially when the host is multihomed
and the routers are on different links. The switch does not support the Route Information Option in RFC 4191.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
171
Information About Configuring IPv6 Unicast Routing

An IPv6 host maintains a default router list from which it selects a router for traffic to offlink destinations.
The selected router for a destination is then cached in the destination cache. NDP for IPv6 specifies that routers
that are reachable or probably reachable are preferred over routers whose reachability is unknown or suspect.
For reachable or probably reachable routers, NDP can either select the same router every time or cycle through
the router list. By using DRP, you can configure an IPv6 host to prefer one router over another, provided both
are reachable or probably reachable.
For more information about DRP for IPv6, see the Cisco IOS IPv6 Configuration Library on Cisco.com.

IPv6 Stateless Autoconfiguration and Duplicate Address Detection


The switch uses stateless autoconfiguration to manage link, subnet, and site addressing changes, such as
management of host and mobile IP addresses. A host autonomously configures its own link-local address,
and booting nodes send router solicitations to request router advertisements for configuring interfaces.
For more information about autoconfiguration and duplicate address detection, see the Implementing IPv6
Addressing and Basic Connectivity chapter of Cisco IOS IPv6 Configuration Library on Cisco.com.

IPv6 Applications
The switch has IPv6 support for these applications:
Ping, traceroute, Telnet, and TFTP
Secure Shell (SSH) over an IPv6 transport
HTTP server access over IPv6 transport
DNS resolver for AAAA over IPv4 transport
Cisco Discovery Protocol (CDP) support for IPv6 addresses

For more information about managing these applications, see the Cisco IOS IPv6 Configuration Library on
Cisco.com.

DHCP for IPv6 Address Assignment


DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6
clients. The address assignment feature manages non-duplicate address assignment in the correct prefix based
on the network where the host is connected. Assigned addresses can be from one or multiple prefix pools.
Additional options, such as default domain and DNS name-server address, can be passed back to the client.
Address pools can be assigned for use on a specific interface, on multiple interfaces, or the server can
automatically find the appropriate pool.
For more information and to configure these features, see the Cisco IOS IPv6 Configuration Guide.
This document describes only the DHCPv6 address assignment. For more information about configuring the
DHCPv6 client, server, or relay agent functions, see the Implementing DHCP for IPv6 chapter in the Cisco
IOS IPv6 Configuration Library on Cisco.com.

Static Routes for IPv6


Static routes are manually configured and define an explicit route between two networking devices. Static
routes are useful for smaller networks with only one path to an outside network or to provide security for
certain types of traffic in a larger network.
For more information about static routes, see the Implementing Static Routes for IPv6 chapter in the Cisco
IOS IPv6 Configuration Library on Cisco.com.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
172
Information About Configuring IPv6 Unicast Routing

RIP for IPv6


Routing Information Protocol (RIP) for IPv6 is a distance-vector protocol that uses hop count as a routing
metric. It includes support for IPv6 addresses and prefixes and the all-RIP-routers multicast group address
FF02::9 as the destination address for RIP update messages.
For more information about RIP for IPv6, see the Implementing RIP for IPv6 chapter in the Cisco IOS IPv6
Configuration Library on Cisco.com.

OSPF for IPv6


The switch running the IP Base feature set supports Open Shortest Path First (OSPF) for IPv6, a link-state
protocol for IP. For more information, seeCisco IOS IPv6 Configuration Library on Cisco.com.

Configuring HSRP for IPv6


HSRP provides routing redundancy for routing IPv6 traffic not dependent on the availability of any single
router. IPv6 hosts learn of available routers through IPv6 neighbor discovery router advertisement messages.
These messages are multicast periodically or are solicited by hosts.
An HSRP IPv6 group has a virtual MAC address that is derived from the HSRP group number and a virtual
IPv6 link-local address that is, by default, derived from the HSRP virtual MAC address. Periodic messages
are sent for the HSRP virtual IPv6 link-local address when the HSRP group is active. These messages stop
after a final one is sent when the group leaves the active state.

Note When configuring HSRP for IPv6, you must enable HSRP version 2 (HSRPv2) on the interface.

EIGRP IPv6
Switches support the Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6. It is configured on the
interfaces on which it runs and does not require a global IPv6 address. Switches running IP Lite only support
EIGRPv6 stub routing.
Before running, an instance of EIGRP IPv6 requires an implicit or explicit router ID. An implicit router ID
is derived from a local IPv6 address, so any IPv6 node always has an available router ID. However, EIGRP
IPv6 might be running in a network with only IPv6 nodes and therefore might not have an available IPv6
router ID.
For more information about EIGRP for IPv6, see the Implementing EIGRP for IPv6 chapter in the Cisco
IOS IPv6 Configuration Library on Cisco.com.

EIGRPv6 Stub Routing


The EIGRPv6 stub routing feature, reduces resource utilization by moving routed traffic closer to the end
user.
In a network using EIGRPv6 stub routing, the only allowable route for IPv6 traffic to the user is through a
switch that is configured with EIGRPv6 stub routing. The switch sends the routed traffic to interfaces that are
configured as user interfaces or are connected to other devices.
When using EIGRPv6 stub routing, you need to configure the distribution and remote routers to use EIGRPv6
and to configure only the switch as a stub. Only specified routes are propagated from the switch. The switch
responds to all queries for summaries, connected routes, and routing updates.
Any neighbor that receives a packet informing it of the stub status does not query the stub router for any
routes, and a router that has a stub peer does not query that peer. The stub router depends on the distribution
router to send the proper updates to all peers.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
173
Information About Configuring IPv6 Unicast Routing

In the figure given below, switch B is configured as an EIGRPv6 stub router. Switches A and C are connected
to the rest of the WAN. Switch B advertises connected, static, redistribution, and summary routes to switch
A and C. Switch B does not advertise any routes learned from switch A (and the reverse).

Figure 6: EIGRP Stub Router Configuration

For more information about EIGRPv6 stub routing, see Implementing EIGRP for IPv6 section of the Cisco
IOS IP Configuration Guide, Volume 2 of 3: Routing Protocols, Release 12.4.

SNMP and Syslog Over IPv6


To support both IPv4 and IPv6, IPv6 network management requires both IPv6 and IPv4 transports. Syslog
over IPv6 supports address data types for these transports.
SNMP and syslog over IPv6 provide these features:
Support for both IPv4 and IPv6
IPv6 transport for SNMP and to modify the SNMP agent to support traps for an IPv6 host
SNMP- and syslog-related MIBs to support IPv6 addressing
Configuration of IPv6 hosts as trap receivers

For support over IPv6, SNMP modifies the existing IP transport mapping to simultaneously support IPv4 and
IPv6. These SNMP actions support IPv6 transport management:
Opens User Datagram Protocol (UDP) SNMP socket with default settings
Provides a new transport mechanism called SR_IPV6_TRANSPORT
Sends SNMP notifications over IPv6 transport
Supports SNMP-named access lists for IPv6 transport
Supports SNMP proxy forwarding using IPv6 transport
Verifies SNMP Manager feature works with IPv6 transport

For information on SNMP over IPv6, including configuration procedures, see the Managing Cisco IOS
Applications over IPv6 chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
174
Information About Configuring IPv6 Unicast Routing

For information about syslog over IPv6, including configuration procedures, see the Implementing IPv6
Addressing and Basic Connectivity chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.

HTTP(S) Over IPv6


The HTTP client sends requests to both IPv4 and IPv6 HTTP servers, which respond to requests from both
IPv4 and IPv6 HTTP clients. URLs with literal IPv6 addresses must be specified in hexadecimal using 16-bit
values between colons.
The accept socket call chooses an IPv4 or IPv6 address family. The accept socket is either an IPv4 or IPv6
socket. The listening socket continues to listen for both IPv4 and IPv6 signals that indicate a connection. The
IPv6 listening socket is bound to an IPv6 wildcard address.
The underlying TCP/IP stack supports a dual-stack environment. HTTP relies on the TCP/IP stack and the
sockets for processing network-layer interactions.
Basic network connectivity (ping) must exist between the client and the server hosts before HTTP connections
can be made.
For more information, see the Managing Cisco IOS Applications over IPv6 chapter in the Cisco IOS IPv6
Configuration Library on Cisco.com.

Unsupported IPv6 Unicast Routing Features


The switch does not support these IPv6 features:
IPv6 virtual private network (VPN) routing and forwarding (VRF) table support
IPv6 packets destined to site-local addresses
Tunneling protocols, such as IPv4-to-IPv6 or IPv6-to-IPv4
The switch as a tunnel endpoint supporting IPv4-to-IPv6 or IPv6-to-IPv4 tunneling protocols
IPv6 unicast reverse-path forwarding
IPv6 Web Cache Communication Protocol (WCCP)

IPv6 Feature Limitations


Because IPv6 is implemented in switch hardware, some limitations occur due to the IPv6 compressed addresses
in the hardware memory. These hardware limitations result in some loss of functionality and limits some
features.
These are feature limitations.
The switch cannot forward SNAP-encapsulated IPv6 packets in hardware. They are forwarded in software.
The switch cannot apply QoS classification on source-routed IPv6 packets in hardware.

IPv6 and Switch Stacks


The switch supports IPv6 forwarding across the stack and IPv6 host functionality on the stack master. The
stack master runs the IPv6 unicast routing protocols and computes the routing tables. They receive the tables
and create hardware IPv6 routes for forwarding. The stack master also runs all IPv6 applications.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
175
Information About Configuring IPv6 Unicast Routing

Note To route IPv6 packets in a stack, all switches in the stack should be running the IP Base feature set.

If a new switch becomes the stack master, it recomputes the IPv6 routing tables and distributes them to the
member switches. While the new stack master is being elected and is resetting, the switch stack does not
forward IPv6 packets. The stack MAC address changes, which also changes the IPv6 address. When you
specify the stack IPv6 address with an extended unique identifier (EUI) by using the ipv6 address
ipv6-prefix/prefix length eui-64 interface configuration command, the address is based on the interface MAC
address. See the Configuring IPv6 Addressing and Enabling IPv6 Routing (CLI), on page 177.
If you configure the persistent MAC address feature on the stack and the stack master changes, the stack MAC
address does not change for approximately 4 minutes.
These are the functions of IPv6 stack master and members:
Stack master:
runs IPv6 routing protocols
generates routing tables
distributes routing tables to stack members that use dCEFv6
runs IPv6 host functionality and IPv6 applications

Stack member (must be running the IP services feature set):


receives CEFv6 routing tables from the stack master
programs the routes into hardware

Note IPv6 packets are routed in hardware across the stack if the packet does not have
exceptions (IPv6 Options) and the switches in the stack have not run out of hardware
resources.

flushes the CEFv6 tables on master re-election

Default IPv6 Configuration


Table 20: Default IPv6 Configuration

Feature Default Setting


SDM template Advance desktop. Default is advanced template

IPv6 routing Disabled globally and on all interfaces

CEFv6 or dCEFv6 Disabled (IPv4 CEF and dCEF are enabled by default)
Note When IPv6 routing is enabled, CEFv6 and dCEF6
are automatically enabled.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
176
Information About Configuring IPv6 Unicast Routing

Feature Default Setting


IPv6 addresses None configured

Configuring IPv6 Addressing and Enabling IPv6 Routing (CLI)


This section describes how to assign IPv6 addresses to individual Layer 3 interfaces and to globally forward
IPv6 traffic on the switch.
Before configuring IPv6 on the switch, consider these guidelines:
Not all features discussed in this chapter are supported by the switch. See the Unsupported IPv6 Unicast
Routing Features, on page 175.
In the ipv6 address interface configuration command, you must enter the ipv6-address and ipv6-prefix
variables with the address specified in hexadecimal using 16-bit values between colons. The prefix-length
variable (preceded by a slash [/]) is a decimal value that shows how many of the high-order contiguous
bits of the address comprise the prefix (the network portion of the address).

To forward IPv6 traffic on an interface, you must configure a global IPv6 address on that interface. Configuring
an IPv6 address on an interface automatically configures a link-local address and activates IPv6 for the
interface. The configured interface automatically joins these required multicast groups for that link:
solicited-node multicast group FF02:0:0:0:0:1:ff00::/104 for each unicast address assigned to the interface
(this address is used in the neighbor discovery process.)
all-nodes link-local multicast group FF02::1
all-routers link-local multicast group FF02::2

To remove an IPv6 address from an interface, use the no ipv6 address ipv6-prefix/prefix length eui-64 or no
ipv6 address ipv6-address link-local interface configuration command. To remove all manually configured
IPv6 addresses from an interface, use the no ipv6 address interface configuration command without arguments.
To disable IPv6 processing on an interface that has not been explicitly configured with an IPv6 address, use
the no ipv6 enable interface configuration command. To globally disable IPv6 routing, use the no ipv6
unicast-routing global configuration command.
For more information about configuring IPv6 routing, see the Implementing Addressing and Basic Connectivity
for IPv6 chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Beginning in privileged EXEC mode, follow these steps to assign an IPv6 address to a Layer 3 interface and
enable IPv6 routing:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
177
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


Step 2 sdm prefer dual-ipv4-and-ipv6 { advanced | vlan} Selects an SDM template that supports IPv4 and IPv6.
advancedSets the switch to the default template to
Example: balance system resources.
Switch(config)# sdm prefer
dual-ipv4-and-ipv6 default vlanMaximizes VLAN configuration on the switch with
no routing supported in hardware.

Note Advanced is available at all license levels. VLAN


template is available only in LAN Base license.
Step 3 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 4 reload Reloads the operating system.

Example:
Switch# reload

Step 5 configure terminal Enters global configuration mode after the switch reloads.

Example:
Switch# configure terminal

Step 6 interface interface-id Enters interface configuration mode, and specifies the Layer 3
interface to configure. The interface can be a physical interface,
Example: a switch virtual interface (SVI), or a Layer 3 EtherChannel.

Switch(config)# interface gigabitethernet


1/0/1

Step 7 no switchport Removes the interface from Layer 2 configuration mode (if it is
a physical interface).
Example:
Switch(config-if)# no switchport

Step 8 Use one of the following: Specifies a global IPv6 address with an extended unique
identifier (EUI) in the low-order 64 bits of the IPv6 address.
ipv6 address ipv6-prefix/prefix length eui-64 Specify only the network prefix; the last 64 bits are
ipv6 address ipv6-address/prefix length automatically computed from the switch MAC address.
This enables IPv6 processing on the interface.
ipv6 address ipv6-address link-local
Manually configures an IPv6 address on the interface.
ipv6 enable
Specifies a link-local address on the interface to be used
ipv6 addressWORD instead of the link-local address that is automatically

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
178
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


ipv6 addressautoconfig configured when IPv6 is enabled on the interface. This
command enables IPv6 processing on the interface.
ipv6 addressdhcp
Automatically configures an IPv6 link-local address on the
interface, and enables the interface for IPv6 processing.
Example:
The link-local address can only be used to communicate
Switch(config-if)# ipv6 address with nodes on the same link.
2001:0DB8:c18:1::/64 eui 64

Switch(config-if)# ipv6 address


2001:0DB8:c18:1::/64

Switch(config-if)# ipv6 address


2001:0DB8:c18:1:: link-local

Switch(config-if)# ipv6 enable

Step 9 exit Returns to global configuration mode.

Example:
Switch(config-if)# exit

Step 10 ip routing Enables IP routing on the switch.

Example:
Switch(config)# ip routing

Step 11 ipv6 unicast-routing Enables forwarding of IPv6 unicast data packets.

Example:
Switch(config)# ipv6 unicast-routing

Step 12 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 13 show ipv6 interface interface-id Verifies your entries.

Example:
Switch# show ipv6 interface gigabitethernet
1/0/1

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
179
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


Step 14 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring IPv4 and IPv6 Protocol Stacks (CLI)


Beginning in privileged EXEC mode, follow these steps to configure a Layer 3 interface to support both IPv4
and IPv6 and to enable IPv6 routing.

Note To disable IPv6 processing on an interface that has not been configured with an IPv6 address, use the no
ipv6 enable interface configuration command.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
180
Information About Configuring IPv6 Unicast Routing

SUMMARY STEPS

1. configure terminal
2. ip routing
3. ipv6 unicast-routing
4. interface interface-id
5. no switchport
6. ip address ip-address mask [secondary]
7. Use one of the following:
ipv6 address ipv6-prefix/prefix length eui-64
ipv6 address ipv6-address/prefix length
ipv6 address ipv6-address link-local
ipv6 enable
ipv6 addressWORD
ipv6 addressautoconfig
ipv6 addressdhcp

8. end
9. Use one of the following:
show interface interface-id
show ip interface interface-id
show ipv6 interface interface-id

10. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ip routing Enables routing on the switch.

Example:
Switch(config)# ip routing

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
181
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


Step 3 ipv6 unicast-routing Enables forwarding of IPv6 data packets on the switch.

Example:
Switch(config)# ipv6 unicast-routing

Step 4 interface interface-id Enters interface configuration mode, and specifies the Layer
3 interface to configure.
Example:
Switch(config)# interface gigabitethernet
1/0/1

Step 5 no switchport Removes the interface from Layer 2 configuration mode (if it
is a physical interface).
Example:
Switch(config-if)# no switchport

Step 6 ip address ip-address mask [secondary] Specifies a primary or secondary IPv4 address for the interface.

Example:
Switch(config-if)# ip address 10.1.2.3
255.255.255

Step 7 Use one of the following: Specifies a global IPv6 address. Specify only the network
prefix; the last 64 bits are automatically computed from
ipv6 address ipv6-prefix/prefix length eui-64 the switch MAC address.
ipv6 address ipv6-address/prefix length Specifies a link-local address on the interface to be used
ipv6 address ipv6-address link-local instead of the automatically configured link-local address
when IPv6 is enabled on the interface.
ipv6 enable
Automatically configures an IPv6 link-local address on
ipv6 addressWORD the interface, and enables the interface for IPv6
ipv6 addressautoconfig processing. The link-local address can only be used to
communicate with nodes on the same link.
ipv6 addressdhcp
Note To remove all manually configured IPv6 addresses
from an interface, use the no ipv6 address interface
configuration command without arguments.
Step 8 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
182
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


Step 9 Use one of the following: Verifies your entries.
show interface interface-id
show ip interface interface-id
show ipv6 interface interface-id

Step 10 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring Default Router Preference (CLI)


Router advertisement messages are sent with the default router preference (DRP) configured by the ipv6 nd
router-preference interface configuration command. If no DRP is configured, RAs are sent with a medium
preference.
A DRP is useful when two routers on a link might provide equivalent, but not equal-cost routing, and policy
might dictate that hosts should prefer one of the routers.
For more information about configuring DRP for IPv6, see the Implementing IPv6 Addresses and Basic
Connectivity chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Beginning in privileged EXEC mode, follow these steps to configure a DRP for a router on an interface.

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 interface interface-id Enters interface configuration mode and identifies the
Layer 3 interface on which you want to specify the
Example: DRP.

Switch(config)# interface gigabitethernet 1/0/1

Step 3 ipv6 nd router-preference {high | medium | low} Specifies a DRP for the router on the switch interface.

Example:
Switch(config-if)# ipv6 nd router-preference medium

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
183
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose

Step 4 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 5 show ipv6 interface Verifies the configuration.

Example:
Switch# show ipv6 interface

Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring IPv6 ICMP Rate Limiting (CLI)


ICMP rate limiting is enabled by default with a default interval between error messages of 100 milliseconds
and a bucket size (maximum number of tokens to be stored in a bucket) of 10.
Beginning in privileged EXEC mode, follow these steps to change the ICMP rate-limiting parameters:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ipv6 icmp error-interval interval [bucketsize] Configures the interval and bucket size for IPv6 ICMP error
messages:
Example: intervalThe interval (in milliseconds) between tokens
Switch(config)# ipv6 icmp error-interval 50 being added to the bucket. The range is from 0 to
20 2147483647 milliseconds.
bucketsize(Optional) The maximum number of tokens
stored in the bucket. The range is from 1 to 200.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
184
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


Step 3 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 4 show ipv6 interface [interface-id] Verifies your entries.

Example:
Switch# show ipv6 interface gigabitethernet
1/0/1

Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring CEF and dCEF for IPv6


Cisco Express Forwarding (CEF) is a Layer 3 IP switching technology to improve network performance. CEF
implements an advanced IP look-up and forwarding algorithm to deliver maximum Layer 3 switching
performance. It is less CPU-intensive than fast-switching route-caching, allowing more CPU processing power
to be dedicated to packet forwarding. In a switch stack, the hardware uses distributed CEF (dCEF) in the
stack. IPv4 CEF and dCEF are enabled by default. IPv6 CEF and dCEF are disabled by default, but
automatically enabled when you configure IPv6 routing.
IPv6 CEF and dCEF are automatically disabled when IPv6 routing is unconfigured. IPv6 CEF and dCEF
cannot disabled through configuration. You can verify the IPv6 state by entering the show ipv6 cef privileged
EXEC command.
To route IPv6 unicast packets, you must first globally configure forwarding of IPv6 unicast packets by using
the ipv6 unicast-routing global configuration command, and you must configure an IPv6 address and IPv6
processing on an interface by using the ipv6 address interface configuration command.
For more information about configuring CEF and dCEF, see Cisco IOS IPv6 Configuration Library on
Cisco.com.

Configuring Static Routing for IPv6 (CLI)


Before configuring a static IPv6 route, you must enable routing by using the ip routing global configuration
command, enable the forwarding of IPv6 packets by using the ipv6 unicast-routing global configuration
command, and enable IPv6 on at least one Layer 3 interface by configuring an IPv6 address on the interface.
For more information about configuring static IPv6 routing, see the Implementing Static Routes for IPv6
chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
185
Information About Configuring IPv6 Unicast Routing

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ipv6 route ipv6-prefix/prefix length Configures a static IPv6 route.


{ipv6-address | interface-id
[ipv6-address]} [administrative distance] ipv6-prefixThe IPv6 network that is the destination of the static route. It
can also be a hostname when static host routes are configured.
Example: /prefix lengthThe length of the IPv6 prefix. A decimal value that shows
how many of the high-order contiguous bits of the address comprise the
Switch(config)# ipv6 route
2001:0DB8::/32 gigabitethernet2/0/1 prefix (the network portion of the address). A slash mark must precede the
130 decimal value.
ipv6-addressThe IPv6 address of the next hop that can be used to reach
the specified network. The IPv6 address of the next hop need not be directly
connected; recursion is done to find the IPv6 address of the directly
connected next hop. The address must be in the form documented in RFC
2373, specified in hexadecimal using 16-bit values between colons.
interface-idSpecifies direct static routes from point-to-point and broadcast
interfaces. With point-to-point interfaces, there is no need to specify the
IPv6 address of the next hop. With broadcast interfaces, you should always
specify the IPv6 address of the next hop, or ensure that the specified prefix
is assigned to the link, specifying a link-local address as the next hop. You
can optionally specify the IPv6 address of the next hop to which packets
are sent.

Note You must specify an interface-id when using a link-local address as the
next hop (the link-local next hop must also be an adjacent router).
administrative distance(Optional) An administrative distance. The range
is 1 to 254; the default value is 1, which gives static routes precedence over
any other type of route except connected routes. To configure a floating
static route, use an administrative distance greater than that of the dynamic
routing protocol.

Step 3 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 4 Use one of the following: Verifies your entries by displaying the contents of the IPv6 routing table.
show ipv6 static [ ipv6-address | interface interface-id(Optional) Displays only those static routes with
ipv6-prefix/prefix length ] the specified interface as an egress interface.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
186
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


[interface interface-id ] recursive(Optional) Displays only recursive static routes. The recursive
[detail]][recursive] [detail] keyword is mutually exclusive with the interface keyword, but it can be
used with or without the IPv6 prefix included in the command syntax.
show ipv6 route static [ updated ]
detail(Optional) Displays this additional information:
For valid recursive routes, the output path set, and maximum resolution
Example: depth.
Switch# show ipv6 static
2001:0DB8::/32 interface For invalid routes, the reason why the route is not valid.
gigabitethernet2/0/1

or
Switch# show ipv6 route static

Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config
startup-config

Configuring RIP for IPv6 (CLI)


Before configuring the switch to run IPv6 RIP, you must enable routing by using the ip routing global
configuration command, enable the forwarding of IPv6 packets by using the ipv6 unicast-routing global
configuration command, and enable IPv6 on any Layer 3 interfaces on which IPv6 RIP is to be enabled.
For more information about configuring RIP routing for IPv6, see the Implementing RIP for IPv6 chapter
in the Cisco IOS IPv6 Configuration Library on Cisco.com,

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ipv6 router rip name Configures an IPv6 RIP routing process, and enters router
configuration mode for the process.
Example:
Switch(config)# ipv6 router rip cisco

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
187
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


Step 3 maximum-paths number-paths (Optional) Define the maximum number of equal-cost routes
that IPv6 RIP can support. The range is from 1 to 32, and the
Example: default is 16 routes.

Switch(config-router)# maximum-paths 6

Step 4 exit Returns to global configuration mode.

Example:
Switch(config-router)# exit

Step 5 interface interface-id Enters interface configuration mode, and specifies the Layer 3
interface to configure.
Example:
Switch(config)# interface gigabitethernet
1/0/1

Step 6 ipv6 rip name enable Enables the specified IPv6 RIP routing process on the interface.

Example:
Switch(config-if)# ipv6 rip cisco enable

Step 7 ipv6 rip name default-information {only | (Optional) Originates the IPv6 default route (::/0) into the RIP
originate} routing process updates sent from the specified interface.
Note To avoid routing loops after the IPv6 default route (::/0)
Example: is originated from any interface, the routing process
Switch(config-if)# ipv6 rip cisco ignores all default routes received on any interface.
default-information only
onlySelect to originate the default route, but suppress
all other routes in the updates sent on this interface.
originateSelect to originate the default route in addition
to all other routes in the updates sent on this interface.

Step 8 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 9 Use one of the following: Displays information about current IPv6 RIP processes.
show ipv6 rip [name] [ interfaceinterface-id] Displays the current contents of the IPv6 routing table.
[ database ] [ next-hops ]
show ipv6 rip

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
188
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose

Example:
Switch# show ipv6 rip cisco interface
gigabitethernet2/0/1

or
Switch# show ipv6 rip

Step 10 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config startup-config

Configuring OSPF for IPv6 (CLI)


You can customize OSPF for IPv6 for your network. However, the defaults for OSPF in IPv6 are set to meet
the requirements of most customers and features.
Follow these guidelines:
Be careful when changing the defaults for IPv6 commands. Changing the defaults might adversely affect
OSPF for the IPv6 network.
Before you enable IPv6 OSPF on an interface, you must enable routing by using the ip routing global
configuration command, enable the forwarding of IPv6 packets by using the ipv6 unicast-routing global
configuration command, and enable IPv6 on Layer 3 interfaces on which you are enabling IPv6 OSPF.

For more information about configuring OSPF routing for IPv6, see the Implementing OSPF for IPv6 chapter
in the Cisco IOS IPv6 Configuration Library on Cisco.com.

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ipv6 router ospf process-id Enables OSPF router configuration mode for the process. The process
ID is the number assigned administratively when enabling the OSPF
Example: for IPv6 routing process. It is locally assigned and can be a positive
integer from 1 to 65535.
Switch(config)# ipv6 router ospf 21

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
189
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


Step 3 area area-id range {ipv6-prefix/prefix length} (Optional) Consolidates and summarizes routes at an area boundary.
[advertise | not-advertise] [cost cost]
area-idIdentifier of the area about which routes are to be
summarized. It can be specified as either a decimal value or as
Example: an IPv6 prefix.
Switch(config)# area .3 range
2001:0DB8::/32 not-advertise ipv6-prefix/prefix lengthThe destination IPv6 network and a
decimal value that shows how many of the high-order contiguous
bits of the address comprise the prefix (the network portion of
the address). A slash mark (/) must precede the decimal value.
advertise(Optional) Sets the address range status to advertise
and generate a Type 3 summary link-state advertisement (LSA).
not-advertise(Optional) Sets the address range status to
DoNotAdvertise. The Type 3 summary LSA is suppressed, and
component networks remain hidden from other networks.
cost cost(Optional) Sets the metric or cost for this summary
route, which is used during OSPF SPF calculation to determine
the shortest paths to the destination. The value can be 0 to
16777215.

Step 4 maximum paths number-paths (Optional) Defines the maximum number of equal-cost routes to the
same destination that IPv6 OSPF should enter in the routing table. The
Example: range is from 1 to 32, and the default is 16 paths.

Switch(config)# maximum paths 16

Step 5 exit Returns to global configuration mode.

Example:
Switch(config-if)# exit

Step 6 interface interface-id Enters interface configuration mode, and specifies the Layer 3 interface
to configure.
Example:
Switch(config)# interface gigabitethernet
1/0/1

Step 7 ipv6 ospf process-id area area-id [instance Enables OSPF for IPv6 on the interface.
instance-id]
instance instance-id(Optional) Instance identifier.
Example:
Switch(config-if)# ipv6 ospf 21 area .3

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
190
Information About Configuring IPv6 Unicast Routing

Command or Action Purpose


Step 8 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 9 Use one of the following: Displays information about OSPF interfaces.
show ipv6 ospf [ process-id ] [ area-id ] Displays general information about OSPF routing processes.
interface [ interface-id ]
show ipv6 ospf [ process-id ] [ area-id ]

Example:
Switch# show ipv6 ospf 21 interface
gigabitethernet2/0/1

or
Switch# show ipv6 ospf 21

Step 10 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config
startup-config

Configuring EIGRP for IPv6


Before configuring the switch to run IPv6 EIGRP, enable routing by entering the ip routing global
configuration command, enable the forwarding of IPv6 packets by entering the ipv6 unicast-routing global
configuration command, and enable IPv6 on any Layer 3 interfaces on which you want to enable IPv6 EIGRP.
To set an explicit router ID, use the show ipv6 eigrp command to see the configured router IDs, and then use
the router-id command.
As with EIGRP IPv4, you can use EIGRPv6 to specify your EIGRP IPv6 interfaces and to select a subset of
those as passive interfaces. Use the passive-interface command to make an interface passive, and then use
the no passive-interface command on selected interfaces to make them active. EIGRP IPv6 does not need to
be configured on a passive interface.
For more configuration procedures, see the Implementing EIGRP for IPv6 chapter in the Cisco IOS IPv6
Configuration Library on Cisco.com.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
191
Information About Configuring IPv6 Unicast Routing

Configuring IPv6 Unicast Reverse Path Forwarding


The unicast Reverse Path Forwarding (unicast RPF) feature helps to mitigate problems that are caused by the
introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets
that lack a verifiable IP source address. For example, a number of common types of denial-of-service (DoS)
attacks, including Smurf and Tribal Flood Network (TFN), can take advantage of forged or rapidly changing
source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. For Internet service
providers (ISPs) that provide public access, Unicast RPF deflects such attacks by forwarding only packets
that have source addresses that are valid and consistent with the IP routing table. This action protects the
network of the ISP, its customer, and the rest of the Internet.

Note

Unicast RPF is supported only in IP services.


Do not configure Unicast RPF if the switch is in a mixed hardware stack combining more than one
switch type.

For detailed IP unicast RPF configuration information, see the Other Security Features chapter in the Cisco
IOS Security Configuration Guide, Release 12.4.

Displaying IPv6
For complete syntax and usage information on these commands, see the Cisco IOS command reference
publications.

Table 21: Command for Monitoring IPv6

Command Purpose
show ipv6 access-list Displays a summary of access lists.

show ipv6 cef Displays Cisco Express Forwarding for IPv6.

show ipv6 interfaceinterface-id Displays IPv6 interface status and configuration.

show ipv6 mtu Displays IPv6 MTU per destination cache.

show ipv6 neighbors Displays IPv6 neighbor cache entries.

show ipv6 ospf Displays IPv6 OSPF information.

show ipv6 prefix-list Displays a list of IPv6 prefix lists.

show ipv6 protocols Displays a list of IPv6 routing protocols on the switch.

show ipv6 rip Displays IPv6 RIP routing protocol status.

show ipv6 rip Displays IPv6 RIP routing protocol status.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
192
Configuring DHCP for IPv6 Address Assignment

Command Purpose
show ipv6 route Displays IPv6 route table entries.

show ipv6 routers Displays the local IPv6 routers.

show ipv6 static Displays IPv6 static routes.

show ipv6 traffic Displays IPv6 traffic statistics.

Table 22: Command for Displaying EIGRP IPv6 Information

Command Purpose
show ipv6 eigrp [as-number] interface Displays information about interfaces configured for
EIGRP IPv6.

show ipv6 eigrp [as-number] neighbor Displays the neighbors discovered by EIGRP IPv6.

show ipv6 interface[as-number] traffic Displays the number of EIGRP IPv6 packets sent and
received.

show ipv6 eigrptopology [as-number | ipv6-address] Displays EIGRP entries in the IPv6 topology table.
[active | all-links | detail-links | pending | summary
| zero-successors | Base]

Configuring DHCP for IPv6 Address Assignment

Default DHCPv6 Address Assignment Configuration


By default, no DHCPv6 features are configured on the switch.

DHCPv6 Address Assignment Configuration Guidelines


When configuring DHCPv6 address assignment, consider these guidelines:
In the procedures, the specified interface must be one of these Layer 3 interfaces:
DHCPv6 IPv6 routing must be enabled on a Layer 3 interface.
SVI: a VLAN interface created by using the interface vlan vlan_id command.
EtherChannel port channel in Layer 3 mode: a port-channel logical interface created by using the
interface port-channel port-channel-number command.

The switch can act as a DHCPv6 client, server, or relay agent. The DHCPv6 client, server, and relay
function are mutually exclusive on an interface.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
193
Configuring DHCP for IPv6 Address Assignment

The DHCPv6 client, server, or relay agent runs only on the master switch. When there is a stack master
re-election, the new master switch retains the DHCPv6 configuration. However, the local RAM copy
of the DHCP server database lease information is not retained.

Enabling DHCPv6 Server Function (CLI)


Use the no form of the DHCP pool configuration mode commands to change the DHCPv6 pool characteristics.
To disable the DHCPv6 server function on an interface, use the no ipv6 dhcp server interface configuration
command.
Beginning in privileged EXEC mode, follow these steps to enable the DHCPv6 server function on an interface.

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 ipv6 dhcp pool poolname Enters DHCP pool configuration mode, and define the name for the
IPv6 DHCP pool. The pool name can be a symbolic string (such as
Example: Engineering) or an integer (such as 0).

Switch(config)# ipv6 dhcp pool 7

Step 3 address prefix IPv6-prefix {lifetime} {t1 t1 | (Optional) Specifies an address prefix for address assignment.
infinite} This address must be in hexadecimal, using 16-bit values between
colons.
Example:
lifetime t1 t1Specifies a time interval (in seconds) that an IPv6
Switch(config-dhcpv6)# address prefix address prefix remains in the valid state. The range is 5 to 4294967295
2001:1000::0/64 lifetime 3600
seconds. Specify infinite for no time interval.

Step 4 link-address IPv6-prefix (Optional) Specifies a link-address IPv6 prefix.


When an address on the incoming interface or a link-address in the
Example: packet matches the specified IPv6 prefix, the server uses the
Switch(config-dhcpv6)# link-address configuration information pool.
2001:1002::0/64
This address must be in hexadecimal, using 16-bit values between
colons.

Step 5 vendor-specific vendor-id (Optional) Enters vendor-specific configuration mode and specifies a
vendor-specific identification number. This number is the vendor
Example: IANA Private Enterprise Number. The range is 1 to 4294967295.

Switch(config-dhcpv6)# vendor-specific
9

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
194
Configuring DHCP for IPv6 Address Assignment

Command or Action Purpose


Step 6 suboption number {address IPv6-address | (Optional) Enters a vendor-specific suboption number. The range is 1
ascii ASCII-string | hex hex-string} to 65535. Enter an IPv6 address, ASCII text, or a hex string as defined
by the suboption parameters.
Example:
Switch(config-dhcpv6-vs)# suboption 1
address 1000:235D::

Step 7 exit Returns to DHCP pool configuration mode.

Example:
Switch(config-dhcpv6-vs)# exit

Step 8 exit Returns to global configuration mode.

Example:
Switch(config-dhcpv6)# exit

Step 9 interface interface-id Enters interface configuration mode, and specifies the interface to
configure.
Example:
Switch(config)# interface
gigabitethernet 1/0/1

Step 10 ipv6 dhcp server [poolname | automatic] Enables DHCPv6 server function on an interface.
[rapid-commit] [preference value]
[allow-hint] poolname(Optional) User-defined name for the IPv6 DHCP
pool. The pool name can be a symbolic string (such as
Engineering) or an integer (such as 0).
Example:
automatic(Optional) Enables the system to automatically
Switch(config-if)# ipv6 dhcp server
automatic determine which pool to use when allocating addresses for a
client.
rapid-commit(Optional) Allows two-message exchange
method.
preference value(Optional) Configures the preference value
carried in the preference option in the advertise message sent by
the server. The range is from 0 to 255. The preference value
default is 0.
allow-hint(Optional) Specifies whether the server should
consider client suggestions in the SOLICIT message. By default,
the server ignores client hints.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
195
Configuring DHCP for IPv6 Address Assignment

Command or Action Purpose


Step 11 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 12 Do one of the following: Verifies DHCPv6 pool configuration.


show ipv6 dhcp pool Verifies that the DHCPv6 server function is enabled on an
interface.
show ipv6 dhcp interface

Example:
Switch# show ipv6 dhcp pool
or
Switch# show ipv6 dhcp interface

Step 13 copy running-config startup-config (Optional) Saves your entries in the configuration file.

Example:
Switch# copy running-config
startup-config

Enabling DHCPv6 Client Function (CLI)


This task explains how to enable the DHCPv6 client on an interface.

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 2 interface interface-id Enters interface configuration mode, and specifies the
interface to configure.
Example:
Switch(config)# interface gigabitethernet 1/0/1

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
196
Configuration Examples for IPv6 Unicast Routing

Command or Action Purpose


Step 3 ipv6 address dhcp [rapid-commit] Enables the interface to acquire an IPv6 address from the
DHCPv6 server.
Example: rapid-commit(Optional) Allow two-message exchange
Switch(config-if)# ipv6 address dhcp method for address assignment.
rapid-commit

Step 4 ipv6 dhcp client request [vendor-specific] (Optional) Enables the interface to request the
vendor-specific option.
Example:
Switch(config-if)# ipv6 dhcp client request
vendor-specific

Step 5 end Returns to privileged EXEC mode.

Example:
Switch(config)# end

Step 6 show ipv6 dhcp interface Verifies that the DHCPv6 client is enabled on an interface.

Example:
Switch# show ipv6 dhcp interface

Configuration Examples for IPv6 Unicast Routing

Configuring IPv6 Addressing and Enabling IPv6 Routing: Example


This example shows how to enable IPv6 with both a link-local address and a global address based on the IPv6
prefix 2001:0DB8:c18:1::/64. The EUI-64 interface ID is used in the low-order 64 bits of both addresses.
Output from the show ipv6 interface EXEC command is included to show how the interface ID
(20B:46FF:FE2F:D940) is appended to the link-local prefix FE80::/64 of the interface.

Switch(config)# ipv6 unicast-routing


Switch(config)# interface gigabitethernet1/0/11
Switch(config-if)# no switchport
Switch(config-if)# ipv6 address 2001:0DB8:c18:1::/64 eui 64
Switch(config-if)# end
Switch# show ipv6 interface gigabitethernet1/0/11
GigabitEthernet1/0/11 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::20B:46FF:FE2F:D940
Global unicast address(es):
2001:0DB8:c18:1:20B:46FF:FE2F:D940, subnet is 2001:0DB8:c18:1::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
197
Configuration Examples for IPv6 Unicast Routing

FF02::1:FF2F:D940
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.

Configuring Default Router Preference: Example


This example shows how to configure a DRP of high for the router on an interface.

Switch# configure terminal


Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# ipv6 nd router-preference high
Switch(config-if)# end

Configuring IPv4 and IPv6 Protocol Stacks: Example


This example shows how to enable IPv4 and IPv6 routing on an interface.

Switch(config)# ip routing
Switch(config)# ipv6 unicast-routing
Switch(config)# interface fastethernet1/0/11
Switch(config-if)# no switchport
Switch(config-if)# ip address 192.168.99.1 255.255.255.0
Switch(config-if)# ipv6 address 2001:0DB8:c18:1::/64 eui 64
Switch(config-if)# end

Enabling DHCPv6 Server Function: Example


This example shows how to configure a pool called engineering with an IPv6 address prefix:

Switch# configure terminal


Switch(config)# ipv6 dhcp pool engineering
Switch(config-dhcpv6)#address prefix 2001:1000::0/64
Switch(config-dhcpv6)# end

This example shows how to configure a pool called testgroup with three link-addresses and an IPv6 address
prefix:

Switch# configure terminal


Switch(config)# ipv6 dhcp pool testgroup
Switch(config-dhcpv6)# link-address 2001:1001::0/64
Switch(config-dhcpv6)# link-address 2001:1002::0/64
Switch(config-dhcpv6)# link-address 2001:2000::0/48
Switch(config-dhcpv6)# address prefix 2001:1003::0/64
Switch(config-dhcpv6)# end

This example shows how to configure a pool called 350 with vendor-specific options:

Switch# configure terminal

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
198
Configuration Examples for IPv6 Unicast Routing

Switch(config)# ipv6 dhcp pool 350


Switch(config-dhcpv6)# address prefix 2001:1005::0/48
Switch(config-dhcpv6)# vendor-specific 9
Switch(config-dhcpv6-vs)# suboption 1 address 1000:235D::1
Switch(config-dhcpv6-vs)# suboption 2 ascii "IP-Phone"
Switch(config-dhcpv6-vs)# end

Enabling DHCPv6 Client Function: Example


This example shows how to acquire an IPv6 address and to enable the rapid-commit option:

Switch(config)# interface gigabitethernet2/0/1


Switch(config-if)# ipv6 address dhcp rapid-commit

Configuring IPv6 ICMP Rate Limiting: Example


This example shows how to configure an IPv6 ICMP error message interval of 50 milliseconds and a bucket
size of 20 tokens.

Switch(config)#ipv6 icmp error-interval 50 20

Configuring Static Routing for IPv6: Example


This example shows how to configure a floating static route to an interface with an administrative distance
of 130:

Switch(config)# ipv6 route 2001:0DB8::/32 gigabitethernet2/0/1 130

Configuring RIP for IPv6: Example


This example shows how to enable the RIP routing process cisco with a maximum of eight equal-cost routes
and to enable it on an interface:

Switch(config)# ipv6 router rip cisco


Switch(config-router)# maximum-paths 8
Switch(config)# exit
Switch(config)# interface gigabitethernet2/0/11
Switch(config-if)# ipv6 rip cisco enable

Displaying IPv6: Example


This is an example of the output from the show ipv6 interface privileged EXEC command:

Switch# show ipv6 interface


Vlan1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::20B:46FF:FE2F:D940
Global unicast address(es):
3FFE:C000:0:1:20B:46FF:FE2F:D940, subnet is 3FFE:C000:0:1::/64 [EUI]
Joined group address(es):
FF02::1

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
199
Configuration Examples for IPv6 Unicast Routing

FF02::2
FF02::1:FF2F:D940
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
<output truncated>

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
200
CHAPTER 14
Implementing IPv6 Multicast
Finding Feature Information, page 201
Information About Implementing IPv6 Multicast Routing, page 201
Implementing IPv6 Multicast, page 208

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.

Information About Implementing IPv6 Multicast Routing


This chapter describes how to implement IPv6 multicast routing on the switch.
Traditional IP communication allows a host to send packets to a single host (unicast transmission) or to all
hosts (broadcast transmission). IPv6 multicast provides a third scheme, allowing a host to send a single data
stream to a subset of all hosts (group transmission) simultaneously.

IPv6 Multicast Overview


An IPv6 multicast group is an arbitrary group of receivers that want to receive a particular data stream. This
group has no physical or geographical boundaries--receivers can be located anywhere on the Internet or in
any private network. Receivers that are interested in receiving data flowing to a particular group must join
the group by signaling their local switch. This signaling is achieved with the MLD protocol.
Switches use the MLD protocol to learn whether members of a group are present on their directly attached
subnets. Hosts join multicast groups by sending MLD report messages. The network then delivers data to a
potentially unlimited number of receivers, using only one copy of the multicast data on each subnet. IPv6
hosts that wish to receive the traffic are known as group members.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
201
Information About Implementing IPv6 Multicast Routing

Packets delivered to group members are identified by a single multicast group address. Multicast packets are
delivered to a group using best-effort reliability, just like IPv6 unicast packets.
The multicast environment consists of senders and receivers. Any host, regardless of whether it is a member
of a group, can send to a group. However, only members of a group can listen to and receive the message.
A multicast address is chosen for the receivers in a multicast group. Senders use that address as the destination
address of a datagram to reach all members of the group.
Membership in a multicast group is dynamic; hosts can join and leave at any time. There is no restriction on
the location or number of members in a multicast group. A host can be a member of more than one multicast
group at a time.
How active a multicast group is, its duration, and its membership can vary from group to group and from time
to time. A group that has members may have no activity.

IPv6 Multicast Routing Implementation


The Cisco IOS software supports the following protocols to implement IPv6 multicast routing:
MLD is used by IPv6 switches to discover multicast listeners (nodes that want to receive multicast
packets destined for specific multicast addresses) on directly attached links. There are two versions of
MLD: MLD version 1 is based on version 2 of the Internet Group Management Protocol (IGMP) for
IPv4, and MLD version 2 is based on version 3 of the IGMP for IPv4. IPv6 multicast for Cisco IOS
software uses both MLD version 2 and MLD version 1. MLD version 2 is fully backward-compatible
with MLD version 1 (described in RFC 2710). Hosts that support only MLD version 1 will interoperate
with a switch running MLD version 2. Mixed LANs with both MLD version 1 and MLD version 2 hosts
are likewise supported.
PIM-SM is used between switches so that they can track which multicast packets to forward to each
other and to their directly connected LANs.
PIM in Source Specific Multicast (PIM-SSM) is similar to PIM-SM with the additional ability to report
interest in receiving packets from specific source addresses (or from all but the specific source addresses)
to an IP multicast address.

IPv6 Multicast Listener Discovery Protocol


To start implementing multicasting in the campus network, users must first define who receives the multicast.
The MLD protocol is used by IPv6 switches to discover the presence of multicast listeners (for example, nodes
that want to receive multicast packets) on their directly attached links, and to discover specifically which
multicast addresses are of interest to those neighboring nodes. It is used for discovering local group and
source-specific group membership.
The MLD protocol provides a means to automatically control and limit the flow of multicast traffic throughout
your network with the use of special multicast queriers and hosts.

Multicast Queriers and Hosts


A multicast querier is a network device, such as a switch, that sends query messages to discover which network
devices are members of a given multicast group.
A multicast host is a receiver, including switches, that send report messages to inform the querier of a host
membership.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
202
Information About Implementing IPv6 Multicast Routing

A set of queriers and hosts that receive multicast data streams from the same source is called a multicast group.
Queriers and hosts use MLD reports to join and leave multicast groups and to begin receiving group traffic.
MLD uses the Internet Control Message Protocol (ICMP) to carry its messages. All MLD messages are
link-local with a hop limit of 1, and they all have the switch alert option set. The switch alert option implies
an implementation of the hop-by-hop option header.

MLD Access Group


The MLD access group provides receiver access control in Cisco IOS IPv6 multicast switches. This feature
limits the list of groups a receiver can join, and it allows or denies sources used to join SSM channels.

Explicit Tracking of Receivers


The explicit tracking feature allows a switch to track the behavior of the hosts within its IPv6 network. This
feature also enables the fast leave mechanism to be used with MLD version 2 host reports.

Protocol Independent Multicast


Protocol Independent Multicast (PIM) is used between switches so that they can track which multicast packets
to forward to each other and to their directly connected LANs. PIM works independently of the unicast routing
protocol to perform send or receive multicast route updates like other protocols. Regardless of which unicast
routing protocols are being used in the LAN to populate the unicast routing table, Cisco IOS PIM uses the
existing unicast table content to perform the Reverse Path Forwarding (RPF) check instead of building and
maintaining its own separate routing table.
You can configure IPv6 multicast to use either PIM-SM or PIM-SSM operation, or you can use both PIM-SM
and PIM-SSM together in your network.

PIM-Sparse Mode
IPv6 multicast provides support for intradomain multicast routing using PIM-SM. PIM-SM uses unicast
routing to provide reverse-path information for multicast tree building, but it is not dependent on any particular
unicast routing protocol.
PIM-SM is used in a multicast network when relatively few switches are involved in each multicast and these
switches do not forward multicast packets for a group, unless there is an explicit request for the traffic. PIM-SM
distributes information about active sources by forwarding data packets on the shared tree. PIM-SM initially
uses shared trees, which requires the use of an RP.
Requests are accomplished via PIM joins, which are sent hop by hop toward the root node of the tree. The
root node of a tree in PIM-SM is the RP in the case of a shared tree or the first-hop switch that is directly
connected to the multicast source in the case of a shortest path tree (SPT). The RP keeps track of multicast
groups and the hosts that send multicast packets are registered with the RP by that host's first-hop switch.
As a PIM join travels up the tree, switches along the path set up multicast forwarding state so that the requested
multicast traffic will be forwarded back down the tree. When multicast traffic is no longer needed, a switch
sends a PIM prune up the tree toward the root node to prune (or remove) the unnecessary traffic. As this PIM
prune travels hop by hop up the tree, each switch updates its forwarding state appropriately. Ultimately, the
forwarding state associated with a multicast group or source is removed.
A multicast data sender sends data destined for a multicast group. The designated switch (DR) of the sender
takes those data packets, unicast-encapsulates them, and sends them directly to the RP. The RP receives these

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
203
Information About Implementing IPv6 Multicast Routing

encapsulated data packets, de-encapsulates them, and forwards them onto the shared tree. The packets then
follow the (*, G) multicast tree state in the switches on the RP tree, being replicated wherever the RP tree
branches, and eventually reaching all the receivers for that multicast group. The process of encapsulating data
packets to the RP is called registering, and the encapsulation packets are called PIM register packets.

IPv6 BSR: Configure RP Mapping


PIM switches in a domain must be able to map each multicast group to the correct RP address. The BSR
protocol for PIM-SM provides a dynamic, adaptive mechanism to distribute group-to-RP mapping information
rapidly throughout a domain. With the IPv6 BSR feature, if an RP becomes unreachable, it will be detected
and the mapping tables will be modified so that the unreachable RP is no longer used, and the new tables will
be rapidly distributed throughout the domain.
Every PIM-SM multicast group needs to be associated with the IP or IPv6 address of an RP. When a new
multicast sender starts sending, its local DR will encapsulate these data packets in a PIM register message
and send them to the RP for that multicast group. When a new multicast receiver joins, its local DR will send
a PIM join message to the RP for that multicast group. When any PIM switch sends a (*, G) join message,
the PIM switch needs to know which is the next switch toward the RP so that G (Group) can send a message
to that switch. Also, when a PIM switch is forwarding data packets using (*, G) state, the PIM switch needs
to know which is the correct incoming interface for packets destined for G, because it needs to reject any
packets that arrive on other interfaces.
A small set of switches from a domain are configured as candidate bootstrap switches (C-BSRs) and a single
BSR is selected for that domain. A set of switches within a domain are also configured as candidate RPs
(C-RPs); typically, these switches are the same switches that are configured as C-BSRs. Candidate RPs
periodically unicast candidate-RP-advertisement (C-RP-Adv) messages to the BSR of that domain, advertising
their willingness to be an RP. A C-RP-Adv message includes the address of the advertising C-RP, and an
optional list of group addresses and mask length fields, indicating the group prefixes for which the candidacy
is advertised. The BSR then includes a set of these C-RPs, along with their corresponding group prefixes, in
bootstrap messages (BSMs) it periodically originates. BSMs are distributed hop-by-hop throughout the domain.
Bidirectional BSR support allows bidirectional RPs to be advertised in C-RP messages and bidirectional
ranges in the BSM. All switches in a system must be able to use the bidirectional range in the BSM; otherwise,
the bidirectional RP feature will not function.

PIM-Source Specific Multicast


PIM-SSM is the routing protocol that supports the implementation of SSM and is derived from PIM-SM.
However, unlike PIM-SM where data from all multicast sources are sent when there is a PIM join, the SSM
feature forwards datagram traffic to receivers from only those multicast sources that the receivers have explicitly
joined, thus optimizing bandwidth utilization and denying unwanted Internet broadcast traffic. Further, instead
of the use of RP and shared trees, SSM uses information found on source addresses for a multicast group.
This information is provided by receivers through the source addresses relayed to the last-hop switches by
MLD membership reports, resulting in shortest-path trees directly to the sources.
In SSM, delivery of datagrams is based on (S, G) channels. Traffic for one (S, G) channel consists of datagrams
with an IPv6 unicast source address S and the multicast group address G as the IPv6 destination address.
Systems will receive this traffic by becoming members of the (S, G) channel. Signaling is not required, but
receivers must subscribe or unsubscribe to (S, G) channels to receive or not receive traffic from specific
sources.
MLD version 2 is required for SSM to operate. MLD allows the host to provide source information. Before
SSM can run with MLD, SSM must be supported in the Cisco IOS IPv6 switch, the host where the application
is running, and the application itself.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
204
Information About Implementing IPv6 Multicast Routing

Routable Address Hello Option


When an IPv6 interior gateway protocol is used to build the unicast routing table, the procedure to detect the
upstream switch address assumes the address of a PIM neighbor is always same as the address of the next-hop
switch, as long as they refer to the same switch. However, it may not be the case when a switch has multiple
addresses on a link.
Two typical situations can lead to this situation for IPv6. The first situation can occur when the unicast routing
table is not built by an IPv6 interior gateway protocol such as multicast BGP. The second situation occurs
when the address of an RP shares a subnet prefix with downstream switches (note that the RP switch address
has to be domain-wide and therefore cannot be a link-local address).
The routable address hello option allows the PIM protocol to avoid such situations by adding a PIM hello
message option that includes all the addresses on the interface on which the PIM hello message is advertised.
When a PIM switch finds an upstream switch for some address, the result of RPF calculation is compared
with the addresses in this option, in addition to the PIM neighbor's address itself. Because this option includes
all the possible addresses of a PIM switch on that link, it always includes the RPF calculation result if it refers
to the PIM switch supporting this option.
Because of size restrictions on PIM messages and the requirement that a routable address hello option fits
within a single PIM hello message, a limit of 16 addresses can be configured on the interface.

PIM IPv6 Stub Routing


The PIM stub routing feature reduces resource usage by moving routed traffic closer to the end user.
In a network using PIM stub routing, the only allowable route for IPv6 traffic to the user is through a switch
that is configured with PIM stub routing. PIM passive interfaces are connected to Layer 2 access domains,
such as VLANs, or to interfaces that are connected to other Layer 2 devices. Only directly connected multicast
receivers and sources are allowed in the Layer 2 access domains. The PIM passive interfaces do not send or
process any received PIM control packets.
When using PIM stub routing, you should configure the distribution and remote routers to use IPv6 multicast
routing and configure only the switch as a PIM stub router. The switch does not route transit traffic between
distribution routers. You also need to configure a routed uplink port on the switch. The switch uplink port
cannot be used with SVIs.
You must also configure EIGRP stub routing when configuring PIM stub routing on the switch. For more
information, see the EIGRPv6 Stub Routing, on page 173 section.
The redundant PIM stub router topology is not supported. The redundant topology exists when there is more
than one PIM router forwarding multicast traffic to a single access domain. PIM messages are blocked, and
the PIM assert and designated router election mechanisms are not supported on the PIM passive interfaces.
Only the non-redundant access router topology is supported by the PIM stub feature. By using a non-redundant
topology, the PIM passive interface assumes that it is the only interface and designated router on that access
domain.
In the figure shown below, Switch A routed uplink port 25 is connected to the router and PIM stub routing is
enabled on the VLAN 100 interfaces and on Host 3. This configuration allows the directly connected hosts

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
205
Information About Implementing IPv6 Multicast Routing

to receive traffic from multicast source. See the Configuring PIM IPv6 Stub Routing, on page 219 section for
more information.

Figure 7: PIM Stub Router Configuration

Static Mroutes
IPv6 static mroutes behave much in the same way as IPv4 static mroutes used to influence the RPF check.
IPv6 static mroutes share the same database as IPv6 static routes and are implemented by extending static
route support for RPF checks. Static mroutes support equal-cost multipath mroutes, and they also support
unicast-only static routes.

MRIB
The Multicast Routing Information Base (MRIB) is a protocol-independent repository of multicast routing
entries instantiated by multicast routing protocols (routing clients). Its main function is to provide independence
between routing protocols and the Multicast Forwarding Information Base (MFIB). It also acts as a coordination
and communication point among its clients.
Routing clients use the services provided by the MRIB to instantiate routing entries and retrieve changes made
to routing entries by other clients. Besides routing clients, MRIB also has forwarding clients (MFIB instances)
and special clients such as MLD. MFIB retrieves its forwarding entries from MRIB and notifies the MRIB
of any events related to packet reception. These notifications can either be explicitly requested by routing
clients or spontaneously generated by the MFIB.
Another important function of the MRIB is to allow for the coordination of multiple routing clients in
establishing multicast connectivity within the same multicast session. MRIB also allows for the coordination
between MLD and routing protocols.

MFIB
The MFIB is a platform-independent and routing-protocol-independent library for IPv6 software. Its main
purpose is to provide a Cisco IOS platform with an interface with which to read the IPv6 multicast forwarding
table and notifications when the forwarding table changes. The information provided by the MFIB has clearly
defined forwarding semantics and is designed to make it easy for the platform to translate to its specific
hardware or software forwarding mechanisms.
When routing or topology changes occur in the network, the IPv6 routing table is updated, and those changes
are reflected in the MFIB. The MFIB maintains next-hop address information based on the information in the

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
206
Information About Implementing IPv6 Multicast Routing

IPv6 routing table. Because there is a one-to-one correlation between MFIB entries and routing table entries,
the MFIB contains all known routes and eliminates the need for route cache maintenance that is associated
with switching paths such as fast switching and optimum switching.

MFIB

Note Distributed MFIB has its significance only in a stacked environment where the Master distributes the
MFIB information to the other stack members. In the following section the line cards are nothing but the
member switches in the stack.

MFIB (MFIB) is used to switch multicast IPv6 packets on distributed platforms. MFIB may also contain
platform-specific information on replication across line cards. The basic MFIB routines that implement the
core of the forwarding logic are common to all forwarding environments.
MFIB implements the following functions:
Relays data-driven protocol events generated in the line cards to PIM.
Provides an MFIB platform application program interface (API) to propagate MFIB changes to
platform-specific code responsible for programming the hardware acceleration engine. This API also
includes entry points to switch a packet in software (necessary if the packet is triggering a data-driven
event) and to upload traffic statistics to the software.

The combination of MFIB and MRIB subsystems also allows the switch to have a "customized" copy of the
MFIB database in each line card and to transport MFIB-related platform-specific information from the RP to
the line cards.

IPv6 Multicast Process Switching and Fast Switching


A unified MFIB is used to provide both fast switching and process switching support for PIM-SM and
PIM-SSM in IPv6 multicast. In process switching, the IOS daemon must examine, rewrite, and forward each
packet. The packet is first received and copied into the system memory. The switch then looks up the Layer
3 network address in the routing table. The Layer 2 frame is then rewritten with the next-hop destination
address and sent to the outgoing interface. The IOSd also computes the cyclic redundancy check (CRC). This
switching method is the least scalable method for switching IPv6 packets.
IPv6 multicast fast switching allows switches to provide better packet forwarding performance than process
switching. Information conventionally stored in a route cache is stored in several data structures for IPv6
multicast switching. The data structures provide optimized lookup for efficient packet forwarding.
In IPv6 multicast forwarding, the first packet is fast-switched if the PIM protocol logic allows it. In IPv6
multicast fast switching, the MAC encapsulation header is precomputed. IPv6 multicast fast switching uses
the MFIB to make IPv6 destination prefix-based switching decisions. In addition to the MFIB, IPv6 multicast
fast switching uses adjacency tables to prepend Layer 2 addressing information. The adjacency table maintains
Layer 2 next-hop addresses for all MFIB entries.
The adjacency table is populated as adjacencies are discovered. Each time an adjacency entry is created (such
as through ARP), a link-layer header for that adjacent node is precomputed and stored in the adjacency table.
Once a route is determined, it points to a next hop and corresponding adjacency entry. It is subsequently used
for encapsulation during switching of packets.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
207
Implementing IPv6 Multicast

A route might have several paths to a destination prefix, such as when a switch is configured for simultaneous
load balancing and redundancy. For each resolved path, a pointer is added for the adjacency corresponding
to the next-hop interface for that path. This mechanism is used for load balancing across several paths.

Multiprotocol BGP for the IPv6 Multicast Address Family


The multiprotocol BGP for the IPv6 multicast address family feature provides multicast BGP extensions for
IPv6 and supports the same features and functionality as IPv4 BGP. IPv6 enhancements to multicast BGP
include support for an IPv6 multicast address family and network layer reachability information(NLRI) and
next hop (the next switch in the path to the destination) attributes that use IPv6 addresses.
Multicast BGP is an enhanced BGP that allows the deployment of interdomain IPv6 multicast. Multiprotocol
BGP carries routing information for multiple network layer protocol address families; for example, IPv6
address family and for IPv6 multicast routes. The IPv6 multicast address family contains routes used for RPF
lookup by the IPv6 PIM protocol, and multicast BGP IPV6 provides for interdomain transport of the same.
Users must use multiprotocol BGP for IPv6 multicast when using IPv6 multicast with BGP because the unicast
BGP learned routes will not be used for IPv6 multicast.
Multicast BGP functionality is provided through a separate address family context. A subsequent address
family identifier (SAFI) provides information about the type of the network layer reachability information
that is carried in the attribute. Multiprotocol BGP unicast uses SAFI 1 messages, and multiprotocol BGP
multicast uses SAFI 2 messages. SAFI 1 messages indicate that the routes are only usable for IP unicast, but
not IP multicast. Because of this functionality, BGP routes in the IPv6 unicast RIB must be ignored in the
IPv6 multicast RPF lookup.
A separate BGP routing table is maintained to configure incongruent policies and topologies (forexample,
IPv6 unicast and multicast) by using IPv6 multicast RPF lookup. Multicast RPF lookup is very similar to the
IP unicast route lookup.
No MRIB is associated with the IPv6 multicast BGP table. However, IPv6 multicast BGP operates on the
unicast IPv6 RIB when needed. Multicast BGP does not insert or update routes into the IPv6 unicast RIB.

Implementing IPv6 Multicast

Enabling IPv6 Multicast Routing


Beginning in privileged EXEC mode, follow these steps:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enter global configuration mode.

Step 2 ipv6 multicast-routing Enables multicast routing on all IPv6-enabled interfaces and
enables multicast forwarding for PIM and MLD on all enabled
Example: interfaces of the switch.
Switch (config)# ipv6 multicast-routing

Step 3 copy running-config startup-config (Optional) Save your entries in the configuration file.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
208
Implementing IPv6 Multicast

Customizing and Verifying the MLD Protocol

Customizing and Verifying MLD on an Interface


Beginning in privileged EXEC mode, follow these steps:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.

Step 2 interface type number Specifies an interface type and number, and places the
switch in interface configuration mode.
Example:
Switch(config)# interface GigabitEthernet 1/0/1

Step 3 ipv6 mld join-group [group-address] [include | exclude] Configures MLD reporting for a specified group and
{source-address | source-list [acl]} source.

Example:
Switch (config-if) # ipv6 mld join-group FF04::10

Step 4 ipv6 mld access-group access-list-name Allows the user to perform IPv6 multicast receiver
access control.
Example:
Switch (config-if) # ipv6 access-list acc-grp-1

Step 5 ipv6 mld static-group [group-address] [include | exclude] Statically forwards traffic for the multicast group onto
{source-address | source-list [acl]} a specified interface and cause the interface to behave
as if a MLD joiner were present on the interface.
Example:
Switch (config-if) # ipv6 mld static-group ff04::10
include 100::1

Step 6 ipv6 mld query-max-response-time seconds Configures the maximum response time advertised in
MLD queries.
Example:
Switch (config-if) # ipv6 mld
query-max-response-time 20

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
209
Implementing IPv6 Multicast

Command or Action Purpose


Step 7 ipv6 mld query-timeout seconds Configures the timeout value before the switch takes
over as the querier for the interface.
Example:
Switch (config-if) # ipv6 mld query-timeout 130

Step 8 exit Enter this command twice to exit interface configuration


mode and enter privileged EXEC mode.
Example:
Switch (config-if) # exit

Step 9 show ipv6 mld groups [link-local] [ group-name | Displays the multicast groups that are directly connected
group-address] [interface-type interface-number] [detail | to the switch and that were learned through MLD.
explicit]

Example:
Switch # show ipv6 mld groups GigabitEthernet 1/0/1

Step 10 show ipv6 mld groups summary Displays the number of (*, G) and (S, G) membership
reports present in the MLD cache.
Example:
Switch # show ipv6 mld groups summary

Step 11 show ipv6 mld interface [type number] Displays multicast-related information about an
interface.
Example:
Switch # show ipv6 mld interface GigabitEthernet
1/0/1

Step 12 debug ipv6 mld [group-name | group-address | Enables debugging on MLD protocol activity.
interface-type]

Example:
Switch # debug ipv6 mld

Step 13 debug ipv6 mld explicit [group-name | group-address Displays information related to the explicit tracking of
hosts.
Example:
Switch # debug ipv6 mld explicit

Step 14 copy running-config startup-config (Optional) Save your entries in the configuration file.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
210
Implementing IPv6 Multicast

Implementing MLD Group Limits


Per-interface and global MLD limits operate independently of each other. Both per-interface and global MLD
limits can be configured on the same switch. The number of MLD limits, globally or per interface, is not
configured by default; the limits must be configured by the user. A membership report that exceeds either the
per-interface or the global state limit is ignored.

Implementing MLD Group Limits Globally

SUMMARY STEPS

1. enable
2. configure terminal
3. ipv6 mld [vrf vrf-name] state-limit number
4. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enters global configuration mode.

Example:
Switch# enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 ipv6 mld [vrf vrf-name] state-limit number Limits the number of MLD states globally.

Example:
Switch(config)# ipv6 mld state-limit 300

Step 4 copy running-config startup-config (Optional) Save your entries in the configuration
file.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
211
Implementing IPv6 Multicast

Implementing MLD Group Limits per Interface

SUMMARY STEPS

1. enable
2. configure terminal
3. interface type number
4. ipv6 mld limit number [except]access-list
5. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enters global configuration mode.

Example:
Switch# enable

Step 2 configure terminal Enters global configuration mode.

Example:
Switch# configure terminal

Step 3 interface type number Specifies an interface type and number, and places the
switch in interface configuration mode.
Example:
Switch(config)# interface GigabitEthernet 1/0/1

Step 4 ipv6 mld limit number [except]access-list Limits the number of MLD states on a per-interface
basis.
Example:
Switch(config-if)# ipv6 mld limit 100

Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file.

Configuring Explicit Tracking of Receivers to Track Host Behavior


The explicit tracking feature allows a switch to track the behavior of the hosts within its IPv6 network and
enables the fast leave mechanism to be used with MLD version 2 host reports.
Beginning in privileged EXEC mode, follow these steps:

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
212
Implementing IPv6 Multicast

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enter global configuration mode.

Step 2 interface type number Specifies an interface type and number, and places the
switch in interface configuration mode.
Example:
Switch(config)# interface GigabitEthernet 1/0/1

Step 3 ipv6 mld explicit-tracking access-list-name Enables explicit tracking of hosts.

Example:
Switch(config-if)# ipv6 mld explicit-tracking
list1

Step 4 copy running-config startup-config (Optional) Save your entries in the configuration file.

Resetting the MLD Traffic Counters


Beginning in privileged EXEC mode, follow these steps.

DETAILED STEPS

Command or Action Purpose


Step 1 clear ipv6 mld traffic Resets all MLD traffic counters.

Example:
Switch # clear ipv6 mld traffic

Step 2 show ipv6 mld traffic Displays the MLD traffic counters.

Example:
Switch # show ipv6 mld traffic

Step 3 copy running-config startup-config (Optional) Save your entries in the configuration
file.

Clearing the MLD Interface Counters


Beginning in privileged EXEC mode, follow these steps.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
213
Implementing IPv6 Multicast

DETAILED STEPS

Command or Action Purpose


Step 1 clear ipv6 mld counters interface-type Clears the MLD interface counters.

Example:
Switch # clear ipv6 mld counters Ethernet1/0

Step 2 copy running-config startup-config (Optional) Save your entries in the configuration
file.

Configuring PIM
This section explains how to configure PIM.

Configuring PIM-SM and Displaying PIM-SM Information for a Group Range


Beginning in privileged EXEC mode, follow these steps:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enter global configuration mode.

Step 2 ipv6 pim rp-address ipv6-address[group-access-list] Configures the address of a PIM RP for a particular
group range.
Example:
Switch (config) # ipv6 pim rp-address
2001:DB8::01:800:200E:8C6C acc-grp-1

Step 3 exit Exits global configuration mode, and returns the


switch to privileged EXEC mode.
Example:
Switch (config) # exit

Step 4 show ipv6 pim interface [state-on] [state-off] [type-number] Displays information about interfaces configured
for PIM.
Example:
Switch # show ipv6 pim interface

Step 5 show ipv6 pim group-map [group-name | group-address] | Displays an IPv6 multicast group mapping table.
[group-range | group-mask] [info-source {bsr | default |
embedded-rp | static}]

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
214
Implementing IPv6 Multicast

Command or Action Purpose

Example:
Switch # show ipv6 pim group-map

Step 6 show ipv6 pim neighbor [detail] [interface-type Displays the PIM neighbors discovered by the Cisco
interface-number | count] IOS software.

Example:
Switch # show ipv6 pim neighbor

Step 7 show ipv6 pim range-list [config] [rp-address | rp-name] Displays information about IPv6 multicast range
lists.
Example:
Switch # show ipv6 pim range-list

Step 8 show ipv6 pim tunnel [interface-type interface-number] Displays information about the PIM register
encapsulation and de-encapsulation tunnels on an
Example: interface.

Switch # show ipv6 pim tunnel

Step 9 debug ipv6 pim [group-name | group-address | interface Enables debugging on PIM protocol activity.
interface-type | bsr | group | mvpn | neighbor]

Example:
Switch # debug ipv6 pim

Step 10 copy running-config startup-config (Optional) Save your entries in the configuration
file.

Configuring PIM Options


Beginning in privileged EXEC mode, follow these steps:

DETAILED STEPS

Command or Action Purpose


Step 1 configure terminal Enter global configuration mode.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
215
Implementing IPv6 Multicast

Command or Action Purpose


Step 2 ipv6 pim spt-threshold infinity [group-list Configures when a PIM leaf switch joins the SPT for
access-list-name] the specified groups.

Example:
Switch (config) # ipv6 pim spt-threshold infinity
group-list acc-grp-1

Step 3 ipv6 pim accept-register {list access-list | route-map Accepts or rejects registers at the RP.
map-name}

Example:
Switch (config) # ipv6 pim accept-register
route-map reg-filter

Step 4 interface type number Specifies an interface type and number, and places the
switch in interface configuration mode.
Example:
Switch (config) # interface GigabitEthernet 1/0/1

Step 5 ipv6 pim dr-priority value Configures the DR priority on a PIM switch.

Example:
Switch (config-if) # ipv6 pim dr-priority 3

Step 6 ipv6 pim hello-interval seconds Configures the frequency of PIM hello messages on an
interface.
Example:
Switch (config-if) # ipv6 pim hello-interval 45

Step 7 ipv6 pim join-prune-interval seconds Configures periodic join and prune announcement
intervals for a specified interface.
Example:
Switch (config-if) # ipv6 pim join-prune-interval
75

Step 8 exit Enter this command twice to exit interface configuration


mode and enter privileged EXEC mode.
Example:
Switch (config-if) # exit

Step 9 ipv6 pim join-prune statistic [interface-type] Displays the average join-prune aggregation for the most
recently aggregated packets for each interface.
Example:
Switch (config-if) # show ipv6 pim join-prune
statistic

Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
216
Implementing IPv6 Multicast

Resetting the PIM Traffic Counters


If PIM malfunctions or in order to verify that the expected number of PIM packets are received and sent, the
user can clear PIM traffic counters. Once the traffic counters are cleared, the user can enter the show ipv6
pim traffic command to verify that PIM is functioning correctly and that PIM packets are being received and
sent correctly.
Beginning in privileged EXEC mode, follow these steps:

DETAILED STEPS

Command or Action Purpose


Step 1 clear ipv6 pim traffic Resets the PIM traffic counters.

Example:
Switch # clear ipv6 pim traffic

Step 2 show ipv6 pim traffic Displays the PIM traffic counters.

Example:
Switch # show ipv6 pim traffic

Step 3 copy running-config startup-config (Optional) Save your entries in the configuration
file.

Clearing the PIM Topology Table to Reset the MRIB Connection


No configuration is necessary to use the MRIB. However, users may in certain situations want to clear the
PIM topology table in order to reset the MRIB connection and verify MRIB information.
Beginning in privileged EXEC mode, follow these steps:

DETAILED STEPS

Command or Action Purpose


Step 1 clear ipv6 pim topology [group-name | group-address] Clears the PIM topology table.

Example:
Switch # clear ipv6 pim topology FF04::10

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
217
Implementing IPv6 Multicast

Command or Action Purpose


Step 2 show ipv6 mrib client [filter] [name {client-name | Displays multicast-related information about an
client-name : client-id}] interface.

Example:
Switch # show ipv6 mrib client

Step 3 show ipv6 mrib route {link-local | summary | Displays the MRIB route information.
[sourceaddress-or-name | *] [groupname-or-address[
prefix-length]]]

Example:
Switch # show ipv6 mrib route

Step 4 show ipv6 pim topology [groupname-or-address Displays PIM topology table information for a
[sourceaddress-or-name] | link-local | route-count [detail]] specific group or all groups.

Example:
Switch # show ipv6 pim topology

Step 5 debug ipv6 mrib client Enables debugging on MRIB client management
activity.
Example:
Switch # debug ipv6 mrib client

Step 6 debug ipv6 mrib io Enables debugging on MRIB I/O events.

Example:
Switch # debug ipv6 mrib io

Step 7 debug ipv6 mrib proxy Enables debugging on MRIB proxy activity between
the switch processor and line cards on distributed
Example: switch platforms.

Switch # debug ipv6 mrib proxy

Step 8 debug ipv6 mrib route [group-name | group-address] Displays information about MRIB routing
entry-related activity.
Example:
Switch # debug ipv6 mrib route

Step 9 debug ipv6 mrib table Enables debugging on MRIB table management
activity.
Example:
Switch # debug ipv6 mrib table

Step 10 copy running-config startup-config (Optional) Save your entries in the configuration
file.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
218
Implementing IPv6 Multicast

Configuring PIM IPv6 Stub Routing


The PIM Stub routing feature supports multicast routing between the distribution layer and the access layer.
It supports two types of PIM interfaces, uplink PIM interfaces, and PIM passive interfaces. A routed interface
configured with the PIM passive mode does not pass or forward PIM control traffic, it only passes and forwards
MLD traffic.

PIM IPv6 Stub Routing Configuration Guidelines


Before configuring PIM stub routing, you must have IPv6 multicast routing configured on both the stub
router and the central router. You must also have PIM mode (sparse-mode) configured on the uplink
interface of the stub router.
The PIM stub router does not route the transit traffic between the distribution routers. Unicast (EIGRP)
stub routing enforces this behavior. You must configure unicast stub routing to assist the PIM stub router
behavior. For more information, see the EIGRPv6 Stub Routing, on page 173 section.
Only directly connected multicast (MLD) receivers and sources are allowed in the Layer 2 access
domains. The PIM protocol is not supported in access domains.
The redundant PIM stub router topology is not supported.

Default IPv6 PIM Routing Configuration


This table displays the default IPv6 PIM routing configuration for the Switch.

Table 23: Default Multicast Routing Configuration

Feature Default Setting


Multicast routing Disabled on all interfaces.

PIM version Version 2.

PIM mode No mode is defined.

PIM stub routing None configured.

PIM RP address None configured.

PIM domain border Disabled.

PIM multicast boundary None.

Candidate BSRs Disabled.

Candidate RPs Disabled.

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
219
Implementing IPv6 Multicast

Feature Default Setting


Shortest-path tree threshold rate 0 kb/s.

PIM router query message interval 30 seconds.

Enabling IPV6 PIM Stub Routing

Before You Begin


PIM stub routing is disabled in IPv6 by default. Beginning in privileged EXEC mode, follow these steps to
enable PIM stub routing on an interface.

SUMMARY STEPS

1. enable
2. configure terminal
3. ipv6 multicast pim-passive-enable
4. interface interface-id
5. ipv6 pim
6. ipv6 pim {bsr} | {dr-priority | value} | {hello-interval | seconds} | {join-prune-interval | seconds} |
{passive}
7. end

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your password
if prompted.
Example:
Switch> enable

Step 2 configure terminal Enters the global configuration mode.

Example:
Switch# configure terminal

Step 3 ipv6 multicast pim-passive-enable Enables IPv6 Multicast PIM routing on the switch.

Example:
Switch(config-if)# ipv6 multicast pim-passive-enable

Consolidated Platform Configuration Guide, Cisco IOS XE 3.6E (Catalyst 3850 Switches)
220
Implementing IPv6 Multicast

Command or Action Purpose


Step 4 interface interface-id Specifies the interface on which you want to enable
PIM stub routing, and enters interface configuration
Example: mode.

Switch(config)# interface The specified interface must be one of the following:


gigabitethernet 9/0/6
A routed portA physical port that has been
configured as a Layer 3 port by entering the no
switchport interface configuration command.
You will also need to enable IP PIM sparse
mode on the interface, and join the interface as
a statically connected member to an MLD static
group.
An SVIA VLAN interface created by using