Software Guide
Page 35
...8226; Supervisor Engine 1, PFC, and MSFC or MSFC2 • Supervisor Engine 1 and PFC • Supervisor Engine 1 Note The Switch Fabric Module is supported only in the Catalyst 6000 Family Multilayer Switch Feature Card (12.x) and Policy Feature Card Configuration Guide. 78-13315-02 Catalyst 6000 Family... Software Configuration Guide-Releases 6.3 and 6.4 1-1 Note This publication includes the information that previously was in Catalyst 6500 series switches. Refer to the Release Notes for Catalyst 6000 Family Software Release 6.x publication for complete information about the chassis...
...8226; Supervisor Engine 1, PFC, and MSFC or MSFC2 • Supervisor Engine 1 and PFC • Supervisor Engine 1 Note The Switch Fabric Module is supported only in the Catalyst 6000 Family Multilayer Switch Feature Card (12.x) and Policy Feature Card Configuration Guide. 78-13315-02 Catalyst 6000 Family... Software Configuration Guide-Releases 6.3 and 6.4 1-1 Note This publication includes the information that previously was in Catalyst 6500 series switches. Refer to the Release Notes for Catalyst 6000 Family Software Release 6.x publication for complete information about the chassis...
Software Guide
Page 303
...VACLs to the input VLAN. VACL for output VLAN 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-7 Output Cisco IOS ACL 4. These sections show how ACLs and VACLs are applied in the following order: 1. VACL for input VLAN 2. For routed/... 16-1 Applying ACLs on routed/Layer 3-switched packets. Input Cisco IOS ACL 3. For bridged packets, only Layer 2 ACLs are applied on Bridged Packets VACL Bridged Host A (VLAN 10) Catalyst 6500 Series Switch with PFC Host B (VLAN 10) 26961 Routed Packets Figure 16-2 shows how ACLs are applied...
...VACLs to the input VLAN. VACL for output VLAN 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-7 Output Cisco IOS ACL 4. These sections show how ACLs and VACLs are applied in the following order: 1. VACL for input VLAN 2. For routed/... 16-1 Applying ACLs on routed/Layer 3-switched packets. Input Cisco IOS ACL 3. For bridged packets, only Layer 2 ACLs are applied on Bridged Packets VACL Bridged Host A (VLAN 10) Catalyst 6500 Series Switch with PFC Host B (VLAN 10) 26961 Routed Packets Figure 16-2 shows how ACLs are applied...
Software Guide
Page 304
... that need multicast expansion. VACL for output VLAN 16-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 Applying Cisco IOS ACLs and VACLs on VLANs Chapter 16 Configuring Access Control Figure 16-2 Applying ACLs on packets that need multicast expansion: a. For ... ACLs are applied on Routed Packets Routed Input IOS ACL Bridged VACL MSFC Output IOS ACL VACL Bridged Host A (VLAN 10) Catalyst 6500 series switches with MSFC Host B (VLAN 20) 26964 Multicast Packets Figure 16-3 shows how ACLs are applied in the following order: 1. Input...
... that need multicast expansion. VACL for output VLAN 16-8 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 Applying Cisco IOS ACLs and VACLs on VLANs Chapter 16 Configuring Access Control Figure 16-2 Applying ACLs on packets that need multicast expansion: a. For ... ACLs are applied on Routed Packets Routed Input IOS ACL Bridged VACL MSFC Output IOS ACL VACL Bridged Host A (VLAN 10) Catalyst 6500 series switches with MSFC Host B (VLAN 20) 26964 Multicast Packets Figure 16-3 shows how ACLs are applied in the following order: 1. Input...
Software Guide
Page 305
Chapter 16 Configuring Access Control Using Cisco IOS ACLs in your Network Figure 16-3 Applying ACLs on Multicast Packets Routed Input IOS ACL Bridged VACL Catalyst 6500 Series Switch with MSFC MSFC Host A (VLAN 10) Host C (VLAN 10) Bridged IOS ACL for output VLAN for packets originating from router Output... IOS ACL VACL (Not supported on PFC2) Host B (VLAN 20) Host D (VLAN 20) 26965 Using Cisco IOS ACLs in your ...
Chapter 16 Configuring Access Control Using Cisco IOS ACLs in your Network Figure 16-3 Applying ACLs on Multicast Packets Routed Input IOS ACL Bridged VACL Catalyst 6500 Series Switch with MSFC MSFC Host A (VLAN 10) Host C (VLAN 10) Bridged IOS ACL for output VLAN for packets originating from router Output... IOS ACL VACL (Not supported on PFC2) Host B (VLAN 20) Host D (VLAN 20) 26965 Using Cisco IOS ACLs in your ...
Software Guide
Page 319
...255.255.255 eq 5000 set security acl ip SERVER permit ip any any commit security acl SERVER set security acl map SERVER 10 Note You could apply the same concept to direct broadcast traffic to a multicast destination by redirecting the traffic to VLAN...With VACLs, you can redirect these broadcast packets to the intended application server port. Chapter 16 Configuring Access Control Figure 16-4 Wiring Closet Configuration Catalyst 6500 series switches with MSFC Using VACLs in your Network Switch A with PFC only Host Y 26959 Redirecting Broadcast Traffic to a Specific Server Port Some ...
...255.255.255 eq 5000 set security acl ip SERVER permit ip any any commit security acl SERVER set security acl map SERVER 10 Note You could apply the same concept to direct broadcast traffic to a multicast destination by redirecting the traffic to VLAN...With VACLs, you can redirect these broadcast packets to the intended application server port. Chapter 16 Configuring Access Control Figure 16-4 Wiring Closet Configuration Catalyst 6500 series switches with MSFC Using VACLs in your Network Switch A with PFC only Host Y 26959 Redirecting Broadcast Traffic to a Specific Server Port Some ...
Software Guide
Page 320
Map the VACL to a Specific Server Port VACL Target server Host A 4/1 Catalyst 6500 series switches with PFC Host B VLAN 10 Application broadcast packet Host C 26960 Restricting the DHCP Response for a specific server, perform this task in privileged mode (the target DHCP ... your Network Chapter 16 Configuring Access Control Figure 16-5 Redirecting Broadcast Traffic to VLAN 10. With VACLs, you can restrict the response from any commit security acl SERVER set security acl map SERVER 10 16-24 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02...
Map the VACL to a Specific Server Port VACL Target server Host A 4/1 Catalyst 6500 series switches with PFC Host B VLAN 10 Application broadcast packet Host C 26960 Restricting the DHCP Response for a specific server, perform this task in privileged mode (the target DHCP ... your Network Chapter 16 Configuring Access Control Figure 16-5 Redirecting Broadcast Traffic to VLAN 10. With VACLs, you can restrict the response from any commit security acl SERVER set security acl map SERVER 10 16-24 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02...
Software Guide
Page 321
... restricted as follows (see Figure 16-7): • Hosts in subnet 10.1.2.0/24 in VLAN 20 should not have access. • Hosts 10.1.1.4 and 10.1.1.8 in VLAN 10 needs to VLAN 10. For example, server 10.1.1.100 in VLAN 10 should not have access. To deny access to a server on another... VLAN. Figure 16-6 Redirect DHCP Response for a Specific Server VACL Target server 1.2.3.4 Host A Catalyst 6500 series switches with PFC VLAN 10 DHCP response packets Host B Host C 26962 Denying Access to a Server on Another VLAN You can restrict access to a server on...
... restricted as follows (see Figure 16-7): • Hosts in subnet 10.1.2.0/24 in VLAN 20 should not have access. • Hosts 10.1.1.4 and 10.1.1.8 in VLAN 10 needs to VLAN 10. For example, server 10.1.1.100 in VLAN 10 should not have access. To deny access to a server on another... VLAN. Figure 16-6 Redirect DHCP Response for a Specific Server VACL Target server 1.2.3.4 Host A Catalyst 6500 series switches with PFC VLAN 10 DHCP response packets Host B Host C 26962 Denying Access to a Server on Another VLAN You can restrict access to a server on...
Software Guide
Page 322
...VLAN into sub-VLANs (secondary VLANs) that are mapped to a primary VLAN get mapped to the associated secondary VLANs. • You cannot map Cisco IOS ACLs to secondary VLANs. • You cannot map dynamic ACEs to a private VLAN. • You can map QoS ACLs to secondary... in your Network Chapter 16 Configuring Access Control Figure 16-7 Deny Access to a Server on Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC2. Configuring ACLs on Private VLANs Private VLANs allow ARP traffic on a VLAN that the ...
...VLAN into sub-VLANs (secondary VLANs) that are mapped to a primary VLAN get mapped to the associated secondary VLANs. • You cannot map Cisco IOS ACLs to secondary VLANs. • You cannot map dynamic ACEs to a private VLAN. • You can map QoS ACLs to secondary... in your Network Chapter 16 Configuring Access Control Figure 16-7 Deny Access to a Server on Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC2. Configuring ACLs on Private VLANs Private VLANs allow ARP traffic on a VLAN that the ...
Software Guide
Page 344
... Buffer, page 16-53 • Configuring Hosts for PBF, page 16-53 Figure 16-8 Policy-Based Forwarding Catalyst 6500 series switches PFC2 MAC address: 00-11-11-11-11-11 VLAN 10 Host A IP 10.0.0.1 MAC 00:00:00:00:00:0A Interface: Ethernet1 VLAN 11 Host B IP 11.0.0.1 MAC 00:00:00... The MAC address can be a default or user-specified MAC address. The Catalyst 6000 family switch redirects all the traffic coming from Host A on VLAN 10 to Host A.
... Buffer, page 16-53 • Configuring Hosts for PBF, page 16-53 Figure 16-8 Policy-Based Forwarding Catalyst 6500 series switches PFC2 MAC address: 00-11-11-11-11-11 VLAN 10 Host A IP 10.0.0.1 MAC 00:00:00:00:00:0A Interface: Ethernet1 VLAN 11 Host B IP 11.0.0.1 MAC 00:00:00... The MAC address can be a default or user-specified MAC address. The Catalyst 6000 family switch redirects all the traffic coming from Host A on VLAN 10 to Host A.
Software Guide
Page 352
Configuring Policy-Based Forwarding Chapter 16 Configuring Access Control Figure 16-9 Policy-Based Forwarding Configuration Example Catalyst 6500 series switches PFC2 MAC address: 00-11-22-33-44-55 6/17 6/9 VLAN 1 VLAN 1 Hosts IP: 44.0.0.1 - 44.0.0.17 MAC:00-20-20-20-20-...
Configuring Policy-Based Forwarding Chapter 16 Configuring Access Control Figure 16-9 Policy-Based Forwarding Configuration Example Catalyst 6500 series switches PFC2 MAC address: 00-11-22-33-44-55 6/17 6/9 VLAN 1 VLAN 1 Hosts IP: 44.0.0.1 - 44.0.0.17 MAC:00-20-20-20-20-...
Software Guide
Page 375
Chapter 18 Configuring Dynamic Port VLAN Membership with VMPS Dynamic Port VLAN Membership with VMPS Configuration Examples Figure 18-1 Dynamic Port VLAN Membership Configuration Catalyst 6500 series switches Primary VMPS Server 1 Switch 1 172.20.26.150 3/1 Client End station 1 Switch 2 172.20.26.151 Catalyst 6000 ... Switch 7 172.20.26.156 Switch 8 172.20.26.157 Client Switch 9 End station 2 172.20.26.158 Catalyst 6500 series switches Secondary VMPS Server 3 Switch 10 172.20.26.159 55908 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 18-11
Chapter 18 Configuring Dynamic Port VLAN Membership with VMPS Dynamic Port VLAN Membership with VMPS Configuration Examples Figure 18-1 Dynamic Port VLAN Membership Configuration Catalyst 6500 series switches Primary VMPS Server 1 Switch 1 172.20.26.150 3/1 Client End station 1 Switch 2 172.20.26.151 Catalyst 6000 ... Switch 7 172.20.26.156 Switch 8 172.20.26.157 Client Switch 9 End station 2 172.20.26.158 Catalyst 6500 series switches Secondary VMPS Server 3 Switch 10 172.20.26.159 55908 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 18-11
Software Guide
Page 416
... the desired Telnet server. If encryption is encrypted using the TGT. 4. Figure 21-1 Kerberized Telnet Connection Host (Telnet client) Kerberos server 1 (contains KDC) 2 3 4 5 6 6000 Catalyst 6500 series switches 30794 21-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02
... the desired Telnet server. If encryption is encrypted using the TGT. 4. Figure 21-1 Kerberized Telnet Connection Host (Telnet client) Kerberos server 1 (contains KDC) 2 3 4 5 6 6000 Catalyst 6500 series switches 30794 21-6 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02
Software Guide
Page 707
Note For complete syntax and usage information for ingress traffic. When congestion occurs, all Catalyst 6500 series documents, the term "QoS" refers to the QoS feature as implemented on a best-effort delivery basis, which means that all traffic ... Understanding How QoS Works Note • Throughout this chapter, refer to the Catalyst 6000 Family Command Reference publication. Typically, networks operate on the Catalyst 6500 series. • Supervisor Engine 1 and Supervisor Engine 2 provide policing only for the commands used in this publication and all traffic has an equal ...
Note For complete syntax and usage information for ingress traffic. When congestion occurs, all Catalyst 6500 series documents, the term "QoS" refers to the QoS feature as implemented on a best-effort delivery basis, which means that all traffic ... Understanding How QoS Works Note • Throughout this chapter, refer to the Catalyst 6000 Family Command Reference publication. Typically, networks operate on the Catalyst 6500 series. • Supervisor Engine 1 and Supervisor Engine 2 provide policing only for the commands used in this publication and all traffic has an equal ...
Software Guide
Page 783
.... Chapter 42 Configuring ASLB Understanding How ASLB Works Figure 42-1 ASLB Functional Description Clients Catalyst 6500 series switches PK PR PL PA PB PM Server pool S1 S2 S3 28062 VLAN 10 VLAN 20 LocalDirector Layer 3 Operations for ASLB You can specify up to 1024 server virtual... and TCP port pairs for acceleration by entering the show cam system command. Table 42-1 Layer 2 Table Entries VLAN MAC Address Index Xtag1 10 LocalDirector MAC 0/0 14 20 Router MAC2 0/0 14 1. All traffic for the virtual-IP/port pairs specified is configured). In these port indexes...
.... Chapter 42 Configuring ASLB Understanding How ASLB Works Figure 42-1 ASLB Functional Description Clients Catalyst 6500 series switches PK PR PL PA PB PM Server pool S1 S2 S3 28062 VLAN 10 VLAN 20 LocalDirector Layer 3 Operations for ASLB You can specify up to 1024 server virtual... and TCP port pairs for acceleration by entering the show cam system command. Table 42-1 Layer 2 Table Entries VLAN MAC Address Index Xtag1 10 LocalDirector MAC 0/0 14 20 Router MAC2 0/0 14 1. All traffic for the virtual-IP/port pairs specified is configured). In these port indexes...
Software Guide
Page 785
... ASLB Understanding How ASLB Works Figure 42-2 Client to Server ASLB Packet Flow Clients Catalyst 6500 series switches Path 3 PK PR PL PA PB PM Path 1 Path 2 Server pool S1 S2 S3 VLAN 10 VLAN 20 LocalDirector 28063 Table 42-2 Client to Server ASLB Layer 3 Table Entries IP ...Full ASLB MLS entry created FIN/RST Path 1 redirect FIN/RST Path 2 Table 42-3 Client to Server ASLB Packet Flow Path Number 1 VLAN 10 2 20 MAC Destination Address LocalDirector MAC1 Server MAC4 MAC Source Address Router MAC Router MAC1 IP Destination Address VIP2 VIP IP Source Address CIP3 CIP...
... ASLB Understanding How ASLB Works Figure 42-2 Client to Server ASLB Packet Flow Clients Catalyst 6500 series switches Path 3 PK PR PL PA PB PM Path 1 Path 2 Server pool S1 S2 S3 VLAN 10 VLAN 20 LocalDirector 28063 Table 42-2 Client to Server ASLB Layer 3 Table Entries IP ...Full ASLB MLS entry created FIN/RST Path 1 redirect FIN/RST Path 2 Table 42-3 Client to Server ASLB Packet Flow Path Number 1 VLAN 10 2 20 MAC Destination Address LocalDirector MAC1 Server MAC4 MAC Source Address Router MAC Router MAC1 IP Destination Address VIP2 VIP IP Source Address CIP3 CIP...
Software Guide
Page 786
... Server to Client ASLB Packet Flow Clients VLAN 10 VLAN 20 Catalyst 6500 series switches Path 3 PK Server pool S1 ...S2 S3 PR PL PA PB PM Path 2 Path 1 LocalDirector 28064 Table 42-4 Server to Client ASLB Packet Flow Path Number 1 VLAN 20 MAC Destination Address Router MAC1 MAC Source Address Server MAC2 IP Destination IP Source Address Address CIP3 VIP4 2 10...Server MAC CIP VIP N + 1 20 Router MAC1 Server MAC CIP VIP N +2... 10 Router MAC LocalDirector CIP VIP MAC1 1. VIP = virtual-IP address. Action Candidate entry...
... Server to Client ASLB Packet Flow Clients VLAN 10 VLAN 20 Catalyst 6500 series switches Path 3 PK Server pool S1 ...S2 S3 PR PL PA PB PM Path 2 Path 1 LocalDirector 28064 Table 42-4 Server to Client ASLB Packet Flow Path Number 1 VLAN 20 MAC Destination Address Router MAC1 MAC Source Address Server MAC2 IP Destination IP Source Address Address CIP3 VIP4 2 10...Server MAC CIP VIP N + 1 20 Router MAC1 Server MAC CIP VIP N +2... 10 Router MAC LocalDirector CIP VIP MAC1 1. VIP = virtual-IP address. Action Candidate entry...
Software Guide
Page 799
...Configuration Example This section provides an example of a typical ASLB network configuration. Figure 42-4 ASLB Configuration Example Server pool Clients VLAN 7 VLAN 5 S1 Catalyst 6500 series switches 5/n 5/6 5/n S2 5/7 5/5 5/n S3 LocalDirector S 28229 78-13315-02 The router configuration is used in this example): ! The Catalyst ...addresses are 192.255.201.3 through 192.255.201.8 in a round-robin fashion among servers 192.255.201.3 through 192.255.201.10. • Forward connections to port 8001 to server 192.255.201.11. • Load balance FTP connections to servers 192.255....
...Configuration Example This section provides an example of a typical ASLB network configuration. Figure 42-4 ASLB Configuration Example Server pool Clients VLAN 7 VLAN 5 S1 Catalyst 6500 series switches 5/n 5/6 5/n S2 5/7 5/5 5/n S3 LocalDirector S 28229 78-13315-02 The router configuration is used in this example): ! The Catalyst ...addresses are 192.255.201.3 through 192.255.201.8 in a round-robin fashion among servers 192.255.201.3 through 192.255.201.10. • Forward connections to port 8001 to server 192.255.201.11. • Load balance FTP connections to servers 192.255....
Software Guide
Page 802
... ASLB Figure 42-5 ASLB Redundant Configuration Example LocalDirector 1 Clients VLAN 9 VLAN 5 Router 1 3/7 f1 f2 3/41 VLAN 9 3/23 3/8 Catalyst 6500 series switches 1 VLAN 5 VLAN 5 & 9 (ISL trunk) Router 2 3/23 f1 f2 3/42 VLAN 9 3/27 Catalyst 6500 series switches 2 3/28 VLAN 5 VLAN 9 VLAN 5 LocalDirector LocalDirector 2 failover cable IP Addresses The IP addresses are as follows...
... ASLB Figure 42-5 ASLB Redundant Configuration Example LocalDirector 1 Clients VLAN 9 VLAN 5 Router 1 3/7 f1 f2 3/41 VLAN 9 3/23 3/8 Catalyst 6500 series switches 1 VLAN 5 VLAN 5 & 9 (ISL trunk) Router 2 3/23 f1 f2 3/42 VLAN 9 3/27 Catalyst 6500 series switches 2 3/28 VLAN 5 VLAN 9 VLAN 5 LocalDirector LocalDirector 2 failover cable IP Addresses The IP addresses are as follows...
Software Guide
Page 807
... used in this chapter, refer to the Catalyst 6000 Family Command Reference publication. The Switch Fabric Module first installed functions as the primary module. Note For complete syntax and usage information for the Catalyst 6500 series switches. The WS-X6500-SFM 2 is supported only with a direct connection to specify how packets are disabled and...
... used in this chapter, refer to the Catalyst 6000 Family Command Reference publication. The Switch Fabric Module first installed functions as the primary module. Note For complete syntax and usage information for the Catalyst 6500 series switches. The WS-X6500-SFM 2 is supported only with a direct connection to specify how packets are disabled and...
Software Guide
Page 808
... one of show commands for monitoring purposes. From the supervisor engine, you reset the module in slot 7, the module in slot 8 becomes active. When you install a Switch Fabric Module in a Catalyst 6500 series switch, the traffic is in slot 8. This mode is sent over the switch fabric channel, delivering the best possible switching rate...
... one of show commands for monitoring purposes. From the supervisor engine, you reset the module in slot 7, the module in slot 8 becomes active. When you install a Switch Fabric Module in a Catalyst 6500 series switch, the traffic is in slot 8. This mode is sent over the switch fabric channel, delivering the best possible switching rate...