Reference Guide
Table Of Contents
- About this Guide
- Configuration Fundamentals
- Getting Started
- System Management
- Configure Privilege Levels
- Configure Logging
- Log Messages in the Logging Buffer
- Disable System Logging
- Send System Messages to a Syslog Server
- Change System Logging Settings
- Display the Logging Buffer and the Logging Configuration
- Configure a UNIX Logging Facility Level
- Synchronize Log Messages
- Enable Timestamp on Syslog Messages
- File Transfer Services
- Terminal Lines
- Time out of EXEC Privilege Mode
- Telnet to Another Network Device
- Lock CONFIGURATION mode
- Recovering from a Forgotten Password
- Recovering from a Failed Start
- 802.1ag
- Ethernet CFM
- Maintenance Domains
- Maintenance Points
- Maintenance End Points
- Implementation Information
- Configure CFM
- Enable Ethernet CFM
- Create a Maintenance Domain
- Create a Maintenance Association
- Create Maintenance Points
- Continuity Check Messages
- Loopback Message and Response
- Linktrace Message and Response
- Enable CFM SNMP Traps.
- Display Ethernet CFM Statistics
- 802.3ah
- 802.1X
- Protocol Overview
- Configuring 802.1X
- Important Points to Remember
- Enabling 802.1X
- Configuring Request Identity Re-transmissions
- Forcibly Authorizing or Unauthorizing a Port
- Re-Authenticating a Port
- Configuring Timeouts
- Dynamic VLAN Assignment with Port Authentication
- Guest and Authentication-Fail VLANs
- Multi-Host Authentication
- Multi-Supplicant Authentication
- MAC Authentication Bypass
- Dynamic CoS with 802.1X
- IP Access Control Lists (ACL), Prefix Lists, and Route-maps
- Overview
- IP Access Control Lists (ACLs)
- IP Fragment Handling
- Configure a standard IP ACL
- Configure an extended IP ACL
- Configuring Layer 2 and Layer 3 ACLs on an Interface
- Assign an IP ACL to an Interface
- Configuring Ingress ACLs
- Configuring Egress ACLs
- Configuring ACLs to Loopback
- IP Prefix Lists
- ACL Resequencing
- Route Maps
- Important Points to Remember
- Bidirectional Forwarding Detection
- Protocol Overview
- Important Points to Remember
- Configuring Bidirectional Forwarding Detection
- Border Gateway Protocol IPv4 (BGPv4)
- Protocol Overview
- BGP Attributes
- Multiprotocol BGP
- Implementing BGP with FTOS
- Configuration Information
- BGP Configuration
- Defaults
- Configuration Task List for BGP
- Enable BGP
- Configure AS4 Number Representations
- Configure Peer Groups
- BGP fast fall-over
- Configure passive peering
- Maintain existing AS numbers during an AS migration
- Allow an AS number to appear in its own AS path
- Enable graceful restart
- Filter on an AS-Path attribute
- Redistribute routes
- Configure IP community lists
- Manipulate the COMMUNITY attribute
- Change MED attribute
- Change LOCAL_PREFERENCE attribute
- Change NEXT_HOP attribute
- Change WEIGHT attribute
- Enable multipath
- Filter BGP routes
- Configure BGP route reflectors
- Aggregate routes
- Configure BGP confederations
- Enable route flap dampening
- Change BGP timers
- BGP neighbor soft-reconfiguration
- Route map continue
- MBGP Configuration
- BGP Regular Expression Optimization
- Retain NH in BGP Advertisement
- Debugging BGP
- Sample Configurations
- Content Addressable Memory
- Content Addressable Memory
- CAM Profiles
- Microcode
- CAM Profiling for ACLs
- Boot Behavior
- When to Use CAM Profiling
- Important Points to Remember
- Select CAM Profiles
- CAM Allocation
- Test CAM Usage
- View CAM Profiles
- View CAM-ACL settings
- View CAM Usage
- Configure IPv4Flow Sub-partitions
- Configure Ingress Layer 2 ACL Sub-partitions
- Return to the Default CAM Configuration
- CAM Optimization
- Applications for CAM Profiling
- Troubleshoot CAM Profiling
- Configuration Replace and Rollback
- Archived Files
- Configuring Configuration Replace and Rollback
- Important Points to Remember
- Enabling the Archive Service
- Archiving a Configuration File
- Replacing the Current Running Configuration
- Rolling Back to the Previous Configuration
- Configuring an Archive File Maximum
- Configuring Auto-archive
- Copying and Deleting an Archive File
- Viewing and Editing the Contents of an Archive File
- Dynamic Host Configuration Protocol
- Protocol Overview
- Implementation Information
- Configuration Tasks
- Configure the System to be a DHCP Server
- Configure the System to be a Relay Agent
- Configure Secure DHCP
- Equal Cost Multi-Path
- Force10 Resilient Ring Protocol
- Force10 Service Agent
- Implementation Information
- Configure Force10 Service Agent
- Enable Force10 Service Agent
- Specify an SMTP Server for FTSA
- Provide an Administrator E-mail Address
- FTSA Messaging Service
- FTSA Message Types
- FTSA Policies
- Debugging FTSA
- GARP VLAN Registration Protocol
- High Availability
- Internet Group Management Protocol
- IGMP Implementation Information
- IGMP Protocol Overview
- Configuring IGMP
- Viewing IGMP Enabled Interfaces
- Selecting an IGMP Version
- Viewing IGMP Groups
- Adjusting Timers
- Configuring a Static IGMP Group
- Enabling IGMP Immediate-leave
- IGMP Snooping
- Fast Convergence after MSTP Topology Changes
- Designating a Multicast Router Interface
- Interfaces
- Basic Interface Configuration:
- Advanced Interface Configuration:
- Interface Types
- View Basic Interface Information
- Enable a Physical Interface
- Physical Interfaces
- Management Interfaces
- VLAN Interfaces
- Loopback Interfaces
- Null Interfaces
- Port Channel Interfaces
- Port channel definition and standards
- Port channel benefits
- Port channel implementation
- 10/100/1000 Mbps interfaces in port channels
- Configuration task list for port channel interfaces
- Create a port channel
- Add a physical interface to a port channel
- Reassign an interface to a new port channel
- Configure the minimum oper up links in a port channel (LAG)
- Add or remove a port channel from a VLAN
- Assign an IP address to a port channel
- Delete or disable a port channel
- Load balancing through port channels
- E-Series load-balancing
- IPv4, IPv6, and non-IP traffic handling on the E-Series
- C-Series and S-Series load-balancing
- Hash algorithm
- Bulk Configuration
- Interface Range Macros
- Monitor and Maintain Interfaces
- Link Debounce Timer
- Link Dampening
- Ethernet Pause Frames
- Configure MTU Size on an Interface
- Port-pipes
- Auto-Negotiation on Ethernet Interfaces
- View Advanced Interface Information
- IPv4 Addressing
- IP Addresses
- Directed Broadcast
- Resolution of Host Names
- ARP
- ARP Learning via Gratuitous ARP
- ARP Learning via ARP Request
- Configurable ARP Retries
- ICMP
- UDP Helper
- Configuring UDP Helper
- Important Points to Remember about UDP Helper
- Enabling UDP Helper
- Configuring a Broadcast Address
- Configurations Using UDP Helper
- Troubleshooting UDP Helper
- IPv6 Addressing
- Protocol Overview
- Implementing IPv6 with FTOS
- ICMPv6
- Path MTU Discovery
- IPv6 Neighbor Discovery
- QoS for IPv6
- IPv6 Multicast
- SSH over an IPv6 Transport
- Configuration Task List for IPv6
- Change your CAM-Profile on an E-Series system
- Adjust your CAM-Profile on an C-Series or S-Series
- Assign an IPv6 Address to an Interface
- Assign a Static IPv6 Route
- Telnet with IPv6
- SNMP over IPv6
- Show IPv6 Information
- Show an IPv6 Interface
- Show IPv6 Routes
- Show the Running-Configuration for an Interface
- Clear IPv6 Routes
- Intermediate System to Intermediate System
- Link Aggregation Control Protocol
- Layer 2
- Managing the MAC Address Table
- MAC Learning Limit
- mac learning-limit dynamic
- mac learning-limit station-move
- mac learning-limit no-station-move
- mac learning-limit sticky
- The sticky-MAC learning feature is supported on platforms: c s.
- Displaying MAC Learning-Limited Interfaces
- Learning Limit Violation Actions
- Station Move Violation Actions
- Recovering from Learning Limit and Station Move Violations
- Per-VLAN MAC Learning Limit
- NIC Teaming
- Microsoft Clustering
- Configuring Redundant Pairs
- Restricting Layer 2 Flooding
- Far-end Failure Detection
- Link Layer Discovery Protocol
- 802.1AB (LLDP) Overview
- Optional TLVs
- TIA-1057 (LLDP-MED) Overview
- Configuring LLDP
- Important Points to Remember
- CONFIGURATION versus INTERFACE Configurations
- Enabling LLDP
- Advertising TLVs
- Viewing the LLDP Configuration
- Viewing Information Advertised by Adjacent LLDP Agents
- Configuring LLDPDU Intervals
- Configuring Transmit and Receive Mode
- Configuring a Time to Live
- Debugging LLDP
- Relevant Management Objects
- Multicast Listener Discovery
- Multicast Source Discovery Protocol
- Protocol Overview
- Implementation Information
- Configuring Multicast Source Discovery Protocol
- Enable MSDP
- Manage the Source-active Cache
- Accept Source-active Messages that fail the RFP Check
- Limit the Source-active Messages from a Peer
- Prevent MSDP from Caching a Local Source
- Prevent MSDP from Caching a Remote Source
- Prevent MSDP from Advertising a Local Source
- Log Changes in Peership States
- Terminate a Peership
- Clear Peer Statistics
- Debug MSDP
- MSDP with Anycast RP
- MSDP Sample Configurations
- Multiple Spanning Tree Protocol
- Protocol Overview
- Configure Multiple Spanning Tree Protocol
- Enable Multiple Spanning Tree Globally
- Add and Remove Interfaces
- Create Multiple Spanning Tree Instances
- Influence MSTP Root Selection
- Interoperate with Non-FTOS Bridges
- Modify Global Parameters
- Modify Interface Parameters
- Configure an EdgePort
- Configure a Root Guard
- Configure a Loop Guard
- Flush MAC Addresses after a Topology Change
- Displaying STP Guard Configuration
- MSTP Sample Configurations
- Debugging and Verifying MSTP Configuration
- Multicast Features
- Object Tracking
- Open Shortest Path First (OSPFv2 and OSPFv3)
- Protocol Overview
- Implementing OSPF with FTOS
- Configuration Requirements
- Configuration Task List for OSPFv2 (OSPF for IPv4)
- Enable OSPFv2
- Enable Multi-Process OSPF
- Assign an OSPFv2 area
- Enable OSPFv2 on interfaces
- Configure stub areas
- Configure OSPF Stub-Router Advertisement
- Enable passive interfaces
- Enable fast-convergence
- Change OSPFv2 parameters on interfaces
- Enable OSPFv2 authentication
- Enable OSPFv2 graceful restart
- Configure virtual links
- Filter routes
- Redistribute routes
- Troubleshooting OSPFv2
- Sample Configurations for OSPFv2
- Configuration Task List for OSPFv3 (OSPF for IPv6)
- Enable IPv6 Unicast Routing
- Assign IPv6 addresses on an interface
- Assign Area ID on interface
- Assign OSPFv3 Process ID and Router ID Globally
- Configure stub areas
- Configure Passive-Interface
- Redistribute routes
- Configure a default route
- Enable OSPFv3 graceful restart
- OSPFv3 Authentication Using IPsec
- Troubleshooting OSPFv3
- PIM Dense-Mode
- PIM Sparse-Mode
- Implementation Information
- Protocol Overview
- Important Points to Remember
- Configure PIM-SM
- Enable PIM-SM
- Configurable S,G Expiry Timers
- Configure a Static Rendezvous Point
- Elect an RP using the BSR Mechanism
- Configure a Designated Router
- Create Multicast Boundaries and Domains
- Set a Threshold for Switching to the SPT
- PIM-SM Graceful Restart
- First Packet Forwarding for Lossless Multicast
- Monitoring PIM
- PIM-SM and IGMP Snooping: Usage Notes
- PIM-SM Snooping
- PIM Source-Specific Mode
- Power over Ethernet
- Policy-based Routing
- Port Monitoring
- Private VLANs
- Per-VLAN Spanning Tree Plus
- Protocol Overview
- Implementation Information
- Configure Per-VLAN Spanning Tree Plus
- Enable PVST+
- Modify Global PVST+ Parameters
- Modify Interface PVST+ Parameters
- Configure an EdgePort
- Configure a Root Guard
- Configure a Loop Guard
- PVST+ in Multi-vendor Networks
- PVST+ Extended System ID
- Displaying STP Guard Configuration
- PVST+ Sample Configurations
- Quality of Service
- Implementation Information
- Port-based QoS Configurations
- Policy-based QoS Configurations
- QoS Rate Adjustment
- Strict-priority Queueing
- Weighted Random Early Detection
- Allocating Bandwidth to Multicast Queues
- Pre-calculating Available QoS CAM Space
- Viewing QoS CAM Entries
- Routing Information Protocol
- Remote Monitoring
- Rapid Spanning Tree Protocol
- Protocol Overview
- Configuring Rapid Spanning Tree
- Important Points to Remember
- Configure Interfaces for Layer 2 Mode
- Enable Rapid Spanning Tree Protocol Globally
- Add and Remove Interfaces
- Modify Global Parameters
- Modify Interface Parameters
- Configure an EdgePort
- Influence RSTP Root Selection
- SNMP Traps for Root Elections and Topology Changes
- Fast Hellos for Link State Detection
- Configure a Root Guard
- Configure a Loop Guard
- Displaying STP Guard Configuration
- Security
- Service Provider Bridging
- VLAN Stacking
- VLAN Stacking Packet Drop Precedence
- Dynamic Mode CoS for VLAN Stacking
- Layer 2 Protocol Tunneling
- Provider Backbone Bridging
- sFlow
- Simple Network Management Protocol
- Protocol Overview
- Implementation Information
- Configure Simple Network Management Protocol
- Important Points to Remember
- Create a Community
- Read Managed Object Values
- Write Managed Object Values
- Configure Contact and Location Information using SNMP
- Subscribe to Managed Object Value Updates using SNMP
- Copy Configuration Files Using SNMP
- Manage VLANs using SNMP
- Enable and Disable a Port using SNMP
- Fetch Dynamic MAC Entries using SNMP
- Deriving Interface Indices
- Monitor Port-channels
- Troubleshooting SNMP Operation
- SONET/SDH
- Stacking S-Series Switches
- Broadcast Storm Control
- Spanning Tree Protocol
- Protocol Overview
- Configuring Spanning Tree
- Related Configuration Tasks
- Important Points to Remember
- Configuring Interfaces for Layer 2 Mode
- Enabling Spanning Tree Protocol Globally
- Adding an Interface to the Spanning Tree Group
- Removing an Interface from the Spanning Tree Group
- Modifying Global Parameters
- Modifying Interface STP Parameters
- Enabling PortFast
- Preventing Network Disruptions with BPDU Guard
- STP Root Selection
- STP Root Guard
- SNMP Traps for Root Elections and Topology Changes
- Configuring Spanning Trees as Hitless
- STP Loop Guard
- Displaying STP Guard Configuration
- System Time and Date
- Uplink Failure Detection (UFD)
- Upgrade Procedures
- VLAN
- Virtual Routing and Forwarding (VRF)
- Virtual Router Redundancy Protocol (VRRP)
- FTOS XML Feature
- C-Series Debugging and Diagnostics
- E-Series TeraScale Debugging and Diagnostics
- S-Series Debugging and Diagnostics
- Standards Compliance
- Index
Port Monitoring | 821
Figure 38-8. Configuring Flow-based Monitoring
Remote Port Mirroring
Remote Port Mirroring is supported on platforms: e
x
.
While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a
destination port on the same switch/router, remote port mirroring allows you to monitor Layer 2 and
Layer 3 ingress traffic on multiple source ports on different switches and forward the mirrored traffic to
multiple destination ports on different switches. Remote port mirroring helps network administrators
monitor and analyze traffic to troubleshoot network problems in a time-saving and efficient way.
In a remote-port mirroring session, monitored traffic is tagged with a VLAN ID and switched on a
user-defined, non-routable L2 VLAN. The VLAN is reserved in the network to carry only mirrored traffic,
which is forwarded on all egress ports of the VLAN. Each intermediate switch that participates in the
transport of mirrored traffic must be configured with the reserved L2 VLAN. Remote port mirroring
supports mirroring sessions in which multiple source and destination ports are distributed across multiple
switches.
Remote Port Mirroring Example
Figure 38-9 shows an example of how remote port mirroring works.
FTOS(conf)#monitor session 0
FTOS(conf-mon-sess-0)#flow-based enable
FTOS(conf)#ip access-list ext testflow
FTOS(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor
FTOS(config-ext-nacl)#seq 10 permit ip 102.1.1.0/24 any count bytes monitor
FTOS(config-ext-nacl)#seq 15 deny udp any any count bytes
FTOS(config-ext-nacl)#seq 20 deny tcp any any count bytes
FTOS(config-ext-nacl)#exit
FTOS(conf)#interface gig 1/1
FTOS(conf-if-gi-1/1)#ip access-group testflow in
FTOS(conf-if-gi-1/1)#show config
!
interface GigabitEthernet 1/1
ip address 10.11.1.254/24
ip access-group testflow in
shutdown
FTOS(conf-if-gi-1/1)#exit
FTOS(conf)#do show ip accounting access-list testflow
!
Extended Ingress IP access list testflow on GigabitEthernet 1/1
Total cam count 4
seq 5 permit icmp any any monitor count bytes (0 packets 0 bytes)
seq 10 permit ip 102.1.1.0/24 any monitor count bytes (0 packets 0 bytes)
seq 15 deny udp any any count bytes (0 packets 0 bytes)
seq 20 deny tcp any any count bytes (0 packets 0 bytes)
FTOS(conf)#do show monitor session 0
SessionID Source Destination Direction Mode Type
--------- ------ ----------- --------- ---- ----
0 Gi 1/1 Gi 1/2 rx interface Flow-based