Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 526-4100

Cisco 7600 Series Router Cisco IOS Software Configuration GuideRelease 12.2SX

Text Part Number: OL-4266-08

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX 20012006, Cisco Systems, Inc. All rights reserved.

CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0704R)

Cisco 7600 Series Router CiOL-4266-08

Accessing the CLI 2-1Accessing the CLI through the EIA/TIA-232 Console Interface 2-2C O N T E N T S

Preface xxxi

Audience xxxi

Organization xxxi

Related Documentation xxxiv

Conventions xxxv

Obtaining Documentation xxxviCisco.com xxxviProduct Documentation DVD xxxviOrdering Documentation xxxvi

Documentation Feedback xxxvii

Cisco Product Security Overview xxxviiReporting Security Problems in Cisco Products xxxvii

Product Alerts and Field Notices xxxviii

Obtaining Technical Assistance xxxviiiCisco Support Website xxxviiiSubmitting a Service Request xxxixDefinitions of Service Request Severity xxxix

Obtaining Additional Publications and Information xl

Product Overview 1-1

Supported Hardware and Software 1-1

User Interfaces 1-1

Configuring Embedded CiscoView Support 1-2Understanding Embedded CiscoView 1-2Installing and Configuring Embedded CiscoView 1-2Displaying Embedded CiscoView Information 1-3

Software Features Supported in Hardware by the PFC and DFC 1-3

Command-Line Interfaces 2-1isco IOS Software Configuration Guide, Release 12.2SX

ContentsAccessing the CLI through Telnet 2-2

Performing Command Line Processing 2-3

Performing History Substitution 2-3

Cisco IOS Command Modes 2-4

Displaying a List of Cisco IOS Commands and Syntax 2-5

ROM-Monitor Command-Line Interface 2-6

Configuring the Router for the First Time 3-1

Default Configuration 3-1

Configuring the Router 3-2Using the Setup Facility or the setup Command 3-2Using Configuration Mode 3-10Checking the Running Configuration Before Saving 3-10Saving the Running Configuration Settings 3-11Reviewing the Configuration 3-11Configuring a Default Gateway 3-11Configuring a Static Route 3-12Configuring a BOOTP Server 3-13

Protecting Access to Privileged EXEC Commands 3-15Setting or Changing a Static Enable Password 3-15Using the enable password and enable secret Commands 3-15Setting or Changing a Line Password 3-16Setting TACACS+ Password Protection for Privileged EXEC Mode 3-16Encrypting Passwords 3-17Configuring Multiple Privilege Levels 3-17

Recovering a Lost Enable Password 3-19

Modifying the Supervisor Engine Startup Configuration 3-20Understanding the Supervisor Engine Boot Configuration 3-20Configuring the Software Configuration Register 3-21Specifying the Startup System Image 3-24Understanding Flash Memory 3-24CONFIG_FILE Environment Variable 3-25Controlling Environment Variables 3-26iiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsConfiguring a Supervisor Engine 720 4-1

Using the Bootflash or Bootdisk on a Supervisor Engine 720 4-1

Using the Slots on a Supervisor Engine 720 4-1

Configuring Supervisor Engine 720 Ports 4-2

Configuring and Monitoring the Switch Fabric Functionality 4-2Understanding How the Switch Fabric Functionality Works 4-2Configuring the Switch Fabric Functionality 4-4Monitoring the Switch Fabric Functionality 4-4

Configuring a Supervisor Engine 32 5-1

Flash Memory on a Supervisor Engine 32 5-1

Supervisor Engine 32 Ports 5-2

Configuring the Supervisor Engine 2 and the Switch Fabric Module 6-1

Using the Slots on a Supervisor Engine 2 6-1

Understanding How the Switch Fabric Module Works 6-1Switch Fabric Module Overview 6-2Switch Fabric Module Slots 6-2Switch Fabric Redundancy 6-2Forwarding Decisions for Layer 3-Switched Traffic 6-2Switching Modes 6-3

Configuring the Switch Fabric Module 6-3Configuring the Switching Mode 6-4Configuring Fabric-Required Mode 6-4Configuring an LCD Message 6-5

Monitoring the Switch Fabric Module 6-5Displaying the Module Information 6-6Displaying the Switch Fabric Module Redundancy Status 6-6Displaying Fabric Channel Switching Modes 6-6Displaying the Fabric Status 6-7Displaying the Fabric Utilization 6-7Displaying Fabric Errors 6-7

Configuring NSF with SSO Supervisor Engine Redundancy 7-1

Understanding NSF with SSO Supervisor Engine Redundancy 7-1NSF with SSO Supervisor Engine Redundancy Overview 7-2SSO Operation 7-2NSF Operation 7-3iiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsCisco Express Forwarding 7-3Multicast MLS NSF with SSO 7-4Routing Protocols 7-4NSF Benefits and Restrictions 7-8

Supervisor Engine Configuration Synchronization 7-9Supervisor Engine Redundancy Guidelines and Restrictions 7-9Redundancy Configuration Guidelines and Restrictions 7-9Hardware Configuration Guidelines and Restrictions 7-10Configuration Mode Restrictions 7-10

NSF Configuration Tasks 7-11Configuring SSO 7-11Configuring Multicast MLS NSF with SSO 7-12Verifying Multicast NSF with SSO 7-12Configuring CEF NSF 7-13Verifying CEF NSF 7-13Configuring BGP NSF 7-13Verifying BGP NSF 7-14Configuring OSPF NSF 7-14Verifying OSPF NSF 7-15Configuring IS-IS NSF 7-16Verifying IS-IS NSF 7-16Configuring EIGRP NSF 7-18Verifying EIGRP NSF 7-18Synchronizing the Supervisor Engine Configurations 7-19

Copying Files to the Redundant Supervisor Engine 7-19

Configuring SRM with SSO Supervisor Engine Redundancy 8-1

Understanding SRM with SSO 8-1Supervisor Engine Redundancy Overview 8-2SRM with SSO Operation 8-2Supervisor Engine 720 Configuration Synchronization 8-4

Supervisor Engine 720 Redundancy Guidelines and Restrictions 8-4Redundancy Guidelines and Restrictions 8-5Hardware Configuration Guidelines and Restrictions 8-5Configuration Mode Restrictions 8-6

Configuring Supervisor Engine 720 Redundancy 8-6ivCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsConfiguring SRM with SSO Redundancy 8-6Configuring the SRM with SSO Route Convergence Interval 8-7Synchronizing the Supervisor Engine Configurations 8-8Displaying the Redundancy States 8-8

Copying Files to the Redundant Supervisor Engine 8-8

Configuring RPR and RPR+ Supervisor Engine Redundancy 9-1

Understanding RPR and RPR+ 9-1Supervisor Engine Redundancy Overview 9-2RPR Operation 9-2RPR+ Operation 9-3Supervisor Engine Configuration Synchronization 9-3

Supervisor Engine Redundancy Guidelines and Restrictions 9-4Redundancy Guidelines and Restrictions 9-4RPR+ Guidelines and Restrictions 9-5Hardware Configuration Guidelines and Restrictions 9-6Configuration Mode Restrictions 9-6

Configuring Supervisor Engine Redundancy 9-6Configuring Redundancy 9-7Synchronizing the Supervisor Engine Configurations 9-7Displaying the Redundancy States 9-8

Performing a Fast Software Upgrade 9-8

Copying Files to an MSFC 9-10

Configuring Interfaces 10-1

Understanding Interface Configuration 10-1

Using the Interface Command 10-2

Configuring a Range of Interfaces 10-4

Defining and Using Interface-Range Macros 10-5

Configuring Optional Interface Features 10-6Configuring Ethernet Interface Speed and Duplex Mode 10-7Configuring Jumbo Frame Support 10-10Configuring IEEE 802.3x Flow Control 10-13Configuring the Port Debounce Timer 10-14Adding a Description for an Interface 10-15

Understanding Online Insertion and Removal 10-16

Monitoring and Maintaining Interfaces 10-16vCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsMonitoring Interface Status 10-17Clearing Counters on an Interface 10-17Resetting an Interface 10-18Shutting Down and Restarting an Interface 10-18

Checking the Cable Status Using the TDR 10-19

Configuring LAN Ports for Layer 2 Switching 11-1

Understanding How Layer 2 Switching Works 11-1Understanding Layer 2 Ethernet Switching 11-1Understanding VLAN Trunks 11-2Layer 2 LAN Port Modes 11-4

Default Layer 2 LAN Interface Configuration 11-5

Layer 2 LAN Interface Configuration Guidelines and Restrictions 11-5

Configuring LAN Interfaces for Layer 2 Switching 11-6Configuring a LAN Port for Layer 2 Switching 11-7Configuring a Layer 2 Switching Port as a Trunk 11-7Configuring a LAN Interface as a Layer 2 Access Port 11-14Configuring a Custom IEEE 802.1Q EtherType Field Value 11-15

Configuring Flex Links 12-1

Understanding Flex Links 12-1

Configuring Flex Links 12-2Flex Links Default Configuration 12-2Flex Links Configuration Guidelines and Restrictions 12-2Configuring Flex Links 12-3

Monitoring Flex Links 12-3

Configuring EtherChannels 13-1

Understanding How EtherChannels Work 13-1EtherChannel Feature Overview 13-1Understanding How EtherChannels Are Configured 13-2Understanding Port Channel Interfaces 13-4Understanding Load Balancing 13-5

EtherChannel Feature Configuration Guidelines and Restrictions 13-5

Configuring EtherChannels 13-6Configuring Port Channel Logical Interfaces for Layer 3 EtherChannels 13-7Configuring Channel Groups 13-8Configuring the LACP System Priority and System ID 13-10viCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsConfiguring EtherChannel Load Balancing 13-11Configuring the EtherChannel Min-Links Feature 13-12

Configuring VTP 14-1

Understanding How VTP Works 14-1Understanding the VTP Domain 14-2Understanding VTP Modes 14-2Understanding VTP Advertisements 14-3Understanding VTP Version 2 14-3Understanding VTP Pruning 14-3

VTP Default Configuration 14-5

VTP Configuration Guidelines and Restrictions 14-5

Configuring VTP 14-6Configuring VTP Global Parameters 14-6Configuring the VTP Mode 14-8Displaying VTP Statistics 14-10

Configuring VLANs 15-1

Understanding How VLANs Work 15-1VLAN Overview 15-1VLAN Ranges 15-2Configurable VLAN Parameters 15-3Understanding Token Ring VLANs 15-3

VLAN Default Configuration 15-6

VLAN Configuration Guidelines and Restrictions 15-8

Configuring VLANs 15-9VLAN Configuration Options 15-9Creating or Modifying an Ethernet VLAN 15-10Assigning a Layer 2 LAN Interface to a VLAN 15-12Configuring the Internal VLAN Allocation Policy 15-12Configuring VLAN Translation 15-13Mapping 802.1Q VLANs to ISL VLANs 15-16

Configuring Private VLANs 16-1

Understanding How Private VLANs Work 16-1Private VLAN Domains 16-2Private VLAN Ports 16-3Primary, Isolated, and Community VLANs 16-3viiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsPrivate VLAN Port Isolation 16-4IP Addressing Scheme with Private VLANs 16-4Private VLANs Across Multiple Routers 16-5Private VLAN Interaction with Other Features 16-5

Private VLAN Configuration Guidelines and Restrictions 16-6Secondary and Primary VLAN Configuration 16-7Private VLAN Port Configuration 16-9Limitations with Other Features 16-9

Configuring Private VLANs 16-11Configuring a VLAN as a Private VLAN 16-11Associating Secondary VLANs with a Primary VLAN 16-12Mapping Secondary VLANs to the Layer 3 VLAN Interface of a Primary VLAN 16-13Configuring a Layer 2 Interface as a Private VLAN Host Port 16-14Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port 16-15

Monitoring Private VLANs 16-17

Configuring Cisco IP Phone Support 17-1

Understanding Cisco IP Phone Support 17-1Cisco IP Phone Connections 17-1Cisco IP Phone Voice Traffic 17-2Cisco IP Phone Data Traffic 17-3Cisco IP Phone Power Configurations 17-3

Default Cisco IP Phone Support Configuration 17-4

Cisco IP Phone Support Configuration Guidelines and Restrictions 17-4

Configuring Cisco IP Phone Support 17-5Configuring Voice Traffic Support 17-5Configuring Data Traffic Support 17-7Configuring Inline Power Support 17-8

Configuring IEEE 802.1Q Tunneling 18-1

Understanding How 802.1Q Tunneling Works 18-1

802.1Q Tunneling Configuration Guidelines and Restrictions 18-3

Configuring 802.1Q Tunneling 18-6Configuring 802.1Q Tunnel Ports 18-6Configuring the Router to Tag Native VLAN Traffic 18-6viiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsConfiguring Layer 2 Protocol Tunneling 19-1

Understanding How Layer 2 Protocol Tunneling Works 19-1

Configuring Support for Layer 2 Protocol Tunneling 19-2

Configuring Standard-Compliant IEEE MST 20-1

Understanding MST 20-1MST Overview 20-2MST Regions 20-2IST, CIST, and CST 20-3Hop Count 20-6Boundary Ports 20-6Standard-Compliant MST Implementation 20-7Interoperability with IEEE 802.1D-1998 STP 20-9

Understanding RSTP 20-9Port Roles and the Active Topology 20-10Rapid Convergence 20-11Synchronization of Port Roles 20-12Bridge Protocol Data Unit Format and Processing 20-13Topology Changes 20-15

Configuring MST 20-15Default MST Configuration 20-16MST Configuration Guidelines and Restrictions 20-16Specifying the MST Region Configuration and Enabling MST 20-17Configuring the Root Bridge 20-19Configuring a Secondary Root Bridge 20-20Configuring Port Priority 20-21Configuring Path Cost 20-22Configuring the Switch Priority 20-23Configuring the Hello Time 20-24Configuring the Forwarding-Delay Time 20-25Configuring the Transmit Hold Count 20-25Configuring the Maximum-Aging Time 20-26Configuring the Maximum-Hop Count 20-26Specifying the Link Type to Ensure Rapid Transitions 20-26Designating the Neighbor Type 20-27Restarting the Protocol Migration Process 20-28ixCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsDisplaying the MST Configuration and Status 20-28

Configuring STP and Prestandard IEEE 802.1s MST 21-1

Understanding How STP Works 21-1STP Overview 21-2Understanding the Bridge ID 21-2Understanding Bridge Protocol Data Units 21-4Election of the Root Bridge 21-4STP Protocol Timers 21-5Creating the Spanning Tree Topology 21-5STP Port States 21-6STP and IEEE 802.1Q Trunks 21-12

Understanding How IEEE 802.1w RSTP Works 21-13IEEE 802.1w RSTP Overview 21-13RSTP Port Roles 21-13RSTP Port States 21-14Rapid-PVST 21-14

Understanding How Prestandard IEEE 802.1s MST Works 21-14IEEE 802.1s MST Overview 21-15MST-to-PVST Interoperability 21-16Common Spanning Tree 21-17MST Instances 21-18MST Configuration Parameters 21-18MST Regions 21-18Message Age and Hop Count 21-20

Default STP Configuration 21-20

STP and MST Configuration Guidelines and Restrictions 21-21

Configuring STP 21-21Enabling STP 21-22Enabling the Extended System ID 21-23Configuring the Root Bridge 21-24Configuring a Secondary Root Bridge 21-25Configuring STP Port Priority 21-26Configuring STP Port Cost 21-28Configuring the Bridge Priority of a VLAN 21-29Configuring the Hello Time 21-31Configuring the Forward-Delay Time for a VLAN 21-31Configuring the Maximum Aging Time for a VLAN 21-32xCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsEnabling Rapid-PVST 21-32

Configuring Prestandard IEEE 802.1s MST 21-33Enabling MST 21-33Displaying MST Configurations 21-35Configuring MST Instance Parameters 21-38Configuring MST Instance Port Parameters 21-39Restarting Protocol Migration 21-39

Configuring Optional STP Features 22-1

Understanding How PortFast Works 22-2

Understanding How BPDU Guard Works 22-2

Understanding How PortFast BPDU Filtering Works 22-2

Understanding How UplinkFast Works 22-3

Understanding How BackboneFast Works 22-4

Understanding How EtherChannel Guard Works 22-6

Understanding How Root Guard Works 22-6

Understanding How Loop Guard Works 22-6

Enabling PortFast 22-8

Enabling PortFast BPDU Filtering 22-10

Enabling BPDU Guard 22-11

Enabling UplinkFast 22-12

Enabling BackboneFast 22-13

Enabling EtherChannel Guard 22-14

Enabling Root Guard 22-14

Enabling Loop Guard 22-15

Configuring Layer 3 Interfaces 23-1

Layer 3 Interface Configuration Guidelines and Restrictions 23-1

Configuring Subinterfaces on Layer 3 Interfaces 23-2

Configuring IPv4 Routing and Addresses 23-4

Configuring IPX Routing and Network Numbers 23-7

Configuring AppleTalk Routing, Cable Ranges, and Zones 23-8

Configuring Other Protocols on Layer 3 Interfaces 23-9

Configuring UDE and UDLR 24-1

Understanding UDE and UDLR 24-1xiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsUDE and UDLR Overview 24-1Supported Hardware 24-2Understanding UDE 24-2Understanding UDLR 24-3

Configuring UDE and UDLR 24-3Configuring UDE 24-3Configuring UDLR 24-6

Configuring PFC3BXL and PFC3B Mode Multiprotocol Label Switching 25-1

PFC3BXL and PFC3B Mode MPLS Label Switching 25-1Understanding MPLS 25-2Understanding PFC3BXL and PFC3B Mode MPLS Label Switching 25-2Supported Hardware Features 25-4Supported Cisco IOS Features 25-5MPLS Guidelines and Restrictions 25-7PFC3BXL and PFC3B Mode MPLS Supported Commands 25-7Configuring MPLS 25-7MPLS Per-Label Load Balancing 25-7MPLS Configuration Examples 25-8

PFC3BXL or PFC3B Mode VPN Switching 25-9PFC3BXL or PFC3B Mode VPN Switching Operation 25-10MPLS VPN Guidelines and Restrictions 25-11PFC3BXL or PFC3B Mode MPLS VPN Supported Commands 25-11Configuring MPLS VPN 25-11MPLS VPN Sample Configuration 25-12

Any Transport over MPLS 25-13AToM Load Balancing 25-14Understanding EoMPLS 25-14EoMPLS Guidelines and Restrictions 25-14Configuring EoMPLS 25-16

Configuring IPv4 Multicast VPN Support 26-1

Understanding How MVPN Works 26-1MVPN Overview 26-1Multicast Routing and Forwarding and Multicast Domains 26-2Multicast Distribution Trees 26-2Multicast Tunnel Interfaces 26-5PE Router Routing Table Support for MVPN 26-6xiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsMulticast Distributed Switching Support 26-6Hardware-Assisted IPv4 Multicast 26-6

MVPN Configuration Guidelines and Restrictions 26-7

Configuring MVPN 26-8Forcing Ingress Multicast Replication Mode (Optional) 26-8Configuring a Multicast VPN Routing and Forwarding Instance 26-9Configuring Multicast VRF Routing 26-15Configuring Interfaces for Multicast Routing to Support MVPN 26-20

Sample Configurations for MVPN 26-22MVPN Configuration with Default MDTs Only 26-22MVPN Configuration with Default and Data MDTs 26-24

Configuring IP Unicast Layer 3 Switching 27-1

Understanding How Layer 3 Switching Works 27-1Understanding Hardware Layer 3 Switching 27-2Understanding Layer 3-Switched Packet Rewrite 27-2

Default Hardware Layer 3 Switching Configuration 27-4

Configuration Guidelines and Restrictions 27-4

Configuring Hardware Layer 3 Switching 27-4

Displaying Hardware Layer 3 Switching Statistics 27-5

Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 28-1

Features that Support IPv6 Multicast 28-1

IPv6 Multicast Guidelines and Restrictions 28-2

New or Changed IPv6 Multicast Commands 28-3

Configuring IPv6 Multicast Layer 3 Switching 28-3

Using show Commands to Verify IPv6 Multicast Layer 3 Switching 28-3Verifying MFIB Clients 28-4Displaying the Switching Capability 28-4Verifying the (S,G) Forwarding Capability 28-4Verifying the (*,G) Forwarding Capability 28-5Verifying the Subnet Entry Support Status 28-5Verifying the Current Replication Mode 28-5Displaying the Replication Mode Auto Detection Status 28-5Displaying the Replication Mode Capabilities 28-5Displaying Subnet Entries 28-6xiiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsDisplaying the IPv6 Multicast Summary 28-6Displaying the NetFlow Hardware Forwarding Count 28-6Displaying the FIB Hardware Bridging and Drop Counts 28-7Displaying the Shared and Well-Known Hardware Adjacency Counters 28-7

Configuring IPv4 Multicast Layer 3 Switching 29-1

Understanding How IPv4 Multicast Layer 3 Switching Works 29-1IPv4 Multicast Layer 3 Switching Overview 29-2Multicast Layer 3 Switching Cache 29-2Layer 3-Switched Multicast Packet Rewrite 29-3Partially and Completely Switched Flows 29-3Non-RPF Traffic Processing 29-5Multicast Boundary 29-6

Understanding How IPv4 Bidirectional PIM Works 29-7

Default IPv4 Multicast Layer 3 Switching Configuration 29-7

IPv4 Multicast Layer 3 Switching Configuration Guidelines and Restrictions 29-8Restrictions 29-8Unsupported Features 29-8

Configuring IPv4 Multicast Layer 3 Switching 29-9Source-Specific Multicast with IGMPv3, IGMP v3lite, and URD 29-9Enabling IPv4 Multicast Routing Globally 29-9Enabling IPv4 PIM on Layer 3 Interfaces 29-10Enabling IP Multicast Layer 3 Switching Globally 29-11Enabling IP Multicast Layer 3 Switching on Layer 3 Interfaces 29-11Configuring the Replication Mode 29-11Enabling Local Egress Replication 29-13Configuring the Layer 3 Switching Global Threshold 29-14Enabling Installation of Directly Connected Subnets 29-15Specifying the Flow Statistics Message Interval 29-15Enabling Shortcut-Consistency Checking 29-15Configuring ACL-Based Filtering of RPF Failures 29-16Displaying RPF Failure Rate-Limiting Information 29-16Configuring Multicast Boundary 29-17Displaying IPv4 Multicast Layer 3 Hardware Switching Summary 29-17Displaying the IPv4 Multicast Routing Table 29-20Displaying IPv4 Multicast Layer 3 Switching Statistics 29-21

Configuring IPv4 Bidirectional PIM 29-22Enabling IPv4 Bidirectional PIM Globally 29-22xivCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsConfiguring the Rendezvous Point for IPv4 Bidirectional PIM Groups 29-23Setting the IPv4 Bidirectional PIM Scan Interval 29-23Displaying IPv4 Bidirectional PIM Information 29-24Using IPv4 Debug Commands 29-26Clearing IPv4 Multicast Layer 3 Switching Statistics 29-26

Configuring MLDv2 Snooping for IPv6 Multicast Traffic 30-1

Understanding How MLDv2 Snooping Works 30-1MLDv2 Snooping Overview 30-2MLDv2 Messages 30-2Source-Based Filtering 30-3Explicit Host Tracking 30-3MLDv2 Snooping Proxy Reporting 30-4Joining an IPv6 Multicast Group 30-4Leaving a Multicast Group 30-6Understanding the MLDv2 Snooping Querier 30-7

Default MLDv2 Snooping Configuration 30-8

MLDv2 Snooping Configuration Guidelines and Restrictions 30-8

MLDv2 Snooping Querier Configuration Guidelines and Restrictions 30-8

Enabling the MLDv2 Snooping Querier 30-9

Configuring MLDv2 Snooping 30-10Enabling MLDv2 Snooping 30-10Configuring a Static Connection to a Multicast Receiver 30-11Configuring a Multicast Router Port Statically 30-11Configuring the MLD Snooping Query Interval 30-12Enabling Fast-Leave Processing 30-13Enabling SSM Safe Reporting 30-13Configuring Explicit Host Tracking 30-14Configuring Report Suppression 30-14Displaying MLDv2 Snooping Information 30-15

Configuring IGMP Snooping for IPv4 Multicast Traffic 31-1

Understanding How IGMP Snooping Works 31-1IGMP Snooping Overview 31-2Joining a Multicast Group 31-2Leaving a Multicast Group 31-4Understanding the IGMP Snooping Querier 31-5xvCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsUnderstanding IGMP Version 3 Support 31-5

Default IGMP Snooping Configuration 31-7

IGMP Snooping Configuration Guidelines and Restrictions 31-8

IGMP Snooping Querier Configuration Guidelines and Restrictions 31-8

Enabling the IGMP Snooping Querier 31-9

Configuring IGMP Snooping 31-9Enabling IGMP Snooping 31-10Configuring a Static Connection to a Multicast Receiver 31-11Configuring a Multicast Router Port Statically 31-11Configuring the IGMP Snooping Query Interval 31-11Enabling IGMP Fast-Leave Processing 31-12Configuring Source Specific Multicast (SSM) Mapping 31-12Enabling SSM Safe Reporting 31-13Configuring IGMPv3 Explicit Host Tracking 31-13Displaying IGMP Snooping Information 31-14

Configuring PIM Snooping 32-1

Understanding How PIM Snooping Works 32-1

Default PIM Snooping Configuration 32-4

PIM Snooping Configuration Guidelines and Restrictions 32-4

Configuring PIM Snooping 32-4Enabling PIM Snooping Globally 32-5Enabling PIM Snooping in a VLAN 32-5Disabling PIM Snooping Designated-Router Flooding 32-6

Configuring RGMP 33-1

Understanding How RGMP Works 33-1

Default RGMP Configuration 33-2

RGMP Configuration Guidelines and Restrictions 33-2

Enabling RGMP on Layer 3 Interfaces 33-3

Configuring Network Security 34-1

Configuring MAC Address-Based Traffic Blocking 34-1

Configuring TCP Intercept 34-2

Configuring Unicast Reverse Path Forwarding Check 34-2Understanding PFC3 Unicast RPF Check Support 34-2Understanding PFC2 Unicast RPF Check Support 34-3xviCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsUnicast RPF Check Guidelines and Restrictions 34-3Configuring Unicast RPF Check 34-3

Understanding Cisco IOS ACL Support 35-1

Cisco IOS ACL Configuration Guidelines and Restrictions 35-1

Hardware and Software ACL Support 35-2

Configuring IPv6 Address Compression 35-3

Optimized ACL Logging with a PFC3 35-4Understanding OAL 35-5OAL Guidelines and Restrictions 35-5Configuring OAL 35-5

Guidelines and Restrictions for Using Layer 4 Operators in ACLs 35-7Determining Layer 4 Operation Usage 35-7Determining Logical Operation Unit Usage 35-8

Configuring VLAN ACLs 36-1

Understanding VACLs 36-1VACL Overview 36-2Bridged Packets 36-2Routed Packets 36-3Multicast Packets 36-4

Configuring VACLs 36-4VACL Configuration Overview 36-5Defining a VLAN Access Map 36-5Configuring a Match Clause in a VLAN Access Map Sequence 36-6Configuring an Action Clause in a VLAN Access Map Sequence 36-7Applying a VLAN Access Map 36-8Verifying VLAN Access Map Configuration 36-8VLAN Access Map Configuration and Verification Examples 36-9Configuring a Capture Port 36-9

Configuring VACL Logging 36-11

Configuring Denial of Service Protection 37-1

Understanding How DoS Protection Works 37-2DoS Protection with a PFC2 37-2DoS Protection with a PFC3 37-10

DoS Protection Default Configuration 37-21xviiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsDoS Protection Configuration Guidelines and Restrictions 37-22PFC2 37-22PFC3 37-23Monitoring Packet Drop Statistics 37-24Displaying Rate-Limiter Information 37-26

Understanding How Control Plane Policing Works 37-27

CoPP Default Configuration 37-28

CoPP Configuration Guidelines and Restrictions 37-28

Configuring CoPP 37-29

Monitoring CoPP 37-30

Defining Traffic Classification 37-31Traffic Classification Overview 37-31Traffic Classification Guidelines 37-33Sample Basic ACLs for CoPP Traffic Classification 37-33

Configuring Sticky ARP 37-34

Configuring DHCP Snooping 38-1

Understanding DHCP Snooping 38-1Overview of DHCP Snooping 38-2Trusted and Untrusted Sources 38-2DHCP Snooping Binding Database 38-2Packet Validation 38-3DHCP Snooping Option-82 Data Insertion 38-3Overview of the DHCP Snooping Database Agent 38-5

Default Configuration for DHCP Snooping 38-6

DHCP Snooping Configuration Restrictions and Guidelines 38-7DHCP Snooping Configuration Restrictions 38-7DHCP Snooping Configuration Guidelines 38-7Minimum DHCP Snooping Configuration 38-8

Configuring DHCP Snooping 38-9Enabling DHCP Snooping Globally 38-9Enabling DHCP Option-82 Data Insertion 38-10Enabling the DHCP Option-82 on Untrusted Port Feature 38-10Enabling DHCP Snooping MAC Address Verification 38-11Enabling DHCP Snooping on VLANs 38-12Configuring the DHCP Trust State on Layer 2 LAN Interfaces 38-13Configuring DHCP Snooping Rate Limiting on Layer 2 LAN Interfaces 38-14xviiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsConfiguring the DHCP Snooping Database Agent 38-14Configuration Examples for the Database Agent 38-15Displaying a Binding Table 38-18

Configuring Dynamic ARP Inspection 39-1

Understanding DAI 39-1Understanding ARP 39-1Understanding ARP Spoofing Attacks 39-2Understanding DAI and ARP Spoofing Attacks 39-2Interface Trust States and Network Security 39-3Rate Limiting of ARP Packets 39-4Relative Priority of ARP ACLs and DHCP Snooping Entries 39-4Logging of Dropped Packets 39-4

Default DAI Configuration 39-5

DAI Configuration Guidelines and Restrictions 39-5

Configuring DAI 39-6Enabling DAI on VLANs 39-7Configuring the DAI Interface Trust State 39-7Applying ARP ACLs for DAI Filtering 39-8Configuring ARP Packet Rate Limiting 39-9Enabling DAI Error-Disabled Recovery 39-10Enabling Additional Validation 39-11Configuring DAI Logging 39-12Displaying DAI Information 39-15

DAI Configuration Samples 39-16Sample One: Two Switches Support DAI 39-16Sample Two: One Switch Supports DAI 39-20

Configuring Traffic Storm Control 40-1

Understanding Traffic Storm Control 40-1

Default Traffic Storm Control Configuration 40-2

Configuration Guidelines and Restrictions 40-3

Enabling Traffic Storm Control 40-3

Displaying Traffic Storm Control Settings 40-5

Unknown Unicast Flood Blocking 41-1

Understanding UUFB 41-1

Configuring UUFB 41-1xixCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsConfiguring PFC QoS 42-1

Understanding How PFC QoS Works 42-2Port Types Supported by PFC QoS 42-2Overview 42-2Component Overview 42-6Understanding Classification and Marking 42-16Policers 42-19Understanding Port-Based Queue Types 42-22

PFC QoS Default Configuration 42-28PFC QoS Global Settings 42-29Default Values With PFC QoS Enabled 42-30Default Values With PFC QoS Disabled 42-49

PFC QoS Configuration Guidelines and Restrictions 42-49General Guidelines 42-50PFC3 Guidelines 42-51PFC2 Guidelines 42-52Class Map Command Restrictions 42-53Policy Map Command Restrictions 42-53Policy Map Class Command Restrictions 42-53Supported Granularity for CIR and PIR Rate Values 42-53Supported Granularity for CIR and PIR Token Bucket Sizes 42-54IP Precedence and DSCP Values 42-55

Configuring PFC QoS 42-55Enabling PFC QoS Globally 42-56Enabling Ignore Port Trust 42-57Configuring DSCP Transparency 42-58Enabling Queueing-Only Mode 42-58Enabling Microflow Policing of Bridged Traffic 42-59Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports 42-60Enabling Egress ACL Support for Remarked DSCP 42-61Creating Named Aggregate Policers 42-61Configuring a PFC QoS Policy 42-64Configuring Egress DSCP Mutation on a PFC3 42-82Configuring Ingress CoS Mutation on IEEE 802.1Q Tunnel Ports 42-83Configuring DSCP Value Maps 42-86Configuring the Trust State of Ethernet LAN and OSM Ports 42-90Configuring the Ingress LAN Port CoS Value 42-91Configuring Standard-Queue Drop Threshold Percentages 42-92xxCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsMapping QoS Labels to Queues and Drop Thresholds 42-98Allocating Bandwidth Between Standard Transmit Queues 42-108Setting the Receive-Queue Size Ratio 42-110Configuring the Transmit-Queue Size Ratio 42-111

Common QoS Scenarios 42-112Sample Network Design Overview 42-112Classifying Traffic from PCs and IP Phones in the Access Layer 42-113Accepting the Traffic Priority Value on Interswitch Links 42-116Prioritizing Traffic on Interswitch Links 42-117Using Policers to Limit the Amount of Traffic from a PC 42-120

PFC QoS Glossary 42-122

Configuring PFC3BXL or PFC3B Mode MPLS QoS 43-1

Terminology 43-2

PFC3BXL or PFC3B Mode MPLS QoS Features 43-3MPLS Experimental Field 43-3Trust 43-3Classification 43-3Policing and Marking 43-4Preserving IP ToS 43-4EXP Mutation 43-4MPLS DiffServ Tunneling Modes 43-4

PFC3BXL or PFC3B Mode MPLS QoS Overview 43-4Specifying the QoS in the IP Precedence Field 43-5

PFC3BXL or PFC3B Mode MPLS QoS 43-5LERs at the Input Edge of an MPLS Network 43-6LSRs in the Core of an MPLS Network 43-7LERs at the Output Edge of an MPLS Network 43-7

Understanding PFC3BXL or PFC3B Mode MPLS QoS 43-8LERs at the EoMPLS Edge 43-8LERs at the IP Edge (MPLS, MPLS VPN) 43-9LSRs at the MPLS Core 43-13

PFC3BXL or PFC3B MPLS QoS Default Configuration 43-15

MPLS QoS Commands 43-16

PFC3BXL or PFC3B Mode MPLS QoS Restrictions and Guidelines 43-17

Configuring PFC3BXL or PFC3B Mode MPLS QoS 43-18xxiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsEnabling QoS Globally 43-18Enabling Queueing-Only Mode 43-19Configuring a Class Map to Classify MPLS Packets 43-20Configuring the MPLS Packet Trust State on Ingress Ports 43-22Configuring a Policy Map 43-23Displaying a Policy Map 43-28Configuring PFC3BXL or PFC3B Mode MPLS QoS Egress EXP Mutation 43-29Configuring EXP Value Maps 43-30

MPLS DiffServ Tunneling Modes 43-31Short Pipe Mode 43-32Uniform Mode 43-33MPLS DiffServ Tunneling Restrictions and Usage Guidelines 43-35

Configuring Short Pipe Mode 43-35Ingress PE RouterCustomer Facing Interface 43-36Configuring Ingress PE RouterP Facing Interface 43-37Configuring the P RouterOutput Interface 43-38Configuring the Egress PE RouterCustomer Facing Interface 43-39

Configuring Uniform Mode 43-40Configuring the Ingress PE RouterCustomer Facing Interface 43-40Configuring the Ingress PE RouterP Facing Interface 43-41Configuring the Egress PE RouterCustomer Facing Interface 43-42

Configuring PFC QoS Statistics Data Export 44-1

Understanding PFC QoS Statistics Data Export 44-1

PFC QoS Statistics Data Export Default Configuration 44-2

Configuring PFC QoS Statistics Data Export 44-2

Configuring the Cisco IOS Firewall Feature Set 45-1

Cisco IOS Firewall Feature Set Support Overview 45-1

Cisco IOS Firewall Guidelines and Restrictions 45-2

Additional CBAC Configuration 45-3

Configuring Network Admission Control 46-1

Understanding NAC 46-1NAC Overview 46-2NAC Device Roles 46-3AAA Down Policy 46-4xxiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsNAC Layer 2 IP Validation 46-4

Configuring NAC 46-12Default NAC Configuration 46-12NAC Layer 2 IP Guidelines, Limitations, and Restrictions 46-12Configuring NAC Layer 2 IP Validation 46-13Configuring EAPoUDP 46-17Configuring Identity Profiles and Policies 46-17Configuring a NAC AAA Down Policy 46-18

Monitoring and Maintaining NAC 46-22Clearing Table Entries 46-22Displaying NAC Information 46-22

Configuring IEEE 802.1X Port-Based Authentication 47-1

Understanding 802.1X Port-Based Authentication 47-1Device Roles 47-2Authentication Initiation and Message Exchange 47-3Ports in Authorized and Unauthorized States 47-4Supported Topologies 47-4

Default 802.1X Port-Based Authentication Configuration 47-5

802.1X Port-Based Authentication Guidelines and Restrictions 47-6

Configuring 802.1X Port-Based Authentication 47-7Enabling 802.1X Port-Based Authentication 47-7Configuring Router-to-RADIUS-Server Communication 47-8Enabling Periodic Reauthentication 47-10Manually Reauthenticating the Client Connected to a Port 47-11Initializing Authentication for the Client Connected to a Port 47-11Changing the Quiet Period 47-11Changing the Router-to-Client Retransmission Time 47-12Setting the Router-to-Client Retransmission Time for EAP-Request Frames 47-13Setting the Router-to-Authentication-Server Retransmission Time for Layer 4 Packets 47-13Setting the Router-to-Client Frame Retransmission Number 47-14Enabling Multiple Hosts 47-14Resetting the 802.1X Configuration to the Default Values 47-15

Displaying 802.1X Status 47-15

Configuring Port Security 48-1

Understanding Port Security 48-1Port Security with Dynamically Learned and Static MAC Addresses 48-1xxiiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsPort Security with Sticky MAC Addresses 48-2

Default Port Security Configuration 48-3

Port Security Guidelines and Restrictions 48-3

Configuring Port Security 48-4Enabling Port Security 48-4Configuring the Port Security Violation Mode on a Port 48-6Configuring the Port Security Rate Limiter 48-7Configuring the Maximum Number of Secure MAC Addresses on a Port 48-8Enabling Port Security with Sticky MAC Addresses on a Port 48-9Configuring a Static Secure MAC Address on a Port 48-10Configuring Secure MAC Address Aging on a Port 48-11

Displaying Port Security Settings 48-12

Configuring CDP 49-1

Understanding How CDP Works 49-1

Configuring CDP 49-1Enabling CDP Globally 49-2Displaying the CDP Global Configuration 49-2Enabling CDP on a Port 49-2Displaying the CDP Interface Configuration 49-3Monitoring and Maintaining CDP 49-3

Configuring UDLD 50-1

Understanding How UDLD Works 50-1UDLD Overview 50-1UDLD Aggressive Mode 50-2

Default UDLD Configuration 50-3

Configuring UDLD 50-3Enabling UDLD Globally 50-3Enabling UDLD on Individual LAN Interfaces 50-4Disabling UDLD on Fiber-Optic LAN Interfaces 50-4Configuring the UDLD Probe Message Interval 50-5Resetting Disabled LAN Interfaces 50-5

Configuring NetFlow 51-1

Understanding NetFlow 51-1NetFlow Overview 51-1xxivCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsNetFlow on the MSFC 51-2NetFlow on the PFC 51-3

Default NetFlow Configuration 51-5

NetFlow Configuration Guidelines and Restrictions 51-5

Configuring NetFlow 51-6Configuring NetFlow on the PFC 51-6Configuring NetFlow on the MSFC 51-10

Configuring NDE 52-1

Understanding NDE 52-1NDE Overview 52-1NDE on the MSFC 52-2NDE on the PFC 52-2

Default NDE Configuration 52-8

NDE Configuration Guidelines and Restrictions 52-8

Configuring NDE 52-9Configuring NDE on the PFC 52-9Configuring NDE on the MSFC 52-11Enabling NDE for Ingress-Bridged IP Traffic 52-13Displaying the NDE Address and Port Configuration 52-14Configuring NDE Flow Filters 52-15Displaying the NDE Configuration 52-16

Configuring Local SPAN, RSPAN, and ERSPAN 53-1

Understanding How Local SPAN, RSPAN, and ERSPAN Work 53-1Local SPAN, RSPAN, and ERSPAN Overview 53-2Local SPAN, RSPAN, and ERSPAN Sources 53-5Local SPAN, RSPAN, and ERSPAN Destination Ports 53-6

Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions 53-6Feature Incompatiblities 53-6Local SPAN, RSPAN, and ERSPAN Session Limits 53-7Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions 53-9VSPAN Guidelines and Restrictions 53-10RSPAN Guidelines and Restrictions 53-10ERSPAN Guidelines and Restrictions 53-11

Configuring Local SPAN, RSPAN, and ERSPAN 53-13Configuring Destination Port Permit Lists (Optional) 53-13xxvCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsConfiguring Local SPAN 53-14Configuring RSPAN 53-15Configuring ERSPAN 53-18Configuring Source VLAN Filtering for Local SPAN and RSPAN 53-23Configuring a Destination Port as an Unconditional Trunk 53-23Configuring Destination Trunk Port VLAN Filtering 53-24Verifying the Configuration 53-25Configuration Examples 53-26

Configuring SNMP IfIndex Persistence 54-1

Understanding SNMP IfIndex Persistence 54-1

Configuring SNMP IfIndex Persistence 54-2Enabling SNMP IfIndex Persistence Globally 54-2Disabling SNMP IfIndex Persistence Globally 54-2Enabling and Disabling SNMP IfIndex Persistence on Specific Interfaces 54-2Clearing SNMP IfIndex Persistence Configuration from a Specific Interface 54-3

Power Management and Environmental Monitoring 55-1

Understanding How Power Management Works 55-1Enabling or Disabling Power Redundancy 55-2Powering Modules Off and On 55-3Viewing System Power Status 55-4Power Cycling Modules 55-5Determining System Power Requirements 55-5Determining System Hardware Capacity 55-5Determining Sensor Temperature Threshold 55-9

Understanding How Environmental Monitoring Works 55-10Monitoring System Environmental Status 55-10Understanding LED Environmental Indications 55-12

Configuring Online Diagnostics 56-1

Understanding How Online Diagnostics Work 56-1

Configuring Online Diagnostics 56-2Setting Bootup Online Diagnostics Level 56-2Configuring On-Demand Online Diagnostics 56-2Scheduling Online Diagnostics 56-4Configuring Health-Monitoring Diagnostics 56-5

Running Online Diagnostic Tests 56-5Starting and Stopping Online Diagnostic Tests 56-6xxviCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsDisplaying Online Diagnostic Tests and Test Results 56-7

Performing Memory Tests 56-10

Diagnostic Sanity Check 56-10

Configuring Web Cache Services Using WCCP 57-1

Understanding WCCP 57-2WCCP Overview 57-2Hardware Acceleration 57-3Understanding WCCPv1 Configuration 57-4Understanding WCCPv2 Configuration 57-5WCCPv2 Features 57-6

Restrictions for WCCPv2 57-7

Configuring WCCP 57-8Specifying a Version of WCCP 57-8Configuring a Service Group Using WCCPv2 57-8Excluding Traffic on a Specific Interface from Redirection 57-10Registering a Router to a Multicast Address 57-10Using Access Lists for a WCCP Service Group 57-11Setting a Password for a Router and Cache Engines 57-11

Verifying and Monitoring WCCP Configuration Settings 57-12

WCCP Configuration Examples 57-12Changing the Version of WCCP on a Router Example 57-13Performing a General WCCPv2 Configuration Example 57-13Running a Web Cache Service Example 57-13Running a Reverse Proxy Service Example 57-14Registering a Router to a Multicast Address Example 57-14Using Access Lists Example 57-14Setting a Password for a Router and Cache Engines Example 57-15Verifying WCCP Settings Example 57-15

Using the Top N Utility 58-1

Understanding the Top N Utility 58-1Top N Utility Overview 58-1Understanding Top N Utility Operation 58-2

Using the Top N Utility 58-2Enabling Top N Utility Report Creation 58-3xxviiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ContentsDisplaying the Top N Utility Reports 58-3Clearing Top N Utility Reports 58-4

Using the Layer 2 Traceroute Utility 59-1

Understanding the Layer 2 Traceroute Utility 59-1

Usage Guidelines 59-1

Using the Layer 2 Traceroute Utility 59-2

A P P E N D I X A Online Diagnostic Tests A-1

Global Health-Monitoring Tests A-2TestSPRPInbandPing A-2TestScratchRegister A-3TestMacNotification A-3

Per-Port Tests A-4TestNonDisruptiveLoopback A-4TestLoopback A-5TestActiveToStandbyLoopback A-5TestTransceiverIntegrity A-6TestNetflowInlineRewrite A-6

PFC Layer 2 Forwarding Engine Tests A-7TestNewIndexLearn A-7TestDontConditionalLearn A-7TestBadBpduTrap A-8TestMatchCapture A-8TestStaticEntry A-9

DFC Layer 2 Forwarding Engine Tests A-9TestDontLearn A-9TestNewLearn A-10TestIndexLearn A-10TestConditionalLearn A-11TestTrap A-11TestBadBpdu A-12TestProtocolMatchChannel A-13TestCapture A-13TestStaticEntry A-14

PFC Layer 3 Forwarding Engine Tests A-14TestFibDevices A-14TestIPv4FibShortcut A-15xxviiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

TestIPv6FibShortcut A-15

ContentsTestMPLSFibShortcut A-16TestNATFibShortcut A-16TestL3Capture2 A-17TestAclPermit A-17TestAclDeny A-18TestNetflowShortcut A-18TestQoS A-19

DFC Layer 3 Forwarding Engine Tests A-19TestFibDevices A-19TestIPv4FibShortcut A-20TestIPv6FibShortcut A-20TestMPLSFibShortcut A-21TestNATFibShortcut A-21TestL3Capture2 A-22TestAclPermit A-22TestAclDeny A-23TestQoS A-23TestNetflowShortcut A-24

Replication Engine Tests A-24TestL3VlanMet A-24TestIngressSpan A-25TestEgressSpan A-25

Fabric Tests A-26TestFabricSnakeForward A-26TestFabricSnakeBackward A-27TestSynchedFabChannel A-27TestFabricCh0Health A-28TestFabricCh1Health A-28

Exhaustive Memory Tests A-28TestFibTcamSSRAM A-29TestAsicMemory A-29TestAclQosTcam A-30TestNetflowTcam A-30TestQoSTcam A-30

IPSEC Services Modules Tests A-32TestIPSecClearPkt A-32TestHapiEchoPkt A-32TestIPSecEncryptDecryptPkt A-33xxixCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

Stress Tests A-33

ContentsTestTrafficStress A-33TestEobcStressPing A-34

Critical Recovery Tests A-34TestL3HealthMonitoring A-34TestTxPathMonitoring A-35TestSynchedFabChannel A-35

General Tests A-36ScheduleSwitchover A-36TestFirmwareDiagStatus A-36

A P P E N D I X B Acronyms B-1

I N D E XxxxCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

Preface

This preface describes who should read the Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX, how it is organized, and its document conventions.

AudienceThis guide is for experienced network administrators who are responsible for configuring and maintaining Cisco 7600 series routers.

OrganizationThis guide is organized as follows:

Chapter Title Description

Chapter 1 Product Overview Presents an overview of the Cisco 7600 series routers.

Chapter 2 Command-Line Interfaces Describes how to use the command-line interface (CLI).

Chapter 3 Configuring the Router for the First Time

Describes how to perform a baseline configuration.

Chapter 4 Configuring a Supervisor Engine 720

Describes how to configure a Supervisor Engine 720.

Chapter 5 Configuring a Supervisor Engine 32

Describes how to configure a Supervisor Engine 32.

Chapter 6 Configuring the Supervisor Engine 2 and the Switch Fabric

Describes how to configure a Supervisor Engine 2 and the Switch Fabric Module.xxxiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

ModuleChapter 7 Configuring NSF with SSO

Supervisor Engine RedundancyDescribes how to configure NSF with SSO supervisor engine redundancy.

Chapter 8 Configuring SRM with SSO Supervisor Engine Redundancy

Describes how to configure SRM with SSO supervisor engine redundancy.

PrefaceOrganizationChapter 9 Configuring RPR and RPR+ Supervisor Engine Redundancy

Describes how to configure RPR and RPR+ supervisor engine redundancy.

Chapter 10 Configuring Interfaces Describes how to configure non-layer-specific features on LAN interfaces.

Chapter 11 Configuring LAN Ports for Layer 2 Switching

Describes how to configure LAN interfaces to support Layer 2 features, including VLAN trunks.

Chapter 12 Configuring Flex Links Describes how to configure Flex Links.Chapter 13 Configuring EtherChannels Describes how to configure Layer 2 and Layer 3

EtherChannel port bundles.Chapter 14 Configuring VTP Describes how to configure the VLAN Trunking

Protocol (VTP).Chapter 15 Configuring VLANs Describes how to configure VLANs.Chapter 16 Configuring Private VLANs Describes how to configure private VLANs.Chapter 17 Configuring Cisco IP Phone

SupportDescribes how to configure Cisco IP Phone support.

Chapter 18 Configuring IEEE 802.1Q Tunneling

Describes how to configure IEEE 802.1Q tunneling.

Chapter 19 Configuring Layer 2 Protocol Tunneling

Describes how to configure Layer 2 protocol tunneling.

Chapter 20 Configuring Standard-Compliant IEEE MST

Describes how to configure standard-compliant IEEE MST.

Chapter 21 Configuring STP and Prestandard IEEE 802.1s MST

Describes how to configure the Spanning Tree Protocol (STP) and Prestandard IEEE 802.1s Multiple Spanning Tree (MST).

Chapter 22 Configuring Optional STP Features

Describes how to configure the STP PortFast, UplinkFast, and BackboneFast features.

Chapter 23 Configuring Layer 3 Interfaces Describes how to configure LAN interfaces to support Layer 3 features.

Chapter 24 Configuring UDE and UDLR Describes how to configure unidirectional Ethernet (UDE) and unidirectional link routing (UDLR).

Chapter 25 Configuring PFC3BXL and PFC3B Mode Multiprotocol Label Switching

Describes how to configure PFC3BXL or PFC3B Multiprotocol Label Switching (MPLS).

Chapter 26 Configuring IPv4 Multicast VPN Support

Describes how to configure IPv4 Multicast Virtual Private Network (MVPN).

Chapter 27 Configuring IP Unicast Layer 3 Switching

Describes how to configure IP unicast Layer 3 switching.

Chapter 28 Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching

Describes how to configure IPv6 Multicast Multilayer Switching (MMLS).

Chapter 29 Configuring IPv4 Multicast Layer 3 Switching

Describes how to configure IPv4 Multicast Multilayer Switching (MMLS).

Chapter 30 Configuring MLDv2 Snooping for IPv6 Multicast Traffic

Describes how to configure Multicast Listener Discovery version 2 (MLDv2) snooping.

Chapter Title DescriptionxxxiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceOrganizationChapter 31 Configuring IGMP Snooping for IPv4 Multicast Traffic

Describes how to configure Internet Group Management Protocol (IGMP) snooping.

Chapter 32 Configuring PIM Snooping Describes how to configure protocol independent multicast (PIM) snooping.

Chapter 33 Configuring RGMP Describes how to configure Router-Port Group Management Protocol (RGMP).

Chapter 34 Configuring Network Security Describes how to configure network security features that are unique to the Cisco 7600 series routers.

Chapter 35 Understanding Cisco IOS ACL Support

Describes how Cisco 7600 series routers support Cisco IOS ACLs.

Chapter 36 Configuring VLAN ACLs Describes how to configure VLAN ACLs.Chapter 37 Configuring Denial of Service

ProtectionDescribes how to configure denial of service protection.

Chapter 38 Configuring DHCP Snooping Describes how to configure DHCP snooping.Chapter 39 Configuring Dynamic ARP

InspectionDescribes how to configure dynamic ARP inspection.

Chapter 40 Configuring Traffic Storm Control Describes how to configure traffic storm control.Chapter 41 Unknown Unicast Flood Blocking Describes how to configure unknown unicast flood

blocking.Chapter 42 Configuring PFC QoS Describes how to configure quality of service (QoS).Chapter 43 Configuring PFC3BXL or PFC3B

Mode MPLS QoSDescribes how to configure MPLS QoS.

Chapter 44 Configuring PFC QoS Statistics Data Export

Describes how to configure PFC QoS statistics data export.

Chapter 45 Configuring the Cisco IOS Firewall Feature Set

Describes how to configure the Cisco IOS Firewall feature set.

Chapter 46 Configuring Network Admission Control

Describes how to configure Network Admission Control.

Chapter 47 Configuring IEEE 802.1X Port-Based Authentication

Describes how to configure IEEE 802.1X port-based authentication.

Chapter 48 Configuring Port Security Describes how to configure port security.Chapter 49 Configuring CDP Describes how to configure Cisco Discovery

Protocol (CDP).Chapter 50 Configuring UDLD Describes how to configure the UniDirectional Link

Detection (UDLD) protocol.Chapter 51 Configuring NetFlow Describes how to configure the NetFlow tableChapter 52 Configuring NDE Describes how to configure Netflow Data Export

(NDE).Chapter 53 Configuring Local SPAN,

RSPAN, and ERSPANDescribes how to configure the Switch Port Analyzer (SPAN).

Chapter Title DescriptionxxxiiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceRelated DocumentationRelated DocumentationThe following publications are available for the Cisco 7600 series routers:

Cisco 7600 Series Router Installation Guide Cisco 7600 Series Router Module Installation Guide Cisco 7600 Series Router Cisco IOS Command Reference Cisco 7600 Series Router Cisco IOS System Message Guide Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32,

and Supervisor Engine 2 Cisco IOS Configuration Guides and Command ReferencesUse these publications to help you

configure Cisco IOS software features not described in the Cisco 7600 series router publications: Configuration Fundamentals Configuration Guide Configuration Fundamentals Command Reference Bridging and IBM Networking Configuration Guide Bridging and IBM Networking Command Reference Interface Configuration Guide Interface Command Reference Network Protocols Configuration Guide, Part 1, 2, and 3 Network Protocols Command Reference, Part 1, 2, and 3 Security Configuration Guide Security Command Reference Switching Services Configuration Guide Switching Services Command Reference Voice, Video, and Home Applications Configuration Guide

Chapter 54 Configuring SNMP IfIndex Persistence

Describes how to configure SNMP ifIndex persistence.

Chapter 55 Power Management and Environmental Monitoring

Describes how to configure power management and environmental monitoring features.

Chapter 56 Configuring Online Diagnostics Describes how to configure online diagnostics and run diagnostic tests.

Chapter 57 Configuring Web Cache Services Using WCCP

Describes how to configure the Web Cache Communication Protocol (WCCP).

Chapter 58 Using the Top N Utility Describes how to use the Top N utility. Chapter 59 Using the Layer 2 Traceroute

UtilityDescribes how to use the Layer 2 traceroute utility.

Appendix A Online Diagnostic Tests Provides recommendations for how to use the online diagnostic tests.

Appendix B Acronyms Defines the acronyms used in this publication.

Chapter Title DescriptionxxxivCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceConventions Voice, Video, and Home Applications Command Reference Software Command Summary Software System Error Messages Debug Command Reference Internetwork Design Guide Internetwork Troubleshooting Guide Configuration Builder Getting Started Guide

The Cisco IOS Configuration Guides and Command References are located at this URL:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/index.htm

For information about MIBs, go to this URL:http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

ConventionsThis document uses the following conventions:

Notes use the following conventions:

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.

Convention Description

boldface font Commands, command options, and keywords are in boldface.italic font Arguments for which you supply values are in italics.[ ] Elements in square brackets are optional.{ x | y | z } Alternative keywords are grouped in braces and separated by vertical bars.[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by

vertical bars.string A nonquoted set of characters. Do not use quotation marks around the

string or the string will include the quotation marks.screen font Terminal sessions and information the system displays are in screen font.boldface screen font

Information you must enter is in boldface screen font.

italic screen font Arguments for which you supply values are in italic screen font.This pointer highlights an important line of text in an example.

^ The symbol ^ represents the key labeled Controlfor example, the key combination ^D in a screen display means hold down the Control key while you press the D key.

< > Nonprinting characters, such as passwords are in angle brackets.xxxvCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceObtaining DocumentationCautions use the following conventions:

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Obtaining DocumentationCisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers.

Cisco.comYou can access the most current Cisco documentation at this URL:http://www.cisco.com/techsupportYou can access the Cisco website at this URL:http://www.cisco.comYou can access international Cisco websites at this URL:http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVDThe Product Documentation DVD is a library of technical product documentation on a portable medium. The DVD enables you to access installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL:http://www.cisco.com/univercd/home/home.htmThe Product Documentation DVD is created and released regularly. DVDs are available singly or by subscription. Registered Cisco.com users can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at the Product Documentation Store at this URL:http://www.cisco.com/go/marketplace/docstore

Ordering DocumentationYou must be a registered Cisco.com user to access Cisco Marketplace. Registered users may order Cisco documentation at the Product Documentation Store at this URL: http://www.cisco.com/go/marketplace/docstoreIf you do not have a user ID or password, you can register at this URL:http://tools.cisco.com/RPF/register/register.doxxxviCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceDocumentation FeedbackDocumentation FeedbackYou can provide feedback about Cisco technical documentation on the Cisco Support site area by entering your comments in the feedback form available in every online document.

Cisco Product Security OverviewCisco provides a free online Security Vulnerability Policy portal at this URL:http://www.cisco.com/en/US/products/products_security_vulnerability_policy.htmlFrom this site, you will find information about how to do the following:

Report security vulnerabilities in Cisco products Obtain assistance with security incidents that involve Cisco products Register to receive security information from Cisco

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:http://www.cisco.com/go/psirtTo see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco ProductsCisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For emergencies only security-alert@cisco.comAn emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For nonemergencies psirt@cisco.comIn an emergency, you can also reach PSIRT by telephone:

1 877 228-7302 1 408 525-6532

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:xxxviiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceProduct Alerts and Field Noticeshttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material.

Product Alerts and Field NoticesModifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive these announcements by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information.To access the Product Alert Tool, you must be a registered Cisco.com user. Registered users can access the tool at this URL:

http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=enTo register as a Cisco.com user, go to this URL:http://tools.cisco.com/RPF/register/register.do

Obtaining Technical AssistanceCisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Support website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Support WebsiteThe Cisco Support website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day at this URL:http://www.cisco.com/en/US/support/index.htmlAccess to all tools on the Cisco Support website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:http://tools.cisco.com/RPF/register/register.do

Note Before you submit a request for service online or by phone, use the Cisco Product Identification Tool to locate your product serial number. You can access this tool from the Cisco Support website by clicking the Get Tools & Resources link, clicking the All Tools (A-Z) tab, and then choosing Cisco Product Identification Tool from the alphabetical list. This tool offers three search options: by product ID or model name; by tree view; or, for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.xxxviiiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceObtaining Technical AssistanceTip Displaying and Searching on Cisco.com

If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5.

To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. After using the Search box on the Cisco.com home page, click the Advanced Search link next to the Search box on the resulting page and then click the Technical Support & Documentation radio button.

To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at the top of any Cisco.com web page.

Submitting a Service RequestUsing the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:http://www.cisco.com/techsupport/servicerequestFor S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.To open a service request by telephone, use one of the following numbers:Asia-Pacific: +61 2 8446 7411Australia: 1 800 805 227EMEA: +32 2 704 55 55USA: 1 800 553 2447For a complete list of Cisco TAC contacts, go to this URL:http://www.cisco.com/techsupport/contacts

Definitions of Service Request SeverityTo ensure that all service requests are reported in a standard format, Cisco has established severity definitions.Severity 1 (S1)An existing network is down or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation. Severity 2 (S2)Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.Severity 3 (S3)Operational performance of the network is impaired while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.xxxixCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceObtaining Additional Publications and InformationSeverity 4 (S4)You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and InformationInformation about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Online Subscription Center is the website where you can sign up for a variety of Cisco e-mail newsletters and other communications. Create a profile and then select the subscriptions that you would like to receive. To visit the Cisco Online Subscription Center, go to this URL:http://www.cisco.com/offer/subscribe

The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL: http://www.cisco.com/go/guide

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training, and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:http://www.ciscopress.com

Internet Protocol Journal is a quarterly journal published by Cisco for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:http://www.cisco.com/ipj

Networking products offered by Cisco, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html Networking Professionals Connection is an interactive website where networking professionals

share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:http://www.cisco.com/discuss/networking

Whats New in Cisco Documentation is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products. You can view the latest release of Whats New in Cisco Documentation at this URL:http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.htmlxlCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceObtaining Additional Publications and InformationxliCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

PrefaceObtaining Additional Publications and InformationxliiCisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

Cisco 7600 Series Router Cisco IOS SoftwaOL-4266-08

Embedded CiscoViewSee the Configuring Embedded CiscoView Support section on page 1-2.C H A P T E R 1Product Overview

This chapter consists of these sections: Supported Hardware and Software, page 1-1 User Interfaces, page 1-1

Configuring Embedded CiscoView Support, page 1-2 Software Features Supported in Hardware by the PFC and DFC, page 1-3

Supported Hardware and Software For complete information about the chassis, modules, and software features supported by the Cisco 7600 series routers, refer to the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2:http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/ol_4164.htm

User InterfacesRelease 12.2SX supports configuration using the following interfaces:

CLISee Chapter 2, Command-Line Interfaces. SNMPRefer to the Release 12.2 IOS Configuration Fundamentals Configuration Guide and

Command Reference at this URL:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htm

Cisco IOS web browser interfaceRefer to Using the Cisco Web Browser in the IOS Configuration Fundamentals Configuration Guide at this URL:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htm 1-1re Configuration Guide, Release 12.2SX

Chapter 1 Product OverviewConfiguring Embedded CiscoView SupportConfiguring Embedded CiscoView SupportThese sections describe configuring Embedded CiscoView support:

Understanding Embedded CiscoView, page 1-2 Installing and Configuring Embedded CiscoView, page 1-2 Displaying Embedded CiscoView Information, page 1-3

Understanding Embedded CiscoViewThe Embedded CiscoView network management system is a web-based interface that uses HTTP and SNMP to provide a graphical representation of the router and to provide a GUI-based management and configuration interface. You can download the Java Archive (JAR) files for Embedded CiscoView at this URL:http://www.cisco.com/kobayashi/sw-center/netmgmt/ciscoview/embed-cview-planner.shtml

Installing and Configuring Embedded CiscoViewTo install and configure Embedded CiscoView, perform this task:

Note The default password for accessing the router web page is the enable-level password of the router.

Command Purpose

Step 1 Router# dir device_name Displays the contents of the device.If you are installing Embedded CiscoView for the first time, or if the CiscoView directory is empty, skip to Step 4.

Step 2 Router# delete device_name:cv/* Removes existing files from the CiscoView directory.Step 3 Router# squeeze device_name: Recovers the space in the file system.Step 4 Router# archive tar /xtract tftp://

ip_address_of_tftp_server/ciscoview.tar device_name:cv

Extracts the CiscoView files from the tar file on the TFTP server to the CiscoView directory.

Step 5 Router# dir device_name: Displays the contents of the device.In a redundant configuration, repeat Step 1 through Step 5 for the file system on the redundant supervisor engine.

Step 6 Router# configure terminal Enters global configuration mode.Step 7 Router(config)# ip http server Enables the HTTP web server.Step 8 Router(config)# snmp-server community string ro Configures the SNMP password for read-only operation.Step 9 Router(config)# snmp-server community string rw Configures the SNMP password for read/write operation.1-2Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

Chapter 1 Product OverviewSoftware Features Supported in Hardware by the PFC and DFCFor more information about web access to the router, refer to Using the Cisco Web Browser in the IOS Configuration Fundamentals Configuration Guide at this URL:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htm

Displaying Embedded CiscoView InformationTo display the Embedded CiscoView information, enter the following EXEC commands:

Software Features Supported in Hardware by the PFC and DFC These sections describe the hardware support provided by Policy Feature Card 3 (PFC3), Policy Feature Card 2 (PFC2), Distributed Forwarding Card 3 (DFC3) and Distributed Forwarding Card (DFC):

Software Features Supported in Hardware by the PFC3, PFC2, DFC3, and DFC, page 1-3 Software Features Supported in Hardware by the PFC3 and DFC3, page 1-4

Software Features Supported in Hardware by the PFC3, PFC2, DFC3, and DFC

The PFC3, PFC2, DFC3, and DFC provide hardware support for these Cisco IOS software features: Access Control Lists (ACLs) for Layer 3 ports and VLAN interfaces

Permit and deny actions of input and output standard and extended ACLs

Note Flows that require ACL logging are processed in software on the MSFC.

Except on MPLS interfaces, reflexive ACL flows after the first packet in a session is processed in software on the MSFC

Dynamic ACL flows

Note Idle timeout is processed in software on the MSFC.

For more information about PFC and DFC support for ACLs, see Chapter 35, Understanding Cisco IOS ACL Support.For complete information about configuring ACLs, refer to the Cisco IOS Security Configuration Guide, Release 12.2, Traffic Filtering and Firewalls, at this URL:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/index.htm

VLAN ACLs (VACLs)To configure VACLs, see Chapter 36, Configuring VLAN ACLs.

Command Purpose

Router# show ciscoview package Displays information about the Embedded CiscoView files.Router# show ciscoview version Displays the Embedded CiscoView version.1-3Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

Chapter 1 Product OverviewSoftware Features Supported in Hardware by the PFC and DFC Policy-based routing (PBR) for route-map sequences that use the match ip address, set ip next-hop, and ip default next-hop PBR keywords.To configure PBR, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2, Classification, Configuring Policy-Based Routing, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm

Note If the MSFC3 address falls within the range of a PBR ACL, traffic addressed to the MSFC3 is policy routed in hardware instead of being forwarded to the MSFC3. To prevent policy routing of traffic addressed to the MSFC3, configure PBR ACLs to deny traffic addressed to the MSFC3.

Except on MPLS interfaces, TCP interceptTo configure TCP intercept, see the Configuring TCP Intercept section on page 34-2.

Firewall feature set images provide these features: Context-Based Access Control (CBAC) The PFC installs entries in the NetFlow table to

direct flows that require CBAC to the MSFC where the CBAC is applied in software on the MSFC.

Authentication ProxyAfter authentication on the MSFC, the PFC provides TCAM support for the authentication policy.

Port-to-Application Mapping (PAM)PAM is done in software on the MSFC.To configure firewall features, see Chapter 45, Configuring the Cisco IOS Firewall Feature Set.

Hardware-assisted NetFlow AggregationRefer to this URL:http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/nde.htm#1081085

Software Features Supported in Hardware by the PFC3 and DFC3

The PFC3 and DFC3 provide hardware support for these Cisco IOS software features: Bidirectional Protocol Independent Multicast (PIM) in hardwareSee Understanding How IPv4

Bidirectional PIM Works section on page 29-7. Multiple-path Unicast Reverse Path Forwarding (RPF) CheckTo configure Unicast RPF Check,

see the Configuring Unicast Reverse Path Forwarding Check section on page 34-2. Except on MPLS interfaces, Network Address Translation (NAT) for IPv4 unicast and multicast

traffic.

Note the following information about hardware-assisted NAT: NAT of UDP traffic is supported only in PFC3BXL or PFC3B mode. The PFC3 does not support NAT of multicast traffic. The PFC3 does not support NAT configured with a route-map that specifies length. When you configure NAT and NDE on an interface, the PFC3 sends all traffic in fragmented

packets to the MSFC3 to be processed in software. (CSCdz51590)To configure NAT, refer to the Cisco IOS IP Configuration Guide, Release 12.2, IP Addressing and Services, Configuring IP Addressing, Configuring Network Address Translation, at this URL:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfipadr.htm#1042290 1-4Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

Chapter 1 Product OverviewSoftware Features Supported in Hardware by the PFC and DFCTo prevent a significant volume of NAT traffic from being sent to the MSFC3, due to either a DoS attack or a misconfiguration, enter the mls rate-limit unicast acl {ingress | egress} command described at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#56404 (CSCea23296)

With Release 12.2(18)SXE and later releases, IPv4 Multicast over point-to-point generic route encapsulation (GRE) TunnelsRefer to the publication at this URL:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htm Releases earlier than Release 12.2(18)SXE support IPv4 multicast over point-to-point GRE tunnels in software on the MSFC.

Note The PFC3 does not provide hardware acceleration for tunnels configured with the tunnel key command.

GRE Tunneling and IP in IP TunnelingThe PFC3 and DFC3s support the following tunnel commands: tunnel destination tunnel mode gre tunnel mode ipip tunnel source

tunnel ttl

tunnel tos

Other supported types of tunneling run in software on the MSFC3. The tunnel ttl command (default 255) sets the TTL of encapsulated packets. The tunnel tos command, if present, sets the ToS byte of a packet when it is encapsulated. If the tunnel tos command is not present and QoS is not enabled, the ToS byte of a packet sets the ToS byte of the packet when it is encapsulated. If the tunnel tos command is not present and QoS is enabled, the ToS byte of a packet as modified by PFC QoS sets the ToS byte of the packet when it is encapsulated. To configure GRE Tunneling and IP in IP Tunneling, refer to these publications: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htm http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_r/irfshoip.htm To configure the tunnel tos and tunnel ttl commands, refer to this publication:http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s17/12s_tos.htm Note the following information about tunnels: Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot

share a source even if the destinations are different. Use secondary addresses on loopback interfaces or create multiple loopback interfaces. (CSCdy72539)

Each tunnel interface uses one internal VLAN.

Each tunnel interface uses one additional router MAC address entry per router MAC address. The PFC3A does not support any PFC QoS features on tunnel interfaces.1-5Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

Chapter 1 Product OverviewSoftware Features Supported in Hardware by the PFC and DFC The PFC3B and PFC3BXL support PFC QoS features on tunnel interfaces. The MSFC3 supports tunnels configured with egress features on the tunnel interface. Examples

of egress features are output Cisco IOS ACLs, NAT (for inside to outside translation), TCP intercept, CBAC, and encryption.1-6Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

Cisco 7600 Series Router Cisco IOS SoftwaOL-4266-08C H A P T E R 2Command-Line Interfaces

This chapter describes the command-line interfaces (CLIs) you use to configure the Cisco 7600 series routers.

Note For complete syntax and usage information for the commands used in this chapter, refer to these publications:

The Cisco 7600 Series Router Cisco IOS Command Reference at this URL:http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/software/122sx/cmdref/index.htm

The Release 12.2 publications at this URL:http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm

This chapter consists of these sections: Accessing the CLI, page 2-1 Performing Command Line Processing, page 2-3 Performing History Substitution, page 2-3 Cisco IOS Command Modes, page 2-4 Displaying a List of Cisco IOS Commands and Syntax, page 2-5 ROM-Monitor Command-Line Interface, page 2-6

Accessing the CLIThese sections describe accessing the CLI:

Accessing the CLI through the EIA/TIA-232 Console Interface, page 2-2 Accessing the CLI through Telnet, page 2-22-1re Configuration Guide, Release 12.2SX

Chapter 2 Command-Line InterfacesAccessing the CLIAccessing the CLI through the EIA/TIA-232 Console Interface

Note EIA/TIA-232 was known as recommended standard 232 (RS-232) before its acceptance as a standard by the Electronic Industries Alliance (EIA) and Telecommunications Industry Association (TIA).

Perform initial configuration over a connection to the EIA/TIA-232 console interface. Refer to the Cisco 7600 Series Router Module Installation Guide for console interface cable connection procedures. To make a console connection, perform this task:

After making a console connection, you see this display:Press Return for Console prompt

Router> enable Password:Router#

Accessing the CLI through Telnet

Note Before you can make a Telnet connection to the router, you must configure an IP address (see the Configuring IPv4 Routing and Addresses section on page 23-4).

The router supports up to eight simultaneous Telnet sessions. Telnet sessions disconnect automatically after remaining idle for the period specified with the exec-timeout command.To make a Telnet connection to the router, perform this task:

Command Purpose

Step 1 Press Return. Brings up the prompt.Step 2 Router> enable Initiates enable mode enable.Step 3 Password: password

Router# Completes enable mode enable.

Step 4 Router# quit Exits the session when finished.

Command Purpose

Step 1 telnet {hostname | ip_addr} Makes a Telnet connection from the remote host to the router you want to access.

Step 2 Password: password

Router#

Initiates authentication.Note If no password has been configured, press Return.

Step 3 Router> enable Initiates enable mode enable.Step 4 Password: password

Router# Completes enable mode enable.

Step 5 Router# quit Exits the session when finished.2-2Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

OL-4266-08

Chapter 2 Command-Line InterfacesPerforming Command Line ProcessingThis example shows how to open a Telnet session to the router:unix_host% telnet Router_1 Trying 172.20.52.40...Connected to 172.20.52.40.Escape character is '^]'.

User Access Verification

Password:Router_1> enable Password:Router_1#

Performing Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters if the abbreviations contain enough letters to be different from any other currently available commands or parameters. You can scroll through the last 20 commands stored in the history buffer, and enter or edit the command at the prompt. Table 2-1 lists the keyboard shortcuts for entering and editing commands.