- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Ugrade (eFSU)
- NSF with SSO Supervisor Engine Redundancy
- RPR Supervisor Engine Redundancy
- Interface Configuration
- UniDirectional Link Detection (UDLD)
- Power Management and Environmental Monitoring
- EnergyWise
- Online Diagnostics
- Onboard Failure Logging
- Switch Fabric Functionality
- Cisco IP Phone Support
- Power over Ethernet
- Layer 2 LAN Ports
- Flex Links
- EtherChannels
- mLACP for Server Access
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- STP and MST
- Optional STP Features
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- L2VPN Advanced VPLS (A-VPLS)
- IP Unicast Layer 3 Switching
- IPv6 Multicast Layer 3 Switching
- MLD Snooping for IPv6 Multicast Traffic
- IPv4 Multicast Layer 3 Switching
- IGMP Snooping and MVR for IPv4 Multicast Traffic
- Configuring MVR for IPv4 Multicast Traffic
- IPv4 IGMP Filtering and Router Guard
- PIM Snooping
- IPv4 Multicast VPN Support
- PFC QoS
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Network Security
- AutoSecure
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- Port ACLs (PACLs) and VLAN ACLs (VACLs)
- Denial of Service Protection
- Control Plane Policing (CoPP)
- DHCP Snooping
- IP Source Guard
- Dynamic ARP Inspection
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- Network Admission Control (NAC)
- IEEE 802.1X Port-Based Authentication
- Web-Based Authentication
- Port Security
- NetFlow
- NetFlow Data Export (NDE)
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- Ethernet Services Line Cards
- Online Diagnostic Tests
- Acronyms
Configuring Layer 3 Interfaces
This chapter contains information about how to configure Layer 3 interfaces in Cisco IOS Release 12.2SX.
Note For complete syntax and usage information for the commands used in this chapter, see these publications:
•The Cisco IOS Master Command List, at this URL:
http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html
•The Release 12.2 publications at this URL:
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
This chapter consists of these sections:
•Layer 3 Interface Configuration Guidelines and Restrictions
•Configuring Subinterfaces on Layer 3 Interfaces
•Configuring IPv4 Routing and Addresses
•Configuring IPX Routing and Network Numbers
•Configuring AppleTalk Routing, Cable Ranges, and Zones
•Configuring Other Protocols on Layer 3 Interfaces
Layer 3 Interface Configuration Guidelines and Restrictions
When configuring Layer 3 interfaces, follow these guidelines and restrictions:
•We recommend that you configure no more than 2,000 Layer 3 VLAN interfaces.
•The ip unnumbered command is supported on Layer 3 VLAN interfaces.
•To support VLAN interfaces, create and configure VLANs and assign VLAN membership to Layer 2 LAN ports. For more information, see Chapter 23 "Configuring VLANs" and Chapter 22 "Configuring VTP."
•Cisco IOS Release 12.2SX does not support:
–Integrated routing and bridging (IRB)
–Concurrent routing and bridging (CRB)
–Remote source-route bridging (RSRB)
•Use bridge groups on VLAN interfaces, sometimes called fall-back bridging, to bridge nonrouted protocols. Bridge groups on VLAN interfaces are supported in software on the route processor (RP).
•Cisco IOS Release 12.2SX does not support the IEEE bridging protocol for bridge groups. Configure bridge groups to use the VLAN-bridge or the DEC spanning-tree protocol.
Configuring Subinterfaces on Layer 3 Interfaces
When configuring Layer 3 subinterfaces, follow these guidelines and restrictions:
•The PFC3 supports these features on LAN port subinterfaces:
–IPv4 unicast forwarding, including MPLS VPN
–IPv4 multicast forwarding, including MPLS VPN
–6PE
–EoMPLS
–IPv4 unnumbered
–Counters for subinterfaces in MIBS and with the show vlans command
–iBGP and eBGP
–OSPF
–EIGRP
–RIPv1/v2
–RIPv2
–ISIS
–Static routing
–Unidirectional link routing (UDLR)
–IGMPv1, IGMPv2, IGMPv3
–PIMv1, PIMv2
–SSM IGMPv3lite and URD
–Stub IP multicast routing
–IGMP join
–IGMP static group
–Multicast routing monitor (MRM)
–Multicast source discovery protocol (MSDP)
–SSM
–IPv4 Ping
–IPv6 Ping
•Always use the native keyword when the VLAN ID is the ID of the IEEE 802.1Q native VLAN. Do not configure encapsulation on the native VLAN of an IEEE 802.1Q trunk without the native keyword.
•Because VLAN IDs are global to the switch, you can use a VLAN internally, on a subinterface, or with a Layer 3 VLAN interface.
–You cannot configure an internal VLAN on a subinterface or a Layer 3 VLAN interface.
–You cannot configure a subinterface VLAN on a Layer 3 VLAN interface.
–You cannot configure a VLAN used with a Layer 3 VLAN interface on a subinterface.
Note You cannot configure a VLAN used on one interface or subinterface on another interface or subinterface.
•With any VTP version, you can configure subinterfaces with any normal range or extended range VLAN ID in VTP transparent mode. Because VLAN IDs 1 to 1005 are global in the VTP domain and can be defined on other network devices in the VTP domain, you can use only extended range VLANs with subinterfaces in VTP client or server mode. In VTP client or server mode, normal range VLANs are excluded from subinterfaces.
Note If you configure normal range VLANs on subinterfaces, you cannot change the VTP mode from transparent.
To configure a subinterface, perform this task:
|
|
|
---|---|---|
Step 1 |
Router> enable |
Enters privileged EXEC mode. |
Step 2 |
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
Router(config)# interface {{type1 slot/port.subinterface} | {port-channel port_channel_number.subinterface}} |
Selects an interface and enters subinterface configuration mode. |
Step 4 |
Router(config-subif)# encapsulation dot1q vlan_ID [native] |
Configures 802.1Q encapsulation for the subinterface. |
Step 5 |
Router(config-if)# exit |
Returns to global configuration mode. |
1 type = fastethernet, gigabitethernet, tengigabitethernet, or ge-wan |
Configuring IPv4 Routing and Addresses
For complete information and procedures, see these publications:
•Cisco IOS IP and IP Routing Configuration Guide, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/fipr_c.html
•Cisco IOS IP and IP Routing Command Reference, Release 12.2, at these URLs:
http://www.cisco.com/en/US/docs/ios/12_2/ipaddr/command/reference/fipras_r.html
http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/fiprrp_r.html
When configuring IPv4 routing and addresses, follow these guidelines and restrictions:
•See the command reference for information about the maximum-paths command.
•The Policy Feature Card (PFC) and any Distributed Feature Cards (DFCs) provide hardware support for policy-based routing (PBR) for route-map sequences that use the match ip address, set ip next-hop, and ip default next-hop PBR keywords.
When configuring PBR, follow these guidelines and restrictions:
–The PFC provides hardware support for PBR configured on a tunnel interface.
–The PFC does not provide hardware support for PBR configured with the set ip next-hop keywords if the next hop is a tunnel interface.
–To avoid high CPU utilization, do not configure an address in the same subnet as the next hop.
–If the RP address falls within the range of a PBR ACL, traffic addressed to the RP is policy routed in hardware instead of being forwarded to the RP. To prevent policy routing of traffic addressed to the RP, configure PBR ACLs to deny traffic addressed to the RP.
–Any options in Cisco IOS ACLs that provide filtering in a PBR route-map that would cause flows to be sent to the RP to be switched in software are ignored. For example, logging is not supported in ACEs in Cisco IOS ACLs that provide filtering in PBR route-maps.
–PBR traffic through switching module ports where PBR is configured is routed in software if the switching module resets. (CSCee92191)
–Any permit route-map sequence with no set statement will cause matching traffic to be processed by the RP.
–In Cisco IOS Release 12.2(33)SXH4 and later releases, for efficient use of hardware resources, enter the platform ipv4 pbr optimize tcam command in global configuration mode when configuring multiple PBR sequences (or a single PBR sequence with multiple ACLs) in which more than one PBR ACL contains DENY entries. In earlier releases, we recommend avoiding this type of configuration. (CSCsr45495)
–In Cisco IOS Release 12.2(33)SXH4 and later releases, the BOOTP/DHCP traffic will be dropped unless explicitly permitted. In Cisco IOS Release 12.2(18)SXF, BOOTP/DHCP packets are not subjected to a PBR configured in the ingress interfaces and the BOOTP/DHCP packets are forwarded to the BOOTP/DHCP server, although they are not explicitly permitted.
To configure PBR, see the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2, "Classification," "Configuring Policy-Based Routing," at this URL:
To configure IPv4 routing and an IPv4 address on a Layer 3 interface, perform this task:
|
|
|
---|---|---|
Step 1 |
Router(config)# ip routing |
Enables IPv4 routing. (Required only if IPv4 routing is disabled.) |
Step 2 |
Router(config)# router ip_routing_protocol |
Specifies an IPv4 routing protocol. |
Step 3 |
Router(config-router)# ip_routing_protocol_commands |
Configures the IPv4 routing protocol. |
Step 4 |
Router(config-router)# exit |
Exists IPv4 routing protocol configuration mode. |
Step 5 |
Router(config)# interface {vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number} |
Selects an interface to configure. |
Step 6 |
Router(config-if)# ip address ip_address subnet_mask |
Configures the IPv4 address and IPv4 subnet. |
Step 7 |
Router(config-if)# no shutdown |
Enables the interface. |
Step 8 |
Router(config-if)# end |
Exits configuration mode. |
Step 9 |
Router# show interfaces [{vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number}] Router# show ip interfaces [{vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number}] Router# show running-config interfaces [{vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number}] |
Verifies the configuration. |
1 type = fastethernet, gigabitethernet, or tengigabitethernet |
This example shows how to enable IPv4 Routing Information Protocol (RIP) routing:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip routing
Router(config)# router rip
Router(config-router)# network 10.0.0.0
Router(config-router)# end
Router#
This example shows how to configure an IPv4 address on Fast Ethernet port 5/4:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface fastethernet 5/4
Router(config-if)# ip address 172.20.52.106 255.255.255.248
Router(config-if)# no shutdown
Router(config-if)# end
Router#
This example uses the show interfaces command to display the interface IPv4 address configuration and status of Fast Ethernet port 5/4:
Router# show interfaces fastethernet 5/4
FastEthernet5/4 is up, line protocol is up
Hardware is Cat6K 100Mb Ethernet, address is 0050.f0ac.3058 (bia 0050.f0ac.3058)
Internet address is 172.20.52.106/29
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
7 packets input, 871 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
8 packets output, 1658 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Router#
This example uses the show ip interface command to display the detailed configuration and status of Fast Ethernet port 5/4:
Router# show ip interface fastethernet 5/4
FastEthernet5/4 is up, line protocol is up
Internet address is 172.20.52.106/29
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP Fast switching turbo vector
IP Normal CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
WCCP Redirect outbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled
IP multicast multilayer switching is disabled
IP mls switching is enabled
Router#
This example uses the show running-config command to display the interface IPv4 address configuration of Fast Ethernet port 5/4:
Router# show running-config interfaces fastethernet 5/4
Building configuration...
Current configuration:
!
interface FastEthernet5/4
description "Router port"
ip address 172.20.52.106 255.255.255.248
no ip directed-broadcast
!
Configuring IPX Routing and Network Numbers
Note The RP supports IPX with fast switching.
For complete information and procedures, see these publications:
•Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/atipx/configuration/guide/fatipx_c.html
•Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/atipx/command/reference/fatipx_r.html
To configure routing for Internetwork Packet Exchange (IPX) and configure IPX on a Layer 3 interface, perform this task:
|
|
|
---|---|---|
Step 1 |
Router(config)# ipx routing |
Enables IPX routing. |
Step 2 |
Router(config)# router ipx_routing_protocol |
Specifies an IP routing protocol. This step might include other commands, such as specifying the networks to route with the network command. |
Step 3 |
Router(config)# interface {vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number} |
Selects an interface to configure. |
Step 4 |
Router(config-if)# ipx network [network | unnumbered] encapsulation encapsulation_type |
Configures the IPX network number. This enables IPX routing on the interface. When you enable IPX routing on the interface, you can also specify an encapsulation type. |
Step 5 |
Router(config-if)# no shutdown |
Enables the interface. |
Step 6 |
Router(config-if)# end |
Exits configuration mode. |
Step 7 |
Router# show interfaces [{vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number}] Router# show ipx interfaces [{vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number}] Router# show running-config interfaces [{vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number}] |
Verifies the configuration. |
1 type = fastethernet, gigabitethernet, or tengigabitethernet |
This example shows how to enable IPX routing and assign an IPX network address to interface VLAN 100:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ipx routing
Router(config)# ipx router rip
Router(config-ipx-router)# network all
Router(config-ipx-router)# interface vlan 100
Router(config-if)# ipx network 100 encapsulation snap
Router(config-if)# no shutdown
Router(config-if)# end
Router# copy running-config startup-config
Configuring AppleTalk Routing, Cable Ranges, and Zones
For complete information and procedures, see these publications:
•Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/atipx/configuration/guide/fatipx_c.html
•Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/atipx/command/reference/fatipx_r.html
To configure routing for AppleTalk, perform this task beginning in global configuration mode:
|
|
|
---|---|---|
Step 1 |
Router(config)# appletalk routing |
Enables AppleTalk routing. |
Step 2 |
Router(config)# interface {vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number} |
Selects an interface to configure. |
Step 3 |
Router(config-if)# appletalk cable-range cable_range |
Assigns a cable range to the interface. |
Step 4 |
Router(config-if)# appletalk zone zone_name |
Assigns a zone name to the interface. |
Step 5 |
Router(config-if)# no shutdown |
Enables the interface. |
Step 6 |
Router(config-if)# end |
Exits configuration mode. |
Step 7 |
Router# show interfaces [{vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number}] Router# show appletalk interfaces [{vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number}] Router# show running-config interfaces [{vlan vlan_ID} | {type1 slot/port} | {port-channel port_channel_number}] |
Verifies the configuration. |
1 type = fastethernet, gigabitethernet, or tengigabitethernet |
This example shows how to enable AppleTalk routing and assign an AppleTalk cable-range and zone name to interface VLAN 100:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# appletalk routing
Router(config)# interface vlan 100
Router(config-if)# appletalk cable-range 100-100
Router(config-if)# appletalk zone Engineering
Router(config-if)# no shutdown
Router(config-if)# end
Router# copy running-config startup-config
Configuring Other Protocols on Layer 3 Interfaces
See these publications for information about configuring other protocols on Layer 3 interfaces:
•Cisco IOS Apollo Domain, VINES, DECnet, ISO CLNS, and XNS Configuration Guide, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/apollo/configuration/guide/fapolo_c.html
•Cisco IOS Apollo Domain, VINES, DECnet, ISO CLNS, and XNS Command Reference, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/apollo/command/reference/fapolo_r.html
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum