Quick CatOS Configuration Guide

Platform: - Cisco 6509 catos
Author: -  Surender Singh

1. Setting the IP address and default gateway of the switch

1. # set int sc0 {ipaddress} {subnet mask}
2. # set route default {ipaddress}

1.  For setting the name of ports for each module.

1. # set port name {mod-num/port-num} {name}

1. For Setting the port Speed

1. # set port speed {mod-num/port-num} auto

1. For setting the port in half duplex or full duplex

1. # set port duplex {mod-num/port-num} {half/full}

1. For setting the ports for flow control for controlling the traffic or delay of traffic

1. # set port flow control {mod-num/port-num} Send ON (the port will send Flow control to far end.)
2. # set port flow control {mod-num/port-num} Receive ON (the port will require far end to send flow control)

1. Port Negotiation before establishing a link

1) #  Set port negotiation {mod-num/port-num}{enable/disable}
2) #show port

1. Clear config all will clear out all the config and all ports will collapse into VLAN1 which will cause instability. In order to avoid this all the ports are put into a blocking state.

1. # set default port status

1.  Configuring Ether Channels

In this all Ethernet links are grouped together to form one Ether Channel. A max of 8 Ether links can join a Admin Group. Port Aggression Protocol communicates by exchanging packets between the ports to establish a link; it adds the Ether channel to a spanning tree as one single bridge port to avoid loops.

1. # set port channel {mod-num/port-num} {admin-group(1-1024}
2. # set port chaneel {mod-num/port-num} { auto|desirable}

3) #set port channel all distribution {ipaddress|mac address} {source|destination}
4) # Show port channel

1.  Configuring Spanning Tree Protocol (IEEE 802.1 d)

In a switched network only a single path must exist between two stations .Each vlan has its STP defined.
If multiple patches exists between two stations loops can occur.

STP spans the extended switch network and force certain redundant paths into a standby or blocked state if any of the link goes down then the blocked path comes into forwarding state .All switches participate in a STP by exchanging Bridge protocol data units .the BPDU contains information of the switch ,port mac-address, priority, cost. This is used to elect the root switch.

Enabling STP on VLAN

1. # Set spantree enable {vlan_num}

Changing the port priority for putting it into forwarding state

1. # set spantree port priority {mod-num/port-num} {priority}
2.  # set spantree port vlan priority {mod-num/port-num} {priority} {vlan-num}

Changing the port cost

1. #set spantree port cost {mod-num/port-num} {cost}
2. #set spantree port vlan cost {mod-num/port-num} {cost} {vlan_num}

Configure a switch for root & secondary root

1. #set spantree root {Vlans} dia 4
2. #set spantree root secondary {Vlans} dia 5 hello 1

Disabling Spantree

1. #set spantree disable

How Port Fast works

By enabling port fast the port does not wait for the STP to converge and always remain in the forwarding state

Portfast BPDU Guard

It can prevent loops by moving a non trunking port into the Errdisable state when a BPDU is received on that port. When this is enabled STP shuts down the port.

Configuring Spatree portfast

1. #set spantree portfast {mod-num/port-num} enable
2. #set spantree portfast bpdu-guard enable
3. #set spantree uplinkfast enable(if the interface goes down between two switches ,uplink fast enables a blocked state interface directly into forwarding state).
4. #set spantree backbonefast enable (it enables an indirect link into forwarding state).

1. Configuring VTP

1. #set VTP domain {name}
2. #set VTP mode {server|client|transparent}
3. #set VTP password
4. #set VTP V2 enable
5. #set VTP purn eligible {Vlan Range}
6. #show trunks (verifies that appropriate Vlans are trunked)
7. #show VTP statistics

1. Configuring VLAN

1. #set Vlan {Vlan number (2-1000)} name {name}

VLAN 1 is by default the inband (SC0) interface of a switch ,by which any switch can be accessed without going thru the router.

1. #set Vlan {vlan number} {mod-num/port-num}

Valid range of Vlans for ISL is 1-1000; valid range for IEEE 802.1q is 0-4095

If non-Cisco devices r connected to Cisco devices thru 802.1q trunks, we must Map 802.1q Vlan numbers greater than 1000 to ISL Vlan numbers .802.1q vlan numbers in the range of 1-1000 r automatically mapped to ISL vlan .If greater than 1000 it has to be mapped manually to be recognized by Cisco switches. Upto 16 802.1q Vlans can be configured to ISL VLANs

1. #SET Vlan Mapping dot1q {vlan number} ISL {Vlan number}

1. Trunking (Important)

Configuring an ISL or dot1q trunk

1. # set trunk {mod-num/port-num} {auto|desirable|ON|OFF} dot1q

Negotiation

1. #set trunk {mod-num/port-num} desirable (mode) negotiate (dot1q or ISL) (assuming that the end port is in auto mode)

By default all Vlans are allowed when a trunk is set.
To disallow specific trunks

1. #clear trunk {mod-num/port-num} {vlan range}
2. # set trunk {mod-num/port-num} {vlan number or range}
3. # sh trunk {mod-num/port-num}

Disabling Trunk port

1. #set trunk {mod-num/port-num} OFF (turns trunking OFF on the port)
2. #clear trunk {mod-num/port-num}  (puts the port its default trunking)

1. GVRP: Generic attribute registration protocol

-------------------------
article courtesy of  www.knowurtech.com

Virtual Routing and Forwarding

Virtual routing and forwarding (VRF) is a technology included in IP
(Internet Protocol) network routers that allows multiple instances of a
routing table to exist in a router and work simultaneously. This
increases functionality by allowing network paths to be segmented
without using multiple devices. Because traffic is automatically
segregated, VRF also increases network security and can eliminate the
need for encryption and authentication. Internet service providers
(ISPs) often take advantage of VRF to create separate virtual private
networks (VPNs) for customers; thus the technology is also referred to
as VPN routing and forwarding.

VRF acts like a logical router, but while a logical router may include
many routing tables, a VRF instance uses only a single routing table.
In addition, VRF requires a forwarding table that designates the next
hop for each data packet, a list of devices that may be called upon to
forward the packet, and a set of rules and routing protocols that
govern how the packet is forwarded. These tables prevent traffic from
being forwarded outside a specific VRF path and also keep out traffic
that should remain outside the VRF path.

Configuring a VRF

Doug Downer
11.01.2005


In a recent tip called Keeping it all separate with VRFs, I started talking about an increasingly common scenario which involves the requirement to separate customers on shared devices using VPN Routing and Forwarding (VRF) instances. VRFs allow us to logically separate L2 and L3 functions for customers which share common network devices. This separation also allows service providers the ability to separate customers on their backbone with other technologies such as MPLS. MPLS is not within the scope of this series so we'll stick to just the VRF for now. In this tip, I'll show you how to configure a VRF using the scenario we looked at before.

Scenario recap

We have been looking at a scenario involving the requirement for two customers (A and B) to be given Internet access from a service provider (you). Because of the relatively small size of the service provider and customer -- one shared network device was installed to support this requirement. At first glance this scenario allows for the networks of Customer A and Customer B to mix together. To prevent that, the service provider puts each customer within a VRF.

Creating the VRF

The actual configuration of a VRF is not a difficult task. There are two main components to a VRF: The route distinguisher and the route target. A route distinguisher (RD) is a number -- which doesn't actually have any real significance other than to help identify a VPN in a provider's network and allow for overlapping IP space. The RD is an 8-byte number with two parts: A 2-byte type field followed by a 6-byte value field. Without going into too much detail, the value field of the RD is most often represented as an autonomous system number (ASN 2 bytes) followed by an arbitrary number (4 bytes) or an IP address (4 bytes) followed by an arbitrary number (2 bytes). You can enter an RD in either of these formats:

16-bit AS number: your 32-bit number
For example, 101:3.

32-bit IP address: your 16-bit number
For example, 192.168.122.15:1.

The route target (RT) indicates the VPN membership of a route and allows VPN routes to be imported or exported into or out of your VRFs. The RT functions a little like a routing policy -- determining how routes are distributed throughout the particular VPN. Like the RD, the RT is 8 bytes in length and can be entered as:

16-bit AS number: your 32-bit number
For example, 101:3.

32-bit IP address: your 16-bit number
For example, 192.168.122.15:1.

Using the example scenario, let's configure two VRFs on the service provider router. Customer A will have an RD of 192.168.1.1:100 and Customer B will have an RD of 192.168.2.1:200

• Customer A
SP_Router(config)#interface loopback 1
SP_Router(config-if)#description Loopback interface for Customer_A VRF
SP_Router(config)#interface g0/0
SP_Router(config-if)#description Connection to the Customer_A router
SP_Router(config)#ip vrf Customer_A
SP_Router(config-vrf)#rd 192.168.1.1:100
SP_Router(config-vrf)#route-target import 192.168.1.255:100
SP_Router(config-vrf)#route-target export 192.168.1.255:100
• Customer B
SP_Router(config)#interface loopback 2
SP_Router(config-if)#description Loopback interface for Customer_B VRF
SP_Router(config)#interface g0/1
SP_Router(config-if)#description Connection to the Customer_B router
SP_Router(config)#ip vrf Customer_B
SP_Router(config-vrf)#rd 192.168.2.1:200
SP_Router(config-vrf)#route-target import 192.168.2.255:200
SP_Router(config-vrf)#route-target export 192.168.2.255:200

Assigning the interfaces

Once you have created the VRF you can begin to assign the particular interfaces and start to separate the customers. Notice I did not assign an IP address to the interfaces which are intended to be in the VRF. If you put the IP addresses on prior to putting the interface in the VRF, the IP address will be removed and cause you to have to re-IP the interfaces.

• Customer A
SP_Router(config)#interface lo1
SP_Router(config-if)#ip vrf forwarding Customer_A
SP_Router(config-if)#ip address 192.168.1.1 255.255.255.255
SP_Router(config)#interface g0/0
SP_Router(config-if)#ip vrf forwarding Customer_A
SP_Router(config-if)#ip address 10.1.1.1 255.255.255.252
• Customer B
SP_Router(config)#interface lo2
SP_Router(config-if)#ip vrf forwarding Customer_B
SP_Router(config-if)#ip address 192.168.2.1 255.255.255.255
SP_Router(config)#interface g0/1
SP_Router(config-if)#ip vrf forwarding Customer_B
SP_Router(config-if)#ip address 10.1.2.1 255.255.255.252

These configurations have modified our picture somewhat. The figure below shows what the things look like now:

You can verify your configurations by using the show ip vrf command:

SP_Router #show ip vrf
Name	Default RD	Interfaces
Customer_A	192.168.1.1:100	Loopback1
		GigabitEthernet0/0
Customer_B	192.168.2.1:200	Loopback2
		GigabitEthernet0/1

Once you have the proper interfaces within the correct VRF, you can begin to establish IP connectivity and routing between the customer routers and the service provider routers.

--------------------------------------

article courtesy of searchenterprisewan.com