© 2002, Cisco Systems, Inc. All rights reserved.

1
 LAN Switching
Catalyst 3550 L2/L3

© 2002, Cisco Systems, Inc. All rights reserved. 2

Agenda

• Catalyst 3550 Overview

• L2 Features
Management Interface
VLAN
VLAN Trunking Protocol (VTP)
Port Configuration
Trunking and Ether-Channel
Spanning Tree Protocol (STP)

• L3 Features
L2 Vs. L3 Interfaces
IP Unicast Routing
Switch Virtual Interface (SVI)
Fallback Bridging

• Advanced Features and Quality of Service

© 2002, Cisco Systems, Inc. All rights reserved. 3

Catalyst 3550 Overview

• IOS syntax based CLI

• Specific commands and configuration modes in
Cisco IOS for Catalyst Switches
• All ports are L2 by Default
• IP Routing is disabled by Default
• SMI (Standard Multilayer Software Image) and
EMI (Enhanced Multilayer Software Image)
Feature Sets available

© 2002, Cisco Systems, Inc. All rights reserved. 4

Management Interface

• Similar to the role of ‘sc0’ in CatOS, acts like an IP host resides

in the switch
–Provides basic IP connectivity to the switch for management purposes
(e.g. Telnet, SNMP, etc.)
–Enabled by creating a VLAN interface and assigning IP address to it
–Interface VLAN 1 is created by Default
• Remote access to the switch via Telnet is similar to other Cisco
routers. Requires configuring Enable and VTY passwords.
• Configuring default-gateway may be required depending on if IP
routing is enabled.

© 2002, Cisco Systems, Inc. All rights reserved. 5

Management Interface (Cont’d)

• Configuration Example:
–Create VLAN interface and assign IP address to it
Switch(config)#interface vlan 1
Switch(config-if)#ip address 10.1.1.1 255.255.255.0
Switch(config-if)#no shut
–Configure IP default-gateway if necessary (when IP routing
is disabled)
Switch(config)#ip default-gateway 10.1.1.254

© 2002, Cisco Systems, Inc. All rights reserved. 6

VLAN – What is it?

• A Virtual LAN (VLAN) is

– The representation of a logical segment in a switched network
– A single broadcast domain
• A VLAN may span across multiple switches via trunk links
• A port on a Catalyst switch can be assigned to any VLAN
• Inter-VLAN communication requires a L3 device
• A VLAN usually maps to a single IP subnet (except when
secondary IP address(es) configured

© 2002, Cisco Systems, Inc. All rights reserved. 7

VLAN – How to configure

• By default, only VLAN 1 exists on the switch, and all ports on the switch are
assigned to it
• Must be in VTP Server or Transparent mode to add/delete VLANs
• Normal-range VLANs (1 ~ 1005) are stored in ‘vlan.dat’ located on ‘flash:’,
while extended-range VLANs (1006 ~ 4094) are stored in ‘running-config’.
• Deleting ‘vlan.dat’ will remove all non-default VLANs, but will only take effect
after reload
• Creating new VLAN
– In VLAN Configuration Mode (Old Method)
– In IOS “config-vlan” Mode (New Method)

© 2002, Cisco Systems, Inc. All rights reserved. 8

VLAN – VLAN Configuration Mode

• Can be used to configure only the normal-range

VLANs (1 ~ 1005)
• Configuration Example:
Switch#vlan database
Switch(vlan)#vlan 2 name ADMIN
VLAN 2 modified:
Name: ADMIN
Switch(vlan)#exit
APPLY completed.
Exiting....

© 2002, Cisco Systems, Inc. All rights reserved. 9

VLAN – IOS ‘config-vlan’ Mode

• Can be used to configure both normal-range and

extended-range VLANs (i.e. 1 ~ 4094)
• Must be used to configure extended-range VLANs (1006
~ 4094), which also requires VTP Transparent mode to
be configured
• Configuration Example:
Switch(config)#vlan 2
Switch(config-vlan)#name ADMIN

© 2002, Cisco Systems, Inc. All rights reserved. 10

VLAN – Display current configuration

Switch#show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Gi0/3, Gi0/4, Gi0/5, Gi0/6
Gi0/7, Gi0/8, Gi0/9, Gi0/10
Gi0/11, Gi0/12
2 ADMIN active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

© 2002, Cisco Systems, Inc. All rights reserved. 11

VLAN Trunking Protocol (VTP)

• A L2 messaging protocol used to maintain VLAN

configuration consistency by managing the addition,
deletion, and renaming of VLANs on a network-wide basis
• VTP Domain: A parameter used by VTP to define the
VLAN management domain. All switches, interconnected
via L2 trunks, with the same VTP domain name configured
share the same VLAN information.
• 3 VTP modes: Server, Client, and Transparent. Only
switches configured in VTP Server or Transparent mode
will keep a local copy of the VLAN information. Switches
configured in VTP Client mode need to rely on the VTP
advertisement sent by VTP Server configured in the
network.
• VTP password can be configured to provide enhanced
security.
© 2002, Cisco Systems, Inc. All rights reserved. 12
VTP - VLAN Configuration Mode

• Configuration Example:
Switch#vlan database
Switch(vlan)#vtp domain CCIE
Changing VTP domain name from NULL to CCIE
Switch(vlan)#vtp password CISCO
Setting device VLAN database password to CISCO.
Switch(vlan)#vtp <server/client/transparent>
Setting device to VTP <SERVER/CLIENT/TRANSPARENT> mode.
Switch(vlan)#exit

• Changes made under this mode will only be stored in

‘vlan.dat’ file, together with all the VLAN information
configured

© 2002, Cisco Systems, Inc. All rights reserved. 13

VTP – IOS Global Configuration Mode

• Configuration Example:
Switch(config)#vtp domain CCIE
Changing VTP domain name from NULL to CCIE
Switch(config)#vtp password CISCO
Setting device VLAN database password to CISCO.
Switch(config)#vtp mode <server/client/transparent>
Setting device to VTP <SERVER/CLIENT/TRANSPARENT> mode

• Changes made under this mode will be stored in

‘running-config’ in NVRAM.

© 2002, Cisco Systems, Inc. All rights reserved. 14

VTP – Display Current Configuration

Switch#sh vtp status

VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name : CCIE
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xC1 0xF6 0xA1 0x4A 0x9E 0x5B 0x1E 0xF1
Configuration last modified by 0.0.0.0 at 3-1-93 00:26:23
Local updater ID is 0.0.0.0 (no valid interface found)

© 2002, Cisco Systems, Inc. All rights reserved. 15

Caveats on VTP and VLAN Configuration

When you save VTP information in the switch startup configuration file and reboot the
switch, the switch configuration is determined as follows:
• If the VTP mode is transparent in the startup configuration and the VLAN database
and the VTP domain name from the VLAN database matches that in the startup
configuration file, the VLAN database is ignored (cleared), and the VTP and VLAN
configurations in the startup configuration file are used. The VLAN database revision
number remains unchanged in the VLAN database.
• If the VTP mode or domain name in the startup configuration do not match the VLAN
database, the domain name and VTP mode and configuration for the first 1005 VLANs
use the VLAN database information.
• If the switch is running IOS release 12.1(9)EA1 or later and you use an older
configuration file to boot up the switch, the configuration file does not contain VTP or
VLAN information, and the switch uses the VLAN database configurations.
• If the switch is running an IOS release earlier than 12.1(9)EA1 on the switch and you
use a configuration file from IOS release 12.1(9)EA1 or later to boot up the switch, the
image on the switch does not recognize VLAN and VTP configurations in the
configuration file, so the switch uses the VLAN database configuration.

Be consistent in the configuration mode chosen. Preferably

using IOS based mode instead of VLAN database mode.
© 2002, Cisco Systems, Inc. All rights reserved. 16
Port Membership Mode

• A L2 port (a.k.a. switchport) on the switch can operate in

one of the following membership modes
– Static Access
– Trunk (ISL or IEEE 802.1Q)
– Dynamic Access
– Voice VLAN
– Tunnel (dot1q-tunnel)
• More details about each membership mode can be found
from the link below:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swvlan.htm#1103064

© 2002, Cisco Systems, Inc. All rights reserved. 17

L2 Access Port Configuration Tasks

• Determine if we need to hardset speed/duplex on the port

Switch(config)#interface gigabitEthernet 0/1
Switch(config-if)#speed {auto|10|100|1000}
Switch(config-if)#duplex {auto|half|full}

• Configure the port as a L2 port

Switch(config-if)#switchport

• Configure the port as Static Access

Switch(config-if)#switchport mode access
(This is necessary as the default Administrative Mode for a L2 port is ‘dynamic desirable’, which
attempt negotiating to be a trunk when initialized)

• Assign VLAN membership to the port

Switch(config-if)#switchport access vlan vlan-id

© 2002, Cisco Systems, Inc. All rights reserved. 18

Trunk – What is it?

• A protocol designed to allow frames from multiple VLANs

to be carried over a single physical link. This provides a
cost-efficient method to interconnect VLAN-capable
switches.
• Basically specify how to tag L2 frames so that we can
carry VLAN information inside the tag. The destination
device bases on the information retrieved from these
tags to see which VLANs the incoming frames belong to.
• 2 trunking protocols supported by Cisco
– ISL (Cisco Proprietary)
– 802.1Q (IEEE Standard)

© 2002, Cisco Systems, Inc. All rights reserved. 19

Trunking Modes

• AUTO: DTP frames are both sent/received. Will negotiate trunking with
neighboring switch.(willing/ listens)
• DESIRABLE (Default): communication to the neighboring switch via
DISL/DTP that it is capable of an ISL/dot1Q trunk and would like the
neighboring switch to also be one.(will / listens)
• ON: automatically enables ISL trunking regardless of the state of the
neighboring switch.(will / listens)
• Nonegotiate: DISL/DTP is not spoken with the neighboring switch and
automatically enables ISL trunking.(will / does not listen)
• OFF: ISL/dot1Q is not allowed on this port regardless of the trunking mode
on the neighboring switch

© 2002, Cisco Systems, Inc. All rights reserved. 20

Trunking Modes (Cont’d)

ON AUTO DES NoNeg

Local: Trunk Local: Trunk Local: Trunk Local: Trunk

ON Neighbor: Neighbor: Neighbor: Neighbor:
Trunk Trunk Trunk Trunk
Local: Trunk Local: NonTrunk Local: Trunk Local: Trunk
AUTO Neighbor: Neighbor: Neighbor: Neighbor:
Trunk NonTrunk Trunk NonTrunk

Local: Trunk Local: Trunk Local: Trunk Local: Trunk

DES Neighbor: Neighbor: Neighbor: Neighbor:
Trunk Trunk Trunk NonTrunk
Local: Trunk Local: NonTrunk Local: NonTrunk Local: Trunk
NoNeg Neighbor: Neighbor: Neighbor: Neighbor:
Trunk Trunk Trunk Trunk

© 2002, Cisco Systems, Inc. All rights reserved. 21

Configuring VLAN Trunks

• First configure the encapsulation type:

Switch(config-if)#switchport trunk encapsulation {negotiate|ISL|dot1q}
(Default is negotiate, which will attempt to negotiate trunk encapsulation type with link partner when the trunking
mode is auto or desirable)

• Then configure the interface to be a trunk:

Switch(config-if)# switchport mode trunk (hardset as trunk ON)
Switch(config-if)# switchport mode dynamic {auto|desirable}
(Default is desirable)

• For 802.1q Encapsulation, specify the native vlan:

Switch(config-if)# switchport trunk native vlan vlan-id

• (Optional) Specify default vlan if trunking stops:

Switch(config-if)# switchport access vlan vlan-id

© 2002, Cisco Systems, Inc. All rights reserved. 22

Display Trunking Status (1)

Switch#show interface gigabitEthernet 0/1 switchport

Name: Gi0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled

Voice VLAN: none (Inactive)

Appliance trust: none

© 2002, Cisco Systems, Inc. All rights reserved. 23

Display Trunking Status (2)

Switch#show interfaces gigabitEthernet 0/1 trunk

Port Mode Encapsulation Status Native vlan

Gi0/1 desirable n-isl trunking 1

Port Vlans allowed on trunk

Gi0/1 1-4094

Port Vlans allowed and active in management domain

Gi0/1 1-2

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1-2

© 2002, Cisco Systems, Inc. All rights reserved. 24

Advance Trunk Configuration

• Defining Allowed VLANs on a Trunk

This allow us to manually prune unnecessary VLANs from the trunk (By default all VLANs are carried over a trunk)
• Configuration Example:
Here we assume that we will only need VLAN 1, 2, and 400 to be passed over the trunk link configured
Switch(config-if)#switchport trunk allowed vlan remove 100-1001
Switch(config-if)#switchport trunk allowed vlan add 400
Switch#show interface trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 desirable n-isl trunking 1

Port Vlans allowed on trunk

Gi0/1 1-99,400,1002-4094

Port Vlans allowed and active in management domain

Gi0/1 1-2,400

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1-2,400

© 2002, Cisco Systems, Inc. All rights reserved. 25

Configuring Trunking on Cisco Routers

• This is achieved via creating sub-interface under a physical

interface, and specify the encapsulation method, as well as
VLAN assigned to each sub-interface.
• Configuration Example:
Router(config)#int fastEthernet 0/0.1
Router(config-if)#encapsulation dot1q 1 native
Router(config-if)#ip address 10.1.1.2 255.255.255.0
Router(config)#int fastEthernet 0/0.2
Router(config-if)#encapsulation dot1q 2
Router(config-if)#ip address 10.1.2.2 255.255.255.0
... And so on...

© 2002, Cisco Systems, Inc. All rights reserved. 26

EtherChannel/Port Aggregation

• Why do we need it?

–When we have redundant links between 2 switches, Spanning-
Tree would block one of the connections under normal
configuration.
–Blocked Link = Wasted Bandwidth
• Solution – EtherChannel/Port Aggregation
–Aggregate ports for additional bandwidth.
–Function as an access port or trunk port.
–Treated as a single “port” by Spanning-Tree (therefore, all ports
in the channel should be in the same STP state)

© 2002, Cisco Systems, Inc. All rights reserved. 27

EtherChannel Configuration Guideline

• All ports being configured to be part of a EtherChannel

MUST have the same
– Speed and Duplex
– VLAN number, if access ports
– Trunk encapsulation, if trunks
– Native VLAN, if trunks
– Allowed range of VLANs, if trunks
• A EtherChannel can be either L2 or L3, while all ports
belong to the same channel group should be either L2 or L3
(no mix-n-match)

© 2002, Cisco Systems, Inc. All rights reserved. 28

EtherChannel Bundling Modes

• ON: Can form a channel only when the link partner is also
configure in ON mode. PAgP packets are not sent.
• AUTO: Can form a channel only when the link partner is
configured in DESIRABLE mode. Under AUTO mode, a port does
not initiate negotiation
• DESIRABLE: (recommended) Can form a channel when the link
partner is configured in either AUTO or DESIRABLE modes
• OFF: Can not form a channel with any port
• To sum up, the only valid modes combinations are
ON/ON, DESIRABLE/DESIRABLE, DESIRABLE/AUTO

© 2002, Cisco Systems, Inc. All rights reserved. 29

Configure EtherChannel

• Configuration Example:
Switch(config)#interface range gigabitEthernet 0/1 – 2
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 400
Switch(config-if-range)#channel-group 10 mode desirable

• If the L2 EtherChannel also needs to be a trunk link, it is

recommended to first configure ports to participate in the
channel, then configure trunk on the port-channel interface,
as the software will ensure consistency between member
ports of a existing channel-group. The same rule also applies
to any other features that will be applied to the port-channel.

© 2002, Cisco Systems, Inc. All rights reserved. 30

Display EtherChannel Status (1)

Switch#show etherchannel summary

Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
u - unsuitable for bundling
U - in use f - failed to allocate aggregator

d - default port
Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Gi0/1(P) Gi0/2(P)

© 2002, Cisco Systems, Inc. All rights reserved. 31

Display EtherChannel Status (2)

Switch#sh interfaces g0/1 etherchannel

Port state = Up Mstr In-Bndl

Channel group = 1 Mode = Desirable-Sl Gcchange = 0
Port-channel = Po1 GC = 0x00010001 Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = PAgP

Flags: S - Device is sending Slow hello. C - Device is in Consistent state.

A - Device is in Auto mode. P - Device learns on physical port.
d - PAgP is down.
Timers: H - Hello timer is running. Q - Quit timer is running.
S - Switching timer is running. I - Interface timer is running.

Local information:
Hello Partner PAgP Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Gi0/1 SC U6/S7 H 30s 1 128 Any 17

Partner's information:

Partner Partner Partner Partner Group

Port Name Device ID Port Age Flags Cap.
Gi0/1 066507453 00d0.bc03.5898 2/1 1s SAC 1

Age of the port in the current state: 00d:00h:06m:46s

© 2002, Cisco Systems, Inc. All rights reserved. 32

Spanning Tree Protocol (STP)

• A link management protocol that prevents L2 loops due to redundant

path in the physical topology
• Four-Step Decision-Making Sequence
When creating a loop-free logical topology, Spanning-Tree always uses the same four-
step decision sequence:
1. Lowest Root BID (Bridge ID -> Priority + Bridge MAC)
2. Lowest Path Cost to Root Bridge
3. Lowest Sender BID
4. Lowest Port ID
• Since the switch MAC addresses are assigned by vendor, which we
can not change, the best way to insure a optimum L2 topology after
STP convergence is by manually changing the priority.

© 2002, Cisco Systems, Inc. All rights reserved. 33

Displaying STP Status (1)

Switch#show spanning-tree vlan 400

VLAN0400
Spanning tree enabled protocol ieee
Root ID Priority 33168
Address 0002.4b28.dc00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33168 (priority 32768 sys-id-ext 400)

Address 0002.4b28.dc00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Port ID Designated Port ID

Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr
---------------- -------- --------- --- --------- -------------------- --------
Po1 128.65 12 FWD 0 33168 0002.4b28.dc00 128.65

© 2002, Cisco Systems, Inc. All rights reserved. 34

Displaying STP Status (2)

Switch#show spanning-tree summary

Root bridge for: VLAN0400.
Extended system ID is enabled.
PortFast BPDU Guard is disabled
EtherChannel misconfiguration guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Default pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 1 1
VLAN0002 0 0 0 1 1
VLAN0400 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
3 vlans 0 0 0 3 3

© 2002, Cisco Systems, Inc. All rights reserved. 35

Tunning STP

• To force a specific switch to be the root for a given

VLAN:
Switch(config)#spanning-tree vlan 1 root primary
Switch(config)#spanning-tree vlan 1 priority <bridge-
priority>

• To make a port bypass STP transition time:

Switch(config-if)#spanning-tree portfast

• To change the path cost for a port:

Switch(config-if)#spanning-tree cost path_cost

© 2002, Cisco Systems, Inc. All rights reserved. 36

L2 v.s. L3 Interfaces

• L2 Interfaces:
Default port state
Learn MAC address based on SA on incoming frames
Participate in STP and send out BPDU
Can be either Access or Trunk port
• L3 Interfaces:
Configure via “Switch(config-if)#no switchport”
Act like regular router interfaces

© 2002, Cisco Systems, Inc. All rights reserved. 37

IP Routing

• Supported in both SMI and EMI version of

software
• Disabled by default. Enabled via:
Switch(config)#ip routing

• Supports most routing protocols, e.g. RIP,

EIGRP, OSPF, BGP, etc. Also, multicast
routing using PIM is supported.

© 2002, Cisco Systems, Inc. All rights reserved. 38

Switch Virtual Interface (SVI)

• Logical interface used to represent a VLAN of switch ports as one

interface to the routing or bridging function in the system
• 1-to-1 mapping between SVIs and VLANs
• When do I need to configure an SVI for a VLAN?
– Route between VLANs
– Fallback-bridge nonroutable protocols between VLANs
– Provide IP host connectivity to the switch
• Only one SVI created on the switch by default (int vlan 1), which map to
the default VLAN on the switch to permit remote switch administration
• In Layer 2 mode, SVIs provide IP host connectivity only to the system;
in Layer 3 mode, you can configure routing across SVIs.

© 2002, Cisco Systems, Inc. All rights reserved. 39

Configure SVI

• Configuration Example:
Switch(config)#interface vlan 400
Switch(config-if)#ip address 200.1.1.1 255.255.255.0
Switch(config-if)#no shut

• A SVI’s status will not show up/up unless there is at

least one port assigned to the corresponding VLAN is
in STP forwarding state.
• All commands used on other Cisco routers to check
the status and statistics for physical interfaces applied
to SVIs as well.

© 2002, Cisco Systems, Inc. All rights reserved. 40

Fallback Bridging

• Bridges together two or more VLANs or routed ports,

essentially connecting multiple VLANs within one bridge
domain
• Forwards traffic that the switch does not route and forwards
traffic belonging to a nonroutable protocol such as DECnet
• Configuration Example:
Switch(config)#bridge 1 protocol vlan-bridge
Switch(config-if)#int vlan 1
Switch(config-if)#bridge-group 1
Switch(config-if)#int vlan 2
Switch(config-if)#bridge-group 1

© 2002, Cisco Systems, Inc. All rights reserved. 41

Storm Control

• Prevents switchports on a LAN from being disrupted by a broadcast,

multicast, or unicast storm on one of the physical interfaces
• Enable storm control on an interface and enter the percentage of total
available bandwidth that you want to be used by a particular type of
traffic
• Before IOS Release 12.1(8)EA1, switchport broadcast, switchport
multicast, and switchport unicast were used to achieve storm
control
• Replaced by the storm-control interface configuration commands
Switch(config)#interface gigabitEthernet 0/12
Switch(config-if)#storm-control {broadcast|multicast|unicast} level
<percentage>
• Verify current configuration on a port
Switch#sh storm-control gigabitEthernet 0/12 multicast
Interface Filter State Level Current
--------- ------------- ------- -------
Gi0/12 Forwarding 65.00% 0.00%
© 2002, Cisco Systems, Inc. All rights reserved. 42
Security Options

• Network Security using:

IP ACLs – The same as router IP ACLs
Named MAC Extended ACLs – For non-IP traffic on a VLAN
VLAN Maps – Only way to control filtering within a VLAN
Ref. URL:
http://cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swacl.htm

• Switch Security using:

Port Security - Restricts access to a switch port based on MAC
address.
Ref. URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swtrafc.htm#1
038501

© 2002, Cisco Systems, Inc. All rights reserved. 43

 DSCP in IPv4 packets
IP precedence bits in the ToS byte of an IPv4 packet:

                                                                                                   

                    
DSCP bits in the ToS byte of an IPv4 packet:

© 2002, Cisco Systems, Inc. All rights reserved. 44

 QoS at Layer 3 and Layer 2

Standard IPV4: Three MSB Called IP Precedence

Layer 3 (DiffServ May Use Six D.S. Bits Plus Two for Flow Control)
IPV4
Version ToS
Length 1 Byte Len ID Offset TTL Proto FCS IP-SA IP-DA Data

Layer 2 Three Bits (3 LSB of User Field) Used for CoS

ISL
ISL Header FCS
26 Bytes Encapsulated Frame 1…24.5 KBytes 4 Bytes

Layer 2 Three Bits Used for CoS

(User Priority bits)
802.1Q/p
TAG
PREAM. SFD DA SA PT DATA FCS
4 Bytes

© 2002, Cisco Systems, Inc. All rights reserved. 45

QoS in the Catalyst 3550

QoS Actions QoS Actions

at Ingress at Egress

Queue/
Schedule
Classification/
Policing Marking
Reclassification Congestion
Control

Trusted interface: Identify traffic via ACL• & . Act on Policer

Four queues/interface.
Map incoming QoS tag to ensure it conforms to the decision:
WRR queuing with
internal DSCP. If no tag use configured rate and burst.
Mark down DSCP or WRED or tail-drop
default DSCP.
drop out-of-profile (default) for congestion
Done on an aggregate or
control.
Untrusted interface: Individual flow basis. Up to Set appropriate
Use ACL (MAC or IP) to 128 ingress policers per DSCP for in-profile
Egress Policing (up to 8
Identify & class traffic with Gig interface, 8 per 10/100
Aggregate policers per
an internal DSCP. If no ACL Interface.
interface)
use default DSCP.

Done on a per interface

basis

© 2002, Cisco Systems, Inc. All rights reserved. 46

3550 QoS Classification

• Classification is performed on the physical

ingress interface. No support at the VLAN or
SVI interface level.
• Classification can be based on:
Port Trust State: trusted or untrusted (default)
Switch(config-if)#mls qos trust {cos|dscp|ip-
precedence}

Port Policy: via Policy-Map

(see next slide)

© 2002, Cisco Systems, Inc. All rights reserved. 48

Classification via Policy-map
Switch(config)#mls qos
Switch(config)#access-list 1 permit 10.1.0.0 0.0.255.255
Switch(config)#mac access-list extended maclist2
Switch(config-ext-macl)#permit 0001.0000.0003 0.0.0 0002.0000.0003 0.0.0
Switch(config-ext-macl)#permit 0001.0000.0004 0.0.0 0002.0000.0004 0.0.0 aarp
Switch(config)#exit
Switch(config)#class-map ipclass1
Switch(config-cmap)#match access-group 1
Switch(config)#exit
Switch(config)#policy-map flow1t
Switch(config-pmap)#class ipclass1
Switch(config-pmap-c)#trust ip-precedence
Switch(config-pmap-c)#exit
Switch(config-pmap)#class macclass2 access-group name maclist2
Switch(config-pmap-c)#set ip dscp 45
Switch(config-pmap-c)#interface gigabitethernet0/1
Switch(config-if)#service-policy input flow1t
© 2002, Cisco Systems, Inc. All rights reserved. 49
Maps and Override of
CoS and DSCP

• Default maps are used to map QoS labels

See documentation for CoS to DSCP, DSCP to CoS, DSCP to DSCP,
IP Prec to DSCP settings and mutation tables

• Override of tagged CoS value

Switch(config)#interface gigabitEthernet 0/1
Switch(config-if)#mls qos cos {default-cos|override}

• Override of DSCP value

Switch(config)#mls qos map dscp-mutation dscp-mutation-name
in-dscp to out-dscp
Switch(config)#int gi 0/1
Switch(config-if)#mls qos trust-dscp
Switch(config-if)#mls qos dscp-mutation dscp-mutation-name
(Or set interface as untrusted and use ACLs)

© 2002, Cisco Systems, Inc. All rights reserved. 50

Policing on the 3550

• Only a single rate can be specified in a policer.

• Policers/policy map can only be attached to physical
interfaces. There is no support for policing at a
VLAN or SVI level.
• Support for individual and aggregate policing
– Up to 128 ingress policers (for gig, 8 for FE) and 8 egress policers
(gig or FE) per interface but only one policy map per interface per
direction. Policers can be aggregate or individual.
– If trunk interface, then traffic for all VLANs matching the attached
policy map are policed
– A token bucket policing model is used where packets exceeding
the specified rate are ‘out of profile’ and are either dropped or
marked down to a lesser DSCP value. Packets which conform to the
rate are passed through without modification.

© 2002, Cisco Systems, Inc. All rights reserved. 51

3550 Policing
Individual vs Aggregate

• A class map is used to identify the traffic to be

policed
• Individual – can be used in only one class map per
policy-map
• Aggregate – can be used in multiple class maps per
policy-map. No support of aggregate policing across
physical interfaces
• For egress policing, policy-map must match on
DSCP value only (no ACL support)
Switch(config)#class-map egress1
Switch(config-cmap)#match ip dscp 16

© 2002, Cisco Systems, Inc. All rights reserved. 52

Configuring Aggregate Policing
Switch(config)#mls qos
Switch(config)#access-list 1 permit 10.1.0.0 0.0.255.255
Switch(config)#mac access-list extended maclist2
Switch(config-ext-macl)#permit 0001.0000.0003 0.0.0 0002.0000.0003 0.0.0
Switch(config-ext-macl)#permit 0001.0000.0004 0.0.0 0002.0000.0004 0.0.0 aarp
Switch(config)#exit
Switch(config)#mls qos aggregate-police transmit1 48000 26000 exceed-action policed-
dscp-transmit
Switch(config)#mls qos map policed-dscp 45 50 51 52 53 54 55 56 to 0
Switch(config)#class-map ipclass1
Switch(config-cmap)#match access-group 1
Switch(config-cmap)#policy-map flow1t
Switch(config-pmap)#class ipclass1
Switch(config-pmap-c)#trust ip-precedence
Switch(config-pmap-c)#police aggregate transmit1
Switch(config-pmap-c)#class macclass2 access-group name maclist2
Switch(config-pmap-c)#set ip dscp 45
Switch(config-pmap-c)#police aggregate transmit1
Switch(config-pmap-c)#interface gigabitethernet0/1
Switch(config-if)# service-policy input flow1t
© 2002, Cisco Systems, Inc. All rights reserved. 53
Configuring Individual Policing

Switch(config)#mls qos
Switch(config)#access-list 1 permit 10.1.0.0 0.0.255.255
Switch(config)#mac access-list extended maclist2
Switch(config-ext-macl)#permit 0001.0000.0003 0.0.0 0002.0000.0003 0.0.0
Switch(config-ext-macl)#permit 0001.0000.0004 0.0.0 0002.0000.0004 0.0.0 aarp
Switch(config)#exit
Switch(config)#class-map ipclass1
Switch(config-cmap)#match access-group 1
Switch(config-cmap)#policy-map flow1t
Switch(config-pmap)#class ipclass1
Switch(config-cmap-c)#trust ip-precedence
Switch(config-cmap-c)#police 48000 26000 exceed-action drop
Switch(config-cmap-c)#class macclass2 access-group name maclist2
Switch(config-cmap-c)#set ip dscp 45
Switch(config-cmap-c)# interface gigabitethernet0/1
Switch(config-if)# service-policy input flow1t

© 2002, Cisco Systems, Inc. All rights reserved. 54

3550 Egress Queuing

• 4 egress queues (0p4q2t)

• Scheduling of queues is via WRR
• Congestion control done via WRED (with two
thresholds per queue) or tail drop (Default)
• The default thresholds are 100 percent for
thresholds 1 and 2 for each queue.

© 2002, Cisco Systems, Inc. All rights reserved. 55

3550 Egress Queuing

• Default CoS to Queue mapping

CoS Value Egress

Queue/Threshold
0,1 1/1

2,3 2/1

4,5 3/1

6,7 4/1

© 2002, Cisco Systems, Inc. All rights reserved. 56

 Egress Queuing Example

Default Egress queuing parameters:

Switch(config)#int gig 0/1

Switch#show mls qos int gig 0/1 buff
Switch(config-if)#wrr-queue queue-limit 25 25 25 100
GigabitEthernet0/1
Switch(config-if)#wrr-queue random-detect max-threshold 4 70 90
Notify Q depth:
qid-size
1 - 25 Switch#show mls qos int gig 0/1 buff
2 - 25 GigabitEthernet0/1
3 - 25 Notify Q depth:
4 - 25 qid-size
qid WRED thresh1 thresh2 1 - 25
1 dis 100 100
2 - 25
2 dis 100 100
3 - 25
3 dis 100 100
4 - 100
4 dis 100 100
qid WRED thresh1 thresh2
1 dis 100 100
2 dis 100 100
3 dis 100 100
4 ena 70 90
© 2002, Cisco Systems, Inc. All rights reserved. 57
 Egress Queuing Example
Switch(config)#int gig 0/1
Switch(config-if)#wrr-queue bandwidth 25
25 25 50
Switch(config-if)#wrr-queue dscp-map 2 (Continued output…)
40 Dscp-threshold map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
Switch(config-if)#wrr-queue cos-map 4 5 ---------------------------------------
0 : 01 01 01 01 01 01 01 01 01 01
1 : 01 01 01 01 01 01 01 01 01 01

Switch#show mls qos int gig 0/1 queueing 2 : 01 01 01 01 01 01 01 01 01 01

3 : 01 01 01 01 01 01 01 01 01 01
GigabitEthernet0/1 4 : 02 01 01 01 01 01 01 01 01 01
5 : 01 01 01 01 01 01 01 01 01 01
Ingress expedite queue: dis 6 : 01 01 01 01
Cos-queue map:
Egress expedite queue: dis cos-qid

wrr bandwidth weights: 0 - 1

1 - 1
2 - 2

qid-weights 3 - 2
4 - 3
1 - 25 5 - 4
6 - 4
2 - 25 7 - 4

3 - 25
4 - 50

© 2002, Cisco Systems, Inc. All rights reserved. 58

3550 Strict Priority Queuing

• All four egress queues participate in WRR unless the

expedite queue is enabled, in which case, the fourth
bandwidth weight is ignored and not used in the ratio
calculation.
• The expedite queue is a strict-priority queue, and it is
serviced until empty before the other queues are
serviced.
Switch(config)#interface gigabitethernet0/1
Switch(config-if)#priority-queue out

© 2002, Cisco Systems, Inc. All rights reserved. 59

10/100 Interface Egress Queuing

• There are 8 global buffer sizes (MRL’s) that can be configured.

• Each 10/100 interface has 4 egress queues. You can select the buffer size of each
queue by associating it with an MRL size. (WRED is not supported on 10/100
interfaces)
• By default each MRL is 100 packets in size; Q1 uses MRL1, Q2 uses MRL2, Q3 uses
MRL3, and Q4 uses MRL4 for each 10/100
• To manually assign MRL to a queue (interface command)
wrr-queue min-reserve [Queue #] [MRL #]
• To manually configure MRL buffer size (global command)
mls qos min-reserve [MRL #] [buffer size]

© 2002, Cisco Systems, Inc. All rights reserved. 60

10/100 MRL Configuration

• Configuration Example:
Switch(config)#mls qos min-reserve 8 150
Switch(config)##int fast 0/1
Switch(config-if)#wrr-queue min-reserve 4 8

• Verify the configuration change

Switch#show mls qos int buff
FastEthernet0/1
Minimum reserve buffer size:
100 100 100 100 100 100 100 150
Minimum reserve buffer level select:
1 2 3 8
FastEthernet0/2
Minimum reserve buffer size:
100 100 100 100 100 100 100 150
Minimum reserve buffer level select:
1 2 3 4

© 2002, Cisco Systems, Inc. All rights reserved. 61

© 2000, Cisco Systems, Inc. 62