Gebruiksaanwijzing /service van het product C3850NM410G van de fabrikant Cisco Systems
Ga naar pagina of 70
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 1 of 70 Cisco Catalyst 3850 Switch Services Guide April 2013 Guide.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 2 of 70 Contents Overview ....................................................................................................................
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 3 of 70 Overview The Cisco ® Catalyst ® 3850 Switch is built on a unified access data plane (UADP) application-specific integrated circuit (ASIC).
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 4 of 70 Figure 1. 802.1X with Converg ed Access The authentication, authorization, and accounting (AAA) group and RADIUS server are set up on the Cisco Catalyst 3850.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 5 of 70 To define the Cisco Catalyst 3850, on the ISE screen, navigate to Administration Network Resources Network Devices as in Figure 2.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 6 of 70 class-map type control subscriber match-all DOT1X_NO_RESP match method dot1x ! poli.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 7 of 70 I - Awaiting IIF ID allocation P - Pushed Session (non-transient state) R - Removin.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 8 of 70 The following is the detailed output of the wired client session: Switch#sh access-session mac 0024.7eda.6440 details Interface: GigabitEthernet1/0/13 IIF-ID: 0x1092DC000000107 MAC Address: 0024.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 9 of 70 After defining ACL in ISE, it can be associated with an authoriz ation profile, as shown in Figure 4.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 10 of 70 The total capacity of the ACEs is an aggregate number that constitutes all types of ACEs. O ne type of ACE, however, can scale up to 1500.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 11 of 70 Unlike wired, wireless is considered untrusted on the Cisco Catalyst 3850. The default trust setting for wireless target is untrust : that is, the packets are marked down to 0 in the absence of SSID-based policy.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 12 of 70 permit udp any any eq 1214 ip access-list extended SIGNALING remark SCCP permit tc.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 13 of 70 W ith t able-maps, one can create a map of values that can be used between the same or dif ferent markings such as DSCP, CoS, and so on.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 14 of 70 Applying Ingress Policies Like other Cisco Catalyst platforms, Cisco Catalyst 3850 Switches offer two simplified methods to apply service policies.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 15 of 70 class-map CALL-SIG match dscp cs3 class-map CRITICAL-DATA match dscp af21 af22 af2.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 16 of 70 Wireless: Ingress Qua lity of Service Ingress Marking and Policing on Wireless Client In the ingress direction, traffic can be marked and policed at client level.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 17 of 70 The applied policy can be show n with the follow ing CLI: Switch# sh policy-map interface wireless client Client 000A.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 18 of 70 If the policy name is downloaded from the ISE server, the server needs to be configured as shown in Figure 6, with the AV pair ip:sub-qos-policy-in=Standard-Employee.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 19 of 70 table-map dscp2dscp default copy Policy-map TRUST Table Map dscp2dscp default copy The QoS policy is applied under the W LAN configuration.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 20 of 70 The following is the default behavior of the four queues: Q0 (RT1): Control traffi.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 21 of 70 bandwidth remaining ratio 10 Class-map: class-default (match-any) Match: any (total drops) 0 (bytes output) 0 The “port_child_policy” can be modified by the user to queue different application traffic at t he SSID level.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 22 of 70 Match: any shape (average) cir 200000000, bc 800000, be 800000 target shape rate 200000000 Radio dot11a iifid: 0x104F10000000011.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 23 of 70 Policy-map guest-ssid Class class-default Shape average percent 20 On the enterprise SSID class-map voice and video, the policer enforces the aggregate unicast traffic at the BSSID level.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 24 of 70 Cisco Catalyst 38 50 NetFlow Architecture (Wired and Wireless) NetFlow Cisco Catal yst 3850 Ov erview The Cisco Catalyst 3850 supports both ingress and egress FnF on all ports of the sw itch at line rate.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 25 of 70 Configuring a Flow Record (Egress) flow record v4out match ipv4 protocol match ipv.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 26 of 70 flow monitor v4 exporter Collector exporter Collector 1 cache timeout active 60 ca.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 27 of 70 Flexible NetFlow Outputs To display the status and statistics for a flexible NetFlow flow monitor, use the “Show Flow monitor” command in privileged EXEC mode.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 28 of 70 19:52:12.755 10.1.22.101 10.1.1.22 51524 5060 Gi1/0/3 LIIN0 1038 3 19:52:10.755 19:52:10.755 To display top N destination aggregated flow statistics from a flow monitor cache, use the following command.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 29 of 70 IPV6 SRC ADDR IPV6 DST ADDR TRNS SRC PORT TRNS DST PROT bytes long pkts long =====.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 30 of 70 Multicast Overv iew (Tradition al and Converged M ulticast) Efficient and intelligent use of bandwidth is paramount, particularly w ith the advent of video, mobility, and cloud technologies.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 31 of 70 The videostream mode is a further enhancement of the preceding.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 32 of 70 Following is the basic configuration of wireless multicast: ● Configure IGMP sno.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 33 of 70 To display all (S,V,G) list and the corresponding M GID value, use the “Show wireless multicast group summary” command in privileged EXEC mode.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 34 of 70 Group: 239.255.67.250 Vlan: 412 Source: 0.0.0.0 blacklisted: no SGV to Client mappings ---------------------- Group: 224.0.1.60 Source: 0.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 35 of 70 To display the multicast groups that are directly connected to the switch and that were learn ed through IGMP, use the “show ip igmp groups” command in privileged EXEC mode.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 36 of 70 To display the IP IGMP membership status of all multicast groups on a sw itch, use the “show ip igmp membership all” command in privileged EXEC mode.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 37 of 70 Converged Acces s with the Ci sco Catalyst 3850 The Cisco Catalyst 3850 Switch offers scalable, resilient, and future-proofed wired and wireless services.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 38 of 70 The mobility controller’s area of responsibility lies in the mobil ity subdomain it controls.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 39 of 70 Figure 8. Hierarchical Role s in Conver ged Acces s The SPGs are designed as a group of mobility agent switches to w here the users frequently roam.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 40 of 70 Figure 9. Single Cisco Cataly st 3850 S tack for Wired/ Wireless in Small Bran ch .
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 41 of 70 For medium campus wireless deployments scaling up to 250 Cisco access points and 1.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 42 of 70 Figure 12. 5508/WiSM2/576 0 Controller Appliances w ith Cisco Cata lyst 3850 Sw it.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 43 of 70 The Cisco access points must be connected directly to the Cisco Catalyst 3850 Sw itch. O ne Cisco Catalyst 3850 Switch forms the access layer.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 44 of 70 Relevant excerpts from outputs regarding wireless configuration on the Cisco Catal.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 45 of 70 Figure 14. Configuring M obility Agents and Sw itch Peer Group on Cis co Catalyst .
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 46 of 70 wireless mobility controller ip 20.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 47 of 70 Figure 15. Configuring M obility Group on M ultiple Mob ility Controller s on Cisc.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 48 of 70 Relevant configurations done on the M A3 switch in this case are given in the following: wireless mobility controller ip 20.1.3.2 public-ip 20.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 49 of 70 These two mobility controller switches can be grouped together in one mobility group to ena ble fast roaming between clients of each respective subdomain.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 50 of 70 Point of attachment (PoA) moves with user mobility and is def ined as the access point to which the user joins or roams.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 51 of 70 The previous controller does not hold any state of the client that has roamed to another controller.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 52 of 70 Understandin g Roams in Con verged Access Since roams in Cisco Unified Wireless Network are explained earlier, this section explains the roams as they occur in converged access mode.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 53 of 70 There is a provision per W LAN that the administrator can con figure, if they want a L2 roam like the Cisco Unified W irele ss Network, where both the PoP and PoA of the user moves.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 54 of 70 Traffic Paths in Co nver ged Access This section explains the traffic path (profile) for local and roamed wireless clients across the different SPGs and mobility controllers.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 55 of 70 Figure 22. Client Roams A cross Mobility Controller in Converg ed Access In the preceding scenario, an intersubdomain (intermobility c ontroller) roam is explained.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 56 of 70 Table 3 is a list of switch names, IP addresses, their roles in SPG, and mobility group that form part of the example network. Understanding this will help explain the client roams as they roa m from one switch to another.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 57 of 70 Initial client join on MA1, as seen in CLI on the switch, w here it shows the clie.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 58 of 70 MC1#sh wireless mobility controller client summary Number of Clients : 2 State is the Sub-Domain state of the client.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 59 of 70 The following are the relevant outputs displaying the client roam. In this case, M A1 becomes the anchor switch, while MC1 becomes the foreign switch.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 60 of 70 Comparing the preceding output with the one in the initial clie nt join, notice th.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 61 of 70 where the mobility state is “anchor,” and the access point name is the switch/wireless management IP address of the foreign switch (MC1): 20.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 62 of 70 Mac Address VlanId IP Address Src If Auth Mob -------------- ------ --------------- ------------------ -------- ------- b065.bdbf.77a3 701 20.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 63 of 70 Mac Address VlanId IP Address Src If Auth Mob -------------- ------ --------------- ------------------ -------- ------- b065.bdbf.77a3 500 20.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 64 of 70 Total Number of Wireless Clients = 2 Clients Waiting to Join = 0 Foreign Clients = 2 MTE Clients = 0 Mac Address VlanId IP Address Src If Auth Mob -------------- ------ --------------- ------------------ -------- ------- b065.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 65 of 70 wlan Predator shutdown no mobility anchor sticky no shutdown Tracking the initial .
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 66 of 70 MA1 #show wcdb database all Total Number of Wireless Clients = 0 Mac Address VlanI.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 67 of 70 Tunnel Roles in Converged Access This section explains what function each CAPWAP tunnel plays in the converged access deployment.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 68 of 70 Ca5 3502E_G2/0/25_83A9 data Gi2/0/25 unicast - Ca4 3602I_G2/0/1_3A04 data Gi2/0/1 unicast - Name SrcIP SrcPort DestIP DstPort DtlsEn MTU ------ --------------- ------- --------------- ------- ------ ----- Ca1 20.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 69 of 70 Field L2 In L2 Out IPv4 In IPV4 Out IPv6 In IPv6 Out Notes mac source addre ss out.
© 2013 Cisco and/o r its affiliates. All ri ghts reserved. Thi s document is Cisco Public Information. Page 70 of 70 Printed in USA C07-727066- 00 04/13.
Een belangrijk punt na aankoop van elk apparaat Cisco Systems C3850NM410G (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Cisco Systems C3850NM410G heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Cisco Systems C3850NM410G vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Cisco Systems C3850NM410G leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Cisco Systems C3850NM410G krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Cisco Systems C3850NM410G bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Cisco Systems C3850NM410G kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Cisco Systems C3850NM410G . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.