Catalyst 9500 Switches)
Total Page:16
File Type:pdf, Size:1020Kb
System Management Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9500 Switches) First Published: 2019-07-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version. Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) © 2019 Cisco Systems, Inc. All rights reserved. CONTENTS CHAPTER 1 Administering the Device 1 Information About Administering the Device 1 System Time and Date Management 1 System Clock 1 Network Time Protocol 2 NTP Stratum 3 NTP Associations 3 NTP Security 5 NTP Services on a Specific Interface 6 Source IP Address for NTP Packets 6 NTP Implementation 6 System Name and Prompt 7 Stack System Name and Prompt 8 Default System Name and Prompt Configuration 8 DNS 8 Default DNS Settings 8 Login Banners 8 Default Banner Configuration 9 MAC Address Table 9 MAC Address Table Creation 9 MAC Addresses and VLANs 9 MAC Addresses and Device Stacks 9 Default MAC Address Table Settings 10 ARP Table Management 10 How to Administer the Device 10 Configuring the Time and Date Manually 10 System Management Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9500 Switches) iii Contents Setting the System Clock 11 Configuring the Time Zone 11 Configuring Summer Time (Daylight Saving Time) 12 Configuring NTP 14 Default NTP Configuration 14 Configuring NTP Authentication 15 Configuring Poll-Based NTP Associations 16 Configuring Broadcast-Based NTP Associations 18 Configuring NTP Access Restrictions 19 Configuring a System Name 21 Setting Up DNS 22 Configuring a Message-of-the-Day Login Banner 24 Configuring a Login Banner 25 Managing the MAC Address Table 26 Changing the Address Aging Time 26 Configuring MAC Address Change Notification Traps 27 Configuring MAC Address Move Notification Traps 29 Configuring MAC Threshold Notification Traps 31 Disabling MAC Address Learning on VLAN 33 Adding and Removing Static Address Entries 34 Configuring Unicast MAC Address Filtering 36 Monitoring and Maintaining Administration of the Device 36 Configuration Examples for Device Administration 37 Example: Setting the System Clock 37 Examples: Configuring Summer Time 38 Example: Configuring a MOTD Banner 38 Example: Configuring a Login Banner 38 Example: Configuring MAC Address Change Notification Traps 39 Example: Configuring MAC Threshold Notification Traps 39 Example: Adding the Static Address to the MAC Address Table 39 Example: Configuring Unicast MAC Address Filtering 40 Additional References for Device Administration 40 Feature History for Device Administration 40 System Management Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9500 Switches) iv Contents CHAPTER 2 Boot Integrity Visibility 41 Information About Boot Integrity Visibility 41 Verifying the Software Image and Hardware 41 Verifying Platform Identity and Software Integrity 42 Additional References for Boot Integrity Visibility 45 Feature History for Boot Integrity Visibility 45 CHAPTER 3 Performing Device Setup Configuration 47 Restrictions for Software Install 47 Information About Performing Device Setup Configuration 47 Device Boot Process 47 Software Install Overview 48 Software Boot Modes 48 Installing the Software Package 49 Terminating a Software Install 50 Devices Information Assignment 50 Default Switch Information 51 DHCP-Based Autoconfiguration Overview 51 DHCP Client Request Process 52 DHCP-based Autoconfiguration and Image Update 53 Restrictions for DHCP-based Autoconfiguration 53 DHCP Autoconfiguration 53 DHCP Auto-Image Update 53 DHCP Server Configuration Guidelines 54 Purpose of the TFTP Server 54 Purpose of the DNS Server 55 How to Obtain Configuration Files 55 How to Control Environment Variables 56 Common Environment Variables 57 Environment Variables for TFTP 58 Scheduled Reload of the Software Image 59 How to Perform Device Setup Configuration 59 Configuring DHCP Autoconfiguration (Only Configuration File) 59 System Management Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9500 Switches) v Contents Configuring DHCP Auto-Image Update (Configuration File and Image) 61 Configuring the Client to Download Files from DHCP Server 64 Manually Assigning IP Information to Multiple SVIs 65 Modifying the Device Startup Configuration 67 Specifying the Filename to Read and Write the System Configuration 67 Manually Booting the Switch 67 Booting the Device in Installed Mode 69 Booting the Device in Bundle Mode 71 Configuring a Scheduled Software Image Reload 71 Monitoring Device Setup Configuration 72 Examples: Displaying Software Bootup in Install Mode 72 Example: Emergency Installation 75 Configuration Examples for Performing Device Setup 76 Example: Managing an Update Package 76 Verifying Software Install 87 Example: Configuring a Device as a DHCP Server 90 Example: Configuring DHCP Auto-Image Update 90 Example: Configuring a Device to Download Configurations from a DHCP Server 90 Examples: Scheduling Software Image Reload 91 Additional References For Performing Device Setup 91 Feature History for Performing Device Setup Configuration 92 CHAPTER 4 Configuring Smart Licensing 93 Prerequisites for Configuring Smart Licensing 93 Introduction to Smart Licensing 93 Overview of CSSM 94 Connecting to CSSM 94 Linking Existing Licenses to CSSM 96 Configuring a Connection to CSSM and Setting Up the License Level 96 Setting Up a Connection to CSSM 96 Configuring the Call Home Service for Direct Cloud Access 99 Configuring the Call Home Service for Direct Cloud Access through an HTTPs Proxy Server 100 Configuring the Call Home Service for Cisco Smart Software Manager On-Prem 103 Configuring the License Level 105 System Management Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9500 Switches) vi Contents Registering a Device on CSSM 106 Generating a New Token from CSSM 107 Registering a Device with the New Token 108 Verifying the License Status After Registration 109 Canceling a Device's Registration in CSSM 110 Monitoring Smart Licensing Configuration 111 Configuration Examples for Smart Licensing 112 Example: Viewing the Call Home Profile 112 Example: Viewing the License Information Before Registering 112 Example: Registering a Device 115 Example: Viewing the License Status After Registering 115 Additional References 118 Feature History for Smart Licensing 118 CHAPTER 5 Configuring Application Visibility and Control in a Wired Network 121 Information About Application Visibility and Control in a Wired Network 121 Supported AVC Class Map and Policy Map Formats 121 Restrictions for Wired Application Visibility and Control 123 How to Configure Application Visibility and Control 124 Configuring Application Visibility and Control in a Wired Network 124 Enabling Application Recognition on an interface 125 Creating AVC QoS Policy 125 Applying a QoS Policy to