Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX First Published: July 10, 2013 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
CONTENTS Preface Preface ix Document Conventions ix Related Documentation xi Obtaining Documentation and Submitting a Service Request xi CHAPTER 1 Using the Command-Line Interface 1 Information About Using the Command-Line Interface 1 Command Modes 1 Using the Help System 3 Understanding Abbreviated Commands 4 No and default Forms of Commands 4 CLI Error Messages 4 Configuration Logging 5 How to Use the CLI to Configure Features 5 Configuring the Command History 5 Changing the Command History Buffer Siz
Contents Restrictions for Configuring the Configuration Engine 14 Information About Configuring the Configuration Engine 14 Cisco Configuration Engine Software 14 Configuration Service 15 Event Service 16 NameSpace Mapper 16 Cisco Networking Services IDs and Device Hostnames 16 ConfigID 16 DeviceID 17 Hostname and DeviceID 17 Hostname, DeviceID, and ConfigID 17 Cisco IOS CNS Agents 18 Initial Configuration 18 Incremental (Partial) Configuration 19 Synchronized Configuration 19 Automated CNS Configuration 1
Contents Enabling CDP 37 Disabling CDP on an Interface 38 Enabling CDP on an Interface 39 Monitoring and Maintaining CDP 40 Additional References 41 Feature History and Information for Cisco Discovery Protocol 42 CHAPTER 4 Configuring Simple Network Management Protocol 43 Finding Feature Information 43 Prerequisites for SNMP 43 Restrictions for SNMP 46 Information About SNMP 46 SNMP Overview 46 SNMP Manager Functions 46 SNMP Agent Functions 47 SNMP Community Strings 47 SNMP MIB Variables Access 47 SNMP N
Contents Restrictions for SPAN and RSPAN 66 Information About SPAN and RSPAN 68 SPAN and RSPAN 68 Local SPAN 68 Remote SPAN 69 SPAN and RSPAN Concepts and Terminology 70 SPAN Sessions 71 Monitored Traffic 71 Source Ports 72 Source VLANs 73 VLAN Filtering 73 Destination Port 73 RSPAN VLAN 74 SPAN and RSPAN Interaction with Other Features 75 SPAN and RSPAN and Device Stacks 76 Flow-Based SPAN 76 Default SPAN and RSPAN Configuration 77 Configuration Guidelines 77 SPAN Configuration Guidelines 77 RSPAN Configu
Contents Examples: Creating an RSPAN VLAN 97 Feature History and Information for SPAN and RSPAN 97 Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.
Contents Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.
Preface This preface contains the following topics: • Document Conventions, page ix • Related Documentation, page xi • Obtaining Documentation and Submitting a Service Request, page xi Document Conventions This document uses the following conventions: Convention Description ^ or Ctrl Both the ^ symbol and Ctrl represent the Control (Ctrl) key on a keyboard. For example, the key combination ^D or Ctrl-D means that you hold down the Control key while you press the D key.
Preface Document Conventions Convention Description [x | y] Optional alternative keywords are grouped in brackets and separated by vertical bars. {x | y} Required alternative keywords are grouped in braces and separated by vertical bars. [x {y | z}] Nested set of square brackets or braces indicate optional or required choices within optional or required elements. Braces and a vertical bar within square brackets indicate a required choice within an optional element.
Preface Related Documentation Related Documentation Note Before installing or upgrading the switch, refer to the switch release notes. • Catalyst 2960-X Switch documentation, located at: http://www.cisco.com/go/cat2960x_docs • Cisco SFP and SFP+ modules documentation, including compatibility matrixes, located at: http://www.cisco.com/en/US/products/hw/modules/ps5455/tsd_products_support_series_home.html • Cisco Validated Designs documents, located at: http://www.cisco.
Preface Obtaining Documentation and Submitting a Service Request Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.
CHAPTER 1 Using the Command-Line Interface This chapter contains the following topics: • Information About Using the Command-Line Interface, page 1 • How to Use the CLI to Configure Features, page 5 Information About Using the Command-Line Interface This section describes the Cisco IOS command-line interface (CLI) and how to use it to configure your switch. Command Modes The Cisco IOS user interface is divided into many different modes.
Using the Command-Line Interface Command Modes Table 1: Command Mode Summary Mode Access Method User EXEC Begin a session using Telnet, SSH, or console. Prompt Exit Method About This Mode Switch> Enter logout or quit. Use this mode to • Change terminal settings. • Perform basic tests. • Display system information. Privileged EXEC While in user EXEC mode, enter the enable command. Global configuration While in privileged EXEC mode, enter the configure command.
Using the Command-Line Interface Using the Help System Mode Access Method Line configuration While in global configuration mode, specify a line with the line vty or line console command. Prompt Exit Method Switch(config-line)# About This Mode To exit to global Use this mode to configuration mode, configure enter exit. parameters for the terminal line. To return to privileged EXEC mode, press Ctrl-Z or enter end.
Using the Command-Line Interface Understanding Abbreviated Commands Step 4 Command or Action Purpose ? Lists all commands available for a particular command mode. Example: Switch> ? Step 5 command ? Lists the associated keywords for a command. Example: Switch> show ? Step 6 command keyword ? Lists the associated arguments for a keyword.
Using the Command-Line Interface Configuration Logging Table 2: Common CLI Error Messages Error Message Meaning How to Get Help % Ambiguous command: "show con" You did not enter enough characters for your switch to recognize the command. Reenter the command followed by a question mark (?) with a space between the command and the question mark. The possible keywords that you can enter with the command appear. % Incomplete command.
Using the Command-Line Interface Configuring the Command History Changing the Command History Buffer Size By default, the switch records ten command lines in its history buffer. You can alter this number for a current terminal session or for all sessions on a particular line. This procedure is optional. SUMMARY STEPS 1.
Using the Command-Line Interface Enabling and Disabling Editing Features Step 3 Command or Action Purpose show history Lists the last several commands that you just entered in privileged EXEC mode. The number of commands that appear is controlled by the setting of the terminal history global configuration command and the history line configuration command. Example: Switch# show history Disabling the Command History Feature The command history feature is automatically enabled.
Using the Command-Line Interface Enabling and Disabling Editing Features Step 2 Command or Action Purpose terminal no editing Disables the enhanced editing mode for the current terminal session in the privileged EXEC mode. Example: Switch# terminal no editing Editing Commands through Keystrokes The keystrokes help you to edit the command lines. These keystrokes are optional. Note The arrow keys function only on ANSI-compatible terminals such as VT100s.
Using the Command-Line Interface Enabling and Disabling Editing Features Esc D Deletes from the cursor to the end of the word. Esc C Capitalizes at the cursor. Esc L Changes the word at the cursor to lowercase. Esc U Capitalizes letters from the cursor to the end of the word. Ctrl-V or Esc Q Designates a particular keystroke as an executable command, perhaps as a shortcut. Return key Scrolls down a line or screen on displays that are longer than the terminal screen can display.
Using the Command-Line Interface Searching and Filtering Output of show and more Commands DETAILED STEPS Step 1 Command or Action Purpose access-list Displays the global configuration command entry that extends beyond one line. Example: When the cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($) shows that the line has been scrolled to the left.
Using the Command-Line Interface Accessing the CLI through a Console Connection or through Telnet Command or Action Purpose Example: Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain output appear.
Using the Command-Line Interface Accessing the CLI through a Console Connection or through Telnet Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.
CHAPTER 2 Configuring Cisco IOS Configuration Engine This chapter describes how to configure the Cisco IOS Configuration Engine.
Configuring Cisco IOS Configuration Engine Restrictions for Configuring the Configuration Engine Related Topics Cisco Networking Services IDs and Device Hostnames, on page 16 DeviceID, on page 17 Restrictions for Configuring the Configuration Engine • Within the scope of a single instance of the configuration server, no two configured switches can share the same value for ConfigID. • Within the scope of a single instance of the event bus, no two configured switches can share the same value for DeviceID.
Configuring Cisco IOS Configuration Engine Configuration Service In standalone mode, the Cisco Configuration Engine supports an embedded directory service. In this mode, no external directory or other data store is required. In server mode, the Cisco Configuration Engine supports the use of a user-defined external directory. Figure 1: Cisco Configuration Engine Architectural Overview Configuration Service The Configuration Service is the core component of the Cisco Configuration Engine.
Configuring Cisco IOS Configuration Engine Event Service Event Service The Cisco Configuration Engine uses the Event Service for receipt and generation of configuration events. The Event Service consists of an event agent and an event gateway. The event agent is on the switch and facilitates the communication between the switch and the event gateway on the Cisco Configuration Engine. The Event Service is a highly capable publish-and-subscribe communication method.
Configuring Cisco IOS Configuration Engine Cisco Networking Services IDs and Device Hostnames The ConfigID is fixed at startup time and cannot be changed until the device restarts, even if the switch hostname is reconfigured. DeviceID Each configured switch participating on the event bus has a unique DeviceID, which is analogous to the switch source address so that the switch can be targeted as a specific destination on the bus.
Configuring Cisco IOS Configuration Engine Cisco IOS CNS Agents In server mode, the hostname is not used. In this mode, the unique DeviceID attribute is always used for sending an event on the bus. If this attribute is not set, you cannot update the switch. These and other associated attributes (tag value pairs) are set when you run Setup on the Cisco Configuration Engine.
Configuring Cisco IOS Configuration Engine Automated CNS Configuration Incremental (Partial) Configuration After the network is running, new services can be added by using the Cisco IOS CNS agent. Incremental (partial) configurations can be sent to the switch. The actual configuration can be sent as an event payload by way of the event gateway (push operation) or as a signal event that triggers the switch to initiate a pull operation. The switch can check the syntax of the configuration before applying it.
Configuring Cisco IOS Configuration Engine How to Configure the Configuration Engine Device Required Configuration TFTP server • A bootstrap configuration file that includes the CNS configuration commands that enable the switch to communicate with the Configuration Engine • The switch configured to use either the switch MAC address or the serial number (instead of the default hostname) to generate the ConfigID and EventID • The CNS event agent configured to push the configuration file to the switch CNS
Configuring Cisco IOS Configuration Engine Enabling the CNS Event Agent DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 cns event {hostname | ip-address} [port-number] [ [keepalive seconds retry-count] [failover-time seconds ] [reconnect-time time] | backup] Enables the event agent, and enters the gateway parameters.
Configuring Cisco IOS Configuration Engine Enabling the Cisco IOS CNS Agent Related Topics Event Service, on page 16 Enabling the Cisco IOS CNS Agent Beginning in privileged EXEC mode, follow these steps to enable the Cisco IOS CNS agent on the switch. Before You Begin You must enable the CNS event agent on the switch before you enable this agent. SUMMARY STEPS 1. configure terminal 2. cns config initial {hostname | ip-address} [port-number] 3. cns config partial {hostname | ip-address} [port-number] 4.
Configuring Cisco IOS Configuration Engine Enabling an Initial Configuration for Cisco IOS CNS Agent Command or Action Purpose Enables the Cisco IOS CNS agent and initiates a partial configuration on the switch. Step 4 Returns to privileged EXEC mode. end Example: Switch(config)# end Step 5 Start the Cisco IOS CNS agent on the switch. What to Do Next You can now use the Cisco Configuration Engine to remotely send incremental configurations to the switch.
Configuring Cisco IOS Configuration Engine Enabling an Initial Configuration for Cisco IOS CNS Agent SUMMARY STEPS 1. configure terminal 2. cns template connect name 3. cli config-text 4. Repeat Steps 2 to 3 to configure another CNS connect template. 5. exit 6. cns connect name [retries number] [retry-interval seconds] [sleep seconds] [timeout seconds] 7. discover {controller controller-type | dlci [subinterface subinterface-number] | interface [interface-type] | line line-type} 8. template name [...
Configuring Cisco IOS Configuration Engine Enabling an Initial Configuration for Cisco IOS CNS Agent Step 5 Command or Action Purpose exit Returns to global configuration mode. Example: Switch(config)# exit Step 6 cns connect name [retries number] [retry-interval seconds] [sleep seconds] [timeout seconds] Enters CNS connect configuration mode, specifies the name of the CNS connect profile, and defines the profile parameters.
Configuring Cisco IOS Configuration Engine Enabling an Initial Configuration for Cisco IOS CNS Agent Step 10 Command or Action Purpose exit Returns to global configuration mode. Example: Switch(config-cns-conn)# exit Step 11 hostname name Enters the hostname for the switch. Example: Switch(config)# hostname device1 Step 12 ip route network-number (Optional) Establishes a static route to the Configuration Engine whose IP address is network-number. Example: RemoteSwitch(config)# ip route 172.28.
Configuring Cisco IOS Configuration Engine Enabling an Initial Configuration for Cisco IOS CNS Agent Command or Action Step 15 Purpose cns config initial {hostname | ip-address} Enables the Cisco IOS agent, and initiates an initial configuration. [port-number] [event] [no-persist] [page • For {hostname | ip-address}, enter the hostname or the IP address of page] [source ip-address] [syntax-check] the configuration server. • (Optional) For port-number, enter the port number of the configuration server.
Configuring Cisco IOS Configuration Engine Refreshing DeviceIDs This example shows how to configure an initial configuration on a remote switch when the switch IP address is known. The Configuration Engine IP address is 172.28.129.22. Switch(config)# cns template connect template-dhcp Switch(config-tmpl-conn)# cli ip address dhcp Switch(config-tmpl-conn)# exit Switch(config)# cns template connect ip-route Switch(config-tmpl-conn)# cli ip route 0.0.0.0 0.0.0.
Configuring Cisco IOS Configuration Engine Refreshing DeviceIDs DETAILED STEPS Step 1 Command or Action Purpose show cns config connections Displays whether the CNS event agent is connecting to the gateway, connected, or active, and the gateway used by the event agent, its IP address and port number. Example: Switch# show cns config connections Step 2 Make sure that the CNS event agent is properly connected to the event gateway.
Configuring Cisco IOS Configuration Engine Enabling a Partial Configuration for Cisco IOS CNS Agent Command or Action Step 9 Purpose Make sure that you have reestablished the connection between the switch and the event connection by examining the output from show cns event connections.
Configuring Cisco IOS Configuration Engine Monitoring CNS Configurations Step 3 Command or Action Purpose end Returns to privileged EXEC mode. Example: Switch(config)# end What to Do Next To verify information about the configuration agent, use either the show cns config stats or the show cns config outstanding command in privileged EXEC mode. To disable the Cisco IOS agent, use the no cns config partial { ip-address | hostname } global configuration command.
Configuring Cisco IOS Configuration Engine Additional References Additional References Related Documents Related Topic Document Title Configuration Engine Setup Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux http://www.cisco.com/en/US/ docs/net_mgmt/configuration_engine/1.5/ installation_linux/guide/setup_1.
CHAPTER 3 Configuring the Cisco Discovery Protocol This chapter describes the configuration of the Cisco Discovery Protocol (CDP). • Finding Feature Information, page 33 • Information About CDP, page 33 • How to Configure CDP, page 34 • Monitoring and Maintaining CDP, page 40 • Additional References, page 41 • Feature History and Information for Cisco Discovery Protocol, page 42 Finding Feature Information Your software release may not support all the features documented in this module.
Configuring the Cisco Discovery Protocol CDP and Stacks CDP runs on all media that support Subnetwork Access Protocol (SNAP). Because CDP runs over the data-link layer only, two systems that support different network-layer protocols can learn about each other. Each CDP-configured device sends periodic messages to a multicast address, advertising at least one address at which it can receive SNMP messages.
Configuring the Cisco Discovery Protocol Configuring CDP Characteristics Beginning in privileged EXEC mode, follow these steps to configure these characteristics. SUMMARY STEPS 1. configure terminal 2. cdp timer seconds 3. cdp holdtime seconds 4. cdp advertise-v2 5. end DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode.
Configuring the Cisco Discovery Protocol Disabling CDP Switch(config)# cdp advertise-v2 Switch(config)# end What to Do Next Use the no form of the CDP commands to return to the default settings. Related Topics Monitoring and Maintaining CDP, on page 40 Disabling CDP CDP is enabled by default. Note Switch clusters and other Cisco devices (such as Cisco IP Phones) regularly exchange CDP messages. Disabling CDP can interrupt cluster discovery and device connectivity.
Configuring the Cisco Discovery Protocol Enabling CDP What to Do Next You must reenable CDP to use it. Related Topics Enabling CDP, on page 37 Enabling CDP CDP is enabled by default. Note Switch clusters and other Cisco devices (such as Cisco IP Phones) regularly exchange CDP messages. Disabling CDP can interrupt cluster discovery and device connectivity. Beginning in privileged EXEC mode, follow these steps to enable CDP when it has been disabled.
Configuring the Cisco Discovery Protocol Disabling CDP on an Interface Example The following example shows how to enable CDP if it has been disabled: Switch# configure terminal Switch(config)# cdp run Switch(config)# end What to Do Next Use the show run all command to show that CDP has been enabled. If you enter only show run , the enabling of CDP may not be displayed.
Configuring the Cisco Discovery Protocol Enabling CDP on an Interface Step 3 Command or Action Purpose no cdp enable Disables CDP on the interface specified in Step 2. Example: Switch(config-if)# no cdp enable Step 4 Returns to privileged EXEC mode. end Example: Switch(config-if)# end Related Topics Enabling CDP on an Interface, on page 39 Enabling CDP on an Interface CDP is enabled by default on all supported interfaces to send and to receive CDP information.
Configuring the Cisco Discovery Protocol Monitoring and Maintaining CDP Step 2 Command or Action Purpose interface interface-id Specifies the interface on which you are enabling CDP, and enters interface configuration mode. Example: Switch(config)# interface gigabitethernet1/0/1 Step 3 Enables CDP on a disabled interface. cdp enable Example: Switch(config-if)# cdp enable Step 4 Returns to privileged EXEC mode.
Configuring the Cisco Discovery Protocol Additional References Command Description show cdp entry entry-name [version] [protocol] Displays information about a specific neighbor. You can enter an asterisk (*) to display all CDP neighbors, or you can enter the name of the neighbor about which you want information. You can also limit the display to information about the protocols enabled on the specified neighbor or information about the version of software running on the device.
Configuring the Cisco Discovery Protocol Feature History and Information for Cisco Discovery Protocol Technical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.com/support resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
CHAPTER 4 Configuring Simple Network Management Protocol This chapter describes the Simple Network Management Protocol (SNMP) configuration.
Configuring Simple Network Management Protocol Prerequisites for SNMP • SNMPv2C replaces the Party-based Administrative and Security Framework of SNMPv2Classic with the community-string-based Administrative Framework of SNMPv2C while retaining the bulk retrieval and improved error handling of SNMPv2Classic. It has these features: ◦SNMPv2—Version 2 of the Simple Network Management Protocol, a Draft Internet Standard, defined in RFCs 1902 through 1907.
Configuring Simple Network Management Protocol Prerequisites for SNMP Model Level Authentication Encryption Result SNMPv3 noAuthNoPriv Username No Uses a username match for authentication. SNMPv3 authNoPriv Message Digest 5 (MD5) or Secure Hash Algorithm (SHA) No Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms.
Configuring Simple Network Management Protocol Restrictions for SNMP Restrictions for SNMP Version Restrictions • SNMPv1 does not support informs. Information About SNMP SNMP Overview SNMP is an application-layer protocol that provides a message format for communication between managers and agents. The SNMP system consists of an SNMP manager, an SNMP agent, and a management information base (MIB). The SNMP manager can be part of a network management system (NMS) such as Cisco Prime Infrastructure.
Configuring Simple Network Management Protocol SNMP Agent Functions Operation Description set-request Stores a value in a specific variable. trap An unsolicited message sent by an SNMP agent to an SNMP manager when some event has occurred. 2 With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 3 The get-bulk command only works with SNMPv2 or later.
Configuring Simple Network Management Protocol SNMP Notifications internetworking problems, increase network performance, verify the configuration of devices, monitor traffic loads, and more. As shown in the figure, the SNMP agent gathers data from the MIB. The agent can send traps, or notification of certain events, to the SNMP manager, which receives and processes the traps.
Configuring Simple Network Management Protocol Default SNMP Configuration Table 9: ifIndex Values Interface Type ifIndex Range SVI4 1–4999 EtherChannel 5001–5048 Tunnel 5078–5142 Physical (such as Gigabit Ethernet or SFP5-module interfaces) based on type and port numbers 10000–14500 Null 14501 Loopback and Tunnel 24567+ 4 SVI = switch virtual interface 5 SFP = small form-factor pluggable Default SNMP Configuration 6 Feature Default Setting SNMP agent Disabled6.
Configuring Simple Network Management Protocol How to Configure SNMP • To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where the user resides. • Before you configure remote users for a particular agent, configure the SNMP engine ID, using the snmp-server engineID global configuration command with the remote option. The remote agent's SNMP engine ID and user password are used to compute the authentication and privacy digests.
Configuring Simple Network Management Protocol Configuring Community Strings DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 Disables the SNMP agent operation. no snmp-server Example: Switch(config)# no snmp-server Step 3 Returns to privileged EXEC mode.
Configuring Simple Network Management Protocol Configuring Community Strings DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 snmp-server community string [view view-name] [ro | rw] [access-list-number] Example: Switch(config)# snmp-server community comaccess ro 4 Configures the community string. The @ symbol is used for delimiting the context information.
Configuring Simple Network Management Protocol Configuring SNMP Groups and Users This example shows how to assign the comaccess string to SNMP, to allow read-only access, and to specify that IP access list 4 can use the community string to gain access to the switch SNMP agent: Switch(config)# snmp-server community comaccess ro 4 What to Do Next To disable access for an SNMP community, set the community string for that community to the null string (do not enter a value for the community string).
Configuring Simple Network Management Protocol Configuring SNMP Groups and Users Command or Action [udp-port port-number] engineid-string} Example: Switch(config)# snmp-server engineID local 1234 Purpose • The engineid-string is a 24-character ID string with the name of the copy of SNMP. You need not specify the entire 24-character engine ID if it has trailing zeros. Specify only the portion of the engine ID up to the point where only zeros remain in the value.
Configuring Simple Network Management Protocol Configuring SNMP Notifications Command or Action Purpose Example: Enter the SNMP version number (v1, v2c, or v3). If you enter v3, you have these additional options: Switch(config)# snmp-server user Pat public v2c • encrypted specifies that the password appears in encrypted format. This keyword is available only when the v3 keyword is specified.
Configuring Simple Network Management Protocol Configuring SNMP Notifications Table 10: Device Notification Types Notification Type Keyword Description bgp Generates Border Gateway Protocol (BGP) state change traps. This option is only available when the IP services feature set is enabled. bridge Generates STP bridge MIB traps. cluster Generates a trap when the cluster configuration changes. config Generates a trap for SNMP configuration changes.
Configuring Simple Network Management Protocol Configuring SNMP Notifications Notification Type Keyword Description port-security Generates SNMP port security traps. You can also set a maximum trap rate per second. The range is from 0 to 1000; the default is 0, which means that there is no rate limit.
Configuring Simple Network Management Protocol Configuring SNMP Notifications SUMMARY STEPS 1. configure terminal 2. snmp-server engineID remote ip-address engineid-string 3. snmp-server user username group-name {remote host [ udp-port port]} {v1 [access access-list] | v2c [access access-list] | v3 [encrypted] [access access-list] [auth {md5 | sha} auth-password] } 4.
Configuring Simple Network Management Protocol Configuring SNMP Notifications Step 5 Command or Action Purpose snmp-server host host-addr [informs | traps] [version {1 | 2c | 3 {auth | noauth | priv}}] community-string [notification-type] Specifies the recipient of an SNMP trap operation. Example: Switch(config)# snmp-server host 203.0.113.1 comaccess snmp For host-addr, specify the name or Internet address of the host (the targeted recipient).
Configuring Simple Network Management Protocol Setting the Agent Contact and Location Information Step 9 Command or Action Purpose snmp-server trap-timeout seconds (Optional) Define how often to resend trap messages. The range is 1 to 1000; the default is 30 seconds. Example: Switch(config)# snmp-server trap-timeout 60 Step 10 Returns to privileged EXEC mode. end Example: Switch(config)# end What to Do Next The snmp-server host command specifies which hosts receive the notifications.
Configuring Simple Network Management Protocol Limiting TFTP Servers Used Through SNMP DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 snmp-server contact text Sets the system contact string. Example: Switch(config)# snmp-server contact Dial System Operator at beeper 21555 Step 3 snmp-server location text Sets the system location string.
Configuring Simple Network Management Protocol Monitoring SNMP Status DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 snmp-server tftp-server-list access-list-number Limits the TFTP servers used for configuration file copies through SNMP to the servers in the access list. Example: For access-list-number, enter an IP standard access list numbered from 1 to 99 and 1300 to 1999.
Configuring Simple Network Management Protocol SNMP Examples Table 11: Commands for Displaying SNMP Information Feature Default Setting show snmp Displays SNMP statistics. show snmp engineID Displays information on the local SNMP engine and all remote engines that have been configured on the device. show snmp group Displays information on each SNMP group on the network. show snmp pending Displays information on pending SNMP requests.
Configuring Simple Network Management Protocol Feature History and Information for Simple Network Management Protocol second line specifies the destination of these traps and overwrites any previous snmp-server host commands for the host cisco.com. Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.
CHAPTER 5 Configuring SPAN and RSPAN This chapter describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN). Unless otherwise noted, the term switch refers to a standalone switch or a switch stack.
Configuring SPAN and RSPAN Restrictions for SPAN and RSPAN RSPAN • We recommend that you configure an RSPAN VLAN before you configure an RSPAN source or a destination session. Restrictions for SPAN and RSPAN SPAN The restrictions for SPAN are as follows: • On each switch, you can configure a maximum of 4 (2 if switch is stacked with Catalyst 2960-S switches) source sessions and 64 RSPAN destination sessions. A source session is either a local SPAN session or an RSPAN source session.
Configuring SPAN and RSPAN Restrictions for SPAN and RSPAN • SPAN sessions do not interfere with the normal operation of the switch. However, an oversubscribed SPAN destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can result in dropped or lost packets. • When SPAN or RSPAN is enabled, each packet being monitored is sent twice, once as normal traffic and once as a monitored packet. Monitoring a large number of ports or VLANs could potentially generate large amounts of network traffic.
Configuring SPAN and RSPAN Information About SPAN and RSPAN name} Note Both the filter vlan and filter ip access-group commands cannot be configured at the same time. Configuring one results in rejection of the other. • EtherChannels are not supported in an FSPAN session. • FSPAN ACLs with TCP flags or the log keyword are not supported.
Configuring SPAN and RSPAN SPAN and RSPAN All traffic on port 5 (the source port) is mirrored to port 10 (the destination port). A network analyzer on port 10 receives all network traffic from port 5 without being physically attached to port 5. Figure 4: Example of Local SPAN Configuration on a Single Device This is an example of a local SPAN in a switch stack, where the source and destination ports reside on different stack members.
Configuring SPAN and RSPAN SPAN and RSPAN The figure below shows source ports on Switch A and Switch B. The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. The RSPAN traffic from the source ports or VLANs is copied into the RSPAN VLAN and forwarded over trunk ports carrying the RSPAN VLAN to a destination session monitoring the RSPAN VLAN.
Configuring SPAN and RSPAN SPAN and RSPAN SPAN Sessions SPAN sessions (local or remote) allow you to monitor traffic on one or more ports, or one or more VLANs, and send the monitored traffic to one or more destination ports. A local SPAN session is an association of a destination port with source ports or source VLANs, all on a single network device. Local SPAN does not have separate source and destination sessions.
Configuring SPAN and RSPAN SPAN and RSPAN • Both—In a SPAN session, you can also monitor a port or VLAN for both received and sent packets. This is the default. The default configuration for local SPAN session ports is to send all packets untagged.
Configuring SPAN and RSPAN SPAN and RSPAN • Source ports can be in the same or different VLANs. • You can monitor multiple source ports in a single session. Source VLANs VLAN-based SPAN (VSPAN) is the monitoring of the network traffic in one or more VLANs. The SPAN or RSPAN source interface in VSPAN is a VLAN ID, and traffic is monitored on all the ports for that VLAN.
Configuring SPAN and RSPAN SPAN and RSPAN configuration. If a configuration change is made to the port while it is acting as a SPAN destination port, the change does not take effect until the SPAN destination configuration had been removed. Note When QoS is configured on the SPAN destination port, QoS takes effect immediately. • If the port was in an EtherChannel group, it is removed from the group while it is a destination port. If it was a routed port, it is no longer a routed port.
Configuring SPAN and RSPAN SPAN and RSPAN • STP can run on RSPAN VLAN trunks but not on SPAN destination ports. • An RSPAN VLAN cannot be a private-VLAN primary or secondary VLAN. For VLANs 1 to 1005 that are visible to VLAN Trunking Protocol (VTP), the VLAN ID and its associated RSPAN characteristic are propagated by VTP. If you assign an RSPAN VLAN ID in the extended VLAN range (1006 to 4094), you must manually configure all intermediate switches.
Configuring SPAN and RSPAN Flow-Based SPAN • A private-VLAN port cannot be a SPAN destination port. • A secure port cannot be a SPAN destination port. For SPAN sessions, do not enable port security on ports with monitored egress when ingress forwarding is enabled on the destination port. For RSPAN source sessions, do not enable port security on any ports with monitored egress. • An IEEE 802.1x port can be a SPAN source port. You can enable IEEE 802.
Configuring SPAN and RSPAN Default SPAN and RSPAN Configuration added to the hardware memory on the switch. A system message notifies you of this action, which is called reloading. The IPv4, IPv6 and MAC FSPAN ACLs can be unloaded or reloaded independently.
Configuring SPAN and RSPAN How to Configure SPAN and RSPAN RSPAN Configuration Guidelines • All the SPAN configuration guidelines apply to RSPAN. • As RSPAN VLANs have special properties, you should reserve a few VLANs across your network for use as RSPAN VLANs; do not assign access ports to these VLANs. • You can apply an output ACL to RSPAN traffic to selectively filter or monitor specific packets. Specify these ACLs on the RSPAN VLAN in the RSPAN source switches.
Configuring SPAN and RSPAN Creating a Local SPAN Session DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 no monitor session {session_number | Removes any existing SPAN configuration for the session. all | local | remote} • For session_number, the range is 1 to 66. Example: • all—Removes all SPAN sessions. Switch(config)# no monitor session all • local—Removes all local sessions.
Configuring SPAN and RSPAN Creating a Local SPAN Session and Configuring Incoming Traffic Command or Action Purpose • For session_number, specify the session number entered in step 3. Example: Switch(config)# monitor session 1 destination interface gigabitethernet1/0/2 encapsulation replicate • For interface-id, specify the destination port. The destination interface must be a physical port; it cannot be an EtherChannel, and it cannot be a VLAN.
Configuring SPAN and RSPAN Creating a Local SPAN Session and Configuring Incoming Traffic Step 2 Command or Action Purpose no monitor session {session_number | all | local | remote} Removes any existing SPAN configuration for the session. • For session_number, the range is 1 to 66. Example: • all—Removes all SPAN sessions. Switch(config)# no monitor session all • local—Removes all local sessions. • remote—Removes all remote SPAN sessions.
Configuring SPAN and RSPAN Specifying VLANs to Filter Command or Action Purpose • untagged vlan vlan-id or vlan vlan-id—Accept incoming packets with untagged encapsulation type with the specified VLAN as the default VLAN. Step 5 Returns to privileged EXEC mode. end Example: Switch(config)# end Specifying VLANs to Filter Beginning in privileged EXEC mode, follow these steps to limit SPAN source traffic to specific VLANs. SUMMARY STEPS 1. configure terminal 2.
Configuring SPAN and RSPAN Configuring a VLAN as an RSPAN VLAN Step 3 Command or Action Purpose monitor session session_number source interface interface-id Specifies the characteristics of the source port (monitored port) and SPAN session. • For session_number, the range is 1 to 66. Example: Switch(config)# monitor session 2 source interface gigabitethernet1/0/2 rx Step 4 Step 5 monitor session session_number filter vlan vlan-id [, | -] • For interface-id, specify the source port to monitor.
Configuring SPAN and RSPAN Configuring a VLAN as an RSPAN VLAN SUMMARY STEPS 1. configure terminal 2. vlan vlan-id 3. remote-span 4. end DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 vlan vlan-id Example: Step 3 Enters a VLAN ID to create a VLAN, or enters the VLAN ID of an existing VLAN, and enter VLAN configuration mode. The range is 2 to 1001 and 1006 to 4094.
Configuring SPAN and RSPAN Creating an RSPAN Source Session To remove a source port or VLAN from the SPAN session, use the no monitor session session_number source {interface interface-id | vlan vlan-id} global configuration command. To remove the RSPAN VLAN from the session, use the no monitor session session_number destination remote vlan vlan-id.
Configuring SPAN and RSPAN Specifying VLANs to Filter Command or Action Purpose A single session can include multiple sources (ports or VLANs), defined in a series of commands, but you cannot combine source ports and source VLANs in one session. • (Optional) [, | -] Specifies a series or range of interfaces. Enter a space before and after the comma; enter a space before and after the hyphen. • (Optional) both | rx | tx Specifies the direction of traffic to monitor.
Configuring SPAN and RSPAN Specifying VLANs to Filter DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters the global configuration mode. Example: Switch# configure terminal Step 2 no monitor session {session_number | all | local Removes any existing SPAN configuration for the session. | remote} • For session_number, the range is 1 to 66. Example: • all—Removes all SPAN sessions. Switch(config)# no monitor session 2 • local—Removes all local sessions.
Configuring SPAN and RSPAN Creating an RSPAN Destination Session Creating an RSPAN Destination Session You configure an RSPAN destination session on a different switch or switch stack; that is, not the switch or switch stack on which the source session was configured. Beginning in privileged EXEC mode, follow these steps to define the RSPAN VLAN on that switch, to create an RSPAN destination session, and to specify the source RSPAN VLAN and the destination port. SUMMARY STEPS 1. configure terminal 2.
Configuring SPAN and RSPAN Creating an RSPAN Destination Session and Configuring Incoming Traffic Step 5 Command or Action Purpose no monitor session {session_number | all | local | remote} Removes any existing SPAN configuration for the session. • For session_number, the range is 1 to 66. Example: • all—Removes all SPAN sessions. Switch(config)# no monitor session 1 • local—Removes all local sessions. • remote—Removes all remote SPAN sessions.
Configuring SPAN and RSPAN Creating an RSPAN Destination Session and Configuring Incoming Traffic SUMMARY STEPS 1. configure terminal 2. no monitor session {session_number | all | local | remote} 3. monitor session session_number source remote vlan vlan-id 4. monitor session session_number destination {interface interface-id [, | -] [ingress {dot1q vlan vlan-id | isl | untagged vlan vlan-id | vlan vlan-id}]} 5.
Configuring SPAN and RSPAN Configuring an FSPAN Session Command or Action Purpose • (Optional) [, | -] Specifies a series or range of interfaces. Enter a space before and after the comma; enter a space before and after the hyphen. • Enter ingress with additional keywords to enable forwarding of incoming traffic on the destination port and to specify the encapsulation type: ◦dot1q vlan vlan-id—Forwards incoming packets with IEEE 802.1Q encapsulation with the specified VLAN as the default VLAN.
Configuring SPAN and RSPAN Configuring an FSPAN Session Step 2 Command or Action Purpose no monitor session {session_number | all | local | remote} Removes any existing SPAN configuration for the session. • For session_number, the range is 1 to 66. Example: • all—Removes all SPAN sessions. Switch(config)# no monitor session 2 • local—Removes all local sessions. • remote—Removes all remote SPAN sessions.
Configuring SPAN and RSPAN Configuring an FRSPAN Session Command or Action Purpose ◦(Optional) encapsulation replicate specifies that the destination interface replicates the source interface encapsulation method. If not selected, the default is to send packets in native form (untagged). Note For local SPAN, you must use the same session number for the source and destination interfaces. You can use monitor session session_number destination command multiple times to configure multiple destination ports.
Configuring SPAN and RSPAN Configuring an FRSPAN Session DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters global configuration mode. Example: Switch# configure terminal Step 2 no monitor session {session_number | all | Removes any existing SPAN configuration for the session. local | remote} • For session_number, the range is 1 to 66. Example: • all—Removes all SPAN sessions. Switch(config)# no monitor session 2 • local—Removes all local sessions.
Configuring SPAN and RSPAN Monitoring SPAN and RSPAN Operations Command or Action Purpose • For vlan-id, specify the destination RSPAN VLAN to monitor. Example: Switch(config)# monitor session 2 destination remote vlan 5 Step 5 vlan vlan-id Enters the VLAN configuration mode. For vlan-id, specify the source RSPAN VLAN to monitor. Example: Switch(config)# vlan 10 Step 6 Specifies that the VLAN you specified in Step 5 is part of the RSPAN VLAN.
Configuring SPAN and RSPAN SPAN and RSPAN Configuration Examples SPAN and RSPAN Configuration Examples Example: Configuring Local SPAN This example shows how to set up SPAN session 1 for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is deleted, and then bidirectional traffic is mirrored from source Gigabit Ethernet port 1 to destination Gigabit Ethernet port 2, retaining the encapsulation method.
Configuring SPAN and RSPAN Examples: Creating an RSPAN VLAN Switch(config)# monitor session 2 destination interface gigabitethernet1/0/1 Switch(config)# end Examples: Creating an RSPAN VLAN This example shows how to create the RSPAN VLAN 901: Switch(config)# vlan 901 Switch(config-vlan)# remote span Switch(config-vlan)# end This example shows how to remove any existing RSPAN configuration for session 1, configure RSPAN session 1 to monitor multiple source interfaces, and configure the destination as RSPA
Configuring SPAN and RSPAN Feature History and Information for SPAN and RSPAN Release Modification Cisco IOS 15.0(2)EX Flow-Based Switch Port Analyzer (SPAN): Provides a method to capture only required (interesting) data between end hosts, by using specified filters. The filters are defined in terms of access lists that limit IPv4, IPv6 or IPv4 + IPv6, or non-IP traffic (MAC) between specified source and destination addresses. This feature was introduced. Cisco IOS 15.
INDEX monitoring 68 network traffic for analysis with probe 68 C Cisco Discovery Protocol (CDP) 33 Cisco Networking Services 16 CNS 16 Configuration Engine 14 restrictions 14 N NameSpace Mapper 16 D R default configuration 77 RSPAN 77 SPAN 77 defined 16, 33 Event Service 16 NameSpace Mapper 16 device stack 34 remote SPAN 69 restrictions 14 Configuration Engine 14 RSPAN 66, 68, 69, 71, 72, 73, 74, 75, 76, 77, 78, 83, 84, 86, 89 and stack changes 76 characteristics 74 configuration guidelines 78 defaul
Index S services 16 networking 16 Simple Network Management Protocol (SNMP) 33 SPAN 66, 68, 71, 72, 73, 75, 76, 77, 78, 80, 82, 91 and stack changes 76 configuration guidelines 77 default configuration 77 destination ports 73 interaction with other features 75 monitored ports 72 monitoring ports 73 overview 68 received traffic 71 session limits 66 sessions 71, 77, 78, 80, 82, 91 creating 78, 91 defined 71 limiting source traffic to specific VLANs 82 removing destination (monitoring) ports 77 SPAN (continu
