Table of Contents Cisco Switching Black Book...............................................................................................................................1 Introduction.........................................................................................................................................................4 Overview..................................................................................................................................................
Table of Contents Chapter 2: Basic Switch Configuration The RJ−45−to−AUX Port Console Connector Pinouts...................................................................36 Switch IOSs...........................................................................................................................................38 The IOS Configuration Modes........................................................................................................38 Limiting Telnet Access..............................
Table of Contents Chapter 3: WAN Switching BPX 8600 Series Wide−Area Switches..........................................................................................58 MGX 8800 Series Wide−Area Edge Switches...............................................................................59 WAN Switch Hardware Overview........................................................................................................59 Cisco WAN Switch Network Topologies...................................................
Table of Contents Chapter 4: LAN Switch Architectures LCP..................................................................................................................................................75 SAGE ASIC....................................................................................................................................75 QTP ASIC.......................................................................................................................................75 QMAC............
Table of Contents Chapter 5: Virtual Local Area Networks.......................................................................................................88 In Depth.................................................................................................................................................88 The Flat Network of Yesterday..............................................................................................................88 Why Use VLANs?......................................
Table of Contents Chapter 6: InterVLAN and Basic Module Configuration..........................................................................114 In Depth...............................................................................................................................................114 Internal Route Processors....................................................................................................................114 Available Route Processors.......................................
Table of Contents Chapter 7: IP Multicast Time to Live..................................................................................................................................147 Multicast at Layer 2.............................................................................................................................147 IGMP Snooping.............................................................................................................................147 Cisco Group Management Protocol..
Table of Contents Chapter 7: IP Multicast Configuring Packet−Based Suppression..............................................................................................159 Disabling Multicast Suppression.........................................................................................................159 Chapter 8: WAN Cell Switching...................................................................................................................160 In Depth........................................
Table of Contents Chapter 9: LightStream Switches Verifying an ATM Interface Connection Status..................................................................................190 Viewing the Configured Virtual Connections.....................................................................................191 Configuring the LECS ATM Address on a LightStream 1010 Switch...............................................191 Configuring the Advertised LECS Address..................................................
Table of Contents Chapter 10: Layer 2 Redundant Links Verifying the Port Cost Configuration on Both a Set/Clear Command− and CLI−Based Interface...217 Configuring the Port Priority on a Set/Clear Command−Based IOS..................................................217 Configuring the Port Priority on a CLI−Based IOS............................................................................217 Verifying the STP Port Priority on a Set/Clear Command−Based Switch..........................................
Table of Contents Chapter 11: Multilayer Switching Assigning a VLAN ID...................................................................................................................236 Adding an MLS Interface to a VTP Domain................................................................................236 Enabling MLS on an Individual Interface.....................................................................................237 Disabling MLS on an External Router Interface...........................
Table of Contents Chapter 12: Hot Standby Routing Protocol Enabling Interface Tracking................................................................................................................252 Using the show standby Command.....................................................................................................252 Using the debug Command..................................................................................................................253 Chapter 13: Policy Networking.....
Table of Contents Chapter 15: The Standard Edition IOS [V] Virtual LAN............................................................................................................................293 [R] Multicast Registration.............................................................................................................294 [F] Firmware..................................................................................................................................294 [I] RS−232 Interface.........
Table of Contents Chapter 16: Switch Troubleshooting Using the show log Command on a Set/Clear Command−Based IOS................................................336 Configuring SPAN for Port Monitoring on a Set/Clear Command−Based IOS.................................337 Configuring SPAN for VLAN Monitoring on a Set/Clear Command−Based IOS.............................337 Launching the Diagnostic Console on a Cisco 1900 or 2820 Series Switch.......................................
Table of Contents Appendix E: Switch Features........................................................................................................................359 Access Layer Switches........................................................................................................................359 Cisco Catalyst 1900.......................................................................................................................359 Cisco Catalyst 2820.....................................
Cisco Switching Black Book Sean Odom Hanson Nottingham © 2001 The Coriolis Group. All rights reserved. This book may not be duplicated in any way without the express written consent of the publisher, except in the form of brief excerpts or quotations for the purposes of review. The information contained herein is for the personal use of the reader and may not be incorporated in any commercial programs, other books, databases, or any kind of software without written consent of the publisher.
Steve Sayre Acquisitions Editor Charlotte Carpentier Product Marketing Manager Tracy Rooney Project Editor Toni Zuccarini Ackley Technical Reviewer Deniss Suhanovs Production Coordinator Carla J. Schuder Cover Designer Jody Winkler Layout Designer April Nielsen Dear Reader: Coriolis Technology Press was founded to create a very elite group of books: the ones you keep closest to your machine.
Jeff Duntemann VP and Editorial Director This book is dedicated to all those who endeavor to turn dreams into realities. —Sean Odom To my wife, Sonia, and my daughter, Sabrina. —Hanson Nottingham About the Authors Sean Odom is a CCNP, MCSE, and CNX−Ethernet. He has been in the computer networking field for over 12 years and can be found instructing a number of Cisco courses, including the Switching and Remote Access courses for Globalnet Training Solutions, Inc. (http://www.globalnettraining.com/).
Introduction Overview For many years I have been a consultant for different companies and have written books on switch and router configurations and troubleshooting. During my years as a consultant I have had to either install, administer, or troubleshoot switching problems and configurations for switches without a good handbook. I have constantly gone through bookstores looking for a book on Cisco switch troubleshooting and configurations that didn’t deal with a Cisco curriculum.
• Words in brackets that are separated by bars are used when indicating that there are multiple choices of commands. For example, when configuring VTP you can enable the trunk port to choose one mode: on, off, desirable, or auto mode. This will be shown like this: [on|off|desirable|auto]. Knowledge of what configuration mode you are in and how to enter each configuration mode on the Cisco Command Line Interface is important.
Chapter 1: Network Switching Fundamentals In Depth Although writing the first paragraph of a book is probably the least important part, it’s invariably the most difficult section to write. To get a good picture of the different parts of networking, readers need to know where networking began and the history behind the networks of today.
• Port switching—Takes place in the backplane of a shared hub. For instance, ports 1, 2, and 3 could be connected to backplane 1, whereas ports 4, 5, and 6 could be connected to backplane 2. This method is typically used to form a collapsed backbone and to provide some improvements in the network. • Cell switching—Uses Asynchronous Transfer Mode (ATM) as the underlying technology.
Many different types of physical cable media have been introduced over the years, such as Token Ring, FDDI, and Ethernet. At one time, Token Ring was seen as a technically superior product and a viable alternative to Ethernet. Many networks still contain Token Ring, but very few new Token Ring installations are being implemented. One reason is that Token Ring is an IBM product with very little support from other vendors.
Client/Server Network Model Peer−to−peer model networks evolved into the client/server model, in which the server shares applications and data storage with the clients in a somewhat more centralized network. This setup includes a little more security, provided by the operating system, and ease of administration for the multiple users trying to access data. A LAN in this environment consists of a physical wire connecting the devices.
After each frame transmission, all stations on the network contend equally for the next frame transmission. This competition allows access to the network channel in a fair manner. It also ensures that no single station can lock out the other stations from accessing the network. Access to the shared channel is determined by the Media Access Control (MAC) mechanism on each Network Interface Card (NIC) located in each network node.
Six types of hubs are found in the network: • Active hubs—Act as repeaters and eliminate attenuation by amplifying the signals they replicate to all the attached ports. • Backbone hubs—Collect other hubs into a single collection point. This type of design is also known as a multitiered design. In a typical setup, servers and other critical devices are on high−speed Fast Ethernet or Gigabit uplinks.
segment, it transmits the packet on that segment or port to that segment only. If the bridge does not know the destination segment, the bridge transmits a copy of the frame to all the interface ports in the source segment using a technique known as flooding.
Routers Routers are devices that operate at Layer 3 of the OSI Model. Routers can be used to connect more than one Ethernet segment with or without bridging. Routers perform the same basic functions as bridges and also forward information and filter broadcasts between multiple segments. Figure 1.2 shows routers segmenting multiple network segments. Using an OSI network Layer 3 solution, routers logically segment traffic into subnets. Figure 1.2: Routers connecting multiple segments.
To improving network performance, switches must address three issues: • They must stop unneeded traffic from crossing network segments. • They must allow multiple communication paths between segments. • They cannot introduce performance degradation. Routers are also used to improve performance. Routers are typically attached to switches to connect multiple LAN segments.
designed the most efficient path to the destination. Single points of failure need to be analyzed, as well. As we stated earlier, every large−network user has suffered through his or her share of network outages and downtime. By analyzing all the possible points of failure, you can implement redundancy in the network and avoid many network outages. Redundancy is the addition of an alternate path through the network.
Although the nodes on each port are in their own collision domain, the broadcast domain consists of all of the ports assigned to a particular VLAN. Therefore, when a broadcast is sent from a node in VLAN 1, all the devices attached to ports assigned to VLAN 1 will receive that broadcast. The switch segments the users connected to other ports, thereby preventing data collisions.
bridged networks. To resolve the issue, your network administrator may even upgrade your PC to a faster CPU or more RAM. This allows your PC to generate more input/output (I/O), increasing the saturation on the network. In this type of environment, every data packet is sent to every machine, and each station has to process every frame on the network. The processors in the PCs handle this task, taking away from the processing power needed for other tasks.
Poorly designed and implemented switched networks can have awful effects. Let’s take a look at the effects of a flat area topology and how we can design, modify, and upgrade Ethernet networks to perform as efficiently as possible. Properly Switched Networks Properly switched networks use the Cisco hierarchical switching model to place switches in the proper location in the network and apply the most efficient functions to each.
Switched Forwarding Switches route data based on the destination MAC address contained in the frame’s header. This approach allows switches to replace Layer 2 devices such as hubs and bridges. After a frame is received and the MAC address is read, the switch forwards data based on the switching mode the switch is using. This strategy tends to create very low latency times and very high forwarding rates.
Combining Switching Methods To resolve the problems associated with the switching methods discussed so far, a new method was developed. Some switches, such as the Cisco Catalyst 1900, 2820, and 3000 series, begin with either cut−through or FragmentFree switching. Then, as frames are received and forwarded, the switch also checks the frame’s CRC. Although the CRC may not match the frame itself, the frame is still forwarded before the CRC check and after the MAC address is reached.
Many types of physical media topologies can be applied to this concept. In this demonstration, we will utilize Ethernet 100BaseT. Ethernet 10BaseT and 100BaseT are most commonly found in the networks of today. We’ll make an upgrade to the network and alleviate our bottleneck on the physical link from the switch to each resource node or server. By upgrading this particular link to a Gigabit Ethernet link, as shown in Figure 1.7, you can successfully eliminate this bottleneck. Figure 1.
We call a switch a blocking switch when the switch bus or components cannot handle the theoretical maximum throughput of all the input ports combined. There is a lot of debate over whether every switch should be designed as a non−blocking switch; but for now this situation is only a dream, considering the current pricing of non−blocking switches. Let’s get even more complicated and introduce another solution by implementing two physical links between the two switches and using full−duplexing technology.
Switched Ethernet Innovations Around 1990, many vendors offered popular devices known as intelligent multiport bridges; the first known usage of the term switch was the Etherswitch, which Kalpana brought to the market in 1990. At the time, these devices were used mainly to connect multiple segments—they usually did very little to improve performance other than the inherent benefits bridges provide, such as filtering and broadcast suppression.
backward compatible to most of the equipment in use at the time. Although the standards bodies debated the merits of each of the camps, the marketplace decided for them. Fast Ethernet is the overwhelming winner, so much so that even HP sells Fast Ethernet on almost all its products. Note In 1995, Cisco purchased both Kalpana and Grand Junction and incorporated their innovations into its hardware. These devices became the Catalyst line of Cisco products.
devices run the same IOS. Some use a graphical interface, some use a Set/Clear command−line interface, and some use a Cisco Command Line Interface (CLI). Cisco has acquired more devices than they have designed and built themselves. Therefore, Cisco has adapted the operating systems designed for each device they have acquired to use the protocols and standards of the company. Almost all Cisco routers run the same IOS, but only about half of the switches currently run the Cisco CLI IOS.
Router(config)#interface e0/0.? <0−4294967295> Ethernet interface number Router(config)#interface e0/0.
snmp−server spantree spantree−template storm−control switching−mode tacacs−server tftp uplink−fast vlan vlan−membership vtp SeansSwitch(config)# Modify SNMP parameters Spanning tree subsystem Set bridge template parameter Configure broadcast storm control parameters Sets the switching mode Modify TACACS query parameters Configure TFTP Enable Uplink fast VLAN configuration VLAN membership server configuration Global VTP configuration commands Notice that as you progress through the modes on the Cisco IOS,
multiple physical topologies, restricting broadcasts, and providing network security. Using switches and routers together, you can integrate large networks and provide a high level of performance without sacrificing the benefits of either technology.
Switch(config−if)#interface e0.1 Switch(config−subif)# Tip You can abbreviate any command as much as you want, as long as it remains unique (no other command exists that matches your abbreviation). For instance, the command interface e0.1 can be abbreviated as int e0.1. To exit to Global Configuration mode, use the exit command or press Ctrl+Z. Tip Entering a question mark (?) in any mode will display the list of commands available for that particular mode.
Chapter 2: Basic Switch Configuration In Depth Throughout the last decade, Cisco has acquired some major switching vendors such as Kalpana and Crescendo. As a result, Cisco switches have a variety of command−line interfaces you need to be familiar with in order to set up and maintain the devices. Command−Line Interfaces The most common interface found on the Cisco Catalyst line of switches is the original Crescendo interface (named for the vendor Cisco purchased).
For security reasons, you should change the default password and add an enable password on the Crescendo and IOS CLI−based interface switches. In the next stage of the configuration, you should assign an IP address, subnet mask, and default route to the route processor for routing and management purposes. Once you have finished the preceding basic steps, you can connect the switch to the rest of the local network.
• Weighted fair queuing (WFQ)—Allows for multiple queues so that no one queue can starve another of all its bandwidth. WFQ is enabled by default on all serial interfaces that run at or below 2Mbps, except for those interfaces with Link Access Procedure, Balanced (LAPB), X.25, or Synchronous Data Link Control (SDLC) encapsulations. Most networks fail when their design creates unstable network links, hardware failures, or routing loops.
The Distribution layer defines the boundaries for the network and provides packet manipulation of the network traffic. It aids in providing isolation from topology changes such as media translations, defining broadcast domains, QoS, security, managing the size of the routing table, aggregating network addresses, static route distribution, dynamic route redistribution, remote site connectivity, and inter−domain traffic redistribution.
RMON provides support for the following groups of Token Ring extensions: • MAC−Layer Statistics Group—A collection of statistics from the MAC sublayer of the Data Link layer, kept for each Token Ring interface. This group collects information such as the total number of MAC layer packets received and the number of times the port entered a beaconing error state. • Promiscuous Statistics Group—A collection of promiscuous statistics kept for non−MAC packets on each Token Ring interface.
Figure 2.2: The different types of console ports on the switches. The console port must be accessed through a PC or another device (such as a dumb terminal) to view the initial configuration. From the console port, you can configure other points of entry—such as the VTY line ports—to allow you to use Telnet to configure the switch from other points in your network. On switches where the console port is an RJ−45 port, you must plug a rolled RJ−45 cable straight into the port.
7 8 Table 2.3: Rollover cable RJ−45−to−RJ−45 pinouts. 7 8 RJ−45 1 2 3 4 5 6 7 8 RJ−45 8 7 6 5 4 3 2 1 Console Connectors Different console adapters connect different interfaces in order to connect to the console port. The following are the types of console connectors for each switch: • Catalyst 1900, 2820, and 2900 XL series switches each have an RJ−45 console port. You can connect to the console port using a straight−through Category 5 cable.
Pin Signal 1 RTS 2 DTR 3 TXD 4 GND 5 GND 6 RXD 7 DSR 8 CTS Table 2.5: The RJ−45−to−DB−9 AUX port pinouts by color. Input/Output Out Out Out N/A N/A In In In Color RJ−45 DB−9 Brown 1 6 Blue 2 7 Yellow 3 2 Green 4 5 Red 5 5 Black 6 3 Orange 7 4 White 8 8 Table 2.6 shows the connectors most often used for modem connections. Table 2.7 shows the connectors most often used with Unix workstation connections to the console port. Table 2.6: DCE connector pinouts for an RJ−45 to a DB−25 male.
Table 2.8: DB−25−to−DB−9 connector pinouts. DB−25 2 3 4 5 6 7 8 20 Signal TXD RXD RTS CTS DSR GND DCD DTR DB−9 3 2 7 8 6 5 1 4 Switch IOSs Three types of Cisco operating systems are in use: • Set/Clear command interface—Found on models of the Catalyst 2926, 2926G, 2948G, 2980G, 4000, 5000, 5500, 6000, and 6500 series of switches. They are called Set/Clear because most commands on the switches start with set, clear, or show.
• Privileged EXEC mode—The Privileged command set includes those commands contained in User EXEC mode, as well as the configure command, through which you can access the remaining command modes. Privileged EXEC mode also includes high−level testing commands, such as debug. • Global Configuration mode—Global Configuration mode commands apply to features that affect the system as a whole. Use the configure privileged EXEC command to enter Global Configuration mode.
Setting the Login Passwords By default, Cisco switches have no passwords configured when they are shipped. On the Cisco IOS−based switches, different priority levels of authority are available for console access. You can define two levels on IOS−based switches: privilege level 1, which is equivalent to User EXEC mode; and privilege level 15, which is equivalent to Privileged EXEC mode.
The time−out value is now set to five minutes, using seconds. Tip You can use the lock command to lock an unused Telnet session. After you issue the lock command, the system will ask you to enter and verify an unlocking password.
Configuring Port Speed and Duplex To configure the port speed—whether 10Mbps or 100Mbps—use the following commands: CORIOLIS5500(config) interface fastethernet 2/3 CORIOLIS5500(config−int) speed 100 CORIOLIS5500(config−int) duplex full The auto command can be used when the port on the other side is manually set. Links should not be configured with the auto setting on both devices connecting the links because both sides will try to determine the speed on the other side of the link and neither will agree.
Console> enable Enter password: 5. Because you have not yet set a Privileged EXEC mode password, pressing Enter will put you into Privileged EXEC mode. The console will show the following prompt: Console> (enable) • You are now in Privileged EXEC mode. Warning Starting here, all configuration changes are executed and saved to memory immediately. Setting the Login and Enable Passwords Because you don’t want the janitor coming in and trying to configure your networks, you need to configure a password.
Entering a Contact Name and Location Information Next, let’s set the contact name for the person or organization that is administering this switch. Use the following commands to set the switch contact and location: CORIOLIS5500(enable) set system contact Joe Snow CORIOLIS5500(enable) set system location Coriolis Wiring Closet Configuring System and Time Information For troubleshooting with SNMP and Cisco Discovery Protocol (CDP), you need to configure system information to identify the switch.
sc0: flags=63 vlan 1 inet 68.187.127.1 netmask 255.255.255.0 broadcast 68.187.127.1 Console> (enable) Configuring a Default Route and Gateway Data traffic not addressed to the local subnet or VLAN must be sent to a default route or destination. For redundancy purposes, a secondary default gateway can be configured if the primary gateway link is lost. The switch attempts to use the secondary gateways in the order they were configured, unless the syntax primary is used.
SeansSwitch (enable) set SeansSwitch (enable) set auto SeansSwitch (enable) set Ports 2/1−8 transmission SeansSwitch (enable) port speed ? Module number and Port number(s) port speed 2/1 ? Set speed to auto Port speed (4, 10, 16, 100 or 1000) port speed 2/1−8 100 speed set to 100Mbps.
Configuring a Menu−Driven IOS The Catalyst 3000 series has a menu−driven switch interface, which allows you to use the arrow keys on your keyboard to select the different options used to configure the switch. As with the other two types of interfaces, you need to connect the switch to a dumb terminal or PC. This switch, however, supports a process known as autobaud, which allows you to press the Enter key several times to get the switch’s attention.
Configuring the Console Port To configure the Console port, do the following: 1. Choose Configuration|Serial Configuration. 2. As shown in Figure 2.5, you can configure four options: the Hardware Flow Control, the Software Flow Control, the Autobaud Upon Break feature, and the Console Baud Rate. Under normal circumstances, you will never change these defaults. However, the option you probably won’t be familiar with—and which Cisco recommends not changing—is the Autobaud Upon Break feature.
Figure 2.6: The menu−driven VLAN IP configuration screen. Related solutions: Found on page: Creating a Standard Access List 402 Creating an Extended Access List 403 Enabling Port Security 411 Configuring SNMP You can configure up to 10 community strings on the menu−driven switch IOS by following these steps: 1. Enter the appropriate IP configurations as shown in Configuring an IP Address and Default Gateway. 2. Select Configuration|SNMP Configuration.
Configuring ROM ROM monitor is a ROM−based program that can be configured to execute upon the following conditions: • Upon boot−up • Upon recycling the switch power • When a fatal exception error occurs • When the switch fails to find a valid system image • If the nonvolatile RAM (NVRAM) configuration is corrupt • If the configuration register is set to enter ROM monitor mode The ROM monitor CLI is present only on the Supervisor Engine III, Catalyst 4000, and the 2948G series switch Supervisor Engine module
Configuring SNMP RMON works in conjunction with SNMP and requires a protocol analyzer or probe to use its full features. To use SNMP−based monitoring, you need to verify that SNMP is running on your IOS−based switch. 1. Verify that SNMP is running, using the following command in User or EXEC mode: show snmp 2. Enable SNMP and allow read−only access to hosts using the public SNMP string by using this command in Configuration mode: snmp−server community public 3.
read−write Administrators read−write−all Root Trap−Rec−Address Trap−Rec−Community ———————————————————————————— ———————————————————— 168.187.127.4 read−write 168.187.127.6 read−write−all Console> (enable) 3. To verify that RMON is running, use the following command in EXEC mode: show rmon Using Set/Clear Command Set Recall Key Sequences The CLI of a Set/Clear interface is based on Unix, so certain c−shell commands can be issued to recall commands previously issued.
Up arrow Down arrow Ctrl+A Ctrl+B Ctrl+D Ctrl+E Ctrl+F Ctrl+K Ctrl+L Ctrl+T Ctrl+U Ctrl+V Ctrl+W Ctrl+Y Ctrl+Z Recalls commands in the history buffer Returns to more recent commands Moves to the beginning of a line Moves back one character Deletes a character Moves to the end of the command line Moves forward one character Deletes all characters to the end of the line Redisplays the system prompt and command line Transposes the character to the left of the cursor with the character at the cursor Deletes al
Chapter 3: WAN Switching In Depth Switches are not only used in LAN networks; they are also used extensively in wide area networks (WANs). Chapters 1 and 2 gave you an overview of LAN switching. Well, WAN switching is the same in some ways and completely different in others. In an Ethernet switching environment, the switch utilizes Carrier Sense Multiple Access with Collision Detection (CSMA/CD). The switch or host sends out a packet and detects if a collision occurs.
Figure 3.1: A packet’s journey from a host to a WAN device. The WAN transmission is continuous and does not have to wait for acknowledgement or permission. Let’s take a look at how this process would work in a T1 line.
The capability of broadband to carry multiple signals enables it to have a higher transmission speed. Table 3.2 displays the various broadband transmissions, which require more expensive and specialized transmitters and receivers. Table 3.2: The different broadband transmission types and their bandwidth. Transmission Type Bit Rate DS2 6.312Mbps E2 8.448Mbps E3 34.368Mbps DS3 44.736Mbps OC/STS−1 51.840Mbps OC/STS−3 155.520Mbps OC/STS−9 466.560Mbps OC/STS−12 622.080Mbps OC/STS−18 922.120Mbps OC/STS−24 1.
STS−n is an interleaving of multiple (n) STS−1s. The size of the payload and the overhead are multiplied by n. Figure 3.4 displays an STS diagram. Figure 3.4: The STS−1 framing and STS−n framing. The overhead and payload are proportionate to the n value, with the STS−1 frame as the base. You may wonder why we’re talking about synchronous transmission when we said it is only used over short distances.
ATM frame user−network interface (UNI), or System Network Architecture (SNA). The MGX 8240 Private Line Service Gateway is designed to terminate private lease lines (T1, T3, or DS0). It has 16 slots with 1 reserved for a redundant control card. It can support up to 1,260 channelized T1s. It is designed for large Internet service providers (ISPs) to aggregate dial−in traffic, which is delivered by the local central office’s Class 4 or Class 5 switch in a T1 or T3 interface.
The BPX 8620 is a pure ATM broadband switch. It has a nonblocking 9.6Gbps architecture. The interface modules range from T3 to OC−12. Each trunk port can buffer up to 32,000 cells. The OC−12 interface module has two OC−12 ports. The OC−3 interface module has eight OC−3 ports. The BPX is commonly used in conjunction with multiple MGX switches. The MGX concentrator terminates narrowband traffic to an OC−3 trunk to the BPX 8620, which aggregates it to multiple OC−12s to the WAN ATM network.
The system bus backplane contains multiple buses for connecting the modules. It has no active component. Different buses provide power to the modules, transfer of data, timing control, system commands, and other functionality. Cisco WAN Switch Network Topologies We’ve talked about the transmission media, the signal, and the equipment. Let’s put it all together. Cisco classifies WAN topologies into three designs: flat, tiered, and structured.
nodes in the domain have limited contact with switches outside the domain. You will rarely see this design today, because the current switching software no longer supports it. Network Management In managing a wide area network, you have to understand the basic network management technology common to both LANs and WANs.
the network while highlighting any local problems. • Connection Management—Provides a graphic interface to configure WAN switches. It provides templates to minimize the work in setting up many connections. All interface modules are supported, including VoIP/VoATM setups. • Performance and Accounting Data Management—Controls the collection of SNMP information from the network. The statistics collected are stored in an Informix database. Reports can be generated by the built−in report generator or by SQL.
Using the History Command You can display a list of the previous 12 commands by pressing the period (.) key; this command has a privilege level of 6. You can select which command to repeat by entering a number from 1 through 12. (Entering “1” repeats the most current command, “5” repeats the command five back in the list, and so on.) After you enter the number, the previous command is copied to the command line. You can edit the command or parameters before issuing the command.
service, or StrataCom level. Displaying Other Switches To display a list of known switches, use the dspnds command. This command is privilege level 6. You should see only the one switch on the display until connectivity is established with other switches. You can add the optional parameter +n to display the switch number. Setting the Switch Name You can configure a name by which the switch will be known in the network using the command cnfname followed by the hostname.
Accessing the MGX 8850 and 8220 The MGX 8850 has a control port, maintenance port, and LAN port. The control port is an EIA/TIA−232 Data Communications Equipment (DCE) interface. To access the control, you must use a terminal or a PC with a terminal emulation program. The maintenance port is an EIA/TIA−232 DCE interface that utilizes Serial Line Internet Protocol (SLIP). You must configure an IP address to the interface before it can be used. The LAN port is a DB15 attachment unit interface (AUI).
Displaying a Summary of All Modules The command dspcds will display the summary information of all the modules. This is a level 6 command. The card number, card status, card type, switch name, date, time, time zone, and IP address are all displayed. The information is displayed one screen at a time. Press the Enter key to display a second screen, and press Q to stop the display. Displaying Detailed Information for the Current Card The command dspcd will display detailed information for the current card.
Configuring the IP Interface The command cnfifip is used to set the IP address, netmask, and broadcast address. Each parameter must be entered one at a time. The parameters are as follows: • −if—The interface (26 for Ethernet, 28 for SLIP, or 37 for ATM) • −ip—The IP address • −msk—The network mask • −bc—The broadcast address This command has a privilege level of 1.
Chapter 4: LAN Switch Architectures In Depth Knowing the internal architectures of networking devices can be a great asset when you’re working with Cisco switches. Knowing how the internal components work together, as well as how Application−Specific Integrated Circuits (ASICs) and CPUs are used, can give you an advantage in determining what Cisco device will work best at every point in the network.
Single BUS vs. Crossbar Matrix A single−BUS architecture is pretty simple: One BUS connects all the ports together. This setup creates a bandwidth problem called a blocking architecture, or what the networking industry likes to call over−subscription. Over−subscription is characterized as a condition in which the total bandwidth of all the ports on the switch is greater than the capacity of the switching fabric or backplane.
• Synergy Advanced Multipurpose Bus Arbiter (SAMBA) ASIC EARL ASIC The Encoded Address Recognition Logic (EARL) ASIC performs functions that are very similar to those of the Content Addressable Memory (CAM) table. Switches use this CAM to make filtering and forwarding decisions. The EARL ASIC connects directly to the data switching bus, allowing the ASIC access to all the frames that cross the switching fabric.
This ASIC operates in either master or slave mode. In master mode, the ASIC allows ports access to the bus based on a priority level of normal, high, or critical. In slave mode, each port must post a request to each SAMBA ASIC, negotiate local port decisions, and arbitrate requests with the Supervisor Engine’s SAMBA ASIC. The Crescendo Processors Although we have ASICs to do some of the hard work of the processors, processors still must be involved to handle the more dynamic administrative items.
ARB The Arbiter (ARB) is located on each line module. It uses a two−tiered method of arbitration to assign queuing priorities and control data traffic through the switch. The arbiter controls the traffic coming to and from the line modules. In addition, a Central Bus Arbiter located on the Supervisor Engine module obtains permission to transmit frames to the switching engine. The Central Bus Arbiter provides special handling of high−priority frames by using a round−robin approach.
through which all switched ports communicate. The AXIS bus is a partially asynchronous time division multiplexed bus used for switching packets between heterogeneous LAN modules. CEF ASIC The Cisco Express Forwarding (CEF) ASIC and Distributed Cisco Express Forwarding (dCEF) ASIC are Cisco’s newest ASICs, found in Cisco’s lines of routers and switches. In Cisco’s switching line, you will find this ASIC available in the 8500 GSR and 12000 GSR series.
• Per−destination load balancing—Enabled by default when you enable CEF. It allows multiple paths to be used for load sharing. Packets destined for a given destination or source host are guaranteed to take the same path, although multiple destinations are available. • Per−packet load balancing—Uses a round−robin approach to determine what path individual packets will take over the network. Per−packet load balancing ensures balancing when multiple paths are available to a given destination.
Figure 4.3: Cisco Express Forwarding ASIC components. Note CEF supports Ethernet, Fiber Distributed Data Interface (FDDI), Point−to−Point Protocol (PPP), High−Level Data Link Control (HDLC), Asynchronous Transfer Mode (ATM)/AAL5snap, ATM/AAL5mux, ATM/AAL5nlpid, and tunnels. Phoenix ASIC The Phoenix ASIC is another ASIC used to handle high−speed data traffic on the Supervisor Engine III. This ASIC provides a gigabit bridge between each of the buses located on the module.
connected to the QMAC ASIC. QMAC The QMAC uses four protocol handlers to support four Token Ring physical interfaces directly connected to the QTP ASIC. Together, these two ASICs provide support for early token release (ETR) and Token Ring Full Duplex (FDX) concentrator and adapter modes for dedicated Token Ring. Bridging Types In the early 1980s, IBM developed a non−routable protocol called NetBIOS as part of its implementation strategy.
Source Route Transparent Bridging Source Route Transparent Bridging (SRT) is a combination of SRB and TB. SRT bridges make forwarding decisions based on either the Routing Information Field (RIF) for the destination or the MAC address in the frame. Some protocols attempt to establish a connection using a frame without using a RIF. These applications send a test frame to see if the destination is on the same ring as the source.
Switching Paths The switch is commonly referred to in marketing terms as a Layer 2 device. If you keep thinking that way, this section will confuse you. By definition, switching paths are logical paths that Layer 3 packets follow when they are switched through a Layer 3 device such as a router or internal route processor. These switching types allow the device to push packets from the incoming interface to the interface where the packet must exit using switching paths or table lookups.
Autonomous Switching With autonomous switching, when a packet arrives on an interface, it is forwarded to the interface processor. The interface processor checks the silicon−switching cache; if the destination address is not contained in that cache, the autonomous cache is checked. The packet is encapsulated for autonomous switching and sent back to the interface processor. The header is not sent to the route processor with this type of switching.
The first packet that’s copied to the NetFlow cache contains all security and routing information. If policy networking (such as an access list) is applied to an interface, the first packet is matched to the list criteria. If there is a match, the cache is flagged so that any other packets arriving with the flow can be switched without being compared to the list. Note NetFlow switching can be configured on most 7000 series router interfaces and can be used in a switched environment.
Booting the Supervisor Engine III from Flash To boot from a Flash device, use the following command: boot [device][image name] Note If you do not specify an image file name, the system defaults to the first valid file in the device. Remember that file names are case sensitive. Use the show flash command to view the Flash files. The device can be the local Supervisor Engine’s Flash memory or a TFTP server.
Enabling dCEF To enable dCEF operation, use the following command: ip cef distributed Disabling dCEF To disable dCEF operation, use the following command: no ip cef distributed Warning Never disable dCEF on a Cisco 12000 series. Disabling CEF on an Individual Interface When you enable or disable CEF or dCEF in Global Configuration mode, all supported interfaces that support CEF or dCEF are affected. Some features on interfaces do not support CEF, such as policy routing.
show ip cef Viewing CEF Packet−Dropped Statistics To view the number of packets dropped from each line card, use the following command: show cef drop Viewing Non−CEF Path Packets To view what packets went to a path other than CEF, use the following command: show cef not−cef−switched Disabling Per−Destination Load Sharing If you want to use per−packet load balancing, you need to disable per−destination load balancing.
Enabling Telnet Session Logging on a Set/Clear Command−Based IOS To enable session logging for a Telnet session, use the following command: set logging session enable Disabling Console Session Logging on a Set/Clear Command−Based IOS To disable session logging for a console session, use the following command: Catalyst5000> (enable) set logging console disable System logging messages will not be sent to the console.
You can use the logging timestamps in your system logging to help you keep track of when events happen. To enable the logging time stamp, use the following command in Privileged mode: Catalyst5000> (enable) set logging timestamp enable System logging messages timestamp will be enabled.
Displaying the Logging Configuration Use the show logging command to display the current system message logging configuration. Use the no alias keyword to display the IP addresses instead of the host names of the configured syslog servers.
do not specify the number of messages, the default is to display the last 20 messages in the buffer (−20).
Chapter 5: Virtual Local Area Networks In Depth Faced with the problems of a slow network, many network administrators make expensive mistakes. Several times, I have come across companies that have a fiber link to every desktop. In fact, an architectural firm I consulted for comes to mind. The company used hubs to deliver data to each desktop. When the company reached about 150 workstations in its LAN, the users began to complain about how slow their network and PCs were becoming.
the network. The processors in each node handle this task, which takes away from the processing power needed for other tasks and application—thus causing a slowdown that the users discover and complain about. Most network administrators pass off this slowness as a problem with the PCs, and the most vital PCs are rebuilt or replaced. When the companies finally decide to upgrade to a switched network, they can typically do so over a weekend.
VLAN Basics Inter−Switch Link (ISL) protocol was designed to allow VLAN traffic to flow from one Cisco device to another. The protocol adds a header that uniquely identifies the source and destinations of the data as well as the VLAN the data is a member of. If data from one VLAN needs to be forwarded to another VLAN, it requires some type of Layer 3 routing. Layer 3 routing can be provided by any number of modules known as internal route processors.
processing). Broadcasts are used in each and every networking protocol. How often they occur depends upon the protocol, the applications running on the network, and how these network services are used. To avoid the older, chatty protocols, older applications have been rewritten to reduce their bandwidth needs even though bandwidth availability to desktops has increased since the applications were written.
This setup allows for a more secure network. In addition, network administrators now have more control over each port as well as the ability to deny the user based on the Layer 2 or Layer 3 address the user is using to access the port. Users no longer have the ability to just plug their workstation into any network port in the office and access network resources. The administrator controls each port and the resources the user may access.
VLAN Membership Policy Server (VMPS, discussed in the next section). In this situation, the administrator must have very defined goals, and network planning must be more detailed so as to not create bottlenecks in the WAN. Your goal in defining an end−to−end VLAN solution must be centered around the 20/80 Rule: Maintain 20 percent of the network traffic as local, or within the VLAN, and design the WAN network to support speeds that will accommodate this use.
Cisco also recommends a one−to−one ratio between VLANs and subnets. This means that you must understand how users are broken up by subnets. If you have 1,000 users in a building and 100 users are in each subnet, then you should have 10 VLANs. VLAN Trunking There are two types of VLAN links: a trunk link and an access link. An access link is part of only one VLAN, referred to as the native VLAN of the port.
• IEEE 802.10 • IEEE 802.1Q • Inter−Switch Link (ISL) • LAN Emulation (LANE) IEEE 802.10 The IEEE 802.10 standard is used to send VLAN information over a Fiber Distributed Data Interface (FDDI) physical link. In this situation, ISL is disabled and IEEE 802.10 is used to forward the VLAN frames. The Clear Header on a FDDI frame contains a Security Association Identifier (SAID), a Link Service Access Point (LSAP), and the Management Defined Field (MDF).
Unlike ISL, IEEE 802.1Q is not a Cisco proprietary protocol. It can be used to carry the traffic of more than one subnet down a single cable, and it is compatible with devices that are not running the Cisco IOS. 802.1Q changes the frame header with a standard VLAN format, which allows multiple−vendor VLAN implemen−tations. For example, a Bay Networks switch or a 3COM switch can work with a Cisco switch to pass VLAN information on a trunk link.
• High bit of source address (HSA)—The 3−byte manufacturer’s portion of the SA field or vendor field of the source port’s MAC address. • 15−bit descriptor—Used to distinguish the frame from other VLANs or colors. 10 bits are used to indicate the source port. • Bridge Protocol Data Units (BPDU) bit—Used to indicate Spanning Tree Protocol (STP) or Cisco Discovery Protocol (CDP) topology information. • 16−bit index value—Used to indicate the port address.
VTP Versions VTP comes in two versions: version 1 and version 2. The primary differences between the two version are few, but they are significant enough to render the two versions incompatible. The two versions will not work together in the same network. Version 1 is the default on Cisco Catalyst switches and supports Ethernet media.
the updater’s identity, the updater’s timestamp, and the MD5 digest field. • Subset advertisement—Contains very detailed information about the network, including the version, code, sequence number, management domain name, configuration revision number, and VLAN information fields. VTP advertisements can contain the following information: • 802.10 SAID values—For FDDI physical media. • Configuration revision number—The higher the number, the more updated the information.
Many network administrators make the mistake of using the clear config all command, believing that it will erase the current revision number. Doing so is a bad mistake on the network administrator’s part. This command doesn’t do what it says it does—it doesn’t really “clear all.” VTP has its own NVRAM, so the VTP information as well as the revision number will still be present if you perform the clear config all command. You can take care of this problem two ways.
Server Mode Server mode, which is configured by default, allows you to create, modify, and delete VLANs for the management domain. Configuration changes are then sent to all other participating members of the VTP domain. At least one VTP server should exist in the VTP management domain. Two or more switches can be configured as servers for redundancy. When a server’s power is cycled, the switch configured as a server maintains its global VLAN information.
than a simple hub can achieve. This ability enables a switch to take the place of another device, called a repeater. A repeater is a device dedicated only to data regeneration. Repeaters allow data to be forwarded over greater distances, allowing the data to overcome regular data distance limitations for the type of physical media being used. By filtering frames and regenerating forwarded frames and packets, the switch can split the network into many separate collision domains.
Figure 5.4: An example of an external router routing interVLAN traffic. Configuring a Static VLAN on a Catalyst 5000 Series Switch The Cisco Catalyst 2900G series, 5000 family, and 6000 family of switches use the Cisco Set/Clear−based CLI. It is important to understand the difference between the Catalyst 5000 series VLAN configuration and the Enterprise IOS edition that runs on the other series of Cisco switches, which use an IOS−based VLAN configuration.
User Interface Menu [M] Menus [K] Command Line [I] IP Configuration Enter Selection: K Once a CLI session on the switch is open, you must create a VLAN number and name. The command used to do this is as follows: vlan [vlan#] name [vlan name] command To use this command, you must be in Global Configuration mode on the switch. To enter Global Configuration mode and create VLANs, take a look at the following example: >enable #config terminal Enter configuration commands, one per line.
Viewing the VLAN Configuration on a 1900 Series Now that we have created the VLANs we want, we can use the show vlan command to see the configured VLANs. Notice that all unconfigured ports on the switch are in VLAN 1.
(vlans = 1..1005 An example of vlans is 2−10,1005) (trunk_type = isl,dot1q,dot10,lane,negotiate) The different port negotiation types are described in Table 5.1, and the different trunk encapsulation types are described in Table 5.2. Table 5.1: Port negotiation syntaxes for configuring VLAN trunks. Variable auto Description This trunking mode is used if the port uses DISL to initiate trunking. This is the default mode for Fast Ethernet and mimics plug−and−play.
Mapping VLANs to a Trunk Port In the last example, we assigned port 2/1 as a trunk port using ISL encapsulation. Notice that we did not specify the VLANs to trunk. By default, all VLANs would be trunked. You can assign only VLANs 1 through 200 to be trunked across this configured trunk link, as shown here: Console> (enable) set trunk 2/1 on 1−200 isl Adding vlans 1−1005 to allowed list. Please use the Ôclear trunk’ command to remove vlans from allowed list. Port(s) 2/1 allowed vlans modified to 1−1005.
To remove VLAN 2 from a trunked port use the following command: 1912(config−if)#no trunk−vlan 2 1912(config−if)# Note No command is available to clear more then one VLAN at a time on the 1900.
5000> (enable) set vtp v2 enable This command will enable the version 2 function in the entire management domain. All devices in the management domain should be version2−capable before enabling. Do you want to continue (y/n) [n]? y VTP domain modified 5000> (enable) Configuring a VTP Domain on a Catalyst 1900 Switch The 1900EN series switches only use VTP version 1. The switch can be a member of only one VTP domain.
Configuring VTP Pruning on a Catalyst 1900 Switch To configure the switch for VTP pruning, use the following command: 1912(config)# vtp pruning Configuring VTP on a Set/Clear CLI Switch Before you can configure a router or internal route processor for interVLAN routing, you must enable VTP, assign a mode, and configure a domain. 1. You enable and configure VTP and VLANs on the switch in Privileged mode.
1900EN(config)#vtp domain Coriolis 1900EN(config)# To set a VTP domain password on a 1900EN to “pass1” use the following command: 1900EN(config)# vtp password pass1 1900EN(config)# Verifying the VTP Configuration on a Set/Clear CLI To verify the VTP domain information, use the command show vtp domain.
Digest Errors 0 VTP Pruning Statistics: Port Join Received Join Transmitted ———— ————————————— A 0 B 0 1912# ———————————————— 0 0 Summary Adverts received with no pruning support ——————————————————————— 0 0 Configuring VTP Pruning on a Set/Clear CLI Switch Enabling pruning on a VTP server enables pruning for the entire domain, which is by default VLANs 2 through 1005. VLAN 1 can never prune.
2. Specify an IP routing protocol such as Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Internet Gateway Routing Protocol (IGRP), or Enhanced IGRP (EIGRP) and identify the network: Cisco7505(config)#router rip Cisco7505(config−router)#network 192.1.0.0 3. Create a subinterface on a physical interface in Interface Configuration mode for the port connected to the switch: 7505(config−router)#interface fastethernet2/0.100 4.
Chapter 6: InterVLAN and Basic Module Configuration In Depth One of the first things you will discover in this chapter is that switch is merely a marketing term. When we think of a switch, we think of a device that operates at Layer 2. Well, in this chapter we’ll walk through the process of configuring Cisco switch−swappable cards and modules, and you’ll find that today’s switches have modules and cards that allow them to operate not just at Layer 2 but at Layers 3 and 4, as well.
The FIB maintains a copy of the forwarding information contained in the IP routing table based on the next−hop address. The routing table is updated if routing or topology changes are detected in the network. Those changes are then forwarded to the FIB, and the next−hop information is recomputed based on those changes. Cisco Express Forwarding ASIC The CEF ASIC and Distributed Cisco Express Forwarding (dCEF) ASIC are Cisco’s newest ASICs; the company uses them in high−end devices.
proprietary protocol transfers the FIB information to a NetFlow Feature Card (NFFC or NFFC II) on a Cisco Catalyst 5000 series, or to another forwarding board or module on the higher−speed Cisco distributed switches. There is little difference between using an external router and an internal route processor as your source of the FIB to route Layer 3 protocol data traffic or to perform inter−VLAN routing; it is basically a design choice.
segments, networks, or the Internet. A few types of route processors are available for Catalyst switches. They include: • NetFlow Feature Card and NetFlow Feature Card II • Route Switch Module • Route Switch Feature Card • Multilayer Switch Module NetFlow Feature Card and NetFlow Feature Card II The NFFC and NFFC II are feature cards that work primarily with an RSM or other high−end router.
NFFC also provides protocol filtering to allow segmentation by VLANs. It can provide per−port filtering of data in four different groups: • Internet Protocol (IP) • Internetwork Packet Exchange (IPX) • AppleTalk, DECnet, and Banyan Vines • Other group Tip By default, the IP group is on, but it can be turned off for the other groups listed. Remember, the NFFC and NFFC II do not process Token Ring packets.
load−balance the channels. VLAN 0’s MAC address is the address assigned to the programmable ROM (PROM) on the line communication processor (LCP) located on the RSM. This MAC address can be used for diagnostic purposes and to identify the RSM’s slot number. All the other VLANs are assigned the base MAC address from the RSM PROM, which is preprogrammed with 512 MAC addresses. The RSM can route up to 256 VLANs.
EIGRP checks its topology table for a suitable new route to the destination. If a route exists in the table, EIGRP updates the routing table with the new route and purges the old route from the table. Unlike other routing protocols, EIGRP saves WAN−link bandwidth by sending routing updates only when routing information changes. It also takes into account the available bandwidth between the paths to determine the rate at which it transmits updates.
Figure 6.1: The Catalyst Supervisor Engine I and II. • Media Access Control Addressing and VLANs—Support for 16,000 active MAC addresses for up to 1,024 VLANs allocated dynamically between active ports. • Management—Support for Simple Network Management Protocol (SNMP) for statistical management. The SE also supports access and management through the console and Telnet interface.
Figure 6.3: The Catalyst Supervisor Engine III G. • Gigabit Interface Converter (GBIC) for use with multimode fiber (MMF) or single−mode fiber (SMF) interfaces using SC connectors • An MCF5102 processor Using the Supervisor Engine If you installed the Supervisor Engine from another switch, it probably has been configured for other interfaces; as a result, the configuration needs to be cleared. To do this, use the clear config command to return the Supervisor Engine to its factory defaults.
The auto syntax allows the port to autonegotiate the port speed. On an Ethernet or Fast Ethernet interface, use the command set port duplex mod_num/port_num {full|half|auto} to set the port duplex mode. Again, the auto syntax can be used to allow the port to autonegotiate the duplex mode.
—— —————————————————————————————————————— 1 00−40−0b−80−54−00 to 00−40−0b−80−57−fi 2 00−40−0b−03−5d−58 to 00−40−0b−03−5d−6f 3 00−43−0d−91−45−66 to 00−43−0d−91−dc−67 Mod Sub−Type Sub−Model Sub−Serial Sub−Hw ——— ———————— ————————— —————————— —————— 1 NFFC II WS−F5531 0036457641 ——— 2.0 3.1 5.0 ——— 3.1.2 4.3(l) 20.14 ———— 4.3(la) 4.3(la) 11.
Router> 3. Enter Global Configuration mode with the following commands: Router> enable Router# configure terminal Warning When you make changes in this mode, they must be saved to NVRAM. Otherwise, the next time you recycle the switch, the changes will be lost. The command to save changes is copy running−config startup−config. 4. Assign the RSM a unique hostname with the following command.
———— ——————————— ———————— ———— ————— —————— ————— —————— 2/3 FileServer1 connect 1 normal a−half a−100 10/100BaseTX Configuring a Default Gateway on a Catalyst 5000 Before IP management from another subnet or network can take place through Telnet, the sending device must know the routers that are connected to the local network to forward data for destinations outside the local network.
Note The commands for configuring the RSM, RSFC, and MSM are the same. Viewing the RSM’s Running Configuration To view the RSM’s running configuration, use the show running−config command as shown here: Coriolis5000RSM# show running−config Building configuration… Current configuration: ! version 11.2 no service udp−small−servers no service tcp−small−servers ! hostname Coriolis5000RSM ! enable book1234 ! ! interface Vlan1 ip address 130.77.20.15 255.255.254.0 ! interface Vlan2 ip address 130.77.20.15 255.
RSM1>enable RSM1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RSM1(config)#interface vlan 2 RSM1(config−if)# %LINEPROTO−5−UPDOWN: Line protocol on Interface Vlan2, changed state to down 3. Assign IP addresses to the VLAN interfaces: RSM1(config−if)#ip address 172.20.52.33 255.255.255.224 RSM1(config−if)#no shutdown %LINEPROTO−5−UPDOWN: Line protocol on Interface Vlan2, changed state to up RSM1(config−if)#interface vlan 3 RSM1(config−if)# Repeat these steps for each VLAN.
Router# Viewing the RSM Configuration Just as on a router, you use the show running−config to view the running configuration: Coriolis5000RSM# show running−config Building configuration… Current configuration: ! version 11.2 no service udp−small−servers no service tcp−small−servers ! hostname Coriolis5000RSM ! enable book1234 ! ! interface Vlan1 ip address 130.77.20.15 255.255.254.0 ! interface Vlan2 ip address 130.77.20.15 255.255.254.0 ! interface Vlan3 ip address 130.77.20.16 255.255.254.
1 00−60−15−be−55−80 2/1 Total Matching CAM Entries Displayed = 7 Configuring Filtering on an Ethernet Interface To configure protocol filtering for IP only, follow these steps: 1. To configure protocol filtering on the Ethernet, Fast Ethernet, or Gigabit Ethernet ports, you must first enable protocol filtering on the switch. To enable protocol filtering, use this command in Privileged mode: Coriolis5002 (enable) set protocolfilter enable 2.
Port Single−Col Multi−Coll Late−Coll Excess−Col Carri−Sen Runts Giants ———— —————————— —————————— ————————— —————————— ———————— ——————— —————— 2/3 0 0 0 0 0 0 0 Last−Time−Cleared ————————————— Fri Nov 24 2000, 21:53:38 Clearing MAC Addresses The clear port security command is used to clear the MAC address from a list of secure addresses on a port.
4. Configure the password for Enable mode. Press Enter for the old password if none has ever been configured: Catalyst5000> (enable) set enablepass Enter old password: Enter new password: coriolis2 Retype new password: coriolis2 Password changed. Catalyst5000(enable) 5. Enter the IP address and the default gateway (router) for the switch on the Supervisor Engine module SC0: Catalyst5000> (enable) set interface sc0 63.78.39.174 255.255.255.0 Interface sc0 IP address and netmask set.
Several other commands can be used to configure the Supervisor Engine.
Fw : 4.3(1) Sw : 5.
Configuring Redundancy Using HSRP To configure HSRP on router interfaces, perform the following steps: 1. Enter Interface Configuration mode and identify a standby group and an IP address: standby [group−number] ip [ip−address] 2. Identify the priority for the HSRP interface. The interface with the highest priority becomes active for that HSRP group; the default is 100: standby [group−number] priority priority 3.
RSM2(config−if)#standby 10 authentication Secret RSM2(config−if)#interface vlan20 RSM2(config−if)#ip address 172.16.20.2 255.255.255.0 RSM2(config−if)#no shutdown RSM2(config−if)#standby 20 ip 172.16.20.
Chapter 7: IP Multicast In Depth Over time, our use of computers has moved from the local desktop to the local network. Most of this network traffic consists of using local network sources, such as printing and file transfers. As our personal computers become more powerful, the applications that we use now contain more audio and video components. We’ve now started to move this traffic onto the network. Today, it is still the norm for network traffic to be between one sender and one recipient.
• Unicast • Multicast Broadcast In its simplest form, broadcast traffic consists of packets that reach every point of the network. In a typical network, broadcasts are stopped at the router. You can set the router to forward broadcasts, but doing so is not very efficient—it creates a lot of traffic on the network and slows the end users’ machines. Every host on the network must process the packet to see if it is destined for that host.
Figure 7.2: Unicast traffic flow. Multicast Multicast is a combination of broadcast and unicast. It sends one copy of the packet to many hosts that requested it, thereby using less bandwidth. It also saves bandwidth by not sending the packet to the portion of the network whose hosts didn’t request the transmission. Multicast accomplishes this task by transmitting to an identified group, called a multicast group, rather than to an individual host.
each other and with the server by multicast. When an individual driving a tank or a fighter enters a grid square, it joins the multicast group to receive that square’s simulation traffic. As the individual moves from square to square, the individual’s multicast group membership changes. IP multicasting uses Class D network addresses to route data to different groups and hosts. Most basic networking classes cover Classes A, B, and C, but usually don’t go into depth about Classes D and E.
The X bits are not used. The remaining bits 000 1010 0000 1000 0000 0101 give you 0a:08:05. Put that result together with 01:00:5e: and you get 01:00:5e:0a:08:05. Here is another example, using the multicast address 224.127.15.10: 1110 0000 0111 1111 0000 1111 0000 1010 XXXX XXXX X111 1111 0000 1111 0000 1010 After removing the X portion, the section 111 1111 0000 1111 0000 1010 yields 7f:0f:0a. Again, you put this result together with 01:00:5e to get 01:00:5e:7f:0f:0a.
Address .1 224.0.0.2 .4 .5 .6 .7 .8 .9 Destination All systems in this subnet All routers in this subnet Distance Vector Multicast Routing Protocol Open Shortest Path First (OSPF) routers Open Shortest Path First (OSPF) designated routers Routing Information Protocol 2 (RIP2) routers Internet Gateway Routing Protocol (IGRP) routers Dynamic Host Configuration Protocol (DHCP) server/relay agent .10 All Protocol−Independent Multicast (PIM) routers The range from 224.0.1.0 to 224.1.255.
shortest path tree (SPT) because it uses the shortest path to reach the destination. This design functions very well in a one−to−many model, but it has drawbacks when used in a many−to−many model. For example, a live concert has only one source, so there will be only one distribution tree in the router for the multicast group. But in a video conference with 20 participants, you will have 20 different trees for the same multicast group.
Distance Vector Multicast Routing Protocol DVMRP is based on RIP and is widely used. Just like RIP, it uses a distance vector (hops) and sends out periodic route updates. It’s different from RIP in that it is classless and has a hop limit of 32 rather than 16. When DVMRP is first implemented on a router, it sends a probe packet with its IP address out all the interfaces. Another DVMRP router receives the probe and adds the IP address to its list of DVMRP neighbors on that interface.
receive the multicast traffic sends a PIM join message toward the root node (rendezvous point). As this join message travels up the tree, the multicast routers along the way forward the requested traffic back down the tree to the destination. To put it in a simple form, PIM−DM will send the multicast traffic everywhere until it is told not to. PIM−SM will not send any multicast traffic until it is asked to. Note Cisco routers use PIM−SM.
responses, it will build a list of all the multicast groups for that interface. Any other router on the same subnet will also receive the responses and will have the same information. Note A host does not have to wait for a host membership query to send out a membership report. It could send an unsolicited membership report, a process sometimes mistakenly referred to as sending out an IGMP join to the router. To minimize the traffic, IGMP utilizes a report suppression mechanism.
Time to Live Using the IP time to live (TTL) field is an important IGMP topic. The TTL field is a value in an IP packet that tells a network router whether the packet has been in the network too long and should be discarded. A multicast datagram with a TTL of 0 is allowed only on the same host. A TTL of 1 (the default value) is allowed only on the local subnet. If a higher TTL is set, the router is allowed to forward the packet.
This process looks simple. As a host joins the multicast group, its port number is added to the CAM table; as the host leaves, its port is removed from the CAM table. However, this entire process forgets about the switch’s processor. The switch must also receive the multicasts in order to receive the join and leave messages. If a steady stream of multicast traffic is received by the switch, the processor will be so busy checking the multicast traffic that it will have no time to process any other traffic.
GARP Multicast Registration Protocol Generic Attribute Registration Protocol (GARP) Multicast Registration Protocol (GMRP) prevents multicast flooding on the switch. This protocol provides a way for the host to communicate with the switch at the MAC level. It runs independently of the Layer 3 protocol. GMRP software must be running on both the host and the Cisco switch. GMRP is generally used with IGMP on the host. The GMRP application sends a message when the host sends an IGMP message.
Configuring the Rendezvous Point You can configure the rendezvous point (RP) manually or let it be auto−discovered. To configure the RP manually, you have to configure the routers that have either the sender of the multicast traffic or the receiver of the multicast traffic connected to its segment.
Changing the IGMP Host−Query Message Interval As mentioned earlier, the router sends IGMP host−query messages to the network to discover which multicast group is still active.
———— ———————— 2/14 3/1 * 3 1 Total Number of Entries = 2 ‘*’ − Configured The asterisk between the port and the VLAN number means the multicast router port was manually configured. Removing the Multicast Router Use the following command to remove the multicast router port: Coriolis> (enable) clear multicast router 2/14 Port 2/14 cleared from multicast router port list. Configuring IGMP Snooping IGMP snooping is disabled by default.
Displaying IGMP Statistics To display IGMP statistics for all VLANs, use the show igmp multicast statistics command as shown here: Coriolis> (enable) show igmp statistics IGMP enabled IGMP fastleave disabled IGMP statistics for vlan1: Total valid pkts rcvd: 17564 Total invalid pkts recvd 0 General Queries recvd 235 Group Specific Queries recvd 0 MAC−Based General Queries recvd 0 Leaves recvd 4 Reports recvd 14584 Other Pkts recvd 0 Queries Xmitted 0 GS Queries Xmitted 18 Reports Xmitted 0 Leaves Xmitted 0 F
Total Number of Entries = 1 To get more detail about the multicast groups, use this command: Coriolis> (enable) show multicast group [vlan] CGMP disable IGMP enable VLAN Dest MAC/Route Des ———— —————————————————— 1 01−88−75−88−08−57* 1 11−87−96−54−22−11* Destination Ports or VCs / [Protocol Type] —————————————————————————————————————————— 2/1−12 2/1−12 Total Number of Entries = 2 Again, if you only want to see the entries that were learned from IGMP, you can use the command show multicast group igmp [vl
valid igmp leaves received valid igmp queries received igmp gs queries transmitted igmp leaves transmitted failures to add GDA to EARL topology notifications received number of CGMP packets dropped 0 568 0 0 0 10 2456875 Configuring RGMP on the Switch RGMP is disabled by default. Use the following command to enable RGMP globally: Coriolis> (enable) set rgmp enable RGMP enabled. Disabling RGMP on the Switch To disable RGMP, use the following command: Coriolis> (enable) set rgmp disable RGMP disabled.
To display the total number of RGMP groups, use the following command: Coriolis> (enable) show rgmp group count [vlan] Total Number of Entries = 2 Displaying RGMP−Capable Router Ports To display the ports to which RGMP routers are connected, use the following command: Coriolis> (enable) show multicast router rgmp PortVlan ————————— 2/1 +1 2/16 +2 Total Number of Entries = 2 ‘*’ − Configured Displaying RGMP VLAN Statistics To display RGMP statistics, use the following command: Coriolis> (enable) show rgmp
Disabling GMRP To disable GMRP globally, use the following command: Coriolis> (enable) set gmrp disable GMRP disabled. Enabling GMRP on Individual Ports You can enable GMRP on a per−port basis using this command: Coriolis> (enable) set port gmrp enable 2/1−12 GMRP enabled on ports 2/1−12. But don’t be fooled—the switch will let you configure GMRP on a per−port basis, but it will not work unless you enable it globally.
To configure Fixed mode, use the following command: Coriolis> (enable) set gmrp registration fixed 2/1 GMRP Registration is set fixed on port 2/1. To configure Forbidden mode, use the following command: Coriolis> (enable) set gmrp registration forbidden 2/1 GMRP Registration is set forbidden on port 2/1.
GMRP and GARP are interchangeable for the set and show commands. GMRP is considered an alias of GARP. Configuring Bandwidth−Based Suppression Bandwidth−based suppression is a hardware−based suppression method. The threshold is set as a percentage of the port’s bandwidth. When the multicast/broadcast traffic exceeds the threshold within a one second period, the switch stops forwarding multicast/broadcast traffic. Unicast traffic will still be forwarded.
Chapter 8: WAN Cell Switching In Depth WAN switching is defined as the process of forwarding data traffic across a wide area network. WAN switching uses cell relay technology to multiplex all network traffic across WAN trunk links without a predefined timeslot for each type of connection. Cell relay networks use small, fixed−length packets called cells to send control information in a header attached to the user’s data.
• Scalability—ATM is highly flexible, accommodating a wide range of traffic types, traffic rates, and communications applications. An ATM network includes two types of devices: ATM switches and ATM endpoints. One type of ATM interface, called a user−network interface (UNI), connects an ATM device to a switch; a second type, called a network−to−network interface (NNI), connects an ATM switch to another ATM switch.
ATM Protocols The protocols used in ATM have been specifically designed to support high−speed networks at speeds ranging up to gigabits per second (Gbps). Other physical LAN topologies, such as Gigabit Ethernet, provide high−speed networking and work very well in LANs. ATM, on the other hand, can handle network Gbps traffic in both LAN and WAN environments and could care less about the type of physical media being used.
the result by 2—and thus the data portion of the ATM cell contains 48 bytes. Figure 8.1: The ATM cell.
The ATM Cell Header The ATM cells can be found in one of two formats, depending on whether the endpoints are a UNI or an NNI connection. The two differ in one way: The NNI header does not contain a Generic Flow Control (GFC) field. The NNI header has a Virtual Path Identifier (VPI) that occupies the entire first 12 bits. A cell header for a UNI cell is shown in Figure 8.3. Figure 8.3: An ATM UNI cell header.
ATM layer is responsible for establishing connections and passing cells through the ATM network. The ATM Adaptation layer translates the different types of network traffic. Four AALs are defined, but only three are actively in use: • AAL1—Used to transport timing−dependent traffic such as voice • AAL3/4—Used by network service providers in Switched Multimegabit Data Service (SMDS) networks • AA5—The primary AAL used for non−SMDS traffic that doesn’t require the pacing AAL1 would provide Figure 8.
The ATM Adaptation Layer The ATM Adaptation Layer (AAL) provides the translation between the larger service data units of the upper layers of the OSI Reference Model and ATM cells. It works by receiving packets from the upper−level protocols and breaking them into 48−byte segments to be dumped into the payload of an ATM cell. The AAL has two sublayers: segmentation and reassembly (SAR) and the convergence sublayer (CS). The CS has further sublayers: the common part (CP) and the service specific (SS).
• Variable bit rate−real time (VBR−RT)—Typically used for connections that carry VBR traffic in which a fixed timing relationship exists between either VBR video or voice compression. • Variable bit rate−non real time (VBR−NRT)—Used to carry VBR traffic in which no timing relationship exists for data traffic where a guarantee of bandwidth or latency is needed.
changing the application itself or Layer 3 drivers. This approach allows backward compatibility with existing LANs, broadcast support, and connectionless delivery. LANE has some drawbacks, however: It prevents the use of ATM−specific benefits such as QoS and doesn’t have the ability to provide flexible bandwidth allocations. LANE is the primary component that provides connectivity between ATM devices and the devices residing on the Layer 2 LAN.
• Broadcast and Unknown Server (BUS)—Sends broadcasts, sequences cells, controls unicast flooding, and distributes multicast packets. Warning Notice that although LEC and LECS sound the same, they are completely different terms and components in LANE. LAN Emulation Client (LEC) The LEC resides in every ATM end system. It provides services to emulate the Data Link layer interface that allows communication of all higher−level protocols and applications to occur.
The ultimate goal of the LES is to arrange and control connections with a LEC. This connection is commonly known as a control direct ATM virtual channel connection (VCC). After this connection is established, it will handle address resolution and registration responses. Note The LES establishes communication with the LECS and provides verification information for LECs attempting to join. The LES does not maintain a constant connection with the BUS.
Broadcast and Unknown Server (BUS) The BUS provides broadcasting support for an ELAN. The BUS distributes multicast data, sends or distributes unicast data, and connects the other LANE components. When the destination address of an Ethernet or Token Ring frame contains a local broadcast or a multicast address, the LEC forwards the traffic to the BUS, which forwards it to all the other LECs in the ELAN. At least one combined LES and BUS is required per ELAN.
• The default ELAN name • The LEC address and corresponding LES • The ELAN name and corresponding LES • The ATM address prefix and corresponding LES • The ELAN type and corresponding LES • The ELAN name • The corresponding ATM address of a LANE server • A LANE client MAC address • A client MAC address with the corresponding ELAN name • The LANE client ATM template ATM Addresses ATM addresses are 40−digit addresses that use the ILMI protocol to provide the ATM prefix address of the switch for the LECs.
In the ATM LANE communications process, when a client wants to join an ELAN, the client must build a table that links ATM addresses to Ethernet MAC addresses. Let’s take a close look at this process: 1. The LEC first sends a LAN Emulation ARP (LE_ARP) message to the LES that is using a point−to−point configure direct VCC. This query is made to the ATM switch containing the LECS, using ILMI. The query is a request for the ATM address of the LES for its emulated LAN.
• LE_ARP_REQUEST—Contains the broadcast MAC address 0xFFFFFFFF. This packet is sent on a control direct VCC to the LES to query for the ATM address of the BUS. • LE_ARP_RESPONSE—Sent in response to an LE_ARP_REQUEST; it contains the ATM address of the BUS. • LE_JOIN_RESPONSE—Contains the LANE client identifier (LECID) that is a unique identifier for each client. This ID is used to filter return broadcasts from the BUS.
Let’s step through the process. Suppose that you were working on an ELAN and you wanted to access a file stored on a server that was located on a physically separate LAN: 1. You send the file request. Your LEC determines if it knows the ATM address of its LES. 2. If your LEC does not know this address, the client queries the LECS and asks for the ATM address of the LES. 3. After your LEC receives the correct address, it queries the LES for the ATM address of the LES where the file is located.
LANE Modules The following ATM LANE modules are available for the 5000 family of switches; the list also indicates the cable types that can connect to each. Tables 8.1 and 8.2 show the LED lights and functions on the LANE modules. These modules provide a connection between multiple ATM networks connecting through the ATM switch: Table 8.1: LANE module status LEDs. Port Color Red Orange Green Table 8.2: ATM LANE module indicator LEDs.
Supervisor Engine’s console port. Tip Even though the LANE module is configured through the Supervisor Engine, the Supervisor Engine maintains no configuration information regarding the LANE module. This information is stored on the LANE module itself. Segmentation and Reassembly In a frame−based network such as Ethernet, packets sent on the physical wire require a minimum frame size.
After the destination node receives the LE_ARP response from the LES, the destination client responds to the source with its address information. The source sends a “flush” message to the BUS, which instructs the BUS to stop sending any unsent cells—the source will now establish a direct connection with the destination and send the remaining data.
LANE Server: 47.00817200000000E04BAAA006.00E04BAAA061.** LANE Bus: 47.00817200000000E04BAAA006.00E04BAAA062.** LANE Config Server: 47.00817200000000E04BAAA006.00E04BAAA063.00 note: ** is the subinterface number byte in hex Note The asterisks in this example indicate that the addresses are in hexadecimal. The ATM LANE module does not list these addresses with this command. Configuring the LES/BUS Follow these steps to configure a LES/BUS for two ELANS—the default ELAN and ELAN2: 1.
ATM(config)#interface atm0.1 3. Map the LEC bus to the Ethernet ELAN named “default”: ATM(config−subif)#lane client ethernet default 4. Repeat Steps 2 and 3 for each LEC you want to configure on this LANE module. 5. Enter Interface Configuration mode for the ATM0 subinterface 2: ATM(config−subif)#interface atm0.2 6.
Configuring the LECS Prior to configuring the LECS, you will need to go to each LES and get its ATM address. This address can be gathered with the following command: ATM#show lane server LE Server ATM0.1 ELAN name: default Admin: up State: operational type: ethernet Max Frame Size: 1516 ATM address:47.00918100000000E04FACB401.00100DAACC41.01 LECS used:47.007900000000000000000000.00A03E000001.00 NOT yet connected Make a note of the address following the ATM address: label.
ATM(config−if)#lane config database ELAN2 ATM(config−if)#end Verifying the LECS Configuration Verify the proper setup with the following command: ATM#show lane config LE Config Server ATM0 config table: ELAN2 Admin: up State: operational LECS Mastership State: active master list of global LECS addresses (58 seconds to update): 47.00918100000000E04FACB401.00100DAACC43.00 ATM Address of this LECS: 47.00918100000000E04FACB401. 00100DAACC43.00 (auto) vcd rxCnt txCnt callingParty 11 1 1 47.
Chapter 9: LightStream Switches In Depth The demand for high−speed network communications has skyrocketed in the past 20 to 30 years. In the early 1970s, 9.6Kbps was considered a high−speed network. Now that we have entered the next century, network speeds have surpassed 1Gbps with the introduction of 10Gbps technologies. This advancement has led to the introduction of many applications that require massive quantities of data to be transferred over LAN and WAN physical connections.
FDDI STS−3c/STM−1 TAXI 4B/5B 100Mbps 155Mbps 100Mbps LightStream 1010 The LS1010, shown in Figure 9.2, is the most recent addition to the LightStream series of ATM switches used for multiservice applications. The switch has a five−slot, modular chassis with two fault−tolerant, load−sharing power supplies. The switch contains a central slot that is dedicated to a single, field−replaceable switch processor module. The switch processor module supports 5Gbps of shared memory that is fully non−blocking.
UBR + MCR A unique Cisco class for best−effort data traffic delivery with a specified minimum bandwidth. This class is used in a LAN for high−end resource applications or in a WAN with an ATM for a guarantee of a certain amount of bandwidth (also called a committed information rate [CIR]). One of the great features of the LightStream 1010 switch is its ability to use the same interface modules as the Cisco Catalyst 5500 series of switches.
Neighborhood Discovery Function The neighborhood discovery function (NDF) can be used to provide a means for locating all the other nodes in the network and to simplify the network configuration process. This tool helps to eliminate the need to manually configure some of the attributes of interface modules inside the LS2020 switch. CDF enables the switch to find nodes in the network; the found nodes are placed in a database to make internal routing decisions.
algorithm to determine the path for any data that arrives and needs to be switched through the network. The routing algorithm calculates the minimum distance path through the network, verifies the availability of bandwidth, and then sets up a connection between the two ATM endpoints in the network. The routing algorithm can use metrics to determine the least−cost route for setting up a virtual connection.
Default settings are in square brackets ’[]’ Would you like to enter the initial configuration dialog? [yes] From this prompt, you can enter the initial configuration dialog or decline and manually enter the configuration. This choice allows an administrator to use the Command Line Interface (CLI) on the LightStream switch. If you are not familiar with configuring a LightStream switch, you may want to continue using the System Configuration Dialog screen.
The MPC Configuring an MPC on a router provides router−initiated and router−terminated shortcuts for non−NBMA networks. The MPC functionality involves the following: • Data−plane and control−plane VCC management • Ingress/egress cache management • MPOA frame processing • MPOA protocol and flow detection An MPC identifies packets sent to an MPOA−capable router over the NBMA network and establishes a shortcut VCC to the egress MPC, if possible.
CoriolisLS1010> enable 2. Use the config terminal command to enter Global Configuration mode: CoriolisLS1010# config terminal 3. You must identify the route for traffic to take to the internal network (referred to as a static route) using the ip route command, as shown here: CoriolisLS1010(config)# ip route 63.78.127.0 255.255.255.0 ethernet 0 4. Enter Interface Configuration mode for the Ethernet interface: CoriolisLS1010(config)# interface ethernet 0 5.
IF−Side: Uni−type: Network IF−type: NNI not applicable Uni−version: not applicable CoriolisLS1010# Viewing the Configured Virtual Connections To view the configured virtual connections, use the show atm vp command as shown here: CoriolisLS1010# show atm vp Interface VPI Type X−Interface ATM3/0/2 2 PVP TUNNEL X−VPI Status CoriolisLS1010# Configuring the LECS ATM Address on a LightStream 1010 Switch To configure the LAN Emulation Configuration Server (LECS) ATM address on a LightStream 1010 switch, fo
control distribute: vcd 1452, 3 members, 196 packets proxy/ (ST: Init, Conn, Waiting, Adding, Joined, Operational, Reject, Term) lecid ST vcd pkts Hardware Addr ATM Address 1 O 1451 6 0060.705a.8f02 47.0091810000000060707B8A01.0060705A8B12.01 2 O 1455 10 00e0.d7b1.ba12 47.0091810000000060707B8A01.112233461176.02 3P O 1466 59 0090.a2fb.b430 47.0091810000000060707B8A01.009086FB1021.01 LE BUS ATM2/0.2 ELAN name: elan1 Admin: up State: operational type: ethernet Max Frame Size: 1516 ATM address: 47.
——— ———————— ————————— —————————— —————— 2 EARL 1+ WS−F5511 0002278010 1.0 Mod SMT User−Data T−Notify CF−St ECM−St Bypass ——— ——————————————————— ———————— —————— ——————— —————— 5 WorkGroup Stack 30 isolated in absent CoriolisLS1010> Configuring the MPC This example configures the MPC and binds an LEC to the MPC: 1. Define the MPC with the name THEMPC, as follows: mpoa client config name THEMPC 2. Specify the ATM interface to which the MPC is attached.
1. To identify an MPS with a specific name, use the following command: mpoa server config name mps−name 2. The ATM address that specifies the control ATM can be optionally identified using this command: atm−address atm−address 3. To specify the network ID, use the following command: network−id id 4. To identify a keepalive time value, use the following command: keepalive−time time 5.
5. Use the lane client ethernet command followed by the name of the ELAN to configure a LANE client: CoriolisLS1010(config−if)# lane client ethernet elan−name Powering on the LightStream 100 ATM Switch To power on the LightStream 100 ATM switch, use the following steps: 1. Turn the power switch to the on position, which is depicted by a symbol that looks like this: (|). 2. The switch will execute the diagnostic power on self test (POST). The results can be viewed by connecting to the console port.
Recovering a Lost Password To recover a password, such as that used for the root account, look at the following example (the output is quite long, so unnecessary information has been omitted): Type ‘. to get a Test and Control System (TCS) hub prompt. user name:’. TCS HUB<> At the TCS hub prompt, use reset and connect to reset the NP card. Note: Be prepared to press Enter at the prompt, as shown below.
NCR 53C710: Chip Revision: 0x2, IB: 0xec18e000 LynxOS/68040−MVME167 Version 2.1.0 Copyright 1992 Lynx Real−Time Systems Inc. All rights reserved. LynxOS release 2.1.0, level 1: NP−LynxOS #112: compiled Nov 08 1994 19:49:33 Single−user boot single−user$ Type ’. to get a TCS hub prompt: single−user$ ’. TCS HUB<> Reset the NP card: TCS HUB<> reset 1 TCS HUB<> connect 1 Memory Autosizing…(32Meg)…Done Clearing 32Meg Memory…Done NP1 POST Version 0.
user name: coriolisuser password: This process changes the password and recovers any lost passwords.
Chapter 10: Layer 2 Redundant Links In Depth If your company has ever experienced a critical work stoppage due to a downed server or a network outage, you understand how critical it is to implement redundancy in your network. No matter what happens with an individual link in your network, the other links should take over using redundant links. The Spanning−Tree Protocol (STP) provides the components needed to ensure consistent network availability when a problem occurs with a link in the network.
• Broadcast frames • Multicast frames • Unknown unicasts Broadcast and Multicast Frames Broadcast and multicast frames are unique in that neither has a specified destination hardware address. The source address is also the hardware address of the device that sent the frame. In the case of broadcasts, the destination address shown in the header is all 1s, indicating that the broadcast goes to all nodes in a network. A multicast specifies a network but changes all the host address bits to all 1s.
and Electronics Engineers (IEEE) a protocol similar to STP to become a networking standard. However, after the IEEE 802 committee revised it into what is now known as the IEEE 802.1D standard (Spanning Tree Protocol), the protocol differed just enough from DEC’s version that they were incompatible. Danger! Data Loops! Data loops can easily become a network disaster.
Figure 10.2: An example of a directed graph. STA assigns each switch in the network a unique identifier. This identifier is one of the switch’s MAC addresses, as well as an assigned priority (explained in more detail later in this chapter in “The Selection Process”). After STA assigns each switch this unique identifier, it then assigns each port in every switch a unique identifier. This port identifier is typically the port’s own individual interface MAC address.
Figure 10.3: The root bridge calculating the path cost to switch D. The lowest calculated path is not always the most ideal path. For example, if multiple high−speed links to a destination exist, the links may total more than the cost of a very slow link, such as a modem. Even though the straight path has the fewest hops, it is much slower than using a high−speed, longer path.
• Version—Contains 1 byte and the value of zero. • Message Type—Contains 1 byte and the value of zero. • Flag—Contains 1 byte; only the first 2 bits are used. The topology change (TC) bit signals that there has been a topology change. The topology change acknowledgment (TCA) bit is then set to acknowledge receipt of a configuration message with the TC signal bit set. • Root ID—Contains 8 bytes that identify the root bridge by listing a 2−byte priority followed by a 6−byte ID.
Parent and Child Switches A switch’s diameter is a unit of measurement between the root switch and child switches. The root bridge counts as the first switch. Each subsequent child switch out from the root bridge is counted to yield the diameter number. A parent switch brings you one switch closer to the root bridge, and a child switch takes you one switch farther away from the root bridge. Each root bridge can be configured with a diameter from a minimum of two switches to a maximum of seven switches.
Secondary root bridge priority 16,384 Root bridge priority 8,192 The switches participating in STP (other than the root bridge) must form an association with the root bridge shortly after the root bridge has been elected. Each switch examines each BPDU as it arrives on each port. When a switch receives the same information on more than one port, it is an indication that the switch has a redundant path to the root bridge.
Equal Cost Paths If two or more links have the same root path cost, such as two identical links running between two switches, STA has a problem choosing the designated port or a root path through the network using the lowest path cost. The bridge ID is used to determine the root bridge in the network and also the root port. By default, the priority on all devices running STP is 32,768. If two switches or bridges have the same priority value, then the MAC address is used to break the tie.
For example, the downtime caused by using the defaults would be the following: 2 * 15 + 20 = 50 seconds Now that you have learned about the timers and how BPDUs operate in the network, let’s take a closer look at how ports transition through different states before forwarding data. STP Port States Each port participating in STP transitions through four port states, or modes, in a designated order before the port can forward frames it receives.
Per−VLAN Spanning Tree You can have many instances of STP running in your network. By running a different instance of STP on a per−VLAN basis, you can run some VLANs on ports that are blocked by another instance of STP running on another VLAN. In this way, you can set the priority of each port on a per−VLAN basis, allowing you to use the redundant links in your network to run an equal amount of traffic on each link. The VLANs individually determine which links to forward and which links to block.
the network. Thus, eight wires can be used to simulate one link able to handle up to 800Mbps and load balance data across those links, as shown in Figure 10.7. Figure 10.7: Eight equal−cost links between two switches, creating a bundle of eight channels acting as a single link. Let’s take a look at what occurs during a link failure in an EtherChannel bundle. We’ll also examine the Port Aggregation Protocol (PAgP). Link Failure Fast EtherChannel provides redundancy in the event of a link failure.
capability. The channel is then added to the spanning tree as a bridge port. Warning Dynamic VLAN ports can force a VLAN change; as a result, PAgP cannot be used to form a bundle on ports that are configured for dynamic VLANs. The VLANs must be static VLANs, meaning that the port on the switch must be assigned to a VLAN. PAgP also requires that all ports in the channel belong to the same VLAN or be configured as trunk ports.
• The switch must have at least one blocked port. • The failure must be on the root port. If a link fault occurs on the primary root link, UplinkFast transitions the blocked port to a forwarding state. UplinkFast changes the port so that it bypasses the listening and learning phases. This change occurs in three to four seconds, allowing convergence to begin immediately without waiting for the MaxAge timer to expire. Note UplinkFast becomes a global setting on the switch.
Enabling STP on a Set/Clear Command−Based Switch for All VLANs To enable STP on all VLANs, use the following command in Privileged mode: set spantree enable all Related solutions: Found on page: Configuring a Static VLAN on a Catalyst 5000 Series 154 Switch Configuring Multiple VLANs on a Catalyst 5000 154 Series Switch Disabling STP on a Set/Clear Command−Based Switch To disable STP on a Set/Clear command−based switch, use the following Privileged mode command: catalyst5000> (enable) set spantree disable
Bridge Max Age 20 Sec Port ———— 5/1 5/2 5/3 5/4 vlan ———— 2 2 2 2 Port−State —————————— forwarding forwarding blocking blocking Hello Time 2 sec Cost ———— 19 19 19 19 Priority ———————— 32 32 32 32 Forward Delay 15 sec Fast−start Group−Method —————————— ———————————— disabled disabled disabled disabled The listing at the bottom of the output shows the ports in use in the spanning tree. It states the port, port−state, and priority, as well as whether Fast−Start (PortFast) is enabled. Table 10.
Viewing the STP Configuration on a Command Line Switch To view the configuration, you use the same command you use for the Set/Clear command−based switches. However, you will receive much different output. Use this command: show spantree The output should look similar to this on your console: VLAN1 is executing the IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 8192, address 002C.100A.
secondary (optional) n (optional) dia n (optional) hello n (optional) Used to designate the switch as a secondary root switch if the root bridge fails. The default priority of the secondary bridge is 16,384. Specifies the VLAN. If you do not specify the VLAN, VLAN 1 is used. The valid value range is 1 through 1,005. Specifies the diameter value discussed earlier in the chapter. It is essentially the number of bridges between any two points. The diameter should be measured starting from the root bridge.
This example uses 100 as the port cost: spantree cost 100 Verifying the Port Cost Configuration on Both a Set/Clear Command− and CLI−Based Interface To verify the port cost on the port configured previously, use the following Privileged mode command: show spantree The following command provides output on module 0, port 3: show spantree 0/3 The output on the console should look similar to this: Port Vlan —————— —————— 0/3 4 Port−State —————————— forwarding Cost Priority Fast−StartGroup−met
Verifying the STP Port Priority on a Set/Clear Command−Based Switch To verify the proper port priority setting, use this command (only the module and port numbers are required): show spantree The following command provides output on module 2, port 3: show spantree 2/3 Port Vlan Port−State Cost Priority Portfast Channel_id ———————————— ———— ———————————— ———— ——————— —————————— —————————— 2/3 1 not−connected 19 32 disabled 0 catalyst5000> (enable) Verifying the VLAN Priority Settings To verify
Adjusting the MaxAge Timer on a Set/Clear Command−Based IOS To change the default MaxAge timer for a particular VLAN, use this Privileged mode command : spantree maxage
Channel 2/1−2,2/1−4 Broadcast suppression percentage(0−100) Flow control receive−(off,on),send−(off,on) Security yes Membership static,dynamic Fast start yes QOS scheduling rx−(none),tx−(none) CoS rewrite yes ToS rewrite IP−Precedence Rewrite yes UDLD yes AuxiliaryVlan 1..1000,untagged,dot1p,none SPAN source,destination Creating an EtherChannel on a Set/Clear Command−Based Switch To create an EtherChannel bundle, you must enable EtherChannel on two or more ports.
another port that is in the desirable or auto mode.
group ———— ———— —————————————————————————————— ————————————— ———————— 10 2/1 10 2/2 10 2/3 10 2/4 Configuring EtherChannel on an IOS−Based Switch To configure EtherChannel on an IOS command−based switch such as the 1900EN series and 2800 series switches, use the Global Configuration port−channel command followed by the mode (on, desirable, or auto): port−channel mode Here, the mode is auto: port−channel auto Identifying the Template Port With the IOS−based switches, you must identify
catalyst5000> (enable) show interface sl0: flags=51 slip 0.0.0.0 dest 0.0.0.0 sc0: flags=63 vlan 1 inet 208.44.88.4 netmask 255.255.255.192 broadcast 208.44.88.
Disabling PortFast on a CLI−Based IOS Switch To disable PortFast on a Cisco IOS command−based switch, use this Interface Configuration mode command: no spantree start−forwarding Verifying the PortFast Configuration To verify the PortFast configuration on a Set/Clear command−based switch, enter the following Privileged mode command: show spantree To verify module 3 and port 8, do the following: show spantree 3/8 Enabling UplinkFast on a Set/Clear Command−Based Switch To enable UplinkFast on
You must clear the port and bridge costs modified by UplinkFast using the clear spantree uplinkfast command shown below: catalyst5000> (enable) clear spantree uplinkfast This command will cause all portcosts, portvlancosts, and the bridge priority on all vlans to be set to default. Do you want to continue (y/n) [n]? y VLANs 1−1005 bridge priority set to 32768. The port cost of all bridge ports set to default value. The portvlancost of all bridge ports set to default value.
Viewing the UplinkFast Configuration on an IOS−Based Switch To view the UplinkFast configuration on an IOS command−based switch, enter the following Privileged mode command: show uplink−fast Viewing UplinkFast Statistics on an IOS−Based Switch To view UplinkFast statistics, use this Privileged mode command: show uplink−fast statistics Enabling BackboneFast on a Set/Clear Command−Based Switch To enable BackboneFast on a Set/Clear command−based switch, enter the following Privileged mode command: set spantr
Chapter 11: Multilayer Switching In Depth Earlier in this book, I told you that switches were Layer 2 devices and routers were Layer 3 devices, which fit nicely into those well−known seven layers. You know the seven—the Open System Interconnection (OSI) Reference Model layers.
manner. This method is similar to sending a piece of mail: You put it in the mailbox, but you have no guarantee that it will arrive—just the likelihood it will reach its destination. Using other protocols, including those at Layer 2 and Layer 4, the network traffic is made up of a series of end−to−end conversations also known as flows. These flows are connection−oriented in nature. Connection−oriented data traffic is similar to a certified letter.
Figure 11.1 shows the three MLS components contained in a single switch chassis, such as that of a Cisco Catalyst 5000 or 6000 family switch. Figure 11.1: The MLS components using an internal route processor in an MLS switch.
MLS Flows When a flow process begins, the MLS−RP starts sending out multicast hello messages every 15 seconds to all switches in the network that accept MLS−RP messages. These messages inform each switch that the MLS−RP (router or internal route processor) is available to provide routing information to the MLS switches, allowing them to cache learned routes. MLSP is the protocol used between the MLS−SE and the MLS−RP.
go through the router. The MLS−SE rewrites the packets to look as if they had been forwarded by a router. Note The MLS cache size can grow to a maximum of 128K. When the cache on the MLS−SE grows larger than 32K, it is likely that flows in the network will not be switched by the MLS−SE and forwarded to a router. When the conversation between the two nodes ends or discontinues for any reason, the MLS cache entry is aged out of the cache. For a new conversation to take place, the process must start again.
Figure 11.5: An MLS switch and two MLS routers. IP Access Lists and MLS Interaction When any interface has an inbound access list applied, the interface where the access list is applied cannot be used for MLS. However, you can apply an output access list on an interface, and it will not affect MLS. When MLS is enabled, standard and extended access lists are handled at the speed of the physical wire.
You may become confused when trying to troubleshoot MLS because the commands you need to watch out for are not directly related to MLS. Remember this basic rule: Any command that involves the router examining each packet to perform an action will disable MLS on an interface.
• VTP domains • Management interfaces Tip On the Catalyst 2926G−L3, 4908G−L3, or 2948G−L3 switch, at least one MLS−RP must be configured. Multiple MLS−RPs can be configured in a single line; up to 16 MLS−RPs can participate in MLS. MLS Cache The MLS cache is used to maintain the flow information for all active flows. The size of the MLS cache is limited to a maximum of 128K.
MLS Cache Fast Aging Time The processing of the MLS cache entries can cause performance problems on your switch. To keep this situation under control, it’s good practice to monitor the IP cache and make sure it remains well under the maximum size of 128K. Doing so will prevent cache entries from being dropped continuously. You can keep the size of the cache more manageable by having the MLS cache prune entries that are no longer needed. This type of pruning is known as fast aging time.
Let’s examine each of these tasks, as well as how to disable each of these features in case they are no longer needed on an interface.
Router(config) interface fastethernet 1/1 2. To assign a VTP domain of coriolis to the interface, use the following command: Router(config) mls rp vtp−domain coriolis Warning This step must be performed prior to using any of the other MLS interface commands on the MLS interface. If this command is not used first, the interface will be placed in a null domain and will be unable to perform MLS functions.
Re−enabling MLS on a Catalyst 5000 To re−enable MLS on a Catalyst 5000, use the following command: CAT5000(enable) set mls enable Disabling MLS on a Catalyst 6000 To disable MLS on a Catalyst 6000, use the following command: CAT6000(config) no mls ip Disabling MLS on a Catalyst 5000 To disable MLS on a Catalyst 5000, use the following command: CAT5000(enable) set mls disable Configuring the MLS Cache on the Catalyst 5000 To configure the MLS cache on a Catalyst 5000, use this command: set mls agingtime <
Configuring Long Aging on the Catalyst 6000 To configure the long aging time on the Catalyst 6000, use the following command: mls aging long An example of using the mls aging long command is as follows: mls aging long 64 Disabling Long Aging on the Catalyst 6000 To disable the long aging time on the Catalyst 6000, use the following command: no mls aging long Configuring Normal Aging on the Catalyst 6000 To configure the normal aging time on the Catalyst 6000, use the following command: mls agin
Monitoring and Viewing the MLS Configuration Commands on each MLS−SE and MLS−RP to monitor and view the configurations of each device are different.
MLS−RP IP —————————— 38.187.128.
38.187.128.254 0000808dade0 38.187.127.
Chapter 12: Hot Standby Routing Protocol In Depth Dynamic environments are constantly growing. I happen to work in one and I see the demand for 99.99 percent reliability increasing every day. However, even in a worldwide Enterprise network, high availability solutions are not prepared for various network failures. Here’s an example: I manage a few hundred servers at a Fortune 100 company. I’m trying to get to a local intranet site and my browser just hangs.
The next sections look at some ways that administrators and engineers have devised to overcome problems related to assigning default gateways, along with the benefits and difficulties in using each technique. Routing Information Protocol Once solution designed to inject Layer 3 routing redundancy allows nodes utilizing IP to use Routing Information Protocol (RIP) to discover secondary routers located on the network.
The Solution HSRP is a Cisco proprietary protocol developed for redundancy. It defines a group of routers working as one virtual router. It enables host interfaces to continue communicating outside the local segment even if a host interface’s default route fails or the link is down. Basically, HSRP is a group of routers working together as a unit to provide fault tolerance. HSRP works by assigning a group of routers a virtual IP address and a virtual MAC address.
• Active route processor • Standby route processor • Virtual route processor All other route processors fall into the “other route processor” category. Warning By increasing the number of standby groups on a route processor, you decrease the route processor’s performance and increase latency. You’ll increase the number of standby groups primarily to facilitate load sharing. In the Immediate Solutions section, you will learn how to configure the standby priority.
Each standby group contains an IP address and a well−known MAC address assigned to the group. The IP address for the standby group is within the range of IP addresses belonging to the subnet or VLAN to which the route processor is providing services. The IP address cannot be assigned to any other device in the network except the standby group interfaces operating in the standby group.
to the route processor. • Learn state—The route processor transitions to this state and remains in this state until it receives a hello message from the current active router. The hello message allows the route processor to learn the virtual IP address of the current virtual router. • Listen state—In this state, the route processor has learned the IP address of the virtual router and is listening for more updated information through hello messages.
standby group. If a route processor fails, it automatically decrements its priority on that interface and stops transmitting hello messages out the interface. The standby route processor assumes the active router role when no hello messages are detected for the specified holdtime period. Opening a Session on an Internal Route Processor To configure HSRP on an internal route processor such as an RSFC or RSM, you must start a session using the session command.
Assigning an HSRP Interface Priority You should increase the priority of the interface in the HSRP group that you would like to be active by default. Always remember that the interface with the highest priority becomes the active route processor for the HSRP group. To specify the priority for the HSRP interface, using the following command: standby priority In the following example, 3 refers to the HSRP standby group number corresponding to the VLAN interface number.
Removing the HSRP Hello and Hold Timers To remove the manual timer settings and return the settings to the default values for HSRP group 3, use the following command: no standby 3 timers Configuring a Clear−Text Password for HSRP Authentication You can specify a clear−text password for the HSRP authentication string for the interface. All interfaces in the HSRP group use the same authentication string.
1. You selected and entered the VLAN interface you want to have configured (vlan200). 2. You configured the HSRP group and entered the virtual default gateway IP address on that interface. 3. You set the priority accordingly, allowing one route processor to be active and the other to be standby. 4. You enabled preempt on both routers and you are not accepting the default timers.
Tip To get a brief output of all the configured interfaces, you can use the show standby brief command. Using the debug Command By enabling the debug command, it will list the changes in real−time for the HSRP group you specified. This includes the sending and receiving packets through the HSRP.
Chapter 13: Policy Networking In Depth Behind all switching implementations and configurations lies an area that, if left unattended, can render you and your network defenseless: access security policies. In this chapter, we will discuss the need for and creation of access security policies; we will also focus on how to implement these policies. Security is one of the most important functions in today’s networks.
Figure 13.1: A short list of various switches overlapping into different areas of the policy layers. Core Layer Policies By implementing security policies at the Core layer, also known as the backbone, you increase the elapsed amount of time between when a device requests access to a network and when it is allowed to transmit because of the amount of processing that is done on the switch. The job of the Core layer is to pass traffic as quickly as possible.
• Managing Hypertext Transfer Protocol (HTTP) access Access Lists An access list is a list of conditions that control access to the switch, router, or route processor. IP, AppleTalk, and Internetwork Packet Exchange (IPX) access lists are like gatekeepers that control access from or to different segments of the network. After you build an access list, it can be applied to an inbound interface or an outbound interface.
access list string as an example: access−list 2 permit 193.5.5.10 0.0.0.255 log Tip An octet is the 8−bit value between each dotted decimal in an IP address. For the IP address of 193.5.5.10 the first octet is 193 and the fourth octet is 10. It is always important to remember which octet you want to mask. The 0.0.0 of the wildcard address means that the first three octets of the source interface’s IP address must exactly match the first three octets of the network portion of the Class C IP address: 193.5.
Item Network 1 Network 2 Network 3 Network 16 32 48 First Host 17 33 49 Last Host 30 46 62 Broadcast Address 31 47 63 Subnetting using variable length subnet masks (VLSM) seems pretty easy, doesn’t it? The type of access list defined is identified by the number you assign to the access list. Table 13.3 identifies the types of access lists that can be configured, along with the associated string of numbers that can be used with each type. Table 13.
• operator—This syntax element compares source or destination ports. Possible syntaxes include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range). • log—This syntax enables logging of information about packets that match access list entries. Warning The log command is optional and logs information about all packets that match the access list entry. Enabling this feature uses considerable processing power. You should use it for troubleshooting purposes only.
• access−class—Applies the access list to an interface for security purposes. This command identifies users of specified VTY lines. By default, five VTY lines come in to your Cisco Internetwork Operating System (IOS) or router. Because you do not know which one you will be using when you Telnet into your switch or router, you must apply the same access list to all the interfaces.
Next, you must specify a routing protocol: in this case, Enhanced Interior Gateway Routing Protocol (EIGRP). To do so, use the following command: router eigrp 2 The last step is to apply the configured access list. Use the distribute−list command to interface g0/0 to filter outbound traffic from network 192.129.0.0: distribute−list 2 out g0/0 Security at the Access Layer The Access layer has very few policies to apply.
Privilege level 0 is a special level that allows the user to use a more specific defined set of commands. As an example, you could allow a certain user to use only the show arp command. This command is useful when a third party is using a sniffer on your network and needs to match a MAC address to an IP address and vice versa. Configuring Banner Messages You have probably messed around on a non−production router or switch and placed your own saying or name in a banner.
• After you enable port security on any switch port, any static or dynamic CAM entries associated with the port are cleared, and any currently configured permanent CAM entries are treated as secure MAC addresses. • Not all Cisco switches support port security. Check Cisco Connection Online (CCO) at http://www.cisco.com/ to see if your hardware and IOS version support port security. The default settings of a switch allow all MAC addresses to access all ports on the switch.
HSNRSM(config)# access−list 100 deny tcp any any eq 20 HSNRSM(config)# access−list 100 deny tcp any any eq 21 3. Because the access list has an implied “deny all” at the end, you need to apply a rule that any other traffic can pass through.
host lt neq range A single destination host Match only packets with a lower port number Match only packets not on a given port number Match only packets in the range of port numbers 3. Now do the same for the destination address identifying the destination of 172.15.10.0: CoriolisRSM1(config)# access−list 199 deny tcp 172.16.10.0 0.0.0.255 172.15.10.0 0.0.0.
CoriolisRSM1(config)#access−list 199 permit ip any ? A.B.C.D Destination address any Any destination host host A single destination host 8. Just as in Step 7, we need to identify the destination addresses to permit: CoriolisRSM1(config)#access−list 199 permit ip any any CoriolisRSM1(config)# You’re not quite done yet. Even though you just created an access list, it still has to be applied to an interface before it will function.
Configuring a Telnet Session Time−Out Value To lower the chances for vulnerability when an administrator walks away from a logged−in Telnet session, you can configure and apply a time−out condition to unused VTY sessions. Here’s how: HSNRSM (config)# line vty 0 4 HSNRSM (config−line)# exec−timeout 5 0 We just set the timeout value to five minutes and zero seconds.
To configure the time−out value to five minutes on the console port of an IOS−based route processor or router, use the following command: HSNRSM (config)# line console 0 HSNRSM (config−line)# exec−timeout 5 To configure the time−out value to five minutes on the VTY port of an IOS−based route processor or router, use the following command: HSNRSM (config)# line vty 0 4 HSNRSM (config−line)# exec−timeout 5 Tip To configure seconds beyond a round number of minutes, you can add an additional value to the comm
Syntax aaa Description Allows authentication, authorization, and accounting (AAA) to be used for authentication enable Allows the enable password method; the default method of HTTP server user authentication local Allows the local user database on the Cisco router, route processor, or access server to be used for authentication tacacs Allows the Terminal Area Security Access Control (TACACS) or Extended TACACS (XTACACS) server to be used for authentication To apply the authentication type, use the followin
———— —————————— —————————— 3/3 0 0 —————————— 0 —————————— 0 ———————— 0 Port Single−Col Multi−Coll Late−Coll Excess−Col Carri−Sen Runts Giants ———— —————————— —————————— ———————— —————————— ———————— ———— —————— 3/3 0 0 0 0 0 0 0 Last−Time−Cleared —————————————————————————— Fri Dec 22 2000, 19:53:38 To enable static port security for module 1 port 3, manually specify the secure MAC address of the attached interface 00−15−20−4c−78−a1 using the following command: CAT5K> (enable) set port security 3/1 enab
Dynamic Addresses Count: 5 Secure Addresses (User−defined) Count: 0 Static Addresses (User−defined) Count: 0 System Self Addresses Count: 12 Total MAC addresses: 8 Non−static Address Table: Destination Address Address Type VLAN Destination Port ————————— —————— —— —————————— 00−15−20−5c−80−a1 Dynamic 3 FastEthernet0/6 00−15−20−5c−80−a1 Dynamic 1 FastEthernet0/4 00−15−20−5c−80−b4 Dynamic 1 FastEthernet0/4 00−15−20−5c−80−12 Dynamic 3 FastEthernet0/6 00−15−20−5c−80−c5 Dynamic 3 FastEthernet0/6 Tip You can use
Chapter 14: Web Management In Depth Imagine having to manage all the com closets throughout your enterprise without the use of a remote management tool. It’s a scary thought. What if you were in San Francisco and you needed to reconfigure a switch in Atlanta? Yes, Telnet would work, but Cisco also has a Web−based client management tool that is second to none: Cisco Visual Switch Manager (CVSM). The GUI interface helps make remote network management easier and less time consuming.
IE is not supported on Solaris, and Netscape 4.6 is not supported at all. However, you can try to access the switch through your browser to determine whether your browser version is supported. If your browser is not supported, the switch will display an error message, and the session will not complete. Tip IE 5.0 will automatically refresh with the latest real−time port configuration changes.
and want to retype an entry, click on Cancel to undo your first entry. Note Again, keep in mind that if you are using IE5, you must use the Refresh button in your browser after each configuration change to see the updates. Otherwise, you risk making a mistake down the line. The CVSM default home page also has a real−time display of your switch. As we mentioned earlier, each port has a colored LED display associated with it.
Chapter 2, which explains how to configure the CLI for an IP address and a Level 15 password in order to use the CVSM. The last section of the Immediate Solutions section will walk you through the CVSM Web Management screens on the 1900 series switch, looking at each screen individually and identifying the configuration changes that can be made from each screen.
New setting ===> 1024 • We have now changed the HTTP port to 1024. You should use a numbering scheme that your department or organization believes to be the best. Related solutions: Configuring an IP Address and Netmask Configuring Network Settings on the 1900 and 2820 Series Found on page: 57 456 Connecting to the Web Management Console Now that your port is configured and HTTP is enabled, you can connect to the Web Management Console.
Figure 14.2: This page allows you the ability to configure port speeds, view statistics, name the ports, and manage various switch modules if they have been inserted into the switch. • ADDRESS—The Address Table Management page. This page manages the Dynamic Address Table, the Permanent Unicast Address and Port Security Table, and the Multicast Address Table. Figure 14.3 shows an example. Figure 14.3: From here you can view and manage dynamic addresses and unicast and multicast tables.
Figure 14.4: This page allows you to configure the SNMP properties, such as the community settings, and identify the IP address for the trap messages to be sent to. • STP—The Spanning Tree Management page. This management page allows you to enable or disable STP on the specific switch ports, modify various Spanning Tree parameters, and configure STP. Among other things, you can set the path cost, priority, and port fast mode. For an example, see Figure 14.5. Figure 14.
Figure 14.6: The CDP Management page allows you to choose which ports you want defined for CDP. • SPAN—The SPAN Configuration and Port Monitoring page. Here you have the option of selecting the port to which you want to send the captured frames and the ports to be monitored. See Figure 14.7. Figure 14.7: This page allows you to configure which ports to monitor and where they are monitored from. • CONSOLE—The Console and Upgrade Configuration page. As you can see in Figure 14.
Figure 14.8: This page allows you to manage the console and firmware upgrades. Note Prior to a TFTP upgrade a dialog box will appear and say something like, “When you use this page to upgrade the switch, it may not respond for up to one minute. During this time do not unplug the switch. This behavior is normal.” Once you click on OK, another dialog box will pop open and ask you, Do you wish to continue with the upgrade process? • STATISTICS—The Statistics Reports page.
Figure 14.10: On this page you can control and manage broadcast storms and overall IP configuration of the switch. • CGMP—The CGMP Management page. By default, CGMP is enabled. This page allows you to configure the use of CGMP to dynamically discover end−user stations participating in multicast applications. In short, CGMP directs the packet to its destination rather than broadcasting the packet throughout the network. Figure 14.11 shows an example of the page. Figure 14.
2. Click on the ports you want to monitor in the Ports Not Monitored window. Click on the Add button to move them to the Ports Monitored Window. 3. Select the port you wish to monitor from by choosing from the pull−down menu next to Select Monitoring Port. This port will usually be one of the trunk ports.
Chapter 15: The Standard Edition IOS In Depth The Cisco 1900 and 2820 switches come with two unique IOSs: Standard Edition and Enterprise Edition. The Standard Edition is a character−based IOS, and the Enterprise Edition is similar to the IOS on higher−end routers. The Cisco 3000 series is the only series of switches that comes with a unique IOS; this series offers a graphical user interface (GUI) to configure the switch. In this chapter, we will focus on the setup of the Standard Edition IOS in detail.
[P] [A] [D] [M] [V] [R] [F] [I] [U] [H] [K] Port Configuration Port Addressing Port Statistics Detail Monitor Virtual LAN Multicast Registration Firmware RS−232 Interface Usage Summaries Help Command Line [X] Exit Management Console Enter Selection: The following sections describe the Main Menu options. By typing the letter associated with each command on the Main Menu, you enter that configuration screen.
The password is case−insensitive and can contain any character with a legal keyboard representation. • [E] Modify secret password—The Management Console secret password can help prevent unauthorized access. This password is stored in encrypted form and thus provides enhanced security. When specifying a secret password, use a minimum of 1 character and maximum of 25 characters. The password is case−sensitive and can contain any character with a legal keyboard representation.
• [R] Reset system—This option recycles the power on the switch. • [F] Reset to factory defaults—This option clears all configuration settings back to the factory defaults. Warning If you apply the [F] option, all manual configuration settings will be lost. • [B] Broadcast storm control—This option launches the Broadcast Storm menu, which includes five options. (These options are discussed in “Configuring Broadcast Storm Control on Switch Ports” in the Immediate Solutions section.
• [V] Management VLAN—Allows you to set the VLAN in which you will configure your switch. Cisco recommends that you choose a VLAN other than 1 because all ports are in VLAN1 by default. On the Standard Edition of the IOS software, the available VLANs are 1 through 4. The Enterprise Edition has 64 available VLANs. • [X] Exit to previous menu—Exits back to the Network Management menu. Tip When you change the IP address, the change takes effect immediately.
SNMP Default Trap Messages By default, the Cisco Catalyst 1900 and Catalyst 2820 series switches send certain trap messages.
Enter Selection: The following list shows the commands from the CDP Configuration/Status menu: • [H] Hold Time (secs)—Indicates how long a CDP multicast will remain in the CDP table. The valid entries are from 5 to 255 seconds, and the default is 180 seconds. • [T] Transmission Interval (secs)—Defines the interval in which the switch will send CDP multicast messages. • [E] Enable CDP on Port(s)—Identifies one or more ports on which to enable CDP.
Syntax Port A1 Port 25 B1 Port 26 AUI The AUI port 1 through 24 An individual port on the switch The Port Configuration menu is as follows: Catalyst 2820 − Port 24 Configuration ————————————————————Settings———————————————— [D] Description/name of port Port To Hanson’s PC [S] Status of port Suspended−jabber ————————————————————Related Menus——————————— [A] Port addressing [V] View port settings [N] Next port [G] Goto port [P] Previous port [X] Exit to Main Menu Enter Selection: The following list shows the o
• [N] Next port—This option is used to forward to the next configurable port. • [G] Goto port—This option is used to configure any identified port. • [P] Previous port—This option is used to configure the previous configurable port. • [X] Exit to Main Menu—This option returns you to the Main Menu. Let’s take a look at the options available on the 2820 using an FDDI module on port A1: Catalyst 2820 − Port A1 Configuration (Left Slot) Module Name: FDDI (Fiber SAS Model).
[A] Port Addressing The Port Addressing menu allows you to set up security and to add static MAC addresses to a port. When entering this option, you must first identify a port to configure, as listed in Table 15.2. Table 15.2: The available configurable ports on a Catalyst 2820 from the Port Addressing menu.
• [C] Configure port—Provides a shortcut to the Port Configuration menu. • [V] View port statistics—Displays individual port statistics. • [N] Next port—Forwards to the next configurable port. • [G] Goto port—Configures any identified port. • [P] Previous port—Configures the previous configurable port. • [X] Exit to Main Menu—Returns you to the main menu. [D] Port Statistics Detail The Port Statistics Detail displays the receive and transmit statistics for the port you select.
Catalyst 2820 − Virtual LAN Configuration VLAN Name Member Ports ——−− ———————————— ———————————— 1 VLAN 1 1−24, AUI, A, B ——————————————Action————————————— [C] Configure VLAN [X] Exit to Main Menu Enter Selection: This menu only gives two options. You can choose C to enter another menu that lets you configure a VLAN name and move member ports to another VLAN; or, you can exit to the Main Menu. [R] Multicast Registration By default, the switch forwards all multicast packets to all ports on the switch.
Catalyst 1900 − Firmware Configuration ——————————————————System Information—————————————————— FLASH: 1024K bytes V9.00.00 Standard Edition Upgrade status: No upgrade currently in progress.
The following list explains the options available from the RS−232 Interface Configuration menu: • [B] Baud rate—Lets you enter the baud rate. The possible settings are 2400, 9600, 19200, 38400, or 57600 for the console port. The default baud rate is 9600. • [D] Data bits—Allows the configuration of data bits for the console port. The possible options are 7 and 8. The default is 8. • [S] Stop bits—Allows the configuration of the stop bit value for the console port. The default is 1.
Errors: FCS errors Alignment errors Giant frames Address violations 0 0 0 0 Errors: Late collisions Excessive deferrals Jabber errors Other transmit errors 0 0 0 0 Select [A] Port addressing, [C] Configure port, [N] Next port, [P] Previous port, [G] Goto port, [R] Reset port statistics, or [X] Exit to Main Menu: • [A] Port Addressing Report—This option displays the Port Addressing report, which displays the number of MAC addresses and the MAC addresses assigned to a port: Catalyst 1900 − Port 3 Address
Receive Forward Transmit —————————————————————————————— 1 : 0 0 0 2 : 0 0 0 3 : 9352 9352 90514 4 : 0 0 0 5 : 0 0 0 6 : 3678 3677 81423 7 : 0 0 0 8 : 0 0 0 9 : 0 0 0 10 : 0 0 0 11 : 0 0 0 12 : 0 0 0 AUI: A : B : 0 0 0 0 0 0 82461 0 0 Select [R] Reset all statistics, or [X] Exit to previous menu: • [B] Bandwidth Usage Report—This option displays the Bandwidth Usage Report, which displays port−by−port bandwidth usage: Catalyst 1900 − Bandwidth Usage Report —————————————————————— Information —————————————
The following list describes the three menu options: ♦ [M] Menus—Displays the switch’s Main Menu. ♦ [I] IP Address—Available at log−on if the switch does not have a password configured. ♦ [P] Console Password—Allows you to enter an unencrypted privileged−level password to the switch management interface. This option is available at log−on only if the switch does not have a password. The password must be at least four characters and no more than eight characters long. 2.
[X] Exit to previous menu Enter Selection: This menu allows you to control the propagation of broadcasts to each port. The following list gives a brief description of each setting: • [A] Action upon exceeding broadcast threshold—Indicates what action will be taken in the event that the broadcast number threshold is exceeded. There are two settings: Option I ignores the excess broadcasts, and option B blocks them until the number of broadcasts becomes lower than the threshold setting.
Catalyst 1900 − Network Management (SNMP) READ Configuration ——————————————————————— Settings ————————————————— [1] First READ community string [2] Second READ community string [3] Third READ community string [4] Fourth READ community string [X] Exit to previous menu Enter Selection: 1 This command configures the community string the switch will recognize on all SNMP read ( Enter READ community string: Current setting ===> public New setting ===> Techs 4.
[D] Fourth WRITE manager name or IP address [X] Exit to previous menu 7.
10. We now want to bind the IP address of our SNMP management station to the trap community string. To do this, enter the new community string, and select [1]. Then select [A] to enter the IP address.
——————————— Actions ——————————————————————————————————— [A] Add ports to capture list [D] Delete ports from capture list [X] Exit to Main Menu Enter Selection: A This command adds ports to the capture list. Actual monitoring takes place only if all of the following information has been properly configured: 1) the capturing status, 2) the identity of a port to which monitored frames are sent, and 3) a non−empty capture list. Port numbers should be separated by commas or spaces.
[P] VTP Statistics [X] Exit to Main Menu 2. Select [V], and accept the default setting of Server. Because the change we want to make is to add a server, we will take the defaults: VTP mode may be set to [C]lient, [S]erver or [T]ransparent: Current setting ===> Server New setting ===> Server 3. Select [A] to add an Ethernet VLAN to the switch.
11. You should now see the Trunk A Configuration menu The next step is to enable trunking.
Assigning a Static VLAN to an Interface on a 1900EN 156 Series Configuring Spanning Tree Protocol To configure Spanning Tree Protocol, start from the Main Menu and do the following: 1. Select option [N], Network Management. 2.
This command disables the Spanning Tree Protocol for a list of VLANs. You may disable the Spanning Tree Protocol for a list of VLAN numbers. VLAN numbers range from 1 to 1005. VLAN numbers should be separated by commas or spaces. A VLAN number range may also be specified Enter VLAN numbers: 1 Notice here we selected the management VLAN, VLAN 1.
Chapter 16: Switch Troubleshooting In Depth Switch troubleshooting includes both hardware and software. The switch hardware can be anything from a Supervisor Engine to a module, card, chassis, or even a power supply. The software can be the individual module software or the IOS. In this chapter, we will focus on troubleshooting both the Command Line Interface (CLI) and the Set/Clear command−based IOS. First, I will concentrate on the physical hardware and then on the IOS troubleshooting commands.
Port Number LED Test 1 Ports (loopback) 2 Ethernet address PROM 3 CAM (MAC address) table 4 RS−232 console port 5 Realtime clock 6 CAM memory (SRAM) 7 Timer interrupt 8 Port control status 9 Flag memory (DRAM) 10 Buffer memory (DRAM) 11 Forwarding engine memory (SRAM) 12 Forwarding engine CPU 16/26 ECU memory (DRAM) Tip If the light turns green, the test has been passed. The switch will not boot if all the tests are not passed, with the exception of the realtime clock test.
The active LED indicates the following: • Orange—The Supervisor Engine is in standby. • Green—The Supervisor Engine is operating correctly. Other LEDs are on the individual line modules, as shown in Figure 16.2. These LEDs indicate the status of each module. A green link light indicates a good established link. An orange or amber link light indicates a problem with the link. A red light indicates that a non−port test has failed. Figure 16.2: The 10/100 Ethernet module LEDs.
This problem is addressed by Cisco with the use of Switched Port Analyzer (SPAN). SPAN allows the switch to copy all the packets that are sent to nodes connected to the switch ports and direct them to another port. In essence, the designated switch port becomes a mirror of the monitored port or ports. Cable Problems When a cable problem surfaces, it usually appears as an intermittent problem; however, it can cause an immediate failure.
Figure 16.3: A screen capture from CiscoView. • User Tracking—Used in the creation and management of dynamic VLANs. Cisco switches permit VLAN assignments based on dynamic VLAN assignments. This means the Media Access Control (MAC) address is used to assign the port to a specific VLAN. User Tracking defines these dynamic VLANs and maintains the whereabouts of workstations throughout the network. • VlanDirector—Another GUI−based application.
• show cam • show cdp neighbors • show config • show flash • show interface • show log • show mac • show port • show spantree • show system • show test • show version • show vtp domain controller show cam The show cam command displays a switch’s transparent bridging table (also known as the Content Addressable Memory [CAM] table). This is a table of the Layer 2 MAC addresses attached to each port that the switch has learned in order to make forwarding decisions.
show flash Cisco switches operate with software that is very similar to the Cisco IOS on routers. This software is stored and may be upgraded in flash stored on the Supervisor module. The show flash command reports the space required for the installed software and the version of the code, including the file names, software version numbers, and file sizes. Unfortunately, there is no comparable command on the 1900EN series switches.
show system Using the show system command, you can obtain a component status summary regarding the switch components. This information includes the system status, current traffic percentage, peak percentage, status of the fans, power supplies, and modem; uptime, and system identification configuration. There is no comparable command on the 1900EN series switches.
set system contact Sean Odom/Gina Galbraith ! #snmp set snmp community read−only public set snmp community read−write private set snmp community read−write−all all set snmp rmon disable set snmp trap enable module set snmp trap enable chassis set snmp trap enable bridge set snmp trap enable repeater set snmp trap enable vtp set snmp trap enable auth set snmp trap enable ippermit set snmp trap enable vmps ! #ip set interface sc0 2 68.127.186.100 255.255.255.0 68.127.186.255 set interface sl0 0.0.0.0 0.0.0.
set vlan 1003 name Token−Ring−default type trcrf mtu 1500 said 101003 state active parent 0 ring 0x0 mode srb aremaxhop 7 stemaxhop 7 ! #spantree ! #uplinkfast groups set spantree uplinkfast disable ! #vlan 1 set spantree set spantree set spantree set spantree set spantree enable 1 fwddelay 15 1 hello 2 1 maxage 20 1 priority 32768 1 ! #vlan 2 set spantree set spantree set spantree set spantree set spantree enable 1 fwddelay 15 1 hello 2 1 maxage 20 1 priority 32768 1 ! #vlan 10 set spantree set spantre
set logging level snmp 2 default set logging level spantree 2 default set logging level sys 5 default set logging level tac 2 default set logging level tcp 2 default set logging level telnet 2 default set logging level tftp 2 default set logging level vtp 2 default set logging level vmps 2 default set logging level kernel 2 default set logging level filesys 2 default set logging level drip 2 default set logging level pagp 5 default ! #ntp set ntp broadcastclient disable set ntp broadcastdelay 3000 set ntp c
set set set set set set set set set set set set port membership 2/1−24 static cdp enable 2/1−24 cdp interval 2/1−24 60 spantree portfast 2/1−24 disable spantree portcost 2/11 10 spantree portcost 2/12 10 spantree portcost 2/17 10 spantree portcost 2/18 10 spantree portcost 2/19 100 spantree portcost 2/21 10 spantree portcost 2/1−10,2/13−16,2/20,2/22−24 19 spantree portpri 2/1−24 32 ! #switch port analyzer set span enable ! #cam set cam agingtime 1−2,10,1003,1005 300 end Viewing the CLI−Based IOS Configur
1912EN# Viewing the Software Version on a Set/Clear Command−Based IOS Module To view the software version of a module on a Set/Clear command−based IOS, use the show version command. This command will not work on internal route processor modules, however. Let’s look at the command and an example of its output: show version Catalyst5002> (enable) show version 1 Mod Port Model Serial # Versions —— ———— —————————— ——————————— ———————————————————— 1 2 WS−X5530 006851332 Hw : 1.3 Fw : 3.1.2 Fw1: 4.
epld lcp atm lcp tr lcp c5ip lcp 64k atm/fddi lcp 360 mcp 3.1 3.1 3.1 3.1 3.1 3.1 3.1(212) 3.1 30 12−15 12−15 12−15 12−15 12−15 12−15 12−15 72920 23747 28737 23723 57100 24502 120648 26278 06/14/99 06/14/99 06/14/99 06/14/99 06/14/99 06/14/99 06/14/99 06/14/99 19:33:06 11:16:06 11:17:19 11:26:40 11:28:15 11:47:07 01:32:33 11:50:41 Catalyst5002> Note There is no comparable command on the 1900EN series switches.
—————————————— . . . Channel Status : Ports 1 2 —————————————— . . Note There is no comparable command on the 1900EN series switches. Testing External Module Hardware on a Set/Clear Command−Based Switch The Catalyst 5002 I am using has a Supervisor Engine in Slot 1. Slot 2 has a 10/100 Ethernet Interface Card with 24 ports.
Viewing the VTP Domain Configuration on a Set/Clear IOS The show vtp domain command can be used to obtain the VTP domain configuration on a Set/Clear command−based IOS switch.
Protocols Configured: IP Address: 68.127.187.10 Received: 95563219847 Transmitted: 81294682 Virtual LAN ID: 2 (Inter Switch Link Encapsulation) vLAN Trunk Interface: FastEthernet1/0.2 Protocols Configured: IP Address: 68.127.186.1 Received: 855147 Transmitted: 854281 Catalyst5002> Viewing the VLAN Configuration on a CLI−Based IOS To view the VLAN configuration on a CLI−based IOS switch, use the show vlan command.
Catalyst5002> (enable) show spantree VLAN 1 Spanning tree enabled Spanning tree type ieee Designated Root 00−00−80−0c−a1−b3 Designated Root Priority 32768 Designated Root Cost 0 Designated Root Port 1/0 Root Max Age 20 sec Hello Time 2 sec Forward Delay Bridge ID MAC ADDR Bridge ID Priority Bridge Max Age 20 sec Port ———————— 1/1 1/2 2/1 2/2 2/3 2/4 2/5 2/6 2/7 2/8 2/9 2/10 2/11 2/12 2/13 2/14 2/15 2/16 2/17 2/18 2/19 2/20 2/21 2/22 2/23 2/24 15 sec 00−00−80−0c−a1−b3 32768 Hello Time 2 sec Forward Delay
Port Ethernet 0/1 of VLAN2 is Forwarding Port path cost 100, Port priority 128 Designated root has priority 32768, address 0000.0C00.4BD0 Designated bridge has priority 32768, address 0000.0C00.4BD0 Designated port is Ethernet 0/7, path cost 0 Timers: message age 20, forward delay 15, hold 1 Port Ethernet 0/2 of VLAN2 is Forwarding Port path cost 100, Port priority 128 Designated root has priority 32768, address 0000.0C00.4BD0 Designated bridge has priority 32768, address 0030.8054.
Port path cost 100, Port priority 128 Designated root has priority 32768, address 0000.0C00.4BD0 Designated bridge has priority 32768, address 0030.8054.6C00 Designated port is Ethernet 0/12, path cost 100 Timers: message age 20, forward delay 15, hold 1 Port Ethernet 0/25 of VLAN1 is Forwarding Port path cost 100, Port priority 128 Designated root has priority 32768, address 0000.0C00.4BD0 Designated bridge has priority 32768, address 0030.8054.
1912EN#show mac Number of permanent addresses : 5 Number of restricted static addresses : 0 Number of dynamic addresses : 1 Address Dest Interface Type Source Interface List ———————————————————————————————————————————————————————————————— 0030.194C.80A6 Ethernet 0/1 Permanent All 0000.0C00.4BD0 Ethernet 0/1 Permanent All 00A0.2457.2877 Ethernet 0/1 Permanent All 0000.0C33.4283 Ethernet 0/5 Permanent All 0000.0C33.4283 Ethernet 0/10 Permanent All 0000.0C33.4286 Ethernet 0/10 Permanent All 0010.A4EF.
1912EN#show cdp neighbors Capability Codes: R − Router, T − Trans Bridge, B − S − Switch, P − Repeater, H − DeviceID IP Addr Local Port Capability 1005 68.127.187.254 Et0/1 R Source Route Bridge Host, I − IGMP Platform Remote Port cisco 1000 Ethernet0 1912EN# Viewing Individual Port CAM Tables on a CLI−Based IOS The show mac interface command allows you to view the MAC addresses associated with each individual port.
MAC Dely−Exced MTU−Exced In−Dcrd Lrn−Dcrd In−Lost Out−Lost 1/1 0 0 0 0 0 0 1/2 0 0 0 0 0 0 2/1 0 0 0 0 0 0 2/2 0 0 0 0 0 0 2/3 0 0 0 0 0 0 2/4 0 0 0 0 0 0 2/5 0 0 0 0 0 0 2/6 0 0 0 0 0 0 2/7 0 0 0 0 0 0 2/8 0 0 0 0 0 0 2/9 0 0 0 0 0 0 2/10 0 0 0 0 0 0 2/11 0 0 0 0 0 0 2/12 0 0 0 0 0 0 Port Rcv−Unicast Rcv−Multicast Rcv−Broadcast 1/1 1/2 2/1 2/2 2/3 2/4 2/5 2/6 2/7 2/8 2/9 2/10 2/11 2/12 0 0 326653 2465834 99675 345562 0 0 0 0 0 0 0 0 0 0 3444 1755 3467 453 0 0 0 0 0 0 0 0 0 0 72348 566432 66432 77645
Last−Time−Cleared —————————————————————————— Sat Sep 23 2000, 11:29:11 Viewing Port Statistics on a CLI−Based IOS To view the port statistics on a CLI−based IOS, use the show usage command.
Using the Port Configuration on a Set/Clear Command−Based IOS The show port command can be used on a Set/Clear command−based IOS switch to view the port configuration.
Ethernet 0/9, Ethernet 0/10, Ethernet 0/11, Ethernet 0/12 Ethernet 0/25, FastEthernet 0/26, FastEthernet 0/27 1912EN#show port monitor Port monitoring state: Enabled Monitor port: None Ports being monitored: Ethernet 0/1 1912EN#show port system Switching mode: FragmentFree Use of store and forward for multicast: Enabled Network port: Ethernet 0/8 Half duplex backpressure (10 Mbps ports): Disabled Enhanced Congestion Control (10 Mbps ports): Disabled Default port LED display mode: Port Status 1912EN# Using
1 default Enabled 5−12, AUI, A, B 2 Engineering Enabled 1−2 3 Admins Enabled 3−4 1002 fddi−default Suspended 1003 token−ring−defau Suspended 1004 fddinet−default Suspended 1005 trnet−default Suspended ———————————————————————————————————— VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2 ————————————————————————————————————————————————————————————————————————— 1 Ethernet 100001 1500 0 0 0 Unkn 1002 1003 2 Ethernet 100002 1500 0 0 0 Unkn 1002 1003 3 Ethernet 100003 1500 0 0 0 Unkn 1002 1003 1002 FDD
Receive Statistics —————————————————————————————————— Total good frames 2504 Total octets 242467 Broadcast/multicast frames 359 Broadcast/multicast octets 105187 Good frames forwarded 360 Frames filtered 2144 Runt frames 0 No buffer discards 0 Errors: FCS errors Alignment errors Giant frames Address violations 0 0 0 0 Transmit Statistics ————————————————————————————————— Total frames 11745 Total octets 875657 Broadcast/multicast frames 11745 Broadcast/multicast octets 875657 Deferrals 0 Single collisions
sp+B0: 10001030 10001030 10000BD0 10000AD0 sp+C0: 10000B28 10001030 10001030 10001030 sp+D0: 10001030 10001030 10001030 10001030 sp+E0: 10001030 10001030 10001030 10001030 sp+F0: 10001030 10001030 10001030 493798E4 D0: 00000000, D1: 00000004, D2: 00000030, D3: D4: 11000000, D5: 11000000, D6: 10FF0008, D7: A0: 68000000, A1: 00000000, A2: 10357A90, A3: A4: 103C182C, A5: 64000000, A6: 10FFFF8C, sp: 00005C05 11000000 103C182C 10FFFF6C NVRAM log: Module 2 Log: Reset Count: 1 Reset History: Fri Aug 04 2000, 8:0
2. Press and hold down the Mode button, as shown in Figure 16.5, while cycling the power on the switch. Figure 16.5: The Mode button on a 1900 Series switch. 3. Proceed through the following options: ——————————————————————————————————————————————————— Cisco Systems Diagnostic Console Copyright(c) Cisco Systems, Inc. 1997 All rights reserved. Ethernet Address: 00−30−80−54−6C−00 ——————————————————————————————————————————————————— Press enter to continue.
[C] Continue with standard system start up [U] Upgrade operation firmware (XMODEM) [S] System debug interface Enter Selection: 2. Use the [U] Upgrade Operation Firmware (XMODEM) option to upgrade the firmware (you must be using X−Modem compatible software on the network node attached to the switch): Enter Selection: U The XMODEM protocol will be used to perform this firmware upgrade.
[T] Toggle byte/word display [V] Value for output Word 0000H (0) ————————————————Actions———————————————— [I] Input [O] Output [X] Exit to Previous Menu Enter Selection: Here is an example of the output from the [M] Memory (CPU) I/O option: Enter Selection: M Diagnostic Console − Memory (CPU) I/O ————————————————Settings———————————————— [F] [L] [T] [V] From offset location Length in 16−bit words Toggle byte/word display Value for output 0000H (0) 0001H (1) Word 0000H (0) ————————————————Actions——————
Appendix A: Study Resources Glossary Books McDysan, David E. and Darren L. Spohn, ATM Theory and Application, McGraw−Hill: New York, 1998. ISBN: 0−07045−346−2. This book is a great resource on Asynchronous Transfer Mode (ATM) and LAN Emulation (LANE). Odom, Sean and Douglas Hammond, CCNP Switching Exam Prep, The Coriolis Group: Scottsdale, AZ, 2000. ISBN: 1−57610−689−6. This book covers the curriculum for the Cisco Switching Exam number 640−504.
Online Resources Multiple documents are available on the Web, but the best place for information is the Cisco Web site. Cisco is one of the best companies at providing documentation on its products. You can find the Cisco Web site at http://www.cisco.com/. Asynchronous Transfer Mode • ATM fundamentals information on an 8500 Series switch—www.cisco.com/univercd/cc/td/doc/product/atm/c8540/wa5/12_0/3a_11/atm_tech/basics.htm • Configuring ATM accounting and ATM RMON—www.cisco.
Quality of Service • Quality of Service Overview—www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/qcdintro.htm • Configuring Quality of Service on a Cisco Catalyst 6000—www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_4/config/qos.htm • Configuring IOS Quality of Service on the Catalyst 6000 Family—www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/ios127xe/qos.htm Spanning Tree Protocol • Configuring STP on a Cisco Catalyst 2900—www.cisco.
• Internet Engineering Task Force (IETF)—This organization is responsible for the TCP/IP, Simple Network Management Protocol (SNMP), and Internet standards. A lot of its work relates to upgrading and enlarging the TCP/IP protocol suite and networks utilizing that protocol. The IETF Web site can be found at http://www.ietf.org/.
Appendix B: Basic IOS CLI−to−Set/Clear Commands Overview Many features are supported by the Set/Clear−based switches, which include the Catalyst 5000 and 6000 families of switches. Most basic commands on a Command Line Interface (CLI)−based IOS can be mapped to commands that provide similar functionality on the Set/Clear−based CLI. Table B.1 maps the 1900EN commands with those of the 5000 family of switches. Table B.1: 1900EN commands mapped to 5000 commands.
show vlan show vtp spantree spantree cost spantree priority spantree start−forwarding spantree−template spantree−template spantree−template uplink−fast trunk vlan name vlan−membership static vtp vtp vtp password configuration Shows the VLAN show vlan configuration Shows the VLAN show vtp domain Trunking Protocol (VTP) configuration Configures STP set spantree enable
Appendix C: The Cisco Consultant Overview On the side, I run a small consulting company. When I tell people that I am a Cisco consultant, they usually reply, “Oh”; or, they ask how well Cisco’s stock is currently doing. Consulting means that you work from one project to another on a freelance basis. Usually, if you’re the consultant for a Cisco partner, the customer has found you—so the first part of your job is rather easy.
Make sure you are on time for your first appointment with the customer. Turn off your cellular phone (let voice mail be useful for once) and put your pager on vibrate. You want to project to the customer that he or she is the most important person in the world at that moment. No one wants to buy something from someone who frustrates them by answering a cellular phone or pager every five minutes. Put your certifications on your business card.
(briefly, this term refers to the fact that buying equipment correctly up front will be significantly cheaper than upgrading individual components later when it becomes necessary). Customers may not want to invest more money than they have to in the short term, but sometimes they will—and you wind up making a much bigger sale. Occasionally, your customers will find wisdom in investing in the future.
Contracting When you first go into business as a consultant, you should have a contract that is created by an attorney and authorized by your insurance carrier. Once you have the contract in a word−processing document form that outlines your liabilities and those of the customer, you can modify the contract to suit each individual customer. The investment is worth it—not just in case you are ever in a legal bind, but because good contracts help keep you out of a legal bind.
would only be there a week or so. The first day the contractor showed up, we gave him the initial payment for his work. He did a great day of work, removing the old flooring, vents, cabinets, toilet, and other fixtures. He said he would be back the next day to work some more—but the next day came and went, and he failed to show up. I called him, and he said a personal situation had come up and he was unable to make it. He assured me he would be there the next day to get most of the work done.
Failing to Take Responsibility If you realize that you failed to contract an item, you should absorb the cost if it is small. No one feels more nickeled and dimed than a person who has hired a consultant, when the consultant says he forgot to add a cable and will be charging another $10 five times. You can absorb small costs into the 10 percent padding I discussed earlier. If it is a large charge, debate notifying the customer.
Appendix D: Cisco 1912EN and Catalyst 5000 Configuration Practice Lab Today Joe Snow, our imaginary consultant, has received a Catalyst 1912EN switch, a Catalyst 5000 with a Supervisor Engine III, and a 24−port 10/100 Ethernet module. Joe has taken both the switches out of the box and has assembled all the devices into a rack. At present, neither switch is configured; Joe will be configuring both switches for a lab.
Mod MAC−Address(es) —— ————————————————————————————————————— 1 00−50−bd−a0−b0−00 to 00−50−bd−a0−b3−ff 2 00−50−0f−b7−ff−50 to 00−50−0f−b7−ff−67 Hw ———— 2.0 3.1 Fw ——————— 3.1.2 4.3(1) Sw —————————————————— 5.5(2) 5.5(2) Mod Sub−Type Sub−Model Sub−Serial Sub−Hw —— ———————— ————————— —————————— —————— 1 NFFC WS−F5521 0011455134 1.
Figure D.1: The sample configuration. Possible Solution More than one solution exists to any problem; however, here is the suggested solution to configuring the Cisco Catalyst 1912EN, the Cisco Catalyst 5000, and the Cisco 2620 trunked interface. The 1912 Basic Configuration To configure the Cisco Catalyst 1912EN, follow these steps: 1. Access the Cisco Catalyst through the Console port and configure the switch. Choose K to access the command−line interface.
1912EN(config)# enable password level ? <1−15> Level number 1912EN(config)# enable password level 1 coriolis1 1912EN(config)# enable password level 15 coriolis2 1912EN (config)# enable secret coriolispass 5. Enter Interface Configuration mode to configure the Fast Ethernet 0/27 port on the 1912EN. Enter the switch’s IP address and the default gateway (router): (config)# interface f0/27 (config−if)#ip address 63.78.39.164 255.255.255.0 (config)# 1912EN(config)#ip default−gateway 63.78.39.
1912EN(config)#vtp domain Coriolis 1912EN(config)#vtp domain server 1912EN(config)# exit Note The configuration on the 1912EN is saved automatically, so you do not need to save the configuration. The Catalyst 5000 Basic Configuration To configure the Cisco Catalyst 5000 10/100 Ethernet module and Supervisor Engine, follow these steps: 1. Access the Cisco Catalyst 5000 through the Console port located on the Supervisor Engine III.
Port(s) 2/24 trunk mode set to on. Port(s) 2/24 trunk type set to isl. 2000 Oct 19 12:32:46 %DTP−5−TRUNKPORTON:Port 2/24 7. Enable this switch to be a VTP client for the Coriolis VTP domain.
Appendix E: Switch Features This appendix is dedicated to helping you determine which switch needs to be placed in your network. If the wrong switch is placed in each point in your network the load can cause severe problems, including bottlenecks or load failures. We will break down the switches into the layers in which Cisco feels they should reside, based on their latest certification curriculum.
Cisco Catalyst 2820 For an environment that needs high−speed links to the wiring closet for 20 or so users, the Catalyst 2820 is an ideal solution. This switch is perfect for smaller wiring closets where it is not economical to purchase a high−end solution such as a Cisco Catalyst 5000 series switch. The Catalyst 2820 series switch architecture is virtually identical to that of the Cisco Catalyst 1900 series switches, differing mainly in its height and uplink bays.
Table E.3: The models and features available for the standard version of each Cisco Catalyst 2900 XL series switch. Feature 2908 XL 2912 MFXL 2916 XL 2924 MXL 2924 CXL 10/100 ports 8 0 16 24 22 100BaseFX ports 0 12 0 0 2 Expansion slots 0 2 0 2 0 Enterprise Yes Yes Yes Yes Yes Edition Standard Edition Yes No Yes Yes Yes Backplane 3.2Gbps 3.2Gbps 3.2Gbps 3.2Gbps 3.
Expansion slots Enterprise Edition Standard Edition Backplane Flash RAM Modularity Forwarding rate Max VLANs 0 Yes No 1.2Gbps 4MB 20MB No 1 million pps 1,024 0 Yes No 1.2Gbps 8MB 32MB No 1 million pps 1,024 2 Yes No 1.2Gbps 12MB 64MB Yes 1 million pps 1,024 0 Yes No 24Gbps 0 NA NA 18 million pps N/A Cisco Catalyst 3000 The Cisco Catalyst 3000 has a completely different architecture than any other Cisco switch.
Gigabit Ethernet ports for GBIC Ethernet aggregation. It also has built−in support for Voice Over IP telephony, in addition to built−in support for up to 250 port−based VLANs and ISL VTP. In addition, the 3500 series supports many of the features of the 1900 and 2900 series, such as DNS and DHCP. The series is offered in both Standard and Enterprise Editions. Table E.6 shows the features of the Catalyst 3500 series. Table E.6: The Cisco Catalyst 3500 series key switching features.
Key Features and Benefits The Catalyst 3900 has the following features: • Twenty shielded Token Ring ports for 150−ohm shielded twisted pair (STP) or 100−ohm unshielded twisted pair (UTP) connectivity • FlexSlot accommodating two expansion modules or one double−wide module for future expansion • Nine−pin EIA/TIA−232 interface for local console or modem connectivity • Automatic 4−, 16−, and 32Mbps speed adaptation • TokenChannel switch interconnect • MAC address and protocol (DSAP/SNAP) filters • IEEE and IB
• Catalyst 4000 series • Catalyst 5000 series • Catalyst 6000 series Cisco Catalyst 4000 Series The Catalyst 4000 series provides very fast and intelligent Layer 2 switching services using a 24Gbps switching fabric. It is used in Ethernet networks utilizing 10−, 100−, and 100Mbps switching. Let’s take a look at the features of each of the Catalyst 4000 series switches in Table E.8. Table E.8: Catalyst 4000 series key features.
configuration across all switches • Support for all advanced switching features of the Cisco IOS software • Support for advanced multicasting with CGMP The Catalyst 5000 series of switches uses an architecture based on Supervisor Engines I, II, and III. The Supervisor Engine provides network management and uplink ports. The Supervisor Engine II uses a fixed configuration, but it supports Fast EtherChannel technology on all uplink ports.
switching in distribution and server−aggregation environments. The Catalyst 6000 family complements the Catalyst 5000 series and 8500 series switches. The Catalyst 6000 family is capable of scaling bandwidth from T1 to OC−192 in the WAN/MAN, and from Ethernet to 10 Gigabit Ethernet in the LAN. The Catalyst 6000 series uses a Cisco IOS software base with ASICs to deliver wire−speed traffic management services end−to−end.
• Catalyst 8400 series • Catalyst 8500 series • BPX 8600 series • MGX 8800 series • Catalyst 12000 series Note Cisco considers the Catalyst 5500 and the Catalyst 6500 series switches as versatile Distribution and Core layer switches. Cisco Catalyst 8400 Series The Catalyst 8400 series wide−area switches provide the backbone services to deliver data, voice, fax, and video applications. The IGX 8400 series integrates with other Cisco WAN products to offer end−to−end solutions.
• Low−Delay, Code−Excited Linear Prediction (LD−CELP) at 16Kbps • Conjugate−Structured, Algebraic Code−Excited Linear Prediction (CS−ACELP) at 8Kbps The IGX voice interfaces also support the VAD silence suppression technique, which sends cells on the trunk only when there is something to send. With most voice connections consisting of up to 60 percent silence, VAD technology enables the IGX 8400 series to achieve an average two−to−one compression ratio, thus saving additional bandwidth.
Table E.12: The key features of the Cisco Catalyst 8510 and 8540. Feature Modular slots Forwarding rate Backplane 8510 5 6 million pps 10Gbps 8540 13 24 million pps 40Gbps BPX 8600 Series The BPX 8600 series provides a scalable set of solutions delivering ATM, Frame Relay, SNA, voice, and circuit emulation services, plus Voice Over IP, IP−based Virtual Private Networks (VPNs), managed intranets, and Internet services.
MGX 8800 Series The Cisco MGX 8800 series wide−area edge switches integrate Cisco IOS software IP capabilities and carrier−class ATM in a single platform. The MGX 8850 switch enables delivery of differentiated services while scaling from DS0 to OC−48c/STM−16 speeds. The MGX platform provides a cost− effective edge infrastructure for volume services, such as Frame Relay. Key Features Key features of the Catalyst 8800 series are as follows: • Flexible IP+ATM multiservice platform • Scalable from 1.
The MGX 8800 RPM also supports MPLS. It can act as a label edge router or label switch router. It also supports MPLS−VPNs via mulitprotocol BGP extentions, VPN route−target extended BGP community attributes, MPLS forwarding across backbone, and multiple routing/forwarding instances on the provider edge router. As mentioned earlier, the Route Processor Module has an ATM deluxe port adaptor interface to the chassis backplane.
• 512K configuration nonvolitile RAM (NVRAM) • 8MB boot flash • Two PC Card Type II software upgrades • Ethernet (RJ−45 and MII connectors) for network management access • Local console and modem ports (DB−25/EIA/TIA−232c) The GRP provides the following key functions: • Processes interior gateway protocols (IGPs) such as Intermediate System−to−Intermediate System (IS−IS), Interior Gateway Routing Protocol (IGRP), Open Shortest Path First (OSPF), and Enhanced IGRP (EIGRP) to determine the network topology •
then forwards the frame out all the ports. American National Standards Institute (ANSI) The organization that publishes standards for communications, programming languages, and networking. ANDing The process of comparing the bits of an IP address with the bits in a subnet mask to determine how a packet will be handled. anycast address An address used in ATM for shared multiple−end systems. An anycast address allows a frame to be sent to specific groups of hosts.
B backbone A high−capacity infrastructure system that provides optimal transport on a LAN. Typically in a LAN, the data running from router to router, switch to switch, or switch to router is transported through a faster physical topology than the rest of the local area or virtual LAN devices. The physical cable is called the backbone. BackboneFast Initiated when a root port or blocked port receives an inferior BPDU from its designated bridge.
device or Layer 2 device that can filter broadcasts. On a switched network using VLANs, the broadcast domain is all the ports or collision domains that belong to the same VLAN. broadcast storm Occurs when broadcasts throughout the LAN become so numerous that they use up all the available bandwidth, thus grinding the network to a halt. brouter A device that can be used to combine the benefits of both routers and bridges.
support CDP. Cisco Express Forwarding (CEF) Used in the CEF ASIC (CEFA) and Distributed Cisco Express Forwarding (dCEF) ASIC, Cisco’s newest ASICs. These ASICs, which are used in Cisco’s high−end devices, are the most functional and efficient ASICs in the Cisco product line. They use a CEF search engine, which makes IP prefix−based switching decisions using an adjacency table. The CEFA operates at both Layer 2 and Layer 3, using ARP to resolve next−hop adjacencies at Layer 2.
A feature of the SAMBA ASIC used to cause the EARL to make forwarding decisions. It also ensures that a tagged frame that comes from a particular VLAN does not exit through a port belonging to another VLAN. CBL also assists in placing ports in one of four different modes for Spanning−Tree Protocol: blocking, learning, listening, or forwarding. common carrier A supplier of communications utilities, such as phone lines, to the general public.
Data Service Unit (DSU) A component that formats and controls data for transmission over digital lines. It is used in conjunction with a Channel Service Unit (CSU). Data Terminal Equipment (DTE) A device at the user end of a user−network interface that serves as a data source, a destination, or both. These devices include computers, protocol translators, and multiplexers. datagram Information groupings that are transmitted as a unit at the Network layer.
dumb terminal An end−user station that can access another computer or switch but cannot provide any processing at the local level. Dynamic Host Configuration Protocol (DHCP) A protocol that provides an IP address to requesting nodes on the network. Dynamic ISL A protocol that performs trunking negotiation. It also verifies that two connected ports can become trunk links. A Dynamic ISL port can be configured in one of four modes: On, Off, Desirable, or Auto.
A connection used on the Catalyst 5000 family of switches. It allows as many as seven Ethernet links to be bundled and load−balanced frame by frame to provide up to 800Mbps of bandwidth. It can utilize half−duplex or full−duplex links. Fast Ethernet IEEE 802.3 specification for data transfers of up to 100Mbps. fault tolerance A theoretical concept defined as a resistance to failure. It is not an absolute and can be defined only in degrees.
A Data Link layer switching protocol used across multiple virtual circuits of a common carrier, giving the end user the appearance of a dedicated line. frame tagging A VLAN implementation method used to add VLAN information to data frames. As a frame enters the switch, it is tagged with VLAN information. It retains this information through the switching fabric; the tagging is removed before the frame exits the switch port with the attached destination interface.
hub A hardware device that connects multiple independent nodes. Also known as a concentrator or multiport repeater. Hypertext Transfer Protocol (HTTP) A protocol used by Web browsers to transfer pages and files from a remote node to your computer. IEEE See Institute of Electrical and Electronics Engineers. IEEE 802.1 Standard that defines the OSI model’s Physical and Data Link layers.
Standard for inserting a frame tag VLAN identifier in the frame header. As a frame enters the switching fabric, it is tagged with additional information regarding the VLAN properties. The tag remains in the frame as it is forwarded between switches and is removed prior to exiting the access link to the destination interface. This process is completely transparent to the end user. Industry Standards Architecture (ISA) The standard of the older, more common 8−bit and 16−bit bus and card architectures.
internetwork A group of networks that are connected by routers or other connectivity devices so that the networks function as one network. Internetwork Operating System (IOS) Cisco’s proprietary operating system, used in its routers and switches. Internetwork Packet Exchange (IPX) The Network−layer protocol generally used by Novell’s NetWare network operating system. IPX provides connectionless communication, supporting packet sizes up to 64K.
A broadcast on the local network, looking for the IP address of the destination host. local service Service where the device supplying the service resides on the same subnet as the device requesting the service. Local Target Logic (LTL) A feature of some line modules that assists the EARL in making forwarding decisions. local VLAN Beneficial for networks whose resources are centralized and in one geographical location. The VLAN can span one switch or many switches within the same floor or building.
microwaves Very short radio waves used to transmit data over 890MHz. modem A device used to modulate and demodulate the signals that pass through it. It converts the direct current pulses of the serial digital code from the controller into the analog signal that is compatible with the telephone network. multicast A single packet transmission from one sender to a specific group of destination nodes.
A protocol that allows all network equipment to synchronize the date and time on the private or internetwork environment. network−to−network interface (NNI) An interface that provides connectivity between two ATM switches. non−blocking A condition in which the fabric contains more bandwidth than the sum total of all the ports’ bandwidth combined. nonvolatile RAM (NVRAM) Static memory similar to that of the Flash. Information stored in the NVRAM does not get lost when the power is cycled on the device.
is the common modem connection used for Internet dial−up. Point−To−Point Tunneling Protocol (PPTP) A protocol that encapsulates private network data in IP packets. These packets are transmitted over synchronous and asynchronous circuits to hide the underlying routing and switching infrastructure of the Internet from both senders and receivers. polling The media−access method for transmitting data, in which a controlling device is used to contact each node to determine if it has data to send.
customers, which remains analog. Q−R Quality of Service (QoS) A guarantee of a particular level of service for a connection. QoS uses queuing and other methods to guarantee that bandwidth is available for a certain protocol, application, or address. QoS is important for implementing applications such as voice and video. queuing Uses buffering and priority control mechanisms to control data congestion on the network. Another term for QoS.
Route Switch Module (RSM) Cisco’s first multiprotocol multilayer switch module, which utilizes the full support of the Cisco IOS for performing Layer 3 routing from a slot internally on a Layer 2 switch. This module provides for interVLAN connectivity. Routing Information Field (RIF) A field on Source Route Bridge Token Ring frames that contains information about the rings and bridges that the frame must travel to the destination interface.
the same community. Simple Network Management Protocol (SNMP) trap An SNMP protocol utility that sends out an alarm in an identified community notifying members of the community that some network activity differs from the established threshold, as defined by the administrator. Simple Server Redundancy Protocol (SSRP) A Cisco protocol that provides redundancy for all LANE server components. Single Attached Station (SAS) A FDDI device that has only a single connection to a single DAC.
A 12−digit number that is used to uniquely identify each device on an IPX network. storage area network A subnetwork of storage devices, usually found on high−speed networks and shared by all servers on the network. store−and−forward A fast packet−switching method that produces a higher latency than other switching methods. The switch waits for the entire packet to arrive before checking the CRC. It then forwards or discards the packet.
An organization that develops standards with the EIA (Electronics Industries Association) for telecommunications technologies. Telnet Standard terminal−emulation protocol in the TCP/IP protocol stack. It is used to perform terminal emulation over TCP/IP via remote terminal connections, enabling users to log in to remote systems and use resources as if they were connected to a local system.
U−X unicast A frame in which the destination MAC address specifies the single destination computer. Unicast can be summarized as direct network traffic between two individual nodes. unshielded twisted−pair (UTP) A type of cable that uses multiple twisted pairs of copper wire in a casing that does not provide much protection from EMI. The most common network cable in Ethernet networks, it is rated in five categories.
