Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide Cisco IOS Release 12.0(5)WC(1) April 2001 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
C O N T E N T S Preface xv Audience xv Purpose xv Organization xvii Conventions xviii Related Publications xix Obtaining Documentation xx World Wide Web xx Cisco Documentation CD-ROM xx Ordering Documentation xxi Documentation Feedback xxi Obtaining Technical Assistance xxii Cisco.
Contents CHAPTER 1 Overview 1-1 Features 1-1 Management Options 1-7 Management Interface Options 1-7 Advantages of Using CMS and Clustering Switches 1-8 Network Configuration Examples 1-10 Design Concepts for Using the Switch 1-10 Small to Medium-Sized Network Configuration 1-14 Collapsed Backbone and Switch Cluster Configuration 1-16 Large Campus Configuration 1-18 Hotel Network Configuration 1-20 Multidwelling Configuration 1-23 CHAPTER 2 Getting Started with CMS 2-1 Features 2-2 Cluster Manager and
Contents Device Pop-Up Menu 2-28 Candidate, Member, and Link Pop-Up Menus 2-29 CMS Window Components 2-31 Host Name List 2-32 Tabs 2-32 Lists 2-32 Buttons 2-33 Online Help 2-33 Accessing CMS 2-35 Saving Configuration Changes 2-37 Using Different Versions of Web-Based Switch Management Software 2-38 Where to Go Next 2-38 CHAPTER 3 Getting Started with the CLI 3-1 Command Usage Basics 3-2 Accessing Command Modes 3-2 Abbreviating Commands 3-4 Using the No and Default Forms of Commands 3-5 Redisplaying a Co
Contents CHAPTER 4 General Switch Administration 4-1 Basic IP Connectivity to the Switch 4-2 Switch Software Releases 4-2 Console Port Access 4-3 Telnet Access to the CLI 4-4 HTTP Access to CMS 4-5 SNMP Network Management Platforms 4-6 Using FTP to Access the MIB Files 4-7 Using SNMP to Access MIB Variables 4-7 Default Settings 4-9 CHAPTER 5 Clustering Switches 5-1 Understanding Switch Clusters 5-2 Command Switch Characteristics 5-2 Standby Command Switch Characteristics 5-3 Candidate and Cluster Memb
Contents Creating a Switch Cluster 5-13 Designating and Enabling a Command Switch 5-14 Adding and Removing Cluster Members 5-14 Designating and Enabling Standby Command Switches 5-17 Verifying a Switch Cluster 5-19 Displaying an Inventory of the Clustered Switches 5-19 Displaying Link Information 5-20 Using the CLI to Manage Switch Clusters 5-21 Using SNMP to Manage Switch Clusters 5-22 CHAPTER 6 Configuring the System 6-1 Changing IP Information 6-2 Manually Assigning and Removing Switch IP Information
Contents Configuring SNMP 6-18 Disabling and Enabling SNMP 6-18 Entering Community Strings 6-19 Adding Trap Managers 6-19 Configuring CDP 6-22 Configuring CDP for Extended Discovery 6-22 Configuring STP 6-24 Supported STP Instances 6-24 Using STP to Support Redundant Connectivity 6-25 Disabling STP 6-25 Accelerating Aging to Retain Connectivity 6-26 Configuring STP and UplinkFast in a Cascaded Cluster 6-26 Configuring Redundant Links By Using STP UplinkFast 6-28 Enabling STP UplinkFast 6-30 Configuring Cro
Contents Managing the ARP Table 6-45 Controlling IP Multicast Packets through CGMP 6-46 Enabling the Fast Leave Feature 6-47 Disabling the CGMP Fast Leave Feature 6-47 Changing the CGMP Router Hold-Time 6-48 Removing Multicast Groups 6-48 Configuring MVR 6-49 Using MVR in a Multicast Television Application 6-49 Configuration Guidelines and Limitations 6-51 Setting MVR Parameters 6-53 Configuring MVR 6-54 Managing the MAC Address Tables 6-56 MAC Addresses and VLANs 6-56 Changing the Address Aging Time 6-57
Contents CHAPTER 7 Configuring the Switch Ports 7-1 Changing the Port Speed and Duplex Mode 7-2 Connecting to Devices That Do Not Autonegotiate 7-2 Setting Speed and Duplex Parameters 7-3 Configuring Flow Control on Gigabit Ethernet Ports 7-3 Configuring Flooding Controls 7-4 Enabling Storm Control 7-4 Disabling Storm Control 7-5 Blocking Flooded Traffic on a Port 7-6 Resuming Normal Forwarding on a Port 7-7 Enabling a Network Port 7-7 Disabling a Network Port 7-8 Configuring UniDirectional Link Detectio
Contents Configuring Inline Power on the Catalyst 3524-PWR Ports 7-21 Configuring the LRE Ports 7-22 LRE Links and LRE Profiles 7-22 LRE Ethernet Links 7-25 Assigning a Public Profile to All LRE Ports 7-27 Assigning a Private Profile to an LRE Port 7-28 CHAPTER 8 Configuring VLANs 8-1 Overview 8-2 Management VLANs 8-4 Changing the Management VLAN for a New Switch 8-5 Changing the Management VLAN Through a Telnet Connection 8-6 Assigning VLAN Port Membership Modes 8-7 VLAN Membership Combinations 8-8 Ass
Contents Configuring VTP 8-20 Configuring VTP Server Mode 8-21 Configuring VTP Client Mode 8-22 Disabling VTP (VTP Transparent Mode) 8-23 Enabling VTP Version 2 8-24 Disabling VTP Version 2 8-25 Enabling VTP Pruning 8-25 Monitoring VTP 8-26 VLANs in the VTP Database 8-27 Token Ring VLANs 8-27 VLAN Configuration Guidelines 8-28 Default VLAN Configuration 8-28 Configuring VLANs in the VTP Database 8-32 Adding a VLAN 8-33 Modifying a VLAN 8-34 Deleting a VLAN from the Database 8-34 Assigning Static-Access Por
Contents Load Sharing Using STP 8-46 Load Sharing Using STP Port Priorities 8-47 Configuring STP Port Priorities and Load Sharing 8-48 Load Sharing Using STP Path Cost 8-50 How the VMPS Works 8-52 Dynamic Port VLAN Membership 8-53 VMPS Database Configuration File 8-54 VMPS Configuration Guidelines 8-56 Default VMPS Configuration 8-57 Configuring Dynamic VLAN Membership 8-57 Configuring Dynamic Ports on VMPS Clients 8-58 Reconfirming VLAN Memberships 8-59 Changing the Reconfirmation Interval 8-59 Changing t
Contents Recovery Procedures 9-13 Recovering from Lost Member Connectivity 9-13 Recovering from a Command Switch Failure 9-14 Replacing a Failed Command Switch with a Cluster Member 9-15 Replacing a Failed Command Switch with Another Switch 9-19 Recovering from a Failed Command Switch Without HSRP 9-22 Recovering from a Lost or Forgotten Password 9-22 Recovering from Corrupted Software 9-25 APPENDIX A System Error Messages A-1 How to Read System Error Messages A-2 Error Message Traceback Reports A-4 Err
Preface Audience The Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide is for the network manager responsible for configuring the Catalyst 2900 series XL and Catalyst 3500 series XL switches, hereafter referred to as the switches. Before using this guide, you should be familiar with the concepts and terminology of Ethernet and local area networking. Purpose This guide provides information about configuring and troubleshooting a switch or switch clusters.
Preface Purpose • Cluster Management Suite (CMS) information—This guide provides an overview of the CMS web-based, switch management interface. For information about CMS requirements and the procedures for browser and plug-in configuration and accessing CMS, refer to the release notes. For CMS field-level window descriptions and procedures, refer to the CMS online help. • Cluster configuration—This guide provides information about planning for, creating, and maintaining switch clusters.
Preface Organization Organization The organization of this guide is as follows: Chapter 1, “Overview,” lists the software features of this release and provides examples of how the switch can be deployed in a network. Chapter 2, “Getting Started with CMS,” describes the Cluster Management Suite (CMS) web-based, switch management interface. Refer to the release notes for the procedures for configuring your web browser and accessing CMS.
Preface Conventions Conventions This guide uses the following conventions to convey instructions and information: Command descriptions use these conventions: • Commands and keywords are in boldface text. • Arguments for which you supply values are in italic. • Square brackets ([ ]) indicate optional elements. • Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
Preface Related Publications Related Publications You can order printed copies of documents with a DOC-xxxxxx= number. See the “Ordering Documentation” section on page xxi. The following publications provide more information about the switches: • Release Notes for the Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)WC(1) (not orderable but is available on Cisco.
Preface Obtaining Documentation – 1000BASE-T Gigabit Interface Converter Installation Note (not orderable but is available on Cisco.com) – Catalyst GigaStack Gigabit Interface Converter Hardware Installation Guide (order number DOC-786460=) – Cisco 575 LRE CPE Hardware Installation Guide (order number DOC-7811469=) Obtaining Documentation The following sections provide sources for obtaining documentation from Cisco Systems.
Preface Obtaining Documentation Ordering Documentation Cisco documentation is available in the following ways: • Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace: http://www.cisco.com/cgi-bin/order/order_root.pl • Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store: http://www.cisco.
Preface Obtaining Technical Assistance Obtaining Technical Assistance Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website. Cisco.com Cisco.
Preface Obtaining Technical Assistance Contacting TAC by Using the Cisco TAC Website If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website: http://www.cisco.com/tac P3 and P4 level problems are defined as follows: • P3—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
Preface Obtaining Technical Assistance Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide xxiv 78-6511-05
1 C H A P T E R Overview This chapter provides the following topics about the Catalyst 2900 XL and Catalyst 3500 XL switch software: • Features • Management options • Examples of the Catalyst 2900 XL and Catalyst 3500 XL switches in different network topologies Features The Catalyst 2900 XL and Catalyst 3500 XL software supports the switches and modules listed in the Release Notes for the Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)WC(1).
Chapter 1 Overview Features Table 1-1 Features Ease of Use and Ease of Deployment • Cluster Management Suite (CMS) software for simplified switch and switch cluster management through a web browser, such as Netscape Communicator or Microsoft Internet Explorer, from anywhere in your intranet • Switch clustering technology, in conjunction with CMS, for – Unified configuration, monitoring, authentication, and software upgrade of multiple switches (refer to the release notes for a list of eligible clus
Chapter 1 Overview Features Table 1-1 Features (continued) Manageability • Dynamic Host Configuration Protocol (DHCP)-based autoconfiguration for automatically configuring the switch during startup with IP address information and a configuration file that it receives during DHCP-based autoconfiguration Note DHCP replaces the Bootstrap Protocol (BOOTP) feature autoconfiguration to ensure retrieval of configuration files by unicast TFTP messages.
Chapter 1 Overview Features Table 1-1 Features (continued) Redundancy • HSRP for command switch redundancy • UniDirectional link detection (UDLD) on all Ethernet ports for detecting and disabling unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults • IEEE 802.1d Spanning Tree Protocol (STP) for redundant backbone connections and loop-free networks.
Chapter 1 Overview Features Table 1-1 Features (continued) Quality of Service and Class of Service • IEEE 802.
Chapter 1 Overview Features Table 1-1 Features (continued) Catalyst 2912 LRE and Catalyst 2924 LRE XL Switch-Specific Support • Long-Reach Ethernet (LRE) technology for – Data and voice transmission through existing telephone lines (categorized and noncategorized unshielded twisted-pair cable) in multidwelling or tenant buildings. – Up to 15 Mbps of bandwidth to remote Ethernet devices at distances of up to 4921 ft (1500 m) on each switch LRE port.
Chapter 1 Overview Management Options Management Options The Catalyst 2900 XL and Catalyst 3500 XL switches are designed for plug-and-play operation: you only need to assign basic IP information to the switch and connect it to the other devices in your network. If you have specific network needs, you can configure and monitor the switch—on an individual basis or as part of a switch cluster—through its various management interfaces.
Chapter 1 Overview Management Options • SNMP—SNMP provides a means to monitor and control the switch and switch cluster members. You can manage switch configuration settings, performance, security, and collect statistics by using SNMP management applications such as CiscoWorks2000 LAN Management Suite (LMS) and HP OpenView. You can manage the switch from an SNMP-compatible management station that is running platforms such as HP OpenView or SunNet Manager.
Chapter 1 Overview Management Options • Apply actions from CMS to multiple ports and multiple switches at the same time to avoid re-entering the same commands for each individual port or switch.
Chapter 1 Overview Network Configuration Examples Network Configuration Examples This section provides network configuration concepts and includes examples of using the switch to create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit Ethernet connections. Design Concepts for Using the Switch As your network users compete for network bandwidth, it takes longer to send and receive data.
Chapter 1 Overview Network Configuration Examples Bandwidth alone is not the only consideration when designing your network. As your network traffic profiles evolve, consider providing network services that can support applications such as voice and data integration and security. Table 1-3 describes some network demands and how you can meet those demands.
Chapter 1 Overview Network Configuration Examples Figure 1-1 shows three configuration examples for using the Catalyst 2900 XL and Catalyst 3500 XL switches to create the following: • Cost-effective wiring closet—A cost-effective way to connect many users to the wiring closet is to connect up to nine Catalyst 2900 and Catalyst 3500 XL switches through GigaStack GBIC connections. When you use a stack of Catalyst 3548 XL switches, you can connect up to 432 users.
Chapter 1 Overview Network Configuration Examples Figure 1-1 Example Configurations Catalyst 3548 XL switch Catalyst 2900 XL and Catalyst 3500 XL GigaStack cluster Cost-Effective Wiring Closet Catalyst 3508 XL or 4908G-L3 switch High-Performance Workgroup Catalyst 2900 XL and Catalyst 3500 XL cluster Catalyst 4908G-L3 switch Catalyst 4908G-L3 switch 1-Gbps HSRP Catalyst 2900 XL and Catalyst 3500 XL cluster 54568 Redundant Gigabit Backbone Catalyst 2900 Series XL and Catalyst 3500 Series XL Sof
Chapter 1 Overview Network Configuration Examples Small to Medium-Sized Network Configuration Figure 1-2 shows a configuration for a network that has up to 250 users. Users in this network require e-mail, file-sharing, database, and Internet access. You optimize network performance by placing workstations on the same logical segment as the servers they access most often.
Chapter 1 Overview Network Configuration Examples Figure 1-2 Small to Medium-Sized Network Configuration Cisco 2600 router 100 Mbps (200 Mbps full duplex) Gigabit server 1 Gbps (2 Gbps full duplex) Catalyst 2900 XL and Catalyst 3500 XL GigaStack cluster Gigabit server Single workstations 54569 10/100 Mbps (20/200 Mbps full duplex) Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78-6511-05 1-15
Chapter 1 Overview Network Configuration Examples Collapsed Backbone and Switch Cluster Configuration Figure 1-3 shows a configuration for a network of approximately 500 employees. This network uses a collapsed backbone and switch clusters. A collapsed backbone has high-bandwidth uplinks from all segments and subnetworks to a single device, such as a Gigabit switch, which serves as a single point for monitoring and controlling the network.
Chapter 1 Overview Network Configuration Examples Each 10/100 inline-power port on the Catalyst 3524-PWR XL switches provides –48 VDC power to the Cisco IP Phone. The IP phone can receive redundant power when it also is connected to an AC power source. IP phones not connected to the Catalyst 3524-PWR XL switches receive power from an AC power source.
Chapter 1 Overview Network Configuration Examples Large Campus Configuration Figure 1-4 shows a configuration for a network of more than 1000 users. Because it can aggregate up to 130 Gigabit connections, a Catalyst 6500 multilayer switch is used as the backbone switch. You can use the workgroup configurations shown in previous examples to create workgroups with Gigabit uplinks to the Catalyst 6500 switch.
Chapter 1 Overview Network Configuration Examples Figure 1-4 Large Campus Configuration IP telephony network or PSTN WAN Cisco CallManager Cisco 7200 Cisco access or 7500 router gateway Servers Catalyst 6500 switch Catalyst 2900 XL and 3500 XL GigaStack cluster 1 Gbps (2 Gbps full duplex) Catalyst 3524-PWR XL GigaStack cluster IP IP IP Cisco IP Phones IP IP Workstations running Cisco SoftPhone software IP Cisco IP Phones 54571 AC power source IP Catalyst 2900 Series XL and Catalyst 3500 S
Chapter 1 Overview Network Configuration Examples Hotel Network Configuration Figure 1-5 shows the Catalyst 2900 LRE XL switches in a hotel network environment with approximately 200 rooms. This network includes a private branch exchange (PBX) switchboard, a router, and high-speed servers. Connected to the telephone line in each hotel room is a Cisco 575 LRE CPE, which provides both telephone and Ethernet connections. A room telephone connects to the CPE phone port.
Chapter 1 Overview Network Configuration Examples The Catalyst 2900 LRE XL switches are cascaded through the 10/100 switch ports. Each switch also has a 10/100 connection to an aggregation switch, such as a Catalyst 3524 XL switch. The aggregation switch can connect to • Accounting, billing, and provisioning servers. • A router that provides Internet access to the premises. You can manage the switches through CMS as one or more switch clusters.
Chapter 1 Overview Network Configuration Examples Figure 1-5 Hotel Network Configuration Set-top box PC Telephones Telephones TV Rooms and users Required microfilter Cisco LRE CPE Cisco LRE CPE Required microfilter Floor 2 Set-top box PC Telephones Telephones TV Rooms and users Cisco LRE CPE Required microfilter Required microfilter Cisco LRE CPE Floor 1 Patch panel Cisco LRE 48 POTS splitters Catalyst 2900 LRE XL switches Servers PBX Catalyst 2900 XL or Catalyst 3500 XL switch Ci
Chapter 1 Overview Network Configuration Examples Multidwelling Configuration A growing segment of residential and commercial customers are requiring high-speed access to Ethernet metropolitan-area networks (MANs). Figure 1-6 shows a configuration for a Gigabit Ethernet MAN ring using Catalyst 6500 switches as aggregation switches in the mini-point-of-presence (POP) location. These switches are connected through 1000BASE-X GBIC ports.
Chapter 1 Overview Network Configuration Examples Figure 1-6 Multi-Dwelling Configuration Cisco 12000 Gigabit switch routers Service Provider POP Catalyst 6500 switches Catalyst 6500 multilayer switches Si Si Si Si Mini-POP Gigabit MAN Si Si Si Si Catalyst 2900 XL and Catalyst 3500 XL switches, including Catalyst 2900 LRE XL switches Residential location Set-top box Residential gateway (hub) Set-top box 54572 TV PC TV Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configur
C H A P T E R 2 Getting Started with CMS This chapter describes the following features and interface components of the Cluster Management Suite (CMS) software: • Visual Switch Manager (VSM) and Cluster Manager • Cluster Builder and Cluster View • CMS window components This chapter also includes the following topics: • Accessing CMS • Saving changes on CMS • Using different versions of CMS For system requirements and for browser and Java plug-in configurations, refer to the release notes.
Chapter 2 Getting Started with CMS Features Features CMS consists of the following integrated set of Java-based applications for managing switch clusters and individual switches from a standard Web browser such as Netscape Communicator or Microsoft Internet Explorer: • Cluster Manager and Visual Switch Manager (VSM)—Cluster Manager is the application for configuring and monitoring the switches in a specific cluster. When launched, it displays a front-panel view of all switches in the cluster.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Cluster Manager and VSM Cluster Manager is the CMS application for configuring the port-, switch-, and cluster-level settings of the switches in a cluster. VSM is the application for configuring switch- and port-level settings for a single switch.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Figure 2-1 Visual Switch Manager 10.1.126.45 54513 10.1.126.45 Right-click a port to display the port pop-up menu, and select an option to change port-related settings. Press Ctrl, and then left-click ports to select multiple ports. The color of the port reflects port or link status. LEDs display the current port mode and the status of the switch and connected RPS. Left-click Mode to change the meaning of the port LEDs.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Figure 2-2 Cluster Manager 54504 10.1.126.45 Cluster tree Select a switch from the cluster tree. The color of the switch icon reflects switch status. Right-click a switch to display the device pop-up menu, and select an option to change system-related settings.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Cluster Tree The cluster tree appears in the Cluster Manager left frame (Figure 2-2). It displays a list of the switches in a specific cluster. The sequence of the cluster tree icons mirrors the sequence of the switch front-panel images. Select a cluster-tree icon to select the corresponding switch image. After you select a switch, you can configure switch-wide settings from either the Cluster Manager menu bar options or the device pop-up menu.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Switch Images Use the front-panel images for visual switch management from a remote station. The LEDs on these images are updated at user-configurable polling intervals, making them as useful as the LEDs on the actual switches themselves. To change the polling intervals, select System > User Settings from VSM or Cluster > User Settings from Cluster Manager.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Redundant Power System LED The Redundant Power System (RPS) LED shows the RPS status. Table 2-3 and Table 2-4 list the LED colors and their meanings. Note Table 2-3 The Catalyst 2912 LRE XL, Catalyst 2924 LRE XL, and Catalyst 3524-PWR XL switches use the Cisco RPS 300 (model PWR300-AC-RPS-N1). All other Catalyst 2900 XL and Catalyst 3500 XL switches use the Cisco RPS 600 (model PWR600-AC-RPS).
Chapter 2 Getting Started with CMS Cluster Manager and VSM Table 2-4 Cisco RPS 300 LED on the Catalyst 2912 LRE, 2924-LRE, and 3524-PWR XL Switches Color RPS Status Black (off) RPS is off or is not installed. Green RPS is connected and operational. Blinking green RPS is backing up another switch in the stack. Amber RPS is connected but not functioning. The following conditions could exist: Blinking amber • The RPS could be in standby mode.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Table 2-5 Port Modes Mode LED Description STAT Ethernet link status of the 10/100, 100BASE-FX, or 1000BASE-X switch ports, or the Ethernet link status on the remote CPE. Default mode on all Catalyst 2900 XL and Catalyst 3500 XL switches except the Catalyst 2900 LRE XL switches. LRE (Catalyst 2900 LRE XL only) Long-Reach Ethernet (LRE) link status of the LRE ports on the Catalyst 2900 LRE XL switches. Default mode on these switches only.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Table 2-6, Table 2-7, and Table 2-8 explain how to interpret the port LED colors after you change the port mode. On the modular switches, the 1 or 2 LED is green when a module is installed. Refer to the module documentation for complete information. Table 2-6 Port LEDs on the Catalyst 2912, 2924C, 2924, 2912MF, and 2924M XL Switches Port Mode Port LED Color Description STAT Cyan (off) No link. Green Link present.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Table 2-7 LRE Port LEDs on the Catalyst 2900 LRE XL Switches1 Port Mode Port LED Color Description LRE2 Cyan (off) No LRE link present on the LRE port. Green LRE link present on the LRE port. Port LED turns green in approximately 10 seconds after the LRE port detects a connection to a Cisco 575 LRE CPE. Amber LRE port on the switch and WALL port on the Cisco 575 LRE CPE unable to establish the rate defined by the assigned profile.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Table 2-8 Port LEDs on the Catalyst 3500 XL Switches Port Mode Port LED Color Description STATUS Cyan (off) No link. Green Link present. Blinking green Activity on the port. Port is transmitting or receiving data. Amber Link fault. Error frames can affect connectivity, and errors such as excessive collisions, CRC errors, and alignment and jabber errors are monitored for a link-fault indication. Port is not forwarding.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Menu Bars The VSM menu bar provides the options for configuring and monitoring a single switch. The Cluster Manager menu bar provides the options for configuring and monitoring a switch or a switch cluster. The menu bars (Figure 2-1 and Figure 2-2) are similar, but with the following exceptions: • Some configuration options, such as some system and VLAN options, are arranged slightly differently in VSM and Cluster Manager.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Table 2-9 VSM and Cluster Manager Menu Bars Menu Bar Options Task Cluster (VSM-specific) Cluster Command Configuration Enable a switch to act as the cluster command switch. Cluster Management Display Cluster Manager or Cluster Builder. Cluster (Cluster Manager-specific) Management VLAN Change the management VLAN for a cluster. System Time Management Configure the system time or configure the Network Time Protocol (NTP).
Chapter 2 Getting Started with CMS Cluster Manager and VSM Table 2-9 VSM and Cluster Manager Menu Bars (continued) Menu Bar Options Task Device Cisco Group Management Protocol (CGMP) Enable and disable the CGMP and the CGMP Fast Leave feature on a switch. Spanning-Tree Protocol (STP) Display and configure STP parameters for a switch. LRE Profile Display the LRE profile settings for the Catalyst 2900 LRE XL switches, and configure the speed of the LRE link.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Toolbar The VSM and Cluster Manager toolbar (Figure 2-4) buttons display some switchand cluster-level configuration windows. Hover the cursor over a button to display a pop-up description. From left to right on the toolbar, the following windows can be displayed: Figure 2-4 • Cluster Builder (On VSM, this button is not applicable and is therefore disabled.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Port Pop-Up Menu You can display all port configuration windows from the Port menu on the menu bar, or you can display a subset of the port configuration windows from the VSM and Cluster Manager port pop-up menu. The port pop-up menu provides options for displaying commonly used port configuration windows (Table 2-10). From the port pop-up menu, you can configure a single port or configure multiple ports to run with the same settings.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Device Pop-Up Menu With the exception of the Cluster menu bar options, the VSM and Cluster Manager device pop-up menu displays all of the configuration and monitoring windows (Table 2-11) available from the VSM and Cluster Manager menu bar. To display the device pop-up menu from VSM, click the switch image, and right-click.
Chapter 2 Getting Started with CMS Cluster Manager and VSM Table 2-11 VSM and Cluster Manager Device Pop-up Menu (continued) Pop-up Menu Options Task Port Port Configuration Display and configure port parameters on a switch. Port Statistics Display the Ethernet and LRE link statistics. Port Search Search for a port through its description. Port Grouping (EC) Group ports into logical units for high-speed links between switches. Switch Port Analyzer (SPAN) Enable SPAN port monitoring.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder Cluster View and Cluster Builder Cluster View (Figure 2-5) and Cluster Builder (Figure 2-6) are the CMS applications for displaying, creating, and modifying switch clusters.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder Figure 2-5 Cluster View Cluster is collapsed to a double-switch icon. Connected cluster. 54505 mcluster Status bar shows that Cluster View is displayed.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder Figure 2-6 Cluster Builder A switch icon with a crown indicates the command switch. Lines indicate the type of connection between two devices, such as lightning bolts are Gigastack GBIC connections. Switch202 Right-click a line to display the link pop-up menu, and select an option to display link information. 54503 Device label identifies the switch. Status bar shows that Cluster Builder is displayed.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder Topology The topology appears when you launch use Cluster View and Cluster Builder. It displays connected clusters, command switches, cluster members, candidate switches, and edge devices. From the topology, you can: • Double-click a cluster icon (double-switch icon) to display cluster members. • Select a command-switch icon to configure cluster-wide settings. • Select a switch icon to configure switch-wide settings.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder The topology includes device labels, which are the switch cluster names, cluster member names, and MAC addresses (Figure 2-6). Table 2-13 describes the meanings of the label colors. You can toggle device labels by selecting View > Toggle Labels. Table 2-13 Device Label Colors Label Color Color Meaning Green A cluster member, either a member switch or the command switch.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder Menu Bar The Cluster View and Cluster Builder menu bar provides the options for configuring and monitoring a switch cluster. Table 2-15 describes the Cluster View and Cluster Builder menu bar options and their function. Table 2-15 Cluster View and Cluster Builder Menu Menu Bar Options Task Cluster Add to cluster Add candidates to cluster. Remove from cluster Remove members from cluster.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder Table 2-15 Cluster View and Cluster Builder Menu (continued) Menu Bar Options Task Options Save Layout Save the current arrangement in the topology. Save Configuration Save the current configuration of cluster members to Flash memory. Help Contents List all of the available online help topics. Legend Display descriptions of the icons used in the topology. About Display the version number for Cluster Builder and Cluster View.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder Figure 2-9 Cluster Builder and Cluster View Toolbar Move the cursor over the icon to display the tool tip. For example, the ? button displays Help Contents. 54512 Switch202 Device Pop-Up Menu Table 2-16 describes the menu options available when you right-click an icon in Cluster View. Table 2-16 Cluster View Device Menu Menu Option Action Device Web Page Displays the web management page for the device.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder Candidate, Member, and Link Pop-Up Menus Table 2-17 describes the menu options available when you right-click a candidate-switch icon in Cluster Builder. Table 2-17 Cluster Builder Candidate Pop-up Menu Menu Option Action Device Web Page Displays the device-management page for the device. Add to Cluster Adds the selected candidate or candidates to the cluster.
Chapter 2 Getting Started with CMS Cluster View and Cluster Builder Table 2-19 describes the menu options available when you right-click a link in Cluster Builder. For more information about displaying link information, refer to the online help. Table 2-19 Cluster Builder Link Pop-up Menu Menu Option Action Link Graph Display the performance graph for the link. One end of the link must be connected to a port on a cluster member that is a Catalyst 2900 XL or Catalyst 3500 XL switch.
Chapter 2 Getting Started with CMS CMS Window Components CMS Window Components CMS windows use consistent techniques to present configuration information. Figure 2-10 shows the components of a typical CMS window. Figure 2-10 CMS Window Components Click a tab to display more information. Cluster members are listed in the device list. Click in a row to select it. OK saves the changes you have made and closes the window. Apply saves the changes you have made and leaves the window open.
Chapter 2 Getting Started with CMS CMS Window Components Host Name List The Host Name drop-down list (also referred to as the Device list) shows a list of cluster member names. To display or change the configuration of a specific switch in a cluster, select the switch name. The current configuration settings of that switch appear.
Chapter 2 Getting Started with CMS CMS Window Components Buttons Table 2-20 describes the most common buttons that you use to change the information in a CMS window: Table 2-20 Common CMS Buttons Button Description OK Save any changes made in the window, and close the window. Apply Save any changes made in the window, and leave the window open. Cancel Do not save any changes made in the window, and close the window.
Chapter 2 Getting Started with CMS CMS Window Components Figure 2-11 Help Contents Click Back and Forward to redisplay previously displayed pages. Click Feedback to send us your comments about the online help. Feature help. Enter the first letters of the topic, and click Find. Dialog-specific help. 4567 Click a topic under the Contents or Index tab.
Chapter 2 Getting Started with CMS Accessing CMS Accessing CMS You must know the IP address and password of the specific switch or command switch to access CMS. You can assign this information to the switch in the following ways: • Using the setup program, as described in the release notes • Manually assigning an IP address and password, as described in the “Changing IP Information” section on page 6-2 and “Changing the Password” section on page 6-15.
Chapter 2 Getting Started with CMS Accessing CMS The following procedure assumes you have met the software requirements, (including browser and Java plug-in configurations) and have assigned IP information and a password to the switch or command switch, as described in the release notes. To access CMS, follow these steps: Step 1 Enter the IP address in the browser Location field (Netscape Communicator) or Address field (Microsoft Internet Explorer).
Chapter 2 Getting Started with CMS Saving Configuration Changes Saving Configuration Changes The front-panel images and CMS windows always display the running configuration of the switch. When you make a configuration change to a switch or switch cluster, the change becomes part of the running configuration. The change does not automatically become part of the config.txt file in Flash memory, which is the startup configuration used each time the switch restarts.
Chapter 2 Getting Started with CMS Using Different Versions of Web-Based Switch Management Software Using Different Versions of Web-Based Switch Management Software Cluster command switches can manage a mixture of Catalyst desktop switches. However, certain models of the Catalyst desktop switches support different versions of web-based management software; thus, the interfaces can differ.
C H A P T E R 3 Getting Started with the CLI This chapter provides information that you should know before using the Cisco IOS command-line interface (CLI). If you have never used IOS software or if you need a refresher, take a few minutes to read this chapter before reading the rest of this guide. • Command usage basics • Command-line error messages • Accessing the CLI • Saving configuration changes This switch software release is based on Cisco IOS Release 12.0(5).
Chapter 3 Getting Started with the CLI Command Usage Basics Command Usage Basics This section provides the following topics: • Accessing command modes • Abbreviating commands • Using the No and Default forms of commands • Redisplaying a command • Getting help Accessing Command Modes The CLI is divided into different modes. The commands available to you at any given time depend on which mode you are in.
Chapter 3 Getting Started with the CLI Command Usage Basics Each command mode supports specific Cisco IOS commands. For example, the interface command is used only from global configuration mode. Table 3-1 describes how to access each mode, the prompt you see in that mode, and how to exit the mode. The examples in the table use the host name switch. Table 3-1 Command Modes Summary Modes Access Method Prompt Exit Method About This Mode1 User EXEC Begin a session with your switch.
Chapter 3 Getting Started with the CLI Command Usage Basics Table 3-1 Command Modes Summary (continued) Prompt Exit Method About This Mode1 Global Enter the configure configuration command while in privileged EXEC mode. switch(config)# To exit to privileged EXEC mode, enter exit or end, or press Ctrl-Z. Use this mode to configure parameters that apply to your switch as a whole. Interface Enter the interface configuration command (with a specific interface) while in global configuration mode.
Chapter 3 Getting Started with the CLI Command Usage Basics Using the No and Default Forms of Commands Almost every configuration command has a no form. In general, use the no form to • Disable a feature or function. • Reset a command to its default values. • Reverse the action of a command. For example, the no shutdown command reverses the shutdown of an interface. Use the command without the no form to reenable a disabled feature or to reverse the action of a no command.
Chapter 3 Getting Started with the CLI Command Usage Basics • Note abbreviated-command-entry—Complete a partial command name. No space before tabbing. switch# sh conf switch# sh configuration • ? — List all commands available for a particular command mode. switch> ? • command ?—List of command keywords. switch> show ? • command keyword ?— List of command keyword arguments. switch> show udld ? FastEthernet FastEthernet IEEE 802.
Chapter 3 Getting Started with the CLI Command-Line Error Messages Command-Line Error Messages Table 3-2 lists some error messages that you might encounter while using the CLI. Table 3-2 Common CLI Error Messages Error Message Meaning How to Get Help % Ambiguous command: "show con" You did not enter enough characters for your switch to recognize the command. Reenter the command followed by a space and a question mark (?). You did not enter all of the keywords or values required by this command.
Chapter 3 Getting Started with the CLI Accessing the CLI Accessing the CLI The following procedure assumes you have already assigned IP information and password to the switch or command switch. You can assign this information to the switch in the following ways: • Using the setup program, as described in the release notes • Manually assigning an IP address and password, as described in the “Changing IP Information” section on page 6-2 and “Changing the Password” section on page 6-15.
Chapter 3 Getting Started with the CLI Accessing the CLI Accessing the CLI from a Browser The following procedure assumes you have met the software requirements, (including browser and Java plug-in configurations) and have assigned IP information and a Telnet password to the switch or command switch, as described in the release notes. To access the CLI from a web browser, follow these steps: Step 1 Start one of the supported browsers. Step 2 In the URL field, enter the IP address of the command switch.
Chapter 3 Getting Started with the CLI Saving Configuration Changes Saving Configuration Changes The show command always displays the running configuration of the switch. When you make a configuration change to a switch or switch cluster, the change becomes part of the running configuration. The change does not automatically become part of the config.txt file in Flash memory, which is the startup configuration used each time the switch restarts.
C H A P T E R 4 General Switch Administration This chapter provides the following switch administration topics: • Basic IP connectivity to the switch • Switch software releases • Console port access • Hypertext Transfer Protocol (HTTP) access • Telnet access • Simple Network Management Protocol (SNMP) network management platforms • Default settings of key software features Refer to the release notes for information about starting up the switch: • Software and hardware requirements and compa
Chapter 4 General Switch Administration Basic IP Connectivity to the Switch Basic IP Connectivity to the Switch The switch uses IP address information to communicate with the local routers and the Internet. You need it if you plan to use the CMS to configure and manage the switch. The switch also requires a secret password.
Chapter 4 General Switch Administration Console Port Access Console Port Access The switch console port provides switch access to a directly-attached terminal or PC or to a remote terminal or PC through a serial connection and a modem. For information about connecting to the switch console port, refer to the switch hardware installation guide. Be sure that the switch console port settings match the settings of the terminal or PC.
Chapter 4 General Switch Administration Telnet Access to the CLI Telnet Access to the CLI The following procedure assumes you have assigned IP information and a Telnet password to the switch or command switch, as described in the release notes. Information about accessing the CLI through a Telnet session is provided in the “Accessing the CLI” section on page 3-8.
Chapter 4 General Switch Administration HTTP Access to CMS HTTP Access to CMS CMS uses Hypertext Transfer Protocol (HTTP), which is an in-band form of communication with the switch through any one of its Ethernet ports and that allows switch management from a standard web browser. CMS requires that your switch uses HTTP port 80, which is the default HTTP port. Note If you change the HTTP port, you cannot use CMS.
Chapter 4 General Switch Administration SNMP Network Management Platforms SNMP Network Management Platforms You can manage switches by using an Simple Network Management Protocol (SNMP)-compatible management station running such platforms as HP OpenView or SunNet Manager. CiscoWorks2000 and CiscoView 5.0 are network-management applications you can use to configure, monitor, and troubleshoot Catalyst 2900 XL and Catalyst 3500 XL switches.
Chapter 4 General Switch Administration SNMP Network Management Platforms Using FTP to Access the MIB Files You can obtain each MIB file with the following procedure: Step 1 Use FTP to access the server ftp.cisco.com. Step 2 Log in with the username anonymous. Step 3 Enter your e-mail username when prompted for the password. Step 4 At the ftp> prompt, change directories to /pub/mibs/supportlists.
Chapter 4 General Switch Administration SNMP Network Management Platforms An example of an NMS is the CiscoWorks network management software. CiscoWorks2000 software uses the switch MIB variables to set device variables and to poll devices on the network for specific information. The results of a poll can be displayed as a graph and analyzed to troubleshoot internetworking problems, increase network performance, verify the configuration of devices, monitor traffic loads, and more.
Chapter 4 General Switch Administration Default Settings Default Settings The switch is designed for plug-and-play operation, requiring only that you assign basic IP information to the switch and connect it to the other devices in your network. For information about assigning basic IP information to the switch, see the “Basic IP Connectivity to the Switch” section on page 4-2 and the release notes. If you have specific network needs, you can configure the switch through its various management interfaces.
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where To Change Them (continued) Default Setting Feature Upgrading cluster software Enabled Concepts and CLI Procedures CMS Option “Switch Software Releases” section on page 4-2. Cluster Manager Release notes on Cisco.
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where To Change Them (continued) Feature Address Resolution Protocol (ARP) Default Setting Enabled Concepts and CLI Procedures CMS Option “Managing the ARP Table” section on page 6-45. Cluster Manager System > ARP Table Documentation set for Cisco IOS Release 12.0 on Cisco.com. System Time Management None “Setting the System Date and Time” Cluster Manager section on page 6-17.
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where To Change Them (continued) Default Setting Feature Concepts and CLI Procedures CMS Option Chapter 7, “Configuring the Switch Ports.” Cluster Manager Performance Configuring a port Duplex mode None • Auto on all 10/100 ports • Half duplex on all LRE ports Cluster Manager Port > Port “Changing the Port Speed and Duplex Configuration Mode” section on page 7-2.
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where To Change Them (continued) Feature Default Setting Concepts and CLI Procedures CMS Option “Configuring Flooding Controls” section on page 7-4. Cluster Manager Flooding Control Storm control Flooding unknown unicast and multicast packets Disabled Enabled Port > Flooding Control “Blocking Flooded Traffic on a Port” Cluster Manager section on page 7-6.
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where To Change Them (continued) Default Setting Feature Concepts and CLI Procedures CMS Option “Displaying an Inventory of the Clustered Switches” section on page 5-19 and “Displaying Link Information” section on page 5-20.
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where To Change Them (continued) Feature Community strings Default Setting public Concepts and CLI Procedures CMS Option “SNMP Community Strings” section Cluster Manager on page 5-10 and “Entering System > SNMP Community Strings” section on Configuration page 6-19. Documentation set for Cisco IOS Release 12.0 on Cisco.com. Port security Disabled “Enabling Port Security” section on page 7-14.
Chapter 4 General Switch Administration Default Settings Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 4-16 78-6511-05
C H A P T E R 5 Clustering Switches This chapter provides the following topics to help you get started with switch clustering: • Switch cluster overview • Planning a switch cluster • Creating a switch cluster • Verifying a switch cluster • Using the command-line interface (CLI) to manage switch clusters • Using Simple Network Management Protocol (SNMP) to manage switch clusters Configuring switch clusters is more easily done from the Cluster Management Suite (CMS) web-based interface than thro
Chapter 5 Clustering Switches Understanding Switch Clusters Understanding Switch Clusters A switch cluster is a group of connected Catalyst desktop switches that are managed as a single entity. The switches can be in the same location, or they can be distributed across a contiguous Layer 2 network. All communication with cluster switches is through one IP address. In a switch cluster, 1 switch must be designated as the command switch and up to 15 switches can be member switches.
Chapter 5 Clustering Switches Understanding Switch Clusters Standby Command Switch Characteristics You can assign one or more switches to a standby group of command switches. There is no limit to the number of switches you assign to a standby group. To be eligible for a standby group, a switch must meet the following requirements: • It is running Cisco IOS Release 12.0(5)XP or later. • It has its own IP address. • It has CDP version 2 enabled.
Chapter 5 Clustering Switches Planning a Switch Cluster Planning a Switch Cluster Anticipating conflicts and compatibility issues is a high priority when you manage several switches through a cluster. This section describes the following considerations, requirements, and caveats that you should understand before you create the cluster. Refer to the release notes for software compatibility considerations and requirements on cluster-capable switches.
Chapter 5 Clustering Switches Planning a Switch Cluster Standby Command Switches Because a command switch manages the forwarding of all communication and configuration information to all the cluster members, we strongly recommend that you configure a standby command switch to take over if the command switch fails. We also recommend redundant cabling from the standby command switch to the switch cluster. IOS Release 12.
Chapter 5 Clustering Switches Planning a Switch Cluster Figure 5-1 A Cluster with a Standby Command Switch Command switch Standby command switch Cluster Management Suite 1900/2820 member switches 33950 HTTP Catalyst 2900 and 3500 XL member switches Figure 5-2 shows a network cabled to allow the standby switch to maintain management contact with the member switches if the cluster command switch fails.
Chapter 5 Clustering Switches Planning a Switch Cluster To ensure that the standby command switch can take over the cluster if the primary command switch fails, the primary command switch continually forwards cluster configuration information to the standby command switch. Note The command switch forwards cluster configuration information to the standby switch but not device-configuration information.
Chapter 5 Clustering Switches Planning a Switch Cluster IP Addresses Clustering switches conserves IP addresses if you have a limited number of them. If you plan to create switch clusters, you must assign IP information to a command switch. Through the command-switch IP address, you can manage and monitor up to 16 switches. When a switch joins a cluster, it is managed and communicates with other member switches through the command-switch IP address.
Chapter 5 Clustering Switches Planning a Switch Cluster If you change the member-switch password, it is not manageable by the command switch until you change the member-switch password to match the command-switch password or until you reboot the member switch. Note Copies of the CMS pages you display are saved in your browser memory cache until you exit the browser session. A password is not required to redisplay these pages, including the Cisco Systems Access page.
Chapter 5 Clustering Switches Planning a Switch Cluster Host Names You do not need to assign a host name to either a command switch or an eligible cluster member. However, a host name assigned to the command switch can help to more easily identify the switch cluster. The default host name for any Catalyst 2900 XL and Catalyst 3500 XL switch is Switch.
Chapter 5 Clustering Switches Planning a Switch Cluster 32-character string-length limitation on the Catalyst 1900 and Catalyst 2820 switches, the command-switch community strings are truncated to 27 characters when propagating them to these switches, and the @esN (where N refers to the member switch number and can be up to two digits) is appended to them. For more information about configuring community strings through Cluster Manager, see the “Configuring SNMP” section on page 6-18.
Chapter 5 Clustering Switches Planning a Switch Cluster Caution You can change the management VLAN through a console connection without interrupting the console connection. However, changing the management VLAN ends your CMS session. Restart your CMS session by entering the new IP address in the browser Location field (Netscape Communicator) or Address field (Microsoft Internet Explorer), as described in the release notes.
Chapter 5 Clustering Switches Creating a Switch Cluster LRE Profiles A configuration conflict occurs if a switch cluster has LRE switches using both private and public profiles. If one LRE switch in a cluster is assigned a public profile, all LRE switches in that cluster must have that same public profile. Before you add an LRE switch to a cluster, make sure that you assign it the same public profile used by other LRE switches in the cluster.
Chapter 5 Clustering Switches Creating a Switch Cluster This section provides procedures for enabling a command switch and building a cluster. For procedures on connecting switches together, refer to the switch hardware installation guide. For procedures on assigning basic information to the command switch, refer to the release notes. Designating and Enabling a Command Switch Before you enable a switch as a command switch, refer to the release notes for command-switch requirements.
Chapter 5 Clustering Switches Creating a Switch Cluster From the Cluster Builder topology, you can also add a candidate switch to a cluster. Display Cluster Builder, right-click the candidate icon, and from the pop-up menu, select Add to Cluster (Figure 5-4). Cluster members have green labels, and candidates have blue labels. You can add a switch to a cluster if the cluster has no more than 16 members; otherwise, you must remove a member before adding a new one.
Chapter 5 Clustering Switches Creating a Switch Cluster Figure 5-4 Cluster Builder Right-click a member switch to display the device pop-up menu, and select an option to display the Switch Manager, display switch information, or remove the switch from the cluster. 54502 Thin line indicates a connection to a candidate switch. Right-click a candidate switch to display the device pop-up menu, and select Add to Cluster to add the switch to a cluster.
Chapter 5 Clustering Switches Creating a Switch Cluster Designating and Enabling Standby Command Switches To create a standby group, display Cluster Manager, and select Cluster > Standby Command Configuration to display the Standby Command Configuration window (Figure 5-5). Eligible switches are listed in the Candidates list according to an eligibility ranking. Candidate switches are ranked first by the number of links they have and second by the switch speed.
Chapter 5 Clustering Switches Creating a Switch Cluster Figure 5-5 Standby Command Configuration Switch205 Switch202.cisco.com Active command switch is at the top. nms-lab1 (CC) Switch201 Switch207 Standby command switches are listed below the active command switch. Must be valid IP address in the same subnet as the active command switch. 54509 Once entered, this number cannot be changed. Candidates are listed in order of the eligibility.
Chapter 5 Clustering Switches Verifying a Switch Cluster Verifying a Switch Cluster You can display the switch cluster you have built by • Displaying an inventory of the switches in the cluster. • Displaying the topology of the switch cluster and viewing link information. You can also display port and switch statistics from Port > Port Statistics and Port > Port Configuration > Runtime Status. For information about troubleshooting switch clusters, see Chapter 9, “Troubleshooting.
Chapter 5 Clustering Switches Verifying a Switch Cluster Figure 5-6 Inventory Select column borders to widen column. IP addresses of cluster members. Software versions for cluster members. 54507 2 Displaying Link Information You can see how the cluster members are interconnected from Cluster Builder. It shows how the switches are connected and the type of connection between each device. To display a legend describing the icons, links, and colors used in Cluster Builder, select Help > Legend.
Chapter 5 Clustering Switches Using the CLI to Manage Switch Clusters Using the CLI to Manage Switch Clusters You can configure member switches from the CLI by first logging in to the command switch. Enter the rcommand user EXEC command and the member switch number to start a Telnet session (through a console or Telnet connection) and to access the member switch CLI. After this, the command mode changes and IOS commands operate as usual.
Chapter 5 Clustering Switches Using SNMP to Manage Switch Clusters Using SNMP to Manage Switch Clusters You must enable SNMP for the Cluster Management reporting and graphing features to function properly. When you first power on the switch, SNMP is enabled if you enter the IP information by using the setup program and accept its proposed configuration.
Chapter 5 Clustering Switches Using SNMP to Manage Switch Clusters Figure 5-7 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 33020 Trap Tr ap ap Tr Member 1 Member 2 Member 3 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78-6511-05 5-23
Chapter 5 Clustering Switches Using SNMP to Manage Switch Clusters Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 5-24 78-6511-05
C H A P T E R 6 Configuring the System This chapter provides information about changing switch-wide configuration settings. It includes command-line interface (CLI) procedures for using commands that have been specifically created or changed for the Catalyst 2900 XL or Catalyst 3500 XL switches. For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference.
Chapter 6 Configuring the System Changing IP Information Changing IP Information You can assign and change the IP information of your switch in the following ways: • Using the setup program, as described in the release notes • Manually assigning an IP address, as described in this section • Using Dynamic Host Configuration Protocol (DHCP)-based autoconfiguration, as described in this section Caution Changing the switch IP address ends any CMS, Telnet, or Simple Network Management Protocol (SNMP) s
Chapter 6 Configuring the System Changing IP Information Beginning in privileged EXEC mode, follow these steps to enter the IP information: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface vlan 1 Enter interface configuration mode, and enter the VLAN to which the IP information is assigned. VLAN 1 is the default management VLAN, but you can configure any VLAN from IDs 1 to 1001.
Chapter 6 Configuring the System Changing IP Information Using DHCP-Based Autoconfiguration The Dynamic Host Configuration Protocol (DHCP) provides configuration information to Internet hosts and internetworking devices. With DHCP-based autoconfiguration, your switch (DHCP client) can be automatically configured during bootup with IP address information and a configuration file that it receives during DHCP-based autoconfiguration.
Chapter 6 Configuring the System Changing IP Information DHCP Client Request Process When you boot your switch, the DHCP client can be invoked and automatically request configuration information from a DHCP server under the following conditions: • The configuration file is not present on the switch. • The configuration file is present, but the IP address is not specified in it.
Chapter 6 Configuring the System Changing IP Information If the configuration parameters sent to the client in the DHCPOFFER unicast message by the DHCP server are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
Chapter 6 Configuring the System Changing IP Information If you do not configure the DHCP server with the lease options described earlier, then it replies to client requests with only those parameters that have available values. If the IP address and subnet mask are not in the reply, the switch is not configured. If the DNS server IP address, router IP address, or TFTP server name are not found, the switch might broadcast TFTP requests.
Chapter 6 Configuring the System Changing IP Information You must specify the TFTP server name in the DHCP server lease database. You must also specify the TFTP server name-to-IP-address mapping in the DNS server database. The TFTP server can be on the same or a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a relay device or a router. For more information, see the “Configuring the Relay Device” section on page 6-9.
Chapter 6 Configuring the System Changing IP Information If your network devices require connectivity with devices in networks for which you do not control name assignment, you can assign device names that uniquely identify your devices within the entire internetwork. The Internet’s global naming scheme, the DNS, accomplishes this task. This service is enabled by default. The switch uses the DNS server to resolve the TFTP server name to a TFTP server IP address.
Chapter 6 Configuring the System Changing IP Information Figure 6-2 Relay Device Used in Autoconfiguration Switch (DHCP client) Cisco router (Relay) 10.0.0.2 10.0.0.1 DHCP server 20.0.0.3 TFTP server 20.0.0.4 DNS server 47573 20.0.0.2 20.0.0.1 For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Chapter 6 Configuring the System Changing IP Information • Only the IP address is reserved for the switch and provided in the DHCP reply. The configuration filename is not provided (two-file read method). The switch receives its IP address and subnet mask from the DHCP server. It also receives a DNS server IP address and a TFTP server name. The switch sends a DNS request to the DNS server, specifying the TFTP server name, to obtain the TFTP server address.
Chapter 6 Configuring the System Changing IP Information Example Configuration Figure 6-3 shows a sample network for retrieving IP information using DHCP-based autoconfiguration. Figure 6-3 DHCP-Based Autoconfiguration Network Example Switch 1 Switch 2 Switch 3 Switch 4 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 DHCP server 10.0.0.2 DNS server 10.0.0.3 TFTP server (maritsu) 47571 10.0.0.
Chapter 6 Configuring the System Changing IP Information Table 6-1 DHCP Server Configuration Switch-1 Switch-2 Switch-3 Switch-4 Binding key (hardware address) 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 IP address 10.0.0.21 10.0.0.22 10.0.0.23 10.0.0.24 Subnet mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Router address 10.0.0.10 10.0.0.10 10.0.0.10 10.0.0.10 10.0.0.2 10.0.0.2 10.0.0.2 DNS server address 10.0.0.2 TFTP server name maritsu or 10.
Chapter 6 Configuring the System Changing IP Information DHCP Client Configuration No configuration file is present on Switch 1 through Switch 4. Configuration Explanation In Figure 6-3, Switch 1 reads its configuration file as follows: • It obtains its IP address 10.0.0.21 from the DHCP server. • If no configuration filename is given in the DHCP server reply, Switch 1 reads the network-confg file from the base directory of the TFTP server.
Chapter 6 Configuring the System Changing the Password Changing the Password You can assign the password of your switch in the following ways: Note • Using the setup program, as described in the release notes • Manually assigning a password, as described in this section You can change a password only by using the CLI. Your connection with the switch ends when you change the enable secret password. You will then need to reopen the session with the new password.
Chapter 6 Configuring the System Changing the Password You can specify a level, set a password, and give the password only to users who need to have access at this level. Use the privilege level global configuration command to specify commands accessible at various levels. Note You need an enable secret password with a privilege level 15 to access CMS.
Chapter 6 Configuring the System Setting the System Date and Time Setting the System Date and Time You can change the date and a 24-hour clock time setting on the switch. If you are entering the time for an American time zone, enter the three-letter abbreviation for the time zone, such as PST for Pacific standard time. If you are identifying the time zone by referring to Greenwich mean time, enter UTC (universal coordinated time).
Chapter 6 Configuring the System Configuring SNMP Enabling NTP Authentication To ensure the validity of information received from NTP servers, you can authenticate NTP messages with public-key encryption. This procedure must be coordinated with the administrator of the NTP servers: the information you enter will be matched by the servers to authenticate it.
Chapter 6 Configuring the System Configuring SNMP Entering Community Strings Community strings serve as passwords for SNMP messages, permitting access to the agent on the switch. If you are entering community strings for a cluster member, see the “SNMP Community Strings” section on page 5-10. You can enter community strings with the following characteristics: Read-only (RO)—Requests accompanied by the string can display MIB-object information.
Chapter 6 Configuring the System Configuring SNMP Catalyst 1900 and Catalyst 2820 switches support up to four trap managers. When you configure community strings for these switches, limit the string length to 32 characters. When configuring traps on these switches, you cannot configure individual trap managers to receive specific traps. Table 6-3 describes the Catalyst 1900 and Catalyst 2820 switch traps.
Chapter 6 Configuring the System Configuring SNMP Beginning in privileged EXEC mode, follow these steps to add a trap manager and a community string: Command Purpose Step 1 config terminal Enter global configuration mode. Step 2 snmp-server host 172.2.128.263 traps1 snmp vlan-membership Enter the trap manager IP address, the community string, and the traps to generate. Step 3 end Return to privileged EXEC mode.
Chapter 6 Configuring the System Configuring CDP Configuring CDP Use the Cisco IOS CLI and Cisco Discovery Protocol (CDP) to enable CDP for the switch, set global CDP parameters, and display information about neighboring Cisco devices. CDP enables the Cluster Management Suite to display a graphical view of the network.
Chapter 6 Configuring the System Configuring CDP Figure 6-4 Discovering Cluster Candidates through CDP Undisclosed device displays as edge device Cluster command switch Catalyst 5000 series (CDP device that does not support clustering) Up to 7 hops from command switch 33019 3 hops from command switch Beginning in privileged EXEC mode, follow these steps to configure the number of hops that CDP uses to discover candidate switches and cluster members.
Chapter 6 Configuring the System Configuring STP Configuring STP Spanning Tree Protocol (STP) provides path redundancy while preventing undesirable loops in the network. Only one active path can exist between any two stations. STP calculates the best loop-free path throughout the network. Supported STP Instances You create an STP instance when you assign an interface to a VLAN. The STP instance is removed when the last interface is moved to another VLAN.
Chapter 6 Configuring the System Configuring STP switches in the VLAN; however, if you are running STP only on a minimal set of switches, an incautious change to the network that introduces another loop into the VLAN can result in a broadcast storm. Note If you have the default allowed list on the trunk ports of that switch, the new VLAN is carried on all trunk ports.
Chapter 6 Configuring the System Configuring STP Beginning in privileged EXEC mode, follow these steps to disable STP: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 no spanning-tree vlan stp-list Disable STP on a VLAN. Step 3 end Return to privileged EXEC mode. Step 4 show spanning-tree Verify your entry. Accelerating Aging to Retain Connectivity The default for aging dynamic addresses is 5 minutes.
Chapter 6 Configuring the System Configuring STP Table 6-4 Figure 6-5 Default and Acceptable STP Parameter Settings (in Seconds) STP Parameter STP Default (IEEE) Acceptable for Option 1 Acceptable for Option 2 Acceptable for Option 3 Hello Time 2 1 1 1 Max Age 20 6 10 6 Forwarding delay 15 4 7 4 Gigabit Ethernet Clusters Catalyst 5000 series switch Catalyst 2900 and 3500 XL switches Catalyst 2900 and 3500 XL switches Catalyst 5000 series/ 6000 backbone Layer 3 backbone Cisco 7
Chapter 6 Configuring the System Configuring STP Configuring Redundant Links By Using STP UplinkFast Switches in hierarchical networks can be grouped into backbone switches, distribution switches, and access switches. Figure 6-6 shows a complex network where distribution switches and access switches each have at least one redundant link that STP blocks to prevent loops. If a switch looses connectivity, the switch begins using the alternate paths as soon as STP selects a new root port.
Chapter 6 Configuring the System Configuring STP Figure 6-6 Switches in a Hierarchical Network Backbone switches Root bridge 3500 XL 3500 XL Distribution switches 2900 XL Active link 2900 XL 2900 XL 2900 XL 2900 XL 2900 XL 22037 2900 XL Access switches Blocked link Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78-6511-05 6-29
Chapter 6 Configuring the System Configuring STP Enabling STP UplinkFast When you enable UplinkFast, it is enabled for the entire switch and cannot be enabled for individual VLANs. Beginning in privileged EXEC mode, follow these steps to configure UplinkFast: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree uplinkfast max-update-rate pkts-per-second Enable UplinkFast on the switch. The range is from 0 to 1000 packets per second. The default is 150.
Chapter 6 Configuring the System Configuring STP Configuring Cross-Stack UplinkFast Cross-stack UplinkFast (CSUF) provides a fast spanning-tree transition (fast convergence in less than 2 seconds under normal network conditions) across a stack of switches that use the GigaStack GBICs connected in a shared cascaded configuration (multidrop backbone).
Chapter 6 Configuring the System Configuring STP Figure 6-7 Cross-Stack UplinkFast Topology Backbone Spanning tree root Fwd Fwd Link A (Root link) Link B (Alternate redundant link) Link C (Alternate redundant link) 100 or 1000 Mbps 100 or 1000 Mbps 100 or 1000 Mbps Stack root port Alternate stack root port Alternate stack root port Stack port Switch B Stack port Switch C Stack port 47572 Switch A Fwd Multidrop backbone (GigaStack GBIC connections) CSUF implements the Stack Membership D
Chapter 6 Configuring the System Configuring STP The switch sending the fast-transition request needs to do a fast transition to the forwarding state of a port that it has chosen as the root port, and it must obtain an acknowledgement from each stack switch before performing the fast transition. Each switch in the stack determines if the sending switch is a better choice than itself to be the stack root of this STP instance by comparing STP root, cost, and bridge ID.
Chapter 6 Configuring the System Configuring STP • Note A network reconfiguration causes a new port on the current stack root switch to be chosen as the stack root port. The fast transition might not occur if multiple events occur simultaneously. For example, if a stack member switch is powered down, and at the same time, a link connecting the stack root to the STP root comes back up, the normal STP convergence occurs.
Chapter 6 Configuring the System Configuring STP Limitations The following limitations apply to CSUF: • CSUF uses the Gigastack GBIC and runs on all Catalyst 3500 XL switches but only on modular Catalyst 2900 XL switches. • Up to nine stack switches can be connected through their stack ports to the multidrop backbone. Only one stack port per switch is supported. • Each stack switch can be connected to the STP backbone through one uplink. • Up to 64 VLANs are supported.
Chapter 6 Configuring the System Configuring STP Figure 6-8 GigaStack GBIC Connections and STP Convergence GigaStack GBIC connection for fast convergence Catalyst 3524 XL 1 2 3 4 5 6 7 8 9 10 11 12 1X Catalyst 3508G XL 13 14 11X 15 16 17 18 19 20 21 22 Catalyst 3500 23 24 13X Catalyst 3500 XL 1 UTIL 3 2 1 2 5 4 7 6 8 SYSTEM RPS RPS MODE XL 15X SYSTEM STATUS STATUS MODE 2X 12X 14X 16X UTIL 2 1 DUPLX SPEED Catalyst 2924M XL Catalyst 3508G XL Catalyst 29
Chapter 6 Configuring the System Configuring STP Configuring Cross-Stack UplinkFast Before enabling CSUF, make sure your stack switches are properly connected. For more information, see the “Connecting the Stack Ports” section on page 6-35. Beginning in privileged EXEC mode, follow these steps to enable CSUF: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree uplinkfast [max-update-rate pkts-per-second] Enable UplinkFast on the switch.
Chapter 6 Configuring the System Configuring STP Changing the STP Parameters for a VLAN The root switch for each VLAN is the switch with the highest priority and transmits topology frames to other switches in the spanning tree. You can change the root parameters for the VLANs on a selected switch. The following options define how your switch responds when STP reconfigures itself. Protocol Implementation of STP to use: IBM or IEEE. The default is IEEE.
Chapter 6 Configuring the System Configuring STP Changing the STP Implementation Beginning in privileged EXEC mode, follow these steps to change the STP implementation. The stp-list is the list of VLANs to which the STP command applies. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree [vlan stp-list] protocol {ieee | ibm} Specify the STP implementation to be used for a spanning-tree instance. Step 3 end Return to privileged EXEC mode.
Chapter 6 Configuring the System Configuring STP Changing the BPDU Message Interval Beginning in privileged EXEC mode, follow these steps to change the BPDU message interval (max age time). The stp-list is the list of VLANs to which the STP command applies. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree [vlan stp-list] max-age seconds Specify the interval between messages the spanning tree receives from the root switch.
Chapter 6 Configuring the System Configuring STP Changing the Forwarding Delay Time Beginning in privileged EXEC mode, follow these steps to change the forwarding delay time. The stp-list is the list of VLANs to which the STP command applies. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree [vlan stp-list] forward-time seconds Specify the forwarding time for the specified spanning-tree instance.
Chapter 6 Configuring the System Configuring STP Enabling the Port Fast Feature The Port Fast feature brings a port directly from a blocking state into a forwarding state. This feature is useful when a connected server or workstation times out because its port is going through the normal cycle of STP status changes. A port with Port Fast enabled only goes through the normal cycle of STP status changes when the switch is restarted.
Chapter 6 Configuring the System Configuring STP Changing the Path Cost Beginning in privileged EXEC mode, follow these steps to change the path cost for STP calculations. The STP command applies to the stp-list. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to be configured. Step 3 spanning-tree [vlan stp-list] cost cost Configure the path cost for the specified spanning-tree instance.
Chapter 6 Configuring the System Configuring STP Configuring STP Root Guard The Layer 2 network of a service provider (SP) can include many connections to switches that are not owned by the SP. In such a topology, STP can reconfigure itself and select a customer switch as the STP root switch, as shown in Figure 6-9. You can avoid this situation by configuring the root-guard feature on interfaces that connect to switches outside of your customer’s network.
Chapter 6 Configuring the System Managing the ARP Table Root guard enabled on a port applies to all the VLANs that the port belongs to. Each VLAN has its own instance of STP. Beginning in privileged EXEC mode, follow these steps to set root guard on a port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to be configured. Step 3 spanning-tree rootguard Enable root guard on the port.
Chapter 6 Configuring the System Controlling IP Multicast Packets through CGMP For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures. Controlling IP Multicast Packets through CGMP CGMP reduces the unnecessary flooding of IP multicast packets by limiting the transmission of these packets to CGMP clients that request them. The Fast Leave feature accelerates the removal of unused CGMP groups.
Chapter 6 Configuring the System Controlling IP Multicast Packets through CGMP Enabling the Fast Leave Feature The CGMP Fast Leave feature reduces the delay when group members leave groups. When an end station requests to leave a CGMP group, the group remains enabled for that VLAN until all members have requested to leave. With the Fast Leave feature enabled, the switch immediately verifies if there are other group members attached to its ports.
Chapter 6 Configuring the System Controlling IP Multicast Packets through CGMP Changing the CGMP Router Hold-Time The router hold-time is the number of seconds the switch waits before removing (aging) a router entry and ceasing to exchange messages with the router. If it is the last router entry in a VLAN, all CGMP groups on that VLAN are removed. You can thus enter a lower router hold-time to accelerate the removal of CGMP groups.
Chapter 6 Configuring the System Configuring MVR Configuring MVR Multicast VLAN Registration (MVR) is designed for applications using wide-scale deployment of multicast traffic (for example, broadcast of multiple television channels) across an Ethernet ring-based service provider network. MVR allows a subscriber on a port to subscribe and unsubscribe to a multicast stream on the network-wide multicast VLAN.
Chapter 6 Configuring the System Configuring MVR set-top box in the VLAN still subscribing to this group, that set-top box must respond within the maximum response time. If the CPU does not receive a response, it eliminates the receiver port as a forwarding destination for this group.
Chapter 6 Configuring the System Configuring MVR MVR eliminates the need to duplicate television-channel multicast traffic for subscribers in each VLAN. Multicast traffic for all channels is sent only once around the VLAN trunk—only on the multicast VLAN. Although the IGMP leave and join messages originate with a subscriber, they appear to be initiated by a port in the multicast VLAN rather than in the VLAN to which the subscriber port is assigned.
Chapter 6 Configuring the System Configuring MVR c. The maximum number of mvr entries is determined by the switch hardware. Each MVR group represents a TV channel. d. Enter the mvr command to enable MVR. You do not need to reconfigure the MVR groups. The switch uses the MVR groups when you re-enable MVR. • Each channel is one multicast stream destined for a unique IP multicast address. • Make sure the router is statically configured to forward multicast traffic for the MVR groups to the switch.
Chapter 6 Configuring the System Configuring MVR Setting MVR Parameters You do not need to set MVR parameters if you choose to use the default settings. If you do want to change the default parameters, you must do so before enabling MVR. Beginning in privileged EXEC mode, follow these steps to configure MVR parameters: Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 6 Configuring the System Configuring MVR Configuring MVR Beginning in privileged EXEC mode, follow these steps to configure MVR: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 mvr Enable MVR on the switch. Step 3 mvr group ip-address [count] Configure an IP multicast address on the switch or use the count parameter to configure a contiguous series of IP addresses.
Chapter 6 Configuring the System Configuring MVR Step 6 Command Purpose mvr immediate (Optional) Enables the Immediate Leave feature of MVR on the port. Note This command applies only to receiver ports and should only be enabled on receiver ports to which a single receiver device is connected. Step 7 end Exit configuration mode. Step 8 show mvr show mvr interface show mvr members Verify the configuration. Step 9 copy running-config startup-config Save your configuration changes to NVRAM.
Chapter 6 Configuring the System Managing the MAC Address Tables Managing the MAC Address Tables You can manage the MAC address tables that the switch uses to forward traffic between ports. All MAC addresses in the address tables are associated with one or more ports. These MAC tables include the following types of addresses: • Dynamic address: a source MAC address that the switch learns and then drops when it is not in use.
Chapter 6 Configuring the System Managing the MAC Address Tables Changing the Address Aging Time Dynamic addresses are source MAC addresses that the switch learns and then drops when they are not in use. The aging time parameter defines how long the switch retains unseen addresses in the table. This parameter applies to all VLANs. Setting too short an aging time can cause addresses to be prematurely removed from the table.
Chapter 6 Configuring the System Managing the MAC Address Tables Removing Dynamic Address Entries Beginning in privileged EXEC mode, follow these steps to remove a dynamic address entry: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 no mac-address-table dynamic Enter the MAC address to be removed from dynamic MAC hw-addr address table. Step 3 end Return to privileged EXEC mode. Step 4 show mac-address-table Verify your entry.
Chapter 6 Configuring the System Managing the MAC Address Tables Removing Secure Addresses Beginning in privileged EXEC mode, follow these steps to remove a secure address: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 no mac-address-table secure hw-addr vlan vlan-id Enter the secure MAC address, its associated port, and the VLAN ID to be removed. Step 3 end Return to privileged EXEC mode. Step 4 show mac-address-table secure Verify your entry.
Chapter 6 Configuring the System Managing the MAC Address Tables Note If the in-port-list and out-port-list parameters are all access ports in a single VLAN, you can omit the VLAN ID. In this case, the switch recognizes the VLAN as that associated with the in-port VLAN. Otherwise, you must supply the VLAN ID. Beginning in privileged EXEC mode, follow these steps to add a static address: Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 6 Configuring the System Configuring TACACS+ Configuring Static Addresses for EtherChannel Port Groups Follow these rules if you are configuring a static address to forward to ports in an EtherChannel port group: • For default source-based port groups, configure the static address to forward to all ports in the port group to eliminate lost packets.
Chapter 6 Configuring the System Configuring TACACS+ The TACACS+ feature is disabled by default. However, you can enable and configure it by using the CLI. You can access the CLI through the console port or through Telnet. To prevent a lapse in security, you cannot configure TACACS+ through a network-management application. When enabled, TACACS+ can authenticate users accessing the switch through the CLI.
Chapter 6 Configuring the System Configuring TACACS+ Beginning in privileged EXEC mode, follow these steps to configure the TACACS+ server: Step 1 Step 2 Command Purpose tacacs-server host name [timeout integer] [key string] Define a TACACS+ host. tacacs-server retransmit retries Enter the number of times the server searches the list of TACACS+ servers before stopping.
Chapter 6 Configuring the System Configuring TACACS+ Configuring Login Authentication Beginning in privileged EXEC mode, follow these steps to configure login authentication by using AAA/TACACS+: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA/TACACS+. Step 3 aaa authentication login {default | list-name} method1 [method2...] Enable authentication at login, and create one or more lists of authentication methods.
Chapter 6 Configuring the System Configuring TACACS+ To create a default list that is used if no list is specified in the login authentication line configuration command, use the default keyword followed by the methods you want used in default situations. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To specify that the authentication succeed even if all methods return an error, specify none as the final method in the command line.
Chapter 6 Configuring the System Configuring TACACS+ Beginning in privileged EXEC mode, follow these steps to specify TACACS+ authorization for EXEC access and network services: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa authorization network tacacs+ Configure the switch for user TACACS+ authorization for all network-related service requests, including SLIP, PPP NCPs, and ARA protocols.
Chapter 6 Configuring the System Configuring TACACS+ Configuring a Switch for Local AAA You can configure AAA to operate without a server by setting the switch to implement AAA in local mode. The switch then verifies authentication and authorization. No accounting is available in this configuration. Beginning in privileged EXEC mode, follow these steps to configure the switch for local AAA: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA.
Chapter 6 Configuring the System Configuring TACACS+ Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 6-68 78-6511-05
C H A P T E R 7 Configuring the Switch Ports This chapter provides information about changing port configuration settings. It includes command-line interface (CLI) procedures for using commands that have been specifically created or changed for the Catalyst 2900 XL or Catalyst 3500 XL switches. For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference.
Chapter 7 Configuring the Switch Ports Changing the Port Speed and Duplex Mode Changing the Port Speed and Duplex Mode Caution Note If you reconfigure the port through which you are managing the switch, a Spanning Tree Protocol (STP) reconfiguration could cause a temporary loss of connectivity. The Ethernet link settings on the Long-Reach Ethernet (LRE) ports have special considerations and different default settings than from the 10/100 ports.
Chapter 7 Configuring the Switch Ports Changing the Port Speed and Duplex Mode Setting Speed and Duplex Parameters Beginning in privileged EXEC mode, follow these steps to set the speed and duplex parameters on a port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to be configured. Step 3 speed {10 | 100 | auto} Enter the speed parameter for the port.
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Configuring Flooding Controls You can use the following flooding techniques to block the forwarding of unnecessary flooded traffic: • Enable storm control for unicast, multicast, or broadcast packets • Block the forwarding of unicast and broadcast packets on a per-port basis • Flood all unknown packets to a network port (configured only by using CLI) Enabling Storm Control A packet storm occurs when a large number of broadcast, un
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls With the exception of the broadcast keyword, the following procedure could also be used to enable storm control for unicast or multicast packets. Beginning in privileged EXEC mode, follow these steps to enable broadcast-storm control. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to configure.
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Blocking Flooded Traffic on a Port By default, the switch floods packets with unknown destination MAC addresses to all ports. Some configurations do not require flooding. For example, a port that has only manually assigned addresses has no unknown destinations, and flooding serves no purpose. Therefore, you can disable the flooding of unicast and multicast packets on a per-port basis.
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Resuming Normal Forwarding on a Port Beginning in privileged EXEC mode, follow these steps to resume normal forwarding on a port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to configure. Step 3 no port block multicast Enable unknown multicast forwarding to the port.
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Beginning in privileged EXEC mode, follow these steps to define a network port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to be configured. Step 3 port network Define the port as the network port. Step 4 end Return to privileged EXEC mode. Step 5 show running-config Verify your entry.
Chapter 7 Configuring the Switch Ports Configuring UniDirectional Link Detection Configuring UniDirectional Link Detection UniDirectional Link Detection (UDLD) is a Layer 2 protocol that detects and shuts down unidirectional links. You can configure UDLD on the entire switch or on an individual port. Use the udld reset command to reset all ports that have been shut down by UDLD.
Chapter 7 Configuring the Switch Ports Creating EtherChannel Port Groups Creating EtherChannel Port Groups Fast EtherChannel (FEC) and Gigabit EtherChannel port groups act as single, logical ports for high-bandwidth connections between switches or between switches and servers. Note You can create port groups of either Gigabit Ethernet ports or 100BASE-TX ports, but you cannot create a port group that has both port speeds.
Chapter 7 Configuring the Switch Ports Creating EtherChannel Port Groups In Figure 7-1, a port group of two workstations communicates with a router. Because the router is a single-MAC-address device, source-based forwarding ensures that the switch uses all available bandwidth to the router. The router is configured for destination-based forwarding because the large number of stations ensures that the traffic is evenly distributed through the port-group ports on the router.
Chapter 7 Configuring the Switch Ports Creating EtherChannel Port Groups Creating EtherChannel Port Groups Beginning in privileged EXEC mode, follow these steps to create a two-port group: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port of the first port to be added to the group. Step 3 port group 1 distribution destination Assign the port to group 1 with destination-based forwarding.
Chapter 7 Configuring the Switch Ports Configuring Protected Ports Configuring Protected Ports Some applications require that no traffic be forwarded by the Layer 2 protocol between ports on the same switch. In such an environment, there is no exchange of unicast, broadcast, or multicast traffic between ports on the switch, and traffic between ports on the same switch is forwarded through a Layer 3 device such as a router.
Chapter 7 Configuring the Switch Ports Enabling Port Security Enabling Port Security Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the group of addresses you have defined. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port.
Chapter 7 Configuring the Switch Ports Enabling Port Security Defining the Maximum Secure Address Count A secure port can have from 1 to 132 associated secure addresses. Setting one address in the MAC address table for the port ensures that the attached device has the full bandwidth of the port. Enabling Port Security Beginning in privileged EXEC mode, follow these steps to enable port security. Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 7 Configuring the Switch Ports Enabling Port Security Enabling SPAN You can use Switch Port Analyzer (SPAN) to monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. A SPAN port cannot monitor ports in a different VLAN, and a SPAN port must be a static-access port. You can define any number of ports as SPAN ports, and any combination of ports can be monitored.
Chapter 7 Configuring the Switch Ports Configuring Voice Ports Configuring Voice Ports The Catalyst 2900 XL and Catalyst 3500 XL switches can connect to a Cisco 7960 IP Phone and carry IP voice traffic. If necessary, the Catalyst 3524-PWR XL can supply electrical power to the circuit connecting it to the Cisco 7960 IP Phone. Because the sound quality of an IP telephone call can deteriorate if the data is unevenly transmitted, this release of IOS supports quality of service (QoS) based on IEEE 802.
Chapter 7 Configuring the Switch Ports Configuring Voice Ports Preparing a Port for a Cisco 7960 IP Phone Connection Before you configure a Catalyst 3524-PWR XL port to carry IP voice traffic, configure the port as an 802.1Q trunk and as a member of the voice VLAN (VVID). See the “Configuring a Trunk Port” section on page 8-38 for instructions.
Chapter 7 Configuring the Switch Ports Configuring Voice Ports Overriding the CoS Priority of Incoming Frames A PC or other data device can connect to a Cisco 7960 IP Phone port. The PC can generate packets with an assigned CoS value. If you want, you can use the Catalyst 3524-PWR XL CLI to override the priority of frames arriving on the phone port from connected devices. You can also set the phone port to accept (trust) the priority of frames arriving on the port.
Chapter 7 Configuring the Switch Ports Configuring Voice Ports Configuring Voice Ports to Carry Voice and Data Traffic on Different VLANs The Cisco 7960 IP Phone has an integrated three-port 10/100 switch that can connect to a PC or other device. You can configure a switch port to instruct the phone to forward voice and data traffic on different virtual LANs (VLANs). In the following configuration, VLAN 1 carries data traffic, and VLAN 2 carries voice traffic.
Chapter 7 Configuring the Switch Ports Configuring Inline Power on the Catalyst 3524-PWR Ports Configuring Inline Power on the Catalyst 3524-PWR Ports The Catalyst 3524-PWR XL can supply inline power to the Cisco 7960 IP Phone, if necessary. The Cisco 7960 IP Phone can also be connected to an AC power source and supply its own power to the voice circuit. When the Cisco 7960 IP Phone supplies its own power, any Catalyst 2900 XL or Catalyst 3500 XL can forward IP voice traffic to and from the phone.
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Configuring the LRE Ports The Catalyst 2900 LRE XL switches use Long-Reach Ethernet (LRE) technology to transfer data and voice traffic over existing standard telephone lines. Connecting a switch LRE switch port to a remote Ethernet device requires two types of connections: • LRE link—This is the connection between the switch LRE port and the WALL port on the Cisco 575 LRE customer premises equipment (CPE).
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Bandwidth within the LRE link is controlled by the switch by using configurations called profiles. An LRE profile configures the upstream and downstream rates on the LRE link. Depending on the profile, the upstream and downstream bands on an LRE link can be approximately 5, 10, or 15 Mbps. You can assign profiles on a per-port or switch-wide basis.
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Note Use the rates and distances in Table 7-1 as guidelines only. Factors such as the type of cable you use, how it is bundled, and the interference and noise on the LRE link can affect the actual LRE link performance. Contact Cisco Systems for information about limitations and optimization of LRE link performance.
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports A configuration conflict occurs if a switch cluster has LRE switches using both private and public profiles. If one LRE switch in a cluster is assigned a public profile, all LRE switches in that cluster must have that same public profile. Before you add an LRE switch to a cluster, make sure that you assign it the same public profile used by other LRE switches in the cluster.
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Note • Enable CDP either globally on the LRE switch or on the specific LRE ports. • The switch 10/100 port defaults are not the same as the defaults for the Ethernet link on the LRE ports. We recommend that you use the lre shutdown interface configuration command to disable the LRE chipset transmitter on any LRE ports that are not connected to a CPE.
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Assigning a Public Profile to All LRE Ports Public profiles are set on a switch-wide (global) basis. The public profile you select should be compatible with the PSTN to which the LRE switch is connected. Public profiles have priority over private profiles. If you assign a public profile to the switch, the switch ignores the private profile settings and uses the public profile settings on all LRE ports.
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Assigning a Private Profile to an LRE Port Private profiles are set on a per-port basis. You can assign the same private profile or different private profiles to the LRE ports on the switch. The default active private profile on all LRE ports is LRE-10. The switch resets the ports with the updated profile settings.
C H A P T E R 8 Configuring VLANs This chapter provides information about configuring virtual LANs (VLANs). It includes command-line interface (CLI) procedures for using commands that have been specifically created or changed for the Catalyst 2900 XL or Catalyst 3500 XL switches. For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference. Note Certain port features can conflict with one another.
Chapter 8 Configuring VLANs Overview Overview A virtual LAN (VLAN) is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to stations in the VLAN.
Chapter 8 Configuring VLANs Overview Table 8-1 lists the number of supported VLANs on the switches. Table 8-1 Maximum Number of Supported VLANs Number of Supported VLANs Trunking Supported? Catalyst 2912 XL, Catalyst 2924 XL, and Catalyst 2924C XL switches 64 Yes Catalyst 2900 LRE XL switches 250 Yes Catalyst 2912M and Catalyst 2924M modular switches 250 Yes Catalyst 3500 XL switches 250 Yes Switch The switches in Table 8-1 support both Inter-Switch Link (ISL) and IEEE 802.
Chapter 8 Configuring VLANs Management VLANs Management VLANs Communication with the switch management interfaces is through the switch IP address. The IP address is associated with the management VLAN, which by default is VLAN 1. The management VLAN has the following characteristics: • It is created from CMS or through the CLI on static-access, multi-VLAN, and dynamic-access and trunk ports. You cannot create or remove the management VLAN through Simple Network Management Protocol (SNMP).
Chapter 8 Configuring VLANs Management VLANs Changing the Management VLAN for a New Switch If you add a new switch to an existing cluster and the cluster is using a management VLAN other than the default VLAN 1, the command switch automatically senses that the new switch has a different management VLAN and has not been configured. The command switch issues commands to change the management VLAN on the new switch to match the one in use by the cluster.
Chapter 8 Configuring VLANs Management VLANs Changing the Management VLAN Through a Telnet Connection Before you start, review the “Management VLANs” section on page 8-4. Beginning in privileged EXEC mode on the command switch, follow these steps to configure the management VLAN interface through a Telnet connection: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 cluster management-vlan vlanid Change the management VLAN for the cluster.
Chapter 8 Configuring VLANs Assigning VLAN Port Membership Modes Assigning VLAN Port Membership Modes You configure a port to belong to a VLAN by assigning a membership mode that determines the kind of traffic the port carries and the number of VLANs it can belong to. Table 8-2 lists the membership modes and characteristics. Table 8-2 Port Membership Modes Membership Mode VLAN Membership Characteristics Static-access A static-access port can belong to one VLAN and is manually assigned.
Chapter 8 Configuring VLANs Assigning VLAN Port Membership Modes When a port belongs to a VLAN, the switch learns and manages the addresses associated with the port on a per-VLAN basis. For more information, see the “Managing the MAC Address Tables” section on page 6-56. VLAN Membership Combinations You can configure your switch ports in various VLAN membership combinations as listed in Table 8-3.
Chapter 8 Configuring VLANs Assigning VLAN Port Membership Modes Table 8-3 VLAN Combinations (continued) Port Mode VTP Required? Configuration Procedure Comments Static-access and trunk ports Recommended “Configuring VTP Server Mode” section on page 8-21 You can configure at least one trunk port on the switch and make sure that this trunk port is connected to the trunk port of a second switch.
Chapter 8 Configuring VLANs Assigning Static-Access Ports to a VLAN Assigning Static-Access Ports to a VLAN By default, all ports are static-access ports assigned to the management VLAN, VLAN 1. You can assign a static-access port to a VLAN without having VTP globally propagate VLAN configuration information (VTP is disabled). Configuring the switch for VTP transparent mode disables VTP.
Chapter 8 Configuring VLANs Overlapping VLANs and Multi-VLAN Ports Overlapping VLANs and Multi-VLAN Ports A multi-VLAN port connected to a router can link two or more VLANs. Intra-VLAN traffic stays within the boundaries of the respective VLANs as shown in Figure 8-2. Connectivity between VLANs is through the router connected to the multi-VLAN port. A multi-VLAN port performs normal switching functions in all its assigned VLANs.
Chapter 8 Configuring VLANs Using VTP Beginning in privileged EXEC mode, follow these steps to assign ports for multi-VLAN membership: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to be added to the VLAN. Step 3 switchport mode multi Enter the VLAN membership mode for multi-VLAN ports. Step 4 switchport multi vlan vlan-list Assign the port to more than one VLAN.
Chapter 8 Configuring VLANs Using VTP The VTP Domain A VTP domain (also called a VLAN management domain) consists of one switch or several interconnected switches under the same administrative responsibility. A switch can be in only one VTP domain. You make global VLAN configuration changes for the domain by using the CLI, Cluster Management software, or SNMP.
Chapter 8 Configuring VLANs Using VTP VTP Modes and Mode Transitions You can configure a supported switch to be in one of the VTP modes listed in Table 8-4. Table 8-4 VTP Modes VTP Mode Description VTP server In this mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version) for the entire VTP domain.
Chapter 8 Configuring VLANs Using VTP Two configurations can cause a switch to automatically change its VTP mode: • When the network is configured with more than the maximum 250 VLANs (some models support a maximum of 64 VLANs), the switch automatically changes from VTP server or client mode to VTP transparent mode. The switch then operates with the VLAN configuration that preceded the one that sent it into transparent mode.
Chapter 8 Configuring VLANs Using VTP VTP advertisements distribute the following VLAN information for each configured VLAN: • VLAN ID • VLAN name • VLAN type • VLAN state • Additional VLAN configuration information specific to the VLAN type VTP Version 2 VTP version 2 supports the following features not supported in version 1: • Token Ring support—VTP version 2 supports Token Ring LAN switching and VLANs (Token Ring Bridge Relay Function [TrBRF] and Token Ring Concentrator Relay Function [TrC
Chapter 8 Configuring VLANs Using VTP VTP Pruning Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list.
Chapter 8 Configuring VLANs Using VTP VTP Configuration Guidelines The following sections describe the guidelines you should follow when configuring the VTP domain name and password and the VTP version number. Domain Names When configuring VTP for the first time, you must always assign a domain name. All switches in the VTP domain must also be configured with the same domain name.
Chapter 8 Configuring VLANs Using VTP Upgrading from Previous Software Releases When you upgrade from a software version that supports VLANs but does not support VTP, such as Cisco IOS Release 11.2(8)SA3, to a version that does support VTP, ports that belong to a VLAN retain their VLAN membership, and VTP enters transparent mode. The domain name becomes UPGRADE, and VTP does not propagate the VLAN configuration to other switches.
Chapter 8 Configuring VLANs Using VTP Default VTP Configuration Table 8-5 shows the default VTP configuration. Table 8-5 VTP Default Configuration Feature Default Value VTP domain name Null. VTP mode Server. VTP version 2 enable state Version 2 is disabled. VTP password None. VTP pruning Disabled. Configuring VTP You can configure VTP through the CLI by entering commands in the VLAN database command mode.
Chapter 8 Configuring VLANs Using VTP Configuring VTP Server Mode When a switch is in VTP server mode, you can change the VLAN configuration and have it propagated throughout the network. Beginning in privileged EXEC mode, follow these steps to configure the switch for VTP server mode: Command Purpose Step 1 vlan database Enter VLAN database mode. Step 2 vtp domain domain-name Configure a VTP administrative-domain name. The name can be from 1 to 32 characters.
Chapter 8 Configuring VLANs Using VTP Configuring VTP Client Mode When a switch is in VTP client mode, you cannot change its VLAN configuration. The client switch receives VTP updates from a VTP server in the VTP domain and then modifies its configuration accordingly. Caution Do not configure a VTP domain name if all switches are operating in VTP client mode. If you do so, it is impossible to make changes to the VLAN configuration of that domain.
Chapter 8 Configuring VLANs Using VTP Disabling VTP (VTP Transparent Mode) When you configure the switch for VTP transparent mode, you disable VTP on the switch. The switch then does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch does forward received VTP advertisements on all of its trunk links.
Chapter 8 Configuring VLANs Using VTP Enabling VTP Version 2 VTP version 2 is disabled by default on VTP version 2-capable switches. When you enable VTP version 2 on a switch, every VTP version 2-capable switch in the VTP domain enables version 2. Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2.
Chapter 8 Configuring VLANs Using VTP Disabling VTP Version 2 Beginning in privileged EXEC mode, follow these steps to disable VTP version 2: Command Purpose Step 1 vlan database Enter VLAN configuration mode. Step 2 no vtp v2-mode Disable VTP version 2. Step 3 exit Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode. Step 4 show vtp status Verify that VTP version 2 is disabled. In the display, check the VTP V2 Mode field.
Chapter 8 Configuring VLANs Using VTP Beginning in privileged EXEC mode, follow these steps to enable VTP pruning: Command Purpose Step 1 vlan database Enter VLAN configuration mode. Step 2 vtp pruning Enable pruning in the VTP administrative domain. By default, pruning is disabled. You only need to enable pruning on one switch in VTP server mode. Step 3 exit Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.
Chapter 8 Configuring VLANs VLANs in the VTP Database VLANs in the VTP Database You can set the following parameters when you add a new VLAN to or modify an existing VLAN in the VTP database: • VLAN ID • VLAN name • VLAN type (Ethernet, Fiber Distributed Data Interface [FDDI], FDDI network entity title [NET], TrBRF or TrCRF, Token Ring, Token Ring-Net) • VLAN state (active or suspended) • Maximum transmission unit (MTU) for the VLAN • Security Association Identifier (SAID) • Bridge identifica
Chapter 8 Configuring VLANs VLANs in the VTP Database VLAN Configuration Guidelines Follow these guidelines when creating and modifying VLANs in your network: • A maximum of 250 VLANs can be active on supported switches, but some models only support 64 VLANs. If VTP reports that there are 254 active VLANs, 4 of the active VLANs (1002 to 1005) are reserved for Token Ring and FDDI. • Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode.
Chapter 8 Configuring VLANs VLANs in the VTP Database Table 8-6 Ethernet VLAN Defaults and Ranges Parameter Default Range VLAN ID 1 1–1005 VLAN name VLANxxxx, where xxxx is the VLAN ID No range 802.
Chapter 8 Configuring VLANs VLANs in the VTP Database Table 8-8 FDDI-Net VLAN Defaults and Ranges Parameter Default Range VLAN ID 1004 1–1005 VLAN name VLANxxxx, where xxxx is the VLAN ID No range 802.
Chapter 8 Configuring VLANs VLANs in the VTP Database Table 8-10 Token Ring (TrCRF) VLAN Defaults and Ranges Parameter Default Range VLAN ID 1003 1–1005 VLAN name VLANxxxx, where xxxx is the VLAN ID No range 802.
Chapter 8 Configuring VLANs VLANs in the VTP Database Configuring VLANs in the VTP Database You use the CLI vlan database VLAN database command to add, change, and delete VLANs. In VTP server or transparent mode, commands to add, change, and delete VLANs are written to the file vlan.dat, and you can display them by entering the privileged EXEC show vlan command. The vlan.dat file is stored in nonvolatile memory. The vlan.
Chapter 8 Configuring VLANs VLANs in the VTP Database Adding a VLAN Each VLAN has a unique, 4-digit ID that can be a number from 1 to 1001. To add a VLAN to the VLAN database, assign a number and name to the VLAN. For the list of default parameters that are assigned when you add a VLAN, see the “Default VLAN Configuration” section on page 8-28. If you do not specify the VLAN media type, the VLAN is an Ethernet VLAN.
Chapter 8 Configuring VLANs VLANs in the VTP Database Modifying a VLAN Beginning in privileged EXEC mode, follow these steps to modify an Ethernet VLAN: Command Purpose Step 1 vlan database Enter VLAN configuration mode. Step 2 vlan vlan-id mtu mtu-size Identify the VLAN, and change the MTU size. Step 3 exit Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode. Step 4 show vlan vlan-id Verify the VLAN configuration.
Chapter 8 Configuring VLANs VLANs in the VTP Database Beginning in privileged EXEC mode, follow these steps to delete a VLAN on the switch: Command Purpose Step 1 vlan database Enter VLAN configuration mode. Step 2 no vlan vlan-id Remove the VLAN by using the VLAN ID. Step 3 exit Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode. Step 4 show vlan brief Verify the VLAN removal.
Chapter 8 Configuring VLANs How VLAN Trunks Work How VLAN Trunks Work A trunk is a point-to-point link that transmits and receives traffic between switches or between switches and routers. Trunks carry the traffic of multiple VLANs and can extend VLANs across an entire network. 100BASE-T and Gigabit Ethernet trunks use Cisco Inter-Switch Link (ISL), the default protocol, or industry-standard IEEE 802.1Q to carry traffic for multiple VLANs over a single link.
Chapter 8 Configuring VLANs How VLAN Trunks Work IEEE 802.1Q Configuration Considerations IEEE 802.1Q trunks impose some limitations on the trunking strategy for a network. The following restrictions apply when using 802.1Q trunks: • Make sure the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result. • Disabling STP on the native VLAN of an 802.
Chapter 8 Configuring VLANs How VLAN Trunks Work Table 8-11 Trunks Interacting with Other Features (continued) Switch Feature Trunk Port Interaction Blocking unicast The port block interface configuration command can be and multicast used to block the forwarding of unknown unicast and packets on a trunk multicast packets to VLANs on a trunk. However, if the trunk port is acting as a network port, unknown unicast packets cannot be blocked. Port grouping ISL and 802.
Chapter 8 Configuring VLANs How VLAN Trunks Work Beginning in privileged EXEC mode, follow these steps to configure a port as an ISL or 802.1Q trunk port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface_id Enter the interface configuration mode and the port to be configured for trunking. Step 3 switchport mode trunk Configure the port as a VLAN trunk.
Chapter 8 Configuring VLANs How VLAN Trunks Work Disabling a Trunk Port You can disable trunking on a port by returning it to its default static-access mode. Beginning in privileged EXEC mode, follow these steps to disable trunking on a port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface_id Enter the interface configuration mode and the port to be added to the VLAN.
Chapter 8 Configuring VLANs How VLAN Trunks Work Beginning in privileged EXEC mode, follow these steps to modify the allowed list of a ISL or 802.1Q trunk: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface_id Enter interface configuration mode and the port to be added to the VLAN. Step 3 switchport mode trunk Configure VLAN membership mode for trunks.
Chapter 8 Configuring VLANs How VLAN Trunks Work Changing the Pruning-Eligible List The pruning-eligible list applies only to trunk ports. Each trunk port has its own eligibility list. VTP Pruning must be enabled for the following procedure to take effect. The “Enabling VTP Pruning” section on page 8-25 describes how to enable VTP pruning.
Chapter 8 Configuring VLANs How VLAN Trunks Work Configuring the Native VLAN for Untagged Traffic A trunk port configured with 802.1Q tagging can receive both tagged and untagged traffic. By default, the switch forwards untagged traffic with the native VLAN configured for the port. The native VLAN is VLAN 1 by default. Note The native VLAN can be assigned any VLAN ID, and it is not dependent on the management VLAN. For information about 802.1Q configuration issues, see the “IEEE 802.
Chapter 8 Configuring VLANs Configuring 802.1p Class of Service Configuring 802.1p Class of Service The Catalyst 2900 XL and Catalyst 3500 XL switches provide quality of service (QoS)-based IEEE 802.1p class of service (CoS) values. QoS uses classification and scheduling to transmit network traffic from the switch in a predictable manner. QoS classifies frames by assigning priority-indexed CoS values to them and gives preference to higher-priority traffic such as telephone calls.
Chapter 8 Configuring VLANs Configuring 802.1p Class of Service Port Scheduling Each port on the switch has a single receive queue buffer (the ingress port) for incoming traffic. When an untagged frame arrives, it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS software. A tagged frame continues to use its assigned CoS value when it passes through the ingress port.
Chapter 8 Configuring VLANs Load Sharing Using STP Configuring the CoS Port Priorities Beginning in privileged EXEC mode, follow these steps to set the port priority for untagged (native) Ethernet frames: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter the interface to be configured. Step 3 switchport priority default default-priority-id Set the port priority on the interface.
Chapter 8 Configuring VLANs Load Sharing Using STP Load Sharing Using STP Port Priorities When two ports on the same switch form a loop, the STP port priority setting determines which port is enabled and which port is in standby mode. You can set the priorities on a parallel trunk port so that the port carries all the traffic for a given VLAN. The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN.
Chapter 8 Configuring VLANs Load Sharing Using STP Configuring STP Port Priorities and Load Sharing Beginning in privileged EXEC mode, follow these steps to configure the network shown in Figure 8-5: Command Purpose Step 1 vlan database On Switch 1, enter VLAN configuration mode. Step 2 vtp domain domain-name Configure a VTP administrative domain. The domain name can be from 1 to 32 characters. Step 3 vtp server Configure Switch 1 as the VTP server.
Chapter 8 Configuring VLANs Load Sharing Using STP Command Purpose Step 16 interface fa0/1 Enter interface configuration mode, and define the interface to set the STP port priority. Step 17 spanning-tree vlan 8 9 10 port-priority 10 Assign the port priority of 10 for VLANs 8, 9, and 10. Step 18 end Return to global configuration mode. Step 19 interface fa0/2 Enter interface configuration mode, and define the interface to set the STP port priority.
Chapter 8 Configuring VLANs Load Sharing Using STP Load Sharing Using STP Path Cost You can configure parallel trunks to share VLAN traffic by setting different path costs on a trunk and associating the path costs with different sets of VLANs. The VLANs keep the traffic separate; because no loops exist, STP does not disable the ports; and redundancy is maintained in the event of a lost link. In Figure 8-6, trunk ports 1 and 2 are 100BASE-T ports.
Chapter 8 Configuring VLANs Load Sharing Using STP Beginning in privileged EXEC mode, follow these steps to configure the network shown in Figure 8-6: Command Purpose Step 1 configure terminal Enter global configuration mode on Switch 1. Step 2 interface fa0/1 Enter interface configuration mode, and define Fa0/1 as the interface to be configured as a trunk. Step 3 switchport mode trunk Configure the port as a trunk port. The trunk defaults to ISL trunking.
Chapter 8 Configuring VLANs How the VMPS Works How the VMPS Works A switch running this software release acts as a client to the VLAN Membership Policy Server (VMPS) and communicates with it through the VLAN Query Protocol (VQP). When the VMPS receives a VQP request from a client switch, it searches its database for a MAC-address-to-VLAN mapping. The server response is based on this mapping and whether or not the server is in secure mode.
Chapter 8 Configuring VLANs How the VMPS Works Dynamic Port VLAN Membership A dynamic (nontrunking) port on the switch can belong to only one VLAN. When the link comes up, the switch does not forward traffic to or from this port until the VMPS provides the VLAN assignment. The VMPS receives the source MAC address from the first packet of a new host connected to the dynamic port and attempts to match the MAC address to a VLAN in the VMPS database.
Chapter 8 Configuring VLANs How the VMPS Works VMPS Database Configuration File The VMPS contains a database configuration file that you create. This ASCII text file is stored on a switch-accessible TFTP server that functions as a VMPS server. The file contains VMPS information, such as the domain name, the fall-back VLAN name, and the MAC address-to-VLAN mapping. A Catalyst 2900 XL or Catalyst 3500 XL switch running this software release cannot act as the VMPS.
Chapter 8 Configuring VLANs How the VMPS Works ! address vlan-name ! address 0012.2233.4455 vlan-name hardware address 0000.6509.a080 vlan-name hardware address aabb.ccdd.eeff vlan-name Green address 1223.5678.9abc vlan-name ExecStaff address fedc.ba98.7654 vlan-name --NONE-address fedc.ba23.1245 vlan-name Purple ! !Port Groups ! !vmps-port-group ! device { port | all-ports } ! vmps-port-group WiringCloset1 device 192.168.1.1 port Fa1/3 device 172.
Chapter 8 Configuring VLANs How the VMPS Works VMPS Configuration Guidelines The following guidelines and restrictions apply to dynamic port VLAN membership: • You must configure the VMPS before you configure ports as dynamic. • The communication between a cluster of switches and VMPS is managed by the command switch and includes port-naming conventions that are different from standard port names.
Chapter 8 Configuring VLANs How the VMPS Works Default VMPS Configuration Table 8-13 shows the default VMPS and dynamic port configuration on client switches.
Chapter 8 Configuring VLANs How the VMPS Works Configuring Dynamic Ports on VMPS Clients If you are configuring a port on a member switch as a dynamic port, first log into the member switch by using the privileged EXEC rcommand command. For more information on how to use this command, refer to the Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference. Caution Dynamic port VLAN membership is for end stations. Connecting dynamic ports to other switches can cause a loss of connectivity.
Chapter 8 Configuring VLANs How the VMPS Works Reconfirming VLAN Memberships Beginning in privileged EXEC mode, follow these steps to confirm the dynamic port VLAN membership assignments that the switch has received from the VMPS: Command Purpose Step 1 vmps reconfirm Reconfirm dynamic port VLAN membership. Step 2 show vmps Verify the dynamic VLAN reconfirmation status. Changing the Reconfirmation Interval VMPS clients periodically reconfirm the VLAN membership information received from the VMPS.
Chapter 8 Configuring VLANs How the VMPS Works Changing the Retry Count Beginning in privileged EXEC mode, follow these steps to change the number of times that the switch attempts to contact the VMPS before querying the next server: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 vmps retry count Change the retry count. The retry range is from 1 to 10; the default is 3. Step 3 exit Return to privileged EXEC mode. Step 4 show vmps Verify your entry.
Chapter 8 Configuring VLANs How the VMPS Works Troubleshooting Dynamic Port VLAN Membership The VMPS shuts down a dynamic port under these conditions: • The VMPS is in secure mode, and it will not allow the host to connect to the port. The VMPS shuts down the port to prevent the host from connecting to the network. • More than 20 active hosts reside on a dynamic port. To reenable a shut-down dynamic port, enter the interface configuration no shutdown command.
Chapter 8 Configuring VLANs How the VMPS Works Figure 8-7 Dynamic Port VLAN Membership Configuration TFTP server Catalyst 5000 series Primary VMPS Server 1 Switch 1 End station 1 Dynamic-access port Switch 2 Router 172.20.26.150 172.20.22.7 Client 172.20.26.151 Trunk port Secondary VMPS Server 2 Switch 3 Switch 5 Switch 6 Switch 7 Switch 8 Dynamic-access port 172.20.26.154 172.20.26.155 172.20.26.156 172.20.26.157 Client Switch 9 172.20.26.
9 C H A P T E R Troubleshooting This chapter provides the following information about avoiding and resolving problems related to the switch software.
Chapter 9 Troubleshooting Avoiding Configuration Conflicts Avoiding Configuration Conflicts Certain combinations of port features conflict with one another. For example, if you define a port as the network port for a VLAN, all unknown unicast and multicast traffic is flooded to the port. You could not enable port security on the network port because a secure port limits the traffic allowed on it.
Chapter 9 Troubleshooting Avoiding Autonegotiation Mismatches Avoiding Autonegotiation Mismatches The IEEE 802.3u autonegotiation protocol manages the switch settings for speed (10 Mbps or 100 Mbps) and duplex (half or full). Sometimes this protocol can incorrectly align these settings, reducing performance. A mismatch occurs under these circumstances: • A manually set speed or duplex parameter is different from the manually set speed or duplex parameter on the connected port.
Chapter 9 Troubleshooting Troubleshooting LRE Port Configuration Troubleshooting LRE Port Configuration Table 9-2 lists problems you might encounter when configuring and monitoring the Long-Reach Ethernet (LRE) ports on the Catalyst 2900 LRE XL switches. Table 9-2 LRE Port Problems Problem Suggested Solution LRE port LED is amber The switch and CPE are unable to establish a LRE link using the selected profile. Change to a profile using a lower quadrature amplitude modulation (QAM) rate.
Chapter 9 Troubleshooting Troubleshooting CMS Sessions Troubleshooting CMS Sessions Table 9-3 lists problems commonly encountered when using CMS: Table 9-3 Common CMS Session Problems Problem Suggested Solution A blank screen appears when you click Cluster Management Suite or Visual Switch Manager from the Cisco Systems Access page. A missing browser Java plug-in or incorrect settings could cause this problem. • CMS requires a Java plug-in to function correctly.
Chapter 9 Troubleshooting Troubleshooting CMS Sessions Table 9-3 Common CMS Session Problems (continued) Problem Suggested Solution In an Internet Explorer browser session, you receive a message stating that the CMS page might not display correctly because your security settings prohibit running ActiveX controls. A high security level prohibits ActiveX controls, which Internet Explorer uses to launch the Java plug-in, from running. 1. Start Internet Explorer. 2.
Chapter 9 Troubleshooting Troubleshooting CMS Sessions Table 9-3 Problem Common CMS Session Problems (continued) Suggested Solution 9. Add the switches you want to manage by entering their URLs in the Add this web site to the zone field. Click Add to add each switch. A URL is the switch IP address preceded by http://. For example, you might enter: http://172.20.153.36 10. After you have finished entering the URLs for your switches, click OK. 11.
Chapter 9 Troubleshooting Determining Why a Switch Is Not Added to a Cluster Determining Why a Switch Is Not Added to a Cluster If a switch does not become part of the cluster, you can learn why by selecting Views > Toggle View from the menu bar in Cluster Builder. Cluster View displays the cluster as a double-switch icon and shows connections to devices outside the cluster (Figure 9-1). Right-click the device (yellow label), and select Disqualification Code.
Chapter 9 Troubleshooting Copying Configuration Files to Troubleshoot Configuration Problems Copying Configuration Files to Troubleshoot Configuration Problems You can use the file system in Flash memory to copy files and to troubleshoot configuration problems. This could be useful if you wanted to save configuration files on an external server in case a switch fails. You can then copy the configuration file to a replacement switch and avoid having to reconfigure the switch.
Chapter 9 Troubleshooting Troubleshooting Switch Upgrades Step 2 Enter the copy running-config startup-config privileged EXEC command to save your configuration changes to Flash memory so that they are not lost if there is a system reload or power outage. This example shows how to use this command to save your changes: switch# copy running-config startup-config Building configuration... It might take a minute or two to save the configuration to Flash memory.
Chapter 9 Troubleshooting Troubleshooting Switch Upgrades Table 9-4 Problems Encountered When Upgrading the Switch (continued) Problem Suggested Solution Getting “Permission Denied” error message during the bootup. This error message appears when the boot parameters are not set correctly. In most of the cases, when setting the boot parameters during or after the upgrade, the word flash: is mistyped or completely missed.
Chapter 9 Troubleshooting Troubleshooting Switch Upgrades Table 9-4 Problems Encountered When Upgrading the Switch (continued) Problem Suggested Solution Failed software upgrade; switch is resetting continuously. This might be due to a corrupt or incorrect image, or the image in Flash might be missing. Following these steps to recover if the switch is in a reset loop after or during the upgrade. After the upgrade, the switch still boots up with the old image. 1.
Chapter 9 Troubleshooting Recovery Procedures Recovery Procedures The recovery procedures in this section require that you have physical access to the switch.
Chapter 9 Troubleshooting Recovery Procedures Recovering from a Command Switch Failure This section describes how to recover from a failed command switch. If you are running IOS Release 12.0(5)XU, you can configure a redundant command switch group by using the Hot Standby Router Protocol (HSRP). For more information, see the “Designating and Enabling Standby Command Switches” section on page 5-17. Note HSRP is the preferred method for supplying redundancy to a cluster.
Chapter 9 Troubleshooting Recovery Procedures Replacing a Failed Command Switch with a Cluster Member Follow these steps to replace a failed command switch with a command-capable member of the same cluster: Step 1 Disconnect the command switch from the member switches, and physically remove it from the cluster. Step 2 Use a member switch in place of the failed command switch, and duplicate its connections to the cluster members.
Chapter 9 Troubleshooting Recovery Procedures Step 9 Use the setup program to configure the switch IP information. This program prompts you for an IP address, subnet mask, default gateway, and password. From privileged EXEC mode, enter setup, and press Return. Switch# setup --- System Configuration Dialog --At any point you may enter a question mark ’?’ for help. Use Ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets ’[]’.
Chapter 9 Troubleshooting Recovery Procedures Step 16 Note Enter the password of the failed command switch, and press Return. The password can be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, allows spaces, but ignores leading spaces.
Chapter 9 Troubleshooting Recovery Procedures ip default-gateway 172.20.153.01 hostname host_name enable secret 5 $1$M3pS$cXtAlkyR3/6Cn8/ line vty 0 15 password telnet_password snmp community private rw snmp community public ro cluster enable cls_name end Step 22 Verify that the information is correct. • If the information is correct, enter Y at the prompt, and press Return. • If the information is not correct, enter N at the prompt, press Return, and begin again at Step 1.
Chapter 9 Troubleshooting Recovery Procedures Replacing a Failed Command Switch with Another Switch Follow these steps when you are replacing a failed command switch with a switch that is command-capable but not part of the cluster: Step 1 Insert the new switch in place of the failed command switch, and duplicate its connections to the cluster members. Step 2 Start a CLI session on the new command switch.
Chapter 9 Troubleshooting Recovery Procedures Step 10 Enter the IP address of the default gateway, and press Return. IP address of the default gateway: ip_address Step 11 Note Enter a host name for the switch, and press Return. On a command switch, the host name is limited to 28 characters; on a member switch to 31 characters. Do not use -n, where n is a number, as the last character in a host name for any switch.
Chapter 9 Troubleshooting Recovery Procedures Step 16 Assign a name to the cluster, and press Return. Enter cluster name: cls_name Note Step 17 The cluster name can be 1 to 31 alphanumeric characters, dashes, or underscores. The initial configuration is displayed: The following configuration command script was created: ip subnet-zero interface VLAN1 ip address 172.20.153.36 255.255.255.0 ip default-gateway 172.20.153.
Chapter 9 Troubleshooting Recovery Procedures Recovering from a Failed Command Switch Without HSRP If a command switch fails and there is no standby command switch configured, member switches continue forwarding among themselves, and they can still be managed through normal standalone means. You can configure member switches through the console-port CLI, and they can be managed through SNMP, HTML, and Telnet after you assign an IP address to them.
Chapter 9 Troubleshooting Recovery Procedures load_helper boot Step 5 Initialize the Flash file system: switch: flash_init Step 6 If you had set the console port speed to anything other than 9600, it has been reset to that particular speed. Change the emulation software line speed to match that of the switch console port.
Chapter 9 Troubleshooting Recovery Procedures Step 10 Boot the system: switch: boot You are prompted to start the setup program. Enter N at the prompt: Continue with the configuration dialog? [yes/no]: N Step 11 At the switch prompt, change to privileged EXEC mode: switch> enable Step 12 Rename the configuration file to its original name: switch# rename flash:config.text.old flash:config.text Step 13 Copy the configuration file into memory: switch# copy flash:config.
Chapter 9 Troubleshooting Recovery Procedures Recovering from Corrupted Software Switch software can be corrupted during an upgrade, by downloading the wrong file to the switch, and by deleting the image file. In all these cases, the switch does not pass the power-on self-test (POST), and there is no connectivity. The following procedure uses the XMODEM Protocol to recover from a corrupt or wrong image file.
Chapter 9 Troubleshooting Recovery Procedures Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 9-26 78-6511-05
A P P E N D I X A System Error Messages This appendix describes the IOS system error messages for the switch. The system software sends these error messages to the console (and, optionally, to a logging server on another system) during operation. Not all system error messages indicate problems with your system. Some messages are purely informational, while others can help diagnose problems with communications lines, internal hardware, or the system software.
Appendix A System Error Messages How to Read System Error Messages How to Read System Error Messages System error messages begin with a percent sign (%) and are structured as follows: %FACILITY-SUBFACILITY-SEVERITY-MNEMONIC: Message-text • FACILITY is a code consisting of two or more uppercase letters that indicate the facility to which the message refers. A facility can be a hardware device, a protocol, or a module of the system software. Table A-1 lists the system facility codes. .
Appendix A System Error Messages How to Read System Error Messages • SEVERITY is a single-digit code from 0 to 7 that reflects the severity of the condition. The lower the number, the more serious the situation. Table A-2 lists the message severity levels. • MNEMONIC is a code that uniquely identifies the error message. Table A-2 Message Severity Levels Severity Level Description 0 – emergency System is unusable. 1 – alert Immediate action required. 2 – critical Critical condition.
Appendix A System Error Messages Error Message Traceback Reports The following is a sample system error message: %LINK-2-BADVCALL: Interface [chars], undefined entry point Some error messages also indicate the card and slot reporting the error. These error messages begin with a percent sign (%) and are structured as follows: %CARD-SEVERITY-MSG:SLOT %FACILITY-SEVERITY-MNEMONIC: Message-text CARD is a code that describes the type of card reporting the error.
Appendix A System Error Messages Error Message and Recovery Procedures Error Message and Recovery Procedures This section lists the switch system messages by facility. Within each facility, the messages are listed by severity levels 0 to 7: 0 is the highest severity level, and 7 is the lowest severity level. Each message is followed by an explanation and a recommended action. Chassis Message This section contains the Chassis error message.
Appendix A System Error Messages Error Message and Recovery Procedures CMP-5-REMOVE The Device is removed from the cluster (Cluster Name:[chars]) Explanation The message means that the device is removed from the cluster: [chars] is the cluster name. Action No action is required. Environment Messages This section contains the Environment error messages. ENVIRONMENT-2-FAN_FAULT Explanation This message means that an internal fan fault is detected.
Appendix A System Error Messages Error Message and Recovery Procedures GigaStack Messages This section contains the GigaStack error messages. GIGASTACK-6-LOOP_BROKEN Explanation This message means that a loop formed by GigaStack modules is broken because of link loss. Link 2 of the Master Loop Breaker is re-enabled to replace the broken line. Action No action is required.
Appendix A System Error Messages Error Message and Recovery Procedures Link Message This section contains the Link error message. LINK-4-ERROR [chars] is experiencing errors. Explanation This messages means that excessive errors have occurred on this interface: [char] is the interface. Action Check for duplex mismatches between both ends of the link. Note The previous error is a LINK-4-ERROR message, which is logged at the Warning level.
Appendix A System Error Messages Error Message and Recovery Procedures with the CPE to achieve the link rate of the profile configured for the port. When the reduced rate is achieved, link is dropped briefly, and the LRE and CPE ports attempt to establish the profile link rate. If, after a time (typically 30 seconds), no LRE link is established, this message appears, and the port LED is amber. The port continues to attempt to establish link, starting from the reduced rate.
Appendix A System Error Messages Error Message and Recovery Procedures RTD Messages This section contains the Runtime Diagnostic (RTD) error messages. RTD-1-ADDR_FLAP [chars] relearning [dec] addrs per min Explanation Normally, MAC addresses are learned once on a port. Occasionally, when a switched network reconfigures, due to either manual or STP reconfiguration, addresses learned on one port are relearned on a different port.
Appendix A System Error Messages Error Message and Recovery Procedures Storm Control Messages This section contains the Storm Control error message. STORM_CONTROL-2-SHUTDOWN Explanation This messages means that excessive traffic has been detected on a port that has been configured to be shut down if a storm event is detected Action Once the source of the packet storm has been fixed, re-enable the port by using port-configuration commands.
Appendix A System Error Messages Error Message and Recovery Procedures Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide A-12 78-6511-05
I N D E X member switches 8-35 Numerics MIB files 4-7 1000BASE-T module, Catalyst 2900 XL 1-12 MIB objects 4-6, 4-7 MIBs files 4-7 A objects 4-6 aaa (authentication, authorization, and accounting) variables 4-7 Telnet access 4-4 configuring 6-67 accounting in TACACS+ 6-61 managing 6-61 adding aaa accounting command 6-66 secure addresses 6-58 aaa authorization command 6-65 static addresses 6-59 aaa authorization exec tacacs+ local command 6-65 switches to cluster 5-14 aaa new-model command
Index described 6-56 ADSL 1-6 removing 6-58 advertisements, VTP 8-15 MAC aging, accelerating 6-26 adding secure 6-58 aging time, changing address 6-57 aging time 6-57 alarms group, in RMON 4-6 discovering 6-45, 6-56 allowed-VLAN list 8-40 tables, managing 6-56 American National Standards Institute secure see ANSI adding 6-58 described 6-56, 6-58 removing 6-59 static ANSI 1-6 Plan 998 7-23 AppleTalk Remote Access (ARA) 6-65 Apply button 2-33 adding 6-59 ARP table configuring (EtherChanne
Index caveats B password and privilege level 5-9 bandwidth, graphing 2-9, 2-20 CDP 1-3 BPDU message interval 6-40 configuring 6-22 broadcast client mode, configuring 6-18 discovering candidates with 5-4 broadcast messages, configuring for 6-18 broadcast storm control CGMP 1-2 controlling management packets with 6-46 disabling 7-5 removing router ports 6-48 enabling 7-4 see also Fast Leave broadcast traffic and protected ports 7-13 chassis system error messages A-5 browser configuration 2-1,
Index IOS Release 12.
Index LRE profiles 5-13 CMS management VLAN 5-11 accessing 2-35 NAT commands 5-12 device labels 2-25 network port 5-12 features 2-2 passwords 5-8 link icons 2-25 SNMP community strings 5-10 overview standby command switches 5-5 privilege level 6-16 planning considerations, switch-specific features 5-13 redundancy 5-17 requirements 2-35 saving configuration changes 2-37 topology 2-24 removing switches from 5-14 requirements 5-2 device icon colors 2-24 device icons 2-24 standby command-swit
Index default 3-5 redundant (standby) 5-17 dir flash 9-9 replacing getting help (?) 3-5 with another switch 9-19 help 3-5 with cluster member 9-15 list of available 3-4, 3-6 requirements 5-2 name 5-18 standby 5-5, 5-17 no 3-5 see also candidates, member switches port block 8-38 command variables, listing 3-6 preempt 5-18 community strings rcommand 5-21 configuring 5-10, 6-19 redisplaying 3-5 SNMP 5-10, 5-22 resetting to defaults 3-5 switch clusters 5-10 show cluster members 5-21 co
Index configuration changes, saving duplex 7-2, 7-3 CLI 3-10 dynamic ports on VMPS clients 8-58 CMS 2-37 dynamic VLAN membership 8-57 configuration examples, network 1-10 flooding controls 7-4 collapsed backbone and switch cluster 1-16 flow control 7-3 design concepts hello time 6-40 cost-effective wiring closet 1-12 hops 6-23 high-performance workgroup 1-12 inline power 7-21 network performance 1-10 IP information 6-2 network services 1-11 IP Phone 7-18 redundant Gigabit backbone 1-12
Index UplinkFast 6-26 switches CSUF 6-31 configuring 6-37 member 5-21 connecting stack ports 6-35 TACACS+ 6-61 fast convergence causes 6-33 trap managers 6-19 limitations 6-35 trunk port 8-38 overview 6-31 trunks 8-37, 8-39 Current Multicast Groups table 6-48 VLANs 8-1, 8-28, 8-32 customer premises equipment VTP 8-18, 8-20 see CPE VTP client mode 8-22 VTP server mode 8-21 VTP transparent mode 8-10, 8-23 D conflicts, configuration 9-2, 9-13 database, VTP 8-27, 8-32 consistency checks in
Index DHCP 1-3, 6-4 documentation, CD-ROM Client Request Process 6-5 Catalyst 2900 XL and Catalyst 3500 XL xix configuring DHCP server 6-6 Cisco xx configuring domain name and DNS 6-8 documentation, IOS Release 12.
Index dynamic port VLAN membership port security 7-14, 7-15 configuration example 8-61 SNMP 6-18 configuring 8-58 SPAN 7-16 example 8-61 STP Port Fast 6-42 overview 8-53 UplinkFast 6-30 reconfirming 8-59 VTP pruning 8-25 troubleshooting 8-61 VTP version 2 8-24 VMPS database configuration file 8-54 Dynamic Trunk Protocol encapsulation 8-44 environment system error messages A-6 error messages 3-7 see DTP dynamic VLAN membership 8-57 EtherChannel port groups 7-10 configuring static address fo
Index port groups 7-10 F restrictions 7-11 facility codes A-2 resuming 7-7 description A-2 source-based, illustrated 7-11 table A-2 see also broadcast storm control fan fault indication 2-6 forwarding, static address 6-59 Fast EtherChannel port groups, creating 7-10 front-panel images 2-7 Fast Ethernet trunks 8-36 Cluster Manager 2-5 Fast Leave VSM 2-4 defined 6-46 FTP, accessing MIB files 4-7 disabling 6-47 enabling 6-47 FDDI-Net VLAN defaults and ranges 8-30 G FDDI VLAN defaults and r
Index Gigabit Interface Converter I see GBICs GigaStack system error messages A-7 IEEE 802.1p 7-17 global configuration mode 3-4 IEEE 802.1Q configuration considerations 8-37 graphs bandwidth 2-9, 2-20 interaction with other features 8-37 poll result 4-8 native VLAN for untagged traffic 8-43 overview 8-36 IEEE 802.
Index point of access 5-2 L in redundant clusters 5-5 LEDs removing 6-2 switch clusters 5-8 duplex mode 2-10 see also IP information front-panel images 2-7 IP connectivity to the switch 4-2 LINE PWR mode 2-10 IP information LRE mode 2-10 assigning 6-2 port 2-9, 2-11, 2-12, 2-13 configuring 6-2 redundant power system 2-8 displaying 5-19 RPS 2-8 RPS 300 2-9 removing 6-2 IP management packets, controlling 6-46 RPS 600 2-8 speed mode 2-10 IP Phone calls 7-17 STAT mode 2-10 configuring 7-18
Index location of switches, displaying 5-19 lre profile command 7-28 login authentication, configuring 6-64 lre profile global command 7-27 Long-Reach Ethernet lre shutdown command 7-26 see LRE technology LRE technology 1-6, 7-22 LRE-10 private profile 7-24 LRE-15 private profile 7-24 LRE-5 private profile 7-24 LRE link M MAC addresses see LRE ports adding secure 6-58 LRE link system error messages A-8 aging time 6-57 LRE mode LED 2-10 discovering 6-45, 6-56 LRE ports MAC address tables, m
Index membership mode, VLAN port 8-7 mismatches, autonegotiation 9-3 member switches mnemonic code A-3 accessing 8-35 Mode button 2-9 adding model numbers, displaying 5-19 with Cluster Builder 5-14 modes assigning host names to 5-10 command 3-3 defined 5-2 VLAN port membership 8-7 displaying inventory of 5-19 VTP see VTP modes managing 5-21 passwords, inherited 5-8 Modify button 2-33 recovering from lost connectivity 9-13 modules, displaying 5-19 menu bar Cluster Builder 2-26 module sy
Index MVR 4-13, 6-49 configuring 6-54 parameters 6-53 multidwelling configuration 1-23 small to medium-sized network 1-14 Network Management System guidelines 6-51 see NMS limitations 6-52 network ports overview 6-49 disabling 7-8 enabling 7-7 switch clusters 5-12 N and trunks 8-37 name command 5-18 NAT commands cluster considerations 5-12 Network Time Protocol see NTP NMS 4-7 native VLANs 8-43 no commands, using 3-5 NCPs 6-65 no lre profile global command 7-27 Network Address Translation
Index standby command switches 5-5 P switch-specific features 5-13 packets 7-6 polling interval controlling management (CGMP) 6-46 Cluster Builder 2-26 see also traffic switch image 2-15 parallel links 8-46 poll results, graphing 4-8 passwords POP 1-23 candidate switch 5-16 pop-up menus changing 6-15 Cluster Builder link 2-30 community strings 6-19 Cluster Builder member 2-29 recovery of 9-22 Cluster Manager device 2-19 setting 6-15 Cluster Manager port 2-18 switch clusters 5-8 port
Index port modes 2-9 changing 2-9 LEDs 2-10 configuring flow control on 7-3 settings 7-2 LRE 7-22 port-monitoring conflicts with trunks 8-37 monitoring 8-37 port pop-up menu 2-18 multi-VLAN 8-7, 8-10, 8-11, 8-12 Cluster Manager 2-18 network 8-37 VSM 2-18 priority 6-43, 8-44, 8-47 ports protected 7-13 ATM secure 7-15, 8-37 duplex and speed 7-2 security trunks and other features 8-37 described 7-14 VLAN membership 8-7 disabling 7-15 configuration guidelines 7-2 enabling 7-15 configuring
Index preempt command 5-18 private 7-23 priority assigning 7-28 modifying switch 6-39 LRE-10 7-24 overriding 7-19 LRE-15 7-24 port LRE-5 7-24 described 8-44 public 7-23 modifying 6-42, 6-43 assigning a public profile 7-27 standby group member 5-17 PUBLIC-ANSI 7-24 private branch exchange PUBLIC-ETSI 7-24 properties, displaying switch 5-19 see PBX private mode profiles 7-23 LRE-10 7-24 protected ports 1-2, 7-13 pruning LRE-15 7-24 enabling on a port 8-42 LRE-5 7-24 enabling on the swi
Index RPS LED 2-8 R RPS 300 2-9 rcommand 5-21 RPS 600 2-8 reconfirmation interval, changing 8-59 RTD error messages A-10 recovery procedures 9-13 Runtime Diagnostic redisplaying commands 3-5 see RTD error messages redundancy cluster 5-17 STP 6-25 S path cost 8-50 Save Configuration window 2-17 port priority 8-47 secure address count 7-15 UplinkFast 6-28 secure addresses redundant power system 2-8 adding 6-58 relay device, configuring 6-9 described 6-58 releases, switch software 4-2 r
Index server mode, VTP 8-14 configuring for single switches 6-18 servers, BOOTP 1-3, 6-4 set-request operation 4-8 enabling and disabling 6-18 settings management, using 4-6 default, changing 4-9 managing clusters with 5-22 duplex 7-2, 7-3 network management platforms 4-6 Gigabit Ethernet port 7-2 RMON groups 4-6 speed 7-3 trap managers, configuring 6-19 STP 6-27 trap types 6-19, 6-20 STP default 6-26 SNMP Configuration window 2-17 set-top box, television 1-20 severity levels recovery pr
Index spanning-tree rootguard command 6-45 configuring 6-24, 6-26 speed, setting 7-2, 7-3 considerations for using STP instances 6-24 speed mode LED 2-10 disabling 6-25 Standby Command Configuration window 5-18 forwarding delay timer 6-41 standby command group hello BPDU interval 6-40 configuring 5-5, 5-17 implementation type 6-39 priority, configuring 5-17 load sharing standby command switches overview 8-46 characteristics 5-3 using path costs 8-50 planning considerations 5-5 using port
Index stp-list parameter 6-24 switch ports, configuring 7-1 STP port states 6-41 switch software releases 4-2 SunNet Manager 1-8 switch-specific features in switch clusters 5-13 switch clusters switch upgrades, troubleshooting 9-10 candidate and cluster member characteristics 5-3 system date and time 6-17 system error messages A-1 command switch characteristics 5-2 chassis A-5 displaying inventory 5-19 CMP A-5 displaying link information 5-20 environment A-6 overview 5-1 GigaStack A-7 pla
Index TACACS+ Cluster View 2-27 AAA accounting commands 6-66 VSM 2-17 AAA authorization commands 6-65 topology, CMS 2-24 configuring 6-61 traceback reports A-4 initializing 6-64 traffic server, creating 6-62 blocking flooded 7-6 starting accounting 6-66 forwarding, and protected ports 7-13 tacacs-server host command 6-62, 6-63 monitoring 7-16 tacacs-server retransmit command 6-63, 6-67 reducing flooded 7-4, 7-7 tacacs-server timeout command 6-63 transmit queue 8-45 Telnet transparent m
Index configuration conflicts 8-37 configuring 8-39 upgrading software 4-1 VLAN considerations 8-19 disabling 8-40 UplinkFast Gigabit Ethernet 8-36 configuring 6-26 IEEE 802.
Index VLAN Management Policy Server see VMPS native, configuring 8-43 number supported 8-3 VLAN membership overlapping 8-11 ATM port 8-7 overview 8-2 combinations 8-8 static-access ports 8-10, 8-34, 8-35 confirming 8-59 STP parameters, changing 6-38 modes 8-7 supported VLANs 8-3 port group parameters 7-11 Token Ring 8-27 traps 6-19 trunking 8-3 see also dynamic VLAN membership trunks configured with other features 8-37 VLAN Membership window 2-17 VLAN Query Protocol see VQP see also trun
Index reconfirming membership 8-59 described 8-12 retry count, changing 8-60 disabling 8-23 server address, entering on client 8-57 domain names 8-18 Voice over IP domains 8-13 configuring 7-17 modes port configuration 7-18 client 8-14 voice ports configurations affecting mode changes 8-15 configuring VVID 7-20 voice ports, configuring 7-17 configuring 8-22 voice traffic 7-21 server 8-14, 8-21 voice VLAN transitions 8-14 transparent 8-10, 8-14, 8-23 see VVID VQP 8-52 monitoring 8-26 V
Index VVID 1-5, 7-18 configuring 7-20 W warnings xviii window components, CMS 2-31 buttons 2-33 host name list 2-32 lists 2-32 online help 2-33 tabs 2-32 X Xmodem protocol 9-25 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide IN-28 78-6511-05
