System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches First Published: July 2013 Lasted Updated: August 2014 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
CONTENTS CHAPTER 1 Overview 1-1 Features 1-1 DHCP 1-2 Switch Boot Optimization 1-3 NTP 1-3 MAC Address Table 1-3 DNS 1-4 Switch Alarms 1-4 SDM Templates 1-4 Smartports Macros 1-4 LLDP and LLDP-MED 1-5 Port-Based Traffic Control 1-5 CDP 1-5 SPAN and RSPAN 1-6 RMON 1-6 System Message Logging 1-6 SNMP 1-7 Cisco IOS IP SLAs 1-7 Embedded Event Manager 1-7 Ethernet OAM, CFM, and E-LMI 1-8 Online Diagnostics 1-8 Supported MIBs 1-8 CHAPTER 2 Assigning the Switch IP Address and Default Gateway Information Ab
Contents Example Configuration Prerequisites 2-7 2-9 Guidelines and Limitations Default Settings 2-9 2-10 Assigning Switch Information 2-11 Configuring the DHCP Auto Configuration and Image Update Features 2-12 Configuring DHCP Autoconfiguration (Only Configuration File) 2-12 Configuring DHCP Auto-Image Update (Configuration File and Image) 2-13 Configuring the Client 2-14 Manually Assigning IP Information 2-16 Modifying the Startup Configuration 2-16 Automatically Downloading a Configuration File 2-
Contents DNS 4-4 MAC Address Table 4-4 Building the Address Table 4-4 MAC Addresses and VLANs 4-4 ARP Table 4-5 Prerequisites 4-5 Guidelines and Limitations Default Settings 4-6 4-6 Configuring NTP 4-7 Configuring NTP Authentication 4-7 Configuring NTP Associations 4-8 Configuring NTP Broadcast Service 4-10 Configuring the Switch to Send NTP Broadcast Packets 4-10 Configuring the Switch to Receive NTP Broadcast Packets 4-11 Configuring NTP Access Restrictions 4-11 Creating an Access Group and Assignin
Contents Displaying Address Table Entries Verifying Configuration 4-35 Configuration Example 4-35 Related Documents Feature History CHAPTER 5 4-34 4-38 4-38 Configuring the Switch Alarms 5-1 Information About Switch Alarms 5-1 Global Status Monitoring Alarms 5-2 FCS Error Hysteresis Threshold 5-2 Port Status Monitoring Alarms 5-2 Triggering Alarm Options 5-3 Prerequisites 5-4 Guidelines and Limitations Default Settings 5-4 5-4 Configuring External Alarms 5-4 Configuring Switch Alarms 5-7
Contents Verifying Configuration 6-6 Configuration Example 6-7 Related Documents Feature History CHAPTER 7 6-7 6-8 Configuring Smartports Macros 7-1 Information About Smartports Macros Prerequisites 7-1 7-1 Guidelines and Limitations Default Settings 7-1 7-2 Configuring Smartports Macros 7-3 Creating Smartports Macros 7-4 Applying Smartports Macros 7-5 Verifying Configuration 7-7 Configuration Example 7-7 Feature History CHAPTER 8 7-8 Configuring LLDP and LLDP-MED 8-1 Information
Contents Related Documents Feature History CHAPTER 9 8-10 8-11 Configuring Port-Based Traffic Control 9-1 Information About Port-Based Traffic Control Storm Control 9-2 Protected Ports 9-3 Port Blocking 9-3 Port Security 9-3 Secure MAC Addresses 9-4 Security Violations 9-4 Prerequisites 9-1 9-5 Guidelines and Limitations Default Settings 9-5 9-7 Configuring Storm Control 9-8 Configuring Protected Ports Configuring Port Blocking 9-10 9-11 Configuring Port Security 9-12 Enabling and Configur
Contents Disabling CDP on an Interface 10-4 Enabling CDP on an Interface 10-5 Verifying Configuration 10-6 Configuration Example 10-6 Related Documents Feature History CHAPTER 11 10-7 10-7 Configuring SPAN and RSPAN 11-1 Information About SPAN and RSPAN 11-1 Local SPAN 11-2 Remote SPAN 11-2 SPAN and RSPAN Concepts and Terminology SPAN Sessions 11-3 Monitored Traffic 11-4 Source Ports 11-5 Source VLANs 11-6 VLAN Filtering 11-6 Destination Port 11-6 RSPAN VLAN 11-7 Prerequisites 11-3 11-8 Guide
Contents CHAPTER 12 Configuring RMON 12-1 Information About RMON Prerequisites 12-1 12-2 Guidelines and Limitations Default Settings 12-3 12-3 Configuring RMON 12-3 Configuring RMON Alarms and Events 12-3 Collecting Group History Statistics on an Interface 12-5 Collecting Group Ethernet Statistics on an Interface 12-6 Verifying Configuration 12-7 Configuration Example 12-7 Related Documents Feature History CHAPTER 13 12-8 12-8 Configuring System Message Logging 13-1 Information About S
Contents CHAPTER 14 Configuring SNMP 14-1 Information About SNMP 14-1 SNMP Versions 14-2 SNMP Manager Functions 14-3 SNMP Agent Functions 14-4 SNMP Community Strings 14-4 Using SNMP to Access MIB Variables 14-4 SNMP Notifications 14-5 SNMP ifIndex MIB Object Values 14-6 MIB Data Collection and Transfer 14-6 Prerequisites 14-7 Guidelines and Limitations Default Settings 14-7 14-7 Configuring SNMP 14-8 Disabling the SNMP Agent 14-8 Configuring Community Strings 14-9 Configuring SNMP Groups and Users
Contents Default Settings 15-6 Configuring Embedded Event Manager 15-6 Registering and Defining an Embedded Event Manager Applet 15-6 Registering and Defining an Embedded Event Manager TCL Script 15-7 Verifying Configuration 15-8 Configuration Example 15-8 Related Documents Feature History CHAPTER 16 15-9 15-9 Configuring Cisco IOS IP SLAs Operations 16-1 Information About Cisco IOS IP SLAs 16-1 Using Cisco IOS IP SLAs to Measure Network Performance IP SLAs Responder and IP SLAs Control Protoc
Contents Configuring a Port MEP 17-15 Configuring SNMP Traps 17-17 Configuring Fault Alarms 17-17 Configuring IP SLAs CFM Operation 17-19 Manually Configuring an IP SLAs CFM Probe or Jitter Operation 17-19 Configuring an IP SLAs Operation with Endpoint Discovery 17-22 Information About CFM ITU-T Y.1731 Fault Management Y.1731 Terminology 17-24 Alarm Indication Signals 17-25 Ethernet Remote Defect Indication 17-25 Ethernet Locked Signal 17-26 Multicast Ethernet Loopback 17-26 17-24 Configuring Y.
Contents Configuring the OAM Manager 17-53 Enabling E-LMI 17-56 Ethernet OAM Manager Configuration Example 17-58 Provider-Edge Device Configuration 17-58 Customer-Edge Device Configuration 17-58 Displaying E-LMI and OAM Manager Information 17-59 Ethernet CFM and Ethernet OAM Interaction 17-59 Configuring Ethernet OAM Interaction with CFM 17-60 Configuring the OAM Manager 17-60 Enabling Ethernet OAM 17-61 Ethernet OAM and CFM Configuration Example 17-62 Related Documents Feature History CHAPTER 18 17-6
CH A P T E R 1 Overview This document describes how to configure system management features on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch.
Chapter 1 Overview Features This chapter provides a summary of the following system management features: • DHCP, page 1-2 • NTP, page 1-3 • MAC Address Table, page 1-3 • DNS, page 1-4 • Switch Alarms, page 1-4 • SDM Templates, page 1-4 • Smartports Macros, page 1-4 • LLDP and LLDP-MED, page 1-5 • Port-Based Traffic Control, page 1-5 • CDP, page 1-5 • SPAN and RSPAN, page 1-6 • RMON, page 1-6 • System Message Logging, page 1-6 • SNMP, page 1-7 • Embedded Event Manager, page 1-
Chapter 1 Overview Features You can use the DHCP image upgrade features to configure a DHCP server to download both a new image and a new configuration file to one or more switches in a network. This helps ensure that each new switch added to a network receives the same image and configuration. Related Topics Chapter 2, “Assigning the Switch IP Address and Default Gateway” Switch Boot Optimization You can configure the switch to minimize the time it takes to boot.
Chapter 1 Overview Features DNS The DNS protocol controls the Domain Name System (DNS), a distributed database with which you can map hostnames to IP addresses. When you configure DNS on your switch, you can substitute the hostname for the IP address with all IP commands, such as ping, telnet, connect, and related Telnet support operations. To keep track of domain names, IP has defined the concept of a domain name server, which holds a cache (or database) of names mapped to IP addresses.
Chapter 1 Overview Features Each Smartports macro is a set of CLI commands. The switch software has a set of default macros (which cannot be edited by user). You can also create your own macros. Smartports macros do not contain new CLI commands; they are simply a group of existing CLI commands. Related Topics Chapter 7, “Configuring Smartports Macros” LLDP and LLDP-MED To support non-Cisco devices and to allow for interoperability between other devices, the switch supports the IEEE 802.
Chapter 1 Overview Features Related Topics Chapter 10, “Configuring CDP” SPAN and RSPAN You can analyze network traffic passing through ports or VLANs by using Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) to send a copy of the traffic to another port on the switch or on another switch that has been connected to a network analyzer or other monitoring or security device.
Chapter 1 Overview Features Related Topics Chapter 13, “Configuring System Message Logging” SNMP Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message format for communication between managers and agents. The SNMP system consists of an SNMP manager, an SNMP agent, and a MIB. The SNMP manager can be part of a network management system (NMS) such as CiscoWorks. The agent and MIB reside on the switch.
Chapter 1 Overview Features managed from the switch and because some problems compromise communication between the switch and the external network management device. Network availability is improved if automatic recovery actions are performed without rebooting the switch.
CH A P T E R 2 Assigning the Switch IP Address and Default Gateway This chapter describes how to create the initial switch configuration for the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. Initial configuration involves assigning the switch IP address and default gateway information by using a variety of automatic and manual methods. This chapter also describes how to modify the switch startup configuration.
Chapter 2 Assigning the Switch IP Address and Default Gateway Information About Assigning Switch Information Boot Process To start your switch, you need to follow the procedures in the hardware installation guide about installing and powering on the switch and setting up the initial configuration (IP address, subnet mask, default gateway, secret and Telnet passwords, and so forth) of the switch.
Chapter 2 Assigning the Switch IP Address and Default Gateway Information About Assigning Switch Information DHCP-Based Autoconfiguration Dynamic Host Configuration Protocol (DHCP) provides configuration information to Internet hosts and internetworking devices. This protocol consists of two components: one for delivering configuration parameters from a DHCP server to a device and a mechanism for allocating network addresses to devices.
Chapter 2 Assigning the Switch IP Address and Default Gateway Information About Assigning Switch Information depends on how you configure the DHCP server. For more information, see the “TFTP Server” section on page 2-5. If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
Chapter 2 Assigning the Switch IP Address and Default Gateway Information About Assigning Switch Information file) settings. For procedures to configure the switch as a DHCP server, see the IP Addressing: DHCP Configuration Guide, Cisco IOS Release 15M&T. After you install the switch in your network, the auto-image update feature starts. The downloaded configuration file is saved in the running configuration of the switch, and the new image is downloaded and installed on the switch.
Chapter 2 Assigning the Switch IP Address and Default Gateway Information About Assigning Switch Information Relay Device You must configure a relay device, also referred to as a relay agent, when a switch sends broadcast packets that require a response from a host on a different LAN. Examples of broadcast packets that the switch might send are DHCP, DNS, and in some cases, TFTP packets. You must configure this relay device to forward received broadcast packets on an interface to the destination host.
Chapter 2 Assigning the Switch IP Address and Default Gateway Information About Assigning Switch Information • Only the IP address is reserved for the switch and provided in the DHCP reply. The configuration filename is not provided (two-file read method). The switch receives its IP address, subnet mask, and the TFTP server address from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg default configuration file.
Chapter 2 Assigning the Switch IP Address and Default Gateway Information About Assigning Switch Information Table 2-1 DHCP Server Configuration Switch A Switch B Switch C Switch D Binding key (hardware address) 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 IP address 10.0.0.21 10.0.0.22 10.0.0.23 10.0.0.24 Subnet mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Router address 10.0.0.10 10.0.0.10 10.0.0.10 10.0.0.10 DNS server address 10.0.0.2 10.0.0.
Chapter 2 Assigning the Switch IP Address and Default Gateway Prerequisites Prerequisites • Before you can assign switch information, make sure you have connected a PC or terminal to the console port, and configured the PC or terminal-emulation software baud rate and character format to match these of the switch console port: – Baud rate default is 9600. – Data bits default is 8. Note If the data bits option is set to 8, set the parity option to none. – Stop bits default is 1.
Chapter 2 Assigning the Switch IP Address and Default Gateway Default Settings – Subnet mask of the client (required) – DNS server IP address (optional) – Router IP address (default gateway address to be used by the switch) (required) • If you want the switch to receive the configuration file from a TFTP server, you must configure the DHCP server with these lease options: – TFTP server name (required) – Boot filename (the name of the configuration file that the client needs) (recommended) – Hostname (op
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information Feature Default Setting Default Boot Configuration Operating system software image The switch attempts to automatically boot the system using information in the BOOT environment variable. If the variable is not set, the switch attempts to load and execute the first executable image it can by performing a recursive, depth-first search throughout the flash file system.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information Configuring the DHCP Auto Configuration and Image Update Features Using DHCP to download a new image and a new configuration to a switch requires that you configure at least two switches: One switch acts as a DHCP and TFTP server. The client switch is configured to download either a new configuration file or a new configuration file and a new image file.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information Command Purpose Step 12 end Return to privileged EXEC mode. Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file. EXAMPLE This example shows how to configure a switch as a DHCP server to download a configuration file: Switch# configure terminal Switch(config)# ip dhcp pool pool1 Switch(dhcp-config)# network 10.10.10.0 255.255.255.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information Step 9 Command Purpose copy tftp flash imagename.tar Upload the tarfile for the new image to the switch. Step 10 exit Return to global configuration mode. Step 11 tftp-server flash:config.text Specify the Cisco IOS configuration file on the TFTP server. Step 12 tftp-server flash:imagename.tar Specify the image name on the TFTP server. Step 13 tftp-server flash:filename.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 boot host dhcp Enable autoconfiguration with a saved configuration. Step 3 boot host retry timeout timeout-value (Optional) Set the amount of time the system tries to download a configuration file. Note If you do not set a timeout the system will indefinitely try to obtain an IP address from the DHCP server.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information Manually Assigning IP Information BEFORE YOU BEGIN Review the “Assigning Switch Information” section on page 2-11. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface vlan vlan-id Enter interface configuration mode, and enter the VLAN to which the IP information is assigned. The range is 1 to 4094; do not enter leading zeros.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information • Specifying the Filename to Read and Write the System Configuration, page 2-17 • Booting Manually, page 2-18 • Booting a Specific Software Image, page 2-18 • Controlling Environment Variables, page 2-19 See also Cisco IOS Basics and File Management for Cisco IE 2000U and Connected Grid Switches for information about switch configuration files.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information Booting Manually By default, the switch automatically boots; however, you can configure it to manually boot. BEFORE YOU BEGIN Review the “Boot Process” section on page 2-2. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 boot manual Enable the switch to manually boot during the next boot cycle. Step 3 end Return to privileged EXEC mode.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 boot system filesystem:/file-url Configure the switch to boot a specific image in flash memory during the next boot cycle. • For filesystem:, use flash: for the system board flash device. • For file-url, specify the path (directory) and the name of the bootable image.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information • On a PC running Windows 2000, Ctrl-Break is the break key. Cisco TAC has tabulated break keys for most common operating systems and provided an alternative break key sequence for terminal emulators that do not support the break keys. To view this table, see: http://www.cisco.com/en/US/customer/products/hw/routers/ps133/products_tech_note09186a0080 174a34.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information Table 2-2 describes the function of the most common environment variables. Table 2-2 Environment Variables Variable Boot Loader Command Cisco IOS Global Configuration Command BOOT set BOOT filesystem:/file-url ... boot system filesystem:/file-url ... A semicolon-separated list of executable files to Specifies the Cisco IOS image file to load during the next boot cycle.
Chapter 2 Assigning the Switch IP Address and Default Gateway Assigning Switch Information • If your switch is configured for manual booting, do not reload it from a virtual terminal. This restriction prevents the switch from entering boot loader mode and thereby taking it from the remote user’s control. • If you modify your configuration file, the switch prompts you to save the configuration before reloading.
Chapter 2 Assigning the Switch IP Address and Default Gateway Verifying Configuration To cancel a previously scheduled reload, use the reload cancel privileged EXEC command. Displaying Scheduled Reload Information To display information about a previously scheduled reload or to find out if a reload has been scheduled on the switch, use the show reload privileged EXEC command.
Chapter 2 Assigning the Switch IP Address and Default Gateway Configuration Example This command saves the configuration settings that you made. If you fail to do this, your configuration will be lost the next time you reload the system. To display information stored in the NVRAM section of flash memory, use the show startup-config or more startup-config privileged EXEC command.
Chapter 2 Assigning the Switch IP Address and Default Gateway Related Documents Enable Break: Manual Boot: HELPER path-list: NVRAM/Config file buffer size: Timeout for Config Download: Config Download via DHCP: Switch# no no 32768 300 seconds enabled (next boot: enabled) This example shows how to reload the switch software on the current day at 19:30: Switch# reload at 19:30 Reload scheduled for 19:30:00 UTC Wed Jun 5 1996 (in 2 hours and 25 minutes) Proceed with reload? [confirm] This example shows h
Chapter 2 Assigning the Switch IP Address and Default Gateway Feature History System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches 2-26
CH A P T E R 3 Configuring Switch Boot Optimization This chapter describes how to configure the Switch Boot Optimization feature for Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch.
Chapter 3 Configuring Switch Boot Optimization Prerequisites Second Reload The boot loader performs its normal full memory test and FSCK check with LED status progress. If the memory and FSCK tests are successful, the system performs additional POST tests and the results are displayed on the console. After the system comes up successfully, the boot fast feature is reenabled.
Chapter 3 Configuring Switch Boot Optimization Configuration Example Configuration Example This example shows how to enable, disable, and verify the switch boot optimization configuration: Switch#conf t Switch(config)#boot fast Switch(config)#end Switch#sh boot Boot optimization : enabled Switch#conf t Switch(config)#no boot fast Switch(config)#end Switch#sh boot Boot optimization : disabled Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.
Chapter 3 Feature History System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches 3-4 Configuring Switch Boot Optimization
CH A P T E R 4 Administering the Switch This chapter describes how to perform one-time operations to administer the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch.
Chapter 4 Administering the Switch Information About Administering the Switch • ARP Table, page 4-5 System Clock The system clock runs from the moment the system starts up and keeps track of the date and time.
Administering the Switch Information About Administering the Switch Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet. Figure 4-1 shows a typical network example using NTP. Switch A is the NTP master, with Switches B, C, and D configured in NTP server mode, in server association with Switch A.
Chapter 4 Administering the Switch Information About Administering the Switch DNS The DNS protocol controls the Domain Name System (DNS), which is a distributed database for mapping hostnames to IP addresses. When you configure DNS on your switch, you can substitute the hostname for the IP address with all IP commands, such as ping, telnet, connect, and related Telnet support operations. IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain.
Chapter 4 Administering the Switch Prerequisites Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. When private VLANs are configured, address learning depends on the type of MAC address: • Dynamic MAC addresses learned in one VLAN of a private VLAN are replicated in the associated VLANs.
Chapter 4 Administering the Switch Guidelines and Limitations Guidelines and Limitations NTP The switch does not have a hardware-supported clock and cannot function as an NTP master clock to which peers synchronize themselves when an external NTP source is not available. The switch also has no hardware support for a calendar. As a result, the ntp update-calendar and the ntp master global configuration commands are not available.
Chapter 4 Administering the Switch Configuring NTP Configuring NTP You can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. For manual configuration, see the “Configuring Time and Date Manually” section on page 4-15.
Chapter 4 Administering the Switch Configuring NTP Step 4 Command Purpose ntp trusted-key key-number Specify one or more key numbers (defined in Step 3) that a peer NTP device must provide in its NTP packets for this switch to synchronize to it. By default, no trusted keys are defined. For key-number, specify the key defined in Step 3. This command provides protection against accidentally synchronizing the switch to a device that is not trusted. Step 5 end Return to privileged EXEC mode.
Chapter 4 Administering the Switch Configuring NTP DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ntp peer ip-address [version number] [key keyid] [source interface] [prefer] Configure the switch system clock to synchronize a peer or to be synchronized by a peer (peer association).
Chapter 4 Administering the Switch Configuring NTP Configuring NTP Broadcast Service The communications between devices running NTP (known as associations) are usually statically configured; each device is given the IP addresses of all devices with which it should form associations. Accurate timekeeping is possible by exchanging NTP messages between each pair of devices with an association. However, in a LAN environment, NTP can be configured to use IP broadcast messages instead.
Chapter 4 Administering the Switch Configuring NTP To disable the interface from sending NTP broadcast packets, use the no ntp broadcast interface configuration command. EXAMPLE This example shows how to configure a port to send NTP Version 2 packets: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ntp broadcast version 2 Configuring the Switch to Receive NTP Broadcast Packets DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 4 Administering the Switch Configuring NTP • Disabling NTP Services on a Specific Interface, page 4-13 Creating an Access Group and Assigning a Basic IP Access List The access group keywords are scanned in this order, from least restrictive to most restrictive: 1. peer—Allows time requests and NTP control queries and allows the switch to synchronize itself to a device whose address passes the access list criteria. 2.
Chapter 4 Administering the Switch Configuring NTP Step 3 Command Purpose access-list access-list-number permit source [source-wildcard] Create the access list. • For access-list-number, enter the number specified in Step 2. • Enter the permit keyword to permit access if the conditions are matched. • For source, enter the IP address of the device that is permitted access to the switch. • (Optional) For source-wildcard, enter the wildcard bits to be applied to the source.
Chapter 4 Administering the Switch Configuring NTP Command Purpose Step 3 no shutdown Enable the port, if necessary. By default, UNIs and enhanced network interfaces (ENIs) are disabled, and NNIs are enabled. Step 4 ntp disable Disable NTP packets from being received on the interface. By default, all interfaces receive NTP packets. Step 5 end Return to privileged EXEC mode. Step 6 show running-config Verify your entries.
Chapter 4 Administering the Switch Configuring Time and Date Manually The specified interface is used for the source address for all packets sent to all destinations. If a source address is to be used for a specific association, use the source keyword in the ntp peer or ntp server global configuration command as described in the “Configuring NTP Associations” section on page 4-8.
Chapter 4 Administering the Switch Configuring Time and Date Manually EXAMPLE This example shows how to manually set the system clock to 1:32 p.m. on July 23, 2014: Switch# clock set 13:32:00 23 July 2014 Displaying the Time and Date Configuration To display the time and date configuration, use the show clock [detail] privileged EXEC command. The system clock keeps an authoritative flag that shows whether the time is authoritative (believed to be accurate).
Chapter 4 Administering the Switch Configuring Time and Date Manually The minutes-offset variable in the clock timezone global configuration command is available for those cases where a local time zone is a percentage of an hour different from UTC. For example, the time zone for some sections of Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and .5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30.
Chapter 4 Administering the Switch Configuring Time and Date Manually DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 clock summer-time zone Configure DST to start and end on the specified days every year. recurring [week day month hh:mm DST is disabled by default. If you specify clock summer-time week day month hh:mm [offset]] zone recurring without parameters, the summer time rules default to the United States rules.
Chapter 4 Administering the Switch Configuring a System Name and Prompt DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 Configure DST to start on the first date and end on the second clock summer-time zone date [month date year hh:mm month date date. year hh:mm [offset]] DST is disabled by default. or • For zone, specify the name of the time zone (for example, clock summer-time zone date PDT) to be displayed when DST is in effect.
Chapter 4 Administering the Switch Configuring DNS • The name must follow the rules for ARPANET hostnames. They must start with a letter, end with a letter or digit, and contain only letters, digits, and hyphens. Names must be 63 characters or fewer. Creating an all numeric hostname is not recommended but the name will be accepted after an error is returned. • A hostname of less than 10 characters is recommended.
Chapter 4 Administering the Switch Creating a Banner DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip domain-name name Define a default domain name that the software uses to complete unqualified hostnames (names without a dotted-decimal domain name). Note Do not include the initial period that separates an unqualified name from the domain name.
Chapter 4 Administering the Switch Creating a Banner The login banner is also displayed on all connected terminals. It appears after the MOTD banner and before the login prompts. This section includes the following topics: • Configuring a Message-of-the-Day Login Banner, page 4-22 • Configuring a Login Banner, page 4-23 Configuring a Message-of-the-Day Login Banner You can create a single or multiline message banner that appears on the screen when someone logs in to the switch.
Chapter 4 Administering the Switch Managing the MAC Address Table Password: Configuring a Login Banner You can configure a login banner that appears on all connected terminals. This banner appears after the MOTD banner and before the login prompt. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 banner login c message c Specify the login message.
Chapter 4 Administering the Switch Managing the MAC Address Table This section includes the following topics: • Changing the Address Aging Time, page 4-24 • Removing Dynamic Address Entries, page 4-25 • Configuring MAC Address Change Notification Traps, page 4-25 • Configuring MAC Address Move Notification Traps, page 4-27 • Configuring MAC Threshold Notification Traps, page 4-29 • Adding and Removing Static Address Entries, page 4-30 • Configuring Unicast MAC Address Filtering, page 4-32 •
Chapter 4 Administering the Switch Managing the MAC Address Table EXAMPLE The following example shows how to configure aging time to 300 seconds: Switch(config)# mac-address-table aging-time 300 Removing Dynamic Address Entries To remove all dynamic entries, use the clear mac address-table dynamic command in privileged EXEC mode.
Chapter 4 Administering the Switch Managing the MAC Address Table DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 snmp-server host host-addr {traps | informs} {version {1 | 2c | 3}} community-string notification-type Specify the recipient of the trap message. • For host-addr, specify the name or address of the NMS. • Specify traps (the default) to send SNMP traps to the host. Specify informs to send SNMP informs to the host.
Chapter 4 Administering the Switch Managing the MAC Address Table Step 7 Command Purpose snmp trap mac-notification change {added | removed} Enable the MAC address change notification trap on the interface. • Enable the trap when a MAC address is added on this interface. • Enable the trap when a MAC address is removed from this interface. Step 8 end Return to privileged EXEC mode. Step 9 show mac address-table notification change interface Verify your entries.
Chapter 4 Administering the Switch Managing the MAC Address Table DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 snmp-server host host-addr {traps | informs} {version {1 | 2c | 3}} community-string notification-type Specify the recipient of the trap message. • For host-addr, specify the name or address of the NMS. • Specify traps (the default) to send SNMP traps to the host. Specify informs to send SNMP informs to the host.
Chapter 4 Administering the Switch Managing the MAC Address Table You can verify your settings by entering the show mac address-table notification mac-move privileged EXEC commands. Configuring MAC Threshold Notification Traps When you configure MAC threshold notification, an SNMP notification is generated and sent to the network management system when a MAC address table threshold limit is reached or exceeded. BEFORE YOU BEGIN Obtain the NMS name or address and the community string.
Chapter 4 Administering the Switch Managing the MAC Address Table Step 5 Command Purpose mac address-table notification threshold [limit percentage] | [interval time] Enter the threshold value for the MAC address threshold usage monitoring. • (Optional) For limit percentage, specify the percentage of the MAC address table use; valid values are from 1 to 100 percent. The default is 50 percent.
Chapter 4 Administering the Switch Managing the MAC Address Table You add a static address to the address table by specifying the destination MAC unicast address and the VLAN from which it is received. Packets received with this destination address are forwarded to the interface specified with the interface-id option. When you configure a static MAC address in a private-VLAN primary or secondary VLAN, you should also configure the same static MAC address in all associated VLANs.
Chapter 4 Administering the Switch Managing the MAC Address Table Configuring Unicast MAC Address Filtering When unicast MAC address filtering is enabled, the switch drops packets with specific source or destination MAC addresses. This feature is disabled by default and only supports unicast static addresses.
Chapter 4 Administering the Switch Managing the MAC Address Table Command Purpose Step 4 show mac address-table static Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable unicast MAC address filtering, use the no mac address-table static mac-addr vlan vlan-id global configuration command.
Chapter 4 Administering the Switch Managing the MAC Address Table • If you disable MAC address learning on a VLAN that includes a secure port, MAC address learning is not disabled on that port. If you disable port security, the configured MAC address learning state is enabled. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 no mac address-table learning vlan vlan-id Disable MAC address learning on the specified VLAN or VLANs.
Chapter 4 Administering the Switch Verifying Configuration Command Description show mac address-table dynamic Displays only dynamic MAC address table entries. show mac address-table interface Displays the MAC address table information for the specified interface. show mac address-table notification Displays the MAC notification parameters and history table. show mac address-table static Displays only static MAC address table entries.
Chapter 4 Administering the Switch Configuration Example Switch(config)# access-list 99 permit 172.20.130.5 Switch(config)# access list 42 permit 172.20.130.6 This example shows how to manually set the system clock to 1:32 p.m.
Chapter 4 Administering the Switch Configuration Example Switch(config)# interface gigabitethernet0/2 Switch(config-if)# snmp trap mac-notification change added This example shows how to specify 172.20.10.10 as the NMS, enable the switch to send MAC address move notification traps to the NMS, enable the MAC address move notification feature, and enable traps when a MAC address moves from one port to another: Switch(config)# snmp-server host 172.20.10.
Chapter 4 Administering the Switch Related Documents Related Documents • Cisco IOS Configuration Fundamentals Command Reference, Release 15.2M&T • Cisco IOS Basic System Management Command Reference • Cisco IOS IP Addressing Services Command Reference, Release 15.
CH A P T E R 5 Configuring the Switch Alarms This chapter describes how to configure alarms on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch.
Chapter 5 Configuring the Switch Alarms Information About Switch Alarms • Global Status Monitoring Alarms, page 5-2 • FCS Error Hysteresis Threshold, page 5-2 • Port Status Monitoring Alarms, page 5-2 • Triggering Alarm Options, page 5-3 Global Status Monitoring Alarms The switch processes alarms related power supply conditions, referred to as global or facility alarms.
Chapter 5 Configuring the Switch Alarms Information About Switch Alarms Note You can associate multiple alarms to one relay or one alarm to both relays. Table 5-2 lists the port status monitoring alarms and their descriptions and functions. Each fault condition is assigned a severity level based on the Cisco IOS System Error Message Severity Level.
Chapter 5 Configuring the Switch Alarms Prerequisites You can use alarm profiles to send system messages to a syslog server. See the “Configuring Switch Alarms” section on page 5-7 for more information. Prerequisites Review the “Information About Switch Alarms” section on page 5-1. Guidelines and Limitations The snmp-server enable traps alarms command is used in conjunction with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications.
Chapter 5 Configuring the Switch Alarms Configuring External Alarms Figure 5-1 Alarm connection 1 Alarm 1 input 2 Alarm 2 input 3 Normally closed 4 Alarm 3 input 5 Alarm 4 input 6 Normally open 7 Alarm output common 8 Alarm input common 1 2 3 4 5 6 7 8 207434 Pin Alarm Port Pinouts For each alarm input, you can configure an open or closed circuit to trigger an alarm and configure the severity of the alarm. A triggered alarm generates a system message.
Chapter 5 Configuring the Switch Alarms Configuring External Alarms Step 3 Command Purpose alarm contact {contact-number | all} {severity {critical | major | minor} | trigger {closed | open}} Configure the trigger and severity for an alarm contact number or for all contact numbers. • Enter a contact number (1 to 4) or specify that you are configuring all alarms. See Figure 5-1 for the alarm contact pinouts. • For severity, enter critical, major, or minor.
Chapter 5 Configuring the Switch Alarms Configuring Switch Alarms ALARM CONTACT 4 Status: not asserted Description: Severity: critical Trigger: closed Configuring Switch Alarms This section includes the following topics: • Configuring the Power Supply Alarms, page 5-7 • Configuring the FCS Bit Error Rate Alarm, page 5-8 • Configuring Alarm Profiles, page 5-9 • Enabling SNMP Traps, page 5-12 Configuring the Power Supply Alarms The presence of power supplies is dynamically detected.
Chapter 5 Configuring the Switch Alarms Configuring Switch Alarms To disable sending the alarm to a relay, to syslog, or to an SNMP server, use the no alarm facility power-supply rps relay, no alarm facility power-supply rps notifies, or no alarm facility power-supply rps syslog global configuration commands.
Chapter 5 Configuring the Switch Alarms Configuring Switch Alarms Setting the FCS Error Hysteresis Threshold The hysteresis setting prevents the toggle of an alarm when the actual bit error rate fluctuates near the configured rate. Use the alarm facility fcs-hysteresis global configuration command to set the FCS error hysteresis threshold. Note The FCS hysteresis threshold is applied to all ports of a switch. BEFORE YOU BEGIN Review the “FCS Error Hysteresis Threshold” section on page 5-2.
Chapter 5 Configuring the Switch Alarms Configuring Switch Alarms Note The only alarm enabled in the defaultPort profile is the Port not operating alarm. BEFORE YOU BEGIN Before you use the notifies command to send alarm traps to an SNMP server, you must first set up the SNMP server by using the snmp-server enable traps alarms global configuration command. See the “Enabling SNMP Traps” section on page 5-12. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 5 Configuring the Switch Alarms Configuring Switch Alarms EXAMPLE This example creates or modifies the alarm profile fastE for the Fast Ethernet port with link-down (alarmList ID 3) alarm enabled. The link-down alarm is connected to the major relay. This alarm also send notifications to an SNMP server and sends system messages to a syslog server.
Chapter 5 Configuring the Switch Alarms Verifying Configuration Enabling SNMP Traps Use the snmp-server enable traps alarms global configuration command to enable the switch to send alarm traps. BEFORE YOU BEGIN The snmp-server enable traps alarms command is used in conjunction with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications. To send notifications, you must configure at least one snmp-server host command.
Chapter 5 Configuring the Switch Alarms Configuration Example Switch(config)# end Switch(config)# show env alarm-contact Switch# show env alarm-contact ALARM CONTACT 1 Status: not asserted Description: test_1 Severity: critical Trigger: open ALARM CONTACT 2 Status: not asserted Description: door sensor Severity: major Trigger: closed ALARM CONTACT 3 Status: not asserted Description: flood sensor Severity: critical Trigger: closed ALARM CONTACT 4 Status: not asserted Description: Severity: critical Trigger
Chapter 5 Configuring the Switch Alarms Related Documents Related Documents • Cisco IOS Master Command List, All Releases • Cisco IE 2000U Switch Hardware Installation Guide Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.
CH A P T E R 6 Configuring SDM Templates This chapter describes how to configure the Switch Database Management (SDM) templates on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. SDM template configuration is supported in both IP Services and LAN Base images. Note For complete syntax and usage information for the commands used in this chapter, see the command reference listed in the “Related Documents” section on page 6-7.
Chapter 6 Configuring SDM Templates Information About the SDM Templates • Default—The default template gives balance to all functions: Layer 2 and Layer 3 (routing). This template is available on switches running either the IP Services or LAN Base image.
Chapter 6 Configuring SDM Templates Prerequisites • Dual IPv4 and IPv6 routing template—supports Layer 2, multicast, routing (including policy-based routing), QoS, and ACLs for IPv4; and Layer 2, routing, and ACLs for IPv6 on the switch.
Chapter 6 Configuring SDM Templates Guidelines and Limitations Guidelines and Limitations Follow these guidelines when selecting and configuring SDM templates: Note • You must reload the switch for the configuration to take effect. • If you are using the switch for Layer 2 features only, select the layer-2 template. • Do not use the default template if you do not have routing enabled on your switch.
Chapter 6 Configuring SDM Templates Configuring the Switch SDM Template BEFORE YOU BEGIN Review the “Guidelines and Limitations” section on page 6-4. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 sdm prefer {default | Specify the SDM template to be used on the switch: dual-ipv4-and-ipv6 {default | routing The keywords have these meanings: | vlan} | layer-2} • default—Balance all functions.
Chapter 6 Configuring SDM Templates Verifying Configuration To return to the default template, use the no sdm prefer global configuration command. This example shows how to configure a switch with the layer-2 template: Switch(config)# sdm prefer layer-2 Switch(config)# end Switch# reload Proceed with reload? [confirm] Verifying Configuration Use the show sdm prefer privileged EXEC command with no parameters to display the active template.
Chapter 6 Configuring SDM Templates Configuration Example number number number number number number number number of of of of of of of of directly-connected IPv6 addresses: indirect IPv6 unicast routes: IPv4 policy based routing aces: IPv4/MAC qos aces: IPv4/MAC security aces: IPv6 policy based routing aces: IPv6 qos aces: IPv6 security aces: 1.5K 1.25K 0.25K 0.75K 0.5K 0.25K 0.5K 0.
Chapter 6 Configuring SDM Templates Feature History Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.2(53)EX Ethernet Switch Module (ESM) for CGR 2010 Cisco IOS Release 12.
CH A P T E R 7 Configuring Smartports Macros This chapter describes how to configure Smartports macros on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch.
Chapter 7 Configuring Smartports Macros Default Settings • When creating a macro, do not use the exit or end commands or change the command mode by using interface interface-id. This could cause commands that follow exit, end, or interface interface-id to execute in a different command mode. • When creating a macro, all CLI commands should be in the same configuration mode. • When you apply a macro to an interface, the CLI commands within the macro are configured on the interface.
Chapter 7 Configuring Smartports Macros Configuring Smartports Macros Table 7-1 Default Smartports Macros Macro Name1 Description Global Configuration Macros cisco-cg-global Use this global configuration macro to configure the switch settings for the industrial Ethernet environment. This macro is automatically applied when you use Express Setup to initially configure the switch. Note You must first apply the cisco-cg-global macro for the interface configuration macros to work properly.
Chapter 7 Configuring Smartports Macros Configuring Smartports Macros Creating Smartports Macros BEFORE YOU BEGIN Review the “Guidelines and Limitations” section on page 7-1. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 macro name macro-name Create a macro definition, and enter a macro name. A macro definition can contain up to 3000 characters. Enter the macro commands with one command per line. Use the @ character to end the macro.
Chapter 7 Configuring Smartports Macros Configuring Smartports Macros Applying Smartports Macros BEFORE YOU BEGIN Review the “Guidelines and Limitations” section on page 7-1. DETAILED STEPS Command Purpose Step 1 show parser macro Display the Cisco-default Smartports macros embedded in the switch software. Step 2 show parser macro name macro-name Display the specific macro that you want to apply. Step 3 configure terminal Enter global configuration mode.
Chapter 7 Configuring Smartports Macros Configuring Smartports Macros Step 7 Command Purpose macro {apply | trace} macro-name [parameter {value}] [parameter {value}] [parameter {value}] Apply each individual command defined in the macro to the port by entering macro apply macro-name. Specify macro trace macro-name to apply and to debug a macro to find any syntax or configuration errors. Append the macro with the required values by using the parameter value keywords.
Chapter 7 Configuring Smartports Macros Verifying Configuration Applying Applying Applying Applying Applying Applying command... command... command... command... command... command... 'switchport port-security 'switchport port-security 'switchport port-security 'switchport port-security 'port-type nni' 'spanning-tree portfast' maximum 1' aging time 2' violation restrict' aging type inactivity' Verifying Configuration Command Purpose show parser macro Displays all Smartports macros.
Chapter 7 Configuring Smartports Macros Feature History Applying command... 'switchport port-security aging type inactivity' Applying command... 'port-type nni' Applying command... 'spanning-tree portfast' Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.2(53)EX Ethernet Switch Module (ESM) for CGR 2010 Cisco IOS Release 12.
CH A P T E R 8 Configuring LLDP and LLDP-MED This chapter describes how to configure the Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (LLDP-MED) on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. Note For complete syntax and usage information for the commands used in this chapter, see the documents listed in the “Related Documents” section on page 8-10.
Chapter 8 Configuring LLDP and LLDP-MED Information About LLDP and LLDP-MED To support non-Cisco devices and to allow for interoperability between other devices, the switch supports the IEEE 802.1AB Link Layer Discovery Protocol (LLDP). LLDP is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network.
Chapter 8 Configuring LLDP and LLDP-MED Prerequisites Allows an endpoint to transmit detailed inventory information about itself to the switch, including information hardware revision, firmware version, software version, serial number, manufacturer name, model name, and asset ID TLV.
Chapter 8 Configuring LLDP and LLDP-MED Configuring LLDP and LLDP-MED Configuring LLDP and LLDP-MED • Configuring LLDP Characteristics, page 8-4 • Disabling and Enabling LLDP Globally, page 8-5 • Disabling and Enabling LLDP on an Interface, page 8-6 • Configuring LLDP-MED TLVs, page 8-7 Configuring LLDP Characteristics You can configure the frequency of LLDP updates, the amount of time to hold the information before discarding it, and the initialization delay time.
Chapter 8 Configuring LLDP and LLDP-MED Configuring LLDP and LLDP-MED EXAMPLE This example shows how to configure LLDP characteristics: Switch# configure terminal Switch(config)# lldp holdtime 120 Switch(config)# lldp reinit 2 Switch(config)# lldp timer 30 Switch(config)# end Disabling and Enabling LLDP Globally LLDP is disabled globally by default and is enabled on NNIs. It is disabled by default on ENIs, but can be enabled per interface. LLDP is not supported on UNIs.
Chapter 8 Configuring LLDP and LLDP-MED Configuring LLDP and LLDP-MED Command Purpose Step 2 lldp run Enable LLDP. Step 3 end Return to privileged EXEC mode. EXAMPLE This example shows how to globally enable LLDP: Switch# configure terminal Switch(config)# lldp run Switch(config)# end Disabling and Enabling LLDP on an Interface LLDP is disabled by default on all NNIs to send and to receive LLDP information.
Chapter 8 Configuring LLDP and LLDP-MED Configuring LLDP and LLDP-MED Enabling LLDP on an Interface BEFORE YOU BEGIN Review the “Information About LLDP and LLDP-MED” section on page 8-1. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface on which you are enabling LLDP, and enter interface configuration mode. LLDP is supported only on NNIs and ENIs. It is not supported on UNIs.
Chapter 8 Configuring LLDP and LLDP-MED Configuring LLDP and LLDP-MED Table 8-1 LLDP-MED TLVs (continued) LLDP-MED TLV Description network-policy LLDP-MED network policy TLV power-management LLDP-MED power management TLV Disabling a TLV BEFORE YOU BEGIN Review the “Information About LLDP and LLDP-MED” section on page 8-1. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 8 Configuring LLDP and LLDP-MED Verifying Configuration Command Purpose Step 4 end Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file.
Chapter 8 Configuring LLDP and LLDP-MED Related Documents This example shows how to globally disable LLDP: Switch# configure terminal Switch(config)# no lldp run Switch(config)# end This example shows how to globally enable LLDP: Switch# configure terminal Switch(config)# lldp run Switch(config)# end This example shows how to disable LLDP on an interface: Switch# configure terminal Switch(config)# interface GigabitEthernet1/0/1 Switch(config-if)# no lldp transmit Switch(config-if)# no lldp receive Swit
Chapter 8 Configuring LLDP and LLDP-MED Feature History Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.2(53)EX Ethernet Switch Module (ESM) for CGR 2010 Cisco IOS Release 12.
Chapter 8 Feature History System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches 8-12 Configuring LLDP and LLDP-MED
CH A P T E R 9 Configuring Port-Based Traffic Control This chapter describes how to configure the port-based traffic control features on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. Note For complete syntax and usage information for the commands used in this chapter, see the documents listed in the “Related Documents” section on page 9-21.
Chapter 9 Configuring Port-Based Traffic Control Information About Port-Based Traffic Control Storm Control Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation or in the network configuration can cause a storm.
Chapter 9 Configuring Port-Based Traffic Control Information About Port-Based Traffic Control The combination of the storm-control suppression level and the 1-second time interval controls the way the storm control algorithm works. A higher threshold allows more packets to pass through. A threshold value of 100 percent means that no limit is placed on the traffic. A value of 0.0 means that all broadcast, multicast, or unicast traffic on that port is blocked.
Chapter 9 Configuring Port-Based Traffic Control Information About Port-Based Traffic Control Secure MAC Addresses You configure the maximum number of secure addresses allowed on a port by using the switchport port-security maximum value interface configuration command. Note If you try to set the maximum value to a number less than the number of secure addresses already configured on an interface, the command is rejected.
Chapter 9 Configuring Port-Based Traffic Control Prerequisites You can configure the interface for one of three violation modes, based on the action to be taken if a violation occurs: • protect—when the number of secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses.
Chapter 9 Configuring Port-Based Traffic Control Guidelines and Limitations counted, threshold percentages are approximations. Depending on the sizes of the packets making up the incoming traffic, the actual enforced threshold might differ from the configured level by several percentage points. • Storm control is supported on physical interfaces. You can also configure storm control on an EtherChannel.
Chapter 9 Configuring Port-Based Traffic Control Default Settings Table 9-2 Port Security Compatibility with Other Switch Features Type of Port or Feature on Port Compatible with Port Security Trunk port Yes Dynamic-access port (a VLAN Query Protocol [VQP] port configured with the switchport access vlan dynamic interface configuration command) No Routed port No SPAN source port Yes SPAN destination port No EtherChannel No Tunneling port Yes Protected port Yes 802.
Chapter 9 Configuring Port-Based Traffic Control Configuring Storm Control Configuring Storm Control You configure storm control on a port and enter the threshold level that you want to be used for a particular type of traffic. BEFORE YOU BEGIN Review the “Guidelines and Limitations” section on page 9-5. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 9 Configuring Port-Based Traffic Control Configuring Storm Control Command Step 4 Purpose Configure broadcast, multicast, or unicast storm control. By storm-control {broadcast | default, storm control is disabled. multicast | unicast} level {level [level-low] | bps bps [bps-low] | pps The keywords have these meanings: pps [pps-low]} • For level, specify the rising threshold level for broadcast, multicast, or unicast traffic as a percentage (up to two decimal places) of the bandwidth.
Chapter 9 Configuring Port-Based Traffic Control Configuring Protected Ports Command Purpose Step 7 show storm-control [interface-id] [broadcast | multicast | unicast] Verify the storm control suppression levels set on the interface for the specified traffic type. If you do not enter a traffic type, broadcast storm control settings are displayed. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file.
Chapter 9 Configuring Port-Based Traffic Control Configuring Port Blocking Command Purpose Step 5 show interfaces interface-id switchport Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable protected port, use the no switchport protected interface configuration command.
Chapter 9 Configuring Port-Based Traffic Control Configuring Port Security To return the interface to the default condition where no traffic is blocked and normal forwarding occurs on the port, use the no switchport block {multicast | unicast} interface configuration commands.
Chapter 9 Configuring Port-Based Traffic Control Configuring Port Security Command Purpose Step 4 switchport mode {access | trunk} Set the interface switchport mode as access or trunk; an interface in the default mode (dynamic auto) cannot be configured as a secure port. Step 5 switchport port-security Enable port security on the interface. Step 6 switchport port-security (Optional) Set the maximum number of secure MAC addresses for [maximum value [vlan vlan-list the interface.
Chapter 9 Configuring Port-Based Traffic Control Configuring Port Security Step 7 Command Purpose switchport port-security violation {protect | restrict | shutdown} (Optional) Set the violation mode, the action to be taken when a security violation is detected, as one of these: • Note switchport port-security [mac-address mac-address [vlan {vlan-id | {access}}] We do not recommend configuring the protect mode on a trunk port.
Chapter 9 Configuring Port-Based Traffic Control Configuring Port Security Step 10 Command Purpose switchport port-security mac-address sticky [mac-address | vlan {vlan-id | {access}] (Optional) Enter a sticky secure MAC address, repeating the command as many times as necessary. If you configure fewer secure MAC addresses than the maximum, the remaining MAC addresses are dynamically learned, are converted to sticky secure MAC addresses, and are added to the running configuration.
Chapter 9 Configuring Port-Based Traffic Control Configuring Port Security You must specifically delete configured secure MAC addresses from the address table by using the no switchport port-security mac-address mac-address interface configuration command. EXAMPLE This example shows how to enable port security on a port and to set the maximum number of secure addresses to 50. The violation mode is the default, no static secure MAC addresses are configured, and sticky learning is enabled.
Chapter 9 Configuring Port-Based Traffic Control Configuring Port Security DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to configure, and enter interface configuration mode. Step 3 no shutdown Enable the port, if necessary. By default, UNIs and ENIs are disabled, and NNIs are enabled.
Chapter 9 Configuring Port-Based Traffic Control Configuring Port Security You can verify the previous commands by entering the show port-security interface interface-id privileged EXEC command. Port Security and Private VLANs Port security allows an administrator to limit the number of MAC addresses learned on a port or to define which MAC addresses can be learned on a port. Follow this procedure to configure port security on a PVLAN host and promiscuous ports.
Chapter 9 Configuring Port-Based Traffic Control Verifying Configuration Verifying Configuration The show interfaces interface-id switchport privileged EXEC command displays (among other characteristics) the interface traffic suppression and control configuration. The show storm-control and show port-security privileged EXEC commands display those storm control and port security settings.
Chapter 9 Configuring Port-Based Traffic Control Configuration Example Switch(config-if)# no shutdown Switch(config-if)# switchport protected Switch(config-if)# end This example shows how to block unicast and Layer 2 multicast flooding on a port: Switch# configure terminal Switch(config)# interface fastethernet0/1 Switch(config-if)# no shutdown Switch(config-if)# switchport block multicast Switch(config-if)# switchport block unicast Switch(config-if)# end This example shows how to enable port security
Chapter 9 Configuring Port-Based Traffic Control Related Documents Related Documents • Cisco IOS Master Command List, All Releases • Cisco IOS Interface and Hardware Component Command Reference • Interfaces Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches • Layer 2 Switching Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.
Chapter 9 Feature History System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches 9-22 Configuring Port-Based Traffic Control
CH A P T E R 10 Configuring CDP This chapter describes how to configure Cisco Discovery Protocol (CDP) on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. Note For complete syntax and usage information for the commands used in this chapter, see the documents listed in the “Related Documents” section on page 10-7.
Chapter 10 Configuring CDP Prerequisites The switch supports CDP Version 2. Prerequisites Interfaces must support Subnetwork Access Protocol (SNAP) headers. Guidelines and Limitations • Cisco Discovery Protocol functions only on Cisco devices. • Cisco Discovery Protocol is not supported on Frame Relay multipoint subinterfaces. Default Settings Feature Default Setting CDP global state Enabled. CDP interface state Enabled only on NNIs; disabled on ENIs. Note CDP is not supported on UNIs.
Chapter 10 Configuring CDP Configuring CDP BEFORE YOU BEGIN Steps 2 through 4 are all optional and can be performed in any order. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 cdp timer seconds (Optional) Set the transmission frequency of CDP updates in seconds. The range is 5 to 254; the default is 60 seconds.
Chapter 10 Configuring CDP Configuring CDP DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 no cdp run Disable CDP. Step 3 end Return to privileged EXEC mode. EXAMPLE Switch# configure terminal Switch(config)# no cdp run Switch(config)# end Enabling CDP DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 cdp run Enable CDP after disabling it. Step 3 end Return to privileged EXEC mode.
Chapter 10 Configuring CDP Configuring CDP DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface on which you are disabling CDP, and enter interface configuration mode. Note If the interface is a UNI, you must enter the port-type nni or port-type eni interface configuration command before configuring CDP. By default, CDP is enabled on NNIs and disabled on ENIs.
Chapter 10 Configuring CDP Verifying Configuration This example shows how to change a UNI to an ENI and enable CDP on the port: Switch# configure terminal Switch(config)# interface fastethernet0/1 Switch(config-if)# port-type eni Switch(config-if)# cdp enable Switch(config-if)# end Verifying Configuration Command Description clear cdp counters Reset the traffic counters to zero. clear cdp table Delete the CDP table of information about neighbors.
Chapter 10 Configuring CDP Related Documents Switch(config)# cdp run Switch(config)# end This example shows how to enable CDP on a port when it has been disabled: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# cdp enable Switch(config-if)# end This example shows how to change a UNI to an ENI and enable CDP on the port: Switch# configure terminal Switch(config)# interface fastethernet0/1 Switch(config-if)# port-type eni Switch(config-if)# cdp enable Switch(conf
Chapter 10 Feature History System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches 10-8 Configuring CDP
CH A P T E R 11 Configuring SPAN and RSPAN This chapter describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. Note For complete syntax and usage information for the commands used in this chapter, see the documents listed in the “Related Documents” section on page 11-26.
Chapter 11 Configuring SPAN and RSPAN Information About SPAN and RSPAN You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.
Chapter 11 Configuring SPAN and RSPAN Information About SPAN and RSPAN Figure 11-2 Example of RSPAN Configuration RSPAN destination ports RSPAN destination session Switch C Intermediate switches must support RSPAN VLAN RSPAN VLAN RSPAN source session A RSPAN source ports Switch B RSPAN source session B RSPAN source ports 101366 Switch A SPAN and RSPAN Concepts and Terminology This section describes concepts and terminology associated with SPAN and RSPAN configuration.
Chapter 11 Configuring SPAN and RSPAN Information About SPAN and RSPAN An RSPAN source session is very similar to a local SPAN session, except for where the packet stream is directed. In an RSPAN source session, SPAN packets are relabeled with the RSPAN VLAN ID and directed over normal trunk ports to the destination switch. An RSPAN destination session takes all packets received on the RSPAN VLAN, strips off the VLAN tagging, and presents them on the destination port.
Chapter 11 Configuring SPAN and RSPAN Information About SPAN and RSPAN • Transmit (Tx) SPAN—The goal of transmit (or egress) SPAN is to monitor as much as possible all the packets sent by the source interface after all modification and processing is performed by the switch. A copy of each packet sent by the source is sent to the destination port for that SPAN session. The copy is provided after the packet is modified.
Chapter 11 Configuring SPAN and RSPAN Information About SPAN and RSPAN • It can be any port type—for example, EtherChannel, Fast Ethernet, Gigabit Ethernet, user network interface (UNI), network node interface (NNI), enhanced network interface (ENI) and so forth. • For EtherChannel sources, you can monitor traffic for the entire EtherChannel or individually on a physical port as it participates in the port channel. • It can be a routed port, an access port, or a trunk port.
Chapter 11 Configuring SPAN and RSPAN Information About SPAN and RSPAN A destination port has these characteristics: • For a local SPAN session, the destination port must reside on the same switch as the source port. For an RSPAN session, it is located on the switch containing the RSPAN destination session. There is no destination port on a switch running only an RSPAN source session. • When a port is configured as a SPAN destination port, the configuration overwrites the original port configuration.
Chapter 11 Configuring SPAN and RSPAN Prerequisites – To change a VLAN from a UNI-ENI isolated VLAN (the default) to an RSPAN VLAN, enter the rspan-vlan VLAN configuration command. – To change a UNI-ENI community VLAN to an RSPAN VLAN, you must first remove the community VLAN type by entering the no uni-vlan VLAN configuration command. • STP can run on RSPAN VLAN trunks but not on SPAN destination ports. Note • NNIs support STP by default and you can enable STP on ENIs. UNIs do not support STP.
Chapter 11 Configuring SPAN and RSPAN Guidelines and Limitations • You can limit SPAN traffic to specific VLANs by using the filter vlan keyword. If a trunk port is being monitored, only traffic on the VLANs specified with this keyword is monitored. By default, all VLANs are monitored on a trunk port. • You cannot mix source VLANs and filter VLANs within a single SPAN session. RSPAN Configuration Guidelines • All SPAN configuration guidelines apply to RSPAN.
Chapter 11 Configuring SPAN and RSPAN Default Settings • VLAN and trunking—You can modify VLAN membership or trunk settings for source or destination ports at any time. However, changes in VLAN membership or trunk settings for a destination port do not take effect until you remove the SPAN destination configuration. Changes in VLAN membership or trunk settings for a source port immediately take effect, and the respective SPAN sessions automatically adjust accordingly.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Feature Default Setting VLAN filtering On a trunk interface used as a source port, all VLANs are monitored. RSPAN VLANs None configured. Default VLAN type is UNI-ENI isolated.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Step 3 Command Purpose monitor session session_number source {interface interface-id | vlan vlan-id} [, | -] [both | rx | tx] Specify the SPAN session and the source port (monitored port). For session_number, the range is 1 to 66. For interface-id, specify the source port or source VLAN to monitor. • For source interface-id, specify the source port to monitor.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Step 4 Command Purpose monitor session session_number destination {interface interface-id [, | -] [encapsulation{dot1q | replicate}] Specify the SPAN session and the destination port (monitoring port). For session_number, specify the session number entered in Step 3. Note For local SPAN, you must use the same session number for the source and destination interfaces. For interface-id, specify the destination port.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Switch(config)# end This example shows how to disable received traffic monitoring on port 1, which was configured for bidirectional monitoring: Switch(config)# no monitor session 1 source interface gigabitethernet0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Step 4 Command Purpose monitor session session_number destination {interface interface-id [, | -] [encapsulation {dot1q | replicate}] [ingress {[dot1q | untagged] vlan vlan-id}] Specify the SPAN session, the destination port, the packet encapsulation, and the ingress VLAN and encapsulation. For session_number, specify the session number entered in Step 3. For interface-id, specify the destination port.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Switch(config)# monitor session 2 source gigabitethernet0/1 rx Switch(config)# monitor session 2 destination interface gigabitethernet0/2 encapsulation replicate ingress dot1q vlan 6 Switch(config)# end Specifying VLANs to Filter Follow this procedure to limit SPAN source traffic to specific VLANs. BEFORE YOU BEGIN Review the “Information About SPAN and RSPAN” section on page 11-1 and “Guidelines and Limitations” section on page 11-8.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Step 5 Command Purpose monitor session session_number destination {interface interface-id [, | -] [encapsulation {dot1q | replicate}]} Specify the SPAN session and the destination port (monitoring port). For session_number, specify the session number entered in Step 3. For interface-id, specify the destination port. The destination interface must be a physical port; it cannot be an EtherChannel, and it cannot be a VLAN.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Configuring a VLAN as an RSPAN VLAN Create a new VLAN to be the RSPAN VLAN for the RSPAN session. You must create the RSPAN VLAN in all switches that will participate in RSPAN. You must configure RSPAN VLAN on source and destination switches and any intermediate switches. To get an efficient flow of RSPAN traffic, manually delete the RSPAN VLAN from all trunks that do not need to carry the RSPAN traffic.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN BEFORE YOU BEGIN Review the “Information About SPAN and RSPAN” section on page 11-1 and “Guidelines and Limitations” section on page 11-8. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 no monitor session {session_number | all | local | remote} Remove any existing RSPAN configuration for the session. For session_number, the range is 1 to 66.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Step 6 Command Purpose show monitor [session session_number] Verify the configuration. show running-config Step 7 copy running-config startup-config (Optional) Save the configuration in the configuration file. To delete a SPAN session, use the no monitor session session_number global configuration command.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Step 5 Command Purpose no monitor session {session_number | all | local | remote} Remove any existing RSPAN configuration for the session. For session_number, the range is 1 to 66. Specify all to remove all RSPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Step 6 monitor session session_number source remote vlan vlan-id Specify the RSPAN session and the source RSPAN VLAN.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Creating an RSPAN Destination Session and Configuring Ingress Traffic Follow this procedure to create an RSPAN destination session, to specify the source RSPAN VLAN and the destination port, and to enable ingress traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). BEFORE YOU BEGIN Configure the RSPAN VLAN as described in the “Creating an RSPAN Destination Session” section on page 11-20.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Step 4 Command Purpose monitor session session_number destination {interface interface-id [, | -] [ingress {dot1q vlan vlan-id | untagged vlan vlan-id | vlan vlan-id}]} Specify the SPAN session, the destination port, the packet encapsulation, and the ingress VLAN and encapsulation. For session_number, enter the number defined in Step 4.
Chapter 11 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Specifying VLANs to Filter Follow this procedure to configure the RSPAN source session to limit RSPAN source traffic to specific VLANs. BEFORE YOU BEGIN Review the “Information About SPAN and RSPAN” section on page 11-1 and “Guidelines and Limitations” section on page 11-8. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 11 Configuring SPAN and RSPAN Verifying Configuration To monitor all VLANs on the trunk port, use the no monitor session session_number filter vlan global configuration command.
Chapter 11 Configuring SPAN and RSPAN Related Documents This example shows how to remove any existing configuration on SPAN session 2, configure SPAN session 2 to monitor sent traffic on Gigabit Ethernet source port 1, send it to destination Gigabit Ethernet port 2 with the same egress encapsulation type as the source port, and enable incoming forwarding with 802.
Chapter 11 Configuring SPAN and RSPAN Feature History Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.2(53)EX Ethernet Switch Module (ESM) for CGR 2010 Cisco IOS Release 12.
Chapter 11 Configuring SPAN and RSPAN Feature History System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches 11-28 OL-29255-03
CH A P T E R 12 Configuring RMON This chapter describes how to configure Remote Network Monitoring (RMON) on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. RMON is a standard monitoring specification that defines a set of statistics and functions that can be exchanged between RMON-compliant console systems and network probes. RMON provides you with comprehensive network-fault diagnosis, planning, and performance-tuning information.
Chapter 12 Configuring RMON Prerequisites Figure 12-1 Remote Monitoring Example Network management station with generic RMON console application RMON alarms and events configured. SNMP configured. Workstations Workstations 101233 RMON history and statistic collection enabled.
Chapter 12 Configuring RMON Guidelines and Limitations Guidelines and Limitations 64-bit counters are not supported for RMON alarms. Default Settings RMON is disabled by default; no alarms or events are configured.
Chapter 12 Configuring RMON Configuring RMON DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 rmon alarm number variable interval {absolute | delta} rising-threshold value [event-number] falling-threshold value [event-number] [owner string] Set an alarm on a MIB object. Step 3 • For number, specify the alarm number. The range is 1 to 65535. • For variable, specify the MIB object to monitor.
Chapter 12 Configuring RMON Configuring RMON To disable an alarm, use the no rmon alarm number global configuration command on each alarm you configured. You cannot disable at once all the alarms that you configured. To disable an event, use the no rmon event number global configuration command. EXAMPLE You can set an alarm on any MIB object. The following example configures RMON alarm number 10 by using the rmon alarm command. The alarm monitors the MIB variable ifEntry.20.
Chapter 12 Configuring RMON Configuring RMON Step 4 Command Purpose rmon collection history index [buckets bucket-number] [interval seconds] [owner ownername] Enable history collection for the specified number of buckets and time period. • For index, identify the RMON group of statistics The range is 1 to 65535. • (Optional) For buckets bucket-number, specify the maximum number of buckets desired for the RMON collection history group of statistics. The range is 1 to 65535.
Chapter 12 Configuring RMON Verifying Configuration Step 4 Command Purpose rmon collection stats index [owner ownername] Enable RMON statistic collection on the interface. • For index, specify the RMON group of statistics. The range is from 1 to 65535. • (Optional) For owner ownername, enter the name of the owner of the RMON group of statistics. Step 5 end Return to privileged EXEC mode. Step 6 show running-config Verify your entries.
Chapter 12 Related Documents This example shows how to collect RMON statistics for the owner root: Switch(config)# interface fastethernet0/1 Switch(config)# no shutdown Switch(config-if)# rmon collection stats 2 owner root Related Documents • RMON Command Reference • Cisco IOS Configuration Fundamentals Command Reference Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.
CH A P T E R 13 Configuring System Message Logging This chapter describes how to configure system message logging on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. Note For complete syntax and usage information for the commands used in this chapter, see the documents listed in the “Related Documents” section on page 13-17.
Chapter 13 Configuring System Message Logging Information About System Message Logging You can set the severity level of the messages to control the type of messages displayed on the consoles and each of the destinations. You can time-stamp log messages or set the syslog source address to enhance real-time debugging and management. For information on possible messages, see the system message guide for this release, Cisco System Messages.
Chapter 13 Configuring System Message Logging Prerequisites *Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) 18:47:02: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) *Mar 1 18:48:50.483 UTC: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) Prerequisites Review the “Information About System Message Logging” section on page 13-1.
Chapter 13 Configuring System Message Logging Configuring System Message Logging • Defining the Message Severity Level, page 13-9 (optional) • Limiting Syslog Messages Sent to the History Table and to SNMP, page 13-11 (optional) • Enabling the Configuration-Change Logger, page 13-13 (optional) • Configuring UNIX Syslog Servers, page 13-14 (optional) Disabling Message Logging Message logging is enabled by default. It must be enabled to send messages to any destination other than the console.
Chapter 13 Configuring System Message Logging Configuring System Message Logging Setting the Message Display Destination Device If message logging is enabled, you can send messages to specific locations in addition to the console. The logging buffered global configuration command copies logging messages to an internal buffer. The buffer is circular, so newer messages overwrite older messages after the buffer is full.
Chapter 13 Configuring System Message Logging Configuring System Message Logging Step 4 Command Purpose logging file flash:filename [max-file-size [min-file-size]] [severity-level-number | type] Store log messages in a file in flash memory. • For filename, enter the log message filename. • (Optional) For max-file-size, specify the maximum logging file size. The range is 4096 to 2147483647. The default is 4096 bytes. • (Optional) For min-file-size, specify the minimum logging file size.
Chapter 13 Configuring System Message Logging Configuring System Message Logging BEFORE YOU BEGIN Caution By configuring abnormally large message queue limits and setting the terminal to "terminal monitor" on a terminal that is accessible to intruders, you expose yourself to "denial of service" attacks. An intruder could carry out the attack by putting the terminal in synchronous output mode, making a Telnet connection to a remote host, and leaving the connection idle.
Chapter 13 Configuring System Message Logging Configuring System Message Logging Command Purpose Step 4 end Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable synchronization of unsolicited messages and debug output, use the no logging synchronous [level severity-level | all] [limit number-of-buffers] line configuration command.
Chapter 13 Configuring System Message Logging Configuring System Message Logging To disable time stamps for both debug and log messages, use the no service timestamps global configuration command. EXAMPLE This example shows part of a logging display with the service timestamps log datetime global configuration command enabled: *Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.
Chapter 13 Configuring System Message Logging Configuring System Message Logging Table 13-2 Message Logging Level Keywords Level Keyword Level Description Syslog Definition emergencies 0 System unstable LOG_EMERG alerts 1 Immediate action needed LOG_ALERT critical 2 Critical conditions LOG_CRIT errors 3 Error conditions LOG_ERR warnings 4 Warning conditions LOG_WARNING notifications 5 Normal but significant condition LOG_NOTICE informational 6 Informational messages only
Chapter 13 Configuring System Message Logging Configuring System Message Logging Step 4 Command Purpose logging trap level Limit messages logged to the syslog servers. By default, syslog servers receive informational messages and numerically lower levels (see Table 13-2 on page 13-10). For complete syslog server configuration steps, see the “Configuring UNIX Syslog Servers” section on page 13-14. Step 5 end Return to privileged EXEC mode.
Chapter 13 Configuring System Message Logging Configuring System Message Logging DETAILED STEPS Command Step 1 Step 2 Purpose configure terminal logging history level Enter global configuration mode. 1 Change the default level of syslog messages stored in the history file and sent to the SNMP server. See Table 13-2 on page 13-10 for a list of level keywords. By default, warnings, errors, critical, alerts, and emergencies messages are sent.
Chapter 13 Configuring System Message Logging Configuring System Message Logging Enabling the Configuration-Change Logger You can enable a configuration logger to keep track of configuration changes made with the command-line interface (CLI). When you enter the logging enable configuration-change logger configuration command, the log records the session, the user, and the command that was entered to change the configuration.
Chapter 13 Configuring System Message Logging Configuring System Message Logging 40 radius 41 42 43 44 45 46 47 12 unknown user@vty3 |no aaa accounting dot1x default start-stop group 13 14 14 14 16 16 16 unknown user@vty3 temi@vty4 temi@vty4 temi@vty4 temi@vty5 temi@vty5 temi@vty5 |no aaa accounting system default |interface GigabitEthernet4/0/1 | switchport mode trunk | exit |interface FastEthernet5/0/1 | switchport mode trunk | exit Configuring UNIX Syslog Servers The next sections describe how
Chapter 13 Configuring System Message Logging Configuring System Message Logging Configuring the UNIX System Logging Facility When sending system log messages to an external device, you can cause the switch to identify its messages as originating from any of the UNIX syslog facilities. Table 13-3 lists the UNIX system facilities supported by the software.
Chapter 13 Configuring System Message Logging Verifying the Configuration Command Purpose Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a syslog server, use the no logging host global configuration command, and specify the syslog server IP address. To disable logging to syslog servers, enter the no logging trap global configuration command.
Chapter 13 Configuring System Message Logging Related Documents Switch(config)# logging console alerts This example shows how to enable the configuration-change logger and to set the number of entries in the log to 500: Switch(config)# archive Switch(config-archive)# log config Switch(config-archive-log-cfg)# logging enable Switch(config-archive-log-cfg)# logging size 500 Switch(config-archive-log-cfg)# end In the following example, the logging history 1 command is used to configure the system to save o
Chapter 13 Configuring System Message Logging Feature History Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.2(53)EX Ethernet Switch Module (ESM) for CGR 2010 Cisco IOS Release 12.
CH A P T E R 14 Configuring SNMP This chapter describes how to configure the Simple Network Management Protocol (SNMP) on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. Note For complete syntax and usage information for the commands used in this chapter, see the documents listed in the “Related Documents” section on page 14-25.
Chapter 14 Configuring SNMP Information About SNMP An agent can send unsolicited traps to the manager. Traps are messages alerting the SNMP manager to a condition on the network. Traps can mean improper user authentication, restarts, link status (up or down), MAC address tracking, closing of a TCP connection, loss of connection to a neighbor, or other significant events.
Chapter 14 Configuring SNMP Information About SNMP SNMPv2C includes a bulk retrieval mechanism and more detailed error message reporting to management stations. The bulk retrieval mechanism retrieves tables and large quantities of information, minimizing the number of round-trips required. The SNMPv2C improved error-handling includes expanded error codes that distinguish different kinds of error conditions; these conditions are reported through a single error code in SNMPv1.
Chapter 14 Configuring SNMP Information About SNMP Table 14-2 SNMP Operations (continued) Operation get-bulk-request Description 2 Retrieves large blocks of data, such as multiple rows in a table, that would otherwise require the transmission of many small blocks of data. get-response Replies to a get-request, get-next-request, and set-request sent by an NMS. set-request Stores a value in a specific variable.
Chapter 14 Configuring SNMP Information About SNMP As shown in Figure 14-1, the SNMP agent gathers data from the MIB. The agent can send traps, or notification of certain events, to the SNMP manager, which receives and processes the traps. Traps alert the SNMP manager to a condition on the network such as improper user authentication, restarts, link status (up or down), MAC address tracking, and so forth.
Chapter 14 Configuring SNMP Information About SNMP SNMP ifIndex MIB Object Values In an NMS, the IF-MIB generates and assigns an interface index (ifIndex) object value that is a unique number greater than zero to identify a physical or a logical interface. When the switch reboots or the switch software is upgraded, the switch uses this same value for the interface. For example, if the switch assigns a port 2 an ifIndex value of 10003, this value is the same after the switch reboots.
Chapter 14 Configuring SNMP Prerequisites Prerequisites Review the “Information About SNMP” section on page 14-1 and “Guidelines and Limitations” section on page 14-7. Guidelines and Limitations If the switch starts and the switch startup configuration has at least one snmp-server global configuration command, the SNMP agent is enabled. An SNMP group is a table that maps SNMP users to SNMP views. An SNMP user is a member of an SNMP group. An SNMP host is the recipient of an SNMP trap operation.
Chapter 14 Configuring SNMP Configuring SNMP Feature Default Setting SNMPv3 authentication If no keyword is entered, the default is the noauth (noAuthNoPriv) security level. SNMP notification type If no type is specified, all notifications are sent. 1. This is the default at switch startup when the startup configuration does not have any snmp-server global configuration commands.
Chapter 14 Configuring SNMP Configuring SNMP Configuring Community Strings You use the SNMP community string to define the relationship between the SNMP manager and the agent. The community string acts like a password to permit access to the agent on the switch.
Chapter 14 Configuring SNMP Configuring SNMP Step 3 Command Purpose access-list access-list-number {deny | permit} source [source-wildcard] (Optional) If you specified an IP standard access list number in Step 2, then create the list, repeating the command as many times as necessary. • For access-list-number, enter the access list number specified in Step 2. • The deny keyword denies access if the conditions are matched. The permit keyword permits access if the conditions are matched.
Chapter 14 Configuring SNMP Configuring SNMP DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 snmp-server engineID {local engineid-string | remote ip-address [udp-port port-number] engineid-string} Configure a name for either the local or remote copy of SNMP. • The engineid-string is a 24-character ID string with the name of the copy of SNMP. You need not specify the entire 24-character engine ID if it has trailing zeros.
Chapter 14 Configuring SNMP Configuring SNMP Command Step 3 Purpose snmp-server group groupname {v1 | Configure a new SNMP group on the remote device. v2c | v3 {auth | noauth | priv}} [read • For groupname, specify the name of the group. readview] [write writeview] [notify • Specify a security model: notifyview] [access access-list] – v1 is the least secure of the possible security models. – v2c is the second least secure model. It allows transmission of informs and integers twice the normal width.
Chapter 14 Configuring SNMP Configuring SNMP Command Step 4 Purpose Add a new user for an SNMP group. snmp-server user username groupname {remote host [udp-port • The username is the name of the user on the host that port]} {v1 [access access-list] | v2c connects to the agent. [access access-list] | v3 [encrypted] [access access-list] [auth {md5 | sha} • The groupname is the name of the group to which the user is associated.
Chapter 14 Configuring SNMP Configuring SNMP Configuring SNMP Notifications A trap manager is a management station that receives and processes traps. Traps are system alerts that the switch generates when certain events occur. By default, no trap manager is defined, and no traps are sent. Switches can have an unlimited number of trap managers. Note Many commands use the word traps in the command syntax.
Chapter 14 Configuring SNMP Configuring SNMP Table 14-4 Switch Notification Types (continued) Notification Type Keyword Description port-security Generates SNMP port security traps. You can also set a maximum trap rate per second. The range is from 0 to 1000; the default is 0, which means that there is no rate limit.
Chapter 14 Configuring SNMP Configuring SNMP DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 snmp-server engineID remote ip-address engineid-string Specify the engine ID for the remote host.
Chapter 14 Configuring SNMP Configuring SNMP Step 6 Command Purpose snmp-server enable traps notification-types Enable the switch to send traps or informs and specify the type of notifications to be sent. For a list of notification types, see Table 14-4 on page 14-14, or enter snmp-server enable traps ? To enable multiple types of traps, you must enter a separate snmp-server enable traps command for each trap type.
Chapter 14 Configuring SNMP Configuring SNMP Setting the Agent Contact and Location Information Set the system contact and location of the SNMP agent so that these descriptions can be accessed through the configuration file. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 snmp-server contact text Set the system contact string. Step 3 snmp-server location text Set the system location string. Step 4 end Return to privileged EXEC mode.
Chapter 14 Configuring SNMP Configuring SNMP Step 3 Command Purpose access-list access-list-number {deny | permit} source [source-wildcard] Create a standard access list, repeating the command as many times as necessary. • For access-list-number, enter the access list number specified in Step 2. • The deny keyword denies access if the conditions are matched. The permit keyword permits access if the conditions are matched.
Chapter 14 Configuring SNMP Configuring SNMP DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 snmp mib bulkstat object-list list-name Define an SNMP bulk-statistics object list, and enter bulk-statistics object-list configuration mode. Step 3 add {object-name | oid} Add a MIB object to the bulk-statistics object list. • For object-name, enter the name of the MIB object to add to the list.
Chapter 14 Configuring SNMP Configuring SNMP Switch(config-bulk-objects)# add 1.3.6.1.2.1.2.1.2.2.2.1.
Chapter 14 Configuring SNMP Configuring SNMP Command Purpose Step 10 enable Begin the bulk-statistics data collection and transfer process for this configuration. You must enter this command to start periodic collection and transfer. Step 11 end Return to privileged EXEC mode. Step 12 show mib bulk transfer Verify your entries. Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file.
Chapter 14 Configuring SNMP Configuring SNMP DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 process cpu statistics limit entry-percentage number [size seconds] Set the process entry limit and the size of the history table for CPU utilization statistics.
Chapter 14 Configuring SNMP Verifying Configuration Verifying Configuration To display SNMP input and output statistics, including the number of illegal community string entries, errors, and requested variables, use the show snmp privileged EXEC command. You also can use the other privileged EXEC commands listed below to display SNMP information. For information about the fields in the displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 15.2M&T.
Chapter 14 Configuring SNMP Related Documents Switch(config)# snmp-server enable traps snmp authentication Switch(config)# snmp-server host cisco.com version 2c public This example shows how to send Entity MIB traps to the host cisco.com. The community string is restricted. The first line enables the switch to send Entity MIB traps in addition to any traps previously enabled. The second line specifies the destination of these traps and overwrites any previous snmp-server host commands for the host cisco.
Chapter 14 Feature History Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.2(53)EX Ethernet Switch Module (ESM) for CGR 2010 Cisco IOS Release 12.
CH A P T E R 15 Configuring Embedded Event Manager Embedded Event Manager (EEM) is a distributed and customized approach to event detection and recovery within a Cisco IOS device. EEM offers the ability to monitor events and take informational, corrective, or any other EEM action when the monitored events occur or when a threshold is reached. An EEM policy defines an event and the actions to be taken when that event occurs.
Chapter 15 Configuring Embedded Event Manager Information About Embedded Event Manager Figure 15-1 shows the relationship between the EEM server, the core event publishers (event detectors), and the event subscribers (policies). The event publishers screen events and when there is a match on an event specification that is provided by the event subscriber. Event detectors notify the EEM server when an event occurs.
Chapter 15 Configuring Embedded Event Manager Information About Embedded Event Manager EEM allows these event detectors: • Application-specific event detector—Allows any EEM policy to publish an event. • IOS CLI event detector—Generates policies based on the commands entered through the CLI. • Generic Online Diagnostics (GOLD) event detector—Publishes an event when a GOLD failure event is detected on a specified card and subcard.
Chapter 15 Configuring Embedded Event Manager Information About Embedded Event Manager • Watchdog event detector (IOSWDSysMon)— Publishes an event when one of these events occurs: – CPU utilization for a Cisco IOS process crosses a threshold. – Memory utilization for a Cisco IOS process crosses a threshold. Two events can be monitored at the same time, and the event publishing criteria requires that one or both events cross their specified thresholds.
Chapter 15 Configuring Embedded Event Manager Prerequisites • Cisco built-in variables (available in EEM applets) Defined by Cisco and can be read-only or read-write. The read-only variables are set by the system before an applet starts to execute. The single read-write variable, _exit_status, allows you to set the exit status for policies triggered from synchronous events.
Chapter 15 Configuring Embedded Event Manager Guidelines and Limitations Guidelines and Limitations For complete information about configuring embedded event manager, see the Embedded Event Manager Configuration Guide, Cisco IOS Release 15M&T. Default Settings No EEM policies are registered.
Chapter 15 Configuring Embedded Event Manager Configuring Embedded Event Manager Step 4 Step 5 Command Purpose action label syslog [priority priority-level] msg msg-text Specify the action when an EEM applet is triggered. Repeat this action to add other CLI commands to the applet. end • (Optional) The priority keyword specifies the priority level of the syslog messages. If selected, you need to define the priority-level argument.
Chapter 15 Configuring Embedded Event Manager Verifying Configuration Command Purpose Step 4 event manager policy policy-file-name [type system] [trap] Register the EEM policy to run when the specified event defined within the policy occurs. Step 5 exit Exit global configuration mode and return to privileged EXEC mode. EXAMPLE This example shows the sample output for the show event manager environment command: Switch# show event manager environment all No.
Chapter 15 Configuring Embedded Event Manager Related Documents 3 4 5 _syslog_pattern _config_cmd1 _config_cmd2 .*UPDOWN.*Ethernet1/0.* interface Ethernet1/0 no shut This example shows a CRON timer environment variable, which is assigned by the software, to be set to every second minute, every hour of every day: Switch (config)# event manager environment_cron_entry 0-59/2 0-23/1 * * 0-6 This example shows the sample EEM policy named tm_cli_cmd.tcl registered as a system policy.
Chapter 15 Feature History System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches 15-10 Configuring Embedded Event Manager
CH A P T E R 16 Configuring Cisco IOS IP SLAs Operations This chapter describes how to use Cisco IOS IP Service Level Agreements (SLAs) and the IETF Two-Way Active Measurement Protocol (TWAMP) on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch.
Chapter 16 Configuring Cisco IOS IP SLAs Operations Information About Cisco IOS IP SLAs options such as source and destination IP address, User Datagram Protocol (UDP)/TCP port numbers, a type of service (ToS) byte (including Differentiated Services Code Point [DSCP] and IP Prefix bits), Virtual Private Network (VPN) routing/forwarding instance (VRF), and URL web address.
Chapter 16 Configuring Cisco IOS IP SLAs Operations Information About Cisco IOS IP SLAs on the type of IP SLAs operation, it responds with time-stamp information for the source to make the calculation on performance metrics. An IP SLAs operation performs a network measurement from the source device to a destination in the network using a specific protocol such as UDP.
Chapter 16 Configuring Cisco IOS IP SLAs Operations Prerequisites the responder accepts the requests and responds to them. It disables the port after it responds to the IP SLAs packet, or when the specified time expires. MD5 authentication for control messages is available for added security. You do not need to enable the responder on the destination device for all IP SLAs operations.
Chapter 16 Configuring Cisco IOS IP SLAs Operations Guidelines and Limitations Guidelines and Limitations This chapter does not include configuration information for all available operations. For details about configuring other operations, see the IP SLAs Configuration Guide, Cisco IOS Release 15M&T. Default Settings No IP SLAs operations are configured.
Chapter 16 Configuring Cisco IOS IP SLAs Operations Verifying Configuration EXAMPLE This example shows how to configure the device as a responder for the UDP jitter IP SLAs operation: Switch(config)# ip sla responder udp-echo 172.29.139.134 5000 Verifying Configuration Command Purpose show ip sla authentication Display IP SLAs authentication information. show ip sla responder Display information about the IP SLAs responder.
CH A P T E R 17 Configuring Ethernet OAM, CFM, and E-LMI This chapter describes Ethernet Operations, Administration, and Maintenance (OAM) on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. Ethernet OAM is a protocol for installing, monitoring, and troubleshooting Ethernet networks to increase management capability within the context of the overall Ethernet infrastructure. The switch supports IEEE 802.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Information About Ethernet CFM • Information About E-LMI, page 17-51 • Configuring E-LMI, page 17-52 • Displaying E-LMI and OAM Manager Information, page 17-59 • Ethernet CFM and Ethernet OAM Interaction, page 17-59 • Related Documents, page 17-63 • Feature History, page 17-64 Information About Ethernet CFM Ethernet CFM is an end-to-end per-service-instance (per VLAN) Ethernet layer OAM protocol that includes proactive connectivity monitorin
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Information About Ethernet CFM Figure 17-1 CFM Maintenance Domains Service Provider Domain Level 6 Operator Domains Operator 1 CE 1 PE 1 Operator 2 PE 3 PE 4 PE 2 MEP MIP MIP CE 2 MEP Level 6 Level 6 MEP MIP MIP MEP Level 4 MIP MIP MEP 157281 MEP Level 3 Allowed Domain Relationships Scenario A: Touching Domains OK Scenario B: Nested Domains OK Scenario C: Intersecting Domains Not Allowed 157282 Figure 17-2 Maintenance Associa
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Information About Ethernet CFM Note CFM draft 1 referred to inward and outward-facing MEPs. CFM draft 8.1 refers to up and down MEPs, respectively. This document uses the CFM 8.1 terminology for direction. CFM draft 1 supported only up MEPs on a per-port or per-VLAN basis. CFM 802.1ag supports up and down per-VLAN MEPs, as well as port MEPs, which are untagged down MEPs that are not associated with a VLAN.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Information About Ethernet CFM CFM Messages CFM uses standard Ethernet frames distinguished by EtherType or (for multicast messages) by MAC address. All CFM messages are confined to a maintenance domain and to a service-provider VLAN (S-VLAN).
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Information About Ethernet CFM leak error could occur if other maintenance associations associated with the same VLAN exist at a higher level without any MEPs configured. You can display the configuration error list, which is informational only, by entering the show ethernet cfm errors configuration privileged EXEC command. CFM Version Interoperability When customers upgrade their network from the Cisco CFM draft 1 to IEEE standardized 802.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Because IP SLAs is a Cisco proprietary feature, interoperability between CFM draft 1 and CFM 802.1ag is handled automatically by the switch. For more information about IP SLAs operation with CFM, see the Configuring IP SLAs for Metro-Ethernet feature module at this URL: http://www.cisco.com/en/US/docs/ios/ipsla/configuration/guide/sla_metro_ethernet.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM • CFM is supported on trunk ports, access ports, and 802.1Q tunnel ports with these exceptions: – Trunk ports configured as MEPs must belong to allowed VLANs – Access ports configured as MEPs must belong to the native VLAN. • You can configure CFM and VLAN translation on the switch at the same time. • CFM is not supported on private VLAN ports.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Step 3 Step 4 Command Purpose ethernet cfm traceroute cache [size entries | hold-time minutes] (Optional) Configure the CFM traceroute cache. You can set a maximum cache size or hold time. ethernet cfm mip auto-create level level-id vlan vlan-id • (Optional) For size, enter the cache size in number of entry lines. The range is from 1 to 4095; the default is 100 lines.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Step 8 Command Purpose service {ma-name | ma-number | vpn-id vpn} {vlan vlan-id [direction down] | port} Define a customer service maintenance association (MA) name or number or VPN ID to be associated with the domain, a VLAN ID or port MEP, and enter ethernet-cfm-service configuration mode. • ma-name—a string of no more than 100 characters that identifies the MAID. • ma-number—a value from 0 to 65535.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Step 16 Command Purpose mip auto-create [lower-mep-only] (Optional) Configure auto creation of MIPs for the domain. • lower-mep-only—Create a MIP only if there is a MEP for the service in another domain at the next lower active level. Step 17 mep archive-hold-time minutes (Optional) Set the number of minutes that data from a missing maintenance end point is kept before it is purged.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Use the no versions of the commands to remove the configuration or return to the default configurations.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Command Purpose Step 6 end Return to privileged EXEC mode. Step 7 ethernet cfm mep crosscheck {enable | Enable or disable CFM crosscheck for one or more disable} domain domain-name {vlan {vlan-id | VLANs or a port MEP in the domain. any} | port} • domain domain-name—Specify the name of the created domain.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ethernet cfm domain domain-name level level-id Define a CFM domain, set the domain level, and enter ethernet-cfm configuration mode for the domain. The maintenance level number range is 0 to 7.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Switch(config-ecfm-srv)# Switch(config-ecfm-srv)# Switch(config-ecfm-srv)# Switch(config-ecfm-srv)# continuity-check mep mpid 200 continuity-check static rmep end Configuring a Port MEP A port MEP is a down MEP that is not associated with a VLAN and that uses untagged frames to carry CFM messages. You configure port MEPs on two connected interfaces. Port MEPs are always configured at a lower domain level than native VLAN MEPs.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Command Purpose Step 7 continuity-check loss-threshold threshold-value (Optional) Set the number of continuity check messages to be missed before declaring that an MEP is down. The range is 2 to 255; the default is 3. Step 8 continuity-check static rmep Enable checking of the incoming continuity check message from a remote MEP that is configured in the MEP list. Step 9 exit Return to ethernet-cfm configuration mode.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Configuring SNMP Traps BEFORE YOU BEGIN Review the “Information About Ethernet CFM” section on page 17-2 and “Ethernet CFM Configuration Guidelines” section on page 17-7. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 snmp-server enable traps ethernet cfm cc [mep-up] [mep-down] [config] [loop] [cross-connect] (Optional) Enable Ethernet CFM continuity check traps.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ethernet cfm alarm notification {all | error-xcon | mac-remote-error-xcon | none | remote-error-xcon | xcon} Globally enable Ethernet CFM fault alarm notification for the specified defects: • all—report all defects. • error-xcon—Report only error and connection defects.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Command Step 9 Purpose ethernet cfm alarm {delay value | reset value} (Optional) Set an alarm delay period or a reset period. Note The Ethernet CFM interface MEP alarm configuration takes precedence over the global configuration. Step 10 end Return to privileged EXEC mode. Step 11 show running-config Verify your entries. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip sla operation-number Create an IP SLAs operation, and enter IP SLAs configuration mode. Step 3 ethernet echo mpid identifier domain domain-name vlan vlan-id Configure the IP SLAs operation as an echo (ping) or jitter operation, and enter IP SLAs Ethernet echo configuration mode.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Command Purpose Step 11 timeout milliseconds (Optional) Specify the amount of time in ms that the IP SLAs operation waits for a response from its request packet. The range is 0 to 604800000; the default value is 5000. Step 12 exit Return to global configuration mode. Step 13 Schedule the time parameters for the IP SLAs ip sla schedule operation-number [ageout seconds] [life {forever | seconds}] [recurring] operation.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Configuring an IP SLAs Operation with Endpoint Discovery Follow this procedure to use IP SLAs to automatically discover the CFM endpoints for a domain and VLAN ID. You can configure ping or jitter operations to the discovered endpoints. BEFORE YOU BEGIN Review the “Information About Ethernet CFM” section on page 17-2 and “Ethernet CFM Configuration Guidelines” section on page 17-7.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet CFM Command Purpose Step 8 threshold milliseconds (Optional) Specify the upper threshold value in milliseconds for calculating network monitoring statistics. The range is 0 to 2147483647; the default is 5000. Step 9 timeout milliseconds (Optional) Specify the amount of time in milliseconds that the IP SLAs operation waits for a response from its request packet. The range is 0 to 604800000; the default value is 5000.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Information About CFM ITU-T Y.1731 Fault Management EXAMPLE Switch(config)# ip sla ethernet-monitor 3 Switch(config-ip-sla-ethernet-monitor)# type jitter domain testdomain vlan 20 Switch(config-ip-sla-ethernet-monitor)# exit Switch(config)# ip sla schedule 1 start-time now life forever Switch(config)# end Information About CFM ITU-T Y.1731 Fault Management The ITU-T Y.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Information About CFM ITU-T Y.1731 Fault Management Alarm Indication Signals The Ethernet Alarm Signal function (ETH-AIS) is used to suppress alarms after defects are detected at the server (sub) layer, which is a virtual MEP layer capable of detecting fault conditions. A fault condition could be a signal fail condition, an AIS condition, or a LCK condition.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Y.1731 Fault Management Ethernet Locked Signal The Ethernet Locked Signal (ETH-LCK) function communicates the administrative locking of a server MEP and interruption of data traffic being forwarded to the MEP expecting the traffic. A MEP that receives frames with ETH-LCK information can differentiate between a defect condition and an administrative locking.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Y.1731 Fault Management Default Y.1731 Configuration • ETH-AIS and ETH-LCK are enabled by default when CFM is enabled. • When you configure ETH-AIS or ETH-LCK, you must configure CFM before ETH-AIS or ETH-LCK is operational. • ETH-RDI is set automatically when continuity check messages are enabled. Configuring ETH-AIS BEFORE YOU BEGIN Review the “Information About CFM ITU-T Y.1731 Fault Management” section on page 17-24.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Y.1731 Fault Management Step 7 Command Purpose service {ma-name | ma-number | vpn-id vpn} {vlan vlan-id [direction down] | port} Define a customer service maintenance association (MA) name or number to be associated with the domain, or a VLAN ID or VPN-ID, and enter ethernet-cfm-service configuration mode. • ma-name—a string of no more than 100 characters that identifies the MAID. • ma-number—a value from 0 to 65535.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Y.1731 Fault Management Command Purpose Step 20 show ethernet cfm error Display received ETH-AIS frames and other errors. Step 21 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no form of the commands to return to the default configuration or to remove a configuration. To disable the generation of ETH-AIS frames, enter the disable config-ais-link-cfm mode command.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Y.1731 Fault Management Command Purpose Step 6 ethernet cfm domain domain-name level level-id Define a CFM domain, set the domain level, and enter ethernet-cfm configuration mode for the domain. The maintenance level number range is 0 to 7.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Y.1731 Fault Management Step 18 Step 19 Command Purpose ethernet cfm lck start mpid local-mpid domain domain-name vlan vlan-id [drop l2-bpdu] (Optional) Put a MEP in LCK condition. ethernet cfm lck start interface interface-id direction {up | down} [drop l2-bpdu] • The mpid local-mpid domain domain-name vlan vlan-id identify the MEP.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Managing and Displaying Ethernet CFM Information Using Multicast Ethernet Loopback You can use the ping privileged EXEC command to verify bidirectional connectivity of a MEP, as in this example: Switch# ping ethernet multicast domain CD vlan 10 Type escape sequence to abort. Sending 5 Ethernet CFM loopback messages to 0180.c200.0037, timeout is 5 seconds: Reply to Multicast request via interface FastEthernet1/0/3, from 001a.a17e.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Managing and Displaying Ethernet CFM Information EXAMPLE This is an example of output from the show ethernet cfm domain brief command: Switch# show ethernet cfm domain brief Domain Name level5 level3 test name test1 lck Index Level Services Archive(min) 1 5 1 100 2 3 1 100 3 3 3 100 4 3 1 100 5 2 1 100 6 1 1 100Total Services : 1 This is an example of output from the show ethernet cfm errors command: Switch# show ethernet cfm errors -------------------
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Information About the Ethernet OAM Protocol Hold-time: 100 Minutes You can use the privileged EXEC commands in the following table to display IP SLAs Ethernet CFM information: Command Purpose show ip sla configuration [entry-number] Displays configuration values including all defaults for all IP SLAs operations or a specific operation.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM OAM Features These OAM features are defined by 802.3ah: • Discovery identifies devices in the network and their OAM capabilities. It uses periodic OAM PDUs to advertise OAM mode, configuration, and capabilities; PDU configuration; and platform identity. An optional phase allows the local station to accept or reject the configuration of the peer OAM entity.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM Default Ethernet OAM Configuration • Ethernet OAM is disabled on all interfaces. • When Ethernet OAM is enabled on an interface, link monitoring is automatically turned on. • Remote loopback is disabled. • No Ethernet OAM templates are configured. Ethernet OAM Configuration Guidelines • The switch does not support monitoring of egress frames sent with cyclic redundancy code (CRC) errors.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM Step 4 Command Purpose ethernet oam [max-rate oampdus | min-rate seconds | mode {active | passive} | timeout seconds] You can configure these optional OAM parameters: • (Optional) Enter max-rate oampdus to configure the maximum number of OAM PDUs sent per second. The range is from 1 to 10. • (Optional) Enter min-rate seconds to configure the minimum transmission rate in seconds when one OAM PDU is sent per second.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM Enabling Ethernet OAM Remote Loopback You must enable Ethernet OAM remote loopback on an interface for the local OAM client to initiate OAM remote loopback operations. Changing this setting causes the local OAM client to exchange configuration information with its remote peer. Remote loopback is disabled by default. Remote loopback has these limitations: • Internet Group Management Protocol (IGMP) packets are not looped back.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM Configuring Ethernet OAM Link Monitoring You can configure high and low thresholds for link-monitoring features. If no high threshold is configured, the default is none —no high threshold is set. If you do not set a low threshold, it defaults to a value lower than the high threshold.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM Command Step 5 Step 6 Purpose ethernet oam link-monitor frame {threshold (Optional) Configure high and low thresholds for error frames that trigger an error-frame link event. {high {high-frames | none} | low {low-frames}} | window milliseconds} • Enter threshold high high-frames to set a high threshold in number of frames. The range is 1 to Note Repeat this step to configure both high 65535. The default is none.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM Step 7 Command Purpose ethernet oam link-monitor frame-seconds {threshold {high {high-frames | none} | low {low-frames}} | window milliseconds} (Optional) Configure high and low thresholds for the frame-seconds error that triggers an error-frame-seconds link event. Note Step 8 Repeat this step to configure both high and low thresholds.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM EXAMPLE Switch(config)# interface gigabitEthernet 3/8 Switch(config-if)# Switch(config-if)# ethernet oam Switch(config-if)# Switch(config-if)# Switch(config-if)# Switch(config-if)# Switch(config-if)# Switch(config-if)# ethernet ethernet ethernet ethernet ethernet exit oam oam oam oam oam link-monitor link-monitor link-monitor link-monitor link-monitor symbol-period threshold high 299 frame window 399 frame-period threshold h
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM Command Purpose Step 5 show ethernet oam status [interface interface-id] Verify the configuration. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Enter the no ethernet remote-failure {critical-event | dying-gasp | link-fault} action command to disable the remote failure indication action.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM Step 3 Step 4 Command Purpose ethernet oam link-monitor receive-crc {threshold {high {high-frames | none} | low {low-frames}} | window milliseconds} (Optional) Configure thresholds for monitoring ingress frames received with cyclic redundancy code (CRC) errors for a period of time.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring Ethernet OAM Command Step 5 Step 6 Step 7 Purpose ethernet oam link-monitor frame {threshold (Optional) Configure high and low thresholds for {high {high-frames | none} | low error frames that trigger an error-frame link event. {low-frames}} | window milliseconds} • Enter threshold high high-frames to set a high threshold in number of frames. The range is 1 to 65535. You must enter a high threshold.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Displaying Ethernet OAM Protocol Information Command Purpose Step 8 ethernet oam link-monitor high threshold action error-disable-interface (Optional) Configure the switch to put an interface in an error disabled state when a high threshold for an error is exceeded. Step 9 exit Return to global configuration mode. Step 10 interface interface-id Define an Ethernet OAM interface, and enter interface configuration mode.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Enabling Ethernet Loopback Enabling Ethernet Loopback Service providers can use per-port and per VLAN Ethernet loopback to test connectivity at initial startup, to test throughput, and to test quality of service (QoS) in both directions. The switch supports two types of loopback: • Facility loopback allows per-port or per-port, per-VLAN loopback of traffic.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Enabling Ethernet Loopback • When you configure VLAN loopback by entering the vlan vlan-list keywords, the VLANs are tunneled into an internal VLAN that is not forwarded to any ports. The tunnel ends at the egress, so it is transparent to the user. • VLAN loopback is not supported on nontrunk interfaces. • Terminal loopback is not supported on routed interfaces. • You cannot configure SPAN and loopback on the switch at the same time.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Enabling Ethernet Loopback Command Purpose Step 4 end Return to privileged EXEC mode. Step 5 ethernet loopback {start interface-id | stop {interface-id | all} Turn on (start) Ethernet loopback on an interface, or turn off (stop) Ethernet loopback on an interface or on all interfaces.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Enabling Ethernet Loopback Configuring Ethernet Terminal Loopback BEFORE YOU BEGIN Review the “Enabling Ethernet Loopback” section on page 17-47. DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Define an interface, and enter interface configuration mode.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Information About E-LMI EXAMPLE This example shows how to configure an Ethernet terminal loopback to test QoS on the interface, to swap the MAC source and destination addresses, to time out after 30 seconds, and to start the loopback process: Switch(config)# interface gigabitethernet 0/1 Switch(config-if)# ethernet loopback terminal mac-address swap timeout 30 supported Switch(config-if)# end Switch# ethernet loopback start gigabitethernet 0/1 Informati
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring E-LMI • Remote UNI counts (the total number of expected UNIs and the actual number of active UNIs) The asynchronous update is triggered only when the number of active UNIs has changed. CFM Interaction with OAM Manager When there is a change in the number of active UNIs or remote UNI ID for a given S-VLAN or domain, CFM asynchronously notifies the OAM manager.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring E-LMI • E-LMI is not supported on routed ports, EtherChannel port channels or ports that belong to an EtherChannel, private VLAN ports, or 802.1Q tunnel ports. • You cannot configure E-LMI on VLAN interfaces. • When you enable E-LMI globally or on an interface, the switch is in PE mode by default, You must enter the ethernet lmi ce global configuration command to enable the switch or interface in customer-edge mode.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring E-LMI Step 7 Command Purpose oam protocol cfm svlan vlan-id domain domain-name Configure the EVC OAM protocol as CFM, and identify the service provider VLAN-ID (S-VLAN-ID) for the CFM domain maintenance level as configured in Steps 2 and 3. Note Step 8 uni count value If the CFM domain does not exist, the command is rejected, and an error message appears. (Optional) Set the UNI count for the EVC.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring E-LMI Step 13 Command Purpose ethernet lmi ce-vlan map {vlan-id | any | default | untagged} Configure an E-LMI customer VLAN-to-EVC map for a particular UNI. The keywords have these meanings: • For vlan vlan-id, enter the customer VLAN ID or IDs to map to as single VLAN-ID (1 to 4094), a range of VLAN-IDs separated by a hyphen, or a series of VLAN IDs separated by commas. • Enter any to map all VLANs (untagged or 1 to 4094).
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring E-LMI Command Purpose Step 18 show ethernet service evc {detail | id evc-id | interface interface-id} Verify the configuration. Step 19 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no forms of the commands to delete an EVC, EFP, or UNI ID, or to return to default configurations.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring E-LMI Command Purpose Step 4 interface interface-id Define an interface to configure as an E-LMI interface, and enter interface configuration mode. Step 5 ethernet lmi interface Configure Ethernet LMI on the interface. If E-LMI is enabled globally, it is enabled on all interfaces unless you disable it on specific interfaces. If E-LMI is disabled globally, you can use this command to enable it on specified interfaces.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Configuring E-LMI Ethernet OAM Manager Configuration Example This is a simple example of configuring CFM and E-LMI with OAM manager on a PE device and on a CE device. You can configure the switch as either the PE device or the CE device.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Displaying E-LMI and OAM Manager Information Displaying E-LMI and OAM Manager Information Command Purpose show ethernet lmi evc [detail evc-id [interface interface-id] | map interface type number] Displays details sent to the CE from the status request poll about the E-LMI EVC. show ethernet lmi parameters interface interface-id Displays Ethernet LMI interface parameters sent to the CE from the status request poll.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Ethernet CFM and Ethernet OAM Interaction For more information about CFM and interaction with Ethernet OAM, see the Carrier Ethernet Configuration Guide, Cisco IOS Release 15M&T. Configuring Ethernet OAM Interaction with CFM For Ethernet OAM to function with CFM, you must configure an Ethernet Virtual Circuit (EVC) and the OAM manager, and associate the EVC with CFM. You must use an up MEP for interaction with the OAM manager.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Ethernet CFM and Ethernet OAM Interaction Command Purpose Step 7 exit Return to global configuration mode. Step 8 Repeat Steps 2 through 7 to define other CFM domains that you want OAM manager to monitor. Step 9 ethernet cfm enable Globally enable CFM. Step 10 end Return to privileged EXEC mode. Step 11 copy running-config startup-config (Optional) Save your entries in the configuration file.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Ethernet CFM and Ethernet OAM Interaction Command Purpose Step 4 end Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Step 6 show ethernet cfm maintenance points remote (Optional) Display the port states as reported by Ethernet OAM.
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Related Documents Switch(config-if-srv)# exit Customer-edge switch 2 (CE2) configuration: Switch# config t Switch(config)# interface gigabitethernet0/1 Switch(config-if)# port-type nni Switch(config-if)# switchport trunk allowed vlan 10 Switch(config-if)# switchport mode trunk Switch(config-if)# ethernet oam remote-loopback supported Switch(config-if)# ethernet oam Switch(config-if)# exit These are examples of the output showing provider-edge switch po
Chapter 17 Configuring Ethernet OAM, CFM, and E-LMI Feature History Feature History Platform First Supported Release IE 2000U Cisco IOS Release 15.0(2)EH CGS 2520 Cisco IOS Release 12.2(53)EX Ethernet Switch Module (ESM) for CGR 2010 Cisco IOS Release 12.
CH A P T E R 18 Configuring Online Diagnostics This chapter describes how to configure the online diagnostics on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. Note For complete syntax and usage information for the commands used in this chapter, see the documents listed in the “Related Documents” section on page 18-9.
Chapter 18 Configuring Online Diagnostics Prerequisites Table 18-1 Diagnostic Tests Test ID Number Test Name 1 TestPortAsicStackPortLoopback 2 TestPortAsicLoopback 3 TestPortAsicCam 4 TestPortAsicRingLoopback 5 TestMicRingLoopback 6 TestPortAsicMem Online diagnostics are categorized as on-demand, scheduled, or health-monitoring diagnostics. • On-demand diagnostics run from the CLI.
Chapter 18 Configuring Online Diagnostics Configuring Online Diagnostics Configuring Online Diagnostics You must configure the failure threshold and the interval between tests before enabling diagnostic monitoring. • Scheduling Online Diagnostics, page 18-3 • Configuring Health-Monitoring Diagnostics, page 18-4 Scheduling Online Diagnostics You can schedule online diagnostics to run at a designated time of day or on a daily, weekly, or monthly basis.
Chapter 18 Configuring Online Diagnostics Configuring Online Diagnostics Step 3 Step 4 Command Purpose show diagnostic {content | schedule} Verify the configured online diagnostic tests and schedule. copy running-config startup-config • Enter show diagnostic content to display the configured online diagnostics. • Enter show diagnostic schedule to display the online diagnostics test schedule. (Optional) Save your entries in the configuration file.
Chapter 18 Configuring Online Diagnostics Configuring Online Diagnostics DETAILED STEPS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 diagnostic monitor interval test {name | test-id | test-id-range | all} hh:mm:ss milliseconds day Configure the health-monitoring interval of the specified tests. Specify the tests by using one of these parameters: • name—Name of the test that appears in the show diagnostic content command output. See Table 18-1.
Chapter 18 Configuring Online Diagnostics Running Online Diagnostic Tests Command Step 5 Purpose diagnostic monitor test {name Enable the specified health-monitoring tests. | test-id | test-id-range | all} Specify the tests by using one of these parameters: • name—Name of the test that appears in the show diagnostic content command output. See Table 18-1. • test-id—ID number of the test that appears in the show diagnostic content command output. See Table 18-1.
Chapter 18 Configuring Online Diagnostics Running Online Diagnostic Tests Starting Online Diagnostic Tests Note After starting the tests, you cannot stop the testing process. BEFORE YOU BEGIN • Configure the diagnostics tests as described in the “Configuring Online Diagnostics” procedure on page 18-3. • Review the “Guidelines and Limitations” section on page 18-2. DETAILED STEPS Command Purpose diagnostic start test {name | Start the diagnostic tests.
Chapter 18 Configuring Online Diagnostics Running Online Diagnostic Tests Displaying Online Diagnostic Tests and Results Command Purpose show diagnostic content Displays the online diagnostics configured for a switch. show diagnostic status Displays the running diagnostic tests. show diagnostic result [detail | test {name | test-id | test-id-range | all [detail]}] Displays the specified online diagnostics test results. show diagnostic switch [detail] Displays the online diagnostics test results.
Chapter 18 Configuring Online Diagnostics Configuration Example POST: PortASIC CAM Subsystem Tests : End, Status Passed POST: PortASIC Port Loopback Tests : Begin POST: PortASIC Port Loopback Tests : End, Status Passed For more examples of other show diagnostic command outputs, see the “Examples” section of the show diagnostic command in the Cisco IOS Configuration Fundamentals Command Reference, Release 15.2M&T.
Chapter 18 Feature History System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches 18-10 Configuring Online Diagnostics
CH A P T E R A Supported MIBs This appendix lists the supported management information bases (MIBs) for this release on the Cisco Industrial Ethernet 2000U Series (IE 2000U) and Connected Grid Switches, hereafter referred to as switch. This appendix includes the following sections: • MIB List, page A-1 • Using FTP to Access the MIB Files, page A-3 • BRIDGE-MIB (RFC1493) MIB List Note The BRIDGE-MIB supports the context of a single VLAN.
Chapter A Supported MIBs MIB List • CISCO-FLASH-MIB (Flash memory on all switches is modeled as removable flash memory.) • CISCO-FTP-CLIENT-MIB • CISCO-HSRP-MIB Note Layer 3 MIBs are available only when the IP Services image is running on the switch. • CISCO-HSRP-EXT-MIB (partial support) • CISCO-IGMP-FILTER-MIB • CISCO-IMAGE-MIB • CISCO-IPSLA-ETHERNET-MIB Note Available only when the IP Services image is running on the switch.
Chapter A Supported MIBs Using FTP to Access the MIB Files Note • IDENTITY-MIB • IEEE8021-PAE-MIB • IEEE8023-LAG-MIB • IF-MIB (In and out counters for VLANs are not supported.
Chapter A Using FTP to Access the MIB Files Note Some FTP clients do not support passive mode. Step 2 Use FTP to access the server ftp.cisco.com. Step 3 Log in with the username anonymous. Step 4 Enter your e-mail username when prompted for the password. Step 5 At the ftp> prompt, change directories to /pub/mibs/v1 and /pub/mibs/v2. Step 6 Use the get MIB_filename command to obtain a copy of the MIB file.
