Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide Cisco IOS Release 12.0(5)WC3 January 2002 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
C ON T E NT S Preface xiii Audience Purpose xiii xiii Organization xiv Conventions xv Related Publications xvi Obtaining Documentation xvii World Wide Web xvii Cisco Documentation CD-ROM xvii Ordering Documentation xvii Registered Cisco Direct Customers xvii Non-Registered Cisco.com Users xvii Documentation Feedback xviii Obtaining Technical Assistance xviii Cisco.
Contents CHAPTER 2 Getting Started with CMS Features 2-1 2-2 Front Panel View 2-4 Cluster Tree 2-5 Front-Panel Images 2-6 Redundant Power System LED 2-7 Port Modes and LEDs 2-8 VLAN Membership Modes 2-12 Topology View 2-13 Topology Icons 2-15 Device and Link Labels 2-16 Colors in the Topology View 2-17 Topology Display Options 2-17 Menus and Toolbar 2-18 Menu Bar 2-18 Toolbar 2-23 Front Panel View Popup Menus 2-24 Device Popup Menu 2-24 Port Popup Menu 2-24 Topology View Popup Menus 2-25 Link Popup Me
Contents Saving Your Changes 2-34 Using Different Versions of CMS Where to Go Next CHAPTER 3 2-35 2-35 Getting Started with the CLI 3-1 Command Usage Basics 3-2 Accessing Command Modes 3-2 Specifying Ports in Interface Configuration Mode 3-4 Abbreviating Commands 3-4 Using the No and Default Forms of Commands 3-5 Redisplaying a Command 3-5 Getting Help 3-5 Command-Line Error Messages 3-6 Accessing the CLI 3-7 Accessing the CLI from a Browser Saving Configuration Changes Where to Go Next CHAPTER
Contents Discovery through the Same Management VLAN 5-7 Discovery through Different Management VLANs 5-8 Discovery of Newly Installed Switches 5-9 HSRP and Standby Command Switches 5-10 Virtual IP Addresses 5-11 Automatic Recovery of Cluster Configuration 5-11 Considerations for Cluster Standby Groups 5-12 IP Addresses 5-13 Host Names 5-14 Passwords 5-14 SNMP Community Strings 5-14 TACACS+ 5-15 Access Modes in CMS 5-15 Management VLAN 5-16 Network Port 5-16 NAT Commands 5-17 LRE Profiles 5-17 Availability
Contents Assigning Passwords and Privilege Levels 6-11 Setting the System Date and Time 6-12 Configuring Daylight Saving Time 6-12 Configuring the Network Time Protocol 6-13 Configuring the Switch as an NTP Client 6-13 Enabling NTP Authentication 6-13 Configuring the Switch for NTP Broadcast-Client Mode Configuring CDP 6-13 Configuring CDP for Extended Discovery 6-13 6-14 Managing the MAC Address Tables 6-15 MAC Addresses and VLANs 6-15 Changing the Address Aging Time 6-16 Removing Dynamic Address Ent
Contents Configuring STP and UplinkFast in a Cascaded Cluster Configuring Redundant Links By Using STP UplinkFast Enabling STP UplinkFast 6-37 Configuring Cross-Stack UplinkFast 6-37 How CSUF Works 6-37 Events that Cause Fast Convergence 6-39 Limitations 6-39 Connecting the Stack Ports 6-40 Configuring Cross-Stack UplinkFast 6-41 Changing the STP Parameters for a VLAN 6-42 Changing the STP Implementation 6-42 Changing the Switch Priority 6-43 Changing the BPDU Message Interval 6-43 Changing the Hello BPDU
Contents Blocking Flooded Traffic on a Port 7-5 Resuming Normal Forwarding on a Port Enabling a Network Port 7-6 Disabling a Network Port 7-7 Configuring UniDirectional Link Detection 7-6 7-7 Creating EtherChannel Port Groups 7-8 Understanding EtherChannel Port Grouping 7-8 Port Group Restrictions on Static-Address Forwarding Creating EtherChannel Port Groups 7-9 Configuring Protected Ports 7-9 7-10 Enabling Port Security 7-11 Defining the Maximum Secure Address Count Enabling Port Security 7-12 Disa
Contents VTP Pruning 8-12 VTP Configuration Guidelines 8-13 Domain Names 8-13 Passwords 8-13 Upgrading from Previous Software Releases 8-13 VTP Version 8-14 Default VTP Configuration 8-14 Configuring VTP 8-15 Configuring VTP Server Mode 8-15 Configuring VTP Client Mode 8-16 Disabling VTP (VTP Transparent Mode) 8-17 Enabling VTP Version 2 8-17 Disabling VTP Version 2 8-18 Enabling VTP Pruning 8-18 Monitoring VTP 8-19 VLANs in the VTP Database 8-19 Token Ring VLANs 8-19 VLAN Configuration Guidelines 8-20 Def
Contents Load Sharing Using STP 8-31 Load Sharing Using STP Port Priorities 8-31 Configuring STP Port Priorities and Load Sharing Load Sharing Using STP Path Cost 8-33 8-32 How the VMPS Works 8-35 Dynamic Port VLAN Membership 8-35 VMPS Database Configuration File 8-36 VMPS Configuration Guidelines 8-37 Default VMPS Configuration 8-38 Configuring Dynamic VLAN Membership 8-38 Configuring Dynamic Ports on VMPS Clients 8-39 Reconfirming VLAN Memberships 8-39 Changing the Reconfirmation Interval 8-40 Changing
Contents APPENDIX A System Messages Overview A-1 A-1 How to Read System Messages Error Message Traceback Reports A-2 A-4 Error Message and Recovery Procedures A-4 AAAA Messages A-5 CAPITOLA Messages A-7 CDP Messages A-7 CHASSIS Message A-8 CMP Messages A-8 CPU_NET Message A-9 ENVIRONMENT Messages A-9 FRANK Messages A-10 GBIC_1000BASET Messages A-15 GigaStack Messages A-16 HW_MEMORY Messages A-17 INTERFACE Messages A-18 IP Messages A-18 MAT Messages A-19 MIRROR Messages A-20 MODULES Messages A-20 PER
Preface Audience The Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide is for the network manager responsible for configuring the Catalyst 2900 series XL and Catalyst 3500 series XL switches, hereafter referred to as the switches. Before using this guide, you should be familiar with the concepts and terminology of Ethernet and local area networking. Purpose Note This switch software release is based on Cisco IOS Release 12.0.
Preface Organization • Cluster configuration—This guide provides information about planning for, creating, and maintaining switch clusters. Because configuring switch clusters is most easily performed through CMS, this guide does not provide the command-line interface (CLI) procedures. For the cluster commands, refer to the Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference. • CLI command information—This guide provides an overview for using the CLI.
Preface Conventions Conventions This guide uses these conventions to convey instructions and information: Command descriptions use these conventions: • Commands and keywords are in boldface text. • Arguments for which you supply values are in italic. • Square brackets ([ ]) indicate optional elements. • Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
Preface Related Publications Related Publications These documents provide complete information about the switch and are available from this Cisco.com site: http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the “Ordering Documentation” section on page xvii.
Preface Obtaining Documentation Obtaining Documentation These sections provide sources for obtaining documentation from Cisco Systems. World Wide Web You can access the most current Cisco documentation on the World Wide Web at these sites: • http://www.cisco.com • http://www-china.cisco.com • http://www-europe.cisco.com Cisco Documentation CD-ROM Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product.
Preface Obtaining Technical Assistance Documentation Feedback If you are reading Cisco product documentation on the World Wide Web, you can send us your comments by completing the online survey. When you display the document listing for this platform, click Give Us Your Feedback. If you are using the product-specific CD and you are connected to the Internet, click the pencil-and-paper icon in the toolbar to display the survey. After you display the survey, select the manual that you wish to comment on.
Preface Obtaining Technical Assistance Technical Assistance Center The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract. Contacting TAC by Using the Cisco TAC Website If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website: http://www.cisco.
Preface Obtaining Technical Assistance Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide xx 78-6511-06
C H A P T E R 1 Overview This chapter provides these topics about the Catalyst 2900 XL and Catalyst 3500 XL switch software: • Features, page 1-1 • Management Options, page 1-5 • Network Configuration Examples, page 1-7 Features Note This guide describes the features for the Catalyst 2900 XL and Catalyst 3500 XL switches that are not Long-Reach Ethernet (LRE) switches. The Cisco IOS Release 12.0(5)WC3 software is for non-LRE switches only.
Chapter 1 Overview Features Table 1-1 Features Ease of Use and Ease of Deployment • Cluster Management Suite (CMS) software for simplified switch and switch cluster management through a web browser, such as Netscape Communicator or Microsoft Internet Explorer, from anywhere in your intranet • Switch clustering technology, in conjunction with CMS, for – Unified configuration, monitoring, authentication, and software upgrade of multiple switches. Refer to the release notes (http://www.cisco.
Chapter 1 Overview Features Table 1-1 Features (continued) Manageability • Note Dynamic Host Configuration Protocol (DHCP)-based autoconfiguration for automatically configuring the switch during startup with IP address information and a configuration file that it receives during DHCP-based autoconfiguration DHCP replaces the Bootstrap Protocol (BOOTP) feature autoconfiguration to ensure retrieval of configuration files by unicast TFTP messages.
Chapter 1 Overview Features Table 1-1 Features (continued) VLAN Support Depending on the switch model, up to 64 or 250 port-based VLANs are supported for assigning users to VLANs associated with appropriate network resources, traffic patterns, and bandwidth • For information about the maximum number of VLANs supported on each Catalyst 2900 XL and Catalyst 3500 XL switch, see the Table 8-1 on page 8-2. Note • Inter-Switch Link (ISL) and IEEE 802.
Chapter 1 Overview Management Options Management Options The Catalyst 2900 XL and Catalyst 3500 XL switches are designed for plug-and-play operation: you only need to assign basic IP information to the switch and connect it to the other devices in your network. If you have specific network needs, you can configure and monitor the switch—on an individual basis or as part of a switch cluster—through its various management interfaces.
Chapter 1 Overview Management Options Advantages of Using CMS and Clustering Switches Using CMS and switch clusters can simplify and minimize your configuration and monitoring tasks. You can use Cisco switch clustering technology to manage up to 16 interconnected supported Catalyst switches through one IP address as if they were a single entity. This can conserve IP addresses if you have a limited number of them.
Chapter 1 Overview Network Configuration Examples Network Configuration Examples This section provides network configuration concepts and includes examples of using the switch to create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit Ethernet connections. Design Concepts for Using the Switch As your network users compete for network bandwidth, it takes longer to send and receive data.
Chapter 1 Overview Network Configuration Examples Bandwidth alone is not the only consideration when designing your network. As your network traffic profiles evolve, consider providing network services that can support applications such as voice and data integration and security. Table 1-3 describes some network demands and how you can meet those demands.
Chapter 1 Overview Network Configuration Examples – 1000BASE-ZX GBIC: fiber connections of up to 328,084 ft (100 km) – 1000BASE-T GBIC: copper connections of up to 328 ft (100 m) – Catalyst 2900 XL 1000BASE-T: copper connections of up to 328 ft (100 m) • Redundant Gigabit backbone—Using HSRP, you can create backup paths between Catalyst 4908G-L3 switches.
Chapter 1 Overview Network Configuration Examples Small to Medium-Sized Network Configuration Figure 1-2 shows a configuration for a network that has up to 250 users. Users in this network require e-mail, file-sharing, database, and Internet access. You optimize network performance by placing workstations on the same logical segment as the servers they access most often.
Chapter 1 Overview Network Configuration Examples Figure 1-2 Small to Medium-Sized Network Configuration Cisco 2600 router 100 Mbps (200 Mbps full duplex) Gigabit server 1 Gbps (2 Gbps full duplex) Catalyst 2900 XL and Catalyst 3500 XL GigaStack cluster Gigabit server Single workstations 54569 10/100 Mbps (20/200 Mbps full duplex) Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78-6511-06 1-11
Chapter 1 Overview Network Configuration Examples Collapsed Backbone and Switch Cluster Configuration Figure 1-3 shows a configuration for a network of approximately 500 employees. This network uses a collapsed backbone and switch clusters. A collapsed backbone has high-bandwidth uplinks from all segments and subnetworks to a single device, such as a Gigabit switch, which serves as a single point for monitoring and controlling the network.
Chapter 1 Overview Network Configuration Examples Figure 1-3 Collapsed Backbone and Switch Cluster Configuration Gigabit servers Cisco CallManager Catalyst 3550-12G switch Cisco 2600 router 200 Mbps Fast EtherChannel (400 Mbps full duplex Fast EtherChannel) 1 Gbps (2 Gbps full duplex) Catalyst 2900 XL and 3500 XL GigaStack cluster Catalyst 2900 XL, 1900, and 2820 cluster Catalyst 3524-PWR XL GigaStack cluster IP IP IP Cisco IP Phones IP AC power source Workstations running Cisco SoftPhone soft
Chapter 1 Overview Network Configuration Examples Large Campus Configuration Figure 1-4 shows a configuration for a network of more than 1000 users. Because it can aggregate up to 130 Gigabit connections, a Catalyst 6500 multilayer switch is used as the backbone switch. You can use the workgroup configurations shown in previous examples to create workgroups with Gigabit uplinks to the Catalyst 6500 switch.
Chapter 1 Overview Network Configuration Examples Figure 1-4 Large Campus Configuration IP telephony network or PSTN WAN Cisco CallManager Cisco 7200 Cisco access or 7500 router gateway Servers Catalyst 6500 switch Catalyst 2900 XL and 3500 XL GigaStack cluster 1 Gbps (2 Gbps full duplex) Catalyst 3524-PWR XL GigaStack cluster IP IP IP Cisco IP Phones IP IP Workstations running Cisco SoftPhone software IP Cisco IP Phones 54571 AC power source IP Catalyst 2900 Series XL and Catalyst 3500 S
Chapter 1 Overview Network Configuration Examples Multidwelling Configuration A growing segment of residential and commercial customers are requiring high-speed access to Ethernet metropolitan-area networks (MANs). Figure 1-5 shows a configuration for a Gigabit Ethernet MAN ring using Catalyst 6500 switches as aggregation switches in the mini-point-of-presence (POP) location. These switches are connected through 1000BASE-X GBIC ports.
Chapter 1 Overview Network Configuration Examples Figure 1-5 Multidwelling Configuration Cisco 12000 Gigabit switch routers Service Provider POP Catalyst 6500 switches Catalyst 6500 multilayer switches Si Si Si Si Mini-POP Gigabit MAN Si Si Si Si Catalyst 2900 XL and Catalyst 3500 XL switches, including Catalyst 2900 LRE XL switches Residential location Set-top box Residential gateway (hub) Set-top box 54572 TV PC TV Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configurat
Chapter 1 Overview Network Configuration Examples Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 1-18 78-6511-06
C H A P T E R 2 Getting Started with CMS This chapter provides these topics about the Cluster Management Suite (CMS) software: Note Note • Features, page 2-2 • Front Panel View, page 2-4 • Topology View, page 2-13 • Menus and Toolbar, page 2-18 • Interaction Modes, page 2-28 • Wizards, page 2-28 • Online Help, page 2-29 • CMS Window Components, page 2-30 • Accessing CMS, page 2-32 • Verifying Your Changes, page 2-34 • Saving Your Changes, page 2-34 • Using Different Versions of C
Chapter 2 Getting Started with CMS Features Features CMS provides these features (Figure 2-1) for managing switch clusters and individual switches from Web browsers such as Netscape Communicator or Microsoft Internet Explorer: • Two views of your network that can be displayed at the same time: – The Front Panel view displays the front-panel image of a specific switch or the front-panel images of all switches in a cluster.
Chapter 2 Getting Started with CMS Features • Two levels of access to the configuration options: read-write access for users allowed to change switch settings; read-only access for users allowed to only view switch settings • Consistent set of GUI components (such as tabs, buttons, drop-down lists, tables, and so on) for a consistent approach to setting configuration parameters CMS Features Toolbar Move the cursor over the icon to display the tool tip.
Chapter 2 Getting Started with CMS Front Panel View Front Panel View When CMS is launched from a command switch, the Front Panel view displays the front-panel images of all switches in the cluster (Figure 2-2). When CMS is launched from a standalone or non-command member switch, the Front Panel view displays only the front panel of the specific switch (Figure 2-3).
Chapter 2 Getting Started with CMS Front Panel View Cluster Tree The cluster tree (Figure 2-3) appears in the left frame of the Front Panel view and shows the name of the cluster and a list of its members. The sequence of the cluster-tree icons (Figure 2-4) mirror the sequence of the front-panel images. You can change the sequence by selecting View > Arrange Front Panel. The colors of the devices in the cluster tree reflect the status of the devices (Table 2-1).
Chapter 2 Getting Started with CMS Front Panel View Front-Panel Images You can manage the switch from a remote station by using the front-panel images. The front-panel images are updated based on the network polling interval that you set from CMS > Preferences. Note The Preferences window is not available if your switch access level is read-only. For more information about the read-only access mode, see the “Access Modes in CMS” section on page 2-33.
Chapter 2 Getting Started with CMS Front Panel View Redundant Power System LED The Redundant Power System (RPS) LED shows the RPS status (Table 2-2 and Table 2-3).
Chapter 2 Getting Started with CMS Front Panel View Port Modes and LEDs The port modes (Table 2-5) determine the type of information displayed through the port LEDs. When you change port modes, the meanings of the port LED colors (Table 2-6, Table 2-7, and Table 2-8) also change. Note The bandwidth utilization mode (UTL LED) does not appear on the front-panel images. Select Reports > Bandwidth Graphs to display the total bandwidth in use by the switch.
Chapter 2 Getting Started with CMS Front Panel View Table 2-6 Port LEDs on the Catalyst 2912, 2924C, 2924, 2912MF, and 2924M XL Switches 1 Port Mode Port LED Color Description STAT Cyan (off) No link. Green Link present. Blinking green Activity on the port. Port is transmitting or receiving data. Amber Link fault. Error frames can affect connectivity, and errors such as excessive collisions, CRC errors, and alignment and jabber errors are monitored for a link-fault indication.
Chapter 2 Getting Started with CMS Front Panel View Table 2-7 Port Mode LRE 2 STAT LRE Port LEDs on the Catalyst 2900 LRE XL Switches1 Port LED Color Description Cyan (off) No LRE link present on the LRE port. Green LRE link present on the LRE port. Port LED turns green in approximately 10 seconds after the LRE port detects a connection to a Cisco 575 LRE CPE. Amber LRE port on the switch and WALL port on the Cisco 575 LRE CPE unable to establish the rate defined by the assigned profile.
Chapter 2 Getting Started with CMS Front Panel View Table 2-8 Port LEDs on the Catalyst 3500 XL Switches Port Mode Port LED Color Description STATUS Cyan (off) No link. Green Link present. Blinking green Activity on the port. Port is transmitting or receiving data. Amber Link fault. Error frames can affect connectivity, and errors such as excessive collisions, CRC errors, and alignment and jabber errors are monitored for a link-fault indication. Port is not forwarding.
Chapter 2 Getting Started with CMS Front Panel View VLAN Membership Modes Ports in the Front Panel view are outlined by colors (Table 2-9) when you click Highlight VLAN Port Membership Modes on the Configure VLANs tab on the VLAN window (VLAN > VLAN > Configure VLANs). The colors show the VLAN membership mode of each port. The VLAN membership mode determines the kind of traffic the port carries and the number of VLANs it can belong to.
Chapter 2 Getting Started with CMS Topology View Topology View The Topology view displays how the devices within a switch cluster are connected and how the switch cluster is connected to other clusters and devices. From this view, you can add and remove cluster members. This view provides two levels of detail of the network topology: Note • When you right-click a cluster icon and select Expand Cluster, the Topology view displays the switch cluster in detail.
Chapter 2 Getting Started with CMS Topology View Figure 2-6 Expand Cluster View Right-click a link icon to display a link popup menu. Figure 2-7 Right-click a device icon to display a device popup menu. 65722 Cluster members of cluster1 and other devices connected to cluster1. Collapse Cluster View Neighboring cluster connected to cluster1. cluster1 65723 Devices connected to cluster1 that are not eligible to join the cluster.
Chapter 2 Getting Started with CMS Topology View Topology Icons The Topology view and the cluster tree use the same set of device icons to represent clusters, command and standby command switches, and member switches (Figure 2-8).
Chapter 2 Getting Started with CMS Topology View Figure 2-9 Topology-View Link Icons Device and Link Labels The Topology view displays device and link information by using these labels: • Cluster and switch names • Switch MAC and IP addresses • Link type between the devices • Link speed and IDs of the interfaces on both ends of the link When using these labels, keep these considerations in mind: • The IP address displays only in the labels for the command switch and member switches.
Chapter 2 Getting Started with CMS Topology View Colors in the Topology View The colors of the Topology view icons reflect the status of the devices and links (Table 2-10, Table 2-11, and Table 2-12). Table 2-10 Device Icon Colors Icon Color Color Meaning Green Yellow The device is operating. 1 Red1 The internal fan of the switch is not operating, or the switch is receiving power from an RPS. The device is not operating. 1. Available only on the cluster members.
Chapter 2 Getting Started with CMS Menus and Toolbar Menus and Toolbar The configuration and monitoring options for configuring switches and switch clusters are available from the menu bar, toolbar, and the Front-Panel and Topology view popup menus. Menu Bar The menu bar provides the complete list of options for managing a single switch and switch cluster. The menu bar is the same whether or not the Front-Panel or Topology views are displayed.
Chapter 2 Getting Started with CMS Menus and Toolbar • If your cluster has these member switches running earlier software releases and if you have read-only access to these member switches, some configuration windows for those switches display incomplete information: – Catalyst 2900 XL or Catalyst 3500 XL member switches running Cisco IOS Release 12.0(5)WC2 or earlier – Catalyst 2950 member switches running Cisco IOS Release 12.
Chapter 2 Getting Started with CMS Menus and Toolbar Table 2-14 Menu Bar (continued) Menu-Bar Options Task Cluster Cluster Manager3 Launch a CMS session from the command switch. Create Cluster 14 Designate a command switch, and name a cluster. Delete Cluster 15 Delete a cluster. Add to Cluster1 5 Remove from Cluster Add a candidate to a cluster. 15 Standby Command Switches Hop Count2 5 Remove a member from the cluster.
Chapter 2 Getting Started with CMS Menus and Toolbar Table 2-14 Menu Bar (continued) Menu-Bar Options Task Reports Inventory Display the device type, software version, IP address, and other information about a switch. Port Statistics Display port statistics. Bandwidth Graphs Display graphs that plot the total bandwidth in use by the switch. Link Graphs Display a graph showing the bandwidth being used for the selected link. Link Reports Display the link report for two connected devices.
Chapter 2 Getting Started with CMS Menus and Toolbar Table 2-14 Menu Bar (continued) Menu-Bar Options Task Help Overview Obtain an overview of the CMS interface. What’s New Obtain a description of the new CMS features. Help For Active Window Display the help for the active open window. This is the same as clicking Help from the active window. Contents List all of the available online help topics. Legend Display the legend that describes the icons, labels, and links.
Chapter 2 Getting Started with CMS Menus and Toolbar Toolbar The toolbar buttons display commonly used switch and cluster configuration options and information windows such as legends and online help. Hover the cursor over an icon to display the feature. Table 2-15 describes the toolbar options, from left to right on the toolbar. Table 2-15 Toolbar Buttons Toolbar Option Keyboard Shortcut Task Print Ctrl-P Print a CMS window or help file.
Chapter 2 Getting Started with CMS Menus and Toolbar Front Panel View Popup Menus These popup menus are available in the Front Panel view. Device Popup Menu You can display all switch and cluster configuration windows from the menu bar, or you can display commonly used configuration windows from the device popup menu (Table 2-16). To display the device popup menu, click the switch icon from the cluster tree or the front-panel image itself, and right-click.
Chapter 2 Getting Started with CMS Menus and Toolbar Topology View Popup Menus These popup menus are available in the Topology view. Link Popup Menu You can display reports and graphs for a specific link displayed in the Topology view (Table 2-18). To display the link popup menu, click the link icon, and right-click. Table 2-18 Link Popup Menu Popup Menu Option Task Link Report Display the link report for two connected devices.
Chapter 2 Getting Started with CMS Menus and Toolbar Device Popup Menus Specific devices in the Topology view display a specific popup menu: Note • Cluster (Table 2-19) • Command switch (Table 2-20) • Member or standby command switch (Table 2-21) • Candidate switch with an IP address (Table 2-22) • Candidate switch without an IP address (Table 2-23) • Neighboring devices (Table 2-24) The Device Manager option in these popup menus is available in read-only mode on Catalyst 2900 XL and Cataly
Chapter 2 Getting Started with CMS Menus and Toolbar Table 2-22 Device Popup Menu of a Candidate-Switch Icon (When the Candidate Switch Has an IP Address) Popup Menu Option Add to Cluster 1 Device Manager Task Add a candidate to a cluster. 2 Properties Launch Device Manager for a switch. Display information about the device and port on either end of the link and the state of the link. 1. Not available in read-only mode.
Chapter 2 Getting Started with CMS Interaction Modes Interaction Modes You can change the interaction mode of CMS to either guide or expert mode. Guide mode steps you through each feature option and provides information about the parameter. Expert mode displays a configuration window in which you configure the feature options. Guide Mode Note Guide mode is not available if your switch access level is read-only.
Chapter 2 Getting Started with CMS Tool Tips Tool Tips CMS displays a popup message when you move your mouse over these devices: • A yellow device icon in the cluster tree or in Topology view—A popup displays a fault message, such as that the RPS is faulty or that the switch is unavailable because you are in read-only mode. • A red device icon in the cluster tree or in Topology view—A popup displays a message that the switch is down.
Chapter 2 Getting Started with CMS CMS Window Components CMS Window Components CMS windows consistently present configuration information. Figure 2-12 shows the components of a typical CMS window. 65580 Figure 2-12 CMS Window Components OK saves your changes and closes the window. Modify displays a secondary window from which you can change settings. Click a row to select it. Press Shift, and left-click another row to select contiguous multiple rows.
Chapter 2 Getting Started with CMS CMS Window Components Tabs, Lists, and Tables Some CMS windows have tabs that present different sets of information. Tabs are arranged like folder headings across the top of the window. Click the tab to display its information. Listed information can often be changed by selecting an item from a list. To change the information, select one or more items, and click Modify. Changing multiple items is limited to those items that apply to at least one of the selections.
Chapter 2 Getting Started with CMS Accessing CMS Accessing CMS This section assumes the following: • You know the IP address and password of the command switch or a specific switch. This information is either: – Assigned to the switch by following the setup program, as described in the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm).
Chapter 2 Getting Started with CMS Accessing CMS Access Modes in CMS CMS provides two levels of access to the configuration options: read-write access and read-only access. Privilege levels 0 to 15 are supported. • Privilege level 15 provides you with read-write access to CMS. • Privilege levels 1 to 14 provide you with read-only access to CMS. Any options in the CMS windows, menu bar, toolbar, and popup menus that change the switch or cluster configuration are not shown in read-only mode.
Chapter 2 Getting Started with CMS Verifying Your Changes Verifying Your Changes CMS provides notification cues to help you track and confirm the changes you make. Change Notification A green border around a field or table cell means that you made an unsaved change to the field or table cell. Previous information in that field or table cell is displayed in the window status bar. When you save the changes or if you cancel the change, the green border disappears.
Chapter 2 Getting Started with CMS Using Different Versions of CMS Using Different Versions of CMS When managing switch clusters through CMS, remember that clusters can have a mix of switch models using different IOS releases and that CMS in earlier IOS releases and on different switch platforms might look and function differently from CMS in this IOS release. When you select Device > Device Manager for a cluster member, a new browser session is launched, and the CMS version for that switch is displayed.
Chapter 2 Getting Started with CMS Where to Go Next Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 2-36 78-6511-06
C H A P T E R 3 Getting Started with the CLI This chapter provides information that you should know before using the Cisco IOS command-line interface (CLI). If you have never used IOS software or if you need a refresher, take a few minutes to read this chapter before reading the rest of this guide.
Chapter 3 Getting Started with the CLI Command Usage Basics Command Usage Basics This section provides these topics: • “Accessing Command Modes” section on page 3-2 • “Specifying Ports in Interface Configuration Mode” section on page 3-4 • “Abbreviating Commands” section on page 3-4 • “Using the No and Default Forms of Commands” section on page 3-5 • “Redisplaying a Command” section on page 3-5 • “Getting Help” section on page 3-5 For complete information about CLI usage, refer to the Cisco I
Chapter 3 Getting Started with the CLI Command Usage Basics Table 3-1 Command Modes Summary Modes Access Method Prompt Exit Method About This Mode1 User EXEC Begin a session with your switch. switch> Enter logout or quit. Use this mode to • Change terminal settings. • Perform basic tests. • Display system information. Privileged EXEC Enter the enable command while in user EXEC mode. switch# Enter disable to exit. Use this mode to verify commands you have entered.
Chapter 3 Getting Started with the CLI Command Usage Basics Specifying Ports in Interface Configuration Mode To configure a port, you need to specify the interface type, slot, and switch-port number with the interface configuration command.
Chapter 3 Getting Started with the CLI Command Usage Basics Using the No and Default Forms of Commands Almost every configuration command has a no form. In general, use the no form to • Disable a feature or function. • Reset a command to its default values. • Reverse the action of a command. For example, the no shutdown command reverses the shutdown of an interface. Use the command without the no form to reenable a disabled feature or to reverse the action of a no command.
Chapter 3 Getting Started with the CLI Command-Line Error Messages Table 3-2 Help Summary Command Purpose help Obtain a brief description of the help system in any command mode. abbreviated-command-entry? Obtain a list of commands that begin with a particular character string. For example: Switch# di? dir disable abbreviated-command-entry disconnect Complete a partial command name.
Chapter 3 Getting Started with the CLI Accessing the CLI Accessing the CLI This procedure assumes you have already assigned IP information and password to the switch or command switch. You can assign this information to the switch in these ways: • Using the setup program, as described in the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm).
Chapter 3 Getting Started with the CLI Saving Configuration Changes To access the CLI from a web browser, follow these steps: Step 1 Start one of the supported browsers. Step 2 In the URL field, enter the IP address of the command switch. Step 3 When the Cisco Systems Access page appears, click Telnet to start a Telnet session. You can also access the CLI by clicking Web Console - HTML access to the command line interface from the Cisco Systems Access page.
C H A P T E R 4 General Switch Administration This chapter provides these switch administration topics: • Basic IP Connectivity to the Switch, page 4-2 • Switch Software Releases, page 4-2 • Console Port Access, page 4-3 • Telnet Access to the CLI, page 4-4 • HTTP Access to CMS, page 4-5 • SNMP Network Management Platforms, page 4-5 • Default Settings, page 4-8 The following information tends to change and therefore appear only in the release notes.
Chapter 4 General Switch Administration Basic IP Connectivity to the Switch Basic IP Connectivity to the Switch The switch uses IP address information to communicate with the local routers and the Internet. You need assign an IP address to the switch if you plan to use CMS to configure and manage the switch. The switch also requires a secret password.
Chapter 4 General Switch Administration Console Port Access Console Port Access The switch console port provides switch access to a directly-attached terminal or PC or to a remote terminal or PC through a serial connection and a modem. For information about connecting to the switch console port, refer to the switch hardware installation guide. Be sure that the switch console port settings match the settings of the terminal or PC.
Chapter 4 General Switch Administration Telnet Access to the CLI Telnet Access to the CLI This procedure assumes that you have assigned IP information and a Telnet password to the switch or command switch, as described in the latest switch release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). Information about accessing the CLI through a Telnet session is provided in the “Accessing the CLI” section on page 3-7.
Chapter 4 General Switch Administration HTTP Access to CMS HTTP Access to CMS CMS uses Hypertext Transfer Protocol (HTTP), which is an in-band form of communication with the switch through any one of its Ethernet ports and that allows switch management from a standard web browser. The default HTTP port is 80. If you change the HTTP port, you must include the new port number when you enter the IP address in the browser Location or Address field (for example, http://10.1.126.
Chapter 4 General Switch Administration SNMP Network Management Platforms Using FTP to Access the MIB Files You can obtain each MIB file with this procedure: Step 1 Use FTP to access the server ftp.cisco.com. Step 2 Log in with the username anonymous. Step 3 Enter your e-mail username when prompted for the password. Step 4 At the ftp> prompt, change directories to /pub/mibs/supportlists.
Chapter 4 General Switch Administration SNMP Network Management Platforms The SNMP manager uses information in the MIB to perform the operations described in Table 4-1. SNMP Network Get-request, Get-next-request, Get-bulk, Set-request NMS Get-response, traps SNMP Manager Table 4-1 Network device MIB SNMP Agent S1203a Figure 4-1 SNMP Operations Operation Description get-request Retrieves a value from a specific variable. get-next-request Retrieves a value from a variable within a table.
Chapter 4 General Switch Administration Default Settings Default Settings The switch is designed for plug-and-play operation, requiring only that you assign basic IP information to the switch and connect it to the other devices in your network. For information about assigning basic IP information to the switch, see the “Basic IP Connectivity to the Switch” section on page 4-2 and the latest switch release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm).
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where to Change Them (continued) Feature Default Setting Concepts and CLI Procedures CMS Option “Changing IP Information” section on page 6-2. Administration > IP Addresses Device Management Switch IP address, subnet mask, and default gateway 0.0.0.0 Refer to the latest switch release notes (http://www.cisco.com/univercd/cc/td/doc/ product/lan/c2900xl/index.htm). Documentation set for Cisco IOS Release 12.
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where to Change Them (continued) Default Setting Concepts and CLI Procedures Management VLAN VLAN 1 “Management VLANs” section on page 8-3. VLAN > Management VLAN VLAN membership Static“Assigning VLAN Port Membership access ports Modes” section on page 8-5. in VLAN 1 VLAN > VLAN VMPS Configuration – “How the VMPS Works” section on page 8-35.
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where to Change Them (continued) Feature Default Setting Concepts and CLI Procedures CMS Option Flooding Control Storm control Disabled “Configuring Flooding Controls” section on Port > Flooding Control page 7-4. Flooding unknown unicast and multicast packets Enabled “Blocking Flooded Traffic on a Port” section on page 7-5.
Chapter 4 General Switch Administration Default Settings Table 4-2 Default Settings and Where to Change Them (continued) Default Setting Feature Concepts and CLI Procedures CMS Option “Passwords” section on page 5-14 and “Assigning Passwords and Privilege Levels” section on page 6-11. – Security Password None Refer to the latest switch release notes (http://www.cisco.com/univercd/cc/td/doc/ product/lan/c2900xl/index.htm).
C H A P T E R 5 Clustering Switches This chapter provides these topics to help you get started with switch clustering: • Understanding Switch Clusters, page 5-2 • Planning a Switch Cluster, page 5-4 • Creating a Switch Cluster, page 5-17 • Using the CLI to Manage Switch Clusters, page 5-24 • Using SNMP to Manage Switch Clusters, page 5-25 Configuring switch clusters is more easily done from the Cluster Management Suite (CMS) web-based interface than through the command-line interface (CLI).
Chapter 5 Clustering Switches Understanding Switch Clusters Understanding Switch Clusters A switch cluster is a group of connected Catalyst switches that are managed as a single entity. In a switch cluster, 1 switch must be the command switch and up to 15 switches can be member switches. The total number of switches in a cluster cannot exceed 16 switches. The command switch is the single point of access used to configure, manage, and monitor the member switches.
Chapter 5 Clustering Switches Understanding Switch Clusters Standby Command Switch Characteristics A Catalyst 2900 XL or Catalyst 3500 XL standby command switch must meet these requirements: Note • It is running 12.0(5)XP or later. • It has an IP address. • It has CDP version 2 enabled. • It is connected to the command switch through the command-switch management VLAN. • It is redundantly connected to the cluster so that connectivity to member switches is maintained.
Chapter 5 Clustering Switches Planning a Switch Cluster Planning a Switch Cluster Anticipating conflicts and compatibility issues is a high priority when you manage several switches through a cluster.
Chapter 5 Clustering Switches Planning a Switch Cluster Discovery through CDP Hops By using CDP, a command switch can discover switches up to seven CDP hops away (the default is three hops) from the edge of the cluster. The edge of the cluster is where the last member switches are connected to the cluster (for example, the command switch and member switches 8, 9, and 10 in Figure 5-1 are at the edge of the cluster).
Chapter 5 Clustering Switches Planning a Switch Cluster Discovery through Non-CDP-Capable and Noncluster-Capable Devices If a command switch is connected to a non-CDP-capable third-party hub (such as a non-Cisco hub), it can discover cluster-enabled devices connected to that third-party hub. However, if the command switch is connected to a noncluster-capable Cisco device, it cannot discover a cluster-enabled device connected beyond the noncluster-capable Cisco device.
Chapter 5 Clustering Switches Planning a Switch Cluster Discovery through the Same Management VLAN When the cluster has a Catalyst 2900 XL, Catalyst 2950, or Catalyst 3500 XL command switch, all cluster members must connect to it through the command-switch management VLAN, which is VLAN 1 by default. If the cluster members include Catalyst 3550 switches, these member switches must also be connected to the command-switch management VLAN.
Chapter 5 Clustering Switches Planning a Switch Cluster Discovery through Different Management VLANs We strongly recommend that a Catalyst 3550 switch be the command switch when the cluster has Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL member switches. These member switches must connect to each other and to a Catalyst 3550 command switch through their management VLAN, which is VLAN 1 by default.
Chapter 5 Clustering Switches Planning a Switch Cluster Discovery of Newly Installed Switches A new, out-of-the-box switch is set with the default management VLAN, VLAN 1. By default, all access ports on the new switch are assigned to management VLAN 1. To add a new switch to a cluster, it must be connected to the cluster through an access port. When the new switch joins a cluster, its default management VLAN changes to the VLAN of the immediately upstream neighbor.
Chapter 5 Clustering Switches Planning a Switch Cluster HSRP and Standby Command Switches The switch supports Hot Standby Router Protocol (HSRP) so that you can configure a group of standby command switches. Because a command switch manages the forwarding of all communication and configuration information to all the member switches, we strongly recommend that you configure a cluster standby command switch to take over if the primary command switch fails.
Chapter 5 Clustering Switches Planning a Switch Cluster Virtual IP Addresses You need to assign a unique virtual IP address and group number and name to the cluster standby group. This information must be configured on the management VLAN on the active command switch. The active command switch receives traffic destined for the virtual IP address. To manage the cluster, you must access the active command switch through the virtual IP address, not through the command-switch IP address.
Chapter 5 Clustering Switches Planning a Switch Cluster Considerations for Cluster Standby Groups In addition to providing a virtual IP address to the cluster standby group, these requirements apply: • When the command switch is a Catalyst 3550 switch, all standby command switches must be Catalyst 3550 switches or Catalyst 2950 switches running Cisco IOS Release 12.1(6)EA2 or later. When the command switch is a Catalyst 2950 switch running Cisco IOS Release 12.
Chapter 5 Clustering Switches Planning a Switch Cluster Figure 5-6 VLAN Connectivity between Standby-Group Members and Cluster Members Catalyst 3550 primary command switch VLAN 9 Catalyst 3550 switch Management VLAN 9 Si Management VLAN 16 VLAN 9 Catalyst 2900 XL or Catalyst 3500 XL switch VLAN 9 Management VLAN 16 Catalyst 2950 switch VLAN 16 Si Catalyst 3550 multilayer switch Member switches 65280 Si Catalyst 3550 standby Catalyst 2950 passive command switch command switch VLANs 9,16 VL
Chapter 5 Clustering Switches Planning a Switch Cluster Host Names You do not need to assign a host name to either a command switch or an eligible cluster member. However, a host name assigned to the command switch can help to more easily identify the switch cluster. The default host name for the switch is Switch.
Chapter 5 Clustering Switches Planning a Switch Cluster TACACS+ If Terminal Access Controller Access Control System Plus (TACACS+) is configured on the command switch, TACACS+ must also be configured on all member switches to access the switch cluster from CMS. For more information about TACACS+, see the “Configuring TACACS+” section on page 6-51. Access Modes in CMS CMS provides two levels of access to the configuration options: read-write access and read-only access.
Chapter 5 Clustering Switches Planning a Switch Cluster Management VLAN Communication with the switch management interfaces is through the command-switch IP address. The IP address is associated with the management VLAN, which by default is VLAN 1. To manage switches in a cluster, the command switch, member switches, and candidate switches must be connected through ports that belong to the command-switch management VLAN.
Chapter 5 Clustering Switches Creating a Switch Cluster NAT Commands When a cluster is created, Network Address Translation (NAT) commands are added to the configuration file of the command switch. Do not remove these commands. LRE Profiles A configuration conflict occurs if a switch cluster has LRE switches using both private and public profiles. If one LRE switch in a cluster is assigned a public profile, all LRE switches in that cluster must have that same public profile.
Chapter 5 Clustering Switches Creating a Switch Cluster Enabling a Command Switch The switch you designate to be the command switch must meet the requirements described in the “Command Switch Characteristics” section on page 5-2, “Planning a Switch Cluster” section on page 5-4, and the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm).
Chapter 5 Clustering Switches Creating a Switch Cluster Adding Member Switches As explained in the “Automatic Discovery of Cluster Candidates and Members” section on page 5-4, the command switch automatically discovers candidate switches. When you add new cluster-capable switches to the network, the command switch discovers and adds them to a list of candidate switches.
Chapter 5 Clustering Switches Creating a Switch Cluster Add to Cluster Window Select a switch, and click Add. Press Ctrl and leftclick to select more than one switch. 65724 2900-LRE-24-1 Figure 5-9 Enter the password of the candidate switch. If no password exists for the switch, leave this field blank. Using the Topology View to Add Member Switches Thin line means a connection to a candidate switch.
Chapter 5 Clustering Switches Creating a Switch Cluster Creating a Cluster Standby Group The cluster standby group members must meet the requirements described in the “Standby Command Switch Characteristics” section on page 5-3 and “HSRP and Standby Command Switches” section on page 5-10. To create a cluster standby group, select Cluster > Standby Command Switches (Figure 5-10).
Chapter 5 Clustering Switches Creating a Switch Cluster Figure 5-10 Standby Command Configuration Window 2950C (cisco WS-C2950-C-24, HC, ... NMS-3550-12T-149 (cisco WS-C3550-1 3550-150 (cisco WS-C3550-12T, SC, ... Active command switch. Standby command switch. Must be a valid IP address in the same subnet as the active command switch. 65726 Once entered, this information cannot be changed.
Chapter 5 Clustering Switches Creating a Switch Cluster Verifying a Switch Cluster When you finish adding cluster members, follow these steps to verify the cluster: Step 1 Enter the command switch IP address in the browser Location field (Netscape Communicator) or Address field (Microsoft Internet Explorer) to access all switches in the cluster. Step 2 Enter the command-switch password.
Chapter 5 Clustering Switches Using the CLI to Manage Switch Clusters Using the CLI to Manage Switch Clusters You can configure member switches from the CLI by first logging into the command switch. Enter the rcommand user EXEC command and the member switch number to start a Telnet session (through a console or Telnet connection) and to access the member switch CLI. After this, the command mode changes, and the IOS commands operate as usual.
Chapter 5 Clustering Switches Using SNMP to Manage Switch Clusters Using SNMP to Manage Switch Clusters When you first power on the switch, SNMP is enabled if you enter the IP information by using the setup program and accept its proposed configuration. If you did not use the setup program to enter the IP information and SNMP was not enabled, you can enable it as described in the “Configuring SNMP” section on page 6-48. On Catalyst 1900 and Catalyst 2820 switches, SNMP is enabled by default.
Chapter 5 Clustering Switches Using SNMP to Manage Switch Clusters Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 5-26 78-6511-06
C H A P T E R 6 Configuring the System This chapter provides these topics about changing switch-wide configuration settings: • Changing IP Information, page 6-2 • Assigning Passwords and Privilege Levels, page 6-11 • Setting the System Date and Time, page 6-12 • Configuring CDP, page 6-13 • Managing the MAC Address Tables, page 6-15 • Configuring CGMP, page 6-20 • Configuring IGMP Filtering, page 6-23 • Configuring MVR, page 6-27 • Managing the ARP Table, page 6-32 • Configuring STP, pa
Chapter 6 Configuring the System Changing IP Information Changing IP Information You can assign and change the IP information of your switch in these ways: • Using the setup program, as described in the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.
Chapter 6 Configuring the System Changing IP Information Use this procedure to remove the IP information from a switch. Note Using the no ip address command in configuration mode disables the IP protocol stack as well as removes the IP information. Cluster members without IP addresses rely on the IP protocol stack being enabled.
Chapter 6 Configuring the System Changing IP Information DHCP Client Request Process When you boot your switch, the DHCP client can be invoked and automatically request configuration information from a DHCP server under these conditions: • The configuration file is not present on the switch. • The configuration file is present, but the IP address is not specified in it.
Chapter 6 Configuring the System Changing IP Information Configuring the DHCP Server You should configure the DHCP servers with reserved leases that are bound to each switch by the switch hardware address. If the DHCP server does not support reserved leases, the switch can obtain different IP addresses and configuration files at different boot instances.
Chapter 6 Configuring the System Changing IP Information The TFTP server can be on the same or a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a relay device or a router. For more information, see the “Configuring the Relay Device” section on page 6-7. If the configuration filename is provided in the DHCP server reply, the configuration files for a switch can be spread over multiple TFTP servers.
Chapter 6 Configuring the System Changing IP Information Configuring the Relay Device You need to use a relay device if the DHCP, DNS, or TFTP servers are on a different LAN than the switch. You must configure this relay device to forward received broadcast packets on an interface to the destination host. This configuration ensures that broadcasts from the DHCP client can reach the DHCP, DNS, and TFTP servers and that broadcasts from the servers can reach the DHCP client.
Chapter 6 Configuring the System Changing IP Information Obtaining Configuration Files Depending on the availability of the IP address and the configuration filename in the DHCP reserved lease, the switch obtains its configuration information in these ways: • The IP address and the configuration filename is reserved for the switch and provided in the DHCP reply (one-file read method). The switch receives its IP address, subnet mask, and configuration filename from the DHCP server.
Chapter 6 Configuring the System Changing IP Information Example Configuration Figure 6-3 shows a sample network for retrieving IP information using DHCP-based autoconfiguration. Figure 6-3 DHCP-Based Autoconfiguration Network Example Switch 1 Switch 2 Switch 3 Switch 4 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 DHCP server 10.0.0.2 DNS server 10.0.0.3 TFTP server (maritsu) 47571 10.0.0.
Chapter 6 Configuring the System Changing IP Information switch2-confg switch3-confg switch4-confg prompt> cat network-confg ip host switch1 10.0.0.21 ip host switch2 10.0.0.22 ip host switch3 10.0.0.23 ip host switch4 10.0.0.24 DHCP Client Configuration No configuration file is present on Switch 1 through Switch 4. Configuration Explanation In Figure 6-3, Switch 1 reads its configuration file as follows: • It obtains its IP address 10.0.0.21 from the DHCP server.
Chapter 6 Configuring the System Assigning Passwords and Privilege Levels Assigning Passwords and Privilege Levels You can assign the password of your switch in these ways: Note • Using the setup program, as described in the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm) • Manually assigning a password, as described in this section You can change a password only by using the CLI. Your connection with the switch ends when you change the enable secret password.
Chapter 6 Configuring the System Setting the System Date and Time If you enter the enable secret command, the text is encrypted before it is written to the config.text file, and it is unreadable. If you enter the enable password command, the text is written as entered to the config.text file where you can read it. To remove a password, use the no version of the commands: no enable secret or no enable password. For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.
Chapter 6 Configuring the System Configuring CDP Configuring the Network Time Protocol In complex networks, it is often prudent to distribute time information from a central server. The Network Time Protocol (NTP) can distribute time information by responding to requests from clients or by broadcasting time information. For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Chapter 6 Configuring the System Configuring CDP Configuring CDP for Extended Discovery You can change the default configuration of CDP on the command switch to continue discovering devices up to seven hops away. Figure 6-4 shows a command switch that can discover candidates and cluster members up to seven devices away from it. Figure 6-4 also shows the command switch connected to a Catalyst 5000 series switch.
Chapter 6 Configuring the System Managing the MAC Address Tables Managing the MAC Address Tables You can manage the MAC address tables that the switch uses to forward traffic between ports. All MAC addresses in the address tables are associated with one or more ports. These MAC tables include these types of addresses: • Dynamic address: a source MAC address that the switch learns and then drops when it is not in use.
Chapter 6 Configuring the System Managing the MAC Address Tables Changing the Address Aging Time Dynamic addresses are source MAC addresses that the switch learns and then drops when they are not in use. The aging time parameter defines how long the switch retains unseen addresses in the table. This parameter applies to all VLANs. Setting too short an aging time can cause addresses to be prematurely removed from the table.
Chapter 6 Configuring the System Managing the MAC Address Tables MAC Address Notification MAC address notification enables you to track users coming to and going from your network. Whenever a new MAC address is learned or an old MAC address is removed from the switch, an SNMP notification (trap) is generated. If you have many users coming and going from the network, you can set a trap interval time so that traps can be bundled together and sent at regular intervals.
Chapter 6 Configuring the System Managing the MAC Address Tables Switch(config)# snmp-server host 172.20.10.10 Switch(config)# snmp-server enable traps mac-notification Switch(config)# mac-address-table notification interval 60 Switch(config)# mac-address-table notification history-size 100 Switch(config)# interface fastethernet0/4 Switch(config-if)# snmp trap mac-notification added You can verify the previous commands by entering the show mac-address-table notification privileged EXEC command.
Chapter 6 Configuring the System Managing the MAC Address Tables Adding Static Addresses A static address has these characteristics: • It is manually entered in the address table and must be manually removed. • It can be a unicast or multicast address. • It does not age and is retained when the switch restarts. You can determine how a port that receives a packet forwards it to another port for transmission.
Chapter 6 Configuring the System Configuring CGMP Configuring Static Addresses for EtherChannel Port Groups Follow these rules if you are configuring a static address to forward to ports in an EtherChannel port group: • For default source-based port groups, configure the static address to forward to all ports in the port group to eliminate lost packets.
Chapter 6 Configuring the System Configuring CGMP Enabling the Fast Leave Feature The CGMP Fast Leave feature reduces the delay when group members leave groups. When an end station requests to leave a CGMP group, the group remains enabled for that VLAN until all members have requested to leave. With the Fast Leave feature enabled, the switch immediately verifies if there are other group members attached to its ports. If there are no other members, the switch removes the port from the group.
Chapter 6 Configuring the System Configuring CGMP Changing the CGMP Router Hold-Time The router hold-time is the number of seconds the switch waits before removing (aging) a router entry and ceasing to exchange messages with the router. If it is the last router entry in a VLAN, all CGMP groups on that VLAN are removed. You can thus enter a lower router hold-time to accelerate the removal of CGMP groups. Note You can remove router ports before the router hold-time has expired.
Chapter 6 Configuring the System Configuring IGMP Filtering Configuring IGMP Filtering IGMP filtering works with the Multicast VLAN Registration (MVR) feature to allow you to configure profiles of IP multicast groups. You can then associate these profiles with filtering action. IGMP filters are associated with each physical switch port. These filters are applied to all VLANs associated with the physical port.
Chapter 6 Configuring the System Configuring IGMP Filtering Beginning in privileged EXEC mode, follow these steps to create an IGMP profile: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip igmp profile profile number Enter IGMP profile configuration mode, and assign a number to the profile you are configuring. The range is from 1 to 4294967294. Step 3 permit | deny (Optional) Set the action to permit or deny access to the IP multicast address.
Chapter 6 Configuring the System Configuring IGMP Filtering Applying IGMP Filters To control access as defined in an IGMP profile, you apply the profile to the appropriate interfaces. IGMP profiles can be applied to Layer 2 ports only. A profile can be applied to multiple interfaces, but each interface can only have one profile applied to it.
Chapter 6 Configuring the System Configuring IGMP Filtering Setting the Maximum Number of IGMP Groups You can set the maximum number of IGMP groups that a Layer 2 interface can join. Use the no form of this command to set the maximum back to the default, which is no limit. Beginning in privileged EXEC mode, follow these steps to set the maximum number of IGMP groups for an interface: Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 6 Configuring the System Configuring MVR Configuring MVR Multicast VLAN Registration (MVR) is designed for applications using wide-scale deployment of multicast traffic (for example, broadcast of multiple television channels) across an Ethernet ring-based service provider network. MVR allows a subscriber on a port to subscribe and unsubscribe to a multicast stream on the network-wide multicast VLAN.
Chapter 6 Configuring the System Configuring MVR Figure 6-6 Multicast VLAN Registration Example Cisco router Catalyst 2900/3500 XL switch Catalyst 2900/3500 XL switch Multicast server SP SP Catalyst 2900/3500 XL switch SP SP Catalyst 2900/3500 XL switch SP SP1 SP SP2 Multicast data Multicast data S1 RP1 RP2 RP3 RP4 RP5 RP6 RP7 Customer premises Hub IGMP join Set-top box Set-top box TV data TV RP = Receiver Port SP = Source Port TV 47849 PC Note: All source ports belong to the multic
Chapter 6 Configuring the System Configuring MVR Configuration Guidelines and Limitations Follow these guidelines when configuring MVR: • All receiver ports on a switch must belong to the same VLAN and must not be trunk ports. • In applications where the receiver ports represent subscribers to a service, we recommend configuring receiver ports as follows: – Enable protected port on all receiver ports to isolate the ports from one another.
Chapter 6 Configuring the System Configuring MVR Setting MVR Parameters You do not need to set MVR parameters if you choose to use the default settings. If you do want to change the default parameters, you must do so before enabling MVR. Beginning in privileged EXEC mode, follow these steps to configure MVR parameters: Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 6 Configuring the System Configuring MVR Configuring MVR Beginning in privileged EXEC mode, follow these steps to configure MVR: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 mvr Enable MVR on the switch. Step 3 mvr group ip-address [count] Configure an IP multicast address on the switch or use the count parameter to configure a contiguous series of IP addresses.
Chapter 6 Configuring the System Managing the ARP Table Managing the ARP Table To communicate with a device (over Ethernet, for example), the software first must determine the 48-bit MAC or the local data link address of that device. The process of determining the local data link address from an IP address is called address resolution. The Address Resolution Protocol (ARP) associates a host IP address with the corresponding media or MAC addresses and the VLAN ID.
Chapter 6 Configuring the System Configuring STP Configuring STP Spanning Tree Protocol (STP) provides path redundancy while preventing undesirable loops in the network. Only one active path can exist between any two stations. STP calculates the best loop-free path throughout the network. Supported STP Instances You create an STP instance when you assign an interface to a VLAN. The STP instance is removed when the last interface is moved to another VLAN.
Chapter 6 Configuring the System Configuring STP Using STP to Support Redundant Connectivity You can create a redundant backbone with STP by connecting two of the switch ports to another device or to two different devices. STP automatically disables one port but enables it if the other port is lost. If one link is high-speed and the other low-speed, the low-speed link is originally disabled.
Chapter 6 Configuring the System Configuring STP Configuring STP and UplinkFast in a Cascaded Cluster STP uses default values that can be reduced when configuring Catalyst 2900 XL and Catalyst 3500 XL switches in cascaded configurations. If an STP root switch is part of a cluster that is one switch from a cascaded stack, you can customize STP to reconverge more quickly after a switch failure.
Chapter 6 Configuring the System Configuring STP Configuring Redundant Links By Using STP UplinkFast Switches in hierarchical networks can be grouped into backbone switches, distribution switches, and access switches. Figure 6-8 shows a complex network where distribution switches and access switches each have at least one redundant link that STP blocks to prevent loops. If a switch looses connectivity, the switch begins using the alternate paths as soon as STP selects a new root port.
Chapter 6 Configuring the System Configuring STP Enabling STP UplinkFast When you enable UplinkFast, it is enabled for the entire switch and cannot be enabled for individual VLANs. Beginning in privileged EXEC mode, follow these steps to configure UplinkFast: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree uplinkfast max-update-rate pkts-per-second Enable UplinkFast on the switch. The range is from 0 to 1000 packets per second. The default is 150.
Chapter 6 Configuring the System Configuring STP Figure 6-9 Cross-Stack UplinkFast Topology Backbone Spanning tree root Fwd Fwd Link A (Root link) Link B (Alternate redundant link) Link C (Alternate redundant link) 100 or 1000 Mbps 100 or 1000 Mbps 100 or 1000 Mbps Stack root port Alternate stack root port Alternate stack root port Stack port Switch B Stack port Switch C Stack port 47572 Switch A Fwd Multidrop backbone (GigaStack GBIC connections) CSUF implements the Stack Membership D
Chapter 6 Configuring the System Configuring STP Events that Cause Fast Convergence Depending on the network event or failure, fast convergence provided by CSUF might or might not occur. Fast convergence (within 2 seconds under normal network conditions) occurs under these circumstances: • The stack root port link goes down. If two switches in the stack have alternate paths to the root, only one of the switches performs the fast transition.
Chapter 6 Configuring the System Configuring STP Connecting the Stack Ports A fast transition occurs across the stack of switches if the multidrop backbone connections are a continuous link from one GigaStack GBIC to another as shown in Figure 6-10. In addition, follow these guidelines: • Do not connect alternate stack root ports to stack ports. • Only one stack port is supported per switch. • All stack ports on the stack of switches must be connected to the multidrop backbone.
Chapter 6 Configuring the System Configuring STP Configuring Cross-Stack UplinkFast Before enabling CSUF, make sure your stack switches are properly connected. For more information, see the “Connecting the Stack Ports” section on page 6-40. Beginning in privileged EXEC mode, follow these steps to enable CSUF: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree uplinkfast [max-update-rate pkts-per-second] Enable UplinkFast on the switch.
Chapter 6 Configuring the System Configuring STP Changing the STP Parameters for a VLAN The root switch for each VLAN is the switch with the highest priority and transmits topology frames to other switches in the spanning tree. You can change the root parameters for the VLANs on a selected switch. These options define how your switch responds when STP reconfigures itself. Protocol Implementation of STP to use: IBM or IEEE. The default is IEEE.
Chapter 6 Configuring the System Configuring STP Changing the Switch Priority Beginning in privileged EXEC mode, follow these steps to change the switch priority and affect which switch is the root switch. The stp-list is the list of VLANs to which the STP command applies. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree [vlan stp-list] priority Configure the switch priority for the specified spanning-tree instance.
Chapter 6 Configuring the System Configuring STP Changing the Hello BPDU Interval Beginning in privileged EXEC mode, follow these steps to change the hello BPDU interval (hello time). The stp-list is the list of VLANs to which the STP command applies. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree [vlan stp-list] hello-time seconds Specify the interval between hello BPDUs. Step 3 end Return to privileged EXEC mode.
Chapter 6 Configuring the System Configuring STP STP Port States When a port is not forwarding due to STP, it can be in one of these states: • Blocking—Port is not participating in the frame-forwarding process and is not learning new addresses. • Listening—Port is not participating in the frame-forwarding process, but is progressing towards a forwarding state. The port is not learning addresses. • Learning—Port is not forwarding frames but is learning addresses.
Chapter 6 Configuring the System Configuring STP Beginning in privileged EXEC mode, follow these steps to enable the Port Fast feature: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to be configured. Step 3 spanning-tree portfast Enable the Port Fast feature for the port. Step 4 end Return to privileged EXEC mode. Step 5 show running-config Verify your entry.
Chapter 6 Configuring the System Configuring STP Configuring STP Root Guard The Layer 2 network of a service provider (SP) can include many connections to switches that are not owned by the SP. In such a topology, STP can reconfigure itself and select a customer switch as the STP root switch, as shown in Figure 6-11. You can avoid this situation by configuring the root-guard feature on interfaces that connect to switches outside of your customer’s network.
Chapter 6 Configuring the System Configuring SNMP Configuring SNMP This software release supports these Simple Network Management Protocol (SNMP) versions: • SNMPv1—The Simple Network Management Protocol, a Full Internet Standard, defined in RFC 1157. • SNMPv2C, which has these features: – SNMPv2—Version 2 of the Simple Network Management Protocol, a Draft Internet Standard, defined in RFCs 1902 through 1907.
Chapter 6 Configuring the System Configuring SNMP Entering Community Strings Community strings serve as passwords for SNMP messages, permitting access to the agent on the switch. If you are entering community strings for a cluster member, see the “SNMP Community Strings” section on page 5-14. You can enter community strings with these characteristics: Read-only (RO)—Requests accompanied by the string can display MIB-object information.
Chapter 6 Configuring the System Configuring SNMP Catalyst 1900 and Catalyst 2820 switches support up to four trap managers. When you configure community strings for these switches, limit the string length to 32 characters. When configuring traps on these switches, you cannot configure individual trap managers to receive specific traps. Table 6-5 describes the Catalyst 1900 and Catalyst 2820 SNMP traps.
Chapter 6 Configuring the System Configuring TACACS+ Configuring TACACS+ The Terminal Access Controller Access Control System Plus (TACACS+) provides the means to manage network security (authentication, authorization, and accounting [AAA]) from a server. This section describes how TACACS+ works and how you can configure it. For complete syntax and usage information for the commands described in this chapter, refer to the Cisco IOS Release 12.0 Security Command Reference.
Chapter 6 Configuring the System Configuring TACACS+ Beginning in privileged EXEC mode, follow these steps to configure the TACACS+ server: Step 1 Step 2 Command Purpose tacacs-server host name [timeout integer] [key string] Define a TACACS+ host. tacacs-server retransmit retries Enter the number of times the server searches the list of TACACS+ servers before stopping.
Chapter 6 Configuring the System Configuring TACACS+ The variable list-name is any character string used to name the list you are creating. The method variable refers to the actual methods the authentication algorithm tries, in the sequence entered. You can choose one of these methods: • line—Uses the line password for authentication. You must define a line password before you can use this authentication method. Use the password password line configuration command.
Chapter 6 Configuring the System Configuring TACACS+ Starting TACACS+ Accounting You use the aaa accounting command with the tacacs+ keyword to turn on TACACS+ accounting for each Cisco IOS privilege level and for network services. Beginning in privileged EXEC mode, follow these steps to enable TACACS+ accounting: Command Purpose Step 1 configure terminal Enter global configuration mode.
C H A P T E R 7 Configuring the Switch Ports This chapter provides these topics about changing the switch port settings: Note • Changing the Port Speed and Duplex Mode, page 7-2 • Configuring Flooding Controls, page 7-4 • Configuring UniDirectional Link Detection, page 7-7 • Creating EtherChannel Port Groups, page 7-8 • Configuring Protected Ports, page 7-10 • Enabling Port Security, page 7-11 • Configuring SPAN, page 7-13 • Configuring Voice Ports, page 7-14 • Configuring Inline Power
Chapter 7 Configuring the Switch Ports Changing the Port Speed and Duplex Mode Changing the Port Speed and Duplex Mode Caution If you reconfigure the port through which you are managing the switch, a Spanning Tree Protocol (STP) reconfiguration could cause a temporary loss of connectivity. Follow these guidelines when configuring the duplex and speed settings: • Gigabit Ethernet ports are always set to 1000 Mbps but can negotiate full or half duplex with the attached device.
Chapter 7 Configuring the Switch Ports Changing the Port Speed and Duplex Mode Setting Speed and Duplex Parameters Beginning in privileged EXEC mode, follow these steps to set the speed and duplex parameters on a 10/100 port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to be configured. Step 3 speed {10 | 100 | auto} Enter the speed parameter for the port.
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Configuring Flooding Controls You can use these flooding techniques to block the forwarding of unnecessary flooded traffic: • Enable storm control for unicast, multicast, or broadcast packets • Block the forwarding of unicast and broadcast packets on a per-port basis • Flood all unknown packets to a network port (configured only by using CLI) Enabling Storm Control A packet storm occurs when a large number of broadcast, unicast, o
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Disabling Storm Control Beginning in privileged EXEC mode, follow these steps to disable broadcast-storm control. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to configure. Step 3 no port storm-control broadcast Disable port storm control. Step 4 end Return to privileged EXEC mode.
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Resuming Normal Forwarding on a Port Beginning in privileged EXEC mode, follow these steps to resume normal forwarding on a port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to configure. Step 3 no port block multicast Enable unknown multicast forwarding to the port.
Chapter 7 Configuring the Switch Ports Configuring UniDirectional Link Detection Disabling a Network Port Beginning in privileged EXEC mode, follow these steps to disable a network port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to be configured. Step 3 no port network Disable the port as the network port. Step 4 end Return to privileged EXEC mode.
Chapter 7 Configuring the Switch Ports Creating EtherChannel Port Groups Creating EtherChannel Port Groups Fast EtherChannel (FEC) and Gigabit EtherChannel port groups act as single, logical ports for high-bandwidth connections between switches or between switches and servers. Note You can create port groups of either Gigabit Ethernet ports or 100BASE-TX ports, but you cannot create a port group that has both port speeds.
Chapter 7 Configuring the Switch Ports Creating EtherChannel Port Groups Port Group Restrictions on Static-Address Forwarding These restrictions apply to entering static addresses that are forwarded to port groups: • If the port group forwards based on the source MAC address (the default), configure the static address to forward to all ports in the group. This method eliminates the chance of lost packets.
Chapter 7 Configuring the Switch Ports Configuring Protected Ports Configuring Protected Ports Some applications require that no traffic be forwarded by the Layer 2 protocol between ports on the same switch. In such an environment, there is no exchange of unicast, broadcast, or multicast traffic between ports on the switch, and traffic between ports on the same switch is forwarded through a Layer 3 device such as a router.
Chapter 7 Configuring the Switch Ports Enabling Port Security Enabling Port Security Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the group of addresses you have defined. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port.
Chapter 7 Configuring the Switch Ports Enabling Port Security Defining the Maximum Secure Address Count A secure port can have from 1 to 132 associated secure addresses. Setting one address in the MAC address table for the port ensures that the attached device has the full bandwidth of the port. Enabling Port Security Beginning in privileged EXEC mode, follow these steps to enable port security. Command Purpose Step 1 configure terminal Enter global configuration mode.
Chapter 7 Configuring the Switch Ports Configuring SPAN Configuring SPAN You can use Switch Port Analyzer (SPAN) to monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. A SPAN port cannot monitor ports in a different VLAN, and a SPAN port must be a static-access port. You can define any number of ports as SPAN ports, and any combination of ports can be monitored.
Chapter 7 Configuring the Switch Ports Configuring Voice Ports Configuring Voice Ports The Catalyst 2900 XL and Catalyst 3500 XL switches can connect to a Cisco 7960 IP Phone and carry IP voice traffic. If necessary, the Catalyst 3524-PWR XL can supply electrical power to the circuit connecting it to the Cisco 7960 IP Phone. Because the sound quality of an IP telephone call can deteriorate if the data is unevenly transmitted, this release of IOS supports quality of service (QoS) based on IEEE 802.
Chapter 7 Configuring the Switch Ports Configuring Voice Ports Configuring a Port to Connect to a Cisco 7960 IP Phone Because a Cisco 7960 IP Phone also supports connection to a PC or other device, a port connecting a Catalyst 3524-PWR XL switch to a Cisco 7960 IP Phone can carry mixed traffic. There are three configurations for a port connected to a Cisco 7960 IP Phone: • All traffic is transmitted according to the default COS priority of the port. This is the default.
Chapter 7 Configuring the Switch Ports Configuring Voice Ports Configuring Voice Ports to Carry Voice and Data Traffic on Different VLANs The Cisco 7960 IP Phone has an integrated three-port 10/100 switch that can connect to a PC or other device. You can configure a switch port to instruct the phone to forward voice and data traffic on different virtual LANs (VLANs). In this configuration, VLAN 1 carries data traffic, and VLAN 2 carries voice traffic.
Chapter 7 Configuring the Switch Ports Configuring Inline Power on the Catalyst 3524-PWR Ports Configuring Inline Power on the Catalyst 3524-PWR Ports The Catalyst 3524-PWR XL can supply inline power to the Cisco 7960 IP Phone, if necessary. The Cisco 7960 IP Phone can also be connected to an AC power source and supply its own power to the voice circuit. When the Cisco 7960 IP Phone supplies its own power, any Catalyst 2900 XL or Catalyst 3500 XL can forward IP voice traffic to and from the phone.
Chapter 7 Configuring the Switch Ports Configuring Inline Power on the Catalyst 3524-PWR Ports Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 7-18 78-6511-06
C H A P T E R 8 Configuring VLANs This chapter provides these topics about configuring virtual LANs (VLANs): Note • Overview, page 8-2 • Management VLANs, page 8-3 • Assigning VLAN Port Membership Modes, page 8-5 • Assigning Static-Access Ports to a VLAN, page 8-7 • Overlapping VLANs and Multi-VLAN Ports, page 8-7 • Using VTP, page 8-9 • VLANs in the VTP Database, page 8-19 • How VLAN Trunks Work, page 8-25 • Configuring 802.
Chapter 8 Configuring VLANs Overview Overview A virtual LAN (VLAN) is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to stations in the VLAN.
Chapter 8 Configuring VLANs Management VLANs The switches in Table 8-1 support both Inter-Switch Link (ISL) and IEEE 802.1Q trunking methods for transmitting VLAN traffic over 100BASE-T and Gigabit Ethernet ports. The GigaStack GBIC also supports both trunking methods.
Chapter 8 Configuring VLANs Management VLANs Changing the Management VLAN for a New Switch If you add a new switch to an existing cluster and the cluster is using a management VLAN other than the default VLAN 1, the command switch automatically senses that the new switch has a different management VLAN and has not been configured. The command switch issues commands to change the management VLAN on the new switch to match the one in use by the cluster.
Chapter 8 Configuring VLANs Assigning VLAN Port Membership Modes Assigning VLAN Port Membership Modes You configure a port to belong to a VLAN by assigning a membership mode that determines the kind of traffic the port carries and the number of VLANs it can belong to. Table 8-2 lists the membership modes and characteristics. Table 8-2 Port Membership Modes Membership Mode VLAN Membership Characteristics Static-access A static-access port can belong to one VLAN and is manually assigned.
Chapter 8 Configuring VLANs Assigning VLAN Port Membership Modes VLAN Membership Combinations You can configure your switch ports in various VLAN membership combinations as listed in Table 8-3.
Chapter 8 Configuring VLANs Assigning Static-Access Ports to a VLAN Assigning Static-Access Ports to a VLAN By default, all ports are static-access ports assigned to the management VLAN, VLAN 1. You can assign a static-access port to a VLAN without having VTP globally propagate VLAN configuration information (VTP is disabled). Configuring the switch for VTP transparent mode disables VTP.
Chapter 8 Configuring VLANs Overlapping VLANs and Multi-VLAN Ports Figure 8-2 Two VLANs Sharing a Port Connected to a Router VLAN 77 Cisco router VLAN 42 12516 Ports in static-access mode Port in multi-VLAN mode Caution To avoid unpredictable STP behavior and a loss of connectivity, do not connect multi-VLAN ports to hubs or switches. Connect multi-VLAN ports to routers or servers.
Chapter 8 Configuring VLANs Using VTP Using VTP VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. Before you create VLANs, you must decide whether to use VTP in your network.
Chapter 8 Configuring VLANs Using VTP VTP Modes and Mode Transitions You can configure a supported switch to be in one of the VTP modes listed in Table 8-4. Table 8-4 VTP Modes VTP Mode Description VTP server In this mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version) for the entire VTP domain.
Chapter 8 Configuring VLANs Using VTP VTP Advertisements Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port to a reserved multicast address. Neighboring switches receive these advertisements and update their VTP and VLAN configurations as necessary.
Chapter 8 Configuring VLANs Using VTP VTP Pruning Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list.
Chapter 8 Configuring VLANs Using VTP VTP Configuration Guidelines These sections describe the guidelines you should follow when configuring the VTP domain name and password and the VTP version number. Domain Names When configuring VTP for the first time, you must always assign a domain name. All switches in the VTP domain must also be configured with the same domain name.
Chapter 8 Configuring VLANs Using VTP VTP Version Follow these guidelines when deciding which VTP version to implement: • All switches in a VTP domain must run the same VTP version. • A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1 if version 2 is disabled on the version 2-capable switch. Version 2 is disabled by default. • Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version-2-capable.
Chapter 8 Configuring VLANs Using VTP Configuring VTP You can configure VTP through the CLI by entering commands in the VLAN database command mode. When you enter the exit command in VLAN database mode, it applies all the commands that you entered. VTP messages are sent to other switches in the VTP domain, and you enter privileged EXEC mode. If you are configuring VTP on a cluster member switch to a VLAN, first log in to the member switch by using the privileged EXEC rcommand command.
Chapter 8 Configuring VLANs Using VTP Configuring VTP Client Mode When a switch is in VTP client mode, you cannot change its VLAN configuration. The client switch receives VTP updates from a VTP server in the VTP domain and then modifies its configuration accordingly. Caution Do not configure a VTP domain name if all switches are operating in VTP client mode. If you do so, it is impossible to make changes to the VLAN configuration of that domain.
Chapter 8 Configuring VLANs Using VTP Disabling VTP (VTP Transparent Mode) When you configure the switch for VTP transparent mode, you disable VTP on the switch. The switch then does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch does forward received VTP advertisements on all of its trunk links.
Chapter 8 Configuring VLANs Using VTP Disabling VTP Version 2 Beginning in privileged EXEC mode, follow these steps to disable VTP version 2: Command Purpose Step 1 vlan database Enter VLAN configuration mode. Step 2 no vtp v2-mode Disable VTP version 2. Step 3 exit Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode. Step 4 show vtp status Verify that VTP version 2 is disabled. In the display, check the VTP V2 Mode field.
Chapter 8 Configuring VLANs VLANs in the VTP Database Monitoring VTP You monitor VTP by displaying its configuration information: the domain name, the current VTP revision, and the number of VLANs. You can also display statistics about the advertisements sent and received by the switch. Beginning in privileged EXEC mode, follow these steps to monitor VTP activity: Command Purpose Step 1 show vtp status Display the VTP switch configuration information.
Chapter 8 Configuring VLANs VLANs in the VTP Database VLAN Configuration Guidelines Follow these guidelines when creating and modifying VLANs in your network: • A maximum of 250 VLANs can be active on supported switches, but some models only support 64 VLANs. If VTP reports that there are 254 active VLANs, 4 of the active VLANs (1002 to 1005) are reserved for Token Ring and FDDI. • Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode.
Chapter 8 Configuring VLANs VLANs in the VTP Database Table 8-7 FDDI VLAN Defaults and Ranges Parameter Default Range VLAN ID 1002 1–1005 VLAN name VLANxxxx, where xxxx is the VLAN ID No range 802.
Chapter 8 Configuring VLANs VLANs in the VTP Database Table 8-10 Token Ring (TRCRF) VLAN Defaults and Ranges Parameter Default Range VLAN ID 1003 1–1005 VLAN name VLANxxxx, where xxxx is the VLAN ID No range 802.
Chapter 8 Configuring VLANs VLANs in the VTP Database Adding a VLAN Each VLAN has a unique, 4-digit ID that can be a number from 1 to 1001. To add a VLAN to the VLAN database, assign a number and name to the VLAN. For the list of default parameters that are assigned when you add a VLAN, see the “Default VLAN Configuration” section on page 8-20. If you do not specify the VLAN media type, the VLAN is an Ethernet VLAN.
Chapter 8 Configuring VLANs VLANs in the VTP Database Deleting a VLAN from the Database When you delete a VLAN from a switch that is in VTP server mode, the VLAN is removed from all switches in the VTP domain. When you delete a VLAN from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch. You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.
Chapter 8 Configuring VLANs How VLAN Trunks Work How VLAN Trunks Work A trunk is a point-to-point link that transmits and receives traffic between switches or between switches and routers. Trunks carry the traffic of multiple VLANs and can extend VLANs across an entire network. 100BASE-T and Gigabit Ethernet trunks use Cisco Inter-Switch Link (ISL), the default protocol, or industry-standard IEEE 802.1Q to carry traffic for multiple VLANs over a single link.
Chapter 8 Configuring VLANs How VLAN Trunks Work Trunks Interacting with Other Features ISL, IEEE 802.1Q, and ATM trunking interacts with other switch features as described in Table 8-11. Table 8-11 Trunks Interacting with Other Features Switch Feature Trunk Port Interaction Port monitoring A trunk port cannot be a monitor port. A static-access port can monitor the traffic of its VLAN on a trunk port.
Chapter 8 Configuring VLANs How VLAN Trunks Work Configuring a Trunk Port You cannot have multi-VLAN and trunk ports configured on the same switch. For information on trunk port interactions with other features, see the “Trunks Interacting with Other Features” section on page 8-26. Note Because trunk ports send and receive VTP advertisements, you must ensure that at least one trunk port is configured on the switch and that this trunk port is connected to the trunk port of a second switch.
Chapter 8 Configuring VLANs How VLAN Trunks Work Disabling a Trunk Port You can disable trunking on a port by returning it to its default static-access mode. Beginning in privileged EXEC mode, follow these steps to disable trunking on a port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface_id Enter the interface configuration mode and the port to be added to the VLAN.
Chapter 8 Configuring VLANs How VLAN Trunks Work Changing the Pruning-Eligible List The pruning-eligible list applies only to trunk ports. Each trunk port has its own eligibility list. VTP Pruning must be enabled for this procedure to take effect. The “Enabling VTP Pruning” section on page 8-18 describes how to enable VTP pruning.
Chapter 8 Configuring VLANs Configuring 802.1p Class of Service Configuring 802.1p Class of Service The Catalyst 2900 XL and Catalyst 3500 XL switches provide quality of service (QoS)-based IEEE 802.1p class of service (CoS) values. QoS uses classification and scheduling to transmit network traffic from the switch in a predictable manner. QoS classifies frames by assigning priority-indexed CoS values to them and gives preference to higher-priority traffic such as telephone calls.
Chapter 8 Configuring VLANs Load Sharing Using STP Configuring the CoS Port Priorities Beginning in privileged EXEC mode, follow these steps to set the port priority for untagged (native) Ethernet frames: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter the interface to be configured. Step 3 switchport priority default default-priority-id Set the port priority on the interface.
Chapter 8 Configuring VLANs Load Sharing Using STP In this way, trunk 1 carries traffic for VLANs 8 through 10, and trunk 2 carries traffic for VLANs 3 through 6. If the active trunk fails, the trunk with the lower priority takes over and carries the traffic for all of the VLANs. No duplication of traffic occurs over any trunk port.
Chapter 8 Configuring VLANs Load Sharing Using STP Command Purpose Step 16 interface fa0/1 Enter interface configuration mode, and define the interface to set the STP port priority. Step 17 spanning-tree vlan 8 9 10 port-priority 10 Assign the port priority of 10 for VLANs 8, 9, and 10. Step 18 end Return to global configuration mode. Step 19 interface fa0/2 Enter interface configuration mode, and define the interface to set the STP port priority.
Chapter 8 Configuring VLANs Load Sharing Using STP Beginning in privileged EXEC mode, follow these steps to configure the network shown in Figure 8-6: Command Purpose Step 1 configure terminal Enter global configuration mode on Switch 1. Step 2 interface fa0/1 Enter interface configuration mode, and define Fa0/1 as the interface to be configured as a trunk. Step 3 switchport mode trunk Configure the port as a trunk port. The trunk defaults to ISL trunking.
Chapter 8 Configuring VLANs How the VMPS Works How the VMPS Works A switch running this software release acts as a client to the VLAN Membership Policy Server (VMPS) and communicates with it through the VLAN Query Protocol (VQP). When the VMPS receives a VQP request from a client switch, it searches its database for a MAC-address-to-VLAN mapping. The server response is based on this mapping and whether or not the server is in secure mode.
Chapter 8 Configuring VLANs How the VMPS Works VMPS Database Configuration File The VMPS contains a database configuration file that you create. This ASCII text file is stored on a switch-accessible TFTP server that functions as a VMPS server. The file contains VMPS information, such as the domain name, the fall-back VLAN name, and the MAC address-to-VLAN mapping. A Catalyst 2900 XL or Catalyst 3500 XL switch running this software release cannot act as the VMPS.
Chapter 8 Configuring VLANs How the VMPS Works ! !VLAN groups ! !vmps-vlan-group ! vlan-name ! vmps-vlan-group Engineering vlan-name hardware vlan-name software ! !VLAN port Policies ! !vmps-port-policies {vlan-name | vlan-group } ! { port-group | device port } ! vmps-port-policies vlan-group Engineering port-group WiringCloset1 vmps-port-policies vlan-name Green device 192.168.1.
Chapter 8 Configuring VLANs How the VMPS Works Default VMPS Configuration Table 8-13 shows the default VMPS and dynamic port configuration on client switches.
Chapter 8 Configuring VLANs How the VMPS Works Configuring Dynamic Ports on VMPS Clients If you are configuring a port on a member switch as a dynamic port, first log into the member switch by using the privileged EXEC rcommand command. For more information on how to use this command, refer to the Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference. Caution Dynamic port VLAN membership is for end stations. Connecting dynamic ports to other switches can cause a loss of connectivity.
Chapter 8 Configuring VLANs How the VMPS Works Changing the Reconfirmation Interval VMPS clients periodically reconfirm the VLAN membership information received from the VMPS. You can set the number of minutes after which reconfirmation occurs. If you are configuring a member switch in a cluster, this parameter must be equal to or greater than the reconfirmation setting on the command switch. In addition, you must first log into the member switch by using the privileged EXEC rcommand command.
Chapter 8 Configuring VLANs How the VMPS Works Administering and Monitoring the VMPS You can display information about the VMPS by using the privileged EXEC show vmps command. The switch displays this information about the VMPS: VMPS VQP Version The version of VQP used to communicate with the VMPS. The switch queries the VMPS using version 1 of VQP. Reconfirm Interval The number of minutes the switch waits before reconfirming the VLAN-to-MAC-address assignments.
Chapter 8 Configuring VLANs How the VMPS Works Figure 8-7 Dynamic Port VLAN Membership Configuration TFTP server Catalyst 5000 series Primary VMPS Server 1 Switch 1 End station 1 Dynamic-access port Switch 2 Router 172.20.26.150 172.20.22.7 Client 172.20.26.151 Trunk port Secondary VMPS Server 2 Switch 3 Switch 5 Switch 6 Switch 7 Switch 8 Dynamic-access port 172.20.26.154 172.20.26.155 172.20.26.156 172.20.26.157 Client Switch 9 172.20.26.
C H A P T E R 9 Troubleshooting This chapter provides these topics about avoiding and resolving problems related to the switch software: • Avoiding Configuration Conflicts, page 9-2 • Avoiding Autonegotiation Mismatches, page 9-3 • Troubleshooting CMS Sessions, page 9-4 • Determining Why a Switch Is Not Added to a Cluster, page 9-7 • Copying Configuration Files to Troubleshoot Configuration Problems, page 9-8 • Troubleshooting Switch Software Upgrades, page 9-9 • Recovery Procedures, page 9-1
Chapter 9 Troubleshooting Avoiding Configuration Conflicts Avoiding Configuration Conflicts Certain combinations of port features conflict with one another. For example, if you define a port as the network port for a VLAN, all unknown unicast and multicast traffic is flooded to the port. You could not enable port security on the network port because a secure port limits the traffic allowed on it.
Chapter 9 Troubleshooting Avoiding Autonegotiation Mismatches Avoiding Autonegotiation Mismatches The IEEE 802.3u autonegotiation protocol manages the switch settings for speed (10 Mbps or 100 Mbps) and duplex (half or full). Sometimes this protocol can incorrectly align these settings, reducing performance. A mismatch occurs under these circumstances: • A manually set speed or duplex parameter is different from the manually set speed or duplex parameter on the connected port.
Chapter 9 Troubleshooting Troubleshooting CMS Sessions Troubleshooting CMS Sessions Table 9-2 lists problems commonly encountered when using CMS. Note • If your cluster has these member switches running earlier software releases and if you have read-only access to these member switches, some configuration windows for those switches display incomplete information: – Catalyst 2900 XL or Catalyst 3500 XL member switches running Cisco IOS Release 12.
Chapter 9 Troubleshooting Troubleshooting CMS Sessions Table 9-2 Common CMS Session Problems Problem Suspected Cause and Suggested Solution A blank screen appears when you click Cluster Management Suite from the Cisco Systems Access page. A missing browser Java plug-in or incorrect settings could cause this problem. • Note • CMS requires a Java plug-in to function correctly. For instructions on downloading and installing the plug-in, refer to the release notes (http://www.cisco.
Chapter 9 Troubleshooting Troubleshooting CMS Sessions Table 9-2 Common CMS Session Problems (continued) Problem Suspected Cause and Suggested Solution Link graphs do not display information in an Internet Explorer 5.0 browser. Your browser security settings could be incorrect. If your browser security settings are correct, the lower right corner of your browser screen should have a green circle with a checkmark.
Chapter 9 Troubleshooting Determining Why a Switch Is Not Added to a Cluster Determining Why a Switch Is Not Added to a Cluster If a switch does not become part of the cluster, you can learn why by selecting View > Topology. Topology view displays the cluster as a double-switch icon and shows connections to devices outside the cluster (Figure 9-1). Right-click the device (yellow label), and select Disqualification Code.
Chapter 9 Troubleshooting Copying Configuration Files to Troubleshoot Configuration Problems Copying Configuration Files to Troubleshoot Configuration Problems You can use the file system in Flash memory to copy files and to troubleshoot configuration problems. This could be useful if you wanted to save configuration files on an external server in case a switch fails. You can then copy the configuration file to a replacement switch and avoid having to reconfigure the switch.
Chapter 9 Troubleshooting Troubleshooting Switch Software Upgrades Troubleshooting Switch Software Upgrades Table 9-3 lists problems commonly encountered when upgrading the switch: Table 9-3 Problems Encountered When Upgrading the Switch Problem Suspected Cause and Suggested Solution Getting “Address Range” error message and boot up is failing. This error message appears when a 4-MB Catalyst 2900 XL switch is upgraded to an image that is not supported on this hardware.
Chapter 9 Troubleshooting Troubleshooting Switch Software Upgrades Table 9-3 Problems Encountered When Upgrading the Switch (continued) Problem Suspected Cause and Suggested Solution Failed software upgrade; switch is resetting continuously. This might be due to a corrupt or incorrect image, or the image in Flash memory might be missing. Following these steps to recover if the switch is in a reset loop after or during the upgrade. After the upgrade, the switch still boots up with the old image.
Chapter 9 Troubleshooting Recovery Procedures Recovery Procedures The recovery procedures in this section require that you have physical access to the switch.
Chapter 9 Troubleshooting Recovery Procedures Replacing a Failed Command Switch with a Cluster Member Follow these steps to replace a failed command switch with a command-capable member of the same cluster: Step 1 Disconnect the command switch from the member switches, and physically remove it from the cluster. Step 2 Use a member switch in place of the failed command switch, and duplicate its connections to the cluster members.
Chapter 9 Troubleshooting Recovery Procedures Step 14 Enter the IP address of the default gateway, and press Return. IP address of the default gateway: ip_address Step 15 Note Enter a host name for the switch, and press Return. On a command switch, the host name is limited to 28 characters; on a member switch to 31 characters. Do not use -n, where n is a number, as the last character in a host name for any switch.
Chapter 9 Troubleshooting Recovery Procedures snmp community private rw snmp community public ro cluster enable cls_name end Step 22 Verify that the information is correct. • If the information is correct, enter Y at the prompt, and press Return. • If the information is not correct, enter N at the prompt, press Return, and begin again at Step 1. Use this configuration? [yes/no]: y Step 23 Start your browser, and enter the switch IP address that you entered in Step 11.
Chapter 9 Troubleshooting Recovery Procedures Step 7 Enter the switch IP address, and press Return: Enter IP address: ip_address Step 8 Enter the subnet mask, and press Return: Enter IP netmask: ip_netmask Step 9 Enter Y at the next prompt to specify a default gateway (router): Would you like to enter a default gateway address? [yes]: y Step 10 Enter the IP address of the default gateway, and press Return.
Chapter 9 Troubleshooting Recovery Procedures Step 17 The initial configuration is displayed: The following configuration command script was created: ip subnet-zero interface VLAN1 ip address 172.20.153.36 255.255.255.0 ip default-gateway 172.20.153.01 hostname host_name enable secret 5 $1$M3pS$cXtAlkyR3/6Cn8/ line vty 0 15 password telnet_password snmp community private rw snmp community public ro cluster enable cls_name end Step 18 Verify that the information is correct.
Chapter 9 Troubleshooting Recovery Procedures Recovering from a Lost or Forgotten Password Follow the steps in this procedure if you have forgotten or lost the switch password. Step 1 Connect a terminal or PC with terminal emulation software to the console port. For more information, refer to the switch installation guide. Note You can configure your switch for Telnet by following the procedure in the “Accessing the CLI” section on page 3-7.
Chapter 9 Troubleshooting Recovery Procedures Step 10 Boot the system: switch: boot You are prompted to start the setup program. Enter N at the prompt: Continue with the configuration dialog? [yes/no]: N Step 11 At the switch prompt, change to privileged EXEC mode: switch> enable Step 12 Rename the configuration file to its original name: switch# rename flash:config.text.old flash:config.text Step 13 Copy the configuration file into memory: switch# copy flash:config.
Chapter 9 Troubleshooting Recovery Procedures Recovering from Corrupted Software Switch software can be corrupted during an upgrade, by downloading the wrong file to the switch, and by deleting the image file. In all these cases, the switch does not pass the power-on self-test (POST), and there is no connectivity. This procedure uses the XMODEM Protocol to recover from a corrupt or wrong image file.
Chapter 9 Troubleshooting Recovery Procedures Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 9-20 78-6511-06
A P P E N D I X A System Messages This appendix describes the IOS system messages specific for the switch and contains these sections: • Overview, page A-1 • How to Read System Messages, page A-2 • Error Message Traceback Reports, page A-4 • Error Message and Recovery Procedures, page A-4 This switch software release is based on Cisco IOS Release 12.0. It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches.
Appendix A System Messages How to Read System Messages How to Read System Messages System messages begin with a percent sign (%) and are structured as follows: %FACILITY-SUBFACILITY-SEVERITY-MNEMONIC: Message-text • Table A-1 FACILITY is a code consisting of two or more uppercase letters that indicate the facility to which the message refers. A facility can be a hardware device, a protocol, or a module of the system software. Table A-1 lists the system facility codes.
Appendix A System Messages How to Read System Messages Table A-1 Facility Codes (continued) Code Facility Location SW_VLAN VLAN Manager SW_VLAN Messages, page A-35 SYS Operating system SYS Messages, page A-37 TAC Terminal Access Controller Access Control System Protocol TAC Messages, page A-40 TTYDRIVER Terminal driver TTYDRIVER Messages, page A-41 VQPCLIENT Dynamic VLAN VQP client VQPCLIENT Messages, page A-42 VTP Virtual Terminal Protocol VTP Message, page A-45 • SEVERITY is a si
Appendix A System Messages Error Message Traceback Reports The following is a sample system message: %LINK-2-BADVCALL: Interface [chars], undefined entry point Some error messages also indicate the card and slot reporting the error. These error messages begin with a percent sign (%) and are structured as follows: Error Message %CARD-SEVERITY-MSG:SLOT %FACILITY-SEVERITY-MNEMONIC: Message-text where: • CARD is a code that describes the type of card reporting the error.
Appendix A System Messages Error Message and Recovery Procedures AAAA Messages This section contains the TACACS+ authentication, authorization, and accounting security error messages. Error Message AAAA-3-BADCOMM: Trying config command but should not be. Explanation An internal error has occurred. Recommended Action Copy the error message exactly as it appears on the console or in the system log.
Appendix A System Messages Error Message and Recovery Procedures Error Message AAAA-3-INTERNAL_ERROR: [chars] Explanation This is an internal software error. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message AAAA-3-NOSG: No server-group passed through parser. Explanation An internal error has occurred. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on [chars] ([dec]), with [chars] [chars] ([dec]). Explanation CDP discovered a mismatch of native-VLAN configurations. Recommended Action Configure the interfaces to the same native VLAN. CHASSIS Message This section contains the chassis error message. Error Message CHASSIS-5-BLADE_EXTRACT Explanation The message means that the hot-swap switch has been pressed.
Appendix A System Messages Error Message and Recovery Procedures Error Message CMP-5-MGMT_VLAN_CHNG: The management vlan has been changed to [dec] Explanation The management VLAN has been changed. Recommended Action No action is required. CPU_NET Message This section contains the CPU network interface error message. Error Message CPU_NET-0-QUEUE_STUCK: The interface between the CPU and the switch has\nbecome stuck. The switch must now reset to clear this condition\n.Retrieval queue [dec].
Appendix A System Messages Error Message and Recovery Procedures FRANK Messages This section contains the Gigabit Ethernet controller error messages. Error Message FRANK-1-BUFFER_STORE_FAIL: 64B frame storage failure on [chars] Explanation When storing 64-B frames, the controller has ignored the buffer congestion warnings and kept storing until a buffer reject. Hence, the port bandwidth allocation limit was increased to allow the last frame to be stored without rejection.
Appendix A System Messages Error Message and Recovery Procedures Error Message FRANK-1-MODULE_INVALID: Module inserted in slot [int] is invalid\n Explanation The module inserted in the slot does not have a device identification that is a Gigabit Ethernet controller-based module. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message FRANK-3-BIST_PHASE_FAILURE: \n[chars] :Bist Phase Failure \n Explanation The built-in self-test on the controller port has failed. Recommended Action The BIST failure on the controller port will cause the controller port to be disabled due to POST failure. Error Message FRANK-3-FRAME_INVALID: \nException [hex] Seen on Gig Interface [chars]\n Explanation A frame-invalid error was seen on the Gigabit port.
Appendix A System Messages Error Message and Recovery Procedures Error Message FRANK-3-MAINBOARD_INIT_FAILED: Unable to create Mainboard Process\n Explanation The creation of the mainboard process for the controller initialization has failed. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message FRANK-3-STATIC_ADDR_NOT_FOUND: \n[chars] :Static Address Not Found Explanation A static address entry that needs to be deleted from the static address table was not found in the table. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message FRANK-3-VLAN_DESC_EXCEEDED: Out of vlan desc!!\n Explanation There are no unused VLAN descriptors left in the VLAN descriptor table for that VLAN ID. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message GBIC_1000BASET-6-GBIC_1000BASET_NO_CONFIG_SPEED: Configuration ignored. 1000-BaseT GBIC modules only support autonegotiation on speed. Explanation 1000-BaseT GBIC modules only support autonegotiation on speed. Recommended Action No action is required. GigaStack Messages This section contains the Cisco GigaStack Gigabit Interface Converter (GBIC) error messages.
Appendix A System Messages Error Message and Recovery Procedures Error Message GIGASTACK-6-NO_LOOP_DETECT Explanation No acknowledgement for GigaStack loop detection request is received from one of the links on a GigaStack GBIC. Either the neighboring switch does not support the GigaStack loop-breaking algorithm, or the link between the two GigaStack GBICs is broken.
Appendix A System Messages Error Message and Recovery Procedures Error Message HW_MEMORY-3-WRITEMEMFAIL: \n[chars]: Failed to write [chars] to ASIC. Explanation Failed to write memory to hardware. Recommended Action If this is happening with all features on the switch, this is a hardware failure. Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures MAT Messages This section contains the MAC address table error messages. Error Message MAT-1-BADFRAME: A bad packet is received on switch port [chars] Explanation A packet with either a switch error, a network error, or a wrong port number is received by the address learning process. Recommended Action If problems persist, copy the error message exactly as it appears on the console or in the system log.
Appendix A System Messages Error Message and Recovery Procedures Error Message MAT-2-SECURITYREJECT: Security violation occurred on module [dec] port [dec] caused by MAC address [enet] Explanation A packet with an unexpected source address is received on a secure port. Recommended Action Remove the station with the unexpected MAC address from the secure port, or add the MAC address to the secure address table of the secure port. MIRROR Messages This section contains the port monitoring error messages.
Appendix A System Messages Error Message and Recovery Procedures Error Message MODULES-1-MUST_RESET: Transient problem detected with module in slot [dec] which requires reset. Module will be reset and restarted. Explanation A port problem is detected on the module. The module is reset and is restarted. Recommended Action If the module continues to reset and restart, copy the error message exactly as it appears on the console or in the system log.
Appendix A System Messages Error Message and Recovery Procedures PM Messages This section contains the Port Manager error messages. Error Message PM-2-NOMEM: Not enough memory available for [chars] Explanation The Port Manager subsystem could not obtain the memory it needed. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message PM-4-BIT_OUTOFRANGE: bit [dec] is not in the expected range of [dec] to [dec] Explanation An invalid request was detected by the Port Manager. Recommended Action No action is required. Error Message PM-4-BAD_CARD_COOKIE: An invalid card cookie was detected Explanation An invalid request was detected by the Port Manager. Recommended Action No action is required.
Appendix A System Messages Error Message and Recovery Procedures PMSM Messages This section contains the Port Manager state machine error messages. Error Message PMSM-4-BADEVENT: Event ’[chars]’ is invalid for the current state ’[chars]’:[chars] [chars] Explanation The Port Manager subsystem attempted to post an event to a state machine that is invalid for the current state. Recommended Action No action is required.
Appendix A System Messages Error Message and Recovery Procedures PORT_SECURITY Messages This section contains the port security error messages. Error Message PORT_SECURITY-2-SECURITYREJECT Explanation A packet with an unexpected source address is received on a secure port. Recommended Action Remove the station with the unexpected MAC address from the secure port, or add the MAC address to the secure address table of the secure port.
Appendix A System Messages Error Message and Recovery Procedures Error Message PRUNING-1-JOININVLEN: Join rx on trunk [chars]-invalid len: [dec] ([dec]) Explanation No explanation is available at this time. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message PRUNING-3-INVSPTST: Invalid SPT state: [hex] Explanation No explanation is available at this time. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message PRUNING-4-NOBUF: No mbuf to build join Explanation No explanation is available at this time. Recommended Action No action is required. Error Message PRUNING-5-JOINDIFFDOMAIN: Domain [chars] not found in rx Join (trunk [hex]) Explanation No explanation is available at this time. Recommended Action No action is required.
Appendix A System Messages Error Message and Recovery Procedures RAC Message This section contains the router autoconfiguration error message. Error Message RAC-3-RACNOIPL: Cannot find lease information for interface [chars] Explanation An internal error meaning that DHCP-lease information is missing for the interface. Recommended Action Copy the error message exactly as it appears on the console or in the system log.
Appendix A System Messages Error Message and Recovery Procedures RTD Messages This section contains the runtime diagnostic error messages. Error Message RTD-1-ADDR_FLAP [chars] relearning [dec] addrs per min Explanation Normally, MAC addresses are learned once on a port. Occasionally, when a switched network reconfigures, due to either manual or STP reconfiguration, addresses learned on one port are relearned on a different port.
Appendix A System Messages Error Message and Recovery Procedures SNMP Messages This section contains the Simple Network Management Protocol error messages. Error Message SNMP-4-NOENGINEID: Remote snmpEngineID for [IP_address] not found when creating user:[chars] Explanation An attempt to create a user failed. This is probably because the engine ID of the remote agent (or SNMP manager) was not configured. Recommended Action No action is required.
Appendix A System Messages Error Message and Recovery Procedures Error Message SPANTREE-3-PORT_SELF_LOOPED: [chars] disabled. Explanation No explanation is available at this time. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id [dec] on [chars] on vlan [dec]. Explanation No explanation is available at this time. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking [chars] on vlan [dec]. Port consistency restored. Explanation No explanation is available at this time. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures STORM_CONTROL Message Messages This section contains the storm control error message. Error Message STORM_CONTROL-2-SHUTDOWN Explanation Excessive traffic has been detected on a port that has been configured to be shut down if a storm event is detected. Recommended Action When the source of the packet storm has been corrected, re-enable the port by using the port-configuration commands.
Appendix A System Messages Error Message and Recovery Procedures Error Message SW_VLAN-4-BAD_VLAN_CONFIGURATION_FILE_VERSION: VLAN configuration file contained unknown file version:[dec] Explanation The VLAN configuration file read by the VLAN manager contained an unrecognized file version number. (This might mean an attempt to regress to an older version of the VLAN manager software.) Recommended Action No action is required.
Appendix A System Messages Error Message and Recovery Procedures Error Message SW_VLAN-4-VTP_INVALID_EVENT_DATA: VLAN manager received bad data of type [chars]:value [dec] while being called to handle a [chars] event Explanation Invalid data was received by the VLAN Manager from the VTP configuration software. Recommended Action No action is required. Error Message SW_VLAN-6-OLD_CONFIG_FILE_READ: Old version [dec] VLAN configuration file detected and read OK.
Appendix A System Messages Error Message and Recovery Procedures Error Message SYS-2-CHUNKBOUNDSIB: Error noticed in the sibling of the chunk [chars]Chunk index :[dec], Chunk real max :[dec] Explanation A software error occurred. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message SYS-2-INLIST1: Buffer in list, ptr= [hex], caller= [hex] Explanation An internal software error occurred. Recommended Action If this messages recurs, copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output. Explanation Debugging or informational messages are being generated faster than they can be displayed on the console. To guarantee that they can be seen, the rest of the system is paused until the console output catches up. This can break time-critical behavior, such as maintaining an ISDN link.
Appendix A System Messages Error Message and Recovery Procedures Error Message TAC-4-NOTIMEOUT: Warning: This command has been deprecated in favor of the line-command "timeout login response" Explanation This command is deprecated and should no longer be used. The line timeout login response command now provides this functionality. Recommended Action Use the line command timeout login response.
Appendix A System Messages Error Message and Recovery Procedures Error Message TTYDRIVER-2-NOMEM: Unable to allocate [dec] byte status block Explanation The async TTY driver was unable to create an internal structure due to a low-memory condition. Recommended Action Reduce other system activity to ease memory demands. If conditions warrant, upgrade to a larger memory configuration. VQPCLIENT Messages This section contains the Dynamic VLAN VQP client error messages.
Appendix A System Messages Error Message and Recovery Procedures Error Message VQPCLIENT-2-IPSOCK: Could not obtain IP socket Explanation No explanation is available at this time. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message VQPCLIENT-3-THROTTLE: Throttling VLAN change on [chars] Explanation No explanation is available at this time. Recommended Action Copy the error message exactly as it appears on the console or in the system log. Enter the show tech-support command to gather data that might provide information to determine the nature of the error.
Appendix A System Messages Error Message and Recovery Procedures Error Message VQPCLIENT-7-STOPPING: Stopping VQP client Explanation No explanation is available at this time. Recommended Action No action is required. VTP Message This section contains the Virtual Terminal Protocol error message. Error Message VTP-3-ERROR: [chars] Explanation No explanation is available at this time. Recommended Action Copy the error message exactly as it appears on the console or in the system log.
Appendix A System Messages Error Message and Recovery Procedures Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide A-46 78-6511-06
I N D EX accessing (continued) Numerics MIBs 1000BASE-T module, Catalyst 2900 XL 802.
Index addresses (continued) ATM ports MAC duplex and speed adding secure aging time trunks and other features 6-18 VLAN membership 6-16 discovering 6-15, 6-32 ATM trunk mode notification 6-17 authentication tables, managing NTP 6-15 secure 2-12, 8-5 2-12 6-51 authorization, TACACS+ 6-18 described 6-15, 6-18 removing 6-18 6-51 automatic discovery adding member switches static 5-19 considerations adding beyond a non-candidate device 6-19 configuring (EtherChannel) brand n
Index Cisco IP Phones C 1-12 Cisco SoftPhone software c2900/c3500 traps c2900 traps 6-49 CiscoWorks 2000 6-49 Cancel button 2-31 See CoS CLI 5-19 5-4 accessing changing management VLAN for HC 1-5 abbreviating commands automatic discovery defined 8-4 basics 5-3 3-2 5-19 requirements 5-3 managing clusters 5-21 overview why not added 9-7 saving changes See also command switch, cluster standby group, and member switch cascaded configuration, UplinkFast Catalyst 3524-PWR XL 6-35 3
Index clusters, switch (continued) CMS (continued) planning considerations cluster tree automatic discovery 5-4 automatic recovery 5-10 CLI described 2-5 2-1 different versions of displaying system messages 5-24 described error checking 5-4 host names features 5-14 2-2 5-13 Front Panel images LRE profiles 5-17 Front Panel view management VLAN NAT commands network port passwords 5-16 switch-specific features TACACS+ redundancy 5-17 See also candidate switch, command switch, clu
Index commands (continued) port block configuration conflicts, managing 8-26 redisplaying default VLAN 3-5 resetting to defaults port usage basics VMPS VTP 5-10, 5-21 and management configuration conflicts 5-21 8-13 8-14 saving to Flash memory 9-8 8-14 configuration changes, saving 2-34, 3-8 configuration examples, network 5-18 passive (PC) cost-effective wiring closet recovery 1-8 high-performance workgroup network performance 9-11, 9-16 from failure without HSRP network servi
Index configuring (continued) duplex conflicts, configuration consistency checks in VTP version 2 7-2, 7-3 dynamic ports on VMPS clients dynamic VLAN membership flooding controls flow control hops 8-38 access 4-3 command IP information text xv configuring 8-32 login authentication 6-52 management VLAN 8-4 priority 7-15 See CSUF 8-29 CSUF 6-37 configuring 6-11 ports fast convergence causes 7-10 6-11 limitations RMON groups 4-5 overview SNMP 6-48 speed 7-2, 7-3 6-33 Cros
Index device icons DNS Front Panel view Topology view device labels configuring 2-5 described 2-15 enabling 2-16 Device Manager See also Switch Manager DHCP 6-6 documentation, related configuring 2-26 described 1-3, 6-3 xvi 6-6 6-6 specifying 6-4 configuring DHCP server 6-6, 8-13 Domain Name System server 6-5 configuring domain name and DNS 6-6 See DNS configuring relay device 6-7 domains for VLAN management configuring TFTP server 6-5 DTP example configuration 6-8 8-27
Index dynamic port VLAN membership (continued) reconfirming EtherChannel port groups configuring static address for 8-40 troubleshooting 7-8 creating 8-41 VMPS database configuration file dynamic port VLAN membership, reconfirming Dynamic Trunk Protocol 7-9 Ethernet MANs 8-36 8-39 6-20 1-16 Ethernet VLAN, defaults and ranges events group, in RMON 8-20 4-5 examples See DTP dynamic VLAN membership conventions for 8-38 dynamic VLAN VQP client system messages See xv network configuratio
Index flow control, configuring Gigabit Interface Converter 7-3 See GBICs forwarding delay GigaStack system messages 6-42, 6-44 port groups 7-8 global configuration mode restrictions 7-9 graphs resuming 7-6 source-based, illustrated 7-8 See also broadcast storm control forwarding, static address Frank system messages poll result 4-6 guide mode A-10 1-6, 2-28 H 2-6 Front Panel view described 2-8 hardware memory system messages 2-5 See HW_MEMORY system messages 2-4 HC (candidat
Index HW_MEMORY system messages A-17 Internet Group Management Protocol See IGMP filtering Hypertext Transfer Protocol Internet Protocol system messages See HTTP access See IP Inter-Switch Link I See ISL inventory, cluster icons cluster tree 5-23 IOS command-line interface 2-5 See CLI colors cluster tree IOS Release 12.
Index J M Java plug-in configuration MAC addresses 2-1, 4-1, 5-1 adding secure aging time L 6-16 discovering duplex mode LRE mode MAC address notification feature 2-8 MAC address tables, managing 2-8 mac-notification traps 2-8 port (Catalyst 2900 LRE XL) management options 2-10 port (Catalyst 2900 XL, except Catalyst 2900 LRE XL) 2-9 port (Catalyst 3500 XL) port modes CLI RPS 600 2-7 STAT mode 2-8 1-5 1-6 1-6 2-1 changing line configuration mode 3-3 LINE PWR mode LED 2-11
Index member switches accessing multicast packets See flooding controls 8-24 recovering from lost connectivity menu bar 2-18 variations 2-18 Multilink Decomposer window multilink icon CLI error system assigning to VLANs described A-3 MIBs, accessing MVR 8-7 4-5 4-6 mini-point-of-presence 6-31 guidelines 6-29 limitations 6-29 overview 6-27 parameters See POP mirror system messages Mode button 9-3 A-3 2-8 N NAT commands, cluster considerations modes native VLANs access to CMS c
Index network examples large campus 1-7 (continued) parallel links 8-31 passwords 1-14 multidwelling configuration changing 1-16 small to medium-sized network 1-10 Network Management System 6-11 community strings in clusters See NMS in CMS network ports 5-14, 5-19 2-32 recovery of 9-16, 9-17 disabling 7-7 setting enabling 7-6 TACACS+ server switch clusters and trunks path cost 8-26 Network Time Protocol 8-13 6-45, 6-46, 8-33 4-6 planning considerations, switch clusters 3-5
Index port LEDs ports (continued) Catalyst 2900 LRE XL Gigabit Ethernet 2-10 Catalyst 2900 XL, except Catalyst 2900 LRE XL Catalyst 3500 XL port modes port membership modes, VLAN 8-26 priority 6-46, 8-30, 8-31 secure 7-10 7-12, 8-26 security 2-8 2-8 port-monitoring conflicts with trunks 8-26 3-4 port pop-up menu, Front Panel view described 7-11 disabling 7-12 enabling 7-12 specifying in interface configuration mode 2-24 ports speed, setting and checking 802.
Index privilege levels redundant clusters access modes read-only See cluster standby group read-write CMS redundant power system 2-33 See RPS 2-33 Refresh button 2-33 command switch registors system messages 5-24 mapping on member switches setting 5-24 6-11 specifying 1-2, 7-10 relay device, configuring 6-7 releases, switch software 4-2 remote monitoring pruning enabling on a port See RMON 8-29 enabling on the switch overview remove vlan-list parameter 8-18 dynamic address ent
Index SNMP S accessing MIB variables with saving changes in CMS 2-34 SC (standby command switch) secure address count 5-10, 5-21 7-12 adding community strings, configuring 6-49 configuring for single switches 6-48 enabling and disabling secure addresses 6-48 in-band management 6-18 in clusters 1-3 5-14 described 6-18 management, using removing 6-18 managing clusters with secure ports 4-5 5-25 network management platforms address-security violations 7-11 RMON groups 7-12 sys
Index spanning-tree rootguard command speed, setting STP (continued) 6-47 forwarding delay timer 7-2, 7-3 speed mode LED 2-8 Standby Command Configuration window 5-22 standby command switch configuring defined 5-2 priority 5-10 implementation type 6-42 8-31 using path costs 8-33 using port priorities parameters 6-33 changing 5-11 See also cluster standby group and HSRP 6-46 configuring standby group, cluster 8-33 Port Fast See cluster standby group and HSRP static access mode 8
Index SunNet Manager system messages 1-5 switch clustering technology port security 5-1 switch clusters pruning planning considerations LRE profiles RAC management VLAN network port RTD 5-17 See SPAN switch software releases 6-12 2-21, 9-4, A-1 A-8 A-9 GigaStack T A-15 A-16 A-3 2-31 2-31 interface API AAA accounting commands configuring A-17 in clusters A-18 initializing A-18 A-4 mirror A-20 5-15 6-52 6-51 starting accounting 6-54 TACACS+ authentication, authorization, a
Index TACACS system messages traffic See TAC system messages blocking flooded Telnet forwarding, and protected ports access monitoring 4-4 accessing management interfaces accessing the CLI from a browser 3-7 reducing flooded See TTYDRIVER system messages TFTP server, configuring 6-5 time setting A-41 adding 6-49 4-7 6-49 c2900/c3500 6-12 8-11 Token Ring VLANs overview 6-49 configuring c2900 TLV support cluster 6-49 config 6-49 hsrp 8-19 6-49 6-49 TRBRF 8-11, 8-21 mac-no
Index trunks URLs, Cisco allowed-VLAN list ATM user EXEC mode 8-28 configuration conflicts configuring disabling 8-26 V 8-26 8-27 variable fields 8-28 definition Gigabit Ethernet IEEE 802.
Index VLAN Query Protocol VMPS See VQP administering VLANs configuration guidelines 802.
Index VTP 1-4 (continued) domain names domains W 8-13 warnings 8-9 xv web-based management software modes client See CMS 8-10 configurations affecting mode changes configuring server 8-10 window components, CMS wizards 8-16 2-30 1-6, 2-28 8-10, 8-15 transitions 8-10 transparent monitoring X 8-7, 8-10, 8-17 Xmodem protocol 8-19 9-19 pruning enabling 8-18 overview 8-12 pruning-eligible list, changing statistics 8-19 Token Ring support 8-11 transparent mode, configuring usin
