manualshive.com logo in svg

Cisco Catalyst 1900 Series, Brochure

The Cisco Catalyst 1900 Series is a high-performance network switch designed for small to medium-sized businesses. To get started quickly, simply download the free Quick Start Manual from manualshive.com, which provides detailed instructions and setup information. Enhance your network without any hassle by referring to this comprehensive manual.

Share
Download
background image

Item

Network 1

Network 2

Network 3

Network

16

32

48

First Host

17

33

49

Last Host

30

46

62

Broadcast Address

31

47

63

Subnetting using variable length subnet masks (VLSM) seems pretty easy, doesn’t it?

The type of access list defined is identified by the number you assign to the access list. Table 13.3 identifies
the types of access lists that can be configured, along with the associated string of numbers that can be used
with each type.

Table 13.3: The available access list numbers and the associated access list types.

Available Numbers

Access List Type

1 through 99

IP standard

100 through 199

IP extended

200 through 299

Protocol−Type−Code

300 through 399

DECnet

600 through 699

AppleTalk

700 through 799

48−bit Media Access Control (MAC) address

800 through 899

IPX standard

900 through 999

IPX extended

1000 through 1099

IPX Service Advertising Protocol (SAP)

1100 through 1199

Extended 48−bit MAC address

1200 through 1299

IPX summary address

Extended access lists use many of the same configuration rules as standard access lists. An extended access
list allows filtering based on source address, destination address, protocol type, application, or TCP port
number.

Note 

Just as in standard access lists, an implied “deny all” exists at the end of each extended access
list.

The IP extended access list command is more complex than the standard access list command and offers many
more options. The IP extended access list syntax is shown here:

access−list access−list−number {deny|permit} {protocol type}

source−address source−wildcard destination−address destination−wildcard

[protocol specific options|operator] [log]

Tip You can use the syntax any as a parameter to replace the source or destination address; any implies all

addresses. In IPX access lists, A(n−1) indicates an any syntax.

Let’s take a look at the syntax elements for the IP extended access list that are not included in the standard
access list:

access−list−number—For an IP extended access list, the range of possible numbers is 100 to 199.

• 

deny|permit—A permit indicates whether the source will be allowed in or out of an interface. A
deny indicates that the data will be dropped and an ICMP message will be sent to the source address.

• 

protocol type—This syntax element indicates the protocol to match. Possible options include eigrp,
icmp, igrp, ip, nos, ospf, tcp, udp, or any number from 0 to 255.

• 

Tip  The protocol syntax of ip indicates all protocol types.

258

Summary of Contents for Catalyst 1900 Series

Page 1: ......

Page 2: ...ork Road 22 Switched Ethernet Innovations 23 Full Duplex Ethernet 23 Fast Ethernet 23 Gigabit Ethernet 24 The Cisco IOS 24 Connecting to the Switch 25 Powering Up the Switch 25 The Challenges 27 Today s Trend 27 Entering and Exiting Privileged EXEC Mode 28 Entering and Exiting Global Configuration Mode 28 Entering and Exiting Interface Configuration Mode 28 Entering and Exiting Subinterface Config...

Page 3: ...e Console Prompt 43 Entering a Contact Name and Location Information 44 Configuring System and Time Information 44 Configuring an IP Address and Netmask 44 Configuring a Default Route and Gateway 45 Viewing the Default Routes 45 Configuring Port Speed and Duplex 45 Enabling SNMP 46 Configuring Trap Message Targets 46 Configuring a Menu Driven IOS 47 Configuring the Console Port 48 Configuring Teln...

Page 4: ...ame 64 Setting the Time Zone 64 Configuring the Time and Date 64 Configuring the Control and Auxiliary Ports 64 Modifying the Functions of the Control and Auxiliary Ports 64 Configuring the Printing Function 64 Configuring the LAN Interface 64 Accessing the MGX 8850 and 8220 65 Adding New Users 65 Changing Passwords 65 Assigning a Switch Hostname 65 Displaying a Summary of All Modules 66 Displayin...

Page 5: ... CEF 82 Setting Network Accounting for CEF to Collect Packet Numbers 82 Viewing Network Accounting for CEF Statistics 82 Viewing CEF Packet Dropped Statistics 83 Viewing Non CEF Path Packets 83 Disabling Per Destination Load Sharing 83 Viewing the Adjacency Table on the 8500 GSR 83 Clearing the Adjacency Table on the 8500 GSR 83 Enabling Console Session Logging on a Set Clear Command Based IOS 83 ...

Page 6: ...eries 105 Configuring a Trunk Port on a Cisco 5000 Series 105 Mapping VLANs to a Trunk Port 107 Configuring a Trunk Port on a Cisco 1900EN Series 107 Clearing VLANs from Trunk Links on a Cisco 5000 Series 107 Clearing VLANs from Trunk Links on a Cisco 1900EN Series 107 Verifying a Trunk Link Configuration on a 5000 Series 108 Verifying a Trunk Link Configuration on a 1900EN Series 108 Configuring ...

Page 7: ...guring InterVLAN Routing on an RSM 127 Configuring IPX InterVLAN Routing on the RSM 128 Configuring AppleTalk InterVLAN Routing on an RSM 128 Viewing the RSM Configuration 129 Assigning a MAC Address to a VLAN 129 Viewing the MAC Addresses 129 Configuring Filtering on an Ethernet Interface 130 Configuring Port Security on an Ethernet Module 130 Clearing MAC Addresses 131 Configuring the Catalyst 5...

Page 8: ...uring IGMP Snooping 152 Disabling IGMP Snooping 152 Configuring IGMP Fast Leave Processing 152 Disabling IGMP Fast Leave Processing 152 Displaying IGMP Statistics 153 Displaying Multicast Routers Learned from IGMP 153 Displaying IGMP Multicast Groups 153 Configuring CGMP 154 Disabling CGMP 154 Enabling CGMP Fast Leave Processing 154 Disabling CGMP Fast Leave Processing 154 Displaying CGMP Statisti...

Page 9: ...ning LANE 178 Accessing the ATM LANE Module 178 Displaying the Selector Field 178 Configuring the LES BUS 179 Verifying the LES BUS Configuration 179 Configuring a LEC for an ELAN 179 Verifying a LEC Configuration on an ELAN 180 Configuring the LECS 181 Viewing the LANE Database 181 Binding the LECS Address to an Interface 181 Verifying the LECS Configuration 182 Chapter 9 LightStream Switches 183...

Page 10: ...es 202 Bridge Protocol Data Units 203 Root Bridge Selection 205 Spanning Tree Convergence Time 207 STP Port States 208 Per VLAN Spanning Tree 209 EtherChannel 209 Link Failure 210 Port Aggregation Protocol 210 Fast Convergence Components of STP 211 PortFast 211 UplinkFast 211 BackboneFast 212 Enabling STP on a Set Clear Command Based Switch 212 Enabling STP on a Set Clear Command Based Switch for ...

Page 11: ...st on a Set Clear Command Based Switch 223 Disabling PortFast on a Set Clear Command Based Switch 223 Enabling PortFast on a CLI Based IOS Switch 223 Disabling PortFast on a CLI Based IOS Switch 224 Verifying the PortFast Configuration 224 Enabling UplinkFast on a Set Clear Command Based Switch 224 Disabling UplinkFast on a Set Clear Command Based Switch 224 Verifying the UplinkFast Configuration ...

Page 12: ...figuration 240 Viewing the MLS Aging Configuration on a Catalyst 6000 240 Displaying the IP MLS Configuration 240 Viewing MLS RPs 240 Viewing MLS RP Specifics 240 Displaying MLS VTP Domain Information 241 Viewing the MLS VLAN Interface Information 241 Viewing MLS Statistics on the Catalyst 5000 241 Viewing MLS Statistics on the Catalyst 6000 242 Viewing MLS Entries 242 Chapter 12 Hot Standby Routi...

Page 13: ... Telnet Session Time Out Value 267 Implementing Privilege Levels on a 1900EN 267 Configuring Line Console Time Out Values 267 Configuring Banner Messages 268 Enabling HTTP Access 268 Enabling Port Security 269 Displaying the MAC Address Table 270 Chapter 14 Web Management 272 In Depth 272 Standard and Enterprise Edition CVSM 272 CVSM Client Requirements 272 CVSM Access Levels 273 CVSM Default Home...

Page 14: ...ommand Based Switch 322 Testing External Module Hardware on a Set Clear Command Based Switch 323 Viewing the System Configuration on a Set Clear Command Based Switch 323 Viewing the VTP Domain Configuration on a Set Clear IOS 324 Viewing the VTP Domain Configuration on a CLI Based IOS 324 Viewing the VLAN Configuration on a Set Clear Command Based Switch 324 Viewing the VLAN Configuration on a CLI...

Page 15: ...lticast 342 Multilayer Switching 342 Quality of Service 343 Spanning Tree Protocol 343 TACACS 343 VLANs 343 Standards Organizations 343 Cisco Job Search Sites 344 Appendix B Basic IOS CLI to Set Clear Commands 345 Overview 345 Appendix C The Cisco Consultant 347 Overview 347 Establishing Credibility 347 Come Off As an Expert 348 Designing a Solution 348 Estimating the Cost 349 Presenting the Final...

Page 16: ...isco Catalyst 3900 Series 363 Distribution Layer Switches 364 Cisco Catalyst 4000 Series 365 Catalyst 5000 Series 365 Catalyst 6000 Series 366 Core Layer WAN Switches 367 Cisco Catalyst 8400 Series 368 Cisco Catalyst 8500 Series 369 BPX 8600 Series 370 MGX 8800 Series 371 12000 Series Gigabit Switch Routers 372 A 373 B 375 C 376 D 378 E F 380 G I 382 K L 385 M N 386 O P 388 Q R 390 S 391 T 393 U X...

Page 17: ...anty of any kind expressed or implied with regard to these programs or the documentation contained in this book The author and publisher shall not be liable in the event of incidental or consequential damages in connection with or arising out of the furnishing performance or use of the programs associated instructions and or claims of productivity gains Trademarks Trademarked names appear througho...

Page 18: ...arch and refinement into the ways we present information in our books Our books editorial approach is uniquely designed to reflect the way people learn new technologies and search for solutions to technology problems Practical focus We put only pertinent information into our books and avoid any fluff Every fact included between these two covers must serve the mission of the book as a whole Accessi...

Page 19: ...ional certification Acknowledgments It s always exciting when you get to the acknowledgments because that means the book is almost done First off I must thank Erin for putting up with me during the writing of this book She is a wonderful person who is as smart as she is good looking and puts up with a lot of extra responsibility while I am working on books I also need to thank Albert Ip and Hanson...

Page 20: ...later with a great big outline and help from Albert Ip and Hanson Nottingham the book became this Black Book the most feature packed handbook for Cisco switching an administrator can buy Not only do we cover the Cisco Catalyst switching line but we also cover the LightStream ATM switch series Gigabit Switch Router Series GSR and the IGX and MGX WAN switch series Thanks for buying the Cisco Switchi...

Page 21: ... experienced professionals Coriolis Black Books provide immediate solutions to global programming and administrative challenges helping you complete specific tasks especially critical ones that are not well documented in other books The Black Book s unique two part chapter format thorough technical overviews followed by practical immediate solutions is structured to help you use your knowledge sol...

Page 22: ...king that created them This chapter will contain some of the following information The history of networking The different pieces of networking equipment How to identify problems in a flat network topology The how to s and the when to s of upgrading to a switched network When to upgrade your flat topology network Network upgrade planning and basic strategies Two terms to keep in mind when reading ...

Page 23: ...up and running To properly use these devices in your network you must have an in depth knowledge of the issues involved in implementing switching Knowing the basics of Ethernet technology can help you effectively troubleshoot and install switches in the network You also need a good grasp of the different technologies and how switches work as well as the constraints of each type of device you may u...

Page 24: ...rnet products The biggest benefit that makes Ethernet so popular is the large number of technical professionals who understand how to implement and support it Early networks were modeled on the peer to peer networking model These worked well for the small number of nodes but as networks grew they evolved into the client server network model of today Let s take a look at these two models in more de...

Page 25: ... number of data collisions in the network This is when you begin to receive more complaints from the network s users regarding response times and timeouts These are all telltale signs that you need a switched Ethernet network Later in this chapter we will talk more about monitoring networks and solutions to these problems But before we cover how to monitor design and upgrade your network let s loo...

Page 26: ...sed Essentially a repeater consists of a pair of back to back transceivers The transmit wire on one transceiver is hooked to the receive wire on the other so that bits received by one transceiver are immediately retransmitted by the other Repeaters work by regenerating the signals from one segment to another and they allow networks to overcome distance limitations and other factors Repeaters ampli...

Page 27: ...interfaces with some packet buffering and simple logic The bridge receives a packet on one interface stores it in a buffer and immediately queues it for transmission by the other interface The two cables each experience collisions but collisions on one cable do not cause collisions on the other The cables are in separate collision domains Note Some bridges are capable of connecting dissimilar topo...

Page 28: ...evices on multiple segments to broadcast data to all the devices As a result all devices on all segments of the network are now processing data intended for one device Excessive broadcasts reduce the amount of bandwidth available to end users This situation causes bandwidth problems called network broadcast storms Broadcast storms occur when broadcasts throughout the LAN use up all available bandw...

Page 29: ... be expensive Routers are also somewhat limited in their performance especially in the areas of latency and forwarding rates Routers add about 40 percent additional latency from the time packets arrive at the router to the time they exit the router Higher latency is primarily due to the fact that routing requires more packet assembly and disassembly These disadvantages force network administrators...

Page 30: ...enecks Provide deterministic failover for redundancy Allow scalable network growth Provide fast convergence Act as a means to centralize applications and servers Have the capacity to reduce latency Network Design When designing or upgrading your network you need to keep some basic rules of segmenting in mind You segment your network primarily to relieve network congestion and route data as quickly...

Page 31: ...rstand how collision domains and broadcast domains differ Collision Domains A switch can be considered a high speed multiport bridge that allows almost maximum wire speed transfers Dividing the local geographical network into smaller segments reduces the number of interfaces in each segment Doing so will increase the amount of bandwidth available to all the interfaces Each smaller segment is consi...

Page 32: ...Each port becomes its own collision domain Figure 1 5 shows an example of a properly switched network Figure 1 5 An example of a properly switched network Note Switching technology complements routing technology and each has its place in the network The value of routing technology is most noticeable when you get to larger networks that utilize WAN solutions in the network environment Why Upgrade t...

Page 33: ...ry solution or one that will stand the test of time Unshielded Twisted Pair Cable Category 3 unshielded twisted pair UTP is cable certified for bandwidths of up to 10Mbps with signaling rates of up to 16MHz Category 4 UTP cable is cable certified for bandwidths of up to 16Mbps with signaling rates up to 20MHz Category 4 cable is classified as voice and data grade cabling Category 5 cabling is cabl...

Page 34: ... belong to the 5500 6000 and 6500 series The Core layer s only function is to route data between segments and switch blocks as quickly as possible No filtering or queuing functions should be applied at this layer The highest end Cisco Catalyst switches are typically found at this layer such as the 5500 6500 8500 8600 GSR and 12000 GSR series switches How you configure your broadcast and collision ...

Page 35: ... port The switch begins by pulling the frame header into its network interface card buffer As soon as the destination MAC address is known usually within the first 13 bytes the switch forwards the frame out the correct port This type of switching reduces latency inside the switch however if the frame is corrupt because of a late collision or wire interference the switch will still forward the bad ...

Page 36: ... through how bottlenecks affect performance some of the causes of bottlenecks and things to watch out for when designing your network A bottleneck is a point in the network at which data slows due to collisions and too much traffic directed to one resource node such as a server In these examples I will use fairly small simple networks so that you will get the basic strategies that you can apply to...

Page 37: ... In this situation the demand nodes are connected to one switch and the resource nodes are connected to another switch As you add additional users to switch A you ll find out where our bottleneck is As you can see from Figure 1 8 the bottleneck is now on the trunk link between the two switches Even if all the switches have a VLAN assigned to each port a trunk link without VTP pruning enabled will ...

Page 38: ...ssor and an internal route processor An external route processor uses an external router to route data from one VLAN to another VLAN An internal route processor uses internal modules and cards located on the same device to implement the routing between VLANs Now that you have a pretty good idea how a network should be designed and how to monitor and control bottlenecks let s take a look at the gen...

Page 39: ...taneously Because FDX operation uses a dedicated link there are no collisions which greatly simplifies the MAC protocol Some slight modifications in the way the packet header is formatted enable FDX to maintain compatibility with HDX Ethernet You don t need to replace the wiring in a 10BaseT network because FDX operation runs on the same two pair wiring used by 10BaseT It simultaneously uses one p...

Page 40: ...etworks using LAN switches or routers to adapt between the different physical line speeds Because GE is Ethernet only faster network managers will find the migration from Fast Ethernet to Gigabit Ethernet to be as smooth as the migration from Ethernet to Fast Ethernet Avoiding Fork Lift Upgrades Although dedicated switch connections provide the maximum benefits for network users you don t want to ...

Page 41: ...tes a dumb terminal You can use Telnet to connect to any active port on the switch such as an Ethernet or serial port Cisco also allows you to configure the switch by using Switch Manager which is a way of configuring your switch through a Web browser using HTTP This method creates a graphical interface for configuring your switch The Switch Manager allows you to perform most of the same configura...

Page 42: ...Show running system information terminal Set terminal line parameters vlan membership VLAN membership configuration SeansSwitch Finally the following commands are available in Global Configuration mode SeansSwitch config Configure commands address violation Set address violation action back pressure Enable back pressure bridge group Configure port grouping using bridge groups cdp Global CDP config...

Page 43: ...y problems isolated LANs duplication of resources and a lack of network management Implementing a functional internetwork is no simple task You will face many challenges especially in the areas of connectivity reliability network management and flexibility Each area is important in establishing an efficient and effective internetwork The challenge when connecting various systems is to support comm...

Page 44: ...ation Mode From Privileged EXEC mode you can enter Global Configuration mode by using the following command Notice again that the prompt changes for each successive mode Switch enable configure terminal Switch config To exit Global Configuration mode and return to Privileged Exec mode you can use the end or exit command or press Ctrl Z Entering and Exiting Interface Configuration Mode To configure...

Page 45: ...nfiguration the Set Clear IOS based switches are identical to the IOS based CLI The configuration modes allow you to make changes to the running configuration In order to save these changes you must save the configuration There are two types of configuration files Startup configuration files are used during system startup to configure the software and running configuration files contain the curren...

Page 46: ...XL series Catalyst 8500 GSR series Catalyst 12000 GSR series A third type of interface is found on Cisco s legacy switches These devices have a menu driven interface that you use to enter commands The menu selections are fairly intuitive so you don t have to memorize a lot of commands to get around the switches The interface is found on these switches Catalyst 1900 series Catalyst 2820 series Cata...

Page 47: ...s to provide a guarantee of bandwidth for another You can define queuing priorities for different traffic types these priorities can be used in many networking environments that require multiple high priority queues including Internet Protocol IP Internetwork Packet Exchange IPX and System Network Architecture SNA environments Queues are provided dynamically which means that traffic can filter thr...

Page 48: ...esses data traffic and applies security and queuing policies allowing data traffic to be filtered and providing a guarantee of bandwidth availability for certain traffic Core layer Reads headers and forwards traffic as quickly as possible through the network This is its only function This layer needs to have high reliability and availability because any losses at this layer can greatly affect the ...

Page 49: ...ing Remote Network Monitoring Remote Monitoring RMON is an industry standard method used to monitor statistics on a network using Simple Network Management Protocol SNMP RMON allows a network administrator to obtain information about a switch s Layer 1 or Layer 2 statistics This type of information cannot be obtained by using the console port of the switch RMON collects information regarding conne...

Page 50: ...ee a list of available commands use the command Table 2 1 provides a list of the ROM command line interface commands and a brief description of each Table 2 1 ROM command line interface commands Command Description alias Configures and displays aliases boot Boots up an external process confreg Configures the configuration register utility dev Shows device IDs available on a platform dir Shows file...

Page 51: ...ws is very limited One of its most notable limitations is its failure to perform the break command which does not allow you to obtain a lost password from some switches and routers You can download an upgrade to HyperTerminal from the Hilgraeve Web site http www hilgraeve com the upgrade will allow you to use this feature Console Cable Pinouts Two types of RJ 45 cables are used with Cisco switches...

Page 52: ...devices using your rolled or straight through cable To connect a PC to any console cable attach the RJ 45 to DB 9 female Data Terminal Equipment DTE adapter to one of the nine pin serial ports on the PC To attach to a Unix workstation use the RJ 45 to DB 25 Data Communications Equipment DCE adapter female To connect a modem to the console port use the RJ 45 to DB 25 male adapter Note Console port ...

Page 53: ...ble 2 6 shows the connectors most often used for modem connections Table 2 7 shows the connectors most often used with Unix workstation connections to the console port Table 2 6 DCE connector pinouts for an RJ 45 to a DB 25 male RJ 45 DCE 1 5 2 8 3 3 4 7 5 7 6 2 7 20 8 4 Table 2 7 DTE connectors for an RJ 45 to a DB 25 female RJ 45 DTE 1 4 2 20 3 2 4 7 5 7 6 3 7 6 8 5 In the event that you need a ...

Page 54: ...me is configured No passwords are set All ports default to VLAN1 The console port has no IP information No contact name or location information is defined RMON is disabled SNMP traps are disabled SNMP community strings are set Public for read only Private for read write and Secret for read write all access VLAN Trunking Protocol VTP mode is set to Server No VTP domain or password is configured All...

Page 55: ...sion Should the session not receive a character input from the administrator s session for the configured amount of time the session is closed and the administrator using the session is logged out Implementing Privilege Levels Privilege levels can be assigned to limit switch users ability to perform certain commands or types of commands You can configure two types of levels in the IOS user levels ...

Page 56: ...ge level In this example I will use myself and the login name SeanO I ll assign myself a privilege level of 3 To do this use the following command in Global Configuration Mode 5000RSM config privilege configure level 3 seano 5000RSM config 1 You should assign an enable password for each configured privilege level To assign the password a privilege level of 3 use the following command 5000RSM confi...

Page 57: ...t to be 5 minutes and 10 seconds the command is exec timeout 5 10 Configuring the Hostname On a Cisco IOS based switch configure the hostname using the following command in Global Configuration mode Switch config hostname CORIOLIS8500 CORIOLIS8500 Configuring the Date and Time To set the system clock on an IOS based switch and to put it in the PST time zone use the following command CORIOLIS8500 c...

Page 58: ...ame order as discussed from the Global Configuration mode prompt CORIOLIS8500 config snmp server contact Joe Snow CORIOLIS8500 config snmp server location Coriolis Wiring Closet CORIOLIS8500 config snmp server chassis id 987654321 CORIOLIS8500 config snmp server community coriolis Configuring a Set Clear Based CLI Switch In this section you ll walk through the basic configuration of the Set Clear ...

Page 59: ...r EXEC mode change For security purposes the password will be masked To change the Privileged EXEC mode password enter the following set the password as noone Console enable set enablepass Enter old password press enter Enter new password noone Retype new password noone Password changed 2 Tip At any time you can type or help to access the CLI help facility For help on specific commands you can ent...

Page 60: ...ommand Console enable set interface sc0 2 68 187 127 1 255 255 255 0 Interface sc0 vlan set IP address and netmask set Note It is only necessary to enter the broadcast address if the address entered is something other than a Class A B or C address Serial Line Internet Protocol SLIP access can also be set up for the console port SLIP is an older method of connecting to network devices When you conf...

Page 61: ...d primary default gateway The rest become secondary in the event of a network problem as shown here Console enable set ip route default 68 187 127 1 Route added Console enable set ip route default 68 187 127 2 primary Route added Viewing the Default Routes The following command allows you to see the default routes on both the Cisco IOS based command line interfaces Console enable show ip route Fra...

Page 62: ...s of rights The levels can be defined with community string configuration or by trap receivers as follows Read only Allows management stations to read the SNMP information but make no configuration changes Read write Allows management stations to set SNMP parameters on the switch with the exception of community strings Read write all Allows complete access to the switch The SNMP management station...

Page 63: ...to configure the switch choose the Configuration option You are presented with two options You can choose either Serial Link Configuration to configure the console port or Telnet Configuration to configure Telnet When you enter the Configuration menu you will notice that you are given the option to configure your switch for options that are not available without certain add on or module cards for ...

Page 64: ...allows you to configure three options The number of Telnet sessions allowed simultaneously from 0 to 5 The switch to disallow new Telnet sessions The ability to terminate all Telnet sessions 2 Tip Disallowing new Telnet sessions is a great feature to invoke when you are configuring or upgrading the switch That way another administrator can t come in and try to change the configuration while you ar...

Page 65: ...ncern ourselves with the configuration necessary to receive information to our SNMP management station 2 Choose the option Community Strings The screen shown in Figure 2 7 will appear 3 Figure 2 7 The Community Strings configuration screen You have five options at the bottom of the screen Return Automatically saves the configuration and returns to the Main menu Add Entry Allows you to add an SNMP ...

Page 66: ...is enabled for the first 60 seconds after cycling the power on the switch Enter ROM mode through a terminal server using Telnet or another terminal emulation program Enter the break command as soon as the power is cycled on the switch ROM monitor has its own unique prompt that informs you when you have entered ROM monitor mode The prompt you will see when you have entered ROM configuration mode is...

Page 67: ...as errors detected and packet lengths received 1 Configure the SNMP community using this command set snmp community read only read write read write all community string 2 Assign the SNMP log server responsible for receiving traps with this command 3 set snmp trap hostaddress community string Configuring RMON on a Set Clear Based Interface To configure RMON on a Set Clear based interface perform th...

Page 68: ...mber of commands n Repeats command n in the list zzz Repeats the command that starts with the zzz string zzz Repeats the command containing the zzz string yyy zzz Replaces the string yyy with zzz in the previous command zzz Adds the string zzz to the previous command n zzz Adds the string zzz to command n yyy zzz Adds the string zzz to the end of the command that begins with yyy yyy zzz Adds the s...

Page 69: ...aracter Ctrl K Deletes all characters to the end of the line Ctrl L Redisplays the system prompt and command line Ctrl T Transposes the character to the left of the cursor with the character at the cursor Ctrl U Deletes all characters to the beginning Ctrl V Indicates that the next keystroke is a command Ctrl W Deletes to the left of the cursor Ctrl Y Recalls the most recently deleted command Ctrl...

Page 70: ...identify the beginning and the end of the frame a timing mechanism is used The timing can be either synchronous or asynchronous Synchronous signals utilize an identical clock rate and the clocks are set to a reference clock Asynchronous signals do not require a common clock the timing signals come from special characters in the transmission stream Asynchronous serial transmissions put a start bit ...

Page 71: ...ls ATM also enables Quality of Service QoS Cells can be assigned different levels of priority If there is any point of congestion cells with higher priority will have preference to the bandwidth ATM is the most widely used WAN serial transmission method Note ATM is covered in more detail in Chapter 8 WAN Transmission Media The physical transmission media that carry the signals in WAN are divided i...

Page 72: ...ingle light wave powered by a laser is used to generate the transmission Single mode can be used for distances up to 45 kilometers it has no known speed limitation Figure 3 2 shows an example of a single mode fiber Figure 3 2 Single mode fiber Multimode fiber Has a core of 62 5 microns and a cladding of 125 microns Multiple light waves powered by a light emitting diode LED are used to power the tr...

Page 73: ...8800 series wide area edge switches MGX 8200 Series The Cisco MGX 8200 series is designed to function as a WAN edge device It combines multiple narrowband transmissions into a single broadband trunk It functions as a standalone unit to connect to the ATM network or it can be used as a feeder device to other WAN switches The series consists of the MGX 8220 Edge Concentrator the MGX 8240 Private Lin...

Page 74: ...can use any of the module interfaces as the trunk connection to an edge device The speed ranges from 256Kbps to OC 3 The IGX also has advanced switching and routing capabilities It uses a distributed intelligence algorithm to route new connections and react to failures in transmission media It provides full control of network resources with multiple classes of service and it can provide different ...

Page 75: ...e switch enables you to move it closer to the core It has the greatest flexibility of all the WAN switches It has 32 single height 16 double height module slots Two of the double height slots are reserved for redundant processor switch modules 4 single height slots are reserved for optional value added service resource modules and 24 single height slots are reserved for interface modules The throu...

Page 76: ...lat WAN network In a tiered network the core WAN switches have to route traffic for other nodes This design utilizes edge switches as feeders to the network The feeders aggregate multiple narrowband transmissions into broadband trunk connections to the core switches The edge switches can be right next to the core switch or they can be miles apart The IGX series and the MGX 8800 series can be confi...

Page 77: ...ge level chassis model system software version and date time time zone The display portion shows the result and the last command given The input portion has a prompt for your next command You can enter commands on the CLI in three ways Via a menu Pressing the Esc key opens a menu you highlight a command using the arrow keys and press Enter to issue the command In response to prompts A prompt will ...

Page 78: ...t at 9600bps with no parity eight data bits one stop bit and no flow control hardware or software Adding New Users Anyone can add a user account The new user must have a lower privilege level than the user account s creator User accounts and passwords are global in the network when you create a user account on one node that user account can access any other node in the network To add a user use th...

Page 79: ...el for this command is 6 This command s display is different on the IGX than on the BPX The IGX displays the power supply type and status actual cabinet temperature temperature alarm threshold and monitor status the BPX displays the ASM status AC power supply and status and fan speed Displaying the ASM Statistics for BPX To have the BPX s ASM provide environment information and statistics use the ...

Page 80: ...ng the Control and Auxiliary Ports The command cnfterm sets the transmission characteristics of the control port and auxiliary port You can set the baud rate parity data bits stop bits and flow control You cannot change just one parameter you must enter all the parameters after the command separated by spaces This is a privilege level 6 command Modifying the Functions of the Control and Auxiliary ...

Page 81: ...owercase except for Help Adding New Users The adduser command will create a new user who can access the switch MGX 1 3 ASC a adduser user 2 MGX 1 3 ASC a The user must have a lower privilege level than the user creating the account The privilege level for this command is 6 Changing Passwords The MGX 8220 and MGX 8850 use different commands for changing user passwords You can change the password of...

Page 82: ...ust use a 24 hour clock MGX2 1 3 ASC a cnftime cnftime hh mm ss Time hh mm ss MGX2 1 3 ASC a cnftime 15 23 00 To change the date on the switch use the command cnfdate followed by the date in month first format MGX2 1 3 ASC a cnfdate cnfdate mm dd yyyy Date mm dd yyyy MGX2 1 3 ASC a cnfdate 09 24 2000 Displaying the Configuration of the Maintenance and Control Ports The command xdsplns with the par...

Page 83: ...e IP address msk The network mask bc The broadcast address This command has a privilege level of 1 Displaying the Alarm Level of the Switch The command dspshelfalm is used to display the alarm level and current status of the temperature power supply fans and voltage This is a level 6 command This command provides the following information for each alarm type the threshold severity measurable tempe...

Page 84: ...nd still maintain reliable and acceptable limits of throughput The Set Clear command based Command Line Interface CLI switches also known as Crescendo Interface switches found in the Cisco Catalyst 2900G 5000 5500 6000 and 6500 series of switches give the best example of how the Broadcast and Unknown Server BUS ASICs Arbiters and logic units work inside the switch Let s look at Figure 4 1 which sh...

Page 85: ...ok at the three queuing components input queuing output queuing and shared buffering Input Queuing Input queuing is the simpler of the two forms of queuing The frame is buffered into the port s buffer until it becomes its turn to enter the bus When the frame enters the bus the exit port must be free to allow the frame to exit If another frame is exiting the port a condition called head of line blo...

Page 86: ... has expired The default TTL at which entries are removed is 300 seconds this time can be set from 1 to 20 minutes The EARL ASIC tags each frame as it arrives at the switch before the frame is buffered This tagging includes the source port s identity the VLAN and a checksum This tagging should not be confused with the tagging used in trunking for Inter Switch Link ISL or 802 1Q discussed in Chapte...

Page 87: ... the Supervisor Engine The LCP automatically boots from read only memory ROM and is an 8051 processor Immediately upon boot up the ASIC forwards an information package called a Resetack to the MCP Resetack includes information regarding the switch s boot diagnostics and module information This information is then forwarded from the MCP to the Network Management Processor NMP MCP The Master Communi...

Page 88: ...ot belong to the same VLAN as the port of arrival This ASIC aids STP in deciding which ports to block and which ports to place in the learning listening or forwarding modes Other Cisco Switch Processors Buses ASICs and Logic Units In addition to the items we just discussed other ASICs and significant components are used in the Cisco 5000 architecture as well as that of other Cisco Catalyst and Gig...

Page 89: ...ss to data traffic on each port The CEF microprocessor also has the responsibility to forward system messages back to the centralized CPU These messages can include such data as Bridge Protocol Data Units BPDUs routing protocol advertisements Internet Protocol IP Address Resolution Protocol ARP frames Cisco Discovery Protocol CDP packets and control type messages CEF is a very complex ASIC that is...

Page 90: ...pedite switching in certain instances Let s look at these instances and the conditions in which other adjacencies are used Null adjacency Packets destined for a Null0 The Null0 address is referred to as the bit bucket Packets sent to the bit bucket are discarded This is an effective form of access filtering Glean adjacency A node connected directly to more than one host such as a multihomed PC In ...

Page 91: ... 5 and 10 through 12 are connected to bus C The placement of line modules in the chassis becomes important You will learn more about this topic in Chapter 6 LCP The LCP is located on each line module It is the responsibility of the LCP to provide communications for the MCP located on the Supervisor Engine SAGE ASIC The Synergy Advanced Gate Array Engine SAGE ASIC performs the same functions as the...

Page 92: ...aintains a routing table building tables composed of destination addresses It has the ability to switch network packets based upon a match of the destination address such as those used with IP IPX and AppleTalk TB tables are built differently than routing tables Whereas routing tables rely heavily on routing protocols to learn about foreign networks TB tables learn the location of each MAC address...

Page 93: ...services Transparent bridges and switches acquire knowledge of the network by looking at the source address of all frames coming into their interfaces The bridge then creates a table based on the information from the frames it received If a host sends a frame to a single host on another port then if the bridge or switch has learned the port the destination resides on and it is on the local switch ...

Page 94: ...on switching Optimum switching Distributed switching NetFlow switching Process Switching Process switching uses the processor to determine the exit port for every packet As a packet that needs to be forwarded arrives on an interface it is copied to the router s process buffer where the router performs a lookup based on the Layer 3 destination address and calculates the Cyclic Redundancy Check CRC ...

Page 95: ... replacement for fast switching Distributed Switching Distributed switching is used on the VIP cards which use a very efficient switching processor Processing is done right on the VIP card s processor which maintains a copy of the router s own route cache This is another switching type in which the route processor is never copied with the packet header All the processing is off loaded to the VIP c...

Page 96: ...onsole or logging to a given Telnet session When you disable or enable logging to console sessions the enable state is applied to all future console sessions In contrast when you disable or enable logging to a Telnet session the enable state is applied only to that session Most enterprise network configurations include a Unix based or Windows based system log server to log all messages from the de...

Page 97: ... register boot command rommon This syntax forces the switch to remain in ROM Monitor mode at startup bootflash This syntax causes the switch to boot from the first image stored in Flash memory system This syntax allows the switch to boot from the image specified in the BOOT environment variable To set the configuration register boot field use the following command in Privileged EXEC mode set boot ...

Page 98: ...he following command ip load sharing per packet Disabling CEF Load Balancing To disable per packet sharing use the following command no ip load sharing per packet Enabling Network Accounting for CEF To enable network accounting for CEF on the 8500 GSR to collect the numbers of packets and bytes forwarded to a destination use the following command ip cef accounting per prefix Setting Network Accoun...

Page 99: ...r destination Viewing the Adjacency Table on the 8500 GSR The following command allows you to display the adjacency table on the Cisco 8500 GSR show adjacency The following command will allow you to get a more detailed look at the Layer 2 information adjacencies learned by the CEF ASIC show adjacency detail Clearing the Adjacency Table on the 8500 GSR To clear the adjacency table on a Cisco 8500 G...

Page 100: ...session disable System logging messages will not be sent to the current login session Catalyst5000 enable Setting the System Message Severity Levels on a Set Clear Command Based IOS The severity level for each logging facility can be set using the set logging level command Use the default keyword to make the specified severity level the default for the specified facilities If you do not use the de...

Page 101: ...ased Switch By default the logging buffer will hold 1 024 messages in memory If you do not want to keep this many in memory either to conserve memory or because they are not needed use the set logging buffer command followed by the net buffer size set logging buffer 2048 Clearing the Server Logging Table To clear a syslog server table use the clear logging server command followed by the server IP ...

Page 102: ... disabled server facility LOCAL7 server severity warnings 4 Facility Default Severity Current Session Severity acl 2 2 cdp 4 4 cops 2 2 dtp 5 5 dvlan 2 2 earl 2 2 filesys 2 2 gvrp 2 2 ip 2 2 kernel 2 2 ld 2 2 mcast 2 2 mgmt 5 5 mls 5 5 pagp 5 5 protfilt 2 2 pruning 2 2 privatevlan 2 2 qos 2 2 radius 2 2 rsvp 2 2 security 2 2 snmp 2 2 spantree 2 2 sys 5 5 tac 2 2 tcp 2 2 telnet 2 2 tftp 2 2 udld 4 ...

Page 103: ... 2 is online 2000 Aug 21 09 42 16 PAGP 5 PORTTOSTP Port 2 1 joined bridge port 2 1 2000 Aug 21 09 42 16 PAGP 5 PORTTOSTP Port 2 2 joined bridge port 2 2 Catalyst5000 enable To display the last five messages in the buffer use this code Catalyst5000 enable show logging buffer 5 PAGP 5 PORTFROMSTP Port 3 1 left bridge port 3 1 SPANTREE 5 PORTDEL_SUCCESS 3 2 deleted from vlan 1 PAgP_Group_Rx PAGP 5 PO...

Page 104: ...s in your switches to implement routing and filtering can improve your network s performance Let s begin with a quick review of a flat topology network The Flat Network of Yesterday The flat topology network was discussed in Chapter 1 As you will remember a flat topology is a LAN connected by bridges and hubs Every node in the network sees the data being passed by every other node on the network T...

Page 105: ...ue to broadcasts collisions and network utilization Why Use VLANs VLANs are used to segment the network into smaller broadcast domains or segments The primary reason to segment your network is to relieve network congestion and increase bandwidth Segmentation is often necessary to satisfy the bandwidth requirements of a new application or a type of information the network needs to be able to suppor...

Page 106: ...ta from one VLAN can use one link and another VLAN can use the second redundant link A VLAN would use the other link only during a link failure in the network in this case the VLANs assigned to the lost link would converge and use the link that was still available A Properly Switched Network Let s take a look at how a properly switched network should look This network implements the switches using...

Page 107: ... If one VLAN wants to talk to another the process must be routed at Layer 3 This arrangement effectively stops broadcasts from propagating through the entire internetwork Security is also a benefit of VLANs and switches A flat Layer 2 network has almost no security Users on every network device can see the conversations that take place between all users and devices on the network Using certain sof...

Page 108: ... should design and scale your VLAN infrastructure We ve already discussed access to resources and group commonality now let s take a look at the following VLAN boundaries VLAN membership types Traffic patterns flowing through the network IP addressing used in the network Cisco s VLAN recommendations VLAN Boundaries VLANs can be broken into two different types of boundaries local and end to end A l...

Page 109: ...o use network management software such as CiscoWorks for Switched Internetworks CWSI to configure the ports on the switch A dynamic VLAN determines a node s VLAN assignment automatically using a VLAN Membership Policy Server VMPS service to set up a database of Media Access Control MAC addresses This database can be used for dynamic addressing of VLANs VMPS is a MAC address to VLAN mapping databas...

Page 110: ...ch that the frame reaches must be able to identify the VLAN the frame is a member of based on the tagging information in order to determine what to do with the frame and how to apply it to the filtering table Because the trunk link uses frame tagging to identify which VLAN a frame belongs to each device connecting to the trunk link must be able to interpret and read this VLAN tag Intel has created...

Page 111: ...ose standards created and submitted for standardization by Cisco to enhance VLANs in their route processors and other switching products Organizations install high speed switched networks in order to create a network that can efficiently handle the growing demands of software and hardware applications These installations can cause some unexpected problems in the network Some of the standards discu...

Page 112: ...understand that ISL VLAN information is added to a frame only if the frame is forwarded out a port configured as a trunk link The ISL encapsulation is removed from the frame if the frame is forwarded out an access link ISL is an external tagging process The original frame is not altered it is encapsulated within a new 26 byte ISL header This tagging adds a new 4 byte frame check sequence FCS at th...

Page 113: ...onfigurations throughout the network by propagating the VLAN mapping scheme of the VTP domain across the network using many different physical media types VTP provides for plug and play type connections when you add additional VLANs It also provides tracking monitoring and reporting of VLANs in the network In order to allow VTP to manage your VLANs across the switched internetwork you must first d...

Page 114: ...itches will only forward messages and advertisements the switches will not add any new information received to its own database Version 1 allows switches to check the domain name and version before forwarding Version 2 allows switches to forward VTP messages and advertisements without checking the version number Unrecognized Type Length Value If a VTP advertisement is received and has an unrecogni...

Page 115: ...VTP management domain to update their databases There are two types of VTP management domain advertisements Server originating advertisements Request advertisements from clients needing VLAN information upon power cycling or bootup Each advertisement has a revision number The revision number is one of the most important parts of the VTP advertisement As a VTP database is modified the VTP server in...

Page 116: ...re as follows Client mode Server mode Transparent mode Client Mode Client mode allows the switch to have the same functions as server mode with the exception that it cannot change any VLAN information A switch in client mode cannot create modify or delete VLANs on any VTP client or switch except when it receives an advertisement from a switch operating in server mode It can however advertise its o...

Page 117: ...e frame exits the access link port or ports belonging to the identified VLAN Dynamic Trunking Protocol The Dynamic Trunking Protocol DTP is another way of allowing trunk links to carry VLAN tagged frames across multiple switches or routers DTP manages trunk negotiation in the Catalyst Supervisor Engine software releases 4 2 and later With previous versions of the Catalyst Supervisor Engine softwar...

Page 118: ...2 device known as a router on a stick is used to route the data and create routing tables of other networks and devices Route processors can be used to route data between foreign VLANs and other logically segmented parts of the network such as subnets They also route data to remote WAN segments networks or the Internet Quite a few types of route processors are available for Catalyst switches They ...

Page 119: ...d VLAN Mod Ports 2 2 3 You should notice that although only one port was placed in VLAN 3 the port was in VLAN 1 to begin with so both VLANs are updated Configuring Multiple VLANs on a Catalyst 5000 Series Switch You can configure multiple consecutive ports on a module at one time You do this by using the same command as in the previous section set vlan but identifying the beginning and ending por...

Page 120: ...e ports with one command you must configure VLANs port by port on the 1900EN series To configure VLANs on the 1900EN series follow these steps First you need to enter Interface Configuration mode as shown here 1912EN config terminal Enter configuration commands one per line End with CNTL Z 1912EN config interface e0 2 1 Next you need to issue the vlan membership command There are two options for t...

Page 121: ... 1 1 Unkn 0 0 3 Ethernet 100003 1500 0 1 1 Unkn 0 0 1002 FDDI 101002 1500 0 0 0 Unkn 1 1003 1003 Token Ring 101003 1500 1005 1 0 Unkn 1 1002 1004 FDDI Net 101004 1500 0 0 1 IEEE 0 0 1005 Token Ring Net 101005 1500 0 0 1 IEEE 0 0 Viewing an Individual VLAN Configuration on a 1900 Series To view an individual VLAN on a 1900EN series switch you use the show vlan command followed by the VLAN number as...

Page 122: ... on This option basically makes the port a trunk port whether the other end is configured to be or cannot become a trunk Use this option when the port on the other end does not understand DTP such as a third party adapter nonegotiate Use this option when DISL negotiation that takes place on ISL trunks is not supported When using dot1q as the final parameter this option tells the switch that ISL wi...

Page 123: ...e to AUTO desirable Set DISL state to DESIRABLE nonegotiate Set DISL state to NONEGOTIATE off Set DISL state to OFF on Set DISL state to ON trunk is the only command needed to trunk a port once you are in Interface Configuration mode for the port that needs to be trunked You can set the trunked port to always be a trunk link using the following command 1900EN config if trunk on Clearing VLANs from...

Page 124: ...e enable Verifying a Trunk Link Configuration on a 1900EN Series The 1900EN series uses the show trunk command just as the 5000 series does but can view only the two Fast Ethernet ports 26 and 27 The IOS on the 1900EN identifies these ports as Port A and Port B To verify the trunk link configuration do the following First look at the syntaxes available for the show trunk command 1912 show trunk A ...

Page 125: ... a VTP Domain Password on a Catalyst Switch To set the VTP domain password to 1234 on a Catalyst 1900 use the following command 1912 config vtp password 1234 Configuring a Catalyst 1900 Switch as a VTP Server The 1900EN series switches only use VTP version 1 No configuration options exist for VTP versions To set the switch as a VTP server for the domain use the following command 1912 config vtp se...

Page 126: ... domain option 5002 enable set vtp domain Usage set vtp domain name mode mode passwd passwd pruning enable disable v2 enable disable mode client server transparent Use passwd Ô0 to clear vtp password Usage set vtp pruneeligible vlans vlans 2 1000 An example of vlans is 2 10 1000 You must configure a VTP domain name if you choose to configure the switch as a VTP client or server To do so use the se...

Page 127: ...d on a 1900 You should use the show vtp statistics command instead Displaying VTP Statistics The show vtp statistics command shows a summary of the VTP advertisement messages that have been sent and received as well as errors The command is the same on the Set Clear and Cisco CLI switches 5002 enable show vtp statistics VTP statistics summary advts received 0 subset advts received 0 request advts ...

Page 128: ...N 2 to become eligible for VTP pruning so switches that do not use VLAN 2 will not receive VLAN 2 s broadcast traffic on their trunk links 5002 enable set vtp pruneeligible 2 Vlans 2 1000 eligible for pruning on this device VTP domain Coriolis modified Disabling Pruning for Unwanted VLANs To disable pruning for VLANs that are not used or that you do not wish to prune use the following command 5002...

Page 129: ...ection you should be familiar with Cisco IOS software running on Cisco routers In this demonstration we will configure a Cisco 7505 To enable IP routing on the router enter Global Configuration mode and use the ipx routing command 7505 configure terminal Enter configuration commands one per line End with CNTL Z 7505 config ipx routing 1 Specify an IPX routing protocol such as RIP and identify all ...

Page 130: ...RIB to see if a route has been discovered by matching the destination address field of the packet header Routing protocols are used to learn the topology of the network and place the information the protocols learn in a topology table called the Forwarding Information Base FIB Based on information contained in the FIB routes are calculated based on metrics used by the routing protocol and the best...

Page 131: ...d FIB have almost identical data structures In fast switching however the FIB remains in the Random Access Memory RAM and the forwarding is done by the CPU rather than an ASIC This process is slower than having ASICs handle the task Note Autonomous switching and silicon switching are used on the AGS AGS and 7000 routers The FIB has its own separate memory and the bus controller on an AGS or a Sili...

Page 132: ...es You configure all the devices default gateway addresses to the virtual IP address assigned to the HSRP enabled router s interface In the event of a failure of a link to one device or a failure of one router interface the other takes over so service is not interrupted Multimodule vs Fixed Configuration Switches So far we have talked about the internal route processors and their features Several ...

Page 133: ...iltering by application and Internet Group Management Protocol IGMP snooping It is also a Quality of Service QoS enhancement for Cisco s CiscoAssure end to end solutions NFFCs can filter based not only on Layer 3 IPs or VLANs but by Transport layer Layer 4 application port addresses as well This ability adds a layer of security by preventing unauthorized applications on the network This feature is...

Page 134: ...alyst 5000 switch family by letting the switch provide some of the same Layer 3 switching capabilities as a router As a result a switch that normally forwards only Layer 2 command broadcasts and VLAN traffic and that relies on a router to forward traffic to other segments or VLANs can now route the traffic itself without relying on a router The RSM contains a MultiChannel Interface Processor MIPS ...

Page 135: ...n the Catalyst 6000 family using the Supervisor Engine software version 5 2 1 CSX or later This module uses the Cisco IOS which plugs directly into an interface s switch backplane to provide Layer 3 switching This module connects directly to the switch with four full duplex Gigabit Ethernet interfaces The Catalyst switch sees the MSM as an external route processor not connected to the switch itsel...

Page 136: ...route to the destination must be found using a dynamic routing protocol or a static route If you have stacks of cash to spend on IOSs for your internal route processors you can support any number of the following routing protocols Enhanced Interior Gateway Routing Protocol EIGRP Hot Standby Routing Protocol HSRP Interior Gateway Routing Protocol IGRP NetWare Link Services Protocol NLSP Open Shorte...

Page 137: ... An optional NetFlow Feature Card II NFFC II chipset built in Route Switch Feature Card RSFC Modular uplink ports Supervisor Engine III The Supervisor Engine III is available in three models Supervisor Engine III with Enhanced Address Recognition Logic EARL ASIC Supervisor Engine III with the NFFC Supervisor Engine III with the NFFC II The Supervisor Engine III shown in Figure 6 2 has a few more f...

Page 138: ...ruct the switch to boot from the image specified in the boot environment which is the default on the switch Etherport Modules One of the most common interfaces found on switches is the Ethernet port Leaving an Ethernet interface to autonegotiate the speed and duplex of a port should allow any device to connect to it Many times however you must adjust the speed and duplex configuration so the devic...

Page 139: ...urity on a port is enabled any static or dynamic CAM entries associated with the port are cleared Any currently configured permanent CAM entries are treated as secure Manually Configured MAC Addresses Different IP addresses can be assigned to the virtual VLAN interfaces on the device all of them utilize the same global MAC address However specifying an individual MAC address to each interface does...

Page 140: ...15 Escape character is User Access Verification Password RSFC1 exit Seans5002 enable Let s take a look at this process from the initial User EXEC mode prompt On the switch console enter the enable command and the password to enter Privileged mode Coriolis5000 enable Password Coriolis5000 enable 1 To open a session from the console port for the RSM use the following command 2 Coriolis5000 session 3...

Page 141: ...s the module number slot number 1 indicates the port number and 2 indicates the number of the subinterface to be configured Note No changes take effect until the no shutdown command is issued 1 Once in Interface Configuration mode you can configure the port for the encapsulation type and identify the VLAN number that will be carried by the port The most common encapsulation type is ISL this will b...

Page 142: ...ion on a Catalyst 5000 You can verify the IP configuration of the switch by using the show ip command Coriolis5000 show ip IP Address 130 77 20 15 Subnet Mask 255 255 254 0 Default Gateway 130 77 20 1 Management VLAN 1 Domain name coriolis com Name server 1 130 77 17 190 Name server 2 130 77 16 191 HM server Enabled HTTP port 80 RIP enabled Enabling RIP on an RSM To assign an IP routing protocol a...

Page 143: ...lt gateway 130 77 20 254 no ip classless snmp server community public RO snmp server community private RW line con 0 line aux 0 line vty 0 4 password book1234 login end Coriolis5000RSM Warning In order to keep new changes when the switch is cycled don t forget to save the configuration to the NVRAM Configuring InterVLAN Routing on an RSM Before you configure the RSM you must configure the switch a...

Page 144: ...m these steps in Global Configuration mode Enable IPX routing on the router RSM1 config ipx routing 1 Specify an IPX routing protocol in this example IPX RIP RSM1 config ipx router rip RSM1 config ipx router network all 2 Specify a VLAN interface on the RSM RSM1 config ipx router interface vlan50 3 Assign a network number to the VLAN and an encapsulation method then exit 4 RSM1 config if ipx netwo...

Page 145: ...nterface Configuration mode you can assign a MAC address to the interface by using the mac address command Use the 48 bit IEEE MAC address written as a dotted triplet of four digit hexadecimal numbers as shown here Coriolis5000RSM config if mac address 0040 0b03 5d6f Coriolis5000RSM config if exit Viewing the MAC Addresses To see the MAC addresses assigned to each VLAN use the following command Co...

Page 146: ...enable Configuring Port Security on an Ethernet Module To enable port security on a switch interface use the following steps Enable port security on the desired ports Optionally you can specify the secure MAC address set port security mod_num port_num enable disable mac_address 1 Add MAC addresses to the list of secure addresses 2 set port security module number port number mac_address Here s an e...

Page 147: ...you disable port security before you clear any MAC addresses Here is the command and its possible syntaxes and an example of using the command clear port security mod_num port_num mac_addr all Coriolis5000 enable clear port security 3 10 20 all All addresses cleared from secure address list for ports 3 10 20 Coriolis5000 enable Configuring the Catalyst 5000 Supervisor Engine Module To configure th...

Page 148: ... 19 12 32 46 DTP 5 TRUNKPORTON Port 2 24 6 Enable the switch to be a VTP client for the Coriolis VTP domain Doing so will propagate the VLAN information from the 1912EN switch Catalyst5000 enable set vtp domain Usage set vtp domain name mode mode passwd passwd pruning enable disable v2 enable disable mode client server transparent Use passwd Ô0 to clear vtp password Usage set vtp pruneeligible vla...

Page 149: ... VLAN 1 on a Cisco switch Cisco recommends adding another layer of security by changing the default management VLAN from VLAN 1 which is the default of all the ports on the module To change the default VLAN from VLAN 1 to VLAN 3 on a Set Clear command based IOS you use the set interface sc0 VLAN number command Let s look at the command and then examine the interface to see the changes Catalyst5002...

Page 150: ...er for interVLAN routing it helps to know how to configure it Follow these steps to configure a 2621 for interVLAN routing Enter Interface Configuration mode for the Fast Ethernet 0 2 interface and force the port to use full duplex Disable any IPs and use the no shutdown command Cisco2621 conf interface fastethernet 0 2 Cisco2621 conf if no ip address Cisco2621 conf if no shutdown Cisco2621 conf i...

Page 151: ...e HSRP on an interface let s take a look at an example of configuring HSRP on two different interfaces connected to the same network segment RSM1 configure terminal Enter configuration commands one per line End with CNTL Z RSM1 config ip routing RSM1 config router rip RSM1 config router network 172 16 0 0 RSM1 config router interface vlan10 RSM1 config if ip address 172 16 10 1 255 255 255 0 RSM1 ...

Page 152: ... vlan20 RSM2 config if ip address 172 16 20 2 255 255 255 0 RSM2 config if no shutdown RSM2 config if standby 20 ip 172 16 20 10 RSM2 config if standby 20 preempt RSM2 config if standby 20 timers 5 15 RSM2 config if standby 20 authentication Covert RSM2 config if Z RSM2 136 ...

Page 153: ...rs of that group by the network infrastructure The sender of the data doesn t need to know anything about the recipients In this manner only one copy of a multicast message will pass over any link in the network and copies of the message will be made only where the paths diverge This is a much more effective method of delivering traffic destined for multiple locations and it provides significant p...

Page 154: ...t can be huge packets Processing these types of broadcasts can quickly use up all the available bandwidth on the network and bring the end station to a crawl particularly if you are in a shared 10BaseT environment Figure 7 1 illustrates broadcast traffic in the network Figure 7 1 Broadcast traffic flow Unicast In unicast a single packet is sent from the source to the destination It is a one to one...

Page 155: ...racteristics of multicast enable it to take three different forms One to many One to many is the most common form of multicast traffic Examples include database updates live concerts news music audio broadcasts announcements lectures and many more Many to one Many to one multicasts are less common they include data collection auctions and polling Many to many Many to many multicasts are rare but t...

Page 156: ...k application Applications on the Internet must dynamically request a multicast address when needed and release the address when it is no longer being used Due to the nature of multicast addresses they are frequently referred to as multicast groups In addition certain well known groups have been identified by the IANA These are detailed in RFC 2365 and are known as administrative scopes We will di...

Page 157: ... receive multicast group 224 127 15 10 will have the network interface card interrupt the CPU when a frame with the destination MAC address 01 00 5e 7f 0f 0a arrives This MAC address is also used by 31 other multicast groups If any of these groups are active on the LAN the CPU will have to examine the frames for both multicast groups to decide if the frame that interrupted the CPU belongs to the d...

Page 158: ...lop a new form of dynamic multicast address allocation Note IANA has started to assign blocks of multicast addresses from this range To review a current list of multicast addresses visit www isi edu in notes iana assignments multicast addresses Delivery of Multicast Datagrams When the sender and recipients are members of the same subnet delivery of multicast frames is a simple matter The source st...

Page 159: ...istribution to the rest of the multicast group it can also be sent as a multicast using the source tree model with the source as the root and the shared tree root as the branch A bidirectional shared tree takes advantage of the existing routing table to distribute multicast traffic to the multicast group Multicast traffic can go back the same path by which it came to the rendezvous point and be di...

Page 160: ... It cannot be used in a network with a diameter greater than 31 hops and it does not consider the bandwidth of the link It was the first multicast routing protocol so despite its limitations it is deployed in the Internet Multicast Backbone MBONE The MBONE is used primarily to transmit desktop video conferencing and due to the use of DVMRP as its protocol it has been responsible for several Intern...

Page 161: ...g the source tree model a new SPT is created for each source Because of this MOSPF is most suitable in a stable environment where the location of sources number of sources number of groups and group membership are under tight control Internet Group Management Protocol IGMP Internet Group Management Protocol IGMP is used by hosts to request multicast traffic An individual host sends out an IGMP mem...

Page 162: ...ons the same as version 1 with the following enhancements Querier election process Allows the routers on the local subnet to elect the designated IGMP querier utilizing IGMP rather than using an upper layer protocol as in version 1 The router with the lowest IP address is elected and is responsible for sending out the multicast query for that subnet Maximum response time Allows the router to set a...

Page 163: ...AC address with a forwarding table This forwarding table is populated by looking at the source MAC addresses of frames sent between every port and keeping track of the port from which the frame arrived This information creates a forwarding table that is usually kept in Content Addressable Memory the table is commonly referred to as a CAM table When the switch receives a frame with a destination MA...

Page 164: ...le for the enterprise class Catalyst switches Cisco Group Management Protocol Cisco Group Management Protocol CGMP is a lightweight Layer 2 protocol that will only work between a Cisco router and a Cisco switch CGMP is supported by almost the full line of routers and switches A router and a switch utilize CGMP to communicate the multicast member states in the CAM table entries The router communica...

Page 165: ...The hostname Router indicates that this must be configured on an external router or an internal route processor such as the RSM RSFC MSM or MSFC The hostname Coriolis indicates that the configuration is taking place on a Set Clear based IOS switch such as the 2900G 5000 or 6000 family of switches Disabling IP Multicast Routing To disable IP multicast routing use the following command in Global mod...

Page 166: ... forward multicast traffic You can use this command if the host on the segment cannot report its group memberships Router config if ip igmp join group 225 01 02 112 Note One of the side effects to this is that the router will no longer use fast switching Configuring a Router to Be a Static Multicast Group Member This command will forward the desired multicast group to the specified segment of the ...

Page 167: ... 12 Permanent multicast entry added to CAM table Removing Multicast Groups Use the following command to remove a multicast group manually Coriolis enable clear cam 01 00 5e 0c 8 5 CAM entry cleared This command will remove the entire multicast group from the switch When you want to remove only one port from the multicast group you will have to remove the entire group and re enter the desired port ...

Page 168: ... enable set igmp enable IGMP Snooping is enabled CGMP is disabled Note The switch will not let you enable IGMP snooping if CGMP or GMRP is enabled Disabling IGMP Snooping To disable IGMP snooping use the following command Coriolis enable set igmp disable IGMP feature for IP multicast disabled Configuring IGMP Fast Leave Processing To enable IGMP fast leave processing enter the following command Co...

Page 169: ... up correctly If you have more than one VLAN on the switch and want to display only the specific VLAN use the command show igmp multicast statistics vlan Displaying Multicast Routers Learned from IGMP To display multicast router ports that were learned from IGMP use the following command Coriolis enable show multicast router igmp CGMP disable IGMP enable Port Vlan 3 1 1 Total Number of Entries 1 C...

Page 170: ... multicast enabled Disabling CGMP To disable CGMP use the following command Coriolis enable set cgmp disable CGMP support for IP multicast disabled Enabling CGMP Fast Leave Processing To enable CGMP fast leave processing enter the following command Coriolis enable set cgmp leave enable CGMP leave processing enabled Disabling CGMP Fast Leave Processing To disable CGMP fast leave processing enter th...

Page 171: ...d on each interface that has the appropriate topology Use this command Router config vlan interface 3 Router config if ip rgmp Disabling RGMP on the Router To disable RGMP use the following command Router config vlan interface 3 Router config if no ip rgmp Note Here are some related commands that you can try on the router debug ip rgmp group_name group_address show ip rgmp interface interface_unit...

Page 172: ...6 2 Total Number of Entries 2 Configured Displaying RGMP VLAN Statistics To display RGMP statistics use the following command Coriolis enable show rgmp statistics 1 RGMP enabled RGMP statistics for vlan 1 Receive Valid pkts 10 Hellos 5 Joins 3 Leaves 2 Byes 0 Discarded 0 Transmit Total Pkts 10 Failures 0 Hellos 10 Joins Leaves 0 Byes 0 You can reset the statistics with the command clear rgmp stati...

Page 173: ... enable forward all on any port that is connected to a router Use this command to enable forward all Coriolis enable set gmrp fwdall enable 2 1 GMRP Forward All groups option enabled on port 2 1 Disabling GMRP Forward All To disable GMRP forward all on a port use the following command Coriolis enable set gmrp fwdall disable 2 1 GMRP Forward All groups option disabled on port 2 1 Configuring GMRP R...

Page 174: ...ou can change the GMRP timer value to improve performance The leave timer value must be equal to or greater than three times the join timer value The leaveall timer value must be greater than the leave timer value You must change the timer values in this order leaveall timer value leave timer value and then join timer value If you try to set the join timer value before you change the leave timer v...

Page 175: ...mber of packets traveling through the port When the multicast broadcast traffic exceeds the threshold within a one second period the switch stops all incoming traffic for the remainder of the period Use the following command to configure packet based suppression Coriolis enable set port broadcast 2 12 500 Port s 2 12 broadcast traffic limited to 500 packets second Disabling Multicast Suppression U...

Page 176: ...ide area switches 8410 8420 8430 MGX 8220 edge concentrator MGX 8800 wide area edge switch These switches which are also called nodes fall into three Cisco WAN switched architectures Feeder nodes The MGX 8220 concentrator shelves which are used to aggregate narrowband UNI connections and multiplex traffic onto a single trunk link to a BPX switch or routing node Hybrid nodes The IGX 8400 and the MG...

Page 177: ... consists of several different components LAN Emulation Client LEC Resides in every ATM device and provides a LAN interface to higher layer protocols LAN Emulation Server LES The centerpiece of the LANE architecture A single LES is responsible for address registry and resolution for an ELAN Broadcast and Unknown Server BUS The means by which ATM provides broadcasting support for an ELAN LAN Emulat...

Page 178: ...me Relay A widely used industry standard for WAN traffic that works by switching Data Link layer data It uses multiple virtual circuits by implementing High Level Data Link Control HDLC encapsulation between connected devices Switched Multimegabit Data Services SMDS A high speed packet switched datagram based WAN technology typically offered by telephone companies Cell relay services CRS The basis...

Page 179: ...al Network BISDN access Time Division Multiplexing ATM uses a switching and multiplexing method called Time Division Multiplexing TDM This method places voice multimedia and data into fixed length cells These cells are then routed to their destination without regard to content TDM combines the information from different resources onto a single serial trunk link that dedicates a predefined timeslot...

Page 180: ...etwork Header Error Check HEC An 8 bit field that indicates a checksum calculated only on the header itself The ATM Switch and ATM Endpoints ATM networks use one of two types of devices for each end of the network ATM switches and ATM endpoints An ATM endpoint is a device that has an ATM network interface adapter such as a workstation router Data Service Unit DSU or LAN switch These devices in tur...

Page 181: ...e capable of supporting ATM cells Existing high speed topologies capable of supporting ATM cells include Synchronous Optical Network SONET DS3 E3 Fiber Distributed Data Interface FDDI and unshielded twisted pair UTP The TC sublayer is used to maintain the ATM cell boundaries verify the validity of data maintain data synchronization create and check header error control to ensure valid data and put...

Page 182: ... links using Frame Relay or X 25 This layer is perfectly suited for use in environments that need to send or receive large files AAL3 is identical to AAL4 with the exception that the AAL3 layer is connection oriented only whereas AAL4 is both connection oriented and connectionless AAL5 Class D This layer is the primary AAL used to transfer non SMDS data It supports both connection oriented and con...

Page 183: ...Network Service Access Point NSAP format This format is used to connect an ATM endpoint to a private network The ATM Forum has now used this method to incorporate the E 164 address of the public networks into the address of customers using NSAP addresses The ATM Forum is also working on a method for the phone carriers to use NSAP based addressing on their networks Let s take a look at the componen...

Page 184: ... on the front of the packet yielding a 53 byte cell It then removes the checksum from the cell and forwards the cell through the ATM network When the cell has traveled the ATM network the ATM information is removed and the cell fragments are reassembled and returned to the LAN environment as a packet The LANE 1 0 standard can be summed up as a software interface for the Layer 3 protocol environmen...

Page 185: ... driver support LAN Emulation Server LES The LES for an ELAN is the central piece of LANE It gives the LECs the information they need to establish ATM connections to other LECs in their ELAN A single LES is responsible for address registry and resolution for an ELAN When a LEC joins an ELAN it forms a connection with the LES The LEC registers its MAC and ATM addresses with the LES The LES has the ...

Page 186: ...cally the ATM LEC and provides the circuit for the initial ATM address mapping 1 The LEC takes an Ethernet frame and assigns an immediate LEC link which is used to obtain the ATM address identifier needed to establish an ATM connection If this process is not successful the LEC must locate a LES 2 The LES circuit holds the main ATM network address table and returns with the VCI assignment 3 LAN Emu...

Page 187: ...et or Token Ring 3 Enable the LES and BUS on the ELAN 4 Repeat this process for each LES BUS 5 The BUS must be used to sequence and distribute broadcast data to all the LECs However sending a large volume of broadcast data to all the LECs can severely impact the overall performance of the network For this reason it may be necessary for the BUS to place restrictions on the LANE components to contro...

Page 188: ...ool of MAC addresses Integrated Local Management Interface ILMI The ILMI protocol was defined by the ATM Forum It aids in initialization and configuration of ATM LECs ILMI uses the Simple Network Management Protocol SNMP to share information between an ATM client and an ATM switch It uses a well known permanent connection to the LECS that has a VPI of 0 and a VCI of 17 The basic functions of ILMI ...

Page 189: ...the client gains membership in the ELAN 4 The LEC creates another packet with the correct ATM address for the LES and establishes a control direct VCC to make the connection The LEC sends out a LE_JOIN_REQUEST to the LES containing the LEC ATM address as well as the MAC address in order to register with the ELAN 5 The LES checks with the LECS to verify the LEC The LES receives the data creates a n...

Page 190: ...rwarding path for unicast traffic between the LECs This forwarding path will enable you to move data across the ATM network LANE Configuration Guidelines When setting up LANE components you should consider the following list The LANE subsystem supports as many as 16 LECS addresses The LECS must always be assigned to the major interface Two separate ELANs cannot be configured on the same subinterfa...

Page 191: ...includes the Cisco Catalyst 5000 Most workgroup switches are located in the wiring closet closest to the end user These switches are usually Ethernet based for the local LAN environment and provide an ATM uplink to a campus switch Campus switches Typically implemented to relieve the congested nature of the network and to eliminate bandwidth problems across the existing backbone These switches incl...

Page 192: ...TM LANE Dual PHY Module SMF Provides two connections between an ATM network a single mode fiber optic cable and two single mode SC fiber optic connectors ATM Dual PHY OC 12 Module MMF Provides two connections between the OC 12 622Mbps ATM network a single mode fiber optic cable and two single mode SC fiber optic connectors ATM Dual PHY DS3 Module Provides two interfaces for two DS3 45Mbps connecti...

Page 193: ... which provides sufficient capability for most installations To provide for data bursts associated with LANs and not WANs the LANE module SAR is capable of traffic shaping using a single rate queue Connecting in an ATM Network To provide a basis for troubleshooting it helps to evaluate proper placement of the LES BUS and LECS components in your network Most ATM LANE environments use LECS to provid...

Page 194: ...w lane le arp Displays the LAN Emulation ARP table contained on the LECs show atm vc Displays the ATM virtual circuit information Related solutions Found on page Configuring Virtual Private Tunnels 288 Configuring LANE on a LightStream 1010 295 Accessing the ATM LANE Module The process of accessing and configuring the ATM LANE module on the Cisco Catalyst 5000 and 6000 family of switches is identi...

Page 195: ...teps 2 and 3 for each LES BUS you want to configure on this LANE module 4 Enter Interface Configuration mode for the ATM0 subinterface 2 ATM config subif interface atm0 2 5 Map the LES bus to the Ethernet ELAN named ELAN2 ATM config subif lane server bus ethernet ELAN2 ATM config subif end 6 Verifying the LES BUS Configuration To verify the configuration issue the following command ATM show lane s...

Page 196: ...00000 00 0 0 0 distribute 00 000000000000000000000000 000000000000 00 0 0 0 send 00 000000000000000000000000 000000000000 00 0 0 0 forward 00 000000000000000000000000 000000000000 00 LE Client ATM0 2 ELAN name TEST_ELAN Admin up State initialState Client ID unassigned Next join attempt in 1 seconds Join Attempt 2 Last Fail Reason Config VC being released HW Address 0010 0daa cc40 Type ethernet Max...

Page 197: ...ane config database name ELAN2 server atm address 47 00918100000000E04FCCB100 00100DAACC51 01 3 Repeat this step for each ELAN in the LANE network 4 You can optionally specify an ELAN as the default ELAN Doing so will allow the LECs not to be bound to an ELAN ATM lane config database default name default ATM lane config database end 5 Viewing the LANE Database To see the results of the previous op...

Page 198: ...ate 47 00918100000000E04FACB401 00100DAACC43 00 ATM Address of this LECS 47 00918100000000E04FACB401 00100DAACC43 00 auto vcd rxCnt txCnt callingParty 11 1 1 47 00918100000000E04FACB401 00100DAACC41 01 LES default 0 active cumulative total number of unrecognized packets received so far 0 cumulative total number of config requests received so far 3 cumulative total number of config failures so far ...

Page 199: ...versions LightStream 100 LS100 LightStream 1010 LS1010 and LightStream 2020 LS2020 In Chapter 8 we looked at ATM and how ATM is configured on Catalyst switches This chapter will supplement Chapter 8 by discussing the features and benefits of the LightStream series of Cisco switches The configuration steps for each switch feature discussed in this chapter will be explained in the Immediate Solution...

Page 200: ...10 can buffer up to 65 536 cells in its on board shared buffers this buffering minimizes the possibility of cell loss Policies and scheduling with user definable thresholds permit flexible support of multiple service classes The LS1010 family s architecture is flexible The switch architecture is scalable and can support WAN interfaces with speeds ranging from a T1 to an OC 12 The LS1010 supports m...

Page 201: ... three components Line card Used when a particular function must be completed in a tenth of a millisecond or less Such functions include implementing traffic policies and cell forwarding Line card control processor Performs complex tasks that must be completed in a tenth of a millisecond or less These functions include interface management error handling and line up and line down protocol processi...

Page 202: ...set of links from one source node to a destination node providing link state and bandwidth information that can be advertised throughout the network Virtual Path Connections Virtual path VP is a generic term used to define more than one virtual channel directed to the same ATM endpoint A virtual path essentially makes for a much larger pipe by combining the redundant paths and creating a logical g...

Page 203: ...ned minimum acceptable bandwidth value Doing so prevents the possibility of an output port sending data at a greater rate than an intermediate link can handle and guarantees a certain amount of bandwidth for those applications that require it LightStream Troubleshooting Tools The LightStream series of Cisco switches has many troubleshooting and monitoring tools The boot process can be used to find...

Page 204: ...ultiple password levels A TACACS AAA server can be used for remote access validation Snooping Mechanisms Snooping mechanisms used by the LightStream 1010 s ports allow a mirrored connection from one or more ports to be mirrored to another port As a result any data on a selected mirrored port will be copied and sent to the mirror port This process is completely transparent to the end devices connec...

Page 205: ...End with CNTL Z Switch config hostname CoriolisLS1010 CoriolisLS1010 config Configuring an Enable Password In order to keep unauthorized people from making configuration changes on your switch you should use the enable password command followed by the new password Let s take a look at an example Use the enable command to enter Privileged EXEC mode CoriolisLS1010 enable 1 Use the config terminal co...

Page 206: ...runks all the virtual channels in the VP between the two networks The following example shows how to configure the VP tunnel when the VPI equals 2 Use the enable command to enter Privileged EXEC mode CoriolisLS1010 enable 1 Use the config terminal command to enter Global Configuration mode CoriolisLS1010 config terminal 2 Enter the interface on the module CoriolisLS1010 config interface atm 3 0 2 ...

Page 207: ...ce 3 Use the atm command followed by the address of the LECS 4 atm lecs address atm address Tip To verify the address configuration use the show atm ilmi configuration command Configuring the Advertised LECS Address To configure the LECS address advertised by the switch to the end system use the atm lecs address default Global Configuration command The syntax is as follows atm lecs address default...

Page 208: ...000000000000000000 000000000000 00 1456 1 10 direct 47 0091810000000060707B8A01 112233461176 02 1457 196 0 distribute 47 0091810000000060707B8A01 112233461176 02 1459 0 28 send 47 0091810000000060707B8A01 112233461176 02 1460 245 0 forward 47 0091810000000060707B8A01 112233461176 02 Related solution Found on page Verifying a LEC Configuration on an ELAN 272 Viewing the Installed Modules Just as yo...

Page 209: ...terface Configuration mode for the ATM interface that contains the LEC to which you will bind the MPC interface atm 1 2 1 4 To bind a LANE client to the specified MPC use this command 5 lane client mpoa client name MYMPC Configuring the MPS The following example shows the proper configuration of the MPS and attaches the MPS to a hardware interface Define the MPS named THEMPS mpoa server config nam...

Page 210: ...configuration on interface ATM 3 1 2 CoriolisLS1010 config interface atm 3 1 2 CoriolisLS1010 config if atm auto configuration CoriolisLS1010 config if ATM 5 ATMSOFTSTART Restarting ATM signaling and ILMI on ATM3 1 2 Configuring LANE on a LightStream 1010 To configure a LANE client connection from a remote ATM switch router to the processor card CPU of a local switch follow these configuration ste...

Page 211: ...vileged EXEC command mode The system requests a password if one has not been assigned just hit the Enter key 3 Type in a lowercase c to allow changes The prompt changes from to 4 You must set the time and date on the LS100 switch The following command shows how to set the time to 7 37 p m in military time and the date to November 30 2000 CoriolisLS100 set time 00 11 30 19 37 00 System Timer is set...

Page 212: ...disk 3 List contents of hard disk root directory 4 List contents of floppy disk root directory 5 Boot system single user 6 Escape to full set of bootstrap options 7 Extended help Option 5 booting drive 0 partition 0 kernel lynx os flags 0x4100 Resetting SCSI bus Kernel linked for 0xea010000 LOAD AT 0x10000 483328 49152 262564 62796 51901 TOTAL SIZE 909744 at 0x1001c START AT 0x10020 NP memory size...

Page 213: ...ord for npadmin Enter new password Retype new password Install a password on the oper account y n y y Changing password for oper Enter new password Retype new password Starting VM system Virtual Memory Engaged inetd started Starting crond Initializing the switch hardware interface Using switch A cards are NOT synchronized fast cutover is supported PCP version 0x410 CMP version 0x12 FSU version 0x1...

Page 214: ...user name coriolisuser password This process changes the password and recovers any lost passwords 198 ...

Page 215: ...sed to calculate and maintain loop free paths through the network At Layer 3 you use software to create filtering tables and make filtering decisions Switches use hardware ASIC chips to help make filtering decisions filtering with hardware is much faster Both switches and bridges track the source hardware address of each frame received on each port and enter this information in their filtering tab...

Page 216: ...rrives on a port assigned to VLAN 5 only ports assigned to VLAN 5 will receive the broadcast Unknown Unicasts An unknown unicast is similar to a broadcast This type of unicast is sent when a destination address is unknown by the switch In this case the bridge forwards the frame just like a broadcast the frame is sent out all ports except the port on which it arrived Layer 2 Network Loops To sum up...

Page 217: ...l and the Spanning Tree Algorithm are two separate entities STA chooses a reference point in the network and calculates the redundant paths to that reference point If the STA finds a redundant path it will choose one path to forward and the redundant paths to block Using this process STP and the STA effectively sever all the redundant links within the network STA is based on the graph theory devel...

Page 218: ...ndant links It does so by electing a root bridge Let s take a look at root bridges in the next section STP Root Bridges When STP initially comes online in a network one of its first actions is to use the STA to select a root bridge and a root port The root bridge is the bridge with the lowest value bridge identifier Switches or bridges using STP exchange multicast frames called Bridge Protocol Dat...

Page 219: ...essages passed between bridges and switches to help STP calculate and learn the topology of the network The multicast messages contain information that identifies the network link the bridge presumed to be the root bridge the calculated root path cost other STP bridges port identifiers and the age of the information contained in the message STP member bridges and switches exchange BPDU messages at...

Page 220: ... after a link failure or change in the network topology As frames and packets travel through the switched network this data faces propagation delays Propagation delays occur due to such things as bandwidth utilization packet length switch processing or any other port to port delay encountered as data traverses the network As a result of propagation delays BPDUs can be late to their destinations ma...

Page 221: ...e that should be the root bridge as well as the secondary root bridge The function of the secondary root bridge is to become the root bridge should the original root bridge fail Tip Typically root bridges are Distribution layer switches not Access layer switches The root bridge should never be a Core layer switch because the Core layer s responsibility is to move traffic as quickly as possible The...

Page 222: ...he sum of all the port costs to a destination through all the ports the frames must travel makes up the path cost Table 10 4 shows the default port cost and port priority assigned to each port Table 10 4 The default port settings for STP Variable Default Port priority 32 Except 1900 and 2820 series 128 Port cost 62 When the BPDU is sent to the other bridges it carries the path cost The spanning tr...

Page 223: ...through 65 535 Typically the path cost is determined by dividing 1 000 by the physical wire speed in megabits per second Mbps as shown in Table 10 5 Note The path cost can never be lower than one STA recalculates the cost of using each link whenever a bridge joins the network or when a topology change is detected in the network This calculation requires communication between the spanning tree brid...

Page 224: ...earning addresses and putting them in the address table The learning state is similar to the listening state except the port can now add information it has learned to the address table The port is still not allowed to send or receive frames Forwarding The port now begins to learn from the BPDUs and starts to build a filter table A port is not placed in a forwarding state until there are no redunda...

Page 225: ...s control of forwarding paths on a per subnet basis while providing a simple technique for Layer 2 redundancy PVST does have some disadvantages in the spanning tree PVST uses more processing power and consumes more bandwidth to support spanning tree maintenance and BPDUs for each VLAN Inter Switch Link ISL uses one spanning tree per VLAN using PVST over ISL trunks PVST implementation requires the ...

Page 226: ... an EtherChannel bundle together When you create an EtherChannel port bundle an administrative group is defined automatically Administrative group membership is limited by hardware restrictions The administrative group can be any value between 1 and 1 024 inclusive It is defined using the set port channel port list administrative group number command To view the configured administrative groups us...

Page 227: ...a port to enter the forwarding mode almost immediately Doing so prevents the port from entering the listening and learning states As we ve discussed when a switch using STP is powered up the ports running STP go through four states before forwarding frames through each port In order to get to the forwarding state the STA makes each port wait up to 50 seconds before data is allowed to be forwarded ...

Page 228: ... the configured MaxAge timer expires to give the network time to overcome the network problem If inferior BPDU messages continue to arrive after the MaxAge timer has been used the root port and other blocked ports on the switch become alternate paths to the root bridge The switch will send another kind of BPDU called the root Link Query PDU if more than one link exists to the root bridge The switc...

Page 229: ...the switch by VLAN use this Privileged mode command set spantree disable VLAN set spantree disable all For example you could use disable STP on VLAN 2 with the following command set spantree disable 2 Viewing the STP Configuration on a Set Clear Command Based Switch To view the current configuration of STP on your switch use this Privileged mode command show spantree VLAN number In the following e...

Page 230: ... the root switch Designated Root Port The port used to get to the root bridge Root timers Timer values of the root bridge or switch these include the MaxAge Hello Time and Forward Delay timer values Bridge ID MAC ADDR The 6 byte address that the switch uses for its bridge ID Bridge ID Priority The 2 byte priority of this bridge Bridge Max Age The maximum values from the root bridge Configuring STP...

Page 231: ...2 address 002C 100A AD51 Designated bridge has priority 8192 address 002C 100A AD51 Designated port is Ethernet 0 5 path cost 10 Timers message age 20 forward delay 15 hold 1 Configuring the STP Root Switch To configure the switch to become the root bridge enter the following command in Privileged mode Table 10 7 defines the syntax fields for this command set spantree root vlan dia seconds hello s...

Page 232: ...t when the command is used to configure the switch as the root bridge Use the following command to specify the root bridge set spantree root root secondary VLAN list dia diameter The following command specifies the root bridge for VLANs 1 through 3 set spantree root 1 3 dia 2 When the root bridge is configured correctly the output on the console should be similar to this VLANs 1 3 bridge priority ...

Page 233: ...mes for all VLANs In the event that all ports have the same priority value the port with the lowest port number will forward the frames The possible port priority value range is from 0 to 63 The default port priority value is 32 To change a port s priority enter the following Privileged mode command set spantree portpri module port port priority Here 4 is the module number 3 is the port number and...

Page 234: ... command in Privileged mode only the module and port number are required show spantree module port The following command provides output on module 3 port 5 show spantree 3 5 Adjusting the FwdDelay Timer on a Set Clear Command Based IOS To change the FwdDelay default setting use the following Privileged mode command set spantree fwddelay delay value VLAN In this example 4 indicates a four second de...

Page 235: ...ports By enabling port security the port shuts down when it receives packets containing a source address that doesn t match the secure address of the port All ports in a channel must be enabled Any disabled ports are considered link failures by the switch and traffic for those ports is automatically transferred to any remaining ports in the bundle If these criteria are not met then you will receiv...

Page 236: ...n on Channelling cr catalyst5000 enable set port channel 2 1 4 mode auto Port s 2 1 4 channel mode set to auto catalyst5000 enable Table 10 8 explains the syntaxes available for the mode option The mode on each port can be set to on off auto or desirable Table 10 8 The four mode options for configuring an EtherChannel bundle on a switch EtherChannel Mode Option Description on Enables the port to c...

Page 237: ...uto silent 16 0 Port Device ID Port ID Platform 2 1 Defining an EtherChannel Administrative Group To define the administrative group use the following Privileged mode command set port channel module port list administrative group number For example Catalyst5002 enable set port channel 2 1 4 10 Port s 2 1 4 are assigned to admin group 10 Viewing an EtherChannel Administrative Group To view an admin...

Page 238: ...ate port In this case the FastEthernet 0 26 is port A on the 1900 series switch Catalyst1900 config port channel template port fastethernet 0 26 Verifying the EtherChannel Configuration on a Command Line Interface IOS To verify the configuration on an IOS based switch use this Privileged mode command show interface The output should look similar to the following on a CLI based command switch PortC...

Page 239: ...ree portfast 2 1 disable Disable port fast start enable Enable port fast start catalyst5000 enable set spantree portfast 2 1 enable Warning Spantree port fast start should only be enabled on ports connected to a single host Connecting hubs concentrators switches bridges etc to a fast start port can cause temporary spanning tree loops Use with caution Spantree port 2 1 fast start enabled Disabling ...

Page 240: ...ast enable all protocols off All protocols off on All protocols on catalyst5000 enable set spantree uplinkfast enable all protocols on VLANs 1 1005 bridge priority set to 49152 The port cost and portvlancost of all ports set to above 3000 Station update rate set to 15 packets 100ms uplinkfast update packets enabled for all protocols uplinkfast enabled for bridge Tip The set spantree uplinkfast com...

Page 241: ...y the UplinkFast configuration on a Set Clear command based switch you can use the following Privileged mode command show spantree uplinkfast You should get output similar to the following notice that the VLANs followed by a comma module number and port number are forwarding to 3 1 station update rate set to 15 packets 100ms uplinkfast all protocol field set to off VLAN port list 1 3 1 fwd 2 3 2 f...

Page 242: ...e BackboneFast on a Set Clear command based switch enter the following Privileged mode command set spantree backbonefast enable Disabling BackboneFast on a Set Clear Command Based Switch To disable BackboneFast on a Set Clear command based switch enter the following Privileged mode command set spantree backbonefast disable Viewing the BackboneFast Configuration To view the BackboneFast configurati...

Page 243: ...ce Why Not Call Them Routers If MLS switches offer the same benefits as routers why not just call them routers with a lot of interfaces Although most multilayer switches are much faster and considerably less per port cost than routers some MLS devices are simple stackable workgroup switches that fall well short of the flexibility protocol support port density and WAN features you find on most ente...

Page 244: ...should not be confused with NetFlow switching provided by the NetFlow Feature Card NFFC or the NFFC II even though the NFFCs are used to provide MLS with the Catalyst 5000 and 6000 families of switches MLS must use an external router or an internal route processor such as the Route Switch Module RSM to provide the routing resolution for the initial packet that is routed in an MLS flow the connecti...

Page 245: ... MLS functionality built into the switch These switches known as Layer 3 L3 switches are the Cisco Catalyst 4908G L3 the Cisco Catalyst 2926G L3 and the Cisco Catalyst 2948G L3 The RSM or RSFC can be used in the Catalyst 5000 family and an MSM or MSFC can be used in the Catalyst 6000 family You can use an external router instead of an internal route processor to resolve the initial packet routing ...

Page 246: ...is destined for a host on another VLAN the MLS switch that received the first packet in the flow extracts the Layer 3 information for the flow This information includes the destination address source address and protocol port numbers The MLS SE then forwards the first packet to the MLS RP for a routing resolution MLSP is used to inform the MLS SE of the path to the destination hosts communicating ...

Page 247: ...gent type of access list The least stringent is a Destination IP flow mask It is used if no access lists are configured on any router participating in MLS as shown in Figure 11 4 In this situation the MLS SE will maintain only one MLS entry for each destination IP address Any flows that go to a given destination IP address will use this MLS entry Figure 11 4 An MLS switch and one MLS router The ro...

Page 248: ... immediately changes the flow mask and purges the cache entries from the MLS cache on all the MLS SEs Any new flows are created based on the new access list information IP Flow Flow Mask The IP flow flow mask is the most stringent of all flow masks This flow mask is used when any of the MLS RPs has an extended access list configured on it as shown in Figure 11 6 Router C contains an extended acces...

Page 249: ...te processor In the next section we will cover the configuration of both of these devices Configuring MLS Configuring MLS involves tasks on both the MLS RP and the MLS SE When using an internal route processor such as an RSM on the Catalyst 5000 the only tasks necessary are to verify that MLS is enabled on each interface and that all the interfaces are members of the same VLAN Trunking Protocol VT...

Page 250: ...the cache such as Domain Name Service DNS The aging time can be configured from 8 to 2 032 seconds in increments of 8 seconds At the end of the aging time interval if no further packets are seen in a network flow the entries related to that flow will be purged from the MLS cache The agingtime fast command allows you to age out MLS cache entries quickly based on the number of packets received durin...

Page 251: ... no knowledge about VLANs because these devices are configured using subnets A VLAN ID must be assigned to them if they are to participate in MLS The interface on the external route processor must be an Ethernet or Fast Ethernet interface You cannot configure the VLAN ID on a sub interface VTP Domain While configuring MLS it is important to determine which of the MLS RP interfaces will be MLS inte...

Page 252: ...r switch IPX packets To do so use the following command MLS RP config mls rp ipx Disabling MLSP on an MLS RP for IPX To disable MLSP for IPX use the following command MLS RP config no mls rp ipx Assigning a VLAN ID To configure a VLAN ID for an external router s interface enter the following command mls rp vlan id vlan id num For example here is how to assign VLAN 3 to an interface Enter the inter...

Page 253: ...ing MLS on an External Router Interface To disable MLS on an interface perform these tasks Enter Interface Configuration mode on the interface for which you want to disable MLS using the following command Router config interface fastethernet 1 1 1 Use the following command to disable MLS on the interface 2 Router config if no mls rp ip Configuring the MLS Switch Engine Configuring the MLS SE Catal...

Page 254: ...Configuring Fast Aging on a Catalyst 5000 To configure the fast aging time on the Cisco Catalyst 5000 use the following command set mls agingtime fast fastagingtime pkt_threshold An example of using this command looks like this CAT5000 enable set mls agingtime fast 32 7 Multilayer switching fast aging time set to 32 seconds for entries with no more than 7 packets switched Configuring Fast Aging on...

Page 255: ... time on the Catalyst 6000 use the following command no mls aging normal Assigning MLS Management to an Interface on the Catalyst 5000 To enable an interface to be a management interface follow these steps Enter Interface Configuration mode on the interface using the following command CAT5000 config interface fastethernet 1 1 1 To enable the interface as the management interface use the following ...

Page 256: ...out packet threshold normal aging false 300 N A fast aging false 32 100 long aging false 900 N A Displaying the IP MLS Configuration To display the MLS configuration for the MLS RP use the following command MLS RP show mls rp The output should look similar to this ip multilayer switching is globally enabled ipx multilayer switching is globally enabled ipx mls inbound acl override is globally disab...

Page 257: ...uter currently aware of following 1 switch es switch id 0080 abac 24ec Related solutions Found on page Configuring VTP on a Set Clear CLI Switch 164 Configuring VTP on a 1900 Cisco IOS CLI Switch 165 Viewing the MLS VLAN Interface Information To view the MLS information about specific interfaces use the show mls rp interface vlan command as shown here MLS RP show mls rp interface vlan 2 mls active...

Page 258: ...me 0 seconds packet threshold 0 IP Flow mask Full Flow Configured flow mask is Destination flow Active IP MLS entries 0 Netflow Data Export version 8 Netflow Data Export disabled Netflow Data Export port host is not configured Total packets exported 0 MSFC ID Module XTAG MAC Vlans 52 0 03 5 1 01 10 30 7b 0d 00 1 10 22 Viewing MLS Entries To display all entries in the MLS cache enter the following ...

Page 259: ...n the Distribution layer of a network It also provides convergence in seconds without manual intervention from a network administrator while remaining transparent between other interfaces on the network HSRP can be applied to almost any LAN environment One primary feature of HSRP which allows it to be so transparent to users is its use of priority schemes These priorities are used to determine whi...

Page 260: ...ngest protocol names to come along IRDP is one of the most commonly used solutions for locating a redundant router in the event of a gateway failure It is available only when HSRP is not configured IRDP is an extension of Internet Control Message Protocol ICMP it allows network administrators to use such commands as ping and trace between interfaces to diagnose network related problems ICMP provid...

Page 261: ... exchanged among HSRP configured route processor interfaces Now if an active router fails to send a hello message covered later in this chapter within the configurable period of time the standby router with the highest priority will be forced to become an active router HSRP is one of the best solutions when host interfaces on a local LAN segment require continuous access to the network resources A...

Page 262: ...n if the active router s LAN interface state is displaying the message interface up line protocol down Once the standby route processor becomes active it will respond to any end station sending packets to the virtual MAC address When an IP host interface sends an ARP request with the virtual route processor s address HSRP will respond with the virtual route processor s MAC address not its own This...

Page 263: ... functioning in the group Coup Indicates that a route processor wants to become the active route processor Resign Notifies the other standby group members that a route processor no longer can or will participate as the active route processor State Indicates the current state of the route processor sending the message Hellotime Indicates the time period in seconds between hello messages that the se...

Page 264: ...oute Switch Feature Card RSFC VLAN interface to provide a transparent route processor backup per network Every VLAN interface within an HSRP group shares a virtual IP and MAC address By configuring the end users interfaces to use an HSRP virtual IP address as a default gateway no interruption will occur in Layer 3 routing to the end users in the event of a failure of any route processor You can co...

Page 265: ...figuration session you need to enter Configuration mode for the VLAN interface that needs to be identified To configure the interface for VLAN 3 use the following commands HSN_5KRSM enable HSN_5KRSM configure terminal Enter configuration commands one per line End with CNTL Z HSN_5KRSM config interface vlan 3 HSN_5KRSM config if Enabling HSRP and Assigning an IP Address to a Standby Group To enable...

Page 266: ... become active if the interface priority is higher than the priority of the current active interface The syntax for this command is standby standby group preempt preempt delay To set the standby group 3 to a preempt delay of 10 use the following command standby 3 preempt 10 Removing a Preempt Delay from a Standby Group To remove the route processor from preempt status use the following syntax no s...

Page 267: ...e configuration of the first RSFC for the HSRP standby group 200 HSN_5KRSFC configure terminal Enter configuration commands one per line End with CNTL Z HSN_5KRSFC config interface vlan200 HSN_5KRSFC config if standby 200 ip 68 187 1 1 HSN_5KRSFC config if standby 200 priority 150 HSN_5KRSFC config if standby 200 preempt HSN_5KRSFC config if standby 200 timers 5 15 HSN_5KRSFC config if standby 200...

Page 268: ...umber 3 VLAN interface being tracked is 7 and 20 indicates the priority amount to decrease standby 3 track 7 20 Using the last setting if the route processor s priority was 150 and the route processor were to fail the tracking interface would decrease its priority by 20 to a value of 130 Tip You can use the same command on an external route processor as well If you were in Interface Configuration ...

Page 269: ...udes the sending and receiving packets through the HSRP To enable debugging of your HSRP group you need to use the following command at the Privileged Exec prompt debug standby Warning The debugging feature is automatically assigned a high priority on the CPU so this command can have a big impact on the internal route processor s performance To disable the debugging feature enter either the no deb...

Page 270: ...ver this material in depth and explain how it relates to Internet Protocol IP switching and routing Access Security Policies An access security policy is designed to help define what your network needs in order to be secure from all possible intrusions Creating this policy for your business or entity allows you as the network administrator to provide service level agreements SLAs based on a set of...

Page 271: ...ble for advertising correct routes blocking identified traffic and limiting the amount of data sent to the Core layer Note When you configure route summarization and distribution lists at the Distribution layer they may have an adverse affect on the Core layer mainly in the form of increased latency Be sure you have a firm understanding of what you want to accomplish when configuring these policie...

Page 272: ...won t believe how many times we have had to deal with an administrator who is unfamiliar with access lists and who has locked himself out of his own internal or external route processor Tip It is important to remember that an access list is read in the order that it is configured Here s an analogy Suppose you re walking down a lane in a parking lot looking for your car Once you find your car you d...

Page 273: ... subnet mask Always remember the magic number of 256 then subtract the network mask minus 1 For example with 255 255 255 192 use the 192 subtract it from the magic number of 256 and you will get 64 which is your first network Subtract one more and you will get the inverse wildcard mask for your access list identifying the network Here s another example Say you have a class C subnet mask of 255 255...

Page 274: ...stination address protocol type application or TCP port number Note Just as in standard access lists an implied deny all exists at the end of each extended access list The IP extended access list command is more complex than the standard access list command and offers many more options The IP extended access list syntax is shown here access list access list number deny permit protocol type source ...

Page 275: ... Protocol SMTP The second line does the same thing but instead of using the TCP port number it uses the acronym The host syntax indicates a single host as shown in the source address in this example CAT5KRSM config access list 199 permit tcp host 38 187 128 6 any eq smtp The following example permits User Datagram Protocol UDP packets with a DNS name as the destination CAT5KRSM config access list ...

Page 276: ...les on your network devices Doing so allows the switches to process data more quickly prevents users from getting to networks that do not have a default or static route and maintains routing information integrity To do this apply an access list using the distribute list command After creating a standard access list you can apply it to an inbound or outbound interface The following is the distribut...

Page 277: ...sion the door is open with full access to the entire network This situation allows anyone to access the open Telnet session and bring the network to its knees To lower the chances for this type of vulnerability you may want to configure a time out condition and apply it to unused VTY sessions Cisco IOS calculates unused sessions in seconds or minutes depending on the IOS version Should the session...

Page 278: ...ronment allows for locking the room where devices are kept locking device racks and securing backup power sources and physical links You should also verify that passwords are applied at all levels and you should disable unused or unnecessary ports including AUX ports on your network Tip Make sure that your room provides for proper ventilation and temperature controls while providing the listed sec...

Page 279: ...g the secure source address list but it requires a lot of time and effort to manage For smaller networks this might be a good solution but in bigger networks it is not easily implemented VLAN Management When you first provide the switch with an IOS all the ports on the switch are assigned to VLAN1 In a typical environment VLAN1 is also kept as the management VLAN As a result if the ports were not ...

Page 280: ...ing a standard access list but the options are more complex and can become quite lengthy We suggest writing out your extended access list beforehand and then implementing it Here s the syntax an Extended Access List can require for configuration access list access list number deny permit protocol type source address source wildcard destination address destination wildcard protocol specific options...

Page 281: ...2 16 10 0 0 0 0 255 172 15 10 0 0 0 0 255 eq 23 CoriolisRSM1 config access list 199 deny tcp 172 16 10 0 0 0 0 255 172 15 10 0 0 0 0 255 eq 21 CoriolisRSM1 config access list 199 deny tcp 172 16 10 0 0 0 0 255 172 15 10 0 0 0 0 255 eq 20 4 Now we have to identify addresses to permit or we will have effectively shut down the interface Remember there is an implicit deny all at the end of any access ...

Page 282: ...rface with the following command CAT5KRSM config line access class 5 in Applying Access Lists Using distribute list To apply an access list using the distribute list command you need to have created a standard access list Once your access list is configured you can apply it to an inbound or outbound interface Here is the syntax when using the distribute list command to apply an access list to an o...

Page 283: ...e the following command 1900EN config username blarson password brad1 This setup allows the user blarson to use certain show commands by default but gives him no access to the debug or configuration commands To allow the user to use all the debug commands in privilege level 3 use the following command 1900EN config privilege exec level 3 debug To allow users with a privilege level 3 to use only a ...

Page 284: ...se of version 11 0 6 of the Cisco IOS Cisco included HTTP server software which allows you manage the Cisco IOS from a Web browser This software makes managing your switches easier but opens one giant security hole By default access through HTTP is disabled To enable access through HTTP use the following command CAT5KRSM config ip http server An access list can be configured to allow you to choose...

Page 285: ...ftware or the Cisco Web browser interface To do so change the default TCP access port 80 to port 50 or any port you plan to use To set the TCP port to 50 use the following command CAT5KRSM config ip http port 50 You can reset the HTTP TCP port to its default by using the following command CAT5KRSM config no ip http 50 Enabling Port Security To enable dynamic port security on a Set Clear command ba...

Page 286: ...the command and syntax placement Table 13 5 contains a description of each syntax element Table 13 5 The show mac address table command s optional syntax descriptions Syntax Description static Displays the static addresses dynamic Displays the dynamic addresses secure Displays the secure addresses self Displays addresses added by the switch itself aging time Displays aging time for dynamic address...

Page 287: ...VLAN Destination Port 00 15 20 5c 80 a1 Dynamic 3 FastEthernet0 6 00 15 20 5c 80 a1 Dynamic 1 FastEthernet0 4 00 15 20 5c 80 b4 Dynamic 1 FastEthernet0 4 00 15 20 5c 80 12 Dynamic 3 FastEthernet0 6 00 15 20 5c 80 c5 Dynamic 3 FastEthernet0 6 Tip You can use the no port secure command to disable addressing security or to set the maximum number of addresses allowed on the interface to the default va...

Page 288: ...prise Edition Upgrade Kit 10 pack WS C19 28UG10 All Catalyst 1900 and 2820 series switches offer an intuitive and comprehensive Web based management interface The subtle differences between the two versions are that the Enterprise Edition software enables these switches to manage more complex networks when using the CVSM It does this by integrating advanced features and more comprehensive switch m...

Page 289: ... important to remember that to access the CVSM for management from a Web browser the switch will need to have a Full Access level 15 password an IP address and the default gateway configured if the switch resides on another network segment Once the accounts have been configured and you have logged on to the switch successfully the default home page will be displayed CVSM Default Home Page The CVSM...

Page 290: ...n for whatever mode has been selected and once the selected mode has been active for about 30 seconds the switch will return to its default mode illuminating the STAT LED You can change the default mode by using the Console Settings menu on the management console On the top left side of the switch you will find another LED System The System LED s colors indicates the following Solid amber The swit...

Page 291: ...0 IP Configuration Ethernet Address 00 B0 64 75 65 40 Settings I IP address 192 1 2 1 S Subnet mask 255 255 255 0 G Default gateway 0 0 0 0 V Management VLAN 1 M IP address of DNS server 1 0 0 0 0 N IP address of DNS server 2 0 0 0 0 D Domain name R Use Routing Information Protocol Enabled Actions P Ping C Clear cached DNS entries X Exit to previous menu Enter Selection 3 Once your IP configuratio...

Page 292: ...etwork troubleshooting it s better to use native IP instead of DNS resolution Once you enter your URL you ll be prompted for an account and password When you enter the password with no account specified the switch will validate your password and redirect you to the Switch Manager Basic System Configuration Page shown in Figure 14 1 Figure 14 1 The home page of the Web Management Console Take some ...

Page 293: ...es the Dynamic Address Table the Permanent Unicast Address and Port Security Table and the Multicast Address Table Figure 14 3 shows an example Figure 14 3 From here you can view and manage dynamic addresses and unicast and multicast tables SNMP The SNMP Management page This page lets you manage and define where to send the SNMP information and who has read or write access to the SNMP information ...

Page 294: ... ports modify various Spanning Tree parameters and configure STP Among other things you can set the path cost priority and port fast mode For an example see Figure 14 5 Figure 14 5 This page gives you more details and options for configuring STP CDP The CDP Management page This page lists all the devices that have Cisco Discovery Protocol CDP enabled You can browse them access them by Telnet and r...

Page 295: ...aptured frames and the ports to be monitored See Figure 14 7 Figure 14 7 This page allows you to configure which ports to monitor and where they are monitored from CONSOLE The Console and Upgrade Configuration page As you can see in Figure 14 8 this page is self explanatory However we wanted to bring to your attention the Accept Upgrade Transfer From Other Hosts option it may be a vulnerability if...

Page 296: ...ontinue with the upgrade process STATISTICS The Statistics Reports page Here you can reset individual statistics or all statistics captured on each port Figure 14 9 shows an example Figure 14 9 This page allows you to reset the individual ports or all ports on the switch You can also view various receiving and forwarding information SYSTEM The System Management and Broadcast Storm Control page Thi...

Page 297: ...N using the Web Management Console When you implement switches it is hard to see how the traffic flows in your network because switches break up your broadcast and collision domains This means that where you used to be able to connect a sniffer to a hub port to view the traffic and get statistics about the entire network segment you no longer can with switches SPAN allows you to connect a manageme...

Page 298: ...on the Add button to move them to the Ports Monitored Window 2 Select the port you wish to monitor from by choosing from the pull down menu next to Select Monitoring Port This port will usually be one of the trunk ports 3 Related solution Found on page Enabling SNMP Contact 58 282 ...

Page 299: ...ion is support for Domain Name Service DNS and Dynamic Host Control Protocol DHCP to help with ease of host management The Standard Edition can be upgraded via the Flash to the Enterprise Edition The Enterprise Edition offers the features of the Standard Edition but also provides several high end solutions These include Fast EtherChannel support for Dynamic Inter Switch Link DISL an IOS Command Li...

Page 300: ...value may range from 0 to 65500 attempts If you choose not to use a threshold you should specify zero S Silent time upon intrusion detection This is the number of minutes the Management Console will be unavailable for use due to an excessive number of failed attempts to log on This value may range from 0 to 65500 minutes Specify zero only for no silent time T Management Console inactivity timeout ...

Page 301: ... problems with the switch This field can also contain up to 255 characters Including a pager number or home contact information as part of the contact name can be helpful L Location This field can contain up to 255 characters It provides additional information about where the switch physically resides S Switching Mode This option allows the switch to be configured for all three switching modes The...

Page 302: ...ent menu Catalyst 1900 Network Management I IP Configuration S SNMP Management B Bridge Spanning Tree C Cisco Discovery Protocol G Cisco Group Management Protocol H HTTP Server Configuration R Cluster Management X Exit to Main Menu Enter Selection Let s look at each option from this menu in more detail I IP Configuration Choosing I from the Network Management menu brings up a menu that looks simil...

Page 303: ...ess 0 0 0 0 U Authentication Trap generation Disabled L LinkUp LinkDown trap generation Disabled Actions X Exit to previous Menu Enter selection The options available from this menu are as follows R READ community string Identifies the community that is assigned to the management stations Those management stations assigned to this community can read the trap messages sent from the switch You can d...

Page 304: ...3 F3 11 Number of member ports 27 Root port 3 Max age sec 20 Root path cost 1000 Forward Delay sec 15 Hello Time sec 10 Topology changes 0 Last TopChange 245f08h12m22s Settings S Spanning Tree Algorithm Protocol Enabled B Bridge priority 32 768 M Max age when operating as root 20 second s H Hello time when operating as root 10 second s F Forward delay when operating as the root 15 second s Actions...

Page 305: ...the last configuration option on the Network Management menu In order to function properly CGMP needs all the ports on the switch to reside in the same VLAN CGMP allows an intelligent means of limiting multicast flooding to specific ports The following shows the menu on a Catalyst 2820 when the G command is chosen from the Network Management menu Catalyst 2820 Cisco Group Management Protocol CGMP ...

Page 306: ... the cable Possibly the cable has become unplugged the device on the other end is turned off or the port is not configured on the far end device Suspended jabber The port is temporarily disabled because of excessive jabber or indecipherable data frames Suspended violation The port has been temporarily disabled because of an address violation The port is automatically re enabled once it discontinue...

Page 307: ...riority for the STP root port The lower the number the higher the priority The valid range is from 0 to 255 the default is 128 C Path cost spanning tree This option sets the path cost used to choose the STP root port H Port fast mode PortFast is an option that allows a port to immediately go into forwarding mode This option offers two settings E enable and D disable The option is explained in deta...

Page 308: ...s table size Defines the number of allowable MAC addresses if the port is secure port enabled The range can be any value from 1 to 132 The default is 132 it cannot be changed if the port is not secure port enabled S Addressing security Allows you to enable or disable secure port which is also known as addressing security U Flood unknown unicast Allows you to enable or disable flooding of unknown u...

Page 309: ...pecified port M Monitor Choosing M from the Main Menu will show you the following Monitoring Configuration menu Catalyst 1900 Monitoring Configuration Settings C Capturing frames to the Monitor Disabled M Monitor port assignment None Current capture list 1 24 AUI Actions A Add ports to capture list D Delete ports from capture list X Exit to Main Menu Enter Selection The following list shows the Mo...

Page 310: ... menu options are as follows R Register a multicast address Allows the addition of multicast addresses and ports to which multicasts can be forwarded Invalid multicasts such as unicasts broadcasts and reserved multicasts are automatically rejected The switch supports up to 64 IP multicast group registrations L List all multicast addresses Displays all registered multicast addresses that exist in t...

Page 311: ...her host on the network To prevent any unauthorized upgrades disable this option after you upgrade your firmware U System XMODEM upgrade Allows you to begin the upgrade using the XMODEM protocol T System TFTP upgrade Allows you to begin the upgrade from a TFTP server The address of the server and the name of the file must already be configured with options S and F D Download test subsystem XMODEM ...

Page 312: ...ation string for modem Allows you to change the initialization string to match your modem requirements C Cancel and restore previous group settings Allows you to undo any new values entered for the baud rate data bits stop bits and parity settings G Activate group settings Allows you to activate the settings you have entered for baud rate data bits stops bits and parity X Exit to Main Menu Returns...

Page 313: ...egistered multicasts Enabled Actions A Add a static address D Define restricted static address L List addresses E Erase an address R Remove all addresses C Configure port V View port statistics N Next port G Goto port P Previous port X Exit to Main Menu Enter Selection E Exception Statistics Report This option display the Exception Statistics Report which gives a summary of errors on a port Cataly...

Page 314: ...since start up 1d 06h 58m 02s Settings T Capture time interval 24 hour s R Reset capture X Exit to previous menu Enter Selection X Exit This option returns you to the Main Menu Configuring Network Settings on the 1900 and 2820 Series To configure a 1900 or 2820 series switch follow these steps Plug in your switch You should see the following display Catalyst 1900 Management Console Copyright c Cis...

Page 315: ...o this configuration you should verify that the correct management VLAN value is set 4 Enter the DNS information by selecting M to enter the primary DNS server and then selecting N to enter the secondary DNS server 5 Select D You will be prompted to enter the name of the domain into which the switch falls 6 Routing Information Protocol RIP is enabled by default Because all changes are in real time...

Page 316: ...the port The possible settings are 10 to 14 400 the default is 500 per second X Exit to previous menu Returns you to the System Configuration menu Configuring SNMP on the 1900 Series To configure SNMP on the 1900 series switch start from the Main Menu and do the following Select option N to go into the Network Management Menu The following shows the Network Management menu Catalyst 1900 Network Ma...

Page 317: ...t SNMP WRITE Configuration Settings 1 First WRITE community string 2 Second WRITE community string 3 Third WRITE community string 4 Fourth WRITE community string A First WRITE manager name or IP address B Second WRITE manager name or IP address C Third WRITE manager name or IP address D Fourth WRITE manager name or IP address X Exit to previous menu Enter Selection A SNMP Write Manager is the mana...

Page 318: ...g Current setting private New setting techwrite 7 Again once you have entered the new setting your screen will automatically refresh At this point enter option X and return to the SNMP configuration menu 8 At the Network Management SNMP Configuration Menu select T This will allow you to configure the trap message configuration settings Catalyst 1900 Network Management SNMP Configuration R READ con...

Page 319: ...send any SNMP traps alerts The types of traps the switch can send are authentication traps linkUp linkDown traps among others From the Management Console up to 4 Trap management stations can be defined If no trap managers are defined the switch will not send any traps Enter First Trap Manager server name or IP address Current setting New setting 63 78 39 84 10 Notice that that IP address is the pr...

Page 320: ...ptured information to a specific port To do so select A In this example we have selected trunk port B Identify Port 1 to 12 1 12 AUI A B or N one Select 1 12 AUI A B N A Current setting None New setting B 3 Now you want to select option C and enable Capturing frames to monitor to successfully complete the Port Monitoring configuration 4 Configuring VLANs on the Standard Edition IOS To configure VL...

Page 321: ...e 32 characters max Current setting VLAN0002 New setting Techs 4 Now you need to save the VLAN configuration To do so select option S Save and exit 5 To view information about your newly created VLAN from the Virtual LAN Configuration menu choose M 6 Next select the VLAN you want information on In this case it s VLAN 2 Enter 2 and you should see the following Catalyst 1900 Modify Ethernet VLAN Inf...

Page 322: ...s it receives confirmation fro 4 auto is used to indicate that the port is capable and willing to become a trunk but will not initiate trunking negotiations Other participants on the link are required to either start negotiations or start sending e 5 no negotiate dictates that the port will always be a trunk like the on 1 state However The port will neither generate DISL frames nor process receive...

Page 323: ...ion rate 15 Bridge Configuration 1 Configuration option 1 2 Configuration option 2 3 Configuration option 3 4 Configuration option 4 O VLAN bridge operating parameters Actions E Enable spanning tree s D Disable spanning tree s C Uplink Fast statistics X Exit to previous menu Enter Selection U 3 Select E to enable Uplink Fast Uplink fast may be E nabled or D isabled Current setting Disabled New set...

Page 324: ... from the following output that only VLANs 2 through 64 are using the Spanning Tree Protocol Catalyst 1900 Bridge Spanning Tree Configuration Information S VLAN spanning trees enabled 2 64 Settings U Uplink Fast Enabled R Uplink Fast Frame Generation rate 15 Bridge Configuration 1 Configuration option 1 2 Configuration option 2 3 Configuration option 3 4 Configuration option 4 O VLAN bridge operat...

Page 325: ...ot power up and no indicator lights appear lit on the front or back of the switch follow these steps Check the physical cable for breaks or an unsecure connection 1 Check the outlet with a multimeter for proper throughput 2 Reseat the RAM in the chassis 3 Check the connection and verify that all interfaces cards and modules are securely fastened in the chassis Warning Make sure you use proper grou...

Page 326: ...on the Supervisor Engine on the Catalyst 5000 and 6000 family has five LEDs that can indicate a problem or tell you current utilization of the switch The Supervisor Engine LEDs indicate the system fan power supplies the load utilization and whether the Supervisor Engine is active Figure 16 1 shows the LEDs Figure 16 1 The Supervisor Engine LEDs The switch load bar indicates the load on the switch ...

Page 327: ...cable distances had greater flexibility In today s high speed networks the distance limitations should be strictly adhered to Many times administrators will upgrade the network interface cards on both ends of a former 10Mbps link and find that the new 100Mbps link fails to work or has an excessive number of errors forcing the link to become unusable This happens because exceeding the 10BaseT cable...

Page 328: ... differences between a straight through and a cross over cable or when to use them A connection to a network node from a switch or hub uses a straight through cable A crossover cable is used to connect two network devices a hub to a hub a switch to a switch a switch to a router and so on Many times in my classroom or on the job I have come across someone who couldn t get a connection between switc...

Page 329: ...d network as well as trunked and switched ports A screen capture of TrafficDirector appears in Figure 16 4 Figure 16 4 A screen capture from TrafficDirector AtmDirector Used in Asynchronous Transfer Mode ATM networks This tool can be used to configure administer and troubleshoot ATM switched networks IOS Software Troubleshooting Commands Some command line interface commands are available to aid yo...

Page 330: ...ed to each switch port If you are in a network where the administration of network devices is divided within the organization I recommend that a central process be created to review and document assigned MAC addresses and thereby avoid this duplication problem Note On the Cisco CLI based IOS use the show mac command show cdp neighbors Cisco Discovery Protocol CDP is a Cisco proprietary protocol us...

Page 331: ... unit MTU violations Note On the Cisco CLI based IOS use the show usage utilization command show port Using the show port command you can receive specific information about selected ports or all the ports on a specified module This data includes the VLANs the port belongs to port configuration information port status port speed port duplex port media type security information source MAC address of...

Page 332: ... based IOS show vtp domain controller The VLAN Trunking Protocol VTP maintains a consistent VLAN configuration throughout the network In a VTP management domain a configuration change is done only once on a VTP server configured switch The new configuration is propagated throughout the network The show vtp domain controller command provides the status and configuration information for VTP Related ...

Page 333: ...minterval 60 set vmps tftpserver 0 0 0 0 vmps config database 1 set vmps state disable dns set ip dns disable tacacs set tacacs attempts 3 set tacacs directedrequest disable set tacacs timeout 5 set authentication login tacacs disable set authentication login local enable set authentication enable tacacs disable set authentication enable local enable bridge set bridge ipx snaptoether 8023raw set b...

Page 334: ...nable 1003 set spantree fwddelay 4 1003 set spantree hello 2 1003 set spantree maxage 10 1003 set spantree priority 32768 1003 set spantree portstate 1003 auto 0 set spantree portcost 1003 80 set spantree portpri 1003 4 set spantree portfast 1003 disable vlan 1005 set spantree enable 1005 set spantree fwddelay 15 1005 set spantree hello 2 1005 set spantree maxage 20 1005 set spantree priority 3276...

Page 335: ...set port channel 1 1 2 off set port channel 1 1 2 auto set port enable 1 1 2 set port level 1 1 2 normal set port duplex 1 1 2 half set port trap 1 1 2 enable set port name 1 1 2 set port security 1 1 2 disable set port broadcast 1 1 2 100 set port membership 1 1 2 static set cdp enable 1 1 2 set cdp interval 1 1 2 60 set trunk 1 1 auto 1 1005 set trunk 1 2 auto 1 1005 set spantree portfast 1 1 2 ...

Page 336: ...m this command 1912EN show running config Building configuration Current configuration vtp domain coriolis mac address table permanent 0030 194C 80A6 Ethernet 0 1 mac address table permanent 0000 0C00 4BD0 Ethernet 0 1 mac address table permanent 00A0 2457 2877 Ethernet 0 1 mac address table permanent 0000 0C33 4283 Ethernet 0 5 mac address table permanent 0000 0C33 4283 Ethernet 0 10 mac address ...

Page 337: ...atalyst 1900 2820 Enterprise Edition Software Version V8 01 02 Copyright c Cisco Systems Inc 1993 1998 1912EN uptime is 0day s 01hour s 33minute s 17second s cisco Catalyst 1900 486sxl processor with 2048K 1024K bytes of memory Hardware board revision is 5 Upgrade Status No upgrade currently in progress Config File Status No configuration upload download is in progress 15 Fixed Ethernet IEEE 802 3...

Page 338: ...look at the command its optional syntax and an example of its output show test module number Catalyst5002 enable show test Environmental Status Pass F Fail U Unknown PS 3 3V PS 12V PS 24V PS1 PS2 Temperature Fan Clock A B A Chassis Ser EEPROM Module 1 2 port 100BaseFX MM Supervisor Network Management Processor NMP Status Pass F Fail U Unknown ROM Flash EEPROM Ser EEPROM NVRAM MCP Comm EARL Status ...

Page 339: ...ket Buffer Status Ports 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Loopback Status Reported by Module 1 Ports 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Note There is no comparable command on the 1900EN series switches Viewing the System Configuration on a Set Clear Command Based Switch To view the system configuration on a Set Clear command based IOS switch...

Page 340: ...ailable options and an example of its output 1912EN show vtp statistics Show VTP statistics cr 1912EN show vtp VTP version 1 Configuration revision 0 Maximum VLANs supported locally 1005 Number of existing VLANs 5 VTP domain name coriolis VTP password VTP operating mode Server VTP pruning mode Disabled VTP traps generation Enabled Configuration last modified by 63 78 39 33 at 00 00 0000 00 00 00 1...

Page 341: ...uspended 1005 trnet default Suspended VLAN Type SAID MTU Parent RingNo BridgeNo Stp Trans1 Trans2 1 Ethernet 100001 1500 0 0 0 Unkn 1002 1003 2 Ethernet 100002 1500 0 0 0 Unkn 1002 1003 3 Ethernet 100003 1500 0 0 0 Unkn 1002 1003 10 Ethernet 100010 1500 0 0 0 Unkn 1002 1003 1002 FDDI 101002 1500 0 0 0 Unkn 1 1003 1003 Token Ring 101003 1500 1005 1 0 Unkn 1 1002 1004 FDDI Net 101004 1500 0 0 1 IEEE...

Page 342: ... forwarding 10 32 disabled 2 16 1 not connected 19 32 disabled 2 17 1 forwarding 10 10 disabled 2 18 1 forwarding 10 32 disabled 2 19 1 not connected 100 10 disabled 2 20 1 forwarding 10 32 disabled 2 21 1 forwarding 100 32 disabled 2 22 1 not connected 100 32 disabled 2 23 1 forwarding 10 32 disabled 2 24 1 not connected 100 32 disabled Viewing the Spanning Tree Configuration on a CLI Based IOS T...

Page 343: ...rity 128 Designated root has priority 32768 address 0000 0C00 4BD0 Designated bridge has priority 32768 address 0030 8054 6C00 Designated port is Ethernet 0 6 path cost 100 Timers message age 20 forward delay 15 hold 1 Port Ethernet 0 7 of VLAN1 is Forwarding Port path cost 100 Port priority 128 Designated root has priority 32768 address 0000 0C00 4BD0 Designated bridge has priority 32768 address ...

Page 344: ...030 8054 6C00 Designated port is FastEthernet 0 27 path cost 100 Timers message age 20 forward delay 15 hold 1 Viewing the CAM MAC Address Table on a Set Clear Command Based IOS A switch uses the CAM table to make forwarding decisions on the switch Let s take a look at the available command options syntaxes and an example of the output using the show cam command Catalyst5002 enable show cam Usage ...

Page 345: ... port number detail Catalyst5002 enable show cdp neighbor detail Device ID Coriolis2514 coriolis com Device Addresses IP Address 68 27 187 254 Holdtime 150 sec Capabilities ROUTER Version Cisco Internetwork Operating System Software IOS tm 2500 Software C2500 IO L Version 12 0 5 RELEASE SOFTWARE fc1 Copyright c 1986 1999 by cisco Systems Inc Platform cisco 2500 Port ID FastEthernet0 Port 2 1 Devic...

Page 346: ... 0 1 Permanent All 00A0 2457 2877 Ethernet 0 1 Permanent All 1912EN Viewing Port Statistics on a Set Clear IOS To view the port statistics on a Set Clear command based IOS use the show mac command Let s look at the command and its quite lengthy output Catalyst5002 enable show mac MAC Rcv Frms Xmit Frms Rcv M Xmit M Rcv Broad Xmit Broad 1 1 0 0 0 0 0 0 1 2 0 0 0 0 0 0 2 1 41840 23431 53 323 2342 88...

Page 347: ... 2465834 1755 566432 2 3 99675 3467 66432 2 4 345562 453 77645 2 5 0 0 0 2 6 0 0 0 2 7 0 0 0 2 8 0 0 0 2 9 0 0 0 2 10 0 0 0 2 11 0 0 0 2 12 0 0 0 Port Xmit Unicast Xmit Multicast Xmit Broadcast 1 1 0 0 0 1 2 0 0 0 2 1 8809 431 227 2 2 5798 540 101 2 3 6260 895 83 2 4 7341 935 107 2 5 0 0 0 2 6 0 0 0 2 7 0 0 0 2 8 0 0 0 2 9 0 0 0 2 8 0 0 0 2 9 0 0 0 2 10 0 0 0 2 11 0 0 0 2 12 0 0 0 Port Rcv Octet X...

Page 348: ...tion Display utilization statistics report 1912EN show usage utilization Receive Forward Transmit 1 6301 5861 2252 2 0 0 0 3 1 0 4124 4 0 0 0 5 889 821 4124 6 4217 4217 7857 7 0 0 0 8 0 0 6 9 0 0 0 10 0 0 693 11 0 0 0 12 0 0 0 AUI 0 0 4124 A 0 0 0 B 0 0 0 Here is the output using the exception syntax 1912EN show usage exception Receive Transmit Security Errors Errors Violations 1 0 0 0 2 0 0 0 3 0...

Page 349: ...nts Giants 2 1 3442 603 0 0 0 1 0 Using the show port Command on a CLI Based IOS The show port command can be used on a CLI based IOS switch to view the port configuration Let s take a look at the command its syntaxes and an example of its output 1912EN show port block Forwarding of unknown unicast multicast addresses monitor Port monitoring system System port configuration 1912EN show port block ...

Page 350: ... to obtain configuration information and protocol statistics for each VLAN Let s look at the command its optional syntaxes and an example of its output show vlan vlan trunk notrunk Catalyst5002 show vlan Virtual LAN ID 1 vLAN Trunk Interface FastEthernet1 0 1 Protocols Configured Address Received Transmitted IP 68 127 187 10 95563219847 81294682 Virtual LAN ID 2 Inter Switch Link Encapsulation vLA...

Page 351: ...mand based IOS Let s take a look at the command its available option and an example of its output show interface trap Catalyst5002 enable show interface sl0 flags 51 UP POINTOPOINT RUNNING slip 0 0 0 0 dest 0 0 0 0 sc0 flags 63 UP BROADCAST RUNNING vlan 1 inet 68 127 187 1 netmask 255 255 255 0 broadcast 68 127 187 255 Using the show interface Command on a CLI Based IOS You can view information ab...

Page 352: ...an example of its output show log module number Catalyst5002 enable show log Network Management Processor ACTIVE NMP Log Reset count 1 Re boot History Aug 04 2000 23 06 05 0 Bootrom Checksum Failures 0 UART Failures 0 Flash Checksum Failures 0 Flash Program Failures 0 Power Supply 1 Failures 1 Power Supply 2 Failures 0 Swapped to CLKA 0 Swapped to CLKB 0 Swapped to Processor 1 0 Swapped to Process...

Page 353: ...rce port destination module destination port and optionally whether you want it to monitor received frames transmitted frames or both The syntax for the command is as follows 2 set span source module source port destination module destination port rx tx both Note RX stands for Receive TX stands for Transmit Configuring SPAN for VLAN Monitoring on a Set Clear Command Based IOS To configure a Set Cl...

Page 354: ...tinue with standard system start up U Upgrade operation firmware XMODEM S System debug interface Enter Selection Using the Diagnostic Console to Upgrade the Firmware on a Cisco 1900 or 2820 Series Switch Follow these steps to upgrade the firmware on a Cisco 1900 or 2820 series switch Press the Mode button on the front of the switch while booting to enter the Diagnostic Console as shown here Cisco ...

Page 355: ...ect the speed at which to upload the IOS If you are using the console cable it should be 9600 If you are using a modem you can upload a new image at 57 600Kbps 4 Do you wish to upgrade at 9 600 console speed or 5 7600 9600 Waiting for image at the configured baud rate Using the Diagnostic Console for Debugging the Firmware and Hardware Follow these steps to start debugging on the switch To enter t...

Page 356: ...ions I Input O Output X Exit to Previous Menu Enter Selection Here is an example of the output from the F Return System To Factory Defaults option Enter Selection F Reset system with factory defaults Y es or N o Yes Here is an example of the output from the R Reset Main Console RS232 Interface To 9600 8 1 N option Enter Selection R Reset main console RS232 interface to 9600 8 1 N Y es or N o Yes H...

Page 357: ... org Cisco Users Group for Central Iowa http cisco knis com Dallas Ft Worth Cisco Users Group Texas http dfw cisco users org Denver Cisco Users Group Colorado www twpm com dcug Groupstudy Com http www groupstudy com Kansas City Cisco Users Group Kansas www cugkansas com home cfm New England Cisco Systems Users Group http www ciscousers com Northern California Cisco Users Group Sacramento Californi...

Page 358: ...2_0 12_3 sw_conf admin htm Hot Standby Router Protocol HSRP frequently asked questions www cisco com warp public 619 3 html Frequently asked questions and solutions www cisco com warp public 619 3 html Sample configuration of HSRP www cisco com univercd cc td doc cisintwk ics cs009 htm Inter Switch Link ISL Functional Specification www cisco com warp public 741 4 html ISL Trunking on the Catalyst ...

Page 359: ...org Electronic Industries Alliance EIA This is the parent organization for a number of standards groups including the Telecommunications Industry Association TIA TIA EIA standards relate mostly to cabling The TIA members are providers of communications and information technology products and services The TIA EIA Web site can be found at http www tiaonline org Gigabit Ethernet Alliance This group w...

Page 360: ...arket condition standards for storage devices multimedia programming languages and security The T11 committee is responsible for fiber channel standards You can find the NCITS T11 Web site at http www t11 org Cisco Job Search Sites http www americanjobs com www cisco com pcgi bin jobs pl http www computerjobs com http www computerjobsbank com http www computerpeople com http www computerwork com h...

Page 361: ...d set password enable password level 15 password Sets the enable password set enablepass hostname name Sets the prompt hostname set prompt name ip address ip_address netmask Sets the IP address set interface sc0 ip_address netmask N A Sets the port speed set port speed mod number 10 100 auto N A Sets the system name set system name name no trunk vlan vlan_range Clears a trunk port clear trunk mod ...

Page 362: ...wddelay vlan delay value spantree template Sets the STP HelloTime timer set spantree hello interval spantree template Sets the MaxAge timer set spantree maxage agingtime vlan time uplink fast Enables UplinkFast set spantree uplinkfast enable trunk on off desirable auto nonegotiate Configures the trunk port set trunk mod num on off desirable auto no negotiate vlan vlan_number name vlan_name Configu...

Page 363: ...at configuring and troubleshooting networks or if you have a difficult personality I am going to assume that you possess neither of those two characteristics Of course you probably won t last long if you give away the house either The first thing to do is to establish credibility with the customer How do you do this Let s take a look Establishing Credibility There are many ways you can project a g...

Page 364: ... s Web site particularly its press releases and End of Life EOL notices Nothing is worse than having the customer tell you about new Cisco products that are available Bringing a list of your previous clientele can t hurt You may want to have letters from previous clients included in the packet of materials you give to the client with your estimate or with your brochure If you are just starting out...

Page 365: ...ing each item At the very least the proposal cover should be full color A picture of the customer s building is great to include I once had a manager who had a sign that read THE PROPOSAL Dumb people like pictures Of course you don t want to call your customers dumb but they lack your knowledge If they didn t you wouldn t be there Don t get too in depth such as estimating the number of feet of cab...

Page 366: ... working configuration in hand makes for a quick resolution If there is a problem with a component or if a component needs an upgrade your documentation should show you exactly what you need to order to remain compatible with the current equipment Even though you re a high paid Cisco consultant you should get a few weeks of vacation a year too If you re the only one who knows the network you ll be...

Page 367: ...ltant Therefore they like to contract as much as they possibly can only to wind up getting too much work You should make sure that you can complete each job and that you allow extra time in case configuration problems or hardware problems pop up when you least expect them Booking your time both day and night does not allow for overtime to complete a job that has gotten behind Be sure you have enou...

Page 368: ...nce can be hazardous to your client consultant relationship just a helpful hint You will leave resentment in the customer s mind if you try to blame him by telling him he did not tell you he needed a particular component The customer is not the professional who needed to realize he needed something you are Conclusion As a consultant you must remember to manage your time and yourself You are your o...

Page 369: ...how version WS C5000 Software Version McpSW 5 5 2 NmpSW 5 5 2 Copyright c 1995 2000 by Cisco Systems NMP S W compiled on Jul 28 2000 16 43 52 MCP S W compiled on Jul 28 2000 16 38 40 System Bootstrap Version 3 1 2 Hardware Version 2 0 Model WS C5000 Serial 011454261 Mod Port Model Serial Versions 1 0 WS X5530 011454261 Hw 2 0 Fw 3 1 2 Fw1 4 2 1 Sw 5 5 2 WS F5521 011455134 Hw 1 1 2 24 WS X5225R 013...

Page 370: ...ps attachment unit interface AUI port will not work because Inter Switch Link ISL needs to use a 100BaseTX port for optimum trunking support Note For this lab the Cisco 2620 series router has been previously configured with its basic configuration Two Ethernet crossover cables to run between devices One console cable and connector Lab Objectives During this lab you will complete the following task...

Page 371: ... c Cisco Systems Inc 1993 1999 All rights reserved Enterprise Edition Software Ethernet Address 00 30 80 54 6C 00 PCA Number 73 3122 04 PCA Serial Number FAB03263DNB Model Number WS C1912 EN System Serial Number FAB0335V70D Power Supply S N APQ0325005M PCB Serial Number FAB03263DNB 73 3122 04 1 user s now active on Management Console User Interface Menu M Menus K Command Line Enter Selection K CLI...

Page 372: ...t 1912EN config 6 Assign VLAN names 1912EN config vlan 2 name CAD 1912EN config vlan 3 name Graphics 1912EN config vlan 4 name DocProduction 7 Assign the VLAN number that matches the Ethernet port number on the front of the switch 1912EN config terminal Enter configuration commands one per line End with CNTL Z 1912EN config interface e0 2 1912EN config if vlan membership static 1 1005 ISL VLAN ind...

Page 373: ... password Enter new password coriolis1 Retype new password coriolis1 Password changed 3 Configure the password for Enable mode Press Enter for the old password if none has ever been configured Catalyst5000 enable set enablepass Enter old password Enter new password coriolis2 Retype new password coriolis2 Password changed Catalyst5000 enable 4 Enter the IP address and the default gateway router for...

Page 374: ... force the port to use full duplex Disable any IPs and use the no shutdown command Cisco2621 conf interface fastethernet 0 2 Cisco2621 conf if no ip address Cisco2621 conf if no shutdown Cisco2621 conf if full duplex 1 Create a subinterface for each VLAN Assign a description optional an IP address for the VLAN and an encapsulation type as well as the VLAN number Cisco2621 conf if interface fasteth...

Page 375: ...uding the new 2980G series Cisco Catalyst 2900 XL series Cisco Catalyst 3000 series Cisco Catalyst 3500 XL series Cisco Catalyst 3900 series Cisco Catalyst 1900 The Catalyst 1900 is the entry point for Cisco s switch line There are two types of Catalyst 1900 switches the Standard Edition SE and the Enterprise Edition EN The Standard Edition as explained in Chapter 15 is a low cost alternative for ...

Page 376: ...t switches this series is one of the best values for your money The 2900 series includes the 2901 2902 2926 and 2948G These switches use an architecture similar to that of the Cisco Catalyst 5000 series of switches This series uses the Set Clear command based CLI allowing the switch to support advanced features such as ISL The XL series was introduced long after Cisco released its prized Catalyst ...

Page 377: ...gurations and Network Interface Cards NICs also allow a server to be configured with FEC uplinks to a router or switch This ability results in a very efficient high speed backbone and data center uplinks with automatic load balancing and failover for port failures Support for RMON statistics which give a good picture of network activity in the form of statistics history events and alarms groups Su...

Page 378: ... to 64 VLANs using Cisco s LAN Emulation LANE based ATM and ISL based Fast Ethernet VLANs to extend switched VLANs throughout the enterprise Spanning Tree Protocol STP implemented by VLAN for loop detection An optional stack port interface module that connects one 3000 series switch to another This Catalyst Matrix delivers 280Mbps per switch of bandwidth for unrestricted traffic flow Some of the b...

Page 379: ...ith a multimode fiber interface In addition optional four port Token Ring modules can be added to the expansion ports in the Catalyst 3900 These cards allow for expansion of up to 28 Token Ring ports Up to eight units can be stacked using the optional stack port module and the Catalyst Matrix for a total of 224 Token Ring ports The four port fiber module supports IEEE 802 5J standard for ring in r...

Page 380: ...orkstation using HyperTerminal Table E 7 shows key features of the Catalyst 3900 series Table E 7 The key features of the Cisco Catalyst 3900 series Feature 3900 3920 Ports 20 24 28 24 Stack slot 1 1 Expansion slots 1 FlexSlot None Backplane 520Mbps 520Mbps Processor Intel 960SA Intel 960SA DRAM Up to 8MB Up to 8MB Stackable Yes Yes Distribution Layer Switches The Distribution layer is the demarca...

Page 381: ...d support for multicast intensive applications The Catalyst 5002 delivers features in a small package for the needs of smaller wiring closets but still switches 1 million pps The 5000 continues to address the needs of switched wiring closets with 1 to 3 million pps performance The 5505 has a five slot chassis like the Catalyst 5000 and is made for the high end wiring closet with performance from 1...

Page 382: ...warding rate 1 million pps 3 million pps 25 million pps 25 million pps 25 million pps Max VLANs 1 000 1 000 1 000 1 000 1 000 Table E 10 shows the switching modules the ports available for each module and the maximum allowable ports on each switch chassis Table E 10 Catalyst 5000 family port densities for each switch chassis Switching Module Ports Supported per Module Max Ports per Chassis 5002 50...

Page 383: ...h and a standalone Cisco router The MSFC also supports traffic statistics collection and accounting with no impact on switching performance In addition Cisco offers the FlexWAN module which accepts up to two Cisco 7200 7500 series WAN port adapters supporting asynchronous and synchronous serial interfaces at speeds from 56Kbps to 155Mbps The FlexWAN module provides native support of the Frame Rela...

Page 384: ...232 circuit data interfaces and one or two port voice modules using either T1 E1 or J1 Catalyst 8400 Services The Catalyst 8400 series offers standards compliant ATM user to network interface network to network interface on a variety of interfaces All ATM interfaces support per VC queuing rate scheduling and multiple classes of service including those defined by the ATM forum such as constant bit ...

Page 385: ...ynchronous legacy data or video to be transported across the WAN through a fixed delay fixed throughput zero discard or point to point data connection Available speeds range from 1 2Kbps to T1 E1 for synchronous data and from 1 2Kbps to 19 2Kbps for asynchronous data using standard serial interfaces such as V 28 RS 232 V 11 X 21 V 35 EIA TIA 449 and T1 E1 A network of Catalyst multiservice ATM swi...

Page 386: ...nt communication and shelf management communication The alarm status monitor card ASM monitors the power supply voltage and shelf temperature of the BPX 8600 The ASM card also includes telco standard relays which can activate switch alarm indicators The switch also supports BXM cards that enable you to configure both PVCs and SVCs for ATM services The Cisco BPX 8600 series switch enables video on ...

Page 387: ... can be removed and reinserted without impacting service delivery or affecting the performance of other modules Background diagnostics continually monitor switch functions on active as well as standby modules ensuring fault tolerant operation As a result Cisco wide area switches routinely deliver high service availability The Cisco MGX 8850 switch supports industry standard automatic protection sw...

Page 388: ...support up to 132 DS3 44 OC 3c STM 1c 44 OC 12c STM 4c or 11 OC 48c STM 16c interfaces 12016 The new 5Tbps GSR terabit system which has 16 slots that can be used to support up to 180 DS3 60 OC 3c STM 1c and 60 OC 12c STM 4c or 15 OC 48c STM16c interfaces with support for 15 OC 192c STM 64c interfaces in the future You may wonder why a router is being featured in a book about switches The 12000 ser...

Page 389: ... bridge or hub that in turn connects to the network backbone or higher layer switches and routers access list A security feature used with the Cisco IOS to filter traffic types as part of data routing Access lists are also used to filter traffic between different VLAN numbers active route processor active RP The active router or route process in HSRP that is currently handling routing decisions an...

Page 390: ...d in multiple service types such as voice video or data and it s sent in fixed length 53 byte cells ATM has become common on today s corporate networks It guarantees throughput and minimizes delay It can provide scalable speeds up to multiple gigabits per second Asynchronous Transmission Synchronization ATS A process used in serial data transfer in which a start bit and a stop bit are added so the...

Page 391: ...nary A Base 2 numbering system characterized by 1s and 0s used in digital signaling binding The process of associating a protocol and a NIC bit An electronic digit used in the binary numbering system blackout A total loss of electrical power blocking architecture A condition in which the total bandwidth of the ports is greater than the capacity of the switching fabric bridge A device that connects...

Page 392: ...module attached to the ATM cell switching bus A CAM can support two port adapter modules to provide physical ATM line ports used by end nodes A CAM can be placed in the Cisco Catalyst 5500 in slot 9 10 11 or 12 It can also be placed in the LS1010 in slot 0 1 3 or 4 Carrier Sense Multiple Access with Collision Avoidance CSMA CA A media access method that uses collision avoidance techniques Carrier ...

Page 393: ...k that uses addresses starting between 192 and 254 and supports up to 2 097 152 networks with 254 unique hosts each Classless Inter Domain Routing CIDR A technique that allows multiple addresses to be consolidated into a single entry Clear Header A field part of the 802 10 header that copies the encrypted Protected Header for security purposes to help guarantee against tampering with the frame Als...

Page 394: ...and no policy implementation Core layer In the Cisco Hierarchical Model the backbone of the network designed for high speed data transmission crosstalk Electronic interference caused when two wires get too close to each other cut through packet switching A switching method that does not copy the entire packet into the switch buffers Instead the destination address is placed in buffers the route to...

Page 395: ...int SAP to inform the receiving host of the identity of the destination host dialed number identification service The method for delivery of automatic number identification using out of band signaling dial up networking The connection of a remote node to a network using POTS or PSTN diameter A unit of measurement between the root switch and child switches calculated from the root bridge with the r...

Page 396: ...d in initializing the switch using STP on a per VLAN basis controlling the LEDs on the chassis maintaining RMON statistics and handling in band and out of band management of the switch emulated LAN ELAN A feature used by ATM LANE to perform the basic functionality of a VLAN in Token Ring or Ethernet environments ELANs like VLANs require a route processor such as a router to route frames between EL...

Page 397: ...FE A major component of ASIC part of the ClearChannel Architecture on the Cisco Catalyst series 1900 and 2820 switches It is responsible for learning addresses allocating buffer space in the shared memory space frame queuing forwarding decisions and maintaining statistics Forwarding Information Base FIB A mirror image of the IP routing table s routing information similar to a routing table or info...

Page 398: ...fication for transfer rates up to one gigabit per second guaranteed flow control A method of flow control in which the sending and receiving hosts agree upon a rate of data transmission After they agree on a rate the communication will take place at the guaranteed rate until the sender is finished No buffering takes place at the receiver half duplex A circuit designed for data transmission in both...

Page 399: ...pecifications for the implementation of the Physical layer and the MAC sublayer of the Data Link layer using Token Ring access over a bus topology IEEE 802 5 Standard often used to define Token Ring However it does not specify a particular topology or transmission medium It provides specifications for the implementation of the Physical layer and the MAC sublayer of the Data Link layer using a toke...

Page 400: ...P IP This address 127 0 0 1 allows a test packet to reflect back into the sending adapter to determine if it is functioning properly International Standards Organization ISO A voluntary organization founded in 1946 that is responsible for creating international standards in many areas including communications and computers Internet Assigned Numbers Authority IANA The organization responsible for I...

Page 401: ...nsmission rate LAN Emulation LANE A standard created by the ATM forum to govern the connections of ATM end stations to either Ethernet or Token Ring devices LANE provides a bridge from devices using ATM to Layer 2 devices using Ethernet and Token Ring LAN Module ASIC LMA An ASIC in the Cisco Catalyst 3000 series switch that provides frame buffering address learning bus arbitration and switching de...

Page 402: ...ement Fault capacity accounting performance and security control for a network Master Communication Processor MCP A feature of the Supervisor Engine that takes commands from the Network Management Processor NMP and forwards them to the correct LCP The MCP is also responsible for testing and configuring the local ports and controlling the ports using LTL and CBL It also performs diagnostics on the ...

Page 403: ...r services and network resources network down Situation in which the clients are unable to utilize the services of the network This can be administrative scheduled downtime for upgrades or maintenance or it can be the result of a serious error Network Driver Interface Specification NDIS Microsoft proprietary specification or standard for a protocol independent device driver These drivers allow mul...

Page 404: ... the network and to provide the user with rights and permissions to files and resources patch panel A device where the wiring used in coaxial or twisted pair networks converges in a central location and is then connected to the back of the panel peer to peer networking A network environment without dedicated servers where communication occurs between similarly capable network nodes that act as bot...

Page 405: ...tween locations through a Frame Relay and ATM cloud When a company has three branch offices and each location physically connects to the Frame Relay provider s network cloud through a series of switches it appears to the end users as if the three branch offices are directly connected to the local network Not to be confused with a Permanent Virtual Circuit also known as a PVC proprietary A standard...

Page 406: ...used to strengthen signals going long distances Request For Comments RFC Method used to post documents regarding networking or Internet related standards or ideas Some have been adopted and accepted by the Internet Architecture Board as standards resource node An interface on the network that provides a service for a demand node Resource nodes can be such items as servers printers and other device...

Page 407: ...ery is required It is used mainly in NetWare network environments server A resource node that fulfills service requests for demand nodes Usually referred to by the type of service it performs such as file server email server or print server service access point SAP A field in a frame that tells the receiving host which protocol the frame is intended for Service Advertising Protocol SAP NetWare pro...

Page 408: ...that bridges a Token Ring segment to another physical media type such as Ethernet or FDDI It is transparent to the source and destination interfaces Source Route Transparent Bridging SRT A type of bridging that combines SRB and TB Using SRT the bridge places a RIF into a frame traveling from the TB to the SRB side It then strips out the RIF when the frame travels from the SRB port to the TB port S...

Page 409: ...quiring high speed uplinks and redundancy The switch block connects end user stations to the switches that connect to the Distribution layer Switched Multimegabit Data Service SMDS Defined by IEEE 802 6 the Physical layer implementation for data transmission over public lines at speeds between 1 544Mbps T1 and 44 736Mbps using cell relay and fixed length cells Switched Port Analyzer SPAN A port at...

Page 410: ...P IP protocol stack TCP is a connection oriented reliable data transmission communication service that operates at the OSI Transport layer Transmission Control Protocol Internet Protocol TCP IP The suite of protocols combining TCP and IP developed to support the construction of worldwide internetworks See Transmission Control Protocol and Internet Protocol Transmission Control Protocol Internet Pr...

Page 411: ...dancy virtual private network VPN A network that uses a public network such as the Internet as a backbone to connect two or more private networks A VPN provides users with the equivalent of a private network in terms of security VLAN Trunking Protocol VTP A protocol used to enhance and configure the extension of broadcast domains across multiple switches VTP dynamically reports the addition of VLA...

Reviews:

No comments

Related manuals for Catalyst 1900 Series

D-Link DSL-500 Quick Start Manual preview
DSL-500
Brand: D-Link Pages: 11
D-Link DHP?P309AV Setup Manual preview
DHP?P309AV
Brand: D-Link Pages: 8
D-Link AirPlus DWL-810 Quick Installation Manual preview
AirPlus DWL-810
Brand: D-Link Pages: 8
D-Link DHP-601AV Quick Installation Manual preview
DHP-601AV
Brand: D-Link Pages: 84
D-Link DSL-G2562DG Quick Start Manual preview
DSL-G2562DG
Brand: D-Link Pages: 2
National Instruments Module NI PXI-8250 User Manual preview
Module NI PXI-8250
Brand: National Instruments Pages: 39
Konig CMP-HOMEPL1000 Manual preview
CMP-HOMEPL1000
Brand: Konig Pages: 73
Surveon EonServ 5000 Series User Manual preview
EonServ 5000 Series
Brand: Surveon Pages: 33
SyChip WLAN6065SD User Manual preview
WLAN6065SD
Brand: SyChip Pages: 24
Ravpower RD-WD009 User Manual preview
RD-WD009
Brand: Ravpower Pages: 27
QNAP Turbo NAS TVS-71 Series Hardware User Manual preview
Turbo NAS TVS-71 Series
Brand: QNAP Pages: 51
Patton electronics ipRocketLink 3086FR Quick Start Manual preview
ipRocketLink 3086FR
Brand: Patton electronics Pages: 12
Belkin F9K1002V1 User Manual preview
F9K1002V1
Brand: Belkin Pages: 42
Patton electronics OnSite 9100 Quick Start Manual preview
OnSite 9100
Brand: Patton electronics Pages: 8
3onedata ICPE2600 Series Quick Installation Manual preview
ICPE2600 Series
Brand: 3onedata Pages: 5
Paradyne FrameSaver DSL 9783 CSU/DSU User Manual preview
FrameSaver DSL 9783 CSU/DSU
Brand: Paradyne Pages: 233
Cambium Networks PMP/PTP 450 Series Quick Start Manual preview
PMP/PTP 450 Series
Brand: Cambium Networks Pages: 155
Cambium Networks PTP 250 User Manual preview
PTP 250
Brand: Cambium Networks Pages: 228

Brands by name

Popular brands

Load more brands