Cisco Catalyst 2900 Series XL Software Manual Download Page 251 | Manualshive

Page: 251 / 368

background image

8-29

Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide

78-6511-08

Chapter 8 Configuring VLANs

How VLAN Trunks Work

Disabling a Trunk Port

You can disable trunking on a port by returning it to its default static-access mode.

Beginning in privileged EXEC mode, follow these steps to disable trunking on a port:

Defining the Allowed VLANs on a Trunk

By default, a trunk port sends to and receives traffic from all VLANs in the VLAN database. All VLANs,
1 to 1005, are allowed on each trunk. However, you can remove VLANs from the allowed list,
preventing traffic from those VLANs from passing over the trunk. To restrict the traffic a trunk carries,
use the remove vlan-list parameter to remove specific VLANs from the allowed list.

A trunk port can become a member of a VLAN if the VLAN is enabled, if VTP knows of the VLAN,
and if the VLAN is in the allowed list for the port. When VTP detects a newly enabled VLAN and the
VLAN is in the allowed list for a trunk port, the trunk port automatically becomes a member of the
enabled VLAN. When VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk
port, the trunk port does not become a member of the new VLAN.

Beginning in privileged EXEC mode, follow these steps to modify the allowed list of a ISL or 802.1Q
trunk:

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

interface interface_id

Enter the interface configuration mode and the port to be added to the
VLAN.

Step 3

no switchport mode

Return the port to its default static-access mode.

Step 4

end

Return to privileged EXEC.

Step 5

show interface interface-id
switchport

Verify your entries.

In the display, check the Negotiation of Trunking field.

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

interface interface_id

Enter interface configuration mode and the port to be added to the VLAN.

Step 3

switchport mode trunk

Configure VLAN membership mode for trunks.

Step 4

switchport trunk allowed vlan
remove vlan-list

Define the VLANs that are not allowed to send and receive on the port.

The vlan-list parameter is a range of VLAN IDs Separate nonconsecutive
VLAN IDs with a comma and no spaces; use a hyphen to designate a range
of IDs. Valid IDs are from 2 to 1001.

Step 5

end

Return to privileged EXEC.

Step 6

show interface interface-id
switchport allowed-vlan

Verify your entries.

Step 7

copy running-config startup-config

Save the configuration.

«
...
249
250
251
252
253
...
»

Summary of Contents for Catalyst 2900 Series XL

Page 1: ...134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 526 4100 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide Cisco IOS Releases 12 0 5 WC4 and 12 0 5 WC5 May 2002 Customer Order Number DOC 786511 Text Part Number 78 6511 08 ...

Page 2: ...MITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES CCIP the Cisco Powered Network mark the Cisco Systems Verified logo Cisco Unity Follow Me Browsing FormShare Internet Quotient iQ Breakthrough iQ Expertise iQ FastTrack the iQ Logo iQ Net Readiness Scorecard Netwo...

Page 3: ...l Assistance Center xx Cisco TAC Web Site xxi Cisco TAC Escalation Center xxi C H A P T E R 1 Overview 1 1 Features 1 1 Management Options 1 6 Management Interface Options 1 6 Advantages of Using CMS and Clustering Switches 1 7 Network Configuration Examples 1 8 Design Concepts for Using the Switch 1 8 Small to Medium Sized Network Configuration 1 11 Collapsed Backbone and Switch Cluster Configura...

Page 4: ...ce and Link Labels 2 16 Colors in the Topology View 2 17 Topology Display Options 2 17 Menus and Toolbar 2 18 Menu Bar 2 18 Toolbar 2 23 Front Panel View Popup Menus 2 24 Device Popup Menu 2 24 Port Popup Menu 2 24 Topology View Popup Menus 2 25 Link Popup Menu 2 25 Device Popup Menus 2 26 Interaction Modes 2 28 Guide Mode 2 28 Expert Mode 2 28 Wizards 2 28 Tool Tips 2 29 Online Help 2 29 CMS Wind...

Page 5: ...Command 3 5 Getting Help 3 5 Command Line Error Messages 3 6 Accessing the CLI 3 7 Accessing the CLI from a Browser 3 7 Saving Configuration Changes 3 8 Where to Go Next 3 8 C H A P T E R 4 General Switch Administration 4 1 Initial Switch Configuration 4 2 Switch Software Releases 4 2 Console Port Access 4 3 HTTP Access to CMS 4 3 Telnet Access to the CLI 4 4 SNMP Network Management Platforms 4 5 ...

Page 6: ...ords 5 16 SNMP Community Strings 5 16 TACACS and RADIUS 5 17 Access Modes in CMS 5 17 Management VLAN 5 18 Network Port 5 19 NAT Commands 5 19 LRE Profiles 5 19 Availability of Switch Specific Features in Switch Clusters 5 19 Creating a Switch Cluster 5 19 Enabling a Command Switch 5 20 Adding Member Switches 5 21 Creating a Cluster Standby Group 5 23 Verifying a Switch Cluster 5 25 Using the CLI ...

Page 7: ...Tables 6 15 MAC Addresses and VLANs 6 15 Changing the Address Aging Time 6 16 Removing Dynamic Address Entries 6 16 MAC Address Notification 6 17 Adding Secure Addresses 6 18 Removing Secure Addresses 6 18 Adding Static Addresses 6 19 Removing Static Addresses 6 19 Configuring Static Addresses for EtherChannel Port Groups 6 20 Configuring CGMP 6 20 Enabling the Fast Leave Feature 6 21 Disabling th...

Page 8: ...for a VLAN 6 42 Changing the STP Implementation 6 42 Changing the Switch Priority 6 42 Changing the BPDU Message Interval 6 43 Changing the Hello BPDU Interval 6 43 Changing the Forwarding Delay Time 6 43 STP Port States 6 44 Enabling the Port Fast Feature 6 44 Changing the Path Cost 6 45 Changing the Port Priority 6 45 Configuring STP Root Guard 6 46 Configuring BPDU Guard 6 47 Configuring SNMP 6...

Page 9: ...g the Switch Ports 7 1 Changing the Port Speed and Duplex Mode 7 2 Connecting to Devices That Do Not Autonegotiate 7 2 Half Duplex with Back Pressure 7 2 Full Duplex with Flow Control 7 2 Setting Speed and Duplex Parameters 7 3 Configuring Flow Control on Gigabit Ethernet Ports 7 3 Configuring Flooding Controls 7 4 Enabling Storm Control 7 4 Disabling Storm Control 7 5 Blocking Flooded Traffic on ...

Page 10: ...Considerations for Using LRE Profiles 7 19 CPE Ethernet Links 7 21 Considerations for Connected Cisco 575 LRE CPEs 7 21 Considerations for Connected Cisco 585 LRE CPEs 7 22 Assigning a Public Profile to All LRE Ports 7 22 Assigning a Private Profile to an LRE Port 7 23 C H A P T E R 8 Configuring VLANs 8 1 Overview 8 2 Management VLANs 8 3 Changing the Management VLAN for a New Switch 8 4 Changing...

Page 11: ...e VTP Database 8 23 Adding a VLAN 8 24 Modifying a VLAN 8 24 Deleting a VLAN from the Database 8 25 Assigning Static Access Ports to a VLAN 8 25 How VLAN Trunks Work 8 26 IEEE 802 1Q Configuration Considerations 8 26 Trunks Interacting with Other Features 8 27 Configuring a Trunk Port 8 28 Disabling a Trunk Port 8 29 Defining the Allowed VLANs on a Trunk 8 29 Changing the Pruning Eligible List 8 3...

Page 12: ...guration Conflicts 9 7 Avoiding Autonegotiation Mismatches 9 8 GBIC Security and Identification 9 8 Troubleshooting LRE Port Configuration 9 9 Troubleshooting CMS Sessions 9 11 Determining Why a Switch Is Not Added to a Cluster 9 14 Copying Configuration Files to Troubleshoot Configuration Problems 9 15 Troubleshooting Switch Software Upgrades 9 16 Recovery Procedures 9 18 Recovering from Lost Mem...

Page 13: ... 17 HW_MEMORY Messages A 18 INTERFACE Messages A 19 IP Messages A 19 LRE CPE Messages A 20 LRE_LINK Messages A 21 MAT Messages A 22 MIRROR Messages A 23 MODULES Messages A 24 PERF5_HALT_MSG Message A 25 PM Messages A 25 PMSM Messages A 28 PORT_SECURITY Messages A 29 PRUNING Messages A 29 RAC Message A 33 REGISTORS Messages A 33 RTD Messages A 34 SNMP Messages A 35 SPANTREE Messages A 35 SPANTREE_F...

Page 14: ...Contents xiv Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 ...

Page 15: ...t 2900 XL and Catalyst 3500 XL switches including the Catalyst 2900 LRE XL switches Cisco IOS Release 12 0 5 WC5 is not for the Long Reach Ethernet LRE switches Do not install Release 12 0 5 WC5 on the Catalyst 2900 LRE XL switches Release 12 0 5 WC4 is for the Catalyst 2900 LRE XL switches only Do not install Release 12 0 5 WC4 on non LRE switches This guide provides information about configuring...

Page 16: ...rovides examples of how the switch can be deployed in a network Chapter 2 Getting Started with CMS describes the Cluster Management Suite CMS web based switch management interface Refer to the release notes for the procedures for configuring your web browser and accessing CMS Refer to the online help for field level descriptions of all CMS windows and procedures for using the CMS windows Chapter 3...

Page 17: ... a required choice within an optional element Interactive examples use these conventions Terminal sessions and system displays are in screen font Information you enter is in boldface screen font Nonprinting characters such as passwords or tabs are in angle brackets Cautions notes and tips use these conventions and symbols Caution Means reader be careful In this situation you might do something tha...

Page 18: ...d Catalyst 3500 Series XL Switches is for switches that are not Long Reach Ethernet LRE switches For LRE switches refer to the Release Notes for the Catalyst 2900 LRE XL Switches Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide order number DOC 786511 Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference order number DOC 7812155 Cluster Management Su...

Page 19: ...red Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace http www cisco com cgi bin order order_root pl Registered Cisco com users can order the Documentation CD ROM through the online Subscription Store http www cisco com go subscription Nonregistered Cisco com users can order documentation through a local account representative by calling Cisco co...

Page 20: ...se Register for online skill assessment training and certification programs You can self register on Cisco com to obtain customized information and service To access Cisco com go to the following URL http www cisco com Technical Assistance Center The Cisco TAC is available to all customers who need technical assistance with a Cisco product technology or solution Two types of support are available ...

Page 21: ...o com registered user you can open a case online by using the TAC Case Open tool at the following URL http www cisco com tac caseopen If you have Internet access it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site Cisco TAC Escalation Center The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2 these classifications ...

Page 22: ...xxii Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 Preface Obtaining Technical Assistance ...

Page 23: ... switches Cisco IOS Release 12 0 5 WC5 is not for the Long Reach Ethernet LRE switches Do not install Release 12 0 5 WC5 on the Catalyst 2900 LRE XL switches Release 12 0 5 WC4 is for the Catalyst 2900 LRE XL switches only Do not install Release 12 0 5 WC4 on non LRE switches The Cisco IOS Release 12 0 5 WC5 software supports the hardware listed in the release notes http www cisco com univercd cc ...

Page 24: ...age 1 7 Refer to the release notes http www cisco com univercd cc td doc product lan c2900xl index htm for the CMS and cluster hardware software and browser requirements Performance Autosensing of speed on the 10 100 ports and autonegotiation of duplex mode on all switch ports for optimizing bandwidth IEEE 802 3x flow control on the Gigabit ports operating in full duplex mode Fast EtherChannel and...

Page 25: ...gement access through up to 16 simultaneous Telnet connections for multiple command line interface CLI based sessions over the network In band management access through Simple Network Management Protocol SNMP versions 1 and 2c get and set requests Out of band management access through the switch console port to a directly attached terminal or to a remote terminal through a serial connection and a ...

Page 26: ...write access to management interfaces CMS and CLI for protection against unauthorized configuration changes Multilevel security for a choice of security level notification and resulting actions Static MAC addressing for ensuring security MAC based port security for restricting the use of a switch port to a specific group of source addresses and preventing switch access from unauthorized stations P...

Page 27: ...tal Network ISDN and digital telephone networks Configuration and monitoring of connections between Switch LRE ports and the Ethernet ports on remote LRE customer premises equipment CPE devices such as the Cisco 575 LRE CPE and Cisco 585 LRE CPE CPE Ethernet ports and remote Ethernet devices such as a PC Support for connecting to the Public Switched Telephone Network PSTN through plain old telepho...

Page 28: ...ndalone switch a specific cluster member or an entire switch cluster You can also display network topologies to gather link information and to display switch images to modify switch and port level settings For more information about CMS see Chapter 2 Getting Started with CMS CLI The switch IOS CLI software is enhanced to support desktop switching features You can fully configure and monitor the sw...

Page 29: ... CMS window without needing to remember CLI commands to accomplish specific tasks Apply actions from CMS to multiple ports and multiple switches at the same time to avoid re entering the same commands for each individual port or switch Here are some examples of globally setting and managing multiple ports and switches Port configuration such as speed and duplex settings Port and console port secur...

Page 30: ...d the relative priority of the network applications they use Table 1 2 describes what can cause network performance to degrade and describes how you can configure your network to increase the bandwidth available to your network users Table 1 2 Increasing Network Performance Network Demands Suggested Design Methods Too many users on a single network segment and a growing number of users accessing t...

Page 31: ...high speed access to network resources use Gigabit modules to connect the switches directly to a backbone switch in a star configuration Each switch in this configuration provides users a dedicated 1 Gbps connection to network resources in the backbone Compare this with the switches in a GigaStack configuration where the 1 Gbps connection is shared among the switches Using these Gigabit modules al...

Page 32: ... VLANs and subnets you can connect the Catalyst 2900 XL and Catalyst 3500 XL switches again in a star configuration to two backbone switches If one of the backbone switches fails the second backbone switch preserves connectivity between the switches and network resources Figure 1 1 Example Configurations Catalyst 2900 XL and Catalyst 3500 XL GigaStack cluster 1 Gbps HSRP 54568 Catalyst 3548 XL swi...

Page 33: ...e access to the servers The Catalyst 2900 XL and Catalyst 3500 XL switches in this network are connected through a GigaStack GBIC on each switch to form a 1 Gbps network backbone This GigaStack can also be configured as a switch cluster with primary and secondary command switches for redundant cluster management Workstations are connected directly to the 10 100 switch ports for their own 10 or 100...

Page 34: ...view Network Configuration Examples Figure 1 2 Small to Medium Sized Network Configuration 100 Mbps 200 Mbps full duplex Single workstations Gigabit server 54569 Cisco 2600 router Gigabit server 10 100 Mbps 20 200 Mbps full duplex 1 Gbps 2 Gbps full duplex Catalyst 2900 XL and Catalyst 3500 XL GigaStack cluster ...

Page 35: ...Voice traffic from the Cisco IP Phones are configured on separate VVIDs For any switch port connected to Cisco IP Phones 802 1p Q QoS gives forwarding priority to voice traffic over data traffic Grouping servers in a centralized location provides benefits such as security and easier maintenance The Gigabit connections to a server farm provide the workgroups full access to the network resources suc...

Page 36: ...P IP IP IP Catalyst 3550 12G switch 200 Mbps Fast EtherChannel 400 Mbps full duplex Fast EtherChannel Gigabit servers Cisco CallManager 67974 Cisco 2600 router 1 Gbps 2 Gbps full duplex Cisco IP Phones Cisco IP Phones Workstations running Cisco SoftPhone software Catalyst 2900 XL 1900 and 2820 cluster Catalyst 3524 PWR XL GigaStack cluster Catalyst 2900 XL and 3500 XL GigaStack cluster AC power so...

Page 37: ... Gigabit uplinks to the Catalyst 6500 switch For example you can use switch clusters that have a mix of Catalyst 2900 XL and Catalyst 3500 XL switches The Catalyst 6500 switch provides the workgroups with Gigabit access to core resources Cisco 7000 series router for access to the WAN and the Internet Server farm that includes a call processing server running Cisco CallManager software Cisco CallMa...

Page 38: ...Configuration Catalyst 6500 switch Cisco access gateway Servers Cisco CallManager Cisco 7200 or 7500 router WAN IP telephony network or PSTN IP IP IP IP 54571 Catalyst 3524 PWR XL GigaStack cluster 1 Gbps 2 Gbps full duplex IP IP IP Cisco IP Phones Cisco IP Phones Workstations running Cisco SoftPhone software Catalyst 2900 XL and 3500 XL GigaStack cluster AC power source ...

Page 39: ... line from each room connects to a nonhomologated POTS splitter such as the Cisco LRE 48 POTS Splitter The splitter routes data high frequency and voice low frequency traffic from the telephone line to a Catalyst 2900 LRE XL switch and digital private branch exchange PBX The PBX routes voice traffic to the PSTN If a PBX is not on site a homologated POTS splitter is required to connect directly to ...

Page 40: ...al port security and protected ports to further prevent unwanted broadcasts within the VLANs Figure 1 5 Hotel Network Configuration Cisco 575 LRE CPE PSTN PBX Floor 3 Floor 4 Rooms and users Rooms and users Cisco LRE 48 POTS splitters Cisco 2600 router Servers Catalyst 2900 LRE XL switches Catalyst 2900 XL or Catalyst 3500 XL switch Patch panel 74051 POTS telephones Laptop Cisco 575 LRE CPE Laptop...

Page 41: ... 3500 XL switches providing customers with either Fast Ethernet or Gigabit Ethernet connections to the MAN Catalyst 2900 LRE XL switches can also be used as residential switches for customers requiring connectivity through existing telephone lines The Catalyst 2900 LRE XL switches can then connect to another residential switch through a 10 100 connection All ports on the residential switches are c...

Page 42: ...6 Multidwelling Configuration Si 54572 Service Provider POP Mini POP Gigabit MAN Residential location Catalyst 6500 multilayer switches Catalyst 2900 XL and Catalyst 3500 XL switches including Catalyst 2900 LRE XL switches Catalyst 6500 switches Cisco 12000 Gigabit switch routers Si Si Si Si Si Si Si Residential gateway hub Set top box TV PC Set top box TV ...

Page 43: ...tiplex the different CWDM wavelengths allowing them to travel simultaneously on the same fiber optic cable The CWDM OADM modules on the receiving end separate or demultiplex the different wavelengths Using CWDM technology with the switches translates to farther data transmission and an increased bandwidth capacity up to 8 Gbps on a single fiber optic cable For more information about the CWDM GBIC ...

Page 44: ...1 22 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 Chapter 1 Overview Where to Go To Next ...

Page 45: ... 30 Accessing CMS page 2 32 Verifying Your Changes page 2 34 Saving Your Changes page 2 34 Using Different Versions of CMS page 2 35 Where to Go Next page 2 35 Note For system requirements and for browser and Java plug in configuration procedures refer to the release notes http www cisco com univercd cc td doc product lan c2900xl index htm For procedures for using CMS refer to the online help Note...

Page 46: ...nt switch clusters cluster members cluster candidates neighboring devices that are not eligible to join a cluster and link types From this view you can select multiple switches and configure them to run with the same settings You can also display link information in the form of link reports and link graphs This view is available only when CMS is launched from a command switch Menus and toolbar to ...

Page 47: ... settings Consistent set of GUI components such as tabs buttons drop down lists tables and so on for a consistent approach to setting configuration parameters Figure 2 1 CMS Features Menu bar Toolbar Move the cursor over the icon to display the tool tip For example the button displays the legend of icons and color codes Click Guide or Expert interaction mode to change how some configuration option...

Page 48: ...ront Panel View from a Standalone Switch Cluster tree Right click a member switch image to display the device pop up menu and select an option to view or change system related settings Right click the command switch image to display the cluster pop up menu and select a cluster related option cluster1 65718 10 1 1 2 3500XL 12 Right click a port to display the port pop up menu and select an option t...

Page 49: ... the cluster tree icon or the corresponding front panel image The front panel image is then highlighted with a yellow outline To select multiple front panel images press the Ctrl key and left click the cluster tree icons or the front panel images To deselect an icon or image press the Ctrl key and left click the icon or image If the cluster has many switches you might need to scroll down the windo...

Page 50: ...on on page 2 33 Figure 2 5 shows the port icons as they appear in the front panel images To select a port click the port on the front panel image The port is then highlighted with a yellow outline To select multiple ports you can Press the left mouse button drag the pointer over the group of ports that you want to select and then release the mouse button Press the Ctrl key and click the ports that...

Page 51: ...itch in the stack Amber RPS is connected but not functioning The RPS could be in standby mode To put the RPS in Active mode press the Standby Active button on the RPS and the LED should turn green If it does not one of these conditions could exist One of the RPS power supplies could be down Contact Cisco Systems The RPS fan could have failed Contact Cisco Systems Blinking amber Internal power supp...

Page 52: ...omer premises equipment CPE device Default mode on all Catalyst 2900 XL and Catalyst 3500 XL switches except the Catalyst 2900 LRE XL switches LRE Catalyst 2900 LRE XL only Long Reach Ethernet LRE link status of the LRE ports on the Catalyst 2900 LRE XL switches Default mode on these switches only Note When the LRE mode is active the 10 100 switch ports on the Catalyst 2900 LRE XL continue to show...

Page 53: ...lation or was blocked by Spanning Tree Protocol STP Note After a port is reconfigured the port LED can remain amber for up to 30 seconds as STP checks the switch for possible loops Brown No link and port is administratively shut down FDUP Cyan off Port is operating in half duplex mode Green Port is operating in full duplex mode SPD 10 100 Ports Cyan off Port is operating at 10 Mbps Green Port is o...

Page 54: ... as excessive collisions CRC errors and alignment and jabber errors are monitored for a link fault indication CPE Ethernet port is not forwarding Port was disabled by management by an address violation or was blocked by STP Note After a port is reconfigured the port LED can remain amber for up to 30 seconds as STP checks the switch for possible loops Brown No link and the CPE Ethernet port is admi...

Page 55: ... After a port is reconfigured the port LED can remain amber for up to 30 seconds as STP checks the switch for possible loops Brown No link and port is administratively shut down DUPLEX Cyan off Port is operating in half duplex mode Green Port is operating in full duplex mode SPEED 10 100 Ports Cyan off Port is operating at 10 Mbps Green Port is operating at 100 Mbps 1000BASE X Ports Cyan off Port ...

Page 56: ...N VLAN Configure VLANs The colors show the VLAN membership mode of each port The VLAN membership mode determines the kind of traffic the port carries and the number of VLANs it can belong to For more information about these modes see the Assigning VLAN Port Membership Modes section on page 8 5 Note This feature is not supported on the Catalyst 1900 and Catalyst 2820 switches Table 2 10 VLAN Member...

Page 57: ...right click a command switch icon and select Collapse Cluster the cluster is collapsed and represented by a single icon The view shows how the cluster is connected to other clusters candidate switches and devices that are not eligible to join the cluster such as routers access points IP phones and so on Figure 2 7 Note The Topology view displays only the switch cluster and network neighborhood of ...

Page 58: ...and Cluster View Figure 2 7 Collapse Cluster View Right click a link icon to display a link popup menu Cluster members of cluster1 and other devices connected to cluster1 65722 Right click a device icon to display a device popup menu Devices connected to cluster1 that are not eligible to join the cluster Neighboring cluster connected to cluster1 65723 cluster1 ...

Page 59: ...ird party devices Note Candidate switches are distinguished by the color of their device label Device labels and their colors are described in the Colors in the Topology View section on page 2 17 Note The System Switch Processor SSP card in the Cisco Integrated Communications System ICS 7750 appears as a Layer 2 switch SSP cards are not eligible to join switch clusters Tip Neighboring devices are ...

Page 60: ...ce and link information by using these labels Cluster and switch names Switch MAC and IP addresses Link type between the devices Link speed and IDs of the interfaces on both ends of the link When using these labels keep these considerations in mind The IP address displays only in the labels for the command switch and member switches The label of a neighboring cluster icon only displays the IP addr...

Page 61: ...layed with the device and link icons Table 2 11 Device Icon Colors Icon Color Color Meaning Green The device is operating Yellow1 1 Available only on the cluster members The internal fan of the switch is not operating or the switch is receiving power from an RPS Red1 The device is not operating Table 2 12 Single Link Icon Colors Link Color Color Meaning Green Active link Red Down or blocked link T...

Page 62: ...ect CMS see the Access Modes in CMS section on page 2 33 The option for enabling a command switch is only available from a CMS session launched from a command capable switch Cluster management tasks such as upgrading the software of groups of switches are available only from a CMS session launched from a command switch If you launch CMS from a specific switch the menu bar displays the features sup...

Page 63: ...ll standby command switches must be Catalyst 2950 switches running Release 12 1 6 EA2 or later When the command switch is running Release 12 0 5 WC2 or earlier the standby command switches can be these switches Catalyst 2900 XL Catalyst 2950 and Catalyst 3500 XL switches We strongly recommend that the command switch and standby command switches are of the same switch platform If you have a Catalys...

Page 64: ...the device Address Resolution Protocol ARP table and configure the ARP cache timeout setting Save Configuration1 Save the configuration for the cluster or switch to Flash memory Software Upgrade1 Upgrade the software for the cluster or a switch System Reload1 Reboot the switch with the latest installed software Cluster Cluster Manager3 Launch a CMS session from the command switch Create Cluster1 4...

Page 65: ...onfigure a port to use a voice VLAN for voice traffic separating it from the VLANs for data traffic Reports Inventory Display the device type software version IP address and other information about a switch Port Statistics Display port statistics Bandwidth Graphs Display graphs that plot the total bandwidth in use by the switch Link Graphs Display a graph showing the bandwidth being used for the s...

Page 66: ...n Help Overview Obtain an overview of the CMS interface What s New Obtain a description of the new CMS features Help For Active Window Display the help for the active open window This is the same as clicking Help from the active window Contents List all of the available online help topics Legend Display the legend that describes the icons labels and links About Display the CMS version number 1 Not...

Page 67: ... and read write access modes see the Access Modes in CMS section on page 2 33 Ctrl S Save the configuration for the cluster or switch to Flash memory Software Upgrade2 Ctrl U Upgrade the software for the cluster or a switch Port Settings1 Display and configure port parameters on a switch VLAN1 Display VLAN membership assign ports to VLANs and configure ISL and 802 1Q trunks Inventory Display the d...

Page 68: ... 2 Available only from the command switch 3 Available only from a cluster management session 4 Not available in read only mode For more information about the read only and read write access modes see the Access Modes in CMS section on page 2 33 Delete a cluster Remove from Cluster3 4 Remove a member from the cluster Bandwidth Graphs Display graphs that plot the total bandwidth in use Host Name4 Ch...

Page 69: ...0 switches Devices that are not eligible to join the cluster If multiple links are configured between two devices when you click the link icon and right click the Multilink Content window appears Figure 2 10 Click the link icon in this window and right click to display the link popup menu specific for that link Figure 2 10 Multilink Decomposer Window Table 2 19 Link Popup Menu Popup Menu Option Ta...

Page 70: ...device popup menu click an icon and right click Table 2 20 Device Popup Menu of a Cluster Icon Popup Menu Option Task Expand cluster View a cluster specific topology view Properties Display information about the device and port on either end of the link and the state of the link Table 2 21 Device Popup Menu of a Command Switch Icon Popup Menu Option Task Collapse cluster View the neighborhood outs...

Page 71: ...er member switch but not from the command switch Table 2 24 Device Popup Menu of a Candidate Switch Icon When the Candidate Switch Does Not Have an IP Address Popup Menu Option Task Add to Cluster1 1 Not available in read only mode For more information about the read only and read write access modes see the Access Modes in CMS section on page 2 33 Add a candidate to a cluster Properties Display in...

Page 72: ...last step Clicking Cancel at any time closes and ends the configuration task without applying any changes If Expert Mode is selected and you want to use guide mode you must click Guide Mode before selecting an option from the menu bar tool bar or popup menu If you change the interaction mode after selecting a configuration option the mode change does not take effect until you select another config...

Page 73: ...ng tasks from the CMS windows Figure 2 11 Feature help available from the menu bar by selecting Help Contents provides background information and concepts on the features Dialog specific help available from Help on the CMS windows provides procedures for performing tasks Index of help topics Glossary of terms used in the online help You can send us feedback about the information provided in the on...

Page 74: ...e VLAN window does not include Catalyst 1900 and Catalyst 2820 switches even though they are part of the cluster Similarly the Host Name list on the LRE Profiles window only lists the LRE switches in the cluster Click a tab to display more information Click a row to select it Press Shift and left click another row to select contiguous multiple rows Press Ctrl and left click rows to select non cont...

Page 75: ...e column Icons Used in Windows Some window have icons for sorting information in tables for showing which cells in a table are editable and for displaying further information from Cisco com Figure 2 13 Figure 2 13 Window Icons Buttons These are the most common buttons that you use to change the information in a CMS window OK Save any changes and close the window If you made no changes the window c...

Page 76: ...and the CLI exit your browser to end the browser session Note If you have configured the Terminal Access Controller Access Control System Plus TACACS or Remote Authentication Dial In User Service RADIUS feature on the switch you can still access the switch through CMS For information about how inconsistent authentication configurations in switch clusters can affect access through CMS see the TACAC...

Page 77: ...e access Therefore you do not need to include the privilege level if it is 15 Entering zero denies access to CMS For more information about privilege levels see the Assigning Passwords and Privilege Levels section on page 6 11 Note If your cluster has these member switches running earlier software releases and if you have read only access to these member switches some configuration windows for tho...

Page 78: ... about the error Saving Your Changes Note The Save Configuration option is not available if your switch access level is read only For more information about the read only access mode see the Access Modes in CMS section on page 2 33 Tip As you make cluster configuration changes except for changes to the Topology view and in the Preferences window make sure that you periodically save the configurati...

Page 79: ...lar but are not the same as this release For example the Topology view in this release is not the same as the Topology view or Cluster View in those earlier software releases CMS on the Catalyst 1900 and Catalyst 2820 switches is referred to as Switch Manager Cluster management options are not available on these switches This is the earliest version of CMS Refer to the documentation specific to th...

Page 80: ...2 36 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 Chapter 2 Getting Started with CMS Where to Go Next ...

Page 81: ...ne Error Messages page 3 6 Accessing the CLI page 3 7 Saving Configuration Changes page 3 8 Where to Go Next page 3 8 This switch software release is based on Cisco IOS Release 12 0 It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches This chapter provides procedures for using only the commands that have been created or changed for these switches...

Page 82: ... called user EXEC mode Only a limited subset of the commands are available in user EXEC mode For example most of the user EXEC commands are one time commands such as show commands which show the current configuration status and clear commands which clear counters or interfaces The user EXEC commands are not saved when the switch reboots To have access to all commands you must enter privileged EXEC...

Page 83: ...vileged EXEC mode The password does not appear on the screen and is case sensitive Global configuration Enter the configure command while in privileged EXEC mode switch config To exit to privileged EXEC mode enter exit or end or press Ctrl Z Use this mode to configure parameters that apply to your switch as a whole VLAN database Enter the vlan database command while in privileged EXEC mode switch ...

Page 84: ...al configuration mode This example shows what the interface command displays on a Catalyst 2900 LRE XL switch lreswitch config interface FastEthernet FastEthernet IEEE 802 3 LongReachEthernet Ethernet over VDSL Multilink Multilink group interface Port channel Ethernet Channel of interfaces VLAN Switch VLAN Virtual Interface Virtual TokenRing Virtual TokenRing Note The multilink port channel and vi...

Page 85: ...les set to certain default values In these cases the default command enables the command and sets variables to their default values Redisplaying a Command To redisplay a command you previously entered press the up arrow key You can continue to press the up arrow key for more commands Getting Help Entering a question mark at the system prompt displays a list of commands for each command mode When u...

Page 86: ...command List the associated keywords for a command For example Switch show command keyword List the associated arguments for a keyword For example Switch config cdp holdtime 10 255 Length of time in sec that receiver must keep this packet Table 3 3 Common CLI Error Messages Error Message Meaning How to Get Help Ambiguous command show con You did not enter enough characters for your switch to recog...

Page 87: ...ion or dial up modem For information about connecting to the console port refer to the switch hardware installation guide Using any Telnet TCP IP package from a remote management station The switch must have network connectivity with the Telnet client and the switch must have an enable secret password configured For information about configuring the switch for Telnet access see the SNMP Network Ma...

Page 88: ...er the change becomes part of the running configuration The change does not automatically become part of the config txt file in Flash memory which is the startup configuration used each time the switch restarts If you do not save your changes to Flash memory they are lost when the switch restarts To save all configuration changes to Flash memory you must enter the write memory command in privilege...

Page 89: ...itch refer to the release notes http www cisco com univercd cc td doc product lan c2900xl index htm for the latest information about Software and hardware requirements and compatibility Browser and Java plug in configurations Setup program Switch upgrades This switch software release is based on Cisco IOS Release 12 0 It has been enhanced to support a set of features for the Catalyst 2900 XL and C...

Page 90: ...u have assigned IP information to the switch you can run the switch on its default settings Table 4 2 or configure any settings to meet your network requirements For more information about IP information see the Changing IP Information section on page 6 2 For more information about passwords see the Accessing CMS section on page 2 32 and Assigning Passwords and Privilege Levels section on page 6 1...

Page 91: ...settings to Flash memory For information about saving changes from CMS see the Saving Your Changes section on page 2 34 For information about saving changes from the CLI see the Saving Configuration Changes section on page 3 8 HTTP Access to CMS CMS uses Hypertext Transfer Protocol HTTP which is an in band form of communication with the switch through any one of its Ethernet ports and that allows ...

Page 92: ... default data characteristics of the switch console port are 9600 8 1 no parity When the command line appears go to Step 2 Step 2 enable Enter privileged EXEC mode Step 3 config terminal Enter global configuration mode Step 4 line vty 0 15 Enter the interface configuration mode for the Telnet interface There are 16 possible sessions on a command capable switch The 0 and 15 mean that you are config...

Page 93: ... 4 6 For more information about SNMP see the Configuring SNMP section on page 6 48 In a cluster configuration the command switch manages communication between the SNMP management station and all switches in the cluster For information about managing cluster switches through SNMP see the Using SNMP to Manage Switch Clusters section on page 5 27 When configuring your switch by using SNMP note that c...

Page 94: ...of certain events to the SNMP manager which receives and processes the traps Traps are messages alerting the SNMP manager to a condition on the network such as improper user authentication restarts link status up or down and so forth In addition the SNMP agent responds to MIB related queries sent by the SNMP manager in get request get next request and set request format The SNMP manager uses infor...

Page 95: ...d For the cluster commands refer to the switch command reference Device Manager not within a cluster session from a command capable switch Cluster Create Cluster Creating a cluster1 None Creating a Switch Cluster section on page 5 19 No CLI procedure provided For the cluster commands refer to the switch command reference Device Manager not within a cluster session from a command capable switch Clu...

Page 96: ...overy Protocol CDP Enabled Configuring CDP section on page 6 13 Documentation set for Cisco IOS Release 12 0 on Cisco com Cluster Hop Count Address Resolution Protocol ARP Enabled Managing the ARP Table section on page 6 32 Documentation set for Cisco IOS Release 12 0 on Cisco com Administration ARP System Time Management None Setting the System Date and Time section on page 6 12 Documentation set...

Page 97: ... port Duplex mode Changing the Port Speed and Duplex Mode section on page 7 2 Port Port Settings Auto on the 10 100 100BASE FX and Gigabit ports Half duplex on the CPE Ethernet ports Note This option is configurable on the Cisco 575 LRE CPE It is not configurable on the Cisco 585 LRE CPE Speed on switch 10 100 and CPE Ethernet ports Auto Changing the Port Speed and Duplex Mode section on page 7 2 ...

Page 98: ...y Command Switches Spanning Tree Protocol Enabled Configuring STP section on page 6 33 Device STP Unidirectional link detection UDLD Disabled Configuring UniDirectional Link Detection section on page 7 7 UDLD error detection Enabled Configuring UniDirectional Link Detection section on page 7 7 UDLD error recovery Disabled Configuring UniDirectional Link Detection section on page 7 7 Port grouping ...

Page 99: ...r Cisco IOS Release 12 0 on Cisco com Administration SNMP Port security Disabled Enabling Port Security section on page 7 10 Port Port Security Protected port Disabled Configuring Protected Ports section on page 7 9 Port Protected Port Port security aging Disabled Configuring Port Security Aging section on page 7 11 Bridge Protocol Data Unit BPDU Guard Disabled Configuring BPDU Guard section on pa...

Page 100: ...4 12 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 Chapter 4 General Switch Administration Default Settings ...

Page 101: ...usters and the clustering options For complete procedures on using CMS to configure switch clusters refer to the online help For the CLI cluster commands refer to the switch command reference Refer to the release notes http www cisco com univercd cc td doc product lan c2900xl index htm for the list of Catalyst switches eligible for switch clustering including which ones can be command switches and...

Page 102: ...embers are connected to the command switch according to the connectivity guidelines described in the Automatic Discovery of Cluster Candidates and Members section on page 5 5 Command switch redundancy if a command switch fails One or more switches can be designated as standby command switches to avoid loss of contact with cluster members A cluster standby group is a group of standby command switch...

Page 103: ...nd switch If your switch cluster has Catalyst 2900 XL Catalyst 2950 and Catalyst 3500 XL switches the Catalyst 2950 should be the command switch If your switch cluster has Catalyst 1900 Catalyst 2820 Catalyst 2900 XL and Catalyst 3500 XL switches either the Catalyst 2900 XL or Catalyst 3500 XL should be the command switch Standby Command Switch Characteristics A Catalyst 2900 XL or Catalyst 3500 X...

Page 104: ...have a Catalyst 2950 command switch the standby command switches should be Catalyst 2950 switches If you have a Catalyst 2900 XL or Catalyst 3500 XL command switch the standby command switches should be Catalyst 2900 XL and Catalyst 3500 XL switches Candidate Switch and Member Switch Characteristics Candidate switches are cluster capable switches that have not yet been added to a cluster Member sw...

Page 105: ...l index htm for the list of Catalyst switches eligible for switch clustering including which ones can be command switches and which ones can only be member switches and for the required software versions and browser and Java plug in configurations Automatic Discovery of Cluster Candidates and Members The command switch uses Cisco Discovery Protocol CDP to discover member switches candidate switche...

Page 106: ...searches for candidate and member switches by selecting Cluster Hop Count When new candidate switches are added to the network the command switch discovers them and adds them to the list of candidate switches In Figure 5 1 the command switch has ports assigned to management VLAN 16 The CDP hop count is three The command switch discovers switches 11 12 13 and 14 because they are within three hops f...

Page 107: ...r enabled device connected beyond the noncluster capable Cisco device Figure 5 2 shows that the command switch discovers the Catalyst 3500 XL switch which is connected to a third party hub However the command switch does not discover the Catalyst 2950 switch that is connected to a Catalyst 5000 switch Refer to the release notes http www cisco com univercd cc td doc product lan c2900xl index htm fo...

Page 108: ...rent management VLANs See the Discovery through Different Management VLANs section on page 5 9 The command switch in Figure 5 3 has ports assigned to management VLAN 9 It discovers all but these switches Switches 7 and 10 because their management VLAN VLAN 4 is different from the command switch management VLAN VLAN 9 Switch 9 because automatic discovery does not extend beyond a noncandidate device...

Page 109: ...t VLAN on these switches see the Discovery through the Same Management VLAN section on page 5 8 The Catalyst 2950 command switch running Release 12 1 9 EA1 or later in Figure 5 4 and the Catalyst 3550 command switch in Figure 5 5 have ports assigned to VLANs 9 16 and 62 The management VLAN on the Catalyst 2950 command switch is VLAN 9 Each command switch discovers the switches in the different man...

Page 110: ...yst 1900 Catalyst 2820 Catalyst 2900 XL Catalyst 2950 and Catalyst 3500 XL switches VLAN 62 VLAN trunk 4 62 VLAN 62 VLAN 16 VLAN 9 VLAN 16 VLAN 9 Catalyst 3550 standby command switch Catalyst 3550 command switch VLAN 9 Switch 7 management VLAN 4 Switch 9 management VLAN 62 VLAN 4 54983 Switch 3 management VLAN 16 Switch 4 management VLAN 16 Switch 10 management VLAN 4 Switch 8 management VLAN 9 Sw...

Page 111: ...ins a cluster its default management VLAN changes to the VLAN of the immediately upstream neighbor The new switch also configures its access port to belong to the VLAN of the immediately upstream neighbor The command switch in Figure 5 6 belongs to management VLAN 16 When the new Catalyst 2900 LRE XL and Catalyst 2950 switches join the cluster their management VLAN and access ports change from VLA...

Page 112: ...up Disabling HSRP disables the cluster standby group The switches in the cluster standby group are ranked according to HSRP priorities The switch with the highest priority in the group is the active command switch AC The switch with the next highest priority is the standby command switch SC The other switches in the cluster standby group are the passive command switches PC If the active command sw...

Page 113: ...standby command switch again For more information about IP address in switch clusters see the IP Addresses section on page 5 15 Other Considerations for Cluster Standby Groups These requirements also apply Standby command switches must meet these requirements When the command switch is a Catalyst 3550 switch all standby command switches must be Catalyst 3550 switches When the command switch is a C...

Page 114: ...r through the management VLAN Catalyst 1900 Catalyst 2820 Catalyst 2900 XL Catalyst 2950 and Catalyst 3500 XL member switches must be connected to the cluster standby group through their management VLANs For more information about VLANs in switch clusters see these sections Discovery through the Same Management VLAN section on page 5 8 Discovery through Different Management VLANs section on page 5...

Page 115: ... must again add these member switches to the cluster When the previously active command switch resumes its active role it receives a copy of the latest cluster configuration from the active command switch including members that were added while it was down The active command switch sends a copy of the cluster configuration to the cluster standby group IP Addresses You must assign IP information to...

Page 116: ... it when it leaves the cluster If no command switch password is configured the member switch inherits a null password Member switches only inherit the command switch password If you change the member switch password to be different from the command switch password and save the change the switch is not manageable by the command switch until you change the member switch password to match the command...

Page 117: ... 15 are supported Privilege level 15 provides you with read write access to CMS Privilege levels 1 to 14 provide you with read only access to CMS Any options in the CMS windows menu bar toolbar and popup menus that change the switch or cluster configuration are not shown in read only mode Privilege level 0 denies access to CMS For more information about CMS access modes see the Access Modes in CMS...

Page 118: ...In this case you will need to manage the switch as a standalone switch You can globally change the management VLAN for the cluster as long as each member switch has either a trunk connection or a connection to the new command switch management VLAN From the command switch use the cluster management vlan global configuration command to change the cluster management VLAN to a different management VL...

Page 119: ...ch Specific Features in Switch Clusters The menu bar on the command switch displays all options available from the switch cluster Therefore features specific to a member switch are available from the command switch menu bar For example Device LRE Profile appears in the command switch menu bar when at least one Catalyst 2900 LRE XL switch is in the cluster Creating a Switch Cluster Using CMS to cre...

Page 120: ...uld be the command switch If your switch cluster has Catalyst 1900 Catalyst 2820 Catalyst 2900 XL and Catalyst 3500 XL switches either the Catalyst 2900 XL or Catalyst 3500 XL should be the command switch You can enable a command switch name the cluster and assign an IP address and a password to the command switch when you run the setup program during initial switch setup For information about usi...

Page 121: ...are cyan and member switches are green To add more than one candidate switch press Ctrl and left click the candidates that you want to add Instead of using CMS to add members to the cluster you can use the cluster member global configuration command from the command switch Use the password option in this command if the candidate switch has a password You can select 1 or more switches as long as th...

Page 122: ...ogy View to Add Member Switches Enter the password of the candidate switch If no password exists for the switch leave this field blank Select a switch and click Add Press Ctrl and left click to select more than one switch 2900 LRE 24 1 65724 Thin line means a connection to a candidate switch Right click a candidate switch to display the pop up menu and select Add to Cluster to add the switch to th...

Page 123: ...2 0 5 WC2 or earlier the standby command switches can be these switches Catalyst 2900 XL Catalyst 2950 and Catalyst 3500 XL switches These abbreviations are appended to the switch host names in the Standby Command Group list to show their eligibility or status in the cluster standby group AC Active command switch SC Standby command switch PC Member of the cluster standby group but not the standby ...

Page 124: ...g a Switch Cluster Figure 5 11 Standby Command Configuration Window 3550C cisco WS C3550 C 24 HC NMS 3550 12T 149 cisco WS C3550 1 3550 150 cisco WS C3550 12T SC Active command switch Standby command switch Must be a valid IP address in the same subnet as the active command switch Once entered this information cannot be changed 65726 ...

Page 125: ...to display an inventory of the switches in the cluster Figure 5 12 The summary includes information such as switch model numbers serial numbers software versions IP information and location You can also display port and switch statistics from Reports Port Statistics and Port Port Settings Runtime Status Instead of using CMS to verify the cluster you can use the show cluster members user EXEC comma...

Page 126: ...h CLI at the same privilege level as on the command switch The IOS commands then operate as usual For instructions on configuring the switch for a Telnet session see the Telnet Access to the CLI section on page 4 4 Catalyst 1900 and Catalyst 2820 CLI Considerations If your switch cluster has Catalyst 1900 and Catalyst 2820 switches running standard edition software the Telnet session accesses the ...

Page 127: ...switch The command switch uses this community string to control the forwarding of gets sets and get next messages between the SNMP management station and the member switches Note When a cluster standby group is configured the command switch can change without your knowledge Use the first read write and read only community strings to communicate with the command switch if there is a cluster standby...

Page 128: ...5 28 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 Chapter 5 Clustering Switches Using SNMP to Manage Switch Clusters ...

Page 129: ...guring STP page 6 33 Configuring SNMP page 6 48 Configuring TACACS page 6 51 Controlling Switch Access with RADIUS page 6 55 For information about configuring these settings from Cluster Management Suite CMS refer to the online help This switch software release is based on Cisco IOS Release 12 0 It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switche...

Page 130: ...hese topics Manually Assigning and Removing Switch IP Information section on page 6 2 Using DHCP Based Autoconfiguration section on page 6 3 Manually Assigning and Removing Switch IP Information You can manually assign an IP address mask and default gateway to the switch The mask identifies the bits that denote the network number in the IP address When you use the mask to subnet a network the mask...

Page 131: ...orking devices This protocol consists of two components one for delivering configuration parameters from a DHCP server to a device and one for allocating network addresses to devices DHCP is built on a client server model where designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured devices With DHCP based autoconfiguration your switch DHCP...

Page 132: ...HCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client With this message the client and server are bound and the client uses configuration information received from the server The amount of information the switch receives depends on how you configure the DHCP server For more information see the Configuring the DHCP Server secti...

Page 133: ... config global configuration command is specified in the configuration file the switch receives the configuration file through TFTP requests If the service config global configuration command and the IP address are both present in the configuration file DHCP is not used and the switch obtains the default configuration file by broadcasting TFTP requests The DHCP server can be on the same or a diffe...

Page 134: ...names IP has defined the concept of a Domain Name Server DNS which holds a cache or database of names mapped to IP addresses To map domain names to IP addresses you must first identify the host names and then specify a name server and enable the DNS the Internet s global naming scheme that uniquely identifies network devices You can specify a default domain name that the software uses to complete ...

Page 135: ... is a Cisco router you enable IP routing ip routing global configuration command and configure it with helper addresses by using the ip helper address interface configuration command For example in Figure 6 2 you configure the router interfaces as follows On interface 10 0 0 2 router config if ip helper address 20 0 0 2 router config if ip helper address 20 0 0 3 router config if ip helper address...

Page 136: ...so receives a DNS server IP address and a TFTP server name The switch sends a DNS request to the DNS server specifying the TFTP server name to obtain the TFTP server address The switch sends a unicast message to the TFTP server to retrieve the network confg or cisconet cfg default configuration file If the network confg file cannot be read the switch reads the cisconet cfg file The default configu...

Page 137: ...002 Switch 3 00e0 9f1e 2003 DHCP server DNS server TFTP server maritsu 10 0 0 1 10 0 0 10 10 0 0 2 10 0 0 3 Switch 4 00e0 9f1e 2004 Table 6 1 DHCP Server Configuration Switch 1 Switch 2 Switch 3 Switch 4 Binding key hardware address 00e0 9f1e 2001 00e0 9f1e 2002 00e0 9f1e 2003 00e0 9f1e 2004 IP address 10 0 0 21 10 0 0 22 10 0 0 23 10 0 0 24 Subnet mask 255 255 255 0 255 255 255 0 255 255 255 0 25...

Page 138: ...cat network confg ip host switch1 10 0 0 21 ip host switch2 10 0 0 22 ip host switch3 10 0 0 23 ip host switch4 10 0 0 24 DHCP Client Configuration No configuration file is present on Switch 1 through Switch 4 Configuration Explanation In Figure 6 3 Switch 1 reads its configuration file as follows It obtains its IP address 10 0 0 21 from the DHCP server If no configuration filename is given in the...

Page 139: ...CLI so that all your HTTP connections are authenticated through the TACACS server The Telnet password must be an enable secret password CMS provides two levels of access to the configuration options read write access and read only access Privilege levels 0 to 15 are supported Privilege level 15 provides you with read write access to CMS Privilege levels 1 to 14 provide you with read only access to...

Page 140: ...ng the time for an American time zone enter the three letter abbreviation for the time zone such as PST for Pacific standard time If you are identifying the time zone by referring to Greenwich mean time enter UTC universal coordinated time You then must enter a negative or positive number as an offset to indicate the number of time zones between the switch and Greenwich England Enter a negative nu...

Page 141: ...tched by the servers to authenticate it Configuring the Switch for NTP Broadcast Client Mode You can configure the switch to receive NTP broadcast messages if there is an NTP broadcast server such as a router broadcasting time information on the network You can also enter a value to account for any round trip delay between the client and the NTP broadcast server Configuring CDP Use the CLI or CMS ...

Page 142: ...te switches connected to it even if they are running CMS Figure 6 4 Discovering Cluster Candidates through CDP Beginning in privileged EXEC mode follow these steps to configure the number of hops that CDP uses to discover candidate switches and cluster members Catalyst 5000 series CDP device that does not support clustering Undisclosed device displays as edge device Cluster command switch 3 hops f...

Page 143: ...s an example list of addresses as they would appear in the dynamic secure or static address table Table 6 2 shows the maximum number of MAC addresses supported on the Catalyst 2900 XL and Catalyst 3500 XL switches Figure 6 5 Contents of the Address Table MAC Addresses and VLANs All addresses are associated with a VLAN An address can exist in more than one VLAN and have different destinations in ea...

Page 144: ...stablishing connectivity when a workstation is moved to a new port Beginning in privileged EXEC mode follow these steps to configure the dynamic address table aging time Removing Dynamic Address Entries Beginning in privileged EXEC mode follow these steps to remove a dynamic address entry You can remove all dynamic entries by using the clear mac address table dynamic command in privileged EXEC mod...

Page 145: ...ress notification feature use the no mac address table notification global configuration command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 SNMP server enable traps mac notification Enable SNMP notification of MAC address additions and deletions Step 3 mac address table notification Enable the MAC address notification feature Step 4 mac address table notificat...

Page 146: ... unicast address that is forwarded to only one port per VLAN If you enter an address that is already assigned to another port the switch reassigns the secure address to the new port You can enter a secure port address even when the port does not yet belong to a VLAN When the port is later assigned to a VLAN packets destined for that address are forwarded to the port Beginning in privileged EXEC mo...

Page 147: ...If the in port list and out port list parameters are all access ports in a single VLAN you can omit the VLAN ID In this case the switch recognizes the VLAN as that associated with the in port VLAN Otherwise you must supply the VLAN ID Beginning in privileged EXEC mode follow these steps to add a static address Removing Static Addresses Beginning in privileged EXEC mode follow these steps to remove...

Page 148: ...o become part of a CGMP group and issue leave messages to leave the group The membership of these groups is managed by the switch and by connected routers through the further exchange of CGMP messages CGMP groups are maintained on a per VLAN basis a multicast IP address packet can be forwarded to one list of ports in one VLAN and to a different list of ports in another VLAN When a CGMP group is ad...

Page 149: ... connected to the VLAN to delete the entire group The Fast Leave feature functions only if CGMP is enabled The client must be running IGMP version 2 for the Fast Leave feature to function properly Beginning in privileged EXEC mode follow these steps to enable the CGMP Fast Leave feature Disabling the CGMP Fast Leave Feature Beginning in privileged EXEC mode follow these steps to disable the CGMP F...

Page 150: ...time Removing Multicast Groups You can reduce the forwarding of IP multicast packets by removing groups from the Current Multicast Groups table Each entry in the table consists of the VLAN IGMP multicast address and ports You can use the CLI to clear all CGMP groups all CGMP groups in a VLAN or all routers their ports and their expiration times Beginning in privileged EXEC mode follow these steps ...

Page 151: ...rding of IP multicast traffic For example IGMP filtering does not apply if CGMP or MVR is used to allow for the forwarding of IP multicast traffic IGMP filters can be used in the video service deployment in Ethernet to the home ETTH The IGMP filters specify which multicast addresses are allowed to be received by the switch Configuring IGMP Profiles To configure an IGMP profile use the ip igmp prof...

Page 152: ...9 0 Switch config igmp profile end Switch show ip igmp profile 22 IGMP Profile 22 range 229 9 9 0 229 9 9 0 Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 ip igmp profile profile number Enter IGMP profile configuration mode and assign a number to the profile you are configuring The range is from 1 to 4294967294 Step 3 permit deny Optional Set the action to permit ...

Page 153: ...uration Switch config t Switch config interface fastethernet 0 12 Switch config if ip igmp filter 22 Switch config if end Switch show running config interface fastethernet 0 12 Building configuration Current configuration 124 bytes interface FastEthernet0 12 no ip address shutdown snmp trap link status ip igmp filter 22 end Command Purpose Step 1 configure terminal Enter global configuration mode ...

Page 154: ...ce fastethernet 0 12 Switch config if ip igmp max groups 20 Switch config if end Switch show running config interface fastethernet 0 12 Building configuration Current configuration 124 bytes interface FastEthernet0 12 no ip address shutdown snmp trap link status ip igmp max groups 25 ip igmp filter 22 end Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface in...

Page 155: ...e the subscriber as a receiver of the multicast stream This forwarding behavior selectively allows traffic to cross between the two VLANs Because MVR does not support IGMP dynamic joins the user or administrator must configure static multicast addresses on the router Note MVR is supported through the CLI and SNMP Using MVR in a Multicast Television Application In a multicast television application...

Page 156: ...d from the multicast VLAN to the subscriber port in a different VLAN selectively allowing traffic to cross between two VLANs IGMP reports are sent to the same MAC addresses as the multicast data The S1 CPU must capture all IGMP join and leave messages from subscriber ports Because the Catalyst 2900 and Catalyst 3500 hardware cannot distinguish IP multicast data packets from IP multicast packets ca...

Page 157: ... hosts forwarded by the switch to forward multicast traffic to the switch The receiver VLAN is the VLAN to which the first configured receiver port belongs If the first receiver port is a dynamic port with an unassigned VLAN it becomes an inactive receiver port and does not take part in MVR unless it is assigned to the receiver VLAN The receiver VLAN is reset whenever there are no remaining receiv...

Page 158: ...efore removing the port from multicast group membership The value is in units of tenths of a second The default is 5 tenths or one half second Step 3 mvr vlan vlan id Optional Specify the VLAN in which multicast data will be received all source ports must belong to this VLAN The default is VLAN 1 Step 4 interface interface Enter interface configuration mode and enter the type and number of the por...

Page 159: ...usly configured MAC address the command fails Step 4 interface interface Enter interface configuration mode and enter the type and number of the port to configure for example fastethernet 0 1 Step 5 mvr type value Configure the port as either an MVR receiver port or an MVR source port Configure a port as a receiver port if it is a subscriber port and should only receive multicast data It does not ...

Page 160: ...VLAN ID Taking an IP address as input ARP determines the associated MAC address Once a MAC address is determined the IP MAC address association is stored in an ARP cache for rapid retrieval Then the IP datagram is encapsulated in a link layer frame and sent over the network Encapsulation of IP datagrams and ARP requests and replies on IEEE 802 networks other than Ethernet is specified by the Subne...

Page 161: ...e with STP disabled You can disable STP on one of the VLANs where it is running and then enable it on the VLAN where you want it to run Use the no spanning tree vlan vlan id global configuration command to disable STP on a specific VLAN and use the spanning tree vlan vlan id global configuration command to enable STP on the desired VLAN For more information about VLANs see Chapter 8 Configuring VL...

Page 162: ...excessive traffic and indefinite packet duplication can severely reduce network performance Beginning in privileged EXEC mode follow these steps to disable STP Accelerating Aging to Retain Connectivity The default for aging dynamic addresses is 5 minutes However a reconfiguration of the spanning tree can cause many station locations to change Because these stations could be unreachable for 5 minut...

Page 163: ...that are acceptable for these configurations Figure 6 7 Gigabit Ethernet Clusters Enabling UplinkFast on all cluster switches can further reduce the time it takes cluster switches to begin forwarding after a new root switch is selected Table 6 3 Default and Acceptable STP Parameter Settings in Seconds STP Parameter STP Default IEEE Acceptable for Option 1 Acceptable for Option 2 Acceptable for Opt...

Page 164: ...res itself The root port transitions to the forwarding state immediately without going through the listening and learning states as it would with normal STP procedures When STP reconfigures the new root port other ports flood the network with multicast packets one for each address that was learned on the port You can limit these bursts of multicast traffic by reducing the max update rate parameter...

Page 165: ...econds For more information see the Events that Cause Fast Convergence section on page 6 39 How CSUF Works CSUF ensures that one link in the stack is elected as the path to the root As shown in Figure 6 9 Switches A B and C are cascaded through the Gigastack GBIC to form a multidrop backbone which communicates control and data traffic across the switches at the access layer The switches in the sta...

Page 166: ...his STP instance by comparing STP root cost and bridge ID If the sending switch is the best choice as the stack root the switch in the stack returns an acknowledgement otherwise it does not respond to the sending switch drops the packet and prevents the sending switch from receiving acknowledgements from all stack switches When acknowledgements are received from all stack switches the Fast Uplink ...

Page 167: ...s Normal STP convergence 30 to 40 seconds occurs under these conditions The stack root switch is powered down or the software failed The stack root switch which was powered down or failed is powered up A new switch which might become the stack root is added to the stack A switch other than the stack root is powered down or failed A link fails between stack ports on the multidrop backbone Note The ...

Page 168: ...t 2924M XL Catalyst 3508G XL 1 1X 2X 11X 12X 13X 14X 15X 16X 2 3 4 5 6 7 8 9 10 11 12 1 1X 2X 11X 12X 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 SPEED SYSTEM RPS STATUS MODE UTIL DUPLX 2 Catalyst 3500 XL 1 SPEED SYSTEM RPS STATUS MODE UTIL DUPLX Catalyst 3500 XL 7 8 3 5 6 4 2 1 SPEED SYSTEM RPS STATUS MODE UTIL DUPLX 2 Catalyst 3500 XL 1 MODE 1x 2x 3x 4x 5x 6x 7x 8x 9x 10x 11x 12...

Page 169: ...nal For max update rate pkts per second specify the number of packets per second at which update packets are sent The range is 0 to 65535 the default is 150 packets per second Step 1 interface interface id Enter interface configuration mode and specify the GBIC interface on which to enable CSUF Step 2 spanning tree stack port Enable CSUF on only one stack port GBIC interface The stack port connect...

Page 170: ...TP configuration messages before attempting a reconfiguration This parameter takes effect when a switch is operating as the root switch Switches not acting as the root use the root switch Max age parameter Hello Time Number of seconds 1 to 10 between the transmission of hello messages which mean that the switch is active Switches not acting as a root switch use the root switch Hello time value For...

Page 171: ...ves from the root switch The maximum age is the number of seconds a switch waits without receiving STP configuration messages before attempting a reconfiguration Enter a number from 6 to 200 Step 3 end Return to privileged EXEC mode Step 4 show spanning tree Verify your entry Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 spanning tree vlan stp list hello time sec...

Page 172: ...t enabled only goes through the normal cycle of STP status changes when the switch is restarted Caution Enabling this feature on a port connected to a switch or hub could prevent STP from detecting and disabling loops in your network and this could cause broadcast storms and address learning problems You can modify these Port Fast parameters Port Fast Enable to bring the port more quickly to an ST...

Page 173: ...al configuration mode Step 2 interface interface Enter interface configuration mode and enter the port to be configured Step 3 spanning tree vlan stp list cost cost Configure the path cost for the specified spanning tree instance Enter a number from 1 to 65535 Step 4 end Return to privileged EXEC mode Step 5 show running config Verify your entry Command Purpose Step 1 configure terminal Enter glob...

Page 174: ...s a new root switch The customer switch does not become the root switch and is not in the path to the root Caution Misuse of this feature can cause a loss of connectivity Figure 6 11 STP in a Service Provider Network Root guard enabled on a port applies to all the VLANs that the port belongs to Each VLAN has its own instance of STP Beginning in privileged EXEC mode follow these steps to set root g...

Page 175: ...uard feature works on Port Fast enabled interfaces Configure Port Fast only on interfaces that connect to end stations otherwise an accidental topology loop could cause a data packet loop and disrupt switch and network operation Beginning in privileged EXEC mode follow these steps to enable the BPDU guard feature on the switch Use the no spanning tree portfast bpduguard global configuration comman...

Page 176: ...address access control list and password SNMPv2C includes a bulk retrieval mechanism and more detailed error message reporting to management stations The bulk retrieval mechanism retrieves tables and large quantities of information minimizing the number of round trips required The SNMPv2C improved error handling includes expanded error codes that distinguish different kinds of error conditions the...

Page 177: ... By default no trap manager is defined and no traps are issued Table 6 4 describes SNMP traps that you can configure on the Catalyst 2900 XL and Catalyst 3500 XL You can enable any or all of these traps and configure a trap manager on these switches to receive them Table 6 4 Catalyst 2900 XL and Catalyst 3500 XL SNMP Traps c2900 C3500 Generate the switch specific traps These traps are in the priva...

Page 178: ...hreshold is exceeded Authentication Generates a trap when an SNMP request is not accompanied by a valid community string BSC Generates a trap when the broadcast threshold is exceeded Link up down Generates a link down trap when a port is suspended or disabled for any of these reasons Secure address violation address mismatch or duplication Network connection error loss of linkbeat or jabber error ...

Page 179: ...the server exchange messages to authenticate each user before allowing access to the management console TACACS consists of three services authentication authorization and accounting Authentication determines who the user is and whether or not the user is allowed access to the switch Authorization is the action of determining what the user is allowed to do on the system Accounting is the action of ...

Page 180: ... server waits for a TACACS server host to reply The default is 5 seconds Step 4 tacacs server attempts count Set the number of login attempts that can be made on the line Step 5 tacacs server key key Define a set of encryption keys for all of TACACS and communication between the access server and the TACACS daemon Repeat the command for each encryption key Step 6 exit Return to privileged EXEC mod...

Page 181: ...ation succeed even if all methods return an error specify none as the final method in the command line Specifying TACACS Authorization for EXEC Access and Network Services You can use the aaa authorization global configuration command with the tacacs keyword to set parameters that restrict a user s network access to Cisco IOS privilege mode EXEC access and to network services such as Serial Line I...

Page 182: ...onfigure terminal Enter global configuration mode Step 2 aaa accounting exec start stop tacacs Enable TACACS accounting to send a start record accounting notice at the beginning of an EXEC process and a stop record at the end Step 3 aaa accounting network start stop tacacs Enable TACACS accounting for all network related service requests including SLIP PPP and PPP NCPs Step 4 exit Return to privil...

Page 183: ...nd switches and send authentication requests to a central RADIUS server which contains all user authentication and network service access information The RADIUS host is normally a multiuser system running RADIUS server software from Cisco Cisco Secure Access Control Server version 3 0 Livingston Merit Microsoft or another software provider For more information refer to the RADIUS server documentat...

Page 184: ...s Interface NASI or X 25 PAD connections Switch to switch or router to router situations RADIUS does not provide two way authentication RADIUS can be used to authenticate access from one device to a non Cisco device if the non Cisco device requires authentication Networks using a variety of services RADIUS generally binds a user to one service model RADIUS Operation When a user attempts to log in ...

Page 185: ...me lookup thus ensuring a backup system if the initial method fails The software uses the first method listed to authenticate to authorize or to keep accounts on users If that method does not respond the software selects the next method in the list This process continues until there is successful communication with a listed method or the method list is exhausted You should have access to and shoul...

Page 186: ...r accounting services The RADIUS host entries are tried in the order that they are configured A RADIUS server and the switch use a shared secret text string to encrypt passwords and exchange responses To configure RADIUS to use the AAA security commands you must specify the host running the RADIUS server daemon and a secret text key string that it shares with the switch The timeout retransmission ...

Page 187: ...specify the number of times a RADIUS request is resent to a server if that server is not responding or responding slowly The range is 1 to 1000 If no retransmit value is set with the radius server host command the setting of the radius server retransmit global configuration command is used Optional For key string specify the authentication and encryption key used between the switch and the RADIUS ...

Page 188: ...ion methods and then apply that list to various interfaces The method list defines the types of authentication to be performed and the sequence in which they are performed it must be applied to a specific interface before any of the defined authentication methods are performed The only exception is the default method list which is named default The default method list is automatically applied to a...

Page 189: ...iguration command group radius Use RADIUS authentication You must configure the RADIUS server before you can use this authentication method For more information see the Identifying the RADIUS Server Host section on page 6 58 line Use the line password for authentication You must define a line password before you can use this authentication method Use the password password line configuration comman...

Page 190: ...roup is used with a global server host list which lists the IP addresses of the selected server hosts Server groups also can include multiple host entries for the same server if each entry has a unique identifier the combination of the IP address and UDP port number allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service If you configure two different h...

Page 191: ...the authentication and encryption key used between the switch and the RADIUS daemon running on the RADIUS server Note The key is a text string that must match the encryption key used on the RADIUS server Always configure the key as the last item in the radius server host command Leading spaces are ignored but spaces within and at the end of the key are used If you use spaces in your key do not enc...

Page 192: ...on is enabled the switch uses information retrieved from the user s profile which is in the local user database or on the security server to configure the user s session The user is granted access to a requested service only if the information in the user profile allows it You can use the aaa authorization global configuration command with the radius keyword to set parameters that restrict a user ...

Page 193: ...nication settings between the switch and all RADIUS servers Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 aaa accounting network default list name start stop group radius Enable RADIUS accounting for all network related service requests Step 3 aaa accounting exec default list name start stop group radius Enable RADIUS accounting to send a start record accounting ...

Page 194: ... for mandatory attributes and for optional attributes This allows the full set of features available for TACACS authorization to also be used for RADIUS For example the following AV pair activates Cisco s multiple named ip address pools feature during IP authorization during PPP IPCP address assignment cisco avpair ip addr pool first The following example shows how to provide a user logging in fro...

Page 195: ...er to configure RADIUS whether vendor proprietary or IETF draft compliant you must specify the host running the RADIUS server daemon and the secret text string it shares with the switch You specify the RADIUS host and secret text string by using the radius server global configuration commands Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 radius server vsa send ac...

Page 196: ... show running config privileged EXEC command Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 radius server host hostname ip address non standard Specify the IP address or host name of the remote RADIUS server host and identify that it is using a vendor proprietary implementation of RADIUS Step 3 radius server key string Specify the shared secret text string used be...

Page 197: ...xec default local Configure user AAA authorization to determine if the user is allowed to run an EXEC shell by checking the local database Step 5 aaa authorization network default local Configure user AAA authorization for all network related service requests Step 6 username name privilege level password encryption type password Enter the local database and establish a username based authenticatio...

Page 198: ...6 70 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 Chapter 6 Configuring the System Controlling Switch Access with RADIUS ...

Page 199: ...tomer premises equipment CPE devices connected to the switch LRE ports Note Certain port features can conflict with one another Review the Avoiding Configuration Conflicts section on page 9 7 before you change the port settings For information about configuring these settings from Cluster Management Suite CMS refer to the online help This switch software release is based on Cisco IOS Release 12 0 ...

Page 200: ... LED is amber while STP reconfigures Connecting to Devices That Do Not Autonegotiate To connect to a remote 100BASE T device that does not autonegotiate set the duplex setting to Full or Half and set the speed setting to Auto Autonegotiation for the speed setting selects the correct speed even if the attached device does not autonegotiate but the duplex setting must be explicitly set To connect to...

Page 201: ...orts Beginning in privileged EXEC mode follow these steps to configure flow control on a Gigabit Ethernet port Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface Enter interface configuration mode and enter the port to be configured Step 3 speed 10 100 auto Enter the speed parameter for the port You cannot enter the speed on Gigabit Ethernet or ATM...

Page 202: ...wn the port when the rising threshold is reached The rising threshold is the number of packets that a switch port can receive before forwarding is blocked The falling threshold is the number of packets below which the switch resumes normal forwarding In general the higher the threshold the less effective the protection against broadcast storms The maximum half duplex transmission on a 100BASE T li...

Page 203: ...rmal forwarding on a port Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface Enter interface configuration mode and enter the port to configure Step 3 no port storm control broadcast Disable port storm control Step 4 end Return to privileged EXEC mode Step 5 show port storm control interface Verify your entries Command Purpose Step 1 configure term...

Page 204: ...e Assigning Passwords and Privilege Levels section on page 6 11 Caution A network port cannot link cluster members Beginning in privileged EXEC mode follow these steps to define a network port Disabling a Network Port Beginning in privileged EXEC mode follow these steps to disable a network port Step 5 end Return to privileged EXEC mode Step 6 show port block multicast unicast interface Verify you...

Page 205: ... enables the port after a specified time so that the port can try the operation again The port would continue the error disable and recovery cycle until the UDLD error condition no longer exists Note The errdisable commands are not available on the Catalyst 2900 LRE XL switches Creating EtherChannel Port Groups Fast EtherChannel FEC and Gigabit EtherChannel port groups act as single logical ports ...

Page 206: ... switch uses all available bandwidth to the router The router is configured for destination based forwarding because the large number of stations ensures that the traffic is evenly distributed through the port group ports on the router Figure 7 1 Source Based Forwarding The switch treats the port group as a single logical port therefore when you create a port group the switch uses the configuratio...

Page 207: ... protected port because a MAC address has timed out or has not been learned by the switch Use the port block command to guarantee that in such a case no unicast and multicast traffic is flooded to the port See the Configuring Flooding Controls section on page 7 4 for more information Beginning in privileged EXEC mode follow these steps to define a port as a protected port Use the no version of the...

Page 208: ...is set to 1 the attached device is guaranteed the full bandwidth of the port Added security Unknown devices cannot connect to the port These options validate port security or indicate security violations For the restrictions that apply to secure ports see the Avoiding Configuration Conflicts section on page 9 7 Defining the Maximum Secure Address Count A secure port can have from 1 to 132 associat...

Page 209: ...rity max mac count 1 Secure the port and set the address table to one address Step 4 port security action shutdown Set the port to shutdown when a security violation occurs Step 5 end Return to privileged EXEC mode Step 6 show port security Verify the entry Command Purpose Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface Enter interface configura...

Page 210: ...nation of ports can be monitored For the restrictions that apply to SPAN ports see the Avoiding Configuration Conflicts section on page 9 7 Enabling SPAN Beginning in privileged EXEC mode follow these steps to enable SPAN Disabling SPAN Beginning in privileged EXEC mode follow these steps to disable SPAN Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface int...

Page 211: ...point itself is also a configurable device and you can configure it to forward traffic with an 802 1p priority You can use the CLI to configure the Catalyst 3524 PWR XL to honor or ignore a traffic priority assigned by a Cisco IP Phone or access point For example the Cisco 7960 IP Phone contains an integrated three port 10 100 switch The ports are dedicated connections to these devices Port 1 conn...

Page 212: ...R XL CLI to override the priority of frames arriving on the phone port from connected devices You can also set the phone port to accept trust the priority of frames arriving on the port Beginning in privileged EXEC mode follow these steps to override the CoS priority setting received from the nonvoice port on the Cisco IP Phone Use the no switchport priority extend command to return the port to it...

Page 213: ...ed to an AC power source and supply their own power to the voice circuit For information about configuring a switch port to forward IP voice traffic to and from connected Cisco IP Phones see the Configuring Voice Ports to Carry Voice and Data Traffic on Different VLANs section on page 7 15 Beginning in privileged EXEC mode follow these steps to disable the inline power detection mechanism on a swi...

Page 214: ...ps not 100 Mbps This section discusses these topics LRE Links and LRE Profiles section on page 7 16 CPE Ethernet Links section on page 7 21 Assigning a Public Profile to All LRE Ports section on page 7 22 Assigning a Private Profile to an LRE Port section on page 7 23 For LRE troubleshooting information see the Troubleshooting LRE Port Configuration section on page 9 9 Additional LRE details are p...

Page 215: ...n 997 Both plans are draft standards Contact Cisco Systems for the latest information about standards ratification or for updates to the public profiles Private You can use a private profile if the LRE switch is not used with equipment connected to a PSTN The switch supports a variety of private profiles that offer different link speeds and maximum distances In general the higher the link speed th...

Page 216: ... Where the wiring between the LRE switch and CPE leaves the building or the armored conduits certified for inside wiring standards it must be protected against lightning and shorts to high voltage power This protection might be provided by fuses or overvoltage protectors that comply with local regulations for outside wiring protection Consult an expert in local telecommunications regulations for t...

Page 217: ...public profile is configured on the switch and you want the switch LRE ports to use private profiles you must first disable the public profile by using the no lre profile global global configuration command When you assign a different profile to a switch LRE port the port immediately resets and uses the newly assigned profile Before you add an LRE switch to a cluster make sure that you assign it t...

Page 218: ...t nonfiltered telephone rings and nonfiltered telephone transitions such as on hook to off hook from interrupting the LRE connection We recommend using the ANSI and ETSI asymmetric public profiles for North America and other countries respectively when LRE signaling needs to coexist with ADSL signaling We also recommend using a public profile when the PBX is not on site and the POTS splitter direc...

Page 219: ...atically enabled in full duplex mode You can connect Cisco 575 LRE CPEs and Cisco 585 LRE CPEs to the same LRE switch You can hot swap the CPEs without powering down the switch or disrupting the other switch ports Use the show controllers ethernet controller privileged EXEC command to display the internal switch statistics the statistics collected by the LRE switch interface and the statistics col...

Page 220: ...c Profile to All LRE Ports Public profiles are set on a switch wide global basis The public profile you select should be compatible with the PSTN to which the LRE switch is connected Public profiles have priority over private profiles If you assign a public profile to the switch the switch ignores the private profile settings and uses the public profile settings on all LRE ports To disable the pub...

Page 221: ...ps to assign a private profile to an LRE port Use the show controllers lre privileged EXEC commands to display the LRE link statistics and profile information on the LRE ports For information about these commands refer to the switch command reference Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface LRE interface Enter interface configuration mode and enter...

Page 222: ...7 24 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 Chapter 7 Configuring the Switch Ports Configuring the LRE Ports ...

Page 223: ...nother Review the Avoiding Configuration Conflicts section on page 9 7 before you change the port settings For information about configuring these settings from Cluster Management Suite CMS refer to the online help This switch software release is based on Cisco IOS Release 12 0 It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches This chapter pro...

Page 224: ...ogical network it contains its own bridge Management Information Base MIB information and can support its own implementation of the Spanning Tree Protocol STP For information about managing VLAN STP instances see the Supported STP Instances section on page 6 33 Table 8 1 lists the number of supported VLANs and STP instances on the switches Figure 8 1 VLANs as Logically Defined Networks Table 8 1 M...

Page 225: ...VLAN has these characteristics It is created from CMS or through the CLI on static access multi VLAN and dynamic access and trunk ports You cannot create or remove the management VLAN through Simple Network Management Protocol SNMP Only one management VLAN can be administratively active at a time With the exception of VLAN 1 the management VLAN can be deleted When created the management VLAN is ad...

Page 226: ... the new switch can exchange CDP messages with the command switch and be proposed as a cluster candidate Note For the command switch to change the management VLAN on a new switch there must have been no changes to the new switch configuration and there must be no config text file Because the switch is new and unconfigured its management VLAN is changed to the cluster management VLAN when it is fir...

Page 227: ...gured on the switch VLAN traffic on the multi VLAN port is not encapsulated Trunk ISL ATM or IEEE 802 1Q A trunk is a member of all VLANs in the VLAN database by default but membership can be limited by configuring the allowed VLAN list You can also modify the pruning eligible list to block flooded traffic to VLANs on trunk ports that are included in the list VLAN Trunking Protocol VTP maintains V...

Page 228: ...tion on page 8 16 Add modify or remove VLANs in the database as described in the Configuring VLANs in the VTP Database section on page 8 23 Assigning Static Access Ports to a VLAN section on page 8 25 Configuring a Trunk Port section on page 8 28 You can configure at least one trunk port on the switch and make sure that this trunk port is connected to the trunk port of a second switch Some restric...

Page 229: ...ort performs normal switching functions in all its assigned VLANs For example when a multi VLAN port receives an unknown Media Access Control MAC address all the VLANs to which the port belongs learn the address Multi VLAN ports also respond to the STP messages generated by the different instances of STP in each VLAN For the restrictions that apply to multi VLAN ports see the Avoiding Configuratio...

Page 230: ...router VLAN 77 Ports in static access mode Port in multi VLAN mode Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface Enter interface configuration mode and enter the port to be added to the VLAN Step 3 switchport mode multi Enter the VLAN membership mode for multi VLAN ports Step 4 switchport multi vlan vlan list Assign the port to more than one V...

Page 231: ...in You make global VLAN configuration changes for the domain by using the CLI Cluster Management software or SNMP By default a Catalyst 2900 XL or Catalyst 3500 XL switch is in the no management domain state until it receives an advertisement for a domain over a trunk link a link that carries the traffic of multiple VLANs or until you configure a domain name The default VTP mode is server mode but...

Page 232: ...mode you can create modify and delete VLANs and specify other configuration parameters such as VTP version for the entire VTP domain VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links In VTP server mode VLAN configurations are saved in nonvolatile RA...

Page 233: ...ersion 1 Token Ring support VTP version 2 supports Token Ring LAN switching and VLANs Token Ring Bridge Relay Function TRBRF and Token Ring Concentrator Relay Function TRCRF For more information about Token Ring VLANs see the VLANs in the VTP Database section on page 8 20 Unrecognized Type Length Value TLV support A VTP server or client propagates configuration changes to its other trunks even for...

Page 234: ...ly VLANs included in the pruning eligible list can be pruned By default VLANs 2 through 1001 are pruning eligible on Catalyst 2900 XL and Catalyst 3500 XL trunk ports If the VLANs are configured as pruning ineligible the flooding continues VTP pruning is also supported with VTP version 1 and version 2 Figure 8 3 shows a switched network with VTP pruning enabled The broadcast traffic from Switch 1 ...

Page 235: ...omain always use the VLAN configuration of the switch with the highest VTP configuration revision number If you add a switch that has a revision number higher than the revision number in the VTP domain it can erase all VLAN information from the VTP server and VTP domain Beginning in user EXEC mode follow these steps to verify and reset the VTP configuration revision number on a switch before addin...

Page 236: ...configure it with the correct password After the configuration the switch accepts the next VTP advertisement that uses the same password and domain name in the advertisement If you are adding a new switch to an existing network that has VTP capability the new switch learns the domain name only after the applicable password has been configured on the switch Upgrading from Previous Software Releases...

Page 237: ...you enable version 2 on a switch all of the version 2 capable switches in the domain enable version 2 If there is a version 1 only switch it will not exchange VTP information with switches with version 2 enabled If there are Token Ring networks in your environment TRBRF and TRCRF you must enable VTP version 2 for Token Ring VLAN switching to function properly To run Token Ring and Token Ring Net d...

Page 238: ...N Trunks Work section on page 8 26 Configuring VTP Server Mode When a switch is in VTP server mode you can change the VLAN configuration and have it propagated throughout the network Beginning in privileged EXEC mode follow these steps to configure the switch for VTP server mode Command Purpose Step 1 vlan database Enter VLAN database mode Step 2 vtp domain domain name Configure a VTP administrati...

Page 239: ...nt mode Command Purpose Step 1 vlan database Enter VLAN database mode Step 2 vtp client Configure the switch for VTP client mode The default setting is VTP server Step 3 vtp domain domain name Configure a VTP administrative domain name The name can be from 1 to 32 characters All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the...

Page 240: ...enable VTP version 2 unless every switch in the VTP domain supports version 2 Note In a Token Ring environment you must enable VTP version 2 for Token Ring VLAN switching to function properly For more information on VTP version configuration guidelines see the VTP Version section on page 8 15 Beginning in privileged EXEC mode follow these steps to enable VTP version 2 Command Purpose Step 1 vlan d...

Page 241: ... XL trunk ports For information see the Changing the Pruning Eligible List section on page 8 30 Beginning in privileged EXEC mode follow these steps to enable VTP pruning Command Purpose Step 1 vlan database Enter VLAN configuration mode Step 2 no vtp v2 mode Disable VTP version 2 Step 3 exit Update the VLAN database propagate it throughout the administrative domain and return to privileged EXEC m...

Page 242: ...tifier SAID Bridge identification number for TRBRF VLANs Ring number for FDDI and TRCRF VLANs Parent VLAN number for TRCRF VLANs STP type for TRCRF VLANs VLAN number to use when translating from one VLAN type to another The Default VLAN Configuration section on page 8 21 lists the default values and possible ranges for each VLAN media type Token Ring VLANs Although the Catalyst 2900 XL and Catalys...

Page 243: ...VLAN configuration through VTP Default VLAN Configuration Table 8 6 through Table 8 10 shows the default configuration for the different VLAN media types Note Catalyst 2900 XL and Catalyst 3500 XL switches support Ethernet interfaces exclusively Because FDDI and Token Ring VLANs are not locally supported you configure FDDI and Token Ring media specific characteristics only for VTP global advertise...

Page 244: ... 8 9 Token Ring TRBRF VLAN Defaults and Ranges Parameter Default Range VLAN ID 1005 1 1005 VLAN name VLANxxxx where xxxx is the VLAN ID No range 802 10 SAID 100000 VLAN ID 1 4294967294 MTU size VTPv1 1500 VTPv2 4472 1500 18190 Bridge number VTPv1 0 VTPv2 user specified 0 15 STP type ibm auto ibm ieee Translational bridge 1 0 0 1005 Translational bridge 2 0 0 1005 VLAN state active active suspend T...

Page 245: ...fy the VLAN configuration or VTP use the VLAN database commands described in the switch command reference You use the interface configuration command mode to define the port membership mode and add and remove ports from VLANs The results of these commands are written to the running configuration file and you can display the file by entering the privileged EXEC show running config command Note VLAN...

Page 246: ...hernet VLAN Command Purpose Step 1 vlan database Enter VLAN database mode Step 2 vlan vlan id name vlan name Add an Ethernet VLAN by assigning a number to it If no name is entered for the VLAN the default is to append the vlan id to the word VLAN For example VLAN0004 could be a default VLAN name If you do not specify the VLAN media type the VLAN is an Ethernet VLAN Step 3 exit Update the VLAN data...

Page 247: ...ssigning a port on a cluster member switch to a VLAN first log in to the member switch by using the privileged EXEC rcommand command For more information on how to use this command refer to the switch command reference Beginning in privileged EXEC mode follow these steps to assign a port to a VLAN in the VTP database Command Purpose Step 1 vlan database Enter VLAN configuration mode Step 2 no vlan...

Page 248: ... ISL Trunking Environment IEEE 802 1Q Configuration Considerations IEEE 802 1Q trunks impose these limitations on the trunking strategy for a network Make sure the native VLAN for an 802 1Q trunk is the same on both ends of the trunk link If the native VLAN on one end of the trunk is different from the native VLAN on the other end spanning tree loops might result Disabling STP on the native VLAN o...

Page 249: ...g unicast and multicast packets on a trunk The port block interface configuration command can be used to block the forwarding of unknown unicast and multicast packets to VLANs on a trunk However if the trunk port is acting as a network port unknown unicast packets cannot be blocked Port grouping ISL and 802 1Q trunks can be grouped into EtherChannel port groups but all trunks in the group must hav...

Page 250: ...support trunk negotiation through the Dynamic Trunking Protocol DTP formerly known as Dynamic ISL DISL If you are connecting a trunk port to a Catalyst 5000 switch or other DTP device use the non negotiate option on the DTP capable device so that the switch port does not generate DTP frames Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface_id Ente...

Page 251: ...or a trunk port the trunk port does not become a member of the new VLAN Beginning in privileged EXEC mode follow these steps to modify the allowed list of a ISL or 802 1Q trunk Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface_id Enter the interface configuration mode and the port to be added to the VLAN Step 3 no switchport mode Return the port t...

Page 252: ... follow these steps to configure the native VLAN on an 802 1Q trunk If a packet has a VLAN ID that is the same as the outgoing port native VLAN ID the packet is sent untagged otherwise the switch sends the packet with a tag Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface id Enter interface configuration mode and select the trunk port for which V...

Page 253: ...ithout identification or a tag are called native or untagged frames For ISL or IEEE 802 1Q frames with tag information the priority value from the header frame is used For native frames the default priority of the input port is used Port Scheduling Each port on the switch has a single receive queue buffer the ingress port for incoming traffic When an untagged frame arrives it is assigned the value...

Page 254: ...t the priorities on a parallel trunk port so that the port carries all the traffic for a given VLAN The trunk port with the higher priority lower values for a VLAN is forwarding traffic for that VLAN The trunk port with the lower priority higher values for the same VLAN remains in a blocking state for that VLAN One trunk port sends or receives all traffic for the VLAN Figure 8 5 shows two trunks c...

Page 255: ...m 1 to 32 characters Step 3 vtp server Configure Switch 1 as the VTP server Step 4 exit Return to privileged EXEC mode Step 5 show vtp status Verify the VTP configuration on both Switch 1 and Switch 2 In the display check the VTP Operating Mode and the VTP Domain Name fields Step 6 show vlan Verify that the VLANs exist in the database on Switch 1 Step 7 configure terminal Enter global configuratio...

Page 256: ...Ns 8 through 10 are assigned a path cost of 30 on trunk port 2 VLANs 2 through 4 retain the default 100BASE T path cost on trunk port 2 of 19 Figure 8 6 Load Sharing Trunks with Traffic Distributed by Path Cost Step 16 interface fa0 1 Enter interface configuration mode and define the interface to set the STP port priority Step 17 spanning tree vlan 8 9 10 port priority 10 Assign the port priority ...

Page 257: ...ify your entries In the display make sure that interface Fa0 1 and Fa0 2 are configured as trunk ports Step 7 show vlan When the trunk links come up Switch 1 receives the VTP information from the other switches Verify that Switch 1 has learned the VLAN configuration Step 8 configure terminal Enter global configuration mode Step 9 interface fa0 1 Enter interface configuration mode and define Fa0 1 ...

Page 258: ...address to or from the port The switch continues to monitor the packets directed to the port and sends a query to the VMPS when it identifies a new address If the switch receives a port shutdown response from the VMPS it disables the port The port must be manually reenabled by using the CLI Cluster Management software or SNMP You can also use an explicit entry in the configuration table to deny ac...

Page 259: ...tch is a cluster member the command switch adds the name of the switch before the Fa For example es3 Fa02 refers to fixed 10 100 port 2 on member switch 3 These naming conventions must be used in the VMPS database configuration file when it is configured to support a cluster You can configure a fallback VLAN name If you connect a device with a MAC address that is not in the database the VMPS sends...

Page 260: ...e the VMPS before you configure ports as dynamic The communication between a cluster of switches and VMPS is managed by the command switch and includes port naming conventions that are different from standard port names For the cluster based port naming conventions see the VMPS Database Configuration File section on page 8 37 When you configure a port as dynamic the spanning tree Port Fast feature...

Page 261: ...nning in privileged EXEC mode follow these steps to enter the IP address of the VMPS Table 8 13 Default VMPS Client and Dynamic Port Configuration Feature Default Configuration VMPS domain server None VMPS reconfirm interval 60 minutes VMPS server retry count 3 Dynamic ports None configured Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 vmps server ipaddress prima...

Page 262: ...more information see the Configuring a Trunk Port section on page 8 28 Reconfirming VLAN Memberships Beginning in privileged EXEC mode follow these steps to confirm the dynamic port VLAN membership assignments that the switch has received from the VMPS Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 interface interface Enter interface configuration mode and the swi...

Page 263: ...s to change the reconfirmation interval Changing the Retry Count Beginning in privileged EXEC mode follow these steps to change the number of times that the switch attempts to contact the VMPS before querying the next server Command Purpose Step 1 configure terminal Enter global configuration mode Step 2 vmps reconfirm minutes Enter the number of minutes between reconfirmations of the dynamic VLAN...

Page 264: ...lyst 5000 series Switch 1 is the primary VMPS server The Catalyst 5000 series Switch 3 and Switch 10 are secondary VMPS servers End stations are connected to these clients Catalyst 2900 XL Switch 2 Catalyst 3500 XL Switch 9 The database configuration file is called Bldg G db and is stored on the TFTP server with the IP address 172 20 22 7 VMPS VQP Version The version of VQP used to communicate wit...

Page 265: ... Secondary VMPS Server 3 172 20 26 150 172 20 26 151 Trunk port Catalyst 5000 series 172 20 26 152 Ethernet segment Trunk link 172 20 26 153 172 20 26 154 172 20 26 155 172 20 26 156 172 20 26 157 172 20 26 158 172 20 26 159 Client Client End station 2 End station 1 TFTP server Dynamic access port Dynamic access port Switch 10 Switch 9 Switch 8 Switch 7 Switch 6 Switch 5 Switch 3 Switch 2 Switch 1...

Page 266: ...8 44 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 Chapter 8 Configuring VLANs How the VMPS Works ...

Page 267: ... GBIC Security and Identification page 9 8 Troubleshooting LRE Port Configuration page 9 9 Troubleshooting CMS Sessions page 9 11 Determining Why a Switch Is Not Added to a Cluster page 9 14 Copying Configuration Files to Troubleshoot Configuration Problems page 9 15 Troubleshooting Switch Software Upgrades page 9 16 Recovery Procedures page 9 18 For additional troubleshooting information See Appe...

Page 268: ... bad packets discarded packets and no destination packets Transmit Bandwidth Usage The percentage of the bandwidth usage for transmission based on the transmit rate and actual speed Receive Bandwidth Usage The percentage of the bandwidth usage for reception based on the receive rate and actual speed Transmit Packet Rate The transmit rate of well formed packets It includes unicast multicast and bro...

Page 269: ...ns It includes packets of all destination address types Late Collision Packets The total number of packets discarded because of late collisions detected during transmission It includes all transmit packets that had a collision after the transmission of the packet s 64th byte The preamble and SFD are not included in the frame s byte count Receive Unicast Packets The total number of well formed unic...

Page 270: ... frames with errors and frames with unicast or broadcast destination address types or oversize frames and undersize frames Alignment Errors The total number of packets received with alignment errors It includes all the packets received with both an FCS error and a nonintegral number of bytes FCS Errors The total number of packets received with FCS errors It excludes undersized packets with FCS err...

Page 271: ...hem Downstream Reed Solomon Errors The number of detected and corrected data errors being received on the CPE RJ 11 wall port Table 9 4 CPE Ethernet Link Statistics Counter Description Tx Octets The count of octets sent from an LRE CPE Ethernet port Tx Drop Pkts The count of packets dropped during transmission out an LRE CPE Ethernet port Tx Broadcast Pkts The count of packets with a broadcast des...

Page 272: ...eived packets that had a unicast destination Rx Broadcast Pkts The count of received packets that had a broadcast destination Rx Multicast Pkts The count of received packets that had a multicast destination Rx Good Octets The count of received octets that had no errors Rx Fragments The count of received fragments Fragments are pieces of a packet Rx Excess Size Discards The count of packets that we...

Page 273: ... issues a warning message that you are configuring a setting that is incompatible with another setting and the switch does not save the change Table 9 5 Conflicting Features ATM Port1 1 Catalyst 2900 XL switches only Port Group Port Security SPAN Port Multi VLAN Port Network Port Connect to Cluster Protecte d Port ATM Port N A No No No No No Yes No Port Group No No No Yes Yes2 2 Cannot be in a des...

Page 274: ... adjust itself even if the connected port does not autonegotiate To connect to a remote Gigabit Ethernet device that does not autonegotiate disable autonegotiation on the local device and set the duplex and flow control parameters to be compatible with the remote device GBIC Security and Identification Cisco approved Gigabit Interface Converter GBIC modules have a serial EEPROM that contains the m...

Page 275: ...wer surges is causing interference with the LRE link Change to a profile that has the interleaver feature enabled such as the LRE 5 LRE 10 LRE 15 LRE 10 1 LRE 10 3 or LRE 10 5 profile Change to a profile with a lower data rate for example use LRE 5 instead of LRE 15 to increase the noise margin The LRE link length and quality are close to the limit of operation Change to a lower profile for exampl...

Page 276: ... have the LL feature enabled and the interleaver feature turned off The LL feature does not delay data transmission but it makes data more susceptible to interruptions on the LRE link All other profiles public and private have the interleaver feature enabled and the LL feature disabled The interleaver feature provides maximum protection against small interruptions on the LRE link but delays data t...

Page 277: ...ar as unavailable devices and cannot be configured from CMS For more information about CMS access modes see the Access Modes in CMS section on page 2 33 Note If you have configured the Terminal Access Controller Access Control System Plus TACACS or feature on the switch you can still access the switch through CMS For information about how inconsistent authentication configurations in switch cluste...

Page 278: ...N as the management VLAN For more information about management VLANs see the Management VLANs section on page 8 3 The Applet notinited message appears at the bottom of the browser window You might not have enough disk space Each time you start CMS the Java plug in saves a copy of all the jar files to the disk Delete the jar files from the location where the browser keeps the temporary files on you...

Page 279: ...tes 8 Deselect Require server verification 9 Add the switches you want to manage by entering their URLs in the Add this web site to the zone field Click Add to add each switch A URL is the switch IP address preceded by http For example you might enter http 172 20 153 36 10 After you have finished entering the URLs for your switches click OK 11 While still in the Security tab of the Internet Option...

Page 280: ... Topology view displays the cluster as a double switch icon and shows connections to devices outside the cluster Figure 9 1 Right click the device yellow label and select Disqualification Code For a list of devices that are cluster enabled refer to the release notes http www cisco com univercd cc td doc product lan c2900xl index htm Figure 9 1 Cluster View Right click a device with a yellow label ...

Page 281: ...18 C2900XL h mz 112 8 SA 4 drwx 3776 Mar 01 1993 01 23 24 html 66 rwx 130 Jan 01 1970 00 01 19 env_vars 68 rwx 1296 Mar 01 1993 06 55 51 config text 1728000 bytes total 456704 bytes free The file system uses a URL based file specification This example uses the TFTP protocol to copy the file config text from the host arno to the switch Flash memory switch copy tftp arno 2900 config text flash confi...

Page 282: ...y In most of the cases when setting the boot parameters during or after the upgrade the word flash is mistyped or completely missed Go to Setting BOOT Parameters at ROMMON Switch Prompt to verify and set the BOOT parameters correctly If setting the BOOT parameters to the correct filename does not resolve the issue perform an X Modem upgrade as the file present on the Flash memory could be corrupte...

Page 283: ...he BOOT parameters are not correct and the switch is still set to boot from the old image or the upgrade did not go through properly Verify the BOOT parameters and correct them if needed If the BOOT parameters are correct download the IOS image file using TFTP If the switch still boots with the old image download the IOS image file using X Modem Switch not booting automatically needs a manual boot...

Page 284: ...ion on page 7 10 Recovering from a Command Switch Failure You can prepare for a command switch failure by assigning an IP address to a member switch that is command capable making a note of the command switch password and cabling your cluster to provide redundant connectivity between all member switches and the replacement command switch Hot Standby Router Protocol HSRP is the preferred method for...

Page 285: ...From privileged EXEC mode enter global configuration mode Switch config terminal Enter configuration commands one per line End with CNTL Z Step 7 From global configuration mode remove previous command switch information from the switch Switch config no cluster commander address Step 8 Return to privileged EXEC mode Switch config exit Switch Step 9 Use the setup program to configure the switch IP i...

Page 286: ...ke to configure a Telnet password yes y Note The password can be from 1 to 25 alphanumeric characters is case sensitive allows spaces but ignores leading spaces Step 18 Enter the Telnet password and press Return Enter Telnet password telnet_password Step 19 Enter Y to configure the switch as the cluster command switch Enter N to configure it as a member switch or as a standalone switch Note If you...

Page 287: ...ch Follow these steps when you are replacing a failed command switch with a switch that is command capable but not part of the cluster Step 1 Insert the new switch in place of the failed command switch and duplicate its connections to the cluster members Step 2 Start a CLI session on the new command switch You can access the CLI by using the console port or if an IP address has been assigned to th...

Page 288: ...password of the failed command switch and press Return Note The password can be from 1 to 25 alphanumeric characters can start with a number is case sensitive allows spaces but ignores leading spaces Enter enable secret secret_password Step 13 Enter Y to enter a Telnet password Would you like to configure a Telnet password yes y Note The password can be from 1 to 25 alphanumeric characters is case...

Page 289: ... address that you entered in Step 7 Step 20 Click Cluster Management Suite to display CMS It prompts you to add the candidate switches The password of the failed command switch is still valid for the cluster Enter it when candidate switches are proposed for cluster membership and click OK Recovering from a Failed Command Switch Without Replacing the Command Switch If a command switch fails and the...

Page 290: ...t the software appear as do instructions The system has been interrupted prior to initializing the flash file system The following commands will initialize the flash file system and finish loading the operating system software flash_init load_helper boot Step 5 Initialize the Flash file system switch flash_init Step 6 If you had set the console port speed to anything other than 9600 it has been re...

Page 291: ... configuration file into memory switch copy flash config text system running config Source filename config text Destination filename running config Press Return in response to the confirmation prompts The configuration file is now reloaded Follow the next steps to change the password Step 14 Enter global configuration mode switch config terminal Step 15 Change the password switch config enable sec...

Page 292: ...ODEM protocol and this procedure is largely dependent on the emulation software you are using Step 1 Connect a PC with terminal emulation software supporting the XMODEM Protocol to the switch console port Step 2 Set the line speed on the emulation software to 9600 baud Step 3 Unplug the switch power cord Step 4 Reconnect the power cord to the switch The software image does not load The switch star...

Page 293: ... in the Cisco IOS Release 12 0 documentation on Cisco com Note From CMS Reports System Messages you can display the system messages of the Catalyst 2900 XL and Catalyst 3500 XL switches when they are in a cluster where the command switch is a Catalyst 2950 switch running Release 12 1 6 EA2 or later or a Catalyst 3550 switch running Release 12 1 8 EA1 or later The System Messages option is not avai...

Page 294: ...it Ethernet controller FRANK Messages page A 10 GBIC_1000BASET Cisco GigaStack Gigabit Interface Converter GBIC_1000BASET Messages page A 15 GBIC_SECURITY GBIC module security GBIC_SECURITY Messages page A 16 GIGASTACK GigaStack GBIC GigaStack Messages page A 17 HW_MEMORY Hardware memory HW_MEMORY Messages page A 18 INTERFACE Interface API INTERFACE Messages page A 19 IP Internet Protocol IP Messa...

Page 295: ...ages SPANTREE Spanning Tree Protocol SPANTREE Messages page A 35 SPANTREE_FAST STP fast convergence SPANTREE_FAST Messages page A 38 STORM_CONTROL Storm control STORM_CONTROL Message Messages page A 39 SW_VLAN VLAN Manager SW_VLAN Messages page A 39 SYS Operating system SYS Messages page A 41 TAC Terminal Access Controller Access Control System Protocol TAC Messages page A 44 TTYDRIVER Terminal dr...

Page 296: ...ing the error It is shown as SLOT followed by a number For example SLOT5 Error Message Traceback Reports Some messages describe internal errors and contain traceback information This information is very important and should be included when you report a problem to your technical support representative The following sample message includes traceback information Process Exec level 0 pid 17 Traceback...

Page 297: ... console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support representative and provide the representative with the gathered information Error Message AAAA 3 DLRF...

Page 298: ...ss has been enabled but somehow could not run Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco tec...

Page 299: ...e show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support representative and provide the representative with the gathered information Error Message CAPITOLA_MOD 3 NULLPTR n chars Did not expect NUL...

Page 300: ...es This section contains the Cluster Membership Protocol error messages Error Message CMP 5 ADD The Device is added to the cluster Cluster Name chars CMDR IP Address inet Explanation The message means that the device is added to the cluster chars is the cluster name and inet is the Internet address of the command switch Recommended Action No action is required Error Message CMP 5 MEMBER_CONFIG_UPD...

Page 301: ...RONMENT 2 FAN_FAULT System Fault FAN FAULT is detected Explanation This message means that an internal fan fault is detected This message is available only on the Catalyst 3524 PWR XL switch Recommended Action Either check the switch itself or use the show env privileged EXEC command to check if a fan on the switch has failed The Catalyst 3524 PWR XL switch can operate normally with one failed fan...

Page 302: ...et for the extra allocation value has failed Recommended Action This error prevents a crucial workaround for the controller from executing This brings down the switch and causes it to reload Error Message FRANK 1 DIST_FIFO_POLL_HANDLE chars Failed to allocate molecule handle Explanation A molecule chain is sent by the CPU to the controller driver to read the values of all the distribution FIFO reg...

Page 303: ...epresentative with the gathered information Error Message FRANK 1 UNKNOWN_FRAME_NOTIFY_FORMAT Frame Update Notify hex and Queue Type is dec for Queue dec n Explanation An unknown frame notify format was found The queue type and queue number are displayed Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather...

Page 304: ... chars Initialization failed hex n Explanation The controller initialization has failed and the failure error code is printed Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from th...

Page 305: ...n Explanation The configuration for the controller module could not be found Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech suppor...

Page 306: ...error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support representative and provide the representative with the gathered information Error Message FRANK 3 UNKNOWN_VLAN_EVENT Unknown vlan event n Explanation A VLAN event that is not recognized by the driver was triggered Recommended Action Copy the er...

Page 307: ...d in a slot Recommended Action No action is required Error Message FRANK 6 MODULE_REMOVED Module in slot dec was removed Explanation The module has been removed from the slot Recommended Action No action is required GBIC_1000BASET Messages This section contains the 1000BASE T Cisco Gigabit Interface Converter GBIC error messages Error Message GBIC_1000BASET 6 GBIC_1000BASET_DEFAULT_CONFIG 1000 Bas...

Page 308: ...ther GBIC interface Explanation This message means that the GBIC was identified as a Cisco GBIC but its serial number matches that of another interface on the system chars is the interface in which the GBIC is installed Recommended Action Cisco GBICs are assigned unique serial numbers Verify that the GBIC was obtained from Cisco or a supported vendor Error Message GBIC_SECURITY 4 GBIC_INTERR Inter...

Page 309: ...s section contains the Cisco GigaStack Gigabit Interface Converter GBIC error messages Error Message GIGASTACK 1 NO_LOOP_DETECT The link neighbor of link dec of Gigastack GBIC in chars did not respond to the loop detection request If loop topology is deployed make sure all switches in the stack are running the latest software Explanation No acknowledgement for GigaStack loop detection request is r...

Page 310: ...Link 2 of the Gigastack GBIC in chars is re enabled Explanation A loop formed by GigaStack modules is broken because of link loss Link 2 of the master loop breaker is re enabled to replace the broken link Recommended Action No action is required Error Message GIGASTACK 6 LOOP_DETECTED Gigastack GBIC in chars is selected as Master Loop Breaker nLink 2 of the Gigastack GBIC is disabled to break the ...

Page 311: ...essage INTERFACE_API 1 NOMORESWIDB No more SWIDB can be allocated maximum allowed dec Explanation No more Interfaces can be created because the maximum number of SWIDB allowed for this platform has been reached Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to dete...

Page 312: ...um application firmware version needed chars Explanation Each CPE requires a currently supported application firmware version for it to function correctly This CPE has a application firmware version that predates the earliest supported version Recommended Action Upgrade the application firmware on the CPE to a version that supports the current requirements Error Message LRE_CPE 3 WRONGBOOTVER CPE ...

Page 313: ...t Also make sure that the CPE has the correct LRE firmware and if applicable that the CPE class identifier is correctly set Error Message LRE_CPE SSNCHANGED CPE unit on interface chars changed Explanation The CPE system serial number changed This usually means that the CPE unit on this interface was replaced Recommended Action No action is required LRE_LINK Messages This section contains the Long ...

Page 314: ...itch or CPE is faulty contact Cisco Systems MAT Messages This section contains the MAC address table error messages Error Message MAT 1 BADFRAME A bad packet is received on switch port chars Explanation A packet with either a switch error a network error or a wrong port number is received by the address learning process Recommended Action If problems persist copy the error message exactly as it ap...

Page 315: ...table Explanation The address table can only handle a certain number of MAC addresses Recommended Action Reduce the number of MAC addresses in the address table Error Message MAT 2 SECURITYREJECT Security violation occurred on module dec port dec caused by MAC address enet Explanation A packet with an unexpected source address is received on a secure port Recommended Action Remove the station with...

Page 316: ...will be reset and restarted Explanation A port problem is detected on the module The module is reset and is restarted Recommended Action If the module continues to reset and restart copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot dete...

Page 317: ... Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support representative and provide the representat...

Page 318: ...ge of dec to dec Explanation An invalid request was detected by the bitlist subsystem Recommended Action No action is required Error Message PM 4 BIT_OUTOFRANGE bit dec is not in the expected range of dec to dec Explanation An invalid request was detected by the Port Manager Recommended Action No action is required Error Message PM 4 BAD_CARD_COOKIE An invalid card cookie was detected Explanation ...

Page 319: ...rotective measure that puts the interface in error disabled state when it detects a misconfiguration or misbehavior The switch attempts a recovery after the recovery interval expires default is 5 minutes Recommended Action Correct the UDLD problem and restart the interface by using the no shutdown interface configuration command Alternatively you can enable port by using the errdisable recovery gl...

Page 320: ...to stop state machine chars chars but it is not idle Explanation The Port Manager subsystem attempted to stop a state machine that has events pending Recommended Action No action is required Error Message PMSM 4 STOPPED Event chars ignored because the state machine is stopped chars chars Explanation The Port Manager subsystem attempted to post an event to a state machine that has already been stop...

Page 321: ...rror messages Error Message PRUNING 1 INVTLV rx summary in domain chars with invalid TLV value hex Explanation No explanation is available at this time Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the n...

Page 322: ...n No explanation is available at this time Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco techni...

Page 323: ...ailable at this time Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support representa...

Page 324: ...led Explanation No explanation is available at this time Recommended Action No action is required Error Message PRUNING 5 JOINNONAME No domain name in rx Join trunk hex Explanation No explanation is available at this time Recommended Action No action is required Error Message PRUNING 5 JOINNOTRUNK Trunk hex not found for rx Join Explanation No explanation is available at this time Recommended Acti...

Page 325: ...ster Explanation Failed to read a register Recommended Action If this is happening with all features on the switch this is a hardware failure Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the e...

Page 326: ...ote that the show cdp neighbors command is useful in determining the next switch Repeat this procedure until the port is found that is receiving what it is transmitting and remove that port from the network Error Message RTD 1 LINK_FLAP chars link down up dec times per min Explanation An excessive number of link down up events has been noticed on this interface chars is the interface and dec is th...

Page 327: ...t contact your Cisco technical support representative and provide the representative with the gathered information Error Message SPANTREE 2 BLOCK_PVID_LOCAL Blocking chars on vlan dec Inconsistent local vlan Explanation No explanation is available at this time Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to ...

Page 328: ...information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support representative and provide the representative with the gathered information Error Message SPANTREE 2 RECV_1Q_NON_TRUNK Received 802 1Q BPDU on non trunk chars on vlan dec Explanation No explanation is ...

Page 329: ...of the error from the error message text or from the show tech support output contact your Cisco technical support representative and provide the representative with the gathered information Error Message SPANTREE 2 ROOTGUARD_CONFIG_CHANGE Rootguard chars on port chars VLAN dec Explanation No explanation is available at this time Recommended Action Copy the error message exactly as it appears on t...

Page 330: ...py the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support representative and provide the representative with t...

Page 331: ...es Error Message SW_VLAN 3 VTP_PROTOCOL_ERROR VTP protocol code internal error chars Explanation VLAN Trunking Protocol VTP protocol code encountered an unexpected error when processing a configuration request packet or timer expiration Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might p...

Page 332: ...ACTIVE_VALUE Encountered incorrect VLAN timer active value chars Explanation Due to a software error a VLAN timer was detected as active when it should have been inactive or inactive when it should have been active Recommended Action No action is required Error Message SW_VLAN 4 IFS_FAILURE VLAN manager encountered file operation error call chars failure code errno dec bytes transfered dec Explana...

Page 333: ...s but will create files using the new format in the future Recommended Action No action is required Error Message SW_VLAN 6 VTP_MODE_CHANGE VLAN manager changing device mode from chars to chars Explanation Some switch devices must automatically change VTP device modes upon receipt of a VLAN configuration database containing more than a set number of VLANs depending on the device This message means...

Page 334: ...om the show tech support output contact your Cisco technical support representative and provide the representative with the gathered information Error Message SYS 2 CHUNKEXPANDFAIL Could not expand chunk pool for chars No memory available Explanation There is not enough processor memory left to increase this chunk pool Recommended Action Copy the error message exactly as it appears on the console ...

Page 335: ...error occurred Recommended Action If this messages recurs copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical ...

Page 336: ...e no logging console guaranteed command or turning off link state messages for some interfaces Error Message SYS 6 READ_BOOTFILE_FAIL chars chars Explanation A configured boot system command failed Recommended Action If a system image was eventually loaded no action is required If the system image did not load as configured copy the error message exactly as it appears on the console or in the syst...

Page 337: ...not expecting This might occur when a TACACS server sends duplicate responses or when it responds to a request that has already timed out It also might be due to an internal software problem Recommended Action No action is required Error Message TAC 6 SENDTMO Send type dec to IP_address timed out Explanation A background TACACS notification enabled with the tacacs notify command was not acknowledg...

Page 338: ...lable at this time Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support representati...

Page 339: ...s available at this time Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support command to gather data that might provide information to determine the nature of the error If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support repres...

Page 340: ...rror If you cannot determine the nature of the error from the error message text or from the show tech support output contact your Cisco technical support representative and provide the representative with the gathered information Error Message VQPCLIENT 3 VLANNAME Invalid VLAN chars in response Explanation No explanation is available at this time Recommended Action Copy the error message exactly ...

Page 341: ...QP client Explanation No explanation is available at this time Recommended Action No action is required VTP Message This section contains the Virtual Terminal Protocol error message Error Message VTP 3 ERROR chars Explanation No explanation is available at this time Recommended Action Copy the error message exactly as it appears on the console or in the system log Enter the show tech support comma...

Page 342: ...A 50 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 Appendix A System Messages Error Message and Recovery Procedures ...

Page 343: ...d A 3 hex variable field A 4 inet variable field A 4 AC command switch 5 12 5 23 accessing clusters switch 5 15 CMS 2 32 modes 2 33 command modes 3 2 command switches 5 13 console port 4 3 HTTP port 4 3 member switches 5 15 8 25 MIBs files 4 5 objects 4 5 variables 4 6 switch clusters 5 15 Telnet access 4 4 access levels CMS 2 33 access points inline power 7 15 access ports dynamic 8 5 8 40 in swi...

Page 344: ...ms group in RMON 4 5 allowed VLAN list 8 29 American National Standards Institute See ANSI ANSI 1 5 Plan 998 7 17 AppleTalk Remote Access See ARA Apply button 2 31 ARA 6 53 ARP table address resolution 6 32 managing 6 32 asymmetric digital subscriber line See ADSL ATM ports duplex mode and speed 7 2 trunks and other features 8 27 VLAN membership 2 12 8 5 ATM trunk mode 2 12 attributes RADIUS vendo...

Page 345: ...e also command switch cluster standby group and member switch cascaded configuration UplinkFast 6 35 Catalyst 3524 PWR XL 7 13 caution symbol definition of xvii CC command switch 5 23 CDP automatic discovery in switch clusters 5 5 configuring 6 13 6 14 system messages A 7 CGMP controlling management packets with 6 20 removing router ports 6 22 See also Fast Leave change notification CMS 2 34 chass...

Page 346: ...omatic discovery 5 5 automatic recovery 5 12 CLI 5 26 host names 5 16 IP addresses 5 15 LRE profiles 5 19 management VLAN 5 18 NAT commands 5 19 network port 5 19 passwords 5 16 RADIUS 5 17 SNMP 5 16 5 27 switch specific features 5 19 TACACS 5 17 redundancy 5 23 troubleshooting 5 25 9 14 verifying 5 25 See also candidate switch command switch cluster standby group member switch and standby command...

Page 347: ...nd management 4 5 command switch with HSRP disabled CC 5 23 configuration conflicts 9 18 defined 5 2 enabling 5 20 passive PC 5 12 5 23 password privilege levels 5 26 priority 5 12 recovery from command switch failure 5 12 from failure 9 18 9 23 from failure without HSRP 9 23 from lost member connectivity 9 18 redundant 5 12 5 23 replacing with another switch 9 21 with cluster member 9 19 requirem...

Page 348: ...3 6 14 community strings 6 49 Cross stack UplinkFast 6 37 date and time 6 12 daylight saving time 6 12 DNS 6 6 duplex mode 7 2 7 3 7 21 dynamic ports on VMPS clients 8 40 dynamic VLAN membership 8 39 flooding controls 7 4 flow control 7 3 hello time 6 43 hops 6 14 IGMP filtering 6 23 inline power 7 15 IP information 6 2 IP phones 7 13 7 14 load sharing 8 33 login authentication 6 52 management VLA...

Page 349: ...verview 6 37 Current Multicast Groups table 6 22 customer premises equipment See CPE CWDM GBIC modules 1 21 troubleshooting 9 8 wavelength colors on CMS 2 6 D database VTP 8 20 8 23 date setting 6 12 daylight saving time 6 12 default configurations RADIUS 6 57 VLANs 8 21 VMPS 8 39 VTP 8 15 defaults switch list of 4 7 resetting to 3 5 deleting VLAN from database 8 25 destination based forwarding 7 ...

Page 350: ... 8 9 DTP 8 28 duplex mode configuration guidelines 7 2 configuring 7 2 7 3 7 21 CPE Ethernet link 7 21 full duplex with flow control 7 2 half duplex with back pressure 7 2 settings ATM port 7 2 duplex mode LED 2 8 dynamic access mode 2 12 dynamic access ports described 8 5 limit on number of hosts 8 42 VLAN membership combinations 8 6 dynamic addresses See addresses Dynamic Host Configuration Prot...

Page 351: ...See ETSI events group in RMON 4 5 examples network configuration 1 8 Expand Cluster view 2 14 expert mode 2 28 extended discovery 6 14 F facility codes described A 2 table A 2 fan fault indication 2 5 Fast EtherChannel port groups creating 7 7 Fast Ethernet trunks 8 26 Fast Leave defined 6 20 disabling 6 21 enabling 6 21 FDDI Net VLAN defaults and ranges 8 22 FDDI VLAN defaults and ranges 8 21 fea...

Page 352: ...igabit Interface Converter See GBIC modules GigaStack system messages A 17 global configuration mode 3 3 graphs bandwidth 2 8 guide mode 1 7 2 28 H hardware memory system messages See HW_MEMORY system messages HC candidate switch 5 23 hello BPDU interval 6 43 hello time changing 6 43 defined 6 42 help CLI 3 5 Help button CMS 2 31 Help Contents 2 29 history group in RMON 4 5 hold time modifying 6 2...

Page 353: ... LED 2 8 Integrated Services Digital Network See ISDN interaction modes CMS 2 28 interface API system messages A 19 interface configuration mode 3 3 specifying ports in 3 4 interfaces supported 1 6 Internet Group Management Protocol See IGMP filtering Internet Protocol system messages See IP Inter Switch Link See ISL inventory cluster 5 25 IOS command line interface Cisco See CLI IOS Release 12 0 ...

Page 354: ... 52 login authentication with RADIUS 6 60 Long Reach Ethernet See LRE technology LRE 10 1 private profile 7 17 LRE 10 3 private profile 7 17 LRE 10 5 private profile 7 18 LRE 10LL private profile 7 18 LRE 10 private profile 7 17 LRE 15LL private profile 7 18 LRE 15 private profile 7 17 LRE 5LL private profile 7 18 LRE 5 private profile 7 17 LRE CPE system messages A 20 LRE environment 7 18 trouble...

Page 355: ...re 6 18 aging time 6 16 discovering 6 15 6 32 maximum number supported 6 15 notification and history of activity 6 17 MAC address notification 6 17 mac notification traps 6 49 MAC address tables managing 6 15 management options benefits clustering 1 7 CMS 1 7 CLI 3 1 CMS 2 1 overview 1 6 management VLAN changing 5 18 8 3 8 4 configuring 8 4 considerations in switch clusters 5 8 5 9 5 18 discovery ...

Page 356: ...ckets 7 5 See also flooding controls multicast traffic and protected ports 7 9 Multicast VLAN Registration See MVR Multilink Decomposer window 2 25 multilink icon 2 25 multi VLAN mode 2 12 multi VLAN ports assigning to VLANs 8 7 8 8 described 8 7 VLAN membership combinations 8 6 MVR 6 27 configuring 6 31 guidelines 6 29 limitations 6 29 overview 6 27 parameters 6 30 N NAT commands cluster consider...

Page 357: ... help 2 29 operating system messages See SYS system messages optical add drop multiplexer OADM modules See CWDM modules overheating indication switch 2 5 P packets controlling management CGMP 6 20 See also traffic parallel links 8 32 passwords changing 6 11 community strings 6 49 in clusters 5 16 5 21 in CMS 2 32 recovery of 9 23 9 24 setting 6 11 TACACS server 6 51 VTP domain 8 14 patch panel 1 1...

Page 358: ...ex mode 7 2 7 21 dynamic configuring 8 40 See also dynamic port VLAN membership dynamic access 2 12 hosts on 8 42 mode 8 5 and VLAN combinations 8 6 dynamic VLAN membership reconfirming 8 40 features conflicting 9 7 flooded traffic 7 5 forwarding resuming 7 5 Gigabit Ethernet configuring flow control on 7 3 settings 7 2 ISL trunk 2 12 LRE 7 16 monitoring 8 27 multi VLAN 2 12 8 5 8 7 8 8 network 8 ...

Page 359: ... ports privileged EXEC mode 3 3 privilege levels access modes read only 2 33 read write 2 33 CMS 2 33 command switch 5 26 mapping on member switches 5 26 setting 6 11 specifying 6 12 profiles LRE considerations 7 19 switch clusters 5 19 default 7 17 assigning 7 23 described 7 16 private 7 17 assigning 7 23 LRE 10 7 17 LRE 10 1 7 17 LRE 10 3 7 17 LRE 10 5 7 18 LRE 10LL 7 18 LRE 15 7 17 LRE 15LL 7 1...

Page 360: ...read only access mode 2 33 read write access mode 2 33 reconfirmation interval changing 8 41 reconfirming dynamic VLAN membership 8 40 recovery procedures 9 18 redisplaying commands 3 5 redundancy STP 6 34 path cost 8 34 port priority 8 32 UplinkFast 6 36 redundant clusters See cluster standby group redundant power system See RPS Refresh button 2 31 registors system messages A 33 relay device conf...

Page 361: ...fault changing 4 7 duplex mode 7 2 7 3 7 21 Gigabit Ethernet port 7 2 speed 7 3 7 21 STP 6 35 STP default 6 35 set top box television 1 17 setup program xv 4 2 See also release notes severity levels described A 3 table A 3 show cluster members command 5 26 show controllers ethernet controller command 7 21 show controllers lre commands 7 20 7 22 7 23 show controllers lre profile mapping 7 23 show c...

Page 362: ... 13 See also cluster standby group and HSRP standby group cluster See cluster standby group and HSRP static access mode 2 12 static access ports assigning to VLAN 8 7 8 25 described 8 7 VLAN membership combinations 8 6 static addresses adding 6 19 configuring for EtherChannel port groups 6 20 described 6 15 6 19 removing 6 19 See also static address static address forwarding 6 19 static address fo...

Page 363: ...ages See SPANTREE system messages SunNet Manager 1 6 switch clustering technology 5 1 See clusters switch switch commands xvi See switch command reference switching mode store and forward 7 4 Switch Manager 2 2 2 35 See also Device Manager Switch Port Analyzer See SPAN switchport command 8 28 switch ports configuring 7 1 switch software releases 4 2 switch statistics 9 2 switch upgrades See upgrad...

Page 364: ...essages technical assistance See TAC Telnet access 4 4 accessing management interfaces 3 7 from a browser 3 7 terminal driver system messages See TTYDRIVER system messages TFTP server configuring 6 5 time daylight saving 6 12 setting 6 12 zones 6 12 tip symbol definition of xvii TLV support 8 11 Token Ring VLANs overview 8 20 TRBRF 8 11 8 22 TRCRF 8 11 8 22 toolbar 2 23 tool tips 2 29 Topology vie...

Page 365: ...29 trunks allowed VLAN list 8 29 ATM 8 27 blocking unknown packets on 8 27 configuration conflicts 8 27 configuring 8 28 disabling 8 29 Gigabit Ethernet 8 26 IEEE 802 1Q 8 26 interacting with other features 8 27 ISL 8 26 load sharing using STP path costs 8 34 STP port priorities 8 32 native VLAN for untagged traffic 8 30 overview 8 26 parallel 8 34 pruning eligible list 8 30 VLAN overview 8 26 VLA...

Page 366: ...s 2 12 8 5 port group parameters 7 8 See also dynamic VLAN membership vlan membership traps 6 49 VLAN Query Protocol See VQP VLANs 802 1Q considerations 8 26 adding to database 8 24 aging dynamic addresses 6 34 allowed on trunk 8 29 changing 8 24 configuration guidelines 8 21 configuring 8 1 8 23 default configuration 8 21 deleting from database 8 25 described 8 2 illustrated 8 2 ISL 8 26 MAC addr...

Page 367: ...idelines 8 13 configuring 8 16 consistency checks 8 11 database 8 20 8 23 default configuration 8 15 described 8 9 disabling 8 18 domain names 8 13 domains 8 9 modes client 8 10 configurations affecting mode changes 8 10 configuring 8 17 server 8 10 8 16 transitions 8 10 transparent 8 7 8 10 8 18 monitoring 8 20 pruning enabling 8 19 overview 8 12 pruning eligible list changing 8 30 statistics 8 2...

Page 368: ...Index IN 26 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78 6511 08 ...

Reviews:

No comments

Related manuals for Catalyst 2900 Series XL

Verizon DSL-2750B

Brand: D-Link Pages: 2

Brand: D-Link Pages: 4

Brand: Panasonic Pages: 44

Brand: Cabletron Systems Pages: 21

Brand: Javad Pages: 35

Brand: Fortinet Pages: 20

OCTOPUS 5TX-EEC

Brand: Hirschmann Pages: 6

Brand: Kohler Pages: 32

Brand: LevelOne Pages: 3

Brand: XtendLan Pages: 21

Brand: Ariesys Pages: 10

Brand: Valcom Pages: 4

Brand: DPS Telecom Pages: 80

Brand: Premio Pages: 2

32R1860 - Nortel Layer 2/3 Copper GbE Switch...

Brand: IBM Pages: 14

Network Video Recorder

Brand: IC Realtime Pages: 118

Mobile Network Video Recorder

Brand: IC Realtime Pages: 158

Brand: Cisco Pages: 22

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands