|
|
This chapter explains how to use the switch manager to change the configuration settings and to monitor the switch. This chapter assumes that you have already performed these preliminary tasks that are described in this guide or in the Quick Start Guide: Catalyst 1900 Series Ethernet Switches:
At the top of each switch manager page is a menu bar. Figure 3-1 describes the functions of the pages accessible from this bar.
You can assign or change basic descriptions about the switch. You can also assign an encrypted (secret) privileged-level password to the switch management interfaces and monitor network activity through the live switch image.
From the switch manager, you can open a Telnet session on the management console and contact Cisco Systems resources.
To display the Home Page (Figure 3-2), click HOME on the menu bar.
You can assign or change the following information about the switch:
 | Caution Do not use "-NN" (where NN is a number) in the name you define for the switch. When the switch joins a cluster, the command switch overwrites any name containing "-NN." |
The name you assign to the switch is kept even when the switch joins or leaves a cluster. If the switch does not have a name before it joins a cluster, the command switch assigns it a name that consists of the command-switch name and a number that reflects when the switch was added to the cluster. For example, a command switch can name a Catalyst 1900 switch eng-cluster-5, where eng-cluster is the command-switch name and 5 means that it is the fifth switch to join the cluster. When the switch name is viewed from the Cluster Management applications, the name is truncated to 32 characters. If the switch leaves the cluster, the switch keeps the name given by the command switch.
When the switch is a cluster member, the Member Switch Host Name field also displays the switch name at the top of each switch manager page. Therefore, the names in the Host Name and Member Switch Host Name fields are identical.
The Switch IP Address field displays the IP address of the switch itself, which is typically assigned after the switch is installed. (See the "Assigning IP Information and a Password to the Switch" section.) If the switch does not have an IP address, the Switch IP Address field displays 0.0.0.0. When the switch is a cluster member, the Command Switch IP field displays the command-switch IP address at the top of each switch manager page.
If you do not assign an IP address to the switch, you must add the switch to a switch cluster and manage it through the command switch. Whether or not the switch has its own IP address, when the switch is a cluster member, it is managed and communicates with other member switches through the IP address of the command switch. If the switch leaves the cluster and it does not have its own IP address, you then must assign IP information to it to manage and monitor it as a nonmember switch.
For additional information, see the "Assigning or Changing IP Information" section. For information about IP information in switch clusters, refer to the Cisco IOS Desktop Switch Software Configuration Guide, Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)XP.
The password you assign from the Assign/Change Password field on the Home Page is an encrypted (secret) privileged-level password. This password provides higher security and supersedes any existing unencrypted privileged-level password, including the unencrypted privileged-level password that is assigned from the [P] Console Password option on the Management Console Logon Screen. (For information about where you can assign privileged-level passwords, see the "Privileged-Level Passwords" section.)
Follow these steps to assign an encrypted privileged-level password to the switch or to change the existing switch password to an encrypted privileged-level password:
Step 1 Enter a new password in the Assign/Change Password field. The password can be 1 to 25 characters and is case sensitive. You can use any character found on the keyboard, including spaces and double-quotation marks. A multistring password (such as two words) is also valid.
Step 2 Reenter the same string in the Reconfirm Password field.
Step 3 Click Apply.
Step 4 Access the switch manager by using the newly assigned password.
When your switch is a cluster member, the highest privileged-level password for the command switch is the privileged-level password to the switch. The command-switch password overwrites any switch-specific passwords. For more information about passwords in switch clusters, see the "Cluster Member Passwords" section.
If you have lost or forgotten the password, see the "Recovering from a Lost or Forgotten Password" section.
If you plan to manage the switch outside of a switch cluster, you can assign an unencrypted or encrypted privileged-level password to the switch to restrict access to its management interfaces (Table 3-1).
| Privileged-Level Password | Assigned from... |
|---|---|
Unencrypted | |
Encrypted |
Read and Write community strings operate as passwords to the switch when managing it from an SNMP management station. See the "Changing the SNMP Settings" section.
For information about the user-level passwords, refer to the online-only Catalyst 1900 Series and Catalyst 2820 Series Command Reference.
When the switch joins a cluster, the highest privileged-level password (encrypted or unencrypted) of the command switch supersedes any existing password for the switch. Keep in mind the following considerations:
For password information about switch clusters, refer to the Cisco IOS Desktop Switch Software Configuration Guide, Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)XP.
If you are using a remote station, you can use the LEDs and the Mode button on the switch image to monitor the switch. The switch image on the Home Page shows the front-panel LED colors at the last polling interval and refreshes every 30 seconds.
The colors of the system status (SYSTEM) LED on the switch image show that the switch is receiving power and functioning properly (Table 3-2).
| Color | System Status |
|---|---|
Solid green | Switch is operating normally. |
Solid amber | Switch is receiving power but might not be functioning properly. One or more power-on self-test (POST) errors occurred. The Management Console Logon Screen message identifies which nonfatal test(s) failed. Note If a fatal error occurs, the switch is not operational, and no message is displayed. (See the "Powering Up and Using POST to Test the Switch" section and the "Understanding POST Failures" section.) |
The colors of the redundant power system (RPS) LED show the status (Table 3-3) of a connected Cisco RPS (model PWR600-AC-RPS). For more information about the RPS, see the "Power Connectors" section.
| Color | RPS Status |
|---|---|
Black (off) | RPS is off or is not installed. |
Solid green | RPS is operational. |
Blinking green | RPS and the switch AC power supply are both powered up. Note This is not a recommended configuration. For more information, see the "Power Connectors" section. |
Solid amber | RPS is connected but is not functioning properly. One of the power supplies in the RPS could be powered down, or a fan on the RPS could have failed. |
Each port has an LED above it. These LEDs, as a group or individually, display information about the switch and about individual ports (Table 3-4).
| Mode | Determines... |
|---|---|
Port status (default) | Status of individual ports |
Bandwidth utilization | Percentage of the switch total bandwidth being used at any one time |
Full-duplex operation | Which ports are operating in half- or full-duplex mode |
Click the Mode button on the switch image to change the mode of the port LEDs. The STAT (port status), UTL (switch utilization), and FDUP (port duplex mode) LEDs show which mode is active (Table 3-5). The selected mode remains on approximately for 30 seconds before returning to the default mode (port status). You can change the default mode from the Console Settings Menu on the management console.
| For this Mode... | Push the Mode Button Until... |
|---|---|
Port status (STAT) | Only the STAT LED is green. |
Bandwidth utilization (UTL) | Only the UTL LED is green. |
Full-duplex operation (FDUP) | Only the FDUP LED is green. |
The port status mode is the default mode. In this mode, the colors of the LEDs above the ports show the status of those ports (Table 3-6). You cannot change the default mode from the switch manager; instead, you must use the Console Settings Menu on the management console. (See the "Console Settings Menu" section.)
| Color | Port Status |
|---|---|
Blue (off) | No link. |
Solid green | Link operational. |
Alternating green | Link fault. Error frames can affect connectivity. Excessive collisions, CRC errors, and alignment and jabber errors are monitored for a link-fault indication. |
Solid amber | Port is not forwarding. This could be because the port was disabled by management, suspended because of an address violation, or suspended by Spanning-Tree Protocol (STP) because of network loops. |
In the UTL mode, the port LEDs as a group show the switch bandwidth being used at any one time. The more LEDs that are lit, the higher the bandwidth being used. The peak utilization is recorded in the bandwidth-capture interval, described in the "Bandwidth Usage Report" section.
| 12 10BaseT Ports | 24 10BaseT Ports | ||
|---|---|---|---|
| Port LEDs | Mbps Activity | Port LEDs | Mbps Activity |
1 to 4 | 0.1 to < 1.5 | 1 to 8 | 0.1 to < 6 |
5 to 8 | 1.5 to < 20 | 9 to 16 | 6 to < 120 |
9 to 12 | 20 to 140 | 17 to 24 | 120 to 280 |
The colors of the LEDs in FDUP mode show which 10BaseT and 100BaseT ports are operating in full-duplex mode (Table 3-8).
| Color | Full-Duplex |
|---|---|
Blue | Half-duplex mode is operational. |
Green | Full-duplex mode is operational. |
Click Cluster Management to display the Cluster Management applications on the command switch. This button is available only when the switch is a cluster member. For information about the Cluster Management applications, refer to the Cisco IOS Desktop Switch Software Configuration Guide, Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)XP.
Click Telnet to open a Telnet session on the management console. At the prompt, enter the switch password or, if applicable, the command-switch password.
The Home Page provides these links to connect to Cisco Systems resources:
You can change the settings of the 10- and 100-Mbps ports. To display the Port Management Page (Figure 3-3), click PORT on the menu bar, or click the port on the switch image.
By default, all ports are enabled to transmit and receive data. To disable a port:
Step 1 Deselect the Enable check box in the Status: Requested/Actual column.
Step 2 Click Apply.
A linkDown trap is sent to the management station if you configured an SNMP manager.
Step 3 Click Home to display the switch image. The port LED for a disabled port is amber.
To re-enable a port:
Step 1 Select the Enable check box in the Status: Requested/Actual column.
Step 2 Click Apply.
A linkUp trap is sent to the management station if you configured an SNMP manager.
Step 3 Click Home to display the switch image. If the enabled port is connected to a device, the port LED is green; otherwise, it is blue.
Each port is always in one of the states listed in Table 3-9.
| Port Status | Description |
|---|---|
Port can transmit and receive data. | |
Port is disabled by management action. Port must be manually re-enabled. | |
Port is suspended because of no linkbeat. This is usually because the attached station is disconnected or powered-down. Port automatically returns to enabled state when the condition causing the suspension is removed. | |
Port is suspended because attached station is jabbering. Port automatically returns to enabled state when the condition causing the suspension is removed. | |
Port is suspended because of an address violation. Port automatically returns to enabled state when the condition causing the suspension is removed. | |
Port is disabled because it failed a self-test. | |
Port is disabled because of an address violation. Port must be manually enabled. | |
Port is in the reset state. |
The default duplex mode depends on the port type:
To change the port duplex mode:
Step 1 Select half duplex, full duplex, full duplex with flow control, or autonegotiate from the Duplex Mode: Requested/Actual drop-down list.
The default for the 10-Mbps ports and the 100-Mbps fiber-optic ports is half duplex. The default for the 100BaseTX ports is autonegotiate.
Step 2 Click Apply.
Step 3 Click Home to display the switch image.
Step 4 Click the Mode button until the FDUP LED lights. If the port LED is blue (off), the port is running in half duplex. If the port LED is green, the port is running in full duplex.
When you use the autonegotiate option on a 100BaseTX port, it automatically configures for full-duplex operation if the connected device also supports full duplex. If the attached device does not autonegotiate, the port automatically configures itself to half duplex.
By default, all switch ports are enabled to forward unicast and multicast packets with unknown destination Media Access Control (MAC) addresses. You can enable or disable flooding on a per-port basis.
A unicast packet is information addressed to one recipient from one sender. This type of traffic typically comprises the bulk of traffic on an Ethernet LAN. A multicast packet is information sent to multiple recipients from one sender. This lightens the load on the sender and on the network because only one data stream is sent, rather than one per recipient. A broadcast packet is information sent to all nodes within a single network segment and can be a major source of congestion.
The switch forwards each unicast or multicast packet it receives according to the entries stored in the switch content-addressable memory (CAM) table. The table entries are mappings of the MAC addresses of destination end-stations and of the associated switch ports through which incoming packets are forwarded to those destination end-stations.
Flooding is the forwarding of unicast or multicast packets with unknown destination addresses to all the switch ports. (A broadcast packet is always forwarded [flooded] to all ports.) Flooding adds traffic on the switch ports. In some configurations, flooding could be unnecessary. For example, there are no unknown destinations on switch ports with only statically assigned addresses or single stations attached. In this case, you can disable flooding on these ports.
You can assign a network port to which all unknown unicast addresses are forwarded. For more information, see the "Network Port" section.
The switch can store up to 1024 address entries in memory.
For more information about address management, see the "Managing the Switch Address Tables" section. For information about multicast packet control, see the "Managing Multicast Packets with CGMP" section. For information about broadcast packet control, see the "Broadcast Storm Control" section.
To disable flooding on a port:
Step 1 Deselect the unicast or multicast check box for the port.
Step 2 Click Apply.
To enable flooding on a port:
Step 1 Select the unicast or multicast check box for the port.
Step 2 Click Apply.
By default, enhanced congestion control (ECC) is disabled on all 100-Mbps ports. This option reduces congestion on the switch and keeps the switch from dropping frames because of full transmit queues. The ECC option can be enabled on half-duplex ports and can be configured on a per-port basis on the 100-Mbps ports.
For information about ECC on the 10-Mbps ports, see the "ECC on 10-Mbps Ports" section. ECC on the 10-Mbps ports is set on a global basis, not on a per-port basis.
To enable ECC on a 100-Mbps port:
Step 1 Select one of the following modes from the Enhanced Congestion Control drop-down list.
Step 2 Click Apply.
To assign a name or description to a port:
Step 1 In the Port Name/Description column, enter the port name or a description
(up to 60 characters).
Step 2 Click Apply.
The Detailed Port Statistics Page (Figure 3-4) displays the receive and transmit statistics for the port you select. You can use this page to help identify performance or connectivity problems, which are listed under the Errors area of the page. For example, Frame Check Sequence (FCS) and alignment errors could be the result of cabling problems such as the following:
To display this page, click View... for a particular port on the Port Management Page. The errors are described in Table 3-10.
| Error | Description |
|---|---|
Number of frames received on a particular interface that are an integral number of octets in length but do not pass the Frame Check Sequence (FCS) test. | |
Number of frames received on a particular interface that are not an integral number of octets in length and do not pass the FCS test. | |
Number of frames received on a particular interface that exceed the permitted frame size. | |
Number of times this secure port receives a source address that duplicates a static address configured on another port plus the number of times a source address was seen on this port that does not match any addresses secured for the port. | |
Number of times the port detects a collision on a particular interface later than 512 bit-times into the transmission of a packet. | |
Number of frames the port defers transmission for an excessive period of time. | |
Number of times the jabber function was invoked because a frame received from this port exceeded a certain time duration. |
Packets with static addresses are usually received on any source port. The switch also supports source-port filtering on unicast and multicast addresses. This enhanced filtering enables the switch to only forward packets from source addresses when they are received on specified switch ports. These source addresses are referred to as restricted static addresses.
The switch can store up to 1024 address entries in memory.
For additional traffic control options, see the following sections:
To display the Address Table Management Page (Figure 3-5), click Address on the menu bar.
The switch provides dynamic addressing by learning the source MAC address of each packet received on each switch port and then adding the address and its associated forwarding switch port number to the Dynamic Address Table. As end-stations are added or removed from the network, the switch updates the table, adding new entries and removing unused ones.
To delete a specific entry from the Dynamic Address Table:
Step 1 Select the entry you want to delete.
Step 2 Click Remove.
As the switch reaches the maximum address limit of 1024 address entries in memory, switch performance can degrade. Address aging helps prevent this by allowing the switch to keep only dynamic addresses that remain active over a specified period of time.
During a topology change, if the Port Fast mode option on the Port Management Page is disabled, addresses are aged more quickly by using the Forward delay option on the Spanning-Tree Management Page. When the topology stabilizes, the address-aging value again takes effect.
To assign the length of time the switch stores an inactive entry, after which it is removed from the table:
Step 1 Enter the number of seconds (10 to 1000000; where 1000000 seconds is approximately 11 1/2 days) in the Aging Time field. The default is 300 seconds (5 minutes).
This value applies to all dynamic addresses in the Dynamic Address Table.
Step 2 Click Apply.
The entries in the Permanent Unicast Address Table allow MAC addresses to be permanently associated with a switch port. Unlike the Dynamic Address Table, the entries in the Permanent Unicast Address Table are manually entered or sticky-learned. (See the "Securing a Port" section.)
If the address table is full, an error message is generated. You can change the size of the address table by using the Port Security Table Page. (See the "Changing the Maximum Secure Address Count" section.) For additional information about port security, see the "Changing the Port Security Table" section.
You can assign a network port to which all unknown unicast addresses are forwarded. For more information, see the "Network Port" section.
To add a secure address to the Permanent Unicast Address Table:
Step 1 Select a switch port from the New Address scroll list.
Step 2 Enter the source MAC address in the MAC Address field. Use six hexadecimal octets, spaces are optional (such as hh hh hh hh hh hh or hhhhhhhhhhhh).
Step 3 Click Add.
Static entries do not age out and must be manually removed from the table. To delete an entry from the table:
Step 1 Select the entry you want to delete.
Step 2 Click Remove.
If the address table is full, an error message is generated. You can change the size of the address table by using the Port Security Table Page. (See the "Changing the Maximum Secure Address Count" section.)
For additional information, see the
To add a secure address to the Permanent Multicast Address Table:
Step 1 Select a switch port from the New Address scroll list.
Step 2 Enter the multicast MAC address in the MAC Address field. Use six hexadecimal octets, spaces are optional (such as hh hh hh hh hh hh or hhhhhhhhhhhh).
Step 3 Click Register.
Static entries do not age out and must be manually removed from the table. To delete an entry from the table:
Step 1 Select the entry you want to delete.
Step 2 Click Unregister.
You can use the Port Security Table Page (Figure 3-6) to prevent the switch from forwarding packets from unauthorized users and to send SNMP traps if security violations occur. To display this page, click Port Security Table from the Address Table Management Page.
By default, port security is disabled (Security check box is not selected). Secure ports restrict the use of a switch port to a specific group of source addresses (sending end-stations). When you assign source addresses to a secure port, the switch does not forward any packets from addresses outside that group.
The source addresses on a secure port are manually assigned (static) or sticky-learned. Sticky-learning takes place when the address table for a secure port does not contain a full complement of static addresses. The port sticky-learns the source address of incoming packets and automatically assigns them as static addresses.
To enable port security on a port:
Step 1 Select the check box in the Security column for the port.
Step 2 Click Apply.
To disable port security on a port:
Step 1 Deselect the check box in the Security column for the port.
Step 2 Click Apply.
If the port is not a secure port, the value in the Maximum Secure Addresses field is 0. A secure port can have from 1 to 132 secure addresses associated with it.
Limiting the number of devices that can connect to a secure port has the following advantages:
To change the number of addresses to the secure port:
Step 1 Enter a number (1 to 132) in the Maximum Secure Addresses column.
Step 2 Click Apply.
The Security Reject Count (SRC) column displays the number of unauthorized addresses seen on the secure port.
Secure ports generate address-security violations under the following conditions:
If a security violation occurs, the port can be suspended or disabled. When a port is disabled, you must manually re-enable the port. When a port is suspended, it is re-enabled when a packet containing a valid address is received. You can also choose to ignore the violation. You can define the action taken by the switch either by using the System Management Page or by using the MIB objects.
On the following switch manager pages, you can specify the action the switch takes if packets with unauthorized addresses arrive on the port:
By default, the secure port keeps its association with all static addresses even if it loses link (Clear Addresses on LinkDown check box is not selected). You can enable a secure port to clear its address associations on linkDown.
To enable the secure port to clear its address table on linkDown:
Step 1 Select the check box in the Clear Addresses on LinkDown column for the port.
Step 2 Click Apply.
To disable the secure port from clearing its address table on linkDown:
Step 1 Deselect the check box in the Clear Addresses on LinkDown column for the port.
Step 2 Click Apply.
Simple Network Management Protocol (SNMP) provides the means to manage and monitor the switch through the Management Information Base (MIB) objects. Additional information about SNMP and MIB objects is in the "Simple Network Management Protocol" section and the "Accessing MIB Files" section.
For information about how the command switch uses SNMP to manage the switch in the cluster, refer to the Cisco IOS Desktop Switch Software Configuration Guide, Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)XP.
To display the SNMP Management Page (Figure 3-7), click SNMP on the menu bar.
The default for the first Read community string is public. You can assign up to four community strings to serve as passwords that enable the switch to validate SNMP read (Get) requests from a management station.
The command-switch string contains up to 27 characters and a suffix "@esNN" where NN is the member switch number.
| Caution Do not use "@es" in the community strings you define for the switch. When the switch joins a cluster, any community string containing "@es" is deleted. |
To add or change a SNMP Read community string:
Step 1 Enter up to 32 characters in the Read Community String field. The default for the first Read community string is public.
Step 2 Click Add.
To remove a SNMP Read community string:
Step 1 Select the community string from the Current list.
Step 2 Click Remove.
The command-switch string contains up to 27 characters and a suffix "@esNN" where NN is the member switch number.
| Caution Do not use "@es" in the community strings you define for the switch. When the switch joins a cluster, any community string containing "@es" is deleted. |
To add or change a SNMP Write community string:
Step 1 Enter up to 32 characters in the Write Community String field. The default for the first Write community string is private.
Step 2 Click Add.
To remove a SNMP Write community string:
Step 1 Select the community string from the Current list.
Step 2 Click Remove.
You can assign up to four trap managers and their accompanying community strings. A trap manager can use its accompanying community string only; it cannot use the community string of another trap manager.
Trap manager settings can be configured from the switch or, if the switch is a cluster member, from the command switch.
After you have assigned the trap manager(s), the switch generates, by default, the following traps:
For more information about traps, see the "Simple Network Management Protocol" section and the "Accessing MIB Files" section.
To assign a trap manager and its community string:
Step 1 In the IP Address field, enter the IP address of the SNMP management station that can issue trap requests to the switch. Use dotted quad format (nnn.nnn.nnn.nnn).
If the switch is connected to a Domain Name System (DNS) server, you can enter the name of the trap manager instead.
Step 2 Enter a community string (up to 32 characters) in the Trap Manager Community String field.
Step 3 Click Add.
To remove a trap manager:
Step 1 Select the manager from the Current list.
Step 2 Click Remove.
By default, authentication trap generation is enabled (Enable Authentication Trap Generation check box is selected). This option enables the switch to generate authentication traps, which alert a management station of SNMP requests not accompanied by a valid community string.
To disable authentication trap generation:
Step 1 Deselect the Enable check box.
Step 2 Click Apply.
By default, linkUp/linkDown trap generation is enabled (Enable LinkUp/LinkDown Trap Generation check box is selected). This option enables the switch to generate linkDown traps when a port is suspended or disabled for any of these reasons:
The switch generates linkUp traps when a port is enabled for any of these reasons:
To disable linkUp/linkDown trap generation:
Step 1 Deselect the Enable check box.
Step 2 Click Apply.
By default, broadcast storm trap generation is disabled (Enable Broadcast Storm Trap Generation check box is not selected). When this option is enabled, the switch generates SNMP alerts when the broadcast threshold is exceeded. The alert generated is the trapbroadcastStorm. A trap is generated every 30 seconds.
For information about broadcast storm control, see the "Broadcast Storm Control" section.
To enable broadcast storm trap generation:
Step 1 Select the Enable check box.
Step 2 Click Apply.
By default, address violation trap generation is enabled (Enable Address Violation Trap Generation check box is selected). This option enables the switch to generate SNMP alerts if an address violation occurs.
To disable address violation trap generation:
Step 1 Deselect the Enable check box.
Step 2 Click Apply.
| Caution If no write manager is assigned to the switch, any management station can modify the switch MIB objects. |
To assign a write manager:
Step 1 Enter the IP address in the IP Address field. Use dotted quad format (nnn.nnn.nnn.nnn).
If the switch is connected to a DNS server, you can enter the name of the write manager instead.
Step 2 Click Add.
To remove a write manager:
Step 1 Select the manager from the Current list.
Step 2 Click Remove.
The following are two examples for using STP:
A separate spanning-tree instance runs on each bridge group, and each bridge group participates in a separate spanning tree. Each switch in a spanning tree adopts the Hello, Max age, and Delay parameters of the root bridge regardless of how it is configured. Overlapping ports (ports that belong to more than one bridge group) participate in all spanning trees to which they belong. All ports on the switch support STP, and STP is managed through the standard Bridge MIB.
For more information about bridge groups and to configure bridge groups, see the Bridge Group Configuration Menu and the "Spanning Tree Configuration Menu". For information about VLANs, refer to the Catalyst 1900 Series and Catalyst 2820 Series Enterprise Edition Software Configuration Guide.
To display the Spanning-Tree Management Page (Figure 3-8), click STP on the menu bar.
By default, STP is enabled (Enable Spanning Tree check box is selected). To disable STP:
Step 1 Deselect the Enable Spanning Tree check box.
Step 2 Click Apply.
The Operating Parameters section displays the following read-only STP settings for the current root switch, which could be defined on another switch.
Unique hexadecimal ID number that has a bridge priority and a unique MAC address. | |
Number of ports configured with STP. | |
Number of seconds a bridge waits for STP configuration messages before attempting a reconfiguration. | |
Number of seconds between the transmission of STP configuration messages. All bridges send configuration messages during reconfiguration to elect the designated root bridge. After STP completes its network discovery, only designated bridges send configuration messages. | |
Number of bridge topology changes experienced by the network. A topology change occurs as ports on any bridge change from a nonforwarding to a forwarding state or when a new root is selected. | |
ID number of the bridge identified as the root by the STP. | |
Port on this bridge with the lowest-cost path to the root bridge. This option identifies the port through which the path to the root bridge is established. N/A is displayed when STP is disabled or when this bridge is the root bridge. | |
Cost of the path from this bridge to the root bridge shown in the Designated Root field. It equals the path cost parameters held for the root port. | |
Number of seconds before a port changes from its STP learning and listening states to a forwarding state. Every bridge on the network ensures that no loop is formed before the port can forward packets. | |
Number of days (d), hours (h), minutes (min), and seconds (s) since the last topology change. |
The Spanning Tree Configuration section displays a list of STP parameters that this switch will use when it is the root switch.
To change the STP configuration on this switch:
Step 1 Enable STP if you have previously disabled it:
(a) Select the Enable Spanning Tree check box.
(b) Click Apply.
Step 3 In the Hello Time field, enter the number of seconds (1 to 10) between the transmission of STP configuration messages. The default is 2.
Step 5 In the Forward Delay field, enter the number of seconds (4 to 30) a port waits before changing from its STP learning and listening states to the forwarding state. This delay time is necessary to ensure that no loop is formed before the switch forwards a packet. The default is 15.
Step 6 Click Apply.
To change the spanning-tree parameters for a port, follow these steps:
Step 1 Enable STP if you have previously disabled it:
(a) Select the Enable Spanning Tree check box.
(b) Click Apply.
The path cost is inversely proportional to the LAN speed of the network interface at the port. A high path cost means the port has low bandwidth and should not be used, if possible. A lower path cost represents higher-speed transmission; this setting can affect which port remains enabled in the event of a loop.
This option also affects which port is to remain enabled by STP if another bridge device forms a loop with the switch.
Step 4 In the Port Fast Mode column, select a port, and select the check box to enable the Port Fast mode. The default for the 10-Mbps ports is enabled (Port Fast Mode check box is selected). The default for the 100-Mbps ports is disabled (Port Fast Mode check box is not selected).
Port Fast mode immediately brings a port from the blocking state into the forwarding state by eliminating the forward delay (the amount of time a port waits before changing from its STP learning and listening states to the forwarding state).
Step 5 Click Apply.
The State column displays the state of the port. A port can be in one of the following states:
The port is not forwarding frames and is not learning new addresses. | |
The port is not forwarding frames but is progressing toward a forwarding state. The port is not learning addresses. | |
The port is not forwarding frames but is learning addresses. | |
The port is forwarding frames and learning addresses. | |
The port has been removed from STP operation. You need to re-enable the port. |
The Forward Transitions column displays the number of times STP changed forwarding states.
Before the switch joins a cluster, CDP version 2 must be enabled on the switch. For information about enabling this option, see the "CDP Configuration/Status Menu" section. For information about cluster management and membership, refer to the Cisco IOS Desktop Switch Software Configuration Guide, Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)XP.
To display the CDP Management Page (Figure 3-9), click CDP on the menu bar.
Step 1 Select a device from the Discovered Neighboring Devices list.
Step 2 Click one of these buttons:
When you select a neighboring device and click Details on the CDP Management page, the switch manager displays the following information about that device (see CDP Details Page, Figure 3-10):
Device ID | Neighbor host name. |
Entry address | IP address. |
Platform | Description of the product platform to which the neighbor belongs. |
Capabilities | Description of the type of device (such as, repeater or switch). |
Remote Port | Description of the port on the neighbor to which this switch is connected. |
Local Port | Number and description of the port on this switch to which the neighbor is connected. |
If a neighboring Catalyst 1900 or Catalyst 2820 cluster member does not have an IP address before it joins a cluster, the command switch IP address is displayed in the Entry Address field when you select that Catalyst 1900 or Catalyst 2820 cluster member, and click Details.
To change the global CDP settings for the switch:
If a neighboring device does not receive a CDP message before the hold time expires, the device drops this switch as a neighbor. The packet hold time should be higher than the packet transmission time.
Step 3 Click Apply.
By default, CDP is enabled on all ports on the switch. If you do not want a port to exchange information with Cisco devices, you can disable CDP on that port. To disable CDP on a port:
Step 1 Select the port from the CDP Enabled list.
Step 2 Click Disable.
To enable CDP on a port:
Step 1 Select the port from the CDP Disabled list.
Step 2 Click Enable.
The remote monitoring (RMON) capability on the switch helps you monitor network traffic traversing the switch, and with the Switched Port Analyzer (SPAN) feature, you can use a single network analyzer to monitor traffic on any of the switch ports. You simply attach the network analyzer to a switch port, using that port as a monitoring port. You can also use a network analyzer on the monitoring port to troubleshoot network problems by examining the traffic on other Cisco switched ports or segments.
By default, no port on the switch is designated as the monitoring port, and no ports on the switch are monitored. Remember the following restrictions when monitoring ports:
To display the SPAN Configuration Page (Figure 3-11), click SPAN on the menu bar.
By default, port monitoring is disabled (Capturing Frames to the Monitoring Port check box is not selected).
To enable port monitoring on the switch and its port(s):
Step 1 Select the Capturing Frames to the Monitoring Port check box.
Step 2 Select the monitoring port (the port to which captured frames are sent) from the Select Monitoring Port drop-down list.
You can designate any port as the monitoring port, but the following restrictions apply:
Step 3 Select the port(s) you want to monitor from the Port Not Monitored list.
Step 4 Click Add.
To disable port monitoring on a port or ports:
Step 1 Select the port(s) that you no longer want to monitor from the Ports Monitored list.
Step 2 Click Remove.
Cisco periodically provides new firmware to implement enhancements and maintenance releases. New firmware releases can be downloaded from Cisco Connection Online (CCO), the Cisco Systems' customer web site available at the following URLs: www.cisco.com, www-china.cisco.com, and www-europe.cisco.com.
The Firmware Version field displays the firmware version being used by the switch.
| Caution If you interrupt the transfer by turning the switch off and on, the firmware could get corrupted. For recovery procedures, see the "Recovering from Corrupted Firmware" section. |
To display the Console and Upgrade Configuration Page (Figure 3-12), click Console on the menu bar.
These are the default settings of the switch console port:
If you change any of these settings, click Apply to save your changes.
By default, the management console inactivity timeout is 0 (which means the console session does not time out). You can change the number of seconds that the management console can wait without activity before it times out. After timeout, you must reenter the password.
To change the inactivity timeout setting:
Step 1 Enter the number of seconds (0, or 30 to 65500) in the Management Console Inactivity Timeout field.
Step 2 Click Apply.
The switch uses the initialization string to initialize the modem connected to the console port. This string must match your modem requirement.
By default, auto baud (match remote baud rate) is enabled (Enable Auto Baud check box is selected). This option enables the switch to automatically match the same or lower baud rate of an incoming call. After the call, the switch reverts to its configured rate.
By default, auto answer is enabled (Enable Auto Answer check box is selected). This option enables the switch to automatically answer calls.
The Firmware Version field displays the firmware version being used by the switch.
The following sections provide instructions on how to upgrade the switch firmware:
| Caution If you interrupt the transfer by turning the switch off and on, the firmware could get corrupted. For recovery procedures, see the "Recovering from Corrupted Firmware" section. |
Follow these steps to download the latest firmware from a TFTP server to your switch.
Step 1 Download the upgrade file from CCO into an appropriate directory on your TFTP server.
Step 2 Enter the IP address in the Server: IP Address or Name of TFTP Server field. Use dotted quad format (nnn.nnn.nnn.nnn).
If the switch is connected to a Domain Name System (DNS) server, you can enter the name of the TFTP server instead.
Step 3 Enter the upgrade filename (up to 80 characters) in the Filename for Firmware Upgrades field.
Step 4 Click System TFTP Upgrade to download the upgrade file from the TFTP server to the switch.
Step 5 Click OK on the confirmation prompt.
After the existing firmware validates the file, the new image is transferred into Flash memory, the switch resets, and the new firmware begins executing. If the upgrade file is invalid, the temporary image is discarded, the existing firmware continues to execute, and the firmware upgrade ends.
Step 6 Click the browser Reload button to refresh the Console and Upgrade Configuration Page.
Step 7 Ensure that the Firmware Version field displays the updated firmware version.
| Caution If you interrupt the transfer by turning the switch off and on, the firmware could get corrupted. For recovery procedures, see the "Recovering from Corrupted Firmware" section. |
Follow these steps to download the latest firmware from a TFTP client to your switch.
Step 1 Download the upgrade file from CCO into an appropriate directory on your TFTP client.
Step 2 From the client management station, establish a TFTP session with the IP address of the switch. Make sure the client station is in binary transfer mode.
Step 3 Select the Accept Upgrade Transfer from Other Hosts check box. By default, this check box is not selected.
Step 4 Download the upgrade file from the client station to the switch, using the TFTP user interface or the appropriate command for the put operation (such as, put upgrade_ filename).
After the existing firmware validates the file, the new image is transferred into Flash memory, the switch resets, and the new firmware begins executing. If the upgrade file is invalid, the temporary image is discarded, the existing firmware continues to execute, and the firmware upgrade ends.
Step 5 Click the browser Reload button to refresh the Console and Upgrade Configuration Page.
Step 6 Ensure that the Firmware Version field displays the updated firmware version.
Step 7 Deselect the Accept Upgrade Transfer from Other Hosts check box.
The Statistics Reports Page (Figure 3-13) displays the exception and utilization statistics for the switch. To display this page, click Statistics on the menu bar.
To reset the statistics for a switch port:
Step 1 Select the port from the Select Port list.
Step 2 Click Reset Port Statistics.
To reset the statistics for all ports on the switch, click Reset All Statistics.
The switch manager does not automatically refresh the statistics shown on this page. Click the browser Reload button to refresh the statistics shown on this page.
This report displays the number of receive and transmit errors for each port.
Receive | Number of giants and FCS and alignment errors |
Transmit | Number of excessive deferrals, late collisions, jabber errors, and other transmit errors |
This report displays the number of bytes received and transmitted for each port.
Receive | Number of bytes received in good packets |
Forward | Number of good frames forwarded |
Transmit | Number of bytes transmitted |
The system management settings include the switch IP information and the settings for switch performance and flood and traffic control. To display the System Management Page (Figure 3-14), click System on the menu bar.
Typically, after the switch is installed, an IP address is assigned to the switch. (See the "Assigning IP Information and a Password to the Switch" section.)
If you do not assign an IP address to the switch, you must add the switch to a switch cluster and manage it through the command switch. Whether or not the switch has its own IP address, when the switch is a cluster member, it is managed and communicates with other member switches through the IP address of the command switch. If the switch leaves the cluster and it does not have its own IP address, you then must assign IP information to it to manage and monitor it as a nonmember switch.
For information about IP information in switch clusters, refer to the Cisco IOS Desktop Switch Software Configuration Guide, Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 12.0(5)XP.
To change the switch IP information:
Step 1 Enter a new IP address for the switch in the IP Address field. Use dotted quad format (nnn.nnn.nnn.nnn).
If the switch is connected to a network that has a Dynamic Host Configuration Protocol (DHCP)/Bootstrap Protocol (BOOTP) server, the server automatically assigns it an IP address.
This field displays the IP address assigned to the switch. If the switch does not have an IP address, this field displays 0.0.0.0.
| Caution Changing the switch IP address on this page will end your switch manager session. You will need to open a new session and enter the new IP address in the URL field if you are using Communicator (the Address field if you are using Internet Explorer). |
Step 2 Enter the subnet mask for the switch in the Subnet Mask field.
Subnet masks exist only if the network has been divided up into subnetworks.
Step 4 In the Default Gateway field, enter the IP address of the default gateway. Use dotted quad format (nnn.nnn.nnn.nnn).
For automatic IP gateway assignment, see the "Routing Information Protocol" section.
Step 5 In the IP Address of DNS Server 1 and 2 fields, enter the IP address(es) of the DNS server(s). For more information about the DNS server, see the "Domain Name System Servers" section.
Step 6 Click Apply.
A network device can be identified through its IP address or its associated host name. Domain Name System (DNS) servers maintain name-to-address mappings.
If you enter the device name when using the switch management interfaces, the DNS server associated with the switch looks up the device IP address. The switch can be associated to up to two DNS servers.
To associate a DNS server to the switch:
Step 1 Enter the IP address of the DNS server in the IP Address of DNS Server field. Use dotted quad format (nnn.nnn.nnn.nnn).
Step 2 Click Apply.
By default, the Routing Information Protocol (RIP) is enabled (Use Routing Information Protocol check box is selected). RIP automatically discovers and assigns an IP gateway to the switch.
The default gateway is the router that the switch uses to reach IP subnets other than the local subnet to which the switch is attached. A default gateway is also necessary if the management station from which the switch is to be managed is not on the same IP subnet as the switch.
The switch uses these switching modes:
Although Table 3-11 shows store-and-forward experiencing the lowest latency, the figures do not include the time it takes to receive the packet, which varies according to the packet size. Table 3-12 shows the minimum and maximum packet reception latencies, which you need to add to the store-and-forward latencies in Table 3-11.
| Switching Mode | 10 Mbps to 10 Mbps | 10 Mbps to 100 Mbps | 100 Mbps to 100 Mbps | 100 Mbps to 10 Mbps |
|---|---|---|---|---|
FragmentFree (cut-through) | 70 microsec | - | 9 microsec | 10 microsec |
Store-and-forward | 7 microsec + PRL | 7 microsec + PRL | 3 microsec + PRL | 3 microsec + PRL |
| Link Speed | Minimum Latency | Maximum Latency |
|---|---|---|
10 Mbps | 51.2 microsec | 1224 microsec |
100 Mbps | 5.1 microsec | 122.4 microsec |
By default, store-and-forward for multicast frames is disabled (Enable the Use of Store-and-Forward for Multicast check box is not selected). If this option is disabled, the switch forwards multicast frames according to the switching mode. The store-and-forward mode is always used for broadcast frames.
The default action is Suspend. An address violation occurs if a secure port receives a source address statically assigned to another port or if a secure port tries to learn more than a defined number of addresses. From the Action Upon Address Violation drop-down list, you can select the action a port takes if an address violation occurs:
For information about secure ports, see the "Securing a Port" section.
A unicast address identifies one unique device on the network. However, if the switch has not received packets from the device for a while (longer than the aging period), the switch removes the device address from its address table, and the address is then an unknown unicast address. The switch must flood (send to all ports except the one the packet is received on) packets destined for the unknown unicast address in order to ensure the device receives the packet. Once the switch learns the location of the device, this flooding stops.
The use of a network port can eliminate this type of flooding. The network port that you select from the Network Port drop-down list is the destination port for all packets with unknown unicast addresses. By default, no port is assigned as the network port.
The network port
For more information about unicast addresses, see the "Enabling or Disabling Flooding of Unknown MAC Addresses" section and the "Permanent Unicast Address Table" section.
When back pressure is enabled and no buffers are available to a port, the switch generates collision frames across the affected port and causes the transmitting station to resend the packets. The switch can then use this retransmission time to clear its receive buffer by transmitting packets already in the queue.
For information about flow control on the 100-Mbps ports, see the "Flow Control" section.
By default, enhanced congestion control (ECC) is disabled on all 10-Mbps ports. An ECC-enabled port accelerates transmission of frames and empties its queue more quickly. This option reduces congestion on the switch and keeps the switch from dropping frames because of full transmit queues. The ECC option can be enabled on half-duplex ports and can be configured on a global basis for the 10-Mbps ports.
For information about ECC on the 100-Mbps ports, see the "Enabling or Disabling ECC on the 100-Mbps Ports" section. ECC on the 100-Mbps ports is set on a per-port basis, not on a global basis.
To enable ECC on a 10-Mbps port:
Step 1 Select one of the following modes from the Enhanced Congestion Control drop-down list.
Step 2 Click Apply.
Use the broadcast storm control settings to inhibit the forwarding of broadcast packets when the broadcast rate (number of broadcast packets received from a port per second) on a switch port exceeds a specified threshold. Broadcast storm control is configured for the switch as a whole, but operates on a per-port basis.
To change the broadcast storm control settings:
Step 1 Select Block or Ignore in the Action Upon Exceeding Broadcast Threshold field. The default is Ignore.
This option assigns the action the switch takes if the number of broadcast packets reaches the broadcast threshold:
When this threshold is exceeded, the switch, if configured to do so, blocks the broadcast packets received from the port and generates an SNMP alert.
Step 4 Click Apply.
A multicast packet is information sent to multiple recipients from one sender. However, sometimes multicast traffic needs to be received only on certain networks segments, and not all. Indiscriminant flooding of multicast traffic can waste bandwidth on the switch and congest each segment.
The Cisco Group Management Protocol (CGMP) dynamically creates CGMP groups, which are designated recipients of multicast traffic. This limits the transmission of multicast packets to only end-stations that request them, thereby reducing flooding of multicast traffic within the network.
IP multicast routers are required to forward multicast packets across an IP internetwork. CGMP filtering requires a network connection from a CGMP-enabled switch to a router running CGMP. End stations issue join messages to become part of a CGMP group and issue leave messages to leave the group. A CGMP-enabled router sends CGMP packets to inform the switch when specific end-stations join or leave a CGMP group. When CGMP is enabled on the switch, the switch ports forward multicast traffic only to CGMP group members.
A CGMP group remains in the switch IP Multicast Address Table until all members have left that group. The switch supports up to 64 IP multicast group registrations. For information about multicast registrations, see the "Permanent Multicast Address Table" section.
To display the CGMP Management Page (Figure 3-15), click CGMP on the menu bar.
For additional information, see the
For information about IP multicast, including Internet Group Management Protocol (IGMP), refer to RFC 1112.
By default, CGMP is enabled (Enable CGMP check box is selected) on the switch.
To disable CGMP:
Step 1 Deselect the Enable CGMP check box.
Step 2 Click Apply.
The CGMP Fast Leave option can eliminate unnecessary multicast traffic to switch ports that no longer have group members needing that specific multicast traffic. By default, the CGMP Fast Leave option is disabled (Enable CGMP Fast Leave check box is not selected).
When this option is enabled, the following rules are in effect:
To enable CGMP Fast Leave:
Step 1 Select the Enable CGMP Fast Leave check box.
Step 2 Click Apply.
Multicast routers that support CGMP periodically send CGMP join messages to advertise themselves to switches within a network. A receiving switch saves the information and sets a timer equal to the router hold time. The timer is updated every time the switch receives a CGMP join message advertising itself. When the last router hold time expires, the switch removes all IP multicast groups learned from CGMP.
To change the router hold time:
Step 1 In the Router Hold Time field, specify the number of seconds (5 to 900) the switch waits before removing all IP multicast groups learned from CGMP.
Step 2 Click Apply.
When CGMP is enabled on the switch, the switch automatically creates and dynamically maintains a table that lists the addresses of designated multicast recipients and the associated switch port(s) through which multicast traffic are forwarded to those recipients.
If you have configured bridge groups, the bridge group number is not displayed on the IP Multicast Address Table. For more information about bridge groups, see the "Bridge Group Configuration Menu" section.
| Caution Use the Remove option only to debug and recover from unexpected situations. |
To delete a specific entry from the IP Multicast Address Table:
Step 1 Select the entry you want to delete.
Step 2 Click Remove.
Click Remove All to clear the table.
CGMP filtering requires a network connection from the switch to a router running CGMP. When CGMP is enabled on the switch, the switch automatically creates and dynamically maintains a table that lists the IP address of each attached CGMP-enabled router and the switch port to which the router is attached.
To delete a specific entry from the Router Ports Table:
Step 1 Select the entry you want to delete.
Step 2 Click Remove.
Click Remove All to clear the table.
Posted: Thu Oct 28 20:03:16 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.