|
|
This chapter describes the features and management characteristics of the management interfaces. You can use these interfaces to monitor and configure a switch or a group of switches.
There are three web-based management tools that you access via a browser such as Netscape Navigator or Microsoft Internet Explorer:
There are two other interfaces you can use to manage a switch or group of switches:
Table 3-1 lists the key features and defaults of this release and cross-references the descriptions for changing them with the CLI or an HTML interface.
You can access the web-based interfaces through the browsers listed in Table 2-1. The switch checks the browser version when starting an HTML session to ensure that the browser is supported. If the browser is not supported, the switch displays an error message, and the HTML session does not start.
The minimum requirement for a PC is a Pentium processor running at 166 MHz with
64 MB of DRAM. The minimum requirement for a UNIX workstation is a Sun Ultra 1 running at 143 MHz.
The following operating systems are supported for HTML management:
| Browser | Minimum Version | Supported Versions |
|---|---|---|
Netscape Communicator | 4.5 | 4.5, 4.51 |
Microsoft Internet Explorer | 4.01a | 4.01, 5.0 |
Table 2-2 lists the configuration that yields the best results for the HTML interfaces.
| OS | Processor Speed | DRAM | Number of Colors | Resolution | Font Size |
|---|---|---|---|---|---|
WindowsNT | Pentium 300 MHz | 128 MB | 65536 | 1024x768 | Small |
Follow these steps to configure Netscape Communicator:
Step 1 Start Netscape Communicator.
Step 2 From the menu bar, select Edit>Preferences.
Step 3 In the Preferences window, click Advanced.
(a) Select the Enable Java, Enable JavaScript, and Enable Style Sheets check boxes.
(b) Click OK to return to the browser Home page.
Step 4 From the menu bar, select Edit>Preferences.
(a) In the Preferences window, click Advanced Cache, and select Every time.
(b) Click OK to return to the browser Home page.
Follow these steps to configure Microsoft Internet Explorer 4.01:
Step 1 Start Internet Explorer.
Step 2 From the menu bar, select View>Internet Options.
Step 3 In the Internet Options window, click Advanced.
(a) Scroll through the list of options until you see Java VM. Select the Java JIT compiler enabled and Java logging enabled check boxes.
(b) Click Apply.
(c) Click General. In the Temporary Internet Files section, click Settings. The Settings window opens.
Step 4 Click Every visit to the page, and click OK.
Step 5 In the Internet Options window, click Security.
(a) In the Zone drop-down list, select Trusted Sites Zone.
(b) In the Trusted Sites Zone section, click Custom.
(c) Click Settings.
Step 6 Select Java>Java Permissions section, and select Custom.
Click Java Custom Setting, which appears at the bottom of the window.
Step 7 In the Trusted Sites Zone window, click Edit Permissions.
(a) If the buttons under Run Unsigned Content are not available, select either Medium or Low security in the Reset Java Permissions list box. Click Reset.
(b) Under Run Unsigned Content, select Enable, and click OK.
Step 8 In the Security Settings window, click OK.
Step 9 In the Internet Options window, click Security.
(a) Verify that the Zone drop-down list is set to Trusted Sites Zone.
(b) In the Trusted Sites Zone section, click Add Sites.
Step 10 In the Trusted Sites Zone window, deselect the Require server verification check box.
(a) In the Add this Web site to the Zone field, enter the IP address of the cluster command switch, as in this example:
(b) Click Add, and then click OK.
Step 11 In the Internet Options window, click Apply, and then click OK.
Follow these steps to configure Microsoft Internet Explorer 5.0:
Step 1 Start Internet Explorer.
Step 2 From the menu bar, select Tools>Internet Options.
Step 3 In the Internet Options window, click Security.
Step 4 Select the Trusted Sites icon and click Sites....
Step 5 Deselect the Require server verification checkbox and click Add.
Step 6 Add the switches you want to manage by entering their URLs in the Add this web site to the zone field. A URL is the switch IP address preceded by http://.
Step 7 After you have finished entering the URLs for your switches, click OK.
Step 8 Still in the Security tab of Internet Options, click Custom Level...
Step 9 In the Security Settings dialog box, scroll down to the Java>Java permissions section.
Step 10 Select Custom. This enables the Java Custom Settings button.
Step 11 Click Java Custom Settings and then select Edit Permissions.
Step 12 Under Run Unsigned Content, click Enable, and click OK.
Step 13 Click OK to close the Security Settings dialog box.
CVSM is a web-based device-management site for configuring and monitoring your switch. Because the switch is preconfigured, CVSM pages show the settings that the switch is using. You change the configuration settings by entering information in fields, adding and removing list items, or selecting check boxes. In addition, the CVSM Home page displays a live image of the switch (see Figure 2-2). The LEDs reflect the current status of the switch, and you can click on ports to configure them.
When you enter information in a CVSM field and click Apply, the change becomes part of the running (current) configuration. If you make a mistake and want to retype an entry, click Cancel to undo your first entry. Items added to or removed from lists in CVSM immediately become part of the running configuration, and you do not need to click Apply.
The switch must have an IP address before you can access CVSM. For instructions on assigning the IP address, see the "CLI Commands for Assigning IP Information to the Switch" section. Follow these steps to access CVSM:
Step 1 Be sure that you have configured your browser correctly. See the "Preparing to Use the Web-Based Management Interfaces" section for more information.
Step 2 Start the browser.
Step 3 Enter the switch IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer).
Step 4 Press Return. The Cisco Systems Access page (see Figure 2-1) is displayed.
Step 5 Click Visual Switch Manager to display the CVSM Home page, shown in Figure 3-4.
The CVSM Home page displays when you click Visual Switch Manager on the Cisco Systems Access page. All the CVSM pages have a Home button that you can click to return to this page. From the Home page you can monitor and configure the port as described in Figure 2-2.
The other web-based tools are available from the CVSM Home page. Depending on your network, you can click Cluster Management to create and manage clusters of switches or Switch Network View to display the stack connected to the switch.
You can bookmark the IP address to easily retrieve the Home page for later use.
You can access the device-management features of this release from the Home page drop-down menus, such as the Port menu shown in Figure 2-3. Table 2-3 describes the menu options and their function.
| Menu Bar Choices | Task | ||
|---|---|---|---|
| Port | |||
Port Configuration | Enable or disable ports and set port parameters. | ||
Port Grouping (EC) | Group ports into logical units for high-speed links between switches. | ||
Switch Port Analyzer (SPAN) | Enable SPAN port monitoring. | ||
Flooding Controls | Enable broadcast storm control, assign a network port, and block unicast and multicast flooding on a per-port basis. | ||
| System | |||
System Configuration | Save the running configuration, and upgrade firmware via Trivial File Transfer Protocol (TFTP). | ||
System Time Management | Configure the time on the switch, or configure the switch to receive the time from an Network Time Protocol (NTP) server. | ||
IP Management | Enter IP information for the switch. | ||
SNMP Configuration | Enter SNMP trap managers and community strings. | ||
ARP Table | Display the ARP table and change the timeout setting. | ||
| Security | |||
Address Management | Enter static addresses and the address aging time. | ||
Port Security | Enable port security. | ||
| Device | |||
| Cisco Discovery Protocol | Enable and disable CDP information. | |
Cisco Group Management Protocol | Enable and disable CGMP and CGMP Fast Leave feature. | ||
| Spanning-Tree Protocol | Display and change STP parameters for the switch. | |
| VLAN | |||
VLAN Membership | Assign ports to port-based VLANs. | ||
| Fault | |||
Logging Config | Set logging parameters. | ||
The Switch Network View page displays a map of the devices that are directly connected to a switch that is not part of a cluster. From the Network View, you can display switch-connection information, device reports, and link reports.
You display Network View from the switch home page, but its availability depends on how your switch is configured. If your switch is part of a cluster, the button displays Cluster Management. If it is not part of a cluster, the button displays Switch Network View.
If your switch is not in a cluster, click Switch Network View on the CVSM Home page to display the view shown in Figure 2-4. Blue labels identify stack members. Yellow labels identify generic edge devices connected to stack members. Network View can also display Cisco routers, switches, hubs, and Cisco Micro Webservers if they are directly attached to a switch running IOS Release 11.2(8)SA6 or later.
| Name | Purpose |
|---|---|
Visual Stack | Display live images of stack members. From this page you can:
|
Switch Manager | Display switch connection information (device type, IP address, port number) for switches that are directly connected to the primary switch. Switch stack members have blue labels, and switch edge devices have yellow labels. Click the IP address of a stack member to display the CVSM Home page for the switch. |
Toggle Labels | Alternate between displaying IP addresses and device type labels. |
Help | Display online help. |
Legend | Display the meanings of icons and links. |
To display the device pop-up menu, right-click a switch. You can select one of the following options:
Device Report | Displays the device report for the switch. The device report has three pages of switch information: configuration information, system information, and information about individual ports. |
Switch Manager | Displays the CVSM Home page for the switch. |
Cluster Management consists of three related tools that you can use to create clusters of switches, manage individual switches, and display device information, link information, and performance graphs. This section describes how you can use the following Cluster Management tools to manage your network:
See the "Creating Clusters" section for information on how to create a cluster.
Once the cluster is created, you can access Cluster Management in the following ways:
Certain features are common to all three Cluster Management tools. Table 2-5 lists the buttons on the Cluster Builder, Cluster View, and Cluster Manager pages.
| Button | Action |
Legend | Provides a legend with the meaning of icons, labels, and links. |
Save Config | Saves the current configuration of cluster switches to permanent storage. These configurations are saved in the config.text file that is used when the switches are reset. For more information, see the "Working with Files in Flash Memory" section. |
Configure your preferences for Cluster Management. The command switch saves this information in permanent storage, and you do not need to click save config. You can set these preferences:
| |
Help | Displays detailed procedures for Cluster Management tasks. |
Use Cluster Builder to automatically or manually create a cluster of switches. Devices directly connected to the command switch and running the appropriate software display in color to identify them as cluster members or candidates.
Depending on your topology, you can add all candidate switches to the cluster at once (star topology) or add them one by one (daisy-chain topology). After the cluster is created, you can collapse the entire cluster into a single icon by clicking Toggle Views to display Cluster View. Figure 2-5 shows Cluster Builder displaying a map of cluster devices.
Cluster Builder labels other network devices with the following colors:
Green | A cluster member, either as a member switch or as the command switch. |
Blue | A cluster candidate. Add these candidates to the cluster with Cluster Builder. |
Yellow | A directly connected Cisco device that cannot be a cluster member. These can be routers, hubs, switches, or other Cisco devices. |
Table 2-6 describes the active buttons in Cluster Builder, Table 2-7 describes the available menu options when you right-click a switch, and Table 2-8 describes the available menu options when you right-click a link. The menu options can vary depending on the type of device and whether it is a cluster member or not.
| Button | Action |
Cluster Manager | |
Toggle Views | Toggles between Cluster View and Cluster Builder. In Cluster View, all cluster switches are represented by a single icon. |
Toggle Labels | Changes the labels on the links and icons. The labels can be
|
Save Layout | Saves the current layout of the switch icons. As long as there are no topology changes, the saved layout displays the next time you display Cluster Builder. |
Device Links | Lists the switches and the ports that connect them. |
| Menu Item | Action |
Switch Manager | Displays the switch CVSM Home page. |
Device Report | Displays the device report for the switch. The device report has three pages of information about the switch: configuration information, system information, and port information. |
Bandwidth Graph | Displays a graph that plots the total bandwidth used by the switch. |
Host Name Config | Displays a window where you can enter a host name for the switch. |
Device Web Page | Displays the HTML interface for the device. (Not always displayed.) |
Add to Cluster | Adds the selected switch to the cluster. (Not always displayed.) |
Remove from Cluster | Removes the selected switch from the cluster. (Not always displayed.) |
Hide Candidates, Show Candidates | Hides or redisplays candidate switches. |
| Menu Item | Action |
Link Report | Displays the link report for the link. This report displays the link speed, VLAN and port group memberships, and STP state. You can display the link graphs from this report. |
Link Graph | Displays the performance graph for the link. You can plot the link utilization percentage and the total packets, bytes, and errors recorded on the link. |
Cluster View displays the cluster as a single icon and edge devices and candidate switches connected to the cluster. To access Cluster View, click the Toggle Views button in Cluster Builder.
Cluster View labels network devices with the following colors:
Yellow | Edge devices that are not running Cluster Management software |
Green | Cluster icon |
Blue | Candidate switches that are not qualified for membership |
White | Additional clusters |
Table 2-9 lists the menu options available when you right-click a device. Table 2-10 lists the menu options available when you right-click a link.
| Menu Item | Action |
Device web page | Displays the CVSM Home page for Catalyst 2900 XL and Catalyst 3500 XL switches. |
Disqualification code | Describes why the switch is not a cluster member or candidate. |
| Menu Item | Action |
Link Report | Displays the speed and duplex settings for the link, the STP state, port group memberships, and the VLANs the ports belong to. |
Link Graph | Displays the performance graph for the link. You can plot the link utilization percentage and the total packets, bytes, and errors recorded on the link. |
Cluster Manager displays live images of cluster switches that you can use to monitor and configure the devices. You can click a port, or several ports, to configure status, speed, duplex and Port Fast settings.
Click a switch chassis and right-click to display the device pop-up window. Table 2-11 describes the items available from this menu.
| Menu Item | Action |
Switch Manager | |
Device Configuration | Displays a dialog box for entering the host name, system contact, location, and system-up time. The name you enter here is displayed on the switch in Cluster Manager and Cluster Builder. The system-up time is also displayed. |
Device Report | Displays the device report for the switch. The device report consists of three pages of information about the switch: configuration information, system information, and information about individual ports. |
Bandwidth Graph | Displays a graph that plots the total bandwidth in use by the switch. |
VLAN Membership | Displays a dialog box that displays all VLANs configured on the switch. Select a VLAN, and click Display Members to show the ports that belong to the VLAN. Use the legend on the page to understand the VLAN port types. |
This section introduces the Cisco IOS command-line interface (CLI). The Cisco IOS Desktop Switching Command Reference: Catalyst 2900 Series XL
and Catalyst 3500 Series XL Cisco IOS Release 11.2(8)SA6 is a complete description of commands that have been created or changed for the switches. The documentation set for Cisco IOS Release 11.2(8) describes the other command switches.
This section describes how to perform the following tasks:
This section describes the Cisco IOS command-mode structure. Each command mode supports specific Cisco IOS commands. For example, the interface type_number command is used only from global configuration mode.
The switch supports the following command modes:
Table 2-12 describes how to access each mode, the prompt you see in that mode, and how to exit the mode. The examples in the table use the host name switch.
| Modes | Access Method | Prompt | Exit Method | About This Mode1 |
|---|---|---|---|---|
Begin a session with your switch. | switch> | Enter the logout command or quit. | Use this mode to
| |
Enter the enable command while in user EXEC mode. | switch# | Enter the disable command to exit. | Use this mode to verify commands you have entered. Access to this mode should be protected with a password. | |
VLAN database (Enterprise Edition Software only) | Enter the vlan database command while in privileged EXEC mode. | switch(vlan)# | To exit to privileged EXEC mode, enter exit. | Use this mode to configure VLAN-specific parameters. |
Enter the configure command while in privileged EXEC mode. | switch(config)# | To exit to privileged EXEC mode, enter the exit or end command, or press Ctrl-Z. | Use this mode to configure parameters that apply to your switch as a whole. | |
Enter the interface command (with a specific interface) while in global configuration mode. | switch(config-if)# | To exit to global configuration mode, enter the exit command. Press Ctrl-Z or enter end to return to privileged EXEC mode. | Use this mode to configure parameters for the Ethernet interfaces. | |
Specify a line with the line vty or line console command while in global configuration mode. | switch(config-line) # | To exit to global configuration mode, enter the exit command. Press Ctrl-Z or enter end to return to privileged EXEC mode. | Use this mode to configure parameters for the terminal line. |
| 1For any of the modes, you can see a comprehensive list of the available commands by entering a question mark (?) at the prompt. |
switch# rcommand 3
If you do not know the member-switch number, enter the EXEC mode show cluster members command on the command switch. When you display the member-switch CLI, the command mode changes and the IOS commands then operate as usual.
See the "Starting a Telnet Session from the Browser" section for instructions on starting a Telnet session to the switch.
Because many privileged EXEC commands are used to set operating parameters, you should password-protect these commands to prevent unauthorized use.
There are two commands for setting passwords:
You must enter one of these commands to gain access to privileged EXEC mode. It is recommended that you use the enable secret command.
If you enter the enable password command, the text is written as entered to the config.text file where you can read it. If you enter the enable secret command, the text is encrypted before it is written to the config.text file, and it is unreadable.
Both types of passwords can contain from 1 to 25 uppercase and lowercase alphanumeric characters, and both can start with a number. Spaces are also valid password characters; for example, two words is a valid password. Leading spaces are ignored; trailing spaces are recognized.
When Cluster Management suggests a candidate to add to a cluster, there is a field where you can enter the enable password of the candidate. If you enter the password that has already been defined for the candidate, the switch joins the cluster and then inherits the enable password of the command switch. See the "Automatically Discovering Cluster Candidates" section for more information on managing enable passwords in Cluster Management.
To unset a password, use the no version of the commands: no enable password or no enable secret.
If you lose or forget your enable password, see the "Recovering from a Lost or Forgotten Password" section.
You can use the question mark (?) and arrow keys to help you enter commands.
For a list of available commands in a command mode, enter a question mark:
switch> ?
To complete a command, enter a few known characters followed by a tab (with no space):
switch# sh conf<tab>
switch#sh configuration
For a list of command variables, enter the command followed by a space and a question mark:
switch> show ?
To redisplay a command you previously entered, press the up-arrow key. You can continue to press the up-arrow key for more commands.
You only have to enter enough characters for the switch to recognize the command as unique. This example shows how to enter the show configuration command:
switch# show conf
The word no can be used to create a no form of a command. The no form of a command does the following:
Table 2-13 lists some error messages that you might encounter while using the CLI to configure your switch.
| Error Message | Meaning | How to Get Help |
|---|---|---|
% Ambiguous command: "show con" | You did not enter enough characters for your switch to recognize the command. | Reenter the command followed by a question mark (?) with a space between the command and the question mark. The possible keywords that you can enter with the command are displayed. |
% Incomplete command. | You did not enter all of the keywords or values required by this command. | Reenter the command followed by a question mark (?) with a space between the command and the question mark. The possible keywords that you can enter with the command are displayed. |
% Invalid input detected at `^' marker. | You entered the command incorrectly. The caret (^) marks the point of the error. | Enter a question mark (?) to display all of the commands that are available in this command mode. The possible keywords that you can enter with the command are displayed. |
The following procedure describes one way to configure a password for Telnet.
| Task | Prompt | Command |
|---|---|---|
Step 1 Attach a PC or workstation with emulation software to the switch console port. The default data characteristics of the console port are 9600, 8, 1, no parity. When the command line appears, go to Step 2. |
|
|
Step 2 Enter privileged EXEC mode. | | enable |
Step 3 Enter global configuration mode. | | config terminal |
Step 4 Enter the interface configuration mode for the Telnet interface. There are 16 possible sessions on a command-capable switch. The 0 and 15 indicate that you are configuring all 16 possible Telnet sessions. | | line vty 0 15 |
Step 5 Enter a password. | | password password |
Step 6 Return to privileged EXEC mode so that you can verify the entry. | | end |
Step 7 Display the running configuration. The password is listed under the command line vty 0 15. | | show running-config |
Step 8 As an option, save the running configuration to the startup configuration. | | copy running-config startup-config |
Follow this procedure to start a Telnet session via a browser:
Step 1 Start one of the supported browsers.
Step 2 In the URL field, enter the IP address of the command switch.
Step 3 When the Cisco Access page (Figure 2-1) is displayed, click Telnet - to the switch to start the Telnet session.
You can use the file system in Flash memory to copy files and to troubleshoot configuration problems. Use the privileged EXEC dir flash: command to display the contents of Flash memory:
Switch# dir flash: Directory of flash: 2 -rwx 843947 Mar 01 1993 00:02:18 C2900XL-h-mz-112.8-SA 4 drwx 3776 Mar 01 1993 01:23:24 html 66 -rwx 130 Jan 01 1970 00:01:19 env_vars 68 -rwx 1296 Mar 01 1993 06:55:51 config.text 1728000 bytes total (456704 bytes free)
The file system uses a URL-based file specification. The following example uses the TFTP protocol to copy the file conffile.txt from the host arno to switch Flash memory with the name bootfile:
switch# copy tftp://arno//2900/conffile.txt flash:bootfile
You can enter the following parameters as part of a filename:
Use the copy running-config startup-config command to save your configuration changes to Flash memory so that they are not lost if there is a system reload or power outage. This example shows how to use this command to save your changes:
Switch# copy running-config startup-config Building configuration...
It might take a minute or two to save the configuration to Flash memory. After it has been saved, the following message appears:
[OK] switch#
This section describes how to access Management Information Base (MIB) objects to configure and manage your switch. It provides the following information:
The MIB files contain variables that can be set or read to provide information about the switch, such as the traps generated by the switch.
The following MIB files contain the MIB and trap information for the switch:
You can obtain each MIB file with the following procedure:
Step 1 Use FTP to access the server ftp.cisco.com.
Step 2 Log in with the username anonymous.
Step 3 Enter your e-mail username when prompted for the password.
Step 4 At the ftp> prompt, change directories to /pub/mibs.
Step 5 Use the get README command to display the readme file containing a list of available files.
Step 6 Use the get MIB_filename command to obtain a copy of the MIB file.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
The switch MIB variables are accessible through SNMP, an application-layer protocol facilitating the exchange of management information between network devices. The SNMP system consists of three parts: SNMP manager, SNMP agent, and MIB.
Instead of defining a large set of commands, SNMP places all operations in a get-request, get-next-request, and set-request format. For example, an SNMP manager can get a value from an SNMP agent or store a value into that SNMP agent. The SNMP manager can be part of a network management system (NMS), and the SNMP agent can reside on a networking device such as a switch. You can compile the switch MIB files with your network management software. The SNMP agent can respond to MIB-related queries being sent by the NMS.
An example of an NMS is the CiscoWorks network management software. CiscoWorks software uses the switch MIB variables to set device variables and to poll devices on the network for specific information. The results of a poll can be displayed as a graph and analyzed in order to troubleshoot internetworking problems, increase network performance, verify the configuration of devices, monitor traffic loads, and more.
As shown in Figure 2-8, the SNMP agent gathers data from the MIB, which is the repository for information about device parameters and network data. The agent can send traps, or notification of certain events, to the manager.
The SNMP manager uses information in the MIB to perform the operations described in Table 2-14.
| Operation | Description |
|---|---|
get-request | |
get-next-request | Retrieve a value from a variable within a table.1 |
The reply to a get-request, get-next-request, and set-request sent by an NMS. | |
Store a value in a specific variable. | |
An unsolicited message sent by an SNMP agent to an SNMP manager indicating that some event has occurred. |
| 1With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table |
SNMP must be enabled for the Cluster Management reporting and graphing features to function properly. When you power-up your switch for the first time, SNMP is enabled if you enter the IP information via the setup program and accept its proposed configuration. If you did not use the setup program to enter the IP information, and SNMP was not enabled, you can enable it on the SNMP page described in the "Disabling and Enabling SNMP" section.
When a cluster is created, the command switch manages the exchange of messages between member switches and an SNMP application by appending the host name of the member switch to the first configured RW and RO community strings. The command switch uses this community string to control the forwarding of messages, such as traps, between the SNMP management station and the member switches, as shown in Figure 2-9. However, if a member switch has its own IP address and community strings, they can be used in addition to the access provided by the command switch.
Posted: Wed May 26 10:47:59 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.