|
|
A cluster is a group of connected switches that are managed as a single entity. The switches can be in the same location, or they can be distributed across a contiguous Layer 2 network. All communication with cluster switches is through one IP address.
 |
Tips You can have up to 16 switches in a cluster: 1 command switch and up to 15 member switches. The command switch is the single point of access used to manage, configure, and monitor the member switches. |
Clusters can be configured for management redundancy by using the Hot Standby Router Protocol (HSRP). Figure 3-1 shows a cluster of switches with a standby command switch.
This chapter describes how to create and manage clusters of switches by using the Cluster Management Suite (CMS) applications: Cluster Builder, Cluster View, and Cluster Manager. You use Cluster Builder to create the cluster, you use Cluster View to display the devices connected to the cluster, and you use Cluster Manager to monitor and configure your cluster after it has been created.
This chapter describes how to perform the following tasks:
Anticipating conflicts and compatibility issues is a high priority when you manage several switches through a cluster. This section describes the requirements and caveats that you should understand before you create the cluster.
Before you create a cluster, you might want to consider creating a cluster with a redundant command switch. Cluster redundancy is described in the "Building a Redundant Cluster" section.
Some versions of the 2900 XL and 3500 XL software do not support clustering, and other versions do not support the features in this release. To ensure that all cluster switches are operating with the same level of software, we recommend that you upgrade all cluster switches to IOS 12.0(5)XU. Table 3-1 lists the available versions of clustering software and their capabilities.
 |
Note Catalyst 1900 and 2820 switches are always member switches. |
| Software Version | Switch Cluster Capabilities | Caveats |
|---|---|---|
Cisco IOS 12.0(5)XP and earlier | Member switch. | Features introduced with IOS 12.0(5)XU, such as VTP pruning, appear as read-only. |
Cisco IOS 12.0(5)XP and earlier | Command switch. | A 1000BaseTX module installed in a switch running IOS 12.0(5)XU does not display. |
Cisco IOS 11.2(8)SA6 | Member switch. | Features introduced with IOS 12.0(5)XU, such as VTP pruning, appear as read-only. |
Cisco IOS 11.2(8)SA5 and earlier | None. Appears as edge device. | No clustering capabilities. |
You must select a switch to be the command switch of your cluster. The command switch must satisfy the following requirements:
|
Note To avoid losing contact with cluster members when a command switch fails, you might want to create a redundant cluster. For more information, see the "Building a Redundant Cluster" section. |
Before adding a candidate switch to the cluster, you must know any assigned enable or enable secret password.
A candidate switch must satisfy the following requirements to join a cluster.
A candidate switch can have an IP address, but it is not required.
|
Note If you are unable to maintain management contact with a member, see the "Recovering from Lost Member Connectivity" section. |
Communication with the switch management interfaces is through the switch IP address. The IP address is associated with the management VLAN, which by default is VLAN 1. To manage switches in a cluster, the port connections among the command, member, and candidate switches must be connected through ports that belong to the management VLAN.
You can change the management VLAN on an existing cluster, and the command switch synchronizes activities with member switches to ensure that no loss of management connectivity occurs.
|
Note This is only valid for IOS Release 12.0(5)XU. Previous releases of the software require that switches be upgraded one at a time. |
To change the management VLAN on an existing cluster, see the "Changing the Management VLAN" section.
You create a cluster by performing these tasks:
1. Cabling together switches running clustering software
2. Assigning an IP address to one switch (the command switch) and enabling the switch as the command switch
3. Starting Cluster Builder and adding the candidate switches to the cluster
You enable the command-switch functionality through the Switch Manager or through the CLI. Before you enable a switch as a command switch, see the "Command Switch Requirements" section to ensure that the switch meets all the requirements.
Follow these steps to enable the switch as a command switch by using Visual Switch Manager (VSM):
Step 2 Click Cluster Management Suite or Visual Switch Manager on the Cisco Access Page. The switch home page displays.
Step 3 Select Cluster>Cluster Command Configuration from the menu bar.
Step 4 Select Enable on the Cluster Configuration window. You can use up to 31 characters to name your cluster.
After you have enabled the command switch, select Cluster>Cluster Builder to begin building your cluster. To enable a switch as the command switch by using the command-line interface (CLI), see the "CLI: Creating a Cluster" section.
When an edge device that does not support CDP is connected to the command switch, CDP can still discover the candidate switches that are attached to it. When a switch that does support CDP but does not support clustering is connected to the command switch, the cluster is unable to discover candidates that are attached to it. For example, Cluster Builder cannot create a cluster that includes candidates that are connected to a Catalyst 5000 series or 6000 switch connected to the command switch.
When Cluster Builder starts, it automatically prompts you to create a cluster by adding qualified candidates, as shown in Figure 3-2. The Suggested Candidate window lists each candidate switch with its device type, MAC address, and the switch through which it is connected to the cluster. When new switches are added to the topology, Cluster Builder prompts you the next time it starts to add the latest candidate to the cluster. The Suggested Candidate window does not display after the number of switches in the cluster has reached the maximum of 16.
|
Note You can always select one or more candidates in Cluster Builder and select Add to Cluster to add them to the cluster. |
When you accept the suggested candidates, enter the password of the candidate switch if one has been defined. If no password has been defined, click OK to add the switch to the cluster with no password. If you enter a password that does not match the password defined for the candidate or if you enter a password for a candidate that does not have a password, the candidate is not added to the cluster. In all cases, once a candidate switch joins a cluster, it inherits the command-switch password. For more information on setting passwords, see the "Changes to Passwords" section.
|
Note The Suggested Candidates window displays prequalified candidates whether or not they are in the same management VLAN as the command switch. If you enter the password for a candidate in a different management VLAN than the cluster and click OK, this switch is not added to the cluster. It appears as a candidate switch in Cluster Builder. For information on how to change the management VLAN, see the "Understanding Management VLAN Changes" section. |
You can set Cluster Builder to not automatically display suggested candidates. For more information, see the "Changing User Settings" section.
This procedure assumes that the candidate switches and the command switch are connected through ports that belong to the same management VLAN. The "Changing the Management VLAN" section describes the characteristics of the management VLAN.
Beginning in privileged EXEC mode on the command switch, follow these steps to enable the command switch and add candidate switches to the cluster:
| Command | Purpose | |
|---|---|---|
Step 1 | configure terminal | Enter global configuration mode. |
Step 2 | cluster enable name | Enable the command switch and name the cluster (up to 31 characters). |
Step 3 | end | Return to privileged EXEC mode. |
Step 4 | show cluster candidates | Display a list of candidates. |
Step 5 | show cluster members | Display a list of current cluster members. |
Step 6 | configure terminal | Enter global configuration mode. |
Step 7 | cluster member n mac-address hw-addr password password | Add candidates to the cluster. Assign a unique number from 1 to 15 for n. Do not use any switch number (SN) that appears in the show cluster members display. Enter the candidate switch MAC address, which can be obtained from the show cluster candidates display. |
Step 8 | end | Return to privileged EXEC mode. |
Step 9 | show cluster members | Display the status of the cluster. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
If you did not assign a host name to a member switch, the command switch appends a unique member number to its own host name and assigns it sequentially to the switch when it joins the cluster. The number indicates the order in which the switch was added to the cluster. For example, a command switch named eng-cluster could name cluster member 5 eng-cluster-5.
If you did not assign a host name to the command switch, it keeps the default host name of Switch.
If you assigned a host name to a member switch, it retains that name when it joins the cluster. A host name is also retained even after removing the switch from the cluster.
However, if your switch was part of a cluster, received its host name from the command switch, was removed and then added back to a new cluster, its host name (such as eng-cluster-5) is overwritten with the new version of the command switch host name.
The following SNMP community strings are added to a member switch when it joins a cluster:
If the command switch has multiple read-only or read-write community strings, only the first read-only and read-write strings are propagated to the member switch.
The Catalyst 2900 and 3500 XL switches support an unlimited number of community strings and string lengths.
The Catalyst 1900 and 2820 switches support up to four read-only and four read-write community strings; each string contains up to 32 characters. When these switches join the cluster, the first read-only and read-write community string on the command switch is propagated and overwrites the fourth read-only and read-write community string on the member switches. To support the 32-character string-length limitation on the Catalyst 1900 and 2820 switches, the command-switch community strings are truncated to 27 characters when propagating them to these switches, and the @esN (where N refers to the member switch number and can be up to two digits) is appended to them.
For more information about configuring community strings through Cluster Manager, see the "Configuring SNMP" section.
The member switch inherits the command-switch enable-secret or enable password when it joins the cluster and retains it when it leaves the cluster. If no command-switch password is configured, the member switch inherits a null password. Member switches only inherit the command-switch password privilege level 15.
However, certain caveats apply to Catalyst 1900 and 2820 switches as cluster members. Their passwords and privilege levels are altered in the following ways:
You can use the network map in Cluster Builder (Figure 3-3) to add a switch or switches to a cluster. Clustered switches have green labels, and candidates have blue labels. To add a single switch to a cluster, right-click the candidate, and click Add to Cluster from the pop-up menu. If the candidate is in a different management VLAN than the command switch, a message is displayed indicating that this candidate is unreachable, and you will not be able to add it to the cluster.
To add several switches to a cluster, press Ctrl, and left-click the candidates you want to add. The candidates are added if they all have the same password. If any of the candidates cannot be added, Cluster Builder displays a message explaining which candidates were not added and why.
|
Note The Add to Cluster option is disabled when the number of switches in the cluster reaches 16. |
To remove a member switch, right-click it, and select Remove from Cluster from the pop-up menu. The switch retains the password configured for it when it leaves the cluster. You can also use the CLI to remove a member switch, as described in the "CLI: Removing a Member from a Cluster" section.
If a switch does not become part of the cluster, you can learn why by selecting Views>Toggle View from the menu bar in Cluster Builder. Cluster View displays the cluster as a double-switch icon and shows connections to devices outside of the cluster (Figure 3-4). Right-click the device (yellow label), and select Disqualification Code to display the reason it did not join the cluster.
You can use the cluster setup command to add members to an existing cluster or to create a cluster. This command generates a script that proposes configuration changes and prompts you to approve or disapprove them. Enter this command from a switch that is enabled as a command switch.
|
Note Only candidate switches that are one hop away and have not been assigned an IP address are displayed by this command. You can display all valid candidates by using the show cluster candidates command, and you can display all cluster members by using the show cluster members command. |
Beginning in privileged EXEC mode on a command switch, follow these steps to add a member switch to a cluster:
| Command | Purpose | |
|---|---|---|
Step 1 | cluster setup | Start the setup script. You can end the script at any time by entering ctrl-c. |
Step 2 | Continue with cluster configuration dialog? [yes/no]: yes The following configuration command script was created: cluster member n mac-address hw-addr | The current cluster members and candidates are displayed. When prompted by the script, enter yes to accept the proposed cluster configuration or no to reject it. If you enter yes, the script displays candidates that have been added to the cluster. If you enter no, the cluster setup command ends. |
| ||
Step 3 | Use this configuration? [yes/no]: yes | Enter yes to accept the proposed configuration or no to reject it. |
Step 4 |
| If you enter yes, the candidate switches are added to the cluster. If you enter no, the cluster setup command ends. |
Step 5 | end | Return to privileged EXEC mode. |
Step 6 | show cluster members | Verify that all members have been added to the cluster. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
You remove a cluster member by entering commands on the command switch.
Beginning in privileged EXEC mode on the command switch, follow these steps to remove a member switch from the cluster:
| Command | Purpose | |
|---|---|---|
Step 1 | show cluster members | Display the status of the cluster, and note the MAC address and member number of the switch you want to remove. |
Step 2 | configure terminal | Enter global configuration mode. |
Step 3 | no cluster member n | Remove the switch from the cluster, where n is the switch member number. |
Step 4 | end | Return to privileged EXEC mode. |
Step 5 | show cluster members | Display the status of the new cluster. |
You can remove a member by entering commands on the member itself, but the member is not entirely removed from the cluster until you also enter commands on the cluster command switch. A member switch that is removed only on the member switch is considered by the command switch to be down until it is explicitly removed on the command switch.
Beginning in privileged EXEC mode on a 2900 or 3500 XL member switch, follow these steps to remove it from a cluster:
| Command | Purpose | |
|---|---|---|
Step 1 | configure terminal | On the member switch, enter global configuration mode. |
Step 2 | no cluster commander-address | Remove the member switch from the cluster. |
Step 3 | end | Return to privileged EXEC mode. |
Step 4 | show cluster | Verify that the member switch is no longer part of the cluster. |
Step 5 | show cluster members | On the command switch, display the status of the cluster, and note the MAC address and switch number of the switch you want to remove. |
Step 6 | configure terminal | Enter global configuration mode. |
Step 7 | no cluster member n | Remove the switch from the cluster. |
Step 8 | end | Return to privileged EXEC mode. |
Step 9 | show cluster members | Display the status of the new cluster. |
For information on how to remove Catalyst 1900 or 2820 member switches, refer to the Catalyst 1900 Series Installation and Configuration Guide or the Catalyst 2820 Series Installation and Configuration Guide.
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Because a cluster command switch manages the forwarding of all configuration information to cluster members, a redundant command switch is necessary to take over if the command switch fails. IOS Release 12.0(5)XU supports a version of the HSRP so that you can configure a standby group of 2900 or 3500 XL switches. When this standby group is bound to the cluster, one of the switches acts as a standby command switch that becomes active when the command switch fails. The "Understanding HSRP" section describes how the protocol works.
Redundant cabling is also required for a standby switch to automatically take over when a command switch fails. Figure 3-5 shows a network cabled to allow the standby switch to maintain management contact with the member switches if the cluster command switch fails. Spanning Tree Protocol prevents the loops in such a configuration from reducing performance.
To build a redundant cluster, you use HSRP to configure a stand-by group that contains a cluster command switch and one or more eligible member switches. The standby group is configured with a unique virtual IP address. When the standby group is bound on the command switch, the command switch receives member traffic destined for the virtual IP address.
To manage the cluster, access the command switch through the virtual IP address and not the command-switch IP address. If HSRP is enabled and you use the command-switch IP address, you can be prompted a second time for a password when you move between Cluster Builder and VSM.
|
Note The command switch forwards cluster configuration information to the standby switch but not device-configuration information. The standby command switch is informed of new cluster members but not the configuration of any given switch. |
If the command switch fails, the standby command switch assumes ownership of the virtual IP address and MAC address and begins acting as the command switch. The remaining switches in the group compare their assigned priorities to determine the new standby command switch. To configure an HSRP standby group, see the "Configuring a Cluster Standby Group" section.
If a standby switch replaces a command switch and the command switch becomes active again, the command switch resumes its role as the active command switch. An automatic recovery procedure can add cluster members that were added to the cluster while the command switch was down.
If a command switch fails and no standby command switch is configured, member switches continue forwarding among themselves, and they retain the ability to be managed through normal standalone means. You can configure member switches through the console-port CLI, and they can be managed through SNMP, HTML, and Telnet after you assign an IP address to them.
The password you enter when you log into the command switch gives you access to member switches. If the command switch fails and there is no standby command switch, you can use the command-switch password to recover. For more information, see "Recovering from a Command Switch Failure" section.
This section describes how to create a standby group and bind it to a cluster, how to add and remove members from a standby group, and how to remove a standby group from the network.
Use the Standby Command Configuration window (Figure 3-6) to create a standby group. When an active command switch fails, a new command switch is chosen from this group according to their order in their Selected list in the window.
To be eligible to join a standby group, a switch must meet the following requirements:
Any number of eligible switches can belong to a standby group.
|
Note Switches running earlier releases of the 2900 and 3500 XL software can belong to clusters supported by HSRP but cannot belong to a standby group. |
For redundancy purposes, it is also recommended that a switch belonging to a standby group have the following characteristics:
You create a standby group by moving candidates from the Candidates list to the Selected list in the Standby Command Configuration window (Figure 3-6). Eligible switches are listed in the Candidates list according to an eligibility ranking. Switches are ranked first by the number of links they have and second by the speed of the switch. If switches have the same number of links and speed, they are listed alphabetically.
When you add a switch to the standby group, you can configure the priority of group members by using the Add and Remove buttons. The command switch has the highest priority and is always at the top of the list. The standby switch is below the command switch, and the priority of the other switches is represented by their place in the list. The last switch in the list has the lowest priority.
The following abbreviations are appended to the switch host names in the Selected list to indicate their status in the standby group:
AC | Active command switch |
SC | Standby command switch |
PC | Member of the standby group but is not the standby command switch |
CC | Command switch when HSRP is disabled |
The Standby Command Configuration window uses default values for the preempt and name commands that you can explicitly set by using the CLI. If you use this window to create the HSRP group, all switches in the group have the preempt command enabled, and the name for the group is clustername_standby.
There are two steps to configuring a standby group through the CLI:
1. Entering the name, number, and virtual IP address of the HSRP group on each switch in the group, including the command switch
2. Binding the HSRP group to the cluster by entering the redundancy-enable command on the cluster command switch.
Follow these guidelines when you configure a standby group by using the CLI:
Beginning in privileged EXEC mode on the command switch, follow these steps to create the HSRP group and bind it to the command switch:
| Command | Purpose | |
|---|---|---|
Step 1 | configure terminal | Enter global configuration mode. |
Step 2 | interface vlan1 | Set the switch to configure the management interface in VLAN 1. |
Step 3 | standby number ip ip_address | Create the standby group, and give it a number and virtual IP address. The group number must be unique within the IP subnet. It can be from 0 to 255, and the default is 0. |
Step 4 | standby number name name | Give the standby group a name. This name is used to bind the group to the command switch. The name can be a string up to 32 characters long. |
Step 5 | standby number priority priority | Set the priority of the switch to a number between 0 and 255. Assign the highest priority to the command switch. The default priority is 100. |
Step 6 | standby number preempt | Set the standby group to always maintain the priority ranking, even when the command switch fails and becomes active again. |
Step 7 | end | Return to privileged EXEC mode. |
Step 8 | show running-config | Verify the creation of the standby group. |
Step 9 |
| Repeat Steps 1 through 6 on each switch eligible to belong to the group. Configure the priority to ensure that the best-suited standby switch has the highest priority after the active command switch. |
Step 10 | configure terminal | After all eligible switches have been added to the group, return to the command switch CLI, and enter global configuration mode. |
Step 11 | cluster standby-group name | Enable command-switch redundancy for the cluster by entering the name of the standby group you created in Step 4. |
Step 12 |
| Begin to use the virtual IP address that you entered in Step 3 as the means to manage the cluster. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Member switches must have an IP address and be running IOS Release 12.0(5)XU software before they can be added to an existing HSRP group. Beginning in privileged EXEC mode on the command switch, follow these steps to add the switch to the HSRP group:
| Command | Purpose | |
|---|---|---|
Step 1 | show cluster | Display the HSRP group number to which the cluster is bound. |
Step 2 | show standby number | Display the information defined for the existing HSRP group, and note the virtual IP address, name, and priority. |
Step 3 |
| Access the CLI for the member switch you want to add to the group. |
Step 4 | configure terminal | On the member switch, enter global configuration mode. |
Step 5 | standby number ip ip_address | Enter the group number and the virtual IP address. |
Step 6 | standby number name name | Enter the HSRP group number and name. |
Step 7 | standby number priority priority | Set the priority of the switch to a number between 0 and 255. |
Step 8 | standby number preempt | Set the standby group to always maintain the priority ranking, even when the command switch fails and becomes active again. |
Step 9 | end | Return to privileged EXEC mode. |
Step 10 | show cluster members | Verify that the member was added to the cluster. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
You can remove standby switches from a standby group, but you cannot remove an active command switch from a standby group. Beginning in privileged EXEC mode on the command switch, follow these steps to remove a switch from the HSRP group:
| Command | Purpose | |
|---|---|---|
Step 1 | show cluster | Display the standby group number to which the cluster is bound. Note the number for future use. |
Step 2 |
| Access the CLI for the member switch you want to remove from the group. |
Step 3 | configure terminal | Enter global configuration mode |
Step 4 | no standby number ip | Use the group number to remove the virtual IP address. |
Step 5 | no standby number name | Use the group number to remove the name setting. |
Step 6 | no standby number priority | Use the group number to remove the priority setting. |
Step 7 | no standby number preempt | Use the group number to remove the preempt setting. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Beginning in privileged EXEC mode on the command switch, follow these steps to remove a standby group:
| Command | Purpose | |
|---|---|---|
Step 1 | show cluster | Display the standby group number. |
Step 2 | configure terminal | Enter global configuration mode. |
Step 3 | no cluster standby-group | Unbind the command switch from the standby group. |
Step 4 | no standby number ip | Use the group number to remove the virtual IP address of the standby group. |
Step 5 | no standby number name | Use the group number to remove the name setting. |
Step 6 | no standby number priority | Use the group number to remove the priority setting. |
Step 7 | no standby number preempt | Use the group number to remove the preempt setting. |
Step 8 |
| Access the CLI for each switch in the group, enter global configuration mode, and repeat Steps 4 through 7. |
|
Note After the last switch has been removed from the standby group, start accessing the cluster by using the IP address of the command switch. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
This section describes how to perform tasks on a cluster of switches. Cluster members could be Catalyst 1900 and 2820 switches or 2900 and 3500 XL switches. These tasks operate on all switches in the cluster and are distinct from configuring individual switches. For information on managing individual devices, see "Managing Switches."
This section describes how to perform the following tasks:
If you have not already configured your browser for CMS, read the "Preparing to Use Cluster Management Suite" section. When you enter the switch IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer), the Cisco Systems Access page (Figure 3-7) is displayed. Click Cluster Management Suite or Visual Switch Manager. Cluster Builder or Cluster Manager displays (Figure 3-8).
After you have created a cluster, you can use Cluster Manager to monitor and configure the cluster switches. Figure 3-8 shows a cluster displayed in Cluster Manager. The switch software updates the LEDs displayed on these images in real time, making the images displayed by Cluster Manager as informative as the switch LEDs themselves. You can also use Cluster Builder and Cluster View to manage your cluster.
This section describes how to customize the CMS environment to meet your needs.
You can reposition devices in Cluster Builder and Cluster View and save this information. Before arranging and saving the network map, make sure that the command switch discovered all the devices and that you have added them to the cluster.
You arrange the layout by clicking and holding the left mouse-button on a device and dragging it to a new location on the map. Select Options>Save Layout from the menu bar to save the arrangement displayed by Cluster Builder and Cluster View.
Select Cluster>User Settings from the menu bar in Cluster View, Cluster Builder, or Cluster Manager to change the parameters described in the following list. The user settings are automatically saved in permanent storage on the command switch.
|
Tips A long polling interval reduces the number of requests made on the command switch, and topology updates are not reported as frequently. A short polling interval has the opposite effect. We recommend that you use a short interval only for troubleshooting or while building a cluster. |
You can arrange the order in which switches are displayed in Cluster Manager to match the arrangement in your wiring closet. Select Cluster>Device Position from the menu bar to display the Device Position window (Figure 3-9). Select a device in the Device Position window, and use the arrows to move it up or down in the list. Click OK when you are finished.
You can change the host name of any switch in the cluster by using Cluster Builder.
To change the host name of a member switch in Cluster Builder, right-click the switch, and select Host Name Config from the pop-up menu. Enter a host name of up to 28 characters in the field, and click OK. Member switch host names must be unique in the cluster. Do not use a number as the last character in a host name on any switch.
When you change the host name on the command switch, assign a name no longer than 28 characters. Limiting the command switch host name to 28 characters ensures that each member switch host name is unique and viewable in the application. The "Changes to the Host Name" section describes how the command switch appends a member number to its host name and propagates it to new switches not originally configured with a name when they joined the cluster.
Configuration changes on the 2900 and 3500 XL switches are not written to Flash memory until you select System>Save Configuration in Cluster Manager or Options>Save Configuration in Cluster Builder or Cluster View. These options do not apply to Catalyst 1900 and 2820 switches, which automatically save configuration changes to Flash memory as they occur.
As you make cluster configuration changes (except for changes to the network map and in the User Settings window), make sure you periodically save the configuration. The configuration is saved on the command and member switches.
You can display a summary table of all the switches in a cluster. The cluster inventory contains the following information:
To display the Inventory window (Figure 3-10), select System>Inventory. To display this information for a single switch, select the switch, right-click with the mouse, and select System>Inventory.
Access to all switch management facilities is through the switch IP address, and the switch IP address always belongs to the management VLAN, VLAN 1, by default. This section describes how to configure a cluster to support management connectivity when the management VLAN is other than the default.
The management VLAN has the following characteristics:
Before changing the management VLAN on your switch network, make sure you follow these guidelines:
To manage switches in a cluster, the port connections among the command, member, and candidate switches must all be in the management VLAN. You can use the VLAN Management window (Figure 3-11) or the CLI to change the management VLAN of the command and member switches. Any VLAN can serve as the management VLAN as long as there are links between the command switch and the member switches for both the old and the new management VLANs.
When you select the new VLAN to be the management VLAN, the IOS software coordinates the change on the member switches to ensure that the cluster continues running without a loss in management connectivity.
 |
Caution Changing the management VLAN ends your HTTP or Telnet session. You must restart the HTTP session by entering the switch IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer) or by restarting your CLI session through Telnet. You can change the management VLAN through a console connection without interruption. |
For a new switch to be added to a cluster, it must first be connected to a port that belongs to the management VLAN of the cluster. If the cluster is configured with a management VLAN other than the default, the command switch changes the management VLAN for new switches when they are connected to the cluster. In this way, the new switch can exchange CDP messages with the command switch and be proposed as a cluster candidate.
|
Note For the command switch to change the management VLAN on a new switch, there must be no changes to the switch configuration, and there must be no config.text file. |
Because the switch is new and unconfigured, its management VLAN is changed to the cluster management VLAN when it is first added to the cluster. All ports that have an active link at the time of this change become members of the new management VLAN.
Before you start, review the "Guidelines for Changing the Management VLAN" section. Beginning in privileged EXEC mode on the command switch, follow these steps to configure the management VLAN interface through a Telnet connection:
| Command | Purpose | |
|---|---|---|
Step 1 | configure terminal | Enter global configuration mode. |
Step 2 | cluster management-vlan vlanid | Change the management VLAN for the cluster. This ends your Telnet session. Move the port through which you are connected to the switch to a port in the new management VLAN. |
Step 3 | show running-config | Verify the change. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
You can configure one or more ports on the same switch by clicking them from Cluster Manager. You can also configure groups of ports from different switches as a group, and you can display the settings for each port. Table 3-1 describes the parameters that you can monitor and configure.
| Feature | Description |
Status | Administratively enables or disables the port. |
Catalyst 2900 and 3500 XL switches: sets a port to full-duplex (Full), half-duplex (Half), or autonegotiate (Auto). The default is Auto. For ATM ports, this field is read-only and displays Full. Catalyst 1900 and 2820 switches: sets an Ethernet port to full-duplex (Full) or half-duplex (Half). The default is Half. On Fast Ethernet (100BaseTX) ports, sets the port to Full, Half, autonegotiate (Auto), or full duplex with flow control (Full-Flow-Control). The default is Half. However, the 100BaseTX module ports for the Catalyst 2820 switch do not autonegotiate. On Fast Ethernet (100BaseFX) ports, sets the port to Full, or Half, or Full-Flow-Control. The default is Half. For ATM and FDDI ports, this field is read-only and displays Full. | |
Sets a 10/100 port to 10 Mbps (10), 100 Mbps (100), or autonegotiate (Auto). The default is Auto. You cannot configure this field on Catalyst 1900 and 2820 switches. For Gigabit Ethernet ports, the field displays 1000 (1000 Mbps) and is read-only. For ATM ports, the field displays 155 (155 Mbps) and is read-only. | |
Sets the port to immediately enter the STP forwarding state and bypass the normal transition from the listening and learning states to the forwarding state. | |
802.1p | Assigns a class of service (CoS) priority to the port. CoS values range between zero for low-priority and seven for high-priority. For more information on this parameter, see the "Configuring 802.1p Class of Service" section. |
Enables or disables flow control on Gigabit Ethernet ports. Flow control enables the connected Gigabit Ethernet ports to control traffic rates during congestion. If one port experiences congestion and cannot receive any more traffic, it notifies the other port to stop transmitting until the condition clears. Select Symmetric when you want the local port to perform flow control of the remote port only if the remote port can also perform flow control on the local port. Select Asymmetric when you want the local port to perform flow control on the remote port. For example, if the local port is congested, it notifies the remote port to stop transmitting. This is the default setting. Select Any when the local port can support any level of flow control required by the remote port. Select None to disable flow control on the port. This field is displayed only when a Gigabit Ethernet port is present; it does not apply to Fast Ethernet or ATM ports. | |
Inline Power | The Catalyst 3524-PWR can supply power to a Cisco 7960 IP Phone. Select Auto for the port to always supply power if it detects a phone that does not have power. Select Never for the port to never supply power to a Cisco 7960 IP Phone. |
The LEDs above the ports (or the port openings) in Figure 3-8 can display the port status (STAT) or duplex (FDUP) settings on Catalyst 1900, 2820, 2900 XL, and 3500 XL switches. The LEDs above the ports on 2900 and 3500 XL switches can also display the transmission speed (SPD) of the ports.
On the Catalyst 3524-PWR, you can also select LINE PWR for the switch to indicate if a port is supplying inline power to a Cisco 7960 IP Phone. When you select LINE PWR, a port LED can have the following meaning:
|
Note The UTIL LED is not displayed in Cluster Manager. |
The other LEDs function as follows:
The 1 or 2 LED is on when a module is installed in a modular switch.
The Port Configuration window displays the Requested and Actual settings for each port. A port connected to a device that does not support the requested setting or that is not connected to a device can cause the Requested and Actual settings to differ.
|
Caution If you reconfigure the port through which you are managing the switch, a Spanning-Tree Protocol (STP) reconfiguration could cause a temporary loss of connectivity. |
Follow these guidelines when configuring the duplex and speed settings:
After you make a change, you can verify the change by clicking the port on the Home page or by using the Mode button.
To connect to a remote 100BaseT device that does not autonegotiate, set the duplex setting to Full or Half, and set the speed setting to Auto. Autonegotiation for the speed setting selects the correct speed even if the attached device does not autonegotiate, but the duplex setting must be explicitly set.
To connect to a remote Gigabit Ethernet device that does not autonegotiate, disable autonegotiation on the local device, and set the duplex and flow control parameters to be compatible with the other device.
To monitor or reconfigure all the ports of a switch, click the switch, and select Port>Port Configuration from the menu bar. The Port Configuration window (Figure 3-13) displays a table with the configured and actual status of each port. Because of autonegotiation, the actual status of a port can differ from how it was configured. To reconfigure a port, select a row and click Modify.
To monitor or reconfigure a single port, right-click it, and then select Port>Port Configuration from the pop-up menu. The Port Configuration window (Figure 3-14) displays the status and settings of the port. Use the drop-down lists to reconfigure the port, and click OK.
To make changes, select one or more rows in the table, and click Modify. The Group Port Configuration window (Figure 3-14) displays. When more than one port is selected, the window does not display the actual settings for the ports.
Although you can configure settings for multiple mixed ports, some settings might not apply to all ports. For example, you can select half duplex from the drop-down list for a mixture of Ethernet, Gigabit Ethernet, and ATM ports, but the application applies the setting only to Ethernet and Gigabit Ethernet ports. The "Guidelines for Configuring Ports" section describes some of the differences that apply to certain technologies.
You can also configure multiple ports on different switches. Select the ports by holding down the Ctrl key and left-clicking the ports. Right-click to display the pop-up menu, and select Port>Port Configuration. The Group Port Configuration pop-up (Figure 3-14) displays. You can use this window to change the ports settings for the selected ports, but the window does not display the actual port settings or VLAN information.
Beginning in privileged EXEC mode, follow these steps to set the speed and duplex parameters on a port:
| Command | Purpose | |
|---|---|---|
Step 1 | configure terminal | Enter global configuration mode. |
Step 2 | interface interface | Enter interface configuration mode, and enter the port to be configured. |
Step 3 | speed {10 | 100 | auto} | Enter the speed parameter for the port. You cannot enter the speed on Gigabit Ethernet or ATM ports. |
Step 4 | duplex {full | half | auto} | Enter the duplex parameter for the port. |
Step 5 | end | Return to privileged EXEC mode. |
Step 6 | show running-config | Verify your entries. |
Step 7 | copy running-config startup-config | (Optional) Save your entry in the configuration file. This retains the configuration when the switch restarts. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
The meaning of this parameter is described in Table 3-2.
| Command | Purpose | |
|---|---|---|
Step 1 | configure terminal | Enter global configuration mode. |
Step 2 | interface interface | Enter interface configuration mode, and enter the port to be configured. |
Step 3 | flowcontrol [asymmetric | symmetric] | Configure flow control for the port. |
Step 4 | end | Return to privileged EXEC mode. |
Step 5 | show running-config | Verify your entries. |
Step 6 | copy running-config startup-config | (Optional) Save your entry in the configuration file. This retains the configuration when the switch restarts. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
See the "Configuring Voice Ports" section for the CLI commands that you use to supply inline power to a Cisco 7960 IP Phone.
The VLAN Membership window (Figure 3-15) displays the list of all the user-defined VLANs on the switch. By selecting a VLAN, you can display in Cluster Manager the ports that belong to that VLAN. You can also use this window to configure VLANs and trunks, as described in "Creating and Maintaining VLANs."
VLAN membership is not available for 1900 or 2820 switches.
To display the ports that belong to a given VLAN, select the Display Port Members tab. Select the VLAN ID, and click Highlight Port Members on Device. Cluster Manager highlights all the switch ports that belong to that VLAN. The legend on the page describes the meaning of each color.
You can upgrade cluster switches as a group or one at a time by using the Software Upgrade window (Figure 3-16) or the CLI. New software releases are posted on Cisco Connection Online (CCO) and are available through authorized resellers. Cisco also supplies a TFTP server that you can download from CCO. Use the Software Upgrade window to upgrade several switches at once, or use the CLI to upgrade one switch at a time.
You can upgrade all or some of the switches in a cluster at once, but the software first performs a series of checks. To speed the upgrade process, follow these rules:
The Cisco TFTP server application can handle multiple requests and sessions, but you must first disable the TFTP Show File Transfer Progress and the Enable Logging options to avoid TFTP server failures. If you are performing multiple-switch upgrades with a different TFTP server, it must be capable of managing multiple requests and sessions at the same time.
When you make changes to a switch configuration, your changes become part of the running configuration. When you enter the command to save those changes to the startup configuration, the switch copies the configuration to the config.text file in Flash memory.
To ensure that you can recreate the configuration if a switch fails, you might want to copy the config.text file from the switch to a PC or server. The following procedure requires a configured TFTP server such as the Cisco TFTP server available on CCO.
Beginning in privileged EXEC mode, enter the following commands to copy a switch configuration file to the PC or server that has the TFTP server.
| Command | Purpose | |
|---|---|---|
Step 1 | copy flash:config.text tftp | Copy the file in Flash memory to the root directory of the TFTP server |
Step 2 | Address or name of remote host []? ip_address | Follow the prompt for the IP address of the device where the TFTP server resides. |
Step 3 | Destination filename [config.text]? yes/no | Enter the name of the destination file. This could still be config.text. |
Step 4 |
| Verify the copy by displaying the contents of the root directory on the PC or server. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
In Cluster Manager, select System>Software Upgrade to display the Software Upgrade window (Figure 3-16). Enter the tar filename (for 2900 and 3500 XL switches) or the bin filename (for Catalyst 1900 and 2820 switches) that contains the switch software image and the web-management code. You can enter just the filename or a path into the New Image File Name field. You do not need to enter a path if the image file is in directory you have defined as the TFTP root directory.
On 2900 and 3500 XL switches, new images are copied to Flash memory and do not affect the operation of the switch. The switch checks Flash memory to ensure that there is sufficient space before the upgrade takes place. If there is not enough space in Flash memory for the new and old images, the old image is deleted, and the new image is downloaded. If there is enough space, the new image is copied to the switch without replacing the old image, and after the new image is completely downloaded, the old one is erased. In this case, you can still reboot your switch using the old image if a failure occurs during the copy process.
On Catalyst 1900 and 2820 switches, the new image overwrites the current image during the upgrade.
New features provided by the software are not available until you reload the software.
To upgrade a standalone switch, log into the switch by using Telnet, or connect to console port on the back of the switch.
This procedure is for switches with 8 MB of DRAM. Switches running earlier IOS releases might have less memory and require slightly different procedures. To upgrade a 2900 XL switch with 4 MB of DRAM, refer to the Release Notes for Catalyst 2900 Series XL and Catalyst 3500 Series XL for Cisco IOS Release 11.2(8.1)SA6 or 11.2(8.2)SA6. These switches cannot be upgraded to IOS Release 12.0(5)XU. To determine the switch DRAM size, enter the user EXEC show version command.
The upgrade procedure consists of these steps:
Beginning in privileged EXEC mode, follow these steps to upgrade the switch software:
| Command | Purpose | |
|---|---|---|
Step 1 | show version | Verify that your switch has 8 MB of DRAM. For example, check the line |
Step 2 | show boot | Display the name of the current (default) image file. |
Step 3 | rename flash:current_image flash:new_image.bin | Rename the current image file to the name of the file that you downloaded, and replace the tar extension with bin. This step does not affect the operation of the switch. |
Step 4 | dir flash: | Display the contents of Flash memory to verify the renaming of the file. |
Step 5 | configure terminal | Enter global configuration mode. |
Step 6 | no IP http server | Disable access to the switch HTML pages. |
Step 7 | end | Return to privileged EXEC mode. |
Step 8 | delete flash:html/* | Remove the HTML files. Press Enter to confirm the deletion of each file. Do not press any other keys during this process. |
Step 9 | delete flash:html/Snmp/* | For IOS release 11.2(8)SA5 and earlier running on 2900 XL switches, remove the files in the Snmp directory. Make sure the S in Snmp is uppercase. Press Enter to confirm the deletion of each file. Do not press any other keys during this process. |
Step 10 | tar /x tftp://server_ip_address//path/ | Use the tar command to copy the files into the switch Flash memory. Depending on the TFTP server, you might need to enter only one slash (/) after the server_ip_address in the tar command. |
Step 11 | configure terminal | Enter global configuration mode. |
Step 12 | ip http server | Reenable access to the switch HTTP pages. |
Step 13 | end | Return to privileged EXEC mode. |
Step 14 | reload | Reload the new software. |
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Because a member switch might not be assigned an IP address, command-line software upgrades through TFTP are managed through the command switch. Follow these steps to upgrade the software on a 2900 or 3500 XL member switch:
switch# show cluster members
From the display, get the number of the member switch that needs to be upgraded. The member number is listed in the SN column of the display. You need the member number for Step 2.
Step 2 Log into the member switch (for example, member number 1):
switch# rcommand 1
Step 3 Start the TFTP copy as if you were initiating it from the command switch.
switch-1# tar /x tftp://server_ip_address//path/filename.tar flash: Source IP address or hostname [server_ip_address]?
Source filename [path/filename]?
Destination filename [flash:new_image]?
Loading /path/filename.bin from server_ip_address (via!)
[OK - 843975 bytes]
Step 4 Reload the new software with the following command:
switch-1# reload
System configuration has been modified. Save? [yes/no]:y
Proceed with reload? [confirm]
Press Enter to start the download.
You lose contact with the switch while it reloads the software. For more information on the rcommand, see the "Understanding the CLI" section.
Because a member switch might not be assigned an IP address, command-line software upgrades through TFTP are managed through the command switch. Follow these steps to upgrade the software on a Catalyst 1900 or 2820 member switch:
switch# show cluster members
From the display, get the number of the member switch that needs to be upgraded. The member number is listed in the SN column of the display. You need the member number for Step 2.
Step 2 Log into the member switch (for example, member number 1):
switch# rcommand 1
Step 3 For switches running standard edition software, enter the password (if prompted), access the Firmware Configuration menu from the menu console, and perform the upgrade.
The Telnet session accesses the menu console (the menu-driven interface) if the command switch is at privilege level 15. If the command switch is at privilege level 1, you are prompted for the password before accessing the menu console.
Follow the instructions in the installation and configuration guide that shipped with your switch. When the download is complete, the switch resets and begins using the new software.
Step 4 For switches running Enterprise Edition Software, start the TFTP copy as if you were initiating it from the member switch:
switch-1# copy tftp://host/src_file opcode
For example, copy tftp://spaniel/op.bin opcode downloads new system operational code op.bin from the host spaniel.
You should see the TFTP successfully downloaded operational code message. When the download is complete, the switch resets and begins using the new software.
You can also perform the upgrade through the menu console Firmware Configuration menu. For more information, refer to the switch installation and configuration guide.
You lose contact with the switch while it reloads the software. For more information on the rcommand, see the "Understanding the CLI" section.
When you upgrade a switch, the switch continues to operate normally while the new software is copied to Flash memory. If Flash memory does not have enough space for two images, the new image is copied over the existing one. If Flash memory has enough space, the new image is copied to the selected switch but does not replace the current running image. Only after the new image is completely downloaded is the old one erased. If you experience a failure during the copy process, you can still reboot your switch by using the old image. The new software is loaded the next time you reboot.
If you group switches into a cluster, you can upgrade the entire cluster from Cluster Manager. For more information, see the "Upgrading Switch Software" section.
The command switch manages SNMP communication for all switches in the cluster. The command switch forwards the set and get requests from SNMP applications to member switches, and it forwards the traps and other responses coming from the member switches to the appropriate management station. SNMP must be enabled for the Cluster Management features to work properly.
|
Note This section describes how the clustering software interacts with SNMP when a cluster is created. For more information on configuring SNMP, see the "Configuring SNMP" section. |
You can enable or disable the SNMP agent on your cluster switches. By default, the SNMP agent is enabled on the Catalyst 1900, 2820, 2900 XL, and 3500 XL switches. You cannot disable the agent on Catalyst 1900 and 2820 switches.
|
Note SNMP must be enabled for the CMS graphing features. |
Use the SNMP Manager window (Figure 3-17 and Figure 3-18) to enter read-write and read-only community strings on individual cluster switches. Community strings provide authentication in the exchange of SNMP messages.
The Catalyst 2900 and 3500 XL switches support an unlimited number of community strings of any length. When you configure a community string for these switches using SNMP Manager, do not use the @esN notation (N is the member-switch number) because this information is automatically appended to each string.
When a switch is removed from the cluster, community strings ending in @esN are removed. If the switch rejoins a cluster at a later time, the first read-only and read-write community strings from the command switch are appended with an @esN and propagated to the member switch.
The Catalyst 1900 and 2820 switches support up to four read-only and four read-write community strings that are 32 characters in length. Because a read-only and read-write community string from the command switch was propagated to the switch when it joined the cluster, you can configure up to three additional read-only and three read-write community strings. When you configure community strings for these switches through the SNMP Manager window, limit the string length to 27 characters because the @esN, where N can be up to two digits, is automatically appended to each string. Do not use the @esN notation in any community string you configure. If you enter a string longer than 27 characters, it is truncated to 27.
When removing community strings from cluster members, make sure not to remove the community strings propagated from the command switch when the switch joined the cluster. If you remove the propagated community string, the command switch cannot route SNMP packets to the member switch. On 2900 and 3500 XL switches, the first read-only and read-write community string listed in the SNMP Manager window is propagated from the command switch. On Catalyst 1900 and 2820 switches, the last read-only and last read-write community string listed in the SNMP Manager window is propagated from the command switch.
A trap manager is a management station that receives and processes traps. Traps are system alerts that the switch generates when certain events occur. If the member switch does not have an IP address, communication between the SNMP management station and the switch is managed by the command switch.
The command switch does not propagate its trap manager addresses or trap community strings to cluster members. By default, no trap manager is defined, and no traps are issued.
The 2900 and 3500 XL switches support an unlimited number of trap managers. Community strings can be any length. When you configure a community string for these switches, do not use the @esN notation because this information is automatically appended to each string by the command switch.
Table 3-3 describes the 2900 and 3500 XL switch traps. You can enable any or all of these traps and configure a trap manager to receive them.
| Trap Type | Description |
|---|---|
Generates a trap when the switch configuration changes. | |
Generates a trap when the switch starts a management console CLI session. | |
Generates a trap for VLAN Trunk Protocol (VTP) changes. | |
SNMP | Generates the supported SNMP traps. |
Generates a trap for each VLAN Membership Policy Server (VMPS). | |
Generates the switch-specific traps. These traps are in the private enterprise-specific Management Information Base (MIB). |
Catalyst 1900 and 2820 switches support up to four trap managers. When you configure community strings for these switches, limit the string length to 32 characters. When configuring traps on Catalyst 1900 and 2820 switches, you cannot configure individual trap managers to receive specific traps.
Table 3-4 describes the Catalyst 1900 and 2820 switch traps. You can enable any or all of these traps, but these traps are received by all configured trap managers.
| Trap Type | Description |
|---|---|
Address-violation | Generates a trap when the address violation threshold is exceeded. |
Authentication | Generates a trap when an SNMP request is not accompanied by a valid community string. |
BSC | Generates a trap when the broadcast threshold is exceeded. |
Link-up-down | Generates a link-down trap when a port is suspended or disabled for any of these reasons:
User disabling the port Generates a link-up trap when a port is enabled for any of these reasons:
|
VTP | Generates a trap when VTP changes occur. |
Posted: Wed May 3 17:19:05 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.
