|
|
The Catalyst 2900 series XL switches, hereafter referred to as the Catalyst 2900 switches, are supported by Cisco IOS software. The current release is Cisco IOS Release 11.2(8)SA3. This chapter describes how to use the switch command-line interface (CLI) to configure those features that have been added for the Catalyst 2900 switches. For a complete description of the commands that support these features, see the "Cisco IOS Commands" chapter. For more information on Cisco IOS Release 11.2(8), refer to the
Cisco IOS Release 11.2 Command Summary.
Catalyst 2900 switches are preconfigured and begin forwarding packets as soon as they are attached to compatible devices.
All ports belong by default to VLAN 1. Access to the switch itself is also through
VLAN 1. For management purposes, only devices connected to ports assigned to VLAN 1 can communicate with the switch. This applies to Telnet, web-based management, and SNMP.
This chapter describes how to configure the following Catalyst 2900 features:
The Catalyst 2900 Flash memory stores the Cisco IOS software image, the startup configuration file, and helper files.
The Catalyst 2900 software supports the following platforms:
If no IP information has been entered for the switch, the setup program prompts you for the IP address, subnet mask, and default gateway the first time you access the command-line interface (CLI). You can enter or change this information at any time through the CLI.
For management purposes, the switch belongs to VLAN 1, and the switch IP address and subnet mask are associated with VLAN 1.
Beginning in privileged EXEC mode, follow these steps to enter the IP information:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | config terminal |
Step 2 Enter the interface to which the IP information is assigned. VLAN 1 is the switch interface. | interface vlan 1 |
Step 3 Assign the IP address and subnet mask. | ip address ip_address subnet_mask |
Step 4 Return to global configuration mode. | exit |
Step 5 Define the IP address of the default router. | ip default-gateway ip_address |
Step 6 Return to EXEC mode. | end |
Step 7 Verify that the information was entered correctly by displaying the running configuration. If the information is incorrect, repeat the procedure. | show running-config |
The port commands control switch features that manage packet flooding, port security, Fast EtherChannel port groups, and other switch activities. This section describes how to use the port commands to complete the following tasks:
Beginning in privileged EXEC mode, follow these steps to disable the flooding of multicast and unicast packets to a port:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Enter interface configuration mode and define the interface to configure. | interface interface |
Step 3 Block multicast forwarding to the port. | port block multicast
|
Step 4 Block unicast flooding to the port. | port block unicast |
Step 5 Return to EXEC mode. | end |
Step 6 Verify the entries by entering the appropriate command once for the multicast option and once for the unicast option. | show port block {multicast | unicast} |
Autonegotiation is still enabled when one of the parameters has been manually set. The mix of autonegotiation and explicitly set parameters can produce unexpected results that affect performance. To maximize the performance of your switch, follow these guidelines when setting the speed and duplex parameters:
Beginning in privileged EXEC mode, follow these steps to set the speed and duplex parameters on a port:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Define the interface to be configured. | interface interface |
Step 3 Set the speed parameter for the interface. | speed {10 | 100 | auto} |
Step 4 Set the duplex parameter for the interface. | duplex {full | half | auto} |
Step 5 Return to EXEC mode. | end |
Step 6 Verify the entry. | show running-config |
Broadcast-storm control blocks the forwarding of packets created by broadcast storms, the bursts of broadcast traffic that ports can sometimes generate. When you enable broadcast-storm control on a port, two threshold parameters define the beginning and the end of a broadcast storm. The rising parameter determines when the forwarding of broadcast packets from the port is blocked. The falling parameter determines when normal forwarding resumes. You can set the port to generate a trap when these thresholds are crossed, and you can disable the port during a broadcast storm.
Beginning in privileged EXEC mode, follow these steps to enable broadcast storm control:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Enter interface configuration mode and define the interface to configure. | interface interface |
Step 3 Enter the rising and falling thresholds. Thresholds can be between 0 and 4294967295. | port storm-control threshold [rising number falling number] |
Step 4 Return to EXEC mode. | end |
Step 5 Verify the entry. | show port storm-control interface |
Defining one switch port as a network port is another way to reduce the amount of flooding on a VLAN. The Cisco 2900 series switch supports one network port per VLAN. After the network port is defined, all packets with unknown unicast addresses are forwarded to the network port and not flooded to the other ports in the VLAN. This configuration works well in a desktop-switch configuration when many of the ports are connected to workstations. By connecting the network port to a legacy LAN segment where there is a lot of traffic to many different addresses, unknown addresses are flooded to that part of the network where unknown addresses might exist and are not forwarded to connected workstations with well-known addresses.
Beginning in privileged EXEC mode, complete these tasks to define a port to be the network port:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Define the interface to be configured. | interface interface |
Step 3 Define the port as the network port. | port network |
Step 4 Return to EXEC mode. | end |
Step 5 Verify the entry. | show running-config |
Forwarding by the switch to secure ports is limited to the secure addresses associated with the port in the MAC address table. A secure address is associated with one port per VLAN. You can enter these addresses, or the switch can learn them. See "Adding Secure Addresses" for more information about adding a secure address to the MAC address table.
When you secure a port, you can also define the number of addresses that it can learn. The switch does not learn addresses on this port after it has reached the number you enter.
Beginning in privileged EXEC mode, follow these steps to enable security on a port:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Enter interface configuration mode, and define the interface to configure. | interface interface |
Step 3 Define the maximum number of addresses this port can learn. You can enter a number between 1 and 132. | port security max-mac-count address-number |
Step 4 Enable port security and define the action to take for an address violation. | port security action {shutdown | trap} |
Step 5 Return to EXEC mode. | end |
Step 6 Verify the entry. | show port security interface |
Fast EtherChannel (FEC) port groups are high-speed links composed of two or more switched ports. The switch considers the group to be a single port, and protocols such as Spanning-Tree Protocol (STP) enable and disable the group as if it were a single port.
The Catalyst 2900 switch normally forwards packets by reading the destination address of a packet and forwarding the packet to the port where the address was first recorded. You can also create a port group that forwards based on the source address of the received packet. Source-based forwarding groups can have up to eight ports; destination-based forwarding groups can have any number of ports.
For more information on the difference between these two methods, see the Catalyst 2900 Series XL Installation and Configuration Guide.
Beginning in privileged EXEC mode, complete these tasks to create a two-port Fast EtherChannel port group:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Define the interface of the first port to be added to the group. | interface interface |
Step 3 Assign the port to group 1 with destination-based forwarding. | port group 1 distribution destination |
Step 4 Define the interface of the second port to be added to the group. | interface interface |
Step 5 Assign the port to group 1 with destination-based forwarding. | port group 1 distribution destination |
Step 6 Return to EXEC mode. | end |
Step 7 Verify the entry. | show running-config |
The Catalyst 2900 address table contains the MAC addresses of devices that have forwarded packets to the switch. The switch stores each address in the address table and associates it with the port on which it was received. With the MAC address and its associated port, the switch can forward incoming packets to the correct destination port.
Each VLAN maintains an address table that contains the ports that belong to the VLAN and their associated addresses. An address can be learned in more than one VLAN, and a dynamic address learned in one VLAN can be entered as a secure address in another VLAN. An address that is learned in one VLAN is unknown in another VLAN until it is entered or learned.
You can also enter addresses and their ports and VLANs in the address table. Catalyst 2900 switches support three kinds of MAC addresses:
This section describes how to use the CLI to complete the following address-table tasks:
To display the contents of the address table, enter the show mac-address-table command in privileged EXEC mode:
switch# show mac-address-table Dynamic Addresses Count: 45 Secure Addresses (User-defined) Count: 1 Static Addresses (User-defined) Count: 0 System Self Addresses Count: 37 Total MAC addresses: 83 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------- 0000.0c07.ac01 Dynamic 1 FastEthernet0/16 0000.0c07.ac01 Dynamic 2 FastEthernet0/16 0000.0c07.ac01 Dynamic 3 FastEthernet0/16 0010.0b3f.ac80 Dynamic 1 FastEthernet0/5 0010.0b3f.ac85 Dynamic 1 FastEthernet0/5 0010.0de1.c9c0 Dynamic 1 FastEthernet0/3 0010.0de1.c9c3 Dynamic 1 FastEthernet0/3 0020.afd0.ea97 Dynamic 1 FastEthernet0/16
A secure address is forwarded to one port per VLAN. Secure addresses do not age and can be manually entered into the address table or learned.
You can enter a secure address associated with a port in a VLAN even when the port does not yet belong to the VLAN. When the port is later assigned to the VLAN, packets destined for that address are forwarded to the port.
Beginning in privileged EXEC mode, follow these steps to enter a secure address:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Enter the MAC address, the interface with which it is associated, and the VLAN. | mac-address-table secure hw-addr interface vlan vlan-id |
Step 3 Return to EXEC mode. | end |
Step 4 Verify the entry. | show mac-address-table secure |
Beginning in privileged EXEC mode, follow these steps to enter a static address in the address table:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Enter the MAC address, the input port, the ports to which it can be forwarded, and the VLAN of the ports to which it can be forwarded. | mac-address-table static hw-addr in-port out-port-list vlan vlan |
Step 3 Return to EXEC mode. | end |
Step 4 Verify the entry. | show mac-address-table static |
The address table retains dynamic addresses for a configurable amount of time (the aging time). This value is valid for all dynamic addresses, and the default is 300 seconds. Beginning in privileged EXEC mode, complete the following tasks to define the aging time for the address table.
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Enter the number of seconds that dynamic addresses are to be retained in the address table. You can enter from 10 to 1000000. | mac-address-table aging-time seconds |
Step 3 Return to EXEC mode. | end |
Step 4 Verify the entry. | show mac-address-table aging-time |
The following parameters are entered in global configuration mode per VLAN:
The following parameters are entered on a per-port, per-VLAN basis in interface configuration mode:
In addition, you can be enter the Port Fast parameter on a per-port, VLAN-independent basis in interface configuration mode.
| Caution Enabling this option on a port connected to a switch or hub could prevent Spanning-Tree Protocol from detecting and disabling loops in your network. |
Disable Port Fast with the no version of this command. Beginning in privileged EXEC mode, follow these steps to enable Port Fast:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Define the interface to be configured. | interface interface |
Step 3 Enable the Port Fast feature for the interface. | spanning-tree portfast |
Step 4 Return to privileged EXEC mode. | end |
Step 5 Verify the entry. | show running-config |
Cisco Group Management Protocol (CGMP) reduces flooding by limiting the forwarding of IP multicast and broadcast packets. The Fast Leave option accelerates the amount of time it takes for the CGMP to remove groups that are no longer active.
Beginning in privileged EXEC mode, complete these tasks to enable CGMP Fast Leave:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Enable CGMP and CGMP Fast Leave. | cgmp leave-processing |
Step 3 Return to EXEC mode. | end |
Step 4 Verify the entry. | show running-config |
A port is assigned to a VLAN as either an access port or a multi-VLAN port. An access port belongs to one VLAN. A multi-VLAN port can belong to more than one VLAN.
Beginning in privileged EXEC mode, follow these steps to assign ports to a VLAN:
| Task | Command |
|---|---|
Step 1 Enter global configuration mode. | configure terminal |
Step 2 Enter the interface to be added to the VLAN. | interface interface |
Step 3 Define the VLAN as containing access type ports or multi-VLAN ports. | switchport mode {access | multi} |
Step 4 Assign the port to a VLAN. | switchport access vlan 2 |
Step 5 Return to EXEC mode. | end |
Step 6 Verify the entry. | show running-config |
Posted: Wed Sep 8 14:16:01 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.
