|
|
This chapter describes the Cisco Visual Switch Manager Software, hereafter referred to as the manager software, a graphical user interface (GUI) for changing the switch configuration and monitoring switch and network activity. The manager software communicates with the switch by translating the HTML page entries into Cisco IOS commands. These are the same commands that you can enter with the command-line interface (CLI).
This chapter contains the following topics:
You can use the manager software network view feature to display a picture of your network and manage more than one Catalyst 2900 switch at a time. This feature is described in the "Switch Network View" chapter.
For further management options, refer to the "SNMP Management" chapter and the "Cisco IOS Management" chapter.
| Feature | Default Setting | Menu Option and Page | |
|---|---|---|---|
| Management | |||
| Switch IP address, subnet mask, and default gateway | 0.0.0.0. | System>IP Management |
Cisco Discovery Protocol (CDP) | Enabled. | Device>Cisco Discovery Protocol | |
| Address Resolution Protocol (ARP) | Enabled. | System>ARP Table |
| Network View | Always available. | Button on Home page |
| VLAN membership | All ports are access ports in VLAN 1. | VLAN>VLAN Management |
| Performance | |||
Autonegotiation of duplex mode | Enabled. | Port>Port Configuration | |
Autonegotiation of port speeds | Enabled. | Port>Port Configuration | |
| Flooding Control |
|
| |
Broadcast storm control | Disabled. | Port>Flooding Controls | |
| Flooding unknown unicast packets | Enabled. | Port>Flooding Controls |
Flooding unknown multicast packets | Enabled. | Port>Flooding Controls | |
| Network port | Disabled. | Port>Flooding Controls |
| CGMP | Enabled. | Device>Cisco Group Management Protocol |
| Network Redundancy |
|
| |
Spanning-Tree Protocol | Enabled. | Device>Spanning-Tree Protocol | |
| Diagnostics |
|
| |
SPAN port monitoring | Disabled. | Port>Port Monitoring (SPAN) | |
| Security |
|
| |
Change password | None. | Basic System Configuration (Home) | |
Addressing security | Disabled. | Security>Address Management | |
Trap manager | 0.0.0.0. | System>SNMP Configuration | |
Community strings | public. | System>SNMP Configuration | |
The Catalyst 2900 manager software is an embedded HTML web site residing in Flash memory. You can assign bookmarks to pages and use the other browser functions as you would with any web site. You can also use the live image of the switch on the manager home page to monitor switch activity and confirm configuration changes without having to go into the wiring closet. Online help is available on all pages.
Manager software pages function much like other GUIs. When you display a manager software page, it shows the settings that have been defined for the switch. You change the switch configuration by entering information into fields, adding and removing list items, or selecting check boxes. When using the network view feature, you can create reports and graphs by clicking with the right mouse button.
Changes made by entering information into fields become part of the running (current) configuration when you click Apply. If you make a mistake and want to retype an entry, click Revert to undo the information you entered. The exception to this procedure is when making changes to lists. Items added or removed from manager software lists immediately become part of the running configuration, and you do not need to click Apply. For more information on using network view, refer to the "Switch Network View" chapter.
The switch prevents you from enabling certain combinations of port features. For example, the network port feature floods all unknown unicast and multicast packets to a port. Port security, designed to limit traffic on a port, cannot be enabled on the port that is the network port. If you try to enable incompatible features, the manager software issues a warning message. Reload the page to refresh the manager software. Table 4-2 lists the possible configuration conflicts.
| Port Group | Port Security | Monitor Port | Multi-VLAN Port | Network Port | |
|---|---|---|---|---|---|
| Port Group | - | No | No | Yes | Yes |
| Port Security | No | - | No | No | No |
| Monitor Port | No | No | - | No | No |
| Multi-VLAN Port | Yes | No | No | - | Yes |
| Network Port | Yes | No | No | Yes | - |
The configuration file that is loaded when the switch is restarted is stored with the switch software in Flash memory. This file is not necessarily the same as the running configuration. If you want the running configuration to be the configuration used when the switch restarts, follow the steps in the "System Configuration" section in this chapter to save the running configuration to the startup configuration file in Flash memory.
The switch must have an IP address before you can access manager software. Follow the prompts when you install the switch to assign an IP address and other IP information. See the "Assigning IP Information to the Switch" section in the "Installation" chapter for more information.
Table 4-3 shows the browsers that can support this release of manager software.
| Operating System | Netscape Communicator | Microsoft Internet Explorer |
|---|---|---|
Windows 95 Service Pack 1, Windows 98 | 4.03 or higher | 4.01 Service Pack 1 |
Windows NT, Service Pack 3 | 4.03 or higher | 4.01 Service Pack 1 |
Solaris 2.5.1 or higher, with the SUN recommended patch cluster for that operating system and Motif library patch 103461-24, available from SUN Microsystems at http://www.sun.com. | 4.03 or higher | - |
Before you access Switch Manager for the first time, ensure that your browser is configured as described in the section "Configuring the Browser for Web Management" in the "Installation" chapter.
After you have configured the browser, follow these steps to access manager software:
Step 1 Start Netscape Communicator 4.03 or higher, or start Internet Explorer 4.01 or higher.
Step 2 Enter the IP address of the switch in the URL field.
Step 3 Click Open. The Cisco Systems Access page (see Figure 4-1) is displayed.
Step 4 Click Visual Switch Manager to display the Catalyst 2900 Basic System Configuration page shown in Figure 4-3.
Use the menu bar at the top of each page to display pages. Click on a menu bar item to display available choices (Figure 4-2). The drop-down menu displays until you make a selection or click on another menu-bar item. Table 4-4 lists and describes all menu-bar items.
You can click Home from any page to return to the switch home page. From the home page, click Network View to display the Cisco Switch Network View application.
| Menu Bar Choices | |||
|---|---|---|---|
| Port | |||
Port Configuration | Enable or disable ports and set port parameters. | ||
Port Grouping (FEC) | Group ports into logical units for high-speed links between switches. | ||
Port Monitoring (SPAN) | Enable SPAN port monitoring. | ||
Flooding Controls | Enable broadcast storm control, assign a network port, and block unicast and multicast flooding on a per-port basis. | ||
| System | |||
System Configuration | Save the running configuration and upgrade firmware via TFTP. | ||
IP Management | Enter IP information for the switch. | ||
SNMP Configuration | Enter trap managers and community strings. | ||
ARP Table | Display the ARP table and change the timeout. | ||
| Security | |||
Address Management | Enter static addresses and the address aging time. | ||
Port Security | Enable port security. | ||
| Device | |||
| Cisco Discovery Protocol | Enable and disable CDP information. | |
Cisco Group Multicast Protocol | Enable and disable CGMP and CGMP Fast Leave. | ||
| Spanning Tree Protocol | Display and change STP parameters for the switch. | |
| VLAN | |||
VLAN Management | Assign ports to port-based VLANs. | ||
| Fault | |||
Logging Config | Set logging parameters. | ||
Debugging Mgmt | Enable debugging tools. | ||
The Visual Switch Manager Home page (Figure 4-3) is the switch home page. To display this page, click Visual Switch Manager on the Cisco Systems Access page. All manager software pages have a Home button you can click to return to this page.
Use this page to perform the following tasks:
This image of the switch refreshes every 30 seconds and displays much of the same information as the LEDs on the front of the switch. Use the Mode button to highlight STAT (status), SPD (speed), or FDUP (duplex) and change the information conveyed by the port LEDs. The legend under the image describes the meaning of colors in each mode.
The System LED displays the status of the switch, and the RPS lights when a Cisco RPS is attached. The 1 and 2 LEDs light when a module is installed in a modular version of the switch.
For a complete description of the switch LEDs, see the section "LEDs" in the "Introduction" chapter.
To display the network view, click Network View. This feature has a slightly different interface than manager software and is described in the "Switch Network View" chapter.
Follow these steps to configure a port from the manager home page:
Step 1 Click a port on the image of the switch to display the Port Configuration pop-up window (Figure 4-4).
Step 2 Note the actual settings for the Admin Status, Duplex, and Speed fields.
Step 3 Select the Enable check box to enable or disable the port, or select an option from the Duplex or Speed drop-down menus.
Step 4 Click Apply. It can take up to 30 seconds for the image of the switch to reflect your change.
For more information on configuring port parameters, see the section "Port Configuration" in this chapter.
This information is usually entered once and not changed. Enter any text in the Name, Location and User/contact name field. You can enter up to 255 characters in any of these fields.
Follow these steps to enter a password:
Step 1 Type any text in the Name field.
Step 1 In the Assign/Change password field, enter a character string.
Step 2 In the Reconfirm password field, reenter the same string.
Step 3 Click Apply.
The connection with the switch is broken. The browser prompts you for the new password:
Step 4 Enter the same password, and click OK.
See the "Recovering from a Lost or Forgotten Password" section in the "Troubleshooting" appendix if you do not know the password.
Use the Port Configuration page to enable and disable ports and set the duplex and speed parameters.
To display this page, select Port>Port Configuration on the menu bar.
Figure 4-5 shows the port listing on this page. The first two columns describe the interface:
Module | A fixed port (0) or a module port (1 or 2). |
Port | The word FastEthernet, a module number, and a port number. In the following example, the port is on module 0 (a fixed port) and port number 1: FastEthernet0/1 |
The other columns on the page have the following meanings:
Status: Admin/Actual | Enables or disables the port. The field also displays the current port status. |
Duplex: Requested/Actual | Sets the duplex parameter for the port and displays the current duplex setting. You can set a port to full-duplex (Full), half-duplex (Half), or autonegotiate (Auto). |
Speed: Requested/Actual | Sets the speed parameter for the port and displays the current speed setting. You can set a port to 10BaseT, (10) 100BaseT (100), or autonegotiate (Auto). |
Port Name | Names the port. |
Displays transmit and receive statistics for the port. Click Reset to delete the statistics. |
To enable or disable a port, select or deselect the check box in the Status: Admin/Actual column, and click Apply.The column also displays the actual status of the port. An enabled port can have an actual status of DOWN because there is no device connected to it.
| Caution It is possible to reconfigure the port through which you are connected. This could cause a temporary loss of connectivity due to Spanning-Tree Protocol reconfiguring. |
Catalyst 2900 ports can automatically match the full-duplex capability and the transmission speed of an attached device. Follow these steps to explicitly set these parameters for a port:
Step 1 Select the drop-down list in the Duplex: Requested/Actual column, and select Half, Full, or Auto (autonegotiating).
Step 2 Select the drop-down list in the Speed: Requested/Actual column, and select 10, 100, or Auto (autonegotiating).
Step 3 Click Apply.
If Spanning-Tree Protocol is enabled, the switch can take up to 30 seconds to check for loops when a port is reconfigured. The port LED is amber while STP reconfigures.
Autonegotiation can at times produce unpredictable results. See the "Autonegotiation Mismatches" section in the "Troubleshooting" chapter for details on how to maximize switch performance with autonegotiation.
Follow these steps to review the speed and duplex settings for the entire switch:
Step 1 Click Home on the menu bar to display the image of the switch.
Step 2 Select Mode and release it when FDUP lights. If the port LED is off, the port is running in half-duplex mode. If the port LED is green, the port is running in full duplex.
Step 3 Select Mode again and release it when 100 lights. If the port LED is off, the port is running at 10 Mbps. If the port LED is green, the port is running at 100 Mbps.
If an attached device does not support autonegotiation and is operating in full duplex, by default the Catalyst 2900 sets the port to half-duplex mode. This configuration causes late collisions and other errors. To avoid this situation, set both the speed and duplex parameters to match the attached device.
To identify an autonegotiation mismatch, you need to check both ends of the connection. Follow these steps to identify and confirm an autonegotiation mismatch:
If the port is in half-duplex mode:
Step 1 Click Statistics, and check for late collisions. A high number of late collisions could mean the port is connected to a port set to full-duplex mode.
Step 2 Check the port to which this port is connected. If it is in full duplex, a mismatch exists. A high number of FCS errors on the full-duplex port confirms the mismatch.
If the port is in full-duplex mode, click Statistics to check for FCS errors on the full-duplex port, and check for late collisions on the half-duplex port. As stated, late collisions on a half-duplex port could indicate it is mismatched and connected to a full-duplex port.
Use the Port Group (Fast EtherChannel) page (see Figure 4-6) to create Fast EtherChannel port groups that act as single logical ports for high-bandwidth connections between switches or between switches and servers. You can also use Fast EtherChannel port groups to create redundant links between switches. Instead of keeping a redundant link in reserve in case of failure, Fast EtherChannel port groups use all available bandwidth while still providing a redundant link.
To display this page, select Port>Port Group (FEC) on the menu bar.
By default, Fast EtherChannel port groups forward packets based on the source address of a packet. This is different from normal Catalyst 2900 forwarding, which forwards based on the destination address. For more information on the difference between these two forwarding techniques, refer to the section "Fast EtherChannel Forwarding Methods" in the "Concepts" chapter.
You can create up to 12 port groups. Source-based port groups can have as many as eight ports; destination-based groups can have any number of ports. Port groups that link switches are configured independently and can be configured differently on each switch. You can configure a source-based port group on one switch and connect it to a destination-based port group on the other switch.
Switch features such as Spanning-Tree Protocol and flooding controls treat the port group as a single logical port. All ports, for example, are in the same STP state. Also, all ports in a port group must belong to the same VLAN. When you create a port group, the switch uses the configuration of the first port for all ports added to the group. After the group is created, changing STP or VLAN membership parameters for one port in the group automatically changes the parameters for all ports.
Each port group has one port that carries all unknown multicast, broadcast, and Spanning-Tree Protocol packets.
The forwarding method (source or destination) applies to the entire group. Follow these steps to add a port to a port group:
Step 1 Select a port from the list of ports.
Step 2 Click source or destination as the forwarding method.
Step 3 Click <<Add<<.
You can change port groups by adding and removing ports. You do not need to click apply when making changes to manager software lists.
If you want to change the distribution parameter for a port, follow these steps:
Step 1 Select a port from the Port drop-down list.
Step 2 Click source or destination as the forwarding method. When you change the forwarding method, it changes for the entire group.
Step 3 Select <<Add<<.
The following restrictions apply to entering static addresses that are forwarded to port groups:
Use the Port Monitoring (SPAN) page (Figure 4-7) to enable the Switched Port Analyzer (SPAN) feature. You can monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. A monitor port cannot monitor ports in a different VLAN, and a monitor port must be an access port. Any number of ports can be defined as monitor ports, and any combination of ports can be monitored.
To display this page, select Port>Port Monitoring (SPAN) on the menu bar.
See the section "Managing Configuration Conflicts" in this chapter for the restrictions that apply to monitor ports.
Follow these steps to configure your switch for SPAN:
Step 1 In the Monitor ports column, select the port or ports to be the monitor ports.
Step 2 In the Ports Being Monitored columns, select the ports to be monitored. You can select up to 15 ports at a time. (If you have selected 15 ports, click Apply, and continue to select ports, if necessary.)
Ports that are not in the same VLAN are not displayed.
Step 3 Click Apply.
Use the Flooding Controls page (Figure 4-8) to block the forwarding of unnecessary flooded traffic. You can enable three flooding techniques on this page:
To display this page, select Port>Flooding Controls on the menu bar.
To enable a network port, select Port>Flooding Controls from the menu bar.
When a port is enabled as the network port, the switch deletes all addresses associated with it in the address table. Learning is also disabled on the port. If you move a network port to a VLAN without a network port, it becomes the network port for the new VLAN.
See the section "Managing Configuration Conflicts" for limitations on configuring a network port.
Follow these steps to define a port as the network port:
Step 1 From the Interface drop-down list, select a port.
Step 2 Click <<Enable<<.
To remove a network port, select the port from the port list, and click Disable.
To enable or disable broadcast storm control, select Port>Flooding Controls on the menu bar.
Use broadcast storm control to block the forwarding of broadcast packets from a port when their volume exceeds a predefined limit. You also define a second threshold after which normal forwarding of broadcast packets from the port resumes. Broadcast storm control is configured on a per-port basis.
Broadcast storms are sudden bursts of packets that can cause a network to slow down or time out. Broadcast storm control is configured for the switch as a whole, but operates on a per-port basis. By default, broadcast storm control is disabled. The values shown on this page are the values currently in use.
To enable broadcast storm control, follow these steps:
Step 1 Select Enable in the Filter State: Requested/Actual column for the port.
Step 2 Select Enable in the Trap State: Requested/Actual column for the port to generate an SNMP trap when one of the thresholds is crossed. Use the SNMP Configuration page to configure a trap manager to receive the trap.
Step 3 Enter a number in the Threshold: Rising field for the port. This value determines when to activate broadcast storm control on the port.
In general, the higher the threshold, the less effective the protection against broadcast storms. The maximum half-duplex transmission on a 100BaseT link is 148,000 packets per second.
Step 4 Enter a value in the Threshold: Falling field for the port. This value determines when to deactivate broadcast storm control on the port.
Always ensure that the rising threshold is higher than the falling threshold.
Step 5 Click Apply.
By default, the switch floods packets with unknown destinations MAC addresses to all ports. There are some configurations where this flooding is unnecessary, and you can disable the flooding of unicast and multicast packets on a per-port basis. Flooded traffic does not cross VLAN boundaries, except for multi-VLAN ports, which flood traffic to all VLANs they belong to.
To display the page for blocking flooded traffic, select Port>Flooding Controls on the menu bar.
To disable flooding, deselect the unicast and multicast check boxes for the port, and click Apply.
See the section "Flooding Controls" of the "Concepts" chapter for more information on inhibiting flooding.
Use this Address Management page (see Figure 4-10) to manage the MAC address tables that the switch uses to forward traffic between ports. There is a separate list for each of the three types of addresses: dynamic, secure and static. See the section "Addresses and Address Learning" in the "Concepts" chapter for descriptions of these address types.
To display this page, select Security>Address Management on the menu bar.
The address tables list the destination MAC address with the VLAN ID, module, and port number associated with the address. "FastEthernet" is a constant that always precedes the module and port number. Figure 4-9 shows a list of dynamic addresses.
When you enter a static address, you use Static Address Forwarding Map to define how the packet is forwarded. Because all ports are associated with at least one VLAN, the switch acquires the VLAN ID for the address from the ports that you select on the forwarding map.
Each VLAN maintains its own logical address table. Addresses can be dynamic in one VLAN and secure in another, and a dynamic address in one VLAN can be completely unknown in another VLAN.
For more information about how the switch manages addresses, see the section "Addresses and Address Learning" in the "Concepts" chapter.
Dynamic addresses are source MAC addresses that the switch learns and then drops when they are not in use. Use the Aging Time field to define how long addresses that have not been seen should be retained by the switch. This parameter applies to all VLANs. Follow these steps to change the aging time for the switch:
Step 1 Highlight the Aging Time field.
Step 2 Enter the time, in seconds, after which an unused address is to be dropped. Possible values are from 10 to 1000000 seconds (about 11 and one-half days).
Step 3 Click Apply.
The section "Addresses and Address Learning" in the "Concepts" chapter describes the Catalyst 2900 address-learning capabilities.
The secure address table contains secure MAC addresses and the ports and VLANs with which they are associated. If you enter an address that is already assigned to another port, the switch reassigns the secure address to the new port. On the Port Security page, you can configure the switch to generate an alert or disable the port when it receives an address other than a secure address.
To display this page, select Security>Address Management on the menu bar.
Follow these steps to enter a secure address:
Step 1 Enter the MAC address in the MAC Address field.
Step 2 Select an interface and port from the Interface drop-down list.
Step 3 Select the VLAN ID from the drop-down list.
Step 4 Click <<Add<<.
After you have entered the secure address, select Security>Port Security to secure the port on the Port Security page.
The Static Address Forwarding map (Figure 4-11) displays when you enter a static address. Use this page to define those ports that frames are forwarded to based on the port on which they were received. The Rx On column on the left lists the source ports. The Forward to columns across the page are the destination ports. Ports that do not have check boxes belong to VLANs that a source port cannot access.
To display this page, select Security>Address Management on the menu bar, and enter or select an address in the Static Address Table.
Once an address is entered as a static address in one VLAN, it must be a static address in other VLANs. A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded to all ports and not learned.
Follow these steps to add a static address:
Step 1 In the MAC Address field, enter the MAC address in the format hhhh.hhhh.hhhh.
Step 2 Click <<Add<<. The Static Address Forwarding Map appears.
Step 3 On the Forwarding Map, select the ports that packets should be forwarded to when they arrive on the source port. Port selection is limited to ports that belong to the same VLAN.
Step 4 Click Apply.
Step 5 Verify your entry on the Address Management page by scrolling down to the address. There should be one entry for each source port with which the address is associated.
Follow these rules if you are configuring a static address to forward to ports in a Fast EtherChannel port group:
For more information, see the "Port Groups and the Forwarding of Static Addresses" section in this chapter.
To remove a static address:
Step 1 Select an address from the Static Address Table.
Step 2 Click Remove.
Use the Cisco Discovery Protocol (CDP) page to enable CDP for the switch, set global CDP parameters, and display information about neighboring Cisco devices.The switch uses CDP to maintain information about neighboring devices, including the device type, links between devices, and the number of interfaces within each device. The switch displays these devices in network view based on the CDP messages sent to the switch.
To display this page (see Figure 4-12), select Device>Cisco Discovery Protocol on the menu bar.
The CDP Neighbors list shows the devices with which this switch is exchanging CDP messages.
To display the page for working with CDP, select Device>Cisco Discovery Protocol on the menu bar.
Follow these steps to work with items in the list:
Step 1 Select an item in the list.
Step 2 Click one of these buttons:
Display the web interface of a neighboring device. The device must support built-in web-based management. | |
Telnet | Log in to the neighboring device via Telnet. |
Details | Display the CDP information about neighboring devices that is stored in the Catalyst 2900. |
Some CDP parameters are global to the switch, and some are entered on a per-port basis. Follow these steps to set the global parameters for CDP:
Step 1 Select the Run CDP check box to enable (default) or disable CDP. If you deselect RUN CDP, no CDP messages are exchanged, and selecting or deselecting the check boxes under Individual Port Enable has no effect. Click Traffic to display the CDP traffic the switch has received and sent.
Step 2 In the Packet Hold Time field, enter the number of seconds (between 5 and 255) that a neighboring device retains the CDP neighbor information received from this switch. The default is 180 seconds.
If a neighboring device does not receive a CDP message before this hold time expires, the neighboring device drops this switch as a neighbor.
Step 4 Click Apply.
Step 1 Deselect the check box next to the port under the heading Individual Port Enable.
Step 2 Click Apply.
Use the Cisco Group Multicast Protocol page (see Figure 4-13) to enable Cisco Group Management Protocol (CGMP) and the CGMP Fast Leave option. CGMP reduces the unnecessary flooding of IP multicast packets by limiting the transmission of these packets to groups of CGMP clients that request them. The Fast Leave option accelerates the removal of unused CGMP groups. By default, CGMP is enabled and Fast Leave is disabled.
To display this page, select Device>Cisco Group Multicast Protocol on the menu bar.
End stations issue join messages to become part of a CGMP group and issue leave messages to leave the group. The membership of these groups is managed by the switch and connected routers through the further exchange of CGMP messages.
CGMP groups are maintained by VLAN: a multicast IP address packet can be forwarded to one list of ports in one VLAN and to a different list of ports in another VLAN. When a CGMP group is added or removed, all members are in the same VLAN.
For more information on CGMP see the "Cisco Group Management Protocol and Fast Leave Feature" section in the "Concepts" chapter.
CGMP is enabled by default, and the check box is selected. To disable CGMP, deselect the check box, and click Apply. You can also manually list and remove multicast groups from this page.
To enable this option, select Device>Cisco Group Discovery Protocol on the menu bar.
The CGMP Fast Leave option reduces the delay associated with group members leaving groups. When an end station requests to leave a CGMP group, the group remains enabled for that VLAN until all members have requested to leave. With the Fast Leave option enabled, the switch immediately checks if there are other members that belong to the group on the segment. If there are no other members, the switch removes the port from the group. If there are no other ports in the group, the switch sends a message to routers connected to the VLAN to delete the entire group.
To enable the Fast Leave option, select the Enable CGMP Fast Leave check box, and click Apply.
The router hold time is the number of seconds the switch waits before removing all IP multicast groups learned from CGMP. Follow these steps to change it:
Step 1 In the Router Hold Time field, enter a number between 10 and 6000. The default is 300.
Step 2 Click Apply.
You can also reduce the forwarding of IP multicast packets by removing groups from the Current Multicast Groups table. Each entry in the table consists of the VLAN, IGMP multicast address, and ports. Follow these steps to remove a group from the table:
Step 1 Select an entry in the Current Multicast Groups Table.
Step 2 Click Remove.
Remove all groups by clicking Remove All.
Use the Spanning-Tree Protocol (STP) page (Figure 4-14), to change parameters for STP, an industry standard for avoiding loops in switched networks. Because each VLAN has its own instance of STP, you must first select a VLAN ID and click Modify STP Parameters to display the rest of the page. The switch supports up to 64 instances of STP.
To display this page, select Device>Spanning Tree Protocol on the menu bar.
This page is displayed in three illustrations. Figure 4-14 shows the page with no parameters; Figure 4-15 shows the parameters currently in use by the switch and the parameters that this switch would use if it became the root switch. Figure 4-16 shows the fields that you use to define port-level parameters.
STP is enabled by default. To disable STP, deselect Enable Spanning Tree, and click Apply.
To change STP options for a VLAN, select Device>Spanning Tree Protocol on the menu bar, select the VLAN ID of the STP instance to change, and click Modify STP Parameters.
In Figure 4-15, the parameters under the heading Current Spanning Tree Root are read-only and could be defined on another switch. The MAC Address field shows the MAC address of the switch currently acting as the root. The parameters under the heading Spanning Tree Options are the values that this switch would use as the root switch.
Follow these steps to change the configuration of STP on this switch:
Step 1 Use the following fields (see Figure 4-15) to change how your switch responds when STP reconfigures itself.
Protocol | Implementation of STP to use. Select one of the menu items: DEC, IBM, or IEEE. The default is IEEE. |
|
Enter a number from 0 through 65535. | |
Number of seconds a bridge waits without receiving STP configuration messages before attempting a reconfiguration. This parameter takes effect when a bridge is operating as the root bridge. Bridges not acting as the root use the root-bridge Max age parameter. Enter a number from between 10 and 10000. | |
Number of seconds between the transmission of STP configuration messages. Bridges not acting as a root bridge use the root-bridge Hello-time value. Enter a number from 1 through 10. | |
Number of seconds a port waits before changing from its STP learning and listening states to the forwarding state. This wait is necessary so that other switches on the network ensure no loop is formed before they allow the port to forward packets. Enter a number from 4 through 30. |
Step 2 Click Apply.
The ports listed on this page belong to the VLAN selected at the top of the page.
To change STP options port options for a VLAN, select Device>Spanning Tree Protocol on the menu bar, select the VLAN ID, and click Apply.
Follow these steps to change the port-specific parameters:
Step 1 Change the following fields to affect how the port responds if a loop is formed.
A lower path cost represents higher-speed transmission. This can affect which port remains enabled in the event of a loop. Enter a number between 1 and 65535. The default is 100 for 10BaseT, 10 for 100BaseT, and 1 for 1000BaseT. | |
Priority | Number used to set the priority for a port. A higher number has higher priority. If you are using a DEC-type STP, enter a number between 0 and 255. If you are using an IEEE-type STP, enter a number between 0 and 65535. |
Step 2 Select the Port Fast option if the port is connected to an end-station. The Port Fast option brings a port directly from a blocking state into a forwarding state.
The only time a port with the Port Fast option enabled goes through the normal cycle of STP status changes is when the switch is restarted.
Step 3 Click Apply.
Use the following fields (see Figure 4-16) to check the status of ports that are not forwarding due to Spanning-Tree Protocol:
Module | A fixed port (system) or a modular port (1 or 2). |
Port | The interface and port number. FastEthernet0/1 refers to port 1x. |
The current state of the port. A port can be in one of the following states: | |
Port is not participating in the frame-forwarding process and is not learning new addresses. | |
The port is not participating in the frame-forwarding process, but is progressing towards a forwarding state. The port is not learning addresses. | |
Port is not forwarding frames but is learning addresses. | |
Port is forwarding frames and learning addresses. | |
Port has been removed from STP operation. |
Use the System Configuration page (Figure 4-17) to enter the names of the files the switch uses when it restarts or resets. Catalyst 2900 switches support a Flash memory file system that includes a compiled image and other files that the switch uses when it resets. You can also use this page to copy a new release of the switch software from a TFTP server into the switch Flash memory.
To display this page, select System>System Configuration on the menu bar.
The section "Managing a Switch Software Upgrade" in this chapter describes how to download a TFTP server supplied by Cisco Systems and how to download new software files from the Cisco Connection Online Software Center.
Click Details to display an ASCII version of the console port characteristics.
The startup configuration file contains the IP addresses, passwords, and any other parameters you entered when you first configured the switch. The switch maintains the configuration by reloading this file when it restarts. However, the startup configuration file might not have the configuration that is currently operating the switch. Changes made through the manager software or the command-line interface (CLI) take effect immediately but must be explicitly saved to be included in the startup configuration.
Use this page to save the running configuration to the startup configuration file. The following buttons control the switch startup:
Click to write the running configuration to Flash memory. This configuration is then loaded when the switch is restarted. | |
Click to restart the switch and load the startup configuration. |
To change the system reload options, select System>System Configuration on the menu bar.
This section describes the parameters used by the switch when it reloads its software. By default, the System Reload Options fields contain the correct information to reboot the system. Some of the fields contain files that reside in Flash memory. To determine the names of the files to use, enter the following EXEC mode command at the CLI:
switch# dir flash: Directory of flash: 2 -rwx 843947 Mar 01 1993 00:02:18 C2900XL-h-mz-112.8-SA 4 drwx 3776 Mar 01 1993 01:23:24 html 66 -rwx 130 Jan 01 1970 00:01:19 env_vars 68 -rwx 1296 Mar 01 1993 06:55:51 config.text
1728000 bytes total (456704 bytes free)
If you need more information about accessing the switch via the CLI, refer to the section "Configuring the Switch for Telnet" in the "Cisco IOS Management" chapter.
Follow these steps to change the system reload options:
Step 1 Enter the image filename and other details for reloading the system.
Cisco IOS Image File | Enter the path and name of the Cisco IOS image file to load when the system reboots. This file has a name like C2900XL-h-mz-112.8-SA3. |
Configuration File | Enter the path and name of the startup configuration file that the image file reads to configure the switch. This file can have a name like config.text. |
Helper Path List | Enter the path and filename of the helper file to be loaded with the image file, as needed. Helper files can extend the functionality of the boot loader. Diagnostic software, for example, can be loaded with the boot loader. Normally, this field should be left blank. |
NVRAM Buffer Size | Enter the number of bytes to allocate for the NVRAM buffer. This buffer must be big enough to hold the configuration file. You can enter the privileged EXEC mode command dir from the CLI to check the buffer size. You can increase the buffer to a maximum of 131072 bytes. |
Boot Loader Flags | Enter -post to display all possible POST messages. This can increase the time it takes for the switch to boot. |
Manual Boot | Enable a pause in the boot sequence. You are then prompted to enter a command at the CLI to load the software. |
Enable Break while booting | Allow a break, such as an RS-232 break, to end the boot sequence. You can use this option to interrupt the boot when running terminal emulation software on a remote workstation. |
Step 2 Click Apply.
For more information on working with system files and options for reloading the system, see the "Working with Files in Flash Memory" section in the "Cisco IOS Management" chapter.
To display the page to upgrade the switch firmware, select System>System Configuration on the menu bar.
New releases of Catalyst 2900 firmware are periodically posted to the Cisco Connection Online (CCO) web site. These releases are compatible with all Catalyst 2900 switches and can be downloaded to a PC or workstation by registered users.
A new firmware release consists of an image file and the manager software HTML pages. After you have downloaded these files, you can copy them into Flash memory with a TFTP server. As part of software upgrade, the filename of the existing file is renamed to that of the new file. The TFTP server then replaces the old file with the new. The new software loads the existing startup configuration file when the switch restarts. You can also upgrade the software by using the CLI.
If you have a TFTP server installed on your PC or workstation, follow these steps to upgrade the firmware:
Step 1 Enter the IP address or name of the TFTP server in the Server IP Address or Name TFTP Server field. See the section "Displaying the IP Address of the TFTP Server" in this chapter for a procedure for obtaining the IP address.
Step 2 Enter the name of the image file that you downloaded from CCO in the Cisco IOS Upgrade Filename field. This might be a name like C2900XL-h-mz-112.8-SA3. Do not enter the path.
Step 3 Click Upgrade Cisco IOS Image.
Step 4 Click OK when the switch prompts you to rename the file.
Step 5 Click OK to confirm the upgrade.
The upgrade can take several minutes. The TFTP server window displays a successful message when the upgrade is complete.
Step 6 Click Reboot System to activate the new Cisco IOS image.
To upgrade the HTML files for manager software, select System>System Configuration on the menu bar to display the System Configuration page (see Figure 4-18).
Follow these steps to upgrade the manager software HTML pages:
Step 1 Upgrade the switch firmware to the latest version and reboot the switch, as described in the section "Upgrading Switch Firmware via TFTP" in this chapter.
Step 2 Enter the IP address of the TFTP server in the Server IP Address or Name of TFTP Server field.
Step 1 Enter the name of the HTML file in the Filename for Switch Manager Upgrades: field.
Step 2 Click Upgrade Switch Manager Files.
Step 3 Click OK when the switch prompts you to confirm the upgrade. The upgrade can take several minutes. The TFTP server displays a successful message when the upgrade is complete.
Step 4 Click Reload on the browser to display the latest page.
You upgrade Catalyst 2900 switch software by downloading a new Cisco IOS image file and new manager software HTML files from Cisco Connection Online (CCO). The following sections describe some of the steps you take to complete a software upgrade.
Follow these steps to download a new version of Catalyst 2900 software:
Step 1 Display the Cisco home page by pointing your browser at one of the following URLs:
Step 2 Log in to CCO. You might need to register the first time you log in.
Step 3 To locate the software files from the home page, select Software and Support>Software Center>Switching Products>Catalyst 2900XL.
You can also enter the following URL in your browser Go To field: http://www.cisco.com/cgi-bin/tablebuild.pl/cat2900XL
Step 4 Follow the instructions on the page to download the two files.
Before you can download new software to your switch, you need to enter the IP address of you PC or workstation on the System Management page. If you are running a Cisco TFTP server, the PC IP address is displayed on the application title bar.
If you do not know the IP address, follow these steps to display it:
Use the IP Management page (Figure 4-19) to change or enter IP information for the switch. Some of this information, such as the IP address, you previously entered.
To change IP information for the switch, select System>IP Management on the menu bar.
| Caution Changing the switch IP address on this page will end your manager software session. If this occurs, you can restart manager software by entering the new IP address in the browser URL field, as described in the "Accessing Manager Software" section in this chapter. |
The switch IP address belongs to VLAN 1 and is used to access out-of-band management interfaces such as manager software and SNMP. For a port to access one of these management interface, it must also belong to VLAN 1.
Follow these steps to enter the IP parameters for the switch:
Step 1 Enter a new IP address for the switch. When you change the IP address, the browser closes your session. When this happens, return to the manager software by entering the new IP address in the browser Location field.
Step 1 Enter a subnet mask (IP mask) for the switch.
Step 2 Enter a broadcast address for the switch. The switch uses this address to send messages to all stations.
Step 3 Enter the IP address of the default gateway, or router. With this address, the switch can activate the IP protocol stack. Unknown IP addresses are forwarded to the default gateway.
This field is filled automatically if a discovery protocol finds a router connected to a switch port.
Step 4 Enter the default domain name for the switch.
Step 5 Check the management VLAN. If you want to manage the switch via Telnet, SNMP, or manager software, you need to access it through a port belonging to this VLAN.
Step 6 Click Apply.
Domain name servers convert domain names into their corresponding IP addresses.
To add a server, enter the IP address of a DNS server in the New Server field, and click <<Add<<.
To remove a server, select an address in the Current Servers table, and click Remove.
Use the ARP Table page (Figure 4-20) to display the table and change the timeout value. The Address Resolution Protocol (ARP) discovers the MAC address and VLAN ID that corresponds to a host IP address. Figure 4-21 shows the meaning the ARP table contents.
To display this page, select System>ARP Table on the menu bar.
ARP entries added manually to the table do not age and must be removed manually. Click Remove All to clear the ARP cache. To change the ARP timeout value, enter the number of seconds (between 1 and 4294967) in the ARP Cache Timeout Value field, and click Apply.
Use the Port Security page (Figure 4-22) to enable port security and define the size of the address table for secured ports. Port security is described in the section "Secure Ports" in the "Concepts" chapter.
To display this page, select Security>Port Security on the menu bar.
Limiting the number of devices that can connect to a secure port has the following advantages:
The following fields validate port security or indicate security violations:
Secure Addresses | The number of addresses in the address table for this port. Secure ports have at least one in this field. |
Security Rejects | The number of unauthorized addresses seen on the port. |
See the section "Managing Configuration Conflicts" in this chapter for those port features that are unavailable to secure ports.
Follow these steps to secure a port:
Step 1 Select the check box in the Security column for the port.
Step 2 In the Violation Action column, select the action the switch takes when packets with an unauthorized address arrive on the port. Select Trap to issue an address-violation trap, select Shutdown to disable the port, or select both.
Step 3 Click Apply.
Step 4 Confirm that port security has been enabled by checking that the Secure Addresses column for that port has at least one address.
Step 5 If you want to statically assign secure addresses, display the Address Management page by selecting Security>Address Management.
A secure port can have from 1 to 132 secure addresses associated with it. Setting the MAC address table associated with the port to have one address ensures the attached device has the full bandwidth of the port.
Enter a number from 1 to 132 in the Maximum Addresses field, and click Apply.
Use the SNMP Configuration page (Figure 4-23) to disable SNMP and configure your switch for SNMP management.
To display this page, select System>SNMP Configuration on the menu bar.
Use this page to perform the following tasks:
If you deselect Enable SNMP and click Apply, SNMP is disabled, and the SNMP parameters on the page disappear. Some network view features are not available when SNMP is disabled.
This information identifies the switch and the system administrator:
Step 1 Enter a name to be used for the switch.
Step 2 Enter the location of the switch.
Step 3 Enter the name of a person or organization.
Step 4 Click Apply.
Click Statistics to display the SNMP system information about the switch.
Read only (RO) | Enables requests accompanied by the string to display MIB-object information. |
Read write (RW) | Enables requests accompanied by the string to display MIB-object information and to set MIB objects. |
Step 1 Enter a character string in the String field. This string can be any length.
Step 2 Click RO (read only) or RW (read write).
Step 3 Click <<Add<< or Remove.
Step 1 Enter the IP address or name of the station in the IP Address field.
Step 2 Enter a community string of any length. If you have configured VLANs, follow this convention when entering the community string:
string@vlan-id
Where:
string | Any text |
vlan-id | The number identifying the VLAN. |
Step 3 Click <<Add<<.
Step 4 Select which class of traps the trap manager is to receive. Select a check box to enable one or more of the following:
Step 5 Click Apply.
Use the VLAN Management page (Figure 4-24) to assign ports to VLANs. The switch supports up to 64 VLANs, and you can assign ports to a VLAN number between 1 and 1001. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router or bridge.
To display this page, select VLAN>VLAN Management on the menu bar.
A port can be in one of these modes:
| Caution Multi-VLAN ports should only be connected to a router or a server. |
To assign a port to a VLAN:
Step 1 Select an item from the drop-down list in the Mode column: Access or Multi-VLAN.
Step 2 Enter a VLAN number in the Assigned VLANs field.
Step 3 Click Apply.
Use the Logging Configuration page (Figure 4-25) to define the logging type and the severity level of information that the switch should log. The switch can generate log messages when the configuration changes and when certain network or switch events occur. You can set the switch to write this information to the management console or to a buffer, file, or UNIX syslog facility. Specify the amount of detail to log by selecting the appropriate severity level.
To display this page, select Fault>Logging Config on the menu bar.
Select one of the following options to log switch activity, and then click Apply:
Console Logging | Select this option to write log information to the management console. |
Buffer Logging | Select this option to write log information to a buffer in Flash memory. Enter the size of the buffer in the Buffer Size field. The recommended buffer size is 32 KB. Information is maintained in the buffer on a first-in, first-out basis. If the buffer is full and you click Show Buffer, the most recent data is always displayed. |
File Logging | Select this option to maintain a log file on an external server or in Flash memory. If the switch fails, it writes information about the cause of the failure to this file before functionality is lost. To write to a file on a server: Step 1 Select Enable File Logging. Step 2 Select a severity level from the Logging Level menu. Step 3 Enter a TFTP URL and the filename, the appropriate XMODEM command, or flash:filename. Step 4 Enter a minimum and maximum file size, in bytes. Step 5 Click Apply. |
Syslog | Select this option to use the UNIX syslog facility to manipulate log information written to a UNIX host. Log information sent to the UNIX host is then managed according to the facility. |
| Follow these steps to add a host to which log information is to be written: Step 1 Enter the host IP address in the New Host field. Step 2 Click <<Add<<. To use syslog, you also need to select the facility that handles the log data. Select a facility, and click Apply. |
If you select the logging level of debugging, use the Debugging Management page to define the protocols or system functions for which you want to display debugging information. Select Fault>Debugging Mgmt to display this page.
The switch can log eight levels of messages. When you select a logging level, the switch logs all syslog messages of that level and above. The default level is "Errors."
Select a level from one of the following choices on the Logging Level menu:
Emergencies | The switch is at risk of failing. |
Alert | A condition exists that should be corrected immediately. |
Critical | A critical condition exists, such as a device error. |
Errors | Errors. |
Warnings | Warning messages. |
Notifications | Conditions that are not errors, but that could require special handling. |
Information | Informational messages. |
Debugging | Messages only used for debugging. |
Use the Debug Management page (Figure 4-27) to select debugging information to be displayed on the command-line interface (CLI) or written to one of the available logging options. You can select any combination of protocols and system functions for which to display information.
To display this page, select Fault>Debugging Mgmt.
To configure the switch to generate debugging information, follow these steps:
Step 1 Select the check boxes next to the information category to display or log.
Step 2 If you are writing this information to a log, ensure that you selected debugging from the Logging Level drop-down list of the Logging Configuration page.
Step 3 Click Apply.
Posted: Tue May 11 12:06:21 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.
