|
|
This chapter describes the Cisco Visual Switch Manager Software, hereafter referred to as the manager software, a graphical user interface (GUI) for switch configuration and monitoring switch and network activity.
You can use the manager software network view feature to display a picture of your network and to manage more than one switch at a time. This feature is described in
"Switch Network View Software."
This chapter covers the following topics:
For information about other management options, refer to
"SNMP Management," and "Cisco IOS Management."
This section describes the supported browsers and how to configure them to use the switch manager and network view software.
The manager software and the network view provide access to the switch through the browsers listed in Table 4-1.
| Operating System | Netscape Communicator | Microsoft Internet Explorer | |
|---|---|---|---|
| Cisco Visual Switch Manager |
|
| |
| Windows 95 Service Pack 1, Windows 98 | 4.03 or higher | 4.01 Service Pack 1 (SP1) |
| Windows NT (Service Pack 3 recommended) | 4.03 or higher | 4.01 Service Pack 1 (SP1) |
| Solaris 2.5.1 or higher, with the Sun-recommended patch cluster for that operating system and Motif library patch 103461-24. | 4.03 or higher | - |
| Cisco Switch Network View |
|
| |
| Windows 95 Service Pack 1, Windows 98 | 4.06 or higher | 4.01 Service Pack 1 (SP1) |
| Windows NT, (Service Pack 3 recommended) | 4.06 or higher | 4.01 Service Pack 1 (SP1) |
| Solaris 2.5.1 or higher, with the Sun-recommended patch cluster for that operating system and Motif library patch 103461-24. | 4.06 or higher | - |
Follow these steps to configure Netscape Communicator:
Step 1 Start Netscape Communicator.
Step 2 From the menu bar, select Edit>Preferences.
Step 3 In the Preferences window, click Advanced.
(a) Select the Enable Java, Enable JavaScript, and Enable Style Sheets check boxes.
(b) Click OK to return to the browser home page.
Step 4 From the menu bar, select Edit>Preferences.
(a) In the Preferences window, click Advanced Cache, and select Every time.
(b) Click OK to return to the browser home page.
Follow these steps to configure Microsoft Internet Explorer:
Step 1 Start Internet Explorer.
Step 2 From the menu bar, select View>Internet Options.
Step 3 In the Internet Options window, click Advanced.
(a) Scroll through the list of options until you see Java VM. Select the Java JIT compiler enabled and Java logging enabled check boxes.
(b) Click Apply.
(c) Click General. In the Temporary Internet Files section, click Settings. The Settings window opens.
Step 4 Click Every visit to the page, and click OK.
Step 5 In the Internet Options window, click Security.
(a) In the Zone drop-down list, select Trusted Sites Zone.
(b) In the Trusted Sites Zone section, click Custom.
(c) Click Settings.
Step 6 Select Java>Java Permissions section, and select Custom.
Click Java Custom Setting, which appears at the bottom of the window.
Step 7 In the Trusted Sites Zone window, click Edit Permissions.
(a) If the buttons under Run Unsigned Content are grayed out, select either Medium or Low security at the bottom of the window in the Reset Java Permissions list box. Click Reset.
(b) Under Run Unsigned Content, select Enable, and click OK.
Step 8 In the Security Settings window, click OK.
Step 9 In the Internet Options window, click Security.
(a) Verify that the Zone drop-down list is set to Trusted Sites Zone.
(b) In the Trusted Sites Zone section, click Add Sites.
Step 10 In the Trusted Sites Zone window, deselect the Require server verification check box.
(a) In the Add this Web site to the Zone field, enter the switch IP address as in this example:
(b) Click Add, and then click OK.
Step 11 In the Internet Options window, click Apply, and then click OK.
The manager software is an embedded HTML web site in Flash memory. You can use the live image of the switch on the manager home page to monitor switch activity and confirm configuration changes without having to go into the wiring closet. Online help is available on all pages.
You do not have to configure the switch. Default values are defined for all switch features, and the switch begins forwarding packets as soon as it is powered up and connected to compatible devices. Table 4-2 shows the default values and the manager software page you can use to change them
.
| Feature | Default Setting | Menu Option and Page | |
|---|---|---|---|
| Management | |||
| Switch IP address, subnet mask, and default gateway | 0.0.0.0. | System>IP Management |
Cisco Discovery Protocol (CDP) | Enabled. | Device>Cisco Discovery Protocol | |
| Address Resolution Protocol (ARP) | Enabled. | System>ARP Table |
| Static address assignment | None assigned. | Security>Address Management |
| Network View | Always available. | Button on Cisco Visual Switch Manager Home page |
| Virtual (VLAN) membership | All ports are static-access ports in VLAN 1. | VLAN>VLAN Membership |
|
|
|
|
| Performance | |||
Autonegotiation of duplex mode | Enabled. | Port>Port Configuration | |
Autonegotiation of port speeds | Enabled. | Port>Port Configuration | |
| Flooding Control |
|
| |
Broadcast storm control | Disabled. | Port>Flooding Controls | |
| Flooding unknown unicast and multicast packets | Enabled. | Port>Flooding Controls |
| Network port | Disabled. | Port>Flooding Controls |
| CGMP | Enabled. | Device>Cisco Group Management Protocol |
| Network Redundancy |
|
| |
Spanning-Tree Protocol | Enabled. | Device>Spanning-Tree Protocol | |
Port grouping | None assigned. | Port>Port Grouping (EC) | |
| Diagnostics |
|
| |
SPAN port monitoring | Disabled. | Port>Port Monitoring (SPAN) | |
Console, buffer, and file logging | Disabled. | Fault>Logging Config | |
| Security |
|
| |
Password | None. | Basic System Configuration (Home) | |
Addressing security | Disabled. | Security>Address Management | |
Trap manager | 0.0.0.0. | System>SNMP Configuration | |
Community strings | public. | System>SNMP Configuration | |
Port security | Disabled. | Security>Port Security | |
Manager software pages show the settings that have been defined for the switch. You change the configuration settings by entering information into fields, adding and removing list items, or selecting check boxes. When using the network view feature, you can click the right mouse button to create reports.
When you enter information into fields and click Apply, it becomes part of the running (current) configuration. If you make a mistake and want to retype an entry, click Revert to undo your first entry. However, items added or removed from the manager software lists immediately become part of the running configuration, and you do not need to click Apply. For more information on using the network view, refer to "Switch Network View Software."
Certain combinations of port features create configuration conflicts (see Table 4-3). For example, the network port floods all unknown unicast and multicast packets to a port; therefore, port security, which limits traffic on a port, cannot be enabled on the network port. If you try to enable incompatible features, the manager software issues a warning message and prevents you from making the change. Reload the page to refresh the manager software.
| Port Group | Port Security | Monitor Port | Multi-VLAN Port | Network Port | |
|---|---|---|---|---|---|
| Port group | - | No | No | Yes | Yes |
| Port security | No | - | No | No | No |
| Monitor port | No | No | - | No | No |
| Multi-VLAN port | Yes | No | No | - | Yes |
| Network port | Yes (only source-based destination group) | No | No | Yes | - |
The configuration file that is loaded when the switch is restarted is in Flash memory. This file is not necessarily the same as the running configuration. If you want the running (current) configuration to be used when the switch restarts, follow the steps in the "System Configuration" section.
The switch must have an IP address before you can access the manager software. For instructions, see "Assigning IP Information to the Switch" section.
Follow these steps to access the manager software:
Step 1 Be sure that you have configured your browser; see the "Configuring the Browser for Web Management" section.
Step 2 Start the browser.
Step 3 Enter the switch IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer).
Step 4 Click Open.
The Cisco Systems Access page (see Figure 4-1) is displayed.
Step 5 Click Visual Switch Manager to display the Cisco Visual Switch Manager Home page shown in Figure 4-2.
The Cisco Visual Switch Manager Home page (Figure 4-2) is always displayed when you click Visual Switch Manager on the Cisco Systems Access page. All the manager software pages have a Home button you can click to return to this page. From the home page, click Network View to display the Cisco Switch Network View application described in "Switch Network View Software."
Use this page to perform the following tasks:
Click a menu bar item to display the available choices listed in Table 4-4.
| Menu Bar Choices | Task | ||
|---|---|---|---|
| Port | |||
Port Configuration | Enable or disable ports, and set port parameters. | ||
Port Grouping (EC) | Group ports into logical units for high-speed links between switches. | ||
Port Monitoring (SPAN) | Enable SPAN port monitoring. | ||
Flooding Controls | Enable broadcast storm control, assign a network port, and block unicast and multicast flooding on a per-port basis. | ||
| System | |||
System Configuration | Save the running configuration, and upgrade firmware via Trivial File Transfer Protocol (TFTP). | ||
IP Management | Enter IP information for the switch. | ||
SNMP Configuration | Enter Simple Network Management Protocol (SNMP) trap managers and community strings. | ||
ARP Table | Display the ARP table and change the timeout. | ||
| Security | |||
Address Management | Enter static addresses and the address aging time. | ||
Port Security | Enable port security. | ||
| Device | |||
| Cisco Discovery Protocol | Enable and disable CDP information. | |
Cisco Group Multicast Protocol | Enable and disable CGMP and CGMP Fast Leave feature. | ||
| Spanning-Tree Protocol | Display and change STP parameters for the switch. | |
| VLAN | |||
VLAN Membership | Assign ports to port-based VLANs. | ||
| Fault | |||
Logging Config | Set logging parameters. | ||
This information is usually entered once and not changed. Enter any text in the Name, Location and User/contact name fields. You can enter up to 255 characters in each field.
Follow these steps to change the password:
Step 1 In the Name field, enter a character string.
Step 1 In the Assign/Change password field, enter a character string for the enable password.
Step 2 In the Reconfirm password field, reenter the same string.
Step 3 Click Apply.
The connection with the switch is broken. The browser prompts you for the new password:
Step 4 Enter the same password, and click OK.
If you do not know the password, see the "Recovering from a Lost or Forgotten Password" section.
The switch image refreshes every 30 seconds, and the LED image presents the same information as the actual LEDs. Click the Mode button to highlight STAT (status), SPD (speed), or FDUP (duplex), changing the information conveyed by the port LEDs. The legend under the image describes the meaning of the colors in each mode.
The System LED displays the status of the switch, and the RPS lights when a Cisco RPS is attached. The 1 or 2 LED is on when a module is installed.
For a complete description of the switch LEDs, see the "LEDs" section.
Follow these steps to configure a port from the manager home page:
Step 1 Click a port on the switch image to display the Port Configuration pop-up window (Figure 4-3).
Step 2 Note the actual settings for the Admin Status, Duplex, and Speed fields.
Step 3 Select the Enable check box to enable the port, or select an option from the Duplex or Speed drop-down menus.
For Gigabit Ethernet ports, the speed field is read-only and displays 1000 for 1000 Mbps.
Step 4 Click Apply.
It can take up to 30 seconds for the image to reflect your change.
Use this page to enable and disable ports and set the duplex and speed parameters. Select Port>Port Configuration from the menu bar.
Figure 4-4 shows the port listings. The columns on the page have the following meanings and uses:
Port | The word Fa (Fast Ethernet) or Gi (Gigabit Ethernet), a module number, and a port number. In the example, the port is on module 0 (a fixed port) and port number 1: Fa0/1 |
Status: Admin/Actual | Enable or disable the port. The field also displays the current port status. |
Duplex: Requested/Actual | Display the current duplex setting. You can set a port to full-duplex (Full), half-duplex (Half), or autonegotiate (Auto). The default is Auto. |
Speed: Requested/Actual | Display the current speed setting. You can set a port to 10 Mbps (10), 100 Mbps (100), or autonegotiate (Auto). The default is Auto. For Gigabit Ethernet ports, this field is read-only and displays 1000 (1000 Mbps). |
Port Name | Name the port or describe how it is connected. |
Display transmit and receive statistics for the port. Click Reset to clear the statistics and close the statistics window. |
To enable or disable a port, select or deselect the check box in the Status: Admin/Actual column, and click Apply.The column also displays the actual status of the port. An enabled port can have an actual status of DOWN because there is no device connected to it.
 | Caution It is possible to reconfigure the port through which you are managing the switch. This could cause a temporary loss of connectivity due to Spanning-Tree Protocol reconfiguring. |
Follow these steps to review the speed and duplex settings for the entire switch:
Step 1 Click Home to display the image of the switch.
Step 2 Click Mode until FDUP lights. If the port LED is off, the port is running in half-duplex mode. If the port LED is green, the port is running in full duplex.
Step 3 Click Mode until 100 lights. If the port LED is off, the port is running at 10 Mbps. If the port LED is green, the port is running at 100 Mbps.
Switch ports can automatically match the full-duplex capability and the transmission speed of an attached device. Follow these steps to explicitly set these parameters for a port:
Step 1 From the Duplex: Requested/Actual drop-down list, select Half, Full, or Auto (autonegotiating).
Step 2 From the Speed: Requested/Actual drop-down list, select 10, 100, or Auto (autonegotiating).
For Gigabit Ethernet ports, this field is read-only and displays 1000 for 1000 Mbps.
Step 3 Click Apply.
If the Spanning-Tree Protocol is enabled, the switch can take up to 30 seconds to check for loops when a port is reconfigured. The port LED is amber while STP reconfigures.
Autonegotiation can at times produce unpredictable results. For details on how to maximize switch performance with autonegotiation, see the "Autonegotiation Mismatches" section.
Follow these steps to check each end of the connection to identify a mismatch.
If the port is in half-duplex mode:
Step 1 In the Statistics column, click View, and check for late collision errors.
A high number of late collisions could mean the port is connected to a port set to full-duplex mode.
Step 2 Check the port to which this port is connected.
If it is in full-duplex mode, a mismatch exists.
Step 3 Click View to check for FCS errors on the full-duplex port and to check for late collision errors on the half-duplex port.
To correct mismatched port settings, follow one of these guidelines:
If a port is set to autonegotiate duplex and an attached device does not support autonegotiation, the switch sets Fast Ethernet ports to half-duplex mode and Gigabit Ethernet ports to full-duplex mode. To avoid the resulting late collisions and other errors, set the duplex parameters to match the attached device; do not set them to Auto. For more information, see the "Identifying an Autonegotiation Mismatch" section.
Use the Port Group (EtherChannel) page (see Figure 4-5) to create Fast EtherChannel and Gigabit EtherChannel port groups. These port groups act as single logical ports for high-bandwidth connections between switches or between switches and servers. You can also use port groups to create redundant links between switches. Instead of keeping a redundant link in reserve in case of failure, EtherChannel port groups use all available bandwidth while still providing a redundant link.
To display this page, select Port>Port Grouping (EC) from the menu bar.
By default, a switch forwards traffic to a port group based on the packet source address. This is different from normal switch forwarding, which forwards based on the destination address. These two forwarding techniques are described in the "EtherChannel Forwarding Methods" section.
You can create up to 12 port groups. Source-based port groups can have as many as eight ports; destination-based groups can have any number of ports. Port groups that link switches are configured independently and can be configured differently on each switch. You can configure a source-based port group on one switch and connect it to a destination-based port group on the other switch.
The switch treats the port group as a single logical port; therefore, when you create a port group, the switch uses the configuration of the first port for all ports added to the group. After the group is created, changing STP or VLAN membership parameters for one port in the group automatically changes the parameters for all ports.
Each port group has one port that carries all unknown multicast, broadcast, and STP packets.
The forwarding method (source or destination) applies to the entire group. Follow these steps to add a port to a port group:
Step 1 From the Port drop-down list, select a port.
Step 2 Click source or destination as the forwarding method.
Step 3 Click <<Add<<.
Follow these steps to remove a port from a group:
Step 1 From the Group list, select a port.
Step 2 Click Remove.
The following restrictions apply to entering static addresses that are forwarded to port groups:
Use the Port Monitoring (SPAN) page (Figure 4-6) to enable the Switched Port Analyzer (SPAN) feature. You can monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. A monitor port cannot monitor ports in a different VLAN, and a monitor port must be a static-access port. Any number of ports can be defined as monitor ports, and any combination of ports can be monitored.
To display this page, select Port>Port Monitoring (SPAN) from the menu bar.
For the restrictions that apply to monitor ports, see the "Managing Configuration Conflicts" section.
Follow these steps to configure your switch for SPAN:
Step 1 In the Monitor ports column, select the port or ports to be the monitor ports.
Step 2 In the Ports Being Monitored columns, select the ports to be monitored.
You can select up to 15 ports at a time. (If you have selected 15 ports, click Apply, and continue to select ports, if necessary.)
Ports that are not in the same VLAN are not displayed.
Step 3 Click Apply.
Use the Flooding Controls page (Figure 4-7) to block the forwarding of unnecessary flooded traffic. You can enable three flooding techniques from this page:
To display this page, select Port>Flooding Controls from the menu bar.
Enabling a network port can reduce flooded traffic on your network. The network port receives all traffic with unknown destination addresses instead of the switch flooding it to all ports in the same VLAN. Space is then conserved in the dynamic address table because a network port does not learn source addresses from received packets. Network ports are assigned per VLAN.
The switch deletes all addresses associated with the network port from the address table and disables learning on the port. If you configure other ports in the VLAN as secure ports, the addresses on those ports are not aged. For more information, see "Securing a Port" section. If you move a network port to a VLAN without a network port, it becomes the network port for the new VLAN.
For limitations on configuring a network port, see the "Managing Configuration Conflicts" section.
Follow these steps to define a port as the network port:
Step 1 From the menu bar, select Port>Flooding Controls.
Step 2 From the Interface drop-down list, select a port.
Step 3 Click <<Enable<<.
To remove a network port, select the port from the port list, and click Disable.
A broadcast storm occurs when a large number of broadcast packets are received. Forwarding these packets can cause the network to slow down or to time out. Broadcast storm control is configured for the switch as a whole, but operates on a per-port basis. By default, broadcast storm control is disabled.
Broadcast storm control uses specific high and low numbers of broadcast packets to block and then to restore forwarding of broadcast packets. Broadcast storm control is configured on a per-port basis.
To enable broadcast storm control, follow these steps:
Step 1 From the menu bar, select Port>Flooding Controls.
Step 2 In the Filter State: Requested/Actual column for the port, select Enable.
Step 3 In the Trap State: Requested/Actual column for the port, select Enable to generate an SNMP trap when one of the thresholds is crossed.
Use the SNMP Configuration page to configure a trap manager to receive the trap.
Step 4 In the Threshold: Rising field for the port, enter a number from 0 to 4294967295 broadcast packets per second.
Traffic above this value activates broadcast storm control on the port.
In general, the higher the threshold, the less effective the protection against broadcast storms. The maximum half-duplex transmission on a 100BaseT link is 148,000 packets per second.
Step 5 In the Threshold: Falling field for the port, enter a number from 0 to 4294967295 broadcast packets per second.
Traffic below this value deactivates broadcast storm control on the port. Always ensure that the rising threshold is greater than the falling threshold.
Step 6 Click Apply.
By default, the switch floods packets with unknown destinations MAC addresses to all ports. Some configurations do not require flooding. For example, a port that has only manually assigned addresses has no unknown destinations, and flooding serves no purpose. Therefore, you can disable the flooding of unicast and multicast packets on a per-port basis. Ordinarily, flooded traffic does not cross VLAN boundaries, but multi-VLAN ports flood traffic to all VLANs they belong to.
To display the page for blocking flooded traffic, select Port>Flooding Controls from the menu bar.
To disable flooding, deselect Unicast and Multicast for the port, and click Apply.
Use the System Configuration page (see Figure 4-8) to enter the names of the files the switch uses when it restarts or resets using files stored in Flash memory.
To display this page, select System>System Configuration from the menu bar.
To display an ASCII version of the console port characteristics, click Details.
The startup configuration file contains the IP addresses, passwords, and any other information you entered. The switch reloads this file when it restarts. However, the startup configuration file might not be the running (current) configuration. Changes made through the manager software or the CLI take effect immediately but must be explicitly saved to be included in the startup configuration.
Use this page to save the running configuration to the startup configuration file. The following buttons control the switch startup:
Click to write the running configuration to Flash memory. This configuration is then loaded when the switch is restarted. | |
Click to restart the switch and to load the new startup configuration. |
To change the system reload options, select System>System Configuration from the menu bar.
This section describes the parameters used by the switch when it reloads its software. By default, the System Reload Options fields contain the correct information to reboot the system. Some of the fields contain files that reside in Flash memory. To determine the names of the files to use, enter the following EXEC mode command at the CLI:
switch# dir flash: Directory of flash: 2 -rwx 843947 Mar 01 1993 00:02:18 C2900XL-h-mz-112.8-SA4 4 drwx 3776 Mar 01 1993 01:23:24 html 66 -rwx 130 Jan 01 1970 00:01:19 env_vars 68 -rwx 1296 Mar 01 1993 06:55:51 config.text 1728000 bytes total (456704 bytes free)
If you need more information about accessing the switch via the CLI, refer to the "Configuring the Switch for Telnet" section.
Follow these steps to change the system reload options:
Step 1 Enter the image filename and other details for reloading the system.
Cisco IOS Image File | Enter the path and name of the IOS image file to load when the system reboots. This file has a name like C2900XL-h-mz-112.8-SA4. |
Configuration File | Enter the path and name of the startup configuration file that the image file reads to configure the switch. This file has the name config.text. |
Helper Path List | Enter the path and filename of the helper file to be loaded with the image file, as needed. Helper files can extend the functionality of the boot loader. Diagnostic software, for example, can be loaded with the boot loader. Normally, this field should be left blank. |
NVRAM Buffer Size | Enter the number of bytes to allocate for the NVRAM buffer. This buffer must be big enough to hold the configuration file. You can enter the privileged EXEC mode command dir from the CLI to check the buffer size. You can increase the buffer to a maximum of 524288 bytes. |
Boot Loader Flags | Enter -post to display all possible POST messages. This can increase the time it takes for the switch to boot. |
Manual Boot | Enable a pause in the boot sequence. You are then prompted to enter a command at the CLI to load the software. |
Enable Break while booting | Allow a break, such as an RS-232 break, to end the boot sequence. You can use this option to interrupt the boot when running terminal emulation software on a remote workstation. |
Step 2 Click Apply.
For more information on working with system files and options for reloading the system, see the "Working with Files in Flash Memory" section.
The following sections describe the steps to complete a software upgrade by downloading the TFTP server, the new Cisco IOS image file, and the new manager software HTML files from Cisco Connection Online (CCO).
Follow these steps to download the new software and TFTP server application:
Step 1 Display the Cisco home page by pointing your browser at one of the following URLs:
Step 2 Log in to CCO. You might need to register the first time you log in.
Step 3 To locate the software files from the home page, select Software and Support>Software Center>Switching Products>Catalyst 2900XL.
You can also enter the following URL in your browser Go To field: http://www.cisco.com/cgi-bin/tablebuild.pl/cat2900XL
Step 4 Follow the instructions on the page to download the IOS image and HTML files.
Step 5 Follow the instructions on the page to download and configure the TFTP server.
Before you can download new software to your switch, you need to enter the IP address of your PC or workstation on the System Management page. If you are running the Cisco TFTP server, the PC IP address is displayed on the application title bar.
If you do not know the IP address, follow these steps to display it:
Follow these steps to upgrade the image and HTML files (see Figure 4-9):
Step 1 In the Server IP Address or Name TFTP Server field, enter the IP address or name of the TFTP server.
For information on obtaining the IP address, see the "Displaying the IP Address of the TFTP Server" section.
Step 2 In the Cisco IOS Upgrade Filename field, enter the name of the image file that you downloaded from CCO.
This might be a name like C2900XL-h-mz-112.8-SA4. Do not enter the path.
Step 3 Click Upgrade Cisco IOS Image.
Step 4 Click OK when the switch prompts you to rename the file.
The new image version with the same file name then overwrites the old image. (Only enough Flash memory is available for one version.)
Step 5 Click OK to confirm the upgrade.
The upgrade can take several minutes. The TFTP server window displays a successful message when the upgrade is complete.
Step 6 In the Visual Switch Manager Upgrades Filename field, enter the name of the HTML file.
This might be a name like C2900XL-html.112.8-SA4.tar. Do not enter the path.
Step 7 Click Upgrade Visual Switch Manager Files.
Step 8 Click OK when the switch prompts you to confirm the upgrade.
The upgrade can take several minutes. The TFTP server displays a successful message when the upgrade is complete.
Step 9 Reboot the system.
Step 10 Reload the manager software page to access the new HTML files.
Use the IP Management page (see Figure 4-10) to change or enter IP information for the switch. Some of this information, such as the IP address, you had previously entered.
To change IP information for the switch, select System>IP Management from the menu bar
The switch IP address belongs to VLAN 1 and is used to access out-of-band management interfaces such as the manager software and SNMP. For a port to access one of these management interface, it must also belong to VLAN 1.
Follow these steps to enter the IP parameters for the switch:
Step 1 In the IP Address field, enter a new IP address for the switch.
| Caution Changing the switch IP address on this page ends your manager software session. Restart the manager software by entering the new IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer), as described in the "Accessing the Manager Software" section. |
Step 2 In the IP Mask field, enter a subnet mask (IP mask) for the switch.
Step 3 In the Broadcast field, enter a broadcast address for the switch.
The switch uses this address to send messages to all stations. Your system administrator can supply this information.
Step 4 In the Default Gateway field, enter the IP address of the default gateway or router.
The switch uses this address to activate the IP protocol stack. Unknown IP addresses are forwarded to the default gateway. This field is filled automatically if CDP finds a router connected to a switch port.
Step 5 In the Domain Name field, enter the default domain name for the switch.
Your system administrator can supply this information.
Step 6 Check the management VLAN.
Use a port belonging to this VLAN to manage the switch via Telnet, SNMP, or the manager software.
Step 7 Click Apply.
Domain name servers convert domain names into their corresponding IP addresses.
To add a server, enter the IP address of a Domain Name System (DNS) server in the New Server field, and click <<Add<<.
To remove a server, select an address in the Current Servers table, and click Remove.
Use the SNMP Configuration page (Figure 4-11) to configure your switch for SNMP management.
To display this page, select System>SNMP Configuration from the menu bar.
Use this page to perform the following tasks:
If you deselect Enable SNMP and click Apply, SNMP is disabled, and the SNMP parameters on the page disappear. Some network view features are not available when SNMP is disabled. For information on the network view, see "Switch Network View Software."
To reenable SNMP, select Enable SNMP and click Apply.
This information identifies the switch and the system administrator:
Step 1 In the Name field, enter a name to be used for the switch.
Step 2 In the Location field, enter the location of the switch.
Step 3 In the Contact field, enter the name of a person or organization.
Step 4 Click Apply.
Click Statistics to display the SNMP system information about the switch.
Read only (RO) | Requests accompanied by the string can display MIB-object information. |
Read write (RW) | Requests accompanied by the string can display MIB-object information and set MIB objects. |
Step 1 In the New Community String field, enter a character string of any length.
Step 2 Click RO (read only) or RW (read write).
Step 3 Click <<Add<<.
To remove an existing community string, select the community string in the Current Strings list, and click Remove.
A trap manager is a management station that receives and processes traps. By default, no trap manager is defined, and no traps are issued. Follow these steps to add a trap manager:
Step 1 In the New Manager IP Address field, enter the IP address or name of the new trap manager.
Step 2 In the New Manager Community field, enter a community string of any length. If you have configured VLANs, follow this convention when entering the community string:
string@vlan-id
Where:
string | Any text |
vlan-id | The number identifying the VLAN. |
Step 3 Click <<Add<<.
Step 4 Select one or more of the following check boxes to limit the traps the manager receives:
Step 5 Click Apply.
Use the ARP Table page (Figure 4-12) to display the table and change the timeout value. The Address Resolution Protocol (ARP) discovers the MAC address and VLAN ID that corresponds to a host IP address. Figure 4-13 shows the meaning the ARP table contents.
To display this page, select System>ARP Table from the menu bar.
ARP entries added manually to the table do not age and must be manually removed. Click Remove All to clear the ARP cache. To change the ARP timeout value, enter the number of seconds (from 1 to 4294967) in the ARP Cache Timeout Value field, and click Apply.
Use the Address Management page (see Figure 4-15) to manage the MAC address tables that the switch uses to forward traffic between ports. These MAC tables include the dynamic, secure, and static addresses described in the "Addresses and Address Learning" section.
To display this page, select Security>Address Management from the menu bar.
The address tables list the destination MAC address and the associated VLAN ID, module, and port number associated with the address. Figure 4-14 shows a list of dynamic addresses.
Each VLAN maintains its own logical address table. Addresses can be dynamic in one VLAN and secure in another, and a dynamic address in one VLAN can be completely unknown in another VLAN.
For more information about how the switch manages addresses, see the section "Addresses and Address Learning" section.
Dynamic addresses are source MAC addresses that the switch learns and then drops when they are not in use. Use the Aging Time field to define how long the switch retains unseen addresses in the table. This parameter applies to all VLANs. Follow these steps to change the aging time for the switch:
Step 1 Highlight the Aging Time field.
Step 2 Enter the time, in seconds, after which an unused address is to be dropped.
Possible values are from 10 to 1000000 seconds (about 11 and one-half days).
Step 3 Click Apply.
For more information about how the switch manages addresses, see the section "Addresses and Address Learning" section.
The secure address table contains secure MAC addresses and the associated ports and VLANs. If you enter an address that is already assigned to another port, the switch reassigns the secure address to the new port. On the Port Security page, you can configure the switch to generate an alert or to disable the port when it receives a frame with an address other than a secure address.
To display this page, select Security>Address Management from the menu bar.
Follow these steps to enter a secure address:
Step 1 In the MAC Address field, enter the MAC address in the format hhhh.hhhh.hhhh.
Step 2 From the Interface drop-down list, select an interface and port.
Step 3 From the VLAN ID drop-down list, select the VLAN ID.
Step 4 Click <<Add<<.
After you have entered the secure address, select Security>Port Security from the menu bar to secure the port on the Port Security page as described in the "Securing a Port" section.
The Static Address Forwarding map (Figure 4-16) displays when you enter a static address. Use this page to define those ports that frames are forwarded to based on the port on which they were received. Because all ports are associated with at least one VLAN, the switch acquires the VLAN ID for the address from the ports that you select on the forwarding map.
The Rx On column on the left lists the source ports. The Forward to columns across the page are the destination ports. Ports without check boxes belong to VLANs that a source port cannot access.
To display this page, select Security>Address Management from the menu bar, and enter or select an address in the Static Address Table.
A static address in one VLAN must be a static address in other VLANs. A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded to all ports and not learned.
Follow these steps to add a static address:
Step 1 In the MAC Address field, enter the MAC address in the format hhhh.hhhh.hhhh.
Step 2 Click <<Add<<.
The Static Address Forwarding Map appears.
Step 3 On the Forwarding Map, select the ports that packets should be forwarded to when they arrive on the source port.
Port selection is limited to ports that belong to the same VLAN.
Step 4 Click Apply.
Step 5 Verify your entry on the Address Management page by scrolling down to the address.
There should be one entry for each source port with the associated address.
Follow these rules if you are configuring a static address to forward to ports in an EtherChannel port group:
For more information, see the "Port Group Restrictions on Static-Address Forwarding" section.
Step 1 From the Static Address Table list, select an address.
Step 2 Click Remove.
Use the Port Security page (Figure 4-17) to enable port security and to define the size of the secured port address table. Port security is described in the "Secure Ports" section.
To display this page, select Security>Port Security from the menu bar.
Limiting the number of devices that can connect to a secure port has the following advantages:
The following fields validate port security or indicate security violations:
Secure Addresses | The number of addresses in the address table for this port. Secure ports have at least one in this field. |
Security Rejects | The number of unauthorized addresses seen on the port. |
The port features that are unavailable to secure ports are described in the "Managing Configuration Conflicts" section.
Follow these steps to secure a port:
Step 1 In the Security column, select the Security check box for the port.
Step 2 In the Violation Action column, select the action the switch takes when packets with an unauthorized address arrive on the port.
Select Trap to issue an address-violation trap, select Shutdown to disable the port, or select both.
If you select Trap, configure a trap manager on the SNMP Configuration page described in the "Adding Trap Managers" section.
Step 3 Click Apply.
Step 4 Confirm that port security has at least one address by checking the Secure Addresses column for that port.
Step 5 If you want to statically assign secure addresses, display the Address Management page by selecting Security>Address Management from the menu bar.
A secure port can have from 1 to 132 associated secure addresses. Setting the MAC address table associated with the port to have one address ensures the attached device has the full bandwidth of the port.
In the Maximum Addresses field, enter a number from 1 to 132, and click Apply.
Use the Cisco Discovery Protocol (CDP) page to enable CDP for the switch, set global CDP parameters, and display information about neighboring Cisco devices. The switch uses CDP to maintain information about neighboring devices that support CDP, including the device type, links between devices, and the number of ports within each device. The switch displays these devices in the network view based on the CDP messages sent to the switch.
To display this page (see Figure 4-18), select Device>Cisco Discovery Protocol from the menu bar.
The CDP Neighbors list shows the devices with which this switch is exchanging CDP messages.
To display the CDP page, select Device>Cisco Discovery Protocol from the menu bar.
Follow these steps to obtain CDP neighbor information:
Step 1 In the CDP Neighbors list, select an address.
Step 2 Click one of these buttons:
Launches the web interface of a neighboring device. The device must support built-in web-based management. | |
Telnet | Log in to the neighboring device via Telnet. |
Details | Display the CDP information about neighboring devices that is stored in the switch. |
Some CDP options are global to the switch, and some are entered on a per-port basis. Follow these steps to set the global parameters for CDP:
Step 1 Select the Run CDP check box to enable (default setting) or disable CDP.
If you deselect Run CDP, no CDP messages are exchanged, and changing the check boxes under Individual Port Enable has no effect. Click Traffic to display the CDP traffic the switch has received and sent.
Step 2 In the Packet Hold Time field, enter the number of seconds (between 5 and 255) that a neighboring device retains the CDP neighbor information about this switch. The default is 180 seconds.
If a neighboring device does not receive a CDP message before this hold-time expires, the neighboring device drops this switch as a neighbor.
Step 4 Click Apply.
Follow these steps to disable CDP on a port:
Step 1 Under the heading Individual Port Enable, deselect the check box next to the port.
Step 2 Click Apply.
Use the Cisco Group Multicast Protocol page (see Figure 4-19) to enable Cisco Group Management Protocol (CGMP) and the CGMP Fast Leave option. CGMP reduces the unnecessary flooding of IP multicast packets by limiting the transmission of these packets to CGMP clients that request them. The Fast Leave option accelerates the removal of unused CGMP groups. By default, CGMP is enabled, and the Fast Leave option is disabled.
To display this page, select Device>Cisco Group Multicast Protocol from the menu bar.
End stations issue join messages to become part of a CGMP group and issue leave messages to leave the group. The membership of these groups is managed by the switch and connected routers through the further exchange of CGMP messages.
CGMP groups are maintained by VLAN: a multicast IP address packet can be forwarded to one list of ports in one VLAN and to a different list of ports in another VLAN. When a CGMP group is added or removed, all members are in the same VLAN.
For more information on CGMP, see the "Cisco Group Management Protocol and Fast Leave Feature" section.
CGMP is enabled by default, and the check box is selected. To disable CGMP, deselect the check box, and click Apply. You can also manually list and remove multicast groups from this page.
To enable this option, select Device>Cisco Group Discovery Protocol from the menu bar.
The CGMP Fast Leave option reduces the delay when group members leave groups. When an end station requests to leave a CGMP group, the group remains enabled for that VLAN until all members have requested to leave. With the Fast Leave option enabled, the switch immediately checks if there are other members that belong to that group. If there are no other members, the switch removes the port from the group. If there are no other ports in the group, the switch sends a message to routers connected to the VLAN to delete the entire group.
To enable the Fast Leave option, select Enable CGMP Fast Leave, and click Apply.
The router hold time is the number of seconds the switch waits before removing (aging) a router entry. If the aged router is the last router entry on a VLAN, then all groups on that VLAN are removed. Follow these steps to change it:
Step 1 In the Router Hold Time field, enter a number between 10 and 6000. The default is 300.
Step 2 Click Apply.
You can also reduce the forwarding of IP multicast packets by removing groups from the Current Multicast Groups table. Each entry in the table consists of the VLAN, IGMP multicast address, and ports. Follow these steps to remove a group from the table:
Step 1 In the Current Multicast Groups Table, select an entry.
Step 2 Click Remove.
Remove all groups by clicking Remove All.
Use the Spanning-Tree Protocol (STP) page (Figure 4-20) to change parameters for STP, an industry standard for avoiding loops in switched networks. The switch supports up to 64 instances of STP.
To display this page, select Device>Spanning-Tree Protocol from the menu bar.
Because each VLAN has its own instance of STP, you must first select a VLAN ID, and then click Modify STP Parameters to display the rest of the page.
This page is displayed in three illustrations. Figure 4-20 shows the page with no parameters; Figure 4-21 shows the parameters currently used by the switch and the parameters that this switch would use if it became the root switch. Figure 4-22 shows the fields that you use to define port-level parameters.
STP is enabled by default. To disable STP, deselect Enable Spanning Tree, and click Apply.
To change STP parameters for a VLAN, select Device>Spanning-Tree Protocol from the menu bar, select the VLAN ID of the STP instance to change, and click Modify STP Parameters.
In Figure 4-21, the parameters under the heading Current Spanning-Tree Root are read-only and could be defined on another switch. The MAC Address field shows the MAC address of the switch currently acting as the root. The parameters under the heading Spanning-Tree Options are the values that this switch would use as the root switch.
Follow these steps to change the configuration of STP on this switch:
Step 1 Use the following fields (see Figure 4-21) to change how your switch responds when STP reconfigures itself.
Protocol | Implementation of STP to use. Select one of the menu items: DEC, IBM, or IEEE. The default is IEEE. |
|
Enter a number from 0 to 65535. | |
Number of seconds a bridge waits without receiving STP configuration messages before attempting a reconfiguration. This parameter takes effect when a bridge is operating as the root bridge. Bridges not acting as the root use the root-bridge Max age parameter. Enter a number from 6 to 200. | |
Number of seconds between the transmission of STP configuration messages. Bridges not acting as a root bridge use the root-bridge Hello-time value. Enter a number from 1 to 10. | |
Number of seconds a port waits before changing from its STP learning and listening states to the forwarding state. This wait is necessary so that other switches on the network ensure no loop is formed before they allow the port to forward packets. Enter a number from 4 to 200. |
Step 2 Click Apply.
The ports listed on this page belong to the VLAN selected at the top of the page.
To change STP options port options for a VLAN, select Device>Spanning-Tree Protocol from the menu bar, select the VLAN ID, and click Modify STP Parameters.
Follow these steps to change the port-specific parameters:
Step 1 Change the following fields to affect how the port responds if a loop is formed.
A lower path cost represents higher-speed transmission. This can affect which port remains enabled in the event of a loop. Enter a number from 1 to 65535. The default is 100 for 10 Mbps, 19 for 100 Mbps, 4 for 1 Gbps, 2 for 10 Gbps, and 1 for interfaces with speeds greater than 10 Gbps. | |
Priority | Number used to set the priority for a port. A higher number has higher priority. If you are using a DEC-type-STP, enter a number from 0 to 255. If you are using an IEEE-type-STP, enter a number from 0 to 65535. |
Step 2 Select Port Fast if the port is connected to an end-station.
The Port Fast option brings a port directly from a blocking state into a forwarding state. The only time a port with the Port Fast option enabled goes through the normal cycle of STP status changes is when the switch is restarted.
Step 3 Click Apply.
Use the following fields (see Figure 4-22) to check the status of ports that are not forwarding due to STP:
Port | The interface and port number. FastEthernet0/1 refers to port 1x. |
The current state of the port. A port can be in one of the following states: | |
Port is not participating in the frame-forwarding process and is not learning new addresses. | |
The port is not participating in the frame-forwarding process, but is progressing towards a forwarding state. The port is not learning addresses. | |
Port is not forwarding frames but is learning addresses. | |
Port is forwarding frames and learning addresses. | |
Port has been removed from STP operation. |
Use the VLAN Membership page (Figure 4-23) to assign ports to VLANs. The switch supports up to 64 VLANs, and you can assign ports to a VLAN number between 1 and 1001. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router or bridge.
To display this page, select VLAN>VLAN Membership from the menu bar.
A port can be in one of these modes:
| Caution To avoid loss of connectivity, do not connect multi-VLAN ports to hubs or switches. Connect multi-VLAN ports to routers or servers. |
Follow these steps to assign a port for static-access VLAN membership (to a VLAN other than 1):
Step 1 In the Mode drop-down list, verify that Static Access is selected.
Step 2 In the Assigned VLANs field, highlight the current VLAN ID.
Step 3 Enter the new VLAN ID (from 1 to 1001) to which you want the port assigned.
Step 4 Click Apply.
Follow these steps to assign ports for multi-VLAN membership:
Step 1 In the Mode drop-down list, select Multi-VLAN on each port that belongs to more than one VLAN.
Step 2 In the Assigned VLANs field, enter the new VLAN IDs (from 1 to 1001) separated by commas (with no spaces) or hyphens for a range of IDs.
Step 3 Click Apply.
Use the Logging Configuration page (Figure 4-24 and Figure 4-25) to define the logging type and the severity level of information that the switch should log. The switch can generate log messages when the configuration changes and when certain network or switch events occur.
To display this page, select Fault>Logging Config from the menu bar.
Select one of the following options to log switch activity, and then click Apply:
Console Logging | Write log information to the management console. |
Buffer Logging | Write log information to a buffer in Flash memory. Enter the size of the buffer in the Buffer Size field. The recommended buffer size is 32 KB. The buffer maintains information on a first-in, first-out basis. If the buffer is full and you click Show Buffer, the most recent data is always displayed. |
File Logging | Maintain a log file on an external server or in Flash memory. If the switch fails, it writes information about the cause of the failure to this file before functionality is lost. To write to a file on a server or to Flash memory: Step 1 In the File Logging field, select Enable File Logging. Step 2 From the Logging Level drop-down list, select a severity level. Step 3 In the Log File Name field, enter a TFTP URL and the filename, the appropriate XMODEM command, or flash:filename. Step 4 In the Min File Size and Max File Size fields, enter a minimum and maximum file size in bytes. The minimum file size is 1024 bytes; the maximum file size is from 4096 to 64 KB. Step 5 Click Apply. |
Syslog | Use the UNIX syslog facility to manipulate log information written to a UNIX host. Log information sent to the UNIX host is then managed according to the facility. |
| Follow these steps to add a host to which log information is to be written: Step 1 In the Syslog Status area in the New Host field, enter the IP address of the UNIX host that receives the log information. Step 2 Click <<Add<<. Step 3 From the Logging Level drop-down list, select a severity level. The logging level applies to all hosts in the Current Hosts list. Step 4 From the Facility drop-down list, select a facility to handle the log data. The facility applies to all hosts in the Current Hosts list. Step 5 Click Apply. |
The switch can log eight levels of messages. When you select a logging level, the switch logs all syslog messages of that level and above. The default level is "Errors." In all cases, the severity level defines the amount of detail to be logged.
Select a level from one of the following choices on the Logging Level drop-down list:
Emergencies | The switch is at risk of failing. |
Alert | A condition exists that should be corrected immediately. |
Critical | A critical condition exists, such as a device error. |
Errors | Errors. |
Warnings | Warning messages. |
Notifications | Conditions that are not errors, but that could require special handling. |
Information | Informational messages. |
Debugging | Messages only used for debugging. |
|
|
