|
|
This chapter describes the web-based Switch Manager, a graphical user interface (GUI) for changing the switch configuration and monitoring switch activity. Switch Manager communicates with the switch by translating its HTML pages into Cisco IOS commands. These are the same commands that you can enter with the command-line interface (CLI).
This chapter contains the following topics:
For further management options, refer to the "SNMP Management" chapter and the
"Cisco IOS Management" chapter.
| Feature | Default Setting | Switch Manager Page | |
|---|---|---|---|
| Management | |||
| Switch IP address, subnet mask, and | 0.0.0.0 | IP Management |
Cisco Discovery Protocol (CDP) | Enabled | CDP Management | |
| Address Resolution Protocol (ARP) | Enabled | ARP Management |
| Performance | |||
Autonegotiation of duplex mode | Enabled | Port Management | |
Autonegotiation of 10BaseT/100BaseTX for 10/100 ports | Enabled | Port Management | |
| Flooding Control |
|
| |
Broadcast storm control | Disabled | Described in "Cisco IOS Management" chapter | |
| Flooding unknown unicast packets | Enabled | Port Management |
Flooding unknown multicast packets | Enabled | Port Management | |
| Network Redundancy and Fault Tolerance |
|
| |
Spanning-Tree Protocol | Enabled | Spanning-Tree Management | |
Port Fast Spanning-Tree Protocol | Disabled | Spanning-Tree Management | |
| Diagnostics |
|
| |
SPAN port monitoring | Disabled | SPAN Configuration | |
| Security |
|
| |
Switch password | None | Basic System Configuration | |
Addressing security | Disabled | Address Management | |
Trap manager | 0.0.0.0 | SNMP Management | |
Community strings | public/private | SNMP Management | |
| Firmware Upgrade |
|
| |
Firmware | None | System Management | |
The Catalyst 2900 Switch Manager is an embedded HTML web site residing in Flash memory. You can assign bookmarks to pages and use the other browser functions as you would with any web site. You can also use the live image of the switch on the Switch Manager home page to monitor switch activity and confirm configuration changes without having to go into the wiring closet. Online help is available on all pages.
Switch Manager pages function much like other GUIs. When you display a Switch Manager page, it contains the current settings that have been defined for the switch. You change the switch configuration by entering information into fields, adding and removing list items, or selecting check boxes.
Changes made by entering information into fields become part of the running (current) configuration when you click Apply, a button that appears on every page. If you make a mistake and want to retype an entry, click Revert to undo the information you entered. The exception to this procedure is when making changes to lists. Items added or removed from Switch Manager lists immediately become part of the running configuration, and you do not need to click Apply.
The configuration file that is loaded when the switch is restarted is stored with the switch software in Flash memory. This file is not necessarily the same as the running configuration. If you want the running configuration to be the configuration used when the switch restarts, follow the steps in the "System Management" section in this chapter to save the running configuration to the startup configuration file in Flash memory.
The switch must have an IP address before you can access Switch Manager. Follow the prompts when you install the switch to assign an IP address and other IP information. See the "Assigning IP Information to the Switch" section in the "Installation" chapter for more information.
Follow these steps to access Switch Manager:
Step 1 Start Netscape Communicator 4.xx or Internet Explorer 4.xx, and enable JavaScript.
Step 2 Enter the IP address of the switch in the URL field.
Step 3 Click Open.
The Cisco Systems Access page (see Figure 4-1) is displayed.
Step 4 Click Web Console to display the Catalyst 2900 Basic System Configuration page shown in Figure 4-3.
After you have started Switch Manager and displayed the switch home page (Figure 4-3), you can use the action bar at the top of each page to move between pages. Figure 4-2 lists the functions that are available for each action bar selection.
You can access Cisco Connection Online (CCO), the Cisco Systems customer web site, from the Switch Manager home page. From CCO, you can download the latest software and display the latest Catalyst 2900 series XL documentation.
The Basic System Configuration page in Figure 4-3 acts as the switch home page. To display this page, click Web Console on the Cisco Systems Access page. To display it in Switch Manager, click Home on the action bar.
This page has a live image of the switch that displays much of the same information as the LEDs on the front of the switch. You can use this image in the following ways:
This information is usually entered once and not changed. Click Apply after entering information in the fields:
Name of switch | Enter a name for the switch. |
Physical location | Enter the location. |
User/Contact person | Enter a name. |
Domain name | Enter the name of the domain of the switch. See your system administrator for this information. |
Follow these steps to enter a password:
Step 1 In the Assign/Change password field, enter a character string.
Step 2 In the Reconfirm password field, reenter the same string.
Step 3 Click Apply.
The connection with the switch is broken. The browser prompts you for the new password:
Step 4 Enter the same password, and click OK.
See the "Recovering from a Lost or Forgotten Password" section in the "Troubleshooting" appendix if you do not know the password.
Use the Port Management page to enable and disable ports and to set other port parameters. To display this page, click Ports on the action bar, or click the port image on the Basic System Configuration page.
Figure 4-4 shows the port listing on this page. Ports are described in the following columns:
Module | A fixed port (system) or a module port (1 or 2). |
Port | The interface consists of the constant FastEthernet, a module number, and a port number. In the following example, the port is on module 0 (a fixed port) and port number 1: FastEthernet0/1 |
 | Caution It is possible to reconfigure the port through which you are connected. |
To enable or disable a port, select or deselect the check box in the Status: Admin/Actual column, and click Apply.
The column also displays the actual status of the port. An enabled port could have an actual status of DOWN because there is no device connected to it.
Catalyst 2900 ports can automatically match the full-duplex capability and the transmission speed of an attached device. Follow these steps to explicitly set these parameters for a port:
Step 1 Select the drop-down menu in the Duplex: Requested/Actual column, and select Half, Full, or Auto (autonegotiating).
Step 2 Select the drop-down menu in the Speed: Requested/Actual column, and select 10, 100, or Auto (autonegotiating).
Step 3 Click Apply.
The fields change to reflect the change in actual status of the port.
Autonegotiation can at times produce unpredictable results. See the "Autonegotiation Mismatches" section in the "Troubleshooting" chapter for details on how to maximize switch performance with autonegotiation.
Follow these steps to review the speed and duplex settings for the entire switch:
Step 1 Click Home on the action bar to display the image of the switch.
Step 2 Select Mode and release it when FDUP lights. If the port LED is off, the port is running in half-duplex mode. If the port LED is green, the port is running in full duplex.
Step 3 Select Mode again and release it when 100 lights. If the port LED is off, the port is running at 10 Mbps. If the port LED is green, the port is running at 100 Mbps.
If an attached device does not support autonegotiation and is operating in full duplex, by default the Catalyst 2900 sets the port to half-duplex mode. This configuration causes late collisions and other errors. To avoid this situation, set both the speed and duplex parameters to match the attached device.
To identify an autonegotiation mismatch, you need to check both ends of the connection. Follow these steps to identify and confirm an autonegotiation mismatch:
If the port is in half-duplex mode:
Step 1 Click Stats, and check for late collisions. A high number of late collisions could mean the port is connected to a port set to full-duplex mode.
Step 2 Check the port to which this port is connected. If it is in full duplex, a mismatch exists. A high number of FCS errors on the full-duplex port confirms the mismatch.
If the port is in full-duplex mode, click Stats to check for FCS errors on the full-duplex port, and check for late collisions on the half-duplex port.
By default, the switch floods packets with unknown destination MAC addresses to all ports. As there are some configurations where this flooding is unnecessary, you can disable the flooding of unicast and multicast packets on a per-port basis.
To disable flooding, deselect the unicast and multicast check boxes for the port, and click Apply.
See the "Flooding Controls" section of the "Concepts" chapter for more information on inhibiting flooding.
Use the Port Security page (Figure 4-5) to enable port security and define the size of the address table for secured ports. Limiting the number of devices that can connect to a secure port can have the following advantages:
The following fields validate port security or indicate security violations:
Secure Addresses | The number of addresses in the address table for this port. Secure ports have at least one in this field. |
Security Rejects | The number of unauthorized addresses seen on the port. |
Follow these steps to secure a port:
Step 1 Select the check box in the Security column for the port.
Step 2 In the Violation Action column, select the action the switch takes when packets with an unauthorized address arrive on the port. Select Trap to issue an address-violation trap, select Disable to disable the port, or select both.
Step 3 Click Apply.
Step 4 You can confirm that port security has been enabled by checking that the Secure Addresses column has at least one address.
A secure port can have from 1 to 132 secure addresses associated with it. Setting the MAC address table associated with the port to have one address ensures the attached device has the full bandwidth of the port.
Enter a number from 1 to 132 in the Maximum Addresses field, and click Apply.
Use the Port Group Management page (see Figure 4-6) to create Fast EtherChannel port groups that act as single logical ports for high-bandwidth connections between switches or switches and servers. You can also use Fast EtherChannel port groups to create redundant links between switches. Instead of keeping a redundant link in reserve in case of failure, Fast EtherChannel port groups use all available bandwidth while still providing a redundant link.
Each port group has one port that carries all unknown multicast, broadcast, and Spanning-Tree Protocol packets.
To add a port to a group, select the port and interface from the list of ports, and click <<Add<<.
To remove a port from a group, select the port from the list, and click Remove.
Use this page (see Figure 4-7) to manage the address tables that the switch uses to forward traffic between ports. The address tables list the destination MAC address, the module number, and the port number. The following example associates MAC address 0000.2934.a0b3 with module 0 (fixed ports) and port number 3.
0000.2934.a0b3 FastEthernet0/3
Dynamic addresses are source MAC addresses that are learned by the switch and then dropped when they are not in use. Use the Aging Time field to define how long addresses that have not been seen should be retained by the switch.
Step 1 Highlight the contents of the Aging Time field.
Step 2 Enter the time, in seconds, after which an unused address is to be dropped. Possible values are from 10 to 1,000,000 seconds (about 11 and one-half days).
Step 3 Click Apply.
The "Address Learning" section in the "Concepts" chapter describes the Catalyst 2900 address-learning capabilities.
The secure address table contains secure MAC addresses and the ports with which they are associated. If a secure port receives a packet with a MAC address that has been statically entered and associated with another secure port, an alert can be generated, and the port can be disabled.
Step 1 Enter the MAC address in the MAC Address field.
Step 2 Select an interface and port from the Interface drop-down menu.
Step 3 Click <<Add<<.
Static addresses are manually entered into the Static Address Table. They are not aged (dropped) from the table when not in use, and they are not lost when the switch resets. After you have entered a static address in the table, use the Static Address Forwarding Map (see Figure 4-8) to define those ports to which frames are forwarded based on the port on which they were received.
Follow these steps to add a static address:
Step 1 Enter the MAC address in the MAC Address field.
Step 2 Click <<Add<<. The Static Address Forwarding Map appears.
Step 3 On the Forwarding Map, select the ports from which the address can receive packets and the ports to which it can send packets.
Step 4 Click Apply.
Use the IP Management page (Figure 4-9) to enter IP information. Some of this information, such as the switch IP address, has been previously entered.
| Caution Changing the switch IP address on this page will end your Switch Manager session. If this occurs, you can restart Switch Manager by entering the new IP address in the browser URL field. |
Follow these steps to enter the IP parameters for the switch:
Step 1 Enter the subnet mask (IP mask) for the switch.
Step 2 Enter the broadcast address for the switch.
Step 3 Enter the IP address of the default gateway, or router.
This field is filled automatically if a discovery protocol finds a router connected to a switch port.
Step 4 Enter the default domain name for the switch.
Step 5 Click Apply.
Domain name servers convert domain names into their corresponding IP address.
To add a server, enter the IP address in the New Server field, and click <<Add<<.
To remove a server, select an address in the Current Servers table, and click Remove.
Use the SNMP Management page (see Figure 4-10) to perform the following tasks:
This information is used by network-management applications to identify the switch on a topology map.
Step 1 Enter a name to be used for the switch.
Step 2 Enter the location of the switch.
Step 3 Enter the name of a person or organization.
Step 4 Click Apply.
Click Statistics to display the SNMP system information about the switch.
Read only (RO) | Enables requests accompanied by the string to display MIB-object information. |
Read write (RW) | Enables requests accompanied by the string to display MIB-object information and to set MIB objects. |
Step 1 Enter a character string in the String field.
Step 2 Click RO (read only) or RW (read write).
Step 3 Click <<Add<<.
A trap manager is a management station that receives and processes traps.
Follow these steps to add a trap manager:
Step 1 Enter the IP address or name of the station in the IP Address field.
Step 2 Enter a character string in the Community field. This string can be any length.
Step 3 Click <<Add<<.
Step 4 Select which class of traps the trap manager is to receive. Select a check box to enable one or all of the following:
Trap on config-Generate traps on all changes to the switch configuration.
Trap on snmp-Generate the supported SNMP traps.
Trap on tty-Generate the serial-port-related TTY traps.
Step 5 Click Apply.
Use this page to change parameters for Spanning-Tree Protocol, an industry standard for avoiding loops in switched networks. The page (see Figure 4-11) displays the spanning-tree settings for the current root switch and the settings this switch is to use when it becomes the root switch. Figure 4-12 is the second part of this page and is used to define port-level parameters.
Spanning-Tree Protocol is enabled by default. To disable Spanning-Tree Protocol, deselect Enable Spanning Tree, and click Apply.
The list of parameters under the heading Current Spanning Tree Root are read-only and could be defined on another switch. The MAC Address field contains the MAC address of the switch currently acting as the root. The list of parameters under the heading Spanning Tree Options are the values that this switch would use as the root switch.
Follow these steps to change the configuration of Spanning-Tree Protocol on this switch:
Step 1 Use the following fields to change how your switch responds when Spanning-Tree Protocol reconfigures itself.
Protocol | Implementation of Spanning-Tree Protocol to use. Select one of the menu items: DEC, IBM, or IEEE. |
|
Enter a number from 0 through 65535. | |
Number of seconds a bridge waits without receiving Spanning-Tree Protocol configuration messages before attempting a reconfiguration. This parameter takes effect when a bridge is operating as the root bridge. Bridges not acting as the root use the root-bridge max age parameter. Enter a number from 6 through 200. | |
Number of seconds between the transmission of Spanning-Tree Protocol configuration messages. Bridges not acting as a root bridge use the root-bridge hello-time value. Enter a number from 1 through 10. | |
Number of seconds a port waits before changing from its Spanning-Tree Protocol learning and listening states to the forwarding state. This wait is necessary so that other switches on the network ensure no loop is formed before they allow the port to forward packets. Enter a number from 4 through 30. |
Step 2 Click Apply.
Follow these steps to change the port-specific parameters:
Step 1 Change the following fields to affect how the port responds if a loop is formed.
A lower path cost represents higher-speed transmission. This can affect which port remains enabled in the event of a loop. Enter a number between 1 and 65535. | |
Priority | Number used to set the priority for a port. A higher number has higher priority. Enter a number between 0 and 255. |
Step 2 Select Port Fast if the port is connected to an end-station. Port Fast brings a port directly from a blocking state into a forwarding state. Only when the system is restarted and Spanning-Tree Protocol discovers the network does a port with Port Fast begin forwarding with the normal cycle of status changes.
Step 3 Click Apply.
Use the following fields to check the status of ports that are not forwarding due to Spanning-Tree Protocol:
Module | A fixed port (system) or a modular port (1 or 2). |
Port | The interface and port number. FastEthernet0/1 refers to port 1x. |
The current state of the port. A port can be in one of the following states: | |
Port is not participating in the frame-forwarding process and is not learning new addresses. | |
The port is not participating in the frame-forwarding process, but is progressing towards a forwarding state. The port is not learning addresses. | |
Port is not forwarding frames but is learning addresses. | |
Port is forwarding frames and learning addresses. | |
Port has been removed from STP operation. |
Use the CDP Management page (see Figure 4-13) to enable CDP for the switch, set the global CDP parameters, and display information about neighboring devices.
The CDP Neighbors list shows the devices with which this switch is exchanging CDP messages. Follow these steps to work with items in the list:
Step 1 Select an item in the list.
Step 2 Click one of these buttons:
Display the web interface of a neighboring device. The device must support built-in web-based management. | |
Telnet | Log in to the neighboring device via Telnet. |
Details | Display the CDP information about neighboring devices currently stored in the Catalyst 2900. |
Some CDP parameters are global to the switch, and some are entered on a per-port basis. Follow these steps to set the global parameters for CDP:
Step 1 Select the Run CDP check box to enable (default) or disable CDP.
Step 2 In the Packet Hold Time field, enter the number of seconds (between 5 and 255) that a neighboring device retains the CDP neighbor information received from this switch.
If a neighboring device does not receive a CDP message before this hold time expires, the neighboring device drops this switch as a neighbor.
Step 3 In the Packets Sent Every field, enter the number of seconds (between 5 and 900) between transmission of CDP messages.
Step 4 Click Apply.
Under the heading Individual Port Enable, select the check box next to the port and interface, and click Apply.
Use the SPAN Configuration page (Figure 4-14) to enable the Switched Port Analyzer (SPAN) feature. You can also use this page to display port statistics.
You can monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port. Any number of ports can be defined as monitor ports, and any combination of ports can be monitored. Follow these steps to configure your switch for SPAN:
Step 1 Select the port or ports to be the monitor ports.
Step 2 Click the ports to be monitored.
The Statistics button displays information about the number of frames forwarded by a port and the number and types of errors seen on the port. To display statistics for a port, select the port from the Select Monitor Port drop-down menu, and click Statistics.
The Address Resolution Protocol (ARP) discovers the MAC address that corresponds to the IP address for a given host. Use this page (see Figure 4-15) to display the current addresses in the ARP table. You can also change the timeout value for the ARP table.
You can manually add entries to the ARP table from the command-line interface. ARP entries added manually to the table do not age and must be removed manually.
ARP entries are dropped from the ARP table after a configurable length of time. Click Remove All to clear the ARP cache. To change the ARP timeout value, enter the number of seconds (between 1 and 4294967) in the ARP Cache Timeout Value field, and click Apply.
The switch generates log messages of different severity levels when the configuration changes and when certain network or switch events occur. You can set the switch to write this information to the management console or to a buffer, file, or UNIX Syslog facility. Use this page (see Figure 4-16) to define the logging type and the severity level to log. Specify the amount of detail to log by selecting the appropriate severity level (see Figure 4-17).
Select one of the following options to log switch activity, and then click Apply:
Console Logging | Select this option to write log information to the management console. |
Buffer Logging | Select this option to write log information to a buffer in Flash memory. Enter the size of the buffer in the Buffer Size field. Information is maintained in the buffer on a first-in, first-out basis. If the buffer is full and you click Show Buffer, the most-recent data is always displayed. |
File Logging | Select this option to maintain a log file on an external server or in Flash memory. If the switch fails, it writes information about the cause of the failure to this file before functionality is lost. To write to a file on a server: Step 1 Select Enable File Logging. Step 2 Select a severity level from the Logging Level menu. Step 3 Enter a TFTP URL and the filename, the appropriate XMODEM command, or flash:filename. Step 4 Enter a minimum and maximum file size, in bytes. Step 5 Click Apply. |
Syslog | Select this option to use the UNIX Syslog facility to manipulate log information written to a UNIX host. Log information is sent to the UNIX host where it is then managed according to the facility established on the host. |
| Follow these steps to add a host to which log information is to be written: Step 6 Enter the host IP address in the New Host field. Step 7 Click <<Add<<. To use Syslog, you also need to select the facility that handles the log data. Select a facility, and click Apply. |
To avoid unnecessary messages, you can select the protocols or system functions for which you want to display debugging information.
Select Setup Debug Options (see Figure 4-17 ) to display a list of the options from which you can choose.
Cisco IOS can log eight levels of messages. When you select a severity level, the switch logs all Syslog messages of that level and above. The default level is Errors.
Select a level from one of the following choices on the Logging Level menu:
Emergencies | The switch is at risk of failing. |
Alert | A condition exists that should be corrected immediately. |
Critical | A critical condition exists, such as a device error. |
Errors | Errors. |
Warnings | Warning messages. |
Notifications | Conditions that are not errors, but that could require special handling. |
Information | Informational messages. |
Debugging | Messages only used for debugging. |
Catalyst 2900 switches support a Flash file system that includes a compiled image and other files that are used when the switch resets. Use the System Management page (see Figure 4-18) to enter the file names and other information used by the switch when it restarts or resets.
Click Details to display an ASCII version of the console port characteristics.
The startup configuration file contains the IP addresses, passwords, and any other parameters you entered when you first configured the switch. The switch maintains the configuration by reloading this file when it restarts. However, the startup configuration file might not have the configuration that is currently operating the switch. Changes made through the Switch Manager or the command-line interface (CLI) take effect immediately but must be explicitly saved to be included in the startup configuration.
Use this page to save the running configuration to the startup configuration file. The following buttons control the switch startup:
Click to write the running configuration to Flash memory. This configuration is then loaded when the switch is next restarted. | |
Click to restart the switch and load the startup configuration. |
This section describes the parameters used by the switch when it reloads its software. Some of these parameters are files that reside in Flash memory. To determine the names of the files to use, enter the following command at the CLI:
switch# dir flash:
Directory of flash: 2 -rwx 843947 Mar 01 1993 00:02:18 C2900XL-h-mz-112.8-SA 4 drwx 3776 Mar 01 1993 01:23:24 html 66 -rwx 130 Jan 01 1970 00:01:19 env_vars 68 -rwx 1296 Mar 01 1993 06:55:51 config.text
1728000 bytes total (456704 bytes free)
Follow these steps to change the system reload options:
Step 1 Enter the image filename and other details for reloading the system.
Image File | Enter the path and name of the Cisco IOS image file to load when the system reboots. |
Configuration File | Enter the path and name of the startup configuration file that the image file reads to configure the switch. |
Helper Path List | Enter the path and filename of the helper file to be loaded with the image file, as needed. Helper files can extend the functionality of the boot loader. Diagnostic software, for example, can be loaded with the boot loader. |
NVRAM Buffer Size | Enter the number of bytes to allocate for the NVRAM buffer. This buffer must be big enough to hold the configuration file. You can increase the buffer to a maximum of 65536 bytes. |
Boot Loader Flags | Enter -post to display all possible POST messages. |
Manual Boot | Enable a pause in the boot sequence. You are then prompted to enter a command at the CLI to load the software. |
Enable Break while booting | Allow a break, such as an RS-232 break, to end the boot sequence. You can use this option to interrupt the boot when running terminal emulation software on a remote workstation. |
Step 2 Click Apply.
For more information on working with system files and options for reloading the system, see the "Working with Files in Flash Memory" section in the "Cisco IOS Management" chapter.
Posted: Tue May 11 13:00:29 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.
