|
|
This chapter describes how you can manage the network management software for the Catalyst 5000 series switches. Network management software enables computer systems and other network devices to recognize problems on the network and send alerts to management entities who can execute operator notification, event logging, system shutdown, or automatic attempts at system repair. Management entities can poll end stations to check variable values and accept responses from agents that compile information about the managed devices. The agents provide information about the managed devices using SNMP.
The console port of the Catalyst 5000 series switch is an EIA/TIA-232 interface to which you can connect a console terminal or modem. You can directly access the CLI or configure a SLIP interface to access network management functions, such as Telnet, ping, and SNMP.
CiscoWorks for Switched Internetworks (CWSI) is a set of management applications (CiscoView, VlanDirector, and TrafficDirector) that allow you to detect, analyze, and manage traffic activity and to segment and build broadcast firewalls between logically dispersed users throughout a LAN. A description of these tools is as follows:
This section details the procedure for configuring SNMP and describes how SNMP works.
You can configure SNMP to access and manage management information between devices.
To configure SNMP on your switch, perform these steps:
| Task | Command |
|---|---|
| Step 1 Configure the SNMP community strings. | set snmp community {read-only | read-write | read-write-all} community_string |
| Step 2 Assign a trap receiver address and community. If you enter incorrect information, enter the clear snmp trap command to delete the entry. Reenter the set snmp trap command. | set snmp trap rcvr_address rcvr_community |
| Step 3 (Optional) Configure the switch to issue an authentication trap. | set snmp trap enable auth |
After entering the set snmp community command, you see this display:
Console> (enable) set snmp community read-only public SNMP read-only community string set. Console> (enable) set snmp community read-write private SNMP read-write community string set. Console> (enable) set snmp community read-write-all secret SNMP read-write-all community string set. Console> (enable) set snmp trap enable all All SNMP traps enabled. Console> (enable)
To disable SNMP access, enter one of these commands without specifying the community string:
To verify SNMP settings, enter the show snmp command. After entering this command, you see this display:
Console> (enable) show snmp RMON: Disabled Extended Rmon: Extended RMON module is not present Traps Enabled: Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config,entity,stpx Port Traps Enabled: 1/1-2,2/1 Community-Access Community-String ---------------- -------------------- read-only public read-write private read-write-all secret Trap-Rec-Address Trap-Rec-Community ---------------------------------------- -------------------- 172.20.52.40 secret Console> (enable)
SNMP is an application layer protocol designed to facilitate the exchange of management information between network devices. For more information, see the "Workgroup MIB Reference" appendix.
Catalyst 5000 series switches support these SNMP types:
RMON is an IETF standard monitoring specification that allows various network agents and console systems to exchange network monitoring data. A Catalyst 5000 series switch provides embedded support for RMON on Ethernet, Fast Ethernet, Gigabit Ethernet, and Token Ring ports, and Fast EtherChannel. Embedded RMON allows you to see network activity, and enables proactive threshold testing for all MIB objects supported by the Catalyst 5000 SNMP agent. The RMON agent includes the following groups from RFC 1757: statistics, history, alarms, and events. In addition, the following Token Ring tables are supported:
Access to RMON data is available only via an SNMP management application that supports RFC 1757 and RFC 1513. You cannot access RMON via the Catalyst 5000 series switch console interface; however, the console statistics provide similar information. For full utilization of RMON data, you should use Cisco's TrafficDirector.
You can view RMON data from Cisco's TrafficDirector application, or any standards compliant to RMON applications. Table 14-1 lists the memory requirements you need to view RMON data.
| Group | Space Used | Comments |
|---|---|---|
| Statistics | 140 bytes | Per port |
| History | 3K for 50 buckets | Each additional bucket uses 56 bytes |
| Alarm and Event | 1.3K | Per alarm per port |
To configure the Catalyst 5000 series switch for RMON, enter this command:
| Task | Command |
|---|---|
| Activate SNMP remote monitoring support. | set snmp rmon enable |
After entering the set snmp rmon enable command, you see this display:
Console> (enable) set snmp rmon enable SNMP RMON support enabled.
To verify the SNMP settings, enter the show snmp command. After entering this command, you see a display similar to the following:
Console> (enable) show snmp RMON: Disabled Extended Rmon: Extended RMON module is not present Traps Enabled: Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config,stpx Port Traps Enabled: 1/1-2,2/1-2 Community-Access Community-String ---------------- -------------------- read-only public read-write private read-write-all secret Trap-Rec-Address Trap-Rec-Community ---------------------------------------- -------------------- Console> (enable)
The embedded RMON agent monitors network traffic at the link layer of the OSI model without requiring a dedicated monitoring probe or network analyzer. It allows a network manager to analyze network traffic patterns, set up proactive alarms to detect problems before they affect users, identify heavy network users as candidates to move to dedicated or higher speed ports, and perform trend analysis for long-term planning.
The RMON specification for Ethernet provides comprehensive network fault diagnosis, planning, and performance-tuning information to network administrators. RMON delivers this information in nine groups of monitoring elements, each providing specific sets of data to meet common network monitoring requirements.
The Catalyst 5000 series switch supports the following four RMON groups; extended RMON capabilities are provided through Cisco's SwitchProbe application connected to the switch's SPAN port:
With RMON enabled, the Catalyst 5000 series switch can collect and forward comprehensive network traffic information from multiple ports simultaneously. This capability allows you to obtain information to help tune or troubleshoot a switched LAN. You can troubleshoot client/server applications more easily, because the Catalyst 5000 series switch can record traffic simultaneously from the server and client segments.
When you generate a trap, it is sent to all the hosts configured in the sysTrapRecevierTable and the trapDestTable, and is registered at the given UDP port. When there is a change in the sysTrapRecevierTable, it reflects in the trapDestTable and vice versa. You can configure a maximum of 20 trapDestination Entries. When you configure the sysTrapReceiverTable either from CLI or from SNMP, the value of
An entry with trapDestStatus as createAndWait is not seen in the CLI and in CISCO-STACK's sysTrapRecevierTable.
The value of trapDestProtocol is always set to "ip." When you upgrade the supervisor engine software release to 4.1, trapDestIndex values are assigned sequentially starting from one for all the valid corresponding trapRecevierAddress values, the trapDestOwner is set to an empty string, and the UDP port is set to 162.
The Catalyst 5000 series switch allows you to use Telnet to transition from the CLI of the switch to other devices on the network. With Telnet, you can maintain a connection to a Catalyst 5000 series switch while connecting to another switch or router.
Cisco Discovery Protocol (CDP) is a media- and protocol-independent protocol that runs on all Cisco-manufactured equipment including routers, bridges, access and communication servers, and switches. With CDP, network management applications can retrieve the device type and SNMP-agent address of neighboring devices. This enables applications to send SNMP queries to neighboring devices.
CDP allows network management applications to discover Cisco devices that are neighbors of already known devices, in particular, neighbors running lower-layer, transparent protocols. CDP runs on all media that support Subnetwork Access Protocol (SNAP), including LAN and frame relay. CDP runs over the data link layer only.
Cached CDP information is available to network management applications. Cisco devices never forward a CDP packet: when new information is received, Cisco devices discard old information.
To configure CDP on your Catalyst 5000 series switch, perform the tasks in this section.
To configure CDP, perform these tasks in privileged mode:
| Task | Command |
|---|---|
| Step 1 Enable CDP on the desired ports. Use the all keyword to enable CDP on all ports. | set cdp enable {mod_num/port_num | all} |
| Step 2 Set the message interval for CDP. The allowed range is 5-900 seconds. | set cdp interval {mod_num/port_num | all} interval |
The following example shows how to configure CDP on all ports and set the message interval to 100 seconds:
Console> (enable) set cdp enable all CDP enabled for all ports. Console> (enable) set cdp interval all 100 CDP message interval set to 100 seconds for all ports. Console> (enable)
To verify a CDP configuration, perform these tasks:
| Task | Command |
|---|---|
| Step 1 Verify the CDP configuration. | show cdp port [mod_num[/port_num]] |
| Step 2 View information about CDP neighbors. | show cdp neighbors [mod_num[/port_num]] [detail] |
This example shows how to verify the CDP configuration and how to view information about the neighboring devices:
Console> (enable) show cdp port
Port CDP Status Message-Interval
-------- ---------- ----------------
1/1 enabled 100
1/2 enabled 100
2/1 enabled 100
Console> (enable) show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Port Device-ID Port-ID Platform Capability
-------- ----------------------- ----------------- ------------------ ----------
1/1 002267633 2/2 WS-C5000 T S
Console> (enable)
The Catalyst 5000 series SPAN feature enables you to monitor traffic on any port for analysis by a network analyzer device or RMON probe. Enhanced SPAN (E-SPAN) enables you to monitor traffic from multiple ports with the same VLAN to a port for analysis. The SPAN redirects traffic from an Ethernet, Fast Ethernet, or FDDI port or VLAN to an Ethernet or Fast Ethernet monitor port for analysis and troubleshooting. You can monitor a single port or VLAN using a dedicated analyzer such as a Network General Sniffer, or an RMON probe, such as Cisco's SwitchProbe application. Figure 14-1 is an example of the SPAN feature on the Catalyst 5000 series switch.
In this configuration, all traffic on Ethernet port 5 is mirrored onto the configured SPAN port Ethernet 10. The network analyzer located on Ethernet 10 can see network traffic on Ethernet 5 without being physically attached to it. When configuring SPAN, note the following:
To configure, enable, or disable a SPAN port on your Catalyst 5000 series switch, perform the tasks in this section.
To configure a SPAN port, enter this command in privileged mode, specifying the source port (only one source port if you are configuring the SPAN port to monitor information transmitted from a source port), the destination port, and the direction of traffic that you want to monitor that is being switched on the source port.
| Task | Command |
|---|---|
| Configure a SPAN port. | set span {src_mod/src_port | src_vlan} dest_mod/dest_port [rx | tx | both] |
After entering the set span command and specifying a source port and destination port, you see a display similar to the following:
Console> (enable) set span 3/2 4/6 tx Enabled monitoring of Port 3/2 transmit traffic by Port 4/6 Console> (enable)
After configuring a SPAN port, ensure that SPAN has been enabled on the switch. If SPAN is not enabled, enter the set span command.
To enable SPAN, enter this command in privileged mode:
| Task | Command |
|---|---|
| Enable SPAN. | set span enable |
To disable SPAN, enter this command in privileged mode:
| Task | Command |
|---|---|
| Assign a name to a port. | set span disable |
To verify the SPAN configuration, enter this command in privileged mode:
| Task | Command |
|---|---|
| Verify the SPAN configuration. | show span |
After entering the show span command, you see a display similar to the following:
Console> (enable) show span Status : enabled Admin Source: Port 3/2 Oper Source : Port 3/2 Destination : Port 4/6 Direction : transmit Console> (enable)
You can access the Catalyst 5000 series switch administrative interface using SLIP. This protocol runs over serial links, allowing IP communications over the administrative interface.
The Catalyst 5000 series switch system message log has the following features:
By default, the Catalyst 5000 series switch logs normal but significant system messages to its internal buffer and sends these messages to the system console. System message logs allow you to select the facility and severity level of messages that are captured and to redirect the log messages to specific destinations. Messages are time-stamped to enhance real-time debugging and management.
Table 14-2 lists and defines the facility types supported by the system message logs.
| Facility Name | Definition |
|---|---|
| cdp | Cisco Discovery Protocol |
| disl | Dynamic Inter-Switch Link |
| drip | Dual Ring Protocol |
| dvlan | Dynamic Virtual Local Area Network |
| earl | Encoded Address Recognition Logic |
| fddi | Fiber Distributed Data Interface |
| filesys | Flash File System |
| ip | Internet Protocol |
| kernel | Kernel |
| mcast | Multicast Services |
| mgmt | TopN Feature |
| netflow | Multilayer Switching |
| pagp | Port Aggregation Protocol |
| protfilt | Protocol Filtering |
| pruning | VTP Pruning |
| snmp | Simple Network Management Protocol |
| spantree | Spanning-Tree Protocol |
| sys | System |
| tac | Terminal Access Controller |
| tcp | Transmission Control Protocol |
| telnet | Terminal Emulation Protocol |
| tftp | Trivial File Transfer Protocol |
| vmps | VLAN Membership Policy Server |
| vtp | VLAN Trunking Protocol |
Table 14-3 lists and describes the severity levels supported by the system message logs.
| Severity Level | Keyword | Description |
|---|---|---|
| 0 | emergencies | System unusable |
| 1 | alerts | Immediate action required |
| 2 | critical | Critical condition |
| 3 | errors | Error conditions |
| 4 | warnings | Warning conditions |
| 5 | notifications | Normal but significant condition |
| 6 | informational | Informational messages |
| 7 | debugging | Debugging messages |
This section contains information for configuring the system message logs feature.
The system message logs feature has several configurable options. The following sections provide instructions for configuring these options.
The Catalyst 5000 series switch ships with a default configuration, as shown in Table 14-4.
| Configuration Parameter | Default Setting |
|---|---|
| System message logging to the console | Enabled |
| syslog servers | None configured |
| System message logging to Telnet sessions | Enabled |
| Facility/severity level for system messages | disl/5 sys/5 all other facilities/2 |
When first logging on to the Catalyst 5000 series switch console, you can enter the show logging command to display the default configuration. After entering this command, you see this display:
Console> (enable) show logging Logging console: enabled Logging server: disabled Facility Server/Default Severity Current Session Severity ------------- ----------------------- ------------------------ cdp 2 2 mcast 2 2 disl 5 5 dvlan 2 2 earl 2 2 fddi 2 2 ip 2 2 pruning 2 2 snmp 2 2 spantree 2 2 sys 5 5 tac 2 2 tcp 2 2 telnet 2 2 tftp 2 2 vtp 2 2 vmps 2 2 kernel 2 2 filesys 2 2 drip 2 2 pagp 5 5 mgmt 5 5 netflow 5 5 protfilt 2 2 0(emergencies) 1(alerts) 2(critical) 3(errors) 4(warnings) 5(notifications) 6(information) 7(debugging) Console> (enable)
You can change the default facility and severity levels by entering the set logging level command as follows:
| Task | Command |
|---|---|
| Set the default facility and severity level for system messages. | set logging level facility severity |
| Disable system message logging to the console. | set logging console disable |
Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on the UNIX server. Log in as root, and perform these steps:
Step 1 Add a line such as the following to the file /etc/syslog.conf:
The Catalyst 5000 series switch sends messages according to specified facility types and severity levels. The user keyword specifies the UNIX logging facility used. The messages from the Catalyst 5000 series switch are generated by user processes. The debug keyword specifies the severity level of the condition being logged. You can set UNIX systems to receive all messages from the Catalyst 5000 series switch.
Step 2 Create the log file by entering these commands at the UNIX shell prompt:
Step 3 Make sure the syslog daemon reads the new changes by entering this command:
Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on the UNIX server as follows:
| Task | Command |
|---|---|
| Step 1 Add a syslog server to the configuration.1 | set logging server ip_addr |
| Step 2 Enable system message logging to configured syslog servers. | set logging server enable |
| Step 3 Set the facility and severity level for syslog server messages. | set logging level facility severity default |
Console> (enable) clear logging server ip_addr
Console> (enable) set logging server disable
By default, Telnet login sessions to the Catalyst 5000 series switch are enabled and receive system messages based on the default facility and severity values. To configure Telnet login sessions, enter these commands:
| Task | Command |
|---|---|
| Change the facility and severity values for Telnet login sessions. | set logging level facility severity |
| Disable system message logging to the current Telnet login session. | set logging session disable
or set logging console disable |
| Reenable system message logging to the current Telnet login session. | set logging session enable
or set logging console enable |
To display the current configuration for system messages, enter this command:
| Task | Command |
|---|---|
| Display the current system message log configuration. | show logging |
To display the first N system messages in the internal buffer of the Catalyst 5000 series switch, enter this command:
| Task | Command |
|---|---|
| Display the first N messages in the buffer. | show logging buffer N |
To display the last N system messages in the internal buffer of the Catalyst 5000 series switch, enter this command:
| Task | Command |
|---|---|
| Display the last N messages in the buffer. | show logging buffer -N |
To verify the system message log configuration, enter the show logging command. If you are verifying the system message log configuration for the console and the syslog server is disabled, the first two lines of output look as follows:
Console> (enable) show logging Logging console:enabledLogging server:disabled
If you are verifying the system message log configuration for a Telnet login session, an additional line showing the current logging session is displayed as follows:
Console> (enable) show logging Logging console: enabled Logging server: disabled Current Logging Session: enabled
This section provides examples for entering the system message log commands to perform the following tasks:
Console> (enable) set logging server enable System logging messages will be sent to the configured syslog servers.
Console> (enable) set logging server 171.69.192.205 171.69.192.205 added to the System logging server table.
Console> (enable) set logging session enable System logging messages will be sent to the current login session.
Console> (enable) set logging level all 1 default System logging facility <all> set to severity 1(alerts).
Console> (enable) show logging Logging console: enabled Logging server: disabled Current Logging Session: enabled Facility Server/Default Severity Current Session Severity ------------- ----------------------- ------------------------ cdp 1 1 mcast 1 1 disl 1 1 dvlan 1 1 earl 1 1 fddi 1 1 ip 1 1 pruning 1 1 snmp 1 1 spantree 1 1 sys 1 1 tac 1 1 tcp 1 1 telnet 1 1 tftp 1 1 vtp 1 1 vmps 1 1 kernel 1 1 filesys 1 1 drip 1 1 pagp 1 1 mgmt 1 1 netflow 1 1 protfilt 1 1 0(emergencies) 1(alerts) 2(critical) 3(errors) 4(warnings) 5(notifications) 6(information) 7(debugging) Console> (enable)
Console> (enable) set logging level snmp 3 System logging facility <snmp> set to severity 3(errors).
Console> (enable) show logging Logging console: enabled Logging server: disabled Current Logging Session: enabled Facility Server/Default Severity Current Session Severity ------------- ----------------------- ------------------------ cdp 1 1 mcast 1 1 disl 1 1 dvlan 1 1 earl 1 1 fddi 1 1 ip 1 1 pruning 1 1 snmp 1 1 spantree 1 1 sys 1 1 tac 1 1 tcp 1 1 telnet 1 1 tftp 1 1 vtp 1 1 vmps 1 1 kernel 1 1 filesys 1 1 drip 1 1 pagp 1 1 mgmt 1 1 netflow 1 1 protfilt 1 1 0(emergencies) 1(alerts) 2(critical) 3(errors) 4(warnings) 5(notifications) 6(information) 7(debugging) Console> (enable)
Console> (enable) show logging buffer 4 11/4/1996,13:52:46:SYS-5:Module 1 is online 11/4/1996,13:52:52:SYS-5:Module 5 is online 11/4/1996,13:52:54:SYS-5:Module 3 failed due to CBL0, CBL1, or CBL2 Error 11/4/1996,13:52:54:SYS-5:Module 3 failed configuration
Console> (enable) show logging buffer -4 11/4/1996,13:52:54:SYS-5:Module 3 failed configuration 11/4/1996,13:53:04:SYS-5:Module 4 is online 11/4/1996,13:53:31:SNMP-6:Subagent 2 connected 11/4/1996,13:54:45:SNMP-5:Cold Start Trap
Catalyst 5000 series switch system message log software can save messages in a log file or direct the messages to other devices. You can specify which system messages should be saved based on the type of facility, as shown in Table 14-2, and the severity level, as shown in Table 14-3. These messages are saved in an internal buffer that can store up to 1024 syslog messages. They can also be saved on UNIX servers that have been configured properly. The syslog software reads the messages from the buffer and sends them to the specified destination.
The system message log feature allows you to access system messages by logging in to the console using the Telnet protocol. In this way, you can monitor system messages remotely from any workstation that supports the Telnet protocol.
Each Catalyst 5000 series switch ships with a default system message logging configuration. To view the default configuration, enter the show logging command. For an example of a display showing the default configuration, see the "Default System Message Log Configuration" section.
When initializing, the Catalyst 5000 series switch displays a severity level 5 (notifications) startup message showing the status of each module and port:
Login sessions: 4/15/1998,11:03:11:SYS-5:Module 1 is online. 4/15/1998,11:03:26:SYS-5:Port 1/1 has become trunk
After switch initialization, a severity level 6 (information) message shows SNMP socket status information:
Login sessions: 4/15/1998,13:59:26:SNMP-6:UDP socket [0] opened UNIX syslog servers: Apr 15 13:59:31 cat11-lnf.cisco.com :SNMP-6:UDP socket [0] opened
System log messages begin with a percent sign (%) and contain up to 80 characters. The messages are displayed in the following format:
%TIMESTAMP: FACILITY-SEVERITY: Message-text;
Table 14-5 lists and defines the syslog message format elements:
| Element | Description |
| TIMESTAMP | Current date and time in the following format: mm/dd/yy,hh:mm:ss |
| FACILITY | Two or more uppercase letters that indicate the facility to which the message refers (for example, SNMP, SYS, etc.) |
| SEVERITY | Single-digit code from 0 to 7 that indicates the severity of the message |
| Message-text | Text string containing detailed information about the event being reported |
These examples show typical Catalyst 5000 series switch system messages:
4/15/1998,13:52:46:SYS-5:Module 1 is online 4/15/1998,13:52:52:SYS-5:Module 5 is online 4/15/1998,13:52:54:SYS-5:Module 3 failed due to CBL0, CBL1, or CBL2 Error 4/15/1998,13:52:54:SYS-5:Module 3 failed configuration
The traceroute command allows you to identify the path packets take through the network on a hop-by-hop basis. The command output displays all Layer 3 devices, such as routers, that the traffic passes through on the way to the destination.
Catalyst 5000 series switches can participate as the source or destination of the traceroute command but will not appear as a hop in the traceroute command output.
The traceroute command uses the TTL field in the IP header to cause routers and servers to generate specific return messages. Traceroute starts by sending a UDP datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an ICMP "time exceeded" message to the sender. The traceroute facility determines the address of the first hop by examining the source address field of the ICMP time-exceeded message.
To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the time-exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host (or until the maximum TTL is reached).
To determine when a datagram has reached its destination, traceroute sets the UDP destination port in the datagram to a very large value which the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP "port unreachable" error to the source. This message indicates to the traceroute facility that it has reached the destination.
To display the path packets take through the network, perform this task in privileged mode:
| Task | Command |
|---|---|
| Display the path packets take through the network. | traceroute [-n] [-w wait_time] [-i initial_ttl] [-m max_ttl] [-p dest_port] [-q nqueries] [-t tos] host [data_size] |
This example shows the basic usage of the traceroute command:
Console> (enable) traceroute 10.1.1.100 traceroute to 10.1.1.100 (10.1.1.100), 30 hops max, 40 byte packets 1 10.1.1.1 (10.1.1.1) 1 ms 2 ms 1 ms 2 10.1.1.100 (10.1.1.100) 2 ms 2 ms 2 ms Console> (enable)
This example shows how to perform a traceroute with 6 queries to each hop with packets of 1400 bytes each:
Console> (enable) traceroute -q 6 10.1.1.100 1400 traceroute to 10.1.1.100 (10.1.1.100), 30 hops max, 1440 byte packets 1 10.1.1.1 (10.1.1.1) 2 ms 2 ms 2 ms 1 ms 2 ms 2 ms 2 10.1.1.100 (10.1.1.100) 2 ms 4 ms 3 ms 3 ms 3 ms 3 ms Console> (enable)
The Switch TopN Reports utility allows you to collect and analyze data for each physical port on a Catalyst 5000 series switch.
The Switch TopN Reports utility collects the following data for each physical port:
This section describes how to start the Switch TopN utility, how to display reports with the Switch TopN utility, and how to remove the Switch TopN utility.
To start the Switch TopN Reports utility, enter this command:
| Task | Command |
|---|---|
| Start the Switch TopN Reports utility. | show top [N] [metric] [interval interval] [port_type] [background] |
To display Switch TopN reports, enter this command:
| Task | Command |
|---|---|
| Display Switch TopN reports. | show top report [report_num] |
If you do not specify the report_num variable, this command lists all active Switch TopN processes and all available Switch TopN reports for the switch. Each process is associated with a unique report number. All Switch TopN processes (both with and without the background option) are shown in the list.
The report_num variable is the Switch TopN report number shown in the output of the show top report command. If you specify report num, the associated Switch TopN report is displayed.
To remove Switch TopN reports, enter this command:
| Task | Command |
|---|---|
| Remove Switch TopN reports. | clear top {all | report_num} |
In this command, the all keyword applies to all nonpending Switch TopN results.
When the Switch TopN Reports utility starts, it gathers data from the appropriate hardware counters and then goes into sleep mode for a user-specified period of time. When the sleep time ends, the utility gathers the current data from the same hardware counters, compares the current data from the earlier data, and stores the difference. The data for each port is then sorted using a user-specified metric chosen from the following metric values: util, i/o-bytes, i/o-pkts, i/o-bcst, i/o-mcst, in-errors, or buf-ovflw. The default metric is util.
If you enter the show top command without the background option, processing begins but the system prompt does not reappear on the screen. While the report is being generated, you cannot enter other commands. You can terminate the Switch TopN process before it finishes by pressing Ctrl-C from the same console or Telnet session, or by opening a separate console or Telnet session and entering the clear top [report_num] command. Once the Switch TopN utility completes processing the data, it displays the output on the screen immediately. The output is not saved.
If you enter the show top command with the background option, processing begins and the system prompt reappears immediately. When processing completes, the Switch TopN reports are not displayed immediately on the screen, but are saved for later viewing. You must enter the show top report [report_num] command to view the completed Switch TopN reports. In addition, the system notifies you when the Switch TopN reports are complete by sending a syslog message to the screen.
If you enter the show top report [report_num] command, the system displays only those reports that are completed. For reports that are not completed, the system displays a short description of the Switch TopN process information.
You can terminate a Switch TopN process invoked with the background option only by entering the clear top [report_num] command. Pressing Ctrl-C does not terminate the process. Also, completed Switch TopN reports remain available for viewing until you remove them using the clear top {all | report_num} command.
This example shows how to start the Switch TopN Reports utility without the background option:
Console> (enable) show top 10 util interval 600
Start Time: 4/15/1998, 12:04:16
End Time: 4/15/1998, 12:14:18
PortType: all
Metric: util
Port Band- Uti Tx/Rx-bytes Tx/Rx-pkts Tx/Rx-bcst Tx/Rx-mcst In- Buf-
width % err Ovflw
----- ----- --- -------------------- ---------- ---------- ---------- ---- -----
1/1 100 0 0 0 0 0 0 0
5/48 10 0 0 0 0 0 0 0
5/47 10 0 0 0 0 0 0 0
5/46 10 0 0 0 0 0 0 0
5/45 10 0 0 0 0 0 0 0
5/44 10 0 0 0 0 0 0 0
5/43 10 0 0 0 0 0 0 0
5/42 10 0 0 0 0 0 0 0
5/41 10 0 0 0 0 0 0 0
5/40 10 0 0 0 0 0 0 0
Console> (enable)
This example shows how to start the Switch TopN Reports utility with the background option:
Console> (enable) show top 10 util interval 600 background 4/15/1998,14:05:38:MGMT-5: TopN report 2 started by telnet/172.20.22.7/. Console> (enable) 4/15/1998,14:15:38:MGMT-5: TopN report 2 available.
This example shows how to list all active Switch TopN processes and all available Switch TopN reports for the switch:
Console> show top report Rpt Start time Int N Metric Status Owner (type/machine/user) --- ------------------- --- --- ---------- -------- ------------------------- 1 4/15/1998, 11:34:00 60 20 Tx/Rx-Bytes done telnet/172.20.22.7/ 2 4/15/1998, 11:34:08 600 10 Util done telnet/172.34.39.6/ 3 4/15/1998, 11:35:17 300 20 In-Errors pending Console// 4 4/15/1998, 11:34:26 60 20 In-Errors pending* Console// Console>
This example shows how to list the details of Switch TopN report number 2:
Console> (enable) show top report 2
Start Time: 4/15/1998, 11:34:00
End Time: 4/15/1998, 11:34:33
PortType: all
Metric: util
Port Band- Uti Tx/Rx-bytes Tx/Rx-pkts Tx/Rx-bcst Tx/Rx-mcst In- Buf-
width % err Ovflw
----- ----- --- -------------------- ---------- ---------- ---------- ---- -----
/15 100 88 98765432109876543210 9876543210 98765 12345 123 321
5/48 10 75 44532 5389 87 2 0 0
5/47 10 67 5432 398 87 2 0 0
5/46 10 56 1432 398 87 2 0 0
5/45 10 54 432 398 87 2 0 0
5/44 10 48 3210 65 10 10 15 5
5/43 10 45 432 5398 87 2 2 0
5/42 10 37 5432 398 87 2 0 0
5/41 10 36 1432 398 87 2 0 0
5/40 10 14 2732 398 87 2 0 0
Console> (enable)
This example shows what the system displays if you attempt to view a Switch TopN report that is in a pending state:
Console> (enable) show top report 4 Rpt Start time Int N Metric Status Owner (type/machine/user) --- ------------------- --- --- ---------- -------- ------------------------- 4 4/15/1998, 11:34:26 30 20 In-Errors pending Console// Console> (enable)
This example shows how to clear a specific Switch TopN report:
Console> (enable) clear top 4 Console> (enable)
This example shows how to clear all completed Switch TopN reports:
Console> (enable) clear top all Console> (enable)
The Network Time Protocol (NTP) synchronizes timekeeping among a set of distributed time servers and clients. This synchronization allows events to be correlated when system logs are created and other time-specific events occur. NTP runs over UDP, which in turn runs over IP. NTP is documented in RFC 1305. All NTP communication uses Coordinated Universal Time (UTC), which is the same as Greenwich Mean Time.
An NTP server must be accessible by the Catalyst 5000 series client switch.
Use the following procedures to configure NTP. For more information about NTP commands, refer to the Catalyst 5000 Series Command Reference publication.
The broadcast-client mode assumes that a broadcast server, such as a router, regularly sends time-of-day information to the Catalyst 5000 series switch. To enable NTP in broadcast-client mode, enter this command:
| Task | Command |
|---|---|
| Enable the NTP broadcast-client mode. | set ntp broadcastclient enable |
Console> (enable) set ntp broadcastclient enable NTP Broadcast Client mode enabled.
The client mode assumes that the client, or Catalyst 5000 series switch, regularly initiates time-of day requests to the NTP server. A maximum of ten servers per client is allowed. To configure NTP in client mode, you must configure the IP address of the NTP server. Perform these steps to enable NTP in client mode:
| Task | Command |
|---|---|
| Step 1 Configure the address of the NTP server to be queried. | set ntp server ip-addr |
| Step 2 Enable the NTP broadcast client mode. | set ntp client enable |
Console> (enable) set ntp server 172.20.22.191 NTP server 172.20.22.191 added.
Console> (enable) set ntp client enable NTP client mode enabled.
Console> (enable) clear ntp server 172.20.22.193 NTP server 172.20.22.193 removed.
Console> (enable) clear ntp server all NTP server 172.20.22.192 removed. NTP server 172.20.22.193 removed.
Console> (enable) set ntp client disable NTP client mode disabled.
In broadcast-client mode, the broadcast server regularly sends time-of-day information to the Catalyst 5000 series switch, which is unaware of the server-to-client packet latency. The NTP broadcast delay command configures a time adjustment factor for the receiving of broadcast packets by the switch. To set the estimated NTP broadcast packet delay, enter this command:
| Task | Command |
|---|---|
| Set the NTP broadcast packet delay. | set ntp broadcast delay microseconds |
After setting the set ntp broadcast delay to 4000, you see this display:
Console> (enable) set ntp broadcast delay 4000 NTP broadcast delay set to 4000 microseconds.
You might want to set the time zone for display purposes. To set the time zone, enter this command:
| Task | Command |
|---|---|
| Set the time zone. | set timezone zone hours [minutes] |
Console> (enable) set timezone PST -8 Timezone set to "PST", offset from UTC is -8 hours.
Console> (enable) set summertime enable PDT Summertime is enabled and set to "PDT".
Enter the following commands to verify NTP:
Console> show ntp Broadcast client mode: disabled Broadcast delay: 4000 microseconds Client mode: enabled Server 172.20.22.191 172.20.22.192 172.20.22.193 Timezone: "PST", offset from UTC is -8 hours Summertime: "PDT", enabled
Console> show timezone Timezone set to "PST", offset from UTC is 8 hours.
Console> show summertime Summertime is enabled and set to "PDT".
An NTP network usually gets its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server. NTP distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of one another.
NTP uses a stratum to describe how many NTP hops away a machine is from an authoritative time source. A stratum 1 time server has a radio or atomic clock directly attached, a stratum 2 time server receives its time via NTP from a Stratum 1 time server, and so on. A machine running NTP automatically chooses as its time source the machine with the lowest stratum number that it is configured to communicate with via NTP. This strategy effectively builds a self-organizing tree of NTP speakers.
NTP has two ways to avoid synchronizing to a machine whose time might be ambiguous: NTP never synchronizes to a machine that is not synchronized itself, and NTP compares the time reported by several machines and does not synchronize to a machine whose time is significantly different from the others, even if its stratum is lower.
The communications between machines running NTP, known as associations, are usually statically configured; each machine is given the IP address of all machines with which it should form associations. Accurate timekeeping is possible by exchanging NTP messages between each pair of machines with an association. However, in a LAN environment, you can configure NTP to use IP broadcast messages. This alternative allows you to configure the machine to send or receive broadcast messages, but the accuracy of timekeeping is marginally reduced because the information flow is one-way only.
Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that you derive the time service for your network from the public NTP servers available in the IP Internet. If the network is isolated from the Internet, Cisco's NTP implementation allows a machine to be configured so that it acts as though it is synchronized via NTP, when in fact it has determined the time using other means. Other machines then synchronize to that machine via NTP.
A number of manufacturers include NTP software for their host systems, and a publicly available version for systems running UNIX and its various derivatives is also available. This software allows host systems to be time-synchronized as well.
The Domain Name System (DNS) is a distributed database that allows you to map host names to IP addresses through the DNS protocol from a DNS server. When you configure DNS on the
Catalyst 5000 series switch, you can substitute the host name for the IP address with all IP commands, such as ping, upload, download, and outgoing telnet. DNS is disabled by default.
To use DNS, you must have a DNS server configured on your network.
You can configure up to three DNS name servers for backup and are provided with an option to configure any DNS server as primary. The primary server is the first one to query. If the primary server fails, the backup servers are queried.
If DNS is disabled, you must use the IP address with all commands that require explicit IP addresses. This feature is disabled by default.
To configure DNS, use this procedure:
| Task | Command |
|---|---|
| Step 1 Set the address of the DNS server. | set ip dns server ip_addr [primary] |
| Step 2 Set the domain name. | set ip dns domain name |
| Step 3 Enable DNS. | set ip dns {enable | disable} |
Console> (enable) set ip dns server 171.69.2.132 primary DNS name server set to 198.92.30.35 as primary. Console> (enable) set ip dns server 198.92.30.32 DNS name server set to 198.92.30.32 as primary. Console> (enable) set ip dns server 161.44.128.70 Table is full. DNS name server 161.44.128.70 not added.
Console> (enable) set ip dns domain hp.com Default DNS domain name set to hp.com.
Console> (enable) set ip dns enable DNS enabled. Console> (enable) set ip dns disable DNS disabled.
Console> (enable) clear ip dns server 198.92.30.32 DNS name server 198.92.30.32 cleared.
Console> (enable) clear ip dns domain Default DNS domain name hp.com cleared. Console> (enable) clear ip dns domain There is no default DNS domain name defined.
To show the DNS name server and the default domain name, enter the show ip dns command. After entering this command, you see this display:
Console> (enable) show ip dns DNS is currently enabled. The default DNS domain name is: cisco.com DNS name server status --------------- ------- 198.92.30.32 171.69.2.132 primary 161.44.128.70
The system name on the Catalyst family of switches is a user-configurable ASCII string that is used to identify the device. The factory default configuration is "no system name configured." You can configure the system name using either the CLI or SNMP. Protocols like CDP and Port Aggregation Protocol (PAgP) use the system name with the device serial number in the protocol update packets as an identifier of the device. This allows you to easily identify the neighboring devices learned from CDP or PAgP, since the system name is a user-configured string. When you do not configure the system name, you can obtain the name from a DNS lookup. This feature allows automatic configuration of a meaningful system name to the Catalyst 5000, based on its IP address.
The prompt is a user-configurable ASCII string that can be 20 characters long. It helps to identify the Catalyst 5000 when you Telnet to the switch. The factory-default prompt is Console>.
Use the management IP address of the Catalyst 5000 series switch to get the system name from a DNS lookup. You need the IP address to do the DNS lookup. The resulting hostname from the DNS lookup is configured as the system name of the Catalyst 5000 series switch and is saved in NVRAM.
You must do the following to ensure a successful system name DNS lookup. If you configure the parameters improperly, the lookup will not be successful.
The lookup for the system name is done:
The system tracks whether the system name is user configured, or is obtained from a DNS lookup. The lookup for the system name is done only:
If you configure a system name, it is not replaced by the DNS lookup system name.
A lookup is not successful if you disable the port that establishes the connectivity to the DNS server, or if the port is going through spanning-tree state changes (such as listening and learning).
If you have not configured a prompt, the system name is used to derive the prompt. The system name can be user-configured or it can be from a DNS lookup. Because the system name can be 255 characters long and the prompt can be only 20 characters long, the system name is truncated to the first 20 characters when used as a prompt. A greater-than symbol (>) is appended to it. If the system name is from a DNS lookup, it is truncated to remove the domain name.
If the prompt is obtained using the system name, it will be updated whenever the system name changes. You can overwrite this prompt any time by setting the prompt manually. Any change in the prompt is reflected in all current open sessions.
This section contains instructions for creating a single or multiline message banner that appears on your screen before session login.
To configure a login banner, enter this command in privileged mode:
| Task | Command |
|---|---|
| Enter the message of the day. | set banner motd |
The first letter after the motd keyword is used as the delimiter to end the message. Characters following the ending delimiter are discarded. After the ending delimiter, you must press Return. The banner must be fewer than 255 characters.
You see this display when you enter the set banner motd command:
Console> (enable) set banner motd Usage: set banner motd <C> [text] <C> (<C> is a delimiting character) Console> (enable) set banner motd " " MOTD banner cleared. Console> (enable) set banner motd # ** System upgrade at 6:00am Tuesday ** Please log out before leaving on Monday. # MOTD banner set.
The Catalyst 5000 series switch can contain multiple modules, each of which has its own onboard Flash. Multiple module downloading allows you to perform a single Trivial File Transfer Protocol (TFTP) download that updates all modules of the same type. The download command is available only from the privileged (enable) mode. To configure multiple module download, you must use FDDI software release 2.2 or greater.
This section contains instructions for performing a serial and TFTP download on the supervisor, ATM, and FDDI modules.
Use the appropriate procedure in this section for the supervisor, ATM, or FDDI modules.
To download over a serial line, enter this command:
| Task | Command |
|---|---|
| Perform a serial download. | download serial [mod_num] |
If you enter a mod_num (optional), a download to the module number specified occurs. If you omit the mod_num in this command, the download header determines the module type. The download then goes to all modules of that type. When specifying a mod_num, the target module must be the same type that is indicated by the download header. Otherwise, the download fails.
To download from a TFTP server, enter this command:
| Task | Command |
|---|---|
| Perform a TFTP download. | download host file [mod_num] |
After the module receives the download header from the host, it determines the download type and gives a confirmation prompt similar to the following:
Download image atm_13.bin from 172.20.22.7 to ATM Module(s) 2 (y/n) [n]? Download image atm_13.bin from 172.20.22.7 to ATM Module(s) 6 (y/n) [n]? Download image atm_13.bin from 172.20.22.7 to ATM Module(s) 8 (y/n) [n]? Do you wish to continue to download (y/n) [n]?
This section contains examples of how to use the download command.
Console> (enable) download 172.20.22.7 c5009_15.bin Console> (enable) download 172.20.22.7 atm-13.bin Console> (enable) download 172.20.22.7 fddi-13.bin
Console> (enable) download 172.20.22.7 atm_13.bin 5
Console> (enable) download serial
Console> (enable) download 172.20.227 atm-13.bin
Console> (enable) download 172.20.227 fddi-13.bin
Console> (enable) download 172.20.227 C5009-15.bin
Downloading multiple modules speeds up the download process significantly. You need to perform a single download to multiple modules only once for each module type. With the multiple module download feature, the TFTP Flash image for the module is relayed packet by packet to the modules by using the Inter-Process Communications (IPC) protocol internal to the system, with communication taking place across the switching bus.
Each module has an IPC process and listens for the download packets, which are then stored in the download buffer. The TFTP packet is queued to the IPC process and is sent individually to each module.
|
|