|
|
This chapter describes the initial configuration of the Catalyst 5000 series switches and explains how to configure IP addressing and Simple Network Management Protocol (SNMP).
This chapter also describes the redundant supervisor engine operation feature, which allows you to install a second supervisor engine module in the Catalyst 5505 or Catalyst 5500 switch. Supervisor redundancy creates a high-speed, fault-tolerant environment that supports mission-critical applications.
The configurable Catalyst 5000 series features have default values that will most likely suit your environment, and you might not need to change them.
The default values of the features for the Catalyst 5000 series switch follow:
Before you Telnet to the switch or use SNMP to manage your network, you must assign an IP address to the switch. Up to eight simultaneous Telnet sessions are possible. If your Telnet station or SNMP network management workstation is on a different network from the switch, you must add a static routing table entry to the routing table by entering the set ip route command as described in the "Configuring the In-band Interface (Telnet Connectivity)" section.
You can configure the switch through the CLI using three types of commands: set, show, and clear. Enter the set commands to establish switch parameters. After each set command, enter the show command to verify that you have entered the correct values and configured the switch correctly. If you make errors, enter the set or clear command to overwrite or erase the parameter.
Before you begin to configure your supervisor software, obtain the following information:
| Task | Command |
|---|---|
| Step 1 Turn ON the power to the switch and the console terminal. | |
| Step 2 Access the console port using the console terminal. | |
| Step 3 At the Enter password: prompt, press Return. | |
| Step 4 Enter privileged mode. | enable |
| Step 5 At the Enter password: prompt, press Return. |
After turning on the power to the switch and console terminal on systems with Supervisor Engines I and II, you see this initial bootup display:
ATE0
ATS0=1
Catalyst 5000 Power Up Diagnostics
Init NVRAM Log
LED Test
ROM CHKSUM
DUAL PORT RAM r/w
RAM r/w
RAM address test
Byte/Word Enable test
RAM r/w 55aa
RAM r/w aa55
EARL test
BOOTROM Version 2.1, Dated Apr 6 1998 16:49:40
BOOT date: 00/00/00 BOOT time: 03:18:57
SIMM RAM address test
SIMM Ram r/w 55aa
SIMM Ram r/w aa55
Start to Uncompress Image ...
IP address for Catalyst not configured
BOOTP will commence after the ports are online
Ports are coming online ...
Cisco Systems Console
Enter password:
Mon Apr 06 1998 03:20:41 Module 1 is online
Enter Password:
Mon Apr 06 1998 03:20:41 Module 2 is online
Enter Password:
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Sending RARP request with address 00:40:0b:6c:2b:ff
Sending bootp request with address: 00:40:0b:6c:2b:ff
Console> enable
Enter password:
Console> (enable)
After turning on the power to the switch and console terminal on systems with Supervisor Engine III, you see this initial bootup display:
System Power On Diagnostics NVRAM Size..............................128KB LED Test................................Done ID Prom Test............................Passed DPRAM Size..............................16KB DPRAM Data 0x55 Test....................Passed DPRAM Data 0xaa Test....................Passed DPRAM Address Test......................Passed Clearing DPRAM..........................Done System DRAM Memory Size.................16MB DRAM Data 0x55 Test.....................Passed DRAM Data 0xaa Test.....................Passed DRAM Address Test.......................Passed Clearing DRAM...........................Done EARL++..................................Present EARL RAM Test...........................Passed EARL Serial Prom Test...................Passed Level2 Cache............................Present Level2 Cache test.......................Passed
We recommend that you set several optional system parameters as part of the initial system setup. To set the system parameters, complete these steps in privileged mode:
To set the in-band interface, complete these steps in privileged mode:
You need to configure static routes using the set ip route command if your Telnet station or SNMP network management workstation is on a different network from the switch. You can also use the set ip route command to configure a default IP gateway. A default IP gateway routes IP packets that have unresolved destination IP addresses.
After entering the show interface command, you see this display:
Console> (enable) show interface sl0: flags=10<DOWN,POINTOPOINT> slip 0.0.0.0 dest 0.0.0.0 sc0: flags=863<UP,BROADCAST,RUNNING> inet 0.0.0.0 netmask 0.0.0.0 broadcast 0.0.0.0 Console> (enable)
After entering the set interface sc0 up command and the set ip route command, you see this display:
Console> (enable) set interface sc0 up
Interface sc0 administratively up.
Console> (enable) set interface sc0 192.200.11.44 255.255.255.0
Interface sc0 IP address and netmask set.
Console> (enable) set interface sl0 up
Interface sl0 administratively up.
Console> (enable) set interface sl0 192.200.10.45 192.200.10.103
Interface sl0 SLIP and destination address set.
Console> (enable) set interface sc0 5
Interface sc0 vlan set.
Console> (enable) set ip route default 192.122.173.42
Route added.
After you enter the set interface command, the show interface command shows this configuration:
Console> (enable) show interface
sl0: flags=10<UP,POINTOPOINT,RUNNING>
slip 192.200.10.45 dest 192.200.10.103
sc0: flags=863<UP,BROADCAST,RUNNING>
vlan 1 inet 192.200.11.44 netmask 255.255.255.0 broadcast 192.200.11.255
Console> (enable)
After you enter the show ip route command, you see this display:
Console> (enable) show ip route Fragmentation Redirect Unreachable ------------- -------- ----------- enabled enabled enabled Destination Gateway Flags Use Interface --------------- --------------- ------ ---------- --------- default 192.122.173.42 UG 59444 sc0 192.22.74.0 192.22.74.223 U 5 sc0 Console> (enable)
The show port capabilities command allows you to determine the capabilities of the modules and ports in a switch. This example shows you how to show the port capabilities for module 2, port 1:
Console> show port capabilities 2/1 Model WS-X5113 Port 2/1 Type 100BaseTX Speed 100 Duplex half,full Trunk encap type ISL Trunk mode on,off,desirable,auto,nonegotiate Channel no Broadcast suppression pps(0-150000) Flow control no Security yes Membership static,dynamic Fast start yes Console>
You can define up to three default IP gateways with Catalyst 5000 series software release 4.1. Defining multiple default IP gateways provides redundancy; if the primary default IP gateway fails, the Catalyst 5000 series switch uses the secondary default IP gateways in the order in which they were configured.
To configure multiple default IP gateways, complete these steps in privileged mode:
| Task | Command |
|---|---|
| Step 1 Define up to three default IP gateways. | set ip route destination gateway [metric] [primary] |
| Step 2 Verify the new default IP gateway settings. | show ip route |
Use the primary keyword to give a default IP gateway higher priority than the other default IP gateway(s). If you do not designate a primary default IP gateway, the system chooses the default IP gateway based on the order in which the gateways were configured. If two or more gateways are designated as primary gateways, the system chooses the last primary gateway configured to be the default IP gateway.
This example shows how to designate three default IP gateways using the set ip route command, and includes examples of the show ip route command after each default IP gateway is configured:
Console> (enable) set ip route default 192.122.173.42 1 primary Route added. Console> (enable) show ip route Fragmentation Redirect Unreachable ------------- -------- ----------- enabled enabled enabled Destination Gateway Flags Use Interface --------------- --------------- ------ ---------- --------- default 192.122.173.42 UG 59444 sc0 192.22.74.0 192.22.74.223 U 5 sc0 Console> (enable) set ip route default 192.122.173.43 1 Route added. Console> (enable) show ip route Fragmentation Redirect Unreachable ------------- -------- ----------- enabled enabled enabled Destination Gateway Flags Use Interface --------------- --------------- ------ ---------- --------- default 192.122.173.43 G 0 sc0 default 192.122.173.42 UG 59444 sc0 192.22.74.0 192.22.74.223 U 5 sc0
Console> (enable) set ip route default 192.122.173.44 1 Route added. Console> (enable) show ip route Fragmentation Redirect Unreachable ------------- -------- ----------- enabled enabled enabled Destination Gateway Flags Use Interface --------------- --------------- ------ ---------- --------- default 192.122.173.44 G 0 sc0 default 192.122.173.43 G 0 sc0 default 192.122.173.42 UG 59444 sc0 192.22.74.0 192.22.74.223 U 5 sc0 Console> (enable)
To configure the console port for SLIP, complete these steps in privileged mode:
| Task | Command |
|---|---|
| Step 1 Access the switch from a remote host with Telnet. | telnet host_name | ip_addr |
| Step 2 Set the IP address of the console port. | set interface slip_addr dest_addr |
| Step 3 Enable the serial line interface protocol for the console port. | slip attach |
 Caution
| You must use the console port for the slip connection. While the slip connection is active, you lose your console port connection. If you are connected to the command line through the serial port and you enter the slip attach command, you will lose the console port connection. In that case, use Telnet to access the command line, enter privileged mode, and type slip detach to restore the console port or reset the switch. |
The switch performs a BOOTP request only if you set the current IP address to 0.0.0.0. This is the default for a new switch or a switch whose configuration file has been cleared using the clear config all command.
To configure a workstation as a BOOTP server, you must determine the MAC address of the switch and add that MAC address to the BOOTP configuration file on the server. To create a BOOTP server on a Sun workstation, complete these steps:
| Task | Command |
|---|---|
| Step 1 Install the BOOTP server code on the workstation, if it is not already installed. | |
| Step 2 Obtain the first address in the MAC address range for VLAN 1 in module 1 (the supervisor module). Choose the last address in the range on line 1 under the MAC-Address(es) heading. | show module |
| Step 3 Add an entry in the BOOTP configuration file (usually /usr/etc/bootptab) for each Catalyst 5000 series switch. Press Return after each entry to create a blank line between each entry. |
| Task | Command |
|---|---|
| Step 1 Enter the ping command to send an echo request to the host specified in the command line. Or, enter the traceroute command to display a hop-by-hop path through the IP network. | ping host
traceroute host |
| Step 2 Check the interface configuration. | show int |
| Step 3 Check the routing table. | show ip route |
| Step 4 If necessary, reset the configuration to its default values, and reenter the configuration information. | clear config |
To test connectivity from the switch to a workstation with an IP address of 192.34.56.5, enter the command ping 192.34.56.5. If the switch receives a response, you see this message:
192.34.56.5 is alive
You can also display a hop-by-hop path through an IP network from the Catalyst 5000 series switch to a specific destination host using the traceroute command. For example, to test connectivity from the switch to a workstation with an IP alias of server10, enter the command traceroute server10. If the switch receives a response, you see this message:
traceroute to server10.company.com (173.16.22.7), 30 hops max, 40 byte packets 1 engineering-1.company.com (173.31.192.206) 2 ms 1 ms 1 ms 2 engineering-2.company.com (173.31.196.204) 2 ms 3 ms 2 ms 3 gateway_a.company.com (173.16.1.201) 6 ms 3 ms 3 ms 4 server10.company.com (173.16.22.7) 3 ms * 2 ms Console>
Some functions, such as SNMP, Spanning-Tree Protocol, CDP, and VTP can be processed on the standby supervisor engine module. The standby supervisor status shows "standby." However, the port status of the standby ports is like that of any usable port, and the console port on the standby supervisor engine module is inactive.
You must install the redundant supervisor engine modules in the first two slots of the chassis. The supervisor engine modules are hot swappable, and the system continues to operate with the same configuration after switching over to the redundant supervisor engine. For more information, refer to the Catalyst 5000 Series Installation Guide.
This section shows example displays of the redundant supervisor engine module.
This example shows the display for the second supervisor engine module when you enter the show module command:
Console> show module
Mod Module-Name Ports Module-Type Model Serial-Num Status
--- -------------------- ----- ------------------- -------- ---------- ------
1 Supervisor 2 100BaseTX Supervisor WS-X5509 001040409 ok
2 Supervisor 2 100BaseTX Supervisor WS-X5509 001040410 standby
5 Management 12 100BaseFX Ethernet WS-X5111 000023012 ok
8 Marketing 24 10BaseT Ethernet WS-X5010 012304930 ok
12 ATM BackBone 1 MM OC-3 ATM WS-X5155 000459238 ok
Mod MAC-Address(es) Hw Fw Sw
--- ---------------------------------------- ------ ------ -------------
1 00-40-0b-90-00-24 thru 00-40-0b-90-04-23 1.3 1.4 3.1(1)
2 00-40-0b-90-00-24 thru 00-40-0b-90-04-23 1.3 1.4 3.1(1)
5 00-40-0b-92-9e-04 thru 00-40-0b-92-9e-0f 1.1 1.1 3.1(1)
8 00-40-0b-92-9e-fc thru 00-40-0b-92-9f-13 1.0 1.1 3.1(1)
13 00-40-0b-05-01-48 1.7 2.1 3.2(3)
Console>
This example shows the display for the second supervisor engine module when you enter the show port command. The ports on the standby supervisor engine indicate a status of connect.
Console> show port Port Name Status Vlan Level Duplex Speed Type ---- -------------------- -------- ---------- ------ ------ ----- ------------ 1/1 Management Port connect 1000 high full 100 100 BASE-TX 1/2 InterSwitchLink connect trunk high full 100 100 BASE-TX 2/1 Management Port connect 1000 high full 100 100 BASE-TX 2/2 InterSwitchLink connect 1000 high full 100 100 BASE-TX ...
This example shows the display for the standby supervisor engine module when you enter the show test mod_num command. You can see the diagnostic test results for both the standby and active supervisor engine modules.
Console> (enable) show test 2
Network Management Processor (NMP) Status: (. = Pass, F = Fail, U = Unknown)
ROM: . RAM: . DUART: . Flash-EEPROM: . Ser-EEPROM: . NVRAM: .
FAN: . Temperature: .
PS (3.3V) . PS (12V): . PS (24V): .
8051 Diag Status for Module 2(. = Pass, F = Fail, N = N/A)
CPU : . Ext Ram 0: . Ext Ram 1: . Ext Ram 2: N
DPRAM : . LTL Ram 0: . LTL Ram 1: N LTL Ram 2: N
BootChecksum: . CBL Ram 0: . CBL Ram 1: N CBL Ram 2: N
Saints : . Pkt Bufs : . Repeaters: N Sprom : .
SAINT Status :
Ports 1 2 3
--------------
. . .
Packet Buffer Status :
Ports 1 2 3
--------------
. . .
System Diagnostic Status : (. = Pass, F = Fail, N = N/A)
Module 2: MCP
EARL Status :
NewLearnTest: .
IndexLearnTest: .
DontForwardTest: .
MonitorTest .
DontLearn: .
FlushPacket: .
ConditionalLearn: .
EarlLearnDiscard: .
PMD Loopback Status :
Ports 1 2 3
--------------
. . .
Console> (enable)
You can switch over to the standby supervisor engine module by entering the reset mod_num command, where mod_num is the number of the active supervisor engine. After entering the reset mod_num command, you see this display:
Console> (enable)reset 1This command will force a switch-over to the standby supervisor module and disconnect your telnet session. Do you want to continue (y/n) [n]?yConnection closed by foreign host. host%
You can also switch to the standby supervisor engine module by setting the CISCO-STACK-MIB moduleAction variable to reset(2) on the active supervisor engine module.When the switchover occurs, the system sends a standard SNMP warm-start trap to the configured trap receivers.
At power-up, both supervisor engine modules run through initial module-level diagnostics. Assuming both modules pass this level of diagnostics, the two modules communicate over the backplane, allowing them to cooperate during switching-bus diagnostics. The supervisor in slot 1 becomes active, and the supervisor in slot 2 enters standby mode. At this point, if the software versions of the two supervisors are different, or if the NVRAM configuration of the two supervisors is different, the active supervisor engine downloads its software image automatically to the standby supervisor engine.
If the background diagnostics on the active supervisor engine detect a major problem or an exception occurs, the active supervisor engine resets. The standby supervisor engine detects that the active supervisor engine is no longer running and becomes active. The standby supervisor engine can detect if the active supervisor engine is not functioning and can force a reset, if necessary. Once the reset supervisor engine comes up, it behaves as if a hot swap occurred, and then enters the standby mode.
In the case of a just-inserted supervisor engine module, the newly inserted module communicates with the active supervisor engine after completing its initial module-level diagnostics. Because the active supervisor engine is already switching traffic on the backplane, no switching-bus diagnostics are run for the just-inserted supervisor engine. Running diagnostics would disrupt normal traffic. The just-inserted supervisor engine goes immediately into standby mode. At this point, the active supervisor engine downloads software and configuration information to the standby supervisor engine, if necessary.
The switchover time does not include spanning-tree convergence time.
The Supervisor Engine III requires additional configuration that is not needed by the other supervisor engine modules. This section describes how to manage the Supervisor Engine III.
| Caution
| Some Catalyst 5000 supervisor engine software releases update the Supervisor Engine III erasable programmable logic devices (EPLDs). The EPLDs can be updated only a finite number of times. As a result, you should avoid loading a new software release and then backing out unnecessarily. Catalyst 5000 series release notes indicate which software releases have code that updates the EPLDs. |
The Supervisor Engine III Flash memory contains a file system. You can use a variety of commands to manage the file system (such as cd, pwd, dir, delete, and copy). The file system includes the following devices:
For information on updating the software on a Supervisor Engine III, see the appendix "Downloading Files."
Enter the following commands to configure the files in the Flash file system:
For a complete list of Flash system commands, refer to the Catalyst 5000 Series Command Reference publication.
The Supervisor Engine III boot process involves two images: ROM monitor (a new image for Catalyst 5000 series supervisor engines) and Network Management Processor (NMP) code. The ROM monitor is the first software to run when the switch is powered up or reset. The NVRAM configuration specifies whether the Supervisor Engine III stays in ROM monitor mode or loads NMP code.
The configuration register boot field determines whether the switch loads an operating system image, and if so, where the switch obtains this system image. In addition to the configuration register, a boot environment variable is also used to specify the location and filename of images to boot. The BOOT environment variable specifies a list of bootable images on various devices. The set boot system flash command sets the BOOT environment variable.
You can modify the configuration register boot field to tell the switch if and how to load a system image upon startup. Instead of using the default system image to start up, you can specify a particular system image for the switch to use for startup.
The lowest four bits of the 16-bit configuration register (bits 3, 2, 1, and 0) form the boot field. Configuration register settings are as follows (the default value is 0x10F):
Other bits in the configuration register are as follows:
The ROM monitor executes upon platform power-up, reset, or when a fatal exception occurs. The following functionality is built into the ROM monitor:
The system enters ROM monitor mode if the switch does not find a valid system image, if the NVRAM configuration is corrupted, or if the configuration register is set to enter ROM monitor mode. From the ROM monitor mode, you can manually load a system image from Flash memory, from a network server file, or from bootflash.
You can also enter ROM monitor mode by restarting the switch and then pressing the Break key during the first 60 seconds of startup.
For connection through a terminal server, you can escape to the Telnet prompt and enter the send break command to enter ROM monitor mode.
For a complete list of ROM monitor commands, refer to the Catalyst 5000 Series Command Reference publication.
Software release 4.1 provides several commands you can use to configure the boot parameters for the Supervisor Engine III module. These commands allow you to specify the image file(s) from which the system boots and the configuration register value.
The BOOT environment variable specifies a list of image files from which the switch boots at startup.
To rearrange the booting order, you must clear the entire BOOT environment variable first, and then redefine the list.
The configuration register is a 16-bit value that specifies how the Supervisor Engine III module boots the next time the switch is restarted. Enter the following commands to set the configuration register value:
| Caution
| Enabling the ignore-config parameter is the same as entering the clear config all command; that is, it clears the entire configuration stored in NVRAM the next time the switch is restarted. |
This section provides procedures for managing the Supervisor Engine III module.
To set the BOOT environment variable, enter this command in privileged mode:
| Task | Command |
|---|---|
| Set the BOOT environment variable. | set boot system flash device:[filename] [prepend] [mod_num] |
After entering these commands, you see this display:
Console> (enable) set boot system flash slot0:cat5k_r47_1.cbi BOOT variable = slot0:cat5k_r47_1.cbi; Console> (enable)
This command appends the filename as cat5k_r47_2.cbi on device slot0 to the BOOT environment variable:
Console> (enable) set boot system flash slot0:cat5k_r47_2.cbi BOOT variable = slot0:cat5k_r47_1.cbi;slot0:cat5k_r47_2.cbi; Console> (enable)
This command prepends bootflash:c to the beginning of the boot string:
Console> (enable) set boot system flash bootflash:c prepend Console> (enable)
To display the contents of the BOOT environment settings, enter this command:
| Task | Command |
|---|---|
| Display the contents of the BOOT environment variable. | show boot [mod_num] |
After entering these commands, you see this display:
Console> show boot BOOT variable = slot0:cat5k_r47_1.cbi;slot0:cat5k_r47_2.cbi; Configuration register is 0x10f ignore-config: disabled console baud: 9600 boot: image specified by the boot system commands Console>
To set the default Flash device for the system, complete these steps:
| Task | Command |
|---|---|
| Step 1 Identify the supported Flash devices on the system. Visually check the switch to be sure these devices are present. | show flash devices |
| Step 2 Set the default Flash device for the system. | cd [[m/][bootflash: | slot0: | slot1:]] |
| Step 3 Verify the default Flash device for the system. | pwd [mod_num] |
After entering these commands, you see this display:
Console> show flash -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .. 2 43B312DF 100fc0 15 1052608 Nov 27 1996 10:23:30 cat5k_r47_1.cbi 7336000 bytes available (1052608 bytes used) Console> cd bootflash: Default flash device set to bootflash. Console> pwd bootflash Console>
To copy files on a Flash device, enter these commands in privileged mode:
| Task | Command |
|---|---|
| Copy a Flash file to a TFTP server, Flash memory, another Flash device, or to the running configuration. | copy file-id {tftp | flash | file-id | config} |
| Copy a file from a TFTP server to Flash memory, to a Flash device, or to the running configuration. | copy tftp {flash | file-id | config} |
| Copy a file from Flash memory to a TFTP server, to a Flash device, or to the running configuration. | copy flash {tftp | file-id | config} |
| Copy the configuration to Flash memory, another Flash device, or a file on a TFTP server. | copy config {flash | file-id | tftp} |
The file-id argument has the format of [[m/]device:] [filename].
These examples of the copy command include the show flash command, which you can use to display the contents of the Flash device after each copy command is entered:
Console> (enable) copy cat5k_r47_1.cbi slot1: 7995264 bytes available on device 1/slot1, proceed (y/n) [n]?y ......... ......... ......... ........ ......... File has been copied successfully. Console> (enable) show flash slot1: -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .. 2 43B312DF 201ed8 15 1052608 Apr 06 1998 11:12:30 cat5k_r47_1.cbi 6942656 bytes available (1052736 bytes used) Console> (enable) copy cat5k_r47_1.cbi slot1: 6942528 bytes available on device 1/slot1, proceed (y/n) [n]?y ......... ......... ......... ........ ......... File has been copied successfully. Console> (enable) show flash slot1: -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .D 2 43B312DF 201ed8 15 1052608 Apr 06 1998 11:12:30 cat5k_r47_1.cbi 1 .. 2 43B312DF 201ed8 15 1052608 Apr 06 1998 11:18:25 cat5k_r47_1.cbi 5889920 bytes available (2105472 bytes used) Console> (enable)
These examples show the copy commands used to upload a configuration:
Console> (enable) copy config slot0:cat.cfg Upload configuration to slot0:cat.cfg 649324 bytes available on device slot0, proceed (y/n) [n]? y ......... ......... ......... ........ ......... . / Configuration has been copied successfully. (10200 bytes) Console> (enable) copy config tftp:lab2.cfg IP address or name of remote host [172.20.22.7]? y Upload configuration to tftp:lab2.cfg (y/n) [n]? y ......... ......... ......... . / Configuration has been copied successfully. (10299 bytes). Console> (enable) copy config flash Flash device [bootflash]? slot1: Name of file to copy to [test_image]? cat.cfg Upload configuration to slot1:cat.cfg 749124 bytes available on device slot1, proceed (y/n) [n]? y ......... ......... ......... ........ . / Configuration has been copied successfully. (200345 bytes).
These examples show the copy commands used to download a configuration:
Console> (enable) copy slot0:cat.cfg config Configure using slot0:cat.cfg (y/n) [n]? y / Finished download. (10900 bytes) >> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set prompt Console> >> set length 24 default Screen length set to 24. >> set logout 20 .......... Console> (enable) copy tftp config IP address or name of remote host? 172.20.22.7 Name of configuration file? cat.cfg Configure using cat.cfg from 172.20.22.7 (y/n) [n]? y / Finished network download. (10900 bytes) >> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set prompt Console> >> set length 24 default Screen length set to 24. >> set logout 20 ........... Console> (enable) copy flash config Flash device [bootflash]? Name of configuration file? test.cfg Configure using bootflash:test.cfg (y/n) [n]? y / Finished download. (10900 bytes) >> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set prompt Console> >> set length 24 default Screen length set to 24. >> set logout 20 .....
To delete or restore files on a Flash device, enter these commands in privileged mode:
| Task | Command |
|---|---|
| Delete a file on a Flash device. | delete [[m/]device:]filename |
| Undelete a file on a Flash device. | undelete index [[m/]device:] |
| Permanently remove deleted files on a Flash device. | squeeze [m/]device: |
After entering these commands, you see this display:
Console> (enable) delete slot1:some-other-image slot1:some-other-image has been deleted. Console> (enable) undelete 1 slot1 slot1:some-other-image has been recovered. Console> (enable) squeeze slot0: All deleted files will be removed, proceed (y/n) [n]?y Squeeze operation may take a while, proceed (y/n) [n]?y Erasing squeeze log Console> (enable)
To display information on Flash memory and the Flash files, enter these commands in privileged mode:
| Task | Command |
|---|---|
| Verify the checksum of a file on a Flash device. | verify [[m/]device:] filename |
| Display a list of files on a Flash device. | dir [[m/]device:][filename] [all | deleted | long] |
| Display information about the Flash memory. | show flash [[m/]device:] [all | chips | filesys] |
After entering these commands, you see this display:
Console> (enable) verify cat5k_r47_1.cbi ........................................... File cat5k_r47_1.cbi verified OK. Console> (enable) quit Console> dir -#- -length- -----date/time------ name 2 1052608 Apr 06 1998 15:43:50 cat5k_r47_1.cbi Console> show flash -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .D 2 2D6B310A 100fc0 15 1052123 Nov 26 1996 15:43:50 cat5k_r47_1.cbi 2 .. 2 43B312DF 201ed8 15 1052608 Nov 27 1996 10:23:30 cat5k_r47_1.cbi 6283877 bytes available (2104731 bytes used) Console>
To format a Flash memory device, enter this command in privileged mode:
| Task | Command |
|---|---|
| Format a Flash memory device. | format [spare spare-number] [m/]device1: [[device2:] [monlib-filename]] |
After entering this command, you see this display:
Console> (enable) format slot1: All sectors will be erased, proceed (y/n) [n]?y Enter volume id (up to 31 characters): Formatting sector 1 Format device slot1 completed. Console> (enable)
To set the configuration register, enter this command in privileged mode:
| Task | Command |
|---|---|
| Set the configuration register. | set boot config-register 0xvalue [mod_num] |
This command sets the configuration register value to 0x10f (the default):
Console> (enable) set boot config-register 0x10f Configuration register is 0x10f ignore-config: disabled console baud: 9600 boot: image specified by the boot system commands
To change the ROM monitor baud rate in the configuration register, enter this command in privileged mode:
| Task | Command |
|---|---|
| Change the ROM monitor baud rate in the configuration register. | set boot config-register baud {1200 | 2400 | 4800 | 9600} [mod_num] |
This command changes the ROM monitor baud rate in the configuration register to 4800:
Console> (enable) set boot config-register baud 4800 Configuration register is 0x90f ignore-config: disabled console baud: 4800 boot: image specified by the boot system commands
To enable the ignore-config option in the configuration register, enter this command in privileged mode:
| Task | Command |
|---|---|
| Enable the ignore-config option in the configuration register. | set boot config-register ignore-config enable |
After entering this command, you see this display:
Console> (enable) set boot config-register ignore-config enable Configuration register is 0x94f ignore-config: enabled console baud: 4800 boot: image specified by the boot system commands Console> (enable)
To specify the boot image to use on the next restart in the configuration register, enter this command in privileged mode:
| Task | Command |
|---|---|
| Specify the boot image to use on the next restart in the configuration register. | set boot config-register boot {rommon | bootflash | system} [mod_num] |
This command specifies rommon as the boot image to use on the next restart:
Console> (enable) set boot config-register boot rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable)
A Supervisor Engine III that has a NetFlow Feature Card (NFFC) can support protocol filtering within a port VLAN.
With protocol filtering enabled, ports are grouped on a protocol basis. The NFFC classifies packets into the following four protocol groups:
A port can be a member of one or more of the first three groups.
Use the procedures in this section to globally enable or disable protocol filtering, and to enable and disable protocol membership of ports.
Step 1 Enter the set protocolfilter command to globally enable or disable protocol filtering. The default value is enable.
This command fails on non-NFFC-based hardware:
Step 2 Enter the set port protocol command to enable or disable protocol membership of ports:
This command fails on non-NFFC-based hardware:
Enter the show port protocol command to display protocol membership of ports:
Console> (enable) show port protocol 1/1-2 Port Vlan IP IP Hosts IPX IPX Hosts Group Group Hosts ----- ---------- ------ ---------- --------- ------------ -------- ---------------- 1/1 1 on 10 auto-on 4 auto-off 0 1/2 trunking on - on - on -
This command fails on non-NFFC-based hardware:
Console> (enable) show port protocol 1/1 Protocol filtering not supported on this hardware.
Protocol filtering is supported only on Ethernet VLANs, and on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports. Trunking ports are always members of all the protocol groups. Protocol filtering is disabled by default on all Ethernet VLANs. In addition to configuring a VLAN to the port, you can configure the port to be a member of one or more of the protocol groups. Filtering is not done on trunk ports; therefore, there are no interoperability issues with switches without the NFFC card. Layer 2 protocols, such as Spanning-Tree Protocol and Cisco Discovery Protocol, are not affected by protocol filtering.
If the NFFC is installed, the supervisor engine software supports autolearning. With autolearning, ports become members of the protocol flood domain only after receiving packets of the corresponding protocol. For example, if a host supports both IP and IPX and the host is talking only IP, the port to which this host is connected is configured as auto for IPX. This port does not receive any IPX flood traffic. When the host actually sends an IPX packet, it is detected by the supervisor, and the port is added to the IPX group, which allows the port to start receiving the IPX flood traffic.
Dynamic ports and ports that have port security enabled are members of all protocol groups.
You can configure a port with the following options: on, off, and auto for a particular protocol. If the configuration is set to on, it receives all the flood traffic for that protocol; if it is set to off, it does not receive any flood traffic for that protocol; and if the port configuration is set to auto, it is added to the group only after receiving packets of the specific protocol. Initially, the port does not receive any flood packets for that protocol. When the corresponding protocol packets are received on that port, the supervisor module detects this and adds the port to the protocol group.
By default, ports are configured to on for the IP protocol groups. You can configure the ports to auto for IP if only clients are connected to the ports. The default port configuration for IPX and Group is auto. Autoconfigured ports are removed from the protocol group if no packets are received for that protocol within 60 minutes. Ports are also removed from the protocol group when the supervisor detects a link down.
An NFFC provides broadcast and unicast flood traffic filtering based on the port's membership to different protocol groups in addition to the port VLAN. The NFFC does not process Token Ring packets.
The Catalyst 5000 series supervisor engine boot image is stored differently in Supervisor Engine III modules. Supervisor Engine II modules use 8-MB onboard Flash memory to store a single boot image, and only one boot image can be stored at a time. However, the Supervisor Engine III module has two PCMCIA slots in addition to the onboard boot Flash memory; these slots can hold PCMCIA memory cards that can store additional boot images.
The Supervisor Engine III module uses two Flash images: boot image and runtime image. Should either the runtime or boot image on the active supervisor change after the system boots, the synchronization feature ensures that the runtime and boot images on the standby supervisor are updated to match the images on the active supervisor. The boot image filename is specified in the BOOT environment variable, which is stored in NVRAM. The runtime image is the boot image that the ROM monitor uses to boot the Supervisor Engine III module. After the system boots, the runtime image resides in dynamic RAM (DRAM).
Since the Supervisor Engine III module can have multiple boot devices, it needs to know the name of the boot file image and its location in the Flash device in order to boot and synchronize properly.
The Supervisor Engine III module does not have memory dedicated to storing the boot image; rather, a file system is implemented in the Flash memory devices and the boot image is read directly into the file system. The valid Flash devices are as follows:
The Flash file system devices allow you to perform operations on the files stored in the Flash memory (such as copy, delete, undelete, and so on), and to store the boot image of the active supervisor engine in the standby supervisor engine boot Flash.
For information on Flash memory commands, see the "Using the Features Specific to the Supervisor Engine III" section and the Catalyst 5000 Series Command Reference publication.
When a Catalyst 5505 or Catalyst 5500 switch with redundant Supervisor Engine III modules is powered up or reset, the runtime image and the boot image are the same on both supervisor engines. Synchronization ensures that the runtime and boot images on the standby supervisor engine are the same as the images on the active supervisor engine.
The Supervisor Engine III module can have different runtime and boot images. If the boot image and the runtime image are the same, and you change the BOOT environment variable or overwrite or destroy the current boot image on the Flash device that was used to boot the system, the runtime and boot images will differ. Whenever you reconfigure the boot image, the active supervisor engine synchronizes its current boot image with the standby supervisor engine.
In the synchronization process, the active supervisor engine checks the standby supervisor engine runtime image to make sure it matches its own runtime image. The active supervisor engine checks three conditions:
The following section describes the conditions that can initiate Flash synchronization. See the "Synchronization Examples" section later in this chapter for examples of how the system synchronizes the Supervisor Engine III Flash images with various configurations.
The conditions that initiate the synchronization of the runtime and boot images on the active and standby Supervisor Engine III modules are as follows:
Certain conditions or events cause the synchronization of images between redundant Supervisor Engine III modules to fail or to produce unexpected results. Some of these conditions or events are as follows:
The following examples show what happens when the synchronization function encounters certain conditions. These examples are not intended to cover every possible condition.
This section contains four examples in which the active supervisor engine runtime image is synchronized with the standby supervisor engine.
The configuration for example 1 is as follows:
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1
|
| Bootflash: | f1
|
The configuration for example 2 is as follows:
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1
|
| Bootflash: | f1
|
|
Runtime image: | bootflash:f2
|
| Boot string: | bootflash:f2,1
|
| Bootflash: | f2
|
The configuration for example 3 is as follows:
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1
|
| Bootflash: | f1
|
|
Runtime image: | bootflash:f2
|
| Boot string: | bootflash:f2,1
|
| Bootflash: | f1,f2
|
The configuration for example 4 is as follows:
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1
|
| Bootflash: | f1
|
|
Runtime image: | bootflash:f2
|
| Boot string: | bootflash:f2,1;
|
| Bootflash: | f2, f3, f4 (less than 1 MB left on device)
|
This section contains four examples in which the bootstrings on the active and standby Supervisor Engine III modules are synchronized.
The configuration for this example is as follows:
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1;
|
| Bootflash: | f1
|
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1;
|
| Bootflash: | f1
|
The configuration for this example is as follows:
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1;
|
| Bootflash: | f1,f2
|
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1;
|
| Bootflash: | f1
|
The configuration for this example is as follows:
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1;
|
| Bootflash: | f1,f2
|
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1;
|
| Bootflash: | f1,f2
|
The configuration for this example is as follows:
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1;
|
| Bootflash: | f1,f2
|
|
Runtime image: | bootflash:f1
|
| Boot string: | bootflash:f1,1;
|
| Bootflash: | f0,f1,f3 (less than 1 MB left on device)
|
|
|