|
|
This chapter describes how to administer and manage your Catalyst 5000 series switch.
This chapter consists of these sections:
You can access the Catalyst 5000 series switch command-line interface (CLI) using Telnet. In addition, you can use Telnet from the switch to access other devices in the network. Up to eight simultaneous Telnet sessions are possible.
To Telnet to another device on the network from the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Open a Telnet session with a remote host. | telnet host [port] |
This example shows how to Telnet from the switch to a remote host:
Console> (enable) telnet labsparc
Trying 172.16.10.3... Connected to labsparc. Escape character is '^]'. UNIX(r) System V Release 4.0 (labsparc) login:
These sections describe how to use IP ping on the Catalyst 5000 series switches:
The Catalyst 5000 series switch supports IP ping, which you can use to test connectivity to remote hosts. If you attempt to ping a host in a different IP subnetwork, you must define a static route to the network or have a router configured to route between those subnets.
To stop a ping in progress, press Ctrl-C.
Ping will return one of the following responses:
To ping another device on the network from the switch, perform one of these tasks in privileged mode:
| Task | Command |
|---|---|
| ping host |
| ping -s host [packet_size] [packet_count] |
This example shows how to ping a remote host:
Console> (enable) ping labsparc
labsparc is alive Console> (enable) ping 172.16.10.3
172.16.10.3 is alive Console> (enable)
This example shows how to ping a remote host using the ping options:
Console> (enable) ping -s 172.16.10.3 1000 8
PING 172.20.52.3: 1000 data bytes 1008 bytes from 172.16.10.3: icmp_seq=0. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=1. time=5 ms 1008 bytes from 172.16.10.3: icmp_seq=2. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=3. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=4. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=5. time=5 ms 1008 bytes from 172.16.10.3: icmp_seq=6. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=7. time=5 ms ----172.16.10.3 PING Statistics---- 8 packets transmitted, 8 packets received, 0% packet loss round-trip (ms) min/avg/max = 5/5/6 Console> (enable)
The following sections describe how to use IP traceroute on the Catalyst 5000 series switches:
You can use IP traceroute to identify the path that packets take through the network on a hop-by-hop basis. The command output displays all network layer (Layer 3) devices, such as routers, that the traffic passes through on the way to the destination.
Catalyst 5000 series switches can participate as the source or destination of the traceroute command but will not appear as a hop in the traceroute command output.
The traceroute command uses the Time To Live (TTL) field in the IP header to cause routers and servers to generate specific return messages. Traceroute starts by sending a User Datagram Protocol (UDP) datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an Internet Control Message Protocol (ICMP) time-exceeded message to the sender. The traceroute facility determines the address of the first hop by examining the source address field of the ICMP time-exceeded message.
To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the time-exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host (or until the maximum TTL is reached).
To determine when a datagram reaches its destination, traceroute sets the UDP destination port in the datagram to a very large value which the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP port unreachable error to the source. This message indicates to the traceroute facility that it has reached the destination.
To trace the path packets take through the network, perform this task in privileged mode:
| Task | Command |
|---|---|
Execute IP traceroute to trace the path packets take through the network. | traceroute [-n] [-w wait_time] [-i initial_ttl] [-m max_ttl] [-p dest_port] [-q nqueries] [-t tos] host [data_size] |
This example shows the basic usage of the traceroute command:
Console> (enable) traceroute 10.1.1.100
traceroute to 10.1.1.100 (10.1.1.100), 30 hops max, 40 byte packets 1 10.1.1.1 (10.1.1.1) 1 ms 2 ms 1 ms 2 10.1.1.100 (10.1.1.100) 2 ms 2 ms 2 ms Console> (enable)
This example shows how to perform a traceroute with six queries to each hop with packets of 1400 bytes each:
Console> (enable) traceroute -q 6 10.1.1.100 1400
traceroute to 10.1.1.100 (10.1.1.100), 30 hops max, 1440 byte packets 1 10.1.1.1 (10.1.1.1) 2 ms 2 ms 2 ms 1 ms 2 ms 2 ms 2 10.1.1.100 (10.1.1.100) 2 ms 4 ms 3 ms 3 ms 3 ms 3 ms Console> (enable)
You can display the capabilities of any port on any module in a Catalyst 5000 series switch.
This example shows you how to display the port capabilities for a port:
Console> (enable) show port capabilities 4/1
Model WS-X5014 Port 4/1 Type 10BaseT Speed 10 Duplex half,full Trunk encap type no Trunk mode off Channel no Broadcast suppression percentage(0-100) Flow control no Security yes Membership static,dynamic Fast start yes Console> (enable)
These sections describe how to use the Domain Name System (DNS) on the Catalyst 5000 series switches:
DNS is a distributed database with which you can map host names to IP addresses through the DNS protocol from a DNS server. When you configure DNS on the Catalyst 5000 series switch, you can substitute the host name for the IP address with all IP commands, such as ping, telnet, upload, and download.
To use DNS, you must have a DNS name server present on your network.
You can specify a primary DNS name server on the switch as well as two backup servers. The first server specified is the primary unless you explicitly identify the primary server. The switch sends DNS queries to the primary server first. If the query to the primary server fails, the backup servers are queried.
Table 18-1 shows the default DNS configuration.
| Feature | Default Value |
|---|---|
DNS enable state | Disabled |
DNS default domain name | Null |
DNS servers | None specified |
The following sections describe how to configure DNS on the Catalyst 5000 series switch:
To set up and enable DNS on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Specify the IP address of one or more DNS servers. | set ip dns server ip_addr [primary] |
Step 2 Set the domain name. | set ip dns domain name |
Step 3 Enable DNS. | set ip dns enable |
Step 4 Verify the DNS configuration. | show ip dns [noalias] |
This example shows how to set up and enable DNS on the switch and verify the configuration:
Console> (enable) set ip dns server 10.2.2.1
10.2.2.1 added to DNS server table as primary server. Console> (enable) set ip dns server 10.2.24.54 primary
10.2.24.54 added to DNS server table as primary server. Console> (enable) set ip dns server 10.12.12.24
10.12.12.24 added to DNS server table as backup server. Console> (enable) set ip dns domain corp.com
Default DNS domain name set to corp.com Console> (enable) set ip dns enable
DNS is enabled Console> (enable) show ip dns
DNS is currently enabled. The default DNS domain name is: corp.com DNS name server status ---------------------------------------- ------- dns_serv2 dns_serv1 primary dns_serv3 Console> (enable)
To clear DNS servers from the DNS server table, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Remove one or all of the DNS servers from the table. | clear ip dns server [ip_addr | all] |
Step 2 Verify the DNS configuration. | show ip dns [noalias] |
This example shows how to clear a DNS server from the DNS server table:
Console> (enable) clear ip dns server 10.12.12.24
10.12.12.24 cleared from DNS table Console> (enable)
This example shows how to clear all of the DNS servers from the DNS server table:
Console> (enable) clear ip dns server all
All DNS servers cleared Console> (enable)
To clear the default DNS domain name, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Clear the default DNS domain name. | clear ip dns domain |
Step 2 Verify the DNS configuration. | show ip dns [noalias] |
This example shows how to clear the default DNS domain name:
Console> (enable) clear ip dns domain
Default DNS domain name cleared. Console> (enable)
To disable DNS, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable DNS on the switch. | set ip dns disable |
Step 2 Verify the DNS configuration. | show ip dns [noalias] |
This example shows how to disable DNS on the switch:
Console> (enable) set ip dns disable
DNS is disabled Console> (enable)
The system name on the Catalyst 5000 series switches is a user-configurable string used to identify the device. The default configuration has no system name configured.
If you do not manually configure a system name, the system name is obtained through DNS if you configure the switch as follows:
If the DNS lookup is successful, the DNS hostname of the switch is configured as the system name of the switch and is saved in NVRAM (the domain name is removed).
If you have not configured a system prompt, the first 20 characters of the system name are used as the system prompt (a greater-than symbol [>] is appended). The prompt is updated whenever the system name changes, unless the prompt is manually configured using the set prompt command.
The switch performs a DNS lookup for the system name whenever one of the following occurs:
If the system name is user configured, no DNS lookup is performed.
These sections describe how to statically configure the system name and prompt:
To statically configure the system name, perform this task in privileged mode:
| Task | Command |
|---|---|
Statically set the system name. | set system name name_string |
This example shows how to set the system name on the switch:
Console> (enable) set system name Catalyst 5000
System name set. Catalyst 5000> (enable)
To statically configure the system prompt, perform this task in privileged mode:
| Task | Command |
|---|---|
Statically set the system prompt. | set prompt prompt_string |
This example shows how to statically configure the system prompt on the switch:
Console> (enable) set prompt Catalyst5500>
Catalyst5500> (enable)
To clear the system name, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear the system name. | set system name |
This example shows how to clear the system name:
Console> (enable) set system name
System name cleared. Console> (enable)
You can specify the system contact and location to help you with resource management tasks.
To specify the system contact and location, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the system contact. | set system contact [contact_string] |
Step 2 Set the system location. | set system location [location_string] |
Step 3 Verify the global system information. | show system |
This example shows how to specify the system contact and location and verify the configuration (shown by the arrow):
Catalyst 5000> (enable) set system contact sysadmin@corp.com
System contact set. Catalyst 5000> (enable) set system location Sunnyvale CA
System location set. Catalyst 5000> (enable) show system
PS1-Status PS2-Status Fan-Status Temp-Alarm Sys-Status Uptime d,h:m:s Logout ---------- ---------- ---------- ---------- ---------- -------------- --------- ok none ok off ok 0,04:04:07 20 min PS1-Type PS2-Type Modem Baud Traffic Peak Peak-Time ---------- ---------- ------- ----- ------- ---- ------------------------- other none disable 9600 0% 0% Tue Jun 23 1998, 16:51:36 System Name System Location System Contact ------------------------ ------------------------ ------------------------Catalyst 5000 Sunnyvale CA sysadmin@corp.com Catalyst 5000> (enable)
You can create a single or multiline message banner that appears on the screen when someone logs in to the switch. The first character following the motd keyword is used to delimit the beginning and end of the banner text. Characters following the ending delimiter are discarded. After entering the ending delimiter, press Return. The banner must be fewer than 255 characters.
To configure a login banner, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enter the message of the day. | set banner motd c message_of_the_day c |
Step 2 Display the login banner by logging out and logging back into the switch. |
|
This example shows how to set the login banner on the switch using the # symbol as the beginning and ending delimiter:
Console> (enable) set banner motd #
Welcome to the Catalyst 5000 Switch!
Unauthorized access prohibited.
Contact sysadmin@corp.com for access.
#
MOTD banner set Console> (enable)
To clear the login banner, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear the message of the day. | set banner motd cc |
This example shows how to clear the login banner:
Console> (enable) set banner motd ##
MOTD banner cleared Console> (enable)
To set the system clock, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the system clock. | set time [day_of_week] [mm/dd/yy] [hh:mm:ss] |
Step 2 Display the current date and time. | show time |
This example shows how to set the system clock and display the current date and time:
Console> (enable) set time Mon 06/15/98 12:30:00
Mon Jun 15 1998, 12:30:00 Console> (enable) show time
Mon Jun 15 1998, 12:30:02 Console> (enable)
These sections describe how to use the Network Time Protocol (NTP) on the Catalyst 5000 series switches:
NTP synchronizes timekeeping among a set of distributed time servers and clients. This synchronization allows events to be correlated when system logs are created and other time-specific events occur.
An NTP server must be accessible by the Catalyst 5000 series client switch. NTP runs over UDP, which in turn runs over IP. NTP is documented in RFC 1305. All NTP communication uses Coordinated Universal Time (UTC), which is the same as Greenwich Mean Time. An NTP network usually gets its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server. NTP distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of one another.
NTP uses a stratum to describe how many NTP hops away a machine is from an authoritative time source. A stratum 1 time server has a radio or atomic clock directly attached, a stratum 2 time server receives its time via NTP from a Stratum 1 time server, and so on. A machine running NTP automatically chooses as its time source the machine with the lowest stratum number that it is configured to communicate with via NTP. This strategy effectively builds a self-organizing tree of NTP speakers.
NTP has two ways to avoid synchronizing to a machine whose time might be ambiguous: NTP never synchronizes to a machine that is not synchronized itself, and NTP compares the time reported by several machines and does not synchronize to a machine whose time is significantly different from the others, even if its stratum is lower.
The communications between machines running NTP, known as associations, are usually statically configured; each machine is given the IP address of all machines with which it should form associations. Accurate timekeeping is possible by exchanging NTP messages between each pair of machines with an association. However, in a LAN environment, you can configure NTP to use IP broadcast messages. With this alternative, you can configure the machine to send or receive broadcast messages, but the accuracy of timekeeping is marginally reduced because the information flow is one-way only.
Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that you derive the time service for your network from the public NTP servers available in the IP Internet. If the network is isolated from the Internet, Cisco's NTP implementation allows a machine to be configured so that it acts as though it is synchronized via NTP, when in fact it has determined the time using other means. Other machines then synchronize to that machine via NTP.
A number of manufacturers include NTP software for their host systems, and a publicly available version for systems running UNIX and its various derivatives is also available. This software allows host systems to be time-synchronized as well.
Table 18-2 shows the default NTP configuration.
| Feature | Default Value |
|---|---|
Broadcast client mode | Disabled |
Client mode | Disabled |
Broadcast delay | 3000 microseconds |
Time zone | Not specified |
Offset from UTC | 0 hours |
Summertime adjustment | Disabled |
NTP server | None specified |
These sections describe how to configure NTP on the Catalyst 5000 series switches:
Configure the switch in NTP broadcast-client mode if an NTP broadcast server, such as a router, regularly broadcasts time-of-day information on the network. To compensate for any server-to-client packet latency, you can specify an NTP broadcast delay (a time adjustment factor for the receiving of broadcast packets by the switch).
To enable NTP broadcast-client mode on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable NTP broadcast-client mode. | set ntp broadcastclient enable |
Step 2 (Optional) Set the estimated NTP broadcast packet delay. | set ntp broadcast delay microseconds |
Step 3 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to enable NTP broadcast-client mode on the switch, set a broadcast delay of 4000 microseconds, and verify the configuration:
Console> (enable) set ntp broadcastclient enable
NTP Broadcast Client mode enabled Console> (enable) set ntp broadcastdelay 4000
NTP Broadcast delay set to 4000 microseconds Console> (enable) show ntp
Current time: Tue Jun 23 1998, 20:25:43 Timezone: '', offset from UTC is 0 hours Summertime: '', disabled Last NTP update: Broadcast client mode: enabled Broadcast delay: 4000 microseconds Client mode: disabled NTP-Server ---------------------------------------- Console> (enable)
Configure the switch in NTP client mode if you want the client Catalyst 5000 series switch to regularly send time-of day requests to an NTP server. You can configure up to ten server addresses per client.
To configure the switch in NTP client mode, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Specify the IP address of the NTP server. | set ntp server ip_addr |
Step 2 Enable NTP client mode. | set ntp client enable |
Step 3 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to configure the NTP server address, enable NTP client mode on the switch, and verify the configuration:
Console> (enable) set ntp server 172.20.52.65
NTP server 172.20.52.65 added. Console> (enable) set ntp client enable
NTP Client mode enabled Console> (enable) show ntp
Current time: Tue Jun 23 1998, 20:29:25 Timezone: '', offset from UTC is 0 hours Summertime: '', disabled Last NTP update: Tue Jun 23 1998, 20:29:07 Broadcast client mode: disabled Broadcast delay: 3000 microseconds Client mode: enabled NTP-Server ---------------------------------------- 172.16.52.65 Console> (enable)
You can specify a time zone for the switch to display the time in that time zone. You must enable NTP before you set the time zone. If NTP is not enabled, this command has no effect. If you enable NTP and do not specify a time zone, UTC is shown by default.
To set the time zone, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the time zone. | set timezone zone hours [minutes] |
Step 2 Verify the time zone configuration. | show timezone |
This example shows how to set the time zone on the switch:
Console> (enable) set timezone Pacific -8
Timezone set to 'Pacific', offset from UTC is -8 hours Console> (enable)
You can have the switch advance the clock one hour on the first Sunday in April at 2:00 a.m. and move back the clock one hour on the last Sunday in October at 2:00 a.m.
To enable the daylight saving time clock adjustment, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable the daylight saving time clock adjustment. | set summertime enable [zone_name] |
Step 2 Verify the configuration. | show summertime |
This example shows how to have the clock adjusted for daylight saving time:
Console> (enable) set summertime enable Pacific
Summertime is enabled and set to 'Pacific' Console> (enable)
To disable the daylight saving time clock adjustment, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable the daylight saving time clock adjustment. | set summertime disable [zone_name] |
Step 2 Verify the configuration. | show summertime |
This example shows how to disable the daylight saving time adjustment:
Console> (enable) set summertime disable Arizona
Summertime is disabled and set to 'Arizona' Console> (enable)
To clear the time zone settings and return the time zone to UTC, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear the time zone settings. | clear timezone |
This example shows how to clear the time zone settings:
Console> (enable) clear timezone
Timezone name and offset cleared Console> (enable)
To remove an NTP server address from the NTP servers table on the switch, perform this task in privileged mode:
| Task | Commandx |
|---|---|
Step 1 Specify the NTP server to remove. | clear ntp server [ip_addr | all] |
Step 2 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to remove an NTP server address from the NTP server table:
Console> (enable) clear ntp server 172.16.64.10
NTP server 172.16.64.10 removed. Console> (enable)
To disable NTP broadcast-client mode on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
set ntp broadcastclient disable | |
Step 2 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to disable NTP client mode on the switch:
Console> (enable) set ntp broadcastclient disable
NTP Broadcast Client mode disabled Console> (enable)
To disable NTP client mode on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable NTP client mode. | set ntp client disable |
Step 2 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to disable NTP client mode on the switch:
Console> (enable) set ntp client disable
NTP Client mode disabled Console> (enable)
|
|