|
|
This chapter describes how to use the command-line interface (CLI) to configure Ethernet, Fast Ethernet, and Gigabit Ethernet switching on the Catalyst 5000 series switches. The configuration tasks in this chapter apply to Ethernet, Fast Ethernet, and Gigabit Ethernet switching modules, as well as to the Fast Ethernet and Gigabit Ethernet uplink ports on the supervisor engine.
This chapter consists of these sections:
The Catalyst 5000 series switch supports simultaneous, parallel conversations between Ethernet segments. Switched connections between Ethernet segments last only for the duration of the packet. New connections can be made between different segments for the next packet.
The Catalyst 5000 series switch solves congestion problems caused by high bandwidth devices and a large number of users by assigning each device (for example, a server) to its own 10- or 100-Mbps segment. Because each Ethernet port on the Catalyst 5000 series switch represents a separate Ethernet segment, servers in a properly configured switched environment achieve full access to the bandwidth.
Because the major bottleneck in Ethernet networks is usually due to collisions, an effective solution is full-duplex communication, an option for each port on the Catalyst 5000 series switch. Normally, Ethernet operates in half-duplex mode, which means that stations can either receive or transmit. In full-duplex mode, two stations can transmit and receive at the same time. When packets can flow in both directions simultaneously, effective Ethernet bandwidth doubles from 10 Mbps to 20 Mbps for 10BaseT ports and to 200 Mbps for Fast Ethernet ports.
Each Ethernet port on the Catalyst 5000 series switch can connect to a single workstation or server, or to a hub through which workstations or servers connect to the network.
Ports on a typical Ethernet hub all connect to a common backplane within the hub, and the bandwidth of the network is shared by all devices attached to the hub. If two stations establish a session that uses a significant level of bandwidth, the network performance of all other stations attached to the hub is degraded.
To reduce degradation, the Catalyst 5000 series switch treats each port as an individual segment. When stations on different ports need to communicate, the Catalyst 5000 series switch forwards frames from one port to the other at wire speed to ensure that each session receives the full 10-Mbps bandwidth.
To switch frames between ports efficiently, the Catalyst 5000 series switch maintains an address table. When a frame enters the Catalyst 5000 series switch, it associates the media-access control (MAC) address of the sending station with the port on which it was received.
The Catalyst 5000 series switch builds the address table by using the source address of the frames received. When the switch receives a frame for a destination address not yet listed in its address table, it floods the frame to all ports of the same virtual LAN (VLAN) except the port that received the frame. When the destination station replies, the switch adds its relevant source address and port ID to the address table. The Catalyst 5000 series switch then forwards subsequent frames to a single port without flooding to all ports.
The address table can store at least 16,000 address entries without flooding any entries. The Catalyst 5000 series switch uses an aging mechanism, defined by a configurable aging timer, so if an address remains inactive for a specified number of seconds, it is removed from the address table.
Table 4-1 shows the Ethernet, Fast Ethernet, and Gigabit Ethernet default configuration.
| Feature | Default Value |
|---|---|
Port enable state | All ports are enabled |
Port name | None |
Port priority | Normal |
Duplex mode |
|
Flow control (Gigabit Ethernet only) | Flow control set to off for receive (Rx) and desired for transmit (Tx) |
Spanning-Tree Protocol | Enabled for VLAN 1 |
Native VLAN | VLAN 1 |
Port VLAN cost |
|
Fast EtherChannel | Disabled on all Fast Ethernet ports |
These sections describe how to configure Ethernet, Fast Ethernet, and Gigabit Ethernet switching on the Catalyst 5000 series switches:
You can assign names to the ports on Ethernet, Fast Ethernet, and Gigabit Ethernet modules to facilitate switch administration.
To assign a name to a port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Assign a name to a port. | set port name mod_num/port_num [name_string] |
Step 2 Verify that the port name is configured. | show port [mod_num[/port_num]] |
This example shows how to set the name for ports 1/1 and 1/2 and how to verify that the port names are configured correctly:
Console> (enable) set port name 1/1 Router Connection
Port 1/1 name set. Console> (enable) set port name 1/2 Server Link
Port 1/2 name set. Console> (enable) show port 1
Port Name Status Vlan Level Duplex Speed Type ----- ------------------ ---------- ---------- ------ ------ ----- ------------ 1/1 Router Connection connected trunk normal half 100 100BaseTX 1/2 Server Link connected trunk normal half 100 100BaseTX <...output truncated...> Last-Time-Cleared -------------------------- Tue Jun 16 1998, 16:25:57 Console> (enable)
You can configure the priority level of each port. When ports request access to the switching bus simultaneously, the Catalyst 5000 series switch uses the port priority level to determine the order in which ports are given access.
To set the port priority level, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Configure the priority level for a port. | set port level mod_num/port_num {normal | high} |
Step 2 Verify that the port priority level is configured correctly. | show port [mod_num[/port_num]] |
This example shows how to set the port priority level to high for port 1/1 and verify that the port priority is configured correctly:
Console> (enable) set port level 1/1 high
Port 1/1 level set to high. Console> (enable) show port 1
Port Name Status Vlan Level Duplex Speed Type ----- ------------------ ---------- ---------- ------ ------ ----- ------------ 1/1 Router Connection connected trunk high half 100 100BaseTX 1/2 Server Link connected trunk normal half 100 100BaseTX <...output truncated...> Last-Time-Cleared -------------------------- Tue Jun 16 1998, 16:25:57 Console> (enable)
You can configure the port speed on 10/100-Mbps Fast Ethernet modules. Use the auto keyword to have the port autonegotiate speed and duplex mode with the neighboring port.
To set the port speed for a 10/100-Mbps port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the port speed of a 10/100-Mbps Fast Ethernet port. | set port speed mod num/port num {10 | 100 | auto} |
Step 2 Verify that the speed of the port is configured correctly. | show port [mod_num[/port_num]] |
This example shows how to set the port speed to 100 Mbps on port 2/2:
Console> (enable) set port speed 2/2 100
Port 2/2 speed set to 100 Mbps. Console> (enable)
This example shows how to make port 2/1 autonegotiate speed and duplex with the neighbor port:
Console> (enable) set port speed 2/1 auto
Port 2/1 speed set to auto-sensing mode. Console> (enable)
You can set the port duplex mode to full or half duplex for Ethernet and Fast Ethernet ports.
To set the duplex mode of a port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the duplex mode of a port. | set port duplex mod num/port num {full | half} |
Step 2 Verify that the duplex mode of the port is configured correctly. | show port [mod_num[/port_num]] |
This example shows how to set the duplex mode to half duplex on port 2/1:
Console> (enable) set port duplex 2/1 half
Port 2/1 set to half-duplex. Console> (enable)
Use the ping and traceroute commands to test connectivity out Ethernet, Fast Ethernet, or Gigabit Ethernet ports.
To check connectivity out a port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Ping a remote host that is located out the port you want to test. | ping [-s] host [packet_size] [packet_count] |
Step 2 Trace the hop-by-hop route of packets from the switch to a remote host located out the port you want to test. | traceroute host |
Step 3 If the host is unresponsive, check the IP address and default gateway configured on the switch. | show interface |
This example shows how to ping a remote host and how to trace the hop-by-hop path of packets through the network using traceroute:
Console> (enable) ping somehost
somehost is alive Console> (enable) traceroute somehost
traceroute to somehost.company.com (10.1.2.3), 30 hops max, 40 byte packets 1 engineering-1.company.com (173.31.192.206) 2 ms 1 ms 1 ms 2 engineering-2.company.com (173.31.196.204) 2 ms 3 ms 2 ms 3 gateway_a.company.com (173.16.1.201) 6 ms 3 ms 3 ms 4 somehost.company.com (10.1.2.3) 3 ms * 2 ms Console> (enable)
This section describes configuration information that is specific to the Catalyst 5000 series Gigabit Ethernet switching module (WS-X5403) and the Supervisor Engine III Gigabit uplink module (WS-U5534-GESX).
This section discusses the following topics:
Depending on the Catalyst 5000 series switch model, the supervisor engine model, and the slot placement of the Gigabit Ethernet module in the chassis, not all module ports may be active. Table 4-2 shows which ports on the three-port Gigabit Ethernet module (WS-X5403) are active when the module is installed in a Catalyst 5000 series switch.
| Switch | Gigabit Ethernet Switching Module Port Restrictions |
Catalyst 5002 | Port 1 active. Ports 2 and 3 are inactive. |
Catalyst 5000 | Port 1 active. Ports 2 and 3 are inactive. |
Catalyst 5505 | With Supervisor Engine III: With Supervisor Engine II: |
Catalyst 5509 | With Supervisor Engine III: With Supervisor Engine II: |
Catalyst 5500 | With Supervisor Engine III: With Supervisor Engine II: |
The Gigabit Ethernet switching module (WS-X5403) and the Gigabit uplink module (WS-U5534-GESX) use flow control to inhibit the transmission of packets to the module for a period of time. Typically, if the receive buffer becomes full, the module transmits a "pause" packet that tells remote devices to delay sending more packets for a specified period of time. In addition, the Gigabit Ethernet module can receive and act upon "pause" packets from other devices.
Use the set port flow control command to configure flow control on the Gigabit Ethernet module and uplinks. Table 4-3 lists the set port flowcontrol command keywords and describes their functions.
| Keywords | Function |
|---|---|
receive on | The port uses flow control dictated by the neighbor port. |
receive desired | The port uses flow control if the neighbor port uses it, and does not use flow control if the neighbor port does not use it. |
receive off | The port does not use flow control, regardless of whether flow control is requested by the neighbor port. |
send on | The port sends flow-control frames to the neighbor port. |
send desired | The port sends flow-control frames to the neighbor port if the neighbor port asks to use flow control. |
send off | The port does not send flow-control frames to the neighbor port. |
To configure flow control on a Gigabit Ethernet port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the flow-control parameters on a Gigabit Ethernet port. | set port flowcontrol {receive | send} mod_num/port_num {off | on | desired} |
Step 2 Verify the flow-control configuration. | show port flowcontrol |
This example shows how to turn transmit and receive flow control on and how to verify the flow-control configuration:
Console> (enable) set port flowcontrol send 3/1 on
Port 3/1 will send flowcontrol to far end. Console> (enable) set port flowcontrol receive 3/1 on
Port 3/1 will require far end to send flow control Console> (enable) show port flowcontrol
Port Send-Flowcontrol Receive-Flowcntl RxPause TxPause Admin Oper Admin Oper ----- ---------------- ---------------- ------- ------- 3/1 on disagree on disagree 0 0 3/2 off off off off 0 0 3/3 desired on desired off 10 10 Console> (enable)
These sections describe how to configure Fast EtherChannel on Catalyst 5000 series Fast Ethernet ports:
Fast EtherChannel provides parallel bandwidth of up to 800 Mbps (full duplex) between a Catalyst 5000 series switch and another switch or host by grouping multiple Fast Ethernet interfaces into a single logical transmission path.
Fast EtherChannel segments must be contiguous ports on a Fast EtherChannel-capable Fast Ethernet switching module. You can configure Fast Ethernet ports into Fast EtherChannel groups containing two or four segments, yielding 400- or 800-Mbps bidirectional bandwidth, respectively.
Inbound broadcast and multicast packets on one segment in a channel are blocked from returning on any other segment of the channel. Outbound broadcast and multicast packets are sent through only one channel segment.
If a segment within a channel fails, traffic previously carried over the failed link switches to the remaining segments within the channel. A trap is sent upon a failure identifying the switch, the channel, and the failed link.
Channels are configured using the standard CLI or Simple Network Management Protocol (SNMP).
The Port Aggregation Protocol (PAgP) facilitates the automatic creation of Fast EtherChannel links by exchanging packets between Fast EtherChannel-capable ports. The protocol learns the capabilities of port groups dynamically and informs the neighboring ports. Once PAgP identifies correctly paired Fast EtherChannel links, it groups the ports into a channel. The channel is then added to the spanning tree as a single bridge port.
PAgP includes four user-configurable channel modes: on, off, auto, and desirable. Each mode affects the way a port handles PAgP packets. By default, ports are in auto mode. Table 4-4 describes each mode.
| Mode | Description |
|---|---|
on | Forces the port to channel without negotiation. |
off | Prevents the port from channeling. |
auto | Places a port into a passive negotiating state, in which the port responds to PAgP packets it receives but does not initiate PAgP packet negotiation. (Default) |
desirable | Places a port into an active negotiating state, in which the port initiates negotiations with other ports by sending PAgP packets. |
Both the auto and desirable modes allow ports to negotiate with connected ports to determine if they can form a channel, based on criteria such as port speed, trunking state, VLAN numbers, and so on.
Channel ports can be in different channel modes as long as the modes are compatible. For instance, a port in desirable mode can form a channel successfully with another port that is in desirable or auto mode. Similarly, a port in auto mode can form a channel with another port in desirable mode. However, a port in auto mode cannot form a channel with another port that is also in auto mode, since neither port will initiate negotiation.
The two-port supervisor engine modules that support Fast EtherChannel (model numbers WS-X5505, WS-X5506, WS-X5509, and WS-X5530) on Catalyst 5000 series switches support a single configuration: one channel of two ports.
The following switching modules support Fast EtherChannel in a number of configurations:
On the 12-port modules, the ports form three groups of four ports each (ports 1-4, 5-8, and 9-12). On the 24-port module, the ports form three groups of eight ports each (ports 1-8, 9-16, and 17-24). A Fast EtherChannel must be composed of contiguous ports from the same group. A channel cannot have some ports from one group and some ports from another. Each group of four ports can be channeled in any the following ways:
If improperly configured, some Fast EtherChannel ports are disabled automatically to avoid network loops and other problems. Use the following guidelines to avoid configuration problems:
To configure Fast EtherChannel on a group of Fast Ethernet ports, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Make sure that the ports you want to channel are configured correctly. (Refer to the "Fast EtherChannel Configuration Guidelines" section earlier in this chapter.) |
|
Step 2 Create the Fast EtherChannel on the desired ports. | set port channel port_list {on | off | auto | desirable} |
Step 3 Verify the Fast EtherChannel configuration. | show port channel [mod_num[/port_num]] [info | statistics] |
This example shows how to create a two-port channel and verify the configuration:
Console> (enable) set port channel 1/1-2 on
Port(s) 1/1-2 channel mode set to on. Console> (enable) 06/30/1998,17:09:32:PAGP-5:Port 1/1 left bridge port 1/1. 06/30/1998,17:09:32:PAGP-5:Port 1/2 left bridge port 1/2. 06/30/1998,17:09:33:PAGP-5:Port 1/1 joined bridge port 1/1-2. 06/30/1998,17:09:33:PAGP-5:Port 1/2 joined bridge port 1/1-2. Console> (enable) show port channel
Port Status Channel Channel Neighbor Neighbor
mode status device port
----- ---------- --------- ----------- ------------------------- ----------
1/1 connected on channel WS-C2926 007475320 1/1
1/2 connected on channel WS-C2926 007475320 1/2
----- ---------- --------- ----------- ------------------------- ----------
Console> (enable)
To remove an Ethernet channel, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Remove an Ethernet channel. | set port channel port_list off |
Step 2 Verify the Fast EtherChannel configuration. | show port channel [mod_num[/port_num]] [info | statistics] |
This example shows how to disable a channel and how to verify the configuration:
Console> (enable) set port channel 1/1-2 off
Port(s) 1/1-2 channel mode set to off. Console> (enable) show port channel
No ports channelling Console> (enable)
These sections describe how to configure protocol filtering on Catalyst 5000 series Ethernet VLANs and on Ethernet, Fast Ethernet, and Gigabit Ethernet ports:
A Supervisor Engine III that has a NetFlow Feature Card (NFFC) can support protocol filtering within a port VLAN.
Protocol filtering is supported only on Ethernet VLANs and on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports. Trunking ports are always members of all the protocol groups. Protocol filtering is disabled by default on all Ethernet VLANs. In addition to configuring a VLAN to the port, you can configure the port to be a member of one or more of the protocol groups. Filtering is not done on trunk ports; therefore, there are no interoperability issues with switches without the NFFC card. Layer 2 protocols, such as Spanning-Tree Protocol and Cisco Discovery Protocol, are not affected by protocol filtering.
If the NFFC is installed, the supervisor engine software supports autolearning. With autolearning, ports become members of the protocol flood domain only after receiving packets of the corresponding protocol. For example, if a host supports both IP and Internetwork Packet Exchange (IPX) and the host is using only IP, the port to which this host is connected is configured as auto for IPX. This port does not receive any IPX flood traffic. When the host actually sends an IPX packet, it is detected by the supervisor, and the port is added to the IPX group, which allows the port to start receiving the IPX flood traffic.
Dynamic ports and ports that have port security enabled are members of all protocol groups.
You can configure a port with the following options: on, off, and auto for a particular protocol. If the configuration is set to on, it receives all the flood traffic for that protocol; if it is set to off, it does not receive any flood traffic for that protocol; and if the port configuration is set to auto, it is added to the group only after receiving packets of the specific protocol. Initially, the port does not receive any flood packets for that protocol. When the corresponding protocol packets are received on that port, the supervisor module detects this condition and adds the port to the protocol group.
By default, ports are configured to on for the IP protocol groups. You can configure the ports to auto for IP if only clients are connected to the ports. The default port configuration for IPX and Group is auto. Autoconfigured ports are removed from the protocol group if no packets are received for that protocol within 60 minutes. Ports are also removed from the protocol group when the supervisor detects a link down.
An NFFC provides broadcast and unicast flood traffic filtering based on the port's membership to different protocol groups in addition to the port VLAN. The NFFC does not process Token Ring packets.
A port can be a member of one or more of the first three groups.
To configure protocol filtering on Ethernet, Fast Ethernet, or Gigabit Ethernet ports, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable protocol filtering on the switch. | set protocolfilter {enable | disable} |
Step 2 Set the protocol membership of the desired ports. | set port protocol mod_num/port_num {ip | ipx | group} {on | off | auto} |
Step 3 Verify the port filtering configuration. | show port protocol [mod_num[/port_num]] |
This example shows how to enable protocol filtering, set the protocol membership of ports, and verify the configuration:
Console> (enable) set protocolfilter enable
Protocol filtering enabled on this switch. Console> (enable) set port protocol 2/1 ip off
IP protocol disabled on port 2/1. Console> (enable) set port protocol 5/1 ip auto
IP protocol set to auto mode on module 5/1. Console> (enable) show port protocol 1/1-2
Port Vlan IP IP Hosts IPX IPX Hosts Group Group Hosts ----- ---------- ------ ---------- --------- ------------ -------- ---------------- 1/1 1 on 10 auto-on 4 auto-off 0 1/2 trunking on - on - on - Console> (enable)
Figure 4-1 shows an example Ethernet configuration for a single Catalyst 5000 series switch. This example shows all devices on each module as either full duplex or half duplex. However, you can configure each port on each module independently for either full- or half-duplex operation. In addition, this example shows a direct correlation between port speed and traffic priority, although the two parameters are completely independent.
The example configuration shown in Figure 4-1 is based on the following assumptions:
This example shows how to configure Ethernet on a Catalyst 5000 series switch:
Step 1 Configure a name for the port by entering the set port name command. You see this display:
Step 2 Configure the priority level for the port by entering the set port level command. You see this display:
Step 3 Configure a name for the port by entering the set port speed command. You see this display:
Step 4 Configure the transmission type of the port (half or full duplex) by entering the set port duplex command. You see this display:
Step 5 To verify the Ethernet configuration, enter the show port command. After entering this command, you see a display similar to the verification example in the section "Setting the Port Name."
|
|
