Page 1 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide Cisco IOS Releases 12.0(5)WC4 and 12.0(5)WC5 May 2002 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
Page 2 OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
Page 3 World Wide Web Documentation CD-ROM Ordering Documentation Documentation Feedback Obtaining Technical Assistance Cisco.com Technical Assistance Center Cisco TAC Web Site Cisco TAC Escalation Center Overview C H A P T E R Features Management Options Management Interface Options Advantages of Using CMS and Clustering Switches...
Page 4: Table Of Contents
Contents Getting Started with CMS C H A P T E R Features Front Panel View Cluster Tree Front-Panel Images Redundant Power System LED Port Modes and LEDs VLAN Membership Modes 2-12 Topology View 2-13 Topology Icons 2-15 Device and Link Labels 2-16 Colors in the Topology View 2-17...
Page 5 Contents Verifying Your Changes 2-34 Change Notification 2-34 Error Checking 2-34 Saving Your Changes 2-34 Using Different Versions of CMS 2-35 Where to Go Next 2-35 Getting Started with the CLI C H A P T E R Command Usage Basics Accessing Command Modes Specifying Ports in Interface Configuration Mode Abbreviating Commands...
Page 6 Contents Planning a Switch Cluster Automatic Discovery of Cluster Candidates and Members Discovery through CDP Hops Discovery through Non-CDP-Capable and Noncluster-Capable Devices Discovery through the Same Management VLAN Discovery through Different Management VLANs Discovery of Newly Installed Switches 5-11 HSRP and Standby Command Switches 5-12 Virtual IP Addresses 5-13...
Page 7 Contents Configuring the Domain Name and the DNS Configuring the Relay Device Obtaining Configuration Files Example Configuration Assigning Passwords and Privilege Levels 6-11 Setting the System Date and Time 6-12 Configuring Daylight Saving Time 6-12 Configuring the Network Time Protocol 6-13 Configuring the Switch as an NTP Client 6-13...
Page 8 Contents Configuring STP 6-33 Supported STP Instances 6-33 Using STP to Support Redundant Connectivity 6-34 Disabling STP 6-34 Accelerating Aging to Retain Connectivity 6-34 Configuring STP and UplinkFast in a Cascaded Cluster 6-35 Configuring Redundant Links By Using STP UplinkFast 6-36 Enabling STP UplinkFast 6-37...
Page 9 Contents Configuring RADIUS 6-57 Default RADIUS Configuration 6-57 Identifying the RADIUS Server Host 6-58 Configuring RADIUS Login Authentication 6-60 Defining AAA Server Groups 6-62 Configuring RADIUS Authorization for User Privileged Access and Network Services 6-64 Starting RADIUS Accounting 6-65 Configuring Settings for All RADIUS Servers 6-65 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 6-66...
Page 10: Vtp
Configuring Voice Ports 7-13 Preparing a Port for a Cisco IP Phone Connection 7-13 Configuring a Port to Connect to a Cisco IP Phone 7-14 Overriding the CoS Priority of Incoming Frames 7-14 Configuring Voice Ports to Carry Voice and Data Traffic on Different VLANs...
Page 11 Contents Upgrading from Previous Software Releases 8-14 VTP Version 8-15 Default VTP Configuration 8-15 Configuring VTP 8-16 Configuring VTP Server Mode 8-16 Configuring VTP Client Mode 8-17 Disabling VTP (VTP Transparent Mode) 8-18 Enabling VTP Version 2 8-18 Disabling VTP Version 2 8-19 Enabling VTP Pruning 8-19...
Page 12 Contents How the VMPS Works 8-36 Dynamic Port VLAN Membership 8-36 VMPS Database Configuration File 8-37 VMPS Configuration Guidelines 8-38 Default VMPS Configuration 8-39 Configuring Dynamic VLAN Membership 8-39 Configuring Dynamic Ports on VMPS Clients 8-40 Reconfirming VLAN Memberships 8-40 Changing the Reconfirmation Interval 8-41 Changing the Retry Count...
Page 13 Contents Error Message and Recovery Procedures AAAA Messages CAPITOLA Messages CDP Messages CHASSIS Message CMP Messages CPU_NET Message ENVIRONMENT Messages FRANK Messages A-10 GBIC_1000BASET Messages A-15 GBIC_SECURITY Messages A-16 GigaStack Messages A-17 HW_MEMORY Messages A-18 INTERFACE Messages A-19 IP Messages A-19 LRE CPE Messages A-20...
Page 14 Contents Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78-6511-08...
Page 15 Ethernet and local area networking. Purpose This switch software release is based on Cisco IOS Release 12.0. It has been enhanced to support a set Note of features for the Catalyst 2900 XL and Catalyst 3500 XL switches. This guide does not repeat the concepts and CLI procedures already documented in the Cisco IOS Release 12.0 documentation on...
Page 16: Chapter 2 Getting Started With Cms
This reference manual provides commands and command descriptions that have been Note created or changed for the Catalyst 2900 XL and Catalyst 3500 XL switches. It does not repeat the commands and command descriptions already documented in the Cisco IOS Release 12.0 documentation on Cisco.com. Organization The organization of this guide is as follows: Chapter 1, “Overview,”...
Page 17 Preface Conventions Conventions This guide uses these conventions to convey instructions and information: Command descriptions use these conventions: • Commands and keywords are in boldface text. • Arguments for which you supply values are in italic. • Square brackets ([ ]) indicate optional elements. •...
Page 18: Related Publications
These documents provide complete information about the switch and are available from this Cisco.com site: http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the “Ordering Documentation” section on page -xix.
Page 19: Obtaining Documentation
The following sections explain how to obtain documentation from Cisco Systems. World Wide Web You can access the most current Cisco documentation on the World Wide Web at the following URL: http://www.cisco.com Translated documentation is available at the following URL: http://www.cisco.com/public/countries_languages.shtml...
Page 20: Obtaining Technical Assistance
Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available. Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
Page 21 Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register: http://www.cisco.com/register/...
Page 22 Preface Obtaining Technical Assistance Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide xxii 78-6511-08...
Page 23: Features
This guide describes the features for all Catalyst 2900 XL and Catalyst 3500 XL switches, including the Catalyst 2900 LRE XL switches. Cisco IOS Release 12.0(5)WC5 is not for the Long-Reach Ethernet (LRE) switches. Do not install Release 12.0(5)WC5 on the Catalyst 2900 LRE XL switches.
Page 24: Overview
Per-port broadcast storm control for preventing faulty end stations from degrading overall system performance with • broadcast storms Cisco Group Management Protocol (CGMP) for limiting multicast traffic to specified end stations and reducing overall • network traffic CGMP Fast Leave for accelerating the removal of unused CGMP groups to reduce superfluous traffic on the network •...
Page 25 Address Resolution Protocol (ARP) for identifying a switch through its IP address and its corresponding Media Access Control (MAC) address Cisco Discovery Protocol (CDP) versions 1 and 2 for network topology discovery and mapping between the switch and • other Cisco devices on the network Network Time Protocol (NTP) for providing a consistent timestamp to all switches from an external source •...
Page 26 Gigabit ports for prioritizing mission-critical and time-sensitive traffic from data, voice, and telephony applications • Voice VLAN (VVID) for creating subnets for voice traffic from Cisco IP Phones Security Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection •...
Page 27 Cisco LRE 48 POTS Splitter. For information about the Cisco LRE CPEs, refer to the Cisco LRE CPE Hardware Installation Guide. For information about the nonhomologated Cisco LRE POTS splitter, refer to the Installation Notes for the Cisco LRE 48 POTS Splitter.
Page 28: Management Options
Chapter 1 Overview Management Options Management Options The Catalyst 2900 XL and Catalyst 3500 XL switches are designed for plug-and-play operation: you only need to assign basic IP information to the switch and connect it to the other devices in your network. If you have specific network needs, you can configure and monitor the switch—on an individual basis or as part of a switch cluster—through its various management interfaces.
Page 29: Advantages Of Using Cms And Clustering Switches
Using CMS and switch clusters can simplify and minimize your configuration and monitoring tasks. You can use Cisco switch clustering technology to manage up to 16 interconnected supported Catalyst switches through one IP address as if they were a single entity. This can conserve IP addresses if you have a limited number of them.
Page 30: Network Configuration Examples
Chapter 1 Overview Network Configuration Examples Network Configuration Examples This section provides network configuration concepts and includes examples of using the switch to create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit Ethernet connections. “Design Concepts for Using the Switch” section on page 1-8 •...
Page 31 Chapter 1 Overview Network Configuration Examples Bandwidth alone is not the only consideration when designing your network. As your network traffic profiles evolve, consider providing network services that can support applications such as voice and data integration and security. Table 1-3 describes some network demands and how you can meet those demands.
Page 32 Chapter 1 Overview Network Configuration Examples 1000BASE-LX/LH GBIC: fiber connections of up to 32,808 feet (6 miles or 10 km) – 1000BASE-ZX GBIC: fiber connections of up to 328,084 feet (62 miles or 100 km) – • Redundant Gigabit backbone—Using HSRP, you can create backup paths between Catalyst 4908G-L3 switches.
Page 33 Chapter 1 Overview Network Configuration Examples Small to Medium-Sized Network Configuration Figure 1-2 shows a configuration for a network that has up to 250 users. Users in this network require e-mail, file-sharing, database, and Internet access. You optimize network performance by placing workstations on the same logical segment as the servers they access most often.
Page 34 Chapter 1 Overview Network Configuration Examples Figure 1-2 Small to Medium-Sized Network Configuration Cisco 2600 router 100 Mbps (200 Mbps full duplex) Gigabit server 1 Gbps (2 Gbps full duplex) Catalyst 2900 XL Gigabit and Catalyst 3500 XL server GigaStack cluster...
Page 35: Collapsed Backbone And Switch Cluster Configuration
Each 10/100 inline-power port on the Catalyst 3524-PWR XL switches provides –48 VDC power to the Cisco IP Phone. The IP phone can receive redundant power when it also is connected to an AC power source. IP phones not connected to the Catalyst 3524-PWR XL switches receive power from an AC power source.
Page 36 Overview Network Configuration Examples Figure 1-3 Collapsed Backbone and Switch Cluster Configuration Gigabit servers Cisco CallManager Catalyst 3550-12G switch Cisco 2600 router 200 Mbps 1 Gbps Fast EtherChannel (2 Gbps full duplex) (400 Mbps full duplex Fast EtherChannel) Catalyst Catalyst...
Page 37: Large Campus Configuration
• CallManager controls call processing, routing, and IP phone features and configuration. Cisco Access gateway (such as Cisco Access Digital Trunk Gateway or Cisco Access Analog Trunk • Gateway) that connects the IP network to the PSTN or to users in an IP telephony network.
Page 38 Catalyst Catalyst 2900 XL and 3500 XL 3524-PWR XL GigaStack cluster GigaStack cluster Cisco IP Phones Cisco IP Phones Workstations running power Cisco SoftPhone software source Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide...
Page 39: Hotel Network Configuration
One or more RJ-45 Ethernet ports for connecting to devices such as a customer’s laptop, the room’s IP phone, the television set-top box, or a room environmental control device. A Cisco 575 LRE CPE provides one Ethernet connection; a Cisco 585 LRE CPE provides four.
Page 40 Floor 3 Patch panel Cisco Catalyst 2900 LRE XL switches LRE 48 POTS splitters Servers PSTN Catalyst 2900 XL Cisco 2600 router or Catalyst 3500 XL switch Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 1-18 78-6511-08...
Page 41: Multidwelling Configuration
Chapter 1 Overview Network Configuration Examples Multidwelling Configuration A growing segment of residential and commercial customers are requiring high-speed access to Ethernet metropolitan-area networks (MANs). Figure 1-6 shows a configuration for a Gigabit Ethernet MAN ring using Catalyst 6500 switches as aggregation switches in the mini-point-of-presence (POP) location. These switches are connected through 1000BASE-X GBIC ports.
Page 42 Chapter 1 Overview Network Configuration Examples Figure 1-6 Multidwelling Configuration Cisco 12000 Gigabit switch routers Service Provider Catalyst 6500 switches Catalyst 6500 multilayer switches Mini-POP Gigabit MAN Catalyst 2900 XL and Catalyst 3500 XL switches, including Catalyst 2900 LRE XL...
Page 43 Chapter 1 Overview Where to Go To Next Long-Distance, High-Bandwidth Transport Configuration Figure 1-7 shows a configuration for transporting 8 Gigabits of data over a single fiber-optic cable. The Catalyst switches have Coarse Wave Division Multiplexer (CWDM) fiber-optic GBIC modules installed.
Page 44 Chapter 1 Overview Where to Go To Next Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 1-22 78-6511-08...
Page 45 • Note • For system requirements and for browser and Java plug-in configuration procedures, refer to the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). • For procedures for using CMS, refer to the online help. Note This chapter describes CMS on the Catalyst 2900 XL and Catalyst 3500 XL switches. Refer to the appropriate switch documentation for descriptions of the web-based management software used on other Catalyst switches.
Page 46 Chapter 2 Getting Started with CMS Features Features CMS provides these features (Figure 2-1) for managing switch clusters and individual switches from Web browsers such as Netscape Communicator or Microsoft Internet Explorer: Two views of your network that can be displayed at the same time: •...
Page 47: Toolbar
Chapter 2 Getting Started with CMS Features Two levels of access to the configuration options: read-write access for users allowed to change • switch settings; read-only access for users allowed to only view switch settings Consistent set of GUI components (such as tabs, buttons, drop-down lists, tables, and so on) for a •...
Page 48: Front Panel View
Chapter 2 Getting Started with CMS Front Panel View Front Panel View When CMS is launched from a command switch, the Front Panel view displays the front-panel images of all switches in the cluster (Figure 2-2). When CMS is launched from a standalone or noncommand member switch, the Front Panel view displays only the front panel of the specific switch (Figure 2-3).
Page 49: Cluster Tree
Chapter 2 Getting Started with CMS Front Panel View Cluster Tree The cluster tree (Figure 2-2) appears in the left frame of the Front Panel view and shows the name of the cluster and a list of its members. The sequence of the cluster-tree icons (Figure 2-4) mirror the sequence of the front-panel images.
Page 50: Front-Panel Images
Chapter 2 Getting Started with CMS Front Panel View Front-Panel Images You can manage the switch from a remote station by using the front-panel images. The front-panel images are updated based on the network polling interval that you set from CMS > Preferences. This section includes descriptions of the LED images.
Page 51: Redundant Power System Led
Blinking amber Internal power supply of the switch is down, and redundancy is lost. The switch is operating on the RPS. Table 2-4 Cisco RPS 600 LED on the Catalyst 2900 XL and Catalyst 3500 XL Switches Except the Catalyst 2900 LRE XL, and Catalyst 3524-PWR XL Switches...
Page 52: Port Modes And Leds
Chapter 2 Getting Started with CMS Front Panel View Port Modes and LEDs The port modes (Table 2-6) determine the type of information displayed through the port LEDs. When you change port modes, the meanings of the port LED colors (Table 2-7, Table...
Page 53 Chapter 2 Getting Started with CMS Front Panel View Table 2-7 Port LEDs on the Catalyst 2912, 2924C, 2924, 2912MF, and 2924M XL Switches Port Mode Port LED Color Description STAT Cyan (off) No link. Green Link present, and port is in STP forwarding state. Amber Link fault.
Page 54 10/100 port LEDs on the LRE switch. 2. The LRE switch does not show the CPE Ethernet link status, duplex, or speed of the Ethernet ports on the Cisco 585 LRE CPEs. The LEDs for the switch LRE ports connected to these CPEs are cyan in this mode.
Page 55 Inline power is on. only) If the Cisco IP Phone or Cisco access point is receiving power from an AC power source, the port LED is off even if the IP phone is connected to the switch port. The LED turns green only when the switch port is providing power.
Page 56: Vlan Membership Modes
Chapter 2 Getting Started with CMS Front Panel View VLAN Membership Modes Ports in the Front Panel view are outlined by colors (Table 2-10) when you click Highlight VLAN Port Membership Modes on the Configure VLANs tab on the VLAN window (VLAN >...
Page 57: Topology View
Chapter 2 Getting Started with CMS Topology View Topology View The Topology view displays how the devices within a switch cluster are connected and how the switch cluster is connected to other clusters and devices. From this view, you can add and remove cluster members.
Page 58: Collapse Cluster View
Chapter 2 Getting Started with CMS Topology View Figure 2-6 Expand Cluster View Cluster members of cluster1 and other devices connected to cluster1. Right-click a Right-click a link icon to display device icon to display a link popup menu. a device popup menu. Figure 2-7 Collapse Cluster View Neighboring cluster...
Page 59: Topology Icons
• switches • Devices that are not eligible to join the cluster, such as Cisco IP phones, Cisco access points, and Cisco Discovery Protocol (CDP)-capable hubs and routers • Devices that are identified as unknown devices, such as some Cisco devices and third-party devices Candidate switches are distinguished by the color of their device label.
Page 60: Device And Link Labels
Chapter 2 Getting Started with CMS Topology View The Topology view also uses a set of link icons (Figure 2-9) to show the link type and status between two devices. To select a link, click the link that you want to select. To select multiple links, press the Ctrl key, and click the links that you want to select.
Page 61: Colors In The Topology View
Chapter 2 Getting Started with CMS Topology View Colors in the Topology View The colors of the Topology view icons show the status of the devices and links (Table 2-11, Table 2-12, Table 2-13). Table 2-11 Device Icon Colors Icon Color Color Meaning Green The device is operating.
Page 62: Menus And Toolbar
Chapter 2 Getting Started with CMS Menus and Toolbar Menus and Toolbar The configuration and monitoring options for configuring switches and switch clusters are available from menus and a toolbar. Menu Bar The menu bar provides the complete list of options for managing a single switch and switch cluster. The menu bar is the same whether or not the Front-Panel or Topology views are displayed.
Page 63 If you have a Catalyst 2900 XL or Catalyst 3500 XL command switch, the standby command switches should be Catalyst 2900 XL and Catalyst 3500 XL switches. Refer to the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm) for the Catalyst switches that can be part of a switch cluster.
Page 64: Sys
Chapter 2 Getting Started with CMS Menus and Toolbar Table 2-15 Menu Bar Menu-Bar Options Task Page Setup Set default document printer properties to be used when printing from CMS. Print Preview View the way the CMS window or help file will appear when printed. Print Print a CMS window or help file.
Page 65 Chapter 2 Getting Started with CMS Menus and Toolbar Table 2-15 Menu Bar (continued) Menu-Bar Options Task Port Port Settings Display and configure port parameters on a switch. Port Search Search for a port through its description. Port Security Enable port security on a port. EtherChannels Group ports into logical units for high-speed links between switches.
Page 66 Chapter 2 Getting Started with CMS Menus and Toolbar Table 2-15 Menu Bar (continued) Menu-Bar Options Task View Refresh Update the views with the latest status. Front Panel Display the Front Panel view. Arrange Front Panel Rearrange the order in which switches appear in the Front Panel view. Topology Display the Topology view.
Page 67: Toolbar
Chapter 2 Getting Started with CMS Menus and Toolbar Toolbar The toolbar buttons display commonly used switch and cluster configuration options and information windows such as legends and online help. Hover the cursor over an icon to display the feature. Table 2-16 describes the toolbar options, from left to right on the toolbar.
Page 68: Front Panel View Popup Menus
Chapter 2 Getting Started with CMS Menus and Toolbar Front Panel View Popup Menus These popup menus are available in the Front Panel view. Device Popup Menu You can display all switch and cluster configuration windows from the menu bar, or you can display commonly used configuration windows from the device popup menu (Table 2-17).
Page 69: Topology View Popup Menus
Chapter 2 Getting Started with CMS Menus and Toolbar Topology View Popup Menus These popup menus are available in the Topology view. Link Popup Menu You can display reports and graphs for a specific link displayed in the Topology view (Table 2-19).
Page 70: Device Popup Menus
Chapter 2 Getting Started with CMS Menus and Toolbar Device Popup Menus Specific devices in the Topology view display a specific popup menu: • Cluster (Table 2-20) Command switch (Table 2-21) • Member or standby command switch (Table 2-22) • Candidate switch with an IP address (Table 2-23)
Page 71 Task Device Manager Access the web management interface of the device. This option is available on Cisco access points, but not on Cisco IP Note phones, hubs, routers and on unknown devices such as some Cisco devices and third-party devices.
Page 72: Interaction Modes
Chapter 2 Getting Started with CMS Interaction Modes Interaction Modes You can change the interaction mode of CMS to either guide or expert mode. Guide mode steps you through each feature option and provides information about the parameter. Expert mode displays a configuration window in which you configure the feature options.
Page 73: Tool Tips
• You can send us feedback about the information provided in the online help. Click Feedback to display an online form. After completing the form, click Submit to send your comments to Cisco. We appreciate and value your comments. Figure 2-11 Help Contents and Index Glossary of terms used in the online help.
Page 74: Cms Window Components
Chapter 2 Getting Started with CMS CMS Window Components CMS Window Components CMS windows consistently present configuration information. Figure 2-12 shows the components of a typical CMS window. Figure 2-12 CMS Window Components OK saves your changes and closes the window. Apply saves your changes and leaves the window open.
Page 75: Tabs, Lists, And Tables
Icons Used in Windows Some window have icons for sorting information in tables, for showing which cells in a table are editable, and for displaying further information from Cisco.com (Figure 2-13).
Page 76: Accessing Cms
You can access the CLI by clicking Web Console - HTML access to the command line interface from a cached copy of the Cisco Systems Access page. To prevent unauthorized access to CMS and the CLI, exit your browser to end the browser session.
Page 77: Access Modes In Cms
Catalyst 2950 member switches running Release 12.0(5)WC2 or earlier – Catalyst 3550 member switches running Release 12.1(6)EA1 or earlier – For more information about this limitation, refer to the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). These switches do not support read-only mode on CMS: • Catalyst 1900 and Catalyst 2820 –...
Page 78: Verifying Your Changes
Chapter 2 Getting Started with CMS Verifying Your Changes Verifying Your Changes CMS provides notification cues to help you track and confirm the changes you make. Change Notification A green border around a field or table cell means that you made an unsaved change to the field or table cell.
Page 79: Using Different Versions Of Cms
Refer to the documentation specific to the switch and its IOS release for descriptions of the CMS version you are using. Where to Go Next Before configuring the switch, refer to these places for start-up information: • Switch release notes on Cisco.com (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm): – CMS software requirements –...
Page 80 Chapter 2 Getting Started with CMS Where to Go Next Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 2-36 78-6511-08...
Page 81: Chapter 3 Getting Started With The Cli
Where to Go Next, page 3-8 This switch software release is based on Cisco IOS Release 12.0. It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches. This chapter provides procedures for using only the commands that have been created or changed for these switches.
Page 82: Command Usage Basics
“Redisplaying a Command” section on page 3-5 “Getting Help” section on page 3-5 • For complete information about CLI usage, refer to the Cisco IOS Release 12.0 documentation on Cisco.com. Accessing Command Modes The CLI is divided into different modes. The commands available to you at any given time depend on which mode you are in.
Page 83 Chapter 3 Getting Started with the CLI Command Usage Basics Table 3-1 Command Modes Summary Modes Access Method Prompt Exit Method About This Mode User EXEC Begin a session with Enter logout or quit. The EXEC commands available at switch> your switch.
Page 84: Specifying Ports In Interface Configuration Mode
Chapter 3 Getting Started with the CLI Command Usage Basics Specifying Ports in Interface Configuration Mode To configure a port, you need to specify the interface type, slot, and switch-port number with the interface configuration command. For example, to configure port 4 on a switch, you enter: switch(config)#interface fa 0/4 To configure port 4 on a 10/100 module in the first module slot on the switch, you enter: switch(config)#interface fa 1/4...
Page 85: Using The No And Default Forms Of Commands
Chapter 3 Getting Started with the CLI Command Usage Basics Using the No and Default Forms of Commands Almost every configuration command has a no form. In general, use the no form to Disable a feature or function. • Reset a command to its default values. •...
Page 86: Command-Line Error Messages
Chapter 3 Getting Started with the CLI Command-Line Error Messages You can also obtain a list of associated keywords and arguments for any command, as shown in Table 3-2. Table 3-2 Help Summary Command Purpose help Obtain a brief description of the help system in any command mode. abbreviated-command-entry? Obtain a list of commands that begin with a particular character string.
Page 87: Accessing The Cli
You can access the CLI by clicking Web Console - HTML access to the command line interface from a cached copy of the Cisco Systems Access page. To prevent unauthorized access to CMS and the CLI, exit your browser to end the browser session.
Page 88: Saving Configuration Changes
You can also access the CLI by clicking Web Console - HTML access to the command line interface from the Cisco Systems Access page. For information about the Cisco Systems Access page, see the “Accessing CMS” section on page 2-32 and the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm).
Page 89 • Switch upgrades This switch software release is based on Cisco IOS Release 12.0. It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches. This chapter provides procedures for using only the commands that have been created or changed for these switches. The switch command reference provides complete descriptions of these commands.
Page 90: Initial Switch Configuration
The switch software is regularly updated with new features and bug fixes, and you might want to upgrade your Catalyst 2900 XL or Catalyst 3500 XL switch with the latest software release. New software releases are posted on Cisco.com and are available through authorized resellers. Cisco also supplies a TFTP server that you can download from Cisco.com.
Page 91: Console Port Access
Chapter 4 General Switch Administration Console Port Access Console Port Access The switch console port provides switch access to a directly-attached terminal or PC or to a remote terminal or PC through a serial connection and a modem. For information about connecting to the switch console port, refer to the switch hardware installation guide.
Page 92: Telnet Access To The Cli
This procedure assumes that you have assigned IP information and a Telnet password to the switch or command switch, as described in the latest switch release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). Information about accessing the CLI through a Telnet session is provided in the “Accessing the CLI”...
Page 93: Snmp Network Management Platforms
9-7. Using FTP to Access the MIB Files You can obtain each MIB file with this procedure: Step 1 Use FTP to access the server ftp.cisco.com. Step 2 Log in with the username anonymous. Step 3 Enter your e-mail username when prompted for the password.
Page 94: Using Snmp To Access Mib Variables
Chapter 4 General Switch Administration SNMP Network Management Platforms Using SNMP to Access MIB Variables The switch MIB variables are accessible through SNMP, an application-layer protocol facilitating the exchange of management information between network devices. The SNMP system consists of three parts: The SNMP manager, which resides on the network management system (NMS) •...
Page 95: Default Settings
For information about assigning basic IP information to the switch, see the “Initial Switch Configuration” section on page 4-2 and the latest switch release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). If you have specific network needs, you can configure the switch through its various management interfaces. Table 4-2 lists the key software features, their defaults, their page numbers in this guide, and where you can configure them from the CLI and CMS.
Page 96 “Changing IP Information” section on Administration > IP Addresses mask, and default gateway page 6-2. Refer to the latest switch release notes (http://www.cisco.com/univercd/cc/td/doc/ product/lan/c2900xl/index.htm). Documentation set for Cisco IOS Release 12.0 on Cisco.com. Dynamic Host DHCP “Using DHCP-Based Autoconfiguration” – Configuration Protocol client is section on page 6-3.
Page 97 7-1. LRE Profiles (for LRE ports only) You cannot disable the Cisco 585 LRE CPE Ethernet ports on a per-port basis. You can Note either enable or disable all Ethernet ports on the CPE. This restriction does not apply to the Cisco 575 LRE CPE, which has only one Ethernet port.
Page 98: Blocking Flooded
“Configuring SPAN” section on page 7-12. Port > SPAN (SPAN) port monitoring Console, buffer, and file Disabled – – logging Documentation set for Cisco IOS Release 12.0 on Cisco.com. Remote monitoring Disabled “SNMP Network Management Platforms” – (RMON) section on page 4-5.
Page 99 “SNMP Community Strings” section on Administration > SNMP page 5-16 “Entering Community Strings” section on page 6-49. Documentation set for Cisco IOS Release 12.0 on Cisco.com. Port security Disabled “Enabling Port Security” section on Port > Port Security page 7-10.
Page 100 Chapter 4 General Switch Administration Default Settings Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 4-12 78-6511-08...
Page 101: Chapter 5 Clustering Switches
For the CLI cluster commands, refer to the switch command reference. Refer to the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm) for the list of Catalyst switches eligible for switch clustering, including which ones can be command switches and which ones can only be member switches, and for the required software versions and browser and Java plug-in configurations.
Page 102: Understanding Switch Clusters
“Advantages of Using CMS and Clustering Switches” section on page 1-7. Refer to the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm) for the list of Catalyst switches eligible for switch clustering, including which ones can be command switches and which ones can only be member switches, and the required software versions.
Page 103: Command Switch Characteristics
• It has an IP address. • • It has Cisco Discovery Protocol (CDP) version 2 enabled (the default). • It is not a command or member switch of another cluster. • It is connected to the standby command switches and member switches through its management VLAN.
Page 104: Candidate Switch And Member Switch Characteristics
Chapter 5 Clustering Switches Understanding Switch Clusters When the command switch is a Catalyst 2950 switch running Release 12.1(6)EA2 or later, all – standby command switches must be Catalyst 2950 switches running Release 12.1(6)EA2 or later. When the command switch is running Release 12.0(5)WC2 or earlier, the standby command –...
Page 105: Planning A Switch Cluster
Java plug-in configurations. Automatic Discovery of Cluster Candidates and Members The command switch uses Cisco Discovery Protocol (CDP) to discover member switches, candidate switches, neighboring switch clusters, and edge devices in star or cascaded topologies. Note Do not disable CDP on the command switch, on cluster members, or on any cluster-capable switches that you might want a command switch to discover.
Page 106 Chapter 5 Clustering Switches Planning a Switch Cluster Discovery through CDP Hops By using CDP, a command switch can discover switches up to seven CDP hops away (the default is three hops) from the edge of the cluster. The edge of the cluster is where the last member switches are connected to the cluster and to candidate switches.
Page 107: Discovery Through Non-Cdp-Capable And Noncluster-Capable Devices
Planning a Switch Cluster Discovery through Non-CDP-Capable and Noncluster-Capable Devices If a command switch is connected to a non-CDP-capable third-party hub (such as a non-Cisco hub), it can discover cluster-enabled devices connected to that third-party hub. However, if the command switch is connected to a noncluster-capable Cisco device, it cannot discover a cluster-enabled device connected beyond the noncluster-capable Cisco device.
Page 108: Discovery Through The Same Management Vlan
Chapter 5 Clustering Switches Planning a Switch Cluster Discovery through the Same Management VLAN A Catalyst 2900 XL command switch, a Catalyst 2950 command switch running a release earlier than Release 12.1(9)EA1, or a Catalyst 3500 XL command switch must connect to all cluster members through its management VLAN.
Page 109: Discovery Through Different Management Vlans
Chapter 5 Clustering Switches Planning a Switch Cluster Discovery through Different Management VLANs We recommend using a Catalyst 3550 command switch or a Catalyst 2950 command switch running Release 12.1(9)EA1 or later. These command switches can discover and manage member switches in different VLANs and different management VLANs.
Page 110 Chapter 5 Clustering Switches Planning a Switch Cluster Figure 5-5 Discovery through Different Management VLANs with a Layer 3 Command Switch Catalyst 3550 Catalyst 3550 command switch standby command switch VLAN 9 VLAN 16 VLAN 62 VLAN 9 Switch 3 (management VLAN 16) Switch 5...
Page 111: Discovery Of Newly Installed Switches
Chapter 5 Clustering Switches Planning a Switch Cluster Discovery of Newly Installed Switches To join a cluster, the new, out-of-the-box switch must be connected to the cluster through one of its access ports. An access port (AP) carries the traffic of and belongs to the management VLAN. By default, the new switch and its access ports are assigned to management VLAN 1.
Page 112: Hsrp And Standby Command Switches
The default HSRP standby hold time interval is 10 seconds. The default HSRP standby hello time interval is 3 seconds. For more information about the standby hold time and hello time intervals, refer to the Release 12.0 documentation set on Cisco.com. These connectivity guidelines ensure automatic discovery of the switch cluster, cluster candidates, connected switch clusters, and neighboring edge devices.
Page 113: Virtual Ip Addresses
Chapter 5 Clustering Switches Planning a Switch Cluster Virtual IP Addresses You need to assign a unique virtual IP address and group number and name to the cluster standby group. This information must be configured on the management VLAN on the active command switch. The active command switch receives traffic destined for the virtual IP address.
Page 114 Chapter 5 Clustering Switches Planning a Switch Cluster All standby-group members must be members of the cluster. • Note There is no limit to the number of switches that you can assign as standby command switches. However, the total number of switches in the cluster—which would include the active command switch, standby-group members, and member switches—cannot be more than 16.
Page 115: Automatic Recovery Of Cluster Configuration
IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer), as described in the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). For more information about IP addresses, see the “Changing IP Information” section on page 6-2.
Page 116: Host Names
Chapter 5 Clustering Switches Planning a Switch Cluster Host Names You do not need to assign a host name to either a command switch or an eligible cluster member. However, a host name assigned to the command switch can help to identify the switch cluster. The default host name for the switch is Switch.
Page 117: Tacacs+ And Radius
Catalyst 2950 member switches running Release 12.0(5)WC2 or earlier – Catalyst 3550 member switches running Release 12.1(6)EA1 or earlier For more information about this limitation, refer to the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). • These switches do not support read-only mode on CMS: –...
Page 118: Management Vlan
IP address in the browser Location field (Netscape Communicator) or Address field (Microsoft Internet Explorer), as described in the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). Activity synchronization is only valid if your command switch and member switches are running Note Release 12.0(5)XU and later.
Page 119: Network Port
“Planning a Switch Cluster” section on page 5-5. Refer to the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm) for Note the list of Catalyst switches eligible for switch clustering, including which ones can be command switches and which ones can only be member switches, and for the required software versions and browser and Java plug-in configurations.
Page 120: Enabling A Command Switch
The switch you designate as the command switch must meet the requirements described in the “Command Switch Characteristics” section on page 5-3, the “Planning a Switch Cluster” section on page 5-5, and the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). We strongly recommend that the highest-end, command-capable switch in the cluster be the Note • command switch: –...
Page 121: Adding Member Switches
Chapter 5 Clustering Switches Creating a Switch Cluster Adding Member Switches As explained in the “Automatic Discovery of Cluster Candidates and Members” section on page 5-5, the command switch automatically discovers candidate switches. When you add new cluster-capable switches to the network, the command switch discovers them and adds them to a list of candidate switches.
Page 122 Chapter 5 Clustering Switches Creating a Switch Cluster Figure 5-9 Add to Cluster Window Select a switch, and click 2900-LRE-24-1 Add. Press Ctrl and left- click to select more than one switch. Enter the password of the candidate switch. If no password exists for the switch, leave this field blank.
Page 123: Creating A Cluster Standby Group
The default HSRP standby hold time interval is 10 seconds. The default HSRP standby hello time interval is 3 seconds. For more information about the standby hold time and hello time intervals, refer to the Cisco IOS Release 12.0 documentation set on Cisco.com. Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide...
Page 124 Chapter 5 Clustering Switches Creating a Switch Cluster Figure 5-11 Standby Command Configuration Window Active command switch. 3550C (cisco WS-C3550-C-24, HC, ... NMS-3550-12T-149 (cisco WS-C3550-1 3550-150 (cisco WS-C3550-12T, SC, ... Standby command switch. Must be a valid IP address in the same subnet as the active command switch.
Page 125: Verifying A Switch Cluster
Chapter 5 Clustering Switches Creating a Switch Cluster Verifying a Switch Cluster When you finish adding cluster members, follow these steps to verify the cluster: Step 1 Enter the command switch IP address in the browser Location field (Netscape Communicator) or Address field (Microsoft Internet Explorer) to access all switches in the cluster.
Page 126: Using The Cli To Manage Switch Clusters
Chapter 5 Clustering Switches Using the CLI to Manage Switch Clusters Using the CLI to Manage Switch Clusters You can configure member switches from the CLI by first logging into the command switch. Enter the rcommand user EXEC command and the member switch number to start a Telnet session (through a console or Telnet connection) and to access the member switch CLI.
Page 127: Using Snmp To Manage Switch Clusters
Chapter 5 Clustering Switches Using SNMP to Manage Switch Clusters Using SNMP to Manage Switch Clusters When you first power on the switch, SNMP is enabled if you enter the IP information by using the setup program and accept its proposed configuration. If you did not use the setup program to enter the IP information and SNMP was not enabled, you can enable it as described in the “Configuring SNMP”...
Page 128 Chapter 5 Clustering Switches Using SNMP to Manage Switch Clusters Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 5-28 78-6511-08...
Page 129: Configuring The System
For information about configuring these settings from Cluster Management Suite (CMS), refer to the online help. This switch software release is based on Cisco IOS Release 12.0. It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches. This chapter provides procedures for using only the commands that have been created or changed for these switches.
Page 130: Chapter 6 Configuring The System
Changing IP Information You can assign and change the IP information of your switch in these ways: • Using the setup program, as described in the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm) • Manually assigning an IP address, as described in this section •...
Page 131: Using Dhcp-Based Autoconfiguration
Chapter 6 Configuring the System Changing IP Information Use this procedure to remove the IP information from a switch. Note Using the no ip address command in configuration mode disables the IP protocol stack as well as removes the IP information. Cluster members without IP addresses rely on the IP protocol stack being enabled.
Page 132: Dhcp Client Request Process
Chapter 6 Configuring the System Changing IP Information DHCP Client Request Process When you boot your switch, the DHCP client can be invoked and automatically request configuration information from a DHCP server under these conditions: • The configuration file is not present on the switch. •...
Page 133: Configuring The Dhcp Server
6-7. You must also set up the TFTP server with the switch configuration files; for more information, see the next section. For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Page 134: Configuring The Domain Name And The Dns
Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, the File Transfer Protocol (FTP) system for example, is identified as ftp.cisco.com.
Page 135: Configuring The Relay Device
DHCP, DNS, and TFTP servers and that broadcasts from the servers can reach the DHCP client. If the relay device is a Cisco router, you enable IP routing (ip routing global configuration command) and configure it with helper addresses by using the ip helper-address interface configuration command.
Page 136: Obtaining Configuration Files
Chapter 6 Configuring the System Changing IP Information Obtaining Configuration Files Depending on the availability of the IP address and the configuration filename in the DHCP reserved lease, the switch obtains its configuration information in these ways: • The IP address and the configuration filename is reserved for the switch and provided in the DHCP reply (one-file read method).
Page 137: Example Configuration
Figure 6-3 DHCP-Based Autoconfiguration Network Example Switch 1 Switch 2 Switch 3 Switch 4 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 DHCP server DNS server TFTP server (maritsu) Table 6-1 shows the configuration of the reserved leases on the DHCP server.
Page 138 Chapter 6 Configuring the System Changing IP Information TFTP Server Configuration (on UNIX) The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file used in the two-file read method. This file contains the host name to be assigned to the switch based on its IP address.
Page 139: Assigning Passwords And Privilege Levels
To remove a password, use the no version of the commands: no enable secret or no enable password. For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Page 140: Setting The System Date And Time
You can configure the switch to change to daylight saving time on a particular day every year, on a day that you enter, or not at all. For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Page 141: Configuring The Network Time Protocol
NTP broadcast server. Configuring CDP Use the CLI or CMS to enable Cisco Discovery Protocol (CDP) for the switch, to set global CDP parameters, and to display information about neighboring Cisco devices.
Page 142: Configuring Cdp For Extended Discovery
Chapter 6 Configuring the System Configuring CDP Configuring CDP for Extended Discovery You can change the default configuration of CDP on the command switch to continue discovering devices up to seven hops away. Figure 6-4 shows a command switch that can discover candidates and cluster members up to seven devices away from it.
Page 143: Managing The Mac Address Tables
Chapter 6 Configuring the System Managing the MAC Address Tables Managing the MAC Address Tables You can manage the MAC address tables that the switch uses to forward traffic between ports. All MAC addresses in the address tables are associated with one or more ports. These MAC tables include these types of addresses: Dynamic address: a source MAC address that the switch learns and then drops when it is not in use.
Page 144: Changing The Address Aging Time
Chapter 6 Configuring the System Managing the MAC Address Tables Changing the Address Aging Time Dynamic addresses are source MAC addresses that the switch learns and then drops when they are not in use. The aging time parameter defines how long the switch retains unseen addresses in the table. This parameter applies to all VLANs.
Page 145: Mac Address Notification
Chapter 6 Configuring the System Managing the MAC Address Tables MAC Address Notification MAC address notification enables you to track users coming to and going from your network. Whenever a new MAC address is learned or an old MAC address is removed from the switch, an SNMP notification (trap) is generated.
Page 146: Adding Secure Addresses
Chapter 6 Configuring the System Managing the MAC Address Tables This example shows how to specify 172.20.10.10 as the NMS, enable the switch to send MAC address notification traps to the NMS, enable the MAC address notification feature, set the interval time to 60 seconds, set the history-size to 100 entries, and enable traps whenever a MAC address is added on Fast Ethernet interface 0/4.
Page 147: Adding Static Addresses
Chapter 6 Configuring the System Managing the MAC Address Tables Adding Static Addresses A static address has these characteristics: It is manually entered in the address table and must be manually removed. • It can be a unicast or multicast address. •...
Page 148: Configuring Static Addresses For Etherchannel Port Groups
Chapter 6 Configuring the System Configuring CGMP Configuring Static Addresses for EtherChannel Port Groups Follow these rules if you are configuring a static address to forward to ports in an EtherChannel port group: For default source-based port groups, configure the static address to forward to all ports in the port •...
Page 149: Enabling The Fast Leave Feature
Chapter 6 Configuring the System Configuring CGMP Enabling the Fast Leave Feature The CGMP Fast Leave feature reduces the delay when group members leave groups. When an end station requests to leave a CGMP group, the group remains enabled for that VLAN until all members have requested to leave.
Page 150: Changing The Cgmp Router Hold-Time
Chapter 6 Configuring the System Configuring CGMP Changing the CGMP Router Hold-Time The router hold-time is the number of seconds the switch waits before removing (aging) a router entry and ceasing to exchange messages with the router. If it is the last router entry in a VLAN, all CGMP groups on that VLAN are removed.
Page 151: Configuring Igmp Filtering
Chapter 6 Configuring the System Configuring IGMP Filtering Configuring IGMP Filtering IGMP filtering works with the Multicast VLAN Registration (MVR) feature to allow you to configure profiles of IP multicast groups. You can then associate these profiles with filtering action. IGMP filters are associated with each physical switch port.
Page 152 Chapter 6 Configuring the System Configuring IGMP Filtering Beginning in privileged EXEC mode, follow these steps to create an IGMP profile: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip igmp profile profile number Enter IGMP profile configuration mode, and assign a number to the profile you are configuring.
Page 153: Applying Igmp Filters
Chapter 6 Configuring the System Configuring IGMP Filtering Applying IGMP Filters To control access as defined in an IGMP profile, you apply the profile to the appropriate interfaces. IGMP profiles can be applied to Layer 2 ports only. A profile can be applied to multiple interfaces, but each interface can only have one profile applied to it.
Page 154: Setting The Maximum Number Of Igmp Groups
Chapter 6 Configuring the System Configuring IGMP Filtering Setting the Maximum Number of IGMP Groups You can set the maximum number of IGMP groups that a Layer 2 interface can join. Use the no form of this command to set the maximum back to the default, which is no limit. Beginning in privileged EXEC mode, follow these steps to set the maximum number of IGMP groups for an interface: Command...
Page 155: Configuring Mvr
Chapter 6 Configuring the System Configuring MVR Configuring MVR Multicast VLAN Registration (MVR) is designed for applications using wide-scale deployment of multicast traffic (for example, broadcast of multiple television channels) across an Ethernet ring-based service provider network. MVR allows a subscriber on a port to subscribe and unsubscribe to a multicast stream on the network-wide multicast VLAN.
Page 156 Chapter 6 Configuring the System Configuring MVR Figure 6-6 Multicast VLAN Registration Example Cisco router Multicast Catalyst server 2900/3500 XL switch Catalyst Catalyst 2900/3500 XL 2900/3500 XL switch switch Catalyst 2900/3500 XL switch Multicast Multicast data data RP1 RP2 RP3 RP4 RP5 RP6 RP7...
Page 157: Configuration Guidelines And Limitations
Chapter 6 Configuring the System Configuring MVR Configuration Guidelines and Limitations Follow these guidelines when configuring MVR: All receiver ports on a switch must belong to the same VLAN and must not be trunk ports. • In applications where the receiver ports represent subscribers to a service, we recommend •...
Page 158: Setting Mvr Parameters
Chapter 6 Configuring the System Configuring MVR Setting MVR Parameters You do not need to set MVR parameters if you choose to use the default settings. If you do want to change the default parameters, you must do so before enabling MVR. Beginning in privileged EXEC mode, follow these steps to configure MVR parameters: Command Purpose...
Page 159: Configuring Mvr
Chapter 6 Configuring the System Configuring MVR Configuring MVR Beginning in privileged EXEC mode, follow these steps to configure MVR: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 Enable MVR on the switch. Step 3 mvr group ip-address [count] Configure an IP multicast address on the switch or use the count parameter to configure a contiguous series of IP addresses.
Page 160: Managing The Arp Table
(represented by the arpa keyword) is enabled on the IP interface. ARP entries added manually to the table do not age and must be manually removed. For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Page 161: Configuring Stp
Chapter 6 Configuring the System Configuring STP Configuring STP Spanning Tree Protocol (STP) provides path redundancy while preventing undesirable loops in the network. Only one active path can exist between any two stations. STP calculates the best loop-free path throughout the network. Supported STP Instances You create an STP instance when you assign an interface to a VLAN.
Page 162: Using Stp To Support Redundant Connectivity
Chapter 6 Configuring the System Configuring STP Using STP to Support Redundant Connectivity You can create a redundant backbone with STP by connecting two of the switch ports to another device or to two different devices. STP automatically disables one port but enables it if the other port is lost. If one link is high-speed and the other low-speed, the low-speed link is originally disabled.
Page 163: Configuring Stp And Uplinkfast In A Cascaded Cluster
(IEEE) for Option 1 for Option 2 for Option 3 Hello Time Max Age Forwarding delay Figure 6-7 Gigabit Ethernet Clusters Catalyst 2900 Cisco 7000 and 3500 XL Catalyst 5000 series router switches switch Layer 3 Catalyst Catalyst Catalyst backbone...
Page 164: Configuring Redundant Links By Using Stp Uplinkfast
If a switch looses connectivity, the switch begins using the alternate paths as soon as STP selects a new root port. STP UplinkFast is a Cisco enhancement that accelerates the choice of a new root port when a link or switch fails or when STP reconfigures itself. The root port transitions to the forwarding state immediately without going through the listening and learning states, as it would with normal STP procedures.
Page 165: Enabling Stp Uplinkfast
Chapter 6 Configuring the System Configuring STP Enabling STP UplinkFast When you enable UplinkFast, it is enabled for the entire switch and cannot be enabled for individual VLANs. Beginning in privileged EXEC mode, follow these steps to configure UplinkFast: Command Purpose Step 1 configure terminal...
Page 166 Chapter 6 Configuring the System Configuring STP Figure 6-9 Cross-Stack UplinkFast Topology Backbone Spanning tree root Link A Link B Link C (Root link) (Alternate (Alternate redundant redundant link) link) 100 or 1000 Mbps 100 or 1000 Mbps 100 or 1000 Mbps Alternate stack Alternate stack Stack root port...
Page 167: Events That Cause Fast Convergence
Chapter 6 Configuring the System Configuring STP Events that Cause Fast Convergence Depending on the network event or failure, fast convergence provided by CSUF might or might not occur. Fast convergence (within 2 seconds under normal network conditions) occurs under these circumstances: •...
Page 168: Connecting The Stack Ports
Chapter 6 Configuring the System Configuring STP Connecting the Stack Ports A fast transition occurs across the stack of switches if the multidrop backbone connections are a continuous link from one GigaStack GBIC to another as shown in Figure 6-10. In addition, follow these guidelines: •...
Page 169: Configuring Cross-Stack Uplinkfast
Chapter 6 Configuring the System Configuring STP Configuring Cross-Stack UplinkFast Before enabling CSUF, make sure your stack switches are properly connected. For more information, see the “Connecting the Stack Ports” section on page 6-40. Beginning in privileged EXEC mode, follow these steps to enable CSUF: Command Purpose Step 1...
Page 170: Changing The Stp Parameters For A Vlan
Chapter 6 Configuring the System Configuring STP Changing the STP Parameters for a VLAN The root switch for each VLAN is the switch with the highest priority and sends topology frames to other switches in the spanning tree. You can change the root parameters for the VLANs on a selected switch. These options define how your switch responds when STP reconfigures itself.
Page 171: Changing The Bpdu Message Interval
Chapter 6 Configuring the System Configuring STP Changing the BPDU Message Interval Beginning in privileged EXEC mode, follow these steps to change the BPDU message interval (max age time). The stp-list is the list of VLANs to which the STP command applies. Command Purpose Step 1...
Page 172: Stp Port States
Chapter 6 Configuring the System Configuring STP STP Port States When a port is not forwarding due to STP, it can be in one of these states: Blocking—Port is not participating in the frame-forwarding process and is not learning new •...
Page 173: Changing The Path Cost
Chapter 6 Configuring the System Configuring STP Changing the Path Cost Beginning in privileged EXEC mode, follow these steps to change the path cost for STP calculations. The STP command applies to the stp-list. Command Purpose Step 1 configure terminal Enter global configuration mode.
Page 174: Configuring Stp Root Guard
Chapter 6 Configuring the System Configuring STP Configuring STP Root Guard The Layer 2 network of a service provider (SP) can include many connections to switches that are not owned by the SP. In such a topology, STP can reconfigure itself and select a customer switch as the STP root switch, as shown in Figure 6-11.
Page 175: Configuring Bpdu Guard
Chapter 6 Configuring the System Configuring STP Configuring BPDU Guard This feature is not available on the Catalyst 2900 LRE XL switches. Note In a valid configuration, Port Fast-enabled interfaces do not receive BPDUs. When the BPDU guard feature is enabled on the switch, STP shuts down Port Fast-enabled interfaces that receive BPDUs rather than putting the interfaces into the blocking state.
Page 176: Configuring Snmp
SNMP is enabled by default and must be enabled for Cluster Management features to work properly. SNMP is always enabled for Catalyst 1900 and Catalyst 2820 switches. For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Page 177: Entering Community Strings
Read-only (RO)—Requests accompanied by the string can display MIB-object information. Read-write (RW)—Requests accompanied by the string can display MIB-object information and set MIB objects. For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures. Adding Trap Managers A trap manager is a management station that receives and processes traps.
Page 178 Chapter 6 Configuring the System Configuring SNMP Catalyst 1900 and Catalyst 2820 switches support up to four trap managers. When you configure community strings for these switches, limit the string length to 32 characters. When configuring traps on these switches, you cannot configure individual trap managers to receive specific traps. Table 6-5 describes the Catalyst 1900 and Catalyst 2820 SNMP traps.
Page 179: Configuring Tacacs
(authentication, authorization, and accounting [AAA]) from a server. This section describes how TACACS+ works and how you can configure it. For complete syntax and usage information for the commands described in this section, refer to the Cisco Note IOS Release 12.0 Security Command Reference.
Page 180: Configuring Login Authentication
Chapter 6 Configuring the System Configuring TACACS+ Beginning in privileged EXEC mode, follow these steps to configure the TACACS+ server: Command Purpose Step 1 tacacs-server host name [timeout Define a TACACS+ host. integer] [key string] Entering the timeout and key parameters with this command overrides the global values that you can enter with the tacacs-server timeout (Step 3) and the tacacs-server key commands (Step 5).
Page 181: Specifying Tacacs+ Authorization For Exec Access And Network Services
You can use the aaa authorization global configuration command with the tacacs+ keyword to set parameters that restrict a user’s network access to Cisco IOS privilege mode (EXEC access) and to network services such as Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP) with Network Control Protocols (NCPs), and AppleTalk Remote Access (ARA).
Page 182: Starting Tacacs+ Accounting
Starting TACACS+ Accounting You use the aaa accounting command with the tacacs+ keyword to turn on TACACS+ accounting for each Cisco IOS privilege level and for network services. Beginning in privileged EXEC mode, follow these steps to enable TACACS+ accounting:...
Page 183: Controlling Switch Access With Radius
RADIUS is facilitated through AAA and can be enabled only through AAA CLI commands. For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Note Security Command Reference for Release 12.0.
Page 184: Radius Operation
X.25 PAD connections. • Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. RADIUS can be used to authenticate access from one device to a non-Cisco device if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model.
Page 185: Configuring Radius
Chapter 6 Configuring the System Controlling Switch Access with RADIUS The ACCEPT or REJECT response is bundled with additional data that is used for privileged EXEC or network authorization. Users must first successfully complete RADIUS authentication before proceeding to RADIUS authorization, if it is enabled. The additional data included with the ACCEPT or REJECT packets includes these items: •...
Page 186: Identifying The Radius Server Host
Chapter 6 Configuring the System Controlling Switch Access with RADIUS Identifying the RADIUS Server Host Switch-to-RADIUS-server communication involves several components: • Host name or IP address Authentication destination port • Accounting destination port • Key string • Timeout period • Retransmission value •...
Page 187 Chapter 6 Configuring the System Controlling Switch Access with RADIUS Beginning in privileged EXEC mode, follow these steps to configure per-server RADIUS server communication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 radius-server host {hostname | Specify the IP address or host name of the remote RADIUS server host.
Page 188: Configuring Radius Login Authentication
Chapter 6 Configuring the System Controlling Switch Access with RADIUS To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global configuration command. This example shows how to configure one RADIUS server to be used for authentication and another to be used for accounting: Switch(config)# radius-server host 172.29.36.49 auth-port 1612 key rad1 Switch(config)# radius-server host 172.20.36.50 acct-port 1618 key rad2...
Page 189 Chapter 6 Configuring the System Controlling Switch Access with RADIUS Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA.
Page 190: Defining Aaa Server Groups
Chapter 6 Configuring the System Controlling Switch Access with RADIUS To disable AAA, use the no aaa new-model global configuration command. To disable AAA authentication, use the no aaa authentication login {default | list-name} method1 [method2...] global configuration command. To either disable RADIUS authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command.
Page 191 Chapter 6 Configuring the System Controlling Switch Access with RADIUS Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 radius-server host {hostname | Specify the IP address or host name of the remote RADIUS server host. ip-address} [auth-port port-number] (Optional) For auth-port port-number, specify the UDP destination •...
Page 192: Configuring Radius Authorization For User Privileged Access And Network Services
Chapter 6 Configuring the System Controlling Switch Access with RADIUS To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global configuration command. To remove a server group from the configuration list, use the no aaa group server radius group-name global configuration command.
Page 193: Starting Radius Accounting
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
Page 194: Configuring The Switch To Use Vendor-Specific Radius Attributes
1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and * for optional attributes.
Page 195: Configuring The Switch For Vendor-Proprietary Radius Server Communication
(Optional) Save your entries in the configuration file. For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, refer to the “RADIUS Attributes” appendix in the Cisco IOS Security Configuration Guide for Release 12.0. Configuring the Switch for Vendor-Proprietary RADIUS Server Communication...
Page 196: Displaying The Radius Configuration
Chapter 6 Configuring the System Controlling Switch Access with RADIUS Beginning in privileged EXEC mode, follow these steps to specify a vendor-proprietary RADIUS server host and a shared secret text string: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 radius-server host {hostname | ip-address} non-standard Specify the IP address or host name of the remote...
Page 197: Configuring The Switch For Local Authentication And Authorization
Chapter 6 Configuring the System Controlling Switch Access with RADIUS Configuring the Switch for Local Authentication and Authorization You can configure AAA to operate without a server by setting the switch to implement AAA in local mode. The switch then handles authentication and authorization. No accounting is available in this configuration.
Page 198 Chapter 6 Configuring the System Controlling Switch Access with RADIUS Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 6-70 78-6511-08...
Page 199: Configuring The Switch Ports
For information about configuring these settings from Cluster Management Suite (CMS), refer to the online help. This switch software release is based on Cisco IOS Release 12.0. It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches. This chapter provides procedures for using only the commands that have been created or changed for these switches.
Page 200: Chapter 7 Configuring The Switch Port
Chapter 7 Configuring the Switch Ports Changing the Port Speed and Duplex Mode Changing the Port Speed and Duplex Mode If you reconfigure the port through which you are managing the switch, a Spanning Tree Protocol (STP) Caution reconfiguration could cause a temporary loss of connectivity. The CPE Ethernet port settings have special considerations and different default settings from the switch Note 10/100 ports.
Page 201: Setting Speed And Duplex Parameters
Chapter 7 Configuring the Switch Ports Changing the Port Speed and Duplex Mode you use the full duplex with flow control option on a 100-Mbps port, the switch port responds to the pause-control frames sent from the attached device. The switch holds subsequent transmissions in the port queue for the time specified in the pause-control frame.
Page 202: Configuring Flooding Controls
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Configuring Flooding Controls You can use these flooding techniques to block the forwarding of unnecessary flooded traffic: • Enable storm control for unicast, multicast, or broadcast packets • Block the forwarding of unicast and broadcast packets on a per-port basis •...
Page 203: Disabling Storm Control
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Disabling Storm Control Beginning in privileged EXEC mode, follow these steps to disable broadcast-storm control: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port to configure. Step 3 no port storm-control broadcast Disable port storm control.
Page 204: Enabling A Network Port
Chapter 7 Configuring the Switch Ports Configuring Flooding Controls Command Purpose Step 5 Return to privileged EXEC mode Step 6 show port block {multicast | Verify your entries, entering the appropriate command once for the unicast} interface multicast option and once for the unicast option. Enabling a Network Port Network ports are assigned per VLAN and can reduce flooded traffic on your network.
Page 205: Configuring Unidirectional Link Detection
Chapter 7 Configuring the Switch Ports Configuring UniDirectional Link Detection Configuring UniDirectional Link Detection UniDirectional Link Detection (UDLD) is a Layer 2 protocol that detects and shuts down unidirectional links. You can configure UDLD on the entire switch or on an individual port. Use the udld reset command to reset all ports that have been shut down by UDLD.
Page 206: Understanding Etherchannel Port Grouping
FEC port group Catalyst 2900 XL Cisco router or Catalyst 3500 XL switch The switch treats the port group as a single logical port; therefore, when you create a port group, the switch uses the configuration of the first port for all ports added to the group. If you add a port and change the forwarding method, it changes the forwarding for all ports in the group.
Page 207: Creating Etherchannel Port Groups
Chapter 7 Configuring the Switch Ports Configuring Protected Ports Creating EtherChannel Port Groups Beginning in privileged EXEC mode, follow these steps to create a two-port group: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode, and enter the port of the first port to be added to the group.
Page 208: Enabling Port Security
Chapter 7 Configuring the Switch Ports Enabling Port Security Enabling Port Security Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the group of addresses you have defined.
Page 209: Disabling Port Security
Chapter 7 Configuring the Switch Ports Enabling Port Security Command Purpose Step 3 port security max-mac-count 1 Secure the port and set the address table to one address. Step 4 port security action shutdown Set the port to shutdown when a security violation occurs. Step 5 Return to privileged EXEC mode.
Page 210: Configuring Span
Chapter 7 Configuring the Switch Ports Configuring SPAN To disable port security aging for all secure addresses on a port, use the no port security aging time interface configuration command. This example shows how to set the port security aging time to 2 hours on port 1. Switch(config)#interface fa0/1 Switch(config-if)#port security aging time 120 Configuring SPAN...
Page 211: Configuring Voice Ports
Configuring Voice Ports Configuring Voice Ports The Catalyst 2900 XL and Catalyst 3500 XL switches can connect to Cisco IP Phonesand carry IP voice traffic. If necessary, the Catalyst 3524-PWR XL can supply electrical power to the circuit connecting it to the phone.
Page 212: Configuring A Port To Connect To A Cisco Ip Phone
Overriding the CoS Priority of Incoming Frames A PC or other data device can connect to a Cisco IP Phone port. The PC can generate packets with an assigned CoS value. If you want, you can use the Catalyst 3524-PWR XL CLI to override the priority of frames arriving on the phone port from connected devices.
Page 213: Configuring Voice Ports To Carry Voice And Data Traffic On Different Vlans
The Catalyst 3524-PWR XL switch automatically supplies inline power to connected Cisco IP Phones and Cisco access points if it senses no power on the circuit. If there is power on the circuit, the switch does not supply it. You can also configure the Catalyst 3524-PWR XL switch to never supply power to these devices and to disable the inline-power detection mechanism.
Page 214: Configuring The Lre Ports
LRE link—This is the connection between the switch LRE port and the RJ-11 wall port on an LRE • customer premises equipment (CPE) device such as the Cisco 575 LRE CPE or Cisco 585 LRE CPE. This connection can be through categorized or noncategorized unshielded twisted-pair cable and can extend to distances of up to 4921 feet (1500 m).
Page 215: Types Of Lre Profiles
Note Consult the regulations for connecting to the PSTN in your area. Cisco LRE products can share lines with analog telephones, Integrated Services Digital Network Note (ISDN), and digital PBX switch telephones that use the 0 to 700 kHz frequency range.
Page 216: Environmental Considerations For Lre Links
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Table 7-1 LRE Profiles (continued) LRE Link LRE Link Maximum Distance between Profile Name Profile Type Downstream Rate (Mbps) Upstream Rate (Mbps) the LRE Switch and LRE CPE LRE-10-5 Private 11.38 5.69 4101 ft (1250 m)
Page 217: Considerations For Using Lre Profiles
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Older installations (Asia) 15 to 30 years old often use 0.4 mm (similar to 26 AWG) wiring with – between 1 and 12 twists per foot in bundles of 100 or more. Older installations over 30 years old often use heavy gauge wire (22 or 20 AWG) with no –...
Page 218 Chapter 7 Configuring the Switch Ports Configuring the LRE Ports We recommend using one of these six private profiles (LRE-5, LRE-10, LRE-15, LRE-10-1, • LRE-10-3, and LRE-10-5) when the link between the LRE switch and the CPE does not need to coexist in the same cable bundle as Asymmetric Digital Subscriber Line (ADSL) signaling.
Page 219: Cpe Ethernet Links
Considerations for Connected Cisco 575 LRE CPEs You can configure the Cisco 575 LRE CPE Ethernet port to operate at 10 or 100 Mbps and at half- or full-duplex mode, depending on the capability of the remote Ethernet device. Autonegotiation for port speed and duplex mode is supported.
Page 220: Considerations For Connected Cisco 585 Lre Cpes
The default speed for the CPE Ethernet ports is auto. The default duplex mode is half duplex with back pressure. Duplex autonegotiation is not supported on the Cisco 585 LRE CPE. You cannot enable or disable the CPE Ethernet ports on a per-port basis. For example, using the shutdown interface configuration command on an LRE port disables all Ethernet ports on the connected CPE.
Page 221: Assigning A Private Profile To An Lre Port
Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Assigning a Private Profile to an LRE Port Private profiles are set on a per-port basis. You can assign the same private profile or different private profiles to the LRE ports on the switch. The default active private profile on all LRE ports is LRE-10. The switch resets the ports with the updated profile settings.
Page 222 Chapter 7 Configuring the Switch Ports Configuring the LRE Ports Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 7-24 78-6511-08...
Page 223: Configuring Vlans
For information about configuring these settings from Cluster Management Suite (CMS), refer to the online help. This switch software release is based on Cisco IOS Release 12.0. It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches. This chapter provides procedures for using only the commands that have been created or changed for these switches.
Page 224: Overview
Figure 8-1 VLANs as Logically Defined Networks Engineering Marketing Accounting Catalyst 3500 VLAN VLAN VLAN series XL Cisco router Floor 3 Catalyst 2900 series XL Fast Ethernet Floor 2 Catalyst 2900 series XL Floor 1 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide...
Page 225: Management Vlans
Switches running Release 12.0(5)XP should be upgraded to the current software release as described • in the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). If you are using SNMP or CMS to manage the switch, ensure that the port through which you are connected to a switch is in the management VLAN.
Page 226: Changing The Management Vlan For A New Switch
Chapter 8 Configuring VLANs Management VLANs Changing the Management VLAN for a New Switch If you add a new switch to an existing cluster and the cluster is using a management VLAN other than the default VLAN 1, the command switch automatically senses that the new switch has a different management VLAN and has not been configured.
Page 227: Assigning Vlan Port Membership Modes
Chapter 8 Configuring VLANs Assigning VLAN Port Membership Modes Assigning VLAN Port Membership Modes You configure a port to belong to a VLAN by assigning a membership mode that determines the kind of traffic the port carries and the number of VLANs it can belong to. Table 8-2 lists the membership modes and characteristics.
Page 228: Vlan Membership Combinations
Chapter 8 Configuring VLANs Assigning VLAN Port Membership Modes VLAN Membership Combinations You can configure your switch ports in various VLAN membership combinations as listed in Table 8-3. Table 8-3 VLAN Combinations Port Mode VTP Required? Configuration Procedure Comments Static-access ports “Assigning Static-Access If you do not want to use VTP to globally propagate Ports to a VLAN”...
Page 229: Assigning Static-Access Ports To A Vlan
Chapter 8 Configuring VLANs Assigning Static-Access Ports to a VLAN Assigning Static-Access Ports to a VLAN By default, all ports are static-access ports assigned to the management VLAN, VLAN 1. You can assign a static-access port to a VLAN without having VTP globally propagate VLAN configuration information (VTP is disabled).
Page 230 Ports in static-access mode VLAN 77 VLAN 42 Cisco router Port in multi-VLAN mode Caution To avoid unpredictable STP behavior and a loss of connectivity, do not connect multi-VLAN ports to hubs or switches. Connect multi-VLAN ports to routers or servers.
Page 231: Using Vtp
Chapter 8 Configuring VLANs Using VTP Using VTP VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
Page 232: Vtp Modes And Mode Transitions
Chapter 8 Configuring VLANs Using VTP VTP Modes and Mode Transitions You can configure a supported switch to be in one of the VTP modes listed in Table 8-4. Table 8-4 VTP Modes VTP Mode Description VTP server In this mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version) for the entire VTP domain.
Page 233: Vtp Advertisements
Chapter 8 Configuring VLANs Using VTP VTP Advertisements Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port to a reserved multicast address. Neighboring switches receive these advertisements and update their VTP and VLAN configurations as necessary. Because trunk ports send and receive VTP advertisements, you must ensure that at least one trunk port Note is configured on the switch and that this trunk port is connected to the trunk port of a second switch.
Page 234: Vtp Pruning
Chapter 8 Configuring VLANs Using VTP VTP Pruning Pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them.
Page 235: Vtp Configuration Guidelines
Chapter 8 Configuring VLANs Using VTP VTP Configuration Guidelines Domain Names When configuring VTP for the first time, you must always assign a domain name. All switches in the VTP domain must also be configured with the same domain name. Switches in VTP transparent mode do not exchange VTP messages with other switches, and you do not need to configure a VTP domain name for them.
Page 236: Passwords
Chapter 8 Configuring VLANs Using VTP Command Purpose Step 9 exit Update the VLAN information on the switch and return to privileged EXEC mode. Step 10 show vtp status (Optional) Verify that the domain name is the same as in Step 1 and that the configuration revision number is 0.
Page 237: Vtp Version
Chapter 8 Configuring VLANs Using VTP VTP Version Follow these guidelines when deciding which VTP version to implement: • All switches in a VTP domain must run the same VTP version. A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP •...
Page 238: Configuring Vtp
Note The Cisco IOS end and Ctrl-Z commands are not supported in VLAN database mode. After you configure VTP, you must configure a trunk port so that the switch can send and receive VTP advertisements.
Page 239: Configuring Vtp Client Mode
Chapter 8 Configuring VLANs Using VTP Configuring VTP Client Mode When a switch is in VTP client mode, you cannot change its VLAN configuration. The client switch receives VTP updates from a VTP server in the VTP domain and then modifies its configuration accordingly.
Page 240: Disabling Vtp (Vtp Transparent Mode)
Chapter 8 Configuring VLANs Using VTP Disabling VTP (VTP Transparent Mode) When you configure the switch for VTP transparent mode, you disable VTP on the switch. The switch then does not send VTP updates and does not act on VTP updates received from other switches. However, a VTP transparent switch does forward received VTP advertisements on all of its trunk links.
Page 241: Disabling Vtp Version 2
Chapter 8 Configuring VLANs Using VTP Disabling VTP Version 2 Beginning in privileged EXEC mode, follow these steps to disable VTP version 2: Command Purpose Step 1 vlan database Enter VLAN configuration mode. Step 2 no vtp v2-mode Disable VTP version 2. Step 3 exit Update the VLAN database, propagate it throughout the administrative...
Page 242: Monitoring Vtp
Chapter 8 Configuring VLANs VLANs in the VTP Database Monitoring VTP You monitor VTP by displaying its configuration information: the domain name, the current VTP revision, and the number of VLANs. You can also display statistics about the advertisements sent and received by the switch.
Page 243: Vlan Configuration Guidelines
Chapter 8 Configuring VLANs VLANs in the VTP Database VLAN Configuration Guidelines Follow these guidelines when creating and modifying VLANs in your network: A maximum of 250 VLANs can be active on supported switches, but some models only support 64 •...
Page 244 Chapter 8 Configuring VLANs VLANs in the VTP Database Table 8-7 FDDI VLAN Defaults and Ranges (continued) Parameter Default Range Translational bridge 2 0–1005 VLAN state active active, suspend Table 8-8 FDDI-Net VLAN Defaults and Ranges Parameter Default Range VLAN ID 1004 1–1005 VLAN name...
Page 245: Configuring Vlans In The Vtp Database
The vlan.dat file is upgraded automatically, but you cannot return to an earlier version of Cisco IOS after you upgrade to this release. You can cause inconsistency in the VLAN database if you attempt to manually delete the vlan.dat file.
Page 246: Adding A Vlan
Chapter 8 Configuring VLANs VLANs in the VTP Database Adding a VLAN Each VLAN has a unique, 4-digit ID that can be a number from 1 to 1001. To add a VLAN to the VLAN database, assign a number and name to the VLAN. For the list of default parameters that are assigned when you add a VLAN, see the “Default VLAN Configuration”...
Page 247: Deleting A Vlan From The Database
Chapter 8 Configuring VLANs VLANs in the VTP Database Deleting a VLAN from the Database When you delete a VLAN from a switch that is in VTP server mode, the VLAN is removed from all switches in the VTP domain. When you delete a VLAN from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch.
Page 248: How Vlan Trunks Work
Trunks carry the traffic of multiple VLANs and can extend VLANs across an entire network. 100BASE-T and Gigabit Ethernet trunks use Cisco Inter-Switch Link (ISL), the default protocol, or industry-standard IEEE 802.1Q to carry traffic for multiple VLANs over a single link.
Page 249: Trunks Interacting With Other Features
Chapter 8 Configuring VLANs How VLAN Trunks Work Trunks Interacting with Other Features ISL, IEEE 802.1Q, and ATM trunking interacts with other switch features as described in Table 8-11. Table 8-11 Trunks Interacting with Other Features Switch Feature Trunk Port Interaction Port monitoring A trunk port cannot be a monitor port.
Page 250: Configuring A Trunk Port
Chapter 8 Configuring VLANs How VLAN Trunks Work Configuring a Trunk Port You cannot have multi-VLAN and trunk ports configured on the same switch. For information on trunk port interactions with other features, see the “Trunks Interacting with Other Features” section on page 8-27.
Page 251: Disabling A Trunk Port
Chapter 8 Configuring VLANs How VLAN Trunks Work Disabling a Trunk Port You can disable trunking on a port by returning it to its default static-access mode. Beginning in privileged EXEC mode, follow these steps to disable trunking on a port: Command Purpose Step 1...
Page 252: Changing The Pruning-Eligible List
Chapter 8 Configuring VLANs How VLAN Trunks Work Changing the Pruning-Eligible List The pruning-eligible list applies only to trunk ports. Each trunk port has its own eligibility list. VTP Pruning must be enabled for this procedure to take effect. The “Enabling VTP Pruning”...
Page 253: Configuring 802.1P Class Of Service
Chapter 8 Configuring VLANs Configuring 802.1p Class of Service Configuring 802.1p Class of Service The Catalyst 2900 XL and Catalyst 3500 XL switches provide quality of service (QoS)-based IEEE 802.1p class of service (CoS) values. QoS uses classification and scheduling to send network traffic from the switch in a predictable manner.
Page 254: Configuring The Cos Port Priorities
Chapter 8 Configuring VLANs Load Sharing Using STP Configuring the CoS Port Priorities Beginning in privileged EXEC mode, follow these steps to set the port priority for untagged (native) Ethernet frames: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter the interface to be configured.
Page 255: Configuring Stp Port Priorities And Load Sharing
Chapter 8 Configuring VLANs Load Sharing Using STP In this way, trunk 1 carries traffic for VLANs 8 through 10, and trunk 2 carries traffic for VLANs 3 through 6. If the active trunk fails, the trunk with the lower priority takes over and carries the traffic for all of the VLANs.
Page 256: Load Sharing Using Stp Path Cost
Chapter 8 Configuring VLANs Load Sharing Using STP Command Purpose Step 16 interface fa0/1 Enter interface configuration mode, and define the interface to set the STP port priority. Step 17 spanning-tree vlan 8 9 10 Assign the port priority of 10 for VLANs 8, 9, and 10. port-priority 10 Step 18 Return to global configuration mode.
Page 257 Chapter 8 Configuring VLANs Load Sharing Using STP Beginning in privileged EXEC mode, follow these steps to configure the network shown in Figure 8-6: Command Purpose Step 1 configure terminal Enter global configuration mode on Switch 1. Step 2 interface fa0/1 Enter interface configuration mode, and define Fa0/1 as the interface to be configured as a trunk.
Page 258: How The Vmps Works
Chapter 8 Configuring VLANs How the VMPS Works How the VMPS Works A switch running this software release acts as a client to the VLAN Membership Policy Server (VMPS) and communicates with it through the VLAN Query Protocol (VQP). When the VMPS receives a VQP request from a client switch, it searches its database for a MAC-address-to-VLAN mapping.
Page 259: Vmps Database Configuration File
Chapter 8 Configuring VLANs How the VMPS Works Multiple hosts (MAC addresses) can be active on a dynamic port if they are all in the same VLAN; however, the VMPS shuts down a dynamic port if more than 20 hosts are active on the port. If the link goes down on a dynamic port, the port returns to an isolated state and does not belong to a VLAN.
Page 260: Vmps Configuration Guidelines
Chapter 8 Configuring VLANs How the VMPS Works vmps-port-group WiringCloset1 device 192.168.1.1 port Fa1/3 device 172.16.1.1 port Fa1/4 vmps-port-group “Executive Row” device 192.168.2.2 port es5%Fa0/1 device 192.168.2.2 port es5%Fa0/2 device 192.168.2.3 all-ports !VLAN groups !vmps-vlan-group <group-name> ! vlan-name <vlan-name> vmps-vlan-group Engineering vlan-name hardware vlan-name software !VLAN port Policies...
Page 261: Default Vmps Configuration
Chapter 8 Configuring VLANs How the VMPS Works Default VMPS Configuration Table 8-13 shows the default VMPS and dynamic port configuration on client switches. Table 8-13 Default VMPS Client and Dynamic Port Configuration Feature Default Configuration VMPS domain server None VMPS reconfirm interval 60 minutes VMPS server retry count...
Page 262: Configuring Dynamic Ports On Vmps Clients
Chapter 8 Configuring VLANs How the VMPS Works Configuring Dynamic Ports on VMPS Clients If you are configuring a port on a member switch as a dynamic port, first log into the member switch by using the privileged EXEC rcommand command. For more information on how to use this command, refer to the switch command reference.
Page 263: Changing The Reconfirmation Interval
Chapter 8 Configuring VLANs How the VMPS Works Changing the Reconfirmation Interval VMPS clients periodically reconfirm the VLAN membership information received from the VMPS. You can set the number of minutes after which reconfirmation occurs. If you are configuring a member switch in a cluster, this parameter must be equal to or greater than the reconfirmation setting on the command switch.
Page 264: Administering And Monitoring The Vmps
Chapter 8 Configuring VLANs How the VMPS Works Administering and Monitoring the VMPS You can display information about the VMPS by using the privileged EXEC show vmps command. The switch displays this information about the VMPS: VMPS VQP Version The version of VQP used to communicate with the VMPS. The switch queries the VMPS using version 1 of VQP.
Page 265 Chapter 8 Configuring VLANs How the VMPS Works Figure 8-7 Dynamic Port VLAN Membership Configuration TFTP server Catalyst 5000 series Primary VMPS Router Server 1 172.20.26.150 Switch 1 172.20.22.7 Client Dynamic-access port 172.20.26.151 station 1 Switch 2 Trunk port Secondary VMPS 172.20.26.152 Server 2 Switch 3...
Page 266 Chapter 8 Configuring VLANs How the VMPS Works Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 8-44 78-6511-08...
Page 267: Troubleshooting
C H A P T E R Troubleshooting This chapter provides these topics about avoiding and resolving problems related to the switch software: • Statistics, page 9-2 • Avoiding Configuration Conflicts, page 9-7 Avoiding Autonegotiation Mismatches, page 9-8 • • GBIC Security and Identification, page 9-8 •...
Page 268: Chapter 9 Troubleshooting
Chapter 9 Troubleshooting Statistics Statistics This section describes the statistics you can retrieve from the switch and from connected LRE CPEs. Use the show controllers ethernet-controller and show controllers lre status privileged EXEC command to display these statistics: Table 9-1 for switch statistics •...
Page 269 Chapter 9 Troubleshooting Statistics Table 9-2 Ethernet Port Statistics Statistic Type Explanation Transmit Unicast Packets The total number of well-formed unicast packets sent by a port. It excludes packets sent with errors or with multicast or broadcast destination addresses. Multicast Packets The total number of well-formed multicast packets sent by a port.
Page 270 Chapter 9 Troubleshooting Statistics Table 9-2 Ethernet Port Statistics (continued) Statistic Type Explanation No destination unicast packets The total number of well-formed unicast frames that are discarded because the forwarding rules stipulate that they not be forwarded. This total excludes frames with errors and frames with multicast or broadcast destination address types or oversize frames and undersize frames.
Page 271 Chapter 9 Troubleshooting Statistics Table 9-3 LRE Link Statistics Statistic Type Explanation Upstream Bandwidth Usage The percentage of the bandwidth used for upstream traffic, based on the current upstream rate and actual upstream speed of LRE link. Downstream Bandwidth The percentage of the bandwidth used for downstream traffic, based on the current Usage downstream rate and actual downstream speed of the LRE link.
Page 272 Chapter 9 Troubleshooting Statistics Table 9-4 CPE Ethernet Link Statistics (continued) Counter Description Rx Pause Pkts The count of 802.3X pause packets received by the LRE CPE Ethernet port. Rx FCS Errors The count of packets received with FCS errors. Rx Alignment Errors The count of packets received with alignment errors.
Page 273: Avoiding Configuration Conflicts
Chapter 9 Troubleshooting Avoiding Configuration Conflicts Avoiding Configuration Conflicts Certain combinations of port features conflict with one another. For example, if you define a port as the network port for a VLAN, all unknown unicast and multicast traffic is flooded to the port. You could not enable port security on the network port because a secure port limits the traffic allowed on it.
Page 274: Avoiding Autonegotiation Mismatches
GBIC_SECURITY error message if the GBIC serial number, the vendor name or ID, the security code, or CRC is invalid. If you are using a non-Cisco approved GBIC module, remove the GBIC module from the switch, and Note replace it with a Cisco-approved module.
Page 275: Troubleshooting Lre Port Configuration
Chapter 9 Troubleshooting Troubleshooting LRE Port Configuration Troubleshooting LRE Port Configuration Table 9-6 lists problems you might encounter when configuring and monitoring the Long-Reach Ethernet (LRE) ports on the Catalyst 2900 LRE XL switches. For additional information about what can affect LRE connections, see the “Environmental Considerations for LRE Links”...
Page 276 Chapter 9 Troubleshooting Troubleshooting LRE Port Configuration Table 9-6 LRE Port Problems (continued) Problem Suspected Cause and Suggested Solution Ethernet performance Interleaver introduces extra latency to increase noise margin. degradation due to • Adjust upper-layer network protocols to allow for high latency. excessive network •...
Page 277: Troubleshooting Cms Sessions
Catalyst 2950 member switches running Release 12.0(5)WC2 or earlier – Catalyst 3550 member switches running Release 12.1(6)EA1 or earlier – For more information about this limitation, refer to the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). These switches do not support read-only mode on CMS: • Catalyst 1900 and Catalyst 2820 –...
Page 278 CMS requires a Java plug-in to function correctly. For instructions on downloading and Management Suite from installing the plug-in, refer to the release notes the Cisco Systems Access (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). page. If your PC is connected to the Internet when you attempt to access CMS, the browser Note notifies you that the Java plug-in is required if the plug-in is not installed.
Page 279 (For switches running Start Internet Explorer. software earlier than From the menu bar, select Tools > Internet Options. Cisco IOS From the Internet Options window, click Advanced. Release 12.0(5)WC1) Select the Java logging enabled and JIT compiler for virtual machine enabled check boxes, and click Apply.
Page 280: Determining Why A Switch Is Not Added To A Cluster
Topology view displays the cluster as a double-switch icon and shows connections to devices outside the cluster (Figure 9-1). Right-click the device (yellow label), and select Disqualification Code. For a list of devices that are cluster-enabled, refer to the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). Figure 9-1 Cluster View Right-click a device with a yellow label to...
Page 281: Copying Configuration Files To Troubleshoot Configuration Problems
Chapter 9 Troubleshooting Copying Configuration Files to Troubleshoot Configuration Problems Copying Configuration Files to Troubleshoot Configuration Problems You can use the file system in Flash memory to copy files and to troubleshoot configuration problems. This could be useful if you wanted to save configuration files on an external server in case a switch fails. You can then copy the configuration file to a replacement switch and avoid having to reconfigure the switch.
Page 282: Troubleshooting Switch Software Upgrades
This also happens in cases when a 4-MB Catalyst 2900 XL switch is upgraded to an Cisco IOS 12.0 image. Download the IOS image file by using X-Modem.
Page 283 Chapter 9 Troubleshooting Troubleshooting Switch Software Upgrades Table 9-8 Problems Encountered When Upgrading the Switch (continued) Problem Suspected Cause and Suggested Solution Failed software upgrade; This might be due to a corrupt or incorrect image, or the image in Flash memory might be switch is resetting missing.
Page 284: Recovery Procedures
5-23. For a list of command-capable Catalyst desktop switches, see the release notes (http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/index.htm). If you have not configured a standby command switch, and your command switch loses power or fails in some other way, management contact with the member switches is lost, and a new command switch must be installed.
Page 285: Replacing A Failed Command Switch With A Cluster Member
Chapter 9 Troubleshooting Recovery Procedures Replacing a Failed Command Switch with a Cluster Member Follow these steps to replace a failed command switch with a command-capable member of the same cluster: Disconnect the command switch from the member switches, and physically remove it from the cluster. Step 1 Use a member switch in place of the failed command switch, and duplicate its connections to the cluster Step 2...
Page 286 Chapter 9 Troubleshooting Recovery Procedures Enter the IP address of the default gateway, and press Return. Step 14 IP address of the default gateway: ip_address Step 15 Enter a host name for the switch, and press Return. Note On a command switch, the host name is limited to 28 characters; on a member switch to 31 characters.
Page 287: Replacing A Failed Command Switch With Another Switch
Chapter 9 Troubleshooting Recovery Procedures snmp community private rw snmp community public ro cluster enable cls_name Verify that the information is correct. Step 22 • If the information is correct, enter Y at the prompt, and press Return. • If the information is not correct, enter N at the prompt, press Return, and begin again at Step 1. Use this configuration? [yes/no]: y Step 23 Start your browser, and enter the switch IP address that you entered in Step 11.
Page 288 Chapter 9 Troubleshooting Recovery Procedures Enter the switch IP address, and press Return: Step 7 Enter IP address: ip_address Step 8 Enter the subnet mask, and press Return: Enter IP netmask: ip_netmask Step 9 Enter Y at the next prompt to specify a default gateway (router): Would you like to enter a default gateway address? [yes]: y Step 10 Enter the IP address of the default gateway, and press Return.
Page 289: Recovering From A Failed Command Switch Without Replacing The Command Switch
Chapter 9 Troubleshooting Recovery Procedures The initial configuration is displayed: Step 17 The following configuration command script was created: ip subnet-zero interface VLAN1 ip address 172.20.153.36 255.255.255.0 ip default-gateway 172.20.153.01 hostname host_name enable secret 5 $1$M3pS$cXtAlkyR3/6Cn8/ line vty 0 15 password telnet_password snmp community private rw snmp community public ro...
Page 290: Recovering From A Lost Or Forgotten Password
Chapter 9 Troubleshooting Recovery Procedures Recovering from a Lost or Forgotten Password Follow the steps in this procedure if you have forgotten or lost the switch password. Step 1 Connect a terminal or PC with terminal emulation software to the console port. For more information, refer to the switch installation guide.
Page 291 Chapter 9 Troubleshooting Recovery Procedures Boot the system: Step 10 switch: boot You are prompted to start the setup program. Enter N at the prompt: Continue with the configuration dialog? [yes/no]: N Step 11 At the switch prompt, change to privileged EXEC mode: switch>...
Page 292: Recovering From Corrupted Software
Chapter 9 Troubleshooting Recovery Procedures Recovering from Corrupted Software Switch software can be corrupted during an upgrade, by downloading the wrong file to the switch, and by deleting the image file. In all these cases, the switch does not pass the power-on self-test (POST), and there is no connectivity.
Page 293: Appendix
Error Message and Recovery Procedures, page A-4 This switch software release is based on Cisco IOS Release 12.0. It has been enhanced to support a set of features for the Catalyst 2900 XL and Catalyst 3500 XL switches. This appendix provides system messages that have been created or changed for these switches.
Page 294: How To Read System Messages
CPU_NET Message, page A-9 ENVIRONMENT Environment ENVIRONMENT Messages, page A-9 FRANK Gigabit Ethernet controller FRANK Messages, page A-10 GBIC_1000BASET Cisco GigaStack Gigabit Interface Converter GBIC_1000BASET Messages, page A-15 GBIC_SECURITY GBIC module security GBIC_SECURITY Messages, page A-16 GIGASTACK GigaStack GBIC GigaStack Messages, page A-17...
Page 295: Message Severity Levels
Appendix A System Messages How to Read System Messages Table A-1 Facility Codes (continued) Code Facility Location SPANTREE Spanning Tree Protocol SPANTREE Messages, page A-35 SPANTREE_FAST STP fast convergence SPANTREE_FAST Messages, page A-38 STORM_CONTROL Storm control STORM_CONTROL Message Messages, page A-39 SW_VLAN VLAN Manager SW_VLAN Messages, page A-39...
Page 296: Error Message Traceback Reports
Appendix A System Messages Error Message Traceback Reports Table A-3 Representation of Variable Fields in Messages (continued) Representation Type of Information [hex] Hexadecimal integer [inet] Internet address The following is a sample system message: %LINK-2-BADVCALL: Interface [chars], undefined entry point Some error messages also indicate the card and slot reporting the error.
Page 297: Aaaa Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 298 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 299: Capitola Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 300: Chassis Message
Appendix A System Messages Error Message and Recovery Procedures Error Message CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on [chars] ([dec]), with [chars] [chars] ([dec]). CDP discovered a mismatch of native-VLAN configurations. Explanation Configure the interfaces to the same native VLAN. Recommended Action CHASSIS Message This section contains the chassis error message.
Page 301: Cpu_Net Message
Appendix A System Messages Error Message and Recovery Procedures Error Message CMP-5-MGMT_VLAN_CHNG: The management vlan has been changed to [dec] The management VLAN has been changed. Explanation No action is required. Recommended Action CPU_NET Message This section contains the CPU network interface error message. Error Message CPU_NET-0-QUEUE_STUCK: The interface between the CPU and the switch has\nbecome stuck.
Page 302: Frank Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 303 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 304 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 305 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 306 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 307: Gbic_1000Baset Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 308: Gbic_Security Messages
GBIC interface. Explanation This message means that the GBIC was identified as a Cisco GBIC, but its serial number matches that of another interface on the system. [chars] is the interface in which the GBIC is installed.
Page 309: Gigastack Messages
This message means that the GBIC was identified as a Cisco GBIC, but the system was Explanation unable to match its manufacturer with one of the known list of Cisco GBIC vendors. [chars] is the interface in which the GBIC is installed.
Page 310: Hw_Memory Messages
If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 311: Interface Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 312: Lre Cpe Messages
The model number string in the CPE EEPROM does not match a known CPE model Explanation number. If this is a Cisco supported CPE, the model number string in the CPE EEPROM Recommended Action must be reprogrammed. Error Message LRE_CPE-3-WRONGAPPVER: CPE on interface [chars] reported unsupported version of application firmware [chars].
Page 313: Lre_Link Messages
The Ethernet PHY device on this CPE is not supported. Explanation Recommended Action Cisco does not support this CPE device. Replace this CPE with one that is supported. Error Message LRE_CPE-3-INVALIDMODE: CPE on interface [chars] is in invalid mode [chars].
Page 314: Mat Messages
Recommended Action There might be too many impairments on the connection between the switch and the CPE for the ports to sustain the profile rate. If you suspect the switch or CPE is faulty, contact Cisco Systems. MAT Messages This section contains the MAC address table error messages.
Page 315: Mirror Messages
Recommended Action that generates the packet. If the problem persists, copy the error message exactly as it appears on the console or in the system log, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 316: Modules Messages
If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information. Error Message MODULES-3-MAC_TBL_SIZE Explanation The dynamic module insertion supports less MAC addresses.
Page 317: Perf5_Halt_Msg Message
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 318 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 319 Appendix A System Messages Error Message and Recovery Procedures Error Message PM-4-BAD_PORT_NUMBER: An invalid port number ([dec]) was detected An invalid request was detected by the Port Manager. Explanation No action is required. Recommended Action Error Message PM-4-BAD_VLAN_COOKIE: An invalid vlan cookie was detected An invalid request was detected by the Port Manager.
Page 320: Pmsm Messages
Appendix A System Messages Error Message and Recovery Procedures PMSM Messages This section contains the Port Manager state machine error messages. Error Message PMSM-4-BADEVENT: Event ’[chars]’ is invalid for the current state ’[chars]’:[chars] [chars] The Port Manager subsystem attempted to post an event to a state machine that is invalid Explanation for the current state.
Page 321: Port_Security Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 322 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 323 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 324 Appendix A System Messages Error Message and Recovery Procedures Error Message PRUNING-4-NOBUF: No mbuf to build join No explanation is available at this time. Explanation No action is required. Recommended Action Error Message PRUNING-5-JOINDIFFDOMAIN: Domain [chars] not found in rx Join (trunk [hex]) No explanation is available at this time.
Page 325: Rac Message
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 326: Rtd Messages
Appendix A System Messages Error Message and Recovery Procedures RTD Messages This section contains the runtime diagnostic error messages. Error Message RTD-1-ADDR_FLAP [chars] relearning [dec] addrs per min Explanation Normally, MAC addresses are learned once on a port. Occasionally, when a switched network reconfigures, due to either manual or STP reconfiguration, addresses learned on one port are relearned on a different port.
Page 327: Snmp Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 328 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 329 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 330: Spantree_Fast Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 331: Storm_Control Message Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 332 Appendix A System Messages Error Message and Recovery Procedures Error Message SW_VLAN-4-BAD_VLAN_CONFIGURATION_FILE: VLAN configuration file contained incorrect verification word:[hex] The VLAN configuration file read by the VLAN manager did not begin with a correct Explanation value that would indicate a valid VLAN configuration file. It has been rejected. No action is required.
Page 333: Sys Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 334 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 335 If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 336: Tac Messages
If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 337: Ttydriver Messages
If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information..
Page 338: Vqpclient Messages
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 339 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 340 Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 341: Vtp Message
Enter the show tech-support command to gather data that might provide information to determine the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support output, contact your Cisco technical support representative, and provide the representative with the gathered information.
Page 342 Appendix A System Messages Error Message and Recovery Procedures Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide A-50 78-6511-08...
Page 343: I N D E X
I N D E X MIBs Numerics files 1000BASE-T module, Catalyst 2900 XL objects 802.1Q trunk mode 2-12 variables switch clusters 5-15 Telnet access access levels, CMS 2-33 aaa (authentication, authorization, and accounting) access points, inline power 7-15 configuring access ports 6-54 managing dynamic...
Page 344 Index AppleTalk Remote Access adding secure 6-18 See ARA aging time 6-16 Apply button 2-31 discovering 6-15, 6-32 6-53 notification ARP table 6-17 secure address resolution 6-32 adding 6-18 managing 6-32 described asymmetric digital subscriber line 6-15, 6-18 removing See ADSL 6-18 static ATM ports...
Page 345 Cisco IOS Release 12.0 documentation c2900/c3500 traps 6-49 Cisco IP Phones c2900 traps 6-49 See IP phones Cancel button 2-31 Cisco LRE 48 POTS Splitter (PS-1M-LRE-48) 1-5, 1-17 candidate switch Cisco SoftPhone software 1-13 adding 5-21 CiscoWorks 2000 1-6, 4-6...
Page 346 Index managing clusters RADIUS 5-26 5-17 overview SNMP 5-16, 5-27 saving changes switch-specific features 5-19 using TACACS+ 5-17 client mode, VTP redundancy 8-10 5-23 cluster commands troubleshooting 5-25, 9-14 See switch command reference verifying 5-25 Cluster Management Suite See also candidate switch, command switch, cluster standby group, member switch, and standby See CMS command switch...
Page 347 Index online help password privilege levels 2-29 5-26 privilege level 2-33, 6-11 priority 5-12 requirements 2-32 recovery saving configuration changes from command-switch failure 2-34 5-12 toolbar from failure 2-23 9-18, 9-23 tool tips 2-29 from failure without HSRP 9-23 Topology view 2-13 from lost member connectivity 9-18...
Page 348 RMON groups configuration 1-21 SNMP 6-48 multidwelling configuration 1-19 speed 7-2, 7-3 small to medium-sized network 1-11 on Cisco 575 LRE CPE 7-21 configuration files, DHCP static addresses (EtherChannel) 6-20 configuring 6-33 802.1p class of service 8-31 BPDU guard 6-47...
Page 349 7-14 resetting to deleting VLAN from database 8-25 Ethernet links 7-16, 7-21 destination-based forwarding considerations for Cisco 575 LRE CPE 7-21 destination-based port groups 6-20, 7-8 considerations for Cisco 585 LRE CPE 7-22 device icons statistics Front Panel view...
Page 350 8-42 configuring configuring 8-40 described example 8-42 enabling overview 8-36 documentation reconfirming 8-41 Cisco IOS Release 12.0 troubleshooting 8-42 giving feedback VMPS database configuration file 8-37 on CD-ROM dynamic port VLAN membership, reconfirming 8-40 ordering Dynamic Trunk Protocol related xviii...
Page 351 8-31 incompatible environment system messages list of error checking, CMS 2-34 feedback to Cisco, documentation error disable detect command field descriptions, CMS error-disabled state See online help error disable recovery command File Transfer Protocol error messages See FTP, accessing MIB files...
Page 352 Index Front Panel view global configuration mode cluster tree graphs, bandwidth command switch guide mode 1-7, 2-28 described pop-up menus 2-24 port icons port LEDs hardware memory system messages RPS LED See HW_MEMORY system messages switch images HC (candidate switch) 5-23 FTP, accessing MIB files hello BPDU interval...
Page 353 5-25 sorting 2-31 IOS command-line interface, Cisco toolbar 2-23 See CLI Topology view 2-15 IOS Release 12.0 documentation, Cisco web link 2-31 IP addresses IEEE 802.1P 7-13 candidate or member 5-4, 5-15 IEEE 802.1Q cluster access configuration considerations...
Page 354 2-11 assigning a public profile 7-22 port modes assigning the default profile 7-23 CPE Ethernet links speed mode Cisco 575 LRE CPE considerations 7-21 STAT mode Cisco 585 LRE CPE considerations 7-22 legend, CMS icons and labels 2-22 described 7-16, 7-21...
Page 355 Index system messages maximum number supported 6-15 CPE Ethernet link A-20 notification and history of activity 6-17 LRE link A-21 MAC address notification 6-17 troubleshooting mac-notification traps 6-49 See also LRE profiles and CPE MAC address tables, managing 6-15 lre profile command 7-23 management options lre profile global command...
Page 356 Index messages Multicast VLAN Registration CLI error See MVR system 2-21, 9-11, A-1 Multilink Decomposer window 2-25 message severity levels multilink icon 2-25 described multi-VLAN mode 2-12 table multi-VLAN ports metropolitan-area networks assigning to VLANs 8-7, 8-8 See MANs described MIBs, accessing VLAN membership combinations files...
Page 357 6-44, 6-45, 8-34 no lre profile global command 7-22 1-17 nonhomologated POTS splitter PC (passive command switch) 5-12, 5-23 See Cisco LRE POTS Splitter (PS-1M-LRE-48) PERF5_HALT_MSG (manufacturing test) system messages A-25 note symbol, definition of xvii plain old telephone service...
Page 358 Index port icons, Front Panel view features, conflicting port LEDs flooded traffic Catalyst 2900 XL forwarding, resuming 10/100 and modules ports Gigabit Ethernet LRE ports configuring flow control on 2-10 Catalyst 3500 XL 2-11 settings port modes ISL trunk 2-12 Port Manager state machine system messages 7-16 See PMSM system messages...
Page 359 Index POTS splitters profiles, LRE homologated 1-17 considerations 7-19 nonhomologated 1-17 switch clusters 5-19 See also Cisco LRE 48 POTS Splitter (PS-1M-LRE-48) default 7-17 POTS telephones assigning 1-17, 7-20 7-23 power, inline 7-15 described 7-16 power detection on the Catalyst 3524-PWR XL...
Page 360 Index redundancy 6-34 path cost 8-34 egress port scheduling 8-31 port priority 8-32 ingress port scheduling 8-31, 8-32 UplinkFast 6-36 redundant clusters See cluster standby group redundant power system RAC system messages See RPS A-33 RADIUS Refresh button 2-31 attributes registors system messages A-33 vendor-proprietary...
Page 361 Index router autoconfiguration system messages speed 7-3, 7-21 See RAC system messages 6-35 router hold-time, modifying 6-22 STP default 6-35 RPS LED set-top box, television 1-17 RTD messages setup program A-34 xv, 4-2 Runtime Diagnostic See also release notes See RTD messages severity levels described table...
Page 362 Index snmp static-access ports 6-49 6-49 assigning to VLAN 8-7, 8-25 vlan membership 6-49 described VLAN membership combinations 6-49 software static addresses recovery procedures 9-26 adding 6-19 releases configuring for EtherChannel port groups 6-20 described 6-15, 6-19 non-LRE removing 6-19 requirements for changing management VLAN 5-18, 8-3 See also static address...
Page 363 Index parameters switch ports, configuring 6-33 path cost switch software releases changing 6-45 switch statistics configuring switch upgrades 8-34 Port Fast See upgrading software enabling 6-44 system date and time 6-12 mode 8-38 system messages port grouping parameters AAAA 7-8, 8-27 port priority 6-45, 8-33 port states...
Page 364 Index time A-41 A-44 daylight saving 6-12 traceback reports setting 6-12 TTYDRIVER zones A-45 6-12 tip symbol, definition of A-49 xvii TLV support 8-11 Token Ring VLANs overview 8-20 TRBRF 8-11, 8-22 tables TRCRF 8-11, 8-22 message severity levels toolbar 2-23 variable fields tool tips...
Page 365 Index traps, snmp Gigabit Ethernet 8-26 c2900 6-49 IEEE 802.1Q 8-26 c2900/c3500 6-49 interacting with other features 8-27 cluster 6-49 8-26 config load sharing using 6-49 hsrp 6-49 STP path costs 8-34 mac-notification 6-49 STP port priorities 8-32 snmp native VLAN for untagged traffic 6-49 8-30 overview...
Page 366 Index VLANs 802.1Q considerations 8-26 variable fields adding to database 8-24 definition aging dynamic addresses 6-34 table allowed on trunk 8-29 vendor-specific attributes changing 8-24 See VSAs configuration guidelines 8-21 verifying changes in CMS 2-34 configuring 8-1, 8-23 version-dependent transparent mode 8-11 default configuration 8-21...
Page 367 Index dynamic port membership server 8-10, 8-16 configuring 8-40 transitions 8-10 example 8-42 transparent 8-7, 8-10, 8-18 overview monitoring 8-36 8-20 reconfirming pruning 8-40, 8-41 troubleshooting 8-42 enabling 8-19 mapping MAC addresses to VLANs 8-36 overview 8-12 monitoring pruning-eligible list, changing 8-42 8-30 overview...
Page 368 Index Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide IN-26 78-6511-08...

This manual is also suitable for:

Ws-c2960s-48td-l Ws-c2960s-24pd-l Ws-c2916m-xl Ws-c2912mf-xl Ws-c2924-xl Ws-c2950-12 ... Show all

Cisco WS-C2955T-12 Software Manual

Vtp

Chapter 2 Getting Started with CMS

Device Icons

Sys

Tac

Chapter 3 Getting Started with the CLI

Chapter 4 General Switch Administration

Chapter 5 Clustering Switches

Tac

Chapter 6 Configuring the System

Configuring the Switch Ports

Chapter 7 Configuring the Switch Port

Configuring Vlans

Chapter 8 Configuring VLAN

Quick Links

Troubleshooting

Related Manuals for Cisco WS-C2955T-12

Summary of Contents for Cisco WS-C2955T-12