- •Table of Contents
- •Cisco Switching Black Book
- •Introduction
- •Overview
- •Is This Book for You?
- •How to Use This Book
- •The Black Book Philosophy
- •Chapter 1: Network Switching Fundamentals
- •In Depth
- •Physical Media and Switching Types
- •A Bit of History
- •Networking Architectures
- •The Pieces of Technology
- •Repeaters
- •Hubs
- •Bridges
- •Routers
- •Switches
- •Network Design
- •Collision Domains
- •Broadcast Domains
- •Why Upgrade to Switches?
- •Switched Forwarding
- •Switched Network Bottlenecks
- •The Rule of the Network Road
- •Switched Ethernet Innovations
- •Fast Ethernet
- •Gigabit Ethernet
- •The Cisco IOS
- •Connecting to the Switch
- •Powering Up the Switch
- •The Challenges
- •Entering and Exiting Privileged EXEC Mode
- •Entering and Exiting Global Configuration Mode
- •Entering and Exiting Interface Configuration Mode
- •Entering and Exiting Subinterface Configuration Mode
- •Saving Configuration Changes
- •Chapter 2: Basic Switch Configuration
- •In Depth
- •Campus Hierarchical Switching Model
- •Access Layer
- •Distribution Layer
- •Core Layer
- •Remote Network Monitoring
- •Connecting to the Console Port
- •Console Cable Pinouts
- •Console Connectors
- •Switch IOSs
- •The IOS Configuration Modes
- •Limiting Telnet Access
- •Implementing Privilege Levels
- •Setting the Login Passwords
- •Setting Privilege Levels
- •Assigning Allowable Commands
- •Configuring the Hostname
- •Configuring the Date and Time
- •Configuring an IP Address and Netmask
- •Configuring a Default Route and Gateway
- •Configuring Port Speed and Duplex
- •Enabling SNMP Contact
- •Logging On to a Switch
- •Setting the Login and Enable Passwords
- •Changing the Console Prompt
- •Entering a Contact Name and Location Information
- •Configuring System and Time Information
- •Configuring an IP Address and Netmask
- •Configuring a Default Route and Gateway
- •Viewing the Default Routes
- •Configuring Port Speed and Duplex
- •Enabling SNMP
- •Configuring Trap Message Targets
- •Configuring the Console Port
- •Configuring Telnet
- •Configuring the Password
- •Configuring an IP Address and Default Gateway
- •Configuring SNMP
- •Configuring ROM
- •Entering ROM Configuration Mode
- •Booting ROM Mode from a Flash Device
- •Configuring SNMP
- •Configuring RMON
- •Using Set/Clear Command Set Recall Key Sequences
- •Chapter 3: WAN Switching
- •In Depth
- •WAN Transmission Media
- •Synchronous Transport Signal (STS)
- •Cisco WAN Switches
- •MGX 8200 Series
- •IGX 8400 Series
- •WAN Switch Hardware Overview
- •Cisco WAN Switch Network Topologies
- •Network Management
- •WAN Manager
- •Accessing and Setting Up IGX and BPX Switches
- •Adding New Users
- •Using the History Command
- •Displaying a Summary of All Card Modules
- •Displaying Detailed Information for a Card Module
- •Displaying the Power and Temperature of a Switch
- •Displaying the ASM Statistics for BPX
- •Configuring the ASM Setting for BPX
- •Logging Out
- •Resetting the Switch
- •Displaying Other Switches
- •Setting the Switch Name
- •Setting the Time Zone
- •Configuring the Time and Date
- •Configuring the Control and Auxiliary Ports
- •Modifying the Functions of the Control and Auxiliary Ports
- •Configuring the Printing Function
- •Configuring the LAN Interface
- •Accessing the MGX 8850 and 8220
- •Adding New Users
- •Changing Passwords
- •Assigning a Switch Hostname
- •Displaying a Summary of All Modules
- •Displaying Detailed Information for the Current Card
- •Changing the Time and Date
- •Displaying the Configuration of the Maintenance and Control Ports
- •Displaying the IP Address
- •Configuring the IP Interface
- •Displaying the Alarm Level of the Switch
- •Chapter 4: LAN Switch Architectures
- •In Depth
- •The Catalyst Crescendo Architecture
- •ASICs
- •The Crescendo Processors
- •Crescendo Logic Units
- •Other Cisco Switch Processors, Buses, ASICs, and Logic Units
- •AXIS Bus
- •CEF ASIC
- •Phoenix ASIC
- •SAGE ASIC
- •QTP ASIC
- •QMAC
- •Bridging Types
- •Source Route Bridging
- •Source Route Transparent Bridging
- •Source Route Translational Bridging
- •Transparent Bridging
- •Source Route Switching
- •Switching Paths
- •Process Switching
- •Fast Switching
- •Autonomous Switching
- •Silicon Switching
- •Optimum Switching
- •Distributed Switching
- •NetFlow Switching
- •System Message Logging
- •Loading an Image on the Supervisor Engine III
- •Booting the Supervisor Engine III from Flash
- •Setting the Boot Configuration Register
- •Configuring Cisco Express Forwarding
- •Enabling CEF
- •Disabling CEF
- •Enabling dCEF
- •Disabling dCEF
- •Disabling CEF on an Individual Interface
- •Configuring CEF Load Balancing
- •Disabling CEF Load Balancing
- •Enabling Network Accounting for CEF
- •Setting Network Accounting for CEF to Collect Packet Numbers
- •Viewing Network Accounting for CEF Statistics
- •Viewing the Adjacency Table on the 8500 GSR
- •Clearing the Adjacency Table on the 8500 GSR
- •Clearing the Server Logging Table
- •Disabling Server Logging
- •Displaying the Logging Configuration
- •Displaying System Logging Messages
- •Chapter 5: Virtual Local Area Networks
- •In Depth
- •The Flat Network of Yesterday
- •Why Use VLANs?
- •VLAN Basics
- •A Properly Switched Network
- •Switched Internetwork Security
- •Scaling with VLANs
- •VLAN Boundaries
- •VLAN Membership Types
- •Traffic Patterns Flowing through the Network
- •VLAN Trunking
- •Trunk Types
- •LAN Emulation (LANE)
- •VLAN Trunking Protocol (VTP)
- •VTP Versions
- •VTP Advertisements
- •VTP Switch Modes
- •Methods for VLAN Identification
- •Dynamic Trunking Protocol
- •InterVLAN Routing
- •Internal Route Processors
- •How InterVLAN Routing Works
- •Configuring a Static VLAN on a Catalyst 5000 Series Switch
- •Configuring Multiple VLANs on a Catalyst 5000 Series Switch
- •Creating VLANs on a Catalyst 1900EN Series
- •Assigning a Static VLAN to an Interface on a 1900EN Series
- •Viewing the VLAN Configuration on a 1900 Series
- •Viewing an Individual VLAN Configuration on a 1900 Series
- •Configuring a Trunk Port on a Cisco 5000 Series
- •Mapping VLANs to a Trunk Port
- •Configuring a Trunk Port on a Cisco 1900EN Series
- •Clearing VLANs from Trunk Links on a Cisco 5000 Series
- •Clearing VLANs from Trunk Links on a Cisco 1900EN Series
- •Verifying a Trunk Link Configuration on a 5000 Series
- •Verifying a Trunk Link Configuration on a 1900EN Series
- •Configuring the VTP Version on a Catalyst 5000 Switch
- •Configuring a VTP Domain on a Catalyst 1900 Switch
- •Setting a VTP Domain Password on a Catalyst Switch
- •Configuring a Catalyst 1900 Switch as a VTP Server
- •Configuring a Catalyst 1900 Switch as a VTP Client
- •Configuring a Catalyst 1900 Switch for Transparent Mode
- •Configuring VTP Pruning on a Catalyst 1900 Switch
- •Configuring VTP on a Set/Clear CLI Switch
- •Configuring VTP on a 1900 Cisco IOS CLI Switch
- •Verifying the VTP Configuration on a Set/Clear CLI
- •Displaying VTP Statistics
- •Configuring VTP Pruning on a Set/Clear CLI Switch
- •Disabling Pruning for Unwanted VLANs
- •Configuring IP InterVLAN Routing on an External Cisco Router
- •Configuring IPX InterVLAN Routing on an External Router
- •In Depth
- •Internal Route Processors
- •Available Route Processors
- •Routing Protocol Assignment
- •Supervisor Engine Modules
- •Supervisor Engines I and II
- •Supervisor Engine III
- •Using the Supervisor Engine
- •Etherport Modules
- •Port Security
- •Manually Configured MAC Addresses
- •Determining the Slot Number in Which a Module Resides
- •Accessing the Internal Route Processor from the Switch
- •Configuring a Hostname on the RSM
- •Assigning an IP Address and Encapsulation Type to an Ethernet Interface
- •Setting the Port Speed and Port Name on an Ethernet Interface
- •Configuring a Default Gateway on a Catalyst 5000
- •Verifying the IP Configuration on a Catalyst 5000
- •Enabling RIP on an RSM
- •Configuring InterVLAN Routing on an RSM
- •Configuring IPX InterVLAN Routing on the RSM
- •Configuring AppleTalk InterVLAN Routing on an RSM
- •Viewing the RSM Configuration
- •Assigning a MAC Address to a VLAN
- •Viewing the MAC Addresses
- •Configuring Filtering on an Ethernet Interface
- •Configuring Port Security on an Ethernet Module
- •Clearing MAC Addresses
- •Configuring the Catalyst 5000 Supervisor Engine Module
- •Changing the Management VLAN on a Supervisor Engine
- •Viewing the Supervisor Engine Configuration
- •Configuring the Cisco 2621 External Router for ISL Trunking
- •Configuring Redundancy Using HSRP
- •Chapter 7: IP Multicast
- •In Depth
- •IP Multicasting Overview
- •Broadcast
- •Unicast
- •Multicast
- •IP Multicasting Addresses
- •The Multicast IP Structure
- •Delivery of Multicast Datagrams
- •Multicast Distribution Tree
- •Multicast Forwarding
- •IGMP Protocols
- •Internet Group Management Protocol (IGMP)
- •IGMPv1
- •IGMPv2
- •Time to Live
- •Multicast at Layer 2
- •IGMP Snooping
- •Cisco Group Management Protocol
- •Router Group Management Protocol
- •GARP Multicast Registration Protocol
- •Configuring IP Multicast Routing
- •Disabling IP Multicast Routing
- •Enabling PIM on an Interface
- •Disabling PIM on an Interface
- •Configuring the Rendezvous Point
- •Adding a Router to a Multicast Group
- •Configuring a Router to Be a Static Multicast Group Member
- •Restricting Access to a Multicast Group
- •Changing the IGMP Version
- •Configuring Multicast Groups
- •Removing Multicast Groups
- •Configuring Multicast Router Ports
- •Displaying Multicast Routers
- •Removing the Multicast Router
- •Configuring IGMP Snooping
- •Disabling IGMP Snooping
- •Displaying IGMP Statistics
- •Displaying Multicast Routers Learned from IGMP
- •Displaying IGMP Multicast Groups
- •Configuring CGMP
- •Disabling CGMP
- •Displaying CGMP Statistics
- •Configuring RGMP on the Switch
- •Disabling RGMP on the Switch
- •Configuring RGMP on the Router
- •Disabling RGMP on the Router
- •Displaying RGMP Groups
- •Displaying RGMP VLAN Statistics
- •Configuring GMRP
- •Disabling GMRP
- •Enabling GMRP on Individual Ports
- •Disabling GMRP on Individual Ports
- •Configuring GMRP Registration
- •Displaying the GMRP Configuration
- •Setting GMRP Timers
- •Displaying GMRP Timers
- •Disabling Multicast Suppression
- •Chapter 8: WAN Cell Switching
- •In Depth
- •ATM Overview
- •LANE
- •ATM Protocols
- •ATM Circuit Switching
- •ATM Cells
- •The ATM Switch and ATM Endpoints
- •The ATM Reference Model
- •Specifying ATM Connections
- •ATM Addressing
- •Local Area Network Emulation (LANE)
- •LANE Components
- •Integrated Local Management Interface (ILMI)
- •LANE Communication
- •LANE Configuration Guidelines
- •How LANE Works
- •Implementing LANE
- •Configuring ATM on the 5000 Switch
- •Connecting in an ATM Network
- •Monitoring and Maintaining LANE
- •Accessing the ATM LANE Module
- •Displaying the Selector Field
- •Configuring the LES/BUS
- •Verifying the LES/BUS Configuration
- •Configuring a LEC for an ELAN
- •Verifying a LEC Configuration on an ELAN
- •Configuring the LECS
- •Viewing the LANE Database
- •Binding the LECS Address to an Interface
- •Verifying the LECS Configuration
- •Chapter 9: LightStream Switches
- •In Depth
- •LightStream 100
- •LightStream 1010
- •LightStream 2020
- •Neighborhood Discovery Function
- •Virtual Path Connections
- •LightStream Troubleshooting Tools
- •LightStream Boot Process
- •Supported Troubleshooting Protocols
- •Snooping Mechanisms
- •Multiprotocol Over ATM
- •Configuring the Hostname
- •Configuring an Enable Password
- •Configuring the Processor Card Ethernet Interface
- •Configuring Virtual Private Tunnels
- •Verifying an ATM Interface Connection Status
- •Viewing the Configured Virtual Connections
- •Configuring the LECS ATM Address on a LightStream 1010 Switch
- •Configuring the Advertised LECS Address
- •Viewing the LANE Configuration
- •Viewing the Installed Modules
- •Configuring the MPC
- •Configuring the MPS
- •Changing the MPS Variables
- •Monitoring the MPS
- •Enabling ILMI Autoconfiguration
- •Configuring LANE on a LightStream 1010
- •Powering on the LightStream 100 ATM Switch
- •Configuring the LS100 Switch
- •Recovering a Lost Password
- •Chapter 10: Layer 2 Redundant Links
- •In Depth
- •Layer 2 Switching Overview
- •Frames
- •Broadcast and Multicast Frames
- •Unknown Unicasts
- •Layer 2 Network Loops
- •Danger! Data Loops!
- •STP Root Bridges
- •Bridge Protocol Data Units
- •Root Bridge Selection
- •Spanning Tree Convergence Time
- •STP Port States
- •EtherChannel
- •Link Failure
- •Port Aggregation Protocol
- •Fast Convergence Components of STP
- •PortFast
- •UplinkFast
- •BackboneFast
- •Viewing the STP Configuration on a Command Line Switch
- •Configuring the STP Root Switch
- •Configuring the STP Secondary Root Switch
- •Verifying the VLAN Priority Settings
- •Preparing to Enable EtherChannel
- •Verifying the EtherChannel Configuration
- •Defining an EtherChannel Administrative Group
- •Viewing an EtherChannel Administrative Group
- •Identifying the Template Port
- •Verifying the EtherChannel Configuration on a Command Line Interface IOS
- •Verifying the PortFast Configuration
- •Verifying the UplinkFast Configuration
- •Viewing the BackboneFast Configuration
- •Chapter 11: Multilayer Switching
- •In Depth
- •How MLS Works
- •MLS Components
- •MLS Flows
- •Access List Flow Masks
- •MLS Troubleshooting Notes
- •Configuring MLS
- •MLS Cache
- •Aging Timers
- •VLAN ID
- •VTP Domain
- •Management Interfaces
- •Configuring an External MLS Route Processor
- •Assigning a VLAN ID
- •Adding an MLS Interface to a VTP Domain
- •Enabling MLS on an Individual Interface
- •Disabling MLS on an External Router Interface
- •Configuring the MLS Switch Engine
- •Disabling MLS on a Catalyst 6000
- •Disabling MLS on a Catalyst 5000
- •Configuring the MLS Cache on the Catalyst 5000
- •Configuring Fast Aging on a Catalyst 5000
- •Configuring Fast Aging on a Catalyst 6000
- •Disabling Fast Aging on a Catalyst 6000
- •Configuring Long Aging on the Catalyst 6000
- •Disabling Long Aging on the Catalyst 6000
- •Configuring Normal Aging on the Catalyst 6000
- •Disabling Normal Aging on the Catalyst 6000
- •Assigning MLS Management to an Interface on the Catalyst 5000
- •Disabling MLS Management on an Interface on the Catalyst 5000
- •Monitoring and Viewing the MLS Configuration
- •Viewing the MLS Aging Configuration on a Catalyst 6000
- •Displaying the IP MLS Configuration
- •Displaying MLS VTP Domain Information
- •Viewing the MLS VLAN Interface Information
- •Viewing MLS Statistics on the Catalyst 5000
- •Viewing MLS Statistics on the Catalyst 6000
- •Viewing MLS Entries
- •Chapter 12: Hot Standby Routing Protocol
- •In Depth
- •Routing Problems
- •Routing Information Protocol
- •Proxy ARP
- •ICMP Router Discovery Protocol
- •The Solution
- •HSRP Message Format
- •The HSRP States
- •HSRP Configuration
- •HSRP Interface Tracking
- •Opening a Session on an Internal Route Processor
- •Entering Configuration Mode on an RSM
- •Enabling HSRP and Assigning an IP Address to a Standby Group
- •Assigning an HSRP Interface Priority
- •Assigning a Preempt Delay to a Standby Group
- •Removing a Preempt Delay from a Standby Group
- •Setting the HSRP Hello and Hold Timers
- •Removing the HSRP Hello and Hold Timers
- •Configuring Two RSFC Interfaces as One HSRP Group
- •Enabling Interface Tracking
- •Using the show standby Command
- •Using the debug Command
- •Chapter 13: Policy Networking
- •In Depth
- •Access Security Policies
- •Core Layer Policies
- •Distribution Layer Policies
- •Security at the Access Layer
- •Configuring Passwords
- •Limiting Telnet Access
- •Implementing Privilege Levels
- •Configuring Banner Messages
- •Physical Device Security
- •Port Security
- •VLAN Management
- •Creating a Standard Access List
- •Creating an Extended Access List
- •Implementing Privilege Levels on a 1900EN
- •Configuring Banner Messages
- •Enabling HTTP Access
- •Enabling Port Security
- •Displaying the MAC Address Table
- •Chapter 14: Web Management
- •In Depth
- •Standard and Enterprise Edition CVSM
- •CVSM Client Requirements
- •CVSM Access Levels
- •CVSM Default Home Page
- •The Switch Image
- •Configuring the Switch with an IP Address and Setting the Default Web Administration Port
- •Connecting to the Web Management Console
- •Configuring the Switch Port Analyzer
- •Chapter 15: The Standard Edition IOS
- •In Depth
- •The 1900 and 2820 Series Switches
- •Main Menu Choices
- •[C] Console Settings
- •[A] Port Addressing
- •[R] Multicast Registration
- •Configuring Network Settings on the 1900 and 2820 Series
- •Configuring Broadcast Storm Control on Switch Ports
- •Configuring SNMP on the 1900 Series
- •Configuring Port Monitoring on the Standard Edition IOS
- •Configuring VLANs on the Standard Edition IOS
- •Configuring Spanning Tree Protocol
- •Chapter 16: Switch Troubleshooting
- •In Depth
- •Hardware Troubleshooting
- •No Power
- •POST
- •Indicator Lights
- •Switch Cabling
- •Cable Problems
- •Switch Troubleshooting Tools
- •CiscoWorks for Switched Internetworks
- •IOS Software Troubleshooting Commands
- •Viewing the Set/Clear IOS Configuration
- •Viewing the VTP Domain Configuration on a Set/Clear IOS
- •Viewing Port Statistics on a Set/Clear IOS
- •Launching the Diagnostic Console on a Cisco 1900 or 2820 Series Switch
- •Using the Diagnostic Console to Upgrade the Firmware on a Cisco 1900 or 2820 Series Switch
- •Using the Diagnostic Console for Debugging the Firmware and Hardware
- •Appendix A: Study Resources
- •Books
- •Cisco Group Study and Users Groups
- •Online Resources
- •Asynchronous Transfer Mode
- •Cisco IOS
- •Hot Standby Router Protocol
- •IP Multicast
- •Multilayer Switching
- •Quality of Service
- •Spanning Tree Protocol
- •TACACS+
- •VLANs
- •Standards Organizations
- •Cisco Job Search Sites
- •Overview
- •Appendix C: The Cisco Consultant
- •Overview
- •Establishing Credibility
- •Come Off As an Expert
- •Designing a Solution
- •Estimating the Cost
- •Presenting the Final Proposal and Creating Expectations
- •Contracting
- •Document, Document, Document
- •The Way to Fail
- •Failing to Be There When Promised, or Rushing through the Job
- •Failing to Manage Your Time
- •Assuming You Know What the Customer Needs
- •Failing to Take Responsibility
- •Conclusion
- •Required Equipment
- •Lab Objectives
- •Possible Solution
- •The 1912 Basic Configuration
- •The Catalyst 5000 Basic Configuration
- •Configuring the Cisco 2621 Interface for ISL Trunking
- •Appendix E: Switch Features
- •Access Layer Switches
- •Cisco Catalyst 1900
- •Cisco Catalyst 2820
- •Cisco Catalyst 2900
- •Cisco Catalyst 3000
- •Cisco Catalyst 3500 Series XL
- •Cisco Catalyst 3900 Series
- •Distribution Layer Switches
- •Cisco Catalyst 4000 Series
- •Catalyst 5000 Series
- •Catalyst 6000 Series
- •Core Layer/WAN Switches
- •Cisco Catalyst 8400 Series
- •Cisco Catalyst 8500 Series
- •BPX 8600 Series
- •MGX 8800 Series
- •12000 Series Gigabit Switch Routers
Chapter 15: The Standard Edition IOS
In Depth
The Cisco 1900 and 2820 switches come with two unique IOSs: Standard Edition and Enterprise Edition. The Standard Edition is a character−based IOS, and the Enterprise Edition is similar to the IOS on higher−end routers. The Cisco 3000 series is the only series of switches that comes with a unique IOS; this series offers a graphical user interface (GUI) to configure the switch. In this chapter, we will focus on the setup of the Standard Edition IOS in detail.
The 1900 and 2820 Series Switches
The Catalyst 1900 series switches are Cisco’s entry point into Access layer managed switches. These switches are the only two that work at the Access layer; they can provide up to two 100BaseT or 100BaseFX uplink ports and up to twenty−four 10BaseT ports. The Catalyst 1900 is available in two models: the Standard Edition (SE) and the Enterprise Edition (EE).
The Standard Edition is a low−cost alternative for those migrating from a shared hub environment to a smaller workgroup environment. These switches were specifically designed to be plug−and−play right out of the box with no manual configuration. The Catalyst 1900 SE has 12 or 24 fixed 10BaseT ports with 2 high−speed 100BaseT, or one 100BaseT and one 100BaseFX ports. The Catalyst 1900 switch can be configured using the console port, its Web interface, or Cisco’s Visual Switch Manager. Included in the Standard Edition is support for Domain Name Service (DNS) and Dynamic Host Control Protocol (DHCP) to help with ease of host management. The Standard Edition can be upgraded via the Flash to the Enterprise Edition.
The Enterprise Edition offers the features of the Standard Edition but also provides several high−end solutions. These include Fast EtherChannel, support for Dynamic Inter−Switch Link (DISL), an IOS Command Line Interface (CLI), and support for Cisco Group Management Protocol (CGMP).
The Catalyst 2820 series switch architecture is virtually identical to that of the Cisco Catalyst 1900 series switches. The switch is different because of its height and its uplink bays, which allow for high−speed uplink options such as Fiber Distributed Data Interface (FDDI), Copper Distributed Data Interface (CDDI), 100Mbps, and Asynchronous Transfer Mode (ATM) modules.
In this chapter, we will concentrate on the configuration of the Standard Edition IOS rather than the switch specifications for the 1900 and 2820 series switches.
Note The Catalyst 2820 series routers have been issued an End−of−Life (EOL) notice. This notice means the 2820 is no longer manufactured by Cisco. However, you still need to know how to configure these routers because they still exist in today’s networks.
Now, let’s take a look at the menu−driven interface and how to configure the basics on a Standard Edition IOS on the Cisco Catalyst 1900 and 2820 series.
Main Menu Choices
When you log on to the 1900 switch you are presented with a Main Menu that looks similar to the following:
Catalyst 1900 − Main Menu
[C] Console Settings
[S] System
[N] Network Management
283
[P] Port Configuration
[A] Port Addressing
[D] Port Statistics Detail
[M] Monitor
[V] Virtual LAN
[R] Multicast Registration
[F] Firmware
[I] RS−232 Interface
[U] Usage Summaries
[H] Help
[K] Command Line
[X] Exit Management Console
Enter Selection:
The following sections describe the Main Menu options. By typing the letter associated with each command on the Main Menu, you enter that configuration screen.
[C] Console Settings
The following shows the Console Settings menu on the Cisco Catalyst 1900 series:
Catalyst |
1900 − Console Settings |
|
————————————————————Settings———————————————— |
|
|
[P] Password intrusion threshold |
3 attempt(s) |
|
[S] Silent time upon intrusion detection |
None |
|
[T] Management Console inactivity timeout |
None |
|
[D] Default mode of status LED |
Port Status |
————————————————————Actions—————————————————
[M] Modify password
[E] Modify secret password
[X] Exit to Main Menu
Enter Selection:
Here is what you’ll see when you select the following settings:
∙[P] Password intrusion threshold—This will limit the number of failed logon attempts and render the Management Console frozen for a predefined amount of time before allowing the next logon. This value may range from 0 to 65500 attempts. If you choose not to use a threshold, you should specify zero.
∙[S] Silent time upon intrusion detection—This is the number of minutes the Management Console will be unavailable for use, due to an excessive number of failed attempts to log on. This value may range from 0 to 65500 minutes. Specify zero only for no silent time.
∙[T] Management Console inactivity timeout—This can be configured to time out a session after a period of inactivity. Once a session has been timed out, the user must log on with a password to continue. The timeout can range from 30 to 65500 seconds. Setting the timeout to zero will indicate to use no timeout.
Tip A non−zero timeout should be set for security reasons.
∙[D] Default mode of status LED—This displays one of three status LEDs: port status, duplex status, and utilization of the switch. You can select the display mode by pressing the mode button on the front panel. Once a mode is selected and the mode button is released, the display automatically returns to the default status after 30 seconds.
∙[M] Modify password—The Management Console password can help prevent unauthorized access. When specifying a password, use a minimum of four characters and a maximum of eight characters.
284
The password is case−insensitive and can contain any character with a legal keyboard representation.
∙[E] Modify secret password—The Management Console secret password can help prevent unauthorized access. This password is stored in encrypted form and thus provides enhanced security. When specifying a secret password, use a minimum of 1 character and maximum of 25 characters. The password is case−sensitive and can contain any character with a legal keyboard representation. This password will supersede the regular password.
∙[X] Exit to Main Menu—This option returns you to the Main Menu.
[S]System Menu
You begin configuring the basic system settings by choosing S from the Main Menu. When you do, you’ll see a menu similar to the following:
Catalyst |
1900 − System Configuration |
|
|
|
|
System Revision: 5 |
Address Capacity: |
2048 |
|
|
System Last Reset: Wed Sept 21 05:24:30 2000 |
|||
——————————————————Settings———————————————————— |
||||
[N] Name of system |
|
|
Coriolis Editings 2820 |
|
[C] Contact Name |
|
|
Joe Snow (888)555−9700 |
|
[L] Location |
|
|
Editor staff closet |
|
[S] Switching Mode |
|
|
FragmentFree |
|
[U] Use of store−and−forward for multicast |
Enabled |
|||
[A] Action upon address violation |
|
Disable |
||
[G] General alert on address violation |
Disabled |
|||
[I] Address aging time |
|
|
10 second(s) |
|
[P] Network Port |
|
|
None |
|
——————————————————Actions———————————————————————— |
||||
[R] Reset system |
|
[F] Reset to factory defaults |
||
——————————————————Related Menus—————————————————— |
||||
[B] Broadcast storm control |
[X] Exit to Main Menu |
Let’s look at each of the System Configuration commands. They are listed here with brief explanations:
∙[N] Name of system—In multiple−switch environments, this option aids in determining which switch you are currently configuring. You can use up to 255 characters in the switch name, including spaces.
∙[C] Contact Name—This option defines a contact name in case there are problems with the switch. This field can also contain up to 255 characters. Including a pager number or home contact information as part of the contact name can be helpful.
∙[L] Location—This field can contain up to 255 characters. It provides additional information about where the switch physically resides.
∙[S] Switching Mode—This option allows the switch to be configured for all three switching modes. The three configuration choices are: [1] Store−and− Forward, [2] FragmentFree, and [3] FastForward.
∙[U] Use of store−and−forward for multicast—The switch will always use store−and−forward for broadcasts. This feature allows you to determine which method will be used for multicast frames. You can select from two options: [E] (enabled) allows the switch to use store−and forward for multicast frames, and [D] (disabled; the default) uses the method defined in the Switching Mode option from the System Configuration menu.
∙[A] Action upon address violation—This option gives you three ways to inform the switch what to do when an address violation occurs. The option [S] (suspend) stops the port from forwarding frames of the violation. The option [D] (disable) turns off the port until an administrator disables it. The [I] (ignore) option indicates that no action will be taken.
∙[G] General alert on address violation—This option indicates whether Simple Network Management Protocol (SNMP) trap messages are sent when an address violation occurs.
∙[I] Address aging time—This option defines the number of seconds that dynamic entries will remain in the Media Access Control (MAC) address table. The valid settings are 10 to 1,000,000 seconds. The default is 300 seconds.
∙[P] Network Port—This option specifies the port to which all unknown unicasts are forwarded. You can specify a port in the range of port numbers on the switch: A indicates port 25, B indicates port 26, AUI indicates the AUI port, and N indicates None.
285
∙[R] Reset system—This option recycles the power on the switch.
∙[F] Reset to factory defaults—This option clears all configuration settings back to the factory defaults.
Warning If you apply the [F] option, all manual configuration settings will be lost.
∙[B] Broadcast storm control—This option launches the Broadcast Storm menu, which includes five options. (These options are discussed in “Configuring Broadcast Storm Control on Switch Ports” in the Immediate Solutions section.)
∙[X] Exit to Main Menu—This option exits to the Main Menu.
[N]Network Management
By pressing N on the Main Menu, you reach the Network Management menu. This menu can be used to define an IP address for the system, Simple Network Management Protocol (SNMP), Spanning−Tree Protocol (STP), Cisco Discovery Protocol (CDP), and Cisco Group Management Protocol (CGMP).
The following shows the Network Management menu:
Catalyst 1900 − Network Management
[I] IP Configuration
[S] SNMP Management
[B]Bridge − Spanning Tree
[C]Cisco Discovery Protocol
[G]Cisco Group Management Protocol
[H]HTTP Server Configuration
[R] Cluster Management
[X] Exit to Main Menu
Enter Selection:
Let’s look at each option from this menu in more detail.
[I] IP Configuration
Choosing I from the Network Management menu brings up a menu that looks similar to the following:
Catalyst 1900 − IP |
Configuration |
|
Ethernet |
Address: |
00−F3−1F−10−F1−06 |
—————————————————————Settings———————————————————— |
||
[I] IP address |
|
10.17.18.254 |
[S] Subnet mask |
|
255.255.0.0 |
[G] Default gateway |
10.17.18.1 |
|
[V] Management |
VLAN |
1 |
[X] Exit to previous menu
Enter selection:
In order to use Telnet or SNMP to manage the switch, an IP address must be assigned to the switch. The following are the settings from the IP Configuration menu:
∙[I] IP address—Configures the IP address on the switch.
∙[S] Subnet mask—Configures the switch’s subnet mask.
∙[G] Default gateway—Configures the destination address for the route processor to which the switch will forward unknown or out−of−subnet addresses.
286
∙[V] Management VLAN—Allows you to set the VLAN in which you will configure your switch. Cisco recommends that you choose a VLAN other than 1 because all ports are in VLAN1 by default. On the Standard Edition of the IOS software, the available VLANs are 1 through 4. The Enterprise Edition has 64 available VLANs.
∙[X] Exit to previous menu—Exits back to the Network Management menu.
Tip When you change the IP address, the change takes effect immediately. However, all other options from the Network Management menu require a recycling of the power. Configuration changes on the 1900 and 2820 series are automatically saved, but the change can take up to 30 seconds to take effect.
[S] SNMP Management
To make changes to SNMP, choose S from the Network Management menu. The following shows the Network Management (SNMP) Configuration menu options for a CAT 2820:
Catalyst 2820 − Network Management (SNMP) Configuration
————————————————————Settings——————————————————————
[R] READ |
community string |
|
|
[W] WRITE |
community string |
|
|
[1] 1st WRITE manager IP |
address |
0.0.0.0 |
|
[2] 2nd WRITE manager IP |
address |
0.0.0.0 |
|
[3] 3rd WRITE manager IP |
address |
0.0.0.0 |
|
[4] 4th WRITE manager IP |
address |
0.0.0.0 |
|
[F] First |
TRAP community |
string |
0.0.0.0 |
[A] First |
TRAP manager IP address |
0.0.0.0 |
|
[S] Second TRAP community string |
0.0.0.0 |
||
[B] Second TRAP manager IP address |
0.0.0.0 |
||
[T] Third |
TRAP community |
string |
0.0.0.0 |
[C] Third |
TRAP manager IP address |
0.0.0.0 |
|
[U] Authentication Trap generation |
Disabled |
||
[L] LinkUp/LinkDown trap |
generation |
Disabled |
————————————————————Actions—————————————————
[X] Exit to previous Menu
Enter selection:
The options available from this menu are as follows:
∙[R] READ community string—Identifies the community that is assigned to the management stations. Those management stations assigned to this community can read the trap messages sent from the switch. You can define a name up to 32 characters; the default is public.
Note |
When VLANs are implemented, the VLAN needs to be included in the string. For example, |
|
public in VLAN2 would be public2. |
∙[W] WRITE community string—Identifies the community that is assigned to the management stations. Those management stations assigned to this community can read or set SNMP configurations on the switch. You can define a name up to 32 characters; the default is private.
∙WRITE manager IP address—Allows you to define up to four SNMP management stations that can set SNMP configuration parameters on the switch.
∙TRAP—Allows you to define which SNMP management stations can receive TRAP messages on the switch.
∙[U] Authentication Trap generation—Allows you to enable or disable authentication trap message generation.
∙[L] LinkUp/LinkDown trap generation—Informs the switch of the actions to take when the port changes its state from suspended, down, or up from STP. It also notifies the switch when an address violation has occurred, link errors are present, or a manual configuration error had been found.
∙[X] Exit to previous Menu—Takes you back to the Network Management menu.
287
SNMP Default Trap Messages
By default, the Cisco Catalyst 1900 and Catalyst 2820 series switches send certain trap messages. Trap messages are sent by default in response to the following events:
∙Port security violations
∙Power recycling (powering on and off)
∙Logon authentication failures
∙STP port changes
∙STP bridge assignments
∙Broadcast threshold problems
∙Power supply problems
[B]Bridge − Spanning Tree
Selecting [B] Bridge − Spanning Tree from the Network Management menu will bring up the following menu. Here we use a 2820 for an example to show a more detailed list of available settings in an upgraded version of the IOS software:
Catalyst 2820 − VLAN 1 Spanning Tree Configuration |
|
||
Bridge ID: 0002 00−D3−1F−11−B1−05 |
|
||
———————————————————Information—————————————————————— |
|
||
Designated root 0001 00−F3−1F−13−F3−11 |
|
||
Number of member ports |
27 |
Root port |
3 |
Max age (sec) |
20 |
Root path cost |
1000 |
Forward Delay (sec) |
15 |
Hello Time (sec) |
10 |
Topology changes |
0 |
Last TopChange 245f08h12m22s |
————————————————————Settings————————————————————— |
|
|
|
[S] Spanning Tree Algorithm & |
Protocol |
Enabled |
|
[B] Bridge priority |
|
32,768 |
|
[M] Max age when operating as |
root |
20 |
second(s) |
[H] Hello time when operating |
as root |
10 |
second(s) |
[F] Forward delay when operating as the root |
15 |
second(s) |
————————————————————Actions——————————————————————
[N] Next VLAN bridge |
[G] |
Goto VLAN bridge |
|
[P] Previous VLAN bridge |
[X] |
Exit to previous |
menu |
Enter Selection: |
|
|
|
Note Spanning Tree Protocol and its defaults are covered in detail in Chapter 10.
[C] Cisco Discovery Protocol
Choosing C (Cisco Discovery Protocol) from the Network Management menu will bring up the following menu:
Catalyst 1900 − CDP Configuration/Status
|
CDP enabled on: 1−24, AUI, A, B |
|
|
————————————————————Settings——————————— |
|
[V] Version |
2 |
|
[H] |
Hold Time (secs) |
180 |
[T] |
Transmission Interval (secs) |
60 |
——————————Actions————————————
[E] Enable CDP on Port(s) [D] Disable CDP on Port(s) [S] Show Neighbor
[X] Exit to previous menu
288
Enter Selection:
The following list shows the commands from the CDP Configuration/Status menu:
∙[H] Hold Time (secs)—Indicates how long a CDP multicast will remain in the CDP table. The valid entries are from 5 to 255 seconds, and the default is 180 seconds.
∙[T] Transmission Interval (secs)—Defines the interval in which the switch will send CDP multicast messages.
∙[E] Enable CDP on Port(s)—Identifies one or more ports on which to enable CDP. You can use the All setting to enable all ports, or you can identify blocks of ports by using a hyphen. For example, to identify ports 1 through 10, enter “1−10”. You can use spaces to separate the variables; so, if you also want ports 12−15, enter “1−10 12−15”.
∙[D] Disable CDP on Port(s)—Identifies one or more ports on which to disable CDP.
∙[S] Show Neighbor—Displays a list of neighboring Cisco devices together with their device ID, MAC address, port, capabilities, and device platform. The device’s capabilities are indicated by letters: R indicates a router, T indicates a Trans Bridge, B indicates a Route Bridge, S indicates a switch, P indicates a repeater, H indicates a host, and I indicates IGMP.
∙[X] Exit to previous menu—Returns you to the Network Management menu.
[G]Cisco Group Management Protocol
You configure Cisco Group Management protocol (CGMP) by selecting G (the last configuration option) on the Network Management menu. In order to function properly, CGMP needs all the ports on the switch to reside in the same VLAN. CGMP allows an intelligent means of limiting multicast flooding to specific ports.
The following shows the menu on a Catalyst 2820 when the G command is chosen from the Network Management menu:
Catalyst 2820 − Cisco Group Management Protocol (CGMP) Configuration
————————————————————Settings——————————————————————
[H] |
Router hold time (secs) |
300 |
|
[C] |
CGMP |
Enabled |
|
——————————Actions—————————————————————————————————
[L] List IP multicast addresses
[X] Return to previous menu
The following list shows the commands and descriptions for the CGMP Configuration menu:
∙[H] Router hold time (secs)—Indicates the amount of time the switch will keep CGMP multicast information. When the CGMP router fails or the power is recycled, the switch will flood multicast broadcasts out all the ports. The valid range is from 5 to 900 seconds; the default is 5 seconds.
∙[C] CGMP—Enables or disables CGMP on the switch. There are two valid options: E (enabled) and D (disabled; the default).
∙[L] List IP multicast addresses—Lists all multicast addresses learned by CGMP along with the VLAN, source MAC address, and port of the source address.
∙[X] Return to previous menu—Returns you to the Network Management menu.
[P]Port Configuration
From the Main Menu, you can configure each port’s settings from the Port Configuration menu. You must specify a port from Table 15.1.
Table 15.1: The available configurable ports on a Catalyst 2820 from the Port Configuration menu.
289
Syntax |
Port |
A1 |
Port 25 |
B1 |
Port 26 |
AUI |
The AUI port |
1 through 24 |
An individual port on the switch |
The Port Configuration menu is as follows:
Catalyst |
2820 |
− Port 24 Configuration |
|
————————————————————Settings———————————————— |
|||
[D] Description/name of port |
Port To Hanson’s PC |
||
[S] Status of port |
Suspended−jabber |
||
————————————————————Related Menus——————————— |
|||
[A] Port |
addressing |
[V] View port settings |
|
[N] Next |
port |
[G] Goto port |
|
[P] Previous port |
[X] Exit to Main Menu |
Enter Selection:
The following list shows the options and descriptions for the Port Configuration menu:
∙[D] Description/name of port—This option allows the port name to be changed to a name with 60 characters or less, such as Port to Hanson’s PC.
∙[S] Status of port—This option has two configurable settings: E (enabled) and D (disabled). The default setting places all ports in the enabled mode.
Port Statuses
Although the administrator has only two configurable settings under the Status Of Port option, the port can be in any of the following statuses:
∙Enabled—The port is available to send and receive data frames.
∙Disabled−mgmt—The port has been manually disabled.
∙Suspended−linkbeat—The port cannot detect a link at the other end of the cable. Possibly the cable has become unplugged, the device on the other end is turned off, or the port is not configured on the far−end device.
∙Suspended−jabber—The port is temporarily disabled because of excessive jabber or indecipherable data frames.
∙Suspended−violation—The port has been temporarily disabled because of an address violation. The port is automatically re−enabled once it discontinues receiving invalid source address information.
∙Suspended−ring down—The port is using Fiber Distributed Data Interface (FDDI) links and cannot detect an attached FDDI ring.
∙Suspended−Spanning−Tree−Protocol—The port is not participating in any STP forwarding state.
∙Suspended−not−present—A module in an expansion slot (on the 2820 series only) cannot be detected.
∙Suspended−not−recognized—The switch cannot detect the switch port or a module in the expansion slot (on the 2820 series only).
∙Disabled−self−test—The port has been disabled due to a self−test failure.
∙Disabled−violation—The port has been disabled due to an address violation. When a port is in this state it must manually be reset and enabled.
∙Reset—The port has been manually reset and enabled.
∙[A] Port addressing—This option is used to access the Port Addressing menu.
∙[V] View port settings—This option is used to display individual port statistics.
290
∙[N] Next port—This option is used to forward to the next configurable port.
∙[G] Goto port—This option is used to configure any identified port.
∙[P] Previous port—This option is used to configure the previous configurable port.
∙[X] Exit to Main Menu—This option returns you to the Main Menu.
Let’s take a look at the options available on the 2820 using an FDDI module on port A1:
Catalyst 2820 − Port A1 Configuration (Left Slot)
Module Name: FDDI (Fiber SAS |
Model). Version 00 |
Description: Single Attached Station |
|
Ring Status: Not operational |
|
802.1d STP State: Blocking |
Forwarding: 0 |
——————————————————Settings—————————————————————— |
|
[D] Description/name of port |
|
——————————————————Module Settings——————————————— |
[M] Module status |
Suspended−ring−down |
|
[I] Port |
priority (spanning tree) |
128 (80 hex) |
[C] Path |
cost (spanning tree) |
100 |
[H] Port |
fast mode (spanning tree) Disabled |
|
[L] Novell SNAP frame translation |
Automatic |
|
[U] Unmatched SNAP frame destination All |
||
——————————————————Actions———————————————————————— |
||
R] Reset |
module |
[F] Reset to factory defaults |
——————————————————Related Menus—————————————————— |
||
[1] Basic FDDI settings |
[2] Secondary FDDI settings |
|
[A] Port |
addressing |
[V] View port settings |
[N] Next |
port |
[G] Goto port |
[P] Previous port |
[X] Exit to Main Menu |
Enter Selection:
The following list shows the menu options and an explanation of each:
∙[M] Module status—This feature has three options. To see the status of the module, use the S option; the other two choices let you either enable or disable the module.
∙[I] Port priority (spanning tree)—This option sets the port priority for the STP root port. The lower the number, the higher the priority. The valid range is from 0 to 255; the default is 128.
∙[C] Path cost (spanning tree)—This option sets the path cost used to choose the STP root port.
∙[H] Port fast mode—PortFast is an option that allows a port to immediately go into forwarding mode. This option offers two settings: E (enable) and D (disable). (The option is explained in detail in Chapter 10.)
∙[L] Novell SNAP frame translation—This option determines whether manual or automatic frame−translation is used by IPX.
∙[U] Unmatched SNAP frame destination—This option identifies the translation of frames for which the frame type cannot be determined. To use this option, option L should be set to automatic.
∙[R] Reset module—This option resets the expansion modules.
∙[F] Reset to factory defaults—This option resets the expansion modules’ configuration to the factory defaults.
∙[1] Basic FDDI settings—This option allows you to see the first expansion module’s status and current configuration.
∙[2] Secondary FDDI settings—This option displays the second screen of the expansion module’s status and current configuration.
∙[A] Port addressing—This option is used to access the Port Addressing menu.
∙[V] View port settings—This option is used to display an individual port’s statistics.
∙[N] Next port—This option is used to forward to the next configurable port.
∙[G] Goto port—This option is used to configure any identified port.
∙[P] Previous port—This option is used to configure the previous configurable port.
∙[X] Exit to Main Menu—This option returns you to the Main Menu.
291