|
|
This chapter describes how to configure and manage your network with the management console. Table 5-1 shows the default settings for many parameters and the menus you use to set them.
| Feature | Default Setting | Management Console Menu |
|---|---|---|
| Switching mode | FastForward | System Configuration |
| Spanning-Tree Protocol | Enabled | Spanning-Tree Configuration |
| Addressing security | Disabled | Port Addressing |
| VLAN configuration | VLAN1 | VLAN Configuration |
| Port monitoring | Disabled | Monitoring Configuration |
| Flooding unknown unicast packets | Enabled | Port Addressing |
| Flooding unregistered multicast packets | Enabled | Port Addressing |
| Broadcast storm control | Disabled | System Configuration |
| Full duplex for Catalyst 2820 1-port 100BaseT modules or 1900 100BaseTX and 100BaseFX ports | Disabled | Port Configuration |
| Assign IP address to Catalyst 2820 or 1900 | 0.0.0.0 | IP Configuration |
| Define trap manager | 0.0.0.0 | Network Management (SNMP) Configuration |
| Action on address violation | Suspend | System Configuration |
| Cisco Group Management Protocol (CGMP) | Enabled | Network Management |
| CDP | Enabled | Network Management |
| RMON | Enabled | - |
When connected to a terminal or modem, the Catalyst 2820 and 1900 must be configured to the same baud rate and character format as the terminal or modem. Although the Match Baud Rate option (autobaud) matches the baud rate when the switch is answering an incoming call, the Catalyst 2820 and 1900 do not change from their configured rates when dialing out. Also, the Catalyst 2820 and 1900 only match a rate lower than their configured rate. When they complete a call and disconnect, they always return to the last configured baud rate.
Following are the default RS-232 characteristics for the Catalyst 2820 and 1900:
These characteristics can be changed using the RS-232 Port Configuration Menu. If you are using SNMP, they can be changed with the objects listed in the "RS-232 MIB (RFC 1317)" section in the "In-Band Management" chapter.
When you change switch configuration parameters with the management console, the changes take effect immediately. However, changed parameters might not be written to permanent storage for up to 30 seconds. If you turn off the switch before the new parameters are written to permanent storage, the change does not take effect.
The management console is a menu-driven system using the following other conventions:
You can use the management console locally or with a modem. The autobaud function can automatically match your modem settings. See the "Connecting the Catalyst 2820 or 1900 to a Terminal" section in this chapter for a description of this feature.
Although you can assign a password to limit access to the management console, it is not required. Figure 5-1 shows the management console logon screen. Press Return to display the Main Menu.
1 user(s) now active on Management Console. There can be up to seven simultaneous Telnet sessions. Changes made by one Telnet user are reflected in all other Telnet sessions. The current number of users is displayed here.
Select an option from the Main Menu, shown in Figure 5-2, by entering the letter in brackets next to it. You do not need to press Return.
Press the H key to display the online help and to change the expertise level for online prompts. Press the X key to return to the Logon Security Menu. The other options of this menu are presented sequentially in the following sections.
The first eleven options on the Main Menu are for configuring the Catalyst 2820 or 1900.
Display this menu, shown in Figure 5-3, by entering C on the Main Menu. Use it to change your password, set the number of password intrusions allowed, and define how long the management console remains silent after an intrusion.
If you forget your password and you are using firmware with a boot version of 1.09 or higher, you can display the factory-installed password with the Diagnostic Console described in the "Troubleshooting" chapter.
If you are using firmware with a boot version lower than 1.09, call Cisco Systems with the Ethernet address displayed on the Management Console Logon screen. You will be issued the factory-installed password for your switch. Use this password to enter the system, and then change the password using the Console Password Menu option M.
[P] Password intrusion threshold. Enter the number of failed password attempts allowed. After this number is reached, the management console becomes quiet for a user-defined amount of time before allowing the next logon. To change the threshold value, enter the new setting next to the prompt and press Return.
[S] Silent time upon intrusion detection. Enter the number of minutes this management console is to wait before allowing logon after a password intrusion. You can specify from 0 to 65,500 minutes. Enter 0 for no silent time. Press Return.
[M] Modify password. Enter a new password of four to eight characters. You can use any character found on the keyboard, but case is not considered. (If you have a current password, you have to enter it before it can be changed.) Enter the new password. Verify the password by entering it a second time and then pressing Return.
Use the System Configuration Menu, shown in Figure 5-4, to define the Catalyst 2820 and 1900 system-wide parameters and to reset the system. See the "Concepts" chapter for more details on switching modes and address violations.
Display this menu by entering S on the Main Menu.
[N] Name of system. Enter a name for the system of up to 255 characters and press Return.
[C] Contact name. Use this option to enter the name of the person or organization responsible for managing the system. Enter up to 255 characters and press Return.
[L] Location. The system location is an informal indication of where the Catalyst 2820 or 1900 is located. You can enter up to 255 characters. Enter the location and press Return.
[D] Date/time. First change the date by entering new values at the prompt and pressing Return. You are then prompted to enter a new time. Enter the time in the given format and press Return.
Current date/time ===> Fri Sep 24 07:21:05 1995 New date (mm-dd-yy) ===> Sat Sep 25 09:35:23 1995 New time (hh:mm:ss) ===>
[S] Switching mode. Set the Catalyst 2820 or 1900 switching mode to one of the three available options. Read the "Switching Modes" section in the "Concepts" chapter for a complete description of their characteristics. Enter the appropriate number and press Return.
[U] Use of store-and-forward for multicast. The store-and-forward switching mode is always used for broadcast frames. Enable this option to force store-and-forward mode for multicast frames. With this option set to disabled, multicast frames adhere to the switch's configured switching mode. Enter E or D and press Return.
[A] Action upon address violation. Use this option to define how the switch responds to address violations. Address violations occur when a secured port receives a source address statically assigned to another port or when a secured port tries to learn an address that will exceed its defined maximum number of addresses. Enter one of the following values at the prompt and press Return.
| [S]uspend | The port stops forwarding until a packet with a valid source address is received. |
| [D]isable | The port is disabled until its status is returned to enabled by an administrator. |
| [I]gnore | The port status remains unchanged. |
[G] Generate alert on address violation. Whether or not the Catalyst 2820 or 1900 changes the port status when an address violation occurs, it can also send an SNMP alert to a management station. Traps are sent to the IP addresses defined for the trap manager with the SNMP Management Menu. Select this option to enable or disable this feature. Enter E or D at the prompt and press Return.
[M] Management console inactivity time-out. Use this option to define the length of time the management console can remain idle before it times out. After a time-out, you'll need to re-enter the password to use the application. The time-out period is set in seconds; a time-out of zero means the management console will never time-out. Enter 0 or a number between 30 and 65,500 and press Return.
[I] Address aging time. Use this option to define the time, in seconds, after which an unused dynamic address is automatically removed. During a topology change, ports are aged more quickly by using the forward-delay parameter. When the topology stabilizes, this value again takes effect.
Possible values range from 10 to 1,000,000 seconds (about 11 1/2 days). The default is
300 seconds, or 5 minutes. This value applies to all dynamic addresses in the switch address table. Enter a value at the prompt and press Return.
Enter aging time (10 to 1000000 seconds): Current setting ===> 300 second(s) New setting ===>
[P] Network Port. Use this option to define a port to be the destination port for all packets with unknown unicast addresses. A Network Port must be the only port connected to a network. Other ports should be connected to end stations. Also, set the address aging time when using a Network Port to a value higher than the arp-cache aging time set for routers on the segment.
If you select a secure port to act as the Network Port, you are prompted to disable the security feature before continuing. Enter a port according to the conventions in the prompt and press Return.
[R] Reset system. Use this command to reset the switch. All configured system parameters and static addresses will be retained; all dynamic addresses will be removed. Enter Y or N and press Return.
[F] Reset with factory defaults. Use this option to reset the switch and return it to its factory settings. All static and dynamic addresses are removed, as is the IP address and all other configuration parameters. Enter Y or N and press Return.
[B] Broadcast storm control. Select this option to display the Broadcast Storm Control Menu. You can use this menu to inhibit the forwarding of broadcast packets when large numbers or storms of them are received by a port.
A large number of broadcast packets received through a port can become a broadcast storm that degrades system performance and causes network time-outs. The Broadcast Storm Control Menu, shown in Figure 5-5, lets you generate SNMP alerts and inhibit the forwarding of broadcast packets when an excessive number of them arrive from a given port.
You can set a threshold of broadcast-packets-per-second as a trigger for enabling broadcast storm control. You can set a second threshold for automatically disabling broadcast storm control when the number of broadcast packets decreases.
Although it operates on a per-port basis, broadcast storm control is configured for the system as a whole. By default, broadcast storm control does not monitor broadcast traffic and thus does not block traffic or send alerts based on broadcast storms.
[A] Action upon exceeding broadcast threshold. Use this option to define the action to take when the number of broadcast packets reaches the broadcast threshold. The switch can block the broadcast storm, or it can ignore it. If you choose the block option, the switch drops all broadcast packets received from a port when the rate of broadcast packets exceeds the broadcast threshold. The switch begins forwarding again when the rate of broadcast packets received drops below the re-enabled threshold. Enter B (block) or I (ignore) at the prompt and press Return.
[G] Generate alert when threshold exceeded. Use this option to generate SNMP alerts when the broadcast threshold is exceeded. The alert generated is the trap broadcastStorm. A maximum of 1 trap is generated every 30 seconds. Enter E or D at the prompt and press Return.
[T] Broadcast threshold (BCs received / sec). Select this option to set the broadcast threshold. This measurement is the number of packets per second arriving on a port. When this threshold is exceeded, the system blocks the forwarding of packets on the port and generates an SNMP alert, if configured to do so. The default is 500 packets per second. Enter a number between 10 and 14,400 and press Return.
[R] Broadcast re-enabled threshold. Use this option to define when broadcast storm control is automatically disabled. Once a port has been blocked, the number of broadcast packets received from the port must drop below this re-enable threshold before packet forwarding is re-enabled. The default is 250 packets per second. Enter a number between 10 and 14,400 and press Return.
This menu, shown in Figure 5-6, leads to menus for the following:
Display this menu by entering N on the Main Menu.
[I] IP Configuration. Select this option to assign IP addresses, subnet masks, and a default gateway.
[S] SNMP Management. Select this option to display the SNMP Management Menu you use to define SNMP parameters.
[B] Bridge-Spanning-Tree. Select this option to display the Bridge-Spanning-Tree Menu.
[C] Cisco Discovery Protocol. Select this option to display the CDP Menu.
[G] Cisco Group Management Protocol. Select this option to enable the protocol.
Before the Catalyst 2820 and 1900 can be managed in-band, they must be configured with an IP address. Use the IP Configuration Menu, shown in Figure 5-7, to assign an IP address, or use BOOTP to assign one.
Display this menu by entering N on the Main Menu and I on the Network Management Menu.
[I] IP address. Select this option to assign the Catalyst 2820 or 1900 an IP address for in-band management. The first time you assign an IP address, it takes effect immediately. If you change the IP address, you must reset the Catalyst 2820 or 1900 before the new IP address takes effect.
[S] Subnet mask. If IP subnetting is used, use this option to enter a subnet mask for the system or management VLAN. The new value takes effect immediately. If subnetting is not used, the subnet mask is the same as the network mask. If VLAN1 does not contain all ports as member ports, you are prompted for the VLAN number and then the subnet mask. Enter the IP address and press Return.
Enter IP subnet mask in dotted quad format (nnn.nnn.nnn.nnn): Current setting ===> 0. 0. 0. 0 New setting ===>
[V] Management VLAN. Use this option to assign the switch IP address to a management VLAN.
[G] Default gateway. Use this option to assign a default gateway address for SNMP management. Enter the new gateway address and press Return.
Type the address in dotted quad format(nnn.nnn.nnn.nnn): Current setting ===> 0. 0. 0. 0 New setting ===>
SNMP management, based on the Catalyst 2820 and 1900 Management Information Base (MIB), allows you to define management stations authorized to set configuration parameters and receive certain traps. If you have set up VLANs, each VLAN acts as a discrete bridge and contains its own bridge MIB information.
Up to four management stations can be defined to set MIB objects, and up to three stations can receive traps. If no management station is explicitly defined, any SNMP station can perform sets if the correct WRITE community string accompanies the request. Once a WRITE-manager IP address is defined, however, only explicitly defined management stations can issue set operations on the switch.
You can use this menu (shown in Figure 5-8) to enable two traps and assign the management stations to receive them. Once a management station has been assigned, it receives all traps issued by the switch, as documented in the "Trap Clients and Traps" section in the "In-Band Management" chapter. All objects in the Catalyst 2820 and 1900 MIB are documented in the Catalyst 2820 Series and Catalyst 1900 Series MIB Reference Manual.
Use the SNMP Management Menu to define the following:
Display this menu by entering N on the Main Menu and S on the Network Management Menu.
[R] READ community string. Select this option to change the SNMP agent's Get community string. The switch automatically attaches a number to the string you enter to create a unique string for each of the four possible VLANs. For example, if you enter the string FINANCE, it becomes the READ community string for VLAN1, and FINANCE2, FINANCE3, and FINANCE4 become the READ community strings for VLAN2, VLAN3, and VLAN4, respectively. Enter a string of up to 32 characters and press Return.
[W] WRITE community string. Select this option to define a WRITE community string for the switch. It will automatically attach a number to the string you enter to create a unique string for each of the four possible VLANs. The example for entering a READ community string applies equally here. Enter a string of up to 32 characters and press Return.
[1] 1st WRITE manager IP address
[2] 2nd WRITE manager IP address
[3] 3rd WRITE manager IP address
[4] 4th WRITE manager IP address
Select one of these options to define the IP address of a station authorized to issue WRITE requests to the switch. To remove an entry, enter 0. 0. 0. 0. Enter the IP address at the following prompt and press Return.
Enter First Write Manager IP address in dotted quad format (nnn.nnn.nnn.nnn): Current setting ===> 0. 0. 0. 0 New setting ===>
[F] First TRAP community string
[A] First manager IP address
[S] Second TRAP community string
[B] Second manager IP address
[T] Third TRAP community string
[C] Third TRAP manager IP address
A trap manager, or trap client, is a management workstation configured to receive and process traps. If a trap manager has not been defined, the switch does not send any traps. Use these options to define up to three trap clients and their accompanying community strings. See the "Trap Clients and Traps" section in the "In-Band Management" chapter for more information.
Enter F and a trap manager community string of up to 32 characters and press Return.
Enter A to define the IP address for the first trap manager. Enter the IP address of the station and press Return at the prompt:
Enter First Trap Manager IP address in dotted quad format nnn.nnn.nnn.nnn: Current setting ===> 0. 0. 0. 0 New setting ===>
Continue with further definitions as needed.
[U] Authentication trap generation. Select this option to enable or disable authentication traps that alert a management station of SNMP requests not accompanied by a valid community string. Even if this parameter is set, no trap can be generated if no trap manager addresses have been defined. Enter E or D at the prompt and press Return.
[L] LinkUp/LinkDown trap generation. The Catalyst 2820 and 1900 generate the linkDown trap whenever a port changes to a suspended or disabled state due to the following:
The linkUp trap is generated whenever a port changes to enabled state due to the following:
Select this option to enable or disable the linkUp/linkDown trap. Enter an E or D at the prompt and press Return.
Once you have defined a management workstation to receive traps, the Catalyst 2820 and 1900 will generate the traps in the following list by default. These traps are described in more detail in the "Trap Clients and Traps" section in the "In-Band Management" chapter.
Use this menu to display and configure the Spanning-Tree Protocol parameters defined for the switch. The menu consists of an Information section that represents parameters controlled by Spanning-Tree Protocol operation as influenced by other bridges on the network and a Settings section that defines Spanning-Tree Protocol parameters that are global to this bridge. There is also an Actions section that allows you to scroll through the VLANs, which are each considered a separate bridge by Spanning-Tree Protocol. For more information, read the "Spanning-Tree Protocol" section in the "Concepts" chapter.
Display this menu by entering N on the Main Menu and B on the Network Management Menu. The following prompt appears if all ports do not belong to VLAN1:
An 802.1d Bridge is associated with a VLAN. Identify VLAN [1-4], to which Bridge configuration applies. Select [1-4]:
Enter a VLAN to display the menu shown in Figure 5-9. If no VLANs have been configured, all ports belong to VLAN1.
To use this menu, you need to understand the following terms:
[S] Spanning-Tree Algorithm and Protocol. Select this option to enable or disable the Spanning-Tree Protocol, an industry standard to ensure a loop-free configuration in the bridge topology. When Spanning-Tree Protocol is enabled, redundant ports are kept in a standby (suspended) status and are automatically enabled when needed.
This parameter applies to all VLANs.
Enter E or D at this prompt and press Return.
[B] Bridge priority. Select this option to force a bridge to be selected as the root bridge or as a designated bridge. The bridge priority is a value used in determining the identity of the root bridge. The bridge with the lowest value has the highest priority and is selected as the root. Enter a value at the prompt and press Return.
Enter bridge priority value (0 to 65535) Current setting ===> 32768 (8000 hex) New setting ===>
[M] Max age when operating as root. Use this option to define the time in seconds to be used as the Max age interval when this switch becomes the root bridge. After this period expires, other bridges will notice that the root has not sent a configuration message and a new root will be selected. The default value is 20 seconds. Enter the new number at the prompt and press Return.
Enter Max Age value (6 to 40 seconds): Current setting ===> 20 second(s) New setting ===>
[H] Hello time when operating as root. Select this option to define the hello-time interval when this switch becomes the root bridge. Valid values range from 1 to 10 seconds; the default is 2 seconds. Enter the new value at the prompt and press Return.
Enter Hello time value (1 to 10 seconds): Current setting ===> 2 second(s) New setting ===>
[F] Forward delay when operating as root. Select this option to define the time in seconds to be used as the forward delay interval when this switch becomes the root bridge. Possible values are 4 to 30 seconds; the default value is 15 seconds.
Enter a number at the prompt and press Return.
Enter forward delay value (4 to 30 seconds): Current setting ===> 15 second(s) New setting ===>
[N] Next VLAN bridge. Use this option to scroll through the VLANs on the switch.
[P] Previous VLAN bridge. Use this option to scroll through the VLANs on the switch.
[G] Goto VLAN bridge. Use this option to enter the number of the VLAN whose parameters you want to display. Enter a number at the prompt and press Return.
Use this menu, shown in Figure 5-10, to enable CDP on some or all of the switch ports. You can also use this menu to set the timing for transmission and use of CDP messages.
To display this menu, enter C on the Network Management menu.
[H] Hold Time. Select this option to set the number of seconds that a neighboring device retains the CDP neighbor information received from this switch. If a neighboring device does not receive a CDP message before this hold time expires, the neighboring device drops this switch as a neighbor. Enter a number between 5 and 255 and press Return.
[T] Transmission Interval. Select this option to set the number of seconds between transmission of CDP messages. Enter a number between 5 and 900 and press Return.
[E] Enable CDP on Port(s). Select this option to enable CDP on one or more ports. You can separate the port numbers with a hyphen to create a range or use commas or spaces between port numbers. Enter the high-speed ports or expansion slots as A or 26 (left) or B or 27 (right). The word ALL creates a list of ports with all the switch ports. Enter port numbers according to these conventions and press Return.
[D] Disable CDP on Port(s).Select this option to disable CDP on one or more ports. Enter the port numbers according to the conventions described in the previous paragraph and press Return.
[S] Show Neighbor. Select this option to display the information available about neighboring devices. The first two lines in the display define the abbreviations used.
A router supporting IP multicasting can use CGMP to distribute membership of each IP multicast group to switches. As a result, CGMP-capable switches can automatically restrict the forwarding of IP multicast packets to only those ports belonging to a specific group. Multicast addresses learned through CGMP are not saved in non-volatile storage: the switch acquires the IP multicast information every time it starts up.
The IP multicast router also notifies switches to delete an IP multicast group when there are no nodes requesting the traffic of the group.
 | Caution All ports on the switch must belong to the same VLAN for CGMP to work properly. |
Display this menu, shown in Figure 5-12, by entering G on the Network Management menu.
[H] Router Hold Time (secs). CGMP-capable routers send periodic keep alive messages. When the last CGMP-capable router goes down, the switch discards the multicast-group information from the router. Select this option to enter the number of seconds the switch is to wait for keep alive messages before deleting CGMP-learned multicast groups. Enter a number between 5 and 900 and press Return.
[C] CGMP. Select this option to enable or disable CGMP. Enter an E (enable) or a D (disable) at the prompt and press Return.
[L] List IP multicast addresses. Select this option to list the IP multicast addresses currently being managed by CGMP.
The Catalyst 2820 and 1900 enable you to route a copy of incoming and outgoing port traffic to a monitor port for analysis and troubleshooting. When a port is selected as the monitor port, it sends out only traffic seen on the ports defined in the port capture list.
Use this menu, shown in Figure 5-13, to do the following:
Frame capturing cannot take place until all three of these parameters have been set.
Display this menu by pressing M on the Main Menu.
[C] Capturing frames to the Monitor. Select this option to enable or disable frame capturing. Enter a D or E at the prompt and press Return.
[M] Monitor port assignment. Use this option to define the port where captured frames are to be sent. Enter a port number at the prompt and press Return.
[A] Add ports to capture list. Use this option to add ports to the capture list. Enter the numbers according to the example in the prompt and press Return.
[D] Delete ports from capture list. Use this option to delete port numbers from the capture list. Enter the numbers in the list you want to delete and press Return.
Use this menu, shown in Figure 5-14, to list the VLANs defined for this switch and to display the VLAN Configuration Menu. See the "VLANs" section in the "Concepts" chapter for more information and several sample configurations.
Display this menu by entering V on the Main Menu.
[C] Configure VLAN. This option displays the VLAN Configuration Menu shown in Figure 5-15.
Use this menu, shown in Figure 5-15, to define up to four separate VLANs. Every port can belong to only one VLAN. The Catalyst 2820 and 1900 are shipped with all ports belonging to VLAN1; all other VLANs are empty. For more details about Catalyst 2820 and 1900 VLANs, see the "VLANs" section in the "Concepts" chapter.
Display this menu by pressing V on the Main Menu and C, Configure VLAN, on the Virtual LAN Configuration Menu. Before the menu is displayed, you are prompted for which VLAN to display:
Identify VLAN: [1 - 4] Select [1 - 4]:
Enter the number of the VLAN you want to display and press Return.
[V] VLAN name. Select this option to enter a VLAN name of up to 60 characters. Enter the name and press Return.
[M] Move member ports from other VLANs. Select this option to add ports to this VLAN and remove them from their previously configured VLAN. The Catalyst 2820 and 1900 are shipped with all ports belonging to VLAN1. Enter the numbers according to the conventions described and press Return.
Example: 1, 2, 3, 8-12, A Enter port numbers:
[N] Next VLAN. Select this option to scroll through the available VLANs.
[P] Previous VLAN. Select this option to scroll through the available VLANs.
[G] Goto VLAN. Select this option to enter a VLAN to display. Enter a number at the prompt and press Return.
By default, all multicast frames are forwarded to all ports in a VLAN. You can, however, register multicast addresses so that they are sent to only the ports you define. Because these packets are then not forwarded to other ports, this reduces the amount of flooding performed by the switch. For more information on this feature, see the "Multicast Registration and Filtering" section in the "Concepts" chapter.
Display this menu by pressing R on the Main Menu. The first line of the menu, shown in Figure 5-16, displays the number of registered multicast addresses.
[R] Register a multicast address. Select this option to register a multicast address. You are prompted for both the address and the ports to which frames destined for this address are to be forwarded.
If you are using CGMP to learn IP multicast groups from routers, do not manually register IP multicast addresses.
If you enter an invalid multicast address, the prompt refreshes itself so you can try again. Invalid addresses include non-multicast addresses, the broadcast address, and reserved multicast addresses, such as those used for Spanning-Tree Protocol.
When you enter a valid address, the following prompt is displayed:
Enter the destination port numbers (separated by commas or spaces)
e.g. 2,3,6,7,12
Default ports ===> All ports
New ports ===>
Enter the port numbers and press Return. Typing errors cause the prompt to be refreshed.
[L] List all registered multicast addresses. Use this option to list all registered multicast addresses that exist in the switch. Addresses are listed with the port or ports to which they are assigned. Addresses with an asterisk are subject to source port filtering. Note that the list also shows whether the address is part of an IP multicast group as defined by CGMP, as in this example:
See the "Flooding Controls" section in the "Concepts" chapter for more information.
[U] Unregister a multicast address. Select this option to delete registered multicast addresses. You cannot delete those multicast addresses that are not considered registered.
If you delete an IP group address, CGMP deletes the members of the group. Packets destined for the IP group address are flooded. The switch reestablishes the IP group only when it receives a message from a CGMP-capable router. Enter the address at the prompt and press Return.
[E] Erase all registered multicast addresses. Select this option to remove all registered multicast addresses. Press Y at the prompt.
Use this menu, shown in Figure 5-17, to display the status of a port or module, enter a port description, change the port status, and define various Spanning-Tree Protocol parameters.
Display this menu by pressing P on the Main Menu. The following prompt is displayed:
Identify port: 1 to 24, AUI,[A1],[B1] Select [1 - 24, AUI, A1, B1]:
The menu displayed varies, depending on whether it is a 10BaseT port or an expansion slot with a 100BaseTX, 100BaseFX, or FDDI module installed.
The following terms are used to describe the STP status of the port:
[D] Description/name of port. Select this option to assign a name to the port. This could be Engineering Segment or any 60-character string. Enter the port name at the prompt and press Return.
[S] Status of port. Select this option to enable a disabled port or disable a port in an operational state. If the port is an expansion slot with a multiport repeater, you can use this option to enable or disable one repeater port while leaving the others unaffected. To enable or disable all ports of a module, use the module status parameter. The operational states a port can have are listed under the next menu option, Module status. Enter E or D at the prompt and press Return.
[M] Module status. (Catalyst 2820 only) Select this option to enable a module that has been disabled or to disable a module that is currently in an enabled operational state. If the module is a multiport repeater, this parameter affects all the repeater ports. Attempts to enable a module that is disabled due to a hardware failure will not succeed, and the module will automatically return to a disabled state. Enter E or D at the prompt and press Return.
The status indication shown on this menu is one of the following:
[F] Full duplex. Select this option to enable or disable full-duplex transmission on 100-Mbps ports. Full duplex is simultaneous 100-Mbps transmission in both directions, yielding an aggregate bandwidth of 200 Mbps. As both ends must be configured for full duplex, the port cannot be connected to a repeater. A likely scenario would be to connect a 100BaseTX port or 100BaseFX 1-port module to a server with a 100BaseTX adapter configured for full duplex. You could also connect it to another Catalyst 2820 or 1900 or other 100BaseT switch or router configured for full-duplex operation. Enter an E or a D at the prompt and press Return.
[I] Port priority. Select this option to define which port is to remain enabled by Spanning-Tree Protocol if two ports form a loop. Enter a number from 0 to 255 and press Return.
[C] Path cost. Select this option to define the Spanning-Tree Protocol path cost of the port. It is inversely proportional to the LAN speed of the network interface at the port. A high path cost means the port has low bandwidth and should not be used if possible.The default is 1000/LAN-speed-in-Mbps. The path cost of 100-Mbps ports is thus 10, and the path cost of 10-Mbps ports is 100. This option also affects which port is to remain enabled by Spanning-Tree Protocol if another bridge device forms a loop with the switch. Enter a value at the prompt and press Return.
[H] Port fast mode. Select this option to accelerate the time it takes for Spanning-Tree Protocol to bring a port into the forwarding state. Enter an E or D at the prompt and press Return.
[A] Port addressing. Select this option to display the Port Addressing Menu.
[V] View port statistics. Select this option to display the Detailed Port Statistics Menu.
The following options are available for FDDI modules and are in addition to the other port configuration menu options discussed in the "Port Configuration" section in this chapter.
Display this menu, shown in Figure 5-18, by pressing P on the Main Menu and the letter (A or B) of an expansion slot containing a Catalyst 2820 FDDI module.
Ring Status. This field indicates whether the module is successfully attached to the ring or not. The two possible values are operational and non-operational.
[L] Novell SNAP frame translation. Use this option to define how you want to translate Novell SNAP FDDI frames. For more information about the translation options, refer to the Catalyst 2820 Modules User Guide. Enter the number associated with your choice at the prompt and press Return.
[U] Unmatched SNAP frame destination. This option appears only when the you have selected Automatic as the SNAP translation format. You use it to select which FDDI-to-Ethernet translation to use for packets whose destinations cannot be determined from the Novell SNAP translation table. Enter the number associated with your choice at the prompt and press Return.
[R] Reset FDDI module. Use this option to reset the FDDI module. Enter Y or N at the prompt and press Return.
[F] Reset FDDI with factory defaults. Select this option to restore the factory default settings on the FDDI module. The module will be reset, and the new settings take effect immediately. Enter Y or N at the prompt and press Return.
[1] Basic FDDI settings. Display the Basic FDDI Settings Menu described in the "Basic FDDI Settings" section in this chapter.
[2] Secondary FDDI settings. Display the Secondary FDDI Menu described in the "Secondary FDDI Settings" section in this chapter.
Use this menu to configure address security of a port and define static unicast and multicast addresses. You can use this menu to specify how a port filters and forwards unmatched unicast addresses and nonregistered multicast addresses. Although multicast address registrations are configured elsewhere, you can use this menu to specify additional source-port filtering on the multicast addresses. For more information on these features, see the "Flooding Controls" section in the "Concepts" chapter.
Display this menu, shown in Figure 5-19, by pressing A on the Main Menu and then entering the port number at the prompt.
The top of the menu displays the current addressing situation:
| Dynamic addresses | The current number of unicast addresses that have been automatically learned on this port. If this is a secured port, the dynamic addresses field is set to zero. |
| Static addresses | The current number of unicast addresses that have been assigned to this port. |
[T] Address Table Size. Select this option to define the size of the address table for a secured port. Enter a number between 1 and 132 at the prompt and press Return.
[S] Addressing security. Select this option to secure a port. Alerts can be generated when a secured port attempts to learn new addresses and its address table is full. The port can be disabled or suspended due to such address violations. See the "Securing Ports" section in the "Concepts" chapter for more information. Enter an E or D at the prompt and press Return.
[U] Flood unknown unicasts. When a frame with an unrecognized unicast destination address is received on any port, the default action is to forward the packet to all enabled ports. Select this option to inhibit the forwarding of unknown unicasts to this port. Enter E or D at the prompt and press Return.
[M] Flood unregistered multicasts. When a frame with an unregistered multicast destination address is received on any port, the default action is to forward the packet to all enabled ports. Select this option to inhibit the forwarding of unregistered multicast addresses to this port. Enter E or D at the prompt and press Return.
[A] Add a static address. If there is room in the port's address table, you can use this option to add a static unicast address to it. Enter a unicast address and press Return. If the address table is already full, an error message is generated. You can change the size of the address table with this menu's option [T] Address Table Size.
[D] Define a restricted static address. Packets with static addresses are usually accepted from any source port. However, a restricted static address, which corresponds to source port filtering in 802.1d, is accompanied by a list of ports that are allowed to send frames to this address and port. Enter the unicast or multicast address and press Return.
You are then prompted for the port numbers allowed to send to this address. Enter the port numbers at the prompt and press Return. The switch checks the list of ports for typing errors and, if there are any, redisplays the prompt.
[L] List addresses. Select this option to list all dynamic and static addresses that belong to this port. The switch displays up to 15 addresses per screen; static addresses are listed first.
[E] Erase an address. Use this option to erase a dynamic or static address assigned to the current port. Enter the address at the prompt and press Return.
[R] Remove all addresses. Select this option to remove all dynamic and static addresses currently associated with the port. Enter Y or N at the confirmation prompt and press Return.
[C] Configure port. Select this option to display the Port Menu.
[V] View port statistics. Select this option to display the Detailed Port Statistics Menu.
This display-only menu shows frame transmit and receive statistics captured by the switch. The statistics and errors can be displayed for all ports on a per-port basis and can vary if a Catalyst 2820 module is installed. Figure 5-20 is a statistics report for an installed 100BaseT module. Figure 5-21 is a statistics report for an installed FDDI module. Statistics are automatically updated every 5 seconds if you are using VT100 emulation.
Display the menu by pressing D on the Main Menu or V on the Port Configuration Menu or Port Addressing Menu.
Performance or connectivity problems could be evident in the port statistics, particularly those under the heading Errors. For example, FCS and alignment errors could be the result of cabling problems such as the following:
For more information on responding to the errors found here, see the "Troubleshooting" chapter. The following definitions of the types of errors found on this menu are taken from RFC 1398:
[A] Port addressing. Display the Port Addressing Menu.
[C] Port configuration. Display the Port Menu.
[R] Reset port statistics. Select this option to clear this port's statistics. Enter Y at the prompt and press Return.
To update the screen press the Spacebar.
Use this menu to display the firmware version currently used by the switch and to perform firmware upgrades. You can also upgrade the firmware for Catalyst 2820 FDDI modules and download diagnostic software for use by customer support. The version number of the currently executing firmware and the size of the system's Flash memory is displayed under System Information. If there is a firmware upgrade in progress, its status is displayed in the Upgrade status field.
You upgrade Catalyst 2820 and 1900 firmware by first downloading an upgrade file into a temporary area. After it is validated by the existing firmware, the new image is transferred into Flash memory, the switch resets, and the new firmware begins executing immediately. If the upgrade file is invalid, the temporary image is discarded, the existing firmware continues to execute, and the firmware upgrade ends.
| Caution During the transfer of the upgrade file, the switch might not respond to commands for as long as 1 minute. This is normal and correct. If you interrupt the transfer by turning the switch off and on, the firmware could be corrupted. If this happens, follow the procedure described in the "Diagnostic Console Recovery Procedures" section in the "Troubleshooting" chapter to restart the firmware. |
Display this menu, shown in Figure 5-22, by pressing F on the Main Menu.
How you upgrade the firmware depends on your installation. There are three possibilities:
Step 1 Select option S and enter the IP address of the server where the upgrade file is located.
Step 2 Select option F and enter the name of the firmware-upgrade file.
Step 3 Make sure the switch can reach the TFTP server. Select option T to initiate the TFTP transfer; the switch contacts the server to get the upgrade file.
Step 4 Verify the upgrade is in progress by checking the System Information section of the Firmware Upgrade Menu. During the transfer, the switch does not respond to commands for about 1 minute.
Step 5 When the transfer is complete, the switch resets and begins using the new firmware.
upgradeTFTPInitiate. This object is described in the Catalyst 2820 Series and Catalyst 1900 Series MIB Reference Manual.
Step 1 On the TFTP client workstation, establish a TFTP session with the IP address assigned to the switch.
Step 2 Ensure that the TFTP client is in binary transfer mode.
Step 3 At the command line enter put and the filename.
Step 4 Verify the upgrade is in progress by checking the System Information section of the Firmware Upgrade Menu. During the transfer, the switch does not respond to commands for about one minute.
Step 5 When the transfer is complete, the switch resets and begins using the new firmware.
This procedure is largely dependent on the modem software you're using. ProComm and HyperTerminal are examples of applications that use the XMODEM protocol.
Step 1 Select option U.
Step 2 When the first XMODEM request appears, use the appropriate command to start the transfer. After the transfer, the switch does not respond to commands for about one minute.
Step 3 The switch resets after a successful transfer, the newly downloaded firmware begins to reset, and the Logon Security Menu is displayed.
This procedure is for upgrading the FDDI module firmware, not the switch firmware.
The options you use in this procedure depend on the expansion slot containing the
Catalyst 2820 FDDI module.
Step 1 Select option S and enter the IP address of the server where the FDDI upgrade file is located.
Step 2 Select option F and enter the name of the firmware-upgrade file.
Step 3 Select option 3 (for the A slot) or 4 (for the B slot) to initiate the TFTP transfer; the switch contacts the server to get the upgrade file.
The following procedure is for upgrading the FDDI module firmware, not the switch firmware.
Step 1 On the TFTP client workstation, establish a TFTP session with the IP address assigned to the switch.
Step 2 Ensure that the TFTP client is in binary transfer mode.
Step 3 At the command line, enter put and the filename. If there are two FDDI modules installed, the following rules apply:
Step 4 Verify the upgrade is in progress by checking the System Information section of the Firmware Upgrade Menu. If the upgrade is in progress, the field reads: in-progress.
Step 5 When the transfer is complete, the FDDI module resets and begins using the new firmware.
The following procedure is for upgrading the FDDI module firmware, not the switch firmware. It is dependent on the modem software you're using.
Step 1 Select option 1 for expansion slot A or 2 for expansion slot B.
Step 2 When the first XMODEM request appears, use the appropriate command to start the transfer.
Step 3 FDDI resets after a successful transfer.
[S] Server: IP address or TFTP server. Enter the IP address of the TFTP server where the upgrade file is located.
[F] Filename for firmware upgrades. Enter the name of the firmware upgrade file to be downloaded and press Return. The file should be on a TFTP server.
[A] Accept upgrade transfer from other hosts. You have the option of accepting upgrades from TFTP clients on the network. Use this option to enable or disable this function and press Return.
[1] FDDI (A) XMODEM upgrade. Start an XMODEM upgrade of the FDDI firmware in expansion slot A. The complete procedure is described in the section "Upgrading FDDI Firmware with XMODEM."
[2] FDDI (B) XMODEM upgrade. Start an XMODEM upgrade of the FDDI firmware in expansion slot B. The complete procedure is described in the section "Upgrading FDDI Firmware with XMODEM."
[3] FDDI (A) TFTP upgrade. Initiate a TFTP transfer of FDDI firmware to slot A. The complete procedure is described in the section "Upgrading FDDI Firmware with a TFTP Server."
[4] FDDI (B) TFTP upgrade. Initiate a TFTP transfer of FDDI firmware to slot B. The complete procedure is described in the section "Upgrading FDDI Firmware with a TFTP Server."
[U] System XMODEM upgrade. Select this option to upgrade the firmware using a modem. Enter N to return to the Firmware Upgrade Menu or Y to begin the transfer. The following prompt appears:
Please initiate XMODEM transfer. Awaiting transfer . . . C
C is the first XMODEM/CR protocol request. Use the appropriate application-specific command to start the transfer. Upon completion of the transfer, the switch resets and the newly downloaded firmware begins to execute. The Logon Security Menu is displayed.
[T] System TFTP upgrade. Use this option to upgrade the firmware from a TFTP server. The address of the server and the name of the file must already be set.
[D] Download test subsystem (XMODEM). This option is reserved for use by the customer support group and is used to download diagnostic software.
Use this menu, shown in Figure 5-23, to define the physical characteristics of the RS-232 port--baud rate, stop bits, and the like--and call-features such as the time delay between outgoing calls. Note that the changes you make to parameters under the heading Group Settings are not invoked until you press G. Press C to cancel the session and return to the previous settings.
Display this menu by pressing I on the Main Menu.
[B] Baud rate. Enter the baud rate of the RS-232 serial port and press Return.
[D] Data bits. Enter the data bits value for the serial port and press Return. Valid values are 7 and 8.
[S] Stop bits. Enter the stop bits value for the serial port and press Return.
[P] Parity settings. Change the parity settings for the serial port and press Return.
[M] Match remote baud rate. Select this feature to enable the RS-232 port to automatically match the baud rate of an incoming call. The switch only matches a baud rate lower than its configured baud rate. After the call, the switch reverts to its configured rate.
[A] Auto answer. Select this feature to enable the auto-answer feature. Enter E or D at the prompt and press Return.
[N] Number for dial-out connection. Enter the phone number the switch is configured to use when dialing out. This number is dialed when the switch is configured to communicate with a remote terminal upon power-up or reset. If the dial-out is unsuccessful and auto-answer is enabled, the switch ceases dialing and awaits incoming calls.
Up to 48 characters can be entered. Use the Backspace followed by Return to delete the number. Using the format required by your modem, enter the number at the prompt and press Return.
[T] Time delay between attempts. Enter the amount of time in seconds between dial-out attempts and press Return. Zero disables retry.
[I] Initialization string for modem. Change the initialization string to match your modem requirements. Up to 48 characters can be entered. Enter the new string at the prompt and press Return.
[C] Cancel and restore previous group settings. Select this option to undo any new values entered for the baud rate, data bits, stop bits, and parity setting. Values are restored to those last saved.
[G] Activate group settings. This option activates the setting you have entered for baud rate, data bits, stops bits, and parity settings. After selecting this option, configure the attached terminal to match the new settings. Enter Y or N at the prompt and press Return.
This section describes statistics generated by the Catalyst 2820 and 1900 Management Console. If you are using VT100 terminal emulation, the screens displaying the statistics are refreshed every 5 seconds. If you are connected to the Management Console via a modem running at less than 2400 baud, the screens displaying the statistics are refreshed every 8 seconds.
Use this menu, shown in Figure 5-24, to display network statistics in the form of summary displays showing all ports. Press U on the Main Menu to display this menu. These statistics are read only; press Return or the Spacebar to refresh them at any time.
This report, shown in Figure 5-25, summarizes the status of all ports as defined on the Ports Menu. Definitions of these terms can be found in the "Port Configuration" section in this chapter.
Display this report by pressing U on the Main Menu and P on the Usage Summary Menu.
This report displays the status of the installed modules. Definitions of these terms can be found in the "Port Configuration" section in this chapter.
Display this report, shown in Figure 5-26, by pressing U on the Main Menu and P on the Usage Summary Menu.
This report displays the port's address mode, dynamic or static, and how many addresses have been assigned to the port.
Display this report, shown in Figure 5-27, by pressing U on the Main Menu and A on the Usage Summary Menu.
The two columns on this menu have the following values:
| Port | Whether the port is enabled for dynamic learning or secured. |
| Addresses | If it is a single station, this field contains its address; if it is not a single station, this field shows the number of static and dynamic addresses associated with the port. |
This report displays the number of receive errors, transmit errors, and security violations for each port. Display this report, shown in Figure 5-28, by pressing U on the Main Menu and E on the Usage Summary Menu.
The figures displayed are actually totals of various kinds of errors:
[R] Reset all statistics. Select this option to reset all statistics to zero. Respond to the confirmation prompt and press Return.
This report displays the frame-count statistics generated by the Catalyst 2820 and 1900. Display this report, shown in Figure 5-29, by pressing U on the Main Menu and U on the Usage Summary Menu.
Column headings have the following meanings:
| Receive | The number of received good unicast frames, good multicast frames, and good broadcast frames |
| Forward | The number of good frames forwarded |
| Transmit | The combined number of transmitted unicast frames, multicast frames, and broadcast frames |
[R] Reset all statistics. Select this option to reset all statistics to zero. Respond to the confirmation prompt and press Return.
This report displays the peak bandwidth of the network during a given period of time. The switch displays a list of the last twelve recordings of maximum bandwidth, in Mbps, according to a time interval you set. Display this report, shown in Figure 5-30, by pressing U on the Main Menu and B on the Usage Summary Menu.
[T] Capture time interval. Use this option to define the time interval during which data is collected to calculate bandwidth usage. Table 1-6 in the chapter "Overview" shows the bandwidth associated with each LED. Enter a number between 1 and 24 and press Return.
[C] Clear table. Select this option to clear the bandwidth table. Enter Y or N at the confirmation prompt and press Return.
[R] Reset current entry. This option sets the current table entry to zero and allows new information to be recorded. The current table entry is marked by an asterisk (*). Enter Y or N at the confirmation prompt and press Return.
This screen displays the most common FDDI settings, but does not allow you to set any parameters. Each parameter is described below.
Display this menu, shown in Figure 5-31, by entering 1 on the Port Configuration Menu.
[2] Secondary FDDI settings. Display the menu described in the "Secondary FDDI Settings" section in this chapter.
[C] Configure port. Display the menu described in the "Port Configuration" section in this chapter.
[A] Port addressing. Display the menu described in the "Port Addressing" section in this chapter.
[V] View port statistics. Display the port statistics report described in the "Port Statistics Report" section in this chapter.
| SMT version | The version number of this particular Station Management (SMT) implementation. |
| MIB version | The version number of this FDDI MIB implementation. |
| Number of MACs | The number of MACs that this FDDI entity implements. |
| Non master ports | The number of non-master ports residing on the FDDI module. Non-master ports are any ports other than the M type. |
| Optical bypass | If an optical bypass device is attached to the FDDI module, this item is Present; otherwise it is Not present.
|
| Upstream neighbor | The station address of the upstream neighbor. |
| Station address | The station address of the FDDI module. |
| Downstream neighbor | The station address of the downstream neighbor. |
| ECM state | The current status of the ECM (entity coordination management) state machine. The ECM handles the management and coordination of all of the ports in the node. During normal operation, this has the value In. The other possible values, Out, Trace, Leave, Path_test, Insert, Check, or Deinsert, can indicate that the ECM state machine has detected an error.
|
| Attachment state | The current attachment configuration for the module. The normal state, Thru, indicates that both ports are connected to the ring. The value Isolated indicates that both ports A and B are disconnected from the ring, Wrap_A indicates that only port A is connected to the ring, and Wrap_B indicates that only port B is connected to the ring.
|
This screen contains some of the less common FDDI settings. You can change three of the parameters; all others are display only.
Display this menu, shown in Figure 5-32, by entering 2 on the Port Configuration Menu.
| Remote disconnect flag | This flag indicates whether the module was remotely disconnected from the network as a result of receiving a disconnect action in a Parameter Management Frame. |
| Station path status | The status of the primary and secondary paths within the module. The status is Concatenated, Separated, or Thru.
|
| Requested token rotation time | The requested token rotation time in nanoseconds for the module. |
| Negotiated token rotation time | The negotiated token rotation time in nanoseconds. Note that this value will be the same for all stations on the ring. |
| Old upstream neighbor | The previous value of the MAC's upstream neighbor's MAC address. |
| Old downstream neighbor | The previous value of the MAC's downstream neighbor's MAC address. |
| MAC's downstream port type | The type of the first port that is downstream from this MAC. |
| Valid transmission timer | The value that the module is using for its valid transmission timer. If the module waits this amount of time without seeing a valid frame or unrestricted token, the module begins the claim process to re-create the token. |
| Frame error flag | This flag is set when the MAC Frame Error Condition is present. This value is cleared when the condition clears and on station reset. |
| Frame processing functions | This indicates the module's handling of the Error, Address, and Copied frame status indicators. |
| MAC's available paths | The paths that are available to the MAC. |
[N] Notification timer value. Use this option to assign a new value to fddimibSMTTNotify. Enter a value according to the prompt and press Return.
This value is the timer, expressed in seconds, used in the Neighbor Notification protocol. It has a range of 2 seconds to 30 seconds. The default value is 30.
Current setting ==> 30
New setting ==>
[U] Use authorization string. Select this option to enable or disable authorization checking for the SMT entity. When this item is selected, the following prompt is displayed:
When the authorization string checking is enabled, the
FDDI module will use the current authorization string to verify SMT
requests from remote stations. This value is disabled by default.
Use of authorization string checking may be [E]nabled or [D]isabled
Current setting ==> Disabled
New setting ==>
[S] Authorization string. Select this option to assign a new authorization string value. The authorization string is from 0 to 32 bytes in length; the length must be a multiple of 4 bytes. When this item is selected, the following prompt is displayed:
The authorization string is used in the verification of SMT requests. The length of the authorization string must be a multiple of 4 bytes.
Input the new authorization string.
Current ==> mgmtpswd
New ==>
[1] Basic FDDI settings. Display the menu described in the "Basic FDDI Settings" section in this chapter.
[C] Configure port. Display the menu described in the "Port Configuration" section in this chapter.
[A] Port addressing. Display the menu described in the "Port Addressing" section in this chapter.
[V] View port statistics. Display the port statistics report described in the "Port Statistics Report" section in this chapter.
|
|