Cisco Systems Ie 2000 Users Manual
IE 2000 to the manual e03ff69a-d572-46f5-81fe-37b44ecb12c5
2015-01-05
: Cisco-Systems Cisco-Systems-Ie-2000-Users-Manual-203393 cisco-systems-ie-2000-users-manual-203393 cisco-systems pdf
Open the PDF directly: View PDF 
.
Page Count: 924
Cisco IE 2000 Switch Software
Configuration Guide
Cisco IOS Release 15.0(1)EY
July 2012
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-25866-01
�THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
Cisco IE 2000 Switch Software Configuration Guide
© 2012 Cisco Systems, Inc. All rights reserved.
�C O N T E N T S
Preface
li
Audience
Purpose
li
li
Conventions
li
Related Publications
lii
Obtaining Documentation, Obtaining Support, and Security Guidelines
CHAPTER
1
Configuration Overview
Features
liii
1-1
1-1
Feature Software Licensing 1-1
Ease-of-Deployment and Ease-of-Use Features
Performance Features 1-2
Management Options 1-3
Industrial Application 1-4
Manageability Features 1-4
Availability and Redundancy Features 1-5
VLAN Features 1-6
Security Features 1-7
QoS and CoS Features 1-10
Monitoring Features 1-11
Default Settings After Initial Switch Configuration
1-2
1-11
Network Configuration Examples 1-14
Design Concepts for Using the Switch 1-14
Ethernet-to-the-Factory Architecture 1-15
Enterprise Zone 1-15
Demilitarized Zone 1-16
Manufacturing Zone 1-16
Topology Options 1-18
Where to Go Next
CHAPTER
2
1-21
Using the Command-Line Interface
2-1
Information About Using the Command-Line Interface
Command Modes 2-1
Help System 2-3
2-1
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
iii
�Contents
Understanding Abbreviated Commands 2-4
No and default Forms of Commands 2-4
CLI Error Messages 2-5
Configuration Logging
2-5
How to Use the CLI to Configure Features 2-6
Configuring the Command History 2-6
Changing the Command History Buffer Size 2-6
Recalling Commands 2-6
Disabling the Command History Feature 2-7
Using Editing Features 2-7
Enabling and Disabling Editing Features 2-7
Editing Commands Through Keystrokes 2-7
Editing Command Lines That Wrap 2-9
Searching and Filtering Output of show and more Commands 2-10
Accessing the CLI 2-10
Accessing the CLI through a Console Connection or through Telnet
CHAPTER
3
Configuring Switch Alarms
Finding Feature Information
2-10
3-1
3-1
Information About Switch Alarms 3-1
Global Status Monitoring Alarms 3-2
FCS Error Hysteresis Threshold 3-2
Port Status Monitoring Alarms 3-2
Triggering Alarm Options 3-3
External Alarms 3-4
Default Switch Alarm Settings 3-5
How to Configure Switch Alarms 3-5
Configuring External Alarms 3-5
Configuring the Power Supply Alarms 3-6
Configuring the Switch Temperature Alarms 3-6
Associating the Temperature Alarms to a Relay 3-7
Configuring the FCS Bit Error Rate Alarm 3-7
Setting the FCS Error Threshold 3-7
Setting the FCS Error Hysteresis Threshold 3-8
Configuring Alarm Profiles 3-8
Creating an Alarm Profile 3-8
Modifying an Alarm Profile 3-8
Attaching an Alarm Profile to a Specific Port 3-9
Enabling SNMP Traps 3-9
Cisco IE 2000 Switch Software Configuration Guide
iv
OL-25866-01
�Contents
Monitoring and Maintaining Switch Alarms Status
3-9
Configuration Examples for Switch Alarms 3-10
Configuring External Alarms: Example 3-10
Associating Temperature Alarms to a Relay: Examples 3-10
Creating or Modifying an Alarm Profile: Example 3-10
Setting the FCS Error Hysteresis Threshold: Example 3-11
Configuring a Dual Power Supply: Examples 3-11
Displaying Alarm Settings: Example 3-11
Additional References 3-12
Related Documents 3-12
Standards 3-12
MIBs 3-12
RFCs 3-13
Technical Assistance 3-13
CHAPTER
4
Performing Switch Setup Configuration
4-1
Restrictions for Performing Switch Setup Configuration
4-1
Information About Performing Switch Setup Configuration 4-1
Switch Boot Process 4-1
Default Switch Boot Settings 4-3
Switch Boot Optimization 4-3
Switch Information Assignment 4-4
Switch Default Settings 4-4
DHCP-Based Autoconfiguration Overview 4-4
DHCP Client Request Process 4-5
DHCP-Based Autoconfiguration and Image Update 4-6
DHCP Autoconfiguration 4-6
DHCP Auto-Image Update 4-6
DHCP Server Configuration Guidelines 4-7
TFTP Server 4-7
DNS Server 4-8
Relay Device 4-8
How to Obtain Configuration Files 4-9
How to Control Environment Variables 4-10
Common Environment Variables 4-11
Scheduled Reload of the Software Image 4-11
How to Perform Switch Setup Configuration 4-12
Configuring DHCP Autoconfiguration (Only Configuration File) 4-12
Configuring DHCP Auto-Image Update (Configuration File and Image)
4-13
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
v
�Contents
Configuring the Client 4-14
Manually Assigning IP Information on a Routed Port 4-14
Manually Assigning IP Information to SVIs 4-15
Modifying the Startup Configuration 4-15
Specifying the Filename to Read and Write the System Configuration
Manually Booting the Switch 4-16
Booting a Specific Software Image 4-17
Monitoring Switch Setup Configuration 4-17
Verifying the Switch Running Configuration
4-15
4-17
Configuration Examples for Performing Switch Setup Configuration 4-18
Retrieving IP Information Using DHCP-Based Autoconfiguration: Example
Scheduling Software Image Reload: Examples 4-20
Configuring DHCP Auto-Image Update: Example 4-20
Configuring a Switch as a DHCP Server: Example 4-20
Configuring Client to Download Files from DHCP Server 4-21
4-18
Additional References 4-22
Related Documents 4-22
Standards 4-22
MIBs 4-22
RFCs 4-22
Technical Assistance 4-22
CHAPTER
5
Configuring Cisco IOS Configuration Engine
Finding Feature Information
5-1
5-1
Prerequisites for Configuring Cisco IOS Configuration Engine
Information About Configuring Cisco IOS Configuration Engine
Configuration Service 5-3
Event Service 5-3
NameSpace Mapper 5-4
CNS IDs and Device Hostnames 5-4
ConfigID 5-4
DeviceID 5-4
Hostname and DeviceID Interaction 5-5
Using Hostname, DeviceID, and ConfigID 5-5
Cisco IOS Agents 5-5
Initial Configuration 5-5
Incremental (Partial) Configuration 5-6
Synchronized Configuration 5-6
How to Configure Cisco IOS Configuration Engine
5-1
5-2
5-7
Cisco IE 2000 Switch Software Configuration Guide
vi
OL-25866-01
�Contents
Configuring Cisco IOS Agents 5-7
Enabling CNS Event Agent 5-7
Enabling Cisco IOS CNS Agent and an Initial Configuration
Enabling a Partial Configuration 5-10
Monitoring and Maintaining Cisco IOS Configuration Engine
5-8
5-11
Configuration Examples for Cisco IOS Configuration Engine 5-11
Enabling the CNS Event Agent: Example 5-11
Configuring an Initial CNS Configuration: Examples 5-11
Additional References 5-12
Related Documents 5-12
Standards 5-12
MIBs 5-12
RFCs 5-12
Technical Assistance 5-13
CHAPTER
6
Configuring Switch Clusters
6-1
Finding Feature Information
6-1
Prerequisites for Configuring Switch Clusters 6-1
Cluster Command Switch Characteristics 6-1
Standby Cluster Command Switch Characteristics 6-2
Candidate Switch and Cluster Member Switch Characteristics
Restrictions for Configuring Switch Clusters
Information About Configuring Switch Clusters
Benefits of Clustering Switches 6-3
Eligible Cluster Switches 6-3
6-2
6-3
6-3
How to Plan for Switch Clustering 6-4
Automatic Discovery of Cluster Candidates and Members 6-5
Discovery Through CDP Hops 6-5
Discovery Through Non-CDP-Capable and Noncluster-Capable Devices
Discovery Through Different VLANs 6-7
Discovery Through Different Management VLANs 6-8
Discovery Through Routed Ports 6-9
Discovery of Newly Installed Switches 6-10
IP Addresses 6-11
Hostnames 6-11
Passwords 6-12
SNMP Community Strings 6-12
TACACS+ and RADIUS 6-12
LRE Profiles 6-13
6-7
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
vii
�Contents
Managing Switch Clusters 6-13
Using the CLI to Manage Switch Clusters 6-13
Using SNMP to Manage Switch Clusters 6-14
Additional References 6-15
Related Documents 6-15
Standards 6-15
MIBs 6-15
RFCs 6-15
Technical Assistance 6-15
CHAPTER
7
Performing Switch Administration
Finding Feature Information
7-1
7-1
Information About Performing Switch Administration 7-1
System Time and Date Management 7-1
System Clock 7-1
Network Time Protocol 7-2
NTP Version 4 7-3
DNS 7-4
Default DNS Configuration 7-4
Login Banners 7-4
System Name and Prompt 7-5
MAC Address Table 7-5
Address Table 7-5
MAC Addresses and VLANs 7-5
Default MAC Address Table Configuration 7-6
Address Aging Time for VLANs 7-6
MAC Address Change Notification Traps 7-6
Static Addresses 7-6
Unicast MAC Address Filtering 7-7
MAC Address Learning on a VLAN 7-8
ARP Table Management 7-8
How to Perform Switch Administration 7-9
Configuring Time and Date Manually 7-9
Setting the System Clock 7-9
Configuring the Time Zone 7-9
Configuring Summer Time (Daylight Saving Time) 7-10
Configuring Summer Time (Exact Date and Time) 7-11
Configuring a System Name 7-11
Setting Up DNS 7-11
Cisco IE 2000 Switch Software Configuration Guide
viii
OL-25866-01
�Contents
Configuring Login Banners 7-12
Configuring a Message-of-the-Day Login Banner 7-12
Configuring a Login Banner 7-13
Managing the MAC Address Table 7-13
Changing the Address Aging Time 7-13
Configuring MAC Address Change Notification Traps 7-14
Configuring MAC Address Move Notification Traps 7-15
Configuring MAC Threshold Notification Traps 7-15
Adding and Removing Static Address Entries 7-17
Configuring Unicast MAC Address Filtering 7-17
Disabling MAC Address Learning on a VLAN 7-17
Monitoring and Maintaining Switch Administration
7-18
Configuration Examples for Performing Switch Admininistration 7-18
Setting the System Clock: Example 7-18
Configuring Summer Time: Examples 7-18
Configuring a MOTD Banner: Examples 7-19
Configuring a Login Banner: Example 7-19
Configuring MAC Address Change Notification Traps: Example 7-19
Sending MAC Address Move Notification Traps: Example 7-20
Configuring MAC Threshold Notification Traps: Example 7-20
Adding the Static Address to the MAC Address Table: Example 7-20
Configuring Unicast MAC Address Filtering: Example 7-20
Additional References 7-21
Related Documents 7-21
Standards 7-21
MIBs 7-21
RFCs 7-21
Technical Assistance 7-21
CHAPTER
8
Configuring PTP
8-1
Finding Feature Information
8-1
Prerequisites for Configuring PTP
Restrictions for Configuring PTP
Information About Configuring PTP
Precision Time Protocol 8-1
8-1
8-1
8-1
How to Configure PTP 8-2
Default PTP Settings 8-2
Setting Up PTP 8-3
Monitoring and Maintaining the PTP Configuration
8-3
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
ix
�Contents
Troubleshooting the PTP Configuration
8-4
Additional References 8-4
Related Documents 8-4
Standards 8-4
MIBs 8-4
RFCs 8-5
Technical Assistance 8-5
CHAPTER
Configuring PROFINET
9
9-1
Finding Feature Information
9-1
Restrictions for Configuring PROFINET
9-1
Information About Configuring PROFINET 9-1
PROFINET Device Roles 9-2
PROFINET Device Data Exchange 9-2
How to Configure PROFINET 9-4
Configuring PROFINET 9-4
Default Configuration 9-4
Enabling PROFINET 9-4
Monitoring and Maintaining PROFINET
Troubleshooting PROFINET
9-5
9-5
Additional References 9-6
Related Documents 9-6
Standards 9-6
MIBs 9-6
RFCs 9-6
Technical Assistance 9-6
CHAPTER
10
Configuring CIP
10-1
Finding Feature Information
10-1
Restrictions for Configuring CIP
Information About Configuring CIP
10-1
10-1
How to Configure CIP 10-1
Default Configuration 10-1
Enabling CIP 10-2
Monitoring CIP
10-2
Troubleshooting CIP
10-2
Additional References 10-3
Related Documents 10-3
Cisco IE 2000 Switch Software Configuration Guide
x
OL-25866-01
�Contents
Standards 10-3
MIBs 10-3
RFCs 10-3
Technical Assistance
CHAPTER
11
10-3
Configuring SDM Templates
11-1
Finding Feature Information
11-1
Prerequisites for Configuring SDM Templates
11-1
Restrictions for Configuring SDM Templates
11-1
Information About Configuring SDM Templates 11-1
SDM Templates 11-1
Dual IPv4 and IPv6 SDM Default Template 11-3
How to Configure the Switch SDM Templates
Setting the SDM Template 11-4
Monitoring and Maintaining SDM Templates
11-4
11-4
Configuration Examples for Configuring SDM Templates 11-5
Configuring the IPv4-and-IPv6 Default Template: Example 11-5
Additional References 11-6
Related Documents 11-6
Standards 11-6
MIBs 11-6
RFCs 11-6
Technical Assistance 11-6
CHAPTER
12
Configuring Switch-Based Authentication
Finding Feature Information
12-1
12-1
Prerequisites for Configuring Switch-Based Authentication
Restrictions for Configuring Switch-Based Authentication
Information About Configuring Switch-Based Authentication
Prevention for Unauthorized Switch Access 12-2
Password Protection 12-2
Default Password and Privilege Level Configuration
Enable Secret Passwords with Encryption 12-3
Password Recovery 12-3
Telnet Password for a Terminal Line 12-4
Username and Password Pairs 12-4
Multiple Privilege Levels 12-4
Switch Access with TACACS+ 12-5
12-1
12-1
12-2
12-2
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xi
�Contents
TACACS+ 12-5
TACACS+ Operation 12-6
Default TACACS+ Configuration 12-7
TACACS+ Server Host and the Authentication Key 12-7
TACACS+ Login Authentication 12-7
TACACS+ Authorization for Privileged EXEC Access and Network Services 12-7
TACACS+ Accounting 12-8
Switch Access with RADIUS 12-8
RADIUS 12-8
RADIUS Operation 12-9
Default RADIUS Configuration 12-10
RADIUS Change of Authorization 12-10
CoA Request Commands 12-12
RADIUS Server Host 12-14
RADIUS Login Authentication 12-15
Radius Method List 12-15
AAA Server Groups 12-15
RADIUS Authorization for User Privileged Access and Network Services 12-16
RADIUS Accounting 12-16
Establishing a Session with a Router if the AAA Server is Unreachable 12-16
Vendor-Specific RADIUS Attributes 12-16
Vendor-Proprietary RADIUS Server Communication 12-17
Switch Access with Kerberos 12-17
Understanding Kerberos 12-17
Kerberos Operation 12-19
Kerberos Configuration 12-20
Local Authentication and Authorization 12-20
Secure Shell 12-21
SSH 12-21
SSH Servers, Integrated Clients, and Supported Versions 12-21
Limitations 12-22
SSH Configuration Guidelines 12-22
Switch for Secure Socket Layer HTTP 12-22
Secure HTTP Servers and Clients 12-22
Default SSL Settings 12-23
Certificate Authority Trustpoints 12-23
CipherSuites 12-24
Secure Copy Protocol 12-24
How to Configure Switch-Based Authentication
Configuring Password Protection 12-26
12-26
Cisco IE 2000 Switch Software Configuration Guide
xii
OL-25866-01
�Contents
Setting or Changing a Static Enable Password 12-26
Protecting Enable and Enable Secret Passwords with Encryption 12-27
Disabling Password Recovery 12-27
Setting a Telnet Password for a Terminal Line 12-28
Configuring Username and Password Pairs 12-28
Setting the Privilege Level for a Command 12-29
Changing the Default Privilege Level for Lines 12-29
Logging Into and Exiting a Privilege Level 12-30
Configuring TACACS+ 12-30
Identifying the TACACS+ Server Host and Setting the Authentication Key 12-30
Configuring TACACS+ Login Authentication 12-31
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 12-33
Starting TACACS+ Accounting 12-33
Configuring Radius Server Communication 12-33
Defining AAA Server Groups 12-35
Configuring RADIUS Login Authentication 12-36
Configuring RADIUS Authorization for User Privileged Access and Network Services 12-37
Starting RADIUS Accounting 12-37
Configuring Settings for All RADIUS Servers 12-37
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 12-38
Configuring CoA on the Switch 12-38
Configuring the Switch for Local Authentication and Authorization 12-39
Configuring Secure Shell 12-40
Setting Up the Switch to Run SSH 12-40
Configuring the SSH Server 12-40
Configuring Secure HTTP Servers and Clients 12-42
Configuring a CA Trustpoint 12-42
Configuring the Secure HTTP Server 12-42
Configuring the Secure HTTP Client 12-44
Monitoring and Maintaining Switch-Based Authentication
12-44
Configuration Examples for Configuring Switch-Based Authentication 12-45
Changing the Enable Password: Example 12-45
Configuring the Encrypted Password: Example 12-45
Setting the Telnet Password for a Terminal Line: Example 12-45
Setting the Privilege Level for a Command: Example 12-45
Configuring the RADIUS Server: Examples 12-45
Defining AAA Server Groups: Example 12-46
Configuring Vendor-Specific RADIUS Attributes: Examples 12-46
Configuring a Vendor-Proprietary RADIUS Host: Example 12-46
Sample Output for a Self-Signed Certificate: Example 12-46
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xiii
�Contents
Verifying Secure HTTP Connection: Example
12-47
Additional References 12-47
Related Documents 12-47
Standards 12-48
MIBs 12-48
RFCs 12-48
Technical Assistance 12-48
CHAPTER
13
Configuring IEEE 802.1x Port-Based Authentication
Finding Feature Information
13-1
13-1
Restrictions for Configuring IEEE 802.1x Port-Based Authentication
13-1
Information About Configuring IEEE 802.1x Port-Based Authentication 13-1
IEEE 802.1x Port-Based Authentication 13-1
Device Roles 13-2
Authentication Process 13-3
Switch-to-RADIUS-Server Communication 13-4
Authentication Initiation and Message Exchange 13-4
Authentication Manager 13-6
Port-Based Authentication Methods 13-6
Per-User ACLs and Filter-Ids 13-7
Authentication Manager CLI Commands 13-8
Ports in Authorized and Unauthorized States 13-9
802.1x Host Mode 13-9
Multidomain Authentication 13-10
802.1x Multiple Authentication Mode 13-11
MAC Move 13-12
MAC Replace 13-12
802.1x Accounting 13-13
802.1x Accounting Attribute-Value Pairs 13-13
802.1x Readiness Check 13-14
802.1x Authentication with VLAN Assignment 13-15
Voice Aware 802.1x Security 13-16
802.1x Authentication with Per-User ACLs 13-17
802.1x Authentication with Downloadable ACLs and Redirect URLs 13-18
Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL 13-19
Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs 13-19
VLAN ID-Based MAC Authentication 13-20
802.1x Authentication with Guest VLAN 13-20
802.1x Authentication with Restricted VLAN 13-21
Cisco IE 2000 Switch Software Configuration Guide
xiv
OL-25866-01
�Contents
802.1x Authentication with Inaccessible Authentication Bypass 13-22
Support on Multiple-Authentication Ports 13-22
Authentication Results 13-22
Feature Interactions 13-23
802.1x Authentication with Voice VLAN Ports 13-23
802.1x Authentication with Port Security 13-24
802.1x Authentication with Wake-on-LAN 13-24
802.1x Authentication with MAC Authentication Bypass 13-25
802.1x User Distribution 13-26
802.1x User Distribution Configuration Guidelines 13-26
Network Admission Control Layer 2 802.1x Validation 13-27
Flexible Authentication Ordering 13-27
Open1x Authentication 13-28
802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT)
802.1x Supplicant and Authenticator Switch Guidelines 13-29
Using IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute 13-29
Authentication Manager Common Session ID 13-30
Default 802.1x Authentication Settings 13-30
802.1x Accounting 13-31
802.1x Authentication Guidelines 13-32
VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass
Guidelines 13-33
MAC Authentication Bypass Guidelines 13-33
Maximum Number of Allowed Devices Per Port Guidelines 13-34
13-28
How to Configure IEEE 802.1x Port-Based Authentication 13-34
802.1x Authentication Configuration Process 13-34
Configuring the Switch-to-RADIUS-Server Communication 13-36
Configuring 802.1x Readiness Check 13-36
Enabling Voice Aware 802.1x Security 13-37
Configuring 802.1x Violation Modes 13-37
Configuring the Host Mode 13-38
Configuring Periodic Reauthentication 13-39
Configuring Optional 802.1x Authentication Features 13-40
Configuring 802.1x Accounting 13-42
Configuring a Guest VLAN 13-42
Configuring a Restricted VLAN 13-43
Configuring the Maximum Number of Authentication Attempts 13-43
Configuring Inaccessible Authentication Bypass 13-44
Configuring 802.1x User Distribution 13-46
Configuring NAC Layer 2 802.1x Validation 13-46
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xv
�Contents
Configuring an Authenticator and Supplicant 13-47
Configuring an Authenticator 13-47
Configuring a Supplicant Switch with NEAT 13-47
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs 13-48
Configuring Downloadable ACLs 13-48
Configuring a Downloadable Policy 13-49
Configuring Open1x 13-50
Resetting the 802.1x Authentication Configuration to the Default Values 13-51
Monitoring and Maintaining IEEE 802.1x Port-Based Authentication
13-51
Configuration Examples for Configuring IEEE 802.1x Port-Based Authentication 13-51
Enabling a Readiness Check: Example 13-51
Enabling 802.1x Authentication: Example 13-52
Enabling MDA: Example 13-52
Disabling the VLAN Upon Switch Violoation: Example 13-52
Configuring the Radius Server Parameters: Example 13-52
Configuring 802.1x Accounting: Example 13-52
Enabling an 802.1x Guest VLAN: Example 13-53
Displaying Authentication Manager Common Session ID: Examples 13-53
Configuring Inaccessible Authentication Bypass: Example 13-53
Configuring VLAN Groups: Examples 13-54
Configuring NAC Layer 2 802.1x Validation: Example 13-54
Configuring an 802.1x Authenticator Switch: Example 13-54
Configuring an 802.1x Supplicant Switch: Example 13-55
Configuring a Downloadable Policy: Example 13-55
Configuring Open 1x on a Port: Example 13-55
Additional References 13-56
Related Documents 13-56
Standards 13-56
MIBs 13-56
RFCs 13-56
Technical Assistance 13-57
CHAPTER
14
Configuring Web-Based Authentication
Finding Feature Information
14-1
14-1
Prerequisites for Configuring Web-Based Authentication
14-1
Restrictions for Configuring Web-Based Authentication on the IE 2000 Switch
Information About Configuring Web-Based Authentication
Web-Based Authentication 14-2
Device Roles 14-2
14-1
14-2
Cisco IE 2000 Switch Software Configuration Guide
xvi
OL-25866-01
�Contents
Host Detection 14-3
Session Creation 14-3
Authentication Process 14-4
Local Web Authentication Banner 14-4
Web Authentication Customizable Web Pages 14-6
Web Authentication Guidelines 14-6
Web-Based Authentication Interactions with Other Features 14-8
Port Security 14-8
LAN Port IP 14-8
Gateway IP 14-9
ACLs 14-9
Context-Based Access Control 14-9
802.1x Authentication 14-9
EtherChannel 14-9
Default Web-Based Authentication Settings 14-10
Configuring Switch-to-RADIUS-Server Communication 14-10
How to Configure Web-Based Authentication 14-11
Configuring the Authentication Rule and Interfaces 14-11
Configuring AAA Authentication 14-11
Configuring Switch-to-RADIUS-Server Communication 14-12
Configuring the HTTP Server 14-12
Customizing the Authentication Proxy Web Pages 14-13
Specifying a Redirection URL for Successful Login 14-13
Configuring the Web-Based Authentication Parameters 14-13
Configuring a Web Authentication Local Banner 14-14
Removing Web-Based Authentication Cache Entries 14-14
Monitoring and Maintaining Web-Based Authentication
14-14
Configuration Examples for Configuring Web-Based Authentication 14-14
Enabling and Displaying Web-Based Authentication: Examples 14-14
Enabling AAA: Example 14-15
Configuring the RADIUS Server Parameters: Example 14-15
Configuring a Custom Authentication Proxy Web Page: Example 14-15
Verifying a Custom Authentication Proxy Web Page: Example 14-15
Configuring a Redirection URL: Example 14-16
Verifying a Redirection URL: Example 14-16
Configuring a Local Banner: Example 14-16
Clearing the Web-Based Authentication Session: Example 14-16
Additional References 14-17
Related Documents 14-17
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xvii
�Contents
Standards 14-17
MIBs 14-17
RFCs 14-18
Technical Assistance
CHAPTER
15
14-18
Configuring Interface Characteristics
Finding Feature Information
15-1
15-1
Restrictions for Configuring Interface Characteristics
15-1
Information About Configuring Interface Characteristics 15-1
Interface Types 15-1
Port-Based VLANs 15-2
Switch Ports 15-2
Routed Ports 15-3
Access Ports 15-3
Trunk Ports 15-4
EtherChannel Port Groups 15-4
Dual-Purpose Uplink Ports 15-4
Connecting Interfaces 15-5
Using Interface Configuration Mode 15-6
Default Ethernet Interface Settings 15-8
Interface Speed and Duplex Mode 15-9
Speed and Duplex Configuration Guidelines 15-9
IEEE 802.3x Flow Control 15-9
Auto-MDIX on an Interface 15-10
SVI Autostate Exclude 15-10
System MTU 15-10
How to Configure Interface Characteristics 15-11
Configuring Layer 3 Interfaces 15-11
Configuring Interfaces 15-13
Configuring a Range of Interfaces 15-13
Interface Range Restrictions 15-13
Configuring and Using Interface Range Macros
15-14
Configuring Ethernet Interfaces 15-15
Setting the Type of a Dual-Purpose Uplink Port 15-15
Setting the Interface Speed and Duplex Parameters 15-16
Configuring IEEE 802.3x Flow Control 15-16
Configuring Auto-MDIX on an Interface 15-17
Adding a Description for an Interface 15-17
Configuring SVI Autostate Exclude 15-17
Cisco IE 2000 Switch Software Configuration Guide
xviii
OL-25866-01
�Contents
Configuring the System MTU
15-18
Monitoring and Maintaining Interface Characteristics 15-18
Monitoring Interface Status 15-18
Clearing and Resetting Interfaces and Counters 15-19
Shutting Down and Restarting the Interface 15-19
Configuration Examples for Configuring Interface Characteristics
Configuring the Interface Range: Examples 15-20
Configuring Interface Range Macros: Examples 15-20
Setting Speed and Duplex Parameters: Example 15-21
Enabling auto-MDIX: Example 15-21
Adding a Description on a Port: Example 15-21
Configuring SVI Autostate Exclude: Example 15-22
15-20
Additional References 15-22
Related Documents 15-22
Standards 15-22
MIBs 15-22
RFCs 15-23
CHAPTER
16
Configuring Smartports Macros
Finding Feature Information
16-1
16-1
Information About Configuring Smartports Macros
16-1
How to Configure Smartports Macros 16-1
Default Smartports Settings 16-1
Smartports Configuration Guidelines 16-2
Applying Smartports Macros 16-3
Monitoring and Maintaining Smartports Macros
Configuration Examples for Smartports Macros
Applying the Smartports Macro: Examples
16-4
16-4
16-4
Additional References 16-5
Related Documents 16-5
Standards 16-5
MIBs 16-5
RFCs 16-6
Technical Assistance 16-6
CHAPTER
17
Configuring VLANs
17-1
Finding Feature Information
17-1
Information About Configuring VLANs
17-1
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xix
�Contents
VLANs 17-1
Supported VLANs 17-2
VLAN Port Membership Modes 17-3
Normal-Range VLANs 17-4
Token Ring VLANs 17-5
Normal-Range VLAN Configuration Guidelines 17-6
Default Ethernet VLAN Configuration 17-6
Ethernet VLANs 17-7
VLAN Removal 17-7
Static-Access Ports for a VLAN 17-7
Extended-Range VLANs 17-8
Default VLAN Configuration 17-8
Extended-Range VLAN Configuration Guidelines 17-8
VLAN Trunks 17-9
Trunking Overview 17-9
IEEE 802.1Q Configuration Guidelines 17-10
Default Layer 2 Ethernet Interface VLAN Settings 17-11
Ethernet Interface as a Trunk Port 17-11
Trunking Interaction with Other Features 17-11
Allowed VLANs on a Trunk 17-12
Native VLAN for Untagged Traffic 17-12
Load Sharing Using Trunk Ports 17-12
Load Sharing Using STP Port Priorities 17-13
Load Sharing Using STP Path Cost 17-13
VMPS 17-14
Dynamic-Access Port VLAN Membership 17-15
Default VMPS Client Settings 17-15
VMPS Configuration Guidelines 17-15
VMPS Reconfirmation Interval 17-16
Dynamic-Access Port VLAN Membership 17-16
How to Configure VLANs 17-17
Creating or Modifying an Ethernet VLAN 17-17
Deleting a VLAN 17-17
Assigning Static-Access Ports to a VLAN 17-17
Creating an Extended-Range VLAN 17-18
Creating an Extended-Range VLAN with an Internal VLAN ID 17-18
Configuring an Ethernet Interface as a Trunk Port 17-19
Defining the Allowed VLANs on a Trunk 17-19
Changing the Pruning-Eligible List 17-19
Configuring the Native VLAN for Untagged Traffic 17-20
Cisco IE 2000 Switch Software Configuration Guide
xx
OL-25866-01
�Contents
Load Sharing Using STP Port Priorities 17-21
Configuring Load Sharing Using STP Path Cost 17-21
Configuring the VMPS Client 17-22
Entering the IP Address of the VMPS 17-22
Configuring Dynamic-Access Ports on VMPS Clients 17-23
Monitoring and Maintaining VLANs
17-23
Configuration Examples for Configuring VLANs 17-24
VMPS Network: Example 17-24
Configuring a VLAN: Example 17-25
Configuring an Access Port in a VLAN: Example 17-25
Configuring an Extended-Range VLAN: Example 17-25
Configuring a Trunk Port: Example 17-25
Removing a VLAN: Example 17-25
Show VMPS Output: Example 17-25
Additional References 17-26
Related Documents 17-26
Standards 17-26
MIBs 17-26
RFCs 17-26
CHAPTER
18
Configuring VTP
18-1
Finding VTP Feature Information
Prerequisites for Configuring VTP
Restrictions for Configuring VTP
18-1
18-1
18-1
Information About Configuring VTP 18-2
VTP 18-2
VTP Domain 18-2
VTP Modes 18-3
VTP Mode Guidelines 18-3
VTP Advertisements 18-4
VTP Version 2 18-5
VTP Version 3 18-5
VTP Version Guidelines 18-6
VTP Pruning 18-7
Default VTP Settings 18-9
VTP Configuration Guidelines 18-9
Domain Names 18-10
Passwords 18-10
Adding a VTP Client Switch to a VTP Domain
18-10
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxi
�Contents
How to Configure VTP 18-11
Configuring VTP Domain and Parameters 18-11
Configuring a VTP Version 3 Password 18-12
Enabling the VTP Version 18-12
Enabling VTP Pruning 18-13
Configuring VTP on a Per-Port Basis 18-13
Adding a VTP Client Switch to a VTP Domain 18-13
Monitoring and Maintaining VTP
18-14
Configuration Examples for Configuring VTP 18-14
Configuring a VTP Server: Example 18-14
Configuring a Hidden VTP Password: Example 18-15
Configuring a VTP Version 3 Primary Server: Example 18-15
Additional References for Configuring VTP
Related Documents 18-15
Standards 18-15
MIBs 18-16
RFCs 18-16
CHAPTER
19
Configuring Voice VLAN
18-15
19-1
Finding Feature Information
19-1
Information About Configuring Voice VLAN 19-1
Voice VLAN 19-1
Cisco IP Phone Voice Traffic 19-2
Cisco IP Phone Data Traffic 19-3
Default Voice VLAN Configuration 19-3
Voice VLAN Configuration Guidelines 19-3
Port Connection to a Cisco 7960 IP Phone 19-4
Priority of Incoming Data Frames 19-4
How to Configure VTP 19-5
Configuring Cisco IP Phone for Voice Traffic 19-5
Configuring the Priority of Incoming Data Frames 19-5
Monitoring and Maintaining Voice VLAN
19-6
Configuration Examples for Configuring Voice VLAN 19-6
Configuring a Cisco IP Phone for Voice Traffic: Example 19-6
Configuring the Cisco IP Phone Priority of Incoming Data Frames: Example
Additional References for Configuring Voice VLAN
Related Documents 19-6
Standards 19-7
MIBs 19-7
19-6
19-6
Cisco IE 2000 Switch Software Configuration Guide
xxii
OL-25866-01
�Contents
RFCs
CHAPTER
20
19-7
Configuring STP
20-1
Finding Feature Information
20-1
Prerequisites for Configuring STP
Restrictions for Configuring STP
20-1
20-1
Information About Configuring STP 20-1
STP 20-2
Spanning-Tree Topology and BPDUs 20-2
Bridge ID, Switch Priority, and Extended System ID 20-3
Spanning-Tree Interface States 20-4
Blocking State 20-5
Listening State 20-6
Learning State 20-6
Forwarding State 20-6
Disabled State 20-6
How a Switch or Port Becomes the Root Switch or Root Port 20-7
Spanning Tree and Redundant Connectivity 20-7
Spanning-Tree Address Management 20-8
Accelerated Aging to Retain Connectivity 20-8
Spanning-Tree Modes and Protocols 20-9
Supported Spanning-Tree Instances 20-9
Spanning-Tree Interoperability and Backward Compatibility 20-10
STP and IEEE 802.1Q Trunks 20-10
VLAN-Bridge Spanning Tree 20-10
Default Spanning-Tree Settings 20-11
Disabling Spanning Tree 20-11
Root Switch 20-11
Secondary Root Switch 20-12
Port Priority 20-12
Path Cost 20-13
Spanning-Tree Timers 20-13
Spanning-Tree Configuration Guidelines 20-13
How to Configure STP 20-14
Changing the Spanning-Tree Mode 20-14
Configuring the Root Switch 20-15
Configuring a Secondary Root Switch 20-16
Configuring Port Priority 20-16
Configuring Path Cost 20-16
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxiii
�Contents
Configuring Optional STP Parameters
Monitoring and Maintaining STP
20-17
20-17
Additional References 20-18
Related Documents 20-18
Standards 20-18
MIBs 20-18
RFCs 20-18
CHAPTER
21
Configuring MSTP
21-1
Finding Feature Information
21-1
Information About Configuring MSTP 21-1
MSTP 21-2
Multiple Spanning-Tree Regions 21-2
IST, CIST, and CST 21-2
Operations Within an MST Region 21-3
Operations Between MST Regions 21-3
IEEE 802.1s Terminology 21-4
Hop Count 21-5
Boundary Ports 21-5
IEEE 802.1s Implementation 21-6
Port Role Naming Change 21-6
Interoperation Between Legacy and Standard Switches 21-6
Detecting Unidirectional Link Failure 21-7
Interoperability with IEEE 802.1D STP 21-8
RSTP 21-8
Port Roles and the Active Topology 21-8
Rapid Convergence 21-9
Synchronization of Port Roles 21-10
Bridge Protocol Data Unit Format and Processing 21-11
Processing Superior BPDU Information 21-12
Processing Inferior BPDU Information 21-12
Topology Changes 21-12
Default MSTP Settings 21-13
MSTP Configuration Guidelines 21-13
Root Switch 21-14
Secondary Root Switch 21-15
Port Priority 21-15
Path Cost 21-15
Link Type to Ensure Rapid Transitions 21-15
Cisco IE 2000 Switch Software Configuration Guide
xxiv
OL-25866-01
�Contents
Neighbor Type 21-15
Restarting the Protocol Migration Process
21-16
How to Configure MSTP 21-16
Specifying the MST Region Configuration and Enabling MSTP
Configuring the Root Switch 21-17
Configuring the Optional MSTP Parameters 21-18
Monitoring and Maintaining MSTP
21-16
21-20
Configuration Examples for Configuring MSTP 21-20
Configuring the MST Region: Example 21-20
Additional References 21-21
Related Documents 21-21
Standards 21-21
MIBs 21-21
RFCs 21-21
CHAPTER
22
Configuring Optional Spanning-Tree Features
Finding Feature Information
22-1
22-1
Prerequisites for the Optional Spanning-Tree Features
Restrictions for the Optional Spanning-Tree Features
22-1
22-1
Information About Configuring the Optional Spanning-Tree Features
PortFast 22-1
BPDU Guard 22-2
BPDU Filtering 22-3
UplinkFast 22-3
BackboneFast 22-5
EtherChannel Guard 22-7
Root Guard 22-7
Loop Guard 22-8
Default Optional Spanning-Tree Settings 22-9
How to Configure the Optional Spanning-Tree Features
Enabling Optional SPT Features 22-9
22-1
22-9
Maintaining and Monitoring Optional Spanning-Tree Features
22-10
Additional References 22-11
Related Documents 22-11
Standards 22-11
MIBs 22-11
RFCs 22-12
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxv
�Contents
CHAPTER
23
Configuring Resilient Ethernet Protocol
Finding Feature Information
Prerequisites for REP
Restrictions for REP
23-1
23-1
23-1
23-1
Information About Configuring REP 23-1
REP 23-1
Link Integrity 23-4
Fast Convergence 23-4
VLAN Load Balancing 23-4
Spanning Tree Interaction 23-6
REP Ports 23-6
REP Segments 23-7
Default REP Configuration 23-7
REP Configuration Guidelines 23-7
REP Administrative VLAN 23-8
How to Configure REP 23-9
Configuring the REP Administrative VLAN 23-9
Configuring REP Interfaces 23-9
Setting Manual Preemption for VLAN Load Balancing
Configuring SNMP Traps for REP 23-12
Monitoring and Maintaining REP
23-12
23-12
Configuration Examples for Configuring REP 23-13
Configuring the Administrative VLAN: Example 23-13
Configuring a Primary Edge Port: Examples 23-13
Configuring VLAN Blocking: Example 23-14
Additional References 23-14
Related Documents 23-14
Standards 23-14
MIBs 23-15
RFCs 23-15
CHAPTER
24
Configuring FlexLinks and the MAC Address-Table Move Update
Finding Feature Information
24-1
24-1
Restrictions for the FlexLinks and the MAC Address-Table Move Update
24-1
Information About Configuring the FlexLinks and the MAC Address-Table Move Update
FlexLinks 24-1
VLAN FlexLinks Load Balancing and Support 24-2
FlexLinks Multicast Fast Convergence 24-3
24-1
Cisco IE 2000 Switch Software Configuration Guide
xxvi
OL-25866-01
�Contents
Learning the Other FlexLinks Port as the mrouter Port 24-3
Generating IGMP Reports 24-3
Leaking IGMP Reports 24-4
MAC Address-Table Move Update 24-4
Default Settings for FlexLinks and MAC Address-Table Move Update 24-5
Configuration Guidelines for FlexLinks and MAC Address-Table Move Update
24-6
How to Configure the FlexLinks and MAC Address-Table Move Update 24-6
Configuring FlexLinks 24-6
Configuring a Preemption Scheme for FlexLinks 24-7
Configuring VLAN Load Balancing on FlexLinks 24-7
Configuring the MAC Address-Table Move Update Feature 24-8
Configuring the MAC Address-Table Move Update Messages 24-8
Maintaining and Monitoring the FlexLinks and MAC Address-Table Move Update
Configuration Examples for the FlexLinks and MAC Address-Table Move Update
Configuring FlexLinks Port: Examples 24-9
Configuring a Backup Interface: Example 24-11
Configuring a Preemption Scheme: Example 24-11
Configuring VLAN Load Balancing on FlexLinks: Examples 24-12
Configuring MAC Address-Table Move Update: Example 24-13
24-9
24-9
Additional References 24-13
Related Documents 24-13
Standards 24-13
MIBs 24-14
RFCs 24-14
CHAPTER
25
Configuring DHCP
25-1
Finding Feature Information
25-1
Information About Configuring DHCP 25-1
DHCP Snooping 25-1
DHCP Server 25-1
DHCP Relay Agent 25-2
DHCP Snooping 25-2
Option-82 Data Insertion 25-3
Cisco IOS DHCP Server Database 25-6
DHCP Snooping Binding Database 25-6
Default DHCP Snooping Settings 25-7
DHCP Snooping Configuration Guidelines 25-8
DHCP Snooping Binding Database Guidelines 25-9
Packet Forwarding Address 25-9
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxvii
�Contents
DHCP Server Port-Based Address Allocation
25-9
How to Configure DHCP 25-10
Configuring the DHCP Relay Agent 25-10
Specifying the Packet Forwarding Address 25-10
Enabling DHCP Snooping and Option 82 25-11
Enabling the DHCP Snooping Binding Database Agent 25-12
Enabling DHCP Server Port-Based Address Allocation 25-13
Preassigning an IP Address 25-13
Monitoring and Maintaining DHCP
25-14
Configuration Examples for Configuring DHCP 25-15
Enabling DHCP Server Port-Based Address Allocation: Examples
Enabling DHCP Snooping: Example 25-15
25-15
Additional References 25-16
Related Documents 25-16
Standards 25-16
MIBs 25-16
RFCs 25-16
CHAPTER
26
Configuring Dynamic ARP Inspection
Finding Feature Information
26-1
26-1
Prerequisites for Dynamic ARP Inspection
Restrictions for Dynamic ARP Inspection
26-1
26-1
Information About Dynamic ARP Inspection 26-1
Dynamic ARP Inspection 26-1
Interface Trust States and Network Security 26-3
Rate Limiting of ARP Packets 26-4
Relative Priority of ARP ACLs and DHCP Snooping Entries
Logging of Dropped Packets 26-4
Default Dynamic ARP Inspection Settings 26-5
Dynamic ARP Inspection Configuration Guidelines 26-5
How to Configure Dynamic ARP Inspection 26-6
Configuring Dynamic ARP Inspection in DHCP Environments
Configuring ARP ACLs for Non-DHCP Environments 26-7
Limiting the Rate of Incoming ARP Packets 26-9
Performing Validation Checks 26-10
Configuring the Log Buffer 26-11
Monitoring and Maintaining Dynamic ARP Inspection
Configuration Examples for Dynamic ARP Inspection
26-4
26-6
26-12
26-12
Cisco IE 2000 Switch Software Configuration Guide
xxviii
OL-25866-01
�Contents
Configuring Dynamic ARP Inspection in DHCP Environments: Example
Configuring ARP ACLs for Non-DHCP Environments: Example 26-12
26-12
Additional References 26-13
Related Documents 26-13
Standards 26-13
MIBs 26-13
RFCs 26-13
Technical Assistance 26-13
CHAPTER
27
Configuring IP Source Guard
27-1
Finding Feature Information
27-1
Prerequisites for IP Source Guard
Restrictions for IP Source Guard
27-1
27-1
Information About IP Source Guard 27-1
IP Source Guard 27-1
Source IP Address Filtering 27-2
Source IP and MAC Address Filtering 27-2
IP Source Guard for Static Hosts 27-2
IP Source Guard Configuration Guidelines 27-3
How to Configure IP Source Guard 27-4
Enabling IP Source Guard 27-4
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port 27-4
Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port 27-5
Monitoring and Maintaining IP Source Guard
27-7
Configuration Examples for IP Source Guard 27-7
Enabling IPSG with Source IP and MAC Filtering: Example
Disabling IPSG with Static Hosts: Example 27-7
Enabling IPSG for Static Hosts: Examples 27-7
Displaying IP or MAC Binding Entries: Examples 27-8
Enabling IPSG for Static Hosts: Examples 27-9
27-7
Additional References 27-10
Related Documents 27-10
Standards 27-11
MIBs 27-11
RFCs 27-11
CHAPTER
28
Configuring IGMP Snooping and MVR
Finding Feature Information
28-1
28-1
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxix
�Contents
Restrictions for IGMP Snooping and MVR
28-1
Information About IGMP Snooping and MVR 28-1
IGMP Snooping 28-2
IGMP Versions 28-2
Joining a Multicast Group 28-3
Leaving a Multicast Group 28-5
Immediate Leave 28-5
IGMP Configurable-Leave Timer 28-5
IGMP Report Suppression 28-6
Default IGMP Snooping Configuration 28-6
Snooping Methods 28-6
Multicast Flooding Time After a TCN Event 28-7
Flood Mode for TCN 28-7
Multicast Flooding During a TCN Event 28-7
IGMP Snooping Querier Guidelines 28-7
IGMP Report Suppression 28-8
Multicast VLAN Registration 28-8
MVR in a Multicast Television Application 28-9
Default MVR Settings 28-11
MVR Configuration Guidelines and Limitations 28-11
IGMP Filtering and Throttling 28-12
Default IGMP Filtering and Throttling Configuration 28-12
IGMP Profiles 28-13
IGMP Throttling Action 28-13
How to Configure IGMP Snooping and MVR 28-14
Configuring IGMP Snooping 28-14
Enabling or Disabling IGMP Snooping 28-14
Setting IGMP Snooping Parameters 28-14
Configuring TCN 28-15
Configuring the IGMP Snooping Querier 28-16
Disabling IGMP Report Suppression 28-16
Configuring MVR 28-16
Configuring MVR Global Parameters 28-16
Configuring MVR Interfaces 28-17
Configuring IGMP 28-18
Configuring IGMP Profiles 28-18
Configuring IGMP Interfaces 28-18
Monitoring and Maintaining IGMP Snooping and MVR
Configuration Examples for IGMP Snooping
28-19
28-21
Cisco IE 2000 Switch Software Configuration Guide
xxx
OL-25866-01
�Contents
Configuring IGMP Snooping: Example 28-21
Disabling a Multicast Router Port: Example 28-21
Statically Configuring a Host on a Port: Example 28-21
Enabling IGMP Immediate Leave: Example 28-21
Setting the IGMP Snoopng Querier Parameters: Examples
Enabling MVR: Examples 28-22
Creating an IGMP Profile: Example 28-22
Applying an IGMP Profile: Example 28-23
Limiting IGMP Groups: Example 28-23
28-21
Additional References 28-23
Related Documents 28-23
Standards 28-23
MIBs 28-23
RFCs 28-24
Technical Assistance 28-24
CHAPTER
29
Configuring Port-Based Traffic Control
Finding Feature Information
29-1
29-1
Restrictions for Port-Based Traffic Control
29-1
Information About Port-Based Traffic Control 29-1
Storm Control 29-1
Default Storm Control Configuration 29-2
Storm Control and Threshold Levels 29-3
Small-Frame Arrival Rate 29-3
Protected Ports 29-3
Protected Port Configuration Guidelines 29-3
Port Blocking 29-4
Port Security 29-4
Secure MAC Addresses 29-4
Security Violations 29-5
Default Port Security Configuration 29-6
Port Security Configuration Guidelines 29-6
Port Security Aging 29-8
Port Security and Private VLANs 29-8
Protocol Storm Protection 29-8
How to Configure Port-Based Traffic Control 29-9
Configuring Storm Control 29-9
Configuring Storm Control and Threshold Levels
Configuring Small-Frame Arrival Rate 29-10
29-9
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxxi
�Contents
Configuring Protected Ports 29-10
Configuring Port Blocking 29-11
Blocking Flooded Traffic on an Interface 29-11
Configuring Port Security 29-11
Enabling and Configuring Port Security 29-11
Enabling and Configuring Port Security Aging 29-15
Configuring Protocol Storm Protection 29-15
Enabling Protocol Storm Protection 29-15
Monitoring and Maintaining Port-Based Traffic Control
29-16
Configuration Examples for Port-Based Traffic Control 29-16
Enabling Unicast Storm Control: Example 29-16
Enabling Broadcast Address Storm Control on a Port: Example
Enabling Small-Frame Arrival Rate: Example 29-17
Configuring a Protected Port: Example 29-17
Blocking Flooding on a Port: Example 29-17
Configuring Port Security: Examples 29-17
Configuring Port Security Aging: Examples 29-18
Configuring Protocol Storm Protection: Example 29-18
29-17
Additional References 29-19
Related Documents 29-19
Standards 29-19
MIBs 29-19
RFCs 29-19
Technical Assistance 29-19
CHAPTER
30
Configuring SPAN and RSPAN
Finding Feature Information
30-1
30-1
Prerequisites for SPAN and RSPAN
Restrictions for SPAN and RSPAN
30-1
30-1
Information About SPAN and RSPAN 30-1
SPAN and RSPAN 30-1
Local SPAN 30-2
Remote SPAN 30-2
SPAN Sessions 30-3
Monitored Traffic Types for SPAN Sessions
Source Ports 30-5
Source VLANs 30-6
VLAN Filtering 30-6
Destination Port 30-6
30-4
Cisco IE 2000 Switch Software Configuration Guide
xxxii
OL-25866-01
�Contents
RSPAN VLAN 30-7
SPAN and RSPAN Interaction with Other Features
Local SPAN Configuration Guidelines 30-9
RSPAN Configuration Guidelines 30-9
Default SPAN and RSPAN Settings 30-10
30-8
How to Configure SPAN and RSPAN 30-10
Creating a Local SPAN Session 30-10
Creating a Local SPAN Session and Configuring Incoming Traffic 30-12
Specifying VLANs to Filter 30-13
Configuring a VLAN as an RSPAN VLAN 30-14
Creating an RSPAN Source Session 30-15
Creating an RSPAN Destination Session 30-16
Creating an RSPAN Destination Session and Configuring Incoming Traffic
Specifying VLANs to Filter 30-17
Monitoring and Maintaining SPAN and RSPAN
30-16
30-18
Configuration Examples for SPAN and RSPAN 30-18
Configuring a Local SPAN Session: Example 30-18
Modifying Local SPAN Sessions: Examples 30-18
Configuring an RSPAN: Example 30-19
Configuring a VLAN for a SPAN Session: Example 30-20
Modifying RSPAN Sessions: Examples 30-20
Additional References 30-20
Related Documents 30-20
Standards 30-21
MIBs 30-21
RFCs 30-21
CHAPTER
31
Configuring LLDP, LLDP-MED, and Wired Location Service
Finding Feature Information
31-1
31-1
Restrictions for LLDP, LLDP-MED, and Wired Location Service
31-1
Information About LLDP, LLDP-MED, and Wired Location Service 31-1
LLDP-MED 31-2
Wired Location Service 31-3
Default LLDP Configuration 31-4
LLDP, LLDP-MED, and Wired Location Service Configuration Guidelines
LLDP-MED TLVs 31-5
How to Configure LLDP, LLDP-MED, and Wired Location Service
Enabling LLDP 31-5
Configuring LLDP Characteristics 31-5
31-4
31-5
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxxiii
�Contents
Configuring LLDP-MED TLVs 31-6
Configuring Network-Policy TLV 31-6
Configuring Location TLV and Wired Location Service
31-7
Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service
31-8
Configuration Examples for Configuring LLDP, LLDP-MED, and Wired Location Service
Enabling LLDP: Examples 31-9
Configuring LDP Parameters: Examples 31-9
Configuring TLV: Example 31-9
Configuring Network Policy: Example 31-10
Configuring Voice Application: Example 31-10
Configuring Civic Location Information: Example 31-10
Enabling NMSP: Example 31-10
31-9
Additional References 31-11
Related Documents 31-11
Standards 31-11
MIBs 31-11
RFCs 31-11
Technical Assistance 31-11
CHAPTER
32
Configuring CDP
32-1
Finding Feature Information
32-1
Information About CDP 32-1
CDP 32-1
Default CDP Configuration
32-2
How to Configure CDP 32-2
Configuring the CDP Parameters
Disabling CDP 32-3
Monitoring and Maintaining CDP
32-2
32-3
Configuration Examples for CDP 32-4
Configuring CDP Parameters: Example
Enabling CDP: Examples 32-4
32-4
Additional References 32-4
Related Documents 32-4
Standards 32-5
MIBs 32-5
RFCs 32-5
Cisco IE 2000 Switch Software Configuration Guide
xxxiv
OL-25866-01
�Contents
CHAPTER
33
Configuring UDLD
33-1
Finding Feature Information
Prerequisites for UDLD
Restrictions for UDLD
33-1
33-1
33-1
Information About UDLD 33-1
UDLD 33-1
Modes of Operation 33-2
Methods to Detect Unidirectional Links
Default UDLD Settings 33-4
How to Configure UDLD 33-4
Enabling UDLD Globally 33-4
Enabling UDLD on an Interface 33-5
Setting and Resetting UDLD Parameters
Maintaining and Monitoring UDLD
33-2
33-5
33-6
Additional References 33-6
Related Documents 33-6
Standards 33-6
MIBs 33-6
RFCs 33-6
Technical Assistance 33-7
CHAPTER
34
Configuring RMON
34-1
Finding Feature Information
Prerequisites for RMON
Restrictions for RMON
Information About RMON
RMON 34-1
34-1
34-1
34-1
34-1
How to Configure RMON 34-3
Configuring RMON Alarms and Events 34-3
Collecting Group History Statistics on an Interface 34-4
Collecting Group Ethernet Statistics on an Interface 34-4
Monitoring and Maintaining RMON
34-5
Configuration Examples for RMON 34-5
Configuring an RMON Alarm Number: Example 34-5
Creating an RMON Event Number: Example 34-5
Configuring RMON Statistics: Example 34-5
Additional References 34-6
Related Documents 34-6
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxxv
�Contents
Standards 34-6
MIBs 34-6
RFCs 34-6
Technical Assistance
CHAPTER
35
34-7
Configuring System Message Logging
Finding Feature Information
35-1
35-1
Restrictions for System Message Logging
35-1
Information About System Message Logging 35-1
System Message Logging 35-1
System Log Message Format 35-2
Log Messages 35-2
Message Severity Levels 35-3
Configuring UNIX Syslog Servers 35-3
Logging Messages to a UNIX Syslog Daemon 35-4
Default System Message Logging Configuration 35-5
How to Configure System Message Logging 35-5
Disabling Message Logging 35-5
Setting the Message Display Destination Device 35-6
Synchronizing Log Messages 35-7
Enabling and Disabling Time Stamps on Log Messages 35-8
Enabling and Disabling Sequence Numbers in Log Messages 35-8
Defining the Message Severity Level 35-8
Limiting Syslog Messages Sent to the History Table and to SNMP 35-9
Enabling the Configuration-Change Logger 35-9
Configuring the UNIX System Logging Facility 35-10
Monitoring and Maintaining the System Message Log
Configuration Examples for the System Message Log
System Message: Example 35-10
Logging Display: Examples 35-11
Enabling the Logger: Example 35-11
Configuration Log Output: Example 35-11
35-10
35-10
Additional References 35-12
Related Documents 35-12
Standards 35-12
MIBs 35-12
RFCs 35-12
Technical Assistance 35-13
Cisco IE 2000 Switch Software Configuration Guide
xxxvi
OL-25866-01
�Contents
CHAPTER
36
Configuring SNMP
36-1
Finding Feature Information
Prerequisites for SNMP
Restrictions for SNMP
36-1
36-1
36-1
Information About SNMP 36-2
SNMP 36-2
SNMP Versions 36-2
SNMP Manager Functions 36-4
SNMP Agent Functions 36-4
SNMP Community Strings 36-4
Using SNMP to Access MIB Variables 36-5
SNMP Notifications 36-5
SNMP ifIndex MIB Object Values 36-6
Community Strings 36-6
SNMP Notifications 36-6
Default SNMP Settings 36-8
How to Configure SNMP 36-8
Disabling the SNMP Agent 36-8
Configuring Community Strings 36-9
Configuring SNMP Groups and Users 36-10
Configuring SNMP Notifications 36-12
Setting the CPU Threshold Notification Types and Values 36-14
Setting the Agent Contact and Location Information 36-14
Limiting TFTP Servers Used Through SNMP 36-15
Monitoring and Maintaining SNMP
36-15
Configuration Examples for SNMP 36-16
Enabling SNMP Versions: Example 36-16
Permit SNMP Manager Access: Example 36-16
Allow Read-Only Access: Example 36-16
Configure SNMP Traps: Examples 36-16
Associating a User with a Remote Host: Example
Assigning a String to SNMP: Example 36-17
36-17
Additional References 36-17
Related Documents 36-17
Standards 36-17
MIBs 36-18
RFCs 36-18
Technical Assistance 36-18
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxxvii
�Contents
CHAPTER
37
Configuring Network Security with ACLs
Finding Feature Information
37-1
37-1
Restrictions for Network Security with ACLs
37-1
Information About Network Security with ACLs 37-1
ACLs 37-1
Supported ACLs 37-2
Port ACLs 37-2
Handling Fragmented and Unfragmented Traffic 37-3
IPv4 ACLs 37-4
Standard and Extended IPv4 ACLs 37-5
Access List Numbers 37-5
ACL Logging 37-6
Numbered Extended ACL 37-6
Resequencing ACEs in an ACL 37-7
Named Standard and Extended ACLs 37-7
Time Ranges with ACLs 37-8
Comments in ACLs 37-8
IPv4 ACL to a Terminal Line 37-9
IPv4 ACL Application to an Interface Guidelines 37-9
Hardware and Software Handling of IP ACLs 37-10
Troubleshooting ACLs 37-10
Named MAC Extended ACLs 37-11
MAC ACL to a Layer 2 Interface 37-11
How to Configure Network Security with ACLs 37-11
Creating a Numbered Standard ACL 37-11
Creating a Numbered Extended ACL 37-13
Creating Named Standard and Extended ACLs
Using Time Ranges with ACLs 37-16
Applying an IPv4 ACL to a Terminal Line 37-17
Applying an IPv4 ACL to an Interface 37-17
Creating Named MAC Extended ACLs 37-17
Applying a MAC ACL to a Layer 2 Interface 37-18
Monitoring and Maintaining Network Security with ACLs
Configuration Examples for Network Security with ACLs
Creating a Standard ACL: Example 37-19
Creating an Extended ACL: Example 37-19
Configuring Time Ranges: Examples 37-20
Using Named ACLs: Example 37-20
Including Comments in ACLs: Examples 37-21
37-15
37-19
37-19
Cisco IE 2000 Switch Software Configuration Guide
xxxviii
OL-25866-01
�Contents
Applying ACL to a Port: Example 37-21
Applying an ACL to an Interface: Example 37-21
Routed ACLs: Examples 37-22
Configuring Numbered ACLs: Example 37-23
Configuring Extended ACLs: Examples 37-23
Creating Named ACLs: Example 37-24
Applying Time Range to an IP ACL: Example 37-24
Creating Commented IP ACL Entries: Examples 37-25
Configuring ACL Logging: Examples 37-25
Applying a MAC ACL to a Layer 2 Interface: Examples 37-26
Additional References 37-27
Related Documents 37-27
Standards 37-27
MIBs 37-27
RFCs 37-27
Technical Assistance 37-28
CHAPTER
38
Configuring Standard QoS
38-1
Finding Feature Information
38-1
Prerequisites for Standard QoS
Restrictions for Standard QoS
38-1
38-1
Information About Standard QoS 38-2
Standard QoS Model 38-4
Standard QoS Configuration Guidelines 38-5
QoS ACL 38-5
QoS on Interfaces 38-5
Policing 38-6
Default Standard QoS Configuration 38-6
Default Ingress Queue Settings 38-7
Default Egress Queue Settings 38-7
Default Mapping Table Settings 38-8
Classification 38-10
Classification Based on QoS ACLs 38-13
Classification Based on Class Maps and Policy Maps
Policing and Marking 38-14
Policing on Physical Ports 38-15
Policing on SVIs 38-16
Mapping Tables 38-18
Queueing and Scheduling Overview 38-19
38-13
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xxxix
�Contents
Weighted Tail Drop 38-19
SRR Shaping and Sharing 38-20
Queueing and Scheduling on Ingress Queues 38-21
Queueing and Scheduling on Egress Queues 38-22
Packet Modification 38-25
Classification Using Port Trust States 38-26
Trust State on Ports within the QoS Domain 38-26
Configuring a Trusted Boundary to Ensure Port Security 38-26
DSCP Transparency Mode 38-27
DSCP Trust State on a Port Bordering Another QoS Domain 38-27
QoS Policies 38-28
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps 38-28
Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps 38-29
DSCP Maps 38-30
DSCP-to-DSCP-Mutation Map 38-30
Ingress Queue Characteristics 38-30
Ingress Priority Queue 38-30
Egress Queue Characteristics 38-31
Egress Queue Configuration Guidelines 38-31
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set 38-31
How to Configure Standard QoS 38-32
Enabling QoS Globally 38-32
Enabling VLAN-Based QoS on Physical Ports 38-32
Configuring Classification Using Port Trust States 38-32
Configuring the Trust State on Ports Within the QoS Domain 38-33
Configuring the CoS Value for an Interface 38-33
Configuring a Trusted Boundary to Ensure Port Security 38-34
Enabling DSCP Transparency Mode 38-34
Configuring the DSCP Trust State on a Port Bordering Another QoS Domain
Configuring a QoS Policy 38-36
Creating IP Standard ACLs 38-36
Creating IP Extended ACLs 38-37
Creating a Layer 2 MAC ACL for Non-IP Traffic 38-37
Creating Class Maps 38-38
Creating Nonhierarchical Policy Maps 38-40
Creating Hierarchical Policy Maps 38-42
Creating Aggregate Policers 38-46
Configuring DSCP Maps 38-47
Configuring the CoS-to-DSCP Map 38-47
Configuring the IP-Precedence-to-DSCP Map 38-48
38-35
Cisco IE 2000 Switch Software Configuration Guide
xl
OL-25866-01
�Contents
Configuring the Policed-DSCP Map 38-48
Configuring the DSCP-to-CoS Map 38-48
Configuring the DSCP-to-DSCP-Mutation Map 38-49
Configuring Ingress Queue Characteristics 38-49
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds 38-49
Allocating Buffer Space Between the Ingress Queues 38-50
Allocating Bandwidth Between the Ingress Queues 38-51
Configuring the Ingress Priority Queue 38-51
Configuring Egress Queue Characteristics 38-52
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set 38-52
Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID 38-53
Configuring SRR Shaped Weights on Egress Queues 38-54
Configuring SRR Shared Weights on Egress Queues 38-55
Configuring the Egress Expedite Queue 38-56
Limiting the Bandwidth on an Egress Interface 38-56
Monitoring and Maintaining Standard QoS
38-56
Configuration Examples for Standard QoS 38-57
Configuring the SRR Scheduler: Example 38-57
Configuring DSCP-Trusted State on a Port: Example 38-58
Allowing ACL Permission for IP Traffic: Examples 38-58
Configuring a Class Map: Examples 38-58
Creating a Policy Map: Example 38-59
Creating a Layer 2 MAC ACL: Example 38-59
Creating an Aggregate Policer: Example 38-60
Configuring COS-to-DSCP Map: Example 38-60
Configuring DSCP Maps: Examples 38-61
Configuring an Ingress Queue: Example 38-62
Configuring the Egress Queue: Examples 38-63
Creating a Layer 2 MAC ACL: Example 38-63
Additional References 38-64
Related Documents 38-64
Standards 38-64
MIBs 38-64
RFCs 38-64
Technical Assistance 38-65
CHAPTER
39
Configuring Auto-QoS
39-1
Finding Feature Information
Prerequisites for Auto-QoS
39-1
39-1
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xli
�Contents
Restrictions for Auto-QoS
39-1
Information About Auto-QoS 39-2
Auto-QoS 39-2
Generated Auto-QoS Configuration 39-3
Effects of Auto-QoS on the Configuration 39-7
How to Configure Auto-QoS 39-8
Enabling Auto-QoS for VoIP 39-8
Configuring QoS to Prioritize VoIP Traffic
Monitoring and Maintaining Auto-QoS
39-9
39-9
Configuration Examples for Auto-QoS 39-10
Auto-QoS Network: Example 39-10
Enabling Auto-QoS VOIP Trust: Example 39-11
Additional References 39-11
Related Documents 39-11
Standards 39-11
MIBs 39-11
RFCs 39-11
Technical Assistance 39-12
39-12
CHAPTER
40
Configuring EtherChannels
Finding Feature Information
40-1
40-1
Restrictions for Configuring EtherChannels
40-1
Information About Configuring EtherChannels 40-1
EtherChannels 40-2
Port-Channel Interfaces 40-3
Port Aggregation Protocol 40-4
PAgP Modes 40-4
PAgP Learn Method and Priority 40-5
PAgP Interaction with Virtual Switches and Dual-Active Detection
PAgP Interaction with Other Features 40-6
Link Aggregation Control Protocol 40-6
LACP Modes 40-6
LACP Hot-Standby Ports 40-7
LACP Interaction with Other Features 40-7
EtherChannel On Mode 40-8
Load Balancing and Forwarding Methods 40-8
Default EtherChannel Settings 40-10
EtherChannel Configuration Guidelines 40-10
40-5
Cisco IE 2000 Switch Software Configuration Guide
xlii
OL-25866-01
�Contents
How to Configure EtherChannels 40-11
Configuring Layer 2 EtherChannels 40-11
Configuring EtherChannel Load Balancing 40-14
Configuring the PAgP Learn Method and Priority 40-14
Configuring the LACP Hot-Standby Ports 40-15
Monitoring and Maintaining EtherChannels on the IE 2000 Switch
Configuration Examples for Configuring EtherChannels
Configuring EtherChannels: Examples 40-16
40-15
40-16
Additional References 40-16
Related Documents 40-16
Standards 40-16
MIBs 40-17
RFCs 40-17
Technical Assistance 40-17
CHAPTER
41
Configuring Static IP Unicast Routing
Finding Feature Information
41-1
41-1
Restrictions for Static IP Unicast Routing
41-1
Information About Configuring Static IP Unicast Routing
IP Routing 41-2
Types of Routing
41-2
How to Configure Static IP Unicast Routing
Steps for Configuring Routing 41-3
Enabling IP Unicast Routing
41-3
41-3
Assigning IP Addresses to SVIs
41-3
Configuring Static Unicast Routes
41-4
Monitoring and Maintaining the IP Network
41-4
Additional References for Configuring IP Unicast Routing
Related Documents 41-5
Standards 41-5
MIBs 41-5
RFCs 41-6
Technical Assistance 41-6
CHAPTER
42
41-1
Configuring IPv6 Host Functions
Finding Feature Information
41-5
42-1
42-1
Prerequisites Configuring IPv6 Host Functions
42-1
Information About Configuring IPv6 Host Functions
42-1
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xliii
�Contents
IPv6 42-1
IPv6 Addresses 42-2
Supported IPv6 Host Features 42-2
128-Bit Wide Unicast Addresses 42-3
DNS for IPv6 42-3
ICMPv6 42-3
Neighbor Discovery 42-3
Default Router Preference 42-4
IPv6 Stateless Autoconfiguration and Duplicate Address Detection
IPv6 Applications 42-4
Dual IPv4 and IPv6 Protocol Stacks 42-4
Static Routes for IPv6 42-5
SNMP and Syslog Over IPv6 42-5
HTTP over IPv6 42-6
Default IPv6 Settings 42-6
How to Configure IPv6 Hosting 42-7
Configuring IPv6 Addressing and Enabling IPv6 Host
Configuring Default Router Preference 42-8
Configuring IPv6 ICMP Rate Limiting 42-9
Monitoring and Maintaining IPv6 Host Information
42-4
42-7
42-9
Configuration Examples for IPv6 Host Functions 42-10
Enabling IPv6: Example 42-10
Configuring DRP: Example 42-10
Configuring an IPv6 ICMP Error Message Interval 42-10
Displaying Show Command Output: Examples 42-11
Additional References 42-13
Related Documents 42-13
Standards 42-13
MIBs 42-13
RFCs 42-14
Technical Assistance 42-14
CHAPTER
43
Configuring Link State Tracking
Finding Feature Information
43-1
43-1
Restrictions for Configuring Link State Tracking
43-1
Information About Configuring Link State Tracking
Link State Tracking 43-1
Default Link State Tracking Configuration
How to Configure Link State Tracking
43-1
43-3
43-4
Cisco IE 2000 Switch Software Configuration Guide
xliv
OL-25866-01
�Contents
Configuring Link State Tracking
43-4
Monitoring and Maintaining Link State Tracking
43-4
Configuration Examples for Configuring Link State Tracking
Displaying Link State Information: Examples 43-4
Creating a Link State Group: Example 43-5
43-4
Additional References 43-5
Related Documents 43-5
Standards 43-5
MIBs 43-6
RFCs 43-6
Technical Assistance 43-6
CHAPTER
44
Configuring IPv6 MLD Snooping
Finding Feature Information
44-1
44-1
Prerequisites for Configuring IPv6 MLD Snooping
Restrictions for Configuring IPv6 MLD Snooping
44-1
44-1
Information About Configuring IPv6 MLD Snooping 44-1
IPv6 MLD Snooping 44-1
MLD Messages 44-2
MLD Queries 44-2
Multicast Client Aging Robustness 44-3
Multicast Router Discovery 44-3
MLD Reports 44-3
MLD Done Messages and Immediate-Leave 44-4
Topology Change Notification Processing 44-4
Default MLD Snooping Configuration 44-5
MLD Snooping Configuration Guidelines 44-5
Enabling or Disabling MLD Snooping 44-6
Multicast Router Port 44-6
MLD Immediate Leave 44-6
MLD Snooping Queries 44-6
How to Configure IPv6 MLD Snooping 44-6
Enabling or Disabling MLD Snooping 44-6
Configuring a Static Multicast Group 44-7
Configuring a Multicast Router Port 44-7
Enabling MLD Immediate Leave 44-8
Configuring MLD Snooping Queries 44-8
Disabling MLD Listener Message Suppression
Monitoring and Maintaining IPv6 MLD Snooping
44-9
44-9
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xlv
�Contents
Configuration Examples for Configuring IPv6 MLD Snooping 44-10
Statically Configure an IPv6 Multicast Group: Example 44-10
Adding a Multicast Router Port to a VLAN: Example 44-10
Enabling MLD Immediate Leave on a VLAN: Example 44-10
Setting MLD Snooping Global Robustness: Example 44-10
Setting MLD Snooping Last-Listener Query Parameters: Examples
44-10
Additional References 44-12
Related Documents 44-12
Standards 44-12
MIBs 44-12
RFCs 44-12
Technical Assistance 44-12
CHAPTER
45
Configuring Cisco IOS IP SLAs Operations
Finding Feature Information
45-1
45-1
Prerequisites for Configuring Cisco IOS IP SLAs Operations
Restrictions for Configuring Cisco IOS IP SLAs Operations
45-1
45-1
Information About Configuring Cisco IOS IP SLAs Operations 45-1
Cisco IOS IP SLAs 45-2
Cisco IOS IP SLAs to Measure Network Performance 45-3
IP SLAs Responder and IP SLAs Control Protocol 45-3
Response Time Computation for IP SLAs 45-4
IP SLAs Operation Scheduling 45-4
IP SLAs Operation Threshold Monitoring 45-5
IP Service Levels by Using the UDP Jitter Operation 45-5
IP Service Levels by Using the ICMP Echo Operation 45-6
How to Configure Cisco IOS IP SLAs Operations 45-6
Configuring the IP SLAs Responder 45-7
Configuring UDP Jitter Operation 45-7
Analyzing IP Service Levels by Using the ICMP Echo Operation
Monitoring and Maintaining Cisco IP SLAs Operations
45-9
45-10
Configuration Examples for Configuring Cisco IP SLAs Operations 45-11
Configuring an ICMP Echo IP SLAs Operation: Example 45-11
Sample Output for Show IP SLA Command: Example 45-12
Configuring a Responder UDP Jitter IP SLAs Operation: Example 45-12
Configuring a UDP Jitter IP SLAs Operation: Example 45-12
Additional References 45-13
Related Documents 45-13
Standards 45-13
Cisco IE 2000 Switch Software Configuration Guide
xlvi
OL-25866-01
�Contents
MIBs 45-14
RFCs 45-14
Technical Assistance
CHAPTER
46
Troubleshooting
45-14
46-1
Finding Feature Information
46-1
Information for Troubleshooting 46-1
Autonegotiation Mismatches Prevention 46-1
SFP Module Security and Identification 46-2
Ping 46-2
Layer 2 Traceroute 46-3
Layer 2 Traceroute Usage Guidelines 46-3
IP Traceroute 46-4
TDR 46-4
Crashinfo Files 46-5
Basic crashinfo Files 46-5
Extended crashinfo Files 46-5
CPU Utilization 46-6
Problem and Cause for High CPU Utilization
46-6
How to Troubleshoot 46-7
Recovering from Software Failures 46-7
Recovering from a Lost or Forgotten Password 46-8
Recovering from Lost Cluster Member Connectivity 46-9
Executing Ping 46-9
Executing IP Traceroute 46-10
Running TDR and Displaying the Results 46-11
Enabling Debugging on a Specific Feature 46-12
Enabling All-System Diagnostics 46-12
Redirecting Debug and Error Message Output 46-13
Monitoring Information 46-13
Physical Path 46-13
SFP Module Status 46-13
Troubleshooting Examples 46-14
show platform forward Command
46-14
Additional References 46-16
Related Documents 46-16
Standards 46-16
MIBs 46-16
RFCs 46-17
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xlvii
�Contents
Technical Assistance
APPENDIX
A
46-17
Working with the Cisco IOS File System, Configuration Files, and Software Images
Working with the Flash File System A-1
Displaying Available File Systems A-1
Detecting an Unsupported SD Flash Memory Card A-2
SD Flash Memory Card LED A-3
Setting the Default File System A-3
Displaying Information About Files on a File System A-4
Changing Directories and Displaying the Working Directory
Creating and Removing Directories A-5
Copying Files A-6
Deleting Files A-6
Creating, Displaying, and Extracting tar Files A-7
Creating a tar File A-7
Displaying the Contents of a tar File A-7
Extracting a tar File A-8
Displaying the Contents of a File A-9
A-1
A-5
Working with Configuration Files A-9
Guidelines for Creating and Using Configuration Files A-9
Configuration File Types and Location A-10
Creating a Configuration File By Using a Text Editor A-10
Copying Configuration Files By Using TFTP A-11
Preparing to Download or Upload a Configuration File By Using TFTP A-11
Downloading the Configuration File By Using TFTP A-11
Uploading the Configuration File By Using TFTP A-12
Copying Configuration Files By Using FTP A-13
Preparing to Download or Upload a Configuration File By Using FTP A-13
Downloading a Configuration File By Using FTP A-14
Uploading a Configuration File By Using FTP A-15
Copying Configuration Files By Using RCP A-16
Preparing to Download or Upload a Configuration File By Using RCP A-16
Downloading a Configuration File By Using RCP A-17
Uploading a Configuration File By Using RCP A-18
Clearing Configuration Information A-19
Clearing the Startup Configuration File A-19
Deleting a Stored Configuration File A-19
Replacing and Rolling Back Configurations A-19
Understanding Configuration Replacement and Rollback A-19
Cisco IE 2000 Switch Software Configuration Guide
xlviii
OL-25866-01
�Contents
Configuration Guidelines A-20
Configuring the Configuration Archive A-21
Performing a Configuration Replacement or Rollback Operation
A-21
Working with Software Images A-22
Image Location on the Switch A-23
tar File Format of Images on a Server or Cisco.com A-23
Copying Image Files By Using TFTP A-24
Preparing to Download or Upload an Image File By Using TFTP A-25
Downloading an Image File By Using TFTP A-25
Uploading an Image File By Using TFTP A-27
Copying Image Files By Using FTP A-27
Preparing to Download or Upload an Image File By Using FTP A-28
Downloading an Image File By Using FTP A-29
Uploading an Image File By Using FTP A-30
Copying Image Files By Using RCP A-31
Preparing to Download or Upload an Image File By Using RCP A-32
Downloading an Image File By Using RCP A-33
Uploading an Image File By Using RCP A-34
INDEX
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
xlix
�Contents
Cisco IE 2000 Switch Software Configuration Guide
l
OL-25866-01
�Preface
Audience
This guide is for the networking professional managing your switch. Before using this guide, you should
have experience working with the Cisco IOS software and be familiar with the concepts and terminology
of Ethernet and local area networking.
Purpose
This guide provides the information that you need to configure Cisco IOS software features on your
switch.
This guide provides procedures for using the commands that have been created or changed for use with
the switch. It does not provide detailed information about these commands. For detailed information
about these commands, see the Cisco IE 2000 Switch Command Reference for this release.
For information about the standard Cisco IOS commands, see the Cisco IOS 15.0 documentation set
available from the Cisco.com home page.
This guide does not provide detailed information on the graphical user interfaces (GUIs) for the
embedded Device Manager. However, the concepts in this guide are applicable to the GUI user. For
information about Device Manager, see the switch online help.
For documentation updates, see the release notes for this release.
Conventions
This publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
•
Commands and keywords are in boldface text.
•
Arguments for which you supply values are in italic.
•
Square brackets ([ ]) mean optional elements.
•
Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
•
Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
Interactive examples use these conventions:
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
li
�Preface
•
Terminal sessions and system displays are in screen font.
•
Information you enter is in boldface
•
Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).
screen
font.
Notes, cautions, and timesavers use these conventions and symbols:
Note
Caution
Means reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Related Publications
These documents provide complete information about the switch and are available from this Cisco.com
site:
http://www.cisco.com/go/ie2000_docs
Note
Before installing, configuring, or upgrading the switch, see these documents:
•
For initial configuration information, see the “Using Express Setup” section in the getting started
guide or the “Configuring the Switch with the CLI-Based Setup Program” appendix in the hardware
installation guide.
•
For Device Manager requirements, see the “System Requirements” section in the release notes (not
orderable but available on Cisco.com).
•
For upgrading information, see the “Downloading Software” section in the release notes.
See these documents for other information about the switch:
•
Release Notes for the Cisco IE 2000 Switch
•
Cisco IE 2000 Switch Software Configuration Guide
•
Cisco IE 2000 Switch Command Reference
•
Cisco IE 2000 Switch System Message Guide
•
Cisco IE 2000 Switch Hardware Installation Guide
•
Cisco IE 2000 Switch Getting Started Guide
•
Regulatory Compliance and Safety Information for the Cisco IE 2000 Switch
•
Cisco Small Form-Factor Pluggable Modules Installation Notes
•
Device Manager online help (available on the switch)
•
For more information about the Network Admission Control (NAC) features, see the Network
Admission Control Software Configuration Guide.
•
Compatibility matrix documents are available from this Cisco.com site:
Cisco IE 2000 Switch Software Configuration Guide
lii
OL-25866-01
�Preface
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
– Cisco Gigabit Ethernet Transceiver Modules Compatibility Matrix
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
liii
�Preface
Cisco IE 2000 Switch Software Configuration Guide
liv
OL-25866-01
�CH A P T E R
1
Configuration Overview
Features
Your switch uses the Cisco IOS software licensing (CISL) architecture to support a single universal
cryptographic image (supports encryption). This image implements the LAN Base or LAN Lite features
depending on your switch model:r
•
The LAN Base image provides quality of service (QoS), port security, 1588v2 PTP, and static
routing features.
•
The LAN Lite image provides reduced Layer 2 functionality without the loss of critical security
features such as SSH and SNMPv3.
Feature Software Licensing
A feature license is supported on a single universal image that implements the LAN Base or LAN Lite
features depending on your software license:
•
The LAN Base features include quality of service (QoS), port security, PTP, and static routing.
•
The LAN Lite features provide Layer 2 functionality without losing critical security features such
as SSH and SNMPv3.
Cryptographic functionality is included on the universal image.
These guidelines can help you determine what image is running on your switch:
•
Enter the show version privileged EXEC command. For example, IE-2000-8TC-G-E runs the LAN
Base image by default and the IE-2000-4T-G-L runs the LAN Lite image by default.
•
Enter the show license privileged EXEC command, to see which is the active image:
Switch# show license
Index 1 Feature: lanbase
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
Index 2 Feature: lanlite
Period left: 0 minute
0
second
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-1
�Chapter 1
Configuration Overview
Feature Software Licensing
Ease-of-Deployment and Ease-of-Use Features
•
Express Setup for quickly configuring a switch for the first time with basic IP information, contact
information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP)
information through a browser-based program. For more information about Express Setup, see the
getting started guide.
•
User-defined and Cisco-default Smartports macros for creating custom switch configurations for
simplified deployment across the network.
•
A removable SD flash card that stores the Cisco IOS software image and configuration files for the
switch. You can replace and upgrade the switch without reconfiguring the software features.
•
An embedded Device Manager GUI for configuring and monitoring a single switch through a web
browser. For information about launching Device Manager, see the getting started guide. For more
information about Device Manager, see the switch online help.
Performance Features
•
Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing
bandwidth
•
Automatic medium-dependent interface crossover (auto-MDIX) capability on 10/100 and
10/100/1000 Mb/s interfaces and on 10/100/1000 BASE-TX SFP module interfaces that enables the
interface to automatically detect the required cable connection type (straight-through or crossover)
and to configure the connection appropriately
•
Support for up to 1546 bytes routed frames, up to 9000 bytes for frames that are bridged in hardware,
and up to 2000 bytes for frames that are bridged by software
•
IEEE 802.3x flow control on all ports (the switch does not send pause frames)
•
Support for up to 6 EtherChannel groups
•
Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic
creation of EtherChannel links
•
Per-port storm control for preventing broadcast, multicast, and unicast storms
•
Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast
traffic
•
Cisco Group Management Protocol (CGMP) server support and Internet Group Management
Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3:
– (For CGMP devices) CGMP for limiting multicast traffic to specified end stations and reducing
overall network traffic
– (For IGMP devices) IGMP snooping for forwarding multimedia and multicast traffic
•
IGMP report suppression for sending only one IGMP report per multicast router query to the
multicast devices (supported only for IGMPv1 or IGMPv2 queries)
•
IGMP snooping querier support to configure switch to generate periodic IGMP general query
messages
•
IGMP helper to allow the switch to forward a host request to join a multicast stream to a specific IP
destination address
•
IGMP filtering for controlling the set of multicast groups to which hosts on a switch port can belong
Cisco IE 2000 Switch Software Configuration Guide
1-2
OL-25866-01
�Chapter 1
Configuration Overview
Feature Software Licensing
•
IGMP throttling for configuring the action when the maximum number of entries is in the IGMP
forwarding table
•
IGMP leave timer for configuring the leave latency for the network
•
Switch Database Management (SDM) templates for allocating system resources to maximize
support for user-selected features
•
Cisco IOS IP Service Level Agreements (SLAs), a part of Cisco IOS software that uses active traffic
monitoring for measuring network performance
•
Configurable small-frame arrival threshold to prevent storm control when small frames (64 bytes or
less) arrive on an interface at a specified rate (the threshold)
•
FlexLink Multicast Fast Convergence to reduce the multicast traffic convergence time after a
FlexLink failure
•
RADIUS server load balancing to allow access and authentication requests to be distributed evenly
across a server group
•
Support for QoS marking of CPU-generated traffic and queue CPU-generated traffic on the egress
network ports
Management Options
•
An embedded Device Manager—Device Manager is a GUI application that is integrated in the
software image. You use it to configure and to monitor a single switch. For information about
launching Device Manager, see the getting started guide. For more information about Device Manager,
see the switch online help.
•
Network Assistant—Network Assistant is a network management application that can be
downloaded from Cisco.com. You use it to manage a single switch, a cluster of switches, or a
community of devices. For more information about Network Assistant, see Getting Started with
Cisco Network Assistant, available on Cisco.com.
•
CLI—The Cisco IOS software supports desktop- and multilayer-switching features. You can access
the CLI either by connecting your management station directly to the switch console port or by using
Telnet from a remote management station. For more information about the CLI, see Chapter 2,
“Using the Command-Line Interface.”
•
SNMP—SNMP management applications such as CiscoWorks2000 LAN Management Suite (LMS)
and HP OpenView. You can manage from an SNMP-compatible management station that is running
platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive set of
MIB extensions and four remote monitoring (RMON) groups. For more information about using
SNMP, see Chapter 36, “Configuring SNMP.”
•
Cisco IOS Configuration Engine (previously known as the Cisco IOS CNS agent)—Configuration
service automates the deployment and management of network devices and services. You can
automate initial configurations and configuration updates by generating switch-specific
configuration changes, sending them to the switch, executing the configuration change, and logging
the results.
For more information about CNS, see Chapter 5, “Configuring Cisco IOS Configuration Engine.”
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-3
�Chapter 1
Configuration Overview
Feature Software Licensing
Industrial Application
•
CIP—Common Industrial Protocol (CIP) is a peer-to-peer application protocol that provides
application level connections between the switch and industrial devices such as I/O controllers,
sensors, relays, and so forth.You can manage the switch using CIP-based management tools, such
as RSLogix. For more information about the CIP commands that the switch supports, see the
command reference.
•
Profinet Version 2—Support for PROFINET IO, a modular communication framework for
distributed automation applications. The switch provides a PROFINET management connection to
the I/O controllers.
Manageability Features
•
CNS embedded agents for automating switch management, configuration storage, and delivery.
•
DHCP for automating configuration of switch information (such as IP address, default gateway,
hostname, and Domain Name System [DNS] and TFTP server names).
•
DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address
requests, from DHCP clients.
•
DHCP server for automatic assignment of IP addresses and other DHCP options to IP hosts.
•
DHCP-based autoconfiguration and image update to download a specified configuration of a new
image to a large number of switches.
•
DHCPv6 bulk-lease query to support new bulk lease query type (as defined in RFC5460).
•
DHCPv6 Relay Source Configuration feature to configure a source address for DHCPv6 relay agent.
•
DHCP server port-based address allocation for the preassignment of an IP address to a switch port.
•
Directed unicast requests to a DNS server for identifying a switch through its IP address and its
corresponding hostname and to a TFTP server for administering software upgrades from a TFTP
server.
•
Address Resolution Protocol (ARP) for identifying a switch through its IP address and its
corresponding MAC address.
•
Unicast MAC address filtering to drop packets with specific source or destination MAC addresses.
•
Configurable MAC address scaling that allows disabling MAC address learning on a VLAN to limit
the size of the MAC address table.
•
Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology discovery and mapping
between the switch and other Cisco devices on the network.
•
Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (LLDP-MED) for
interoperability with third-party IP phones.
•
LLDP media extensions (LLDP-MED) location TLV that provides location information from the
switch to the endpoint device.
•
Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external
source.
•
Network Time Protocol version 4 (NTPv4) to support both IPv4 and IPv6 and compatibility with
NTPv3.
•
Precision Time Protocol (PTP) as defined in the IEEE 1588 standard to synchronize with
nanosecond accuracy the real-time clocks of the devices in a network.
Cisco IE 2000 Switch Software Configuration Guide
1-4
OL-25866-01
�Chapter 1
Configuration Overview
Feature Software Licensing
– PTP enhancement to support PTP messages on the expansion module ports.
•
Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses.
•
Support for the SSM PIM protocol to optimize multicast applications, such as video.
•
Configuration logging to log and to view changes to the switch configuration.
•
Unique device identifier to provide product identification information through a show inventory
user EXEC command display.
•
In-band management access through Device Manager over a Netscape Navigator or Microsoft
Internet Explorer browser session.
•
In-band management access for up to 16 simultaneous Telnet connections for multiple CLI-based
sessions over the network.
•
In-band management access for up to five simultaneous, encrypted Secure Shell (SSH) connections
for multiple CLI-based sessions over the network.
•
In-band management access through SNMP Versions 1, 2c, and 3 get and set requests.
•
Out-of-band management access through the switch console port to a directly attached terminal or
to a remote terminal through a serial connection or a modem.
•
Secure Copy Protocol (SCP) feature to provide a secure and authenticated method for copying
switch configuration or switch image files (requires the cryptographic version of the software).
•
Configuration replacement and rollback to replace the running configuration on a switch with any
saved Cisco IOS configuration file.
•
The HTTP client in Cisco IOS can send requests to both IPv4 and IPv6 HTTP server, and the HTTP
server in Cisco IOS can service HTTP requests from both IPv4 and IPv6 HTTP clients.
•
Simple Network and Management Protocol (SNMP) can be configured over IPv6 transport so that
an IPv6 host can send SNMP queries and receive SNMP notifications from a device running IPv6.
•
IPv6 stateless autoconfiguration to manage link, subnet, and site addressing changes, such as
management of host and mobile IP addresses.
•
Disabling MAC address learning on a VLAN.
•
DHCP server port-based address allocation for the preassignment of an IP address to a switch port.
•
CPU utilization threshold trap monitors CPU utilization.
•
LLDP-MED network-policy profile time, length, value (TLV) for creating a profile for voice and
voice-signaling by specifying the values for VLAN, class of service (CoS), differentiated services
code point (DSCP), and tagging mode.
•
Support for including a hostname in the option 12 field of DHCPDISCOVER packets. This provides
identical configuration files to be sent by using the DHCP protocol.
•
DHCP Snooping enhancement to support the selection of a fixed string-based format for the
circuit-id sub-option of the Option 82 DHCP field.
•
Support for PROFINET IO, a modular communication framework for distributed automation
applications. The switch provides a PROFINET management connection to the I/O controllers.
Availability and Redundancy Features
•
UniDirectional Link Detection (UDLD) and aggressive UDLD for detecting and disabling
unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-5
�Chapter 1
Configuration Overview
Feature Software Licensing
•
IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free
networks. STP has these features:
– Up to 128 spanning-tree instances supported
– Per-VLAN spanning-tree plus (PVST+) for load balancing across VLANs
– Rapid PVST+ for load balancing across VLANs and providing rapid convergence of
spanning-tree instances
•
IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree
instance and for providing multiple forwarding paths for data traffic and load balancing and rapid
per-VLAN Spanning-Tree plus (rapid-PVST+) based on the IEEE 802.1w Rapid Spanning Tree
Protocol (RSTP) for rapid convergence of the spanning tree by immediately changing root and
designated ports to the forwarding state
•
Optional spanning-tree features available in PVST+, rapid-PVST+, and MSTP mode:
– Port Fast for eliminating the forwarding delay by enabling a port to immediately change from
the blocking state to the forwarding state
– BPDU guard for shutting down Port Fast-enabled ports that receive bridge protocol data units
(BPDUs)
– BPDU filtering for preventing a Port Fast-enabled port from sending or receiving BPDUs
– Root guard for preventing switches outside the network core from becoming the spanning-tree
root
– Loop guard for preventing alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link
•
FlexLink Layer 2 interfaces to back up one another as an alternative to STP for basic link
redundancy (requires the LAN Base image)
•
Link-state tracking to mirror the state of the ports that carry upstream traffic from connected hosts
and servers, and to allow the failover of the server traffic to an operational link on another Cisco
Ethernet switch.
VLAN Features
•
Support for up to 255 VLANs for assigning users to VLANs associated with appropriate network
resources, traffic patterns, and bandwidth.
•
Support for VLAN IDs in the 1 to 4096 range as allowed by the IEEE 802.1Q standard.
•
VLAN Query Protocol (VQP) for dynamic VLAN membership.
•
IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes;
management and control of broadcast and multicast traffic; and network security by establishing
VLAN groups for high-security users and network resources.
•
Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used.
•
VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting
flooded traffic to links destined for stations receiving the traffic.
•
Voice VLAN for creating subnets for voice traffic from Cisco IP phones.
Cisco IE 2000 Switch Software Configuration Guide
1-6
OL-25866-01
�Chapter 1
Configuration Overview
Feature Software Licensing
•
VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1
to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and receive control protocol frames.
•
VLAN FlexLink load balancing to provide Layer 2 redundancy without requiring Spanning Tree
Protocol (STP). A pair of interfaces configured as primary and backup links can load balance traffic
based on VLAN.
•
Support for 802.1x authentication with restricted VLANs (also known as authentication failed
VLANs).
•
Support for VTP version 3 that includes support for configuring extended range VLANs (VLANs
1006 to 4096) in any VTP mode, enhanced authentication (hidden or secret passwords), propagation
of other databases in addition to VTP, VTP primary and secondary servers, and the option to turn
VTP on or off by port.
Security Features
•
IP Service Level Agreements (IP SLAs) support to measure network performance by using active
traffic monitoring
•
IP SLAs EOT to use the output from IP SLAs tracking operations triggered by an action such as
latency, jitter, or packet loss for a standby router failover takeover (requires the LAN Base image)
•
Web authentication to allow a supplicant (client) that does not support IEEE 802.1x functionality to
be authenticated using a web browser
•
Local web authentication banner so that a custom banner or an image file can be displayed at a web
authentication login screen
•
MAC authentication bypass (MAB) aging timer to detect inactive hosts that have authenticated after
they have authenticated by using MAB
•
Password-protected access (read-only and read-write access) to management interfaces (Device
Manager, Network Assistant, and the CLI) for protection against unauthorized configuration
changes
•
Multilevel security for a choice of security level, notification, and resulting actions
•
Static MAC addressing for ensuring security
•
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
•
Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
•
VLAN-aware port security option to shut down the VLAN on the port when a violation occurs,
instead of shutting down the entire port
•
Port security aging to set the aging time for secure addresses on a port
•
Protocol storm protection to control the rate of incoming protocol traffic to a switch by dropping
packets that exceed a specified ingress rate
•
BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs
•
Standard and extended IP access control lists (ACLs) for defining security policies in both directions
on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs)
•
Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
interfaces
•
Source and destination MAC-based ACLs for filtering non-IP traffic
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-7
�Chapter 1
Configuration Overview
Feature Software Licensing
•
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
•
IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP
snooping database and IP source bindings
•
Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP
requests and responses to other ports in the same VLAN
•
Layer 2 protocol tunneling bypass feature to provide interoperability with third-party vendors
•
IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
access to the network. These features are supported:
– Multidomain authentication (MDA) to allow both a data device and a voice device, such as an
IP phone (Cisco or non-Cisco), to independently authenticate on the same IEEE 802.1x-enabled
switch port
– Dynamic voice virtual LAN (VLAN) for MDA to allow a dynamic voice VLAN on an
MDA-enabled port
– VLAN assignment for restricting 802.1x-authenticated users to a specified VLAN
– Port security for controlling access to 802.1x ports
– Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized
or unauthorized state of the port
– IP phone detection enhancement to detect and recognize a Cisco IP phone
– Guest VLAN to provide limited services to non-802.1x-compliant users
– Restricted VLAN to provide limited services to users who are 802.1x compliant, but do not have
the credentials to authenticate via the standard 802.1x processes
– 802.1x accounting to track network usage
– 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
specific Ethernet frame
– 802.1x readiness check to determine the readiness of connected end hosts before configuring
IEEE 802.1x on the switch
– Voice-aware 802.1x security to apply traffic violation actions only on the VLAN on which a
security violation occurs
– MAC authentication bypass to authorize clients based on the client MAC address
– Network Edge Access Topology (NEAT) with 802.1X switch supplicant, host authorization
with CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant
to another switch
– IEEE 802.1x with open access to allow a host to access the network before being authenticated
– IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL
downloads from a Cisco Secure ACS server to an authenticated switch
– Flexible-authentication sequencing to configure the order of the authentication methods that a
port tries when authenticating a new host
– Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled
port
•
Network Admission Control (NAC) features:
– NAC Layer 2 802.1x validation of the antivirus condition or posture of endpoint systems or
clients before granting the devices network access
Cisco IE 2000 Switch Software Configuration Guide
1-8
OL-25866-01
�Chapter 1
Configuration Overview
Feature Software Licensing
For information about configuring NAC Layer 2 802.1x validation, see the “Configuring NAC
Layer 2 802.1x Validation” section on page 13-46
– NAC Layer 2 IP validation of the posture of endpoint systems or clients before granting the
devices network access
For information about configuring NAC Layer 2 IP validation, see the Network Admission
Control Software Configuration Guide
– IEEE 802.1x inaccessible authentication bypass
For information about configuring this feature, see the “Configuring Inaccessible
Authentication Bypass” section on page 13-44
– Authentication, authorization, and accounting (AAA) down policy for a NAC Layer 2 IP
validation of a host if the AAA server is not available when the posture validation occurs
For information about this feature, see the Network Admission Control Software Configuration
Guide.
•
TACACS+, a proprietary feature for managing network security through a TACACS server
•
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through AAA services
•
Enhancements to RADIUS, TACACS+, and SSH to function over IPv6
•
Kerberos security system to authenticate requests for network resources by using a trusted third
party (requires the cryptographic versions of the software)
•
Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,
and message integrity and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic version of the software)
•
Voice-aware IEEE 802.1x and MAC authentication bypass (MAB) security violation to shut down
only the data VLAN on a port when a security violation occurs
•
Support for IP source guard on static hosts
•
RADIUS change of authorization (CoA) to change the attributes of a certain session after it is
authenticated. When there is a change in policy for a user or user group in AAA, administrators can
send the RADIUS CoA packets from the AAA server, such as Cisco Secure ACS to reinitialize
authentication, and apply to the new policies.
•
IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to
improve scalability of the network by load balancing users across different VLANs. Authorized
users are assigned to the least populated VLAN in the group, assigned by RADIUS server.
•
Support for critical VLAN with multiple-host authentication so that when a port is configured for
multi-authentication, and an AAA server becomes unreachable, the port is placed in a critical VLAN
in order to still permit access to critical resources
•
Customizable web authentication enhancement to allow the creation of user-defined login, success,
failure and expire web pages for local web authentication
•
Support for Network Edge Access Topology (NEAT) to change the port host mode and to apply a
standard port configuration on the authenticator switch port
•
VLAN-ID based MAC authentication to use the combined VLAN and MAC address information for
user authentication to prevent network access from unauthorized VLANs
•
MAC move to allow hosts (including the hosts connected behind an IP phone) to move across ports
within the same switch without any restrictions to enable mobility. With MAC move, the switch
treats the reappearance of the same MAC address on another port in the same way as a completely
new MAC address.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-9
�Chapter 1
Configuration Overview
Feature Software Licensing
•
Support for 3DES and AES with version 3 of the Simple Network Management Protocol (SNMPv3).
This release adds support for the 168-bit Triple Data Encryption Standard (3DES) and the 128-bit,
192-bit, and 256-bit Advanced Encryption Standard (AES) encryption algorithms to SNMPv3.
QoS and CoS Features
Note
These features require the LAN Base image.
•
Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues
•
Automatic quality of service (QoS) Voice over IP (VoIP) enhancement for port-based trust of DSCP
and priority queuing for egress traffic
•
Classification
– IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS
marking priorities on a per-port basis for protecting the performance of mission-critical
applications
– IP ToS/DSCP and IEEE 802.1p CoS marking based on flow-based packet classification
(classification based on information in the MAC, IP, and TCP/UDP headers) for
high-performance quality of service at the network edge, allowing for differentiated service
levels for different types of network traffic and for prioritizing mission-critical traffic in the
network
– Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port
bordering another QoS domain
– Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value
received, and ensuring port security
•
Policing
– Traffic-policing policies on the switch port for managing how much of the port bandwidth
should be allocated to a specific traffic flow.
– If you configure multiple class maps for a hierarchical policy map, each class map can be
associated with its own port-level (second-level) policy map. Each second-level policy map can
have a different policer.
– Aggregate policing for policing traffic flows in aggregate to restrict specific applications or
traffic flows to metered, predefined rates.
•
Out-of-profile
– Out-of-profile markdown for packets that exceed bandwidth utilization limits
•
Ingress queueing and scheduling
– Two configurable ingress queues for user traffic (one queue can be the priority queue)
– Weighted tail drop (WTD) as the congestion-avoidance mechanism for managing the queue
lengths and providing drop precedences for different traffic classifications
– Shaped round robin (SRR) as the scheduling service for specifying the rate at which packets are
sent to the ring (sharing is the only supported mode on ingress queues)
•
Egress queues and scheduling
– Four egress queues per port.
Cisco IE 2000 Switch Software Configuration Guide
1-10
OL-25866-01
�Chapter 1
Configuration Overview
Default Settings After Initial Switch Configuration
– WTD as the congestion-avoidance mechanism for managing the queue lengths and providing
drop precedences for different traffic classifications.
– SRR as the scheduling service for specifying the rate at which packets are dequeued to the
egress interface (shaping or sharing is supported on egress queues). Shaped egress queues are
guaranteed but limited to using a share of port bandwidth. Shared egress queues are also
guaranteed a configured share of bandwidth, but can use more than the guarantee if other queues
become empty and do not use their share of the bandwidth.
Monitoring Features
•
EOT and IP SLAs EOT static route support identify when a preconfigured static route or a DHCP
route goes down
•
MAC address notification traps and RADIUS accounting for tracking users on a network by storing
the MAC addresses that the switch has learned or removed
•
Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) for traffic monitoring on any port or
VLAN (RSPAN requires LAN Base image)
•
SPAN and RSPAN support of Intrusion Detection Systems (IDS) to monitor, repel, and report
network security violations (RSPAN requires LAN Base image)
•
Four groups (history, statistics, alarms, and events) of embedded RMON agents for network
monitoring and traffic analysis
•
Syslog facility for logging system messages about authentication or authorization errors, resource
issues, and time-out events
•
Layer 2 traceroute to identify the physical path that a packet takes from a source device to a
destination device
•
Time Domain Reflector (TDR) to diagnose and resolve cabling problems on 10/100 and
10/100/1000 copper Ethernet ports
•
SFP module diagnostic management interface to monitor physical or operational status of an SFP
module
•
Facilities for processing alarms related to temperature, power-supply conditions, and the status of
the Ethernet ports
•
Alarm relay contacts that can be used for an external relay system
•
Digital optical monitoring (DOM) to check status of X2 small form-factor pluggable (SFP) modules
Default Settings After Initial Switch Configuration
The switch is designed for plug-and-play operation, requiring only that you assign basic IP information
to the switch and connect it to the other devices in your network. If you have specific network needs,
you can change the interface-specific and system-wide settings.
Note
For information about assigning an IP address by using the browser-based Express Setup program, see
the getting started guide. For information about assigning an IP address by using the CLI-based setup
program, see the hardware installation guide.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-11
�Chapter 1
Configuration Overview
Default Settings After Initial Switch Configuration
If you do not configure the switch at all, the switch operates with these default settings:
•
Default switch IP address, subnet mask, and default gateway is 0.0.0.0. For more information, see
Chapter 4, “Performing Switch Setup Configuration,” and Chapter 25, “Configuring DHCP.”
•
Default domain name is not configured. For more information, see Chapter 4, “Performing Switch
Setup Configuration.”
•
DHCP client is enabled, the DHCP server is enabled (only if the device acting as a DHCP server is
configured and is enabled), and the DHCP relay agent is enabled (only if the device is acting as a
DHCP relay agent is configured and is enabled). For more information, see Chapter 4, “Performing
Switch Setup Configuration,” and Chapter 25, “Configuring DHCP.”
•
Switch cluster is disabled. For more information about switch clusters, see Chapter 6, “Configuring
Switch Clusters,” and the Getting Started with Cisco Network Assistant, available on Cisco.com.
•
No passwords are defined. For more information, see Chapter 7, “Performing Switch
Administration.”
•
System name and prompt is Switch. For more information, see Chapter 7, “Performing Switch
Administration.”
•
NTP is enabled. For more information, see Chapter 7, “Performing Switch Administration.”
•
DNS is enabled. For more information, see Chapter 7, “Performing Switch Administration.”
•
TACACS+ is disabled. For more information, see Chapter 12, “Configuring Switch-Based
Authentication.”
•
RADIUS is disabled. For more information, see Chapter 12, “Configuring Switch-Based
Authentication.”
•
The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are both enabled. For more
information, see Chapter 12, “Configuring Switch-Based Authentication.”
•
IEEE 802.1x is disabled. For more information, see Chapter 13, “Configuring IEEE 802.1x
Port-Based Authentication.”
•
Port parameters
– Operating mode is Layer 2 (switch port). For more information, see Chapter 15, “Configuring
Interface Characteristics.”
– Interface speed and duplex mode is autonegotiate. For more information, see Chapter 15,
“Configuring Interface Characteristics.”
– Auto-MDIX is enabled. For more information, see Chapter 15, “Configuring Interface
Characteristics.”
– Flow control is off. For more information, see Chapter 15, “Configuring Interface
Characteristics.”
•
VLANs
– Default VLAN is VLAN 1. For more information, see Chapter 17, “Configuring VLANs.”
– VLAN trunking setting is dynamic auto (DTP). For more information, see Chapter 17,
“Configuring VLANs.”
– Trunk encapsulation is negotiate. For more information, see Chapter 17, “Configuring VLANs.”
– VTP mode is server. For more information, see Chapter 18, “Configuring VTP.”
– VTP version is Version 1. For more information, see Chapter 18, “Configuring VTP.”
– Voice VLAN is disabled. For more information, see Chapter 19, “Configuring Voice VLAN.”
•
STP, PVST+ is enabled on VLAN 1. For more information, see Chapter 20, “Configuring STP.”
Cisco IE 2000 Switch Software Configuration Guide
1-12
OL-25866-01
�Chapter 1
Configuration Overview
Default Settings After Initial Switch Configuration
•
MSTP is disabled. For more information, see Chapter 21, “Configuring MSTP.”
•
Optional spanning-tree features are disabled. For more information, see Chapter 22, “Configuring
Optional Spanning-Tree Features.”
•
FlexLinks are not configured. For more information, see Chapter 24, “Configuring FlexLinks and
the MAC Address-Table Move Update.”
•
DHCP snooping is disabled. The DHCP snooping information option is enabled. For more
information, see Chapter 25, “Configuring DHCP.”
•
IP source guard is disabled. For more information, see Chapter 25, “Configuring DHCP.”
•
DHCP server port-based address allocation is disabled. For more information, see Chapter 25,
“Configuring DHCP.”
•
Dynamic ARP inspection is disabled on all VLANs. For more information, see Chapter 26,
“Configuring Dynamic ARP Inspection.”
•
IGMP snooping is enabled. No IGMP filters are applied. For more information, see Chapter 28,
“Configuring IGMP Snooping and MVR.”
•
IGMP throttling setting is deny. For more information, see Chapter 28, “Configuring IGMP
Snooping and MVR.”
•
The IGMP snooping querier feature is disabled. For more information, see Chapter 28, “Configuring
IGMP Snooping and MVR.”
•
MVR is disabled. For more information, see Chapter 28, “Configuring IGMP Snooping and MVR.”
•
Port-based traffic
– Broadcast, multicast, and unicast storm control is disabled. For more information, see
Chapter 29, “Configuring Port-Based Traffic Control.”
– No protected ports are defined. For more information, see Chapter 29, “Configuring Port-Based
Traffic Control.”
– Unicast and multicast traffic flooding is not blocked. For more information, see Chapter 29,
“Configuring Port-Based Traffic Control.”
– No secure ports are configured. For more information, see Chapter 29, “Configuring Port-Based
Traffic Control.”
•
CDP is enabled. For more information, see Chapter 32, “Configuring CDP.”
•
UDLD is disabled. For more information, see Chapter 33, “Configuring UDLD.”
•
SPAN and RSPAN are disabled. For more information, see Chapter 30, “Configuring SPAN and
RSPAN.”
•
RMON is disabled. For more information, see Chapter 34, “Configuring RMON.”
•
Syslog messages are enabled and appear on the console. For more information, see Chapter 35,
“Configuring System Message Logging.”
•
SNMP is enabled (Version 1). For more information, see Chapter 36, “Configuring SNMP.”
•
No ACLs are configured. For more information, see Chapter 37, “Configuring Network Security
with ACLs.”
•
QoS is disabled. For more information, see Chapter 38, “Configuring Standard QoS.”
•
No EtherChannels are configured. For more information, see Chapter 40, “Configuring
EtherChannels.”
•
IP unicast routing is disabled. For more information, see Chapter 41, “Configuring IP Unicast
Routing.”
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-13
�Chapter 1
Configuration Overview
Network Configuration Examples
Network Configuration Examples
This section provides network configuration concepts and includes examples of using the switch to
create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit
Ethernet connections.
•
Design Concepts for Using the Switch, page 1-14
•
Ethernet-to-the-Factory Architecture, page 1-15
Design Concepts for Using the Switch
As your network users compete for network bandwidth, it takes longer to send and receive data. When
you configure your network, consider the bandwidth required by your network users and the relative
priority of the network applications that they use.
Table 1-1 describes what can cause network performance to degrade and how you can configure your
network to increase the bandwidth available to your network users.
Table 1-1
Increasing Network Performance
Network Demands
Suggested Design Methods
Too many users on a single network
segment and a growing number of
users accessing the Internet
•
Increased power of new PCs,
workstations, and servers
•
High bandwidth demand from
networked applications (such as
e-mail with large attached files)
and from bandwidth-intensive
applications (such as
multimedia)
•
Create smaller network segments so that fewer users share the bandwidth, and use
VLANs and IP subnets to place the network resources in the same logical network
as the users who access those resources most.
•
Use full-duplex operation between the switch and its connected workstations.
•
Connect global resources, such as servers and routers to which the network users
require equal access, directly to the high-speed switch ports so that they have their
own high-speed segment.
•
Use the EtherChannel feature between the switch and its connected servers and
routers.
Bandwidth alone is not the only consideration when designing your network. As your network traffic
profiles evolve, consider providing network services that can support applications for voice and data
integration, multimedia integration, application prioritization, and security. Table 1-2 describes some
network demands and how you can meet them.
Cisco IE 2000 Switch Software Configuration Guide
1-14
OL-25866-01
�Chapter 1
Configuration Overview
Network Configuration Examples
Table 1-2
Providing Network Services
Network Demands
Suggested Design Methods
Efficient bandwidth usage for
multimedia applications and
guaranteed bandwidth for critical
applications
•
Use IGMP snooping to efficiently forward multimedia and multicast traffic.
•
Use other QoS mechanisms such as packet classification, marking, scheduling,
and congestion avoidance to classify traffic with the appropriate priority level,
which provides maximum flexibility and support for mission-critical, unicast, and
multicast and multimedia applications.
•
Use MVR to continuously send multicast streams in a multicast VLAN but to
isolate the streams from subscriber VLANs for bandwidth and security reasons.
High demand on network redundancy
and availability to provide always on
mission-critical applications
•
Use VLAN trunks and BackboneFast for traffic-load balancing on the uplink ports
so that the uplink port with a lower relative port cost is selected to carry the VLAN
traffic.
An evolving demand for IP telephony
•
Use QoS to prioritize applications such as IP telephony during congestion and to
help control both delay and jitter within the network.
•
Use switches that support at least two queues per port to prioritize voice and data
traffic as either high- or low-priority, based on IEEE 802.1p/Q. The switch
supports at least four queues per port.
•
Use voice VLAN IDs (VVIDs) to provide separate VLANs for voice traffic.
Ethernet-to-the-Factory Architecture
This section is an overview of the Ethernet-to-the-Factory (EttF) architecture that provides network and
security services to the devices and applications in automation and control systems. It then integrates
those into the wider enterprise network.
EttF architecture applies to many types of manufacturing environments, but it must be tailored to the
industry type, the manufacturing type, and the production-facility size. Deployments can range from
small networks (less than 50 devices), to medium-sized networks (less than 200 devices), and to large
networks (up to and more than 1000 devices).
Within the EttF architecture are conceptual structures called zones that separate the various functions,
from the highest-level enterprise switches and processes to the smallest devices that control more
detailed processes and devices on the factory floor. See Figure 1-1.
For more information about EttF architecture, see this URL:
http://www.cisco.com/web/strategy/manufacturing/ettf_overview.html
Enterprise Zone
The enterprise zone comprises the centralized IT systems and functions. Wired and wireless access is
available to enterprise network services, such as enterprise resource management, business-to-business,
and business-to-customer services.The basic business administration tasks, such as site business
planning and logistics, are performed here and rely on standard IT services. Guest access systems are
often located here, although it is not uncommon to find them in lower levels of the framework to gain
flexibility that might be difficult to achieve at the enterprise level.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-15
�Chapter 1
Configuration Overview
Network Configuration Examples
Demilitarized Zone
The demilitarized zone (DMZ) provides a buffer for sharing of data and services between the enterprise
and manufacturing zones. The DMZ maintains availability, addresses security vulnerabilities, and
abiding by regulatory compliance mandates. The DMZ provides segmentation of organizational control,
for example, between the IT and production organizations. Different policies for each organization can
be applied and contained. For example, the production organization might apply security policies to the
manufacturing zone that are different than those applied to the IT organization.
Manufacturing Zone
The manufacturing zone comprises the cell networks and site-level activities. All the systems, devices,
and controllers that monitor the plant operations are in this zone. The cell zone is a functional area within
a production facility.
The cell zone is a set of devices, controllers, and so on, that provide the real-time control of a functional
aspect of the automation process. They are all in real-time communication with each other. This zone
requires clear isolation and protection from the other levels of plant or enterprise operations.
Cisco IE 2000 Switch Software Configuration Guide
1-16
OL-25866-01
�Chapter 1
Configuration Overview
Network Configuration Examples
Figure 1-1 shows the EttF architecture.
Figure 1-1
Ethernet-to-the-Factory Architecture
LAN
GE Link for
Failover
Detection
Servers
Catalyst
3750 switch
Servers
Catalyst
3750 switch
stack
204322
Management
tools
Catalyst
4500 switch
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-17
�Chapter 1
Configuration Overview
Network Configuration Examples
Topology Options
Topology design starts with considering how devices are connected to the network. The cell network also
requires physical topologies that meet the physical constraints of the production floor. This section
provides guidelines for topology designs and describes the trunk-drop, ring, and redundant-star
topologies.
•
Physical layout—The layout of the production environment drives the topology design. For
example, a trunk-drop or ring topology is a good choice for a long conveyor-belt system, but a
redundant-star configuration is not a good choice.
•
Real-time communications—Latency and jitter are primarily caused by the amount of traffic and
number of hops a packet must make to reach its destination. The amount of traffic in a Layer 2
network is driven by various factors, but the number of devices is important. Follow these guidelines
for real-time communications:
– The amount of latency introduced per Layer 2 hop should be considered. For instance, there is
a higher latency with 100 Mb interfaces than there is with 1 Gigabit interfaces.
– Bandwidth should not consistently exceed 50 percent of the interface capacity on any switch.
– The CPU should not consistently exceed 50 to 70 percent utilization. Above this level, the
switch might not properly process control packets and might behave abnormally.
These are the key connectivity considerations:
•
Devices are connected to a switch through a single network connection or an IP-enabled I/O block
or linking device if they do not support Ethernet. Most devices have no or limited failover
capabilities and therefore cannot effectively use redundant network connections.
•
Redundant connections can be used in certain industries and applications, such as process-related
industries that are applied to critical infrastructure.
Cell Network—Trunk-Drop Topology
Switches are connected to each other to form a chain of switches in a trunk-drop topology (also known
as a cascaded topology). See Figure 1-2.
•
The connection between the Layer 3 switch and the first Layer 2 switch is very susceptible to
oversubscription, which can degrade network performance.
•
There is no redundancy to the loss of a connection.
Cisco IE 2000 Switch Software Configuration Guide
1-18
OL-25866-01
�Chapter 1
Configuration Overview
Network Configuration Examples
Figure 1-2
Cell Network–Trunk-Drop Topology
Catalyst 3750
Stackwise
Switch
Stack
Human
Machine
Interface
(HMI)
Controllers
Cell Zone
Controllers, Drives,
and Remote I/Os
285192
IE2000
Cell Network—Ring Topology
A ring topology is similar to a trunk-drop topology except that the last switch in the chain is connected
to the Layer 3 switch that forms a network ring. If a connection is lost in a ring, each switch maintains
connectivity to the other switches. See Figure 1-3.
•
The network can only recover from the loss of a single connection.
•
It is more difficult to implement because it requires additional protocol implementation and Rapid
Spanning Tree Protocol (RSTP).
•
Although better than the trunk-drop, the top of the ring (connections to the Layer 3 switches) can
become a bottleneck and is susceptible to oversubscription, which can degrade network
performance.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-19
�Chapter 1
Configuration Overview
Network Configuration Examples
Figure 1-3
Cell Network–Ring Topology
Catalyst 3750
Stackwise
Switch
Stack
Human
Machine
Interface
(HMI)
Controllers
Cell Zone
Controllers, Drives,
and Remote I/O
285193
IE2000
Cell Network—Redundant-Star Topology
In a redundant-star topology, every Layer 2 access switch has dual connections to a Layer 3 distribution
switch. Devices are connected to the Layer 2 switches. See Figure 1-4.
•
Any Layer 2 switch is always only two hops to another Layer 2 switch.
•
In the Layer 2 network, each switch has dual connections to the Layer 3 devices.
•
The Layer 2 network is maintained even if multiple connections are lost.
Cisco IE 2000 Switch Software Configuration Guide
1-20
OL-25866-01
�Chapter 1
Configuration Overview
Where to Go Next
Figure 1-4
Cell Network–Redundant Star Topology
Catalyst 3750
Stackwise
Switch
Stack
IE2000
Human
Machine
Interface
(HMI)
Controllers, Drives,
and Remote I/O
285194
Cell Zone
Where to Go Next
Before configuring the switch, review these sections for startup information:
•
Chapter 2, “Using the Command-Line Interface”
•
Chapter 4, “Performing Switch Setup Configuration”
To locate and download MIBs for a specific Cisco product and release, use the Cisco MIB Locator:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
1-21
�Chapter 1
Configuration Overview
Where to Go Next
Cisco IE 2000 Switch Software Configuration Guide
1-22
OL-25866-01
�CH A P T E R
2
Using the Command-Line Interface
Information About Using the Command-Line Interface
This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your
switch.
Command Modes
The Cisco IOS user interface is divided into many different modes. The commands available to you
depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a
list of commands available for each command mode.
When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a
limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC
commands are one-time commands, such as show commands, which show the current configuration
status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved
when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. You must enter a password to
enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enter
global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to the running
configuration. If you save the configuration, these commands are stored and used when the switch
reboots. To access the various configuration modes, you must start at global configuration mode. From
global configuration mode, you can enter interface configuration mode and line configuration mode.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
2-1
�Chapter 2
Using the Command-Line Interface
Information About Using the Command-Line Interface
Table 2-1 describes the main command modes, how to access each one, the prompt you see in that mode,
and how to exit the mode. The examples in the table use the hostname Switch.
Table 2-1
Command Mode Summary
Mode
Access Method
Prompt
Exit Method
About This Mode
User EXEC
Begin a session with
your switch.
Switch>
Enter logout or
quit.
Use this mode to
•
Change terminal settings.
•
Perform basic tests.
•
Display system
information.
Privileged EXEC
While in user EXEC
mode, enter the
enable command.
Switch#
Enter disable to
exit.
Global configuration
While in privileged
EXEC mode, enter
the configure
command.
Switch(config)#
To exit to privileged Use this mode to configure
EXEC mode, enter parameters that apply to the
exit or end, or press entire switch.
Ctrl-Z.
Config-vlan
While in global
configuration mode,
enter the
vlan vlan-id
command.
Switch(config-vlan)#
To exit to global
configuration mode,
enter the exit
command.
While in privileged
EXEC mode, enter
the vlan database
command.
Switch(vlan)#
VLAN configuration
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
Use this mode to verify
commands that you have
entered. Use a password to
protect access to this mode.
Use this mode to configure
VLAN parameters. When VTP
mode is transparent, you can
create extended-range VLANs
(VLAN IDs greater than 1005)
and save configurations in the
switch startup configuration
file.
To exit to privileged Use this mode to configure
EXEC mode, enter VLAN parameters for VLANs
exit.
1 to 1005 in the VLAN
database.
Cisco IE 2000 Switch Software Configuration Guide
2-2
OL-25866-01
�Chapter 2
Using the Command-Line Interface
Information About Using the Command-Line Interface
Table 2-1
Command Mode Summary (continued)
Mode
Access Method
Prompt
Exit Method
Interface
configuration
While in global
configuration mode,
enter the interface
command (with a
specific interface).
Switch(config-if)#
To exit to global
Use this mode to configure
configuration mode, parameters for the Ethernet
enter exit.
ports.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
About This Mode
For information about defining
interfaces, see the “Using
Interface Configuration Mode”
section on page 15-6.
To configure multiple
interfaces with the same
parameters, see the
“Configuring a Range of
Interfaces” section on
page 15-13.
Line configuration
While in global
configuration mode,
specify a line with
the line vty or line
console command.
Switch(config-line)#
To exit to global
Use this mode to configure
configuration mode, parameters for the terminal
enter exit.
line.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
For more detailed information on the command modes, see the command reference guide for this release.
Help System
You can enter a question mark (?) at the system prompt to display a list of commands available for each
command mode. You can also obtain a list of associated keywords and arguments for any command, as
shown in Table 2-2.
Table 2-2
Help Summary
Command
Purpose
help
Obtain a brief description of the help system in any command mode.
abbreviated-command-entry?
Obtain a list of commands that begin with a particular character string.
For example:
Switch# di?
dir disable disconnect
abbreviated-command-entry
Complete a partial command name.
For example:
Switch# sh conf
Switch# show configuration
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
2-3
�Chapter 2
Using the Command-Line Interface
Information About Using the Command-Line Interface
Table 2-2
Help Summary (continued)
Command
Purpose
?
List all commands available for a particular command mode.
For example:
Switch> ?
command ?
List the associated keywords for a command.
For example:
Switch> show ?
command keyword ?
List the associated arguments for a keyword.
For example:
Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver must keep this packet
Understanding Abbreviated Commands
You need to enter only enough characters for the switch to recognize the command as unique.
This example shows how to enter the show configuration privileged EXEC command in an abbreviated
form:
Switch# show conf
No and default Forms of Commands
Almost every configuration command also has a no form. In general, use the no form to disable a feature
or function or reverse the action of a command. For example, the no shutdown interface configuration
command reverses the shutdown of an interface. Use the command without the keyword no to reenable
a disabled feature or to enable a feature that is disabled by default.
Configuration commands can also have a default form. The default form of a command returns the
command setting to its default. Most commands are disabled by default, so the default form is the same
as the no form. However, some commands are enabled by default and have variables set to certain default
values. In these cases, the default command enables the command and sets variables to their default
values.
Cisco IE 2000 Switch Software Configuration Guide
2-4
OL-25866-01
�Chapter 2
Using the Command-Line Interface
CLI Error Messages
CLI Error Messages
Table 2-3 lists some error messages that you might encounter while using the CLI to configure your
switch.
Table 2-3
Common CLI Error Messages
Error Message
Meaning
How to Get Help
% Ambiguous command:
"show con"
You did not enter enough characters
for your switch to recognize the
command.
Reenter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that you can enter with the
command appear.
% Incomplete command.
You did not enter all the keywords or Reenter the command followed by a question mark (?)
values required by this command.
with a space between the command and the question
mark.
The possible keywords that you can enter with the
command appear.
% Invalid input detected
at ‘^’ marker.
You entered the command
incorrectly. The caret (^) marks the
point of the error.
Enter a question mark (?) to display all the commands
that are available in this command mode.
The possible keywords that you can enter with the
command appear.
Configuration Logging
You can log and view changes to the switch configuration. You can use the Configuration Change
Logging and Notification feature to track changes on a per-session and per-user basis. The logger tracks
each configuration command that is applied, the user who entered the command, the time that the
command was entered, and the parser return code for the command. This feature includes a mechanism
for asynchronous notification to registered applications whenever the configuration changes. You can
choose to have the notifications sent to the syslog.
Note
Only CLI or HTTP changes are logged.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
2-5
�Chapter 2
Using the Command-Line Interface
How to Use the CLI to Configure Features
How to Use the CLI to Configure Features
Configuring the Command History
The software provides a history or record of commands that you have entered. The command history
feature is particularly useful for recalling long or complex commands or entries, including access lists.
You can customize this feature to suit your needs as described in these sections:
•
Changing the Command History Buffer Size, page 2-6 (optional)
•
Recalling Commands, page 2-6 (optional)
•
Disabling the Command History Feature, page 2-7 (optional)
Changing the Command History Buffer Size
By default, the switch records ten command lines in its history buffer. You can alter this number for a
current terminal session or for all sessions on a particular line. These procedures are optional.
Beginning in privileged EXEC mode, enter this command to change the number of command lines that
the switch records during the current terminal session:
Switch# terminal history
[size
number-of-lines]
The range is from 0 to 256.
Beginning in line configuration mode, enter this command to configure the number of command lines
the switch records for all sessions on a particular line:
Switch(config-line)# history
[size
number-of-lines]
The range is from 0 to 256.
Recalling Commands
To recall commands from the history buffer, perform one of the actions listed in Table 2-4. These actions
are optional.
Table 2-4
Recalling Commands
Action1
Result
Press Ctrl-P or the up arrow key.
Recall commands in the history buffer, beginning with the most recent command.
Repeat the key sequence to recall successively older commands.
Press Ctrl-N or the down arrow key.
Return to more recent commands in the history buffer after recalling commands
with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively
more recent commands.
show history
While in privileged EXEC mode, list the last several commands that you just
entered. The number of commands that appear is controlled by the setting of the
terminal history global configuration command and the history line configuration
command.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Cisco IE 2000 Switch Software Configuration Guide
2-6
OL-25866-01
�Chapter 2
Using the Command-Line Interface
How to Use the CLI to Configure Features
Disabling the Command History Feature
The command history feature is automatically enabled. You can disable it for the current terminal session
or for the command line. These procedures are optional.
To disable the feature during the current terminal session, enter the terminal no history privileged
EXEC command.
To disable command history for the line, enter the no history line configuration command.
Using Editing Features
This section describes the editing features that can help you manipulate the command line. It contains
these sections:
•
Enabling and Disabling Editing Features, page 2-7 (optional)
•
Editing Commands Through Keystrokes, page 2-7 (optional)
•
Editing Command Lines That Wrap, page 2-9 (optional)
Enabling and Disabling Editing Features
Although enhanced editing mode is automatically enabled, you can disable it, reenable it, or configure
a specific line to have enhanced editing. These procedures are optional.
To globally disable enhanced editing mode, enter this command in line configuration mode:
Switch (config-line)# no editing
To reenable the enhanced editing mode for the current terminal session, enter this command in privileged
EXEC mode:
Switch# terminal editing
To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration
mode:
Switch(config-line)# editing
Editing Commands Through Keystrokes
Table 2-5 shows the keystrokes that you need to edit command lines. These keystrokes are optional.
Table 2-5
Editing Commands through Keystrokes
Capability
Keystroke1
Move around the command line to
make changes or corrections.
Press Ctrl-B, or press the Move the cursor back one character.
left arrow key.
Purpose
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
2-7
�Chapter 2
Using the Command-Line Interface
How to Use the CLI to Configure Features
Table 2-5
Editing Commands through Keystrokes (continued)
Capability
Keystroke1
Purpose
Press Ctrl-F, or press the
right arrow key.
Move the cursor forward one character.
Press Ctrl-A.
Move the cursor to the beginning of the command line.
Press Ctrl-E.
Move the cursor to the end of the command line.
Press Esc B.
Move the cursor back one word.
Press Esc F.
Move the cursor forward one word.
Press Ctrl-T.
Transpose the character to the left of the cursor with the
character located at the cursor.
Recall commands from the buffer
Press Ctrl-Y.
and paste them in the command line.
The switch provides a buffer with the
last ten items that you deleted.
Press Esc Y.
Recall the most recent entry in the buffer.
Recall the next buffer entry.
The buffer contains only the last 10 items that you have
deleted or cut. If you press Esc Y more than ten times, you
cycle to the first buffer entry.
Delete entries if you make a mistake Press the Delete or
or change your mind.
Backspace key.
Capitalize or lowercase words or
capitalize a set of letters.
Erase the character to the left of the cursor.
Press Ctrl-D.
Delete the character at the cursor.
Press Ctrl-K.
Delete all characters from the cursor to the end of the
command line.
Press Ctrl-U or Ctrl-X.
Delete all characters from the cursor to the beginning of
the command line.
Press Ctrl-W.
Delete the word to the left of the cursor.
Press Esc D.
Delete from the cursor to the end of the word.
Press Esc C.
Capitalize at the cursor.
Press Esc L.
Change the word at the cursor to lowercase.
Press Esc U.
Capitalize letters from the cursor to the end of the word.
Designate a particular keystroke as
Press Ctrl-V or Esc Q.
an executable command, perhaps as a
shortcut.
Cisco IE 2000 Switch Software Configuration Guide
2-8
OL-25866-01
�Chapter 2
Using the Command-Line Interface
How to Use the CLI to Configure Features
Table 2-5
Editing Commands through Keystrokes (continued)
Capability
Keystroke1
Purpose
Scroll down a line or screen on
displays that are longer than the
terminal screen can display.
Press the Return key.
Scroll down one line.
Press the Space bar.
Scroll down one screen.
Press Ctrl-L or Ctrl-R.
Redisplay the current command line.
Note
The More prompt is used for
any output that has more
lines than can be displayed
on the terminal screen,
including show command
output. You can use the
Return and Space bar
keystrokes whenever you see
the More prompt.
Redisplay the current command line
if the switch suddenly sends a
message to your screen.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Editing Command Lines That Wrap
You can use a wraparound feature for commands that extend beyond a single line on the screen. When
the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the
first ten characters of the line, but you can scroll back and check the syntax at the beginning of the
command. The keystroke actions are optional.
To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You
can also press Ctrl-A to immediately move to the beginning of the line.
The arrow keys function only on ANSI-compatible terminals such as VT100s.
In this example, the access-list global configuration command entry extends beyond one line. When the
cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar
sign ($) shows that the line has been scrolled to the left. Each time the cursor reaches the end of the line,
the line is again shifted ten spaces to the left.
Switch(config)#
Switch(config)#
Switch(config)#
Switch(config)#
access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1
$ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25
$t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq
$108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45
After you complete the entry, press Ctrl-A to check the complete syntax before pressing the Return key
to execute the command. The dollar sign ($) appears at the end of the line to show that the line has been
scrolled to the right:
Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$
The software assumes you have a terminal screen that is 80 columns wide. If you have a different width,
use the terminal width privileged EXEC command to set the width of your terminal.
Use line wrapping with the command history feature to recall and modify previous complex command
entries. For information about recalling previous command entries, see the “Editing Commands Through
Keystrokes” section on page 2-7.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
2-9
�Chapter 2
Using the Command-Line Interface
How to Use the CLI to Configure Features
Searching and Filtering Output of show and more Commands
You can search and filter the output for show and more commands. This is useful when you need to sort
through large amounts of output or if you want to exclude output that you do not need to see. Using these
commands is optional.
To use this functionality, enter a show or more command followed by the pipe character (|), one of the
keywords begin, include, or exclude, and an expression that you want to search for or filter out:
command | {begin | include | exclude} regular-expression
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
are not displayed, but the lines that contain Output appear.
This example shows how to include in the output display only lines where the expression protocol
appears:
Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
Accessing the CLI
You can access the CLI through a console connection, through Telnet, or by using the browser.
Accessing the CLI through a Console Connection or through Telnet
Before you can access the CLI, you must connect a terminal or PC to the switch console port and power
on the switch, as described in the getting started guide that shipped with your switch. Then, to understand
the boot process and the options available for assigning IP information, see Chapter 4, “Performing
Switch Setup Configuration.”
If your switch is already configured, you can access the CLI through a local console connection or
through a remote Telnet session, but your switch must first be configured for this type of access. For
more information, see the “Setting a Telnet Password for a Terminal Line” section on page 12-28.
You can use one of these methods to establish a connection with the switch:
•
Connect the switch console port to a management station or dial-up modem. For information about
connecting to the console port, see the switch getting started guide or hardware installation guide.
•
Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management
station. The switch must have network connectivity with the Telnet or SSH client, and the switch
must have an enable secret password configured.
For information about configuring the switch for Telnet access, see the “Setting a Telnet Password
for a Terminal Line” section on page 12-28. The switch supports up to 16 simultaneous Telnet
sessions. Changes made by one Telnet user are reflected in all other Telnet sessions.
For information about configuring the switch for SSH, see the “Configuring the SSH Server” section
on page 12-40. The switch supports up to five simultaneous secure SSH sessions.
After you connect through the console port, through a Telnet session or through an SSH session, the
user EXEC prompt appears on the management station.
Cisco IE 2000 Switch Software Configuration Guide
2-10
OL-25866-01
�CH A P T E R
3
Configuring Switch Alarms
Finding Feature Information
Your software release may not support all the features documented in this chapter. For the latest feature
information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image
support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on
Cisco.com is not required.
Information About Switch Alarms
The switch software monitors switch conditions on a per-port or a switch basis. If the conditions present
on the switch or a port do not match the set parameters, the switch software triggers an alarm or a system
message. By default, the switch software sends the system messages to a system message logging
facility, or a syslog facility. You can also configure the switch to send Simple Network Management
Protocol (SNMP) traps to an SNMP server. You can configure the switch to trigger an external alarm
device by using the alarm relay.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
3-1
�Chapter 3
Configuring Switch Alarms
Information About Switch Alarms
Global Status Monitoring Alarms
The switch processes alarms related to temperature and power supply conditions, referred to as global
or facility alarms.
Table 3-1
Global Status Monitoring Alarms
Alarm
Description
Power supply alarm
By default, the switch monitors a single power supply. If you configure a dual power supply, an
alarm triggers if one power supply fails. You can configure the power supply alarm to be connected
to the hardware relays. For more information, see the “Configuring the Power Supply Alarms”
section on page 3-6.
Temperature alarms
The switch contains one temperature sensor with a primary and secondary temperature setting. The
sensor monitors the environmental conditions inside the switch.
The primary and secondary temperature alarms can be set as follows:
•
The primary alarm is enabled automatically to trigger both at a low temperature, –4°F (–20°C)
and a high temperature, 203°F (95°C). It cannot be disabled. By default, the primary
temperature alarm is associated with the major relay.
•
The secondary alarm triggers when the system temperature is higher or lower than the
configured high and low temperature thresholds. The secondary alarm is disabled by default.
For more information, see the “Configuring the Switch Temperature Alarms” section on page 3-6.
SD-Card
By default the alarm is disabled.
FCS Error Hysteresis Threshold
The Ethernet standard calls for a maximum bit-error rate of 10 -8. The bit error-rate range is from 10 -6 to
10 -11. The bit error-rate input to the switch is a positive exponent. If you want to configure the bit
error-rate of 10 -9, enter the value 9 for the exponent. By default, the FCS bit error-rate is 10-8.
You can set the FCS error hysteresis threshold to prevent the toggle of the alarm when the actual bit-error
rate fluctuates near the configured rate. The hysteresis threshold is defined as the ratio between the alarm
clear threshold to the alarm set threshold, expressed as a percentage value.
For example, if the FCS bit error-rate alarm value is configured to 10–8, that value is the alarm set
threshold. To set the alarm clear threshold at 5*10 -10, the hysteresis, value h, is determined as follows:
h = alarm clear threshold / alarm set threshold
h = 5*10 -10 / 10-8 = 5*10-2 = 0.05 = 5 percent
The FCS hysteresis threshold is applied to all ports on the switch. The allowable range is from 1 to 10
percent. The default value is 10 percent. See the “Configuring the FCS Bit Error Rate Alarm” section on
page 3-7 for more information.
Port Status Monitoring Alarms
The switch can also monitor the status of the Ethernet ports and generate alarm messages based on the
alarms listed in Table 3-2. To save user time and effort, it supports changeable alarm configurations by
using alarm profiles. You can create a number of profiles and assign one of these profiles to each Ethernet
port.
Cisco IE 2000 Switch Software Configuration Guide
3-2
OL-25866-01
�Chapter 3
Configuring Switch Alarms
Information About Switch Alarms
Alarm profiles provide a mechanism for you to enable or disable alarm conditions for a port and
associate the alarm conditions with one or both alarm relays. You can also use alarm profiles to set alarm
conditions to send alarm traps to an SNMP server and system messages to a syslog server. The alarm
profile defaultPort is applied to all interfaces in the factory configuration (by default).
Note
You can associate multiple alarms to one relay or one alarm to both relays.
Table 3-2 lists the port status monitoring alarms and their descriptions and functions. Each fault
condition is assigned a severity level based on the Cisco IOS System Error Message Severity Level.
Table 3-2
Port Status Monitoring Alarms
Alarm List ID
Alarm
Description
1
Link Fault alarm
The switch generates a link fault alarm when problems with a port physical
layer cause unreliable data transmission. A typical link fault condition is loss
of signal or clock. The link fault alarm is cleared automatically when the link
fault condition is cleared. The severity for this alarm is error condition, level
3.
2
Port not Forwarding alarm
The switch generates a port not-forwarding alarm when a port is not
forwarding packets. This alarm is cleared automatically when the port begins
to forward packets. The severity for this alarm is warning, level 4.
3
Port not Operating alarm
The switch generates a port not-operating alarm when a port fails during the
startup self-test. When triggered, the port not-operating alarm is only cleared
when the switch is restarted and the port is operational. The severity for this
alarm is error condition, level 3.
4
FCS Bit Error Rate alarm
The switch generates an FCS bit error-rate alarm when the actual FCS bit
error-rate is close to the configured rate. You can set the FCS bit error-rate by
using the interface configuration CLI for each of the ports. See the
“Configuring the FCS Bit Error Rate Alarm” section on page 3-7 for more
information. The severity for this alarm is error condition, level 3.
Triggering Alarm Options
The switch supports these methods for triggering alarms:
•
Configurable Relay
The switch is equipped with one independent alarm relay that can be triggered by alarms for global,
port status and SD flash card conditions. You can configure the relay to send a fault signal to an
external alarm device, such as a bell, light, or other signaling device. You can associate any alarm
condition with the alarm relay. Each fault condition is assigned a severity level based on the
Cisco IOS System Error Message Severity Level.
See the “Configuring the Power Supply Alarms” section on page 3-6 for more information on
configuring the relay.
•
SNMP Traps
SNMP is an application-layer protocol that provides a message format for communication between
managers and agents. The SNMP system consists of an SNMP manager, an SNMP agent, and a
management information base (MIB).
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
3-3
�Chapter 3
Configuring Switch Alarms
Information About Switch Alarms
The snmp-server enable traps command can be changed so that the user can send alarm traps to
an SNMP server. You can use alarm profiles to set environmental or port status alarm conditions to
send SNMP alarm traps. See the “Enabling SNMP Traps” section on page 3-9 for more information.
•
Syslog Messages
You can use alarm profiles to send system messages to a syslog server. See the “Configuring the
Power Supply Alarms” section on page 3-6 for more information.
External Alarms
The switch supports two alarm inputs and one alarm output. The alarm input circuit is designed to sense
if a dry contact is open or closed relative to the Alarm-In reference pin. The Alarm_Out is a relay with
Normally Open and Normally Closed contacts. The switch software is configured to detect faults which
are used to energize the relay coil and change the state on both of the relay contacts. Normally open
contacts close and normally closed contacts open.
Note
•
Open means that the normal condition has current flowing through the contact (normally closed
contact). The alarm is generated when the current stops flowing.
•
Closed means that no current flows through the contact (normally open contact). The alarm is
generated when current does flow.
Software can program the Alarm_In to trigger an alarm with either Open or Closed setting.
The alarm connector is a 6-pin screw terminal. This table lists pinouts for the alarm ports.
Pin #
Signal Name
Description
6
Alarm_Out_NO
Alarm output relay normally open contact
5
Alarm_Out_Com
Alarm output relay common contact
4
Alarm_Out-NC
Alarm output relay normally closed contact
3
Alarm_In2
Alarm input #2
2
Alarm_In_Ref
Alarm input reference
1
Alarm_In1
Alarm input #1
You can set the alarm severity to major, minor, or none. The severity is included in the alarm message
and also sets the LED color when the alarm is triggered. The LED is red for a minor alarm and blinking
red for a major alarm. If not set, the default alarm severity is minor.
For detailed information about the alarm connector, LEDs, alarm circuit and wiring installation, alarm
ratings and ports, see the Cisco IE 2000 Switch Hardware Installation Guide.
Cisco IE 2000 Switch Software Configuration Guide
3-4
OL-25866-01
�Chapter 3
Configuring Switch Alarms
How to Configure Switch Alarms
Default Switch Alarm Settings
Table 3-3
Default Switch Alarm Settings
Global
Alarm
Default Setting
Power supply alarm
Enabled in switch single power mode. No alarm.
In dual-power supply mode, the default alarm notification is a system
message to the console.
Primary temperature alarm
Enabled for switch temperature range of 203oF (95oC) maximum to –4°F
(–20 oC) minimum.
The primary switch temperature alarm is associated with the major relay.
Port
Secondary temperature alarm
Disabled.
Output relay mode alarm
Normally deenergized. The alarm output has switched off or is in an off
state.
Link fault alarm
Disabled on all interfaces.
Port not forwarding alarm
Disabled on all interfaces.
Port not operating alarm
Enabled on all interfaces.
FCS bit error rate alarm
Disabled on all interfaces.
How to Configure Switch Alarms
Configuring External Alarms
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
alarm contact contact-number
description string
(Optional) Configures a description for the alarm contact number.
Step 3
alarm contact {contact-number | all}
{severity { major | minor | none} |
trigger {closed | open}}
•
The contact-number value is from 1 to 4.
•
The description string is up to 80 alphanumeric characters in length
and is included in any generated system messages.
Configures the trigger and severity for an alarm contact number or for all
contact numbers.
•
Enter a contact number (1 to 4) or specify that you are configuring all
alarms.
•
For severity, enter major, minor or none. If you do not configure a
severity, the default is minor.
•
For trigger, enter open or closed. If you do not configure a trigger,
the alarm is triggered when the circuit is closed.
Step 4
alarm relay-mode energized
(Optional) Configures the output relay mode to energized.
Step 5
end
Returns to privileged EXEC mode.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
3-5
�Chapter 3
Configuring Switch Alarms
How to Configure Switch Alarms
Command
Purpose
Step 6
show env alarm-contact
Shows the configured alarm contacts.
Step 7
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Configuring the Power Supply Alarms
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
power-supply dual
Configures dual power supplies.
Step 3
alarm facility power-supply disable Disables the power supply alarm.
Step 4
alarm facility power-supply relay
major
Step 5
alarm facility power-supply notifies Sends power supply alarm traps to an SNMP server.
Step 6
alarm facility power-supply syslog
Sends power supply alarm traps to a syslog server.
Step 7
end
Returns to privileged EXEC mode.
Step 8
show env power
Displays the switch power status.
Step 9
show facility-alarm status
Displays all generated alarms for the switch.
Step 10
show alarm settings
Verifies the configuration.
Step 11
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Associates the power supply alarm to the relay.
Configuring the Switch Temperature Alarms
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
alarm facility temperature
{primary | secondary} high
threshold
Sets the high temperature threshold value. Set the threshold from –238°F
(–150°C) to 572°F (300°C).
Step 3
alarm facility temperature primary Sets the low temperature threshold value. Set the threshold from –328°F
low threshold
(–200°C) to 482°F (250°C).
Step 4
end
Returns to privileged EXEC mode.
Step 5
show alarm settings
Verifies the configuration.
Step 6
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Cisco IE 2000 Switch Software Configuration Guide
3-6
OL-25866-01
�Chapter 3
Configuring Switch Alarms
How to Configure Switch Alarms
Associating the Temperature Alarms to a Relay
By default, the primary temperature alarm is associated to the relay. You can use the alarm facility
temperature global configuration command to associate the primary temperature alarm to an SNMP trap, or
a syslog message, or to associate the secondary temperature alarm to the relay, an SNMP trap, or a syslog
message.
Note
The single relay on the switch is called the major relay.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
alarm facility temperature
{primary | secondary} relay major
Associates the primary or secondary temperature alarm to the relay.
Step 3
alarm facility temperature
{primary | secondary} notifies
Sends primary or secondary temperature alarm traps to an SNMP server.
Step 4
alarm facility temperature
{primary | secondary} syslog
Sends primary or secondary temperature alarm traps to a syslog server.
Step 5
end
Returns to privileged EXEC mode.
Step 6
show alarm settings
Verifies the configuration.
Step 7
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Uses the no alarm facility temperature secondary command to disable the
secondary temperature alarm.
Configuring the FCS Bit Error Rate Alarm
Setting the FCS Error Threshold
The switch generates an FCS bit error-rate alarm when the actual rate is close to the configured rate.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
interface interface-id
Enters the interface to be configured, and enters interface configuration
mode.
Step 3
fcs-threshold value
Sets the FCS error rate.
For value, the range is 6 to 11 to set a maximum bit error rate of 10-6 to 10 -11.
By default, the FCS bit error rate is 10-8.
Step 4
end
Returns to privileged EXEC mode.
Step 5
show fcs-threshold
Verifies the setting.
Step 6
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
3-7
�Chapter 3
Configuring Switch Alarms
How to Configure Switch Alarms
Setting the FCS Error Hysteresis Threshold
The hysteresis setting prevents the toggle of an alarm when the actual bit error-rate fluctuates near the
configured rate. The FCS hysteresis threshold is applied to all ports of a switch.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
alarm facility fcs-hysteresis
percentage
Sets the hysteresis percentage for the switch.
Step 3
end
Returns to privileged EXEC mode.
Step 4
show running config
Verifies the configuration.
Step 5
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
For percentage, the range is 1 to 10. The default value is 10 percent.
Configuring Alarm Profiles
Creating an Alarm Profile
You can use the alarm profile global configuration command to create an alarm profile or to modify an
existing profile. When you create a new alarm profile, none of the alarms are enabled.
Note
The only alarm enabled in the defaultPort profile is the Port not operating alarm.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
alarm profile name
Creates the new profile or identifies an existing profile, and enters alarm
profile configuration mode.
Step 3
end
Returns to privileged EXEC mode.
Step 4
show alarm profile name
Verifies the configuration.
Step 5
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Modifying an Alarm Profile
You can modify an alarm profile from alarm profile configuration mode.
You can enter more than one alarm type separated by a space.
Command
Purpose
alarm {fcs-error | link-fault | not-forwarding |
not-operating}
(Optional) Adds or modifies alarm parameters for
a specific alarm.
notifies {fcs-error | link-fault | not-forwarding | (Optional) Configures the alarm to send an SNMP
not-operating}
trap to an SNMP server.
Cisco IE 2000 Switch Software Configuration Guide
3-8
OL-25866-01
�Chapter 3
Configuring Switch Alarms
Monitoring and Maintaining Switch Alarms Status
Command
Purpose
relay-major {fcs-error | link-fault |
not-forwarding | not-operating}
(Optional) Configures the alarm to send an alarm
trap to the relay.
syslog {fcs-error | link-fault | not-forwarding |
not-operating}
(Optional) Configures the alarm to send an alarm
trap to a syslog server.
Attaching an Alarm Profile to a Specific Port
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
interface port interface
Enters interface configuration mode.
Step 3
alarm-profile name
Attaches the specified profile to the interface.
Step 4
end
Returns to privileged EXEC mode.
Step 5
show alarm profile
Verifies the configuration.
Step 6
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Enabling SNMP Traps
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
snmp-server enable traps alarms
Enables the switch to send SNMP traps.
Step 3
end
Returns to privileged EXEC mode.
Step 4
show alarm settings
Verifies the configuration.
Step 5
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Monitoring and Maintaining Switch Alarms Status
Table 3-4
Commands for Displaying Global and Port Alarm Status
Command
Purpose
show alarm description ports
Displays an alarm number and its text description.
show alarm profile [name]
Displays all alarm profiles in the system or a specified profile.
show alarm settings
Displays all global alarm settings on the switch.
show env {alarm-contact | all | power |
temperature}
Displays the status of environmental facilities on the switch.
show facility-alarm status [critical | info |
major | minor]
Displays generated alarms on the switch.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
3-9
�Chapter 3
Configuring Switch Alarms
Configuration Examples for Switch Alarms
Configuration Examples for Switch Alarms
Configuring External Alarms: Example
This example configures alarm input 1 named door sensor to assert a major alarm when the door circuit
is closed and then displays the status and configuration for all alarms:
Switch(config)# alarm contact 1 description door sensor
Switch(config)# alarm contact 1 severity major
Switch(config)# alarm contact 1 trigger closed
Switch(config)# end
Switch(config)# show env alarm-contact
Switch# show env alarm-contact
ALARM CONTACT 1
Status:
Description:
Severity:
Trigger:
ALARM CONTACT 2
Status:
Description:
Severity:
Trigger:
not asserted
door sensor
major
closed
not asserted
external alarm contact 2
minor
closed
Associating Temperature Alarms to a Relay: Examples
This example sets the secondary temperature alarm to the major relay, with a high temperature threshold
value of 113 oF (45 oC). All alarms and traps associated with this alarm are sent to a syslog server and an
SNMP server.
Switch(config)
Switch(config)
Switch(config)
Switch(config)
#
#
#
#
alarm
alarm
alarm
alarm
facility
facility
facility
facility
temperature
temperature
temperature
temperature
secondary
secondary
secondary
secondary
high 45
relay major
syslog
notifies
This example sets the first (primary) temperature alarm to the major relay. All alarms and traps
associated with this alarm are sent to a syslog server.
Switch(config) # alarm facility temperature primary syslog
Switch(config) # alarm facility temperature primary relay major
Creating or Modifying an Alarm Profile: Example
This example creates or modifies the alarm profile fastE for the Fast Ethernet port with link-down
(alarmList ID 3) alarm enabled. The link-down alarm is connected to the major relay. This alarm also
send notifications to an SNMP server and sends system messages to a syslog server.
Switch(config)# alarm profile
Switch(config-alarm-profile)#
Switch(config-alarm-profile)#
Switch(config-alarm-profile)#
Switch(config-alarm-profile)#
fastE
alarm fcs-error
relay major link-fault
notifies not-forwarding
syslog not-forwarding
Cisco IE 2000 Switch Software Configuration Guide
3-10
OL-25866-01
�Chapter 3
Configuring Switch Alarms
Configuration Examples for Switch Alarms
Setting the FCS Error Hysteresis Threshold: Example
This example shows how to set the FCS bit error rate for a port to 10-10:
Switch# configure terminal
Switch(config)# interface fastethernet1/1
Switch(config-if) # fcs-threshold 10
Configuring a Dual Power Supply: Examples
This example shows how to configure two power supplies:
Switch# configure terminal
Switch(config)# power-supply dual
These examples show how to display information when two power supplies are not present which results
in a triggered alarm.
Switch# show facility-alarm status
Source Severity Description Relay Time
Switch MAJOR 5 Redundant Pwr missing or failed NONE Mar 01
1993 00:23:52
Switch# show env power
POWER SUPPLY A is DC OK
POWER SUPPLY B is DC FAULTY <-Switch#
SWITCH:
SYSTEM:
ALARM :
show hard led
1
GREEN
ALT_RED_BLACK <--
Displaying Alarm Settings: Example
Switch# show alarm settings
Alarm relay mode: De-energized
Power Supply
Alarm
Relay
Notifies
Syslog
Temperature-Primary
Alarm
Thresholds
Relay
Notifies
Syslog
Temperature-Secondary
Alarm
Threshold
Relay
Notifies
Syslog
SD-Card
Alarm
Relay
Notifies
Syslog
Input-Alarm 1
Enabled
Disabled
Enabled
Enabled
MAX: 95C
MAJ
Enabled
Enabled
MIN:
-20C
Disabled
Disabled
Disabled
Disabled
Disabled
Enabled
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
3-11
�Chapter 3
Configuring Switch Alarms
Additional References
Alarm
Relay
Notifies
Syslog
Input-Alarm 2
Alarm
Relay
Notifies
Syslog
Enabled
Disabled
Enabled
Enabled
Disabled
Enabled
Additional References
The following sections provide references related to switch administration:
Related Documents
Related Topic
Document Title
Cisco IE 2000 commands
Cisco IE 2000 Switch Command Reference, Release 15.0(1)EY
Cisco IOS basic commands
Cisco IOS Configuration Fundamentals Command Reference
Alarm input and output ports.
Cisco IE 2000 Switch Hardware Installation Guide
Standards
Standards
Title
No new or modified standards are supported by this
—
feature, and support for existing standards has not been
modified by this feature.
MIBs
MIBs
MIBs Link
—
To locate and download MIBs using Cisco IOS XR software, use the
Cisco MIB Locator found at the following URL and choose a
platform under the Cisco Access Products menu:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Cisco IE 2000 Switch Software Configuration Guide
3-12
OL-25866-01
�Chapter 3
Configuring Switch Alarms
Additional References
RFCs
RFCs
Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not been
modified by this feature.
—
Technical Assistance
Description
Link
The Cisco Technical Support website contains
http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
3-13
�Chapter 3
Configuring Switch Alarms
Additional References
Cisco IE 2000 Switch Software Configuration Guide
3-14
OL-25866-01
�CH A P T E R
4
Performing Switch Setup Configuration
Restrictions for Performing Switch Setup Configuration
Note
•
The DHCP-based autoconfiguration with a saved configuration process stops if there is not at least
one Layer 3 interface in an up state without an assigned IP address in the network.
•
Unless you configure a timeout, the DHCP-based autoconfiguration with a saved configuration
feature tries indefinitely to download an IP address.
•
The auto-install process stops if a configuration file cannot be downloaded or it the configuration
file is corrupted.
The configuration file that is downloaded from TFTP is merged with the existing configuration in the
running configuration but is not saved in the NVRAM unless you enter the write memory or
copy running-configuration startup-configuration privileged EXEC command. Note that if the
downloaded configuration is saved to the startup configuration, the feature is not triggered during
subsequent system restarts.
Information About Performing Switch Setup Configuration
This chapter describes how to perform your initial switch configuration tasks that include IP address
assignments and DHCP autoconfiguration.
Switch Boot Process
To start your switch, you need to follow the procedures in the Cisco IE 2000 Switch Getting Started
Guide or the hardware installation guide for installing and powering on the switch and for setting up the
initial switch configuration (IP address, subnet mask, default gateway, secret and Telnet passwords, and
so forth).
The normal boot process involves the operation of the boot loader software, which performs these
activities:
•
Performs low-level CPU initialization—Initializes the CPU registers, which control where physical
memory is mapped, its quantity and its speed.
•
Performs power-on self-test (POST) for the CPU subsystem—Tests the CPU DRAM and the portion
of the flash device that makes up the flash file system.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
4-1
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
•
Initializes the flash memory card file system on the system board.
•
Loads a default operating system software image into memory and boots up the switch.
The boot loader provides access to the flash file system before the operating system is loaded. Normally,
the boot loader is used only to load, uncompress, and launch the operating system. After the boot loader
gives the operating system control of the CPU, the boot loader is not active until the next system reset
or power-on.
The switch supports a flash memory card that makes it possible to replace a failed switch without
reconfiguring the new switch. The slot for the flash memory card is hot swappable and front-accessed.
A cover protects the flash card and holds the card firmly in place. The cover is hinged and closed with
a captive screw, which prevents the card from coming loose and protects against shock and vibration.
Use the show flash: privileged EXEC command to display the flash memory card file settings. For
information about how to remove or replace the flash memory card on the switch, see the Cisco IE 2000
Hardware Installation Guide.
The boot loader also provides trap-door access into the system if the operating system has problems
serious enough that it cannot be used. The trap-door mechanism provides enough access to the system
so that if it is necessary, you can format the flash file system, reinstall the operating system software
image by using the Xmodem Protocol, recover from a lost or forgotten password, and finally restart the
operating system. For more information, see “Recovering from Software Failures” and the “Recovering
from a Lost or Forgotten Password”.
Note
You can disable password recovery. For more information, see “Disabling Password Recovery”.
Before you can assign switch information, make sure you have connected a PC or terminal to the console
port, and configured the PC or terminal-emulation software baud rate and character format to match
these of the switch console port:
•
Baud rate default is 9600.
•
Data bits default is 8.
Note
If the data bits option is set to 8, set the parity option to none.
•
Stop bits default is 1.
•
Parity settings default is none.
Cisco IE 2000 Switch Software Configuration Guide
4-2
OL-25866-01
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
Default Switch Boot Settings
Feature
Default Setting
Operating system software image
The switch attempts to automatically boot up the system using
information in the BOOT environment variable. If the variable is not set,
the switch attempts to load and execute the first executable image it can
by performing a recursive, depth-first search throughout the flash file
system.
The Cisco IOS image is stored in a directory that has the same name as
the image file (excluding the .bin extension).
In a depth-first search of a directory, each encountered subdirectory is
completely searched before continuing the search in the original
directory.
Configuration file
Configured switches use the config.text file stored on the system board in
flash memory.
A new switch has no configuration file.
Switch Boot Optimization
The normal switch boot process involves a memory test, file system check (FSCK), and power-on
self-test (POST).
The boot fast command in global configuration mode is enabled by default to permit switch boot
optimization, which disables these tests and minimizes the bootup time. However, after a system crash
this feature is automatically disabled.
Reload sequences occur immediately if your switch is set up to automatically bring up the system by
using information in the BOOT environment variable. Otherwise, these reload sequences occur after you
enter the manual boot command in bootloader configuration mode.
First Reload
The switch disables the boot fast feature and displays the following warning message:
“Reloading with boot fast feature disabled”
After the system message appears, the system saves the crash information and automatically resets itself
for the next reload cycle.
Second Reload
The boot loader performs its normal full memory test and FSCK check with LED status progress. If the
memory and FSCK tests are successful, the system performs additional POST tests and the results are
displayed on the console.
The boot fast feature is reenabled after the system comes up successfully.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
4-3
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
Switch Information Assignment
You can assign IP information through the switch setup program, through a DHCP server, or manually.
Use the switch setup program if you want to be prompted for specific IP information. With this program,
you can also configure a hostname and an enable secret password. The program gives you the option of
assigning a Telnet password (to provide security during remote management) and configuring your
switch as a command or member switch of a cluster or as a standalone switch. For more information
about the setup program, see the hardware installation guide.
Use a DHCP server for centralized control and automatic assignment of IP information after the server
is configured.
Note
If you are using DHCP, do not respond to any of the questions in the setup program until the switch
receives the dynamically assigned IP address and reads the configuration file.
If you are an experienced user familiar with the switch configuration steps, manually configure the
switch. Otherwise, use the setup program.
Switch Default Settings
Table 4-1
Switch Default Settings
Feature
Default Setting
IP address and subnet mask
No IP address or subnet mask is defined.
Default gateway
No default gateway is defined.
Enable secret password
No password is defined.
Hostname
The factory-assigned default hostname is Switch.
Telnet password
No password is defined.
Cluster command switch functionality
Disabled.
Cluster name
No cluster name is defined.
Manual boot
No.
Boot optimization
Enabled.
DHCP-Based Autoconfiguration Overview
DHCP provides configuration information to Internet hosts and internetworking devices. This protocol
consists of two components: one for delivering configuration parameters from a DHCP server to a device
and a mechanism for allocating network addresses to devices. DHCP is built on a client-server model,
in which designated DHCP servers allocate network addresses and deliver configuration parameters to
dynamically configured devices. The switch can act as both a DHCP client and a DHCP server.
During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at
startup with IP address information and a configuration file.
Cisco IE 2000 Switch Software Configuration Guide
4-4
OL-25866-01
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
With DHCP-based autoconfiguration, no DHCP client-side configuration is needed on your switch.
However, you need to configure the DHCP server for various lease options associated with IP addresses.
If you are using DHCP to relay the configuration file location on the network, you might also need to
configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server.
The DHCP server for your switch can be on the same LAN or on a different LAN than the switch. If the
DHCP server is running on a different LAN, you should configure a DHCP relay device between your
switch and the DHCP server. A relay device forwards broadcast traffic between two directly connected
LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP
address in the received packet.
DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.
DHCP Client Request Process
When you boot up your switch, the DHCP client is invoked and requests configuration information from
a DHCP server when the configuration file is not present on the switch. If the configuration file is present
and the configuration includes the ip address dhcp interface configuration command on specific routed
interfaces, the DHCP client is invoked and requests the IP address information for those interfaces.
Figure 4-1 shows the sequence of messages that are exchanged between the DHCP client and the DHCP
server.
Figure 4-1
DHCP Client and Server Message Exchange
DHCPDISCOVER (broadcast)
Switch A
DHCPOFFER (unicast)
DHCP server
DHCPACK (unicast)
51807
DHCPREQUEST (broadcast)
The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP
server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP
address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.
In a DHCPREQUEST broadcast message, the client returns a formal request for the offered
configuration information to the DHCP server. The formal request is broadcast so that all other DHCP
servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP
addresses that they offered to the client.
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK
unicast message to the client. With this message, the client and server are bound, and the client uses
configuration information received from the server. The amount of information the switch receives
depends on how you configure the DHCP serverd in conjunction with the TFTP server. For more
information, see the “TFTP Server” section on page 4-7.
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a
configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
The DHCP server sends the client a DHCPNAK denial broadcast message, which means that the offered
configuration parameters have not been assigned, that an error has occurred during the negotiation of the
parameters, or that the client has been slow in responding to the DHCPOFFER message. (The DHCP
server assigned the parameters to another client.)
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
4-5
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any of the
offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is
not a guarantee that the IP address is allocated to the switch. However, the server usually reserves the
address until the client has had a chance to formally request the address. If the switch accepts replies
from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to
obtain the switch configuration file.
The DHCP hostname option allows a group of switches to obtain hostnames and a standard configuration
from the central management DHCP server. A client (switch) includes in its DCHPDISCOVER message
an option 12 field used to request a hostname and other configuration parameters from the DHCP server.
The configuration files on all clients are identical except for their DHCP-obtained hostnames.
If a client has a default hostname (the hostname name global configuration command is not configured
or the no hostname global configuration command is entered to remove the hostname), the DHCP
hostname option is not included in the packet when you enter the ip address dhcp interface
configuration command. In this case, if the client receives the DCHP hostname option from the DHCP
interaction while acquiring an IP address for an interface, the client accepts the DHCP hostname option
and sets the flag to show that the system now has a hostname configured.
DHCP-Based Autoconfiguration and Image Update
You can use the DHCP image upgrade features to configure a DHCP server to download both a new
image and a new configuration file to one or more switches in a network. This helps ensure that each
new switch added to a network receives the same image and configuration.
There are two types of DHCP image upgrades: DHCP autoconfiguration and DHCP auto-image update.
DHCP Autoconfiguration
DHCP autoconfiguration downloads a configuration file to one or more switches in your network from
a DHCP server. The downloaded configuration file becomes the running configuration of the switch. It
does not over write the bootup configuration saved in the flash, until you reload the switch.
DHCP Auto-Image Update
You can use DHCP auto-image upgrade with DHCP autoconfiguration to download both a configuration
and a new image to one or more switches in your network. The switch (or switches) downloading the
new configuration and the new image can be blank (or only have a default factory configuration loaded).
If the new configuration is downloaded to a switch that already has a configuration, the downloaded
configuration is appended to the configuration file stored on the switch. (Any existing configuration is
not overwritten by the downloaded one.)
Note
To enable a DHCP auto-image update on the switch, the TFTP server where the image and configuration
files are located must be configured with the correct option 67 (the configuration filename), option 66
(the DHCP server hostname) option 150 (the TFTP server address), and option 125 (description of the
file) settings.
For procedures to configure the switch as a DHCP server, see the “DHCP Server Configuration
Guidelines” section on page 4-7 and the “Configuring DHCP” section of the “IP addressing and
Services” section of the Cisco IOS IP DHCP Configuration Guide, Release 15.0.
Cisco IE 2000 Switch Software Configuration Guide
4-6
OL-25866-01
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
After you install the switch in your network, the auto-image update feature starts. The downloaded
configuration file is saved in the running configuration of the switch, and the new image is downloaded
and installed on the switch. When you reboot the switch, the configuration is stored in the saved
configuration on the switch.
DHCP Server Configuration Guidelines
Follow these guidelines if you are configuring a device as a DHCP server:
•
Configure the DHCP server with reserved leases that are bound to each switch by the switch
hardware address.
•
If you want the switch to receive IP address information, you must configure the DHCP server with
these lease options:
– IP address of the client (required)
– Subnet mask of the client (required)
– Router IP address (default gateway address to be used by the switch) (required)
– DNS server IP address (optional)
•
If you want the switch to receive the configuration file from a TFTP server, you must configure the
DHCP server with these lease options:
– TFTP server name (required)
– Boot filename (the name of the configuration file that the client needs) (recommended)
– Hostname (optional)
•
Depending on the settings of the DHCP server, the switch can receive IP address information, the
configuration file, or both.
•
If you do not configure the DHCP server with the lease options described previously, it replies to
client requests with only those parameters that are configured.
If the IP address and the subnet mask are not in the reply, the switch is not configured. If the router
IP address or the TFTP server name are not found, the switch might send broadcast, instead of
unicast, TFTP requests. Unavailability of other lease options does not affect autoconfiguration.
•
The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent
features are enabled on your switch but are not configured. These features are not operational. If
your DHCP server is a Cisco device, for additional information about configuring DHCP, see the
“Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP
Configuration Guide on Cisco.com.
TFTP Server
Based on the DHCP server configuration, the switch attempts to download one or more configuration
files from the TFTP server. If you configured the DHCP server to respond to the switch with all the
options required for IP connectivity to the TFTP server, and if you configured the DHCP server with a
TFTP server name, address, and configuration filename, the switch attempts to download the specified
configuration file from the specified TFTP server.
If you did not specify the configuration filename, the TFTP server, or if the configuration file could not
be downloaded, the switch attempts to download a configuration file by using various combinations of
filenames and TFTP server addresses. The files include the specified configuration filename (if any) and
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
4-7
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
these files: network-config, cisconet.cfg, and hostname.config (or hostname.cfg), where hostname is the
switch’s current hostname. The TFTP server addresses used include the specified TFTP server address
(if any) and the broadcast address (255.255.255.255).
For the switch to successfully download a configuration file, the TFTP server must contain one or more
configuration files in its base directory. The files can include these files:
•
The configuration file named in the DHCP reply (the actual switch configuration file).
•
The network-confg or the cisconet.cfg file (known as the default configuration files).
•
The router-confg or the ciscortr.cfg file (These files contain commands common to all switches.
Normally, if the DHCP and TFTP servers are properly configured, these files are not accessed.)
If you specify the TFTP server name in the DHCP server-lease database, you must also configure the
TFTP server name-to-IP-address mapping in the DNS-server database.
If the TFTP server to be used is on a different LAN from the switch, or if it is to be accessed by the switch
through the broadcast address (which occurs if the DHCP server response does not contain all the
required information described previously), a relay must be configured to forward the TFTP packets to
the TFTP server. For more information, see the “Relay Device” section on page 4-8. The preferred
solution is to configure the DHCP server with all the required information.
DNS Server
The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must
configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the
configuration files for the switch.
You can configure the IP addresses of the DNS servers in the lease database of the DHCP server from
where the DHCP replies will retrieve them. You can enter up to two DNS server IP addresses in the lease
database.
The DNS server can be on the same or on a different LAN as the switch. If it is on a different LAN, the
switch must be able to access it through a router.
Relay Device
You must configure a relay device, also referred to as a relay agent, when a switch sends broadcast
packets that require a response from a host on a different LAN. Examples of broadcast packets that the
switch might send are DHCP, DNS, and in some cases, TFTP packets. You must configure this relay
device to forward received broadcast packets on an interface to the destination host.
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and
configure helper addresses by using the ip helper-address interface configuration command.
For example, in Figure 4-2, configure the router interfaces as follows:
On interface 10.0.0.2:
router(config-if)# ip helper-address 20.0.0.2
router(config-if)# ip helper-address 20.0.0.3
router(config-if)# ip helper-address 20.0.0.4
On interface 20.0.0.1:
router(config-if)# ip helper-address 10.0.0.1
Cisco IE 2000 Switch Software Configuration Guide
4-8
OL-25866-01
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
Figure 4-2
Relay Device Used in Autoconfiguration
Switch
(DHCP client)
Cisco router
(Relay)
10.0.0.2
10.0.0.1
DHCP server
20.0.0.3
TFTP server
20.0.0.4
DNS server
49068
20.0.0.2
20.0.0.1
How to Obtain Configuration Files
Depending on the availability of the IP address and the configuration filename in the DHCP reserved
lease, the switch obtains its configuration information in these ways:
•
The IP address and the configuration filename is reserved for the switch and provided in the DHCP
reply (one-file read method).
The switch receives its IP address, subnet mask, TFTP server address, and the configuration
filename from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve
the named configuration file from the base directory of the server and upon receipt, it completes its
boot-up process.
•
The IP address and the configuration filename is reserved for the switch, but the TFTP server
address is not provided in the DHCP reply (one-file read method).
The switch receives its IP address, subnet mask, and the configuration filename from the DHCP
server. The switch sends a broadcast message to a TFTP server to retrieve the named configuration
file from the base directory of the server, and upon receipt, it completes its boot-up process.
•
Only the IP address is reserved for the switch and provided in the DHCP reply. The configuration
filename is not provided (two-file read method).
The switch receives its IP address, subnet mask, and the TFTP server address from the DHCP server.
The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg
default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg
file.)
The default configuration file contains the hostnames-to-IP-address mapping for the switch. The
switch fills its host table with the information in the file and obtains its hostname. If the hostname
is not found in the file, the switch uses the hostname in the DHCP reply. If the hostname is not
specified in the DHCP reply, the switch uses the default Switch as its hostname.
After obtaining its hostname from the default configuration file or the DHCP reply, the switch reads
the configuration file that has the same name as its hostname (hostname-confg or hostname.cfg,
depending on whether network-confg or cisconet.cfg was read earlier) from the TFTP server. If the
cisconet.cfg file is read, the filename of the host is truncated to eight characters.
If the switch cannot read the network-confg, cisconet.cfg, or the hostname file, it reads the
router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
4-9
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
Note
The switch broadcasts TFTP server requests if the TFTP server is not obtained from the DHCP replies,
if all attempts to read the configuration file through unicast transmissions fail, or if the TFTP server
name cannot be resolved to an IP address.
How to Control Environment Variables
With a normally operating switch, you enter the boot loader mode only through a switch console
connection configured for 9600 b/s. Unplug the switch power cord, and press the switch Mode button
while reconnecting the power cord. You can release the Mode button a second or two after the LED
above port 1 turns off. Then the boot loader switch: prompt appears.
The switch boot loader software provides support for nonvolatile environment variables, which can be
used to control how the boot loader or any other software running on the system behaves. Boot loader
environment variables are similar to environment variables that can be set on UNIX or DOS systems.
Environment variables that have values are stored in flash memory outside of the flash file system.
Each line in these files contains an environment variable name and an equal sign followed by the value
of the variable. A variable has no value if it is not listed in this file; it has a value if it is listed in the file
even if the value is a null string. A variable that is set to a null string (for example, “ ”) is a variable with
a value. Many environment variables are predefined and have default values.
Environment variables store two kinds of data:
•
Data that controls code, which does not read the Cisco IOS configuration file. For example, the name
of a boot loader helper file, which extends or patches the functionality of the boot loader can be
stored as an environment variable.
•
Data that controls code, which is responsible for reading the Cisco IOS configuration file. For
example, the name of the Cisco IOS configuration file can be stored as an environment variable.
You can change the settings of the environment variables by accessing the boot loader or by using Cisco
IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment
variables.
Note
For complete syntax and usage information for the boot loader commands and environment variables,
see the command reference for this release.
Cisco IE 2000 Switch Software Configuration Guide
4-10
OL-25866-01
�Chapter 4
Performing Switch Setup Configuration
Information About Performing Switch Setup Configuration
Common Environment Variables
Table 4-2 describes the function of the most common environment variables.
Table 4-2
Environment Variables
Variable
Boot Loader Command
Cisco IOS Global Configuration Command
BOOT
set BOOT filesystem:/file-url ...
boot system filesystem:/file-url ...
A semicolon-separated list of executable files to Specifies the Cisco IOS image to load during the
try to load and execute when automatically
next boot cycle. This command changes the
booting. If the BOOT environment variable is not setting of the BOOT environment variable.
set, the system attempts to load and execute the
first executable image it can find by using a
recursive, depth-first search through the flash file
system. If the BOOT variable is set but the
specified images cannot be loaded, the system
attempts to boot the first bootable file that it can
find in the flash file system.
MANUAL_BOOT
set MANUAL_BOOT yes
boot manual
Decides whether the switch automatically or
manually boots up.
Enables manually booting up the switch during
the next boot cycle and changes the setting of the
Valid values are 1, yes, 0, and no. If it is set to no MANUAL_BOOT environment variable.
or 0, the boot loader attempts to automatically
The next time you reboot the system, the switch is
boot up the system. If it is set to anything else,
in boot loader mode. To boot up the system, use
you must manually boot up the switch from the the boot flash:filesystem:/file-url boot loader
boot loader mode.
command, and specify the name of the bootable
image.
CONFIG_FILE
set CONFIG_FILE flash:/file-url
boot config-file flash:/file-url
Changes the filename that Cisco IOS uses to read Specifies the filename that Cisco IOS uses to read
and write a nonvolatile copy of the system
and write a nonvolatile copy of the system
configuration.
configuration. This command changes the
CONFIG_FILE environment variable.
Scheduled Reload of the Software Image
You can schedule a reload of the software image to occur on the switch at a later time (for example, late
at night or during the weekend when the switch is used less), or you can synchronize a reload
network-wide (for example, to perform a software upgrade on all switches in the network).
Note
A scheduled reload must take place within approximately 24 days.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
4-11
�Chapter 4
Performing Switch Setup Configuration
How to Perform Switch Setup Configuration
You have these reload options:
•
Software reload to take effect in the specified minutes or hours and minutes. The reload must take
place within approximately 24 days. You can specify the reason for the reload in a string up to 255
characters in length.
•
Software reload to take place at the specified time (using a 24-hour clock). If you specify the month
and day, the reload is scheduled to take place at the specified time and date. If you do not specify
the month and day, the reload takes place at the specified time on the current day (if the specified
time is later than the current time) or on the next day (if the specified time is earlier than the current
time). Specifying 00:00 schedules the reload for midnight.
The reload command halts the system. If the system is not set to manually boot up, it reboots itself.
If your switch is configured for manual booting, do not reload it from a virtual terminal. This restriction
prevents the switch from entering the boot loader mode and thereby taking it from the remote user’s
control.
If you modify your configuration file, the switch prompts you to save the configuration before reloading.
During the save operation, the system requests whether you want to proceed with the save if the
CONFIG_FILE environment variable points to a startup configuration file that no longer exists. If you
proceed in this situation, the system enters setup mode upon reload.
To cancel a previously scheduled reload, use the reload cancel privileged EXEC command.
How to Perform Switch Setup Configuration
Using DHCP to download a new image and a new configuration to a switch requires that you configure
at least two switches. One switch acts as a DHCP and TFTP server and the second switch (client) is
configured to download either a new configuration file or a new configuration file and a new image file.
Configuring DHCP Autoconfiguration (Only Configuration File)
This task describes how to configure DHCP autoconfiguration of the TFTP and DHCP settings on a new
switch to download a new configuration file.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
ip dhcp poolname
Creates a name for the DHCP Server address pool, and enters DHCP
pool configuration mode.
Step 3
bootfile filename
Specifies the name of the configuration file that is used as a boot
image.
Step 4
network network-number mask
prefix-length
Specifies the subnet network number and mask of the DHCP address
pool.
Note
The prefix length specifies the number of bits that comprise
the address prefix. The prefix is an alternative way of
specifying the network mask of the client. The prefix length
must be preceded by a forward slash (/).
Step 5
default-router address
Specifies the IP address of the default router for a DHCP client.
Step 6
option 150 address
Specifies the IP address of the TFTP server.
Cisco IE 2000 Switch Software Configuration Guide
4-12
OL-25866-01
�Chapter 4
Performing Switch Setup Configuration
How to Perform Switch Setup Configuration
Command
Purpose
Step 7
exit
Returns to global configuration mode.
Step 8
tftp-server flash:filename.text
Specifies the configuration file on the TFTP server.
Step 9
interface interface-id
Specifies the address of the client that will receive the configuration
file.
Step 10
no switchport
Puts the interface into Layer 3 mode.
Step 11
ip address address mask
Specifies the IP address and mask for the interface.
Step 12
end
Returns to privileged EXEC mode.
Step 13
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Configuring DHCP Auto-Image Update (Configuration File and Image)
This task describes DHCP autoconfiguration to configure TFTP and DHCP settings on a new switch to
download a new image and a new configuration file.
Before You Begin
You must create a text file (for example, autoinstall_dhcp) that will be uploaded to the switch. In the text
file, put the name of the image that you want to download. This image must be a tar and not a bin file.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
ip dhcp pool name
Creates a name for the DHCP server address pool and enters DHCP pool
configuration mode.
Step 3
bootfile filename
Specifies the name of the file that is used as a boot image.
Step 4
network network-number mask
prefix-length
Specifies the subnet network number and mask of the DHCP address
pool.
Note
The prefix length specifies the number of bits that comprise the
address prefix. The prefix is an alternative way of specifying the
network mask of the client. The prefix length must be preceded
by a forward slash (/).
Step 5
default-router address
Specifies the IP address of the default router for a DHCP client.
Step 6
option 150 address
Specifies the IP address of the TFTP server.
Step 7
option 125 hex
Specifies the path to the text file that describes the path to the image file.
Step 8
copy tftp flash filename.txt
Uploads the text file to the switch.
Step 9
copy tftp flash imagename.tar
Uploads the tar file for the new image to the switch.
Step 10
exit
Returns to global configuration mode.
Step 11
tftp-server flash:config.text
Specifies the Cisco IOS configuration file on the TFTP server.
Step 12
tftp-server flash:imagename.tar
Specifies the image name on the TFTP server.
Step 13
tftp-server flash:filename.txt
Specifies the text file that contains the name of the image file to
download.
Step 14
interface interface-id
Specifies the address of the client that will receive the configuration file.
Step 15
no switchport
Puts the interface into Layer 3 mode.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
4-13
�Chapter 4
Performing Switch Setup Configuration
How to Perform Switch Setup Configuration
Command
Purpose
Step 16
ip address address mask
Specifies the IP address and mask for the interface.
Step 17
end
Returns to privileged EXEC mode.
Step 18
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Configuring the Client
You should only configure and enable the Layer 3 interface. Do not assign an IP address or DHCP-based
autoconfiguration with a saved configuration.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
boot host dhcp
Enables autoconfiguration with a saved configuration.
Step 3
boot host retry timeout timeout-value
(Optional) Sets the amount of time the system tries to
download a configuration file.
Note
If you do not set a timeout, the system tries
indefinitely to obtain an IP address from the
DHCP server.
Step 4
banner config-save ^C warning-message ^C
(Optional) Creates warning messages to be displayed
when you try to save the configuration file to NVRAM.
Step 5
end
Returns to privileged EXEC mode.
Step 6
show boot
Verifies the configuration.
Manually Assigning IP Information on a Routed Port
This task describes how to manually assign IP information on a Layer 3 routed port.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
interface type id
Enters interface configuration mode.
Step 3
no switchport
Configures an interface into Layer 3 mode.
Step 4
ip address address mask
Specifies the IP address and mask for the interface.
Step 5
exit
Returns to global configuration mode.
Step 6
ip default-gateway ip-address
Enters the IP address of the next-hop router interface that is directly
connected to the switch where a default gateway is being configured. The
default gateway receives IP packets with unresolved destination IP
addresses from the switch.
Once the default gateway is configured, the switch has connectivity to the
remote networks with which a host needs to communicate.
Note
Step 7
end
When your switch is configured to route with IP, it does not need
to have a default gateway set.
Returns to privileged EXEC mode.
Cisco IE 2000 Switch Software Configuration Guide
4-14
OL-25866-01
�Chapter 4
Performing Switch Setup Configuration
How to Perform Switch Setup Configuration
Command
Purpose
Step 8
show ip redirects
Verifies the configured default gateway.
Step 9
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Manually Assigning IP Information to SVIs
This task describes how to manually assign IP information to multiple switched virtual interfaces (SVIs).
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
interface vlan vlan-id
Enters interface configuration mode, and enters the VLAN to which the
IP information is assigned. The VLAN range is 1 to 4096.
Step 3
ip address ip-address subnet-mask
Enters the IP address and subnet mask.
Step 4
exit
Returns to global configuration mode.
Step 5
ip default-gateway ip-address
Enters the IP address of the next-hop router interface that is directly
connected to the switch where a default gateway is being configured. The
default gateway receives IP packets with unresolved destination IP
addresses from the switch.
Once the default gateway is configured, the switch has connectivity to the
remote networks with which a host needs to communicate.
Note
When your switch is configured to route with IP, it does not need
to have a default gateway set.
Step 6
end
Returns to privileged EXEC mode.
Step 7
show interfaces vlan vlan-id
Verifies the configured IP address.
Step 8
show ip redirects
Verifies the configured default gateway.
Step 9
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Modifying the Startup Configuration
Specifying the Filename to Read and Write the System Configuration
By default, the Cisco IOS software uses the config.text file to read and write a nonvolatile copy of the
system configuration. However, you can specify a different filename, which will be loaded during the
next boot-up cycle.
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
4-15
�Chapter 4
Performing Switch Setup Configuration
How to Perform Switch Setup Configuration
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
boot config-file flash:/file-url
Specifies the configuration file to load during the next boot-up
cycle.
For file-url, specify the path (directory) and the configuration
filename.
Filenames and directory names are case sensitive.
Step 3
end
Returns to privileged EXEC mode.
Step 4
show boot
Verifies your entries.
The boot config-file global configuration command changes the
setting of the CONFIG_FILE environment variable.
Step 5
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Manually Booting the Switch
By default, the switch automatically boots up; however, you can configure it to manually boot up.
Before You Begin
Use a standalone switch for this task.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
boot manual
Enables the switch to manually boot up during the next boot cycle.
Step 3
end
Returns to privileged EXEC mode.
Step 4
show boot
Verifies your entries.
The boot manual global command changes the setting of the
MANUAL_BOOT environment variable.
The next time you reboot the system, the switch is in boot loader
mode, shown by the switch: prompt. To boot up the system, use the
boot filesystem:/file-url boot loader command.
•
For filesystem:, use flash: for the system board flash device.
•
For file-url, specify the path (directory) and the name of the
bootable image.
Filenames and directory names are case sensitive.
Step 5
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Cisco IE 2000 Switch Software Configuration Guide
4-16
OL-25866-01
�Chapter 4
Performing Switch Setup Configuration
Monitoring Switch Setup Configuration
Booting a Specific Software Image
By default, the switch attempts to automatically boot up the system using information in the BOOT
environment variable. If this variable is not set, the switch attempts to load and execute the first
executable image it can by performing a recursive, depth-first search throughout the flash file system. In
a depth-first search of a directory, each encountered subdirectory is completely searched before
continuing the search in the original directory. However, you can specify a specific image to boot up.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
boot system filesystem:/file-url
Configures the switch to boot a specific image in flash memory during the
next boot cycle.
•
For filesystem:, use flash: for the system board flash device.
•
For file-url, specify the path (directory) and the name of the bootable
image.
Filenames and directory names are case sensitive.
Step 3
end
Returns to privileged EXEC mode.
Step 4
show boot
Verifies your entries.
The boot system global command changes the setting of the BOOT
environment variable.
During the next boot cycle, the switch attempts to automatically boot up the
system using information in the BOOT environment variable.
Step 5
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Monitoring Switch Setup Configuration
Verifying the Switch Running Configuration
You can check the configuration settings that you entered or changes that you made by entering this
privileged EXEC command:
Switch# show running-config
Building configuration...
Current configuration: 1363 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch A
!
enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0
!
.