Cisco IE 2000 User Manual

Download

Page 1

Cisco IE 2000 Switch Software Configuration Guide

Cisco IOS Release 15.0(1)EY July 2012

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-25866-01

Page 2

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:

www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership

relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco IE 2000 Switch Software Configuration Guide

IMPLIED, INCLUDING, WITHOUT

Page 3

CONTENTS

Preface li

Audience li

Purpose li

Conventions li

Related Publications lii

Obtaining Documentation, Obtaining Support, and Security Guidelines liii

CHAPTER

1 Configuration Overview 1-1

Features 1-1

Feature Software Licensing 1-1

Ease-of-Deployment and Ease-of-Use Features 1-2 Performance Features 1-2 Management Options 1-3 Industrial Application 1-4 Manageability Features 1-4 Availability and Redundancy Features 1-5 VLAN Features 1-6 Security Features 1-7 QoS and CoS Features 1-10 Monitoring Features 1-11

Default Settings After Initial Switch Configuration 1-11

Network Configuration Examples 1-14

Design Concepts for Using the Switch 1-14 Ethernet-to-the-Factory Architecture 1-15

Enterprise Zone 1-15 Demilitarized Zone 1-16 Manufacturing Zone 1-16 Topology Options 1-18

CHAPTER

OL-25866-01

Where to Go Next 1-21

2 Using the Command-Line Interface 2-1

Information About Using the Command-Line Interface 2-1

Command Modes 2-1 Help System 2-3

Cisco IE 2000 Switch Software Configuration Guide

iii

Page 4

Contents

Understanding Abbreviated Commands 2-4 No and default Forms of Commands 2-4

CLI Error Messages 2-5

Configuration Logging 2-5

How to Use the CLI to Configure Features 2-6

Configuring the Command History 2-6

Changing the Command History Buffer Size 2-6 Recalling Commands 2-6 Disabling the Command History Feature 2-7

Using Editing Features 2-7

Enabling and Disabling Editing Features 2-7 Editing Commands Through Keystrokes 2-7

Editing Command Lines That Wrap 2-9 Searching and Filtering Output of show and more Commands 2-10 Accessing the CLI 2-10

Accessing the CLI through a Console Connection or through Telnet 2-10

CHAPTER

3 Configuring Switch Alarms 3-1

Finding Feature Information 3-1

Information About Switch Alarms 3-1

Global Status Monitoring Alarms 3-2 FCS Error Hysteresis Threshold 3-2 Port Status Monitoring Alarms 3-2 Triggering Alarm Options 3-3 External Alarms 3-4 Default Switch Alarm Settings 3-5

How to Configure Switch Alarms 3-5

Configuring External Alarms 3-5 Configuring the Power Supply Alarms 3-6 Configuring the Switch Temperature Alarms 3-6 Associating the Temperature Alarms to a Relay 3-7 Configuring the FCS Bit Error Rate Alarm 3-7

Setting the FCS Error Threshold 3-7

Setting the FCS Error Hysteresis Threshold 3-8 Configuring Alarm Profiles 3-8

Creating an Alarm Profile 3-8

Modifying an Alarm Profile 3-8

Attaching an Alarm Profile to a Specific Port 3-9 Enabling SNMP Traps 3-9

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 5

Monitoring and Maintaining Switch Alarms Status 3-9

Configuration Examples for Switch Alarms 3-10

Configuring External Alarms: Example 3-10 Associating Temperature Alarms to a Relay: Examples 3-10 Creating or Modifying an Alarm Profile: Example 3-10 Setting the FCS Error Hysteresis Threshold: Example 3-11 Configuring a Dual Power Supply: Examples 3-11 Displaying Alarm Settings: Example 3-11

Additional References 3-12

Related Documents 3-12 Standards 3-12 MIBs 3-12 RFCs 3-13 Technical Assistance 3-13

Contents

CHAPTER

4 Performing Switch Setup Configuration 4-1

Restrictions for Performing Switch Setup Configuration 4-1

Information About Performing Switch Setup Configuration 4-1

Switch Boot Process 4-1 Default Switch Boot Settings 4-3 Switch Boot Optimization 4-3 Switch Information Assignment 4-4 Switch Default Settings 4-4 DHCP-Based Autoconfiguration Overview 4-4

DHCP Client Request Process 4-5

DHCP-Based Autoconfiguration and Image Update 4-6

DHCP Autoconfiguration 4-6

DHCP Auto-Image Update 4-6 DHCP Server Configuration Guidelines 4-7 TFTP Server 4-7 DNS Server 4-8 Relay Device 4-8 How to Obtain Configuration Files 4-9 How to Control Environment Variables 4-10

Common Environment Variables 4-11 Scheduled Reload of the Software Image 4-11

OL-25866-01

How to Perform Switch Setup Configuration 4-12

Configuring DHCP Autoconfiguration (Only Configuration File) 4-12

Configuring DHCP Auto-Image Update (Configuration File and Image) 4-13

Cisco IE 2000 Switch Software Configuration Guide

Page 6

Contents

Configuring the Client 4-14 Manually Assigning IP Information on a Routed Port 4-14 Manually Assigning IP Information to SVIs 4-15 Modifying the Startup Configuration 4-15

Specifying the Filename to Read and Write the System Configuration 4-15

Manually Booting the Switch 4-16

Booting a Specific Software Image 4-17

Monitoring Switch Setup Configuration 4-17

Verifying the Switch Running Configuration 4-17

Configuration Examples for Performing Switch Setup Configuration 4-18

Retrieving IP Information Using DHCP-Based Autoconfiguration: Example 4-18 Scheduling Software Image Reload: Examples 4-20 Configuring DHCP Auto-Image Update: Example 4-20 Configuring a Switch as a DHCP Server: Example 4-20 Configuring Client to Download Files from DHCP Server 4-21

CHAPTER

Additional References 4-22

Related Documents 4-22 Standards 4-22 MIBs 4-22 RFCs 4-22 Technical Assistance 4-22

5 Configuring Cisco IOS Configuration Engine 5-1

Finding Feature Information 5-1

Prerequisites for Configuring Cisco IOS Configuration Engine 5-1

Information About Configuring Cisco IOS Configuration Engine 5-2

Configuration Service 5-3 Event Service 5-3 NameSpace Mapper 5-4 CNS IDs and Device Hostnames 5-4

ConfigID 5-4

DeviceID 5-4

Hostname and DeviceID Interaction 5-5

Using Hostname, DeviceID, and ConfigID 5-5 Cisco IOS Agents 5-5

Initial Configuration 5-5

Incremental (Partial) Configuration 5-6

Synchronized Configuration 5-6

How to Configure Cisco IOS Configuration Engine 5-7

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 7

Configuring Cisco IOS Agents 5-7

Enabling CNS Event Agent 5-7 Enabling Cisco IOS CNS Agent and an Initial Configuration 5-8 Enabling a Partial Configuration 5-10

Monitoring and Maintaining Cisco IOS Configuration Engine 5-11

Configuration Examples for Cisco IOS Configuration Engine 5-11

Enabling the CNS Event Agent: Example 5-11 Configuring an Initial CNS Configuration: Examples 5-11

Additional References 5-12

Related Documents 5-12 Standards 5-12 MIBs 5-12 RFCs 5-12 Technical Assistance 5-13

Contents

CHAPTER

6 Configuring Switch Clusters 6-1

Finding Feature Information 6-1

Prerequisites for Configuring Switch Clusters 6-1

Cluster Command Switch Characteristics 6-1 Standby Cluster Command Switch Characteristics 6-2 Candidate Switch and Cluster Member Switch Characteristics 6-2

Restrictions for Configuring Switch Clusters 6-3

Information About Configuring Switch Clusters 6-3

Benefits of Clustering Switches 6-3 Eligible Cluster Switches 6-3

How to Plan for Switch Clustering 6-4

Automatic Discovery of Cluster Candidates and Members 6-5

Discovery Through CDP Hops 6-5 Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 6-7 Discovery Through Different VLANs 6-7 Discovery Through Different Management VLANs 6-8 Discovery Through Routed Ports 6-9

Discovery of Newly Installed Switches 6-10 IP Addresses 6-11 Hostnames 6-11 Passwords 6-12 SNMP Community Strings 6-12 TACACS+ and RADIUS 6-12 LRE Profiles 6-13

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

vii

Page 8

Contents

Managing Switch Clusters 6-13

Using the CLI to Manage Switch Clusters 6-13 Using SNMP to Manage Switch Clusters 6-14

Additional References 6-15

Related Documents 6-15 Standards 6-15 MIBs 6-15 RFCs 6-15 Technical Assistance 6-15

CHAPTER

7 Performing Switch Administration 7-1

Finding Feature Information 7-1

Information About Performing Switch Administration 7-1

System Time and Date Management 7-1

System Clock 7-1 Network Time Protocol 7-2 NTP Version 4 7-3

DNS 7-4

Default DNS Configuration 7-4 Login Banners 7-4 System Name and Prompt 7-5 MAC Address Table 7-5

Address Table 7-5

MAC Addresses and VLANs 7-5

Default MAC Address Table Configuration 7-6

Address Aging Time for VLANs 7-6

MAC Address Change Notification Traps 7-6

Static Addresses 7-6

Unicast MAC Address Filtering 7-7

MAC Address Learning on a VLAN 7-8 ARP Table Management 7-8

viii

How to Perform Switch Administration 7-9

Configuring Time and Date Manually 7-9

Setting the System Clock 7-9

Configuring the Time Zone 7-9

Configuring Summer Time (Daylight Saving Time) 7-10

Configuring Summer Time (Exact Date and Time) 7-11 Configuring a System Name 7-11 Setting Up DNS 7-11

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 9

Configuring Login Banners 7-12

Configuring a Message-of-the-Day Login Banner 7-12 Configuring a Login Banner 7-13

Managing the MAC Address Table 7-13

Changing the Address Aging Time 7-13 Configuring MAC Address Change Notification Traps 7-14 Configuring MAC Address Move Notification Traps 7-15 Configuring MAC Threshold Notification Traps 7-15 Adding and Removing Static Address Entries 7-17 Configuring Unicast MAC Address Filtering 7-17 Disabling MAC Address Learning on a VLAN 7-17

Monitoring and Maintaining Switch Administration 7-18

Configuration Examples for Performing Switch Admininistration 7-18

Setting the System Clock: Example 7-18 Configuring Summer Time: Examples 7-18 Configuring a MOTD Banner: Examples 7-19 Configuring a Login Banner: Example 7-19 Configuring MAC Address Change Notification Traps: Example 7-19 Sending MAC Address Move Notification Traps: Example 7-20 Configuring MAC Threshold Notification Traps: Example 7-20 Adding the Static Address to the MAC Address Table: Example 7-20 Configuring Unicast MAC Address Filtering: Example 7-20

Contents

CHAPTER

Additional References 7-21

Related Documents 7-21 Standards 7-21 MIBs 7-21 RFCs 7-21 Technical Assistance 7-21

8 Configuring PTP 8-1

Finding Feature Information 8-1

Prerequisites for Configuring PTP 8-1

Restrictions for Configuring PTP 8-1

Information About Configuring PTP 8-1

Precision Time Protocol 8-1

How to Configure PTP 8-2

Default PTP Settings 8-2 Setting Up PTP 8-3

Monitoring and Maintaining the PTP Configuration 8-3

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

Page 10

Contents

Troubleshooting the PTP Configuration 8-4

Additional References 8-4

Related Documents 8-4 Standards 8-4 MIBs 8-4 RFCs 8-5 Technical Assistance 8-5

CHAPTER

9 Configuring PROFINET 9-1

Finding Feature Information 9-1

Restrictions for Configuring PROFINET 9-1

Information About Configuring PROFINET 9-1

PROFINET Device Roles 9-2 PROFINET Device Data Exchange 9-2

How to Configure PROFINET 9-4

Configuring PROFINET 9-4 Default Configuration 9-4 Enabling PROFINET 9-4

Monitoring and Maintaining PROFINET 9-5

Troubleshooting PROFINET 9-5

Additional References 9-6

Related Documents 9-6 Standards 9-6 MIBs 9-6 RFCs 9-6 Technical Assistance 9-6

CHAPTER

10 Configuring CIP 10-1

Finding Feature Information 10-1

Restrictions for Configuring CIP 10-1

Information About Configuring CIP 10-1

How to Configure CIP 10-1

Default Configuration 10-1 Enabling CIP 10-2

Monitoring CIP 10-2

Troubleshooting CIP 10-2

Additional References 10-3

Related Documents 45-13 Standards 45-13

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 47

MIBs 45-14 RFCs 45-14 Technical Assistance 45-14

Contents

CHAPTER

46 Troubleshooting 46-1

Finding Feature Information 46-1

Information for Troubleshooting 46-1

Autonegotiation Mismatches Prevention 46-1 SFP Module Security and Identification 46-2 Ping 46-2 Layer 2 Traceroute 46-3 Layer 2 Traceroute Usage Guidelines 46-3 IP Traceroute 46-4 TDR 46-4 Crashinfo Files 46-5 Basic crashinfo Files 46-5 Extended crashinfo Files 46-5 CPU Utilization 46-6

Problem and Cause for High CPU Utilization 46-6

How to Troubleshoot 46-7

Recovering from Software Failures 46-7 Recovering from a Lost or Forgotten Password 46-8 Recovering from Lost Cluster Member Connectivity 46-9 Executing Ping 46-9 Executing IP Traceroute 46-10 Running TDR and Displaying the Results 46-11 Enabling Debugging on a Specific Feature 46-12 Enabling All-System Diagnostics 46-12 Redirecting Debug and Error Message Output 46-13

OL-25866-01

Monitoring Information 46-13

Physical Path 46-13 SFP Module Status 46-13

Troubleshooting Examples 46-14

show platform forward Command 46-14

Additional References 46-16

Related Documents 46-16 Standards 46-16 MIBs 46-16 RFCs 46-17

Cisco IE 2000 Switch Software Configuration Guide

xlvii

Page 48

Contents

Technical Assistance 46-17

APPENDIX

A Working with the Cisco IOS File System, Configuration Files, and Software Images A-1

Working with the Flash File System A-1

Displaying Available File Systems A-1 Detecting an Unsupported SD Flash Memory Card A-2

SD Flash Memory Card LED A-3 Setting the Default File System A-3 Displaying Information About Files on a File System A-4 Changing Directories and Displaying the Working Directory A-5 Creating and Removing Directories A-5 Copying Files A-6 Deleting Files A-6 Creating, Displaying, and Extracting tar Files A-7

Creating a tar File A-7

Displaying the Contents of a tar File A-7

Extracting a tar File A-8 Displaying the Contents of a File A-9

Working with Configuration Files A-9

Guidelines for Creating and Using Configuration Files A-9 Configuration File Types and Location A-10 Creating a Configuration File By Using a Text Editor A-10 Copying Configuration Files By Using TFTP A-11

Preparing to Download or Upload a Configuration File By Using TFTP A-11

Downloading the Configuration File By Using TFTP A-11

Uploading the Configuration File By Using TFTP A-12 Copying Configuration Files By Using FTP A-13

Preparing to Download or Upload a Configuration File By Using FTP A-13

Downloading a Configuration File By Using FTP A-14

Uploading a Configuration File By Using FTP A-15 Copying Configuration Files By Using RCP A-16

Preparing to Download or Upload a Configuration File By Using RCP A-16

Downloading a Configuration File By Using RCP A-17

Uploading a Configuration File By Using RCP A-18 Clearing Configuration Information A-19

Clearing the Startup Configuration File A-19

Deleting a Stored Configuration File A-19 Replacing and Rolling Back Configurations A-19

Understanding Configuration Replacement and Rollback A-19

xlviii

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 49

Configuration Guidelines A-20 Configuring the Configuration Archive A-21 Performing a Configuration Replacement or Rollback Operation A-21

Working with Software Images A-22

Image Location on the Switch A-23 tar File Format of Images on a Server or Cisco.com A-23 Copying Image Files By Using TFTP A-24

Preparing to Download or Upload an Image File By Using TFTP A-25 Downloading an Image File By Using TFTP A-25 Uploading an Image File By Using TFTP A-27

Copying Image Files By Using FTP A-27

Preparing to Download or Upload an Image File By Using FTP A-28 Downloading an Image File By Using FTP A-29 Uploading an Image File By Using FTP A-30

Copying Image Files By Using RCP A-31

Preparing to Download or Upload an Image File By Using RCP A-32 Downloading an Image File By Using RCP A-33 Uploading an Image File By Using RCP A-34

Contents

NDEX

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

xlix

Page 50

Contents

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 51

Audience

Purpose

Preface

This guide is for the networking professional managing your switch. Before using this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of Ethernet and local area networking.

This guide provides the information that you need to configure Cisco IOS software features on your switch.

This guide provides procedures for using the commands that have been created or changed for use with the switch. It does not provide detailed information about these commands. For detailed information about these commands, see the Cisco IE

For information about the standard Cisco IOS commands, see the Cisco IOS 15.0 documentation set available from the Cisco.com home page.

This guide does not provide detailed information on the graphical user interfaces (GUIs) for the embedded Device Manager. However, the concepts in this guide are applicable to the GUI user. For information about Device Manager, see the switch online help.

For documentation updates, see the release notes for this release.

Conventions

This publication uses these conventions to convey instructions and information:

Command descriptions use these conventions:

• Commands and keywords are in boldface text.

• Arguments for which you supply values are in italic.

• Square brackets ([ ]) mean optional elements.

2000 Switch Command Reference for this release.

OL-25866-01

• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.

• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional

element.

Interactive examples use these conventions:

Cisco IE 2000 Switch Software Configuration Guide

Page 52

• Terminal sessions and system displays are in screen font.

• Information you enter is in boldface screen font.

• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Notes, cautions, and timesavers use these conventions and symbols:

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in

this manual.

Caution Means reader be careful. In this situation, you might do something that could result in equipment

damage or loss of data.

Related Publications

These documents provide complete information about the switch and are available from this Cisco.com site:

Preface

http://www.cisco.com/go/ie2000_docs

Note Before installing, configuring, or upgrading the switch, see these documents:

• For initial configuration information, see the “Using Express Setup” section in the getting started

guide or the “Configuring the Switch with the CLI-Based Setup Program” appendix in the hardware installation guide.

• For Device Manager requirements, see the “System Requirements” section in the release notes (not

orderable but available on Cisco.com).

• For upgrading information, see the “Downloading Software” section in the release notes.

See these documents for other information about the switch:

• Release Notes for the Cisco IE 2000 Switch

• Cisco IE 2000 Switch Software Configuration Guide

• Cisco IE 2000 Switch Command Reference

• Cisco IE 2000 Switch System Message Guide

• Cisco IE 2000 Switch Hardware Installation Guide

• Cisco IE 2000 Switch Getting Started Guide

• Regulatory Compliance and Safety Information for the Cisco IE 2000 Switch

• Cisco Small Form-Factor Pluggable Modules Installation Notes

lii

• Device Manager online help (available on the switch)

• For more information about the Network Admission Control (NAC) features, see the Network

Admission Control Software Configuration Guide.

• Compatibility matrix documents are available from this Cisco.com site:

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 53

Preface

http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html

–

Cisco Gigabit Ethernet Transceiver Modules Compatibility Matrix

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s revised Cisco

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

technical documentation, at:

New in Cisco Product Documentation, which also lists all new and

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

liii

Page 54

Preface

liv

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 55

Configuration Overview

Features

Your switch uses the Cisco IOS software licensing (CISL) architecture to support a single universal cryptographic image (supports encryption). This image implements the LAN Base or LAN Lite features depending on your switch model:r

• The LAN Base image provides quality of service (QoS), port security, 1588v2 PTP, and static

routing features.

• The LAN Lite image provides reduced Layer 2 functionality without the loss of critical security

features such as SSH and SNMPv3.

Feature Software Licensing

CHA PTER

A feature license is supported on a single universal image that implements the LAN Base or LAN Lite features depending on your software license:

• The LAN Base features include quality of service (QoS), port security, PTP, and static routing.

• The LAN Lite features provide Layer 2 functionality without losing critical security features such

as SSH and SNMPv3.

Cryptographic functionality is included on the universal image.

These guidelines can help you determine what image is running on your switch:

• Enter the show version privileged EXEC command. For example, IE-2000-8TC-G-E runs the LAN

Base image by default and the IE-2000-4T-G-L runs the LAN Lite image by default.

• Enter the show license privileged EXEC command, to see which is the active image:

Switch# show license Index 1 Feature: lanbase Period left: Life time License Type: Permanent License State: Active, In Use License Priority: Medium License Count: Non-Counted

Index 2 Feature: lanlite Period left: 0 minute 0 second

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

1-1

Page 56

Feature Software Licensing

Ease-of-Deployment and Ease-of-Use Features

• Express Setup for quickly configuring a switch for the first time with basic IP information, contact

information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP) information through a browser-based program. For more information about Express Setup, see the getting started guide.

• User-defined and Cisco-default Smartports macros for creating custom switch configurations for

simplified deployment across the network.

• A removable SD flash card that stores the Cisco IOS software image and configuration files for the

switch. You can replace and upgrade the switch without reconfiguring the software features.

• An embedded Device Manager GUI for configuring and monitoring a single switch through a web

browser. For information about launching Device Manager, see the getting started guide. For more information about Device Manager, see the switch online help.

Performance Features

• Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing

bandwidth

Chapter 1 Configuration Overview

• Automatic medium-dependent interface crossover (auto-MDIX) capability on 10/100 and

10/100/1000 Mb/s interfaces and on 10/100/1000 BASE-TX SFP module interfaces that enables the interface to automatically detect the required cable connection type (straight-through or crossover) and to configure the connection appropriately

• Support for up to 1546 bytes routed frames, up to 9000 bytes for frames that are bridged in hardware,

and up to 2000 bytes for frames that are bridged by software

• IEEE 802.3x flow control on all ports (the switch does not send pause frames)

• Support for up to 6 EtherChannel groups

• Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic

creation of EtherChannel links

• Per-port storm control for preventing broadcast, multicast, and unicast storms

• Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast

traffic

• Cisco Group Management Protocol (CGMP) server support and Internet Group Management

Protocol (IGMP) snooping for IGMP Versions

–

(For CGMP devices) CGMP for limiting multicast traffic to specified end stations and reducing

1, 2, and 3:

overall network traffic

–

(For IGMP devices) IGMP snooping for forwarding multimedia and multicast traffic

• IGMP report suppression for sending only one IGMP report per multicast router query to the

multicast devices (supported only for IGMPv1 or IGMPv2 queries)

• IGMP snooping querier support to configure switch to generate periodic IGMP general query

messages

1-2

• IGMP helper to allow the switch to forward a host request to join a multicast stream to a specific IP

destination address

• IGMP filtering for controlling the set of multicast groups to which hosts on a switch port can belong

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 57

Chapter 1 Configuration Overview

• IGMP throttling for configuring the action when the maximum number of entries is in the IGMP

forwarding table

• IGMP leave timer for configuring the leave latency for the network

• Switch Database Management (SDM) templates for allocating system resources to maximize

support for user-selected features

• Cisco IOS IP Service Level Agreements (SLAs), a part of Cisco IOS software that uses active traffic

monitoring for measuring network performance

• Configurable small-frame arrival threshold to prevent storm control when small frames (64 bytes or

less) arrive on an interface at a specified rate (the threshold)

• FlexLink Multicast Fast Convergence to reduce the multicast traffic convergence time after a

FlexLink failure

• RADIUS server load balancing to allow access and authentication requests to be distributed evenly

across a server group

• Support for QoS marking of CPU-generated traffic and queue CPU-generated traffic on the egress

network ports

Feature Software Licensing

Management Options

• An embedded Device Manager—Device Manager is a GUI application that is integrated in the

software image. You use it to configure and to monitor a single switch. For information about launching Device Manager, see the getting started guide. For more information about Device Manager, see the switch online help.

• Network Assistant—Network Assistant is a network management application that can be

downloaded from Cisco.com. You use it to manage a single switch, a cluster of switches, or a community of devices. For more information about Network Assistant, see Getting Started with Cisco Network Assistant, available on Cisco.com.

• CLI—The Cisco IOS software supports desktop- and multilayer-switching features. You can access

the CLI either by connecting your management station directly to the switch console port or by using Telnet from a remote management station. For more information about the CLI, see

“Using the Command-Line Interface.”

• SNMP—SNMP management applications such as CiscoWorks2000 LAN Management Suite (LMS)

and HP OpenView. You can manage from an SNMP-compatible management station that is running platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive set of MIB extensions and four remote monitoring (RMON) groups. For more information about using SNMP, see

• Cisco IOS Configuration Engine (previously known as the Cisco IOS CNS agent)—Configuration

service automates the deployment and management of network devices and services. You can automate initial configurations and configuration updates by generating switch-specific configuration changes, sending them to the switch, executing the configuration change, and logging the results.

Chapter 2,

Chapter 36, “Configuring SNMP.”

OL-25866-01

For more information about CNS, see Chapter 5, “Configuring Cisco IOS Configuration Engine.”

Cisco IE 2000 Switch Software Configuration Guide

1-3

Page 58

Feature Software Licensing

Industrial Application

• CIP—Common Industrial Protocol (CIP) is a peer-to-peer application protocol that provides

application level connections between the switch and industrial devices such as I/O controllers, sensors, relays, and so forth.You can manage the switch using CIP-based management tools, such as RSLogix. For more information about the CIP commands that the switch supports, see the command reference.

• Profinet Version 2—Support for PROFINET IO, a modular communication framework for

distributed automation applications. The switch provides a PROFINET management connection to the I/O controllers.

Manageability Features

• CNS embedded agents for automating switch management, configuration storage, and delivery.

• DHCP for automating configuration of switch information (such as IP address, default gateway,

hostname, and Domain Name System [DNS] and TFTP server names).

• DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address

requests, from DHCP clients.

Chapter 1 Configuration Overview

• DHCP server for automatic assignment of IP addresses and other DHCP options to IP hosts.

• DHCP-based autoconfiguration and image update to download a specified configuration of a new

image to a large number of switches.

• DHCPv6 bulk-lease query to support new bulk lease query type (as defined in RFC5460).

• DHCPv6 Relay Source Configuration feature to configure a source address for DHCPv6 relay agent.

• DHCP server port-based address allocation for the preassignment of an IP address to a switch port.

• Directed unicast requests to a DNS server for identifying a switch through its IP address and its

corresponding hostname and to a TFTP server for administering software upgrades from a TFTP server.

• Address Resolution Protocol (ARP) for identifying a switch through its IP address and its

corresponding MAC address.

• Unicast MAC address filtering to drop packets with specific source or destination MAC addresses.

• Configurable MAC address scaling that allows disabling MAC address learning on a VLAN to limit

the size of the MAC address table.

• Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology discovery and mapping

between the switch and other Cisco devices on the network.

• Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (LLDP-MED) for

interoperability with third-party IP phones.

• LLDP media extensions (LLDP-MED) location TLV that provides location information from the

switch to the endpoint device.

1-4

• Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external

source.

• Network Time Protocol version 4 (NTPv4) to support both IPv4 and IPv6 and compatibility with

NTPv3.

• Precision Time Protocol (PTP) as defined in the IEEE 1588 standard to synchronize with

nanosecond accuracy the real-time clocks of the devices in a network.

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 59

Chapter 1 Configuration Overview

–

• Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses.

• Support for the SSM PIM protocol to optimize multicast applications, such as video.

• Configuration logging to log and to view changes to the switch configuration.

• Unique device identifier to provide product identification information through a show inventory

user EXEC command display.

• In-band management access through Device Manager over a Netscape Navigator or Microsoft

Internet Explorer browser session.

• In-band management access for up to 16 simultaneous Telnet connections for multiple CLI-based

sessions over the network.

• In-band management access for up to five simultaneous, encrypted Secure Shell (SSH) connections

for multiple CLI-based sessions over the network.

• In-band management access through SNMP Versions 1, 2c, and 3 get and set requests.

• Out-of-band management access through the switch console port to a directly attached terminal or

to a remote terminal through a serial connection or a modem.

• Secure Copy Protocol (SCP) feature to provide a secure and authenticated method for copying

switch configuration or switch image files (requires the cryptographic version of the software).

Feature Software Licensing

PTP enhancement to support PTP messages on the expansion module ports.

• Configuration replacement and rollback to replace the running configuration on a switch with any

saved Cisco IOS configuration file.

• The HTTP client in Cisco IOS can send requests to both IPv4 and IPv6 HTTP server, and the HTTP

server in Cisco IOS can service HTTP requests from both IPv4 and IPv6 HTTP clients.

• Simple Network and Management Protocol (SNMP) can be configured over IPv6 transport so that

an IPv6 host can send SNMP queries and receive SNMP notifications from a device running IPv6.

• IPv6 stateless autoconfiguration to manage link, subnet, and site addressing changes, such as

management of host and mobile IP addresses.

• Disabling MAC address learning on a VLAN.

• DHCP server port-based address allocation for the preassignment of an IP address to a switch port.

• CPU utilization threshold trap monitors CPU utilization.

• LLDP-MED network-policy profile time, length, value (TLV) for creating a profile for voice and

voice-signaling by specifying the values for VLAN, class of service (CoS), differentiated services code point (DSCP), and tagging mode.

• Support for including a hostname in the option 12 field of DHCPDISCOVER packets. This provides

identical configuration files to be sent by using the DHCP protocol.

• DHCP Snooping enhancement to support the selection of a fixed string-based format for the

circuit-id sub-option of the Option 82 DHCP field.

• Support for PROFINET IO, a modular communication framework for distributed automation

applications. The switch provides a PROFINET management connection to the I/O controllers.

Availability and Redundancy Features

• UniDirectional Link Detection (UDLD) and aggressive UDLD for detecting and disabling

unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

1-5

Page 60

Feature Software Licensing

• IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free

• IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree

• Optional spanning-tree features available in PVST+, rapid-PVST+, and MSTP mode:

Chapter 1 Configuration Overview

networks. STP has these features:

–

Up to 128 spanning-tree instances supported

–

Per-VLAN spanning-tree plus (PVST+) for load balancing across VLANs

–

Rapid PVST+ for load balancing across VLANs and providing rapid convergence of spanning-tree instances

instance and for providing multiple forwarding paths for data traffic and load balancing and rapid per-VLAN Spanning-Tree plus (rapid-PVST+) based on the IEEE Protocol (RSTP) for rapid convergence of the spanning tree by immediately changing root and designated ports to the forwarding state

–

Port Fast for eliminating the forwarding delay by enabling a port to immediately change from the blocking state to the forwarding state

–

BPDU guard for shutting down Port Fast-enabled ports that receive bridge protocol data units (BPDUs)

802.1w Rapid Spanning Tree

VLAN Features

–

BPDU filtering for preventing a Port Fast-enabled port from sending or receiving BPDUs

–

Root guard for preventing switches outside the network core from becoming the spanning-tree root

–

Loop guard for preventing alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link

• FlexLink Layer 2 interfaces to back up one another as an alternative to STP for basic link

redundancy (requires the LAN Base image)

• Link-state tracking to mirror the state of the ports that carry upstream traffic from connected hosts

and servers, and to allow the failover of the server traffic to an operational link on another Cisco Ethernet switch.

• Support for up to 255 VLANs for assigning users to VLANs associated with appropriate network

resources, traffic patterns, and bandwidth.

• Support for VLAN IDs in the 1 to 4096 range as allowed by the IEEE 802.1Q standard.

• VLAN Query Protocol (VQP) for dynamic VLAN membership.

• IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes;

management and control of broadcast and multicast traffic; and network security by establishing VLAN groups for high-security users and network resources.

• Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for

negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used.

1-6

• VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting

flooded traffic to links destined for stations receiving the traffic.

• Voice VLAN for creating subnets for voice traffic from Cisco IP phones.

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 61

Chapter 1 Configuration Overview

• VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1

• VLAN FlexLink load balancing to provide Layer 2 redundancy without requiring Spanning Tree

• Support for 802.1x authentication with restricted VLANs (also known as authentication failed

• Support for VTP version 3 that includes support for configuring extended range VLANs (VLANs

Security Features

• IP Service Level Agreements (IP SLAs) support to measure network performance by using active

• IP SLAs EOT to use the output from IP SLAs tracking operations triggered by an action such as

Feature Software Licensing

to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or received on the trunk. The switch CPU continues to send and receive control protocol frames.

Protocol (STP). A pair of interfaces configured as primary and backup links can load balance traffic based on VLAN.

VLANs).

1006 to 4096) in any VTP mode, enhanced authentication (hidden or secret passwords), propagation of other databases in addition to VTP, VTP primary and secondary servers, and the option to turn VTP on or off by port.

traffic monitoring

latency, jitter, or packet loss for a standby router failover takeover (requires the LAN Base image)

• Web authentication to allow a supplicant (client) that does not support IEEE 802.1x functionality to

be authenticated using a web browser

• Local web authentication banner so that a custom banner or an image file can be displayed at a web

authentication login screen

• MAC authentication bypass (MAB) aging timer to detect inactive hosts that have authenticated after

they have authenticated by using MAB

• Password-protected access (read-only and read-write access) to management interfaces (Device

Manager, Network Assistant, and the CLI) for protection against unauthorized configuration changes

• Multilevel security for a choice of security level, notification, and resulting actions

• Static MAC addressing for ensuring security

• Protected port option for restricting the forwarding of traffic to designated ports on the same switch

• Port security option for limiting and identifying MAC addresses of the stations allowed to access

the port

• VLAN-aware port security option to shut down the VLAN on the port when a violation occurs,

instead of shutting down the entire port

• Port security aging to set the aging time for secure addresses on a port

• Protocol storm protection to control the rate of incoming protocol traffic to a switch by dropping

packets that exceed a specified ingress rate

• BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs

OL-25866-01

• Standard and extended IP access control lists (ACLs) for defining security policies in both directions

on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs)

• Extended MAC access control lists for defining security policies in the inbound direction on Layer 2

interfaces

• Source and destination MAC-based ACLs for filtering non-IP traffic

Cisco IE 2000 Switch Software Configuration Guide

1-7

Page 62

Feature Software Licensing

• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers

• IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP

• Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP

• Layer 2 protocol tunneling bypass feature to provide interoperability with third-party vendors

• IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining

Chapter 1 Configuration Overview

snooping database and IP source bindings

requests and responses to other ports in the same VLAN

access to the network. These features are supported:

–

Multidomain authentication (MDA) to allow both a data device and a voice device, such as an IP phone (Cisco or non-Cisco), to independently authenticate on the same IEEE 802.1x-enabled switch port

–

Dynamic voice virtual LAN (VLAN) for MDA to allow a dynamic voice VLAN on an MDA-enabled port

–

VLAN assignment for restricting 802.1x-authenticated users to a specified VLAN

–

Port security for controlling access to 802.1x ports

–

Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized or unauthorized state of the port

–

IP phone detection enhancement to detect and recognize a Cisco IP phone

–

Guest VLAN to provide limited services to non-802.1x-compliant users

–

Restricted VLAN to provide limited services to users who are 802.1x compliant, but do not have the credentials to authenticate via the standard 802.1x processes

–

802.1x accounting to track network usage

–

802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a specific Ethernet frame

–

802.1x readiness check to determine the readiness of connected end hosts before configuring IEEE 802.1x on the switch

–

Voice-aware 802.1x security to apply traffic violation actions only on the VLAN on which a security violation occurs

–

MAC authentication bypass to authorize clients based on the client MAC address

–

Network Edge Access Topology (NEAT) with 802.1X switch supplicant, host authorization with CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant to another switch

–

IEEE 802.1x with open access to allow a host to access the network before being authenticated

–

IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL downloads from a Cisco Secure ACS server to an authenticated switch

–

Flexible-authentication sequencing to configure the order of the authentication methods that a port tries when authenticating a new host

–

Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled port

1-8

• Network Admission Control (NAC) features:

–

NAC Layer 2 802.1x validation of the antivirus condition or posture of endpoint systems or clients before granting the devices network access

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 63

Chapter 1 Configuration Overview

–

• TACACS+, a proprietary feature for managing network security through a TACACS server

• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users

through AAA services

Feature Software Licensing

For information about configuring NAC Layer 2 802.1x validation, see the “Configuring NAC

Layer 2 802.1x Validation” section on page 13-46

NAC Layer 2 IP validation of the posture of endpoint systems or clients before granting the devices network access

For information about configuring NAC Layer 2 IP validation, see the Network Admission Control Software Configuration Guide

IEEE 802.1x inaccessible authentication bypass

For information about configuring this feature, see the “Configuring Inaccessible

Authentication Bypass” section on page 13-44

Authentication, authorization, and accounting (AAA) down policy for a NAC Layer 2 IP validation of a host if the AAA server is not available when the posture validation occurs

For information about this feature, see the Network Admission Control Software Configuration Guide.

• Enhancements to RADIUS, TACACS+, and SSH to function over IPv6

• Kerberos security system to authenticate requests for network resources by using a trusted third

party (requires the cryptographic versions of the software)

• Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,

and message integrity and HTTP client authentication to allow secure HTTP communications (requires the cryptographic version of the software)

• Voice-aware IEEE 802.1x and MAC authentication bypass (MAB) security violation to shut down

only the data VLAN on a port when a security violation occurs

• Support for IP source guard on static hosts

• RADIUS change of authorization (CoA) to change the attributes of a certain session after it is

authenticated. When there is a change in policy for a user or user group in AAA, administrators can send the RADIUS CoA packets from the AAA server, such as Cisco Secure ACS to reinitialize authentication, and apply to the new policies.

• IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to

improve scalability of the network by load balancing users across different VLANs. Authorized users are assigned to the least populated VLAN in the group, assigned by RADIUS server.

• Support for critical VLAN with multiple-host authentication so that when a port is configured for

multi-authentication, and an AAA server becomes unreachable, the port is placed in a critical VLAN in order to still permit access to critical resources

• Customizable web authentication enhancement to allow the creation of user-defined login, success,

failure and expire web pages for local web authentication

OL-25866-01

• Support for Network Edge Access Topology (NEAT) to change the port host mode and to apply a

standard port configuration on the authenticator switch port

• VLAN-ID based MAC authentication to use the combined VLAN and MAC address information for

user authentication to prevent network access from unauthorized VLANs

• MAC move to allow hosts (including the hosts connected behind an IP phone) to move across ports

within the same switch without any restrictions to enable mobility. With MAC move, the switch treats the reappearance of the same MAC address on another port in the same way as a completely new MAC address.

Cisco IE 2000 Switch Software Configuration Guide

1-9

Page 64

Feature Software Licensing

• Support for 3DES and AES with version 3 of the Simple Network Management Protocol (SNMPv3).

This release adds support for the 168-bit Triple Data Encryption Standard (3DES) and the 128-bit, 192-bit, and 256-bit Advanced Encryption Standard (AES) encryption algorithms to SNMPv3.

QoS and CoS Features

Note These features require the LAN Base image.

• Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying

traffic and configuring egress queues

• Automatic quality of service (QoS) Voice over IP (VoIP) enhancement for port-based trust of DSCP

and priority queuing for egress traffic

• Classification

–

IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS marking priorities on a per-port basis for protecting the performance of mission-critical applications

Chapter 1 Configuration Overview

–

IP ToS/DSCP and IEEE 802.1p CoS marking based on flow-based packet classification (classification based on information in the MAC, IP, and TCP/UDP headers) for high-performance quality of service at the network edge, allowing for differentiated service levels for different types of network traffic and for prioritizing mission-critical traffic in the network

–

Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port bordering another QoS domain

–

Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value received, and ensuring port security

• Policing

–

Traffic-policing policies on the switch port for managing how much of the port bandwidth should be allocated to a specific traffic flow.

–

If you configure multiple class maps for a hierarchical policy map, each class map can be associated with its own port-level (second-level) policy map. Each second-level policy map can have a different policer.

–

Aggregate policing for policing traffic flows in aggregate to restrict specific applications or traffic flows to metered, predefined rates.

• Out-of-profile

–

Out-of-profile markdown for packets that exceed bandwidth utilization limits

• Ingress queueing and scheduling

1-10

–

Two configurable ingress queues for user traffic (one queue can be the priority queue)

–

Weighted tail drop (WTD) as the congestion-avoidance mechanism for managing the queue lengths and providing drop precedences for different traffic classifications

–

Shaped round robin (SRR) as the scheduling service for specifying the rate at which packets are sent to the ring (sharing is the only supported mode on ingress queues)

• Egress queues and scheduling

–

Four egress queues per port.

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 65

Chapter 1 Configuration Overview

–

Monitoring Features

• EOT and IP SLAs EOT static route support identify when a preconfigured static route or a DHCP

route goes down

• MAC address notification traps and RADIUS accounting for tracking users on a network by storing

the MAC addresses that the switch has learned or removed

• Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) for traffic monitoring on any port or

VLAN (RSPAN requires LAN Base image)

• SPAN and RSPAN support of Intrusion Detection Systems (IDS) to monitor, repel, and report

network security violations (RSPAN requires LAN Base image)

Default Settings After Initial Switch Configuration

WTD as the congestion-avoidance mechanism for managing the queue lengths and providing drop precedences for different traffic classifications.

SRR as the scheduling service for specifying the rate at which packets are dequeued to the egress interface (shaping or sharing is supported on egress queues). Shaped egress queues are guaranteed but limited to using a share of port bandwidth. Shared egress queues are also guaranteed a configured share of bandwidth, but can use more than the guarantee if other queues become empty and do not use their share of the bandwidth.

• Four groups (history, statistics, alarms, and events) of embedded RMON agents for network

monitoring and traffic analysis

• Syslog facility for logging system messages about authentication or authorization errors, resource

issues, and time-out events

• Layer 2 traceroute to identify the physical path that a packet takes from a source device to a

destination device

• Time Domain Reflector (TDR) to diagnose and resolve cabling problems on 10/100 and

10/100/1000 copper Ethernet ports

• SFP module diagnostic management interface to monitor physical or operational status of an SFP

module

• Facilities for processing alarms related to temperature, power-supply conditions, and the status of

the Ethernet ports

• Alarm relay contacts that can be used for an external relay system

• Digital optical monitoring (DOM) to check status of X2 small form-factor pluggable (SFP) modules

Default Settings After Initial Switch Configuration

The switch is designed for plug-and-play operation, requiring only that you assign basic IP information to the switch and connect it to the other devices in your network. If you have specific network needs, you can change the interface-specific and system-wide settings.

OL-25866-01

Note For information about assigning an IP address by using the browser-based Express Setup program, see

the getting started guide. For information about assigning an IP address by using the CLI-based setup program, see the hardware installation guide.

Cisco IE 2000 Switch Software Configuration Guide

1-11

Page 66

Default Settings After Initial Switch Configuration

If you do not configure the switch at all, the switch operates with these default settings:

• Default switch IP address, subnet mask, and default gateway is 0.0.0.0. For more information, see

Chapter 4, “Performing Switch Setup Configuration,” and Chapter 25, “Configuring DHCP.”

• Default domain name is not configured. For more information, see Chapter 4, “Performing Switch

Setup Configuration.”

• DHCP client is enabled, the DHCP server is enabled (only if the device acting as a DHCP server is

configured and is enabled), and the DHCP relay agent is enabled (only if the device is acting as a DHCP relay agent is configured and is enabled). For more information, see

Switch Setup Configuration,” and Chapter 25, “Configuring DHCP.”

• Switch cluster is disabled. For more information about switch clusters, see Chapter 6, “Configuring

Switch Clusters,” and the Getting Started with Cisco Network Assistant, available on Cisco.com.

• No passwords are defined. For more information, see Chapter 7, “Performing Switch

Administration.”

• System name and prompt is Switch. For more information, see Chapter 7, “Performing Switch

Administration.”

• NTP is enabled. For more information, see Chapter 7, “Performing Switch Administration.”

• DNS is enabled. For more information, see Chapter 7, “Performing Switch Administration.”

• TACACS+ is disabled. For more information, see Chapter 12, “Configuring Switch-Based

Authentication.”

Chapter 1 Configuration Overview

Chapter 4, “Performing

• RADIUS is disabled. For more information, see Chapter 12, “Configuring Switch-Based

Authentication.”

• The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are both enabled. For more

information, see

• IEEE 802.1x is disabled. For more information, see Chapter 13, “Configuring IEEE 802.1x

Chapter 12, “Configuring Switch-Based Authentication.”

Port-Based Authentication.”

• Port parameters

–

Operating mode is Layer 2 (switch port). For more information, see Chapter 15, “Configuring

Interface Characteristics.”

–

Interface speed and duplex mode is autonegotiate. For more information, see Chapter 15,

“Configuring Interface Characteristics.”

–

Auto-MDIX is enabled. For more information, see Chapter 15, “Configuring Interface

Characteristics.”

–

Flow control is off. For more information, see Chapter 15, “Configuring Interface

Characteristics.”

• VLANs

–

Default VLAN is VLAN 1. For more information, see Chapter 17, “Configuring VLANs.”

–

VLAN trunking setting is dynamic auto (DTP). For more information, see Chapter 17,

“Configuring VLANs.”

–

Trunk encapsulation is negotiate. For more information, see Chapter 17, “Configuring VLANs.”

1-12

–

VTP mode is server. For more information, see Chapter 18, “Configuring VTP.”

–

VTP version is Version 1. For more information, see Chapter 18, “Configuring VTP.”

–

Voice VLAN is disabled. For more information, see Chapter 19, “Configuring Voice VLAN.”

• STP, PVST+ is enabled on VLAN 1. For more information, see Chapter 20, “Configuring STP.”

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 67

Chapter 1 Configuration Overview

• MSTP is disabled. For more information, see Chapter 21, “Configuring MSTP.”

• Optional spanning-tree features are disabled. For more information, see Chapter 22, “Configuring

Optional Spanning-Tree Features.”

• FlexLinks are not configured. For more information, see Chapter 24, “Configuring FlexLinks and

the MAC Address-Table Move Update.”

• DHCP snooping is disabled. The DHCP snooping information option is enabled. For more

information, see

• IP source guard is disabled. For more information, see Chapter 25, “Configuring DHCP.”

• DHCP server port-based address allocation is disabled. For more information, see Chapter 25,

“Configuring DHCP.”

• Dynamic ARP inspection is disabled on all VLANs. For more information, see Chapter 26,

“Configuring Dynamic ARP Inspection.”

• IGMP snooping is enabled. No IGMP filters are applied. For more information, see Chapter 28,

“Configuring IGMP Snooping and MVR.”

• IGMP throttling setting is deny. For more information, see Chapter 28, “Configuring IGMP

Snooping and MVR.”

Default Settings After Initial Switch Configuration

Chapter 25, “Configuring DHCP.”

• The IGMP snooping querier feature is disabled. For more information, see Chapter 28, “Configuring

IGMP Snooping and MVR.”

• MVR is disabled. For more information, see Chapter 28, “Configuring IGMP Snooping and MVR.”

• Port-based traffic

–

Broadcast, multicast, and unicast storm control is disabled. For more information, see

Chapter 29, “Configuring Port-Based Traffic Control.”

–

No protected ports are defined. For more information, see Chapter 29, “Configuring Port-Based

Traffic Control.”

–

Unicast and multicast traffic flooding is not blocked. For more information, see Chapter 29,

“Configuring Port-Based Traffic Control.”

–

No secure ports are configured. For more information, see Chapter 29, “Configuring Port-Based

Traffic Control.”

• CDP is enabled. For more information, see Chapter 32, “Configuring CDP.”

• UDLD is disabled. For more information, see Chapter 33, “Configuring UDLD.”

• SPAN and RSPAN are disabled. For more information, see Chapter 30, “Configuring SPAN and

RSPAN.”

• RMON is disabled. For more information, see Chapter 34, “Configuring RMON.”

• Syslog messages are enabled and appear on the console. For more information, see Chapter 35,

“Configuring System Message Logging.”

• SNMP is enabled (Version 1). For more information, see Chapter 36, “Configuring SNMP.”

• No ACLs are configured. For more information, see Chapter 37, “Configuring Network Security

with ACLs.”

OL-25866-01

• QoS is disabled. For more information, see Chapter 38, “Configuring Standard QoS.”

• No EtherChannels are configured. For more information, see Chapter 40, “Configuring

EtherChannels.”

• IP unicast routing is disabled. For more information, see Chapter 41, “Configuring IP Unicast

Routing.”

Cisco IE 2000 Switch Software Configuration Guide

1-13

Page 68

Network Configuration Examples

This section provides network configuration concepts and includes examples of using the switch to create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit Ethernet connections.

• Design Concepts for Using the Switch, page 1-14

• Ethernet-to-the-Factory Architecture, page 1-15

Design Concepts for Using the Switch

As your network users compete for network bandwidth, it takes longer to send and receive data. When you configure your network, consider the bandwidth required by your network users and the relative priority of the network applications that they use.

Table 1-1 describes what can cause network performance to degrade and how you can configure your

network to increase the bandwidth available to your network users.

Ta b l e 1-1 Increasing Network Performance

Chapter 1 Configuration Overview

Network Demands Suggested Design Methods

Too many users on a single network segment and a growing number of users accessing the Internet

• Increased power of new PCs,

workstations, and servers

• High bandwidth demand from

networked applications (such as e-mail with large attached files) and from bandwidth-intensive applications (such as multimedia)

Bandwidth alone is not the only consideration when designing your network. As your network traffic profiles evolve, consider providing network services that can support applications for voice and data integration, multimedia integration, application prioritization, and security. network demands and how you can meet them.

• Create smaller network segments so that fewer users share the bandwidth, and use

VLANs and IP subnets to place the network resources in the same logical network as the users who access those resources most.

• Use full-duplex operation between the switch and its connected workstations.

• Connect global resources, such as servers and routers to which the network users

require equal access, directly to the high-speed switch ports so that they have their own high-speed segment.

• Use the EtherChannel feature between the switch and its connected servers and

routers.

Table 1-2 describes some

1-14

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 69

Chapter 1 Configuration Overview

Network Configuration Examples

Ta b l e 1-2 Providing Network Services

Network Demands Suggested Design Methods

Efficient bandwidth usage for multimedia applications and guaranteed bandwidth for critical applications

High demand on network redundancy and availability to provide always on mission-critical applications

An evolving demand for IP telephony • Use QoS to prioritize applications such as IP telephony during congestion and to

• Use IGMP snooping to efficiently forward multimedia and multicast traffic.

• Use other QoS mechanisms such as packet classification, marking, scheduling,

and congestion avoidance to classify traffic with the appropriate priority level, which provides maximum flexibility and support for mission-critical, unicast, and multicast and multimedia applications.

• Use MVR to continuously send multicast streams in a multicast VLAN but to

isolate the streams from subscriber VLANs for bandwidth and security reasons.

• Use VLAN trunks and BackboneFast for traffic-load balancing on the uplink ports

so that the uplink port with a lower relative port cost is selected to carry the VLAN traffic.

help control both delay and jitter within the network.

• Use switches that support at least two queues per port to prioritize voice and data

traffic as either high- or low-priority, based on IEEE 802.1p/Q. The switch supports at least four queues per port.

• Use voice VLAN IDs (VVIDs) to provide separate VLANs for voice traffic.

Ethernet-to-the-Factory Architecture

This section is an overview of the Ethernet-to-the-Factory (EttF) architecture that provides network and security services to the devices and applications in automation and control systems. It then integrates those into the wider enterprise network.

EttF architecture applies to many types of manufacturing environments, but it must be tailored to the industry type, the manufacturing type, and the production-facility size. Deployments can range from small networks (less than 50 devices), to medium-sized networks (less than 200 devices), and to large networks (up to and more than 1000 devices).

Within the EttF architecture are conceptual structures called zones that separate the various functions, from the highest-level enterprise switches and processes to the smallest devices that control more detailed processes and devices on the factory floor. See

For more information about EttF architecture, see this URL:

http://www.cisco.com/web/strategy/manufacturing/ettf_overview.html

Enterprise Zone

The enterprise zone comprises the centralized IT systems and functions. Wired and wireless access is available to enterprise network services, such as enterprise resource management, business-to-business, and business-to-customer services.The basic business administration tasks, such as site business planning and logistics, are performed here and rely on standard IT services. Guest access systems are often located here, although it is not uncommon to find them in lower levels of the framework to gain flexibility that might be difficult to achieve at the enterprise level.

Figure 1-1.

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

1-15

Page 70

Network Configuration Examples

Demilitarized Zone

The demilitarized zone (DMZ) provides a buffer for sharing of data and services between the enterprise and manufacturing zones. The DMZ maintains availability, addresses security vulnerabilities, and abiding by regulatory compliance mandates. The DMZ provides segmentation of organizational control, for example, between the IT and production organizations. Different policies for each organization can be applied and contained. For example, the production organization might apply security policies to the manufacturing zone that are different than those applied to the IT organization.

Manufacturing Zone

The manufacturing zone comprises the cell networks and site-level activities. All the systems, devices, and controllers that monitor the plant operations are in this zone. The cell zone is a functional area within a production facility.

The cell zone is a set of devices, controllers, and so on, that provide the real-time control of a functional aspect of the automation process. They are all in real-time communication with each other. This zone requires clear isolation and protection from the other levels of plant or enterprise operations.

Chapter 1 Configuration Overview

1-16

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 71

Chapter 1 Configuration Overview

LAN

GE Link for

Failover

Detection

Servers

Management

tools

Servers

Catalyst

3750 switch

Catalyst 3750 switch stack

Catalyst

4500 switch

204322

Figure 1-1 shows the EttF architecture.

Figure 1-1 Ethernet-to-the-Factory Architecture

Network Configuration Examples

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

1-17

Page 72

Network Configuration Examples

Topology Options

Chapter 1 Configuration Overview

Topology design starts with considering how devices are connected to the network. The cell network also requires physical topologies that meet the physical constraints of the production floor. This section provides guidelines for topology designs and describes the trunk-drop, ring, and redundant-star topologies.

• Physical layout—The layout of the production environment drives the topology design. For

example, a trunk-drop or ring topology is a good choice for a long conveyor-belt system, but a redundant-star configuration is not a good choice.

• Real-time communications—Latency and jitter are primarily caused by the amount of traffic and

number of hops a packet must make to reach its destination. The amount of traffic in a Layer network is driven by various factors, but the number of devices is important. Follow these guidelines for real-time communications:

–

The amount of latency introduced per Layer 2 hop should be considered. For instance, there is a higher latency with 100 Mb interfaces than there is with 1 Gigabit interfaces.

–

Bandwidth should not consistently exceed 50 percent of the interface capacity on any switch.

–

The CPU should not consistently exceed 50 to 70 percent utilization. Above this level, the switch might not properly process control packets and might behave abnormally.

These are the key connectivity considerations:

• Devices are connected to a switch through a single network connection or an IP-enabled I/O block

or linking device if they do not support Ethernet. Most devices have no or limited failover capabilities and therefore cannot effectively use redundant network connections.

• Redundant connections can be used in certain industries and applications, such as process-related

industries that are applied to critical infrastructure.

Cell Network—Trunk-Drop Topology

Switches are connected to each other to form a chain of switches in a trunk-drop topology (also known as a cascaded topology). See

• The connection between the Layer 3 switch and the first Layer 2 switch is very susceptible to

oversubscription, which can degrade network performance.

• There is no redundancy to the loss of a connection.

Figure 1-2.

1-18

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 73

Chapter 1 Configuration Overview

285192

Human Machine Interface

(HMI)

IE2000

Controllers

Cell Zone

Catalyst 3750

Stackwise

Switch

Stack

Controllers, Drives,

and Remote I/Os

Figure 1-2 Cell Network–Trunk-Drop Topology

Network Configuration Examples

Cell Network—Ring Topology

A ring topology is similar to a trunk-drop topology except that the last switch in the chain is connected to the Layer 3 switch that forms a network ring. If a connection is lost in a ring, each switch maintains connectivity to the other switches. See

• The network can only recover from the loss of a single connection.

• It is more difficult to implement because it requires additional protocol implementation and Rapid

Spanning Tree Protocol (RSTP).

• Although better than the trunk-drop, the top of the ring (connections to the Layer 3 switches) can

become a bottleneck and is susceptible to oversubscription, which can degrade network performance.

OL-25866-01

Figure 1-3.

Cisco IE 2000 Switch Software Configuration Guide

1-19

Page 74

Network Configuration Examples

285193

Human

Machine

Interface

(HMI)

IE2000

Cell Zone

Catalyst 3750

Stackwise

Switch

Stack

Controllers

Controllers, Drives,

and Remote I/O

Figure 1-3 Cell Network–Ring Topology

Chapter 1 Configuration Overview

Cell Network—Redundant-Star Topology

In a redundant-star topology, every Layer 2 access switch has dual connections to a Layer 3 distribution switch. Devices are connected to the Layer 2 switches. See

• Any Layer 2 switch is always only two hops to another Layer 2 switch.

• In the Layer 2 network, each switch has dual connections to the Layer 3 devices.

Cisco IE 2000 Switch Software Configuration Guide

• The Layer 2 network is maintained even if multiple connections are lost.

1-20

Figure 1-4.

OL-25866-01

Page 75

Chapter 1 Configuration Overview

Figure 1-4 Cell Network–Redundant Star Topology

IE2000

Machine

Interface

Where to Go Next

Catalyst 3750

Stackwise

Switch

Stack

Human

(HMI)

Cell Zone

Where to Go Next

Before configuring the switch, review these sections for startup information:

• Chapter 2, “Using the Command-Line Interface”

• Chapter 4, “Performing Switch Setup Configuration”

To locate and download MIBs for a specific Cisco product and release, use the Cisco MIB Locator:

http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

Controllers, Drives,

and Remote I/O

285194

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

1-21

Page 76

Where to Go Next

Chapter 1 Configuration Overview

1-22

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 77

CHA PTER

Using the Command-Line Interface

Information About Using the Command-Line Interface

This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your switch.

Command Modes

The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode.

When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC commands are one-time commands, such as show commands, which show the current configuration status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved when the switch reboots.

OL-25866-01

To have access to all commands, you must enter privileged EXEC mode. You must enter a password to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enter global configuration mode.

Using the configuration modes (global, interface, and line), you can make changes to the running configuration. If you save the configuration, these commands are stored and used when the switch reboots. To access the various configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and line configuration mode.

Cisco IE 2000 Switch Software Configuration Guide

2-1

Page 78

Chapter 2 Using the Command-Line Interface

Information About Using the Command-Line Interface

Table 2-1 describes the main command modes, how to access each one, the prompt you see in that mode,

and how to exit the mode. The examples in the table use the hostname Switch.

Ta b l e 2-1 Command Mode Summary

Mode Access Method Prompt Exit Method About This Mode

User EXEC Begin a session with

your switch.

Privileged EXEC While in user EXEC

mode, enter the enable command.

Global configuration While in privileged

EXEC mode, enter the configure command.

Config-vlan While in global

configuration mode, enter the

vlan

vlan-id

command.

VLAN configuration While in privileged

EXEC mode, enter the vlan database command.

Switch>

Switch#

Switch(config)#

Switch(config-vlan)#

Switch(vlan)#

Enter logout or quit.

Enter disable to exit.

To exit to privileged EXEC mode, enter

exit or end, or press Ctrl-Z.

To exit to global configuration mode, enter the exit command.

To return to privileged EXEC mode, press Ctrl-Z or enter end.

To exit to privileged EXEC mode, enter exit.

Use this mode to

• Change terminal settings.

• Perform basic tests.

• Display system

information.

Use this mode to verify commands that you have entered. Use a password to protect access to this mode.

Use this mode to configure parameters that apply to the entire switch.

Use this mode to configure VLAN parameters. When VTP mode is transparent, you can create extended-range VLANs (VLAN IDs greater than 1005) and save configurations in the switch startup configuration file.

Use this mode to configure VLAN parameters for VLANs 1 to 1005 in the VLAN database.

2-2

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 79

Chapter 2 Using the Command-Line Interface

Information About Using the Command-Line Interface

Table 2-1 Command Mode Summary (continued)

Mode Access Method Prompt Exit Method About This Mode

Interface configuration

While in global configuration mode, enter the interface command (with a specific interface).

Line configuration While in global

configuration mode, specify a line with the line

vty or line

console command.

Switch(config-if)#

Switch(config-line)#

To exit to global configuration mode, enter exit.

To return to privileged EXEC mode, press Ctrl-Z or enter end.

To exit to global configuration mode, enter exit.

To return to privileged EXEC mode, press Ctrl-Z or enter end.

Use this mode to configure parameters for the Ethernet ports.

For information about defining interfaces, see the

Interface Configuration Mode” section on page 15-6.

To configure multiple interfaces with the same parameters, see the

“Configuring a Range of Interfaces” section on page 15-13.

Use this mode to configure parameters for the terminal line.

“Using

For more detailed information on the command modes, see the command reference guide for this release.

Help System

You can enter a question mark (?) at the system prompt to display a list of commands available for each command mode. You can also obtain a list of associated keywords and arguments for any command, as shown in

Ta b l e 2-2 Help Summary

Command Purpose

help Obtain a brief description of the help system in any command mode.

abbreviated-command-entry? Obtain a list of commands that begin with a particular character string.

abbreviated-command-entry<Ta b> Complete a partial command name.

Table 2-2.

For example:

Switch# di? dir disable disconnect

For example:

Switch# sh conf<tab> Switch# show configuration

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

2-3

Page 80

Chapter 2 Using the Command-Line Interface

Information About Using the Command-Line Interface

Table 2-2 Help Summary (continued)

Command Purpose

? List all commands available for a particular command mode.

For example:

Switch> ?

command ? List the associated keywords for a command.

For example:

Switch> show ?

command keyword ? List the associated arguments for a keyword.

For example:

Switch(config)# cdp holdtime ? <10-255> Length of time (in sec) that receiver must keep this packet

Understanding Abbreviated Commands

You need to enter only enough characters for the switch to recognize the command as unique.

This example shows how to enter the show configuration privileged EXEC command in an abbreviated form:

Switch# show conf

No and default Forms of Commands

Almost every configuration command also has a no form. In general, use the no form to disable a feature or function or reverse the action of a command. For example, the no shutdown interface configuration command reverses the shutdown of an interface. Use the command without the keyword no to reenable a disabled feature or to enable a feature that is disabled by default.

Configuration commands can also have a default form. The default form of a command returns the command setting to its default. Most commands are disabled by default, so the default form is the same as the no form. However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values.

2-4

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 81

Chapter 2 Using the Command-Line Interface

CLI Error Messages

Table 2-3 lists some error messages that you might encounter while using the CLI to configure your

switch.

Ta b l e 2-3 Common CLI Error Messages

Error Message Meaning How to Get Help

% Ambiguous command: "show con"

% Incomplete command.

% Invalid input detected at ‘^’ marker.

You did not enter enough characters for your switch to recognize the command.

You did not enter all the keywords or values required by this command.

You entered the command incorrectly. The caret (^) marks the point of the error.

Reenter the command followed by a question mark (?) with a space between the command and the question mark.

The possible keywords that you can enter with the command appear.

Reenter the command followed by a question mark (?) with a space between the command and the question mark.

The possible keywords that you can enter with the command appear.

Enter a question mark (?) to display all the commands that are available in this command mode.

The possible keywords that you can enter with the command appear.

CLI Error Messages

Configuration Logging

You can log and view changes to the switch configuration. You can use the Configuration Change Logging and Notification feature to track changes on a per-session and per-user basis. The logger tracks each configuration command that is applied, the user who entered the command, the time that the command was entered, and the parser return code for the command. This feature includes a mechanism for asynchronous notification to registered applications whenever the configuration changes. You can choose to have the notifications sent to the syslog.

Note Only CLI or HTTP changes are logged.

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

2-5

Page 82

How to Use the CLI to Configure Features

Configuring the Command History

The software provides a history or record of commands that you have entered. The command history feature is particularly useful for recalling long or complex commands or entries, including access lists. You can customize this feature to suit your needs as described in these sections:

• Changing the Command History Buffer Size, page 2-6 (optional)

• Recalling Commands, page 2-6 (optional)

• Disabling the Command History Feature, page 2-7 (optional)

Changing the Command History Buffer Size

By default, the switch records ten command lines in its history buffer. You can alter this number for a current terminal session or for all sessions on a particular line. These procedures are optional.

Chapter 2 Using the Command-Line Interface

Beginning in privileged EXEC mode, enter this command to change the number of command lines that the switch records during the current terminal session:

Switch# terminal history [size number-of-lines]

The range is from 0 to 256.

Beginning in line configuration mode, enter this command to configure the number of command lines the switch records for all sessions on a particular line:

Switch(config-line)# history [size number-of-lines]

The range is from 0 to 256.

Recalling Commands

To recall commands from the history buffer, perform one of the actions listed in Tabl e 2-4. These actions are optional.

Ta b l e 2-4 Recalling Commands

Action

Press Ctrl-P or the up arrow key. Recall commands in the history buffer, beginning with the most recent command.

Press Ctrl-N or the down arrow key. Return to more recent commands in the history buffer after recalling commands

show history While in privileged EXEC mode, list the last several commands that you just

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Result

Repeat the key sequence to recall successively older commands.

with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively more recent commands.

entered. The number of commands that appear is controlled by the setting of the terminal history global configuration command and the history line configuration command.

2-6

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 83

Chapter 2 Using the Command-Line Interface

Disabling the Command History Feature

The command history feature is automatically enabled. You can disable it for the current terminal session or for the command line. These procedures are optional.

To disable the feature during the current terminal session, enter the terminal no history privileged EXEC command.

To disable command history for the line, enter the no history line configuration command.

Using Editing Features

This section describes the editing features that can help you manipulate the command line. It contains these sections:

• Enabling and Disabling Editing Features, page 2-7 (optional)

• Editing Commands Through Keystrokes, page 2-7 (optional)

• Editing Command Lines That Wrap, page 2-9 (optional)

How to Use the CLI to Configure Features

Enabling and Disabling Editing Features

Although enhanced editing mode is automatically enabled, you can disable it, reenable it, or configure a specific line to have enhanced editing. These procedures are optional.

To globally disable enhanced editing mode, enter this command in line configuration mode:

Switch (config-line)# no editing

To reenable the enhanced editing mode for the current terminal session, enter this command in privileged EXEC mode:

Switch# terminal editing

To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration mode:

Switch(config-line)# editing

Editing Commands Through Keystrokes

Table 2-5 shows the keystrokes that you need to edit command lines. These keystrokes are optional.

Ta b l e 2-5 Editing Commands through Keystrokes

Capability Keystroke

Move around the command line to make changes or corrections.

Press Ctrl-B, or press the left arrow key.

Purpose

Move the cursor back one character.

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

2-7

Page 84

How to Use the CLI to Configure Features

Table 2-5 Editing Commands through Keystrokes (continued)

Chapter 2 Using the Command-Line Interface

Capability Keystroke

Press Ctrl-F, or press the right arrow key.

Press Ctrl-A. Move the cursor to the beginning of the command line.

Press Ctrl-E. Move the cursor to the end of the command line.

Press Esc B. Move the cursor back one word.

Press Esc F. Move the cursor forward one word.

Press Ctrl-T. Transpose the character to the left of the cursor with the

Recall commands from the buffer

Press Ctrl-Y. Recall the most recent entry in the buffer.

and paste them in the command line. The switch provides a buffer with the last ten items that you deleted.

Press Esc Y. Recall the next buffer entry.

Delete entries if you make a mistake or change your mind.

Press the Delete or Backspace key.

Press Ctrl-D. Delete the character at the cursor.

Press Ctrl-K. Delete all characters from the cursor to the end of the

Press Ctrl-U or Ctrl-X. Delete all characters from the cursor to the beginning of

Press Ctrl-W. Delete the word to the left of the cursor.

Press Esc D. Delete from the cursor to the end of the word.

Capitalize or lowercase words or

Press Esc C. Capitalize at the cursor.

capitalize a set of letters.

Press Esc L. Change the word at the cursor to lowercase.

Press Esc U. Capitalize letters from the cursor to the end of the word.

Designate a particular keystroke as

Press Ctrl-V or Esc Q.

an executable command, perhaps as a shortcut.

Purpose

Move the cursor forward one character.

character located at the cursor.

The buffer contains only the last 10 items that you have deleted or cut. If you press Esc Y more than ten times, you cycle to the first buffer entry.

Erase the character to the left of the cursor.

command line.

the command line.

2-8

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 85

Chapter 2 Using the Command-Line Interface

Table 2-5 Editing Commands through Keystrokes (continued)

How to Use the CLI to Configure Features

Capability Keystroke

Scroll down a line or screen on

Press the Return key. Scroll down one line.

displays that are longer than the terminal screen can display.

Note The More prompt is used for

any output that has more lines than can be displayed on the terminal screen, including show command output. You can use the Return and Space bar keystrokes whenever you see the More prompt.

Press the Space bar. Scroll down one screen.

Redisplay the current command line

Press Ctrl-L or Ctrl-R. Redisplay the current command line.

if the switch suddenly sends a message to your screen.

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Editing Command Lines That Wrap

You can use a wraparound feature for commands that extend beyond a single line on the screen. When the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first ten characters of the line, but you can scroll back and check the syntax at the beginning of the command. The keystroke actions are optional.

Purpose

To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You can also press Ctrl-A to immediately move to the beginning of the line.

The arrow keys function only on ANSI-compatible terminals such as VT100s.

In this example, the access-list global configuration command entry extends beyond one line. When the cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($) shows that the line has been scrolled to the left. Each time the cursor reaches the end of the line, the line is again shifted ten spaces to the left.

Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1 Switch(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25 Switch(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq Switch(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45

After you complete the entry, press Ctrl-A to check the complete syntax before pressing the Return key to execute the command. The dollar sign ($) appears at the end of the line to show that the line has been scrolled to the right:

Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$

The software assumes you have a terminal screen that is 80 columns wide. If you have a different width, use the terminal width privileged EXEC command to set the width of your terminal.

Use line wrapping with the command history feature to recall and modify previous complex command entries. For information about recalling previous command entries, see the

“Editing Commands Through

Keystrokes” section on page 2-7.

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

2-9

Page 86

Chapter 2 Using the Command-Line Interface

How to Use the CLI to Configure Features

Searching and Filtering Output of show and more Commands

You can search and filter the output for show and more commands. This is useful when you need to sort through large amounts of output or if you want to exclude output that you do not need to see. Using these commands is optional.

To use this functionality, enter a show or more command followed by the pipe character (|), one of the keywords begin, include, or exclude, and an expression that you want to search for or filter out:

command | {begin | include | exclude} regular-expression

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output appear.

This example shows how to include in the output display only lines where the expression protocol appears:

Switch# show interfaces | include protocol Vlan1 is up, line protocol is up Vlan10 is up, line protocol is down

Accessing the CLI

You can access the CLI through a console connection, through Telnet, or by using the browser.

Accessing the CLI through a Console Connection or through Telnet

Before you can access the CLI, you must connect a terminal or PC to the switch console port and power on the switch, as described in the getting started guide that shipped with your switch. Then, to understand the boot process and the options available for assigning IP information, see

Switch Setup Configuration.”

If your switch is already configured, you can access the CLI through a local console connection or through a remote Telnet session, but your switch must first be configured for this type of access. For more information, see the

You can use one of these methods to establish a connection with the switch:

• Connect the switch console port to a management station or dial-up modem. For information about

connecting to the console port, see the switch getting started guide or hardware installation guide.

• Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management

station. The switch must have network connectivity with the Telnet or SSH client, and the switch must have an enable secret password configured.

For information about configuring the switch for Telnet access, see the “Setting a Telnet Password

for a Terminal Line” section on page 12-28. The switch supports up to 16 simultaneous Telnet

sessions. Changes made by one Telnet user are reflected in all other Telnet sessions.

For information about configuring the switch for SSH, see the “Configuring the SSH Server” section

on page 12-40. The switch supports up to five simultaneous secure SSH sessions.

After you connect through the console port, through a Telnet session or through an SSH session, the user

EXEC prompt appears on the management station.

“Setting a Telnet Password for a Terminal Line” section on page 12-28.

Chapter 4, “Performing

2-10

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 87

Configuring Switch Alarms

Finding Feature Information

Your software release may not support all the features documented in this chapter. For the latest feature information and caveats, see the release notes for your platform and software release.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About Switch Alarms

The switch software monitors switch conditions on a per-port or a switch basis. If the conditions present on the switch or a port do not match the set parameters, the switch software triggers an alarm or a system message. By default, the switch software sends the system messages to a system message logging facility, or a syslog Protocol (SNMP) traps to an SNMP server. You can configure the switch to trigger an external alarm device by using the alarm relay.

facility. You can also configure the switch to send Simple Network Management

CHA PTER

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

3-1

Page 88

Chapter 3 Configuring Switch Alarms

Information About Switch Alarms

Global Status Monitoring Alarms

The switch processes alarms related to temperature and power supply conditions, referred to as global or facility alarms.

Ta b l e 3-1 Global Status Monitoring Alarms

Alarm Description

Power supply alarm By default, the switch monitors a single power supply. If you configure a dual power supply, an

alarm triggers if one power supply fails. You can configure the power supply alarm to be connected to the hardware relays. For more information, see the

section on page 3-6.

Temperature alarms The switch contains one temperature sensor with a primary and secondary temperature setting. The

sensor monitors the environmental conditions inside the switch.

The primary and secondary temperature alarms can be set as follows:

• The primary alarm is enabled automatically to trigger both at a low temperature, –4°F (–20°C)

and a high temperature, 203°F (95°C). It cannot be disabled. By default, the primary temperature alarm is associated with the major relay.

“Configuring the Power Supply Alarms”

• The secondary alarm triggers when the system temperature is higher or lower than the

configured high and low temperature thresholds. The secondary alarm is disabled by default.

For more information, see the “Configuring the Switch Temperature Alarms” section on page 3-6.

SD-Card By default the alarm is disabled.

FCS Error Hysteresis Threshold

The Ethernet standard calls for a maximum bit-error rate of 10-8. The bit error-rate range is from 10-6 to

-11

. The bit error-rate input to the switch is a positive exponent. If you want to configure the bit

error-rate of 10

You can set the FCS error hysteresis threshold to prevent the toggle of the alarm when the actual bit-error rate fluctuates near the configured rate. The hysteresis threshold is defined as the ratio between the alarm clear threshold to the alarm set threshold, expressed as a percentage value.

For example, if the FCS bit error-rate alarm value is configured to 10–8, that value is the alarm set threshold. To set the alarm clear threshold at 5*10

h = alarm clear threshold / alarm set threshold

h = 5*10

The FCS hysteresis threshold is applied to all ports on the switch. The allowable range is from 1 to 10 percent. The default value is 10 percent. See the

page 3-7 for more information.

-9

, enter the value 9 for the exponent. By default, the FCS bit error-rate is 10-8.

-10

/ 10-8 = 5*10-2 = 0.05 = 5 percent

-10

, the hysteresis, value h, is determined as follows:

“Configuring the FCS Bit Error Rate Alarm” section on

Port Status Monitoring Alarms

The switch can also monitor the status of the Ethernet ports and generate alarm messages based on the alarms listed in using alarm profiles. You can create a number of profiles and assign one of these profiles to each Ethernet port.

Cisco IE 2000 Switch Software Configuration Guide

3-2

Tabl e 3-2. To save user time and effort, it supports changeable alarm configurations by

OL-25866-01

Page 89

Chapter 3 Configuring Switch Alarms

Information About Switch Alarms

Alarm profiles provide a mechanism for you to enable or disable alarm conditions for a port and associate the alarm conditions with one or both alarm relays. You can also use alarm profiles to set alarm conditions to send alarm traps to an SNMP server and system messages to a syslog server. The alarm profile defaultPort is applied to all interfaces in the factory configuration (by default).

Note You can associate multiple alarms to one relay or one alarm to both relays.

Table 3-2 lists the port status monitoring alarms and their descriptions and functions. Each fault

condition is assigned a severity level based on the Cisco IOS System Error Message Severity Level.

Ta b l e 3-2 Port Status Monitoring Alarms

Alarm List ID Alarm Description

1 Link Fault alarm The switch generates a link fault alarm when problems with a port physical

layer cause unreliable data transmission. A typical link fault condition is loss of signal or clock. The link fault alarm is cleared automatically when the link fault condition is cleared. The severity for this alarm is error condition, level

2 Port not Forwarding alarm The switch generates a port not-forwarding alarm when a port is not

forwarding packets. This alarm is cleared automatically when the port begins to forward packets. The severity for this alarm is warning, level 4.

3 Port not Operating alarm The switch generates a port not-operating alarm when a port fails during the

startup self-test. When triggered, the port not-operating alarm is only cleared when the switch is restarted and the port is operational. The severity for this alarm is error condition, level 3.

4 FCS Bit Error Rate alarm The switch generates an FCS bit error-rate alarm when the actual FCS bit

error-rate is close to the configured rate. You can set the FCS bit error-rate by using the interface configuration CLI for each of the ports. See the

“Configuring the FCS Bit Error Rate Alarm” section on page 3-7 for more

information. The severity for this alarm is error condition, level 3.

Triggering Alarm Options

The switch supports these methods for triggering alarms:

• Configurable Relay

The switch is equipped with one independent alarm relay that can be triggered by alarms for global, port status and SD flash card conditions. You can configure the relay to send a fault signal to an external alarm device, such as a bell, light, or other signaling device. You can associate any alarm condition with the alarm relay. Each fault condition is assigned a severity level based on the Cisco

IOS System Error Message Severity Level.

See the “Configuring the Power Supply Alarms” section on page 3-6 for more information on configuring the relay.

• SNMP Traps

SNMP is an application-layer protocol that provides a message format for communication between managers and agents. The SNMP system consists of an SNMP manager, an SNMP agent, and a management information base (MIB).

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

3-3

Page 90

Information About Switch Alarms

• Syslog Messages

External Alarms

The switch supports two alarm inputs and one alarm output. The alarm input circuit is designed to sense if a dry contact is open or closed relative to the Alarm-In reference pin. The Alarm_Out is a relay with Normally Open and Normally Closed contacts. The switch software is configured to detect faults which are used to energize the relay coil and change the state on both of the relay contacts. Normally open contacts close and normally closed contacts open.

• Open means that the normal condition has current flowing through the contact (normally closed

• Closed means that no current flows through the contact (normally open contact). The alarm is

Chapter 3 Configuring Switch Alarms

The snmp-server enable traps command can be changed so that the user can send alarm traps to an SNMP server. You can use alarm profiles to set environmental or port status alarm conditions to send SNMP alarm traps. See the

You can use alarm profiles to send system messages to a syslog server. See the “Configuring the

Power Supply Alarms” section on page 3-6 for more information.

contact). The alarm is generated when the current stops flowing.

generated when current does flow.

“Enabling SNMP Traps” section on page 3-9 for more information.

Note Software can program the Alarm_In to trigger an alarm with either Open or Closed setting.

The alarm connector is a 6-pin screw terminal. This table lists pinouts for the alarm ports.

Pin # Signal Name Description

6 Alarm_Out_NO Alarm output relay normally open contact

5 Alarm_Out_Com Alarm output relay common contact

4 Alarm_Out-NC Alarm output relay normally closed contact

3 Alarm_In2 Alarm input #2

2 Alarm_In_Ref Alarm input reference

1 Alarm_In1 Alarm input #1

You can set the alarm severity to major, minor, or none. The severity is included in the alarm message and also sets the LED color when the alarm is triggered. The LED is red for a minor alarm and blinking red for a major alarm. If not set, the default alarm severity is minor.

For detailed information about the alarm connector, LEDs, alarm circuit and wiring installation, alarm ratings and ports, see the Cisco IE

2000 Switch Hardware Installation Guide.

3-4

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 91

Chapter 3 Configuring Switch Alarms

Default Switch Alarm Settings

Ta b l e 3-3 Default Switch Alarm Settings

Alarm Default Setting

Global Power supply alarm Enabled in switch single power mode. No alarm.

In dual-power supply mode, the default alarm notification is a system message to the console.

Primary temperature alarm Enabled for switch temperature range of 203oF (95oC) maximum to –4°F

Secondary temperature alarm Disabled.

Output relay mode alarm Normally deenergized. The alarm output has switched off or is in an off

Port Link fault alarm Disabled on all interfaces.

Port not forwarding alarm Disabled on all interfaces.

Port not operating alarm Enabled on all interfaces.

FCS bit error rate alarm Disabled on all interfaces.

(–20

C) minimum.

The primary switch temperature alarm is associated with the major relay.

state.

How to Configure Switch Alarms

Configuring External Alarms

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

configure terminal Enters global configuration mode.

alarm contact contact-number description string

alarm contact {contact-number | all} {severity { major | minor | none} | trigger {closed | open}}

alarm relay-mode energized (Optional) Configures the output relay mode to energized.

end Returns to privileged EXEC mode.

(Optional) Configures a description for the alarm contact number.

• The contact-number value is from 1 to 4.

• The description string is up to 80 alphanumeric characters in length

and is included in any generated system messages.

Configures the trigger and severity for an alarm contact number or for all contact numbers.

• Enter a contact number (1 to 4) or specify that you are configuring all

alarms.

• For severity, enter major, minor or none. If you do not configure a

severity, the default is minor.

• For trigger, enter open or closed. If you do not configure a trigger,

the alarm is triggered when the circuit is closed.

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

3-5

Page 92

How to Configure Switch Alarms

Command Purpose

Step 6

Step 7

show env alarm-contact Shows the configured alarm contacts.

copy running-config startup-config (Optional) Saves your entries in the configuration file.

Configuring the Power Supply Alarms

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Step 10

Step 11

configure terminal Enters global configuration mode.

power-supply dual Configures dual power supplies.

alarm facility power-supply disable Disables the power supply alarm.

alarm facility power-supply relay

Associates the power supply alarm to the relay.

major

alarm facility power-supply notifies Sends power supply alarm traps to an SNMP server.

alarm facility power-supply syslog Sends power supply alarm traps to a syslog server.

end Returns to privileged EXEC mode.

show env power Displays the switch power status.

show facility-alarm status Displays all generated alarms for the switch.

show alarm settings Verifies the configuration.

copy running-config startup-config (Optional) Saves your entries in the configuration file.

Chapter 3 Configuring Switch Alarms

Configuring the Switch Temperature Alarms

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

configure terminal Enters global configuration mode.

alarm facility temperature

{primary | secondary} high

Sets the high temperature threshold value. Set the threshold from –238°F (–150°C) to 572°F (300°C).

threshold

alarm facility temperature primary low threshold

Sets the low temperature threshold value. Set the threshold from –328°F (–200°C) to 482°F (250°C).

end Returns to privileged EXEC mode.

show alarm settings Verifies the configuration.

copy running-config startup-config (Optional) Saves your entries in the configuration file.

3-6

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 93

Chapter 3 Configuring Switch Alarms

Associating the Temperature Alarms to a Relay

By default, the primary temperature alarm is associated to the relay. You can use the alarm facility temperature global configuration command to associate the primary temperature alarm to an SNMP trap, or

a syslog message, or to associate the secondary temperature alarm to the relay, an SNMP trap, or a syslog message.

Note The single relay on the switch is called the major relay.

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

configure terminal Enters global configuration mode.

alarm facility temperature

Associates the primary or secondary temperature alarm to the relay.

{primary | secondary} relay major

alarm facility temperature

Sends primary or secondary temperature alarm traps to an SNMP server.

{primary | secondary} notifies

alarm facility temperature

{primary | secondary} syslog

Sends primary or secondary temperature alarm traps to a syslog server.

Uses the no alarm facility temperature secondary command to disable the secondary temperature alarm.

end Returns to privileged EXEC mode.

show alarm settings Verifies the configuration.

copy running-config startup-config (Optional) Saves your entries in the configuration file.

How to Configure Switch Alarms

Configuring the FCS Bit Error Rate Alarm

Setting the FCS Error Threshold

The switch generates an FCS bit error-rate alarm when the actual rate is close to the configured rate.

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

configure terminal Enters global configuration mode.

interface interface-id Enters the interface to be configured, and enters interface configuration

mode.

fcs-threshold value Sets the FCS error rate.

For value, the range is 6 to 11 to set a maximum bit error rate of 10

By default, the FCS bit error rate is 10-8.

end Returns to privileged EXEC mode.

show fcs-threshold Verifies the setting.

copy running-config startup-config (Optional) Saves your entries in the configuration file.

-6

to 10

-11

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

3-7

Page 94

How to Configure Switch Alarms

Setting the FCS Error Hysteresis Threshold

The hysteresis setting prevents the toggle of an alarm when the actual bit error-rate fluctuates near the configured rate. The FCS hysteresis threshold is applied to all ports of a switch.

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

configure terminal Enters global configuration mode.

alarm facility fcs-hysteresis

percentage

end Returns to privileged EXEC mode.

show running config Verifies the configuration.

copy running-config startup-config (Optional) Saves your entries in the configuration file.

Sets the hysteresis percentage for the switch.

For percentage, the range is 1 to 10. The default value is 10 percent.

Configuring Alarm Profiles

Chapter 3 Configuring Switch Alarms

Creating an Alarm Profile

You can use the alarm profile global configuration command to create an alarm profile or to modify an existing profile. When you create a new alarm profile, none of the alarms are enabled.

Note The only alarm enabled in the defaultPort profile is the Port not operating alarm.

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

configure terminal Enters global configuration mode.

alarm profile name Creates the new profile or identifies an existing profile, and enters alarm

end Returns to privileged EXEC mode.

show alarm profile name Verifies the configuration.

copy running-config startup-config (Optional) Saves your entries in the configuration file.

Modifying an Alarm Profile

You can modify an alarm profile from alarm profile configuration mode.

You can enter more than one alarm type separated by a space.

profile configuration mode.

Command Purpose

alarm {fcs-error | link-fault | not-forwarding | not-operating}

notifies {fcs-error | link-fault | not-forwarding | not-operating}

Cisco IE 2000 Switch Software Configuration Guide

3-8

(Optional) Adds or modifies alarm parameters for a specific alarm.

(Optional) Configures the alarm to send an SNMP trap to an SNMP server.

OL-25866-01

Page 95

Chapter 3 Configuring Switch Alarms

Command Purpose

relay-major {fcs-error | link-fault | not-forwarding | not-operating}

syslog {fcs-error | link-fault | not-forwarding | not-operating}

(Optional) Configures the alarm to send an alarm trap to the relay.

(Optional) Configures the alarm to send an alarm trap to a syslog server.

Attaching an Alarm Profile to a Specific Port

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

configure terminal Enters global configuration mode.

interface port interface Enters interface configuration mode.

alarm-profile name Attaches the specified profile to the interface.

end Returns to privileged EXEC mode.

show alarm profile Verifies the configuration.

copy running-config startup-config (Optional) Saves your entries in the configuration file.

Monitoring and Maintaining Switch Alarms Status

Enabling SNMP Traps

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

configure terminal Enters global configuration mode.

snmp-server enable traps alarms Enables the switch to send SNMP traps.

end Returns to privileged EXEC mode.

show alarm settings Verifies the configuration.

copy running-config startup-config (Optional) Saves your entries in the configuration file.

Monitoring and Maintaining Switch Alarms Status

Ta b l e 3-4 Commands for Displaying Global and Port Alarm Status

Command Purpose

show alarm description ports Displays an alarm number and its text description.

show alarm profile [name] Displays all alarm profiles in the system or a specified profile.

show alarm settings Displays all global alarm settings on the switch.

show env {alarm-contact | all | power | temperature}

show facility-alarm status [critical | info | major | minor]

Displays the status of environmental facilities on the switch.

Displays generated alarms on the switch.

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

3-9

Page 96

Configuration Examples for Switch Alarms

Configuring External Alarms: Example

This example configures alarm input 1 named door sensor to assert a major alarm when the door circuit is closed and then displays the status and configuration for all alarms:

Switch(config)# alarm contact 1 description door sensor Switch(config)# alarm contact 1 severity major Switch(config)# alarm contact 1 trigger closed Switch(config)# end Switch(config)# show env alarm-contact Switch# show env alarm-contact

ALARM CONTACT 1 Status: not asserted Description: door sensor Severity: major Trigger: closed ALARM CONTACT 2 Status: not asserted Description: external alarm contact 2 Severity: minor Trigger: closed

Chapter 3 Configuring Switch Alarms

Associating Temperature Alarms to a Relay: Examples

This example sets the secondary temperature alarm to the major relay, with a high temperature threshold value of 113 SNMP server.

Switch(config) # alarm facility temperature secondary high 45 Switch(config) # alarm facility temperature secondary relay major Switch(config) # alarm facility temperature secondary syslog Switch(config) # alarm facility temperature secondary notifies

This example sets the first (primary) temperature alarm to the major relay. All alarms and traps associated with this alarm are sent to a syslog server.

Switch(config) # alarm facility temperature primary syslog Switch(config) # alarm facility temperature primary relay major

F (45oC). All alarms and traps associated with this alarm are sent to a syslog server and an

Creating or Modifying an Alarm Profile: Example

This example creates or modifies the alarm profile fastE for the Fast Ethernet port with link-down (alarmList ID 3) alarm enabled. The link-down alarm is connected to the major relay. This alarm also send notifications to an SNMP server and sends system messages to a syslog server.

Switch(config)# alarm profile fastE Switch(config-alarm-profile)# alarm fcs-error Switch(config-alarm-profile)# relay major link-fault Switch(config-alarm-profile)# notifies not-forwarding Switch(config-alarm-profile)# syslog not-forwarding

3-10

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Page 97

Chapter 3 Configuring Switch Alarms

Setting the FCS Error Hysteresis Threshold: Example

Configuration Examples for Switch Alarms

This example shows how to set the FCS bit error rate for a port to 10

Switch# configure terminal Switch(config)# interface fastethernet1/1 Switch(config-if) # fcs-threshold 10

Configuring a Dual Power Supply: Examples

This example shows how to configure two power supplies:

Switch# configure terminal Switch(config)# power-supply dual

These examples show how to display information when two power supplies are not present which results in a triggered alarm.

Switch# show facility-alarm status Source Severity Description Relay Time Switch MAJOR 5 Redundant Pwr missing or failed NONE Mar 01 1993 00:23:52

Switch# show env power POWER SUPPLY A is DC OK POWER SUPPLY B is DC FAULTY <--

Switch# show hard led SWITCH: 1 SYSTEM: GREEN ALARM : ALT_RED_BLACK <--

-10

Displaying Alarm Settings: Example

Switch# show alarm settings Alarm relay mode: De-energized Power Supply Alarm Enabled Relay Notifies Disabled Syslog Enabled Temperature-Primary Alarm Enabled Thresholds MAX: 95C MIN: -20C Relay MAJ Notifies Enabled Syslog Enabled Temperature-Secondary Alarm Disabled Threshold Relay Notifies Disabled Syslog Disabled SD-Card Alarm Disabled Relay Notifies Disabled Syslog Enabled Input-Alarm 1

OL-25866-01

Cisco IE 2000 Switch Software Configuration Guide

3-11

Page 98

Chapter 3 Configuring Switch Alarms

Additional References

Alarm Enabled Relay Notifies Disabled Syslog Enabled Input-Alarm 2 Alarm Enabled Relay Notifies Disabled Syslog Enabled

Additional References

The following sections provide references related to switch administration:

Cisco IE 2000 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual