Switch Management
Cisco Catalyst about-face accessories can be configured to abutment abounding altered requirements and
features. Back a PC is affiliated to the consecutive animate port, agreement is about done with
a terminal adversary appliance on the PC. Added configurations can be performed through a
Telnet affair beyond the LAN or through a web-based interface. These capacity will be covered
in afterwards sections.
Catalyst switches abutment one of two types of user interface for configuration: Cisco IOS-based
commands, and set-based, command-line interface (CLI) commands. The IOS-based
commands (found in Catalyst 1900/2820, 2900XL, and 3500XL) are agnate to abounding IOS
commands acclimated on Cisco routers. However, the CLI commands (found in 2926G, 4000, 5000
and 6000) use set and bright commands to change agreement parameters. Both types of user
interface are discussed in the sections that follow.
Identifying the Switch
All switches appear from the branch with a absence agreement and a absence arrangement name or
prompt. This name can be afflicted so that anniversary about-face in a campus arrangement will accept a unique
identity. This advantage can be advantageous back you are application Telnet to move from about-face to about-face in
a network.
Setting the Hostname/System Name on an IOS-Based Switch
To change the host or arrangement name on an IOS-based user interface, admission the following
command in agreement mode:
Switch(config)# hostname hostname
The hostname is a cord of 1 to 255 alphanumeric characters. As anon as this command is
executed, the arrangement alert will change to reflect the new hostname.
NOTE Agreement changes fabricated on IOS-based switches administer abandoned to the alive running
configuration, stored in RAM. To accomplish the changes permanent, in aftereffect alike afterwards a power
cycle, bethink to archetype the about-face agreement into the startup configuration, stored in
NVRAM. You can do this by application the archetype running-config startup-config command.
Setting the Hostname/System Name on a CLI-Based Switch
To set the arrangement name on a CLI-based user interface, the arrangement alert is afflicted with the
following command:
Switch(enable) set arrangement name name-string
Switch Administration 81
As anon as this command is executed, the arrangement name and the alert will change to reflect
the new value. This alert is displayed at the alpha of every CLI line.
Passwords and User Access
Normally, a arrangement accessory should be configured to defended it from crooked access.
Catalyst switches action a simple anatomy of aegis by ambience passwords to bind who can log
in to the user interface. Two levels of user admission are available: approved login, or EXEC mode,
and accredit login, or advantaged mode. EXEC approach is the aboriginal akin of access, which gives access
to the basal user interface through any band or the animate port. The advantaged approach requires a
second countersign and gives admission to set or change about-face operating ambit or
configurations.
Cisco provides assorted methods for accouterment accessory aegis and user authentication. Abounding of
these methods are added defended and able-bodied than application the login passwords in Chapter 12,
“Controlling Admission in the Campus Environment,” describes these appearance in greater detail.
Setting Login Passwords on an IOS-Based Switch
To set the login passwords on a Cisco IOS-based about-face interface, admission the following
commands in all-around agreement mode:
Switch(config)# accredit countersign akin 1 password
Switch(config)# accredit countersign akin 15 password
Here, the EXEC approach countersign is set with a advantage akin of one (1), while the enable
password is set with a advantage akin of 15. The countersign is a cord of four to eight
alphanumeric characters. Passwords on these switches are not case-sensitive.
To abolish a password, use the no accredit countersign akin countersign command.
Setting Login Passwords on a CLI-Based Switch
Example 3-1 lists the commands you would admission in accredit approach to set the login passwords on
a Cisco about-face with a CLI-based user interface.
Example 3-1 Ambience the Login Passwords on a Cisco Switch
Switch (enable) set password
Enter old password: oldpassword
Enter new password: newpassword
Retype new password: newpassword
Password changed.
Switch (enable) set enablepass
Enter old password: oldenablepassword
Enter new password: newenablepassword
Retype new password: newenablepassword
Password changed.
Switch (enable)
82 Chapter 3: Basal About-face and Anchorage Configuration
As Example 3-1 demonstrates, “password” is the EXEC approach password, and the “enablepass”
is the advantaged approach password. Passwords on these switches are case-sensitive.
Remote Access
By default, the about-face login passwords acquiesce user admission abandoned via the animate port. In adjustment to
use Telnet to admission a about-face from aural the campus network, to use ping to analysis the
reachability of a switch, or to adviser a about-face by SNMP, you charge accomplish some configuration
for alien access.
Although a about-face operates at Band 2, the about-face administrator processor charge advance an IP
stack at Band 3 for authoritative purposes. An IP abode and subnet affectation can again be
assigned to the about-face so that alien communications with the about-face administrator are possible.
By default, all ports on a about-face are assigned to the aforementioned basal LAN (VLAN) or broadcast
domain. The about-face administrator and its IP assemblage charge be assigned to a VLAN afore remote
Telnet and ping sessions will be supported. VLANs are discussed futher in Chapter 4.
Enabling Alien Admission on an IOS-Based Switch
On a about-face with an IOS-based user interface, an IP abode can be assigned to the management
VLAN (default is VLAN 1) with the afterward commands in all-around agreement mode:
Switch(config)# interface vlan 1
Switch(config-if)# ip abode ip-address netmask
Switch(config-if)# ip default-gateway ip-address
As approved by the above-mentioned command syntax, an IP abode and subnet affectation are
assigned to the VLAN1 “interface,” which is absolutely the about-face supervisor’s IP assemblage alert on
VLAN1. In adjustment to accelerate packets destined off the bounded VLAN1 subnet, a absence aperture IP
address is additionally assigned.
Again, this absence aperture has annihilation to do with processing packets that are anesthetized through
the switch; rather, the absence aperture is abandoned acclimated to advanced cartage amid a user and the
switch administrator for administration purposes.
To appearance the accepted about-face IP settings, use the appearance ip command.
Enabling Alien Admission on a CLI-Based Switch
An IP abode can additionally be configured for in-band administration on a about-face with a CLI-based
user interface by entering the afterward commands in advantaged mode:
Switch(enable) set interface sc0 ip-address netmask broadcast-address
Switch(enable) set interface sc0 vlan
Switch(enable) set ip avenue absence gateway
Switch Administration 83
The aboriginal command band defines the IP abode and subnet affectation for the about-face management
interface, sc0. The advertisement abode charge additionally be accustomed to bout the subnet and subnet mask
values. In addition, the administration interface is assigned to a specific VLAN with the second
command line. If this command is not given, the administration interface defaults to VLAN1. The
third command band assigns a absence aperture that will accept any packets destined off the local
management interface subnet.
To appearance the accepted IP settings, use the appearance interface command.
Communicating Amid Switches
Because about-face accessories are usually interconnected, administration is usually simplified if the
switches can acquaint on some akin to become acquainted of anniversary other. Cisco has
implemented protocols on its accessories so that adjoining Cisco accessories can be found. As
well, some families of about-face accessories can be amassed and managed as a assemblage already they discover
one another.
Cisco Analysis Protocol
Cisco uses a proprietary agreement on both switches and routers to ascertain adjoining devices.
The Cisco Analysis Agreement (CDP) can be enabled on interfaces to periodically acquaint the
existence of a accessory and barter basal advice with anon affiliated neighbors. The
information exchanged in CDP letters includes the accessory type, links amid devices, and
the cardinal of ports aural anniversary device.
By default, CDP runs on anniversary anchorage of a Cisco about-face that is able of application the SNAP protocol.
CDP advertisements action every 60 abnormal by default. CDP advice occurs at the data
link band so that it is absolute of any arrangement band agreement that may be active on a
network segment. CDP frames are beatific as multicasts, application a destination MAC abode of
01:00:0c:cc:cc:cc.
Switches attention the CDP abode as a appropriate abode anecdotic a multicast anatomy that should
not be forwarded. Instead, CDP multicast frames are redirected to the switch’s management
port, and are candy by the about-face administrator alone. Therefore, Cisco switches abandoned become
aware of added anon affiliated Cisco devices.
Enabling CDP and Viewing CDP Advice on an IOS-Based Switch
CDP is enabled by absence on all about-face interfaces. To accredit CDP, use the afterward interface
configuration command (use the no anatomy to attenuate CDP):
Switch(config-if)# cdp enable
Switch(config-if)# no cdp enable
84 Chapter 3: Basal About-face and Anchorage Configuration
To appearance advice abstruse from CDP advertisements of adjoining Cisco devices, use one
of the afterward commands:
Switch# appearance cdp interface [type module/port]
Switch# appearance cdp neighbors [type module/port] [detail]
The aboriginal command displays CDP advice pertaining to a specific interface. If the type,
module, and anchorage advice is omitted, CDP advice from all interfaces is listed. The
second command displays CDP advice about adjoining Cisco devices. If the detail
keyword is used, all accessible CDP advice about anniversary acquaintance is displayed.
Enabling CDP and Viewing CDP Advice on a CLI-Based Switch
CDP is enabled by default. To accredit or attenuate CDP, use the afterward command:
Switch(enable) set cdp {enable | disable} module/port
The bore and anchorage ambit are included to accredit or attenuate CDP on alone ports. If
these ethics are excluded, CDP is enabled or disabled on a all-around base for all ports on the
switch.
To appearance advice abstruse from CDP advertisements of adjoining Cisco devices, use a
form of the afterward command:
Switch(enable) appearance cdp neighbors [module/port] [vlan | bifold | capabilities |
detail]
Here, the bore and anchorage cardinal can be accustomed to appearance CDP advice on a accurate port.
The vlan keyword displays advice about the built-in VLAN numbers of neighboring
devices. The bifold keyword displays the bifold blazon of anniversary adjoining device. Using
capabilities displays adequacy codes for the adjoining devices. The detail keyword displays
all accessible CDP advice about anniversary adjoining device, including the IP abode assigned
to the adjoining interface or administration interface.
As approved in Example 3-2, the appearance cdp neighbors detail command can be advantageous when
you are affiliated to a about-face and charge to apperceive added about what added switches are adjacent in
a network. Particularly advantageous are the IP abode entries, acceptance Telnet admission to previously
unknown switches.
Example 3-2 Displaying CDP Advice for Adjoining Devices
Switch(enable) appearance cdp neighbors 4/4 detail
Port (Our Port):4/4
Device-ID:69046406
Device Addresses:
IP Address:172.20.25.161
Holdtime:150 sec
Capabilities:TRANSPARENT_BRIDGE SWITCH
Version:
WS-C5509 Software, Version McpSW: 5.3(0.29)BOU NmpSW: 5.3(0.29)BOU
Copyright (c) 1995-1999 by Cisco Systems
Switch Administration 85
For a quick arbitrary of CDP cachet on all about-face ports, use the appearance cdp anchorage command.
Switch Clustering and Stacking
Cisco has additionally implemented a proprietary adjustment for alignment switches into a management
cluster. Up to 16 about-face accessories can be added into a cluster, behindhand of their concrete location
on the network. In this fashion, an absolute array of switches can be managed through a single
IP address—that of the command switch. Array administration can be performed through
HTML, IOS-based, and SNMP-based administration interfaces on the command switch.
Cluster analysis takes abode already a command about-face has been assigned an IP abode and
configured as a command switch. CDP letters are acclimated to ascertain adjoining switches that
are candidates for array membership. Array analysis takes abode abandoned on about-face ports that
are assigned and affiliated to VLAN1. Abandoned the anon affiliated about-face accessories will be
discovered by the command switch. Added switches daisy-chained abaft the directly
connected neighbors can be manually added to the cluster.
NOTE At columnist time, abandoned the Catalyst 2900 and 3500 about-face families (both IOS-based) are able of
cluster operations.
To configure a about-face to become the command about-face for a cluster, aboriginal accredit an IP abode for
the administration interface. Then, use the afterward command:
Switch(config)# array accredit cluster-name
Once the command about-face has been articular and configured, the array analysis can be
viewed and managed from a web browser. Refer to the Array Builder affidavit in the
Catalyst 2900XL and 3500XL software affidavit for added abundant advice and
examples. (www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35xp/scg/kiclust.