Table Of Contents
Using the Catalyst 6500/7600 Device Manager
Getting Started with DM 6500/7600
Key Features in DM 6500/7600
Starting DM 6500/7600
Navigating in DM 6500/7600
What Does the Home Page Show Me?
What Does the Switch Page Show Me?
What Does the Services Page Show Me?
Understanding the DM 6500/7600 Desktop
Understanding the Action Buttons
Saving Startup Configurations
Editing Preferences
Refreshing DM 6500/7600
Understanding Your User Role
What's Next?
System Settings (Switch > System)
Configuring Global Settings
System Pane
Protocols Pane
Editing System Settings
Editing Protocol Settings
Configuring CDP Settings
Configuring Cisco IOS Banners
Displaying a Summary of Your DHCP Pools
Viewing DHCP Pool Status
Configuring Time and NTP Broadcasts
Editing Date and Time Settings
Editing NTP Servers and Peers
Displaying a Summary of Global STP Settings
Ports/Interface Management (Switch > Ports)
Configuring All Ports/Interfaces
Editing Port/Interface Attributes
Configuring a Group of Physical Ports Using the Port Wizard
Selecting Ports
Configuring Ports
Configuring VLAN for Ports
Port Wizard Summary
Configuring Access Ports
Editing and Restarting Access Ports
Configuring Trunk Ports
Editing and Restarting Trunk Ports
Configuring Routed Ports
Editing and Restarting Routed Ports
Configuring SVIs
Editing and Restarting SVIs
Adding an SVI
Configuring Tunnel Interfaces
Editing and Restarting Tunnel Interfaces
Adding a Tunnel Interface
Configuring Loopback Interfaces
Editing and Restarting Loopback Interfaces
Adding a Loopback Interface
Viewing Other Interfaces
Understanding Interface Ranges
Adding Interface Ranges
Editing Interface Ranges
Viewing Interface Range Details
Editing Ports/Interfaces Within an Interface Range
VLAN and VTP Management (Switch > VLANs)
Configuring VLANs
Creating and Configuring a VLAN Using the VLAN Wizard
Creating a Single Ethernet VLAN
Creating Multiple Ethernet VLANs
Editing Ethernet VLANs
Configuring Layer 2 VLANs
Creating a Single Layer 2 Ethernet VLAN
Creating Multiple Layer 2 Ethernet VLANs
Editing Layer 2 Ethernet VLANs
Configuring Layer 3 VLANs
Creating a Single Layer 3 Ethernet VLAN
Creating Multiple Layer 3 Ethernet VLANs
Editing Layer 3 Ethernet VLANs
Deleting VLANs
Viewing Service VLANs
Configuring VTP Information
Editing VTP Information
Spanning Tree Settings (Switch > Spanning Tree)
Configuring STP Settings for All VLANs
Editing STP Settings for a VLAN or VLANs
Configuring STP Settings for a Specific VLAN
Editing STP Settings for a Specific VLAN
Configuring STP Settings for All Ports
Editing STP Settings for a Port or Ports
Configuring STP Settings for a Specific Port
Editing STP Settings For a Specific Port
Displaying VPN Routing and Forwarding Instances (Switch > VRFs)
Service Module Configuration (Services > Flows)
Viewing Service Modules and VLAN Connections Using the Services Topology Map
Nonrecommended Service Module Configurations
VLAN Connection Shortcut Menu
Adding VLANs/Interfaces
Adding VLAN/Interface Connections Between Service Modules
VLAN Connection Parameters
Viewing and Configuring Virtual Firewalls (Contexts)
Viewing Contexts
Adding Interfaces to Virtual Firewalls
Editing Interfaces on Virtual Firewalls
Service Module Setup Wizards
Which Wizard Should I Use?
Firewall-Inside Scenario
Firewall-Outside Scenario
Using the Firewall-Inside Setup Wizard
Selecting a Service Module
Configuring the Core Network Connection
Configuring the MSFC-Firewall VLAN
Configuring the Inside Network Connection
Summary
Saving the Configuration
Using the Firewall-Outside Setup Wizard
Selecting a Service Module
Configuring the Internet Connection
Configuring the Firewall-MSFC VLAN
Configuring the Inside Network Connection
Configuring the Core Network Connection
Summary
Delivering the Configuration to the Switch/Module
Firewall Service Module Setup
Configuring the Firewall Module
Service Details
Configuring VLAN Groups
Adding a VLAN Group
Editing a VLAN Group
Entering a VLAN Range
Configuring VLANs in a VLAN Group
Adding a VLAN to a VLAN Group
Editing a VLAN in a VLAN Group
Security Context Overview
Configuring Firewall Contexts
Adding a Context
Editing a Context
Firewall Context Details
Allocate VLAN
Edit Allocated VLAN
Configuring Firewall Interfaces
Adding a Firewall Module Interface
Editing a Firewall Module Interface
Using the Catalyst 6500/7600 Device Manager
This section describes the Catalyst 6500/7600 Device Manager (DM 6500/7600) tool that is embedded in Security Manager. Topics in this section explain tasks that you can accomplish with DM 6500/7600 and are organized in three thematic sections, as follows:
Getting Started with DM 6500/7600
DM 6500/7600 enables you to set up, configure, and monitor devices in the Cisco Catalyst 6500 and 7600 families. DM 6500/7600 simplifies device, VLAN, port, and service module configuration by allowing you to perform all these operations with one tool.
You use wizards and dialog boxes to make your configurations; DM 6500/7600 then designs best-practice command line interface (CLI) configurations based on your selections. You can view the CLI configurations that DM 6500/7600 generates, then deploy them to the device or save them for future editing.
More importantly, DM 6500/7600 shows you a graphical view of LANs configured across service modules. In addition to these features, DM 6500/7600 shows you a device summary and allows you to perform basic configuration tasks globally or for individual VLANs, ports, and spanning trees.
Note 
DM 6500/7600 supports the deployment of native Cisco IOS commands only.
This section includes the following topics:
•Key Features in DM 6500/7600
•Starting DM 6500/7600
•Navigating in DM 6500/7600
•Starting DM 6500/7600
•Saving Startup Configurations
•Editing Preferences
•Refreshing DM 6500/7600
•Understanding Your User Role
•What's Next?
Key Features in DM 6500/7600
The following table describes the key features of DM 6500/7600.
Table 14-2 Key Features
Feature
|
Description
|
Basic switch, port, VLAN, spanning tree, and SVI configuration
|
DM 6500/7600 provides functions for port, VLAN, spanning tree, and SVI configuration.
|
Initial service module setup
|
DM 6500/7600 provides functions for the initial configuration of the Firewall Services Module (FWSM).
DM 6500/7600 also provides deployment templates, based on Cisco-recommended configurations, that perform VLAN setup between service modules, including any configurations required for traffic flow across them.
|
Graphical and wireless service visualization
|
DM 6500/7600 provides a topology map that displays VLAN connectivity between service modules and allows you to perform certain configuration tasks on service modules.
|
Related Topics
•Starting DM 6500/7600
•Navigating in DM 6500/7600
Starting DM 6500/7600
To start DM 6500/7600 from the Security Manager GUI, do either of the following:
•Right-click a Catalyst device, then select Catalyst Device Manager from the shortcut menu.
•Select a Catalyst device, then select Tools > Catalyst Device Manager.
Navigating in DM 6500/7600
Before you begin using DM 6500/7600, you must understand the basic operation of the user interface, including the login procedure and user interface elements. See the following sections for more information:
•What Does the Home Page Show Me?
•What Does the Switch Page Show Me?
•What Does the Services Page Show Me?
•Understanding the DM 6500/7600 Desktop
•Understanding the Action Buttons
What Does the Home Page Show Me?
The home page is the first screen that comes up when DM 6500/7600 is started. It gives a quick overview of the services running on the device and a snapshot of the overall health of the system. It displays high-level system information; any service modules, ports, VLANs, and spanning trees DM 6500/7600 has discovered; and the status of each service module installed (see Figure 14-1).
Figure 14-1 DM 6500/7600 Home Page Components and Descriptions
|
|
Location
|
Description
|
1
|
System Overview tab
|
Provides high-level information about the device and shows the following information:
•Hostname—The hostname of the device.
•Serial Number—The serial number of the device.
•Description—A brief description of the device.
•Model—The model type of the device.
•IOS version—The Cisco IOS image version the device is running.
•Image—The name of the image running on the device.
•Last Update—A time stamp for the most recent discovery.
Note DM 6500/7600 does not show information in real time. Updates occur only when discovery occurs.
The supervisor pane displays the percentage of CPU, memory, and flash used by the supervisor card.
|
2
|
Switch Dashboard tab
|
Provides information about ports, VLANs, and spanning trees discovered by the device, such as the number of access ports and the number of Layer 2 VLANs.
Click the link for any switch object to open the corresponding page for that object.
|
3
|
Services Dashboard tab
|
Provides information about the service modules on the device. Click the link for any service to open the corresponding page for that service module.
If there are no service modules installed, a No Service Modules link appears. See No Service Modules Installed.
|
4
|
Module Status tab
|
Provides an overview of installed service modules and provides a table that displays the following information:
•Slot—The slot to which the service module is attached.
•Status—Status of the service module. A  icon indicates that the module is operationally up; a  icon indicates that the module is operationally down.
•Description—A brief description of the service module.
•Serial Number—The serial number of the service module.
•Model—The model type of the service module.
•Software Version—The Cisco IOS version running on the service module.
|
Related Topics
•Navigating in DM 6500/7600
•What Does the Switch Page Show Me?
•What Does the Services Page Show Me?
•Understanding the DM 6500/7600 Desktop
No Service Modules Installed
If no service modules are installed, the No Services available link is displayed on the Services Dashboard.
To view available Cisco service modules, see http://www.cisco.com/en/US/products/hw/modules/ps2706/prod_models_home.html.
For more information on the types of data that DM 6500/7600 can display for each service module, see Firewall Service Module Setup.
Related Topics
•Navigating in DM 6500/7600
•What Does the Switch Page Show Me?
•What Does the Services Page Show Me?
•Understanding the DM 6500/7600 Desktop
What Does the Switch Page Show Me?
The Switch page allows you to view and configure Layer 2 and Layer 3 switch features, such as port, VLAN, VRF, and spanning tree features. You can also edit your global settings from the Switch page (see Figure 14-2).
Figure 14-2 DM 6500/7600 Switch Page
Related Topics
•Navigating in DM 6500/7600
•What Does the Home Page Show Me?
•What Does the Services Page Show Me?
•Understanding the DM 6500/7600 Desktop
What Does the Services Page Show Me?
The Services page allows you to view and configure services running on the device. This page provides summary information about service modules. The Services page also provides a graphical view of VLANs across service modules and setup wizards that enable you to configure the services on the device (see Figure 14-3).
Figure 14-3 DM 6500/7600 Services Page
Related Topics
•Navigating in DM 6500/7600
•What Does the Home Page Show Me?
•What Does the Switch Page Show Me?
•Understanding the DM 6500/7600 Desktop
Understanding the DM 6500/7600 Desktop
This section describes the main GUI elements of the DM 6500/7600 application.
Figure 14-4 DM 6500/7600 GUI Elements
|
|
Location
|
Description
|
1
|
Menu bar
|
Provides File, Edit, View, and Help options.
•File
–File > Save—Saves the configuration to the Security Manager database.
–File > Save and Exit—Saves the configuration running on the device and on the service modules as the startup configuration, then quits DM 6500/7600. See Saving Startup Configurations.
–File > Quit Without Saving—Logs you out of DM 6500/7600 and closes the application window.
•Edit
–Edit > Preferences—Displays the Preferences dialog box, from which you can edit application preferences. See Editing Preferences.
•View
–View > Home—Displays the Home page. See What Does the Home Page Show Me?.
–View > Switch —Displays the Switch page. See What Does the Switch Page Show Me?.
–View > Services—Displays the Services page. See What Does the Services Page Show Me?.
–View > Refresh—Collects the most recent device information from the Security Manager database, then updates the DM 6500/7600 data. See Refreshing DM 6500/7600.
•Help
–Help > Help Topics—Displays online help.
|
|
|
|
Location
|
Description
|
2
|
Task bar
|
Provides the following buttons:
•Home—Displays the home page. See What Does the Home Page Show Me?.
•Switch—Displays the Switch page for Layer 2 and Layer 3 switching. See What Does the Switch Page Show Me?.
•Services—Displays the Services page for Layer 4 and higher services. See What Does the Services Page Show Me?.
•Refresh—Collects the most recent device information and updates the display of information in DM 6500/7600.
•Save—Saves configuration to the Security Manager database.
•Help—Displays context-sensitive help.
|
3
|
Page
|
DM 6500/7600 working area in which you perform tasks.
|
4
|
Pane
|
One part of a divided page or dialog box.
|
5
|
Status bar
|
Provides the following information:
•Application user and privilege level.
•Icon showing the security level of the connection.
•Time stamp showing the last time Security Manager collected data.
|
6
|
Selector
|
Hierarchy of the groups and objects available in the Switch or Services page that allows you to access specific functions for a switch or service object. See Selector.
|
7
|
Left-most pane
|
Contains buttons, on the Switch or Services page, that allow you to access switch or services functions.
|
Related Topics
•Navigating in DM 6500/7600
•What Does the Home Page Show Me?
•What Does the Switch Page Show Me?
•What Does the Services Page Show Me?
•Selector
•Understanding the Action Buttons
Selector
The selector is a tree that appears on most Switch and Services pages. Figure 14-5 shows what the selector looks like when folders, subfolders, and objects are displayed. Not all selectors contain all these elements.
Figure 14-5 Selector
|
|
Location
|
Description
|
1
|
Group folder
|
Displays a group of objects. Click the plus (+) symbol to see the contents of this folder.
|
2
|
Subgroup folder
|
Displays a subgroup of objects. Click the plus (+) symbol to see the contents of this folder.
|
3
|
Selector handle
|
Click the handle to open and close the selector, or click the handle and drag it to resize it.
|
4
|
Object
|
Displays the individual entity contained in the group or subgroup. Click an object to open the page for that object.
|
Understanding the Action Buttons
This section describes the action buttons that commonly appear in DM 6500/7600 dialog boxes and wizards. For a description of the wizard buttons, see Table 14-3; for a description of the dialog box buttons, see Table 14-4.
Table 14-3 Wizard Buttons
Button
|
Action
|
Back
|
Takes you to the previous page.
|
Next
|
Takes you to the next page.
|
Finish
|
Takes you to the wizard summary page.
|
Cancel
|
Exits the wizard without making any changes.
|
Help
|
Displays context-sensitive online help.
|
Table 14-4 Dialog Box Buttons
Button
|
Action
|
OK
|
Saves your changes.
|
Cancel
|
Exits the dialog box without making any changes.
|
Help
|
Displays context-sensitive online help.
|
Note Some dialog boxes may contain additional buttons not described in this table.
Saving Startup Configurations
You can save your device and service module configuration as the startup configuration.
Procedure
Step 1 Select File > Save > Save to Cisco Security Manager Database. A warning dialog box appears, asking if you want to continue.
Step 2 To continue, click Yes. DM 6500/7600 saves the configuration as your startup configuration.
Editing Preferences
Procedure
Step 1 Select Edit > Preferences. The Preferences dialog box appears.
Step 2 Edit the appropriate values:
GUI Element
|
Action
|
Show CLI Preview for Wizards check box
|
Select this checkbox if you want DM 6500/7600 to display the CLI commands to be delivered to the device after you have completed a wizard.
|
Confirm before Exiting check box
|
Select this check box if you want DM 6500/7600 to ask you to confirm that you want to exit the application. By default, this check box is selected.
If you want DM 6500/7600 to confirm your intentions every time you exit from DM 6500/7600, select the Always display this dialog box before exiting check box.
|
Refreshing DM 6500/7600
At any time, you can refresh displayed information in DM 6500/7600 by synchronizing with the latest device and service module information in the Security Manager database.
Note You can specify that DM 6500/7600 refresh after you deliver commands to the device. See Editing Preferences.
Procedure
Step 1 Click Refresh in the task bar or select View > Refresh.
Step 2 A dialog box appears, asking if you want to proceed with the refresh. To continue, click Yes. The most recent device information is collected and is populated in DM 6500/7600.
Understanding Your User Role
DM 6500/7600 can be used by three types of users: Network Operations, Security Operations, and Super Admin. DM 6500/7600 is structured so that functions specific to each type of user are consolidated in a single place in the application. For example, all Layer 2 and Layer 3 switch features are grouped under the Switch tab, and all services running on the device are grouped under the Services tab. Network Operations users will typically use the functions on the Switch page, while Security Operations users will typically use the functions on the Services page. Certain features are available only to a specific type of user:
•Network Operations users are typically responsible for configuring, maintaining, and managing connectivity between Layer 2 and 3 devices. Network Operations users can perform Layer 2 and 3 configuration functions but do not have access to Layer 4 and higher functions such as configuring security devices.
•Security Operations users are typically responsible for configuring, maintaining, and managing security devices such as SSL and firewalls. Security Operations users can configure the security on service blades and apply policies to them.
•Super Admin users have access to all DM 6500/7600 functionality. For example, these users can create VLANs on the supervisor, have access to service blade configurations, and can inspect and edit firewall VLAN interfaces.
What's Next?
If your main task is to manage port, VLAN, and spanning tree configurations, then almost all of your operations can be performed using the Switch tab. If your main task is to manage and configure service modules on the device, then your operations can be performed using the Services tab.
System Settings (Switch > System)
The System pages allow you to view and edit global switch settings. For example, you can see what Cisco IOS image the switch is using or what protocols are enabled. You can also configure and apply global Cisco Discovery Protocol (CDP), Cisco IOS banner, clock, Network Time Protocol (NTP), and Spanning Tree Protocol (STP) settings to the switch.
The following topics are described in this section:
•Configuring Global Settings
•Configuring CDP Settings
•Configuring Cisco IOS Banners
•Displaying a Summary of Your DHCP Pools
•Configuring Time and NTP Broadcasts
•Displaying a Summary of Global STP Settings
Configuring Global Settings
Two types of information shown are on the Global Settings page (see Figure 14-6):
•System—Displays specific switch and Cisco IOS image information.
•Protocol—Displays protocols on the device.
Figure 14-6 Global Settings Page
System Pane
The System pane shows the following fields.
Note Fields between Cisco IOS Version and MSFC Flash show information that is normally displayed when you issue the CLI # sh version command.
Field
|
Description
|
Hostname
|
Configured network name of the switch.
|
Description
|
Description given to the switch.
|
Domain Name
|
Domain name associated with the switch. An example of a domain name is cisco.com, but your domain name might end with a different suffix, such as .org or .net.
|
Model
|
Model number of device.
|
Default Gateway
|
IP address of the Layer 3 interface that is acting as a router for traffic generated by the switch. It is recommended that you set a default gateway if you are accessing the switch from different networks.
Note If the ip route 0.0.0.0 0.0.0.0 cmd is found in the running configuration, that overrides what is shown in this default gateway field.
|
Up Since
|
Date and time at which the device became operational.
|
Cisco IOS Version
|
Cisco IOS image version the device is running.
|
Serial Number
|
Serial number of the switch.
|
Config Register
|
Configuration register setting value.
|
Boot Variable
|
Image file from which the switch can boot at startup.
|
System Image File
|
Name of system image file.
|
Processor Memory (RP)
|
Total memory on the switch.
|
Supervisor Flash
|
Total Supervisor Flash memory installed on the switch.
|
MSFC Flash
|
Total MSFC Flash memory installed on the switch.
|
Protocols Pane
The Protocols pane shows the following fields.
Field
|
Description
|
HTTP
|
Whether HTTP server is enabled or disabled on the device.
|
Global CDP
|
Whether the ability of the device to advertise its existence to other devices and receive information about other devices on the same LAN is enabled or disabled.
Cisco Discovery Protocol (CDP) is a media- and protocol-independent, device-discovery protocol that runs on all Cisco-manufactured equipment, including routers, access servers, bridges, and switches.
Caution When enabled, CDP can consume switch memory by causing it to send out a high number of discovery packets.
|
DHCP Snooping
|
Whether DHCP snooping is enabled or disabled on the device. This field is displayed only when the Supervisor Engine 720 is installed on the device.
Enable DHCP snooping so that wireless clients, or mobile nodes, can gain access to an untrusted wireless network.
|
Related Topics
•Configuring CDP Settings
•Configuring Cisco IOS Banners
•Configuring Time and NTP Broadcasts
Editing System Settings
The System pane displays specific switch and Cisco IOS image information. You can edit the hostname, domain name, and default gateway values.
Procedure
Step 1 Click Switch in the task bar, click Global Settings in the left-most pane, then select System from the selector.
Step 2 Click Edit in the System pane.
Step 3 Edit the appropriate values.
Field
|
Description
|
Hostname
|
Configured network name of the switch.
|
Domain Name
|
Domain name associated with the switch. An example of a domain name is cisco.com, but your domain name might end with a different suffix, such as .org or .net.
|
Default Gateway
|
IP address of the Layer 3 interface that is acting as a router for traffic generated by the switch. It is recommended that you set a default gateway if you are accessing the switch from different networks.
Caution If the wrong gateway is entered, the device may disconnect from DM 6500/7600.
|
Step 4 Click OK
Related Topics
•Configuring CDP Settings
•Configuring Cisco IOS Banners
•Configuring Time and NTP Broadcasts
Editing Protocol Settings
The Protocol pane displays what protocols are enabled. You can edit all values in this pane.
Procedure
Step 1 Click Switch in the task bar, click Global Settings in the left-most pane, then select System from the selector.
Step 2 Click Edit in the Protocols pane.
Step 3 Edit the appropriate values.
GUI Element
|
Action/Description
|
DHCP Snooping check box
|
Enables or disables DHCP snooping on the device. This option is available only when the Supervisor Engine 720 is installed on the device.
Enable DHCP snooping so that wireless clients, or mobile nodes, can gain access to an untrusted wireless network.
|
HTTP check box
|
Enables or disables the HTTP server on the device.
|
Global CDP check box
|
Enables or disables the ability of the device to advertise its existence to other devices and receive information about other devices on the same LAN.
Cisco Discovery Protocol (CDP) is a media- and protocol-independent, device-discovery protocol that runs on all Cisco-manufactured equipment, including routers, access servers, bridges, and switches.
Caution When enabled, CDP can consume switch memory by causing it to send out a high number of discovery packets.
|
Step 4 Click OK.
Related Topics
•Configuring CDP Settings
•Configuring Cisco IOS Banners
•Configuring Time and NTP Broadcasts
Configuring CDP Settings
Cisco Discovery Protocol (CDP) is primarily used to obtain protocol addresses of neighboring devices and discover the platform of those devices. CDP can also be used to show information about the interfaces your switch uses. CDP is media- and protocol-independent, and runs on all Cisco-manufactured equipment, including routers, bridges, access servers, and switches. Using CDP, a device can advertise its existence to other devices and receive information about other devices on the same LAN.
The CDP page displays CDP settings and CDP Neighbors.
Procedure
Step 1 Click Switch in the task bar, click Global Settings in the left-most pane, then select CDP from the selector.
Step 2 Click Edit, then edit the relevant values.
GUI Element
|
Action
|
CDP Timer (in seconds) field
|
Enter the frequency (in seconds) of transmission of CDP updates.
|
CDP Holdtime (in seconds) field
|
Enter the amount of time (in seconds) a receiving device should hold the information sent by your device before discarding it.
|
Send CDP V2 Advertisements check box
|
Select to enable CDP V2 advertisements. CDP Version 2 (CDPv2) is the most recent release of the protocol and provides more intelligent device tracking features.
|
Step 3 Click OK.
Step 4 Click OK, then click Save.
The CDP Neighbors table shows all CDP neighbors connected to the switch. The following table describes the details displayed.
Table 14-6 CDP Neighbors
Column
|
Description
|
Device ID
|
Configured ID (name), MAC address, or serial number of the neighbor device.
|
Local Interface
|
Number and type of the local interface (port).
|
Holdtime
|
The remaining amount of time, in seconds, the current device will hold the CDP advertisement from a transmitting router before discarding it.
|
Capability
|
Capability code discovered on the device. This is the type of the device listed in the CDP Neighbors table. Possible values are:
•Router (R)
•Transparent bridge (T)
•Source-routing bridge (B)
•Switch (S)
•Host (H)
•IGMP device (I)
•Repeater (r)
|
Platform
|
Product number of the device.
|
Port ID
|
Protocol and port number of the device.
|
Related Topics
•Configuring Global Settings
•Configuring Cisco IOS Banners
•Configuring Time and NTP Broadcasts
Configuring Cisco IOS Banners
The Banner page shows Cisco IOS banner information. Banners are informational messages that can be displayed to users.
Procedure
Step 1 Click Switch in the task bar, click Global Settings in the left-most pane, then select Banner from the selector.
Step 2 Click Edit, then enter the banner information.
Banner Type
|
Description
|
Exec Banner
|
Configures the system to display a banner whenever an EXEC process is initiated. For example, this banner will be displayed to users who are connected to the system through Telnet, after they have entered their username and password but before the user EXEC mode prompt is displayed.
|
Login Banner
|
Configures the system to display a banner before the username and password login prompts. This banner is displayed after the Message-of-the-Day banner appears and before the login prompts.
|
Incoming Terminal Line Banner
|
Configures the system to display a banner when there is an incoming connection to a terminal line from a host on the network. This banner is useful for providing instructions to users of these types of connections.
|
Message-of-the-Day Banner
|
Configures the system to display a Message-of-the-Day banner. This banner is displayed at login and is useful for sending messages that affect all network users (such as impending system shutdowns).
|
Step 3 Click OK.
Step 4 Click OK, then click Save.
Related Topics
•Configuring Global Settings
•Configuring CDP Settings
•Configuring Time and NTP Broadcasts
Displaying a Summary of Your DHCP Pools
Dynamic Host Configuration Protocol (DHCP) provides a mechanism for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them. DHCP also consists of a protocol for delivering host-specific configuration parameters from a DHCP server to a host.
A DHCP address pool contains the range of available IP addresses that the DHCP server might assign to DHCP clients. You can view a high-level summary of the DHCP pools in your network.
Click Switch in the task bar, click Global Settings in the left-most pane, then select DHCP from the selector to display the main DHCP Pools page.
The following information is displayed.
GUI Element
|
Description
|
DHCP Pools pane
|
Pool Name column
|
Name of the DHCP pool.
|
Network column
|
IP network from which the DHCP server allocates IP addresses. This network defines the pool of IP addresses available within the DHCP pool.
|
Network Mask column
|
Subnet mask address for the DHCP pool.
|
Interface Name column
|
Interface associated with the DHCP pool. DHCP clients entering this interface are assigned IP addresses from the associated DHCP pool.
|
Details Pane
|
DHCP Pool Name field
|
Name of the DHCP pool
|
Network field
|
IP network from which the DHCP server allocates IP addresses. This network defines the pool of IP addresses available within this DHCP pool.
|
Mask field
|
Subnet mask address for this DHCP pool.
|
Domain Name field
|
Domain name associated with the DHCP client. An example of a domain name is cisco.com, but your domain name might end with a different suffix, such as .org or .net.
|
Default Route field
|
Addresses of the default gateways for this DHCP pool.
|
DNS Servers field
|
Domain Name System (DNS) IP servers available to the DHCP client.
|
WINS Servers field
|
Windows Internet Naming Service (WINS) servers available to the DHCP client.
|
Lease Time field
|
The date and time that the IP address assigned by the DCHP server expires.
|
Excluded Addresses pane
|
IP addresses excluded from the pool of available IP addresses. These excluded IP addresses are not allocated to DHCP clients.
The list of excluded IP addresses can be a single IP address or a range of IP addresses.
|
From this page, you can view detailed status information for a specific DHCP pool. See Viewing DHCP Pool Status.
Related Topics
•Configuring Global Settings
•Configuring CDP Settings
•Configuring Cisco IOS Banners
•Configuring Time and NTP Broadcasts
Viewing DHCP Pool Status
You can learn the current status of any DHCP pool in your network.
Procedure
Step 1 Click Switch in the task bar, click Global Settings in the left-most pane, then select DHCP from the selector.
Step 2 Select a DCHP pool from the DHCP Pools pane, then click Pool Status.
The DHCP Pool Status dialog box displays the following information.
Column
|
Description
|
IP Address
|
IP address allocated to the DHCP pool.
|
Client ID
|
MAC address of the DCHP client to which this IP address is allocated.
|
Lease Expiration
|
Time and date that the allocated IP address expires.
|
Related Topic
•Displaying a Summary of Your DHCP Pools
Configuring Time and NTP Broadcasts
You can configure date, time, and Network Time Protocol (NTP) settings using the Clock page. The Clock page shows system time zone, clock, and calendar information. It also shows NTP Servers and Peers information. NTP sends and receives unicast packets with peers, by default. However, broadcasts can be used if several NTP peers are located on a common network. For clock and NTP configuration guidelines, see the relevant section in Catalyst 6500 Family IOS Software Configuration Guide.
Related Topics
•Editing Date and Time Settings
•Editing NTP Servers and Peers
Editing Date and Time Settings
Procedure
Step 1 Click Switch in the task bar, click Global Settings in the left-most pane, then select Clock from the selector.
Step 2 Click Edit in the Date/Time pane.
Step 3 Edit the appropriate values.
GUI Element
|
Action
|
Update Calendar using Network Time Protocol
|
Select this option if you want NTP to update the calendar. NTP is designed to time-synchronize a network of machines. An NTP network usually gets its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server. NTP then distributes this time across the network.
NTP is extremely efficient: no more than one packet per minute is necessary to synchronize two machines to within a millisecond of one another.
|
Month
|
Enter the numeric month.
|
Day
|
Enter the numeric day.
|
Year
|
Enter the year as a 4-digit number.
|
Hour
|
Enter the current hour.
|
Minute
|
Enter the current minutes.
|
Second
|
Enter the current seconds.
|
Time Zone ID
|
Enter the local time zone to be displayed. The time zone is set to the abbreviated zone name (EST, PST, CDT). This name is only used for display purposes and can be any common zone name. The actual displayed time is defined by an offset in hours and minutes from Greenwich Mean Time .
|
Hours Offset from GMT
|
Enter the offset in hours from Greenwich Mean Time.
|
Minutes Offset from GMT
|
Enter the offset in minutes from Greenwich mean time.
|
Enable Daylight Saving Time
|
Select this option to enable Daylight Saving Time.
|
DST Time Zone ID
|
Enter the name of the zone (using from 1 to 32 characters) to be displayed when Daylight Saving Time time is in effect.
|
Step 4 Click Save.
Related Topic
•Editing NTP Servers and Peers
Editing NTP Servers and Peers
A system's NTP association can be a peer association (the system will either synchronize to another system or allow another system to synchronize to it), or it can be a server association (only this system synchronizes to the other system, and not the other way around).
If you want to form an NTP association with another system:
Step 1 Click Add from the NTP Servers or NTP Peers pane.
Step 2 Enter the IP address of the system to associate.
Step 3 Click OK, then click Save.
To edit the IP address or delete a system association:
Step 1 Select the IP address row to edit from the NTP Servers or NTP Peers pane.
Step 2 Do one of the following:
•Click Edit to edit the IP address, enter the address, then click OK.
•Click Delete to remove the system association.
Step 3 Click Save.
Related Topic
•Editing Date and Time Settings
Displaying a Summary of Global STP Settings
To display information about global Spanning-Tree Protocol (STP) settings, click Switch in the task bar, click Global Settings in the left-most pane, then select Spanning Tree from the selector.
STP is a Layer 2 (L2) link management protocol that is designed to run on bridges and switches. STP provides path redundancy while preventing undesirable loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations.
When you create fault-tolerant internetworks, you must have a loop-free path between all nodes in a network. The STP algorithm calculates the best loop-free path throughout a switched Layer 2 network.
For more information on STP options, see the Catalyst 6500 Family IOS Software Configuration Guide.
GUI Element
|
Description
|
STP Mode
|
Any one of these STP modes might be the global selection:
•PVST—Per-VLAN Spanning Tree (PVST) maintains a spanning tree instance for each configured VLAN in the network. PVST uses InterSwitch Link (ISL) trunking and allows a VLAN trunk to be forwarded for some VLANs while blocking for other VLANs. Because PVST treats each VLAN as a separate network, it can load-balance traffic by forwarding some VLANs on one trunk and other VLANs on another trunk without causing a spanning tree loop.
•Rapid PVST—Rapid Per-VLAN Spanning Tree provides faster spanning tree convergence after a topology change. The standard configuration also includes features equivalent to Cisco PortFast, UplinkFast, and BackboneFast, for faster network reconvergence.
•MST—Multiple Spanning Tree allows several VLANs to be mapped to a reduced number of spanning tree instances.
|
Ether Channel Guard
|
If enabled, detects a misconfigured EtherChannel where interfaces on the switch are configured as an EtherChannel.
|
Extended System ID
|
If enabled, allows extended VLANs. For more information on extended VLANs, see the relevant section in Catalyst 6500 Family IOS Software Configuration Guide.
|
PortFast
|
If enabled, causes a port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states.
|
BPDU Guard
|
If enabled, causes the spanning tree to shut down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning-tree blocking state.
|
BPDU Filter
|
If enabled, ports with BPDU filter will not send BPDUs and will drop all received BPDUs.
|
Loop Guard
|
If enabled, verifies whether a root port or an alternate root port is receiving BPDUs. If the port is not receiving BPDUs, the loop guard feature puts the port into an inconsistent state until it starts receiving BPDUs again.
|
UplinkFast
|
If enabled, increases the path cost of all ports on the switch, making it unlikely that the switch will become the root switch.
Note When enabled, UplinkFast affects all VLANs on the switch.
|
BackboneFast
|
If enabled, BackboneFast is initiated when a root port or blocked port on a switch receives inferior BPDUs from its designated bridge.
|
UDLD
|
Unidirectional Link Detection (UDLD) is a Layer 2 protocol that works with Layer 1 mechanisms to determine the physical status of a link.
|
VLAN Allocation Policy
|
Depending on the global setting, VLANs are allocated in either ascending or descending order.
|
VLAN dot1q Tagging Native
|
If native tagging is the global selection, the switch forwards all frames from 802.1Q trunks with 802.1Q tagging. This includes traffic in the native VLAN (default VLAN), and admits only 802.1Q tagged frames on 802.1Q trunks, dropping any untagged traffic, including untagged traffic in the native VLAN.
You can enter this command on any switch that must support 802.1Q tunneling with 802.1Q trunks. The equivalent CLI command is # set dot1q-all-tagged enable.
For more information, see the relevant section in the Catalyst 6500 Family IOS Software Configuration Guide.
|
Related Topics
•Configuring Global Settings
•Configuring CDP Settings
•Configuring Cisco IOS Banners
•Displaying a Summary of Your DHCP Pools
•Configuring Time and NTP Broadcasts
Ports/Interface Management (Switch > Ports)
DM 6500/7600 provides configuration of both physical ports and logical interfaces. In this section, both physical ports and logical interfaces are referred to as interfaces.
DM 6500/7600 supports these interface types:
•Ethernet
•Fast Ethernet
•Gigabit Ethernet
•Ten Gigabit Ethernet
•Switched Virtual Interface (SVI)
Topics in this section contain information about:
•Configuring All Ports/Interfaces
•Configuring a Group of Physical Ports Using the Port Wizard
•Configuring Access Ports
•Configuring Trunk Ports
•Configuring Routed Ports
•Configuring SVIs
•Configuring Tunnel Interfaces
•Configuring Loopback Interfaces
•Viewing Other Interfaces
•Understanding Interface Ranges
Configuring All Ports/Interfaces
You can view all ports and interfaces that exist on the device. Click Switch in the task bar, click Ports in the left-most pane, then select Ports/Interfaces from the selector to display the Ports/Interfaces page (see Figure 14-7).
Note To easily configure a group of physical ports, use the Port Setup wizard. See Configuring a Group of Physical Ports Using the Port Wizard.
Figure 14-7 Ports/Interfaces Page
This page provides a table displaying the following information.
Column
|
Description
|
Name
|
Interface type and the number of the connector or interface card. For example, fastethernet 5/1 means Fast Ethernet, slot 5, interface 1.
|
Description
|
Enter a description of the interface to help you remember its function.
|
Admin Status
|
Administrative status of the interface, either up or down.
|
Oper Status
|
Line protocol status of the port (whether or not port is passing packets).
|
Mode
|
Configuration mode (access, trunk, or routed) for physical ports.
|
Hardware Type
|
Port hardware type. This field applies only to physical ports.
|
Note All columns are sortable.
Related Topics
•Configuring a Group of Physical Ports Using the Port Wizard
•Configuring Access Ports
•Configuring Trunk Ports
•Configuring Routed Ports
•Configuring SVIs
•Viewing Other Interfaces
Editing Port/Interface Attributes
From the Ports/Interfaces page you can edit port/interface description, administrative status, and mode settings.
Procedure
Step 1 Click Switch in the task bar, click Ports from the left-most pane, then select Ports/Interfaces from the selector.
Step 2 From the table, select the port to edit. To select multiple ports, press the Ctrl key as you select each port to edit.
Step 3 Click Edit, then edit the appropriate values.
GUI Element
|
Action/Description
|
Name field
|
Interface type and the number of the connector or interface card. For example, fastethernet 5/1 means Fast Ethernet, slot 5, interface 1.
This field cannot be edited.
|
Description field
|
Enter a description of the interface to help you remember its function.
|
Admin Status list
|
Administrative status of the interface, either up or down.
|
Mode list
|
Select the port mode:
•Access
•Trunk
•Routed
|
Step 4 Click OK.
Step 5 Click Save.
Configuring a Group of Physical Ports Using the Port Wizard
You can configure a group of physical ports as access, trunk, or routed ports using the Port wizard. The wizard will walk you through VLAN configuration, spanning tree configuration, and so forth, based on the type of ports selected. The wizard shows appropriate default values based on Cisco recommended best practice configurations.
Note When you use the wizard, it clears the configurations of selected ports (a default interface command is issued) and those ports are reconfigured to use the new wizard configuration.
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Ports/Interfaces from the selector. The Ports/Interfaces page appears.
Step 2 Click Setup Wizard.
Selecting Ports
In the ports selection page of the wizard, you define the ports to configure.
Procedure
Step 1 Enter ports to configure, by doing one of the following:
•To manually enter ports, click the Enter Port Range option. You can enter either of the following:
–One or more ports, separated by commas (for example, Fa3/10, Fa3/12).
–A range of ports (for example, Fa3/10-14).
•To select from available ports, click Select Ports. See Port Selector.
Step 2 (Optional) Enter a shortcut name for the group of ports you are configuring. This creates an interface range macro for the selected ports. This allows you to later view this group of ports by clicking the macro from the Custom View folder. See Understanding Interface Ranges.
Note Although an interface range macro is created, DM 6500/7600 applies the configuration defined by the wizard to each port separately. You can see this if you have set DM 6500/7600 to display the CLI commands to be delivered to the device, using the Deliver Configuration to Switch dialog box. For information on setting this option, see Editing Preferences.
Port Selector
The Port Selector appears in various wizards. It allows you to browse and select ports for configuration. The following table describes how to use the Port Selector.
GUI Element
|
Action/Description
|
Available Ports column
|
The table in the Available Ports column displays all physical ports that are available and supported on this switch. It displays ports that are associated with the selected port connection mode.
From the table, select the port to configure. To select multiple ports, press the Ctrl key as you select random ports or press the Shift key as you select contiguous ports to configure.
Note If the destination port mode is Routed, you can select only one port at a time to add to the Selected Port(s) column.
Depending on what type of port you select, the Available Ports column may contain the following columns:
•Name—Indicates the name assigned to a port.
•Type—Indicates the hardware type of a port.
•VLAN—Indicates the VLAN with which a port is associated. This field is displayed only when the Access port connection mode is selected.
•Allowed VLANs—Indicates the range of valid VLAN values for a port. This field is displayed only when the Trunk port connection mode is selected.
•IP Address—Indicates the IP address of a port. This field is displayed only when the Routed port connection mode is selected.
|
Add>> button
|
With ports selected in the Available Ports column, click to add selected ports to the Selected Port(s) column.
|
<<Remove button
|
With ports selected in the Selected Port(s) table, click to remove selected ports from that table.
|
Clear All button
|
Click to remove all ports listed in the Selected Port(s) table and put them back in the Available Ports table.
|
Selected Port(s) column
|
Displays all selected ports. With either Access or Trunk port mode selected, the ports listed here are assigned to the VLAN specified in the VLAN field.
The Name field indicates the name of a selected port.
Note IP address and network mask values can be seen when you pass your mouse over the port.
|
Routed Port Details Dialog Box
This dialog box appears from the Port Selector when a selected destination port mode is routed and the IP address and network mask details are not available. The following information appears.
Field
|
Action/Description
|
Port Name
|
Interface type and the number of the connector or interface card. For example, fastethernet 5/1 means Fast Ethernet, slot 5, interface 1.
|
IP Address
|
Enter the port IP address.
|
Net Mask
|
Enter a network mask or select one from the list.
|
Configuring Ports
On the basic ports configuration page of the wizard, you define the following port parameters.
Note Depending on the capabilities of the port, many of the parameters and values described may not be available.
GUI Element
|
Description/Action
|
Connection Mode radio buttons
|
Select the type of port connection to establish:
•Switch-to-Host—Creates a connection between the switch and a host.
•Switch-to-Switch—Creates a connection between two switches.
•Switch-to-Router—Creates a connection between a switch and a router.
Note The term Switch refers to the Cisco Catalyst 6500 series switch.
|
Port Mode list
|
Select the port configuration type:
•Access
•Trunk (not available when connection mode is Switch-to-Router)
•Routed (not available when connection mode is Switch-to-Switch)
|
Description field
|
Enter a description of the interface to help you remember its function.
|
MTU (bytes) field
|
(Optional) Enter the maximum packet size.
Note Access or trunk ports can have a value of 1500 or 9216. Routed ports have a valid range from 1500 to 9216.
|
Flow Control: Send list
|
Select one of the following:
•Off—The port does not send flow-control frames to the neighboring port.
•On—The port sends flow-control frames to the neighboring port.
|
Flow Control: Receive list
|
Select one of the following:
•Off—The port does not use flow control, regardless of whether flow control is requested by the neighboring port.
•On—The port uses flow control dictated by the neighboring port.
|
Admin Status list
|
Administrative status of the interface, either up or down.
|
Speed (Mbps) list
|
(Optional) Select how fast the interface transmits information:
•10—Transmits at 10 Mbps.
•100—Transmits at 100 Mbps.
•auto—Enables the autonegotiation capability.
|
Duplex list
|
Select duplex operation:
•Half—Sends and receives data, but not at the same time.
•Full—Sends and receives data at the same time.
Note If speed is set to auto, both speed and duplex are autonegotiated.
|
UDLD list
|
Select Unidirectional Link Detection mode:
•Enabled—Enables UDLD in normal mode.
•Aggressive—Enables UDLD in aggressive mode. Overrides the setting of the global UDLD.
•Disabled—Disables UDLD.
UDLD is a Layer 2 protocol that works with Layer 1 mechanisms to determine the physical status of a link. At Layer 1, auto-negotiation takes care of physical signaling and fault detection.
UDLD performs tasks that auto-negotiation cannot perform, such as detecting the identities of neighbors and shutting down misconnected ports. When you enable both auto-negotiation and UDLD, Layer 1 and 2 detections work together to prevent physical and logical unidirectional connections and the malfunctioning of other protocols.
|
Enable CDP check box
|
Select to enable CDP, or deselect to disable CDP.
|
Configuring VLAN for Ports
In the access port configuration page of the wizard, you define VLAN information for selected ports. Depending on the type of configuration mode that you chose in Step 2 of this wizard (see Configuring Ports), you will now do one of the following:
•Access Port Configuration
•Trunk Port Configuration
•Routed Port Configuration
Access Port Configuration
For access port configuration mode, you configure the access VLAN.
GUI Element
|
Action/Description
|
Assign Ports to VLAN pane
|
Access VLAN list
|
Click  , then select one of the following:
•Select VLAN—Opens the VLAN Selector dialog box and allows you to select available VLANs.
•Create VLAN—Opens the Create VLAN Dialog Box and allows you to create a VLAN.
•Clear VLAN—Clears all VLANs in the field.
|
Port Security pane
|
Port Security check box
|
Select to enable port security options or deselect to disable port security options. For port security configuration guidelines, see the relevant section in Catalyst 6500 Family IOS Software Configuration Guide.
|
Max Num MAC Address field
|
Enter the maximum number of secure MAC addresses. The range is 1-1025.
|
Violation Policy list
|
Select the violation policy type:
•Protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
•Restrict—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value, and causes the security violation counter to increment.
•Shutdown—Immediately puts the interface into the error-disabled state and sends an SNMP trap notification.
|
Spanning Tree Parameters pane
|
Port Fast list
|
From the list, select one of the following:
•Enabled
•Disabled
•Global
This option causes a port to immediately enter the spanning-tree forwarding state, bypassing the listening and learning states.
|
BPDU Guard list
|
From the list, select one of the following:
•Enabled
•Disabled
•Global
This option causes the spanning tree to shut down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning-tree blocking state.
|
BPDU Filter list
|
From the list, select one of the following:
•Enabled
•Disabled
•Global
This option forces an interface to become a designated port to protect the current root status and prevent surrounding switches from becoming the root switch.
|
Create VLAN Dialog Box
This dialog box appears after you click Create VLAN in any of several other dialog boxes. This dialog box allows you to create a VLAN. Enter the following information and click OK.
GUI Field
|
Action/Description
|
VLAN ID
|
Enter the ID number of the VLAN.
|
VLAN Name
|
Enter the name of the VLAN.
|
Media Type
|
Type of VLAN.
|
VLAN Selector
This dialog box displays VLANs that you can select. Select a VLAN from the table, then click OK.
Column
|
Description
|
VLAN ID
|
Number (ID) of the VLAN.
|
Name
|
Name of the VLAN.
|
Access Ports
|
Access ports assigned to the VLAN.
|
Trunk Ports
|
Trunk ports assigned to the VLAN.
|
Services
|
Services associated to the VLAN.
|
Trunk Port Configuration
For trunk ports, configure the following trunk parameters:
GUI Element
|
Action
|
Trunk Parameters
|
Trunk Mode list
|
Select one of the following trunk modes:
•Static—Puts the port into permanent trunking mode and negotiates to convert the link into a trunk link. The LAN port becomes a trunk port even if the neighboring port does not accept the change.
•Dynamic-Auto—Allows the port to convert the link to a trunk link. The port becomes a trunk port if the neighboring port is set to trunk or desirable mode.
•Dynamic-Desirable—Makes the port actively attempt to convert the link to a trunk link.
|
Dynamic Trunk Protocol (DTP) Negotiate check box
|
Select to enable DTP negotiation, or deselect to disable DTP negotiation.
This option is available only if trunk mode is static. If trunk mode is Dynamic-Desirable or Dynamic-Auto, DTP negotiation has to be turned on.
DTP manages trunk auto-negotiation on ports. DTP supports auto-negotiation of both ISL and 802.1Q trunks.
|
Trunk Encapsulation list
|
Select one of the following:
•dot1q—Specifies 802.1Q encapsulation on the trunk link.
•isl—Specifies ISL encapsulation on the trunk link. 10-Gigabit Ethernet ports do not support ISL encapsulation.
|
Assign VLANs
|
Allowed VLANs field
|
Do one of the following:
•Enter one of the following:
–One or more VLANs, separated by commas (for example, 111,600).
–A range of VLANs (for example, 1-4094).
•Click , then select one of the following:
–Select VLAN—Opens the VLAN Selector dialog box and allows you to select available VLANs.
–Create VLAN—Opens the Create VLAN Dialog Box and allows you to create a VLAN.
–Clear VLAN—Clears all VLANs in the field.
|
Pruning Eligible VLANs field
|
Do one of the following:
•Enter one of the following:
–One or more VLANs, separated by commas (for example, 111,600).
–A range of VLANs (for example, 2-1001).
•Click , then select one of the following:
–Select VLAN—Opens the VLAN Selector dialog box and allows you to select available VLANs.
–Create VLAN—Opens the Create VLAN Dialog Box and allows you to create a VLAN.
–Clear VLAN—Clears all VLANs in the field.
|
Native VLANs list
|
Click , then select one of the following:
–Select VLAN—Opens the VLAN Selector dialog box and allows you to select available VLANs.
–Create VLAN—Opens the Create VLAN Dialog Box and allows you to create a VLAN.
–Clear VLAN—Clears all VLANs in the field.
|
Spanning Tree Parameters
|
Port Fast list
|
Select one of the following:
•Enabled
•Disabled
•Global
This option causes a port to immediately enter the spanning-tree forwarding state, bypassing the listening and learning states.
|
BPDU Guard list
|
Select one of the following:
•Enabled
•Disabled
•Global
This option causes the spanning tree to shut down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning-tree blocking state.
|
BPDU Filter list
|
Select one of the following:
•Enabled
•Disabled
•Global
This option forces an interface to become a designated port to protect the current root status and prevent surrounding switches from becoming the root switch.
|
Root Guard list
|
Select one of the following:
•Disabled
•Enabled
When enabled, the root guard feature provides a way to enforce the placement of a root bridge in a network.
|
Routed Port Configuration
For routed ports, you see the following parameters.
Column
|
Action/Description
|
Name
|
Name of the port being configured.
|
IP Address
|
Double-click the cell and enter the IP address.
|
Mask
|
Double-click the cell, then select a mask from the list.
|
Port Wizard Summary
From this page, you can view a summary of the configured settings.
Note Your port configuration changes will clear all previous configurations when you click Save.
Click OK, then click Save.
Configuring Access Ports
An access port is a switching port that is used to connect host machines or servers. An access port belongs to and carries the traffic of only one VLAN. Traffic is received and sent in native formats with no VLAN tagging. You can view all access ports on the switch.
Click Switch in the task bar, click Ports in the left-most pane, then select Access Ports from the selector.
The Access Ports page displays the following:
•Access Ports pane—Contains a table that shows general information about each access port.
Column
|
Description
|
Name
|
Interface type and the number of the connector or interface card. For example, fastethernet 5/1 means Fast Ethernet, slot 5, interface 1.
|
Description
|
Enter a description of the interface to help you remember its function.
|
Admin Status
|
Administrative status of the port/interface.
|
Oper Status
|
Line protocol status of the port (whether or not the port is passing packets).
|
Access VLAN
|
VLAN ID associated with the port.
|
Hardware Type
|
Hardware configuration type.
|
Note All columns are sortable.
•Details pane—Shows detailed information about a single selected port. When multiple ports are selected, the Details pane will not show any values. See Editing and Restarting Access Ports for descriptions of each field.
Editing and Restarting Access Ports
Note You cannot restart a port from any of the Interface Range dialog boxes.
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Access Ports from the selector. The Access Ports page displays all access ports and related access port parameters in a table.
Step 2 From the table, select the port to edit. To select multiple ports, press the Ctrl key as you select each port to edit.
Step 3 To change port settings, click Edit. The Edit Access Port or the Multi Port Edit dialog box appears.
Note•If you are editing multiple ports, all values in the parameter fields are empty. Any values or configuration changes you enter are applied to all selected ports. Any values that you do not enter or change will remain at their previous configuration setting.
•The single edit ports dialog box and the multiple edit ports dialog box may have different parameters available.
•Depending on the capabilities of the selected ports, many of the parameters and values described may not be available.
GUI Element
|
Action/Description
|
Name field
|
Interface type and the number of the connector or interface card. For example, fastethernet 5/1 means Fast Ethernet, slot 5, interface 1.
This field cannot be edited.
|
Description field
|
Enter a description of the interface to help you remember its function.
|
Admin Status list
|
Select the administrative status of the interface:
•up
•down
|
Access VLAN list
|
Click , then select one of the following:
•Select VLAN—Opens the VLAN Selector dialog box and allows you to select available VLANs.
•Create VLAN—Opens the Create VLAN Dialog Box and allows you to create a VLAN.
•Clear VLAN—Clears all VLANs in the field.
|
Port Security list or check box
|
Multiple Port Edit Mode—From the list, select one of the following:
•Enabled
•Disabled
Single Port Edit Mode—Select the check box to enable security options and deselect to disable security options.
For port security configuration guidelines, see the relevant section in Catalyst 6500 Family IOS Software Configuration Guide.
|
Max MAC Addresses field
|
Enter the maximum number of secure MAC addresses. The range is 1-1025.
|
Violation Policy list
|
Select type of violation policy:
•Protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
•Restrict—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value, and causes the security violation counter to increment.
•Shutdown—Immediately puts the interface into the error-disabled state and sends an SNMP trap notification.
|
Speed list
|
Select how fast the interface transmits:
•10—Transmits at 10 Mbps.
•100—Transmits at 100 Mbps.
•auto—Enables the autonegotiation capability.
|
Duplex list
|
Select duplex operation:
•Half—Sends and receives data, but not at the same time.
•Full—Sends and receives data at the same time.
Note If speed is set to auto, both speed and duplex are auto-negotiated.
|
MTU (bytes) list
|
Select the maximum packet size. Valid values are 1500 or 9216.
|
Link Negotiation list
|
Multiple Edit Mode—Select to enable or disable link negotiation.
|
UDLD list
|
Select UDLD mode:
•Enabled—Enables UDLD in normal mode.
•Aggressive—Enables UDLD in aggressive mode. Overrides the setting of the global UDLD.
•Disabled—Disables UDLD.
|
Enable CDP check box
|
Single Edit Mode—Select to enable CDP, and deselect to disable CDP.
|
CDP list
|
Multiple Edit Mode—From the list, select one of the following:
•Enabled
•Disabled
|
Flow Control: Send list
|
Select one of the following:
•Off—The port does not send flow-control frames to the neighboring port.
•On—The port sends flow-control frames to the neighboring port.
|
Flow Control: Receive list
|
Select one of the following:
•Off—The port does not use flow control, regardless of whether flow control is requested by the neighboring port.
•On—The port uses flow control dictated by the neighboring port.
|
Related Topics
•Configuring a Group of Physical Ports Using the Port Wizard
•Configuring Trunk Ports
•Configuring Routed Ports
•Understanding Interface Ranges
Configuring Trunk Ports
A trunk port is a switching port operating at Layer 2 to carry multiple VLAN traffic. Traffic is tagged with a VLAN number to differentiate traffic from each VLAN. A trunk port is used to connect switches to switches or to connect switches to routers. The Trunk Ports page displays all trunk ports and related trunk port parameters in a table.
You can view all trunk ports on the switch. Click Switch in the task bar, click Ports in the left-most pane, then select Trunk Ports from the selector. The Trunk Ports page is displayed. This page displays the following:
•Trunk Ports table—Shows general information about each trunk port.
Column
|
Description
|
Name
|
Interface type and the number of the connector or interface card. For example, fastethernet 5/1 means Fast Ethernet, slot 5, interface 1.
|
Description
|
Enter a description of the interface to help you remember its function.
|
Admin Status
|
Administrative status of the port/interface.
|
Oper Status
|
Line protocol status of the port (whether or not port is passing packets).
|
Trunk Mode
|
Type of trunk mode assigned to the port.
|
Encapsulation
|
Encapsulation type.
|
Allowed VLANs
|
VLANs allowed on the port.
|
Hardware Type
|
Hardware configuration type.
|
•Details pane—Shows detailed information about a single selected port. When multiple ports are selected, the Details pane will not show any values. See Editing and Restarting Trunk Portsfor descriptions of each field.
Editing and Restarting Trunk Ports
Note You cannot restart a port from any of the Interface Range dialog boxes.
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Trunk Ports from the selector. The Trunk Ports page displays all trunk ports and related trunk port parameters in a table.
Step 2 From the table, select the port to edit. To select multiple ports, press the Ctrl key as you select each port to edit.
Step 3 To change port settings, click Edit. The Edit Trunk Port or Edit Multiple Ports dialog box appears.
For more information on trunk configuration, see the relevant section in Catalyst 6500 Family IOS Software Configuration Guide.
Note Depending on the capabilities of the selected ports, many of the parameters and values described may not be available.
GUI Element
|
Action
|
Name field
|
Name of the selected trunk ports.
This field cannot be edited.
|
Description field
|
Enter a description of the port to help you remember its function.
|
Admin Status list
|
Select the administrative status of the port:
•up
•down
|
Trunk Mode list
|
Select one of the following trunk modes:
•Static—Puts the port into permanent trunking mode and negotiates to convert the link into a trunk link. The LAN port becomes a trunk port even if the neighboring port does not accept the change.
•Dynamic-Auto—Allows the port to convert the link to a trunk link. The port becomes a trunk port if the neighboring port is set to Trunk or Desirable mode.
•Dynamic-Desirable—Makes the port actively attempt to convert the link to a trunk link.
|
Encapsulation list
|
Select one of the following:
•dot1q—Specifies 802.1Q encapsulation on the trunk link.
•isl—Specifies ISL encapsulation on the trunk link. 10-Gigabit Ethernet ports do not support ISL encapsulation.
•negotiate—Specifies that the port will negotiate with the neighboring port to become an ISL (preferred) or 802.1Q trunk, depending on the configuration and capabilities of the neighboring port.
|
DTP Negotiation check box
|
Single Port Edit Mode—Select to enable Dynamic Trunk Protocol (DTP) negotiation or deselect to disable DTP negotiation.
DTP manages trunk auto-negotiation on ports. DTP supports auto-negotiation of both ISL and 802.1Q trunks.
|
DTP Negotiation list
|
Multiple Port Edit Mode—Select one of the following:
•On—Enables DTP negotiation.
•Off—Disables DTP negotiation.
|
Allowed VLANs field
|
Designate which VLANs are allowed on the trunk. Do one of the following:
•Enter VLAN IDs. You can enter multiple VLANs separated by a comma, or a range of VLANs. For example: 12,17,12 or 2-200. Valid range is 1-4094.
•Click , then select one of the following:
–Select VLAN—Opens the VLAN Selector dialog box and allows you to select available VLANs.
–Create VLAN—Opens the Create VLAN Dialog Box and allows you to create a VLAN.
–Clear VLAN—Clears all VLANs in the field.
|
Prune VLANs field
|
Designate VLANs that are eligible for pruning. Do one of the following:
•Enter VLAN IDs. You can enter multiple VLANs separated by a comma, or a range of VLANs. For example: 12,17,12 or 2-200. Valid range is 2-1001.
•Click , then select one of the following:
–Select VLAN—Opens the VLAN Selector dialog box and allows you to select available VLANs.
–Create VLAN—Opens the Create VLAN Dialog Box and allows you to create a VLAN.
–Clear VLAN—Clears all VLANs in the field.
|
Native VLAN field
|
Designate native VLANs. Click , then select one of the following:
•Select VLAN—Opens the VLAN Selector dialog box and allows you to select available VLANs.
•Create VLAN—Opens the Create VLAN Dialog Box and allows you to create a VLAN.
•Clear VLAN—Clears all VLANs in the field.
|
Speed list
|
Select how fast the interface transmits:
•10—Transmits at 10 Mbps.
•100—Transmits at 100 Mbps.
•auto—Enables the autonegotiation capability.
|
Duplex list
|
Select duplex operation:
•Half—Sends and receives data, but not at the same time.
•Full—Sends and receives data at the same time.
Note If speed is set to auto, both speed and duplex are auto-negotiated.
|
MTU (bytes) list
|
Enter the maximum packet size. Valid values are 1500 or 9216.
|
Link Negotiation list
|
Multiple Port Edit Mode—Select one of the following:
•Enabled—Enables link negotiation.
•Disabled—Disables link negotiation.
|
UDLD list
|
Select UDLD mode:
•Enabled—Enables UDLD in normal mode.
•Aggressive—Enables UDLD in aggressive mode. Overrides the setting of the global UDLD.
•Disabled—Disables UDLD.
|
Enable CDP check box
|
Single Port Edit Mode—Select check box to enable CDP, and deselect to disable CDP.
|
CDP list
|
Multiple Port Edit Mode—Select one of the following:
•Enabled—Enables CDP.
•Disabled—Disables CDP.
|
Flow Control: Send list
|
Select one of the following:
•Off—The port does not send flow-control frames to the neighboring port.
•On—The port sends flow-control frames to the neighboring port.
|
Flow Control: Receive list
|
Select one of the following:
•Off—The port does not use flow control, regardless of whether flow control is requested by the neighboring port.
•On—The port uses flow control dictated by the neighboring port.
|
Related Topics
•Configuring a Group of Physical Ports Using the Port Wizard
•Configuring Access Ports
•Configuring Routed Ports
•Understanding Interface Ranges
Configuring Routed Ports
A routed port is a physical port that acts like a port on a router. A routed port is not associated with a particular VLAN, and it behaves like a regular router interface. You can configure a routed port with a Layer 3 routing protocol.
You can view all routed ports on the switch. Click Switch in the task bar, click Ports in the left-most pane, then select Routed Ports from the selector. The Routed Ports page displays the following:
•Routed Ports table—Shows general information about each routed port.
Column
|
Description
|
Name
|
Interface type and the number of the connector or interface card. For example, fastethernet 5/1 means Fast Ethernet, slot 5, interface 1.
|
Description
|
Description of the port.
|
Admin Status
|
Administrative status of the port.
|
Oper Status
|
Line protocol status of the port (whether or not the port is passing packets).
|
IP Address
|
IP address of port.
|
Mask
|
Network mask assigned to the port.
|
Hardware Type
|
Hardware configuration type.
|
Note All columns are sortable.
•Details pane—Shows detailed information about a single selected port. When multiple ports are selected, the Details pane will not show any values. See Editing and Restarting Routed Ports for descriptions of each field.
Editing and Restarting Routed Ports
Note You cannot restart a port from any of the Interface Range dialog boxes.
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Routed Ports from the selector. The Routed Ports page displays all trunk ports and related trunk port parameters in a table.
Step 2 From the table, select the port to edit. To select multiple ports, press the Ctrl key as you select each port to edit.
Step 3 To change port settings, click Edit. The Edit Routed Port or the Edit Multiple Port dialog box appears.
Edit the relevant values.
Note Depending on the capabilities of the selected ports, many of the parameters and values described may not be available.
GUI Element
|
Action
|
Name field
|
Name of the selected ports.
This field cannot be edited.
|
Description field
|
Enter a description of the port to help you remember its function.
|
Admin Status list
|
Select the administrative status of the port:
•up
•down
|
IP Address field
|
Single Edit Mode—Enter the IP address of the port.
|
Clear IP Address list
|
Multiple Edit Mode—Select one of the following:
•no—Leaves previous IP address value on all selected ports.
•yes—Clears previous IP address value on all selected ports.
|
Mask field
|
Single Edit Mode—Either select the appropriate mask from the list or enter a value.
|
Helper IP Addresses field
|
Single Edit Mode—Specify a helper IP address for the selected routed port. See Selecting Helper IP Addresses.
|
Clear Helper IP Addresses field
|
Multiple Edit Mode—Select one of the following:
•no—Leaves previous IP address values on all selected ports.
•yes—Clears previous IP address values on all selected ports.
|
Speed list
|
Select how fast the port transmits:
•10—Transmits at 10 Mbps.
•100—Transmits at 100 Mbps.
•auto—Enables the autonegotiation capability.
|
Duplex list
|
Select duplex operation:
•Half—Sends and receives data, but not at the same time.
•Full—Sends and receives data at the same time.
Note If speed is set to auto, both speed and duplex are autonegotiated.
|
MTU (1500-9216 bytes) field
|
Single Edit Mode—Enter the maximum packet size. Valid values are 1500 to 9216.
|
MTU (bytes) field
|
Multiple Edit Mode—Enter the maximum packet size. Valid values are 1500 to 9216.
|
Link Negotiation list
|
Multiple Edit Mode—Select one of the following:
•Enabled—Enables link negotiation.
•Disabled—Disables link negotiation.
|
UDLD list
|
Select UDLD mode:
•Enabled—Enables UDLD in normal mode.
•Aggressive—Enables UDLD in aggressive mode. Overrides the setting of the global UDLD.
•Disabled—Disables UDLD.
|
Enable CDP check box
|
Single Edit Mode—Select to enable CDP, and deselect to disable CDP.
|
CDP list
|
Multiple Port Edit Mode—Select one of the following:
•Enabled—Enables CDP.
•Disabled—Disables CDP.
|
Flow Control: Send list
|
Select one of the following:
•Off—The port does not send flow-control frames to the neighboring port.
•On—The port sends flow-control frames to the neighboring port.
|
Flow Control: Receive list
|
Select one of the following:
•Off—The port does not use flow control, regardless of whether flow control is requested by the neighboring port.
•On—The port uses flow control dictated by the neighboring port.
|
Related Topics
•Configuring a Group of Physical Ports Using the Port Wizard
•Configuring Access Ports
•Configuring Trunk Ports
•Understanding Interface Ranges
Selecting Helper IP Addresses
From this dialog box, you can assign a helper IP address to an interface or port. A helper IP address converts the DHCP requests from broadcast to unicast directed to the DHCP server.
Procedure
Step 1 Click 
to open the Helper IP Addresses dialog box.
Step 2 Do one of the following:
–If the IP address you want to select is listed, select it and proceed to Step 3.
–If the IP address you want to select is not listed, click Add to open the Add IP Address window. See Adding an IP Address.
Step 3 Click OK.
Adding an IP Address
Procedure
Step 1 From the Helper IP Addresses dialog box, click Add.
Step 2 Enter the appropriate IP address, then click OK.
Configuring SVIs
A switched virtual interface (SVI) represents a VLAN of switch ports as one interface to the routing or bridging function in the system. An SVI is created to enable routing between VLANs and to provide IP host connectivity to the switch.
You can view all routed ports on the switch. Click Switch in the task bar, click Ports in the left-most pane, then select Switched Virtual Interfaces from the selector. This page displays the following:
Column
|
Description
|
Name
|
Interface type and the number of the connector or interface card. For example, fastethernet 5/1 means Fast Ethernet, slot 5, interface 1.
|
Description
|
Description of the interface.
|
Admin Status
|
Administrative status of the port/interface.
|
Oper Status
|
Line protocol status of the port (whether or not port is passing packets).
|
IP Address
|
IP address of port.
|
Mask
|
Network mask of port.
|
Helper IP Addresses
|
Helper IP addresses configured for the SVI.
A helper IP address converts the DHCP requests from broadcast to unicast directed to the DHCP server.
|
MTU
|
Maximum packet size.
|
Editing and Restarting SVIs
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Switch Virtual Interfaces from the selector.
The Switch Virtual Interfaces page displays all switch virtual interfaces and related SVI VLAN parameters in a table.
Step 2 To edit interfaces, do the following:
a. From the table, select the VLAN to edit.
To select multiple VLANs, press the Ctrl key as you select each port.
b. Click Edit.
The Edit SVI or the Edit Multiple Port dialog box appears.
Note You can also get to the Edit SVI dialog box directly from the Services > Flows page.
Edit the appropriate values.
GUI Element
|
Action
|
Switched Virtual Interface field
|
Single Edit Mode—Name of the selected SVI.
This field cannot be edited.
|
Name field
|
Multiple Edit Mode—Names of the selected SVIs.
This field cannot be edited.
|
Description field
|
Enter a description of the interface to help you remember its function.
|
Admin Status list
|
Select the administrative status of the interface, either up or down.
|
IP Address field
|
Single Edit Mode—Enter IP address of interface.
|
Clear IP Address list
|
Multiple Edit Mode—Select one of the following:
•no—Leaves previous IP address value on all selected interfaces.
•yes—Clears previous IP address value on all selected interfaces.
|
Mask field
|
Single Edit Mode—Either select the appropriate mask from the list or enter a value.
|
Helper IP Addresses field
|
Single Edit Mode—Specify a helper IP address for the selected SVI. See Selecting Helper IP Addresses.
|
Clear Helper Addresses field
|
Multiple Edit Mode—Select one of the following:
•no—Leaves previous IP address values on all selected interfaces.
•yes—Clears previous IP address values on all selected interfaces.
|
MTU (64-9216 bytes) field
|
Single Edit Mode—Enter the maximum packet size. Valid values are 64 to 9216.
|
MTU (bytes) field
|
Multiple Edit Mode—Enter the maximum packet size. Valid values are 64 to 9216.
|
Related Topics
•Configuring SVIs
•Adding an SVI
Adding an SVI
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Switched Virtual Interfaces from the selector. The Switched Virtual Interfaces page displays all switch virtual interfaces and related SVI VLAN parameters in a table.
Note You can also get to the Add SVI dialog box from the Flows page.
Step 2 Click Add.
Step 3 Define the appropriate values.
GUI Element
|
Action
|
Interface VLAN Number list
|
Click , then select one of the following:
•Select VLAN—Opens the VLAN Selector dialog box and allows you to select available VLANs.
•Create VLAN—Opens the Create VLAN Dialog Box and allows you to create a VLAN.
•Clear VLAN—Clears all VLANs in the field.
|
Description field
|
Enter a description of the interface to help you remember its function.
|
Admin Status list
|
Select the administrative status of the interface:
•up
•down
|
IP Address field
|
Enter IP address of port.
|
Mask field
|
Either select the appropriate mask from the list or enter a value.
|
Helper IP Addresses field
|
Specify a helper IP address for the new SVI. See Selecting Helper IP Addresses.
|
MTU (64-9216 bytes) field
|
Enter the maximum packet size. Valid values are 64 to 9216.
|
Related Topics
•Configuring SVIs
•Editing and Restarting SVIs
Configuring Tunnel Interfaces
Tunneling provides a way to encapsulate arbitrary packets inside a transport protocol. This feature is implemented as a virtual interface to provide a simple interface for configuration. The tunnel interface is not tied to specific "passenger" or "transport" protocols, but rather, it is an architecture that is designed to provide the services necessary to implement any standard point-to-point encapsulation scheme. Because tunnels are point-to-point links, you must configure a separate tunnel for each link.
Note DM 6500/7600 supports both point-to-point and point-to-multipoint encapsulation.
To view the tunnel interfaces configured on the switch, click Switch in the task bar, click Ports in the left-most pane, then select Tunnel Interfaces from the selector. The Tunnel Interfaces page is displayed. This page displays the following:
•Tunnel Interfaces table—Shows general information about each tunnel interface. All columns are sortable.
Column
|
Description
|
Tunnel Name
|
Name of the tunnel interface.
|
IP Address/Mask
|
IP address/mask of the tunnel interface.
|
Encapsulation
|
Encapsulation type used. There are two possible values:
•Point-to-Point GRE
•Point-to-Multipoint GRE
|
Source
|
Source of the tunnel interface. This value is either an IP address, local interface name, SVI, or loopback interface.
|
Destination
|
Destination of the tunnel interface.
Note This object is applicable only when the encapsulation type for the tunnel interface is point-to-point GRE.
|
Admin Status
|
Current administrative status of the tunnel interface.
|
Oper Status
|
Current operational status of the tunnel interface.
|
•Details pane—Shows detailed information about a single selected tunnel interface. When multiple tunnel interfaces are selected, the Details pane will not show any values. See Editing and Restarting Tunnel Interfaces for descriptions of each field.
Editing and Restarting Tunnel Interfaces
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Tunnel Interfaces from the selector.
The Tunnel Interfaces page displays all tunnel interfaces and related parameters in a table.
Step 2 To edit interfaces, do the following:
a. From the table, select the interface to edit.
To select multiple interfaces, press the Ctrl key as you select each interface.
b. Click Edit.
The Edit Tunnel or the Edit Multiple Tunnels dialog box appears. Edit the appropriate values.
GUI Element
|
Description/Action
|
Interface tab
|
Tunnel Interface Number field
|
Single Edit Mode—Name of the selected tunnel interface.
This field cannot be edited.
|
Name field
|
Multiple Edit Mode—Name of the selected tunnel interfaces.
This field cannot be edited.
|
IP Address field
|
Single Edit Mode—Edit the IP address of the selected tunnel interface.
|
Clear IP Address list
|
Multiple Edit Mode—Select one of the following:
•no—Leaves previous IP address value on all selected interfaces.
•yes—Clears previous IP address value on all selected interfaces.
|
Mask field
|
Single Edit Mode—Either select the appropriate mask from the list or enter a value.
|
Helper IP Addresses field
|
Single Edit Mode—Specify a helper IP address for the selected tunnel interface. See Selecting Helper IP Addresses.
|
Clear Helper Addresses list
|
Multiple Edit Mode—Select one of the following:
•no—Leaves previous IP address values on all selected interfaces.
•yes—Clears previous IP address values on all selected interfaces.
|
Description field
|
Edit the description of the selected tunnel interface.
|
Bandwidth (kilobits) field
|
Edit the amount of bandwidth available to the selected tunnel interface.
Valid values range from 1 to 10000000.
|
MTU (bytes) field
|
Edit the maximum packet size that the selected tunnel interface can handle.
Valid values range from 68 to 1000000.
|
Admin Status field
|
Edit the administrative status of the selected tunnel interface.
|
Encapsulation tab
Select either the Point-to-Point GRE or Point-to-Multipoint GRE radio button.
|
Source/Destination tab
|
Source section
|
Specify the source IP address of the tunnel between the switch and the access point.
Select one of the following radio buttons:
•Loopback Interface—Specifies a loopback interface as the tunnel source. The loopback interface is a software-only virtual interface that emulates an interface that is always up. Click , then select one of the following:
–Select Loopback Interface—Opens a dialog box containing loopback interfaces. Select a loopback interface and click OK.
–Create Loopback Interface—Opens the Add Loopback Interface dialog box, from which you can create a new loopback interface. See Adding a Loopback Interface.
•Port—Specifies a port as the tunnel source. click to open the Port Selector. See Port Selector.
•SVI—Specifies a SVI as the tunnel source. click and select one of the following:
–Select SVI Interface—Opens the Select SVI Interface dialog box and allows you to select an available SVI.
–Create SVI Interface—Opens the Adding an SVI dialog box and allows you to create a SVI.
•IP Address—Specifies an IP address as the tunnel source. Then, in the IP address field, enter the IP address of the tunnel source.
|
Destination section
|
Select one of the following radio buttons and enter the appropriate value:
•IP Address
•Hostname
Note These radio buttons are disabled when the tunnel is configured for Point-to-Multipoint GRE encapsulation.
|
Mobility tab
The objects in this tab are disabled when the tunnel is configured for Point-to-Point GRE encapsulation.
|
Use this tunnel for mobile clients check box
|
Select to designate this tunnel for use by the clients that belong to the selected wireless network.
|
Network ID field
|
Single Edit Mode—Enter the network ID of the selected wireless network.
|
Clear Network ID list
|
Multiple Edit Mode—Select one of the following:
•no—Leaves previous network ID value on all selected tunnel interfaces.
•yes—Clears previous network ID value on all selected tunnel interfaces.
|
Allow Broadcast in the tunnel check box
|
Select to enable the transmission of broadcast messages on the tunnel interface.
|
Allow Mobile Nodes with Static IP Address check box
|
Select to grant client machines with static IP addresses access to the wireless network.
|
Snoop DHCP requests check box
|
Select to enable DHCP snooping, which maintains the connection between wireless client machine IDs and their corresponding IP addresses.
|
Keepalive tab
The objects in this tab are disabled when the tunnel is configured for Point-to-Multipoint GRE encapsulation.
|
Enable keepalives over the tunnel check box
|
Select to enable the transmission of keepalive messages on the tunnel interface.
|
Keepalive Period (seconds) field
|
Edit the amount of time that must pass before a keepalive message is sent over the tunnel interface.
|
Keepalive Retries field
|
Edit the number of keepalive messages that are sent before the tunnel is shut down.
|
Related Topics
•Configuring Tunnel Interfaces
•Adding a Tunnel Interface
Adding a Tunnel Interface
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Tunnel Interfaces from the selector.
The Tunnel Interfaces page displays all tunnel interfaces and related parameters in a table.
Step 2 Click Add, then enter the appropriate values.
GUI Element
|
Action
|
Interface tab
|
Tunnel Interface Number field
|
Enter the name of the new tunnel interface.
|
IP Address field
|
Enter the IP address of the new tunnel interface.
|
Mask field
|
Either select the appropriate mask from the list or enter a value.
|
Helper IP Addresses field
|
Specify a helper IP address for the new tunnel interface. See Selecting Helper IP Addresses.
|
Description field
|
Enter the description of the new tunnel interface.
|
Bandwidth (kilobits) field
|
Enter the amount of bandwidth (in kilobits) available to the new tunnel interface.
Valid values range from 1 to 10000000.
|
MTU (bytes) field
|
Enter the maximum packet size that the new tunnel interface can handle.
Valid values range from 68 to 1000000.
|
Admin Status list
|
Select the administrative status of the new tunnel interface.
|
Encapsulation tab
Select either the Point-to-Point GRE or Point-to-Multipoint GRE radio button.
|
Source/Destination tab
|
Source section
|
Specify the source IP address of the tunnel between the switch and the access point.
Select one of the following radio buttons:
•Loopback Interface—Specifies a loopback interface as the tunnel source. The loopback interface is a software-only virtual interface that emulates an interface that is always up. Click , then select one of the following:
–Select Loopback Interface—Opens a dialog box containing loopback interfaces. Select a loopback interface and click OK.
–Create Loopback Interface—Opens the Add Loopback Interface dialog box, from which you can create a new loopback interface. See Adding a Loopback Interface.
•Port—Specifies a port as the tunnel source. Click to open the Port Selector. See Port Selector.
•SVI—Specifies a SVI as the tunnel source. Click and select one of the following:
–Select SVI Interface—Opens the Select SVI Interface dialog box and allows you to select an available SVI.
–Create SVI Interface—Opens the Adding an SVI dialog box and allows you to create a SVI.
•IP Address—Specifies an IP address as the tunnel source. Then, in the IP address field, enter the IP address of the tunnel source.
|
Destination section
|
Select one of the following radio buttons and enter the appropriate value:
•IP Address
•Hostname
Note These radio buttons are disabled when the tunnel is configured for Point-to-Multipoint GRE encapsulation.
|
Mobility tab
The objects in this tab are disabled when the tunnel is configured for Point-to-Point GRE encapsulation.
|
Use this tunnel for mobile clients check box
|
Select to designate this tunnel for use by the clients that belong to the new wireless network.
|
Network ID field
|
Enter the network ID of the new wireless network.
|
Allow Broadcast in the tunnel check box
|
Select to enable the transmission of broadcast messages on the tunnel interface.
|
Allow Mobile Nodes with Static IP Address check box
|
Select to grant client machines with static IP addresses access to the wireless network.
|
Snoop DHCP requests check box
|
Select to enable DHCP snooping, which maintains the connection between wireless client machine IDs and their corresponding IP addresses.
|
Keepalive tab
The objects in this tab are disabled when the tunnel is configured for Point-to-Multipoint GRE encapsulation.
|
Enable keepalives over the tunnel check box
|
Select to enable the transmission of keepalive messages on the tunnel interface.
|
Keepalive Period (seconds) field
|
Enter the amount of time that must pass before a keepalive message is sent over the tunnel interface.
|
Keepalive Retries field
|
Enter the number of keepalive messages that are sent before the tunnel is shut down.
|
Related Topics
•Configuring Tunnel Interfaces
•Editing and Restarting Tunnel Interfaces
Configuring Loopback Interfaces
A loopback interface is a virtual interface that allows Border Gateway Protocol (BGP) and remote source-route bridging (RSRB) sessions to stay up even if the outbound interface is down. You can use the loopback interface as the termination address for BGP sessions, for RSRB connections, or to establish a Telnet session from the device's console to its auxiliary port when all other interfaces are down.
To view the loopback interfaces configured on the switch, click Switch in the task bar, click Ports in the left-most pane, then select Loopback Interfaces from the selector.
The Loopback Interfaces page displays general information about each loopback interface.
Column
|
Description
|
Name
|
Name of the loopback interface.
|
Description
|
Description of the loopback interface.
|
IP Address/Mask
|
IP address and subnet mask of the loopback interface.
|
Helper IP Addresses
|
Helper IP addresses associated with the loopback interface.
|
Admin Status
|
Current administrative status of the loopback interface.
|
Oper Status
|
Current operational status of the loopback interface.
|
Note All columns are sortable.
Editing and Restarting Loopback Interfaces
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Loopback Interfaces from the selector. The Loopback Interfaces page displays all loopback interfaces and related parameters in a table.
Step 2 Select the interface to edit from the table. To select multiple interfaces, press the Ctrl key as you select each interface to edit.
Step 3 Click Edit to edits loopback interface settings. The Edit Loopback Interface or the Edit Multiple Ports dialog box appears.
Edit the appropriate values:
GUI Element
|
Description/Action
|
Loopback Interface field
|
Single Edit Mode—Name of the selected loopback interface.
This field cannot be edited.
|
Name field
|
Multiple Edit Mode—Names of the selected loopback interfaces.
This field cannot be edited.
|
Description field
|
Edit the description of the selected loopback interfaces.
|
IP Address field
|
Single Edit Mode—Edit the IP address of the selected loopback interface.
|
Mask list
|
Single Edit Mode—Either select the appropriate mask from the list or enter a value.
|
Helper IP Addresses field
|
Single Edit Mode—Specify a helper IP address for the selected loopback interface. See Selecting Helper IP Addresses.
|
Admin Status list
|
Edit the administrative status of the selected loopback interfaces.
|
Clear IP Address list
|
Multiple Edit Mode—Select one of the following:
•no—Leaves previous IP address value on all selected interfaces.
•yes—Clears previous IP address value on all selected interfaces.
|
Clear Helper Addresses list
|
Multiple Edit Mode—Select one of the following:
•no—Leaves previous IP address values on all selected interfaces.
•yes—Clears previous IP address values on all selected interfaces.
|
Related Topics
•Configuring Loopback Interfaces
•Adding a Loopback Interface
Adding a Loopback Interface
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Loopback Interfaces from the selector. The Loopback Interfaces page displays all loopback interfaces and related parameters in a table.
Step 2 Click Add.
Step 3 Enter the appropriate values:
GUI Element
|
Action
|
Loopback Interface Number field
|
Enter the name of the new loopback interface.
|
Description field
|
Enter a description of the new loopback interface.
|
IP Address field
|
Enter the IP address of the new loopback interface.
|
Mask list
|
Either select the appropriate mask from the list or enter a value.
|
Helper IP Addresses field
|
Specify a helper IP address for the new loopback interface. See Selecting Helper IP Addresses.
|
Admin Status list
|
Select the appropriate administrative status from the list.
|
Related Topics
•Configuring Loopback Interfaces
•Editing and Restarting Loopback Interfaces
Viewing Other Interfaces
To view all other ports and interfaces on your device that are not access, routed, trunk, SVI, or non-Ethernet, click Switch in the task bar, click Ports in the left-most pane, then select Other Interfaces from the selector. These interfaces are not configurable through DM 6500/7600.
The following information is displayed in a table.
Column
|
Description
|
Name
|
Name of interface.
|
Description
|
Enter a description of the interface to help you remember its function.
|
Admin Status
|
Administrative status of the interface, either up or down.
|
Oper Status
|
Line protocol status of the port (whether or not port is passing packets).
|
Mode
|
Configuration mode.
|
Hardware Type
|
Hardware configuration type.
|
With a port or interface selected, the Details pane displays the information listed in the previous table as fields. It also displays the following information.
Field
|
Description
|
IP Address
|
IP address configured for the port or interface.
|
Mask
|
Network mask for the port or interface.
|
Helper IP Addresses
|
Helper IP address configured for the port or interface.
A helper IP address converts the DHCP requests from broadcast to unicast directed to the DHCP server.
|
Understanding Interface Ranges
The Interface Ranges feature allows you to name and customize a view so that only the ports/interfaces that you have selected are displayed. Before you begin to use the Interface Ranges feature, you must define a macro. A macro is a range of interfaces that you select and define. The Interface Ranges page lists the macros that you create.
Click Switch in the task bar, click Ports in the left-most pane, then select Interface Ranges from the selector.
The Interface Ranges page displays all interface ranges with the following information.
Column
|
Description
|
Name
|
Interface range (macro) name.
|
Interfaces
|
List of interfaces belonging to the interface range.
|
Related Topics
•Adding Interface Ranges
•Viewing Interface Range Details
Adding Interface Ranges
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Interface Ranges from the selector.
Step 2 Click Add under the Interface Ranges table.
Step 3 Enter the name of the interface range to create in the Interface Range Name field.
Step 4 Use the Port Selector to select ports to add to the interface range. See Port Selector.
Note Only Ethernet-type ports and SVIs can be added.
Step 5 (Optional) From the Switched Virtual Interfaces field, click , then select the VLAN interfaces to add to the interface range. See Switched Virtual Interface Selector.
Step 6 Click OK.
Related Topics
•Understanding Interface Ranges
•Editing Interface Ranges
•Viewing Interface Range Details
•Editing Ports/Interfaces Within an Interface Range
Switched Virtual Interface Selector
This dialog box appears after you click from the Switched Virtual Interfaces field when adding or editing an interface range. A list of all switched virtual interfaces is displayed in a table.
Step 1 Select an interface to add to the interface range. To add multiple interfaces, press the Ctrl key as you select each interface to add.
Step 2 Click OK.
Related Topics
•Adding Interface Ranges
•Editing Interface Ranges
Editing Interface Ranges
Procedure
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Interface Ranges from the selector.
Step 2 With an interface range selected, click Edit under the Interface Ranges table.
Step 3 Use the Port Selector to add or remove ports from the selected interface range. See Port Selector.
Note Only Ethernet-type ports and SVIs can be added.
Step 4 (Optional) From the Switched Virtual Interfaces field, click , then select the VLAN interfaces to add to the interface range. See Switched Virtual Interface Selector.
Step 5 Click OK.
Related Topics
•Understanding Interface Ranges
•Adding Interface Ranges
•Viewing Interface Range Details
•Editing Ports/Interfaces Within an Interface Range
Viewing Interface Range Details
You can view all interfaces or view information about the specific interfaces that belong to an interface range.
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Interface Ranges from the selector.
Step 2 Expand the Interface Ranges folder, then select an interface range.
The Interface Range: Macro page displays the following:
•Interfaces table—Shows general information about each interface.
Column
|
Description
|
Name
|
Interface type and the number of the connector or interface card. For example, fastethernet 5/1 means Fast Ethernet, slot 5, interface 1.
|
Description
|
Description of the interface.
|
Admin Status
|
Administrative status of the interface, either up or down.
|
Oper Status
|
Line protocol status of the port (whether or not port is passing packets).
|
Mode
|
Type of port (access, routed, or trunk).
|
Hardware Type
|
Hardware configuration type.
|
•Details pane—Shows detailed information about a single selected port/interface. When multiple ports/interfaces are selected, the Details pane will not show any values. For descriptions of each field, see the appropriate sections:
–Editing and Restarting Access Ports
–Editing and Restarting Trunk Ports
–Editing and Restarting Routed Ports
–Editing and Restarting SVIs
Related Topics
•Understanding Interface Ranges
•Adding Interface Ranges
•Editing Interface Ranges
•Editing Ports/Interfaces Within an Interface Range
Editing Ports/Interfaces Within an Interface Range
Step 1 Click Switch in the task bar, click Ports in the left-most pane, then select Interface Ranges from the selector.
Step 2 Expand the Interface Ranges folder.
Step 3 Select an interface range. The Interface Range: Macro page is displayed.
Step 4 Select the port/interface to edit.
Step 5 Click Edit. Edit the appropriate values. For more information on the fields specific to the port/interface you selected, see the appropriate sections:
•Editing and Restarting Access Ports
•Editing and Restarting Trunk Ports
•Editing and Restarting Routed Ports
•Editing and Restarting SVIs
Related Topics
•Understanding Interface Ranges
•Adding Interface Ranges
•Editing Interface Ranges
•Viewing Interface Range Details
VLAN and VTP Management (Switch > VLANs)
DM 6500/7600 provides comprehensive Virtual LAN (VLAN) configuration, VLAN port assignment, and VLAN Trunking Protocol (VTP) domain management.
VLANs are groups of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments.
VTP is a Layer 2 messaging protocol that manages the addition, deletion, and renaming of VLANs on a network-wide basis. When you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain, which reduces the need to configure the same VLAN everywhere.
For more information about configuring VLANs, see the relevant section in Catalyst 6500 Family IOS Software Configuration Guide.
Topics in this section contain information about:
•Configuring VLANs
•Configuring Layer 2 VLANs
•Configuring Layer 3 VLANs
•Deleting VLANs
•Viewing Service VLANs
•Configuring VTP Information
Configuring VLANs
You can view information about all VLANs on the device.
Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs from the selector to display the VLANs page (see Figure 14-8).
Figure 14-8 VLAN Page
This page provides a table displaying the following information:
Column
|
Description
|
VLAN ID
|
Number (ID) of the VLAN.
|
Name
|
Name of the VLAN.
|
Status
|
Status (active or suspend) of the VLAN.
|
Type
|
Type of VLAN (Layer 2 or Layer 3).
You create a Layer 3 VLAN when you configure an SVI on a VLAN for inter-VLAN routing.
|
Access Ports
|
Number of access ports assigned to the VLAN.
|
Trunk Ports
|
Number of trunk ports the VLAN is allowed on.
|
Media
|
Type of VLAN.
|
Note This page displays information for all VLANs; however, DM 6500/7600 supports only Ethernet and nonprivate VLANs.
From the main VLANs page, you can access functions to do the following:
•Create or edit an Ethernet VLAN from the VLAN Setup wizard. See Creating and Configuring a VLAN Using the VLAN Wizard.
•Create a single Ethernet VLAN. See Creating a Single Ethernet VLAN.
•Create multiple Ethernet VLANs. See Creating Multiple Ethernet VLANs.
•Edit a single Ethernet VLAN. See Editing Ethernet VLANs.
•Delete an Ethernet VLAN. See Deleting VLANs.
Related Topics
•Configuring Layer 2 VLANs
•Configuring Layer 3 VLANs
•Viewing Service VLANs
•Configuring VTP Information
Creating and Configuring a VLAN Using the VLAN Wizard
You can use the VLAN Setup wizard to create a VLAN. The wizard will walk you through access and trunk port assignment, spanning tree configuration, and Switched Virtual Interface (SVI) creation for Layer 3 VLANs. The wizard shows appropriate default values based on Cisco recommended best practice configurations.
Procedure
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs from the selector. The VLANs page appears.
Step 2 Click Setup Wizard.
Creating a VLAN
In Step 1 of the VLAN Setup wizard, you configure VLAN information, including SVI details and spanning tree information, for a new or existing VLAN by defining the following fields.
GUI Element
|
Action/Description
|
VLAN Creation pane
|
VLAN ID field
|
Specify the number (ID) of the VLAN.
Click to open the Enter VLAN dialog box. See Enter VLAN Dialog Box.
|
VLAN Name field
|
Specify the name of the VLAN.
|
Status list
|
Select the state (active or suspend) of the VLAN.
|
Media Type field
|
Type (ethernet) of VLAN. You cannot edit this field.
|
SVI pane
|
SVI check box
|
Select this check box to create an SVI to create a Layer 3 VLAN for inter-VLAN routing.
|
Description field
|
Brief description of the SVI.
|
Admin Status list
|
Select the admin status (up or down).
|
IP Address field
|
Enter the IP address of the SVI.
|
Mask list/field
|
Specify the subnet mask address of the SVI. Select a value from the list or enter a value in the field.
|
Spanning Tree Configuration pane
|
State list
|
Select the state (enabled or disabled) of STP on the VLAN.
|
Configure this Switch as Root check list
|
Specify if you want to make this the root switch (yes or no).
|
Note To create a Layer 3 VLAN, configure an SVI for this VLAN; to create a Layer 2 VLAN, do not configure an SVI.
Enter VLAN Dialog Box
GUI Element
|
Action/Description
|
VLAN ID field
|
Enter the number (ID) of the VLAN.
|
Note You cannot create a VLAN while VTP is in client mode. See Editing VTP Information.
Assigning Access Ports to the VLAN
In Step 2 of the VLAN Setup wizard, you can assign access ports to the VLAN . This page provides the Port Selector. See Port Selector.
Note All ports selected from the Port Selector will become access ports.
Assigning Trunk Ports to the VLAN
In Step 3 of the VLAN Setup wizard, you can specify trunk ports on which the VLAN is allowed. This page provides the Port Selector. See Port Selector.
Note All ports selected from the Port Selector will become trunk ports.
VLAN Summary
The VLAN summary page of the wizard shows you the information that you entered.
Click OK, then click Save.
Creating a Single Ethernet VLAN
Note You cannot create a VLAN while VTP is in client mode. See Editing VTP Information.
Procedure
Step 1 Click Switch in the task bar, click VLAN in the left-most pane, then select VLANs from the selector.
Step 2 Click Add, then select Single VLAN. The Add VLAN dialog box appears.
Step 3 Edit the appropriate values.
GUI Element
|
Action/Description
|
VLAN ID field
|
Specify the number (ID) of the VLAN.
Click to open the Enter VLAN dialog box. See Enter VLAN Dialog Box.
|
VLAN Name field
|
Specify the name of the VLAN.
|
Status list
|
Select the status (active or suspend) of the VLAN.
|
Media Type field
|
Type (ethernet) of VLAN. You cannot edit this field.
|
Access Ports field
|
Specify the access ports assigned to this VLAN.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become access ports.
|
Trunk Ports field
|
Specify the trunk ports the VLAN is allowed on.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become Trunk Ports.
|
SVI pane
|
SVI check box
|
Select this check box to create an SVI to create a Layer 3 VLAN for inter-VLAN routing.
|
Description field
|
Enter a brief description of the SVI.
|
Admin Status list
|
Select the admin status (up or down) of the SVI.
|
IP Address field
|
Enter the IP address of the SVI.
|
Mask list/field
|
Specify the subnet mask address of the SVI. Select a value from the list or enter a value in the field.
|
Note To create a Layer 3 VLAN, configure an SVI for this VLAN; to create a Layer 2 VLAN, do not configure an SVI.
Step 4 Click OK, then click Save.
Related Topics
•Creating and Configuring a VLAN Using the VLAN Wizard
•Creating Multiple Ethernet VLANs
•Editing Ethernet VLANs
Creating Multiple Ethernet VLANs
Note You cannot create a VLAN while VTP is in client mode. See Editing VTP Information.
Procedure
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs from the selector.
Step 2 Click Add, then select Multiple VLANs. The Add Multiple VLANs dialog box appears.
Step 3 Edit the appropriate values.
GUI Element
|
Action/Description
|
VLANs field
|
Enter the range of values (VLAN numbers) of the VLANs to be created.
Click to open the Enter VLAN Range dialog box. See Enter VLAN Range Dialog Box.
|
Media Type field
|
Type (ethernet) of VLAN. You cannot edit this field.
|
Status list
|
Select the status (active or suspend) of the VLANs. The status is applied to all VLANs in the range you specified.
|
Assign Ports and Configure SVI table
|
VLAN ID column
|
Number (ID) of the VLAN. You cannot edit this field.
|
Name column
|
Double-click the entry in the Name column and enter the name of the VLAN.
|
Access Ports column
|
Displays the access ports assigned to this VLAN.
You can assign access ports to this VLAN. In the Access Ports column, click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become access ports.
|
All Trunk Ports column
|
A check mark  in this column indicates that the VLAN is allowed on all trunk ports.
To specify assigned trunk ports, click the Edit Trunk Ports button.
|
Selected Trunk Ports column
|
Specifies on which trunk ports the VLAN is allowed if the VLAN is not allowed on every trunk port.
If the VLAN is allowed on every trunk port (if a check mark appears in the All Trunk Ports column), the Select Ports column is not populated with any data.
To specify assigned trunk ports to a VLAN, select the corresponding row in the table and click the Edit Trunk Ports button.
|
IP Address column
|
Double-click the entry in the IP address sub-column and enter the IP address of the SVI.
|
Mask column
|
Double-click the entry in the Mask sub-column and specify the subnet mask address of the SVI. Select a value from the list or enter a value in the field.
The Admin Status is set to up for the SVI you create.
Note If you enter an IP address and subnet mask, an SVI is created to make this a Layer 3 VLAN. If you do not enter any values, an SVI is not created and the VLAN that is created is a Layer 2 VLAN.
|
Edit Trunk Ports button
|
Click to select the trunk ports the VLAN is allowed on.
Click Edit Trunk Ports to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become trunk ports.
|
\
Note To create Layer 3 VLANs, configure an SVI for these VLANs; to create Layer 2 VLANs, do not configure an SVI.
Step 4 Click OK, then click Save.
Enter VLAN Range Dialog Box
GUI Element
|
Action/Description
|
VLAN Range field
|
Enter the values (IDs) of VLANs. For example, to create VLAN 96, 100, 101, and 102, enter: 96, 100-102.
|
Related Topics
•Creating and Configuring a VLAN Using the VLAN Wizard
•Creating a Single Ethernet VLAN
•Editing Ethernet VLANs
Editing Ethernet VLANs
Procedure
Note You can edit only Ethernet VLANs.
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs from the selector.
Step 2 From the table, select the VLAN to edit.
Step 3 Click Edit or double-click the VLAN, then edit the appropriate values.
GUI Element
|
Action/Description
|
VLAN ID field
|
Number (ID) of the VLAN. You cannot edit this field.
|
VLAN Name field
|
Enter the name of the VLAN.
|
Status list
|
Select the status (enable or suspend) of the VLAN.
|
Type list
|
Select the VLAN type (Layer 2 VLAN or Layer 3 VLAN).
If you change a Layer 2 VLAN to a Layer 3 VLAN, an SVI is created for the Layer 3 VLAN. If you change a Layer 3 VLAN to a Layer 2 VLAN, the SVI for the Layer 3 VLAN is removed.
|
Step 4 Click OK, then click Save.
Related Topics
•Creating and Configuring a VLAN Using the VLAN Wizard
•Creating a Single Ethernet VLAN
•Creating Multiple Ethernet VLANs
Configuring Layer 2 VLANs
You can view information about your Layer 2 VLANs.
Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs > Layer 2 VLANs from the selector.
The Layer 2 VLANs page displays the following information:
Column
|
Description
|
VLAN ID
|
Number (ID) of the VLAN.
|
Name
|
Name of the VLAN.
|
Status
|
Status (active or suspend) of the VLAN.
|
Access Ports
|
Access ports assigned to the VLAN.
|
Trunk Ports
|
Trunk ports the VLAN is allowed on.
|
Note The Layer 2 VLANs page displays Ethernet and nonprivate VLANs.
From this page, you can access functions to do the following:
•Create a single Layer 2 Ethernet VLAN. See Creating a Single Layer 2 Ethernet VLAN.
•Create multiple Layer 2 Ethernet VLANs. See Creating Multiple Layer 2 Ethernet VLANs.
•Edit a single Layer 2 Ethernet VLAN. See Editing Layer 2 Ethernet VLANs.
•Delete a Layer 2 Ethernet VLAN. See Deleting VLANs.
Related Topics
•Configuring VLANs
•Configuring Layer 3 VLANs
•Viewing Service VLANs
•Configuring VTP Information
Creating a Single Layer 2 Ethernet VLAN
Procedure
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs > Layer 2 VLANs from the selector.
Step 2 Click Add, select Single VLAN, then edit the appropriate values.
GUI Element
|
Action/Description
|
VLAN ID field
|
Specify the number (ID) of the VLAN.
Click to open the Enter VLAN dialog box. See Enter VLAN Dialog Box.
|
VLAN Name field
|
Specify the name of the VLAN.
|
Status list
|
Select the status (active or suspend) of the VLAN.
|
Media Type field
|
Type (Ethernet) of VLAN. You cannot edit this field.
|
Access Ports field
|
Specify the access ports assigned to this VLAN.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become access ports.
|
Trunk Ports field
|
Specify the trunk ports the VLAN is allowed on.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become trunk ports.
|
Step 3 Click OK, then click Save.
Related Topics
•Creating Multiple Layer 2 Ethernet VLANs
•Editing Layer 2 Ethernet VLANs
Creating Multiple Layer 2 Ethernet VLANs
Procedure
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs > Layer 2 VLANs from the selector.
Step 2 Click Add, select Multiple VLANs, then edit the appropriate values.
GUI Element
|
Action/Description
|
VLANs field
|
Enter the range of values (VLAN numbers) of the VLANs to be created.
Click to open the Enter VLAN Range dialog box. See Enter VLAN Range Dialog Box.
|
Media Type field
|
Type (Ethernet) of VLAN. You cannot edit this field.
|
Status list
|
Select the status (active or suspend) of the VLANs. The status is applied to all VLANs in the range you specified.
|
Assign Ports table
|
VLAN ID column
|
Number (ID) of the VLAN. You cannot edit this field.
|
Name column
|
Double-click the entry in the Name column and enter the name of the VLAN.
|
Access Ports column
|
Specify the access ports assigned to this VLAN.
In the Access Ports column, click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become access ports.
|
Allowed on column
|
Contains the following sub-columns:
•All Trunk Ports—A check mark in this column indicates that the VLAN is allowed on all trunk ports.
To specify assigned trunk ports, click the Edit Trunk Ports button.
•Selected Trunk Ports—Specifies on which trunk ports the VLAN is allowed if the VLAN is not allowed on every trunk port.
If the VLAN is allowed on every trunk port (if a check mark appears in the All Trunk Ports column), the Select Ports column is not populated with any data.
To specify assigned trunk ports to a VLAN, select the corresponding row in the table and click the Edit Trunk Ports button.
|
Edit Trunk Ports button
|
Specify the trunk ports the VLAN is allowed on.
Click Edit Trunk Ports to open the Port Selector dialog box. For more information, see Port Selector.
Note All ports selected from the Port Selector will become trunk ports.
|
Step 3 Click OK, then click Save.
Related Topics
•Creating a Single Layer 2 Ethernet VLAN
•Editing Layer 2 Ethernet VLANs
Editing Layer 2 Ethernet VLANs
Procedure
Note You can edit only Ethernet VLANs.
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs > Layer 2 VLANs from the selector.
Step 2 From the table, select the Layer 2 VLAN to edit.
Step 3 Click Edit or double-click the VLAN. The Edit Layer 2 VLAN dialog box appears.
Step 4 Edit the appropriate values.
GUI Element
|
Action/Description
|
VLAN ID field
|
Number (ID) of the VLAN. You cannot edit this field.
|
VLAN Name field
|
Enter the name of the VLAN.
|
Status list
|
Select the status (active or suspend) of the VLAN.
|
Media Type field
|
Type (ethernet) of VLAN. You cannot edit this field.
|
Access Ports field
|
Specify the access ports assigned to the Layer 2 VLAN.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become access ports.
|
Trunk Ports field
|
Specify the trunk ports the Layer 2 VLAN is allowed on.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become trunk ports.
|
Step 5 Click OK, then click Save.
Related Topics
•Creating a Single Layer 2 Ethernet VLAN
•Creating Multiple Layer 2 Ethernet VLANs
Configuring Layer 3 VLANs
You can view information about your Layer 3 VLANs.
Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs > Layer 3 VLANs from the selector.
The Layer 3 VLANs page displays the following information:
GUI Element
|
Action/Description
|
VLAN ID
|
Number (ID) of the VLAN.
|
Name
|
Name of the VLAN.
|
Status
|
Status (active or suspend) of the VLAN.
|
Access Ports
|
Number of access ports assigned to the VLAN.
|
Trunk Ports
|
Number of trunk ports the VLAN is allowed on.
|
IP Address
|
IP address of the VLAN interface.
|
Mask
|
Subnet mask of the VLAN interface.
|
Note The Layer 3 VLANs page displays Ethernet and nonprivate VLANs and the IP address and subnet mask address of existing SVIs.
From this page, you can access functions to do the following:
•Create a single Layer 3 Ethernet VLAN. See Creating a Single Layer 3 Ethernet VLAN.
•Create multiple Layer 3 Ethernet VLANs. See Creating Multiple Layer 3 Ethernet VLANs.
•Edit a single Layer 3 Ethernet VLAN. See Editing Layer 3 Ethernet VLANs.
•Delete a Layer 3 Ethernet VLAN. See Deleting VLANs.
Related Topics
•Configuring VLANs
•Configuring Layer 2 VLANs
•Deleting VLANs
•Viewing Service VLANs
•Configuring VTP Information
Creating a Single Layer 3 Ethernet VLAN
Procedure
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs > Layer 3 VLANs from the selector.
Step 2 Click Add, select Single VLAN, then edit the appropriate values.
GUI Element
|
Action/Description
|
VLAN ID field
|
Specify the number (ID) of the VLAN.
Click to open the Enter VLAN dialog box. See Enter VLAN Dialog Box.
|
VLAN Name field
|
Specify the name of the VLAN.
|
Status list
|
Select the status (active or suspend) of the VLAN.
|
Media Type field
|
Type (ethernet) of VLAN. You cannot edit this field.
|
Access Ports field
|
Specify the access ports assigned to this VLAN.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become access ports.
|
Trunk Ports field
|
Specify the trunk ports the VLAN is allowed on.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become trunk ports.
|
SVI pane
|
SVI check box
|
Select this check box to create an SVI to create a Layer 3 VLAN for inter-VLAN routing.
|
Description field
|
Enter a brief description of the SVI.
|
Admin Status list
|
Select the admin status (up or down) of the SVI.
|
IP Address field
|
Enter the IP address of the SVI.
|
Mask list/field
|
Specify the subnet mask address of the SVI. Select a value from the list or enter a value in the field.
|
Step 3 Click OK, then click Save.
Related Topics
•Creating Multiple Layer 3 Ethernet VLANs
•Editing Layer 3 Ethernet VLANs
Creating Multiple Layer 3 Ethernet VLANs
Procedure
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs > Layer 3 VLANs from the selector.
Step 2 Click Add, select Multiple VLANs, then edit the appropriate values.
GUI Element
|
Action/Description
|
VLANs field
|
Enter the range of values (VLAN numbers) of the VLANs to be created.
Click to open the Enter VLAN Range dialog box. See Enter VLAN Range Dialog Box.
|
Media Type field
|
Type (ethernet) of VLAN. You cannot edit this field.
|
Status list
|
Select the status (active or suspend) of the VLANs. The status is applied to all VLANs in the range you specified.
|
Assign Ports and Configure SVI table
|
VLAN ID column
|
Number (ID) of the VLAN. You cannot edit this field.
|
Name column
|
Double-click the entry in the Name column and enter the name of the VLAN.
|
Access Ports column
|
Specify the access ports assigned to this VLAN.
In the Access Ports column, click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become access ports.
|
Allowed on column
|
Contains the following sub-columns:
•All Trunk Ports—A check mark in this column indicates that the VLAN is allowed on all trunk ports.
To specify assigned trunk ports, click the Edit Trunk Ports button.
•Selected Trunk Ports—Specifies on which trunk ports the VLAN is allowed if the VLAN is not allowed on every trunk port.
If the VLAN is allowed on every trunk port (if a check mark appears in the All Trunk Ports column), the Select Ports column is not populated with any data.
To specify assigned trunk ports to a VLAN, select the corresponding row in the table and click the Edit Trunk Ports button.
|
SVI Details column
|
Contains the following sub-columns:
•IP Address—Double-click the entry in the IP address sub-column and enter the IP address of the SVI.
•Mask—Double-click the entry in the Mask sub-column and specify the subnet mask address of the SVI. Select a value from the list or enter a value in the field.
The Admin Status is set to up for the SVI you create.
Note Even if you do not enter values for these sub-columns, an SVI is created to make all the VLANs in the specified range Layer 3 VLANs. If you specify these values, an SVI is created with the IP address and subnet mask address you entered.
|
Edit Trunk Ports button
|
Specify the trunk ports the VLAN is allowed on.
Click Edit Trunk Ports to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become trunk ports.
|
Step 3 Click OK, then click Save.
Related Topics
•Creating a Single Layer 3 Ethernet VLAN
•Editing Layer 3 Ethernet VLANs
Editing Layer 3 Ethernet VLANs
Procedure
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs > Layer 3 VLANs from the selector.
Step 2 From the table, select the Layer 3 VLAN to edit.
Step 3 Click Edit or double-click the VLAN. The Edit Layer 3 VLAN dialog box appears.
Step 4 Edit the appropriate values.
GUI Element
|
Action/Description
|
VLAN ID field
|
Number (ID) of the VLAN. You cannot edit this field.
|
VLAN Name field
|
Enter the name of the VLAN.
|
Status list
|
Select the status (active or suspend) of the VLAN.
|
Media Type field
|
Type (ethernet) of VLAN. You cannot edit this field.
|
Access Ports field
|
Specify the access ports assigned to this Layer 3 VLAN.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become access ports.
|
Trunk Ports field
|
Specify the trunk ports the Layer 3 VLAN is allowed on.
Click to open the Port Selector dialog box. See Port Selector.
Note All ports selected from the Port Selector will become trunk ports.
|
SVI Details pane
|
Description field
|
Enter a brief description of the SVI.
|
Admin Status list
|
Select the admin status (up or down) of the SVI.
|
IP Address field
|
Enter the IP address of the SVI.
|
Mask field/list
|
Specify the subnet mask address of the SVI. Select a value from the list or enter a value in the field.
|
Step 5 Click OK, then click Save.
Related Topics
•Creating a Single Layer 3 Ethernet VLAN
•Creating Multiple Layer 3 Ethernet VLANs
Deleting VLANs
Procedure
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then, select one of the following:
•VLANs
•VLANs > Layer 2 VLANs
•VLANs > Layer 3 VLANs
Step 2 Select, from the table, the VLAN to delete.
Step 3 Click Delete, then click Yes when you are prompted to confirm the deletion.
Related Topics
•Configuring VLANs
•Configuring Layer 2 VLANs
•Configuring Layer 3 VLANs
Viewing Service VLANs
Service VLANs are VLANs assigned to service modules, such as CVDM-SSLSM and Firewall modules. You can view details about your service VLANs.
Click Switch in the task bar, click VLANs in the left-most pane, then select VLANs > Service VLANs from the selector.
The Service VLANs page displays the following information:
Column
|
Description
|
VLAN ID
|
Number (ID) of the VLAN.
|
Name
|
Name of the VLAN.
|
Services
|
Service modules on which the VLAN is configured.
|
Related Topics
•Configuring VLANs
•Configuring Layer 2 VLANs
•Configuring Layer 3 VLANs
•Configuring VTP Information
Configuring VTP Information
You can view details about your VTP.
Click Switch in the task bar, click VLANs in the left-most pane, then select VTP from the selector.
The VLAN Trunking Protocol (VTP) page displays the following information:
Field
|
Description
|
Mode
|
Mode in which the VTP is running (client, server, or transparent).
VTP client maintains a list of all VLANs but cannot add, delete, or rename VLANs. VTP server maintains a list of all VLANs and can add, delete, and rename VLANs.
|
Domain Name
|
Domain name of the VTP.
|
Password
|
Your VTP password.
|
V2 Mode
|
VTP version (V1 or V2). If you are using Token Ring VLANs, use V2 VTPs; otherwise, you can use V1 or V2 VTPs.
|
Pruning
|
When enabled, eliminates any unnecessary traffic created and broadcast by VTP.
|
From this page, you can edit your VTP information. See Editing VTP Information.
For more information about configuring VTP, see the relevant section in Catalyst 6500 Family IOS Software Configuration Guide.
Related Topics
•Configuring VLANs
•Configuring Layer 2 VLANs
•Configuring Layer 3 VLANs
•Viewing Service VLANs
Editing VTP Information
Procedure
Step 1 Click Switch in the task bar, click VLANs in the left-most pane, then select VTP from the selector.
Step 2 Click Edit. The Edit VTP dialog box appears.
Step 3 Edit the appropriate values.
GUI Element
|
Action/Description
|
Mode list
|
Select the mode in which the VTP is running (client, server, or transparent).
VTP client maintains a list of all VLANs but cannot add, delete, or rename VLANs. VTP server maintains a list of all VLANs and can add, delete, and rename VLANs.
|
Domain Name field
|
Enter the VTP domain name.
|
Password field
|
Enter your VTP password.
|
V2 mode list
|
Select the status of VTP version 2 (enabled or disabled).
If you are using Token Ring VLANs, use V2 VTPs; otherwise, you can use V1 or V2 VTPs.
|
Pruning list
|
Select the pruning status (enabled or disabled) on VTP.
When enabled, pruning eliminates any unnecessary traffic created and broadcast by VTP.
|
Step 4 Click OK, then click Save.
Related Topic
•Configuring VTP Information
Spanning Tree Settings (Switch > Spanning Tree)
DM 6500/7600 allows you to view and configure VLAN and port spanning tree protocol (STP) settings. STP is a link management protocol that provides path redundancy while preventing undesirable loops in the network. For a Layer 2 Ethernet or Token Ring network to function properly, only one active path can exist between two stations. STP operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.
For more information about configuring STP, see the relevant section in Catalyst 6500 Family IOS Software Configuration Guide.
Topics in this section contain information about:
•Configuring STP Settings for All VLANs
•Configuring STP Settings for a Specific VLAN
•Configuring STP Settings for All Ports
•Configuring STP Settings for a Specific Port
Configuring STP Settings for All VLANs
You can view your STP settings for all VLANs. Click Switch in the task bar, click Spanning Tree in the left-most pane, then select VLANs in the selector to display the Spanning Tree page (see Figure 14-9).
Figure 14-9 STP Page
This page provides a table that displays the following information:
Column
|
Description
|
VLAN
|
Number (ID) of the VLAN.
|
STP Status
|
Status (enabled or disabled) of STP on the VLAN.
|
Primary Root
|
Specifies if the VLAN is on a primary root switch (yes or no).
|
Blocking column
|
Number of blocking ports.
Ports in the blocking state do not participate in frame forwarding. A switch always enters the blocking state after switch initialization.
|
Listening column
|
Number of listening ports.
Ports enter the listening state when STP determines that the port should participate in frame forwarding. Ports enter the listening state from the blocking state. Learning is disabled in the listening state.
|
Learning column
|
Number of learning ports.
Ports in the learning state prepare to participate in frame forwarding. Ports enter the learning state from the listening state.
|
Forwarding column
|
Number of forwarding ports.
Ports in the forwarding state forward frames. Ports enter the forwarding state from the learning state.
|
STP Active column
|
Total number of blocking, listening, learning, and forwarding VLANs.
|
|
Note DM 6500/7600 supports only PVST and Rapid PVST STP modes. You can change your STP mode from the Global Settings page (see Configuring Global Settings). However, if you select MST as the STP mode, then DM 6500/7600 does not populate any STP data.
You can edit your STP settings for a VLAN or VLANs from this page. See Editing STP Settings for a VLAN or VLANs.
Related Topics
•Configuring STP Settings for a Specific VLAN
•Configuring STP Settings for All Ports
•Configuring STP Settings for a Specific Port
Editing STP Settings for a VLAN or VLANs
Procedure
Step 1 Click Switch in the task bar, click Spanning Tree in the left-most pane, then select VLANs from the selector.
Step 2 From the table, select the VLAN to edit. To select multiple VLANs, press the Ctrl key as you select each VLAN to edit.
Step 3 Click Edit The Edit STP Settings dialog box appears.
Step 4 Edit the appropriate values.
GUI Element
|
Action/Description
|
VLAN Range field
|
Values (IDs) of the VLAN(s) that to edit. You cannot edit this field.
|
Enable STP list
|
Select to enable STP (yes or no) on the VLAN or VLANs.
|
Root Configuration list
|
Select the root configuration (Primary, Secondary, or Not Root).
|
Step 5 Click OK, then click Save.
Related Topics
•Configuring STP Settings for All VLANs
Configuring STP Settings for a Specific VLAN
You can view the STP settings for a particular VLAN.
Step 1 Click Switch in the task bar, click Spanning Tree from the left-most pane, then select VLANs from the selector.
Step 2 From the selector, select the VLAN for which to view STP settings.
The following information is displayed:
GUI Element
|
Description
|
STP Summary pane
|
VLAN field
|
Number (ID) of the VLAN.
|
Protocol field
|
Protocol.
|
STP Status field
|
Status (enabled or disabled) of STP.
|
Root Switch field
|
Specifies if the switch is a root (yes or no).
The STP root switch is the logical center of the STP topology in a switched network.
|
Root Cost field
|
Also called Root Path Cost—the cumulative cost of all links to the root bridge.
In a BPDU, this is the value transmitted in the cost field. In a bridge, this value is calculated by adding the receiving port's path cost to the value contained in the BPDU.
|
Root Port field
|
Specifies the port that is closest to the root bridge. Every nonroot bridge must select one root port.
|
Bridge Priority field
|
Priority value of the bridge. The value can be from 1 to 65535.
|
MAC Address field
|
MAC address of this switch.
|
Hello Time field
(seconds)
|
Determines how often the root switch broadcasts its hello message to other switches.
|
Max Age field
(seconds)
|
Measures the age of the received protocol information recorded for a port and ensures that this information is discarded when its age limit exceeds the value of the maximum age parameter recorded by the switch. The timeout value is the maximum age parameter of the switches.
|
Forward Delay field
(seconds)
|
Monitors the time spent by a port in the learning and listening states. The timeout value is the forward delay parameter of the switches.
|
Root Bridge pane
|
Bridge Priority field
|
Priority value of the root bridge. The value can be from 1 to 65535.
|
MAC Address field
|
MAC address of the root bridge.
|
Hello Time field
(seconds)
|
Determines how often the switch broadcasts its hello message to other switches.
|
Max Age field
(seconds)
|
Measures the age of the received protocol information recorded for a port and ensures that this information is discarded when its age limit exceeds the value of the maximum age parameter recorded by the switch. The timeout value is the maximum age parameter of the switches.
|
Forward Delay field
|
Monitors the time spent by a port in the learning and listening states. The timeout value is the forward delay parameter of the switches.
|
Ports table
|
Interface column
|
Names of the access and trunk ports associated with this VLAN.
|
Role column
|
STP-assigned role; STP works by assigning roles to switches and ports to ensure that there is only one path through the switched network at any one time. The roles assigned are root bridge, root port, designated port, and nondesignated port.
There is only one root bridge in any loop and only one designated port in any one segment. On the root bridge, all ports are designated. The selection of the root bridge is based on either an assigned number or an arbitrary number such as a MAC address.
|
Status column
|
Status (blocking, learning, listening, or forwarding) of the port on this VLAN.
|
Cost column
|
Port cost value; ports with lower port costs are more likely to be chosen to forward frames.
|
Priority column
|
Port priority value; the port with the lowest priority value forwards frames for all VLANs.
|
Number column
|
Port number; if all ports have the same port priority value, STP puts the port with the lowest port number in the forwarding states and blocks other ports.
|
Link Type column
|
Link type on the port (Shared or Point-to-point):
•Shared indicates that the link is a shared segment and can contain more than one device.
•Point-to-point indicates that the link is a point-to-point link to another device.
|
From this page, you can edit your STP settings for a VLAN. See Editing STP Settings for a Specific VLAN.
Related Topics
•Configuring STP Settings for All VLANs
•Configuring STP Settings for All Ports
•Configuring STP Settings for a Specific Port
Editing STP Settings for a Specific VLAN
Procedure
Step 1 Click Switch in the task bar, click Spanning Tree from the left-most pane, then select VLANs from the selector.
Step 2 From the selector, select the VLAN for which to edit STP settings.
Step 3 In the STP Summary pane, click Edit.
Step 4 Edit the appropriate values in the Edit STP Settings dialog box.
GUI Element
|
Action/Description
|
VLAN Number field
|
Number (ID) of the VLAN. You cannot edit this field.
|
Enable STP check box
|
Click the check box to enable STP on the VLAN.
|
Root Config radio button
|
Specify the configuration of the root. Do one of the following:
•Select via Macro, then select the root type (Primary, Secondary, Not Root) from the Root Type list.
Macro looks at the bridge priority value of all other switches and compares it to the value of this switch; to make this switch the root switch, Macro gives this switch a lower value to force it to become the root.
•Select via Bridge Priority, then do one of the following to specify the bridge priority:
–If Extended System ID is enabled, the Bridge Priority list is shown; select the bridge priority value from this list.
–If Extended System ID is disabled, enter any bridge priority value from 1 to 65535 in the Bridge Priority field.
The switch becomes the root when its bridge priority value is the lowest value.
If the bridge priority value of this switch is the same as the bridge priority value of another switch, the switch with the lower MAC address becomes the root switch.
|
Step 5 Click OK, then click Save.
Related Topics
•Configuring STP Settings for a Specific VLAN
Configuring STP Settings for All Ports
You can view your STP settings for all ports.
Click Switch in the task bar, click Spanning Tree in the left-most pane, then select Ports from the selector.
The following information is displayed:
Column
|
Description
|
Port Name
|
Name of the port.
|
PortFast
|
Indicates the status of PortFast (Enabled, Disabled, or Global) on the port.
PortFast causes a port to immediately enter the spanning-tree forwarding state, bypassing the listening and learning states.
|
VLANs
|
Contains the following sub-columns:
•Blocking VLANs—Number of VLANs on which the port is blocking.
•Listening VLANs—Number of VLANs on which the port is listening.
•Learning VLANs—Number of VLANs on which the port is learning.
•Forwarding VLANs—Number of VLANs on which the port is forwarding.
|
You can edit your STP settings for a port or ports from this page. See Editing STP Settings for a Port or Ports.
Related Topics
•Configuring STP Settings for All VLANs
•Configuring STP Settings for a Specific VLAN
•Configuring STP Settings for a Specific Port
Editing STP Settings for a Port or Ports
Procedure
Step 1 Click Switch in the task bar, select Spanning Tree in the left-most pane, then select Ports from the selector.
Step 2 From the table, select the port to edit. To select multiple ports, press the Ctrl key as you select each ports to edit.
Step 3 Click Edit. The Edit STP Settings dialog box appears.
Step 4 Edit the appropriate values.
GUI Element
|
Action/Description
|
Port(s) field
|
Name of the port(s) to edit. You cannot edit this field.
|
Enable PortFast list
|
Select the status of PortFast (Enabled, Disabled, or Global) on the port.
PortFast causes a port to immediately enter the spanning-tree forwarding state, bypassing the listening and learning states.
|
Step 5 Click OK, then click Save.
Related Topics
•Configuring STP Settings for All Ports
Configuring STP Settings for a Specific Port
You can view the STP settings for a particular port.
Step 1 Click Switch in the task bar, click Spanning Tree in the left-most pane, then select Ports from the selector.
Step 2 Select the port for which to view STP settings.
The following information is provided:
GUI Element
|
Description
|
STP Summary pane
|
Name field
|
Name of the port.
|
Port Cost field
|
Port cost value; ports with lower port costs are more likely to be chosen to forward frames. If the port does not have a port cost value in the device running configuration, default is displayed.
|
Port Priority field
|
Port priority value; the port with the lowest priority value forwards frames for all VLANs. If the port does not have a port priority value, default is displayed.
|
Link Type field
|
Link type on the port (Shared, Point-to-point, or Default):
•Shared indicates that the link is a shared segment and can contain more than one device.
•Point-to-point indicates that the link is a point-to-point link to another device.
|
PortFast field
|
Status (Enabled, Disabled, or Global) or PortFast.
PortFast causes a port to immediately enter the spanning-tree forwarding state, bypassing the listening and learning states.
|
BPDU Guard field
|
Status (Enabled, Disabled, or Global) of BPDU guarding.
When enabled, BPDU guard causes STP to shut down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning-tree blocking state.
|
BPDU Filter field
|
Status (Enabled, Disabled, or Global) of BPDU filtering.
When enabled, the BPDU filter allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system.
|
Guard field
|
Type of guard enabled on the port. Values can be:
•Loop—Verifies whether or not a root port or an alternate root port receives BPDUs. If the port is not receiving BPDUs, the loop guard feature puts the port into an inconsistent state until it starts receiving BPDUs again.
•Root—Forces a Layer 2 LAN interface to become a designated port; if any device accessible through the interface becomes the root bridge, root guard puts the interface into the blocked state.
•None—No guarding is enabled on the port.
|
STP VLAN Summary table
|
VLAN Number column
|
Number (ID) of the VLAN to which the port belongs.
|
Status column
|
Status (blocking, learning, listening, or forwarding) of the port on this VLAN.
|
Role column
|
STP-assigned role; STP works by assigning roles to switches and ports to ensure that there is only one path through the switched network at any one time. The roles assigned are root bridge, root port, designated port, and nondesignated port.
There is only one root bridge in any loop and only one designated port in any one segment. On the root bridge, all ports are designated. The selection of the root bridge is based on either an assigned number or an arbitrary number such as a MAC address.
|
Cost column
|
Cost value on this VLAN; ports with lower port-VLAN costs are more likely to be chosen to forward frames. This value takes precedence over the global port cost value (displayed in the STP Summary Pane).
|
Priority column
|
Port priority value on this VLAN; the port with the lowest priority value forwards frames for all VLANs. This value takes precedence over the global port priority value (displayed in the STP Summary Pane).
|
You can edit your STP settings for a port from this page. See Editing STP Settings For a Specific Port.
Related Topics
•Configuring STP Settings for All VLANs
•Configuring STP Settings for a Specific VLAN
•Configuring STP Settings for All Ports
Editing STP Settings For a Specific Port
Procedure
Step 1 Click Switch in the task bar, click Spanning Tree in the left-most pane, then select Ports from the selector. Then, from the selector, select the port for which to configure STP settings.
Step 2 From the STP Summary field, click Edit. The Edit STP Settings dialog box appears.
Step 3 Edit the appropriate values.
GUI Element
|
Action/Description
|
Port Cost field
|
Enter the port cost value.
Ports with lower port costs are more likely to be chosen to forward frames.
|
Port Priority list
|
Select the port priority value.
The port with the lowest priority value forwards frames for all VLANs.
|
Link Type list
|
Select the link type on the port (Shared, Point-to-point, or Default):
•Shared indicates that the link is a shared segment and can contain more than one device.
•Point-to-point indicates that the link is a point-to-point link to another device.
|
PortFast list
|
Select the status of PortFast (Enabled, Disabled, or Global) on the port.
When enabled, PortFast causes a switch or trunk port to immediately enter the STP forwarding state, bypassing the listening and learning states.
|
BPDU Guard list
|
Select the status of BPDU guard (Enabled, Disabled, or Global) on the port.
When enabled, BPDU guard causes STP to shut down PortFast-configured interfaces that receive bridge protocol data units (BPDUs), instead of putting them into the spanning-tree blocking state.
|
BPDU Filter list
|
Select the status of BPDU filter (Enabled, Disabled, or Global) on the port.
When enabled, BPDU filter allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system.
|
STP Guard list
|
Select the type of STP guard (None, Root, Loop, or Global).
•Loop—Verifies whether or not a root port or an alternate root port receives BPDUs. If the port is not receiving BPDUs, the loop guard feature puts the port into an inconsistent state until it starts receiving BPDUs again.
•Root—Forces a Layer 2 LAN interface to become a designated port; if any device accessible through the interface becomes the root bridge, root guard puts the interface into the blocked state.
•None—No guarding is enabled on the port.
|
Step 4 Click OK, then click Save.
Related Topics
•Configuring STP Settings for a Specific Port
Displaying VPN Routing and Forwarding Instances (Switch > VRFs)
To display information about the VPN Routing and Forwarding (VRF) instances on a switch, select Switch > VRFs.
A VRF instance consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. VRF instances convert routers into multiple virtual routers by creating a separate forwarding table for each VPN.
Service Module Configuration (Services > Flows)
Topics in this section contain information about:
•Adding VLANs/Interfaces
•Adding VLAN/Interface Connections Between Service Modules
•Viewing and Configuring Virtual Firewalls (Contexts)
Viewing Service Modules and VLAN Connections Using the Services Topology Map
You can view a graphical display of all service modules and the VLANs that span across them by clicking Services in the task bar and clicking Flows in the left-most pane. The Flows page displays the Services Topology map (see Figure 14-10).
Figure 14-10 Flows Page
Note When DM 6500/7600 detects a firewall module that supports virtual firewalls (contexts) and you have provided the correct credentials, you will see a Module View tab and a Virtual Firewall View tab. The Services Topology map is displayed in the Module View tab. See Viewing and Configuring Virtual Firewalls (Contexts).
From the Services Topology map, you can do the following:
•View a graphical representation of all modules and VLANs that span across them:
–Service modules are labeled and represented by various icons.
–VLANs are labeled and represented by solid lines.
–If there are more than five connecting VLANs, they are represented by one thick, solid line. To view the individual VLAN IDs for an aggregate VLAN, place your mouse over the thick line.
–Service module icons and VLANs can be moved to get a better view of what is on your device.
•Easily identify and fix potential security holes. For example, you might see a VLAN directly connecting an MSFC icon and a CSM icon, thus bypassing a firewall. You can then use one of the service module wizards to fix the security hole. See Service Module Setup Wizards.
•View information and perform tasks using the VLAN Connection Shortcut Menu. You can edit or delete the selected VLAN connection.
•View all VLAN and interface information about the selected VLAN connection or service module in a tabular format (under the topology map). For a description of the provided information, see the relevant service module section in Firewall Service Module Setup.
•Zoom in, zoom out, and print the topology map by clicking on the magnifying glass and print icons.
Related Topics
•Adding VLANs/Interfaces
•Adding VLAN/Interface Connections Between Service Modules
•Viewing and Configuring Virtual Firewalls (Contexts)
Nonrecommended Service Module Configurations
When DM 6500/7600 discovers service module configurations on the switch that are not recognized as recommended configurations, the Non-Recommended Configurations dialog box appears.
Step 1 Remove the module configurations that DM 6500/7600 lists in the Non-Recommended Configurations dialog box.
Step 2 Start one of the service module wizards. See Service Module Setup Wizards to understand your options.
Related Topic
•VLAN Connection Shortcut Menu
VLAN Connection Shortcut Menu
The VLAN connection shortcut menu allows you to quickly edit or delete a VLAN connection.
Procedure
Step 1 Click Services in the task bar, then click Flows in the left-most pane.
Step 2 Right-click a VLAN connection from the Services Topology Map or from the Virtual Firewall View tab. See Viewing and Configuring Virtual Firewalls (Contexts).
Step 3 Select Edit or Delete. If deleting a VLAN connecting a firewall context, see Delete VLAN Connection Warning Dialog Box.
Step 4 Enter the appropriate information. For parameter descriptions, see VLAN Connection Parameters.
Delete VLAN Connection Warning Dialog Box
This dialog box appears if you are deleting a VLAN connecting a firewall context. Select one of the following:
•Delete VLAN link only for selected context—This option removes only this VLAN for the selected context.
•Delete VLAN links for all firewall contexts—This option deletes the selected VLAN link for all contexts.
Caution Selecting the second option prevents traffic from flowing to all the contexts that share this VLAN.
Related Topics
•Adding VLAN/Interface Connections Between Service Modules
•Viewing Contexts
Adding VLANs/Interfaces
You can use the Services Topology Map to add a VLAN/interface on a Firewall Services Module (FWSM). See also Firewall Service Module Setup.
Procedure
Step 1 Click Services in the task bar, then click Flows in the left-most pane.
Step 2 Select a service module icon from the Services Topology Map. If you select a firewall module that supports contexts, you can select a context from the selector to view associated interface information. A table showing VLAN and interface information about the selected service module appears.
Step 3
