Table Of Contents
Manually Assigning and Removing Switch IP Information
Using DHCP-Based Autoconfiguration
Understanding DHCP-Based Autoconfiguration
Configuring the Domain Name and the DNS
Setting the System Date and Time
Configuring Daylight Saving Time
Configuring the Network Time Protocol
Configuring the Switch as an NTP Client
Configuring the Switch for NTP Broadcast-Client Mode
Configuring CDP for Extended Discovery
Using STP to Support Redundant Connectivity
Accelerating Aging to Retain Connectivity
Configuring STP and UplinkFast in a Cascaded Cluster
Configuring Redundant Links By Using STP UplinkFast
Configuring Cross-Stack UplinkFast
Events that Cause Fast Convergence
Configuring Cross-Stack UplinkFast
Changing the STP Parameters for a VLAN
Changing the STP Implementation
Changing the BPDU Message Interval
Changing the Hello BPDU Interval
Changing the Forwarding Delay Time
Enabling the Port Fast Feature
Controlling IP Multicast Packets through CGMP
Enabling the Fast Leave Feature
Disabling the CGMP Fast Leave Feature
Changing the CGMP Router Hold-Time
Using MVR in a Multicast Television Application
Configuration Guidelines and Limitations
Managing the MAC Address Tables
Changing the Address Aging Time
Removing Dynamic Address Entries
Configuring Static Addresses for EtherChannel Port Groups
Configuring the TACACS+ Server Host
Configuring Login Authentication
Specifying TACACS+ Authorization for EXEC Access and Network Services
Configuring a Switch for Local AAA
Configuring the System
This chapter provides information about changing switch-wide configuration settings. It includes command-line interface (CLI) procedures for using commands that have been specifically created or changed for the Catalyst 2900 XL or Catalyst 3500 XL switches. For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference.
This chapter does not repeat the concepts and CLI procedures provided in the standard Cisco IOS Release 12.0 documentation. For switch features that use standard Cisco IOS Release 12.0 commands, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
For information about configuring these settings from Cluster Management Suite (CMS), refer to the online help.
Note
Some features can be implemented only by using the CLI.
Changing IP Information
You can assign and change the IP information of your switch in the following ways:
•
•
•
Caution
Note
Manually Assigning and Removing Switch IP Information
You can manually assign an IP address, mask, and default gateway to the switch. The mask identifies the bits that denote the network number in the IP address. When you use the mask to subnet a network, the mask is then referred to as a subnet mask. The broadcast address is reserved for sending messages to all hosts. The CPU sends traffic to an unknown IP address through the default gateway.
Beginning in privileged EXEC mode, follow these steps to enter the IP information:
Use the following procedure to remove the IP information from a switch.
Note
Beginning in privileged EXEC mode, follow these steps to remove an IP address:
Using DHCP-Based Autoconfiguration
The Dynamic Host Configuration Protocol (DHCP) provides configuration information to Internet hosts and internetworking devices. With DHCP-based autoconfiguration, your switch (DHCP client) can be automatically configured during bootup with IP address information and a configuration file that it receives during DHCP-based autoconfiguration.
Note
Understanding DHCP-Based Autoconfiguration
The DHCP provides configuration information to internet hosts and internetworking devices. This protocol consists of two components: one for delivering configuration parameters from a DHCP server to a device and one for allocating network addresses to devices. DHCP is built on a client-server model, where designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured devices.
With DHCP-based autoconfiguration, your switch (DHCP client) can be automatically configured at startup with IP address information and a configuration file that it receives during DHCP-based autoconfiguration. No DHCP client-side configuration is required on your switch.
However, you need to configure the DHCP server for various lease options. You might also need to configure a TFTP server, a Domain Name System (DNS) server, and possibly a relay device if the servers are on a different LAN than your switch. A relay device forwards broadcast traffic between two directly connected LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP address in the received packet. DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.
DHCP Client Request Process
When you boot your switch, the DHCP client can be invoked and automatically request configuration information from a DHCP server under the following conditions:
•
•
•
Figure 6-1 shows the sequence of messages that are exchanged between the DHCP client and the DHCP server.
Figure 6-1 DHCP Request for IP Information from a DHCP Server
The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.
In a DHCPREQUEST broadcast message, the client returns a request for the offered configuration information to the DHCP server. The request is broadcast so that all other DHCP servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP addresses that they offered to the client.
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client. With this message, the client and server are bound, and the client uses configuration information received from the server. The amount of information the switch receives depends on how you configure the DHCP server. For more information, see the "Configuring the DHCP Server" section.
If the configuration parameters sent to the client in the DHCPOFFER unicast message by the DHCP server are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
The DHCP server sends the client a DHCPNAK denial broadcast message, which means the offered configuration parameters have not been assigned, an error has occurred during the negotiation of the parameters, or the client has been slow in responding to the DHCPOFFER message (the DHCP server assigned the parameters to another client) of the DHCP server.
A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any one of the offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is not a guarantee that the IP address will be allocated to the client; however, the server usually reserves the address until the client has had a chance to formally request the address. If the switch accepts replies from a BOOTP server and configures itself, the switch will broadcast, instead of unicast, TFTP requests to obtain the switch configuration file.
Configuring the DHCP Server
You should configure the DHCP servers with reserved leases that are bound to each switch by the switch hardware address. If the DHCP server does not support reserved leases, the switch can obtain different IP addresses and configuration files at different boot instances. You should configure the DHCP server with the following lease options:
•
•
•
•
•
•
•
If you do not configure the DHCP server with the lease options described earlier, then it replies to client requests with only those parameters that have available values. If the IP address and subnet mask are not in the reply, the switch is not configured. If the DNS server IP address, router IP address, or TFTP server name are not found, the switch might broadcast TFTP requests. Unavailability of other lease options does not affect autoconfiguration.
Note
The DHCP server can be on the same or a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a relay device. The DHCP server can be running on a UNIX or Linux operating system; however, the Windows NT operating system is not supported in this release.
For more information, see the "Configuring the Relay Device" section. You must also set up the TFTP server with the switch configuration files; for more information, see the next section.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the TFTP Server
The TFTP server must contain one or more configuration files in its base directory. The files can include the following:
•
•
•
You must specify the TFTP server name in the DHCP server lease database. You must also specify the TFTP server name-to-IP-address mapping in the DNS server database.
The TFTP server can be on the same or a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a relay device or a router. For more information, see the "Configuring the Relay Device" section.
If the configuration filename is provided in the DHCP server reply, the configuration files for a switch can be spread over multiple TFTP servers. However, if the configuration filename is not provided, then the configuration files must reside on a single TFTP server.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the Domain Name and the DNS
Each unique IP address can have a host name associated with it. The IOS software maintains a cache of host name-to-address mappings for use by the EXEC mode connect, telnet, and ping commands, and related Telnet support operations. This cache speeds the process of converting names to addresses.
IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, the File Transfer Protocol (FTP) system for example, is identified as ftp.cisco.com.
To keep track of domain names, IP has defined the concept of a Domain Name Server (DNS), which holds a cache (or database) of names mapped to IP addresses. To map domain names to IP addresses, you must first identify the host names and then specify a name server and enable the DNS, the Internet's global naming scheme that uniquely identifies network devices.
You can specify a default domain name that the software uses to complete domain name requests. You can specify either a single domain name or a list of domain names. When you specify a domain name, any IP host name without a domain name will have that domain name appended to it before being added to the host table.
If your network devices require connectivity with devices in networks for which you do not control name assignment, you can assign device names that uniquely identify your devices within the entire internetwork. The Internet's global naming scheme, the DNS, accomplishes this task. This service is enabled by default.
The switch uses the DNS server to resolve the TFTP server name to a TFTP server IP address. You must configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the configuration files for the switch.
You must configure the IP addresses of the DNS servers in the lease database of the DHCP server from where the DHCP replies will retrieve them. You can enter up to two DNS server IP addresses in the lease database.
The DNS server can be on the same or a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a relay device or router. For more information, see the "Configuring the Relay Device" section.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the Relay Device
You need to use a relay device if the DHCP, DNS, or TFTP servers are on a different LAN than the switch. You must configure this relay device to forward received broadcast packets on an interface to the destination host. This configuration ensures that broadcasts from the DHCP client can reach the DHCP, DNS, and TFTP servers and that broadcasts from the servers can reach the DHCP client.
If the relay device is a Cisco router, you enable IP routing (ip routing global configuration command) and configure it with helper addresses by using the ip helper-address interface configuration command.
For example, in Figure 6-2, you configure the router interfaces as follows:
On interface 10.0.0.2:
router(config-if)# ip helper-address 20.0.0.2router(config-if)# ip helper-address 20.0.0.3router(config-if)# ip helper-address 20.0.0.4On interface 20.0.0.1
router(config-if)# ip helper-address 10.0.0.1Figure 6-2 Relay Device Used in Autoconfiguration
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Obtaining Configuration Files
Depending on the availability of the IP address and the configuration filename in the DHCP reserved lease, the switch obtains its configuration information in the following ways:
•
The switch receives its IP address, subnet mask, and configuration filename from the DHCP server. It also receives a DNS server IP address and a TFTP server name. The switch sends a DNS request to the DNS server, specifying the TFTP server name, to obtain the TFTP server address. Then the switch sends a unicast message to the TFTP server to retrieve the named configuration file from the base directory of the server, and upon receipt, completes its boot-up process.
•
The switch follows the same configuration process described above.
•
The switch receives its IP address and subnet mask from the DHCP server. It also receives a DNS server IP address and a TFTP server name. The switch sends a DNS request to the DNS server, specifying the TFTP server name, to obtain the TFTP server address.
The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg file.)
The default configuration file contains the host names-to-IP-address mapping for the switch. The switch fills its host table with the information in the file and obtains its host name. If the host name is not found in the file, the switch uses the host name in the DHCP reply. If the host name is not specified in the DHCP reply, the switch uses the default "Switch" as its host name.
After obtaining its host name from the default configuration file or the DHCP reply, the switch reads the configuration file that has the same name as its host name (hostname-confg or hostname.cfg, depending on whether network-confg or cisconet.cfg was read earlier) from the TFTP server. If the cisconet.cfg file is read, the filename of the host is truncated to eight characters.
If the switch cannot read the network-confg, cisconet.cfg, or the host-name file, it reads the router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file.
Note
Example Configuration
Figure 6-3 shows a sample network for retrieving IP information using DHCP-based autoconfiguration.
Figure 6-3 DHCP-Based Autoconfiguration Network Example
Table 6-1 shows the configuration of the reserved leases on the DHCP server.
DNS Server Configuration
The DNS server maps the TFTP server name maritsu to IP address 10.0.0.3.
TFTP Server Configuration (on UNIX)
The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file used in the two-file read method. This file contains the host name to be assigned to the switch based on its IP address. The base directory also contains a configuration file for each switch (switch1-confg, switch2-confg, and so forth) as shown in this display:
prompt> cd /tftpserver/work/prompt> lsnetwork-confgswitch1-confgswitch2-confgswitch3-confgswitch4-confgprompt> cat network-confgip host switch1 10.0.0.21ip host switch2 10.0.0.22ip host switch3 10.0.0.23ip host switch4 10.0.0.24DHCP Client Configuration
No configuration file is present on Switch 1 through Switch 4.
Configuration Explanation
In Figure 6-3, Switch 1 reads its configuration file as follows:
•
•
•
•
•
Switches 2 through 4 retrieve their configuration files and IP addresses in the same way.
Changing the Password
You can assign the password of your switch in the following ways:
•
•
Note
Because many privileged EXEC commands are used to set operating parameters, you should password-protect these commands to prevent unauthorized use. Catalyst 2900 XL and Catalyst 3500 XL switches have two commands for setting passwords:
•
•
You must enter one of these passwords to gain access to privileged EXEC mode. We recommend that you use the enable secret password.
Note
If you enter the enable secret command, the text is encrypted before it is written to the config.text file, and it is unreadable. If you enter the enable password command, the text is written as entered to the config.text file where you can read it.
You can also specify up to 15 privilege levels and define passwords for them by using the enable password [level level] {password} or the enable secret [level level] {password} command. Level 1 is EXEC-mode user privileges. If you do not specify a level, the privilege level defaults to 15 (privileged EXEC-mode privileges).
You can specify a level, set a password, and give the password only to users who need to have access at this level. Use the privilege level global configuration command to specify commands accessible at various levels.
Note
For information about managing passwords in switch clusters, see the "Passwords" section.
Both types of passwords can contain from 1 to 25 uppercase and lowercase alphanumeric characters, and both can start with a number. Spaces are also valid password characters; for example, two words is a valid password. Leading spaces are ignored; trailing spaces are recognized. The password is case sensitive.
To remove a password, use the no version of the commands: no enable secret or no enable password. If you lose or forget your enable password, see the "Recovering from a Lost or Forgotten Password" section.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Setting the System Date and Time
You can change the date and a 24-hour clock time setting on the switch. If you are entering the time for an American time zone, enter the three-letter abbreviation for the time zone, such as PST for Pacific standard time. If you are identifying the time zone by referring to Greenwich mean time, enter UTC (universal coordinated time). You then must enter a negative or positive number as an offset to indicate the number of time zones between the switch and Greenwich, England. Enter a negative number if the switch is west of Greenwich, England, and east of the international date line. For example, California is eight time zones west of Greenwich, so you would enter -8. Enter a positive number if the switch is east of Greenwich. You can also enter negative and positive numbers for minutes.
Configuring Daylight Saving Time
You can configure the switch to change to daylight saving time on a particular day every year, on a day that you enter, or not at all.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the Network Time Protocol
In complex networks, it is often prudent to distribute time information from a central server. The Network Time Protocol (NTP) can distribute time information by responding to requests from clients or by broadcasting time information.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Configuring the Switch as an NTP Client
You configure the switch as an NTP client by entering the IP addresses of up to ten NTP servers and specifying which server should be used first. You can also enter an authentication key to be used as a password when requests for time information are sent to the server.
Enabling NTP Authentication
To ensure the validity of information received from NTP servers, you can authenticate NTP messages with public-key encryption. This procedure must be coordinated with the administrator of the NTP servers: the information you enter will be matched by the servers to authenticate it.
Configuring the Switch for NTP Broadcast-Client Mode
You can configure the switch to receive NTP broadcast messages if there is an NTP broadcast server, such as a router, broadcasting time information on the network. You can also enter a value to account for any round-trip delay between the client and the NTP broadcast server.
Configuring SNMP
If your switch is part of a cluster, the clustering software can change Simple Network Management Protocol (SNMP) parameters (such as host names) when the cluster is created. If you are configuring a cluster for SNMP, see the "SNMP Community Strings" section.
Disabling and Enabling SNMP
SNMP is enabled by default and must be enabled for Cluster Management features to work properly.
SNMP is always enabled for Catalyst 1900 and Catalyst 2820 switches.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Entering Community Strings
Community strings serve as passwords for SNMP messages, permitting access to the agent on the switch. If you are entering community strings for a cluster member, see the "SNMP Community Strings" section. You can enter community strings with the following characteristics:
Read-only (RO)—Requests accompanied by the string can display MIB-object information.
Read-write (RW)—Requests accompanied by the string can display MIB-object information and set MIB objects.
For CLI procedures, refer to the Cisco IOS Release 12.0 documentation on Cisco.com for additional information and CLI procedures.
Adding Trap Managers
A trap manager is a management station that receives and processes traps. When you configure a trap manager, the community strings for each member switch must be unique. If a member switch has an assigned IP address, the management station accesses the switch by using that IP address.
By default, no trap manager is defined, and no traps are issued. Table 6-2 describes the Catalyst 2900 XL and Catalyst 3500 XL switch traps. You can enable any or all of these traps and configure a trap manager on these switches to receive them.
Catalyst 1900 and Catalyst 2820 switches support up to four trap managers. When you configure community strings for these switches, limit the string length to 32 characters. When configuring traps on these switches, you cannot configure individual trap managers to receive specific traps.
Table 6-3 describes the Catalyst 1900 and Catalyst 2820 switch traps. You can enable any or all of these traps, but these traps are received by all configured trap managers.
Beginning in privileged EXEC mode, follow these steps to add a trap manager and a community string:
Configuring CDP
Use the Cisco IOS CLI and Cisco Discovery Protocol (CDP) to enable CDP for the switch, set global CDP parameters, and display information about neighboring Cisco devices.
CDP enables the Cluster Management Suite to display a graphical view of the network. For example, the switch uses CDP to find cluster candidates and to maintain information about cluster members and other devices up to three cluster-enabled devices away from the command switch.
If necessary, you can configure CDP to discover switches running the Cluster Management Suite up to seven devices away from the command switch. Devices that do not run clustering software display as edge devices, and CDP cannot discover any device connected to them.
Note
Configuring CDP for Extended Discovery
You can change the default configuration of CDP on the command switch to continue discovering devices up to seven hops away. Figure 6-4 shows a command switch that can discover candidates and cluster members up to seven devices away from it. Figure 6-4 also shows the command switch connected to a Catalyst 5000 series switch. Although the Catalyst 5000 supports CDP, it does not support clustering, and the command switch cannot learn about connected candidate switches connected to it, even if they are running CMS.
Figure 6-4 Discovering Cluster Candidates through CDP
Beginning in privileged EXEC mode, follow these steps to configure the number of hops that CDP uses to discover candidate switches and cluster members.
Configuring STP
Spanning Tree Protocol (STP) provides path redundancy while preventing undesirable loops in the network. Only one active path can exist between any two stations. STP calculates the best loop-free path throughout the network.
Supported STP Instances
You create an STP instance when you assign an interface to a VLAN. The STP instance is removed when the last interface is moved to another VLAN. You can configure switch and port parameters before an STP instance is created. These parameters are applied when the STP instance is created. You can change all VLANs on a switch by using the stp-list parameter when you enter STP commands through the CLI. For more information, refer to the Catalyst 2900 Series XL and Catalyst 3500 Series XL Command Reference.
All Catalyst 3500 XL switches and most Catalyst 2900 XL switches support 250 VLANs. The Catalyst 2912 XL, Catalyst 2924 XL, and Catalyst 2924C XL support only 64 VLANs. For more information about VLANs, see "Configuring VLANs."
Each VLAN is a separate STP instance. If you have already used up all available STP instances on a switch, adding another VLAN anywhere in the VLAN Trunk Protocol (VTP) domain creates a VLAN that is not running STP on that switch. For example, if 250 VLANs are defined in the VTP domain, you can enable STP on those 250 VLANs. The remaining VLANs must operate with STP disabled.
You can disable STP on one of the VLANs where it is running, and then enable it on the VLAN where you want it to run. Use the no spanning-tree vlan vlan-id global configuration command to disable STP on a specific VLAN, and use the spanning-tree vlan vlan-id global configuration command to enable STP on the desired VLAN.
Caution
Note
Using STP to Support Redundant Connectivity
You can create a redundant backbone with STP by connecting two of the switch ports to another device or to two different devices. STP automatically disables one port but enables it if the other port is lost. If one link is high-speed and the other low-speed, the low-speed link is originally disabled. If the two link speeds are the same, the port priority and the port ID are added together, and STP disables the link with the lowest value.
You can also create redundant links between switches by using EtherChannel port groups. For more information about creating port groups, see the "Creating EtherChannel Port Groups" section.
Disabling STP
STP is enabled by default. Disable STP only if you are sure there are no loops in the network topology.
Caution
Beginning in privileged EXEC mode, follow these steps to disable STP:
Accelerating Aging to Retain Connectivity
The default for aging dynamic addresses is 5 minutes. However, a reconfiguration of the spanning tree can cause many station locations to change. Because these stations could be unreachable for 5 minutes or more during a reconfiguration, the address-aging time is accelerated so that station addresses can be dropped from the address table and then relearned. The accelerated aging is the same as the forward-delay parameter value when STP reconfigures.
Because each VLAN is a separate instance of STP, the switch accelerates aging on a per-VLAN basis. A reconfiguration of STP on one VLAN can cause the dynamic addresses learned on that VLAN to be subject to accelerated aging. Dynamic addresses on other VLANs can be unaffected and remain subject to the aging interval entered for the switch.
Configuring STP and UplinkFast in a Cascaded Cluster
STP uses default values that can be reduced when configuring Catalyst 2900 XL and Catalyst 3500 XL switches in cascaded configurations. If an STP root switch is part of a cluster that is one switch from a cascaded stack, you can customize STP to reconverge more quickly after a switch failure. Figure 6-5 shows modular Catalyst 2900 XL and Catalyst 3500 XL switches in three cascaded clusters that use the GigaStack GBIC. Table 6-4 shows the default STP settings and those that are acceptable for these configurations.
Figure 6-5 Gigabit Ethernet Clusters
Enabling UplinkFast on all cluster switches can further reduce the time it takes cluster switches to begin forwarding after a new root switch is selected.
Configuring Redundant Links By Using STP UplinkFast
Switches in hierarchical networks can be grouped into backbone switches, distribution switches, and access switches. Figure 6-6 shows a complex network where distribution switches and access switches each have at least one redundant link that STP blocks to prevent loops.
If a switch looses connectivity, the switch begins using the alternate paths as soon as STP selects a new root port. When STP reconfigures the new root port, other ports flood the network with multicast packets, one for each address that was learned on the port. You can limit these bursts of multicast traffic by reducing the max-update-rate parameter. The default for this parameter is 150 packets per second. However, if you enter zero, station-learning frames are not generated, so the STP topology converges more slowly after a loss of connectivity.
STP UplinkFast is a Cisco enhancement that accelerates the choice of a new root port when a link or switch fails or when STP reconfigures itself. The root port transitions to the forwarding state immediately without going through the listening and learning states, as it would with normal STP procedures. UplinkFast is most useful in edge or access switches and might not be appropriate for backbone devices.
Figure 6-6 Switches in a Hierarchical Network
Enabling STP UplinkFast
When you enable UplinkFast, it is enabled for the entire switch and cannot be enabled for individual VLANs.
Beginning in privileged EXEC mode, follow these steps to configure UplinkFast:
When UplinkFast is enabled, the bridge priority of all VLANs is set to 49152, and the path cost of all ports and VLAN trunks is increased by 3000. This change reduces the chance that the switch will become the root switch. When UplinkFast is disabled, the bridge priorities of all VLANs and path costs of all ports are set to default values.
Configuring Cross-Stack UplinkFast
Cross-stack UplinkFast (CSUF) provides a fast spanning-tree transition (fast convergence in less than 2 seconds under normal network conditions) across a stack of switches that use the GigaStack GBICs connected in a shared cascaded configuration (multidrop backbone). During the fast transition, an alternate redundant link on the stack of switches is placed into the forwarding state without causing temporary spanning-tree loops or loss of connectivity to the backbone. With this feature, you can have a redundant and resilient network in some configurations.
CSUF might not provide a fast transition all the time; in these cases, the normal STP transition occurs, which completes in 30 to 40 seconds. For more information, see the "Events that Cause Fast Convergence" section.
How CSUF Works
CSUF ensures that one link in the stack is elected as the path to the root. As shown in Figure 6-7, Switches A, B, and C are cascaded through the Gigastack GBIC to form a multidrop backbone, which communicates control and data traffic across the switches at the access layer. The switches in the stack use their stack ports to communicate with each other and to connect to the stack backbone; stack ports are always in the STP forwarding state. The stack root port on Switch A provides the path to the root of the spanning tree; the alternate stack root ports on Switches B and C can provide an alternate path to the spanning-tree root if the current stack root switch fails or its link to the spanning-tree root fails.
Link A, the root link, is in the STP forwarding state; Links B and C are alternate redundant links that are in the STP blocking state. If Switch A fails, if its stack root port fails, or if Link A fails, CSUF selects either the Switch B or Switch C alternate stack root port and puts it into the forwarding state in less than 1 second.
Figure 6-7 Cross-Stack UplinkFast Topology
CSUF implements the Stack Membership Discovery Protocol and the Fast Uplink Transition Protocol. Using the Stack Membership Discovery Protocol, all stack switches build a neighbor list of stack members through the receipt of discovery hello packets. When certain link loss or STP events occur (described in the "Events that Cause Fast Convergence" section), the Fast Uplink Transition Protocol uses the neighbor list to send fast-transition requests on the stack port to stack members.
The switch sending the fast-transition request needs to do a fast transition to the forwarding state of a port that it has chosen as the root port, and it must obtain an acknowledgement from each stack switch before performing the fast transition.
Each switch in the stack determines if the sending switch is a better choice than itself to be the stack root of this STP instance by comparing STP root, cost, and bridge ID. If the sending switch is the best choice as the stack root, the switch in the stack returns an acknowledgement; otherwise, it does not respond to the sending switch (drops the packet) and prevents the sending switch from receiving acknowledgements from all stack switches.
When acknowledgements are received from all stack switches, the Fast Uplink Transition Protocol on the sending switch immediately transitions its alternate stack root port to the forwarding state. If acknowledgements from all stack switches are not obtained by the sending switch, the normal STP transitions (blocking, listening, learning, forwarding) take place, and the spanning-tree topology converges at its normal rate (2 * forward-delay time + max-age time).
The Fast Uplink Transition Protocol is implemented on a per-VLAN basis and affects only one STP instance at a time.
Events that Cause Fast Convergence
Depending on the network event or failure, fast convergence provided by CSUF might or might not occur.
Fast convergence (within 2 seconds under normal network conditions) occurs under these circumstances:
•
If two switches in the stack have alternate paths to the root, only one of the switches performs the fast transition.
•
•
•
Note
Normal STP convergence (30 to 40 seconds) occurs under these conditions:
•
•
•
•
•
Note
Limitations
The following limitations apply to CSUF:
•
•
•
•
Connecting the Stack Ports
A fast transition occurs across the stack of switches if the multidrop backbone connections are a continuous link from one GigaStack GBIC to another as shown in Figure 6-8. In addition, follow these guidelines:
•
•
•
•
Figure 6-8 GigaStack GBIC Connections and STP Convergence
Configuring Cross-Stack UplinkFast
Before enabling CSUF, make sure your stack switches are properly connected. For more information, see the "Connecting the Stack Ports" section.
Beginning in privileged EXEC mode, follow these steps to enable CSUF:
To disable CSUF on an interface, use the no spanning-tree stack-port interface configuration command. To disable UplinkFast on the switch, use the no spanning-tree uplinkfast global configuration command.
Changing the STP Parameters for a VLAN
The root switch for each VLAN is the switch with the highest priority and transmits topology frames to other switches in the spanning tree. You can change the root parameters for the VLANs on a selected switch. The following options define how your switch responds when STP reconfigures itself.
Changing the STP Implementation
Beginning in privileged EXEC mode, follow these steps to change the STP implementation. The stp-list is the list of VLANs to which the STP command applies.
Changing the Switch Priority
Beginning in privileged EXEC mode, follow these steps to change the switch priority and affect which switch is the root switch. The stp-list is the list of VLANs to which the STP command applies.
Changing the BPDU Message Interval
Beginning in privileged EXEC mode, follow these steps to change the BPDU message interval (max age time). The stp-list is the list of VLANs to which the STP command applies.
Changing the Hello BPDU Interval
Beginning in privileged EXEC mode, follow these steps to change the hello BPDU interval
