Table Of Contents
Finding More Information About IOS Commands
Managing Configuration Conflicts
Features, Default Settings, and Descriptions
Configuring Standalone Switches
Enabling the Switch as a Command Switch
Creating EtherChannel Port Groups
Understanding EtherChannel Port Grouping
Port Group Restrictions on Static-Address Forwarding
CLI: Creating EtherChannel Port Groups
CLI: Enabling Switch Port Analyzer
CLI: Disabling Switch Port Analyzer
Blocking Flooded Traffic on a Port
CLI: Blocking Flooded Traffic on a Port
CLI: Resuming Normal Forwarding on a Port
Managing the System Date and Time
Setting the System Date and Time
Configuring Daylight Saving Time
Configuring the Network Time Protocol
Configuring the Switch as an NTP Client
Configuring the Switch for NTP Broadcast-Client Mode
Assigning IP Information to the Switch
CLI: Assigning IP Information to the Switch
Specifying a Domain Name and Configuring the DNS
Managing the MAC Address Tables
Changing the Address Aging Time
CLI: Configuring the Aging Time
CLI: Removing Dynamic Address Entries
CLI: Removing Secure Addresses
Adding and Removing Static Addresses
Configuring Static Addresses for EtherChannel Port Groups
CLI: Removing Static Addresses
Defining the Maximum Secure Address Count
Configuring the Cisco Discovery Protocol
CLI: Configuring CDP for Extended Discovery
Controlling IP Multicast Packets through CGMP
Enabling the Fast Leave Feature
CLI: Enabling the CGMP Fast Leave Feature
CLI: Disabling the CGMP Fast Leave Feature
Changing the CGMP Router Hold-Time
CLI: Changing the CGMP Router Hold-Time
CLI: Removing Multicast Groups
Configuring the Spanning Tree Protocol
Using STP to Support Redundant Connectivity
Accelerating Aging to Retain Connectivity
Configuring STP and UplinkFast in a Daisy-Chained Cluster
Configuring Redundant Links By Using STP UplinkFast
Changing STP Parameters for a VLAN
CLI: Changing the STP Implementation
CLI: Changing the Switch Priority
CLI: Changing the BPDU Message Interval
CLI: Changing the Hello BPDU Interval
CLI: Changing the Forwarding Delay Time
Enabling the Port Fast Feature
CLI: Changing the Port Priority
CLI: Configuring STP Root Guard
CLI: Configuring UniDirectional Link Detection
CLI: Configuring Private VLAN Edge Ports
CLI Procedures for Configuring TACACS+
CLI: Configuring the TACACS+ Server Host
CLI: Configuring Login Authentication
CLI: Specifying TACACS+ Authorization for EXEC Access and Network Services
CLI: Starting TACACS+ Accounting
CLI: Configuring a Switch for Local AAA
Preparing a Port for a Cisco 7960 IP Phone Connection
CLI: Configuring a Port to Connect to a Cisco 7960 IP Phone
CLI: Configuring Inline Power on a Catalyst 3524-PWR Switch
CLI: Overriding the CoS Priority of Incoming Frames
Managing Switches
This chapter describes how to use the device-management features of the Cluster Management Suite (CMS). The features described in this chapter can all be implemented through Visual Switch Manager (VSM), the web-based interface for managing standalone switches, or through Cluster Manager. If you need information on how to group your switches into a cluster, see "Creating and Managing Clusters."
This chapter describes two ways to configure switches:
•
By using CMS windows to monitor and configure switches and ports.
How-to procedures for using the windows are in the online help.
•
CLI procedures are included for many tasks in this chapter. There are some features that can only be implemented by using the CLI.
Finding More Information About IOS Commands
This guide describes only the use of IOS commands that have been created or changed for use with the 2900 and 3500 XL switches. These commands are further described in the Cisco IOS Desktop Switching Command Reference (online only).
For information on other IOS Release 12.0 commands, refer to the IOS documentation set available from the CCO home page by selecting Service and Support>Technical Documents>Documentation Home Page>Cisco IOS Software Configuration>Cisco IOS Release 12.0.
Managing Configuration Conflicts
Certain combinations of port features conflict with one another. For example, if you define a port as the network port for a VLAN, all unknown unicast and multicast traffic is flooded to the port. You could not enable port security on the network port because a secure port limits the traffic allowed on it. In Table 4-1, no means that the two referenced features are incompatible.
If you try to enable incompatible features by using CMS, CMS issues a warning message and prevents you from making the change. Redisplay the web page to refresh a CMS window.
Table 4-1 Conflicting Features
ATM Port
-
No
No
No
No
No
Yes
No
Port Group
No
-
No
No
Yes
Yes2
Yes
Yes
Port Security
No
No
-
No
No
No
Yes
Yes
SPAN Port
No3
No
No
-
No
No
Yes
Yes
Multi-VLAN Port
No
Yes
No
No
-
Yes
Yes
Yes
Network Port
No
Yes (source-based only)
No
No
Yes
-
No4
Yes
Connect to Cluster
Yes
Yes
Yes
Yes
Yes
No
-
Yes
Private VLAN edge
No
Yes
Yes
Yes5
Yes
No
Yes
-
1 Catalyst 2900 XL switches only.
2 Cannot be in a destination-based port group.
3 An ATM port cannot be a monitor port but can be monitored.
4 Cannot connect cluster members to the command switch.
5 SPAN can operate only if the monitor port or the port being monitored is not a private VLAN edge port.
Features, Default Settings, and Descriptions
You can configure the software features of this release by using any of the available interfaces. Table 4-2 lists the most important features, their defaults, and where they are described in this guide.
Table 4-2 Default Settings and Where To Change Them
Creating clusters
None
Cluster Builder
Removing cluster members
None
Cluster Builder
Upgrading cluster software
Enabled
Cluster Manager: System>Software Upgrade
Displaying graphs
Enabled
Cluster Manager and Cluster Builder
-
Configuring SNMP community strings and trap managers
None
Cluster Manager: System>SNMP Management
-
Configuring a port
None
Cluster Manager
"Monitoring and Configuring Ports" section
Switch IP address, subnet mask, and default gateway
0.0.0.0
Cluster Manager: System>IP Management
Management VLAN
VLAN 1
Cluster Manager: Cluster>Management VLAN
Domain name
None
Cluster Manager: System>IP Management
Documentation set for Cisco IOS Release 12.0 on CCO
Cisco Discovery Protocol (CDP)
Enabled
-
Documentation set for Cisco IOS Release 12.0 on CCO
Address Resolution Protocol (ARP)
Enabled
Cluster Manager: System>ARP Table
Documentation set for Cisco IOS Release 12.0 on CCO
System Time Management
None
Cluster Manager: Cluster>System Time Management
Documentation set for Cisco IOS Release 12.0 on CCO
Static address assignment
None assigned
Cluster Manager: Security>Address Management
Dynamic address management
Enabled
Cluster Manager: Security>Address Management
"Managing the MAC Address Tables" section and "Changing the Address Aging Time" section
"CLI: Configuring the Aging Time" section
Voice configuration
"CLI: Configuring a Port to Connect to a Cisco 7960 IP Phone" section
"CLI: Configuring Inline Power on a Catalyst 3524-PWR Switch" section
"CLI: Overriding the CoS Priority of Incoming Frames" section
VLAN membership
Static-
access ports in VLAN 1Cluster Manager: VLAN>VLAN Membership
"Displaying VLAN Membership" section
"Assigning Static-Access Ports to a VLAN" section
"CLI: Assigning Static-Access Ports to a VLAN" section
VMPS Configuration
-
Cluster Manager: Cluster>VMPS Configuration
"CLI: Entering the IP Address of the VMPS" section
"CLI: Configuring Dynamic Ports on VMPS Clients" section
"CLI: Reconfirming VLAN Memberships" section
VTP Management
VTP server mode
Cluster Manager: VLAN>VTP Management
Autonegotiation of duplex mode and port speeds
Enabled
Cluster Manager: Port>Port Configuration
Gigabit Ethernet flow control
Any
Cluster Manager: Port>Port Configuration
"CLI: Configuring Flow Control on Gigabit Ethernet Ports" section
Storm control
Disabled
Cluster Manager: Port>Flooding Control
Flooding unknown unicast and multicast packets
Enabled
Cluster Manager: Port>Flooding Control
Cisco Group Management Protocol (CGMP)
Enabled
Cluster Manager: Device>Cisco Group Management Protocol
"CLI: Enabling the CGMP Fast Leave Feature" section
"CLI: Changing the CGMP Router Hold-Time" section
Network Port
Disabled
-
Hot Standby Router Protocol
Disabled
"CLI: Creating a Standby Group" section
"CLI: Adding Member Switches to a Standby Group" section
Spanning Tree Protocol
Enabled
Cluster Manager: Device>Spanning Tree Protocol
"CLI: Changing the Path Cost" section
"CLI: Changing the Port Priority" section
"CLI: Enabling STP Port Fast" section
Unidirectional link detection
-
Port grouping
None assigned
Cluster Manager: Port>Port Grouping (EC)
SPAN port monitoring
Disabled
Cluster Manager: Port>Switch Port Analyzer (SPAN)
Console, buffer, and file logging
Disabled
-
Documentation set for Cisco IOS Release 12.0 on CCO
Remote monitoring (RMON)
Disabled
-
Documentation set for Cisco IOS Release 12.0 on CCO
Password
None
Addressing security
Disabled
Cluster Manager: Security>Address Management
Trap manager
0.0.0.0
Cluster Manager: System>SNMP Management
"CLI: Adding a Trap Manager" section
Community strings
public
Cluster Manager: System>SNMP Configuration
Documentation set for Cisco IOS Release 12.0 on CCO
Port security
Disabled
Cluster Manager: Security>Port Security
TACACS+
Disabled
Private VLAN edge
Disabled
-
Configuring Standalone Switches
Visual Switch Manager (VSM) is one of the CMS interfaces for managing individual switch features. If you are configuring a standalone switch, you can access VSM directly by entering the switch IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer). Click Cluster Management Suite or Visual Switch Manager on the Cisco Systems Access Page, and the switch senses that the IP address refers to a standalone switch and displays the VSM home page.
Note
A browser plug-in is required to access the HTML interface. See the "Installing the Required Plug-In" section for more information.
Figure 4-1 VSM Home Page
Enabling the Switch as a Command Switch
Before you can create a cluster, one switch must be assigned an IP address and enabled as the command switch. See the "Command Switch Requirements" section to ensure that the switch meets all the requirements.
To enable a command switch, select Cluster>Cluster Command Configuration from the menu bar, and select Enable on the Cluster Configuration window. You can use up to 28 characters to name your cluster. After you have enabled the command switch, select Cluster>Cluster Builder to begin building your cluster. To build your cluster by using the CLI, see the "CLI: Creating a Cluster" section.
Figure 4-2 Enable Command Switch
Changing the Password
If you change the enable secret password, your connection with the switch breaks, and the browser prompts you for the new password. You can only change a password by using the CLI. If you have forgotten your password, see the "Recovering from a Lost or Forgotten Password" section.
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Creating EtherChannel Port Groups
Use the Port Group (EtherChannel) window (Figure 4-4) to create Fast EtherChannel and Gigabit EtherChannel port groups. These port groups act as single logical ports for high-bandwidth connections between switches or between switches and servers.
Note
To display this window, select Port>Port Grouping (EtherChannel) from the menu bar.
For the restrictions that apply to port groups, see the "Managing Configuration Conflicts" section.
Understanding EtherChannel Port Grouping
This software release supports two different types of port groups: source-based forwarding port groups and destination-based forwarding port groups.
Source-based forwarding port groups distribute packets forwarded to the group based on the source address of incoming packets. You can configure up to eight ports in a source-based forwarding port group. Source-based forwarding is enabled by default.
Destination-based port groups distribute packets forwarded to the group based on the destination address of incoming packets. You can configure an unlimited number of ports in a destination-based port group.
You can create up to 12 port groups of all source-based, all destination-based, or a combination of source- and destination-based ports. All ports in the group must be of the same type; for example, they must be all source based or all destination based. You can independently configure port groups that link switches, but you must consistently configure both ends of a port group.
In Figure 4-3, a port group of two workstations communicates with a router. Because the router is a single-MAC address device, source-based forwarding ensures that the switch uses all available bandwidth to the router. The router is configured for destination-based forwarding because the large number of stations ensures that the traffic is evenly distributed through the port-group ports on the router.
Figure 4-3 Source-Based Forwarding
The switch treats the port group as a single logical port; therefore, when you create a port group, the switch uses the configuration of the first port for all ports added to the group. If you add a port and change the forwarding method, it changes the forwarding for all ports in the group. After the group is created, changing STP or VLAN membership parameters for one port in the group automatically changes the parameters for all ports. Each port group has one port that carries all unknown multicast, broadcast, and STP packets.
Figure 4-4 Port Grouping (EtherChannel)
Figure 4-5 Port Group Configuration
Port Group Restrictions on Static-Address Forwarding
The following restrictions apply to entering static addresses that are forwarded to port groups:
•
•
CLI: Creating EtherChannel Port Groups
Beginning in privileged EXEC mode, follow these steps to create a two-port group:
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Enabling Switch Port Analyzer
You can monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. Use the Switch Port Analyzer (SPAN) window (Figure 4-6) to enable port monitoring on a port, and use the Modify the Ports Being Monitored window (Figure 4-7) to select the ports to be monitored. A SPAN port cannot monitor ports in a different VLAN, and a SPAN port must be a static-access port. Any number of ports can be defined as SPAN ports, and any combination of ports can be monitored.
To display this window, select Port>Switch Port Analyzer from the menu bar.
For the restrictions that apply to SPAN ports, see the "Managing Configuration Conflicts" section.
Figure 4-6 Switch Port Analyzer (SPAN)
Figure 4-7 Modify the Ports Being Monitored
CLI: Enabling Switch Port Analyzer
Beginning in privileged EXEC mode, follow these steps to enable switch port analyzer:
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
CLI: Disabling Switch Port Analyzer
Beginning in privileged EXEC mode, follow these steps to disable switch port analyzer:
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Configuring Flooding Controls
Use the Flooding Controls window (Figure 4-8) to block the forwarding of unnecessary flooded traffic. You can use three flooding techniques:
•
•
•
To display this window, select Port>Flooding Controls from the menu bar.
Enabling Storm Control
A packet storm occurs when a large number of broadcast, unicast, or multicast packets are received on a port. Forwarding these packets can cause the network to slow down or to time out. Storm control is configured for the switch as a whole but operates on a per-port basis. By default, storm control is disabled.
Storm control uses high and low thresholds to block and then restore the forwarding of broadcast, unicast, or multicast packets. You can also set the switch to shut down the port when the rising threshold is reached.
The rising threshold is the number of packets that a switch port can receive before forwarding is blocked. The falling threshold is the number of packets below which the switch resumes normal forwarding. In general, the higher the threshold, the less effective the protection against broadcast storms. The maximum half-duplex transmission on a 100BaseT link is 148,000 packets per second, but you can enter a threshold of up to 4294967295 broadcast packets per second.
To configure storm control, right-click a switch chassis in Cluster Manager, and select Port>Flooding Controls. Select one of the Storm tabs (Figure 4-8), select a port, and click Modify. Set the parameters on the Flooding Controls Configuration pop-up (Figure 4-9).
Figure 4-8 Flooding Controls
Figure 4-9 Flooding Controls Configuration Pop-up
CLI: Enabling Storm Control
With the exception of the broadcast keyword, the following procedure could also be used to enable storm control for unicast or multicast packets.
Beginning in privileged EXEC mode, follow these steps to enable broadcast-storm control.
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
CLI: Disabling Storm Control
Beginning in privileged EXEC mode, follow these steps to disable broadcast-storm control.
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Blocking Flooded Traffic on a Port
By default, the switch floods packets with unknown destination MAC addresses to all ports. Some configurations do not require flooding. For example, a port that has only manually assigned addresses has no unknown destinations, and flooding serves no purpose. Therefore, you can disable the flooding of unicast and multicast packets on a per-port basis. Ordinarily, flooded traffic does not cross VLAN boundaries, but multi-VLAN ports flood traffic to all VLANs they belong to.
To block flooded traffic, select the Unknown MACs tab on the Flooding Control window to display the Flooding Controls Configuration pop-up (Figure 4-10).
Figure 4-10 Flooding Controls Configuration Pop-up
CLI: Blocking Flooded Traffic on a Port
Beginning in privileged EXEC mode, follow these steps to disable the flooding of multicast and unicast packets to a port:
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
CLI: Resuming Normal Forwarding on a Port
Beginning in privileged EXEC mode, follow these steps to resume normal forwarding on a port:
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Enabling a Network Port
Network ports are assigned per VLAN and can reduce flooded traffic on your network. The switch forwards all traffic with unknown destination addresses to the network port instead of flooding the traffic to all ports in the VLAN.
When you configure a port as the network port, the switch deletes all associated addresses from the address table and disables learning on the port. If you configure other ports in the VLAN as secure ports, the addresses on those ports are not aged. If you move a network port to a VLAN without a network port, it becomes the network port for the new VLAN.
You cannot change the settings for unicast and multicast flooding on a network port. You can assign only one network port per VLAN. For the restrictions that apply to a network port, see the "Managing Configuration Conflicts" section.
Caution
CLI: Enabling a Network Port
Beginning in privileged EXEC mode, follow these steps to define a network port:
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
CLI: Disabling a Network Port
Beginning in privileged EXEC mode, follow these steps to disable a network port:
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Managing the System Date and Time
Use the System Time Management window (Figure 4-11) to set the system time for a switch or enable an external source such as Network Time Protocol (NTP) to supply time to the switch.
You can use this window to set the switch time by using one of the following techniques:
•
•
•
To display this window, select Cluster>System Time Management from the menu bar.
Setting the System Date and Time
Enter the date and a 24-hour clock time setting on the System Time Management window. If you are entering the time for an American time zone, enter the three-letter abbreviation for the time zone in the Name of Time Zone field, such as PST for Pacific standard time. If you are identifying the time zone by referring to Greenwich mean time, enter UTC (universal coordinated time) in the Name of Time Zone field. You then must enter a negative or positive number as an offset to indicate the number of time zones between the switch and Greenwich, England. Enter a negative number if the switch is west of Greenwich, England, and east of the international date line. For example, California is eight time zones west of Greenwich, so you would enter -8 in the Hours Offset From UTC field. Enter a positive number if the switch is east of Greenwich. You can also enter negative and positive numbers for minutes.
You can also set the date and time by using the CLI. "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Figure 4-11 System Time Management
Configuring Daylight Saving Time
To configure daylight saving time, click the Set Daylight Saving Time tab (Figure 4-12). You can configure the switch to change to daylight saving time on a particular day every year, on a day that you enter, or not at all.
Figure 4-12 Set Daylight Savings Time Tab
Configuring the Network Time Protocol
In complex networks, it is often prudent to distribute time information from a central server. The NTP can distribute time information by responding to requests from clients or by broadcasting time information. You can use the Network Time Protocol window (Figure 4-13) to enable these options and to enter authentication information to accompany NTP client requests.
To display this window, click Network Time Protocol on the System Time Management window.
You can also configure NTP by using the CLI. "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Figure 4-13 Network Time Protocol
Configuring the Switch as an NTP Client
You configure the switch as an NTP client by entering the IP addresses of up to ten NTP servers in the IP Address field. Click Preferred Server to specify which server should be used first. You can also enter an authentication key to be used as a password when requests for time information are sent to the server.
Enabling NTP Authentication
To ensure the validity of information received from NTP servers, you can authenticate NTP messages with public-key encryption. This procedure must be coordinated with the administrator of the NTP servers: the information you enter on this window will be matched by the servers to authenticate it.
Click Help for more information about entering information in the Key Number, Key Value, and Encryption Type fields.
Configuring the Switch for NTP Broadcast-Client Mode
You can configure the switch to receive NTP broadcast messages if there is an NTP broadcast server, such as a router, broadcasting time information on the network. You can also enter a delay in the Estimated Round-Trip Delay field to account for round-trip delay between the client and the NTP broadcast server.
Configuring IP Information
Use the IP Management window (Figure 4-14) to change or enter IP information for the switch. Some of this information, such as the IP address was previously entered.
You can use this window to perform the following tasks:
•
•
•
To display this window, select System>IP Management from the menu bar.
Figure 4-14 IP Management - IP Configuration Tab
Assigning IP Information to the Switch
You can use a BOOTP server to automatically assign IP information to the switch; however, the BOOTP server must be set up in advance with a database of physical MAC addresses and corresponding IP addresses, subnet masks, and default gateway addresses. In addition, the switch must be able to access the BOOTP server through one of its ports. At startup a switch without an IP address requests the information from the BOOTP server; the requested information is saved in the switch running configuration file. To ensure that the IP information is saved when the switch is restarted, select System>Save Configuration from the menu bar. If you are using the CLI, save the configuration by entering the write memory command in privileged EXEC mode.
You can also manually assign an IP address, mask, and default gateway to the switch through the management console. This information is displayed in the IP Address, IP Mask, and Default Gateway fields of the IP Management window.
You can change the information in these fields. The mask identifies the bits that denote the network number in the IP address. When you use the mask to subnet a network, the mask is then referred to as a subnet mask. The broadcast address is reserved for sending messages to all hosts. The CPU sends traffic to an unknown IP address through the default gateway.
Caution
CLI: Assigning IP Information to the Switch
Beginning in privileged EXEC mode, follow these steps to enter the IP information:
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
CLI: Removing an IP Address
Use the following procedure to remove the IP information from a switch.
Note
Beginning in privileged EXEC mode, follow these steps to remove an IP address:
Caution
The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Specifying a Domain Name and Configuring the DNS
Each unique Internet Protocol (IP) address can have a host name associated with it. The IOS software maintains a cache of host name-to-address mappings for use by the EXEC mode connect, telnet, ping, and related Telnet support operations. This cache speeds the process of converting names to addresses.
IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, the File Transfer Protocol (FTP) system for example, is identified as ftp.cisco.com.
To keep track of domain names, IP has defined the concept of a domain name server (DNS), whose job is to hold a cache (or database) of names mapped to IP addresses. To map domain names to IP addresses, you must first identify the host names and then specify a name server and enable the DNS, the Internet's global naming scheme that uniquely identifies network devices.
Figure 4-15 DNS Configuration
Specifying the Domain Name
You can specify a default domain name that the software uses to complete domain name requests. You can specify either a single domain name or a list of domain names. When you specify a domain name, any IP host name without a domain name will have that domain name appended to it before being added to the host table.
To specify a domain name, enter the name into the Domain Name field of the IP Configuration tab of the IP Management window (Figure 4-15), and click OK. Do not include the initial period that separates an unqualified name (names without a dotted-decimal domain name) from the domain name.
You can also configure the DNS name by using the CLI. The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Specifying a Name Server
You can specify up to six hosts that can function as a name server to supply name information for the DNS. Enter the IP address into the New Server field, and click Add.
Enabling the DNS
If your network devices require connectivity with devices in networks for which you do not control name assignment, you can assign device names that uniquely identify your devices within the entire internetwork. The Internet's global naming scheme, the DNS, accomplishes this task. This service is enabled by default.
Configuring SNMP
Use the SNMP Management window (Figure 4-16) to configure your switch for SNMP management. If your switch is part of a cluster, the clustering software can change SNMP parameters (such as host names) when the cluster is created. If you are configuring a cluster for SNMP, see the "Configuring SNMP for a Cluster" section.
You can use this window to perform the following tasks:
•
•
•
•
•
To display this window, select System>SNMP Configuration from the menu bar.
Disabling and Enabling SNMP
SNMP is enabled by default and must be enabled for Cluster Management features to work properly. If you deselect Enable SNMP and click Apply, SNMP is disabled, and the SNMP parameters are disabled. For information on SNMP and Cluster Management, see "Managing Cluster Switches Through SNMP" section.
SNMP is always enabled for 1900 and 2820 switches.
Entering Community Strings
Community strings serve as passwords for SNMP messages to permit access to the agent on the switch. If you are entering community strings for a cluster member, see the "Configuring Community Strings for Cluster Switches" section. You can enter community strings with the following characteristics:
Read-only (RO)
Requests accompanied by the string can display MIB-object information.
Read-write (RW)
Requests accompanied by the string can display MIB-object information and set MIB objects.
Use the Community Strings tab (Figure 4-17) to add and remove community strings. You can also use the CLI to configure SNMP community strings. The "Finding More Information About IOS Commands" section contains the path to the complete IOS documentation.
Figure 4-16 SNMP Management - System Options
Figure 4-
