-
Catalyst 6500 Series Software Configuration Guide, 7.6
-
Preface
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet Switching
-
Configuring Ethernet VLAN Trunks
-
Configuring EtherChannel
-
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
-
Configuring Spanning Tree
-
Configuring Spanning Tree PortFast, UplinkFast, BackboneFast, and Loop Guard
-
Configuring VTP
-
Configuring VLANs
-
Configuring InterVLAN Routing
-
Configuring CEF for PFC2
-
Configuring MLS
-
Configuring NDE
-
Configuring Access Control
-
Configuring GVRP
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Status and Connectivity
-
Administering the Switch
-
Configuring Switch Access Using AAA
-
Configuring Redundancy
-
Modifying the Switch Boot Configuration
-
Working with the Flash File System
-
Working with System Software Images
-
Working with Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring UDLD
-
Configuring NTP
-
Configuring Broadcast Suppression
-
Configuring Layer 3 Protocol Filtering
-
Configuring the IP Permit List
-
Configuring Port Security
-
Configuring 802.1x Authentication
-
Configuring Unicast Flood Blocking
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN and RSPAN
-
Using Switch TopN Reports
-
Configuring Multicast Services
-
Configuring QoS
-
Configuring Automatic QoS
-
Configuring ASLB
-
Configuring the Switch Fabric Module
-
Configuring a VoIP Network
-
Acronyms
-
Table Of Contents
Checking Status and Connectivity
Checking the 10-Gigabit Ethernet Link Status
Checking Cable Status Using the Time Domain Reflectometer
Using Secure Shell Encryption for Telnet Sessions
Layer 2 Traceroute Usage Guidelines
Understanding How IP Traceroute Works
Using System Warnings on Port Counters
Executing System Warnings on Port Counters
Executing Hardware Level Warnings on Port Counters
Executing Spanning Tree Warnings on Port Counters
Blocking to Listening Transitions
Checking Status and Connectivity
This chapter describes how to check switch port status and connectivity on the Catalyst 6500 series switches.
Note
For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Command Reference publication.
This chapter consists of these sections:
•
•
•
•
•
Checking Module Status
Catalyst 6500 series switches are multimodule systems. You can see what modules are installed, as well as the MAC address ranges and version numbers for each module, using the show module [mod] command. Specify a particular module number to see detailed information on that module.
This example shows how to check module status. The output shows that there is one supervisor engine and four additional modules installed in the chassis.
Console> (enable) show moduleMod Slot Ports Module-Type Model Status--- ---- ----- ------------------------- ------------------- --------1 1 2 1000BaseX Supervisor WS-X6K-SUP1-2GE ok2 2 24 100BaseFX MM Ethernet WS-X6224-100FX-MT ok3 3 8 1000BaseX Ethernet WS-X6408-GBIC ok4 4 48 10/100BaseTX (Telco) WS-X6248-TEL ok5 5 48 10/100BaseTX (RJ-45) WS-X6248-RJ-45 okMod Module-Name Serial-Num--- ------------------- -----------1 SAD030405462 SAD031100203 SAD030701944 SAD031407875 SAD03181291Mod MAC-Address(es) Hw Fw Sw--- -------------------------------------- ------ ---------- -----------------1 00-50-f0-a8-26-b2 to 00-50-f0-a8-26-b3 1.4 5.1(1) 5.2(1)CSX00-50-f0-a8-26-b0 to 00-50-f0-a8-26-b100-50-3e-8d-64-00 to 00-50-3e-8d-67-ff2 00-50-54-6c-e9-a8 to 00-50-54-6c-e9-bf 1.3 4.2(0.24)V 5.2(1)CSX3 00-50-54-6c-93-6c to 00-50-54-6c-93-73 1.4 4.2(0.24)V 5.2(1)CSX4 00-50-54-bf-59-64 to 00-50-54-bf-59-93 0.103 4.2(0.24)V 5.2(1)CSX5 00-50-f0-ac-30-54 to 00-50-f0-ac-30-83 1.0 4.2(0.24)V 5.2(1)CSXMod Sub-Type Sub-Model Sub-Serial Sub-Hw--- ----------------------- ------------------- ----------- ------1 L2 Switching Engine I WS-F6020 SAD03040312 1.0Console> (enable)This example shows how to check module status on a specific module:
Console> (enable) show module 4Mod Slot Ports Module-Type Model Status--- ---- ----- ------------------------- ------------------- --------4 4 48 10/100BaseTX (Telco) WS-X6248-TEL okMod Module-Name Serial-Num--- ------------------- -----------4 SAD03140787Mod MAC-Address(es) Hw Fw Sw--- -------------------------------------- ------ ---------- -----------------4 00-50-54-bf-59-64 to 00-50-54-bf-59-93 0.103 4.2(0.24)V 5.2(1)CSXConsole> (enable)Checking Port Status
You can see summary or detailed information on the switch ports using the show port [mod[/port]] command. To see summary information on all of the ports on the switch, enter the show port command with no arguments. Specify a particular module number to see information on the ports on that module only. Enter both the module number and the port number to see detailed information about the specified port.
To apply configuration commands to a particular port, you must specify the appropriate logical module. For more information, see the "Checking Module Status" section.
This example shows how to see information on the ports on a specific module only:
Console> (enable) show port 1Port Name Status Vlan Duplex Speed Type----- ------------------ ---------- ---------- ------ ----- ------------1/1 connected 1 full 1000 1000BaseSX1/2 notconnect 1 full 1000 1000BaseSXPort Security Secure-Src-Addr Last-Src-Addr Shutdown Trap IfIndex----- -------- ----------------- ----------------- -------- -------- -------1/1 disabled No disabled 31/2 disabled No disabled 4Port Broadcast-Limit Broadcast-Drop-------- --------------- --------------------1/1 - 01/2 - 0Port Send FlowControl Receive FlowControl RxPause TxPauseadmin oper admin oper----- -------- -------- -------- -------- ---------- ----------1/1 desired off off off 0 01/2 desired off off off 0 0Port Status Channel Admin Ch Neighbor NeighborMode Group Id Device Port----- ---------- --------- ----- ----- ----------------------------------- -----1/1 connected auto 65 01/2 notconnect auto 65 0Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize----- ---------- ---------- ---------- ---------- ---------1/1 0 0 0 0 01/2 0 0 0 0 0Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants----- ---------- ---------- ---------- ---------- --------- --------- ---------1/1 0 0 0 0 0 0 01/2 0 0 0 0 0 0 0Last-Time-Cleared--------------------------Tue Jun 8 1999, 10:01:35Console> (enable)This example shows how to see information on an individual port:
Console> (enable) show port 1/1Port Name Status Vlan Duplex Speed Type----- ------------------ ---------- ---------- ------ ----- ------------1/1 connected 1 full 1000 1000BaseSXPort Security Secure-Src-Addr Last-Src-Addr Shutdown Trap IfIndex----- -------- ----------------- ----------------- -------- -------- -------1/1 disabled No disabled 3Port Broadcast-Limit Broadcast-Drop-------- --------------- --------------------1/1 - 0Port Send FlowControl Receive FlowControl RxPause TxPauseadmin oper admin oper----- -------- -------- -------- -------- ---------- ----------1/1 desired off off off 0 0Port Status Channel Admin Ch Neighbor NeighborMode Group Id Device Port----- ---------- --------- ----- ----- ----------------------------------- -----1/1 connected auto 65 0Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize----- ---------- ---------- ---------- ---------- ---------1/1 0 0 0 0 0Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants----- ---------- ---------- ---------- ---------- --------- --------- ---------1/1 0 0 0 0 0 0 0Last-Time-Cleared--------------------------Tue Jun 8 1999, 10:01:35Console> (enable)Checking the Port MAC Address
In addition to displaying the MAC address range for a module using the show module command, you can display the MAC address of a specific port in the switch using the show port mac-address [mod[/port]] command.
This example shows you how to display the MAC address of a specific port:
Console> show port mac-address 4/1Port Mac address----- ----------------------4/1 00-50-54-bf-59-64This example shows you how to display the MAC addresses of all ports on a module:
Console> show port mac-address 4Port Mac address----- ----------------------4/1 00-50-54-bf-59-644/2 00-50-54-bf-59-654/3 00-50-54-bf-59-664/4 00-50-54-bf-59-67...4/47 00-50-54-bf-59-924/48 00-50-54-bf-59-93Checking Port Capabilities
You can display the capabilities of any port in a switch using the show port capabilities [[mod][/port]] command.
This example shows you how to display the port capabilities for switch ports:
Console> (enable) show port capabilities 1/1Model WS-X6K-SUP1A-2GEPort 1/1Type No ConnectorSpeed 1000Duplex fullTrunk encap type 802.1Q,ISLTrunk mode on,off,desirable,auto,nonegotiateChannel yesBroadcast suppression percentage(0-100)Flow control receive-(off,on,desired),send-(off,on,desired)Security yesMembership static,dynamicFast start yesQOS scheduling rx-(1p1q4t),tx-(1p2q2t)CoS rewrite yesToS rewrite DSCPUDLD yesInline power noAuxiliaryVlan noSPAN source,destinationCOPS port group 1/1-2Console> (enable)Checking the 10-Gigabit Ethernet Link Status
Cable diagnostics allow you to activate the pseudorandom binary sequence (PRBS) test on 10-Gigabit Ethernet links.
Note
To run the PRBS test properly between two devices, you must start it on both ends of the cable. If the cable is looped back, a single end can generate the test sequence (on the Tx), verify the test sequence, and count the errors (at the Rx).
Before the PRBS test starts, the port is automatically put in errdisable state. The errdisable timeout is disabled for the port so that the port is not automatically reenabled after the timeout interval concludes. The errdisable timeout is automatically reenabled on the port after the PRBS test finishes.
When the PRBS test is running, the system does not permit you to enter the set port enable and set port disable commands.
The PRBS error counter measures the reliability of the cable. The error counter range is from 0-255. A value of 0 signifies a perfect link connection; a value of 255 signifies that the port is faulty, not connected, or that there is no communication through the link. If the counter does not remain at 0 for a predetermined length of time, the link is faulty. For example, for a baud error rate (BER) of 10^-12, the counter should remain at 0 for 100 seconds.
Each time that you access the PRBS counter by entering the show port prbs command, the PRBS error counter value is reset to 0, and the counter begins to accumulate errors again.
Note
To start or stop the PRBS test, perform this task in privileged mode:
Step 1
Start or stop the PRBS test.
test cable-diagnostics prbs {start | stop} mod/port
Step 2
Show the PRBS test counter information.
show port prbs
This example shows how to start the PRBS test on port 1 on module 5:
Console> (enable) test cable-diagnostics prbs start 5/1PRBS cable-diagnostic test started on port 5/1.Console> (enable)This example shows how to stop the PRBS test on port 1 on module 5:
Console> (enable) test cable-diagnostics prbs stop 5/1PRBS cable-diagnostic test stopped on port 5/1.Console> (enable)This example shows the message that displays when the PRBS test is not supported on a module:
Console> (enable) test cable-diagnostics prbs start 6/1Feature not supported on module 6.Console> (enable)This example shows how to display PRBS counter values and the ports that are running the PRBS test:
Console> (enable) show port prbsMax error counters = 255Port PRBS state PRBS error counters---- ----------------------------------6/1 start 307/1 stop -Console> (enable)Checking Cable Status Using the Time Domain Reflectometer
You can check the status of copper cables using the time domain reflectometer (TDR) on the 48-port 10/100/1000 BASE-T modules for the Catalyst 6500 series switch (WS-X6148-GE-TX and WS-X6548-GE-TX). The TDR detects a cable fault by sending a signal through the cable and reading the signal that is reflected back to it. All or part of the signal can be reflected back by any number of cable defects or by the end of the cable itself.
Use TDR to determine if the cabling is at fault if you cannot establish a link. This is especially important when replacing an existing switch, upgrading to Gigabit Ethernet, or installing new cable plants.
To start or stop the TDR test, perform this task in privileged mode:
Step 1
Start the TDR test.
test cable-diagnostics tdr mod/port
Step 2
Show the TDR test counter information.
show port tdr mod/port
This example shows how to start the TDR test on port 1 on module 2:
Console> (enable) test cable-diagnostics tdr 2/1TDR test started on port 2/1. Use show port tdr <m/p> to see the resultsConsole> (enable)This example shows how to display TDR test results for a port:
Console> (enable) show port tdr 2/1TDR test last run on Mon, March 10 2003 at 1:35:00 pmPort Speed Local pair Pair length Remote pair Pair status----- ------ ----------- ------------------- ------------ ------------2/1 1000 Pair A 12 +/- 3 meters Pair A TerminatedPair B 12 +/- 3 meters Pair B TerminatedPair C 12 +/- 3 meters Pair C TerminatedPair D 12 +/- 3 meters Pair D Terminated
Using Telnet
You can access the switch command-line interface (CLI) using Telnet. In addition, you can use Telnet from the switch to access other devices in the network. Up to eight simultaneous Telnet sessions are possible.
To Telnet to another device on the network from the switch, perform this task in privileged mode:
This example shows how to Telnet from the switch to a remote host:
Console> (enable) telnet labsparcTrying 172.16.10.3...Connected to labsparc.Escape character is '^]'.UNIX(r) System V Release 4.0 (labsparc)login:Using Secure Shell Encryption for Telnet Sessions
Note
Secure Shell encryption provides security for Telnet sessions to the switch. Secure Shell encryption is supported for remote logins to the switch only. Telnet sessions that are initiated from the switch cannot be encrypted. To use this feature, you must install the application on the client accessing the switch, and you must configure Secure Shell encryption on the switch.
The current implementation of Secure Shell encryption supports SSH version 1 and the DES and 3DES encryption methods. Secure shell encryption can be used with RADIUS and TACACS+ authentication. To configure authentication with Secure Shell encryption, use the telnet keyword in the set authentication commands.
Note
To enable Secure Shell encryption on the switch, perform this task in privileged mode:
This example shows how to create the RSA host key:
Console> (enable) set crypto key rsa 1024Generating RSA keys.... [OK]Console> (enable)The nbits value specifies the RSA key size. The valid key size range is from 512-2048 bits. A key size with a larger number provides higher security but takes longer to generate.
You can enter the optional force keyword to regenerate the keys and suppress the warning prompt of overwriting existing keys.
Monitoring User Sessions
You can display the currently active user sessions on the switch using the show users command. The command output displays all active console port and Telnet sessions on the switch.
To display the active user sessions on the switch, perform this task in privileged mode:
This example shows the output of the show users command when local authentication is enabled for console and Telnet sessions (the asterisk [*] indicates the current session):
Console> (enable) show usersSession User Location-------- ---------------- -------------------------consoletelnet sam-pc.bigcorp.com* telnet jake-mac.bigcorp.comConsole> (enable)This example shows the output of the show users command when TACACS+ authentication is enabled for console and Telnet sessions:
Console> (enable) show usersSession User Location-------- ---------------- -------------------------console samtelnet jake jake-mac.bigcorp.comtelnet tim tim-nt.bigcorp.com* telnet suzy suzy-pc.bigcorp.comConsole> (enable)This example shows how to display information about user sessions using the noalias keyword to display the IP addresses of connected hosts:
Console> (enable) show users noaliasSession User Location-------- ---------------- -------------------------consoletelnet 10.10.10.12* telnet 10.10.20.46Console> (enable)To disconnect an active user session, perform this task in privileged mode:
This example shows how to disconnect an active console port session and an active Telnet session:
Console> (enable) show usersSession User Location-------- ---------------- -------------------------console samtelnet jake jake-mac.bigcorp.comtelnet tim tim-nt.bigcorp.com* telnet suzy suzy-pc.bigcorp.comConsole> (enable) disconnect consoleConsole session disconnected.Console> (enable) disconnect tim-nt.bigcorp.comTelnet session from tim-nt.bigcorp.com disconnected. (1)Console> (enable) show usersSession User Location-------- ---------------- -------------------------telnet jake jake-mac.bigcorp.com* telnet suzy suzy-pc.bigcorp.comConsole> (enable)Using Ping
These sections describe how to use IP ping:
Understanding How Ping Works
You can use IP ping to test connectivity to remote hosts. If you attempt to ping a host in a different IP subnetwork, you must define a static route to the network or configure a router to route between those subnets.
The ping command is configurable from normal EXEC mode and privileged EXEC mode. In normal EXEC mode, the ping command supports the -s parameter, which allows you to specify the packet size and packet count. In privileged EXEC mode, the ping command lets you specify the packet size, packet count, and the wait time.
Table 19-1 shows the default values that apply to the ping-s command.
Table 19-1 Ping Default Values
Number of Packets
5
0=continuous ping
Packet Size
56
56
Wait Time
2
2
Source Address
Host IP Address
N/A
To stop a ping in progress, press Ctrl-C.
Ping returns one of the following responses:
•
•
•
•
•
Executing Ping
To ping another device on the network from the switch, perform one of these tasks in normal or privileged mode:
Ping a remote host.
ping host
Ping a remote host using ping options.
ping -s host [packet_size] [packet_count]
This example shows how to ping a remote host from normal EXEC mode:
Console> ping labsparclabsparc is aliveConsole> ping 72.16.10.312.16.10.3 is aliveConsole>This example shows how to ping a remote host using the ping -s option:
Console> ping -s 12.20.5.3 800 10PING 12.20.2.3: 800 data bytes808 bytes from 12.20.2.3: icmp_seq=0. time=2 ms808 bytes from 12.20.2.3: icmp_seq=1. time=3 ms808 bytes from 12.20.2.3: icmp_seq=2. time=2 ms808 bytes from 12.20.2.3: icmp_seq=3. time=2 ms808 bytes from 12.20.2.3: icmp_seq=4. time=2 ms808 bytes from 12.20.2.3: icmp_seq=5. time=2 ms808 bytes from 12.20.2.3: icmp_seq=6. time=2 ms808 bytes from 12.20.2.3: icmp_seq=7. time=2 ms808 bytes from 12.20.2.3: icmp_seq=8. time=2 ms808 bytes from 12.20.2.3: icmp_seq=9. time=3 ms----17.20.2.3 PING Statistics----10 packets transmitted, 10 packets received, 0% packet lossround-trip (ms) min/avg/max = 2/2/3Console>This example shows how to enter a ping command in privileged mode specifying the number of packets, the packet size, and the timeout period:
Console> (enable) pingTarget IP Address []: 12.20.5.19Number of Packets [5]: 10Datagram Size [56]: 100Timeout in seconds [2]: 10Source IP Address [12.20.2.18]: 12.20.2.18!!!!!!!!!!----12.20.2.19 PING Statistics----10 packets transmitted, 10 packets received, 0% packet lossround-trip (ms) min/avg/max = 1/1/1Console> (enable)Using Layer 2 Traceroute
The Layer 2 Traceroute utility allows you to identify the physical path that a packet will take when going from a source to a destination. The Layer 2 Traceroute utility determines the path by looking at the forwarding engine tables of the switches in the path.
Information is displayed about all Catalyst 6500 series switches that are in the path from the source to the destination.
These sections describe how to use Layer 2 Traceroute:
•
Layer 2 Traceroute Usage Guidelines
Follow these guidelines for using the Layer 2 Traceroute utility:
•
•
•
•
•
•
•
•
Identifying a Layer 2 Path
To identify a Layer 2 path, perform one of these tasks in privileged mode:
This example shows the source and destination MAC addresses specified, with no VLAN specified, and the detail option specified. For each Catalyst 5000 and 6500 series switch found in the path, the output shows the device type, device name, device IP address, in port name, in port speed, in port duplex mode, out port name, out port speed, and out port duplex mode.
Console> (enable) l2trace 00-01-22-33-44-55 10-22-33-44-55-66 detaill2trace vlan number is 10.00-01-22-33-44-55 found in C5500 named wiring-1 on port 4/1 10Mb half duplexC5500:wiring-1:192.168.242.10:4/1 10Mb half duplex -> 5/2 100MB full duplexC5000:backup-wiring-1:192.168.242.20:1/1 100Mb full duplex -> 3/1 100MB full duplexC5000:backup-core-1:192.168.242.30:4/1 100 MB full duplex -> 1/1 100MB full duplexC6000:core-1:192.168.242.40:1/1 100MB full duplex -> 2/1 10MB half duplex.10-22-33-44-55-66 found in C6000 named core-1 on port 2/1 10MB half duplex.Using IP Traceroute
The IP Traceroute utility allows you to identify the path that packets take through the network at Layer 3 on a hop-by-hop basis. The command output displays all network layer (Layer 3) devices, such as routers, that the traffic passes through on the way to the destination.
These sections describe how to use IP Traceroute:
•
Understanding How IP Traceroute Works
The traceroute command uses the Time To Live (TTL) field in the IP header to cause routers and servers to generate specific return messages. Traceroute starts by sending a User Datagram Protocol (UDP) datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an Internet Control Message Protocol (ICMP) time-exceeded message to the sender. The traceroute facility determines the address of the first hop by examining the source address field of the ICMP time-exceeded message.
To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the time-exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host (or until the maximum TTL is reached).
To determine when a datagram reaches its destination, traceroute sets the UDP destination port in the datagram to a very large value which the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP port unreachable error to the source. This message indicates to the traceroute facility that it has reached the destination.
Switches can participate as the source or destination of the traceroute command but will not appear as a hop in the traceroute command output.
Executing IP Traceroute
To trace the path that packets take through the network, perform this task in privileged mode:
This example shows how to use the traceroute command:
Console> (enable) traceroute 10.1.1.100traceroute to 10.1.1.100 (10.1.1.100), 30 hops max, 40 byte packets1 10.1.1.1 (10.1.1.1) 1 ms 2 ms 1 ms2 10.1.1.100 (10.1.1.100) 2 ms 2 ms 2 msConsole> (enable)This example shows how to perform a traceroute with six queries to each hop with packets of 1400 bytes each:
Console> (enable) traceroute -q 6 10.1.1.100 1400traceroute to 10.1.1.100 (10.1.1.100), 30 hops max, 1440 byte packets1 10.1.1.1 (10.1.1.1) 2 ms 2 ms 2 ms 1 ms 2 ms 2 ms2 10.1.1.100 (10.1.1.100) 2 ms 4 ms 3 ms 3 ms 3 ms 3 msConsole> (enable)Using System Warnings on Port Counters
You can monitor and troubleshoot the Catalyst 6500 series switches by polling selected error counters on all ports and logging the system error messages. Messages are logged for the system, hardware, and spanning tree ports for these conditions:
•
•
•
•
•
•
Hardware error information is logged to provide information for debug port counters at 30-minute intervals. Messages are logged if the counter values increase.
Spanning tree error information is provided for the following:
•
•
These sections describe how to use the system warning feature on the Catalyst 6500 series switches:
•
•
•
Executing System Warnings on Port Counters
These sections describe how to execute the system warnings on port counters:
Backplane Traffic
You can configure backplane threshold detection by using a high threshold as a percentage. When backplane traffic goes over the specified threshold, compared with the previous traffic poll, a syslog message is generated. However, if you specify a 100-percent threshold (the default), no syslog message is generated.
For switches with three switching buses, you can configure a threshold and syslog throttling (to control the syslog event polling and message generation) for each switching bus instead of configuring the average traffic of all three buses. The throttle interval is 5 minutes.
This example shows how to set a threshold:
Console> (enable) set traffic monitor helpUsage: set traffic monitor <threshold>(threshold = 0..100 in percentage)Console> (enable) set traffic monitor 60Traffic monitoring threshold set to 60%.Console> (enable) show trafficThreshold: 60%Backplane-Traffic Peak Peak-Time----------------- ---- -------------------------0% 0% Tue Apr 16 2002, 08:01:53Fab Chan Input Output-------- ----- ------0 0% 0%1 0% 0%2 0% 0%3 0% 0%4 0% 0%5 0% 0%6 0% 0%7 0% 0%8 0% 0%9 0% 0%10 0% 0%11 0% 0%12 0% 0%13 0% 0%14 0% 0%15 0% 0%16 0% 0%17 0% 0%Console> (enable)Some sample syslog messages are as follows:
2000 Jan 11 06:00:27 PST -07:00 %SYS-4-SYS_HITRFC: 62% traffic detected on switching bus (A)2000 Feb 21 12:00:27 PST -07:00 %SYS-4-SYS_HITRFC: 65% traffic detected on switching busLow Remaining Memory
When memory allocation of clusters and buffers on the Catalyst 6500 series switch goes above a high watermark of 90 percent, syslog messages are generated. These actions generate syslog messages:
•
•
•
A sample syslog message is as follows:
1999 Sep 9 00:00:00 PDT -07:00 %SYS-3-SYS_MEMLOW: Memory cluster usage exceeded 90%1999 Sep 9 00:00:00 PDT -07:00 %SYS-3-SYS_MEMLOW: Mbuf usage exceeded 90%1999 Sep 9 00:00:00 PDT -07:00 %SYS-3-SYS_MEMLOW: Malloc usage exceeded 90%Detected Memory Corruption
By default, memory corruption that is detected by the Memory Management Module (MMU) is disabled. This example shows how to enable memory corruption detection:
Note
Console> (enable) set errordetection memoryUsage: set errordetection memory <enable|disable>Console> (enable) set errordetection memory enableMemory error detection enabled.Console> (enable) show errordetectionMemory: enabledInband: disabledA sample syslog message is as follows:
1999 Nov 23 16:32:21 PDT -07:00 %SYS-3-SYS_MEMERR: Out of range while freeing address 0xabcdefabNVRAM Logs
Syslog errors are generated for each configuration-related NVRAM log event. These events may indicate configuration or hardware errors or NVRAM configurations that are made without notification of users.The hardware errors NVRAM log is not syslogged. The NVRAM log time stamp is not included in the message.
A sample syslog message is as follows:
1999 Nov 23 16:37:21 PDT -07:00 %SYS-4-SYS_NVLOG: convert_post_SAC_CiscoMIB:Block 63 converted from version 0 to 11999 Nov 23 16:37:25 PDT -07:00 %SYS-4-SYS_NVLOG: StartupConfig:Auto config startedInband Errors
Inband syslog messages are generated when transmit or receive errors are detected. By default, inband syslog messages are disabled. This example shows how to enable inband error detection:
Note
Console> (enable) set errordetection inbandUsage: set errordetection inband <enable|disable>Conosle> (enable) set errordetection inband enableInband errordetection enabled.When resource errors on the receive side reach a multiple of 500, this syslog error is generated:
2000 Jun 24 06:37:25 PDT -07:00 %SYS-3-INBAND_NORESOURCE: inband resource error warning (500)2000 Jun 24 08:12:03 PDT -07:00 %SYS-3-INBAND_NORESOURCE: inband resource error warning (1000)For each spurious interrupt, a message similar to the following is logged:
1999 Dec 25 18:22:08 PDT -07:00 %SYS-3-INBAND_SPRINTR: inband spurious interrupt occurred (2)For each inband port transmit and receive failure, a message similar to the following is logged:
Note
1999 Dec 25 18:22:08 PDT -07:00 %SYS-3-INBAND_TXRXFAIL: inband driver stuck/reset (2)UDP Errors
When you enter the show netstat udp command, each socket overflow generates a message similar to the following:
1999 Oct 31 23:59:59 PDT -07:00 %IP-3-UDP_SOCKOVFL: UDP socket overflowWhen you enter the show netstat udp/tcp command, each bad UDP/TCP checksum generates a message similar to the following:
1999 Oct 31 23:59:59 PDT -07:00 %IP-3-UDP_BADCKSUM: UDP bad checksum1999 Oct 31 23:59:59 PDT -07:00 %IP-3-TCP_BADCKSUM: TCP bad checksumExecuting Hardware Level Warnings on Port Counters
You can poll selected error counters of each switch port every 30 minutes. If the count goes up between two subsequent polls on the same port, the incidence is logged. Background polling is enabled or disabled by the set errordetection portcounters command. By default, polling is disabled.
Note
Enter the set errordetection portcounters command as follows:Console> (enable) set errordetection portcountersUsage: set errordetection portcounters <enable|disable>Console> (enable) set errordetection portcounters disablePort Counters error detection disabled.A sample syslog message is as follows:1999 Jan 11 08:02:59 PDT -07:00 %SYS-3-PORT_ERR: Port 3/4 swBusResultEvent (12)1999 Jan 11 09:03:03 PDT -07:00 %SYS-3-PORT_ERR: Port 3/4 swBusResultEvent (223)1999 Jan 11 09:03:03 PDT -07:00 %SYS-4-PORT_WARN: Port 3/4 dmaTxFull (7) dmaRetry (33) dmaLevel2Request(21)Executing Spanning Tree Warnings on Port Counters
These sections describe how to execute spanning tree warnings on the port counters:
•
•
Blocking to Listening Transitions
A syslog message is generated whenever a port goes from blocking to listening. Spanning-tree state changes have existing syslog messages.
A sample syslog messages is as follows:
1999 Jan 03 00:02:59 PDT -07:00 %SPANTREE-5-PORTLISTEN: Port 3/4 state in vlan 1 changed to listening1999 Jan 03 00:02:59 PDT -07:00 %SPANTREE-5-TR_PORTLISTEN: Trcrf 101 in trbrf 102 state changed to listeningBPDU Skewing
A syslog message is generated when the interval between two consecutive BPDUs that are received on a port exceeds the hello time interval by 10 seconds. The throttle interval is one message per port, per minute for all VLAN numbers.
A sample syslog messages is as follows:
1999 Jan 01 00:01:19 PDT -07:00 %SPANTREE-3-BPDUSKEW: Port 2/1 vlan 1 BPDU skewed1999 Jan 01 00:05:19 PDT -07:00 %SPANTREE-3-BPDUSKEW: Port 2/5 vlan 1 BPDU skewed1999 Jan 01 00:05:23 PDT -07:00 %SPANTREE-3-BPDUSKEW: Port 2/5 vlan 3 BPDU skewedSNMP
A matching SNMP trap generation for each of the syslog warnings using the existing clogMessageGenerated trap is sent every time that any syslog message is generated.
