Verifying STP Parameters
You can display the STP configuration for a specific VLAN, switching module, or port.
To verify the STP configuration information for a TrBRF or TrCRF, issue the following command:
- show spantree vlan_num
After entering the show spantree command, you will see a display similar to the following:
Console> (enable)
show spantree 1003
Designated Root 00-00-00-00-00-00
Designated Root Priority 0
Root Max Age 0 sec Hello Time 0 sec Forward Delay 0 sec
Bridge ID MAC ADDR 00-00-00-00-00-00
Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Port Vlan Port-State Cost Priority Fast-Start Group-Method
--------- ---- ------------- ----- -------- ---------- ------------
3/1 1003 inactive 250 32 disabled
3/2 1003 inactive 250 32 disabled
3/3 1003 inactive 250 32 disabled
3/4 1003 inactive 250 32 disabled
3/5 1003 inactive 250 32 disabled
3/6 1003 inactive 250 32 disabled
3/7 1003 inactive 250 32 disabled
3/8 1003 inactive 250 32 disabled
3/9 1003 inactive 250 32 disabled
3/10 1003 inactive 250 32 disabled
3/11 1003 inactive 250 32 disabled
3/12 1003 inactive 250 32 disabled
3/13 1003 inactive 250 32 disabled
3/14 1003 inactive 250 32 disabled
3/15 1003 inactive 250 32 disabled
3/16 1003 inactive 250 32 disabled
* = portstate set by user configuration.
Table 8 describes the information returned by the show spantree command.
Table 9 Show spantree Command Field Descriptions
| Field
|
Description
|
VLAN
|
VLAN for which spanning-tree information is shown.
|
Spanning tree
|
Indicates whether STP is enabled or disabled.
|
Spanning tree type
|
STP running on the TrCRF.
|
Designated Root
|
MAC address of the designated spanning-tree root bridge.
|
Designated Root Priority
|
Priority of the designated root bridge.
|
Designated Root Cost
|
Total path cost to reach the root.
|
Designated Root Port
|
Port through which the root bridge can be reached (shown only on non-root bridges).
|
Root Max Age
|
Amount of time a BPDU1 packet should be considered valid.
|
Hello Time
|
Indicates how often the root-bridge sends BPDUs (in seconds).
|
Forward Delay
|
Indicates how much time the port spends in listening or learning mode (in seconds).
|
Bridge ID MAC ADDR
|
Bridge MAC address.
|
Bridge ID Priority
|
Bridge priority.
|
Bridge Max Age
|
Bridge maximum age (in seconds).
|
Hello Time
|
Indicates how often the bridge sends BPDUs (in seconds).
|
Forward Delay
|
Indicates how much time the bridge spends in listening or learning mode (in seconds).
|
Port
|
Port number.
|
Vlan
|
VLAN to which the port belongs.
|
Port-State
|
Indicates spanning tree port state (disabled, inactive, not-connected, blocking, listening, learning [this state does not apply to the IBM STP], forwarding, bridging).
|
Cost
|
Cost associated with the port.
|
Priority
|
Priority associated with the port.
|
Fast-Start
|
Indicates whether the port is configured to use the fast-start feature.
|
Configuring Soft Error Monitoring
The Catalyst 5000 series Token Ring module software Release 3.3(1) and later performs error detection and isolation by monitoring the Report Soft Error MAC frames generated by stations on each port. Soft errors occur during normal ring operation and do not typically disrupt traffic on the ring. However, soft errors can occur at a rate that could potentially degrade the performance of the ring.
Using the set station softerror command, you can enable or disable soft error monitoring on a Token Ring port and you can configure soft error thresholds and sampling intervals for a port. During the interval you define, the Catalyst 5000 series Token Ring module monitors the stations on the port and, if the threshold is exceeded, can be configured to generate a trap indicating the port number and station on which the threshold was exceeded. If necessary, you can issue a Remove Ring Station MAC frame to remove the station from the ring.
Enabling or Disabling Soft Error Monitoring on a Port
To enable or disable soft error monitoring on a Token Ring port, issue the following command in privileged mode:
- set station softerror mod_num | mod_num/port_num disable | enable
Note To enable soft error monitoring on all the ports of the Token Ring module, issue the
set station softerror command and specify the module number of the Token Ring module.
After enabling soft error monitoring on a port using the set station softerror command, you see a display similar to the following:
Console> (enable) set station softerror 3/10 enable
Port 3/10 soft error monitoring enabled.
Configuring Soft Error Monitoring Error Thresholds and Sampling Intervals
To configure a soft error monitoring error threshold (the number of soft errors reported from a station connected to a port that if exceeded causes a soft error exceeded trap to be issued) and to define a sampling interval (the period, in seconds, during which the number of soft errors is monitored for each station connected to this port) issue the following command while in privileged mode:
- set station softerror mod_num[/port_num] threshold threshold_num interval int_num
The possible values for the error threshold are 1 to 255. The default is 100. The possible values for the sampling interval are 0 to 65534. The default is 60. Setting the interval to zero disables the soft error exceeded traps. Without these traps, soft errors can still be monitored via the console.
Note To set the error threshold and sampling interval for all the ports of the Token Ring module,
issue the set station softerror command and specify the module number of the Token Ring module.
After configuring the error threshold and sampling interval using the set station softerror command, you will see a display similar to the following:
Console> (enable) set station softerror 3/10 threshold 100 interval 200
Port 3/10 station soft error threshold set to 100, interval set to 200
Verifying the Soft Error Monitoring Configuration
To verify your soft error monitoring configuration on a port, issue the following command while in privilege mode:
- show station softerror config mod_num[/port_num]
Note To view the soft error monitoring configuration for all the ports of the Token Ring module,
issue the show station softerror config command and specify the module number of the Token Ring
module.
After entering the show station softerror config command to verify the configuration on a port, you will see a display similar to the following:
Console> (enable)
show station softerror config 3/10
Ports Threshold Interval Status
----- --------- -------- --------
Removing an Adapter from the Network
If a station is exceeding soft error thresholds, you can issue a Remove Ring Station MAC frame to remove the station from the ring. When issuing the clear station command, enter the MAC address in non-canonical format (00:11:22:33:44:55).
- clear station mod_num/port_num mac_addr
Issuing the
clear station command and specifying the MAC address or ID of a station issues a Remove Station MAC frame to that station and removes the station from the ring. Use this procedure with extreme caution.
Monitoring Network Traffic
To aid in network management, the Catalyst 5000 series Token Ring module allows you to configure a SPAN port for monitoring port traffic. This SPAN support allows you to perform active monitoring on any single Token Ring source port. Active port monitoring allows you to copy the traffic being switched by a source port to a destination port. Only the LLC traffic that is being switched by the source port is monitored when you configure active port monitoring. The MAC frames are not monitored.
For the Catalyst 5000 series Token Ring module SPAN feature to function reliably in Token Ring software releases
prior to Release 3.3(1), the SPAN port and the port being monitored must be located on the same Token Ring module and the final destination for traffic received by the source port should be a port on the same Token Ring module.
When configuring SPAN for a single Token Ring source port keep in mind the following:
- If the SPAN destination port is a Token Ring port, then the source port must be a Token Ring port.
- Any interaction between two endstations on a shared segment that is attached to a switch port configured as a SPAN source port will not be monitored at the destination SPAN port.
- For proper operation, the Token Ring module SPAN feature requires that the supervisor engine module be running software Release 4.5(1) and later.
Configuring SPAN
To configure a SPAN port, issue the following command in privileged mode, specifying the source port, the destination port, and the direction of traffic that you want to monitor that is being switched on the source port.
- set span {_mod/src_port} {dest_mod/dest_port} [rx | tx | both] [inpkts {enable | disable}]
[multicast {enable | disable}] [create]
If you are running a supervisor engine module software release prior to Release 4.5(1), configure only a single source port to be monitored. In supervisor engine module software Release 4.5(1) and later, a single source port is the standard Token Ring SPAN configuration.
For the Catalyst 5000 series Token Ring module SPAN feature to function reliably in Token Ring software releases
prior to Release 3.3(1), the SPAN port and the port being monitored must be located on the same Token Ring module and the final destination for traffic received by the source port should be a port on the same Token Ring module.
After entering the set span command and specifying a source port and destination port, you see a display similar to the following:
Console> (enable) set span 3/2 3/6 tx
Enabled monitoring of Port 3/2 transmit traffic by Port 3/6
Enabling and Disabling SPAN
After configuring a SPAN port, ensure that SPAN is enabled on the switch. If SPAN is not enabled on the switch, you can enable it using the set span command.
To enable SPAN, issue the following command while in privileged mode:
- set span enable
To disable SPAN, issue the following command while in privileged mode:
- set span disable
Verifying the SPAN Configuration
To verify the SPAN configuration, issue the following command:
- show span
After entering the show span command, you see a display similar to the following:
Console> (enable)
show span
Incoming Packets: disabled
Table 10 describes the information returned by the show span command.
Table 10 Show span Command Field Descriptions
| Field
|
Description
|
Destination
|
Destination port to which the source port traffic is being copied.
|
Admin Source
|
Source port whose traffic is being monitored.
|
Oper Source
|
Source port or the ports within a TrCRF whose traffic is being monitored.
|
Direction
|
Indicates whether transmit, receive, or transmit/receive information is being monitored.
|
Incoming Packets
|
Status of whether reception of normal incoming packets on the SPAN destination port is enabled or disabled.
|
Multicast
|
Status of whether monitoring multicast traffic is enabled or disabled.
|
Configuring Filters
For network security, you can isolate parts of your network by limiting the scope and access of your users. To limit access, you can do the following:
- Create a filter that blocks all data to a port except that which is explicitly allowed.
- Define a filter that explicitly allows data from the select group of users (based on MAC address) to be sent to that port using MAC filters.
There are two types of filters that you can configure for the Catalyst 5000 series Token Ring module: protocol filters and MAC address filters. MAC address filters, based on MAC address (source address or destination address), can be configured for only input ports. Protocol (Destination Service Access Point [DSAP]/Subnetwork Access Protocol [SNAP]), filters can be configured for both input and output ports. You can configure up to 16 MAC address or DSAP/SNAP filters for each port on the Token Ring module.
To filter data based on MAC address, you specify an address and indicate whether you want to block or allow frames that contain the address as a source or destination address. To filter data based on protocol, specify either a DSAP or SNAP and specify whether to permit or deny frames with that protocol.
Adding a MAC Address Filter
When configuring a MAC address filter, you can enter the MAC address in canonical or non-canonical format. You can also configure a MAC address filter as both a source or a destination for a specified port. Frames received that contain the MAC address specified as a source or destination address are dropped or passed, depending on whether you have specified for the filter to permit or deny the frames.
To add a filter based on MAC addresses, issue the following command in privileged mode:
- set port filter mod_num/port_num mac_addr {permit | deny | permit_ | permit_dst |
deny_src | deny_dst | deny_src_learn}
After entering the set port filter command, you see a display similar to the following:
Console> (enable) set port filter 3/2 00:40:0b:01:bc:65 permit
Port 3/2 filter Mac Address 00:40:0b:01:bc:65 set to permit.
Note You can define up to 16 MAC address filters per port to be filtered at the port of entry into the
Catalyst 5000 series Token Ring module. MAC addresses can be unicast, multicast (group), or
broadcast.
Adding a Protocol Filter
For a list of possible Ethertypes that you can specify, see the "Ethertypes" section. You can specify up to 16 DSAPs (in hexadecimal format) separated by spaces. For a list of possible service access points (SAPs), refer to the "Service Access Points" section.
To add a filter based on protocols, issue the following command in privileged mode:
- set port filter mod_num/port_num protocol_type {permit | deny}
After entering the set port filter command, you see a display similar to the following:
Console> (enable) set port filter 3/2 ip permit
Port 3/2 filter Protocol ip set to permit.
Note You can define up to 16 protocol filters (eight SAP and eight DSAP classes) per port to be
filtered at the port of entry into the Catalyst 5000 series Token Ring module.
Clearing Filters
Using the clear port filter command, you can clear MAC address or protocol filters that have been configured on a specific port. You can also use the clear port filter command to clear all the filters configured for each of the ports on the Token Ring module.
To clear a MAC address filter, protocol filter, or all configured filters, issue the following command in privileged mode:
- clear port filter [mod_num/port_num] [mac_addr | protocol_type | all]
After entering the clear port filter command to clear a specific MAC address filter on a port, you see a display similar to the following:
Console> (enable) clear port filter 3/2 00:40:0b:01:bc:65
Port 3/2 filter Mac Address 00:40:0b:01:bc:65 cleared.
After entering the clear port filter command to clear all configured filters, you see a display similar to the following:
Console> (enable) clear port filter all
All filter MAC addresses and Protocols cleared
Verifying Filters
To verify the filters you have configured for the Token Ring module or for a specific port on the module, use the show port filter command.
To verify the filters configured on port 1 of module 3, issue the following command:
- show port filter 3/1
For MAC address filters, after entering the show port filter command, you see a display similar to the following:
Console> (enable) show port filter 3/1
----- ----------------- ------
3/1 00:11:22:33:44:55 deny
For protocol filters, after entering the show port filter command, you see a display similar to the following:
Console> (enable) show port filter 3/1
----- ----------------- ------
3/1 00:11:22:33:44:55 deny
----- ----------------- ------
Table 10 describes the information returned by the show port filter command issued with a module and port number specified.
Table 11 Show port filter Command Field Descriptions
| Field
|
Description
|
Port
|
Module and port number.
|
MAC-Addr
|
MAC address contained in packets to be filtered.
|
Type
|
Type of MAC address filter configured.
|
Protocol
|
Types of protocols that you want to filter.
|
Type
|
Type of protocol filter configured. Possible types are deny (block any packet containing a specific protocol type) or permit (allow any packet containing a specific protocol type.)
|
Managing the Catalyst 5000 Series Token Ring Module
Use the following show commands to complete the listed tasks:
| Task
|
Command
|
View module configuration and status.
|
show module [mod_num]
|
View port configuration and status.
|
show port [mod_num[/port_num]
|
View Token Ring configuration
|
show tokenring
|
View MAC counters.
|
show mac [mod_num[/port_num]]
|
View RIF information.
|
show rif
|
View port filters.
|
show port filter [mod_num[/port_num]
|
Display the error log for the system or module.
|
show log [mod_num]
|
View VLANs.
|
show vlan [vlan]
|
View STPs for a VLAN.
|
show spantree vlan
|
Display the error log for the system or module.
|
show log [mod_num]
|
Display MAC counters.
|
show mac
|
Display the results of diagnostic tests.
|
show test [mod_num]
|
Display the current state of a logical port.
|
show spantree portstate trcrf
|
View statistics and status information associated with each station on the ring.
|
show station controltable [mod_num[/port_num]
|
Display a list of the order of stations on the monitored rings.
|
show station ordertable [mod_num[/port_num]
|
View the soft error monitoring configuration on a port.
|
show station softerror config mod_num[/port_num]
|
Display soft error statistics for a station on a port.
|
show station softerror counters mod_num/port_num mac_address
|
Updating Software
As enhancements are made to the Catalyst 5000 series Token Ring module, you may need to update the software or microcode that is contained in the Catalyst 5000 series Token Ring module.
This section includes procedures for updating the software on the Catalyst 5000 series switch. New software to implement enhancements and maintenance releases will be provided periodically.
Perform the following steps to download software from a console using TFTP:
Step 1 Make sure the workstation acting as the download server has the TFTP daemon.
Step 2 On Sun workstations, make sure the /etc/inetd.conf file contains the following line:
tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -p -s /tftpboot
Make sure the /etc/services file contains the following line:
Note You must restart the inetd daemon after modifying the /etc/inetd.conf and /etc/services files.
To restart the daemon, either kill the inetd process and restart it, or issue a fastboot command (on
the SunOS 4.x) or a reboot command (on Solaris 2.x or SunOS 5.x). Refer to your workstation
manual for use of TFTP daemons.
Step 3 Copy the new software from the floppy disks to the home directory specified for the TFTP daemon on the workstation (usually /tftpboot). If this directory does not exist, create it before continuing. The file you copy is epsmain.dot1_0_xxx.bin, where xxx is the software revision number.
Step 4 Log in to the Catalyst 5000 through the administrative interface or through a Telnet session.
Step 5 Use the download command. Specify the IP address or host name of the workstation acting as the download server. Also specify the file to download and the number of the Token Ring module. The following is the command syntax:
download host filename [module num]
In the following example, the file is downloaded to module 3:
Console> (enable)
download 190.180.122.40 filename.bin 3
Note If no module number is specified, the module to which the file is to be downloaded
is automatically determined.
Step 6 When the following prompt appears, press y:
Download image filename from IP address to Module 3? (y/n) [n]?
y
Note The Token Ring module will be automatically reset after the image has been
downloaded.
Step 7 Use the show version command to check the file you have just downloaded. If the version number is the correct number for the new software, the download was successful. If the version number is not the correct number, the download failed, and you must repeat the download procedure. Refer to the troubleshooting procedures below if the download failed.
Troubleshooting the TFTP Download Procedure
Follow the steps below for troubleshooting a failed serial download procedure:
Step 1 Make certain that the Catalyst 5000 has a route to the TFTP server, and use the
ping command to test this connectivity.
Step 2 Make certain that the software image to be downloaded is in the correct directory.
Step 3 On the Catalyst 5000 series switch, make sure VTP V2 is enabled and at least one Token Ring port is active.
The network portion of the Catalyst 5000 IP address must be the same as the network portion of the TFTP server address. If the network download procedure fails because the power was interrupted during the download procedure, or for some other reason, the Flash code can become corrupted and the boot> prompt appears on the administration port. In that case, you can use the network download procedure to download the Flash code again through an enabled port in VLAN 1. By default, only port 1/1 is enabled. You can use port 1/1 or enable another port.
Understanding Token Ring Switching
This section contains the following information:
Switches versus Bridges and Routers
Because the number of stations that can be connected to any single ring is limited, large Token Ring LANs are divided into smaller rings. Furthermore, because stations must contend for the token with other stations on the same ring, attaching fewer stations to a ring gives each one a greater number of opportunities to transmit and receive information. This results in a larger number of rings, or segments.
The traditional method of connecting multiple Token Ring segments is to use a source-routing bridge. For example, bridges are often used to link workgroup rings to the backbone ring. However, the introduction of the bridge can significantly reduce performance at the user's workstation. Further problems may be introduced by aggregate traffic loading on the backbone ring.
To maintain performance and avoid overloading the backbone ring, you can locate servers on the same ring as the workgroup that needs to access the server. However, this makes the servers more difficult to back up, administer, and secure than if they are located on the backbone ring, and limits the number of servers that particular stations can access.
Collapsed backbone routers offer greater throughput than bridges, and can interconnect a larger number of rings without becoming overloaded. Routers provide both bridging and routing function between ring and have sophisticated broadcast control mechanisms. These mechanisms become increasingly important as the number of devices on the network increase.
The main drawback of using routers as the campus backbone is the relatively high price-per-port and the fact that the throughput typically does not increase as ports are added. A Token Ring switch is designed to provide wire speed throughput regardless of the number of ports in the switch. In addition, the switch can be configured to provide very low latency between Token Ring ports by using cut-through switching.
Bridging Modes
The Catalyst 5000 series Token Ring module supports the following bridging modes:
Source-Route Bridging
SRB is the original method of bridging used to connect Token Ring segments. A source-route bridge makes all forwarding decisions based on data in the RIF. It does not learn or look up MAC addresses. Therefore, SRB frames without a RIF are not forwarded.
Clients or servers that support source routing typically send an explorer frame to determine the path to a given destination. There are two types of explorer frames: ARE and spanning-tree explorer. All SRB bridges copy ARE frames and add their own routing information. For frames that are received from or sent to ports that are in the spanning-tree forwarding state, bridges copy spanning-tree explorer frames and add their own routing information. Because ARE frames will traverse all paths between two devices, they are used in path determination. Spanning-tree explorer frames are used to send datagrams because the spanning tree will ensure that only one copy of an spanning-tree explorer frame is sent to each ring.
Note The spanning tree used with source-routing is different from the IEEE spanning tree used in
transparent bridges. The Catalyst 5000 series Token Ring module supports both types of
spanning-tree algorithms.
Source-Route Transparent Bridging
SRT bridging is an IEEE standard that combines source-route bridging and transparent bridging. An SRT bridge forwards frames that do not contain a RIF based on the destination MAC address. Frames that contain a RIF are forwarded based upon source-routing. The SRT bridge only runs the IEEE STP. It does not support the IBM Spanning Tree Protocol.
Source-Route Switching
Similar to a transparent bridge, the Catalyst 5000 series Token Ring module can forward broadcast, multicast, and unicast frames based on MAC address. If, however, you have source-route bridges in your network, the Token Ring module can forward frames based on the RIF. This dual frame-forwarding technology is called source-route switching.
In source-route switching, the switch learns and forwards frames based on source-route descriptors for stations that are one or more source-route bridge hops away. A route descriptor is a portion of a RIF that indicates a single hop. It is defined as a ring number and a bridge number. When a source-routed frame enters the switch, the switch learns the route descriptor for the hop closest to the switch. Frames received from other ports with the same next-hop route descriptor as their destination will be forwarded to that port.
The key difference between SRB and source-route switching is that while a source-route switch looks at the RIF, it never updates the RIF. Therefore, all ports in a source-route switch group have the same ring number.
Source-route switching provides the following benefits:
- The switch does not need to learn the MAC addresses of the devices on the other side of a source-route bridge. Therefore, the number of MAC addresses that the switch must learn and maintain is significantly reduced.
- The switch can support parallel source-routing paths.
- An existing ring can be partitioned into several segments without requiring a change in the existing ring numbers or the source-route bridges.
- The switch can support duplicate MAC addresses if the stations reside on LAN segments with different LAN IDs (ring numbers).
Dedicated Token Ring
Classic 4- and 16-Mbps Token Ring adapters must be connected to a port on a concentrator. These adapters are also limited to operating in half-duplex mode. In half-duplex mode, the adapter can only be sending or receiving a frame; it cannot do both simultaneously.
Dedicated Token Ring, developed by the IEEE, defines a method in which the switch port can emulate a concentrator port, thereby eliminating the need for an intermediate concentrator. In addition, dedicated Token Ring defines a new full-duplex data passing mode called Transmit Immediate, which eliminates the need for a token and allows the adapter to transmit and receive simultaneously.
Dedicated Token Ring is particularly useful for providing improved access to servers. A server can be attached directly to a switch. This allows the server to take advantage of the full 16 Mbps available for sending and receiving and results in an aggregate bandwidth of 32 Mbps.
Token Ring VLANs
Within a Token Ring VLAN, logical rings can be formed by defining groups of ports that have the same ring number. The IEEE calls such a port group a Token Ring Concentrator Relay Function (TrCRF). In general, a TrCRF is limited to the ports in a single Token Ring module on the Catalyst 5000 series switch. However, there is one exception to this rule that is discussed in the "Adding or Changing TrCRF Parameters" section.
Within the TrCRF, source-route switching is used for forwarding based on either MAC addresses or route descriptors. If desired, the entire VLAN can operate as a single ring. Frames can be switched between ports within a single TrCRF.
Figure 14 Token Ring VLANs
As shown in Figure 14, multiple TrCRFs can be interconnected using a single Token Ring Bridge Relay Function (TrBRF). For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can function as an SRB or SRT bridge running either the IBM or IEEE STP. If SRB is used, duplicate MAC addresses can be defined on different logical rings.
To accommodate SNA traffic, you can use a combination of SRT and SRB modes. In a mixed mode the TrBRF considers some ports (logical ports connected to TrCRFs) to be operating in SRB mode while others are operating in SRT mode.
The TrBRF can be extended across a network of switches via high-speed uplinks between the switches. These links must have the ability to multiplex multiple VLANs and provide the necessary information to support logical rings.
STP
The STP is a broadcast algorithm used by network bridge connections to dynamically discover a loop-free subset of the network topology while maintaining a path between every pair of LANs or VLANs in the network.
To accomplish this, the STP blocks ports that, if active, would create bridging loops. If the primary link fails, it activates one of the blocked bridge ports to provide a new path through the network.
In a traditional bridged network, there is one STP for each bridge connection. Each bridge maintains its own database of configuration information and transmits and receives only on those ports belonging to the bridge. The type of STP that runs on a bridge depends on the transmission mode of the bridge connection (whether the connection is transparent, SRB, source-source route switched, or SRT).
In a switched network, you can configure virtual networks. A switch can have ports that belong to different VLANs, some of which may span several switches.
As discussed in the "Virtual LAN Support" section, in a Token Ring switch, there are two levels of VLANs. The grouping of ports (TrCRFs) is connected by logical bridges (TrBRFs).
Therefore, in a Token Ring switched network, to ensure loops are removed from the topology you must configure a separate STP for each logical bridge (TrBRF) and for each of the port groupings (TrCRF) configured for a VLAN.
How the STP Algorithm Works
The following is a general summary of how the STP eliminates loops in the network:
1. Each bridge is assigned an 8-byte unique bridge identifier.
The first 2 bytes are a priority field, and the last 6 bytes contain one of the bridge's MAC addresses. The bridge with the lowest bridge identifier among all bridges on all LAN segments is the root bridge. The network administrator can assign a lower bridge priority to a selected bridge to control which bridge becomes the root, or the administrator can use default bridge priorities and allow the STP to determine the root.
2. Each bridge port is associated with a path cost.
The path cost represents the cost of transmitting a frame to a bridged segment through that port. A network administrator typically configures a cost for each port based on the speed of link (for example, the cost of a port connected to a 16-Mbps LAN could be assigned a lower path cost than a port connected to a 4-Mbps LAN).
3. Each bridge determines its root port and root path cost.
The root port is the port that represents the shortest path from itself to the root bridge. The root path cost is the total cost to the root.
All ports on the root bridge have a zero cost.
4. All participating bridges elect a designated bridge from among the bridges on that LAN segment.
A designated bridge is the bridge on each LAN segment that provides the minimum root path cost. Only the designated bridge is allowed to forward frames to and from that LAN segment toward the root.
5. All participating bridges select ports for inclusion in the spanning tree.
The selected ports will be the root port plus the designated ports for the designated bridge. Designated ports are those where the designated bridge has the best path to reach the root. In cases where two or more bridges have the same root path cost, the bridge with the lowest bridge identifier becomes the designated bridge.
6. Using the preceding steps, all but one of the bridges directly connected to each LAN segment are eliminated, thereby removing all multiple LAN loops.
How Spanning-Tree Information is Shared
The STP calculation requires that bridges communicate with other bridges in the network that are running the STP. Each bridge is responsible for sending and receiving configuration messages called bridge protocol data units (BPDUs).
BPDUs are exchanged between neighboring bridges at regular intervals (typically 1 to 4 seconds) and contain configuration information that identifies the:
- Bridge that is presumed to be the main bridge or root (root identifier)
- Distance from the sending bridge to the root bridge (called the root path cost)
- Bridge and port identifier of the sending bridge
- Age of the information contained in the configuration message
If a bridge fails and stops sending BPDUs, the bridges detect the lack of configuration messages and initiate a spanning-tree recalculation.
BPDU Field Formats
Figure 15 shows the format of the fields inside a BPDU.
Note All fields in the BPDU are common to all STPs except for the Port ID field. If the BPDU is
an IEEE or Cisco STP BPDU message, the Port ID field specifies the transmitting port number of
the originating bridge. If the BPDU is an IBM STP BPDU message, then the Port ID field specifies
the ring and bridge number through which the message was sent.
Figure 15 BPDU Field Formats
| 2
|
1
|
1
|
1
|
8
|
4
|
8
|
2
|
2
|
2
|
2
|
2
|
Protocol Identifier
|
Version
|
Message Type
|
Flags
|
Root ID
|
Root Path Cost
|
Bridge ID
|
Port ID
|
Message Age
|
Max Age
|
Hello Time
|
Forward Delay
|
Table 12 BPDU Configuration Message Fields
Protocol Identifier
|
Identifies the protocol. This field contains the value zero.
|
Version
|
Identifies the version. This field contains the value zero.
|
Message Type
|
Identifies the message type. This field contains the value zero.
|
Flags
|
1-byte field, of which only the first two bits are used. The topology change (TC) bit signals a topology change. The topology change acknowledgment (TCA) bit is set to acknowledge receipt of a configuration message with the TC bit set. This field is not valid for IBM STP BPDUs.
|
Root ID
|
Identifies the root bridge by listing its 2-byte priority followed by its 6-byte ID.
|
Root Path Cost
|
Cost of the path from the bridge sending the configuration message to the root bridge.
|
Bridge ID
|
Priority and ID of the bridge sending the message.
|
Port ID
|
Port number (IEEE or Cisco STP BPDU) or the ring and bridge number (IBM STP BPDU) from which the configuration message was sent. This field allows loops created by multiple attached bridges to be detected and corrected.
|
Message Age
|
Indicates the amount of time that has elapsed since the root sent the configuration message on which the current configuration message is based.
|
Max Age
|
Indicates when the current configuration message should be deleted.
|
Hello Time
|
Indicates the time between root bridge configuration messages.
|
Forward Delay
|
Indicates the length of time that bridges should wait before transitioning to a new state after a topology change. If a bridge transitions too soon, it is possible that not all network links will be ready to change their state and loops can result.
|
Catalyst 5000 Series Token Ring Module Spanning-Tree Support
The Catalyst 5000 series Token Ring module supports the following STPs:
The Catalyst 5000 series switch uses the IEEE 802.1d and IBM STPs on TrBRFs. The STP running on the TrCRF is either the Cisco or IEEE STP, depending upon the STP being run on the TrBRF and the bridging mode configured for the TrCRF using the set vlan command. The default configuration has all STPs enabled.
Table 13 lists the STP activity at the TrBRF and TrCRF levels depending upon the TrBRF STP and the TrCRF bridge mode configuration.
Table 13
| TrBRF STP Setting
|
TrCRF Bridge Mode / ISL Port Setting
|
TrBRF STP
|
TrCRF STPF
|
IBM
|
SRB
SRT
ISL Ports
|
IBM
None1
IBM
|
IEEE
Cisco
None
|
IEEE
|
SRB
SRT
ISL Ports
|
None1
IEEE
IEEE
|
IEEE
Cisco
None
|
| Logical ports of the TrBRF may be set to forwarding state using the set spantree portstate command.
|
TrBRF and TrCRF STPs
The following sections briefly describe the type of transmission mode supported by each STP.
IEEE 802.1d STP
The IEEE STP can be used at the TrCRF or the TrBRF level. This type of spanning tree supports bridge domains and allows the bridge to construct a loop-free topology across an extended LAN. Specifically, the IEEE 802.1d STP supports the following bridge modes:
- Transparent Bridging
- Source-Route Switching
- Source-Route Transparent Bridging
The IEEE 802.1d STP BPDU format is:
Destination Address
|
Source Address
|
SAP
|
BPDU
|
Transparent Bridging
When a bridge connection is transparent mode:
- The bridge connection learns the source MAC addresses.
- Frames are forwarded based upon the destination address.
Source-Route Switching
When a bridge connection is source-route switching:
- The bridge connection learns route descriptors for frames that contain a RIF and learns the source MAC addresses for frames that do not contain a RIF.
- Source-route frames are forwarded based on the route descriptor.
- Non-source-route frames are forwarded based on the destination address.
Source-Route Transparent Bridging
When a bridge connection is source-route transparent:
- Transparent bridging and source-route bridging modes are combined.
- The bridge connection learns route descriptors for frames that contain a RIF and learns the source MAC addresses for frames that do not contain a RIF.
- Non-source-route frames are forwarded based on the destination address.
- Source-route frames are forwarded based on the route descriptor.
- ARE and spanning-tree explorer frames are issued and forwarded.
- The IEEE STP is used to eliminate loops for non-source-route and spanning-tree explorer frames.
IBM STP
The IBM STP can be used at the TrBRF level. This type of spanning tree was developed to maintain the path for source-route broadcast traffic.
Source-Route Bridging
When a bridge connection is source-route:
- The bridge connection learns the source MAC address for frames that originate from the local ring and the route descriptor for frames that originate on the other side of a source-route bridge.
- Non-source-route frames are not forwarded.
- Source-route frames are forwarded based on the route descriptor.
- ARE and spanning-tree explorer frames are issued and forwarded.
- The IBM STP is used to eliminate loops only for spanning-tree explorer frames.
The IBM STP BPDU format is:
Destination Address
|
Source Address
|
SAP
|
BPDU
|
Cisco STP
The Cisco STP was designed for use at the TrCRF level. This type of spanning tree was developed to address a looping problem that can be introduced when you use VLANs in a Token Ring environment.
One of the rules in processing source-route traffic is that a source-route frame should never be forwarded to a ring that it has previously traversed. If the RIF of a source-route frame already contains the ring number for the next hop, the bridge assumes that the frame has already been on that ring and drops the frame.
With Token Ring VLANs, however, this rule can cause a problem. With the existing STP, a frame that originated on one physical ring of a Token Ring VLAN and is processed by an external SRT bridge would not be forwarded to another physical ring of the same Token Ring VLAN. Therefore, the IEEE 802.1d STP was used as a basis to create the Cisco STP. The Cisco STP ensures that traffic from one physical ring of a VLAN is not blocked from the other physical rings that comprise the VLAN.
Table 14 summarizes the activities occurring in the TrCRF and TrBRF when the Cisco STP is run.
Table 14 Cisco STP and Bridging Modes
| TrCRF Bridging Mode
|
TrCRF
|
TrBRF
|
SRB
|
- Runs the IEEE STP.
- Processes IBM STP BPDUs from external bridges.
|
- Performs as a source-route bridge.
- Runs the IBM STP to external bridges.
- Drops transparent IEEE STP BPDUs of the TrCRF.
|
SRT
|
- Runs the Cisco STP.
- Replaces bridge group address of destination address field with a Cisco-specific group address to prevent external bridges from analyzing TrCRF BPDUs.
- Generates BPDUs with the Routing Information Identifier bit in the source address field set in the outbound frame and a 2-byte RIF added.
This frame format ensures that the TrCRF remains local to the logical ring and is not transparently bridged or source routed to other LANs. Only TrCRFs connected via physical loops receive the BPDUs.
- Processes IEEE STP BPDUs from external bridges.
|
- Performs as a source-route transparent bridge.
- Forwards transparent and source-route traffic.
- Forwards source-route traffic to all other TrCRFs in the TrBRF whether they be in SRT or SRB mode.
|
The Cisco STP BPDU format is:
Destination Address
|
Source Address
|
RIF
|
SAP
|
BPDU
|
Spanning-Tree BPDU Formats Summary
For each BPDU format:
- The destination address is specified in the bridge group address table.
- The source address is the base MAC address used by the switch.
- The SAP field should be set to 0x424203.
For the Cisco STP BPDU format, the source address must have the "msp masked" on to indicate the presence of a RIF in the header. The information carried in the RIF for the Cisco STP BPDU is a 2-byte field and must be set to 0x0200.
Catalyst 5000 Series Token Ring Module Command Reference
This section lists and describes commands specific to the Catalyst 5000 series Token Ring module as well as existing Catalyst 5000 series switch commands that have been altered for the Catalyst 5000 series Token Ring module. For a complete description of all the Catalyst 5000 series commands, refer to the Catalyst 5000 Series Command Reference.
clear port filter
Use the clear port filter privileged command to clear MAC address or protocol filters, filters configured on a specific port, or to clear all filters that have been configured.
- clear port filter [mod_num/port_num] {mac_addr | protocol_type | all}
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
mac_address
|
MAC address contained in the packets to be filtered. This address can be entered in canonical format (00-11-33-44-55) or in non-canonical (00:11:22:33:44:55) format.
|
protocol_type
|
Type of protocol to be filtered.
|
all
|
Keyword used to specify for all filters to be cleared.
|
Default
The command has no default setting.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
Up to 16 MAC address filters or 16 protocol (eight SAP and eight DSAP) filters can be configured per port on the Token Ring module.
Example
The following example shows clearing a MAC address filter (00:40:0b:01:bc:65) configured on port 2 of module 3:
Console> (enable) clear port filter 3/2 00:40:0b:01:bc:65
Port 3/2 filter Mac Address 00:40:0b:01:bc:65 cleared.
Related Commands
set port filter
show port filter
clear station
Use the clear station privileged command to issue a Remove Ring Station MAC frame to remove a station from the ring.
- clear station mod_num/port_num mac_addr
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
mac_address
|
MAC address of the station that you want to remove. Enter this address in non-canonical (00:11:22:33:44:55) format.
|
Default
The command has no default setting.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
Issuing the clear station command and specifying the MAC address or ID of a station issues a Remove Station MAC frame to that station and removes the station from the ring. Use this procedure with extreme caution.
Example
The following example shows a station with the MAC address 00:40:0b:01:bc:65 on port 2 of module 3 being removed:
Console> (enable) clear station 3/2 00:40:0b:01:bc:65
Mac Address 00:40:0b:01:bc:65 cleared.
Related Commands
set station softerror
show station softerror config
show station softerror counters
clear station counters
Use the clear station counters privileged command to reset the soft error statistics that display when you issue the show station softerror counters command. You can clear statistics collected for a station on a port, the module, or for a specific port on the module.
- clear station counters mod_num[/port_num]
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
Default
The command has no default setting.
Command Type
Switch command
Command Mode
Privileged
Example
The following example shows the soft error statistics collected for stations on port 10 of module 3 being reset:
Console> (enable) clear station counters 3/10
Port 3/10 station counters cleared.
Related Commands
set station softerror
show station softerror counters
set port filter
Use the set port filter privileged command to configure a MAC address filter or a protocol filter for ports on your Token Ring module.
- set port filter mod_num/port_num {mac_addr | protocol_type} {permit | deny | permit_ |
permit_dst | deny_src | deny_dst | deny_src_learn}
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
mac_address
|
MAC address contained in the packets to be filtered. This address can be entered in canonical format (00-11-33-44-55) or in non-canonical (00:11:22:33:44:55) format.
|
protocol_type
|
Protocol type that you want to filter. For a list of the protocol types that you can filter, see the "Codes" section.
|
permit
|
Keyword used to specify that the filter can permit packets with the specified MAC address or protocol type.
|
deny
|
Keyword used to specify that the filter can deny packets with the specified MAC address or protocol type.
|
permit_
|
Keyword used to specify to allow any packet with the specified MAC address as the source address.
|
permit_dst
|
Keyword used to specify to allow any packet with the specified MAC address as the destination address.
|
deny_
|
Keyword used to specify to block any packet with the specified MAC address as the source address.
|
deny_dst
|
Keyword used to specify to block any packet with the specified MAC address as the destination address.
|
deny__learn
|
Keyword used to specify that the Token Ring module is not to learn the specified MAC address as a source address.
|
Default
The command has no default setting.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
Up to 16 MAC address filters or 16 protocol (eight SAP and eight DSAP) filters can be configured per port on the Token Ring module.
Example
The following example shows configuring a port filter on port 2 MAC address 00:40:0b:01:65) of module 3:
Console> (enable) set port filter 3/2 00:40:0b:01:bc:65 permit
Port 3/2 filter Mac Address 00:40:0b:01:bc:65 set to permit.
Related Commands
clear port filter
show port filter
set port speed
Use the set port speed privileged command to configure the speed of a port interface. You can configure the speed of a Fast Ethernet interface and a Token Ring interface.
- set port speed mod_num/port_num {4 | 10 | 16 | 100 | auto}
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
4 | 10 | 16 | 100 | auto
|
Keyword used to set a port speed to 4, 10, 16, 100 Mbps, or auto speed detection mode. The default is auto. Port speeds 4 and 16 Mbps apply only to Token Ring ports. Port speeds 10 and 100 Mbps apply only to Ethernet ports.
|
Default
The default configuration has all Token Ring module ports set to auto.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
Token Ring interfaces on the Token Ring module can be configured to either 4 Mbps or 16 Mbps. They can also be set to auto speed detection mode, allowing them to sense and distinguish between 4-Mbps and 16-Mbps port transmission speed. Set at auto speed detection mode, the interfaces automatically configure themselves to operate at the proper speed.
If you change the transmission speed of a port that is open to 4 or 16 Mbps, the port will close and reopen at the new transmission speed. If a port closes and reopens on an existing ring using a transmission speed different from that which the ring is operating, the ring will beacon.
If the ports on the Token Ring module are configured to automatically sense the speed of the ring, the first port inserted on the ring will not set the speed, for it will be unable to detect the speed.
Example
The following example shows how to set ports 2, 3, and 4 on module 3 to 16 Mbps, 4 Mbps, and auto speed detection mode:
Console> (enable) set port speed
Usage: set port speed <mod_num/port_num> <4|10|16|100|auto>
Console> (enable) set port speed 3/4 16
Port(s) 3/4 speed set to 16Mbps.
Console> (enable) set port speed 3/4 auto
Port(s) 3/4 speed set to auto detect.
Related Commands
set port disable
set port enable
set port help
set port name
set port trap
set tokenring portmode
set tokenring priority
show port
set span
Use the set span command to enable or disable SPAN and to set up the switch port and VLAN analyzer for multiple SPAN sessions.
- set span disable [dest_mod/dest_port | all]
- set span {_mod/src_ports... | src_vlan... | sc0} {dest_mod/dest_port} [rx | tx | both]
[inpkts {enable | disable}] [multicast {enable | disable}] [create]
Syntax Description
disable
|
Keyword to disable SPAN.
|
dest_mod
|
Monitoring module (SPAN destination).
|
dest_port
|
Monitoring port (SPAN destination).
|
_mod
|
Monitored module (SPAN source).
|
_ports...
|
Monitored ports (SPAN source).
|
_vlan...
|
Monitored VLAN (SPAN source).
|
sc0
|
Keyword to specify the in-band interface.
|
rx
|
(Optional) Keyword to specify that information received at the source is monitored.
|
tx
|
(Optional) Keyword to specify that information transmitted from the source is monitored.
|
both
|
(Optional) Keyword to specify that information both transmitted from the source and received at the source is monitored.
|
inpkts enable
|
(Optional) Keywords to enable the receiving of normal inbound traffic on the SPAN destination port.
|
inpkts disable
|
(Optional) Keywords to disable the receiving of normal inbound traffic on the SPAN destination port.
|
multicast enable
|
(Optional) Keywords to enable the receiving multicast packets on the SPAN destination port.
|
multicast disable
|
(Optional) Keywords to disable the receiving multicast packets on the SPAN destination port.
|
create
|
(Optional) Keyword to create a new SPAN session.
|
Default
The default has no SPAN configured.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
You can configure multiple SPAN sessions to run at the same time. One ingress span session (RX or Both direction) and four egress span sessions (TX direction only) can be configured.
A trunk port can be configured as a source or destination port. If the destination port is a trunk port, the outgoing packets through the SPAN port will carry ISL or 802.1Q VLAN headers.
If SPAN is enabled, and you change the VLAN configuration of the SPAN port (destination), you must disable SPAN before the new configuration will be in effect.
If SPAN is enabled, and you disable a source or destination port, the SPAN function will not work until you enable SPAN on both ports.
You can configure a disabled port to be a source or destination port, but the SPAN function will not work until you enable SPAN on both ports.
If SPAN is enabled for monitoring a particular VLAN, the number of ports being monitored changes when you move a switched port into or out of the specified monitored VLAN.
FDDI port can also be a source port.
Source and destination ports can not be the same port.
After SPAN is enabled, if no parameters were ever set, the first configured SPAN is used as a reference.
You can configure additional SPAN ports which monitor VLANs only. These ports support a source of one or more VLANs and require the destination port to be a trunk-capable port. This port will filter all traffic except traffic from the configured VLAN for that port.
For monitoring inbound traffic, only one ingress session (or both direction) SPAN is allowed regardless of the port-based SPAN. An egress SPAN can coexist with other SPAN sessions.
Use either a dedicated RMON probe (such as the Catalyst 5000 series Network Analysis Module) or a network analyzer to monitor ports.
Use the inpkts keyword with the enable option to allow the SPAN destination port to receive normal incoming traffic in addition to the traffic mirrored from the SPAN source. Use the disable option to prevent the SPAN destination port from receiving normal incoming traffic.
You can specify an RSM port as the SPAN source port. However, you cannot specify an RSM port as the SPAN destination port.
The source and destination ports have to be within the module.
If you are configuring SPAN on the Catalyst 5000 and 2926G series Gigabit EtherChannel switching module, the source and destination ports must be on the same module. This restriction does not apply to the following:
- Three-port Gigabit Ethernet module (WS-X5403)
- Catalyst 4000 and 2948G series switch modules
If you are configuring the Gigabit EtherChannel switching module VLAN, only the both argument is allowed, you cannot specify tx or rx.
Catalyst 4000 and 2948G series switches do not support the sc0 keyword.
Catalyst 4000 and 2948G series switches do not permit you to disable multicast on SPAN ports.
The Token Ring port can be a source or destination port. When monitoring the tx direction, only one source port is allowed, and the Token Ring module does not support the inpkts option. A Token Ring port can only monitor another Token Ring port.
If you are running a supervisor engine software release prior to release 4.5(1), configure only a single source port to be monitored. With the supervisor engine software release 4.5(1) and later, a single source port will be the standard Token Ring SPAN configuration.
You cannot monitor a VLAN to which none of the ports belong.
Examples
This example shows how to configure SPAN so that the transmit traffic on the source port (3/2) is mirrored to the destination port (3/6), and how to verify SPAN configuration:
Console> (enable) set span 3/2 3/6 tx
Enabled monitoring of Port 3/2 transmit traffic by Port 3/6
Console> (enable) show span
set spantree help
Use the set spantree help privileged command to list the available set spantree commands.
- set spantree help
Syntax Description
This command has no arguments or keywords.
Default
This command has no default setting.
Command Type
Switch command
Command Mode
Privileged
Example
The following example shows how to list the set spantree commands:
Console> (enable) set spantree
----------------------------------------------------------------------
set spantree disable Disable spanning tree
set spantree enable Enable spanning tree
set spantree fwddelay Set spantree forward delay
set spantree hello Set spantree hello interval
set spantree help Show this message
set spantree maxage Set spantree max aging time
set spantree multicast-address Set the spantree functional address
set spantree portcost Set spantree port cost
set spantree portfast Set spantree port fast start
set spantree portpri Set spantree port priority
set spantree portstate Set spantree logical port state
set spantree portvlancost Set spantree port cost per vlan
set spantree portvlanpri Set spantree port vlan priority
set spantree priority Set spantree priority
set spantree root Set switch as primary or secondary root
set spantree uplinkfast Enable or disable uplinkfast groups
set spantree multicast-address
Use the set spantree multicast-address command to specify for a TrBRF to use the IBM bridge functional address or the IEEE Spanning Tree Protocol address.
- set spantree multicast-address vlan_num {ieee | ibm}
Syntax Description
vlan_num
|
Number of the TrBRF for which you are setting the address.
|
ieee
|
Keyword used to specify for the IEEE STP address to be used.
|
ibm
|
Keyword used to specify for the IBM bridge functional address to be used.
|
Default
The default configuration has IEEE.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
This command applies only to a TrBRF that is running IEEE STP.
Example
The following example shows specifying for the bridge functional address to be used:
Console> (enable) set spantree multicast-address ibm 100
Related Commands
show spantree
set spantree portcost
Use the set spantree portcost privileged command to set the path cost for a physical port or logical port (the connection between a TrCRF and TrBRF).
- set spantree portcost {mod_num/port_num | trcrf} cost
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
trcrf
|
Number of the TrCRF for which you are setting the path cost.
|
cost
|
Number from 1 to 65535 that indicates the cost of the path. 1 is a low cost and 65535 is a high cost.
|
Default
The default configuration is as follows:
- 100BaseTX Ethernet port cost = 10
- 10BaseT Ethernet port cost = 100
- FDDI port cost = 10
- ATM port cost = 6
- Token Ring port cost = 62
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
The STP uses port path costs to determine which port to select as a forwarding port. Therefore, lower numbers should be assigned to ports attached to faster media (such as full duplex) and higher numbers should be assigned to ports attached to slower media. The possible range is 1 to 65535. The default for the Token Ring module ports is 62. The recommended path cost is 1000/LAN speed in Mbps.
Example
The following example shows how to set the port cost for port 4 on module 3 to 16 Mbps:
Console> (enable) set port speed 3/4 16
Port(s) 3/4 speed set to 16Mbps.
Related Commands
show spantree
set spantree portpri
Use the set spantree portpri privileged command to set the bridge priority for a spanning-tree port or TrCRF.
- set spantree portpri {mod_num/port_num | trcrf} priority
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
trcrf
|
Number identifying the TrCRF for which you are setting the bridge priority.
|
priority
|
Number that represents the cost of a link in a spanning-tree bridge. For physical Token Ring ports, the possible priority range ins 0 through 255 (decimal). The default is 128. For logical ports, the possible priority range is 0 through 7. The default is 4.
|
Default
The default configuration has all physical Token Ring ports with bridge priority set to 128. Logical ports are set to 4 by default.
Command Type
Switch command
Command Mode
Privileged
Usage Guideline
The specified bridge priority on an ATM port applies to all emulated LANs on that port.
Example
The following example shows how to set the priority of port 1 on module 4 to 63:
Console> (enable) set spantree portpri 4/1 63
Bridge port 4/1 priority set to 63.
Related Commands
show spantree
set spantree portstate
Use the set spantree portstate privileged command to manually set the state of a logical port (the connection between a TrCRF and TrBRF).
- set spantree portstate trcrf {block | forward | auto} [trbrf]
Syntax Description
trcrf
|
Number of the TrCRF.
|
block | forward | auto
|
Keywords used to set the logical port to a blocked state (block), forwarding state (forward) or to have the correct state automatically determined by the STP (auto).
|
trbrf
|
Number of the parent TrBRF.
|
Default
There is no default configuration for this command.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
This command can only be used to set the port state when the TrCRF is in SRT mode and the TrBRF is running the IBM STP, or, the TrCRF is in SRB mode and the TrBRF is running the IEEE STP.
When STP is enabled, every switch in the network goes through the blocking state and the transitory states at power up. The ports then stabilize to the forwarding or blocking state. With TrBRFs and TrCRFs, there are two exceptions to this rule that require you to manually set the state of the logical ports of a TrBRF. The two exceptions are if:
- The TrBRF is running the IBM STP and the TrCRF is in SRT mode.
- The TrBRF is running the IEEE STP and the TrCRF is in SRB mode.
Example
The following example shows the manual setting of TrCRF 900 to a forwarding state:
Console> (enable) set spantree portstate 900 forward
Related Commands
show spantree
set station softerror
Use the set station softerror privileged command to enable or disable the collection of soft error statistics on the ports on a Token Ring module or on a specific port on the module. Also, use the set station softerror command to define error thresholds and sampling intervals for the ports on the Token Ring module or for a specific port on the module.
- set station softerror mod_num[/port_num] disable | enable [threshold thres_num
interval int_num]
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
disable
|
Keyword used to specify for soft error statistics to not be collected for the stations on a module or on a specific port on a module.
|
enable
|
Keyword used to specify for soft error statistics to be collected for the stations on a module or on a specific port on a module.
|
threshold
thres_num
|
Keyword used to specify the number of soft errors reported from a station connected to a port that if exceeded causes a soft error exceeded trap to be issued. Valid values are 1 to 255. The default is 100.
|
interval
int_num
|
Keyword used to specify the sampling period (in seconds) during which the number of soft errors is monitored for each station connected to a port. Valid values are 0 to 65534. The default is 60. To disable soft error exceeded traps, set the interval to zero. Without traps, soft errors can still be monitored via the console.
|
Default
The default configuration has soft error monitoring disabled. The default error threshold is 100. The default interval is 60.
Command Type
Switch command
Command Mode
Privileged
Example
The following example shows how to enable the collection of soft error statistics for port 10 on module 3:
Console> (enable) set station softerror 3/10 enable
Port 3/10 soft error monitoring enabled.
The following example shows the error threshold and sampling interval for port 10 on module 3 being set:
Console> (enable) set station softerror 3/10 threshold 100 interval 200
Port 3/10 station soft error threshold set to 100, interval set to 200
Related Commands
clear station counters
show station softerror config
show station softerror counters
set tokenring acbits
Use the set tokenring acbits privileged command to specify whether AC bits shall be set unconditionally when a port forwards certain LLC frames.
- set tokenring acbits mod_num/port_num {enable | disable | sronly | never | always}
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
enable
|
Keyword used to unconditionally set the AC bits on source-routed frames with a RIF length greater than 2 and on all explorer frames in addition to setting the AC bits on all frames forwarded to another port. This parameter is only valid when local address learning is enabled on a port. Therefore, specifying enable automatically enables local address learning on the port.
|
disable
|
Keyword used to specify for the AC bits to be set based exclusively on whether the frame is forwarded to another port. This parameter is only valid when local address learning is enabled on a port. Therefore, specifying disable automatically enables local address learning on the port.
|
sronly
|
Keyword used to specify for the AC bits to be set only on source-routed frames with a RIF length greater than 2 and on all explorer frames.
|
never
|
Keyword used to specify for the AC bits to never be set on LLC frames. This parameter is only valid when local address learning is disabled on the port. Therefore, specifying never automatically disables local address learning on the port.
|
always
|
Keyword used to specify for the AC bits to always be set on LLC frames. This parameter is only valid when local address learning is disabled on a port. Therefore, specifying always automatically disables local address learning on the port.
|
Default
The default configuration is disable.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
Using the set tokenring actbits command, you can specify if and how the AC bits should be set on LLC frames. When local address learning is enabled on a Token Ring port, the default is disable. When local address learning is disabled on a Token Ring port, the default is always.
Example
The following examples show port 4 on module 4 being enabled to unconditionally set the AC bits when forwarding certain LLC frames and then being disabled.
Console> (enable) set tokenring acbits 4/4 enable
Console> (enable) set tokenring acbits 4/4 disable
Port 4/4 acbits disabled.
Related Commands
set tokenring locallearning
set tokenring portaging
show tokenring
set tokenring configloss
Use the set tokenring configloss privileged command to specify thresholds that, when exceeded during the user-specified interval, will cause the port to be administratively disabled.
- set tokenring configloss mod_num/port_num [threshold thresh_num] [interval int_num]
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
threshold thresh_num
|
Keyword to set the threshold for configuration losses. Valid values are 1 to 100. The default is 8.
|
interval interval_num
|
Keyword to set the interval at which the configuration loss is measured. Valid values are 1 to 99 minutes. The default is 10.
|
Default
The default threshold configuration is 8. The default interval is 10.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
Configuration loss occurs when a port completes a connection, allows data traffic to flow, and subsequently closes. The configuration loss threshold is used to control the number of configuration losses that can occur within a specified time. When the threshold is exceeded, the port is disabled and must be enabled using the set port enable command or an SNMP manager.
Example
The following shows how to set a configuration loss threshold of 25 and an interval of 5 minutes for port 1 on module 4.
Console> (enable)
set tokenring configloss 4/1
threshold 25
interval 5
Port 4/1 configloss threshold set to 25, interval set to 5.
Related Commands
show tokenring
set tokenring distrib-crf
Use the set tokenring distrib-crf command to enable or disable the ability to configure a distributed TrCRF.
- set tokenring distrib-crf {enable | disable}
Syntax Description
enable
|
Keyword to enable the ability to configure distributed TrCRFs.
|
disable
|
Keyword to disable the ability to configure distributed TrCRFs.
|
Default
The default is for the ability to configure a distributed TrCRF to be disabled.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
Use extreme caution when configuring a distributed TrCRF in your network. Ensure that no loops are configured in the network before configuring a distributed TrCRF.
Example
The following example shows how to enable the ability to configure a distributed TrCRF:
Console> (enable) set tokenring distrib-crf enable
WARNING:Ports will NOT be inactivated for distributed crfs. NETWORK LOOPS MAY OCCUR.
Related Commands
show tokenring
set tokenring etr
Use the set tokenring etr privileged command to enable or disable a Token Ring port's use of the Early Token Release procedure when transmitting frames.
- set tokenring etr mod_num/port_num {enable | disable}
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
enable | disable
|
Keyword used to specify that Early Token Release should be used (enable) or not used (disable) when transmitting frames.
|
Default
For 16 Mbps and auto speed-detection ports, the default configuration is enable Early Token Release.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
Early Token Release cannot be enabled for 4 Mbps ports. Enabling or disabling Early Token Release on a port will cause the port to be closed and reopened.
Example
The following example shows how to enable Early Token Release on port 2 on module 3:
Console> (enable) set tokenring etr 3/2 enable
Port 3/2 Early Token Release enabled.
The following example shows how to disable Early Token Release on port 2 on module 3:
Console> (enable)
set tokenring etr 3/2 disable
Port 3/2 Early Token Release disabled.
Related Commands
show tokenring
set tokenring help
Use the set tokenring help privileged command to list the Token Ring-specific set commands with brief descriptions of their functions.
- set tokenring help
Syntax Description
This command has no arguments or keywords.
Default
This command has no default setting.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
The set tokenring help command lists the Token Ring set commands that are available in privileged mode.
Example
The following example shows how to list the Token Ring set commands that are available in privileged mode:
Console> (enable) set tokenring help
----------------------------------------------------------------------------
set tokenring acbits Set the AC bits
set tokenring configloss Specify the behavior in case of lots of failures
set tokenring etr Enable/disable Early Token Release
set tokenring help Show this help message
set tokenring portmode Set port mode
set tokenring priority Set port priority
Related Commands
set help
set tokenring locallearning
Use the set tokenring locallearning privileged command to enable or disable local MAC address learning on a Token Ring port.
- set tokenring locallearning mod_num/port_num enable | disable
Syntax Description
mod_num
|
Number of the module.
|
enable
|
Keyword used to enable local MAC address learning on a Token Ring port.
|
disable
|
Keyword used to disable local MAC address learning on a Token Ring port.
|
Default
The default configuration is enable.
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
We recommend that you use the set tokenring locallearning command only in those rare circumstances in which network communications are disrupted because of invalid frames. This command should be used in conjunction with the set tokenring portaging and set tokenring acbits commands.
The set tokenring locallearning command allows you to enable or disable local MAC address learning on a Token Ring port. The default is for local address learning to be enabled.
When local address learning is enabled, the value of the address recognized (A) bit and the frame copied (C) bit in LLC frames is set by the ports on the Token Ring module based on whether the frame was actually forwarded. However, when local address learning is disabled, the AC bits cannot be set by the ports on the Token Ring module based on whether the frame was forwarded because all frames are forwarded to the Catalyst 5000 series switching backplane.
Therefore, when local address learning is disabled on a Token Ring port, the AC bits must be set based on the type of frame that has been received. When you disable local address learning on a Token Ring port, the default is for the AC bits to always be set on LLC frames, however you can configure how the AC bits are to be set using the set tokenring acbits command.
Example
The following example shows how to disable local MAC address learning port 2 on module 3:
Console> (enable) set tokenring locallearning 3/2 disable
Warning: Resetting acbit value to ALWAYS: 3/2
Local learning disabled for port 3/2
Related Commands
set tokenring acbits
set tokenring portaging
set tokenring portaging
Use the set tokenring portaging privileged command to configure fast port aging on a Token Ring port.
- set tokenring portaging mod_num/port_num agingtime
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
agingtime
|
Time (in seconds) an inactive MAC address will remain in the port's address table. Possible values are 0 and 5 through 65535 seconds. Zero indicates the Token Ring module port address table entries are aged out using the CAM aging time for the corresponding VLAN that has been configured using the set cam agingtime command. To use the fast port aging feature effectively, we recommend that you configure an aging limit of 10.
|
Command Type
Switch command
Command Mode
Privileged
Usage Guidelines
We recommend that you use the set tokenring portaging command only in those rare circumstances in which network communications are disrupted because of invalid frames. This command should be used in conjunction with the set tokenring locallearning and set tokenring acbits commands.
When in a network environment in which a device is sending invalid frames, you can ensure that the Token Ring module port address tables contain correct MAC address entries by rapidly aging out the erroneous entries using the set tokenring portaging command. Rapidly aging out the Token Ring module port address table ensures that the Token Ring module port address tables do not contain invalid entries which might affect the Catalyst 5000 series switch and network communication.
The aging limit you define determines when inactive MAC addresses are removed from a port address table. The aging limit is the time (in seconds) a MAC address remains in the port's address table. Possible values are 0 and 5 through 65535 seconds. The default is 0. Zero indicates the Token Ring module port address table entries are aged out using the CAM aging time for the corresponding VLAN that has been configured using the set cam agingtime command. For more information about the set cam agingtime command, see the Catalyst 5000 Series Command Reference.
To use the fast port aging feature effectively, we recommend that you configure an aging limit of 10.
Example
The following example shows how to specify address aging limits for port 2 on module 3:
Console> (enable) set tokenring portaging 3/2 10
Agingtime set to 10 sec for port 3/2
Related Commands
set tokenring acbits
set tokenring locallearning
set tokenring portmode
Use the set tokenring portmode privileged command to specify the connection type and access protocol being used by a port.
- set tokenring portmode mod_num/port_num {auto | fdxcport | hdxcport | fdxstation |
hdxstation | riro}
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
auto
|
Keyword used to have the port detect the mode of connection.
|
fdxcport
|
Keyword used to set the port to operate as a concentrator port in full duplex mode.
|
hdxcport
|
Keyword used to set the port to operate as a concentrator port in half duplex mode.
|
fdxstation
|
Keyword used to set the port to operate as a station in full duplex mode.
|
hdxstation
|
Keyword used to set the port to operate as a station in half duplex mode.
|
riro
|
This parameter is applicable to fiber modules only.
|
Default
The default configuration is auto.
Command Type
Switch command
Command Mode
Privileged
Example
The following example shows how to set the port mode to autosensing on port 1 on module 4 and to set port 2 on module 4 to operate as a concentrator port in full-duplex mode:
Console> (enable)
set tokenring portmode 4/1 auto
Port 4/1 mode set to auto.
Console> (enable)
set tokenring portmode 4/2 fdxcport
Port 4/2 mode set to fdxcport.
Related Commands
show tokenring
set tokenring priority
Use the set tokenring priority privileged command to specify the highest Token Ring frame priority that shall go to the low-priority transmit queue and the minimum Token Ring frame priority that will be used when requesting a token.
- set tokenring priority mod_num/port_num {threshold thresh_num | minxmit min_num}
Syntax Description
mod_num
|
Number of the module.
|
port_num
|
Number of the port on the module.
|
threshold thresh_num
|
Keyword used to specify the priority queue threshold. Valid values are 0 to 7. The default is 3.
|
minxmit min_num
|
Keyword used to specify the minimum frame priority to be used. Valid values are 0 to 6. The default is 4.
|
Default
The default configuration for threshold is 3. The default configuration for minxmit is 4.
Command Type
Switch command
Command Mode
Privileged
Example
The following example shows how to set the priority threshold and minimum priority levels on port 2 on module 4:
Console> (enable)
set tokenring priority 4/2 threshold 6
Port 2 priority threshold set to 6.
Console> (enable)
set tokenring priority 4/2 minxmit 5
Port 2 priority minxmit set to 5.
Related Commands
show tokenring
set tokenring reduction
Use the set tokenring reduction privileged command to reduce broadcast storms in an externally looped network.
- set tokenring reduction {enable | disable}
Syntax Description
enable | disable
|
Keywords used to turn broadcast reduction on (enable) or off (disable).
|
Default
The default configuration is enabled.
Command Type
Switch command
Command Mode
Privileged
Example
The following example shows how to enable and disable ARE reduction:
Console> (enable)
set tokenring reduction enable
Console> (enable)
set tokenring reduction disable
set vlan
Use the set vlan privileged command to group ports into a virtual LAN.
- set vlan vlan_num mod/ports
- set vlan vlan_num [name name
