- Index
- Preface
- Overview
- Using the Command-Line Interface
- Assigning the Switch IP Address and Default Gateway
- Configuring IE2100 CNS Agents
- Clustering Switches
- Administering the Switch
- Configuring SDM Templates
- Configuring Switch-Based Authentication
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Interface Characteristics
- Configuring Smartports Macros
- Configuring VLANs
- Configuring VTP
- Configuring Voice VLAN
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Flex Links
- Configuring DHCP Features
- Configuring IGMP Snooping and MVR
- Configuring Port-Based Traffic Control
- Configuring CDP
- Configuring SPAN and RSPAN
- Configuring UDLD
- Configuring RMON
- Configuring System Message Logging
- Configuring SNMP
- Configuring Network Security with ACLs
- Configuring QoS
- Configuring EtherChannels
- Troubleshooting
- Supported MIBs
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Recommendations for Upgrading a Catalyst 2950 Switch to a Catalyst 2960 Switch
- Unsupported Commands in Cisco IOS Release 12.2(25)FX
Clustering Switches
This chapter provides an overview of the concepts and of the procedures used to create and manage Catalyst 2960 switch clusters.
You can create and manage switch clusters by using Network Assistant, the command-line interface (CLI), or SNMP. Configuring switch clusters is more easily done from Network Assistant than through the CLI or SNMP. For getting started procedures about using Network Assistant to configure switch clusters, see Getting Started with Cisco Network Assistant, available on Cisco.com. For complete procedures about managing switch clusters, see the switch online help. For the CLI cluster commands, see the switch command reference.This chapter consists of these sections:
•
Understanding Switch Clusters
•Using the CLI to Manage Switch Clusters
•Using SNMP to Manage Switch Clusters
Note We do not recommend using the ip http access-class global configuration command to limit access to specific hosts or networks. Control access through the cluster command switch or by applying access control lists (ACLs) on interfaces that are configured with an IP address. For more information on ACLs, see "Configuring Network Security with ACLs."
Understanding Switch Clusters
These sections contain this information:
•Cluster Command Switch Characteristics
•Standby Cluster Command Switch Characteristics
•Candidate Switch and Cluster Member Switch Characteristics
Clustering Overview
A switch cluster is a set of up to 16 connected, cluster-capable Catalyst switches that are managed as a single entity. The switches in the cluster use the switch clustering technology so that you can configure and troubleshoot a group of different Catalyst desktop switch platforms through a single IP address.
Using switch clusters simplifies the management of multiple switches, regardless of their physical location and platform families. Clustering also provides redundancy through standby cluster command switches.
In a switch cluster, 1 switch must be the cluster command switch and up to 15 other switches can be cluster member switches. The total number of switches in a cluster cannot exceed 16 switches. The cluster command switch is the single point of access used to configure, manage, and monitor the cluster member switches. Cluster members can belong to only one cluster at a time.
Note If you configure Secure Socket Layer (SSL) Version 3.0 for a secure (HTTPS) connection, the SSL connection stops at the command switch. Cluster member switches must run nonsecure HTTP. For more information about SSL, see the "Configuring the Switch for Secure Socket Layer HTTP" section.
For more information about switch clustering, including cluster-planning considerations, see Getting Started with Cisco Network Assistant, available on Cisco.com. For a list of Catalyst switches eligible for switch clustering, including which ones can be cluster command switches and which ones can only be cluster member switches, and the required software versions, see the Release Notes for Cisco Network Assistant, available on Cisco.com.
Cluster Command Switch Characteristics
A cluster command switch must meet these requirements:
•It is running Cisco IOS Release 12.2(25)FX or later.
•It has an IP address.
•It has Cisco Discovery Protocol (CDP) Version 2 enabled (the default).
•It is not a command or cluster member switch of another cluster.
•It is connected to the standby cluster command switches through the management VLAN and to the cluster member switches through a common VLAN.
Note If your switch cluster has a Catalyst 2960 switch, it should be the cluster command switch unless the cluster has a Catalyst 3750 switch or switch stack. If the switch cluster has a Catalyst 3750 switch or switch stack, that switch or switch stack should be the cluster command switch.
Standby Cluster Command Switch Characteristics
A standby cluster command switch must meet these requirements:
•It is running Cisco IOS Release 12.2(25)FX or later.
•It has an IP address.
•It has CDP Version 2 enabled.
•It is connected to the command switch and to other standby command switches through its management VLAN.
•It is connected to all other cluster member switches (except the cluster command and standby command switches) through a common VLAN.
•It is redundantly connected to the cluster so that connectivity to cluster member switches is maintained.
•It is not a command or member switch of another cluster.
Note Standby cluster command switches must be the same type of switches as the cluster command switch. For example, if the cluster command switch is a Catalyst 2960 switch, the standby cluster command switches must also be Catalyst 2960 switches. See the switch configuration guides of other cluster-capable switches for their requirements on standby cluster command switches.
Candidate Switch and Cluster Member Switch Characteristics
Candidate switches are cluster-capable switches that have not yet been added to a cluster. Cluster member switches are switches that have actually been added to a switch cluster. Although not required, a candidate or cluster member switch can have its own IP address and password.
To join a cluster, a candidate switch must meet these requirements:
•It is running cluster-capable software.
•It has CDP Version 2 enabled.
•It is not a command or cluster member switch of another cluster.
•If a cluster standby group exists, it is connected to every standby cluster command switch through at least one common VLAN. The VLAN to each standby cluster command switch can be different.
•It is connected to the cluster command switch through at least one common VLAN.
Note Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL candidate and cluster member switches must be connected through their management VLAN to the cluster command switch and standby cluster command switches. For complete information about these switches in a switch-cluster environment, see the software configuration guide for that specific switch.
This requirement does not apply if you have a Catalyst 2970, 2960, 3550, 3560, or 3750 cluster command switch. Candidate and cluster member switches can connect through any VLAN in common with the cluster command switch.
Using the CLI to Manage Switch Clusters
You can configure cluster member switches from the CLI by first logging into the cluster command switch. Enter the rcommand user EXEC command and the cluster member switch number to start a Telnet session (through a console or Telnet connection) and to access the cluster member switch CLI. The command mode changes, and the Cisco IOS commands operate as usual. Enter the exit privileged EXEC command on the cluster member switch to return to the command-switch CLI.
This example shows how to log into member-switch 3 from the command-switch CLI:
switch# rcommand 3
If you do not know the member-switch number, enter the show cluster members privileged EXEC command on the cluster command switch. For more information about the rcommand command and all other cluster commands, see the switch command reference.
The Telnet session accesses the member-switch CLI at the same privilege level as on the cluster command switch. The Cisco IOS commands then operate as usual. For instructions on configuring the switch for a Telnet session, see the "Disabling Password Recovery" section.
Catalyst 1900 and Catalyst 2820 CLI Considerations
If your switch cluster has Catalyst 1900 and Catalyst 2820 switches running standard edition software, the Telnet session accesses the management console (a menu-driven interface) if the cluster command switch is at privilege level 15. If the cluster command switch is at privilege level 1 to 14, you are prompted for the password to access the menu console.
Note Catalyst 1900, 2900 XL (4 MB), and 2820 switches are not supported in Network Assistant. The switches appear as unknown devices in the Network Assistant Front Panel and Topology views.
Command-switch privilege levels map to the Catalyst 1900 and Catalyst 2820 cluster member switches running standard and Enterprise Edition Software as follows:
•If the command-switch privilege level is 1 to 14, the cluster member switch is accessed at privilege level 1.
•If the command-switch privilege level is 15, the cluster member switch is accessed at privilege level 15.
Note The Catalyst 1900 and Catalyst 2820 CLI is available only on switches running Enterprise Edition Software.
For more information about the Catalyst 1900 and Catalyst 2820 switches, see the installation and configuration guides for those switches.
Using SNMP to Manage Switch Clusters
When you first power on the switch, SNMP is enabled if you enter the IP information by using the setup program and accept its proposed configuration. If you did not use the setup program to enter the IP information and SNMP was not enabled, you can enable it as described in the "Configuring SNMP" section. On Catalyst 1900 and Catalyst 2820 switches, SNMP is enabled by default.
When you create a cluster, the cluster command switch manages the exchange of messages between cluster member switches and an SNMP application. The cluster software on the cluster command switch appends the cluster member switch number (@esN, where N is the switch number) to the first configured read-write and read-only community strings on the cluster command switch and propagates them to the cluster member switch. The cluster command switch uses this community string to control the forwarding of gets, sets, and get-next messages between the SNMP management station and the cluster member switches.
Note When a cluster standby group is configured, the cluster command switch can change without your knowledge. Use the first read-write and read-only community strings to communicate with the cluster command switch if there is a cluster standby group configured for the cluster.
If the cluster member switch does not have an IP address, the cluster command switch redirects traps from the cluster member switch to the management station, as shown in Figure 5-1. If a cluster member switch has its own IP address and community strings, the cluster member switch can send traps directly to the management station, without going through the cluster command switch.
If a cluster member switch has its own IP address and community strings, they can be used in addition to the access provided by the cluster command switch. For more information about SNMP and community strings, see "Configuring SNMP."
Figure 5-1 SNMP Management for a Cluster
Feedback