Clustering Switches
This chapter provides an overview of the concepts and of the procedures used to create and manage Catalyst 3750 switch clusters. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack.
You can create and manage switch clusters by using the Network Assistant application, the command-line interface (CLI), or SNMP. Configuring switch clusters is more easily done from Network Assistant than through the CLI or SNMP.For complete procedures about using Network Assistant to configure switch clusters, see Getting Started with Cisco Network Assistant, available on Cisco.com. For the CLI cluster commands, see the switch command reference.This chapter consists of these sections:
•Understanding Switch Clusters
•Using the CLI to Manage Switch Clusters
•Using SNMP to Manage Switch Clusters
Note We do not recommend using the ip http access-class global configuration command to limit access to specific hosts or networks. Access should be controlled through the cluster command switch or by applying access control lists (ACLs) on interfaces that are configured with an IP address. For more information on ACLs, see "Configuring Network Security with ACLs."
Understanding Switch Clusters
These sections describe:
•Clustering Overview
•Cluster Command Switch Characteristics
•Standby Cluster Command Switch Characteristics
•Candidate Switch and Cluster Member Switch Characteristics
Clustering Overview
A switch cluster is a set of up to 16 connected, cluster-capable Catalyst switches that are managed as a single entity. The switches in the cluster use the switch clustering technology so that you can configure and troubleshoot a group of different Catalyst desktop switch platforms through a single IP address.
Note A switch cluster is different from a switch stack. A switch stack is a set of Catalyst 3750 switches connected through their stack ports. For more information about how switch stacks differ from switch clusters, see the "Planning and Creating Clusters" chapter in the Getting Started with Cisco Network Assistant, available on Cisco.com.
Using switch clusters simplifies the management of multiple switches, regardless of their physical location and platform families. Clustering also provides redundancy through standby cluster command switches.
In a switch cluster, 1 switch must be the cluster command switch and up to 15 other switches can be cluster member switches. The total number of switches in a cluster cannot exceed 16 switches. The cluster command switch is the single point of access used to configure, manage, and monitor the cluster member switches. Cluster members can belong to only one cluster at a time.
Note If you configure Secure Socket Layer (SSL) Version 3.0 for a secure (HTTPS) connection, the SSL connection stops at the command switch. Cluster member switches must run nonsecure HTTP. For more information about SSL, see the "Configuring the Switch for Secure Socket Layer HTTP" section.
For more information about switch clustering, including cluster-planning considerations, see Getting Started with Cisco Network Assistant, available on Cisco.com. For a list of Catalyst switches eligible for switch clustering, including which ones can be cluster command switches and which ones can only be cluster member switches, and the required software versions, see the Release Notes for Cisco Network Assistant, available on Cisco.com.
Cluster Command Switch Characteristics
A cluster command switch must meet these requirements:
•It is running Cisco IOS Release 12.1(11)AX or later.
•It has an IP address.
•It has Cisco Discovery Protocol (CDP) Version 2 enabled (the default).
•It is not a command or cluster member switch of another cluster.
•It is connected to the standby cluster command switches through the management VLAN and to the cluster member switches through a common VLAN.
Note If your switch cluster has a Catalyst 3750 switch, or a switch stack, it must be the cluster command switch.
Standby Cluster Command Switch Characteristics
A standby cluster command switch must meet these requirements:
•It is running Cisco IOS Release 12.1(11)AX or later.
•It has an IP address.
•It has CDP Version 2 enabled.
•It is connected to the command switch and to other standby command switches through its management VLAN.
•It is connected to all other cluster member switches (except the cluster command and standby command switches) through a common VLAN.
•It is redundantly connected to the cluster so that connectivity to cluster member switches is maintained.
•It is not a command or member switch of another cluster.
Note Standby cluster command switches must be the same type of switches as the cluster command switch. For example, if the cluster command switch is a Catalyst 3750 switch, the standby cluster command switches must also be Catalyst 3750 switches. See the switch configuration guides of other cluster-capable switches for their requirements on standby cluster command switches.
Candidate Switch and Cluster Member Switch Characteristics
Candidate switches are cluster-capable switches and switch stacks that have not yet been added to a cluster. Cluster member switches are switches and switch stacks that have actually been added to a switch cluster. Although not required, a candidate or cluster member switch can have its own IP address and password.
To join a cluster, a candidate switch must meet these requirements:
•It is running cluster-capable software.
•It has CDP Version 2 enabled.
•It is not a command or cluster member switch of another cluster.
•If a cluster standby group exists, it is connected to every standby cluster command switch through at least one common VLAN. The VLAN to each standby cluster command switch can be different.
•It is connected to the cluster command switch through at least one common VLAN.
Note Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL candidate and cluster member switches must be connected through their management VLAN to the cluster command switch and standby cluster command switches. For complete information about these switches in a switch-cluster environment, see the software configuration guide for that specific switch.
This requirement does not apply if you have a Catalyst 2970, Catalyst 3550, Catalyst 3560, or Catalyst 3750 cluster command switch. Candidate and cluster member switches can connect through any VLAN in common with the cluster command switch.
Using the CLI to Manage Switch Clusters
You can configure cluster member switches from the CLI by first logging into the cluster command switch. Enter the rcommand user EXEC command and the cluster member switch number to start a Telnet session (through a console or Telnet connection) and to access the cluster member switch CLI. The command mode changes, and the Cisco IOS commands operate as usual. Enter the exit privileged EXEC command on the cluster member switch to return to the command-switch CLI.
This example shows how to log into member-switch 3 from the command-switch CLI:
If you do not know the member-switch number, enter the show cluster members privileged EXEC command on the cluster command switch. For more information about the rcommand command and all other cluster commands, see the switch command reference.
The Telnet session accesses the member-switch CLI at the same privilege level as on the cluster command switch. The Cisco IOS commands then operate as usual. For instructions on configuring the switch for a Telnet session, see the "Disabling Password Recovery" section.
Note The CLI supports the creation and maintenance of switch clusters with up to 16 switch stacks. For more information about switch stacks and switch clusters, see the "Planning and Creating Clusters" chapter in the Getting Started with Cisco Network Assistant, available on Cisco.com. This section describes important considerations for managing switch stacks in switch clusters.
Catalyst 1900 and Catalyst 2820 CLI Considerations
If your switch cluster has Catalyst 1900 and Catalyst 2820 switches running standard edition software, the Telnet session accesses the management console (a menu-driven interface) if the cluster command switch is at privilege level 15. If the cluster command switch is at privilege level 1 to 14, you are prompted for the password to access the menu console.
Note Catalyst 1900, 2900 XL (4-MB), and 2820 switches are not supported in Network Assistant. The switches appear as unknown members in the Network Assistant Front Panel and Topology views.
Command-switch privilege levels map to the Catalyst 1900 and Catalyst 2820 cluster member switches running standard and Enterprise Edition Software as follows:
•If the command-switch privilege level is 1 to 14, the cluster member switch is accessed at privilege level 1.
•If the command-switch privilege level is 15, the cluster member switch is accessed at privilege level 15.
Note The Catalyst 1900 and Catalyst 2820 CLI is available only on switches running Enterprise Edition Software.
For more information about the Catalyst 1900 and Catalyst 2820 switches, see the installation and configuration guides for those switches.
Using SNMP to Manage Switch Clusters
When you first power on the switch, SNMP is enabled if you enter the IP information by using the setup program and accept its proposed configuration. If you did not use the setup program to enter the IP information and SNMP was not enabled, you can enable it as described in the "Configuring SNMP" section on page 31-6. On Catalyst 1900 and Catalyst 2820 switches, SNMP is enabled by default.
When you create a cluster, the cluster command switch manages the exchange of messages between cluster member switches and an SNMP application. The cluster software on the cluster command switch appends the cluster member switch number (@esN, where N is the switch number) to the first configured read-write and read-only community strings on the cluster command switch and propagates them to the cluster member switch. The cluster command switch uses this community string to control the forwarding of gets, sets, and get-next messages between the SNMP management station and the cluster member switches.
Note When a cluster standby group is configured, the cluster command switch can change without your knowledge. Use the first read-write and read-only community strings to communicate with the cluster command switch if there is a cluster standby group configured for the cluster.
If the cluster member switch does not have an IP address, the cluster command switch redirects traps from the cluster member switch to the management station, as shown in Figure 6-1. If a cluster member switch has its own IP address and community strings, the cluster member switch can send traps directly to the management station, without going through the cluster command switch.
If a cluster member switch has its own IP address and community strings, they can be used in addition to the access provided by the cluster command switch. For more information about SNMP and community strings, see Chapter 31, "Configuring SNMP."
Figure 6-1 SNMP Management for a Cluster