Managing a Network of Switches

This chapter describes how to install and configure the Network Assistant on the Catalyst 4500 series switch. It also provides an overview of the concepts and procedures used to create and manage a cluster of Catalyst 4500 series switches.

This chapter contains these topics:

Understanding How the Network Assistant Works

Installation Requirements

Software and Hardware Requirements

Network Assistant-related Default Configuration

Installing the Network Assistant

Overview of the CLI Commands

Configuring the Network Assistant

Displaying the Network Assistant-related Configuration

Launching the Network Assistant

Connecting Network Assistant to a Device

Clustering Switches

Note For complete syntax and usage information for the switch commands used in this chapter, look at the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:

http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html

If the command is not found in the Catalyst 4500 Command Reference, it will be found in the larger Cisco IOS library. Refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at this location:

http://www.cisco.com/en/US/products/ps6350/index.html

Note The Network Assistant is not bundled with an online software image on Cisco.com. You can download the Network Assistant at this location:

http://www.cisco.com/en/US/products/ps5931/index.html

Understanding How the Network Assistant Works

Network Assistant is an application that manages standalone devices and clusters of devices from anywhere in your intranet. Using its graphical user interface, you can perform multiple configuration tasks without having to remember command-line interface commands. Network Assistant enables you to apply VLAN settings, link and device monitoring, and other networking features to multiple devices and ports at the same time.

Network Assistant is a client-server application that sends Cisco IOS commands to configure and manage the Catalyst 4500 series switch over HTTP. The client opens a connection to the HTTP server and sends a request. The HTTP server receives the request, sends a response back to the client, and closes the connection.

By default, the HTTP server is disabled on the Catalyst 4500 series switch. To connect the switch to the Network Assistant, you must enable the HTTP server.

After you enable the HTTP server, it listens for requests on port number 80. Through the CLI, you can change the TCP/IP port number to any number from 1 to 65,535. If you do not use the port number 80, you will need to ensure that the new port number matches the number that is configured on the switch.

Although the HTTP server uses HTTP Version 1.0, it also supports HTTP Version 1.1 messaging.

Installation Requirements

The workstation on which you install Network Assistant must meet these minimum requirements:

Operating System: Windows 2000

Processor speed: Pentium 300 MHz

DRAM: 128 MB

Number of colors: 65536

Resolution: 1024 x 768

Font size: Small

The following client platforms are supported by Network Assistant:

Windows NT 4.0, with Service Pack 6 or later

Windows 2000 Professional SP3+

Windows XP Professional SP1+

Software and Hardware Requirements

The minimum Cisco IOS software required on the Catalyst 4500 series switch is Release 12.2(20)EWA.

Table 1 lists the hardware required to support the Network Assistant.

Table 1 Hardware Supported for Network Assistant 1.0 Support 

Type
Part Number

Chassis

WS-C4503

 

WS-C4506

Power supplies

PWR-C45-1300AC

 

PWR-C45-1000AC

Supervisors

WS-X4013+

 

WS-X4515

 

WS-X4013+TS

Modules

WS-X4124-RJ45

 

WS-X4148-RJ

 

WS-X4224-RJ45V

 

WS-X4248-RJ45V

 

WS-X4548-GB-RJ45

 

WS-X4424-GB-RJ45

 

WS-X4306-GB


Network Assistant-related Default Configuration

Table 2 lists the Network Assistant-related configuration parameters on a Catalyst 4500 series switch.

Table 2 Network Assistant-related Configuration on a Catalyst 4500 Series Switch

Feature
Default Value
Recommended Value

HTTP server

Disabled

Enabled1

TCP/IP port number

80

Optional2

Authentication

Disabled

Optional

Cluster

Disabled

Enabled3

1 Required for Network Assistant to access the device.

2 Port number on the Network Assistant and the Catalyst 4500 series switch must match.

3 Enabled only if you want to manage a cluster of devices.


Installing the Network Assistant

To install Network Assistant on your workstation, follow these steps:

Step 1 Go to this Web address: www.cisco.com/go/Network Assistant.

You must be a registered Cisco.com user as a guest, but you need no access privileges.

Step 2 Find the Network Assistant installer, na-1_0-windows-installer.exe.

Step 3 Download the Network Assistant Installer and initiate the application. (You can operate the installer directly from the Web if your browser offers this choice.)

Network Assistant is free—there is no charge to download, install, or use it.

When you initiate the installer, follow the displayed instructions. In the final panel, click Finish to complete the installation of Network Assistant.

Overview of the CLI Commands

Table 3 is an overview of the Network Assistant-related CLI commands.

Table 3 CLI Commands

Command
Functions

[no] ip http server

Configures the HTTP server on the switch.

[no] ip http port port_number

Configures the HTTP port.

show version

Displays the Cisco IOS version.

show running-config

Displays the switch configuration.

[no] ip http authentication
{enable | local | tacacs}

Configures the HTTP authentication.

cluster run

Enables clustering.


[

Configuring the Network Assistant

Before you can access the Network Assistant, you need to perform the following tasks:

Enable Communication with Network Assistant

Enable Intra-cluster Communication

Enable Communication with Network Assistant

Network Assistant communicates with a Catalyst 4500 series switch by sending Cisco IOS commands over a HTTP connection.

To enable Network Assistant to connect to a Catalyst 4500 series switch, perform this task on the switch:

 
Command
Purpose

Step 1  

Switch# configure terminal

Enters global configuration mode.

Step 2  

Switch(config)# ip http server

Enables the HTTP server on the switch.

By default, the HTTP server is disabled.

Step 3  

Switch(config)# interface {vlan vlan_ID | 
{fastethernet | gigabitethernet} 
slot/interface | Port-channel number}

Selects an interface.

Step 4  

Switch(config-if)# ip address ip_address 
address_mask

(Optionally) Assigns an IP address to the Catalyst 4500 series

Note This step is mandatory if the switch is a cluster command switch candidate. This step is optional if the switch is a cluster member candidate.

Step 5  

Switch(config)# ip http port port_number

(Optionally) Configures the HTTP port.

Note Perform this step only if you want to change the default setting (80) for the TCP/IP port number on the server.

Step 6  

Switch(config)# ip http authentication

[enable | local | tacacs]

Configures HTTP authentication on the switch.

The Catalyst 4500 series switch software allows you to authenticate console, Telnet, and HTTP logins using the TACACS or Local database.

When you log in to the switch using HTTP, a dialog box appears and prompts you for your username and password. After you provide your username and password, the system authenticates your login with the HTTP user-authentication method. The system denies access unless the username and password are valid.

Step 7  

Switch(config-if)# end

Returns to privileged EXEC mode.

Step 8  

Switch# show running-config| include http

Verifies that the HTTP server is enabled.

This example shows how to configure the HTTP server: 

Switch# configure terminal

Switch(config)# interface GigabitEthernet 3/21

Switch(config-if)# ip address 10.77.209.183 255.255.255.0

Switch(config)# ip http server

Switch(config)# ip http port 80

Switch(config)# end

Switch# show running-config

Building configuration...

!

ip http server

!

This example shows how to configure the TCP/IP port number to the default (80): 

Switch(config)# default ip http port

This example shows how to configure the TCP port number to 2398: 

Switch(config)# ip http port 2398

This example shows how to configure the authentication login to use local passwords and to verify the configuration: 

Switch(config)# ip http authentication local

Switch(config)# end

Switch# show running-config | include http

ip http server

ip http authentication local

This example illustrates the sample configuration files for the cluster command switch candidate: 

Current configuration : 2481 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service compress-config

!

hostname Switch

!

!

vtp domain switch

vtp mode transparent

ip subnet-zero

!

cluster run

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

power redundancy-mode redundant

!

!

!

vlan internal allocation policy ascending

!

vlan 17,100,110,117,120,200

!


interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface GigabitEthernet3/1

 no switchport

 ip address 3.3.3.3 255.255.255.0

!

interface GigabitEthernet3/3

!

interface GigabitEthernet3/4

!

interface GigabitEthernet3/5

!

interface GigabitEthernet3/6

!

interface GigabitEthernet3/7

!

interface GigabitEthernet3/8

!

interface GigabitEthernet3/9

 shutdown

!

interface GigabitEthernet3/10

 shutdown

!

interface GigabitEthernet3/11

 shutdown

interface Vlan1

 no ip address

!

interface Vlan100

 no ip address

!

ip http server

Enable Intra-cluster Communication

You can use the following interfaces for intra-cluster communication: a router, an SVI, an access port, or a trunk port. If you employ an access port or trunk port, the VLAN used for inter-cluster communication must have an SVI in the no shut state.

To enable inter-cluster communication, perform this task on each of the Catalyst 4500 series switches that will serve as cluster member candidates.

 
Command
Purpose

Step 1  

Switch# configuration terminal

Enters global configuration mode.

Step 2  

Switch(config)# cluster run

Enables clustering.

Note Enable clustering on all switches that are part of the potential cluster.

Step 3  

Switch(config)# vlan vlan_id

Specifies a VLAN used to communicate with the cluster command switch.

Step 4  

Switch(config-vlan)# no shutdown

Enables a VLAN interface.

Step 5  

Switch(config)# interface {vlan vlan_ID | 
{fastethernet | gigabitethernet} 
slot/interface | Port-channel number}

Selects an interface.

Step 6  

Switch(config-if)# no shutdown

Enables the interface.

Step 7  

Switch(config)# interface {vlan vlan_ID | 
{fastethernet | gigabitethernet} 
slot/interface | Port-channel number}

Selects a port interface.

Step 8  

Switch(config-if)# switchport mode access

Configures the port interface as an access port.

Step 9  

Switch(config-if)# switchport access vlan 
vlan-id

Assigns the port interface to a VLAN.

Step 10  

Switch(config-if)# end

Returns to privileged EXEC mode.

Step 11  

Switch# show running-config

Verifies the configuration.

This example shows how to enable intra-cluster communication: 

Switch# configure terminal

Switch(config)# cluster run

Switch(config)# vlan 100

Switch(config-vlan)# no shutdown

Switch(config)# interface vlan 100

Switch(config-if)# no shutdown

Switch(config-if)# switchport mode access

Switch(config-if)# interface Gigabit Ethernet 3/24

Switch(config-if)# switchport access vlan 100

Switch(config)# end

Switch# show running-config

Building configuration...


Current configuration : 3954 bytes

!

version 12.2

!

hostname Switch

!

cluster run

!

!

vlan 100

!

interface GigabitEthernet3/24

 switchport access vlan 100

 switchport mode access

!

interface Vlan100

 ip address 100.100.100.1 255.255.255.0

!

ip http server

!         

end


Switch#

This example illustrates the sample configuration files for the cluster member candidate: 

Building configuration...

Current configuration : 1492 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service compress-config

!

hostname g5-7

!

!

vtp domain switch

vtp mode transparent

ip subnet-zero

!

cluster run

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

vlan 2-3,5,17,100,200-201,300-301,555

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface FastEthernet3/1

 switchport access vlan 100

 switchport mode access

!

interface Vlan1

 no ip address

!

interface Vlan100

 no ip address

ip http server

Displaying the Network Assistant-related Configuration

To display the Network Assistant configuration, perform this task:

Command
Purpose

Switch# show running-config

Displays the Network Assistant-related configuration.


This example shows how to display the Network Assistant-related configuration: 

Switch# show running-config

.....

Building configuration...


Current configuration : 3647 bytes

!

version 12.2

...

!

hostname Switch

!

boot system flash bootflash:cat4000-i5s-mz.122_20_EWA

!

...

!

cluster enable sample-cluster 0

...

!

...

ip http server

ip http port 800

!

...

end

Launching the Network Assistant

After installing Network Assistant, you will see its icon on your desktop. You will also use a Network Assistant entry under Start > Programs and a Network Assistant executable file in the installation directory. When you select any of these items, two windows will appear: the Network Assistant window, in disconnect mode, and the Connect window.

In disconnect mode, Network Assistant is not connected to any device, and it cannot manage a standalone device or the command device of a cluster. Its menu bar and tool bar support only tasks that customize the Network Assistant itself. The feature bar, which usually lists device features, is empty. Online Help is available in disconnect mode.

Connecting Network Assistant to a Device

To connect the Network Assistant to a device, use the Connect window, shown in Figure 1. In this window, enter the IP address of the device to which you want to connect. If you are authorized to configure the device and the HTTP port of the device is 80, you can ignore the settings in the Options button. When you click Connect, you either connect to the device directly or you are prompted for a user name and password and then are connected.

Figure 1 Connect Window

When the connection occurs, the Network Assistant window is in the connect mode. The toolbar adds icons that represent device features. Similarly, the feature bar fills with menus that list the device features that Network Assistant manages.

Note For information on how to use Network Assistant, refer to Getting Started with Cisco Network Assistant, available on Cisco.com.

Clustering Switches

This section provides an overview of the concepts and of the procedures used to create and manage Catalyst 4500 series switches. Unless otherwise noted, the term device refers to a standalone switch.

You can create and manage switch clusters by using the standalone Network Assistant application or the command-line interface (CLI). Configuring switch clusters is performed more easily from the Network Assistant than through the CLI.

Note For complete procedures for using Network Assistant to configure switch communities, refer to
Getting Started with Cisco Network Assistant, available at:

http://www.cisco.com/en/US/products/ps5931/prod_installation_guides_list.html.

This section contains the following topics:

Understanding Switch Clusters

Using the CLI to Manage Switch Clusters

Understanding Switch Clusters

These sections describe:

Clustering Overview

Cluster Command Switch Characteristics

Candidate Switch and Cluster Member Switch Characteristics

Note Clustering is disabled by default on the Catalyst 4500 series switch. Refer to the "Enable Intra-cluster Communication" section for details on how to enable clustering.

Clustering Overview

A switch cluster is a set of up to 16 connected, cluster-capable Catalyst switches that are managed as a single entity. The switches in the cluster use the switch clustering technology so that you can configure and troubleshoot a group of different Catalyst 4500 series switch platforms through a single IP address.

Using switch clusters simplifies the management of multiple switches, regardless of their physical location and platform families.

In a switch cluster, one switch must be the cluster command switch,and up to 15 other switches can be cluster member switches. The total number of switches in a cluster cannot exceed 16 switches. The cluster command switch is the single point of access used to configure, manage, and monitor the cluster member switches. Cluster members can belong to only one cluster at a time.

Note You should chose a high-end switch as the cluster command switch.

Cluster Command Switch Characteristics

A cluster command switch must meet these requirements:

It is using Cisco IOS Release 12.2(20)EWA or later.

It has an IP address.

It has Cisco Discovery Protocol (CDP) version 2 enabled (the default).

It is using cluster-capable software and has clustering enabled.

It has HTTP server enabled.

It has 16 VTY lines.

It is not a command or cluster member switch of another cluster.

Note If your switch cluster contains a Catalyst 4500 series switch, the cluster command switch must also be a Catalyst 4500 series switch.

Network Assistant and VTY

Network Assistant uses virtual terminal (VTY) lines to communicate with the cluster command device. Catalyst 4500 series switches have 5 VTY lines configured by default. Network Assistant can employ a maximum of 8 VTY lines at one time.

You can configure the Catalyst 4500 series switch to support an appropriate number of VTY lines with the line vty configuration command. For example, the line vty 6 15 command configures the switch to include 15 VTY lines.

Note If your existing VTY lines have non-default configurations, you might want to apply those configurations to the new VTY lines.

Candidate Switch and Cluster Member Switch Characteristics

Candidate switches are cluster-capable switches that have not yet been added to a cluster. Cluster member switches are switches that have been added to a switch cluster. Although not required, a candidate or cluster member switch can have its own IP address and password.

To join a cluster, a candidate switch must meet these requirements:

It is running cluster-capable software and has clustering enabled.

It has CDP version 2 enabled.

It has HTTP server enabled.

It has 16 VTY lines.

It is not a command or cluster member switch of another cluster.

It is connected to the cluster command switch through at least one common VLAN.

Catalyst 4500 candidate and cluster member switches must be configured with an SVI on the VLAN connection to the cluster command switch.

Using the CLI to Manage Switch Clusters

You can configure cluster member switches from the CLI by first logging in to the cluster command switch. Enter the rcommand user EXEC command and the cluster member switch number to start a Telnet session (through a console or Telnet connection) and to access the cluster member switch CLI. The command mode changes and the Cisco IOS commands operate as usual. Enter the exit privileged EXEC command on the cluster member switch to return to the command-switch CLI.

This example shows how to log in to member-switch 3 from the command-switch CLI: 

switch# rcommand 3

If you do not know the member-switch number, enter the show cluster members privileged EXEC command on the cluster command switch. For more information about the rcommand command and all other cluster commands, refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference.

The Telnet session accesses the member-switch CLI at the same privilege level as on the cluster command switch. The Cisco IOS commands then operate as usual. For instructions on configuring the switch for a Telnet session, see the "Accessing the CLI Through Telnet" section on page 2-2.

Note CISCO-CLUSTER_MIB is not supported.