December 16, 2008
A Switch Powered by PoE
Interesting find: Cisco now makes a switch (8 ports) POWERED by PoE (not one that supplies PoE power, but receives it and does not need to be plugged in). Check it out: Catalyst 2960PD-8TT-L.
Posted by JC at 2:40 PM | Comments (14)
July 28, 2008
Automatic Err-Disable Recovery
Someone showed me a great feature today. One of the constant pains in the network is when you get a port err-disabled on the switch. Regardless of how many times I see it, it always seems to be the last thing I check. There's a little-known feature in the IOS called "err-disable recovery" which automatically turns a err-disabled switchport back on after 5 minutes (by default). The good news is that this command allows you to choose specific reasons where you'd like to re-enable the port, such as re-enabling ports disabled because of a port-flap instance but keeping mac-address security violations error disabled. Here's the syntax to make it happen:
CAT3550#conf t Enter configuration commands, one per line. End with CNTL/Z. CAT3550(config)#errdisable recovery ? cause Enable error disable recovery for application interval Error disable recovery timer value CAT3550(config)#errdisable recovery cause ? all Enable timer to recover from all error causes arp-inspection Enable timer to recover from arp inspection error disable state bpduguard Enable timer to recover from BPDU Guard error channel-misconfig Enable timer to recover from channel misconfig error dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error dtp-flap Enable timer to recover from dtp-flap error gbic-invalid Enable timer to recover from invalid GBIC error inline-power Enable timer to recover from inline-power error l2ptguard Enable timer to recover from l2protocol-tunnel error link-flap Enable timer to recover from link-flap error link-monitor-failure Enable timer to recover from link monitoring failure loopback Enable timer to recover from loopback error mac-limit Enable timer to recover from mac limit disable state oam-remote-failure Enable timer to recover from OAM detected remote failure pagp-flap Enable timer to recover from pagp-flap error port-mode-failure Enable timer to recover from port mode change failure psecure-violation Enable timer to recover from psecure violation error security-violation Enable timer to recover from 802.1x violation error sfp-config-mismatch Enable timer to recover from SFP config mismatch error storm-control Enable timer to recover from storm-control error udld Enable timer to recover from udld error unicast-flood Enable timer to recover from unicast flood error vmps Enable timer to recover from vmps shutdown error CAT3550(config)#errdisable recovery cause link-flap CAT3550(config)#^Z CAT3550#show errdisable recovery ErrDisable Reason Timer Status ----------------- -------------- arp-inspection Disabled bpduguard Disabled channel-misconfig Disabled dhcp-rate-limit Disabled dtp-flap Disabled gbic-invalid Disabled inline-power Disabled l2ptguard Disabled link-flap Enabled mac-limit Disabled link-monitor-fail Disabled loopback Disabled oam-remote-failur Disabled pagp-flap Disabled port-mode-failure Disabled psecure-violation Disabled security-violatio Disabled sfp-config-mismat Disabled storm-control Disabled udld Disabled unicast-flood Disabled vmps Disabled Timer interval: 300 seconds Interfaces that will be enabled at the next timeout: CAT3550#
Posted by JC at 1:19 PM | Comments (4)
January 18, 2008
Help! Remote Switch IP Changes...
I feel so shamed. I have completely neglected the CiscoBlog since the holidays and my first post of the new year is a plea for help. How pathetic! Forgive me. I plan on putting plenty of time into the blog, answering many of the questions that have come in over the last few weeks, and getting that forum running (I'm really close!). The check's in the mail
So here's what I need help with. This weekend, I'm doing a massive network migration for a government agency. They have about 60 switches that I will be moving over to a new IP addressing scheme (creating a separate management VLAN). So here's, in effect, what I'll be doing:
interface vlan 1
no ip address
interface vlan 200
ip address 10.20.x.x 255.255.0.0 (each switch gets its own IP address)
no shutdown
Seems simple, right? Well, these switches are spread over 15 buildings miles apart using fiber cabling. I'd like to be able to do this all remotely, many of the switches are using low-end images that only allow a single IP assignment at a time. So, if I'm telnetted in remotely and drop the VLAN 1 IP address, I'm dead.
I thought about setting up a TFTP server on my laptop, copy the running configs of the remote switches down, changing them, then copying them back to the startup config of the remote switch and rebooting...but that seems pretty painful.
Anyone have a great idea on a quick way to do this?
Posted by JC at 3:06 PM | Comments (27)
July 18, 2007
Simple Article on Configuring 802.1X
802.1X is a powerful technology forcing people to authenticate before they are able to access Layer 2 services (such as a switchport or wireless access point). I recently stumbled on a step-by-step article showing an end-to-end configuration for the Windows RADIUS server, the Windows XP client, and the Cisco wireless access point - the link is below; just click the Server, Client, and Access Point links at the bottom of the page to get the configurations.
http://www.cs.umd.edu/~mvanopst/8021x/howto/
Posted by JC at 12:50 PM | Comments (6)
May 16, 2007
Completely Clearing a Cisco Switch...The Easy Way!
Clearing out a Cisco switch configuration is always a pain because VLANs are kept in a seperate file from the startup-config (NVRAM). There's two ways to clear a switch back to the factory defaults - the easy way and the REALLY easy way:
The easy way -
Switch# write erase
Switch# delete flash:vlan.dat
Switch# reload
The REALLY easy way -
Hold the "mode" button on the front of the switch for 10 seconds. The lights will blink then go solid - the switch completely wipes all configuration and then reboots. Obviously, this method only works on stackable switches as the chassis based switches do not have mode buttons.
Posted by JC at 2:29 PM | Comments (2)
November 6, 2006
Two very cool switch commands
I've got two hot commands for you that I think you'll find very handy on your NativeIOS switches:
First off, in most environments, just about every port should be set to "spanning-tree portfast" to eliminate the 30 second delay before a switchport goes active. Here's a way to do it globally:
Switch(config)# spanning-tree portfast default
This command automatically sets any port configured as an access port (non-trunking) to the correct mode.
Now, speaking of access ports, check this out. Cisco came out with a secret-ninja command that automatically does three things:
1. Configures a switchport to access mode (for hosts)
2. Enables portfast
3. Disables Etherchannel capabilities
Here it is:
Switch(config)# interface range fa0/1 - 24
Switch(config-if-range)# switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled
Nice!!!
Posted by JC at 3:11 PM | Comments (10)
June 24, 2006
New Catalyst Switch Guide
Cisco has just released their brand new Catalyst switch guide. Pretty awesome side-by-side comparison of all switch equipment currently produced along with the different supervisor engines created for their chassis-based switches.
You can get this information in PDF format by clicking here.
Posted by JC at 9:51 AM | Comments (16)