Recently in Switching Category

Interesting find: Cisco now makes a switch (8 ports) POWERED by PoE (not one that supplies PoE power, but receives it and does not need to be plugged in). Check it out: Catalyst 2960PD-8TT-L.

Someone showed me a great feature today. One of the constant pains in the network is when you get a port err-disabled on the switch. Regardless of how many times I see it, it always seems to be the last thing I check. There's a little-known feature in the IOS called "err-disable recovery" which automatically turns a err-disabled switchport back on after 5 minutes (by default). The good news is that this command allows you to choose specific reasons where you'd like to re-enable the port, such as re-enabling ports disabled because of a port-flap instance but keeping mac-address security violations error disabled. Here's the syntax to make it happen:

I feel so shamed. I have completely neglected the CiscoBlog since the holidays and my first post of the new year is a plea for help. How pathetic! Forgive me. I plan on putting plenty of time into the blog, answering many of the questions that have come in over the last few weeks, and getting that forum running (I'm really close!). The check's in the mail

So here's what I need help with. This weekend, I'm doing a massive network migration for a government agency. They have about 60 switches that I will be moving over to a new IP addressing scheme (creating a separate management VLAN). So here's, in effect, what I'll be doing:

interface vlan 1
no ip address
interface vlan 200
ip address 10.20.x.x 255.255.0.0 (each switch gets its own IP address)
no shutdown

Seems simple, right? Well, these switches are spread over 15 buildings miles apart using fiber cabling. I'd like to be able to do this all remotely, many of the switches are using low-end images that only allow a single IP assignment at a time. So, if I'm telnetted in remotely and drop the VLAN 1 IP address, I'm dead.

I thought about setting up a TFTP server on my laptop, copy the running configs of the remote switches down, changing them, then copying them back to the startup config of the remote switch and rebooting...but that seems pretty painful.

Anyone have a great idea on a quick way to do this?

802.1X is a powerful technology forcing people to authenticate before they are able to access Layer 2 services (such as a switchport or wireless access point). I recently stumbled on a step-by-step article showing an end-to-end configuration for the Windows RADIUS server, the Windows XP client, and the Cisco wireless access point - the link is below; just click the Server, Client, and Access Point links at the bottom of the page to get the configurations.

http://www.cs.umd.edu/~mvanopst/8021x/howto/

Clearing out a Cisco switch configuration is always a pain because VLANs are kept in a seperate file from the startup-config (NVRAM). There's two ways to clear a switch back to the factory defaults - the easy way and the REALLY easy way:

The easy way -

Switch# write erase
Switch# delete flash:vlan.dat
Switch# reload

The REALLY easy way -

Hold the "mode" button on the front of the switch for 10 seconds. The lights will blink then go solid - the switch completely wipes all configuration and then reboots. Obviously, this method only works on stackable switches as the chassis based switches do not have mode buttons.

I've got two hot commands for you that I think you'll find very handy on your NativeIOS switches:

First off, in most environments, just about every port should be set to "spanning-tree portfast" to eliminate the 30 second delay before a switchport goes active. Here's a way to do it globally:

Cisco has just released their brand new Catalyst switch guide. Pretty awesome side-by-side comparison of all switch equipment currently produced along with the different supervisor engines created for their chassis-based switches.

You can get this information in PDF format by clicking here.