Introduction to the Command-Line Interface

The remainder of this chapter focuses on using the command-line interface (CLI) on Cisco switches. There are actually two different operating systems that some Cisco switches support: CatOS and IOS. CatOS is the older style operating system and the IOS is the newer style. The CCNP BCMSN exam focuses on the newer style. So, most of the commands discussed in this and the remaining chapters are IOS commands.

CatOS and IOS Comparison

There are actually three flavors of the operating system for certain Catalyst switches: CatOS, hybrid mode, and native mode (IOS). CatOS configures only Layer 2 switching. For switches that have Layer 3 capabilities, such as the Catalyst 6500 with the MSFC (multilayer switch feature card), CatOS can be used for Layer 2 functionality and the IOS can control the MSFC. This process is called hybrid mode. In native mode, the IOS controls both Layer 2 and Layer 3 functions in the switch. Table 2.5 displays the switches and the modes that they support.

CatOS and IOS support most of the same features; however, there are some differences. For instance, CatOS supports dynamic VLANs and stateful supervisor engine switchover/failover, whereas IOS doesn't. CatOS doesn't support server load balancing, MPLS, and distributed Cisco Express Forwarding (CEF), but IOS does.

CatOS is supported on the Catalyst 4000s and 6500s, and provides only Layer 2 processing. Hybrid mode is supported on the 4006 and 6500 when a routing card is installed the routing card has IOS and the Supervisor Engine has CatOS. Native (IOS) mode only runs IOS on the switch, controlling both Layer 2 and Layer 3 functions. All of Cisco's switches support native mode.

If you've worked with CatOS in the past, the IOS interface and configuration will be noticeably different. Table 2.6 compares the configuration and operation of the two operating systems.

One major difference between CatOS and IOS is that CatOS has only two modes: User and Privilege EXEC, whereas IOS has three modes. Both CatOS modes are similar to the equivalent IOS modes. The exception is that in Privilege EXEC mode in CatOS, you can also execute configuration commands, such as set and clear.

CatOS uses set and clear commands to make configuration changes.

Configuration Introduction

The commands discussed in this book are used by the IOS operating system (CatOS is not discussed, except in specific situations related to the exam). This book assumes that you have a basic knowledge of IOS commands. As you'll see in this section, the commands used by IOS routers are basically the same as those used on the Catalyst switches, with some differences. This book assumes that you have basic IOS skills and have at least achieved the CCNA certification, which thoroughly covers basic IOS commands. Features such as context help, CLI editing, and command recall are all supported in native mode.

To access the switch and put an initial configuration on the switch, you'll have to set up a console connection from your PC to the switch. This requires a RJ-45 rollover cable and a DB9-to-RJ45 terminal adapter. You'll need a terminal emulation program running on your PC, configured for 9,600bps, 8 data bits, 1 stop bit, no parity, and no flow control.

Sample Configuration

Let's take a look at a basic configuration for an IOS-based switch, shown in Listing 2.1.

Listing 2.1 Basic Configuration

 Switch> enable Switch# configure terminal Switch(config)# hostname name_of_switch Switch(config)# enable password password Switch(config)# enable secret password Switch(config)# service password-encryption Switch(config)# Switch(config)# line console 0 Switch(config-line)# password password Switch(config-line)# exit Switch(config)# line vty 0 4 Switch(config-line)# login Switch(config-line)# password password Switch(config-line)# access-class ACL_# in Switch(config-line)# exit Switch(config)# access-list 1-99 permit IP_address [wildcard_mask] Switch(config)# Switch(config)# interface vlan VLAN_# Switch(config-if)# ip address IP_address subnet_mask Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# ip default-gateway router_IP_address Switch(config)# Switch(config)# interface type slot_#/port_# Switch(config-if)# duplex auto|full|half Switch(config-if)# speed 10|100|auto Switch(config-if)# end Switch# exit 

The enable command takes you from User to Privilege Exec mode. The configure terminal command takes you from Privilege EXEC to Configuration mode. The hostname command assigns a name to your switch, which also changes its prompt. The enable password and enable secret commands assign a password to restrict access to Privilege EXEC mode. The enable password command stores the password in clear text, whereas the enable secret command encrypts the password. If both commands are configured, the enable secret command takes precedence. The service password-encryption command encrypts all clear-text passwords on the switch; however, its encryption process is not as strong as using the enable secret command.

There are two methods of accessing User EXEC mode on the switch: from the console (line console 0) and from telnet (line vty 0 4). To secure the console port, use the password command. To secure telnet access, authenticate logins with the login command and assign a password with the password command. Please note that the password created with the password command is stored in clear text. It's recommended that you restrict telnet access to the switch by configuring a standard ACL with the access-list command and activating it on your VTY lines with the access-class command. Use permit statements in the ACL to match on networks or PCs that are allowed to telnet to the switch.

In-band management is management traffic, such as telnetting to the switch, that crosses the switching backplane of the switch. Out-of-band management traffic, such as accessing the switch through its console port, doesn't traverse the backplane of the switch.

To assign an IP address to the switch, you must create a logical VLAN interface. VLANs are discussed in Chapter 3. To create a logical VLAN interface, use the interface vlan command, specifying the VLAN that the switch should be associated with. Then assign an IP address to it with the ip address command. By default, these logical interfaces are disabled, so enable them with the no shutdown command. If the switch has no routing function (is configured only for or supports only Layer 2), assign a default gateway address with the ip default-gateway command.

To configure interface settings, such as speed or duplexing, enter the physical interface with the interface command. You must specify the type (fastethernet or gigabitethernet), slot number (on the 2950, this is always 0), and the port number. Once you're in the interface, use the duplex command to change the duplexing (defaults to auto) and the speed command to change the speed (defaults to auto for multispeed ports). If you're experiencing intermittent connectivity problems or a large number of collisions on an interface, autosensing could be the culprit. If this is the case, hardcode the speed and duplexing on the interface.

To exit Configuration mode, use the end command or press the Ctrl+Z control sequence. To log out of the switch from either User or Privilege EXEC mode, use the exit command. This is the crash course on basic switch configuration.

Be familiar with the commands listed in Listing 2.1.

Please note that the Catalyst 1900, which is end-of-life (EOL), also has an IOS-based interface. However, the commands to configure it are different from the ones presented earlier. Because the 1900 is EOL, this book focuses on IOS for only the newer switches, which I discussed in Listing 2.1.

Manipulating Files

To view the active configuration file on a switch, use the show system:running-config command. To view a saved configuration file, use the show nvram: startup-config command. Please note that the syntax listed earlier is the newer syntax. The older syntax is still supported. In other words, you could omit the location, like system: and nvram:, when performing certain copy functions.

When using native mode on a Catalyst switch, any configuration changes that you make are not automatically saved to flash. This is different from CatOS. To save your changes, use one of the following commands:

 Switch# copy system:running-config nvram:startup-config Switch# copy system:running-config tftp:[[[//IP_address]/directory_name]/filename] Switch# copy nvram:startup-config tftp:[[[//IP_address]/directory_name]/filename] 

Note that to use the copy command, you must be in Privilege EXEC mode. The first command backs up the active configuration to flash. The second command backs up the active configuration to a TFTP server. The third command backs up the saved configuration to a TFTP server. To restore your changes, use one of the preceding copy commands and revert the source and destination information.

To view your operating system files in flash, use the show flash or dir flash: command:

 Switch# dir flash: Directory of flash:/     2  -rwx     2664051   Mar 01 1993 00:03:18  c2950-i6q4l2-mz.121-11.EA1.bin     3  -rwx         269   Jan 01 1970 00:01:51  env_vars     4  -rwx        1355   Mar 12 1993 01:49:50  config.text     5  -rwx           5   Mar 12 1993 01:49:50  vlan.dat     7  drwx         704   Mar 01 1993 00:03:55  html 

The first file is the operating image (IOS). The config.text file is the saved configuration and mimics NVRAM found on Cisco routers. The vlan.dat file contains the VLAN database configuration discussed in Chapter 3. The html directory contains the necessary files to access and manage the switch using a Web browser.

To back up the native mode image in flash, use the copy flash tftp command. You'll be prompted for the name of the IOS image to back up, the IP address of the TFTP server, and what you want to name the IOS image on the TFTP server. To upgrade the native mode image on your switch, use the copy tftp flash command. You'll be prompted for the same three pieces of information as with the copy flash tftp command.

Troubleshooting

The switches support two basic troubleshooting commands: show and debug. show commands display static information about the operation and configuration of the switch; in other words, the information is not updated on the screen unless you re-execute the command. Table 2.7 lists some common show commands.

If you can't access the switch via IP or cannot access another device through the switch, check the following:

• Examine the cabling to make sure that you're using the correct type: straight-through for DTE-DCE connections and crossover for DTE-DTE and DCE-DCE connections. A DTE is a router, file server, or PC. A DCE is a hub, bridge, or switch.

• Examine the status of the interface to which the device is connected with the show interfaces command.

• Examine the switch's configuration of its IP addressing on the VLAN interface with the show interfaces command. Also examine the switch's default gateway address.

• If the switch and other device are in different VLANs, make sure that both devices are configured for the correct VLANs and have default routes.

debug commands have a dynamic display of events on your switch; that is, they display events as they occur. You must be in Privilege EXEC mode to execute debug commands. To add timestamps with the date and time to your debug output, execute the service timestamps command. Because debug commands are process-intensive, you should disable them when you're finished. Either preface the debug command with the no parameter to disable it, or use the no debug all command.

debug commands are a very powerful tool. However, you should be very careful about their use because they are very process-intensive and can affect the throughput of traffic flowing through your switch. Do not use the debug all command doing so will probably crash your switch.

Converting CatOS to IOS

In hybrid mode on the Catalyst 6500, your switch has two images: one for the Supervisor Engine and one for the MSFC. The image name for the Supervisor Engine begins with cat6000-sup. The image name for the MSFC begins with c6msfc.

In native mode, only one image is used to operate the switch. There are four types of native mode images for the Catalyst 6500, depending on the Supervisor Engine (I or II) and MFSC (1, 2, or none) that are installed in the switch. The four native mode image types are listed here:

• c6sup-is-mz.version_#-revision_#.features Used with a Supervisor Engine I with an MSFC 1 installed. This is the original native mode image nomenclature.

• c6sup11-is-mz.version_#-revision_#.features Used with a Supervisor Engine I with an MSFC 1 installed. This is the newer native mode image nomenclature.

• c6sup12-is-mz.version_#-revision_#.features Used with a Supervisor Engine I with an MSFC 2 installed.

• c6sup22-is-mz.version_#-revision_#.features Used with a Supervisor Engine II with an MSFC 2 installed.

Based on the hardware installed in your Catalyst 6500, you need to make sure that you download the correct file.

Converting from a CatOS operating system to an IOS operating system is not a trivial matter, would require quite a few pages of explanation, and is beyond the scope of this book. However, if you need to perform this process by upgrading to an IOS image, visit Cisco's Web site at http://www.cisco.com/warp/customer/473/80.shtml. This site requires a CCO login.

To convert your CatOS configuration to an IOS configuration, download the following tool from Cisco and run your CatOS configuration through it. The converter tool outputs an IOS configuration file that you can load on your switch: http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-config-converter. This tool requires a CCO login.

Switch Fabric Module

The Catalyst 6500 switches support a special card, called the Switch Fabric Module (SFM), which comes in two versions, 1 and 2. In combination with the Supervisor Engine II, the backplane capacity of the 6500 is upgraded from 32Gbps to 256Gbps. The SFM delivers 30Mpps throughput using Cisco Express Forwarding (CEF) and 210Mpps throughput with the Distributed Feature Card (DCF) installed. CEF is discussed in Chapter 6. The SFM also supports advanced features, such as ACL filtering and QoS, in hardware.

SFM Characteristics

The SFM provides a dedicated connection between modules that support SFM connectivity. Modules thus have a connection to the 32Gbps bus as well as to the bus on the SFM itself. The SFM card doesn't have any interfaces, but it does have an LCD display that shows the utilization of the module.

With a 6513 chassis, the SFM is installed in slot 7 or 8, and slots 9 13 support dual-switch fabric interface modules, such as Fast and Gigabit Ethernet modules. For all other model 6500 switches, the SFM is installed in either slot 5 or 6. With all 6500s, you can install a redundant SFM in the remaining slot. One nice feature about dual SFMs is that it doesn't require any extra configuration on your part.

The SFM expands the backplane of the switch from 32 to 256Gbps. In a 6513, the SFM goes in slot 7 or 8, whereas in other 6500 chassis, it goes in slot 5 or 6. The SFM supports dual cards, but requires a Supervisor Engine II card.

After you install the SFM, traffic can be moved between connected modules via one of three modes:

• Bus mode Used to move traffic between non-fabric modules and for traffic between fabric and non-fabric modules. All traffic is sent through the local bus and Supervisor Engine bus.

• Compact mode Used to move traffic between fabric modules only, which first compacts the DBus header to improve performance (enabled by default).

• Truncated mode Used when you have mixed modules. This mode applies only to traffic between fabric modules.

Configuration

Setting up and configuring the SFM is simple. You can place a restriction on your 6500 operation with the following SFM command:

 Switch(config)# fabric required 

When you configure this command, you're telling the switch that if the SFM fails or is removed, the switch will not process any traffic until the SFM is repaired or re-installed. Actually, in this situation, all modules are powered off until the SFM is reinstalled.

The SFM can operate in any of the three modes discussed in the last section, including more than one mode at a time, based on the type of cards installed. You can restrict its operation by enabling or disabling modes with the following command:

 Switch(config)# [no] fabric switching-mode allow bus-mode|truncated [threshold #] 

With truncated mode, you can specify an optional threshold, which specifies how many fabric-supported modules must be installed before truncated mode takes effect. To verify the SFM's operation, use the commands in Table 2.8.