CCNP Switch: Switch Port Configuration
Ethernet Concepts
This section reviews the varieties of Ethernet and their application in a campus network. Recall how the bandwidth requirements for each network segment are determined by the types of applications in use, the traffic flows within the network, and the size of the user community served.
Ethernet scales to support increasing bandwidths and should be chosen to match the need at each point in the campus network. As network bandwidth requirements grow, you can scale the links between access, distribution, and core layers to match the load.
Other network media technologies available include Fiber Distribution Data Interface (FDDI), Copper Distribution Data Interface (CDDI), Token Ring, and Asynchronous Transfer Mode (ATM). Although some networks still use these media, Ethernet has emerged as the most popular choice in installed networks. Ethernet is chosen because of its low cost, market availability, and scalability to higher bandwidths.
Ethernet (10 Mbps) Full-Duplex Fast Ethernet
Ethernet is a LAN technology based on the Institute of Electrical and Electronics Engineers (IEEE) 802.3 standard. Ethernet (in contrast to Fast Ethernet and later versions) offers a bandwidth of 10 Mbps between end users. In its most basic form, Ethernet is a shared medium that becomes both a collision and a broadcast domain. As the number of users on the shared media increases, so does the probability that a user is trying to transmit data at any given time. When one user transmits at about the same time as another, a collision occurs. In other words, both users can’t transmit data at the same time if they both are sharing the same network media.
Ethernet is based on the carrier sense multiple access collision detect (CSMA/CD) technology, which requires that transmitting stations back off for a random period of time when a collision occurs. If a station must wait its turn to transmit, it cannot transmit and receive at the same time. This is called half-duplex operation.
The more crowded an Ethernet segment becomes, the number of stations likely to be transmitting at a given time increases. Imagine standing in a crowded room trying to tell a story. Instead of attempting to talk over the crowd, you stop and politely wait while other people talk. The more people there are in the room, the more difficult talking becomes. Likewise, as an Ethernet segment becomes more crowded, it becomes more inefficient.
Ethernet switching addresses this problem by dynamically allocating a dedicated 10-Mbps bandwidth to each of its ports. The resulting increased network performance occurs by reducing the number of users connected to an Ethernet segment. In effect, collisions are less probable and the collision domain is reduced in size.
Although switched Ethernet’s job is to offer fully dedicated bandwidth to each connected device, assuming that network performance will improve across the board when switching is introduced is a common mistake. For example, consider a workgroup of users connected by a shared-media
Ethernet hub. These users regularly access an enterprise server located elsewhere in the campus network. To improve performance, the decision is made to replace the hub with an Ethernet switch so that all users get dedicated 10-Mbps connections. Because the switch offers dedicated bandwidth for connections between the end-user devices connected to its ports, any user-to-user traffic probably would see improved performance. However, the enterprise server still is located elsewhere in the network, and all the switched users still must share available bandwidth across the campus to reach it. As discussed in Chapter 1, instead of throwing raw bandwidth at a problem, a design based on careful observation of traffic patterns and flows offers a better solution.
Because switched Ethernet can remove the possibility of collisions, stations do not have to listen to each other to take a turn transmitting on the wire. Instead, stations can operate in full-duplex mode—transmitting and receiving simultaneously. Full-duplex mode further increases network performance, with a net throughput of 10 Mbps in each direction, or 20 Mbps total throughput on each port.
Another consideration when dealing with 10-Mbps Ethernet is the physical cabling. Ethernet cabling involves the use of unshielded twisted-pair (UTP) wiring (10BASE-T Ethernet), usually restricted to an end-to-end distance of 100 m (328 feet) between active devices. Keeping cable lengths as short as possible in the wiring closet also reduces noise and crosstalk when many cables are bundled together.
In a campus network environment, Ethernet usually is used in the access layer, between end user devices and the access-layer switch. Many networks still use Ethernet to connect end users to shared-media hubs, which then connect to access-layer switches. Ethernet typically is not used at either the distribution or the core layer.
Fast Ethernet
Instead of requiring campuses to invest in a completely new technology to gain increased bandwidth, the networking industry developed a higher-speed Ethernet based on existing Ethernet standards. Fast Ethernet operates at 100 Mbps and is defined in the IEEE 802.3u standard. The Ethernet cabling schemes, CSMA/CD operation, and all upper-layer protocol operations are maintained with Fast Ethernet. The net result is the same data link Media Access Control (MAC) layer merged with a new physical layer.
The campus network can use Fast Ethernet to link access- and distribution-layer switches, if no higher-speed links are available. These links can support the aggregate traffic from multiple Ethernet segments in the access layer. Fast Ethernet generally is used to connect end-user workstations to the access-layer switch and to provide improved connectivity to enterprise servers.
Cabling for Fast Ethernet can involve either UTP or fiber. Table 5-2 lists the specifications for Fast Ethernet that define the media types and distances.
Table 5-2 Cabling Specifications for Fast Ethernet
Full-Duplex Fast Ethernet
As with traditional Ethernet, the natural progression to improve performance is to use full-duplex operation. Fast Ethernet can provide up to 100 Mbps in each direction on a switched connection, for 200 Mbps total throughput.
This maximum throughput is possible only when one device (a workstation, server, router, or another switch) is connected directly to a switch port. In addition, the devices at each end of the link must both support full-duplex operation, allowing each to transmit at will without having to detect and recover from collisions.
The Fast Ethernet specification also offers backward-compatibility to support traditional 10-Mbps Ethernet. In the case of 100BASE-TX, switch ports often are called “10/100” ports, to denote the dual speed. To provide this support, the two devices at each end of a network connection automatically can negotiate link capabilities so that they both can operate at a maximum common level. This negotiation involves detecting and selecting the highest physical layer technology (available bandwidth) and half-duplex or full-duplex operation. To properly negotiate a connection, both ends should be configured for autonegotiation.
The link speed is determined by electrical signaling so that either end of a link can determine what speed the other end is trying to use. If both ends of the link are configured to autonegotiate, they will use the highest speed that is common to them.
A link’s duplex mode, however, is negotiated through an exchange of information. This means that for one end to successfully autonegotiate the duplex mode, the other end also must be set to autonegotiate. Otherwise, one end never will see duplex information from the other end and won’t be capable of determining the correct mode to use. If duplex autonegotiation fails, a switch port always falls back to its default setting—half-duplex.
CAUTION Beware of a duplex mismatch when both ends of a link are not set for autonegotiation. During a mismatch, one end uses full duplex while the other end uses half duplex. The result is that the half-duplex station will detect a collision when both ends transmit; it will back off appropriately. The full-duplex station, however, will assume that it has the right to transmit at any time. It will not stop and wait for any reason. This can cause errors on the link and poor response times between the stations.
Autonegotiation uses the priorities shown in Table 5-3 for each mode of Ethernet to determine which technology to agree upon. If both devices can support more than one technology, the technology with the highest priority is used. For example, if two devices can support both 10BASE-T and 100BASE-TX, both devices will use the higher-priority 100BASE-TX mode.
Table 5-3 Autonegotiation Selection Priorities
To ensure proper configuration at both ends of a link, Cisco recommends that the appropriate values for transmission speed and duplex mode be configured manually on switch ports. This precludes any possibility that one end of the link will change its settings, resulting in an unusable connection. If you manually set the switch port, don’t forget to manually set the device on the other end of the link accordingly. Otherwise, a speed or duplex mismatch between the two devices might occur.
Cisco provides one additional capability to Fast Ethernet, which allows several Fast Ethernet links to be bundled together for increased throughput. Fast EtherChannel (FEC) allows two to eight full-duplex Fast Ethernet links to act as a single physical link, for 400- to 1600-Mbps duplex bandwidth. This technology is described in greater detail in Chapter 8, “Aggregating Switch Links.” For further reading about Fast Ethernet technology, refer to the article “Fast Ethernet 100-Mbps Solutions,” at Cisco.com: http://www.cisco.com/en/US/netsol/ns340/ns394/ns147/ networking_solutions_white_paper09186a00800a4a29.shtml.
Gigabit Ethernet
You can scale Fast Ethernet by an additional order of magnitude with Gigabit Ethernet (which supports 1000 Mbps or 1 Gbps) using the same IEEE 802.3 Ethernet frame format as before. This scalability allows network designers and managers to leverage existing knowledge and technologies to install, migrate, manage, and maintain Gigabit Ethernet networks.
However, the physical layer has been modified to increase data-transmission speeds. Two technologies were merged to gain the benefits of each: the IEEE 802.3 Ethernet standard and the American National Standards Institute (ANSI) X3T11 FibreChannel. IEEE 802.3 provided thefoundation of frame format, CSMA/CD, full duplex, and other Ethernet characteristics. FibreChannel provided a base of high-speed ASICs, optical components, and encoding/decoding and serialization mechanisms. The resulting protocol is termed IEEE 802.3z Gigabit Ethernet.
Gigabit Ethernet supports several cabling types, referred to as 1000BASE-X. Table 5-4 lists the cabling specifications for each type. In a campus network, you can use Gigabit Ethernet in the switch block, core block, and server block. In the switch block, it can connect access-layer switches to distribution-layer switches. In the core block, it can connect the distribution layer to the core switches and interconnects the core devices. In a server block, a Gigabit Ethernet switch can provide high-speed connections to individual servers.
Table 5-4 Gigabit Ethernet Cabling and Distance Limitations
continues
The “Gigabit over copper” solution that the 1000BASE-T media provides is based on the IEEE 802.3ab standard. Most Gigabit Ethernet switch ports used between switches are fixed at 1000 Mbps. However, other switch ports can support a fallback to Fast or Legacy Ethernet speeds. Here, speed can be autonegotiated between end nodes to the highest common speed—10 Mbps, 100 Mbps, or 1000 Mbps. These ports are often called “10/100/1000” ports to denote the triple speed. Here, the autonegotiation supports the same priority scheme as Fast Ethernet, although 1000BASE-T full duplex becomes the highest priority, followed by 1000BASE-T half duplex. Gigabit Ethernet’s port duplex mode always is set to full duplex on Cisco switches, so duplex autonegotiation is not possible.
Finally, Cisco has extended the concept of Fast EtherChannel to bundle several Gigabit Ethernet links to act as a single physical connection. With Gigabit EtherChannel (GEC), two to eight fullduplex Gigabit Ethernet connections can be aggregated, for a single logical link of up to 16 Gbps throughput. Port aggregation and the EtherChannel technology are described further in Chapter 8.
10-Gigabit Ethernet
Ethernet scales by orders of magnitude, beginning with 10 Mbps, progressing to 100 Mbps, and then to 1000 Mbps. To meet the demand for aggregating many Gigabit Ethernet links over a single connection, 10-Gigabit Ethernet was developed. Again, the Layer 2 characteristics of Ethernet have been preserved; the familiar 802.3 frame format and size, along with the MAC protocol, remain unchanged.
The 10-Gigabit Ethernet, also known as 10GbE, and the IEEE 802.3ae standard differ from their predecessors only at the physical layer (PHY); 10GbE operates only at full duplex. The standard defines several different transceivers that can be used as Physical Media Dependent (PMD) interfaces. These are classified into the following:
- LAN PHY—Interconnects switches in a campus network, predominantly in the core layer
- WAN PHY—Interfaces with existing synchronous optical network (SONET) or synchronous digital hierarchy (SDH) networks typically found in metropolitan-area networks (MAN)
The PMD interfaces also have a common labeling scheme, much as Gigabit Ethernet does. Where Gigabit Ethernet uses 1000BASE-X to indicate the media type, 10-Gigabit Ethernet uses 10GBASE-X. Table 5-5 lists the different PMDs defined in the standard, along with the type of fiber and distance limitations. All the fiber-optic PMDs can be used as either a LAN or a WAN PHY, except for the 10GBASE-LX4, which is only a LAN PHY. Be aware that the longwavelength PMDs carry a significantly greater expense than the others. At press time, the Cisco Catalyst 6500, 4500 (Supervisor VI), and 3750 switches supported 10-Gigabit Ethernet PMDs in the form of XENPAK transceivers, beginning with a minimum software release. For the most current switch compatibility listing, refer to the “Cisco 10-Gigabit Ethernet Transceiver Modules Compatibility Matrix” document at http://www.cisco.com/en/US/products/ hw/modules/ps5251/products_device_support_table09186a00803857e7.html.
Table 5-5 10-Gigabit Ethernet PMD Types and Characteristics
*Transceiver types are denoted by a two-letter suffix. The first letter specifies the wavelength used: S = short, L = long, E = extra-long wavelength. The second letter specifies the PHY type: R = LAN PHY, W = WAN PHY. In the case of LX4 and LW4, L refers to a long wavelength, X and W refer to the coding used, and 4 refers to the number of wavelengths transmitted. WWDM is wide-wavelength division multiplexing.
Connecting Switch Block Devices
Switch deployment i Selecting Ports to Configure
n a network involves two steps: physical connectivity and switch configuration. This section describes the connections and cabling requirements for devices in a switch block. Cable connections must be made to a switch’s console port to make initial configurations. Physical connectivity between switches and end users involves cabling for the various types of LAN ports. Console Port Cables/Connectors A terminal-emulation program on a PC usually is required to interface with the console port on a switch. Various types of console cables and console connectors are associated with each Cisco switch family.
All Catalyst switch families use an RJ-45-to-RJ-45 rollover cable to make the console connection between a PC (or terminal or modem) and the console port. A rollover cable is made so that pin 1 on one RJ-45 connector goes to pin 8 on the other RJ-45 connector, pin 2 goes to pin 7, and so forth. In other words, the cable remains flat while the two RJ-45 connectors point in opposite directions.
To connect the PC end, the rollover cable plugs into an RJ-45 to DB-9 or DB-25 “terminal” adapter (or a DB-25 “modem” adapter for a modem connection). At the switch end, the rollover cable plugs directly into the console port’s RJ-45 jack.
After the console port is cabled to the PC, terminal, or modem, a terminal-emulation program can be started or a user connection can be made. The console ports on all switch families require an asynchronous serial connection at 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control.
Ethernet Port Cables and Connectors
Catalyst switches support a variety of network connections, including all forms of Ethernet. In addition, Catalyst switches support several types of cabling, including UTP and optical fiber. Fast Ethernet (100BASE-FX) ports use two-strand multimode fiber (MMF) with MT-RJ or SC connectors to provide connectivity. The MT-RJ connectors are small and modular, each containing a pair of fiber-optic strands. The connector snaps into position, but you must press a tab to remove it. The SC connectors on the fiber cables are square in shape. These connectors snap in and out of the switch port connector as the connector is pushed in or pulled out. One fiber strand is used as a transmit path and the other as a receive path. The transmit fiber on one switch device should connect to the receive fiber on the other end.
All Catalyst switch families support 10/100 autosensing (using Fast Ethernet autonegotiation) and 10/100/1000 autosensing for Gigabit Ethernet. These ports use RJ-45 connectors on Category 5
UTP cabling to complete the connections. These ports can connect to other UTP-based Ethernet autosensing devices. UTP cabling is arranged so that RJ-45 pins 1,2 and 3,6 form two twisted pairs. These pairs connect straight through to the far end.
To connect two 10/100 switch ports back to back, as in an access-layer to distribution-layer link, you must use a Category 5 UTP crossover cable. In this case, RJ-45 pins 1,2 and 3,6 are still twisted pairs, but 1,2 on one end connects to 3,6 on the other end, and 3,6 on one end connects to 1,2 on the other end.
NOTE Because UTP Ethernet connections use only pairs 1,2 and 3,6, some cable plant installers connect only these pairs and leave the remaining two pair positions empty. Although this move provides Ethernet connectivity, it is not good practice for future needs. Instead, all four RJ-45 connector pairs should be connected end to end. For example, a full four-pair UTP cable plant can be used for either Ethernet or Token Ring connectivity, without rewiring. (Token Ring UTP connections use pairs 3,6 and 4,5.) Also, to be compatible with the new IEEE 802.3ab standard for Gigabit Ethernet over copper (1000BASE-T), you must use all four pairs end to end.
Gigabit Ethernet Port Cables and Connectors
Gigabit Ethernet connections take a different approach by providing modular connectivity options. Catalyst switches with Gigabit Ethernet ports have standardized rectangular openings that can accept GBIC or SFP modules. The Gigabit Interface Converter (GBIC) and small form factor pluggable (SFP) modules provide the media personality for the port so that various cable media can connect. In this way, the switch chassis is completely modular and requires no major change to accept a new media type. Instead, the appropriate module is hot-swappable and is plugged into the switch to support the new media. GBIC modules can use SC fiber-optic and RJ-45 UTP connectors. SFP modules can use LC and MT-RJ fiber-optic and RJ-45 UTP connectors. GBIC and SFP modules are available for the following Gigabit Ethernet media:
- 1000BASE-SX—Short-wavelength connectivity using SC fiber connectors and MMF for distances up to 550 m (1804 feet).
- 1000BASE-LX/LH—Long-wavelength/long-haul connectivity using SC fiber connectors and either MMF or single-mode fiber (SMF); MMF can be used for distances up to 550 m (1804 feet), and SMF can be used for distances up to 10 km (32,810 feet). MMF requires a special mode-conditioning cable for fiber distances less than 100 m (328 feet) or greater than 300 m (984 feet). This keeps the GBIC from overdriving the far-end receiver on a short cable and lessens the effect of differential mode delay on a long cable.
- 1000BASE-ZX—Extended-distance connectivity using SC fiber connectors and SMF; works for distances up to 70 km, and even to 100 km when used with premium-grade SMF.
- GigaStack—Uses a proprietary connector with a high-data-rate copper cable with enhanced signal integrity and electromagnetic interference (EMI) performance; provides a GBIC-to-GBIC connection between stacking Catalyst switches or between any two Gigabit switch ports over a short distance. The connection is full duplex if only one of the two stacking connectors is used; if both connectors are used, they each become half duplex over a shared bus.
- 1000BASE-T—Sports an RJ-45 connector for four-pair UTP cabling; works for distances up to 100 m (328 feet).
CAUTION The fiber-based modules always have the receive fiber on the left connector and the transmit fiber on the right connector, as you face the connectors. These modules could produce invisible laser radiation from the transmit connector. Therefore, always keep unused connectors covered with the rubber plugs, and don’t ever look directly into the connectors.
Switch Port Configuration
You can configure the individual ports on a switch with various information and settings, as detailed in the following sections.
Selecting Ports to Configure
Before you can modify port settings, you must select one or more switch ports. Catalyst switches running the Catalyst operating system (CatOS) refer to these as ports, whereas switches running the Cisco IOS Software refer to them as interfaces. The BCMSN exam is based on IOS-based switches only. To select a single switch port, enter the following command in global configuration mode:
Switch(config)# interface type module/number
The port is identified by its Ethernet type (fastethernet, gigabitethernet, tengigabitethernet, or vlan), the physical module or “blade” where it is located, and the port number within the module. Some switches, such as the Catalyst 2950 and 3550, don’t have multiple modules. For those models, ports have a module number of 0 (zero). As an example, the FastEthernet 0/14 interface is selected for configuration using the following command:
Switch(config)# interface fastethernet 0/1 4
The Catalyst 3750 is also a fixed-configuration switch, but it can be stacked with other switches in the 3750 family. Interfaces are referenced by module and port number, where the module number represents the switch position in the stack. For example, port 24 on the switch at position 2 in the stack would be referenced as FastEthernet 2/24.
Naturally, you can select and configure multiple interfaces in this fashion, one at a time. If you need to make many configuration changes for each interface, however, this can get very tedious. The Catalyst IOS Software also allows multiple interfaces to be selected in a single pass, through the interface range configuration command. After you select the range, any interface configuration commands entered are applied to each of the interfaces in the range.
To select several arbitrary ports for a common configuration setting, you can identify them as a “range” entered as a list. Port numbers and the commas that separate them all must be separated with spaces. Use the following command in global configuration mode:
Switch(config)# interface range type module/number [ , type module/number ...]
For example, to select interfaces FastEthernet 0/3, 0/7, 0/9, and 0/48 for configuration, you could use this command:
Switch(config)# interface range fastethernet 0/3 , fastethernet 0/7 , fastethernet 0/9 , fastethernet 0/48
You also can select a continuous range of ports, from a beginning interface to an ending interface. Enter the interface type and module, followed by the beginning and ending port number separated by a dash with spaces. Use this command in global configuration mode:
Switch(config)# interface range type module/first-number – last-number
For example, you could select all 48 FastEthernet interfaces on module 1 with the following command:
Switch(config)# interface range fastethernet 1 /0 - 48
Finally, you sometimes need to make configuration changes to several groups or ranges of ports at the same time. You can define a macro that contains a list of interfaces or ranges of interfaces or both. Then, you can invoke the interface-range macro just before configuring the port settings.This applies the port settings to each interface that is identified by the macro. The steps for defining and applying this macro are as follows:
Step 1 Define the macro name and specify as many lists and ranges of interfaces as needed. The command syntax is open ended but follows the list and range syntax of the interface range commands defined previously:
Switch(config)# define interface-range macro-name type module/number [, type module/ number ...] [ type module/first-number – last-number] [...]
Step 2 Invoke the macro called macro-name just as you would with a regular interface, just before entering any interface-configuration commands:
Switch(config)# interface range macro macro-name
As an example, suppose you need to configure GigabitEthernet 2/1, 2/3 through 2/5, 3/1, 3/10, and 3/32 through 3/48 with a set of identical interface configurations. You could use the following commands to define and apply a macro, respectively:
Switch(config)# define interface-range MyGroup gig 2/1 , gig 2/3 – 2/5 , gig 3/1 , gig 3/1 0, gig 3/32 – 3/48 Switch(config)# interface range macro MyGroup
Remember to surround any commas and hyphens with spaces when you enter interface range commands.
Identifying Ports
You can add a text description to a switch port’s configuration to help identify it. This description is meant as a comment field only, as a record of port use or other unique information. The port description is included when displaying the switch configuration and interface information. To assign a comment or description to a port, enter the following command in interface configuration mode:
Switch(config-if)# description description-string
The description string can have embedded spaces between words, if needed. To remove a description, use the no description interface-configuration command.
As an example, interface FastEthernet 0/11 is labeled with “Printer in Bldg A, room 213”:
Switch(config)# interface fast 0/1 1 Switch(config-if)# description Printer in Bldg A, room 21 3
Port Speed
You can assign a specific speed to switch ports through switch-configuration commands. Fast Ethernet 10/100 ports can be set to speeds of 10, 100, and Auto (the default) for autonegotiate mode. Gigabit Ethernet GBIC ports always are set to a speed of 1000, while 1000BASE-T ports can be set to speeds of 10, 100, 1000, and Auto (the default).
NOTE If a 10/100 or a 10/100/1000 port is assigned a speed of Auto, both its speed and duplex mode will be negotiated.
To specify the port speed on a particular Ethernet port, use the following interface-configuration command:
Switch(config-if)# speed {1 0 | 1 00 | 1 000 | auto}
Port Duplex Mode
You also can assign a specific link mode to Ethernet-based switch ports. Therefore, the port operates in half-duplex, full-duplex, or autonegotiated mode. Autonegotiation is allowed only on UTP Fast Ethernet and Gigabit Ethernet ports. In this mode, the port participates in a negotiation by attempting full-duplex operation first and then half-duplex operation if full duplex is not successful. The autonegotiation process repeats whenever the link status changes. Be sure to set both ends of a link to the same speed and duplex settings, to eliminate any chance that the two ends will be mismatched.
NOTE A 10-Mbps Ethernet link (fixed speed) defaults to half duplex, whereas a 100-Mbps Fast Ethernet (dual speed 10/100) link defaults to full duplex. Multispeed links default to autonegotiate the duplex mode.
To set the link mode on a switch port, enter the following command in interface configuration mode:
Switch(config-if)# duplex {auto | full | half}
For instance, you could use the commands in Example 5-1 to configure 10/100/1000 interfaces GigabitEthernet 3/1 for autonegotiation and 3/2 for 100-Mbps full duplex (no autonegotiation).
Example 5-1 Configuring the Link Mode on a Switch Port
Switch(config)# interface gig 3/1 Switch(config-if)# speed auto Switch(config-if)# duplex auto Switch(config-if)# interface gig 3/2 Switch(config-if)# speed 1 00 Switch(config-if)# duplex full
Managing Error Conditions on a Switch Port
Traditionally, a network-management application was used to detect a serious error condition on a switch port. A switch periodically was polled and switch port error counters were examined to see if an error condition had occurred. If so, an alert was issued so that someone could take action to correct the problem.
Catalyst switches can detect error conditions automatically, without any further help. If a serious error occurs on a switch port, that port can be shut down automatically until someone manually enables the port again, or until a predetermined time has elapsed.
Detecting Error Conditions
By default, a Catalyst switch detects an error condition on every switch port for every possible cause. If an error condition is detected, the switch port is put into the errdisable state and is disabled. You can tune this behavior on a global basis so that only certain causes trigger any port being disabled. Use the following command in global configuration mode, where the no keyword is added to disable the specified cause:
Switch(config)# [ no] errdisable detect cause [ all | cause-name]
You can repeat this command to enable or disable more than one cause. One of the following causes triggers the errdisable state:
- all—Detects every possible cause
- arp-inspection—Detects errors with dynamic ARP inspection
- bpduguard—Detects when a spanning-tree bridge protocol data unit (BPDU) is received on a port configured for STP portfast
- channel-misconfig—Detects an error with an EtherChannel bundle
- dhcp-rate-limit—Detects an error with DHCP snooping
- dtp-flap—Detects when trunking encapsulation is changing from one type to another
- gbic-invalid—Detects the presence of an invalid GBIC or SFP module
- ilpower—Detects an error with offering inline power
- l2ptguard—Detects an error with Layer 2 Protocol Tunneling
- link-flap—Detects when the port link state is “flapping” between the up and down states
- loopback—Detects when an interface has been looped back
- pagp-flap—Detects when an EtherChannel bundle’s ports no longer have consistent configurations
- psecure-violation—Detects conditions that trigger port security configured on a port
- rootguard—Detects when an STP BPDU is received from the root bridge on an unexpected port
- security-violation—Detects errors related to port security
- storm-control—Detects when a storm control threshold has been exceeded on a port
- udld—Detects when a link is seen to be unidirectional (data passing in only one direction)
- unicast-flood—Detects conditions that trigger unicast flood blocking on a port
- vmps—Detects errors when assigning a port to a dynamic VLAN through VLAN membership policy server (VMPS)
Automatically Recover from Error Conditions
By default, ports put into the errdisable state must be re-enabled manually. This is done by issuing the shutdown command in interface configuration mode, followed by the no shutdown command. Before you re-enable a port from the errdisable condition, you always should determine the cause of the problem so that the errdisable condition doesn’t occur again.
You can decide to have a switch automatically re-enable an errdisabled port if it is more important to keep the link up until the problem can be resolved. To automatically re-enable an errdisabled port, you first must specify the errdisable causes that can be re-enabled. Use this command in global configuration mode, with a cause-name from the preceding list:
Switch(config)# errdisable recovery cause [ all | cause-name]
If any errdisable causes are configured for automatic recovery, the errdisabled port stays down for 300 seconds, by default. To change the recovery timer, use the following command in global configuration mode:
Switch(config)# errdisable recovery interval seconds
You can set the interval from 30 to 86,400 seconds (24 hours). As an example, you could use the following commands to configure all switch ports to be reenabled automatically in 1 hour after a port security violation has been detected:
Switch(config)# errdisable recovery cause psecurity- violation Switch(config)# errdisable recovery interval 3600
Remember that the errdisable causes and automatic recovery are configured globally—the settings apply to all switch ports.
Enable and Use the Switch Port
If the port is not enabled or activated automatically, use the no shutdown interface-configuration command. To view a port’s current speed and duplex state, use the show interface command. You can see a brief summary of all interface states with the show interfaces status command.
Troubleshooting Port Connectivity
Suppose you are experiencing problems with a switch port. How would you troubleshoot it? The following sections cover a few common troubleshooting techniques.
Looking for the Port State
Use the show interfaces EXEC command to see complete information about the switch port. The port’s current state is given in the first line of output, as in Example 5-2.
Example 5-2 Determining Port State Information
Switch# show interfaces fastethernet 0/1 FastEthernet0/1 is up, line protocol is up Hardware is Fast Ethernet, address is 0009.b7ee.9801 (bia 0009.b7ee.9801) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255
The first up tells the state of the port’s physical or data link layer. If this is shown as down, the link is physically disconnected or a link cannot be detected. The second state, given as line protocol is up, shows the Layer 2 status. If the state is given as errdisable, the switch has detected a serious error condition on this port and automatically has disabled it.
To quickly see a list of states for all switch ports, use the show interface status EXEC command. Likewise, you can see a list of all ports in the errdisable state (as well as the cause) by using the show interface status err-disabled EXEC command.
Looking for Speed and Duplex Mismatches
If a user notices slow response time or low throughput on a 10/100 or 10/100/1000 switch port, the problem could be a mismatch of the port speed or duplex mode between the switch and the host. This is particularly common when one end of the link is set to autonegotiate the link settings and the other end is not.
Use the show interface command for a specific interface and look for any error counts that are greater than 0. For example, in the following output in Example 5-3, the switch port is set to autonegotiate the speed and duplex mode. It has decided on 100 Mbps at half duplex. Notice that there are many runts (packets that were truncated before they were fully received) and input errors. These are symptoms that a setting mismatch exists between the two ends of the link.
Example 5-3 Determining Link Speed and Duplex Mode
Switch# show interfaces fastethernet 0/1 3 FastEthernet0/13 is up, line protocol is up Hardware is Fast Ethernet, address is 00d0.589c.3e8d (bia 00d0.589c.3e8d) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 2/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not set Auto-duplex (Half), Auto Speed (100), 100BASETX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Last clearing of “show interface” counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 81000 bits/sec, 49 packets/sec 500867 packets input, 89215950 bytes Received 12912 broadcasts, 374879 runts, 0 giants, 0 throttles 374879 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast 0 input packets with dribble condition detected 89672388 packets output, 2205443729 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out
Because this port is autonegotiating the link speed, it must have detected an electrical signal that indicated 100 Mbps in common with the host. However, the host most likely was configured for 100 Mbps at full duplex (not autonegotiating). The switch was incapable of exchanging duplex information, so it fell back to its default of half duplex. Again, always make sure both ends of a connection are set to the same speed and duplex.