Results 1 to 21 of 21
Thread: Managing a Cisco 2900 Switch?
-
10-23-2004, 05:02 PM #1Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
Managing a Cisco 2900 Switch?
Okay, I found a great deal on a 2924EN-XL 8MB with the latest IOS software and I got it on the network last night. ($150 from a guy 6 blocks away, still in the original box, perfect condition, with manuals, cords, etc.)
I figured out how to configure some things, like ntp and dns but what I would really like is some kind of guide to the basic management of it, common configuration stuff. Something that's not a tutorial, but like a large command reference or real-world how-to guides.
I've looked at hundreds of pages of Cisco's IOS documentation and it's just disgustingly organized and presented and there's no user feedback or suggestions, or common problems. So are there any good forums that are very active and have lots of searchable archives with info on a switch like this, or how-to guides, FAQ's, etc?
I've really done a lot of searching but haven't found that one great source of information that ties everything together.
Suggestions?
-JonFork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-23-2004, 08:03 PM #2Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
O'Reilly's Cisco IOS in a Nutshell. Just read the whole thing and now I feel like an expert
Fork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-23-2004, 08:30 PM #3Retired Moderator
- Join Date
- May 2004
- Location
- Toronto, Canada
- Posts
- 5,105
Eek, you are doing this as a learning exercise right? its not on a production network?
CloudNexus Technology Services
Managed Services
-
10-23-2004, 08:32 PM #4Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
Eek, you are doing this as a learning exercise right?Fork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-24-2004, 02:44 AM #5Web Hosting Guru
- Join Date
- Mar 2003
- Posts
- 260
Search cisco.com they provide well written documentation about their equipment.
-
10-24-2004, 02:46 AM #6Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
uhm, yea. Suuuuure it is.
Fork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-24-2004, 08:08 AM #7Closed Account
- Join Date
- Sep 2003
- Location
- Amsterdam, NL
- Posts
- 642
Re: Managing a Cisco 2900 Switch?
Originally posted by apexio
I've looked at hundreds of pages of Cisco's IOS documentation and it's just disgustingly organized and presented and there's no user feedback or suggestions, or common problems. So are there any good forums that are very active and have lots of searchable archives with info on a switch like this, or how-to guides, FAQ's, etc?
-Jon
Things we do when a new (acess layer) switch is connected to our network
- update IOS (if needed)
- set IP settings (address, dns, gw)
- set timezone
- set ntp
- disable http
- set telnet and snmp access-lists
- set snmp community
- add switch to our managment system
- shutdown all interfaces (except vlan1 & uplinks)
- setup remote syslog
When we connect a customer we "no shut" that interface and add an interface description.
Most of the things mentioned above dont really need howto's. If you do need pointers let me know.
Or are you planning on doing fancy things with the switch?
-
10-24-2004, 01:23 PM #8Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
Well, I wanted to know what I *could* do with it. What I'm interested in doing is well, let me list my setup.
I want to use a bridging FreeBSD box as a traffic shaper and firewall (it's all setup and running as a bridge now). But if that server goes down I want the 2924 to stop using it so the network doesn't go down. I'm not sure of the best way to do this.Fork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-24-2004, 01:58 PM #9Closed Account
- Join Date
- Sep 2003
- Location
- Amsterdam, NL
- Posts
- 642
Originally posted by apexio
Well, I wanted to know what I *could* do with it. What I'm interested in doing is well, let me list my setup.
I want to use a bridging FreeBSD box as a traffic shaper and firewall (it's all setup and running as a bridge now). But if that server goes down I want the 2924 to stop using it so the network doesn't go down. I'm not sure of the best way to do this.
Uplink (to the world) connected to interface fa0/1
FBSD 1st NIC (outside) connected to interface fa0/2
FBSD 2nd NIC (inside) connected to interface fa0/3
all other servers connect to interfaces fa0/4 --> last
Step2:
put interfaces fa0/1 and fa0/2 in vlan2
Step3:
all other interfaces in vlan1
Step4:
create a script that verifies that FBSD is still doing its job.
If FBSD is down let the script telnet to the switch and put int fa0/1 in vlan1
Presto...
-
10-24-2004, 02:11 PM #10Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
Hmm, I thought there was some way to let the switch, switch between uplinks if one router went down.. spanning-tree? I want to have the switch manage it all, no outside scripts.
Thanks for the setup info though, i was looking at it differently and yuor setup would be better. How do you relate vlan's to physical interfaces?
Thanks,
JonFork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-24-2004, 02:17 PM #11Closed Account
- Join Date
- Sep 2003
- Location
- Amsterdam, NL
- Posts
- 642
Originally posted by apexio
Hmm, I thought there was some way to let the switch, switch between uplinks if one router went down.. spanning-tree? I want to have the switch manage it all, no outside scripts.
Thanks for the setup info though, i was looking at it differently and yuor setup would be better. How do you relate vlan's to physical interfaces?
- conf t
- interface fa0/X
- switchport acces vlanY
- end
X = interface number
Y = vlan number
-
10-24-2004, 02:29 PM #12Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
I was thinking of a setup like this:
Unmanaged Switch -> Uplink
Cisco Switch fa/1 -> Unmanaged Switch
FBSD 1st NIC -> Unmanaged Switch
FBSD 2nd NIC -> fa/2
Hence it makes a loop. By default it would use fa/2 to FBSD, to the unmanaged switch, and then out the uplink port. If FBSD goes down, it uses fa/1 to the unmanaged switch and then out the uplink port.
Could spanning-tree be used in this setup to automatically re-negotiate a route if FBSD went down?Fork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-24-2004, 02:48 PM #13Closed Account
- Join Date
- Sep 2003
- Location
- Amsterdam, NL
- Posts
- 642
There is a slight chance you could get it to work.
Possibly by setting the spanning-tree cost higher for one of the interfaces.
But I must advise against it.
That setup would only work if the FBSD box powers down.
If FBSD hangs or the pf rules get f*cked up your servers are unreachable.
My previous suggestion with a script would be better.
btw.. I usually do not trust unmanageble switches. it would be a waste to go through all this trouble and build a high availability network with an unmanageable switch as a single point of faillure.
-
10-24-2004, 02:51 PM #14Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
Thanks for the advice. I'm just trying to make the network as reliable as possible. I dont trust the FBSD box to stay up all the time so I'm not going to use it unless it could automatically be bypassed. I'll try something along the lines of your first recommendation.
-jonFork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-24-2004, 02:54 PM #15Closed Account
- Join Date
- Sep 2003
- Location
- Amsterdam, NL
- Posts
- 642
You can trust FreeBSD to keep running forever... (well.. more or less...)
I have never seen a correctly managed FreeBSD fail/crash/hang unless it had faulty hardware
-
10-24-2004, 02:57 PM #16Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
Yea, neither have I. I used to use *cough*redhat*cough* and it died monthly. In the last two years using FBSD, I've never had a single crash or hang. But like you said, it's the hardware that I don't trust. I trust the hardware in the cisco switch much more than an old IDE hard drive and cheap PSU.
Fork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-25-2004, 03:06 PM #17Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
Do i need to enable trunking on the uplink port in order to have multiple vlans?
I've added a few new vlans and added ports to them, but the vlan status is "administratively down".
Code:rtr#show int fa0/21 switchport Name: Fa0/21 Switchport: Enabled Administrative mode: static access Operational Mode: static access Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: Disabled Access Mode VLAN: 3 (VLAN0003) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: NONE Pruning VLANs Enabled: NONE Priority for untagged frames: 0 Override vlan tag priority: FALSE Voice VLAN: none Appliance trust: none Self Loopback: No
Code:rtr#show int vlan 3 VLAN3 is administratively down, line protocol is down Hardware is CPU Interface, address is 0001.4287.8a40 (bia 0001.4287.8a40) MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA ARP type: ARPA, ARP Timeout 04:00:00
Fork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-25-2004, 03:53 PM #18Closed Account
- Join Date
- Sep 2003
- Location
- Amsterdam, NL
- Posts
- 642
No trunking..
once you put fa0/21 in vlan3 do you add your uplink port to vlan3 too?
be carefull if you dont have console access to the switch.. Or issue a "reload in XX" (XX is minutes) before you make "scary" changes.
-
10-25-2004, 04:10 PM #19Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
No... I didn't add the uplink port. If I move the uplink port out of vlan1 and into vlan3, won't that make all the other ports in vlan1 not work?
I was just trying to figure out how vlans work before I reconfigured everything using the FBSD server. Looking back at your original steps, I see now that the dual NIC's on the FBSD server are what links the two vlans together. I think that's where I was confused. I thought you could have multiple vlans on the switch, with only one uplink, and have all ports on either vlan be able to use the main uplink.Fork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>
-
10-25-2004, 06:16 PM #20Closed Account
- Join Date
- Sep 2003
- Location
- Amsterdam, NL
- Posts
- 642
Originally posted by apexio
No... I didn't add the uplink port. If I move the uplink port out of vlan1 and into vlan3, won't that make all the other ports in vlan1 not work?
Originally posted by apexio
I was just trying to figure out how vlans work before I reconfigured everything using the FBSD server. Looking back at your original steps, I see now that the dual NIC's on the FBSD server are what links the two vlans together. I think that's where I was confused. I thought you could have multiple vlans on the switch, with only one uplink, and have all ports on either vlan be able to use the main uplink.
make every switchport a trunk. both FBSD and linux support 802.1q vlan tags.
You could have a default network config on vlan1 which falls back on vlan3 if a box cant reach the outside world.
drawback is that you'd have to configure everything on all servers in your network. And you'd need some sort of notification when a server "dropped" to fallback mode. And this setup would make troubleshooting more complex.
You'd have to explain the setup to a remote hands engineer every time. (if he gets it...)
[edit]
I just thought of something... It wont work unless you get two uplinks from your colo. but then you could create all sorts of spanning tree issues.
possibly making your network or the colo network unreachable.Last edited by LeaseWeb; 10-25-2004 at 06:23 PM.
-
10-27-2004, 03:29 AM #21Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
I made the changes today and it's working perfectly. The FBSD kernel has bridging, ipfw, and dummynet support, and is setup to apply ipfw firewall rules to the bridged traffic. I think I'll place another server in vlan2 so I can have something secure to login to and access the switch if the FBSD firewall goes down.
Vlan2:
fa0/24 - uplink
fa0/23 - fbsd nic1
Vlan1:
fa0/22 - fbsd nic2
fa0/1-21
Very cool.
Is there some reason the 2924 takes about 30 seconds to turn a port from orange (inactive) to green (active) after connecting an ethernet cable? I thought I saw something about disabling something or other to make it much faster...Fork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>