Results 1 to 21 of 21
  1. #1
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175

    Managing a Cisco 2900 Switch?

    Okay, I found a great deal on a 2924EN-XL 8MB with the latest IOS software and I got it on the network last night. ($150 from a guy 6 blocks away, still in the original box, perfect condition, with manuals, cords, etc.)

    I figured out how to configure some things, like ntp and dns but what I would really like is some kind of guide to the basic management of it, common configuration stuff. Something that's not a tutorial, but like a large command reference or real-world how-to guides.

    I've looked at hundreds of pages of Cisco's IOS documentation and it's just disgustingly organized and presented and there's no user feedback or suggestions, or common problems. So are there any good forums that are very active and have lots of searchable archives with info on a switch like this, or how-to guides, FAQ's, etc?

    I've really done a lot of searching but haven't found that one great source of information that ties everything together.

    Suggestions?

    -Jon
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  2. #2
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    O'Reilly's Cisco IOS in a Nutshell. Just read the whole thing and now I feel like an expert
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  3. #3
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    5,029
    Eek, you are doing this as a learning exercise right? its not on a production network?
    Can't we all just get along

  4. #4
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    Eek, you are doing this as a learning exercise right?
    But of course
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  5. #5
    Search cisco.com they provide well written documentation about their equipment.

  6. #6
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    uhm, yea. Suuuuure it is.
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  7. #7
    Join Date
    Sep 2003
    Location
    Amsterdam, NL
    Posts
    642

    Re: Managing a Cisco 2900 Switch?

    Originally posted by apexio

    I've looked at hundreds of pages of Cisco's IOS documentation and it's just disgustingly organized and presented and there's no user feedback or suggestions, or common problems. So are there any good forums that are very active and have lots of searchable archives with info on a switch like this, or how-to guides, FAQ's, etc?

    -Jon
    Well... its a pretty basic switch, there isn't that much that needs managing.

    Things we do when a new (acess layer) switch is connected to our network

    - update IOS (if needed)
    - set IP settings (address, dns, gw)
    - set timezone
    - set ntp
    - disable http
    - set telnet and snmp access-lists
    - set snmp community
    - add switch to our managment system
    - shutdown all interfaces (except vlan1 & uplinks)
    - setup remote syslog

    When we connect a customer we "no shut" that interface and add an interface description.

    Most of the things mentioned above dont really need howto's. If you do need pointers let me know.
    Or are you planning on doing fancy things with the switch?

  8. #8
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    Well, I wanted to know what I *could* do with it. What I'm interested in doing is well, let me list my setup.

    I want to use a bridging FreeBSD box as a traffic shaper and firewall (it's all setup and running as a bridge now). But if that server goes down I want the 2924 to stop using it so the network doesn't go down. I'm not sure of the best way to do this.
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  9. #9
    Join Date
    Sep 2003
    Location
    Amsterdam, NL
    Posts
    642
    Originally posted by apexio
    Well, I wanted to know what I *could* do with it. What I'm interested in doing is well, let me list my setup.

    I want to use a bridging FreeBSD box as a traffic shaper and firewall (it's all setup and running as a bridge now). But if that server goes down I want the 2924 to stop using it so the network doesn't go down. I'm not sure of the best way to do this.
    Step1:
    Uplink (to the world) connected to interface fa0/1
    FBSD 1st NIC (outside) connected to interface fa0/2
    FBSD 2nd NIC (inside) connected to interface fa0/3
    all other servers connect to interfaces fa0/4 --> last

    Step2:
    put interfaces fa0/1 and fa0/2 in vlan2

    Step3:
    all other interfaces in vlan1

    Step4:
    create a script that verifies that FBSD is still doing its job.
    If FBSD is down let the script telnet to the switch and put int fa0/1 in vlan1

    Presto...

  10. #10
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    Hmm, I thought there was some way to let the switch, switch between uplinks if one router went down.. spanning-tree? I want to have the switch manage it all, no outside scripts.

    Thanks for the setup info though, i was looking at it differently and yuor setup would be better. How do you relate vlan's to physical interfaces?

    Thanks,
    Jon
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  11. #11
    Join Date
    Sep 2003
    Location
    Amsterdam, NL
    Posts
    642
    Originally posted by apexio
    Hmm, I thought there was some way to let the switch, switch between uplinks if one router went down.. spanning-tree? I want to have the switch manage it all, no outside scripts.
    spanning tree works if there is a layer2 loop. Which is not the case when you are using the FBSD box.

    Thanks for the setup info though, i was looking at it differently and yuor setup would be better. How do you relate vlan's to physical interfaces?
    Nothing fancy.
    - conf t
    - interface fa0/X
    - switchport acces vlanY
    - end

    X = interface number
    Y = vlan number

  12. #12
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    I was thinking of a setup like this:

    Unmanaged Switch -> Uplink
    Cisco Switch fa/1 -> Unmanaged Switch
    FBSD 1st NIC -> Unmanaged Switch
    FBSD 2nd NIC -> fa/2

    Hence it makes a loop. By default it would use fa/2 to FBSD, to the unmanaged switch, and then out the uplink port. If FBSD goes down, it uses fa/1 to the unmanaged switch and then out the uplink port.

    Could spanning-tree be used in this setup to automatically re-negotiate a route if FBSD went down?
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  13. #13
    Join Date
    Sep 2003
    Location
    Amsterdam, NL
    Posts
    642
    There is a slight chance you could get it to work.
    Possibly by setting the spanning-tree cost higher for one of the interfaces.

    But I must advise against it.

    That setup would only work if the FBSD box powers down.
    If FBSD hangs or the pf rules get f*cked up your servers are unreachable.

    My previous suggestion with a script would be better.

    btw.. I usually do not trust unmanageble switches. it would be a waste to go through all this trouble and build a high availability network with an unmanageable switch as a single point of faillure.

  14. #14
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    Thanks for the advice. I'm just trying to make the network as reliable as possible. I dont trust the FBSD box to stay up all the time so I'm not going to use it unless it could automatically be bypassed. I'll try something along the lines of your first recommendation.

    -jon
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  15. #15
    Join Date
    Sep 2003
    Location
    Amsterdam, NL
    Posts
    642
    You can trust FreeBSD to keep running forever... (well.. more or less...)

    I have never seen a correctly managed FreeBSD fail/crash/hang unless it had faulty hardware

  16. #16
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    Yea, neither have I. I used to use *cough*redhat*cough* and it died monthly. In the last two years using FBSD, I've never had a single crash or hang. But like you said, it's the hardware that I don't trust. I trust the hardware in the cisco switch much more than an old IDE hard drive and cheap PSU.
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  17. #17
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    Do i need to enable trunking on the uplink port in order to have multiple vlans?

    I've added a few new vlans and added ports to them, but the vlan status is "administratively down".

    Code:
    rtr#show int fa0/21 switchport
    Name: Fa0/21
    Switchport: Enabled
    Administrative mode: static access
    Operational Mode: static access
    Administrative Trunking Encapsulation: isl
    Operational Trunking Encapsulation: isl
    Negotiation of Trunking: Disabled
    Access Mode VLAN: 3 (VLAN0003)
    Trunking Native Mode VLAN: 1 (default)
    Trunking VLANs Enabled: NONE
    Pruning VLANs Enabled: NONE
    
    Priority for untagged frames: 0
    Override vlan tag priority: FALSE
    Voice VLAN: none
    Appliance trust: none
    Self Loopback: No
    Code:
    rtr#show int vlan 3
    VLAN3 is administratively down, line protocol is down 
      Hardware is CPU Interface, address is 0001.4287.8a40 (bia 0001.4287.8a40)
      MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec, 
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA
      ARP type: ARPA, ARP Timeout 04:00:00
    If I put fa0/21 into VLAN1, it works, but when I move it to any other vlan, it stops working.
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  18. #18
    Join Date
    Sep 2003
    Location
    Amsterdam, NL
    Posts
    642
    No trunking..

    once you put fa0/21 in vlan3 do you add your uplink port to vlan3 too?


    be carefull if you dont have console access to the switch.. Or issue a "reload in XX" (XX is minutes) before you make "scary" changes.

  19. #19
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    No... I didn't add the uplink port. If I move the uplink port out of vlan1 and into vlan3, won't that make all the other ports in vlan1 not work?

    I was just trying to figure out how vlans work before I reconfigured everything using the FBSD server. Looking back at your original steps, I see now that the dual NIC's on the FBSD server are what links the two vlans together. I think that's where I was confused. I thought you could have multiple vlans on the switch, with only one uplink, and have all ports on either vlan be able to use the main uplink.
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  20. #20
    Join Date
    Sep 2003
    Location
    Amsterdam, NL
    Posts
    642
    Originally posted by apexio
    No... I didn't add the uplink port. If I move the uplink port out of vlan1 and into vlan3, won't that make all the other ports in vlan1 not work?
    correct. vlans are just that.. virtual lans. if two ports are in vlanX it is a virtual switch diconnected from all other vlans.

    Originally posted by apexio

    I was just trying to figure out how vlans work before I reconfigured everything using the FBSD server. Looking back at your original steps, I see now that the dual NIC's on the FBSD server are what links the two vlans together. I think that's where I was confused. I thought you could have multiple vlans on the switch, with only one uplink, and have all ports on either vlan be able to use the main uplink.
    Well that might be another possibility.
    make every switchport a trunk. both FBSD and linux support 802.1q vlan tags.

    You could have a default network config on vlan1 which falls back on vlan3 if a box cant reach the outside world.

    drawback is that you'd have to configure everything on all servers in your network. And you'd need some sort of notification when a server "dropped" to fallback mode. And this setup would make troubleshooting more complex.
    You'd have to explain the setup to a remote hands engineer every time. (if he gets it...)

    [edit]
    I just thought of something... It wont work unless you get two uplinks from your colo. but then you could create all sorts of spanning tree issues.
    possibly making your network or the colo network unreachable.
    Last edited by LeaseWeb; 10-25-2004 at 06:23 PM.

  21. #21
    Join Date
    Oct 2004
    Location
    Portland, OR
    Posts
    175
    I made the changes today and it's working perfectly. The FBSD kernel has bridging, ipfw, and dummynet support, and is setup to apply ipfw firewall rules to the bridged traffic. I think I'll place another server in vlan2 so I can have something secure to login to and access the switch if the FBSD firewall goes down.

    Vlan2:
    fa0/24 - uplink
    fa0/23 - fbsd nic1
    Vlan1:
    fa0/22 - fbsd nic2
    fa0/1-21

    Very cool.

    Is there some reason the 2924 takes about 30 seconds to turn a port from orange (inactive) to green (active) after connecting an ethernet cable? I thought I saw something about disabling something or other to make it much faster...
    Fork Networking - 1995-2010+
    Colocation & Dedicated Hosting
    West Coast, 99.999% uptime.
    <www.forked.net>

  22. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •