- "Do I Know This Already?" Quiz
- Foundation Topics
- Exam Preparation Tasks
Foundation Topics
Ethernet Concepts
This section reviews the varieties of Ethernet and their application in a campus network. The bandwidth requirements for a network segment are determined by the types of applications in use, the traffic flows within the network, and the size of the user community served. Ethernet scales to support increasing bandwidths; the Ethernet medium should be chosen to match the need at each point in the campus network. As network bandwidth requirements grow, you can scale the links between access, distribution, and core layers to match the load.
Ethernet Overview
Ethernet is a LAN technology based on the Institute of Electrical and Electronics Engineers (IEEE) 802.3 standard. Ethernet offers a specific bandwidth between end users. In its most basic form, Ethernet is a shared medium that becomes both a collision and a broadcast domain. As the number of users on the shared media increases, so does the probability that a user is trying to transmit data at any given time. When one user transmits at about the same time as another, a collision occurs. In other words, both users cannot transmit data at the same time if they both are sharing the same network media.
Ethernet is based on the carrier sense multiple access collision detect (CSMA/CD) technology, which requires that transmitting stations back off for a random period of time when a collision occurs. If a station must wait its turn to transmit, it cannot transmit and receive at the same time. This is called half-duplex operation.
The more crowded an Ethernet segment becomes, the number of stations likely to be transmitting at a given time increases. Imagine standing in a crowded room trying to tell a story. Instead of attempting to talk over the crowd, you stop and politely wait while other people talk. The more people there are in the room, the more difficult talking becomes. Likewise, as an Ethernet segment becomes more crowded, it becomes more inefficient.
Ethernet switching addresses this problem by breaking a shared segment up into many individual segments. An Ethernet switch can allocate a dedicated amount of bandwidth to each of its interfaces or ports. The resulting increased network performance occurs by reducing the number of users connected to an Ethernet segment. In effect, collisions are less probable and the collision domain is reduced in size. Ideally, each switch port is connected to only one end user, which in turn, limits the collision domain to that single switch port.
Because switched Ethernet can remove the possibility of collisions, stations do not have to listen to each other to take a turn transmitting on the wire. Instead, stations can operate in full-duplex mode—transmitting and receiving simultaneously. Full-duplex mode further increases network performance by effectively doubling the net throughput on each switch port.
Scaling Ethernet
The original Ethernet standard was based on a bandwidth of 10 Mbps per network segment. Over time, networking technology has evolved to offer higher amounts of bandwidth. Instead of requiring campuses to invest in a completely new technology to leverage ever increasing bandwidth, the networking industry has developed higher-speed generations of Ethernet that are based on existing Ethernet standards.
Typically, each generation of Ethernet offers a ten-fold bandwidth improvement. Even so, the Ethernet cabling schemes, CSMA/CD operation, and all upper-layer protocol operations are maintained with each generation. The net result is the same data link Media Access Control (MAC) layer (OSI Layer 2) merged with a new physical layer (OSI Layer 1). Table 3-2 lists several generations and bandwidths that are included in the IEEE 802.3 standard.
Table 3-2 Generations of Ethernet
Ethernet Technology |
Segment Bandwidth |
Ethernet |
10 Mbps |
Fast Ethernet |
100 Mbps |
Gigabit Ethernet |
1 Gbps |
10-Gigabit Ethernet |
10 Gbps |
40-Gigabit Ethernet |
40 Gbps |
100-Gigabit Ethernet |
100 Gbps |
The following sections provide a brief overview of the successive Ethernet technologies and their cabling requirements.
Fast Ethernet
Fast Ethernet supports a maximum of 100 Mbps untwisted pair (UTP) or fiber-optic cabling. Table 3-3 lists the specifications for Fast Ethernet that define the media types and distances. Notice that UTP cabling is limited to 100 meters, which is identical to the original 10 Mbps Ethernet.
Table 3-3 Cabling Specifications for Fast Ethernet
Technology |
Wiring Type |
Pairs |
Cable Length |
100BASE-TX |
EIA/TIA Category 5 UTP |
2 |
100 m |
100BASE-T2 |
EIA/TIA Category 3, 4, 5 UTP |
2 |
100 m |
100BASE-T4 |
EIA/TIA Category 3, 4, 5 UTP |
4 |
100 m |
100BASE-FX |
Multimode fiber (MMF); 62.5-micron core, 125-micron outer cladding (62.5/125) |
1 |
400 m half duplex or 2000 m full duplex |
Single-mode fiber (SMF) |
1 |
10 km |
Cisco provides one additional capability to Fast Ethernet, which allows several Fast Ethernet links to be bundled together for increased throughput. Fast EtherChannel (FEC) allows two to eight full-duplex Fast Ethernet links to act as a single physical link, for 400- to 1600-Mbps duplex bandwidth. This technology is described in greater detail in Chapter 10, “Aggregating Switch Links.”
Gigabit Ethernet
You can scale a Fast Ethernet network by an additional order of magnitude with Gigabit Ethernet (which supports 1000 Mbps or 1 Gbps) using the same IEEE 802.3 Ethernet frame format as before. However, the physical layer has been modified to increase data-transmission speeds. Two technologies were merged to gain the benefits of each: the IEEE 802.3 Ethernet standard and the American National Standards Institute (ANSI) X3T11 Fibre Channel. IEEE 802.3 provided the foundation of frame format, CSMA/CD, full duplex, and other Ethernet characteristics. Fibre Channel provided a base of high-speed application-specific integrated circuits (ASICs), optical components, and encoding/decoding and serialization mechanisms.
Gigabit Ethernet supports several cabling types, referred to as 1000BASE-X. Table 3-4 lists the cabling specifications for each type.
Table 3-4 Gigabit Ethernet Cabling and Distance Limitations
GE Type |
Wiring Type |
Pairs |
Cable Length |
1000BASE-CX |
Shielded twisted pair (STP) |
1 |
25 m |
1000BASE-T |
EIA/TIA Category 5 UTP |
4 |
100 m |
1000BASE-SX |
Multimode fiber (MMF) with 62.5-micron core; 850-nm laser |
1 |
275 m |
MMF with 50-micron core; 850-nm laser |
1 |
550 m |
|
1000BASE-LX/LH |
MMF with 62.5-micron core; 1300-nm laser |
1 |
550 m |
MMF with 50-micron core; 1300-nm laser |
1 |
550 m |
|
SMF with 9-micron core; 1300-nm laser |
1 |
10 km |
|
1000BASE-ZX |
SMF with 9-micron core; 1550-nm laser |
1 |
70 km |
SMF with 8-micron core; 1550-nm laser |
1 |
100 km |
Most Gigabit Ethernet switch ports used between switches are fixed at 1000 Mbps. However, other switch ports can support a fallback to Fast or Legacy Ethernet speeds. The “Gigabit over copper” solution that the 1000BASE-T media provides can be autonegotiated between end nodes to use the highest common speed—10 Mbps, 100 Mbps, or 1000 Mbps. These ports are often called 10/100/1000 ports to denote the triple speed.
Cisco has extended the concept of Fast EtherChannel to bundle several Gigabit Ethernet links to act as a single physical connection. With Gigabit EtherChannel (GEC), two to eight full-duplex Gigabit Ethernet connections can be aggregated, for a single logical link of up to 16-Gbps throughput. Link aggregation and the EtherChannel technology are described further in Chapter 6.
10-Gigabit Ethernet
To meet the demand for aggregating many Gigabit Ethernet links over a single connection, 10-Gigabit Ethernet was developed. Again, the Layer 2 characteristics of Ethernet have been preserved; the familiar 802.3 frame format and size, along with the MAC protocol, remain unchanged.
The 10-Gigabit Ethernet, also known as 10GE, and the IEEE 802.3ae standard differ from their predecessors only at the physical layer (PHY); 10GE operates only at full duplex. The standard defines several different transceivers that can be used as Physical Media Dependent (PMD) interfaces. These are classified into the following:
- LAN PHY: Interconnects switches in a campus network, predominantly in the core layer
- WAN PHY: Interfaces with existing synchronous optical network (SONET) or synchronous digital hierarchy (SDH) networks that were typically found in metropolitan-area networks (MAN)
The PMD interfaces also have a common labeling scheme, much as Gigabit Ethernet does. Whereas Gigabit Ethernet uses 1000BASE-X to indicate the media type, 10-Gigabit Ethernet uses 10GBASE-X. Table 3-5 lists the different PMDs defined in the standard, along with the type of fiber and distance limitations. All the fiber-optic PMDs can be used as either a LAN or a WAN PHY, except for the 10GBASE-LX4, which is only a LAN PHY. Be aware that the extra-long wavelength PMDs carry a significantly greater expense than the others.
Table 3-5 10-Gigabit Ethernet PMD Types and Characteristics
PMD Type* |
Fiber Medium |
Maximum Distance |
10GBASE-SR/SW (850 nm serial) |
MMF: 50 micron |
66m |
MMF: 50 micron (2GHz* km modal bandwidth) |
300m |
|
MMF: 62.5 micron |
33m |
|
10GBASE-LR/LW (1310 nm serial) |
SMF: 9 micron |
10 km |
10GBASE-ER/EW(1550 nm serial) |
SMF: 9 micron |
40 km |
10GBASE-LX4/LW4 (1310 nm WWDM) |
MMF: 50 micron |
300 m |
MMF: 62.5 micron |
300 m |
|
SMF: 9 micron |
10 km |
|
10GBASE-CX4 |
Copper: CX4 with Infiniband connectors |
15 m |
Transceiver types are denoted by a two-letter suffix. The first letter specifies the wavelength used: S = short, L = long, E = extra-long wavelength. The second letter specifies the PHY type: R = LAN PHY, W = WAN PHY. For LX4 and LW4, L refers to a long wavelength, X and W refer to the coding used, and 4 refers to the number of wavelengths transmitted. WWDM is wide-wavelength division multiplexing.
- Cisco Catalyst switches supported 10-Gigabit Ethernet PMDs in the form of XENPAK, X2, and SFP+ transceivers. Generally, the X2 form factor is smaller than the XENPAK, and the SFP+ is smaller still, allowing more port density on a switch module.
- For the most current switch compatibility listing, refer to the “Cisco 10-Gigabit Ethernet Transceiver Modules Compatibility Matrix” document at http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_6974.html.
Beyond 10-Gigabit Ethernet
With 10-Gigabit Ethernet links extending further toward the access layer, even higher bandwidth is needed to aggregate traffic in the distribution and core layers, as well as in the data center. Some Catalyst switches now offer 40-Gigabit Ethernet and 100-Gigabit Ethernet capabilities.
You have already learned that Ethernet bandwidth increases ten-fold with each new generation. For example, it is easy to see the progression from 1 Gbps to 10 Gbps to 100 Gbps, but 40 Gbps might seem like an odd multiple. The 40-Gigabit Ethernet standard bonds four individual 10-Gigabit Ethernet fiber optic links together using a single QSFP+ (quad SFP+) media module. 100 Gigabit Ethernet uses similar schemes to bond multiple channels or “lanes” together to leverage much greater bandwidth. In fact, both 40 and 100 Gigabit Ethernet are defined by the same 802.3ba standard.
Duplex Operation over Ethernet Links
Recall that when multiple devices share an Ethernet segment, they must cooperate with each other by not transmitting at the same time. This half-duplex mode of communication also means that a device cannot transmit and receive at the same time. To maximize the use of a segment, only two devices should be connected to it so that each one can transmit and receive simultaneously. The natural progression to full-duplex operation effectively doubles a link’s throughput.
This maximum throughput is possible only when one device (a workstation, server, router, or another switch) is connected directly to a switch port. In addition, the devices at each end of the link must both support full-duplex operation, allowing each to transmit at will without having to detect and recover from collisions.
The Fast Ethernet and Gigabit Ethernet specifications offer backward compatibility to support the lower Ethernet speeds. In the case of 100BASE-TX, switch ports often are called “10/100” ports, to denote the dual speed. Twisted pair Gigabit Ethernet ports support all three 10/100/1000 speeds. To provide support for alternate speeds, the two devices at each end of a network connection automatically can negotiate link capabilities so that they both can operate at a maximum common level. This negotiation involves detecting and selecting the highest physical layer technology (available bandwidth) and half-duplex or full-duplex operation. To properly negotiate a connection, both ends should be configured for autonegotiation.
The link speed is determined by electrical signaling so that either end of a link can determine what speed the other end is trying to use. If both ends of the link are configured to autonegotiate, they will use the highest speed that is common to them.
A link’s duplex mode, however, is negotiated through an exchange of information. This means that for one end to successfully autonegotiate the duplex mode, the other end also must be set to autonegotiate. Otherwise, one end never will see duplex information from the other end and won’t be capable of determining the correct mode to use. If duplex autonegotiation fails, a switch port always falls back to its default setting—half-duplex—because it offers the safety of collision detection.
Autonegotiation selects port speed and duplex mode according to a series of priorities. If both devices can support more than one speed, they will agree to use the highest speed available. Likewise, full-duplex mode will be chosen over half-duplex. As an example, if two devices can support 10/100/1000, both devices will select 1000 (1 Gbps) with full-duplex, if possible.
To ensure proper configuration at both ends of a link, Cisco recommends that the appropriate values for transmission speed and duplex mode be configured manually on switch ports. This precludes any possibility that one end of the link will change its settings, resulting in an unusable connection. If you manually set the switch port, do not forget to manually set the device on the other end of the link accordingly. Otherwise, a speed or duplex mismatch between the two devices might occur.
Connecting Switches and Devices
Switch deployment in a network involves two steps: physical connectivity and switch configuration. This section describes the connections and cabling requirements for devices in a switched network.
Ethernet Port Cables and Connectors
Catalyst switches support a variety of network connections, including all forms of Ethernet. In addition, Catalyst switches support several types of cabling, including UTP and optical fiber.
All Catalyst switch families support 10/100/1000 autosensing for Gigabit Ethernet. These ports use RJ-45 connectors on UTP cabling to complete the connections. UTP cabling is arranged so that RJ-45 pins 1 and 2, 3 and 6, 4 and 5, and 7 and 8 form four twisted pairs. These pairs connect straight through to the far end.
Gigabit Ethernet connections take a different approach by providing modular connectivity options. Catalyst switch ports have standardized rectangular openings that can accept small form factor pluggable (SFP) modules. The SFP modules provide the media personality for the port so that various cable media can connect. In this way, the switch chassis is completely modular and requires no major change to accept a new media type. Instead, the appropriate module is hot-swappable and is plugged into the switch to support the new media. SFP modules can use LC and MT-RJ fiber-optic and RJ-45 UTP connectors and are available for the following Gigabit Ethernet media:
- 1000BASE-SX: Short-wavelength connectivity using SC fiber connectors and MMF for distances up to 550 m (1804 feet).
- 1000BASE-LX/LH: Long-wavelength/long-haul connectivity using SC fiber connectors and either MMF or single-mode fiber (SMF); MMF can be used for distances up to 550 m (1804 feet), and SMF can be used for distances up to 10 km (32,810 feet). MMF requires a special mode-conditioning cable for fiber distances less than 100 m (328 feet) or greater than 300 m (984 feet). This keeps the GBIC from overdriving the far-end receiver on a short cable and lessens the effect of differential mode delay on a long cable.
- 1000BASE-ZX: Extended-distance connectivity using SC fiber connectors and SMF; works for distances up to 70 km, and even to 100 km when used with premium-grade SMF.
- 1000BASE-T: Sports an RJ-45 connector for fixed-speed four-pair UTP cabling; works for distances up to 100 m (328 feet).
10-Gigabit Ethernet switch ports support the following rectangular X2 and SFP+ media modules:
- 10GBASE-CX4: Copper connectivity up to 15 m
- 10GBASE-SR: Short-reach connectivity using 62.5 or 50 micron MMF for distances up to 33 m or 300 m, respectively
- 10GBASE-LRM: Long-reach multimode connectivity using 62.5 or 50 micron MMF for distances up to 220 m
- 10GBASE-LX4: Provides connectivity using 62.5 or 50 micron MMF for distances up to 300 m
- 10GBASE-LR: Long-reach connectivity using SMF for distances up to 10 km
- 10GBASE-ER: Extended-reach connectivity using SMF for distances up to 40 km
40- and 100-Gigabit Ethernet both use unique fiber optical modules that leverage multiple fibers simultaneously. These technologies are beyond the scope of the SWITCH exam.
Switch Port Configuration
You can configure the individual ports on a switch with various information and settings, as detailed in the following sections.
Selecting Ports to Configure
Before you can modify port settings, you must select one or more switch ports. Even though they have traditionally been called ports, Catalyst switches running the Cisco IOS Software refer to them as interfaces.
To select a single switch port, enter the following command in global configuration mode:
Switch(config)# interface type member/module/number
A physical port is identified by its Ethernet type (fastethernet, gigabitethernet, tengigabitethernet), the stack member or chassis slot number, the module where it is located, and the port number within the module. Most switches do not have individual modules within each stack member or chassis, so the module number is usually 0. As an example, the Gigabit Ethernet port numbered 14 on the first switch in a stack is selected for configuration using the following command:
Switch(config)# interface gigabitethernet 1/0/14
Naturally, you can select and configure multiple interfaces in this fashion, one at a time. If you need to make many configuration changes for each interface in a 48-port switch or in several switches in a stack, however, this can get very tedious. The Catalyst IOS Software also allows multiple interfaces to be selected in a single pass through the interface range configuration command. After you select the range, any interface configuration commands entered are applied to each of the interfaces in the range.
To select several arbitrary ports for a common configuration setting, you can identify them as a “range” entered as a list. All port numbers and the commas that separate them must be separated with spaces. Use the following command in global configuration mode:
Switch(config)# interface range type member/module/number [, type member/module/ number ...]
For example, to select interfaces Gigabit Ethernet 1/0/3, 1/0/7, 1/0/9, and 1/0/48 for configuration, you could use this command:
Switch(config)# interface range gigabitethernet 1/0/3 , gigabitethernet 1/0/7, gigabitethernet 1/0/9 , gigabitethernet 1/0/48
You also can select a continuous range of ports, from a beginning interface number to an ending interface number. Enter the interface type, stack member, and module, followed by the beginning and ending port number separated by a dash with spaces. Use this command in global configuration mode:
Switch(config)# interface range type member/module/first-number – last-number
For example, you could select all 48 Gigabit Ethernet interfaces on switch stack member 1 with the following command:
Switch(config)# interface range gigabitethernet 1/0/1 - 48
Finally, you sometimes need to make configuration changes to several groups or ranges of ports at the same time. You can define a macro that contains a list of interfaces or ranges of interfaces or both. Then, you can invoke the interface-range macro just before configuring the port settings. This applies the port settings to each interface that is identified by the macro. The steps for defining and applying this macro are as follows:
Step 1. Define the macro name and specify as many lists and ranges of interfaces as needed. The command syntax is open ended but follows the list and range syntax of the interface range commands defined previously:
Switch(config)# define interface-range macro-name type member/module/ number [, type member/module/number ...] [type member/module/first- number – last-number] [...]
Step 2. Invoke the macro called macro-name just as you would with a regular interface, just before entering any interface-configuration commands:
Switch(config)# interface range macro macro-name
Suppose, for example, that you need to configure Gigabit Ethernet 2/0/1, 2/0/3 through 2/0/5, 3/0/1, 3/0/10, and 3/0/32 through 3/0/48 with a set of identical interface configurations. You could use the following commands to define and apply a macro, respectively:
Switch(config)# define interface-range MyGroup gig 2/0/1, gig 2/0/3 – 2/0/5 , gig 3/0/1 , gig 3/0/10, gig 3/0/32 – 3/0/48 Switch(config)# interface range macro MyGroup
Remember to surround any commas and hyphens with spaces when you enter interface range commands.
Identifying Ports
You can add a text description to a switch port’s configuration to help identify it. This description is meant as a comment field only, as a record of port use or other unique information. The port description is included when displaying the switch configuration and interface information.
To assign a comment or description to a port, enter the following command in interface configuration mode:
Switch(config-if)# description description-string
The description string can have embedded spaces between words, if needed. To remove a description, use the no description interface-configuration command.
As an example, interface Gigabit Ethernet 2/0/11 is labeled with “Printer in Bldg A, room 213”:
Switch(config)# interface gigabitethernet 2/0/11 Switch(config-if)# description Printer in Bldg A, room 213
Port Speed
You can assign a specific speed to multiple-speed switch ports through interface configuration commands. Use the speed command to set a speed of 10, 100, 1000, or Autonegotiate (the default).
To specify the port speed on a particular Ethernet port, use the following interface-configuration command:
Switch(config-if)# speed {10 | 100 | 1000 | auto}
Port Duplex Mode
You also can assign a specific duplex mode to Ethernet-based switch ports. A port can operate in half-duplex, full-duplex, or autonegotiated mode. Autonegotiation is allowed only on UTP 10/100 and 10/100/1000 ports. In this mode, the port participates in a negotiation by attempting full-duplex operation first and then half-duplex operation if full-duplex operation is not successful. The autonegotiation process repeats whenever the link status changes. Be sure to set both ends of a link to the same speed and duplex settings to eliminate any chance that the two ends will be mismatched.
To set the link mode on a switch port, enter the following command in interface configuration mode:
Switch(config-if)# duplex {auto | full | half}
For instance, you could use the commands in Example 3-1 to configure 10/100/1000 interfaces Gigabit Ethernet 3/0/1 for autonegotiation and 3/0/2 for 100-Mbps full duplex (no autonegotiation).
Example 3-1 Configuring the Link Mode on a Switch Port
Switch(config)# interface gigabitethernet 3/0/1 Switch(config-if)# speed auto Switch(config-if)# duplex auto Switch(config-if)# interface gigabitethernet 3/0/2 Switch(config-if)# speed 100 Switch(config-if)# duplex full
Managing Error Conditions on a Switch Port
A network-management application can be used to detect a serious error condition on a switch port. A switch can be polled periodically so that its port error counters can be examined to see whether an error condition has occurred. If so, an alert can be issued so that someone can take action to correct the problem.
Catalyst switches can detect error conditions automatically, without any further help. If a serious error occurs on a switch port, that port can be shut down automatically until someone manually enables the port again, or until a predetermined time has elapsed.
Detecting Error Conditions
By default, a Catalyst switch detects an error condition on every switch port for every possible cause. If an error condition is detected, the switch port is put into the “errdisable” state and is disabled. You can tune this behavior on a global basis so that only certain causes trigger any port being disabled. Use the following command in global configuration mode, where the no keyword is added to disable the specified cause:
Switch(config)# [no] errdisable detect cause [all | cause-name]
You can repeat this command to enable or disable more than one cause. One of the following triggers the errdisable state:
- all: Detects every possible cause
- arp-inspection: Detects errors with dynamic ARP inspection
- bpduguard: Detects when a spanning-tree bridge protocol data unit (BPDU) is received on a port configured for STP PortFast
- dhcp-rate-limit: Detects an error with DHCP snooping
- dtp-flap: Detects when trunking encapsulation is changing from one type to another
- gbic-invalid: Detects the presence of an invalid GBIC or SFP module
- inline-power: Detects an error with offering PoE inline power
- l2ptguard: Detects an error with Layer 2 Protocol Tunneling
- link-flap: Detects when the port link state is “flapping” between the up and down states
- loopback: Detects when an interface has been looped back
- pagp-flap: Detects when an EtherChannel bundle’s ports no longer have consistent configurations
- pppoe-ia-rate-limit: Detects errors with PPPoE Intermediate Agent rate limiting
- psecure-violation: Detects conditions that trigger port security configured on a port
- psp: Detects an error related to protocol storm protection
- security-violation: Detects errors related to 802.1X security
- sfp-config-mismatch: Detects errors related to SFP configuration mismatches
- small-frame: Detects errors when VLAN-tagged packets are too small and arrive above a certain rate
- storm-control: Detects when a storm control theshhold has been exceeded on a port
- udld: Detects when a link is seen to be unidirectional (data passing in only one direction)
Automatically Recover from Error Conditions
By default, ports put into the errdisable state must be re-enabled manually. This is done by issuing the shutdown command in interface configuration mode, followed by the no shutdown command. Before you reenable a port from the errdisable condition, you should always determine the cause of the problem so that the errdisable condition does not occur again.
You can decide to have a switch automatically reenable an errdisabled port if it is more important to keep the link up until the problem can be resolved. To automatically reenable an errdisabled port, you first must specify the errdisable causes that can be reenabled. Use the following command in global configuration mode, with a cause-name from the preceding list:
Switch(config)# errdisable recovery cause [all | cause-name]
If any errdisable causes are configured for automatic recovery, the errdisabled port stays down for 300 seconds (5 minutes), by default. To change the recovery timer, use the following command in global configuration mode:
Switch(config)# errdisable recovery interval seconds
You can set the interval from 30 to 86,400 seconds (24 hours).
For example, you could use the following commands to configure all switch ports to be reenabled automatically in 1 hour after a PoE error has been detected:
Switch(config)# errdisable recovery cause inline-power Switch(config)# errdisable recovery interval 3600
Remember that the errdisable causes and automatic recovery are configured globally; the settings apply to all switch ports.
Enable and Use the Switch Port
If the port is not enabled or activated automatically, use the no shutdown interface-configuration command. To view a port’s current speed and duplex state, use the show interfaces command. You can see a brief summary of all interface states with the show interfaces status command.
Troubleshooting Port Connectivity
Suppose that you are experiencing problems with a switch port. How would you troubleshoot it? The following sections cover a few common troubleshooting techniques.
Looking for the Port State
Use the show interfaces EXEC command to see complete information about the switch port. The port’s current state is given in the first line of output, as in Example 3-2.
Example 3-2 Determining Port State Information
Switch# show interfaces gigabitethernet 1/0/1
GigabitEthernet1/0/1 is up, line protocol is up
Hardware is Gigabit Ethernet, address is 0009.b7ee.9801 (bia 0009.b7ee.9801)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
The first up tells the state of the port’s physical or data link layer. If this is shown as down, the link is physically disconnected or a link cannot be detected. The second state, given as line protocol is up, shows the Layer 2 status. If the state is given as err-disabled, the switch has detected a serious error condition on this port and has automatically disabled it.
To quickly see a list of states for all switch ports, use the show interface status EXEC command. Likewise, you can see a list of all ports in the errdisable state (and the cause) by using the show interface status err-disabled EXEC command.
Looking for Speed and Duplex Mismatches
If a user notices slow response time or low throughput on a 10/100 or 10/100/1000 switch port, the problem could be a mismatch of the port speed or duplex mode between the switch and the host. This is particularly common when one end of the link is set to autonegotiate the link settings and the other end is not.
Use the show interface command for a specific interface and look for any error counts that are greater than 0. For example, in the following output in Example 3-3, the switch port is set to autonegotiate the speed and duplex mode. It has decided on 100 Mbps at half duplex. Notice that there are many runts (packets that were truncated before they were fully received) and input errors. These are symptoms that a setting mismatch exists between the two ends of the link.
Example 3-3 Determining Link Speed and Duplex Mode
Switch# show interfaces gigabitethernet 1/0/13 GigabitEthernet1/0/13 is up, line protocol is up Hardware is Gigabit Ethernet, address is 00d0.589c.3e8d (bia 00d0.589c.3e8d) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not setAuto-duplex (Half), Auto Speed (100)
, media type is 10/100/1000BaseTX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 81000 bits/sec, 49 packets/sec 500867 packets input, 89215950 bytes Received 12912 broadcasts,374879 runts
, 0 giants, 0 throttles374879 input errors
, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast 0 input packets with dribble condition detected 89672388 packets output, 2205443729 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out
Because this port is autonegotiating the link speed, it must have detected an electrical signal that indicated 100 Mbps in common with the host. However, the host most likely was configured for 100 Mbps at full duplex (not autonegotiating). The switch was incapable of exchanging duplex information, so it fell back to its default of half duplex. Again, always make sure both ends of a connection are set to the same speed and duplex mode.
Discovering Connected Devices
Suppose that you have two switches and connect a cable between them. Through your knowledge of the physical cabling, you know that the switches are connected and that they are directly connected neighbors. If you are not onsite with the equipment, you might not have an easy way to discover or verify how the switches are connected or even if they are connected at all. This situation might grow even more frustrating in a large network with many devices, except that you have a couple of handy discovery tools at your disposal. A switch can also leverage the discovery tools to learn about connected devices and their power requirements.
Cisco Discovery Protocol
The Cisco Discovery Protocol (CDP) is designed as an automated method for Cisco devices to advertise their existence to other neighboring devices. CDP is a Cisco proprietary protocol, so it is not always compatible with equipment from other manufacturers. CDP works in only one direction; advertisements are sent at regular intervals toward any listening device, but nothing is expected in return.
CDP advertisements are sent at the data link layer (Layer 2) so that neighboring devices can receive and understand them regardless of what upper layer protocol is in use on an interface. The advertisements are not meant to be routed or forwarded on through a network. Rather, they are received and processed by only directly connected neighbors.
Cisco devices such as routers and switches have CDP enabled by default. CDP advertisements are sent out every active interface at 60-second intervals. You can use the following command to display information about CDP advertisements that have been received by a switch:
Switch(config)# show cdp neighbors [type member/module/number] [detail]
The show cdp neighbors command will display a summary of CDP neighbors that have been discovered on all switch ports, as shown in Example 3-4. Switch1 has received advertisements from three other devices (a switch, a wireless access point, and an IP phone) that are connected to local interfaces. The Cisco device platform model is displayed, along with the port identifier on the connected device.
Example 3-4 Output from the show cdp neighbors Command
Switch1# show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID Switch2 Gig 1/0/24 178 S I WS-C3750E Gig 2/0/24 APb838.6181.0664 Gig 1/0/23 137 R T AIR-CAP37 Gig 0.1 SEP2893FEA2E7F4 Gig 1/0/22 159 H P M IP Phone Port 1 Switch1#
If there are many discovered neighbors, you can specify the local switch interface where a single device is connected. For example, the show cdp neighbors gig1/0/24 command would display only the CDP entry for Switch 2.
To see all of the CDP information received in an advertisement, add the detail keyword. Example 3-5 lists details learned about the CDP neighbor on interface Gigabit Ethernet 1/0/22, which is a Cisco IP phone. Notice that you find out useful information such as the software release, the neighbor’s duplex mode, and power requirements that have been negotiated.
Example 3-5 Displaying Detailed CDP Neighbor Information
Switch1# show cdp neighbors gig1/0/22 detail ------------------------- Device ID: SEP2893FEA2E7F4 Entry address(es): IP address: 10.120.48.177 Platform: Cisco IP Phone 7942, Capabilities: Host Phone Two-port Mac Relay Interface: GigabitEthernet2/0/7, Port ID (outgoing port): Port 1 Holdtime : 131 sec Second Port Status: Down Version : SCCP42.9-3-1-1S advertisement version: 2 Duplex: full Power drawn: 6.300 Watts Power request id: 59380, Power management id: 3 Power request levels are:6300 0 0 0 0 Management address(es): Switch1#
Although CDP is enabled by default, you disable it globally with the no cdp run command or reenable it with the cdp run global configuration command. Sometimes for security reasons, you might want to disable CDP advertisements on an individual interface so that devices (and people) on the other end of a switch port cannot learn about your switch. You can control CDP operation with the following interface configuration command:
Switch(config)# interface type member/module/number Switch(config-if)# [no] cdp enable
Link Layer Discovery Protocol
The Link Layer Discovery Protocol (LLDP) is similar to CDP, but is based on the IEEE 802.1ab standard. As a result, LLDP works in multivendor networks. It is also extensible because information is advertised by grouping attributes into Type-Length-Value (TLV) structures. For example, a device can advertise its system name with one TLV, its management address in another TLV, its port description in another TLV, its power requirements in another TLV, and so on. The LLDP advertisement then becomes a chain of various TLVs that can be interpreted by the receiving device.
LLDP also supports additional TLVs that are unique to audio-visual devices such as VoIP phones. The LLDP Media Endpoint Device (LLDP-MED) TLVs carry useful device information like a network policy with VLAN numbers and quality of service information needed for voice traffic, power management, inventory management, and physical location data.
LLDP supports the LLDP-MED TLVs by default, but it cannot send both basic and MED TLVs simultaneously on a switch port. Instead, LLDP sends only the basic TLVs to connected devices. If a switch receives LLDP-MED TLVs from a device, it will begin sending LLDP-MED TLVs back to the device.
By default, LLDP is globally disabled on a Catalyst switch. To see if it is currently running or not, use the show lldp command. You can enable or disable LLDP with the lldp run and no lldp run global configuration commands, respectively.
Use the following command to display information about LLDP advertisements that have been received by a switch.
Switch(config)# show lldp neighbors [type member/module/number] [detail]
Use the show lldp neighbors command to see a summary of neighbors that have been discovered. Example 3-6 lists the same three neighboring devices that were discovered with CDP in Example 3-4.
Example 3-6 Output from the show lldp neighbors Command
Switch1# show lldp neighbors Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold-time Capability Port ID Switch2 Gi1/0/24 113 B Gi2/0/24 APb838 Gi1/0/23 91 B,R Gi0 SEP2893FEA2E7F4 Gi1/0/22 180 B,T 2893FEA2E7F4:P1 Total entries displayed: 2 Switch1#
You can specify a switch interface to display the LLDP neighbor discovered there. Add the detail keyword to see all of the information about a neighbor. Example 3-7 lists the detailed information about the Cisco IP phone that is connected to interface Gigabit Ethernet 1/0/22. Notice that the bottom portion of the output contains parameters that were advertised in the LLDP-MED TLVs, such as the phone’s VLAN, quality of service, power configuration, and location.
Example 3-7 Displaying Detailed LLDP Neighbor Information
Switch1# show lldp neighbors gig1/0/22 detail ------------------------------------------------ Chassis id: 10.120.48.177 Port id: 2893FEA2E7F4:P1 Port Description: SW PORT System Name: SEP2893FEA2E7F4.voice.uky.edu System Description: Cisco IP Phone 7942G,V6, SCCP42.9-3-1-1S Time remaining: 124 seconds System Capabilities: B,T Enabled Capabilities: B,T Management Addresses: IP: 10.120.48.177 Auto Negotiation - supported, enabled Physical media capabilities: 1000baseT(HD) 1000baseX(FD) Symm, Asym Pause(FD) Symm Pause(FD) Media Attachment Unit type: 16 Vlan ID: - not advertised MED Information: MED Codes: (NP) Network Policy, (LI) Location Identification (PS) Power Source Entity, (PD) Power Device (IN) Inventory H/W revision: 6 F/W revision: tnp42.8-3-1-21a.bin S/W revision: SCCP42.9-3-1-1S Serial number: FCH1414A0BA Manufacturer: Cisco Systems, Inc. Model: CP-7942G Capabilities: NP, PD, IN Device type: Endpoint Class III Network Policy(Voice): VLAN 837, tagged, Layer-2 priority: 5, DSCP: 46 Network Policy(Voice Signal): VLAN 837, tagged, Layer-2 priority: 4, DSCP: 32 PD device, Power source: Unknown, Power Priority: Unknown, Wattage: 6.3 Location - not advertised Total entries displayed: 1 Switch1#
Once LLDP is enabled, advertisements are sent and received on every switch interface. You can control LLDP operation on an interface with the following command.
Switch(config-if)# [no] lldp {receive | transmit}
Using Power over Ethernet
A Cisco wireless access point or a Cisco IP phone is like any other node on the network; it must have power to operate. Power can come from the following three sources, as illustrated in Figure 3-1.
- An external AC adapter connected directly to the device
- A power injector, which connects to AC power near an Ethernet switch and provides DC power over the network data cable
A switch capable of providing DC Power over Ethernet (PoE) over the network data cable
Figure 3-1 Methods to Supply Power to a Networked Device
The external AC adapter plugs into a normal AC wall outlet and provides 48V DC to the device. These adapters, commonly called wall warts, are handy if no other power source is available. However, if a power failure occurs in the room or outlet where the adapter is located, the powered device will fail.
As an alternative, you can connect a regular data switch port to a power injector, which injects DC power onto the network cable leading to the powered device. The power injector lets you use the network cabling for both power and data, but requires a connection to a normal AC power source. Typically, a power injector is connected to AC power in a wiring closet close to the switch. One pitfall of using power injectors is that you need one injector and one AC power outlet per switch port!
A more elegant solution is available as inline power or Power over Ethernet (PoE). Here, a 48V DC supply is provided to a device over the same unshielded twisted-pair cable that is used for Ethernet connectivity. The DC power source is the Catalyst switch itself. No other power source is needed unless an AC adapter is required as a redundant source.
PoE has the benefit that it can be managed, monitored, and offered only to a known device. In fact, this capability is not limited to Cisco devices—any device that can request and use inline power in a compatible manner can be used. Otherwise, if a nonpowered device such as a normal PC is plugged into the same switch port, the switch will not offer power to it.
In a best practice design, the Catalyst switch should be connected to an uninterruptible power supply (UPS) so that it continues to receive and offer power even if the regular AC source fails. This allows an IP phone or other powered device to be available for use even during a power failure.
How PoE Works
A Catalyst switch can offer power over its Ethernet ports only if it is designed to do so. It must have one or more power supplies that are rated for the additional load that will be offered to the connected devices. PoE is available on many Cisco Catalyst switch platforms.
Several methods provide PoE to connected devices, as listed in Table 3-6. Cisco Inline Power (ILP) is a proprietary method that was developed before the IEEE standards. The 802.3af and 802.3at standards offer vendor interoperability, as well as power at varying capacities. Cisco Universal PoE (UPoE) is a proprietary method to deliver high capacity power to devices beyond that of 802.3at.
Table 3-6 PoE Methods
Method |
Common Name |
Power Offered |
Cisco Inline Power |
ILP |
7W |
IEEE 802.3af |
PoE |
15.4W |
IEEE 802.3at |
PoE+ |
25.5W |
Cisco Universal PoE |
UPoE |
60W |
Detecting a Powered Device
A switch always keeps the power disabled when a switch port is down; however, the switch must continually try to detect whether a powered device is connected to a port. If it is, the switch must begin providing power so that the device can initialize and become operational. Only then will the Ethernet link be established.
The switch begins by supplying a small voltage across the transmit and receive pairs of the copper twisted-pair connection. It then can measure the resistance across the pairs to detect whether current is being drawn by the device. For example, if a 25K ohm resistance is measured, a powered device is indeed present.
The switch also can apply several predetermined voltages to test for corresponding resistance values. These values are applied by the powered device to indicate which of the five PoE power classes it belongs to. Knowing this, the switch can begin allocating the appropriate maximum power needed by the device. Table 3-7 lists the power classes.
Table 3-7 PoE Power Classes
Power Class |
Maximum Power Offered at 48V DC |
0 (default) |
15.4W |
1 |
4.0W |
2 |
7.0W |
3 |
15.4W |
4 (802.3at) |
Up to 30W |
The default class 0 is used if either the switch or the powered device does not support or does not attempt the optional power class discovery. Class 4 represents the highest power range (up to 30W) that can be offered to a device.
Normally, a switch will offer a maximum of 15.4W per port. Once the switch begins offering power on the port, the device can power up all or a portion of its circuitry. If additional power is needed, the device can inform the switch through CDP or LLDP advertisements and request up to the full 30W allowed for PoE class 4.
On a Catalyst switch that can support the Cisco proprietary UPoE feature, a powered device can request more than 30W of power. The device can use special TLVs with either CDP or LLDP to request UPoE up to a maximum of 60W. At press time, only the Catalyst 4500 offers UPoE.
Configuring PoE
PoE configuration is fairly straightforward. By default, each switch port can automatically detect the presence of a PoE-capable device before applying power. You can configure how the switch will handle PoE with the following interface configuration command:
Switch(config-if)# power inline {auto | static} [max milliwatts]
With the auto keyword, the connected device can request power through CDP or LLDP and the switch will attempt to deliver it, up to a default maximum of 30W—as long as there is enough power available from the switch’s power supply. You can use the static keyword instead, to preallocate a fixed amount of power to a device.
Add the max keyword to specify a maximum amount of power to offer on the interface, regardless of what the device requests. Specify the maximum power with a value from 4000 to 30000 milliwatts (4 to 30W). The maximum value you choose should be more than you expect the connected device to use, but not set to the maximum possible.
In Example 3-8, interface Gigabit Ethernet 1/0/1 has been configured for PoE auto mode with a maximum power of 6 watts (6000 milliwatts). Unfortunately, the connected device would like to use 15.4W; as a result, the switch rejects the power request and keeps the device in a not-connected state. The request-reject cycle continues at regular intervals until the PoE maximum is set to a sufficient value.
Example 3-8 Setting a Maximum PoE Limit on a Switch Port
Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# power inline auto max 6000 Switch(config-if)# Mar 30 02:36:21.269: %ILPOWER-7-DETECT: Interface Gi1/0/1: Power Device detected: IEEE PD Mar 30 02:36:21.269: %ILPOWER-5-ILPOWER_POWER_DENY: Interface Gi1/0/1: inline power denied. Reason: Insufficient total available power Mar 30 02:36:37.073: %ILPOWER-7-DETECT: Interface Gi1/0/1: Power Device detected: IEEE PD Mar 30 02:36:37.073: %ILPOWER-5-ILPOWER_POWER_DENY: Interface Gi1/0/1: inline power denied. Reason: Insufficient total available power Switch(config-if)# Switch(config-if)# power inline auto max 15400 Switch(config-if)# Switch(config-if)# Mar 30 01:38:37.034: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/1: Power granted Mar 30 01:38:41.513: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up Mar 30 01:38:42.520: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEther- net1/0/1, changed state to up Mar 30 01:39:09.540: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
To disable PoE on a switch interface, use the following interface configuration command:
Switch(config-if)# power inline never
Power never will be offered and powered devices never will be detected on that port.
Verifying PoE
As you manage a PoE switch, be mindful of its power capacity. The power supply installed in the switch must provide power for the switch electronics, as well as any connected PoE devices. It is quite possible that the power supply is not rated to offer the maximum power on every switch port. Make sure that the maximum power configured on each switch port represents a reasonable value expected for the connected device. You should also make sure that the total power that can possibly be used by all connected devices does not exceed the total power available from the power supply.
You might be tempted to leave a switch with its default configuration, using auto-discovery of PoE devices on every port, with a generous maximum power level. In that way, the switch should be able to power devices as they are connected, with no further intervention from you. However, suppose that more and more PoE devices are connected to the switch over time. Some of them may be newer models that require greater amounts of power to operate. Without keeping a close watch on the switch’s power budget, you might end up with more demand for power than the switch can supply. Once that occurs, the best outcome is that some devices will not receive power; the worst outcome is that the power supply might be damaged.
To monitor the power budget, you can use the following command:
Switch# show power inline
With no other options, show power inline displays a list of switch ports and their current states. Example 3-9 lists the inline power status for all interfaces on a switch.
Example 3-9 Displaying Switch Port PoE Status
Switch1# show power inline Module Available Used Remaining (Watts) (Watts) (Watts) ------ --------- -------- --------- 1 710.0 110.4 599.6 Interface Admin Oper Power Device Class Max (Watts) --------- ------ ---------- ------- ------------------- ----- ---- Gi1/0/1 auto on 6.3 IP Phone 7910 n/a 30.0 Gi1/0/2 auto on 6.3 IP Phone 7912 n/a 30.0 Gi1/0/3 auto off 0.0 n/a n/a 30.0 Gi1/0/4 auto off 0.0 n/a n/a 30.0 Gi1/0/5 auto on 6.3 IP Phone 7910 n/a 30.0 Gi1/0/6 auto off 0.0 n/a n/a 30.0 Gi1/0/7 auto on 6.3 IP Phone 7910 n/a 30.0 Gi1/0/8 auto on 6.3 IP Phone 7910 n/a 30.0 Gi1/0/9 auto on 6.3 IP Phone 7910 n/a 30.0 Gi1/0/10 auto on 6.3 IP Phone 7942 2 30.0 Gi1/0/11 auto off 0.0 n/a n/a 30.0 Gi1/0/12 auto on 16.8 AIR-CAP3702I-A-K9 4 30.0 Gi1/0/13 auto on 16.8 AIR-CAP3702I-A-K9 4 30.0 Gi1/0/14 auto on 16.8 AIR-CAP3702I-A-K9 4 30.0 Gi1/0/15 auto on 16.8 AIR-CAP3702I-A-K9 4 30.0 Gi1/0/16 auto on 4.0 Ieee PD 1 30.0 Gi1/0/17 auto on 4.0 Ieee PD 1 30.0 Gi1/0/18 auto off 0.0 n/a n/a 30.0
Notice that the first few lines display information about the current power budget. The switch has 710.0W available for PoE; 110.4W are used, leaving 599.6W for additional PoE use.
Switch ports are listed with the following columns:
- Interface: The interface number
- Admin: The administrative PoE state; autodiscover, on, or off
- Oper: The operational state; on, off, or errdisable
- Power (watts): The actual amount of power being drawn by the device, measured in real-time by power measurement circuitry
- Device: The device model or type, determined by CDP or LLDP
- Class: The IEEE PoE class number
- Max: The maximum allowed power draw on the port
In Example 3-9, all switch ports have defaulted to a maximum allowed power of 30W. Suppose that PoE devices were connected to every one of the 48 ports and each device required the full 30W. The total power needed would be 1440W—much greater than the 710W available. Even at 15.4W per port, the power supply would still be oversubscribed. As a best practice, you should configure each port’s maximum power to a reasonable value that won’t overwhelm the switch.
You can use the following commands to focus on the PoE activity on a specific switch stack member or a specific interface, respectively:
Switch# show power inline [module member] [detail] Switch# show power inline [type member/module/number] [detail]
Example 3-10 provides some sample output from the latter command, with and without the detail keyword.
Example 3-10 Displaying Detailed PoE Information
Switch1# show power inline gigabitethernet1/0/5 Interface Admin Oper Power Device Class Max (Watts) --------- ------ ---------- ------- ------------------- ----- ---- Gi1/0/5 auto on 16.8 AIR-CAP3702I-A-K9 4 30.0 Interface AdminPowerMax AdminConsumption (Watts) (Watts) ---------- --------------- -------------------- Gi1/0/5 30.0 30.0 Switch1# Switch1# show power inline gigabitethernet1/0/5 detail Interface: Gi1/0/5 Inline Power Mode: auto Operational status: on Device Detected: no Device Type: cisco AIR-CAP3702I- IEEE Class: 4 Discovery mechanism used/configured: Unknown Police: off Power Allocated Admin Value: 30.0 Power drawn from the source: 16.8 Power available to the device: 16.8 Actual consumption Measured at the port: 6.2 Maximum Power drawn by the device since powered on: 9.2 Absent Counter: 0 Over Current Counter: 0 Short Current Counter: 0 Invalid Signature Counter: 0 Power Denied Counter: 0 Switch1#