ENCS Switch Configuration

Access to the ENCS switch is restricted through Consent Token. Consent Token is a security feature that is used to authenticate the network administrator of an organization to access system shell with mutual consent from the network administrator and Cisco Technical Assistance Centre (Cisco TAC).


Note

From the switch console, there is access to debug mode and an advanced debug mode. Credentials of the local user are synchronized to access debug mode. Advanced debug uses unique credentials for each device that allows for additional debugging options for Cisco engineering. To enter either debug mode permission must be granted through Consent Token.


ENCS Switch Portal Configuration

Switch Settings

The Switch option from the Cisco Enterprise NFVIS portal allows you to configure STP/RSTP, VLAN on specified ranges, RADIUS based authentication, and port channel load balancing for various switch ports. This section describes how to configure settings on the ENCS switch portal.

You can view the Switch Interface operational data and the statistics parameters in the following table:

Table 1. Switch Settings Interface

Parameter

Description

Values

SwitchPort

Specifies the switch interface name.

Description

Specifies the description of the interface.

Status

Specifies the status of the interface.

up or down

MAC Address

Specifies the MAC address of the interface.

PortType

Specifies the mode of the port interface.

Supported types are:

  • access

  • dot1q-tunnel

  • private-vlan

  • trunk

VLAN

Specifies the VLAN ID.

Range: 1-2349 and 2450-4093

Speed

Specifies the speed of the interface.

Speed:

  • 10 MBPS

  • 100 MBPS

  • 1000 MBPS

RxBytes

Specifies the received data on interface in bytes.

PktDrop

Specifies the number of packet drops.

PORT

Specifies the port number.

IN-UCAST

Specifies the number of incoming unicast packets at the interface.

OUT-UCAST

Specifies the number of outgoing unicast packets at the interface.

IN-MCAST

Specifies the number of incoming multicast packets at the interface.

OUT-MCAST

Specifies the number of outgoing multicast packets at the interface.

IN-BCAST

Specifies the number of incoming broadcast packets at the interface.

OUT-BCAST

Specifies the number of outgoing broadcast packets at the interface.

Configuring Spanning Tree

Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The main purpose of STP is to ensure that you do not create loops when you have redundant paths in your network.

The Spanning Tree option is enabled by default. You can click on edit and make the necessary settings or disable Spanning Tree if required.

The configuration of spanning tree has the following parameters when it is enabled:

Table 2. Spanning Tree Parameters

Parameter

Description

Values

Spanning Tree

Specifies the state of the Spanning Tree.

Enable or Disable

The default value is Enable.

Mode

Specifies the mode of the Spanning Tree.

stp or rstp

Forward Time

Specifies the Spanning Tree forward time in seconds.

Range: 4-30 seconds

Hello Time

Specifies the Hello time in seconds.

Range: 1 to10 seconds

Max Age

Specifies the spanning-tree bridge maximum age in seconds.

Range: 6 to 40 seconds

Loopback Guard

Specifies the loopback guard status.

Enable or Disable

Path Cost Method

Specifies the speed of the interface.

Method:

  • long - for 32 bit based values for default port path costs.

  • short - 16 bit based values for default port path costs.

The default method is long.

Priority

Specifies the port priority.

Range: 0 to 61440 in steps of 4096

The default value is 32768.

BPDU Filtering

Specifies that BPDU packets are filtered when the spanning tree is disabled on an interface.

BPDU Flooding

Specifies that BPDU packets are flooded unconditionally when the spanning tree is disabled on an interface.

Configuring Dot1x

This chapter describes how to configure dot1x port-based authentication on the Cisco Enterprise NFVIS portal. dot1x prevents unauthorized devices (clients) from gaining access to the network. It is a standard for media-level (Layer 2) access control, offering the capability to permit or deny network connectivity based on the identity of the end user or device. The dot1x is disabled by default. You can click on edit to enable dot1x.

The configuration of dot1x has the following parameters:

Table 3. Dot1x Parameters

Parameter

Description

Values

Authentication

Specifies the authentication type for the port.

radius or none

The default value is radius.

Guest VLAN Timeout(s)

Specifies the time delay in seconds between enabling Dot1X (or port up) and adding the port to the guest VLAN.

Range: 30 to 180 seconds

System Auth control

Specifies the authentication control.

Enable or Disable

Configuring LACP

The Link Aggregation Control Protocol (LACP) enables you to bundle several physical ports together to form a single logical channel. LACP enables you to form a single Layer 2 link automatically from two or more Ethernet links. This protocol ensures that both ends of the Ethernet link are functional and are part of the aggregation group.

LACP uses the following parameters to control aggregation:

Table 4. LACP Parameters

Parameter

Description

Values

System Priority

Specifies the port priority.

Range: 1 to 65535

Port-channel load balance

Specifies the load balance of the port channel.

Mac Based or IP Based

Configuring VLAN

You can use virtual LANs (VLANs) to divide the network into separate logical areas. VLANs can also be considered as broadcast domains. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router.

You can configure VLANs in the range <1-2349>|<2450-4093> for a specified switch port.

Configuring General Settings

You can configure general settings using the following parameters for each switch interface:

  • Interface—Name of the interface

  • Description—Set the description per interface

  • Speed—10/100/1000 MBPS

  • Dot1x Auth—802.1x, mac or both

  • PoE Method—auto, never or four-pair

  • PoE Limit—0-60000mW

  • Admin Status—enable or disable

Configuring Advanced Settings

You can make the advanced settings using the following parameters for each switch interface:

  • Mode—access, dot1q-tunnel, private-vlan, or trunk

  • Access Vlan—Specifies the number of VLANs.

  • Allowed Vlan—All or VLAN IDs

  • Native Vlan—Specifies the VLAN ID. You can enter a value from one of the following ranges:

    • 1 to 2349

    • 2450 to 4093

  • Dot1q Tunnel Vlan—Specifies the Layer 2 tunnel port.

  • Community—Specifies the community number. Range: 1 to 29

  • Protected Port—Yes or No


Note

The VLAN configuration takes effect only if the global VLANs are also configured with the same values in Configuring VLAN.


Configuring Spanning Tree per Interface

You can configure spanning tree for each switch interface using the following parameters:

  • Spanning Tree—Enable or Disable

  • Cost—Specifies the cost. Range: 1 to 200000000

  • Priority—Specifies the port priority. Range: 0 to 240, default value is 128

  • Link Type—point-to-point or shared

  • BPDU Guard—Enable or Disable

  • Root Guard—Enable or Disable

  • Port Fast—auto or enable

  • BPDU Filtering—Specifies that BPDU packets are filtered when the spanning tree is disabled

  • BPDU Flooding—Specifies that BPDU packets are flooded when the spanning tree is disabled