Cisco Systems 2960 manual

Corporate He adquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 Catal yst 2960 S witc h S of t w are Conf iguration Guide Cisco IOS R elease 12.2(25 )FX S epte mber 2005 Custome r Order Numb er: DO C-78168 81= Text Pa rt Nu mber: 78-[...]

THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY PR[...]

iii Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 CONTENTS Preface xx vii Audienc e xxvii Pur pose xxvi i Conv enti ons xxviii Rela ted Publi cation s xxvi ii Obtain ing Docu mentati on xxix Cisco. com xxix Produc t Documentat ion DVD xx x Orderi ng Documenta tion xxx Document ation F eedback xxx Cisco Pr oduct S ecurit y Overview[...]

Cont ent s iv Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Wher e to Go N ext 1-16 CHAPTER 2 Using t he Command -Line I nterface 2-1 Underst anding Comma nd Modes 2-1 Underst anding th e Help Sy stem 2-3 Underst anding Abb reviat ed Commands 2-4 Underst anding no and defa ult Forms of Commands 2-4 Underst anding CL I Erro r Messa[...]

Content s v Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Specif ying the Fi lename to Read and Writ e the Syst em Configu ration 3-12 Bootin g Manual ly 3-13 Bootin g a Speci fic Soft ware Image 3-13 Contro lling En viro nment Vari ables 3-14 Schedul ing a Relo ad of the Software I mage 3-1 5 Config urin g a Schedule d Reloa d 3-[...]

Cont ent s vi Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 CHAPTER 6 Administ ering the Swit ch 6-1 Managing the System Ti me and Date 6-1 Underst anding th e Syste m Clock 6-2 Underst anding Net work Ti me Protoco l 6-2 Config urin g NTP 6-4 Defaul t NTP Conf igurati on 6-4 Config urin g NTP Authent icatio n 6-5 Config urin g NT[...]

Content s vii Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 CHAPTER 7 Configur ing S DM Templates 7-1 Underst anding th e SDM Templa tes 7-1 Config urin g the Switch SDM Templat e 7-2 Defaul t SDM Template 7-2 SDM Templ ate Confi guratio n Guideli nes 7-2 Setti ng the SDM Temp late 7-2 Displa ying the SDM Te mplate s 7-3 CHAPTER 8[...]

Cont ent s viii Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Config urin g RADIUS Author ization f or User Pri vilege d Access and Net work Ser vices 8-27 Starti ng RADI US Acco unting 8-28 Config urin g Setting s for All RADI US Servers 8-29 Config urin g the Switch to Use Vend or-Speci fic R ADIUS A ttribu tes 8-29 Config urin [...]

Content s ix Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Using IE EE 802. 1x with VLAN Ass ignment 9-8 Using IE EE 802. 1x with Gues t VLAN 9-10 Conf igur ing IEEE 8 02. 1x Au then tic ation 9-10 Defa ult IEEE 8 02.1x Conf igur ation 9-11 IEEE 802 .1x Con figurat ion Guid elines 9-1 2 Config urin g IEEE 802. 1x Authe nticat ion [...]

Cont ent s x Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Config urin g IEEE 802. 3x Flo w Control 10-14 Config urin g Auto-MDIX on an Inte rface 10-15 Adding a De scrip tion for an Interf ace 10-16 Config urin g the System MTU 10-1 6 Monitor ing an d Mainta inin g the Inte rface s 10-18 Moni tori ng In terfa ce S tat us 10-18 Cl[...]

Content s xi Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Displa ying VLANs 12-1 3 Config urin g VLAN Trunks 12-14 Trunki ng Over view 12-14 IEEE 802 .1Q Conf igurat ion Consi derati ons 12 -15 Defau lt Lay er 2 Et herne t Inte rfac e VLAN Conf igura tion 12-16 Config urin g an Etherne t Inter face as a Trunk Port 12-16 Intera ct[...]

Cont ent s xii Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 VTP C onf igurat ion in G lobal Con fig uratio n M ode 13-7 VTP Confi gurati on in VLAN Data base Con figurati on Mode 13-7 VTP Confi gurati on Guid elines 13-8 Domain Names 13-8 Passw or ds 13-8 VTP Versi on 13-8 Config urati on Requir ements 13-9 Config urin g a VTP Se[...]

Content s xiii Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 How a Switch or Port Become s the Root Swi tch or Root Port 15-7 Spannin g Tree an d Redundan t Connec tivit y 15-8 Spannin g-Tr ee Address Man agement 15-8 Acceler ated Aging to R etain Connect ivity 15-8 Spannin g-Tr ee Modes and Pro tocols 15-9 Support ed Sp anning- T[...]

Cont ent s xiv Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Bridg e Pr otoc ol Da ta U nit F orm at an d Pr oce ssing 16-9 Proces sing Su perior BP DU Informat ion 16-10 Proces sing Inf erior BPDU I nformati on 16-1 0 Topolo gy Chang es 16-10 Config urin g MSTP Feat ures 16-11 Defaul t MSTP Conf igurati on 16-1 1 MSTP Confi gurat[...]

Content s xv Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Enabli ng E therChan nel Guard 17-14 Enab ling R oot G uard 17-15 Enab ling L oop G uard 17-15 Displa ying the Sp anning- Tree St atus 17-16 CHAPTER 18 Configur ing F lex Lin ks 18-1 Underst anding Fl ex Links 18-1 Config urin g Flex Lin ks 18-2 Defau lt F lex Link Conf ig[...]

Cont ent s xvi Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Config urin g IGMP Snoop ing 20-6 Defaul t IGMP Snoo ping Co nfigura tion 20-6 Enabl ing or Disa blin g IGMP Snoopi ng 20-6 Setti ng the Snoopi ng Meth od 20-7 Config urin g a Multi cast Route r Port 20-8 Config urin g a Host Stati cally to Join a Grou p 20-9 Enabli ng I[...]

Content s xvii Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Config urin g a Protect ed Port 21-6 Config urin g Port Bloc king 21-6 Defaul t Por t Bloc king C onfig uratio n 21-6 Blocki ng Floode d Traf fic on an In terface 21-7 Config urin g Port Secur ity 21-7 Underst andi ng Port Secu rity 21-8 Secure MAC Add resses 21-8 Secu r[...]

Cont ent s xviii Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 SPAN Confi gurati on Guideline s 23-10 Creati ng a Local SPAN S ession 23-10 Creati ng a Loca l SPAN Sessi on and Confi guring I ncoming Tr affic 23-1 3 Specif ying VLANs t o Filter 23-15 Config urin g RSPAN 23 -16 RSPA N Co nfig urat ion G uide line s 23-16 Config uri[...]

Content s xix Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Defaul t Syste m Message Lo gging Conf igurat ion 26-3 Disabl ing Message Loggin g 26-3 Setti ng the Message Displ ay Destina tion Device 26-4 Synchro nizing Log Mes sages 26-5 Enabli ng and Disa blin g Time Stamps on Log Messag es 26 -7 Enabli ng and Disa blin g Sequence[...]

Cont ent s xx Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Config urin g IPv4 ACLs 28-4 Creati ng Standar d and Ext ended IPv 4 ACLs 28-5 Access Li st Numbers 28-6 Creati ng a Nu mbered Standar d ACL 28-7 Creati ng a Nu mbered Extend ed ACL 28-8 Reseque ncing ACEs i n an ACL 28-1 2 Creati ng Named Stand ard and Extended ACL s 28-[...]

Content s xxi Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Config urin g Auto-QoS 29-19 Generat ed Auto- QoS Confi guratio n 29-19 Effect s of Auto-Q oS on the Co nfigura tion 29-24 Auto-Qo S Conf igurat ion Guideline s 29-24 Enabli ng Auto -QoS for VoI P 29-2 5 Auto-Qo S Conf igurat ion Example 29-26 Displa ying Au to-QoS Inf or[...]

Cont ent s xxii Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Config urin g Egress Queu e Chara cteris tics 29-62 Config uration Guidel ines 29-6 2 Alloca ting Buff er Spac e to and Sett ing WTD Thres holds for an Egress Que ue-Se t 29-6 2 Mapping DSC P or CoS Value s to an Egr ess Queue and to a Thresho ld ID 29-64 Config urin g [...]

Content s xxiii Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Recover ing from a Comma nd Switch Fa ilure 31-7 Replac ing a Fail ed Command Swit ch with a Clus ter Member 31-8 Replac ing a Fail ed Command Switch with Anoth er Swit ch 31-9 Reco veri ng f rom L ost Clu ster Mem ber C onn ect ivity 31-1 1 Preven ting Au tonegoti atio[...]

Cont ent s xxiv Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Copyin g File s B-4 Dele ting F iles B-5 Creati ng, Di splayi ng, and Ext racting tar File s B- 5 Creati ng a tar F ile B-6 Displa ying the Co ntent s of a tar Fi le B-6 Extracti ng a tar F ile B-7 Displa ying the Co ntent s of a File B-8 Working with C onfigur atio n F[...]

Content s xxv Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Copyin g Image Fil es By Using RCP B-29 Prepar ing to Download or Upl oad an Image File By Usi ng RCP B-29 Download ing an Im age File By Using RCP B-31 Uploadi ng an Ima ge File By Us ing RCP B-32 APPENDI X C Recommendati ons f or Upgrad ing a Catalys t 2950 Switch to a [...]

Cont ent s xxvi Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Span ning Tre e D-4 Unsuppor ted Globa l Conf igurati on Command D-4 Unsuppor ted Inte rfac e Configur ation Co mmand D-4 VLAN D-4 Unsuppor ted Globa l Conf igurati on Commands D-4 Unsuppor ted vlan -conf ig Command D-5 Unsuppor ted User EX EC Commands D-5 VTP D-5 Unsup[...]

xxvii Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Preface Audience This gu ide is for the ne tworking profe ssional m ana ging the Cata lyst 29 60 switc h, here after refe rred t o as t he switch . Before using thi s guide, you should have e xperienc e workin g with the Cisco IO S software and be fami liar wit h th e conc epts a[...]

xxvii i Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Preface Conv ent ions Conven tions This pu blica tion use s the se conv enti ons to conve y instru ctions and i nforma tion: Command descri ptions use th ese conventions: • Command s and keywords are in boldface te xt. • Arguments fo r which you suppl y values are in italic[...]

xxix Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Pre face Obtaining Documentat ion • For cluste r requ ireme nts, see the Release Notes for C isco Network Assistant (no t orderabl e but av ailable on Cisco.co m). • For upgrading i nform ation , see the “D ownloading Soft ware” se ction in th e release notes. Y ou can ord[...]

xxx Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Preface Docum entation Fe edback Product Docu mentation DVD Cisco docum entat ion and a dditiona l litera ture ar e av ailable in the Pro duct Do cument ation D VD package , which may have shipped with your pro duct. Th e Produc t Docum entation DVD is updated regula rly and may be[...]

xxxi Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Pre face Cisco Pro duct Se curity Ove rview Cisco Product Security Overview Cisco pro vides a free onlin e Security V ulnerability Polic y po rtal at t his URL: http://www .cisco.com/en /US/products/pr oducts_security_ vulnerability_p olicy .html From th is site, you ca n pe rform[...]

xxxii Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Preface Obtain ing Techni cal Ass istance Obtaining Tech nical Ass istance Cisco T ech nical Suppo rt provides 24- hour-a-day award-win ning techn ical assistance . The Cisc o T echnica l Support & Docume ntatio n website o n Cisco. com fea tures extensiv e online sup port re[...]

xxxii i Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Pre face Obtaining Additional Publications and Information T o ope n a servi ce reque st by telephone , use one of th e following numb ers: Asia-Pacific: +61 2 8446 7411 (Austral ia: 1 800 805 227 ) EMEA: +3 2 2 704 55 55 USA: 1 800 553-2 447 For a complete list of Cisco T A C [...]

xxxiv Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Preface Obtainin g Addi tional Pub lications and Informat ion • iQ Magazine is t he quarte rly publ ication fr om Ci sco System s designe d to help gr owing compan ies learn how t hey can u se t echnol ogy to i ncr ease revenue, st reaml ine the ir business , and expand service[...]

C HAPTER 1-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 1 Overview This chapte r provides these topics about the Catal yst 2960 switch software: • Feat ures , page 1- 1 • Defa ult Settings After In itial Swi tch Conf iguration, page 1-8 • Network Configu ration E xamples, page 1-11 • Where to Go Next, page 1-16 In th is d[...]

1-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Ch apter 1 Over view Feature s Ease -of-Use and Eas e-of- Deployme nt Featur es • Express Se tup for quickly configur ing a swi tch for t he first time with ba sic IP i nforma tion, contac t inform ation, sw itch a nd T eln et passwords, and Sim ple N etwork Manageme nt Prot ocol[...]

1-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 Ov erview Features Performa nce Featu res • Autosensi ng of port spe ed and aut onegotiation of duplex mode on all switch por ts for optimi zing bandwidth • Automatic -medium-depende nt interfa ce crossov er (auto-MDIX) capability on 10/1 00 and 10/100/1000 Mbps interfa[...]

1-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Ch apter 1 Over view Feature s • CLI—Th e Cisco I OS software suppo rts desktop - and mu ltilaye r-switching fe atures. Y ou can access the CLI e ither by c onnec ting your man agement station direc tly to the sw itch con sole por t or by usi ng T elnet fro m a remote managemen[...]

1-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 Ov erview Features • In-band manageme nt access thro ugh SNMP V ersions 1, 2c, and 3 get and set reque sts • Out-of- band mana geme nt access th rough th e switch conso le port to a directly att ached termin al or to a remote term inal through a se rial c onnec tion or [...]

1-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Ch apter 1 Over view Feature s VLAN Fea tures • Support for up to 255 VL ANs for assi gning use rs to VLANs assoc iated wit h appro priate ne twork resources, traff ic pat terns, a nd bandw idth • Support for VL AN ID s in the 1 to 4094 range as al lowed by the IEE E 80 2.1Q st[...]

1-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 Ov erview Features – Guest VLAN to pr ovide lim ited servi ces to non- IEEE 80 2.1x- compl iant u sers – IEEE 8 02.1x acc ountin g to track netwo rk usage • T A CA CS+, a propri etar y featur e for mana ging network security th rough a T ACA CS ser ver • RADIUS for [...]

1-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Ch apter 1 Over view Default Set tings Aft er Initial Swi tch Configurat ion • Egress q ueues a nd sche duling – Four egress que ues p er port – WTD as the co ngesti on-a v oidance me chanism f or managi ng the queue lengths and pro viding drop pr ecedenc es for d if ferent t[...]

1-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 Ov erview Default Settings After Initial Switch Configuration If you do not co nfigure the switc h at all, t he switch operate s with the se default sett ings: • Default swi tch IP addre ss, subnet mask , and defaul t gateway is 0.0.0.0. For more in formati on, see Chapte[...]

1-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Ch apter 1 Over view Default Set tings Aft er Initial Swi tch Configurat ion • For STP , PVST+ is enabl ed on VLAN 1 . For m ore informatio n, see Chapter 15, “C onfiguring STP .” • MSTP is disa bled. For mo re inform ation , see C hapter 1 6, “Configuri ng MSTP .” •[...]

1-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 Ov erview Network Configuration Examples Network Config uration Examp les This se ction provides network co nfigurati on conc epts a nd inc ludes examples of using the s witch t o creat e dedica ted network segment s and int erconne ctin g the segment s throug h Fast Ether[...]

1-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Ch apter 1 Over view Netwo rk Configura tion Examp les Bandwidt h alone is not the only c onsidera tion whe n designing you r network. As your netwo rk traffic profiles evolv e, con sider p roviding network services that can sup port a pplicat ions f or voice a nd dat a inte grati[...]

1-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 Ov erview Network Configuration Examples Figur e 1 -1 High-P erfor mance W or kgr oup (Gigabit-t o-the-Desktop ) • Serv er aggr eg ation ( Figure 1-2 )— Y ou c an us e the switch es to in tercon nect groups of servers, central izing phy sical sec urity and ad ministra [...]

1-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Ch apter 1 Over view Netwo rk Configura tion Examp les Figu re 1 - 2 Ser ver Aggregati on Small to M edium-Si zed Net work Using Catalyst 2960 Switches Figure 1-3 shows a configurat ion fo r a ne twork of up to 500 e mployees. T his net work uses Catal yst 2960 switches w ith high[...]

1-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 Ov erview Network Configuration Examples Catalyst PoE sw itch ports aut omatical ly detect any Cisco pre-standard and IEEE 802. 3af- complia nt powered devices that ar e connec ted. Ea ch PoE switc h port provide s 15.4 W of power per port . The powered device, such as a C[...]

1-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Ch apter 1 Over view Where to Go Nex t Figur e 1 -4 Long-Distanc e, High-Bandw idth T ransp ort Con figur ation Where to Go Next Before conf iguring the switch, re vie w these secti ons for startup informatio n: • Chapter 2, “Using the Comman d-Lin e Inter face” • Chapter [...]

C HAPTER 2-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 2 Using the Command-Line Interface This c hapte r descr ibes t he Cisco IOS comm and-li ne in terface ( CLI) and how t o use it to configure your Catalyst 29 60 switch. I t contain s these sectio ns: • Understa nding C omman d Modes, pa ge 2-1 • Understa nding the Hel p [...]

2-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter face Unders tanding Comm and Mode s T able 2-1 Command Mo de Summa ry Mod e Acce ss Met hod Promp t Exit M ethod Abou t Thi s Mode User EXE C Begin a session with your sw itch. Switch> Enter logout or quit . Use this mode to • Chan[...]

2-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 Using the Comma nd-Line In terface Understa nding the Hel p System For more detail ed info rmat ion on the command mode s, see the c omma nd refe rence g uide for th is re lease . Understandin g the Help System Y o u can enter a quest ion ma rk (?) at th e system prompt to [...]

2-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter face Unders tanding Abbre viated Co mmands Understandin g Abbreviated Co mmands Y ou need to en ter on ly e nough charac ters for t he swit ch to rec ognize t he co mmand as u nique. This e xample sho ws how to e nter the sho w configur[...]

2-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 Using the Comma nd-Line In terface Unders tandin g CLI Err or Messages Understandin g CLI Error Mess ages Ta b l e 2 - 3 li sts so me err or messa ges that you might encoun ter whi le using the C LI to configure your switch. Using Command History The software provides a his[...]

2-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter face Using E diting Feature s Beginning i n lin e co nfiguration mode , en ter th is co mmand to c onfigure t he nu mber of com mand line s the switc h records for all se ssions on a p articular lin e: Switch(config-line)# history [ siz[...]

2-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Featu res Enabling a nd Di sabling Ed iting F eatures Although enhan ced edit ing mode i s automa tical ly enable d, you can di sable it, re-en able it, or co nfigure a sp ecif ic lin e to ha ve enha nced e ditin g. The se p[...]

2-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter face Using E diting Feature s Editing C ommand Lines that Wrap Y ou can use a w raparo und f eature for c ommands that extend b eyond a si ngle l ine o n the screen . W hen the cursor reaches the right mar gin, the command lin e shifts [...]

2-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 Using the Comma nd-Line In terface Searching and Filtering Output of show and m ore Commands In this exam ple, the acce ss-list global configura tion com mand e ntry extend s beyond one line . When the cursor f irst reach es the end of the line, th e line is shifted ten spa[...]

2-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter face Access ing the CLI Accessing the CLI throu gh a Co nsole Conn ection or through Telnet Before y ou can acce ss the CLI , you mus t connect a termin al or PC to the switc h consol e port an d power on the switch as described in the[...]

C HAPTER 3-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 3 Assigning the Switch IP Address and Default Gateway This chap ter de scribe s ho w to creat e the initial s witch conf iguration (f or e xampl e, assign ing the switch IP ad dress and defau lt gateway informatio n) for th e Catalyst 2960 switch by using a v ariety of autom[...]

3-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 Assigning the Switch IP Address and Defau lt Gateway Assign ing Swi tch Info rmatio n The bo ot loader prov ides ac cess to t he flas h f ile syste m before the ope rating s ystem is loaded. Normally , the bo ot load er is used o nly to load, unco mpress, a nd l aunch t h[...]

3-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Assigning Switch Information These sec tions co ntain this co nfiguration info rmat ion: • Default Swi tch Infor mation, pa ge 3-3 • Understa nding DHCP- Based Aut oconfigurat ion, page 3-3 • Manuall y Assi gni[...]

3-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 Assigning the Switch IP Address and Defau lt Gateway Assign ing Swi tch Info rmatio n DHCP Client Request Proce ss When you boot your switch, the DHC P clie nt is inv o ked and requests c onfiguration informat ion fro m a DHCP ser ver wh en the co nfig uration f ile is no[...]

3-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Assigning Switch Information Configuring DHCP-Base d Autoconfiguration These sec tions co ntain this co nfiguration info rmat ion: • DHCP Serv er Conf iguration Gui delines, p age 3-5 • Configuring t he TFT P Ser[...]

3-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 Assigning the Switch IP Address and Defau lt Gateway Assign ing Swi tch Info rmatio n If you did no t speci fy the co nfiguration filenam e, the TFTP server , or if the configurati on file could not be do wnloaded, the switch attempts to do wn load a conf igurati on file [...]

3-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Assigning Switch Information Figur e 3-2 Rela y Device Use d in A utoconfig urat ion Obtaining Configurati on Files Depending on the a vailabi lity of the IP addre ss and the conf iguration file name in the DHCP rese[...]

3-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 Assigning the Switch IP Address and Defau lt Gateway Assign ing Swi tch Info rmatio n Note The switch br oadcasts TFTP server requests if the TFTP serv er is not obtained f rom the DHCP replies, if all attempts to read the conf iguration f ile through un icast transmi ssi[...]

3-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Assigning Switch Information TFTP Serve r Conf iguration (on UNIX) The TF TP server base di rectory is set to / tftpserver/wor k/. This di recto ry contai ns the ne twork-conf g file used in the two -file read m etho[...]

3-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 Assigning the Switch IP Address and Defau lt Gateway Checking and Saving th e Running Con figuration T o remov e the switch IP ad dress, use the no ip address inte rface con figuratio n comma nd. If yo u are remo ving the add ress through a T elnet session, your c onnect[...]

3-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Modifying the Startup Configuration ip address 172.20.137.50 255.255.255.0 no ip directed-broadcast ! ip default-gateway 172.20.137.1 ! ! snmp-server community private RW snmp-server community public RO snmp-server [...]

3-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 Assigning the Switch IP Address and Defau lt Gateway Modifyin g the Startup Conf iguration Default Boot Configuration Ta b l e 3 - 3 shows the default boot c onfiguration. Automatically Downloadin g a Con figuratio n File Y ou ca n automa tical ly download a configurati [...]

3-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Modifying the Startup Configuration T o return to the default setting, use the no boot config-f ile glo bal configurat ion c omma nd. Booting Manua lly By default, the swit ch automati cally boo ts; howe ver , you c[...]

3-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 Assigning the Switch IP Address and Defau lt Gateway Modifyin g the Startup Conf iguration T o return to the default setting, use t he no boot syste m globa l configurat ion c ommand. Controlling Environment Variables W ith a n ormal ly op erati ng swi tch, y ou en ter t[...]

3-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Schedul ing a Rel oad of t he Sof tware Ima ge Note For c omplete s yntax and usag e info rmation for th e boot loader command s and en vironment v ariables, see the c omman d refere nce fo r this rel ease. Ta b l e[...]

3-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 Assigning the Switch IP Address and Defau lt Gateway Scheduli ng a Reload of the Software Image Configur ing a Sc heduled Reload T o conf igure you r switch to relo ad the soft ware i mage at a la ter time, use o ne of these co mmands in privileged EXEC mode : • reloa [...]

3-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Gate way Schedul ing a Rel oad of t he Sof tware Ima ge Displaying S chedu led Reload Information T o di splay infor matio n about a previous ly sched uled reloa d or to find out if a reload has been scheduled on the switch,[...]

3-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 Assigning the Switch IP Address and Defau lt Gateway Scheduli ng a Reload of the Software Image[...]

C HAPTER 4-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 4 Configuring IE2100 CNS Ag ents This chap ter descri bes ho w to c onfigu re the Inte lligence En gine 2100 (IE2 100) Serie s Cisco Netwo rking Services (CN S) emb edded age nts on your C atal yst 2960 switch. Note For comp lete syntax and usag e informa tion for th e comma[...]

4-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 4 Configur ing IE2100 C NS Agents Unders tanding IE21 00 Series Conf igurati on Registrar Sof tware Figur e 4-1 Configur ation Regi strar Ar c hitec tur al Ov erview These sect ions co ntain this co nceptu al in forma tion: • CNS Configurati on Servi ce, pag e 4-2 • CNS[...]

4-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 4 Conf iguring IE21 00 CNS Agents Understan ding IE2100 Series Co nfigu ration Regi strar Software CNS E vent Servi ce The Conf ig uration Re gistrar uses the CNS E vent Service for receip t and genera tion of co nfigur ation e ven ts. The CNS ev ent ag ent reside s on the sw[...]

4-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 4 Configur ing IE2100 C NS Agents Unders tanding IE21 00 Series Conf igurati on Registrar Sof tware DeviceID Each co nfigured s witch pa rticip ating o n the event b us has a unique deviceID, whic h is an alogous t o the switch source ad dress so that the switch can be targ[...]

4-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 4 Conf iguring IE21 00 CNS Agents Unde rstan ding CNS Embe dde d Ag ent s Understandin g CNS Embedded Agent s The CNS e vent agen t feature a llo ws the swit ch to pub lish and sub scribe to ev ents on the e vent b us and works with the CNS configurati on agent. The CNS conf [...]

4-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 4 Configur ing IE2100 C NS Agents Configur ing CNS Embedd ed Agents Incremental (Partial) Configur ation After t he ne twork is runn ing, new serv ices c an be adde d by usi ng the CNS con figuration agen t. Increme ntal (partial) conf iguratio ns can be se nt to the swi tc[...]

4-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 4 Conf iguring IE21 00 CNS Agents Config uri ng CNS Embe dde d Ag ents Note For more informatio n about running the setup program and cr eating templates o n the Configurat ion Registrar , see the Cisco Intelligence Engine 2100 Series C onfiguration Re g istrar Manual . T abl[...]

4-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 4 Configur ing IE2100 C NS Agents Configur ing CNS Embedd ed Agents Enabling th e CNS Ev ent Agent Note Y ou must ena ble the CNS e v ent agen t on t he swit ch befo re you enable the CNS co nf iguratio n agent. Beginn ing in pri vilege d EXEC mode, follo w th ese steps to [...]

4-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 4 Conf iguring IE21 00 CNS Agents Config uri ng CNS Embe dde d Ag ents This e xample sho ws ho w to enable the CNS e vent agent, set th e IP address g ate way to 1 0.180.1.27, set 120 seconds as the kee pali ve in terv al, and set 10 as the retry cou nt. Switch(config)# cns e[...]

4-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 4 Configur ing IE2100 C NS Agents Configur ing CNS Embedd ed Agents Step 3 conf ig-cli or line -c li Enter conf ig-cli to connect to the Conf iguration Registrar through t he interface de fined in cns c onfig connect-i ntf . Enter line-cli to connec t to th e Registrar thr[...]

4-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 4 Conf iguring IE21 00 CNS Agents Config uri ng CNS Embe dde d Ag ents T o dis abl e the CNS co nf igur ati on age nt, use t he no cns conf ig initia l { ip-add r ess | hostnam e } gl obal configurati on c ommand. This e xample sho ws ho w to conf igure an initia l conf igur[...]

4-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 4 Configur ing IE2100 C NS Agents Configur ing CNS Embedd ed Agents Enabling a Partial Configur ation Beginn ing in pri vilege d EXEC mode, follo w th ese steps to enab le the CNS config uration agen t and to initiate a p artial conf iguration on the switch: T o dis abl e [...]

4-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 4 Conf iguring IE21 00 CNS Agents Displaying CNS Configuration Displaying CNS Configuration Y ou ca n use the privileged EXEC co mmand s in Ta b l e 4 - 2 to displa y CNS Configuration inf ormati on. T able 4-2 Displa ying CNS Co nfiguratio n Command Purpose show cns conf ig[...]

4-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 4 Configur ing IE2100 C NS Agents Displaying CNS Con figuration[...]

C HAPTER 5-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 5 Clustering Switches This ch apter pr ov ides an o ver vie w of the concepts an d of the pro cedure s used to cr eate and ma nage Catalyst 296 0 switc h cluste rs. Y ou ca n creat e and manage switch cluster s by using Network Assista nt, the comm and-lin e interface (CLI),[...]

5-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 5 C lustering Switches Unders tanding Switch Cl usters Using switc h clusters simpl ifies the managem ent of multip le switches, regar dless of their physi cal location and p latfo rm fam ilies. Clusteri ng also provides redunda ncy throu gh stand by cluste r comma nd switc[...]

5-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 5 Cluste ring Switche s Using the CLI to Manage Switch Clusters • It is r edundantly c onnected to the c luster so th at connect i vity to c luster mem ber switche s is maintaine d. • It i s not a co mmand or m embe r swit ch of an othe r clus ter . Note Standby cluster c[...]

5-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 5 C lustering Switches Using SNMP to Ma nage Sw itch Clusters If you do not know the mem ber-switc h number, enter the show cluster memb ers privileged EX EC comm and on the cluster co mmand switch. For m ore infor mati on about t he rcommand command and a ll other clust er[...]

5-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 5 Cluste ring Switche s Using S NMP to Ma nage Swit ch Clust ers Note Whe n a clust er standby grou p is configured , the clu ster c ommand swi tch can ch ange without you r kno wled ge. Use the f irs t read-write an d read-only community st rings to comm unicate wit h the cl[...]

5-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 5 C lustering Switches Using SNMP to Ma nage Sw itch Clusters[...]

C HAPTER 6-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 6 Administering the Switch This c hapter d escrib es how to per form one-time opera tions to admi nister t he Cata lyst 29 60 switch. This chap ter cons ists of th ese sectio ns: • Managin g the System Time and Date , page 6-1 • Configuring a System N ame a nd Prompt , p[...]

6-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Understand ing the S ystem Clock The heart o f the time serv ice is the system clock. This cl ock runs from th e moment the syste m starts up and keeps tra ck of the da te and tim e. The sy stem c lock ca n then[...]

6-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Cisco’ s implementatio n of NTP doe s not suppor t stratum 1 se rvice; it is not possibl e to conne ct to a radi o or atom ic cloc k. W e reco mmend t hat the time ser vice f or your network b e derived fr[...]

6-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Configuring NTP The switc h does not have a hardware-sup ported clo ck and cann ot functi on as an NTP maste r clock to which p eers syn chronize themselv es when an e xternal NT P source is n ot a v ailabl e. T[...]

6-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring NTP Authentication This pr oced ure must be c oordina ted w ith th e ad ministra tor of the N TP server ; the i nform ation you conf igure in this procedu re must be matched by the ser vers used [...]

6-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Configuring NTP Associations An NTP associat ion ca n be a peer asso ciatio n (this switc h can eithe r synchroniz e to the othe r device or allow the other device to sync hronize to it), or it ca n be a server [...]

6-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring NTP Broadcast Service The co mmunic ations between devices run ning NTP (k nown as associations ) are usua lly statically configured ; each device is giv en th e IP addresse s of al l devices w i[...]

6-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Beginn ing in pri vileg ed EXEC mode, follo w th ese step s to configur e the switch to recei ve NTP broadca st packet s from co nnecte d peer s: T o di sable a n inte rface fro m rece iving NTP broadc ast p ack[...]

6-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Creating an Access Gro up and Assigni ng a Basic IP Access List Beginn ing in pri vilege d EXEC mode, follo w these steps to contro l access to NTP services b y using access lists: The ac cess group keywords[...]

6-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date T o remov e acces s control to th e switch NTP servi ces, use the no ntp access-gr oup { query-only | serve -only | serve | peer } global con figuration com mand . This e xample s ho ws ho w to conf igu re the [...]

6-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The specif ied interface is used for the source a ddress for all packets sent to all destinat ions. If a source address is to be used for a spec ific association , use the source ke yword i n the ntp peer o[...]

6-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date This example shows ho w to manuall y set the system cl ock to 1:32 p.m . on July 23, 2001 : Switch# clock set 13:32:00 23 July 2001 Displaying the Time and Dat e Configuration T o display the time and date conf[...]

6-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring Summer Time (Daylight Saving Time) Beginning in pr ivileged EXEC mode, fo llow these steps t o co nfigure summer time (dayligh t saving time) in areas wh ere it starts an d ends on a par ticular[...]

6-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Configur ing a System Nam e and Prom pt Beginning in privileged EX EC mode, fol low these steps if summ er tim e in your area do es not foll ow a recurr ing patt ern (con figure the exact da te and tim e of the next summe r time ev ents) : The fi[...]

6-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Confi guring a S ystem Name an d Prompt These sec tions co ntain this co nfiguration info rmat ion: • Default Syste m Name and Prom pt Configuration , page 6- 15 • Configuring a System Name, page 6- 15 • Understa nding D NS, page 6 -15 Defau[...]

6-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Configur ing a System Nam e and Prom pt These sec tions co ntain this co nfiguration info rmat ion: • Default DN S Configuration, page 6-1 6 • Setting Up DNS, pag e 6-16 • Displayin g the DNS Configurat ion, page 6-1 7 Default DNS Configur [...]

6-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Creat ing a Bann er If you u se t he switc h IP ad dress a s its hostnam e, the IP a ddress i s used and no DNS query oc curs. I f you configure a ho stname that contai ns no periods (. ), a period fol lowed by the de fault domai n name is appende[...]

6-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Creating a Banner Configurin g a Mess age-of-the -Day Log in Bann er Y ou can crea te a single o r multiline m essage banner that appears on the screen when someone logs in to the switch. Beginning in privileged EX EC mode, fol low these steps to[...]

6-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Managin g the MAC Addre ss Table Beginning i n privileged EX EC mo de, fol low these s teps t o configure a logi n banne r: T o delet e the lo gin ba nne r , use t he no banner login global con figurati on comm and. This example shows ho w to con [...]

6-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le • Configuring M A C Addr ess Notificat ion Traps, page 6-21 • Adding and Re moving Static Addr ess Entries, pag e 6-23 • Configuring Unic ast MAC A ddress Filte ring, page 6-24 • Displayin g Address T abl[...]

6-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Managin g the MAC Addre ss Table Changing the Addre ss Aging Time Dynami c address es are sour ce MA C addresses that the sw itch lear ns and then ages when they ar e not in use. Y ou can change the ag ing time setting for all VLANs or for a speci[...]

6-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le Beginn ing in pri vilege d EXEC mode, follo w th ese steps to conf ig ure the switch to send MA C address notif ication traps to an NMS host: Command Purpos e Step 1 conf igure terminal Enter glob al co nfigurati[...]

6-23 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Managin g the MAC Addre ss Table T o di sable the sw itch from se nding MAC address notificat ion traps, use the no snmp-serv er enable traps mac-notification global con f igura tion co mman d. T o disable th e MA C addre ss notification tr aps on[...]

6-24 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le Beginning i n privileged EX EC mo de, follo w these steps to add a static addr ess: T o remove st atic en tri es fr om t he addr ess ta ble, u se the no mac addre ss-table static m ac- addr vlan vlan-i d [ interf[...]

6-25 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 6 Administer ing the Switch Managin g the MAC Addre ss Table For example, if yo u ent er t he mac address-table static mac-addr vlan vlan-id int er fac e interface- id glob al configura tion comm and fol lowed by the mac addr ess-table static mac-addr vlan vlan-i d drop c om[...]

6-26 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 6 Administering the Switch Managin g the ARP Table Managing the ARP Ta ble T o co mmuni cate with a device (over Ethern et, for exam ple), t he softwa re first must learn the 48-b it MAC address o r the l ocal dat a lin k address o f that device. The pr ocess of lear ning [...]

C HAPTER 7-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 7 Configuring SDM Templates This chapte r describes ho w to conf igure the Switch Data base Management (SDM ) templates on the Catalyst 2960 swit ch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comman d refere nce fo[...]

7-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 7 Configuring SDM Templates Conf igu rin g th e Swi tch SDM T empl ate The ro ws in the table represen t approximate ha rdware bounda ries set when a template is selected . If a section of a hardwar e resource is full, all processing over flo w is sent to the CPU, seriously[...]

7-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 7 Conf iguring SDM Te mplates Displaying the SDM Templates Displaying the SDM Te mplates Use the show sdm pr efer pri vile ged EXEC command w ith no parame ters to display the a cti v e template. Use the show sd m prefer [ default | qos ] pr ivileged EXEC com mand to dis play[...]

7-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 7 Configuring SDM Templates Display ing the SDM Templates[...]

C HAPTER 8-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 8 Configuring Switch-Based Authentication This c hapter d escrib es how to configure switch -based authen tication on the Cata lyst 2 960 swit ch. It consists of these sect ions: • Pre ve nting Unauthorized Acc ess to Y our Switch, page 8-1 • Protectin g Acce ss to Privi[...]

8-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds • If you want t o use usernam e and password pairs, but you want to st ore them c entral ly on a ser ver instead o f locall y , you c an store them in a database on a secur ity serv[...]

8-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Setting o r Changin g a Static Enab le Pa ssword The en able password control s access to the privileged EXEC mode. Beginning in privileged EXE C mode, follo w th ese steps to se[...]

8-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Be ginnin g in pri vileg ed EXEC mode, follo w these steps to conf igure encryp tion for enab le and enable secr et pas swords : Command Purpose Step 1 conf igure terminal Enter g lob[...]

8-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s If bo th the en able and e nable sec ret pas sword s are de f ined, us ers must enter th e enable s ecret p asswo rd. Use th e level keyword to define a password fo r a sp ecific[...]

8-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds T o r e-ena ble password r ecovery , us e the service pas sword- reco v ery global con f igura tion com mand. Note Disabling password recov ery will not w ork if yo u hav e set the sw[...]

8-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Configuring Us ername and P assword Pairs Y ou ca n configure use rname an d password pai rs, which a re locally stored on the switch. These pai rs are assign ed to lines or por [...]

8-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Configuring Multiple Privil ege Levels By default, the Cisco IO S software has two modes of passwor d security: use r EXEC and pr i vileged EXEC. Y ou ca n configure up t o 16 hierar [...]

8-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s When y ou set a command to a pr i vile ge le vel, all co mmands whose s yntax is a subset of tha t comman d are al so set to th at le vel. For example , if you se t the sho w ip [...]

8-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Logging into and Exiting a Privilege Level Beginn ing in pri vile ged EXEC mode, f ollo w these steps to log in to a s pe c if i ed pr i vi l e ge le ve l and to e xi t to a specified pri v[...]

8-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Figur e 8-1 T ypical T AC ACS+ Ne twor k Configur ation T A CAC S+, adm iniste red thro ugh t he AAA se curity services, can p rovid e these servic es: • Authent ication— Provides com ple[...]

8-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ TACACS+ Ope ration When a use r attempts a sim ple ASCII login by authent icating to a switch using T A C A CS+, this p rocess occurs: 1. When th e connectio n is esta blishe d, the sw itch[...]

8-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ • Configuring T A CA CS+ Authori zation for Privile ged E XEC Access a nd Networ k Ser vices, pa ge 8-16 • Startin g T A CA CS+ Accoun ting, pa ge 8-17 Default TACAC S+ Configuratio n T A[...]

8-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ T o remo ve the spec if ied T A CA CS+ server n ame or addr ess, use the no tac acs- server host hostna me global configurat ion comm and. T o re move a server group from the co nfiguration[...]

8-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Step 3 aaa authent ication log in { default | list-name } method1 [ meth od2 ... ] Create a logi n authen tica tion meth od list. • T o create a def ault list tha t is used when a n amed li[...]

8-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ T o disa ble A AA, use the no aaa new-model global co nfiguration comm and. T o disable AA A authenti cation, use th e no aaa aut hentica tion log in { def ault | list-name } method1 [ me t[...]

8-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Starting TACACS+ Accounting The AA A accou nting featu re trac ks the servic es tha t users are a ccess ing an d the amoun t of ne twor k resources th at the y are consuming. When AAA ac count[...]

8-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Understanding RADIUS RADIUS is a distr ibu ted client /serv er system that secures n etworks against u nauthori zed access . RADIUS c lients run on sup ported Ci sco route rs an d switches .[...]

8-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Figur e 8-2 T ransitioning fro m RADIUS to T ACACS+ Services RADIUS Operation When a user attem pts to log in and auth enticate to a switch that is acce ss controlled b y a RADIUS serv er , th[...]

8-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Configuring RADIUS This se ction describe s how to c onfigure your switch to su pport R ADIUS. At a mini mum, y ou mus t identify t he host or host s that ru n the RA DIUS server software an[...]

8-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Y ou identify RADIUS security servers b y their hostname or IP address, hostname and specif ic UDP po rt numbers, or their I P addre ss and specific UD P port num bers. The combin ation of the[...]

8-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Comma nd Pu rpos e Step 1 conf igure t erminal Enter globa l configurati on mode. Step 2 radius-server host { hostname | ip-addr ess } [ au th-p ort por t-n umbe r ] [ acct-po rt port-n umbe[...]

8-23 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o remov e the specif ied RADIUS serve r , u se the no radius-serv er host hostname | ip- addre ss glob al configurati on c ommand. This exampl e sho ws ho w to con fi gure one RADIUS ser ver[...]

8-24 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Beginn ing in pri vilege d EXEC mode, follo w th ese steps to conf igure login authenticat ion. This procedu re is requir ed. Comma nd Pu rpos e Step 1 conf igure t erminal Enter globa l con[...]

8-25 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o disa ble A AA, use t he no aaa new-model global co nfiguration comm and. T o disable AA A authenti cation, use th e no aaa aut hentica tion log in { def ault | list-name } method1 [ me tho[...]

8-26 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Be ginning in pri vile ged EXEC mode, follo w these steps to define th e AAA server group and associate a particula r RADIUS serve r with it: Comma nd Pu rpos e Step 1 conf igure t erminal E[...]

8-27 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o remov e the specif ied RADIUS serve r , u se the no radius-serv er host hostname | ip- addre ss glob al configurati on comm and. T o remove a server group fro m the configur ation list, us[...]

8-28 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Beginn ing in pri vil eged EXEC m ode, follo w these steps to sp ecify RADIUS a uthorizatio n for pri vile ged EXEC a ccess and n etwork ser vices: T o disable author ization, u se the no aa[...]

8-29 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring Settings for All RADIUS S ervers Beginning i n privileged EX EC mo de, fol low these s teps t o configure g lobal commun icatio n setti ngs between the switch and all RADIUS serv e[...]

8-30 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS This e xample sho ws ho w to provid e a user lo gging in f rom a swit ch with immed iate ac cess to pri vileged EXEC co mmands : cisco-avpair= ”shell:priv-lvl=15“ This e xample s hows ho[...]

8-31 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS As ment ioned ea rlier, to configure RAD IUS (w hether vendor-proprie tary or IETF dr aft-c omplia nt), yo u must specif y the host ru nning the RADIUS se rver daemon an d the secr et text str[...]

8-32 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Configur ing the Switc h for Lo cal Authe ntication a nd Authori zation Configuring the Switc h for Local Authenti cation and Authorization Y ou can c onfi gure AAA t o opera te without a serv er b y settin g the switch to impl eme[...]

8-33 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Configuring the Switch for Se cure Shell This section descri bes how to c onfigure the Secure Shell ( SSH) f eature. T o use this fe ature, yo u must install t he cryp tograph ic (enc rypted[...]

8-34 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Conf igu rin g th e Swi tch for S ec ure S hel l SSH also supports these user authen tication methods: • T A CA CS+ (fo r more i nform ation, se e the “Controllin g Switch Access with T A CA CS+” section on page 8-10 ) • RA[...]

8-35 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Setting Up the Switch to R un SSH Foll ow these steps to set up your switch to run SSH: 1. Download the cr ypto graph ic software imag e from Cisco .com . This st ep is requi red. For mor e [...]

8-36 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Conf igu rin g th e Swi tch for S ec ure S hel l Configuring the SSH Server Beginn ing in pri vilege d EXEC mode, follo w th ese steps to conf ig ure the SSH serv er: T o return to the def ault SSH c ontrol param eters, use the no [...]

8-37 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP For more informa tion about th ese command s, see the “ Secur e Shell Commands ” section in the “Other Securit y Features ” chapter o f the Cisc o IOS Secu rity Comma nd [...]

8-38 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Conf igu rin g the S wit ch f or Se cur e So cket L aye r HT TP When a c onnec tion at tempt is made , the HT TPS s erver provid es a se cure connect ion by iss uing a certif ied X.509v 3 certif icate, obta ined from a specif ied C[...]

8-39 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP CipherSuit es A CipherSuite specif ies the en cryption algorithm a nd the digest algorithm to use on a SSL connection. When conne cting to the HTTPS server , the client W eb brow[...]

8-40 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Conf igu rin g the S wit ch f or Se cur e So cket L aye r HT TP SSL Configuration Guid elines When SSL is used in a switch cluster , the SSL session terminates at the cluster commander . Cluster member switches must run standard HT[...]

8-41 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Use the no crypto ca tr ustpo int nam e global conf iguration command to d elete all iden tity inform ation and ce rtifica tes as soc iated wit h the CA . Configuring the Secure [...]

8-42 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Conf igu rin g the S wit ch f or Se cur e So cket L aye r HT TP Use th e no ip http server global configu ration c ommand to disabl e the standa rd HTT P server . Use the no ip http secur e-serv er global configurat ion co mmand to[...]

8-43 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 8 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Use the no ip http client secure -trustpoint name to remo ve a client trustpoint conf iguration. Use the no ip http client sec ure- ciphersuite to remove a previously configur ed[...]

8-44 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 8 Configuring Switch-Based Authentication Conf igu rin g the S wit ch f or Se cur e So cket L aye r HT TP[...]

C HAPTER 9-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 9 Configuring IEEE 802.1x Port-Based Auth enticat ion This chapter desc ribes how to configure IEEE 802 .1x port- bas ed authent ication on t he Catalyst 29 60 switch. IEEE 802.1 x prevents unau thoriz ed d e vice s (clie nts) fro m gai ning a ccess to the network. Note For [...]

9-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Unders tanding IE EE 802.1x Port-Ba sed Au thentic ation • Using IE EE 802.1x wit h V oice VLA N Ports, page 9-8 • Using IE EE 802.1x wit h VLAN Assign ment, pa ge 9-8 • Using IEEE 80 2.1x with Guest VLAN, page 9 -[...]

9-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Underst anding I EEE 8 02.1x P ort-Based Authent ication within the nati ve fra me format. When the switch recei ves frames from the a uthenticat ion server , the serv er’ s frame header is re mov ed, le a ving t he EAP[...]

9-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Unders tanding IE EE 802.1x Port-Ba sed Au thentic ation Figur e 9-2 Messag e Ex chan ge Ports in Au thorized and Un authorized S tates Depend ing on the sw itch port s tate, the switch can grant a client acc ess to the [...]

9-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Underst anding I EEE 8 02.1x P ort-Based Authent ication received. The switch re quests the identity of the clie nt and begins r elaying aut hentic ation m essages between the client and the authen tication serv er . Each[...]

9-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Unders tanding IE EE 802.1x Port-Ba sed Au thentic ation Ta b l e 9 - 1 lists the A V pairs and when the y are sent are sent b y the switch: Y ou ca n view the A V pa irs that ar e being sen t by the switch by entering t[...]

9-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Underst anding I EEE 8 02.1x P ort-Based Authent ication W it h the multip le-host s mode en abled, y ou can use IEEE 802.1x to authent icate t he port and port securit y to ma nage n etwork access for al l MAC addresses,[...]

9-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Unders tanding IE EE 802.1x Port-Ba sed Au thentic ation • If the port is administr ativ ely shut do wn, the port becomes unauthenticate d, and all dynamic entrie s are re moved from the se cure host table. • Port s [...]

9-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Underst anding I EEE 8 02.1x P ort-Based Authent ication When co nfigured on the switch and the RA DIUS se rver , IEE E 802.1x with V LAN a ssignmen t has the se char act eris tics : • If no V LAN is supplied by th e RA[...]

9-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Configur ing IEEE 80 2.1x Authen ticatio n Using IEEE 8 02.1x with Guest V LAN Y ou can conf igure a gues t VLAN for each IEEE 802.1x port on the switch to pro vide limited services to client s, such as downloadi ng the[...]

9-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion • Resetting the IEEE 802.1 x Configurati on to the D efault V alues , page 9-20 ( optional) • Configuring IEEE 802.1x Account ing, pag e 9-21 (op tional ) Default IEEE 802. 1[...]

9-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Configur ing IEEE 80 2.1x Authen ticatio n IEEE 80 2.1x C onfig uration Gu idelines These ar e the IE EE 802. 1x authe ntica tion co nfiguration guidel ines : • When IEEE 802.1x is enabled, ports are au then ticated b[...]

9-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion T o allo w VLA N assignmen t, you mu st enable A AA author ization to c onfig ure the switch for all network-re lated ser vice re quests. This i s th e IEEE 802. 1x AAA pro cess:[...]

9-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Configur ing IEEE 80 2.1x Authen ticatio n Configuring the Sw itch-to-RADIUS-Serv er Communication RADIUS se curity servers are identi fied by their ho stname or IP ad dress, hostname and specific UDP por t numbers, or [...]

9-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion Y ou also need to conf igure some settin gs on the RADIUS serve r. These settin gs include the IP addre ss of the switch and the ke y string to be shared b y both the serve r and[...]

9-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Configur ing IEEE 80 2.1x Authen ticatio n Changing the Quiet P eriod When the swi tch cannot au thenticate the client, the switch remains idle f or a set period of time and then tries agai n. The dot1x ti meout q uiet-[...]

9-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion T o return to the defaul t retransmission time, use the no d ot1x timeou t tx- period interfa ce conf iguratio n comm and. This e xample shows h ow to set 60 as the number of sec[...]

9-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Configur ing IEEE 80 2.1x Authen ticatio n Note Y ou shoul d ch ange th e defaul t value of th is comm and on ly to a djust for un usual cir cumsta nces suc h as unrelia ble l inks or speci f ic b ehavioral p roblem s w[...]

9-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion This e xample shows ho w to ena ble IEEE 802.1x an d to allo w multiple hosts: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# dot1x port-control auto Switch(conf[...]

9-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Configur ing IEEE 80 2.1x Authen ticatio n Beginn ing in pri vilege d EXEC mode, follo w th ese steps to enab le the optional guest VLAN beha vior and to configu re a guest V LAN. Th is proced ure is op tiona l. T o di [...]

9-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 9 Configuri ng IEEE 802.1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion Configuring IEEE 802.1x Accounting Enabling AAA sy stem accountin g with IEEE 802.1x acc ounting allo ws s ystem relo ad ev ents to be sent to the a ccount ing RADIUS server for [...]

9-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 9 Configuring IEEE 802.1x Por t-Based Aut hentication Displaying IEEE 802.1x St atistics and St atus Displaying IEEE 802.1x Statistics an d Status T o d isplay IEEE 802.1 x statis tics for all ports, use the s how dot1x all statistics pri vilege d EXE C comman d. T o disp [...]

C HAPTER 10-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 10 Configuring Interface Cha racteristics This ch apter d efines the type s of inter faces on the Catalyst 2960 swi tch an d describe s how to configure them. The chapte r consists of these sectio ns: • Understa nding I nterfac e T ypes, pa ge 10- 1 • Using Interfac e C[...]

10-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Unders tanding Inte rface Type s Port-Based VLANs A VLAN is a switched netwo rk that is logically segmented b y function, team, or application, witho ut reg ard to the physic al location of the user s. For more in format ion about V[...]

10-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 0 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es T wo ty pes of a ccess por ts are sup ported : • Static acces s ports are manually assigned to a VLAN (or throu gh a RADIUS serv er for use with IEEE 8 02.1x. For more infor matio n, see the ?[...]

10-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Using I nterface Configu ration Mode Dual-P urpose Uplin k Ports Some Cataly st 2960 switch es suppor t dual-p urpose upl ink port s. Each up link port is consider ed as a single interface wi th dual front ends ( an RJ-45 connector [...]

10-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 0 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de T o configu re a phys ical interface (por t), specify the interface type, m odule number , and switch port number , and en te r in terf ace co n f ig ur at io n m od e. • T ype —Fast Ether[...]

10-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Using I nterface Configu ration Mode Step 3 Foll o w each interface command w ith the interf ace con fig uration comma nds that the in terface requires. The co mman ds that you enter define the pro toco ls and appl icati ons that wi[...]

10-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 0 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de When usin g the interf ace range glob al con figuration co mman d, no te these gu idel ines: • V alid entries for por t-r ang e : – vlan vlan -ID , wh ere t he V LAN I D i s 1 t o 40 94 No[...]

10-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Using I nterface Configu ration Mode Beginning in privileged EX EC mode, fol low these steps t o define an interface ra nge macr o: Use the no de fine interface-range macr o_ name global conf igura tion comm and to delete a macro. W[...]

10-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 0 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces This example shows ho w to define an interfac e-rang e named en et_li st to incl ude port s 1 and 2 a nd to ver ify the ma cro con fig urat ion: Switch# configure terminal Switch(config)# define inte[...]

10-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Configur ing Ethern et Interface s Configuring In terface Sp eed and Du plex M ode Ether net inter faces on the swit ch opera te at 10, 10 0, or 1000 Mbps an d in eith er full- or ha lf-dupl ex mode. In full- duplex mode, two stati[...]

10-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 0 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Speed and Duplex Configuration Gui delines When configur ing an inte rface spee d and duplex mode , note th ese guidel ines: • Fast Ethern et (10/100- Mbps) ports su pport a ll sp eed and dupl ex [...]

10-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Configur ing Ethern et Interface s T o return to the default setting, use t he no media-type interface co nfiguration c ommand. When you cha nge the i nterface t ype, the speed and d uplex configurat ions are re moved. The swit ch [...]

10-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 0 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces The switch does not ha ve this be ha vior with 100B ASE-FX-GE SFP modules. Setting the Interface Speed and Duplex Pa rameters Beg i nn i ng in pr ivi l eg ed E X EC m o de , f ol l ow th e se s te p[...]

10-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Configur ing Ethern et Interface s This e xample sho ws how to set the interface speed to 100 Mbps on a 10/100/1000 Mbps por t: Switch# configure terminal Switch(config)# interface gigabitethernet0/2 Switch(config-if)# speed 100 Co[...]

10-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 0 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces This exampl e shows ho w to turn on flow contro l on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# flowcontrol receive on Switch(config-if)# end [...]

10-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Conf igu rin g the S yst em MT U This e xample s ho ws ho w to enable auto- MDIX on a por t: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# speed auto Switch(config-if)# duplex auto Switc[...]

10-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 0 Configuring Interfac e Charact eristics Confi guring the S ystem MTU Y o u canno t set t he M TU size for an individual interfa ce; yo u set i t for a ll 10/10 0 or a ll Giga bit Et hernet interfaces on the switch. When you change the M TU size, you must reset the switc[...]

10-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es Monitoring and Maintainin g the Interfaces These section s contain interf ace monitor ing and maintenance information: • Monitori ng I nterfac e Statu s, page 10 -18 • Clear ing and[...]

10-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 0 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces Clearing and Resetting In terfaces and Counters T ab le 10-4 lists the pri vileged EXEC mode clear commands that you can u se to clear counte rs and res et interf aces. T o clea r th e int[...]

10-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 10 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es[...]

C HAPTER 11-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 11 Configuring Smartports Macro s This chapt er describ es ho w to configure and appl y Smartport s macros on th e Catalyst 296 0 switch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comman d refere nce fo r th is re[...]

11-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 11 Configur ing Smart ports Mac ros Configuring Smartpor ts Macros Cisco also provid es a collection of pretes ted, Cisco-recommende d baseline conf iguration tem plates for Catalyst switc hes. The online reference gui de template s provide th e CLI commands that you can u[...]

11-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 11 Configur ing Smartpor ts Macros Configuring Smartports Macros Smartports Mac ro Con figuration Guidelines Follow these guideli nes when configuring ma cros on your sw itch: • When crea ting a macro , do not use the exit or end comman ds or cha nge the co mmand mo de by [...]

11-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 11 Configur ing Smart ports Mac ros Configuring Smartpor ts Macros The Cisc o-defaul t macros use th e $ character to help iden tify required k eyw ords. There is no restric tion on using the $ char acte r to define keywords w hen y ou cr eate a m acro. Creating Sm artport[...]

11-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 11 Configur ing Smartpor ts Macros Configuring Smartports Macros Applying Smartpo rts Macro s Beginning i n privileged E XEC mo de, follow these s teps to app ly a Smartpor ts mac ro: Y ou ca n delete a global macro-a pplied c onfiguration on a switch only by enteri ng the n[...]

11-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 11 Configur ing Smart ports Mac ros Configuring Smartpor ts Macros This exam ple sh ows how to app ly th e user-cre ated m acro c alle d snmp , to set the h ostname address to test- server , and to set the IP prec edence value to 7 : Switch(config)# macro global apply snmp[...]

11-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 11 Configur ing Smartpor ts Macros Configuring Smartports Macros Y ou ca n delete a global macro-a pplied c onfiguration on a switch only by enteri ng the no ver sion of ea ch comm and th at is in t he macro. Y ou can delete a m acro-a pplie d co nfigurati on on a n in terfa[...]

11-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 11 Configur ing Smart ports Mac ros Displaying Smartpor ts Macros Displaying Smartports Macros T o display th e Smartports macros, use one or mo re of the pri vileged EXE C command s in T abl e 11-2 . T able 1 1 -2 Com mands for Displ aying Smar tports Macr os Comma nd Pu [...]

C HAPTER 12-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 12 Configuring VLANs This c hapter describ es how to c onfigure norm al- range VL ANs (V LAN IDs 1 t o 100 5) and extended-ra nge VLA Ns (VLA N IDs 1006 to 409 4) on the Cata lyst 2 960 swi tch. It incl udes info rmation about VLA N membe rship mode s, VLAN con figuration m[...]

12-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Unders tanding VL ANs Figure 12-1 shows an exampl e of VL ANs segme nted into logic ally de fined networ ks. Figur e 12 -1 VLANs as Logica lly Defined N etwor ks VLANs are of ten assoc iated with IP su bnetw orks. F or ex ample, all the end sta tions i[...]

12-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Unde rsta ndin g VLAN s VLAN Port M embership M odes Y ou co nfigure a port to belong to a VLA N by assigning a mem bership mode that spec ifies the kind of traf fic the p ort car ries and t he numb er of V LANs to whic h it can belong. T a ble 12-1 lis[...]

12-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing Normal- Range VLA Ns Configuring Normal -Range VLANs Normal- range V LANs a re VL ANs with VLAN IDs 1 to 1005 . If the swi tch is in VT P server or VTP tr anspa rent m ode, y ou ca n ad d, mo dify or rem ove configuratio ns for VLANs 2 to [...]

12-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns These sec tions co ntain normal -ran ge VLAN configurat ion info rmati on: • T oken Ring V LANs, pa ge 1 2-5 • Normal -Range VL AN Con figuration Guidel ines, page 1 2-5 • VLAN Co nfiguration Mode Optio ns, pag[...]

12-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing Normal- Range VLA Ns are se ve ral adj acent switch es that all h av e run o ut of span ning-tree instances. Y ou can pre vent this possibil ity by setti ng allowe d lists on the trunk ports of switches that ha ve used u p their allocatio [...]

12-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns When you save VLAN and VTP infor mation (i ncluding extended-r ange VLAN configurat ion informatio n) in the star tup conf iguration fil e and reb oot the switch, the switch co nfig uration is selected as fo llows: ?[...]

12-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing Normal- Range VLA Ns Creating or Modifyin g an Et hernet VLAN Each E therne t VLA N in the VLAN d ataba se has a uni que, 4- digit I D tha t ca n be a nu mber fr om 1 to 1001. V LAN IDs 1002 to 1005 are reser ved for T oken Ring and FD DI [...]

12-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Y ou ca n also cre ate or mod ify Ethe rnet VL ANs by using the VL AN datab ase co nfiguration mo de. Note VLA N data base configurati on m ode doe s not sup port RSP AN VLAN c onfiguratio n or extende d-range VLANs.[...]

12-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing Normal- Range VLA Ns Cautio n When you delete a VL AN, an y ports a ssigned to that VLAN become in acti ve. They remain assoc iated with th e VLAN ( and thus in acti ve) until y ou assign th em to a n ew VLAN. Beginn ing in pri vileg ed E[...]

12-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Confi guring Exte nded-Ra nge VL ANs T o return an interfac e to its default conf iguration, use the defaul t interface interface-id interface configurati on c ommand. This exampl e shows ho w to configure a por t as an access por t in VLAN 2: Switch# [...]

12-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing Extend ed-Range VLANs Extended -Ran ge VLAN Con figuration Gu idelines Foll ow these guidelines when crea ting exte nded-range VLANs: • T o a dd an extended- range VLAN, y ou mu st use th e vl an vlan-id globa l configurati on command a[...]

12-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Displaying VL ANs T o delete an ex tended- range VLAN, use the no vlan vlan -id gl obal con figurati on comm and. The proc edure fo r assign ing stat ic-acc ess port s to an ext ended-r ange VLAN is the s ame as for normal-ra nge VL ANs. See the “ As[...]

12-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing VLAN Tr unks For more detail s about the show comman d options an d explanat ions of outp ut fields, see the comm and refere nce fo r th is rel ease. Configuring VL AN Trun ks These sect ions co ntain this co nceptu al in forma tion: • [...]

12-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Config uri ng V LAN Trunk s IEEE 802.1Q Configuration Considerations The IE EE 8 02.1Q t runks i mpose these limita tions o n the trun king stra tegy for a network: • In a ne twork of Cisco switch es conne cted through IEEE 802.1 Q trun ks, the sw it[...]

12-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing VLAN Tr unks Default Layer 2 Ethernet Inte rface VLAN Con figuration T ab le 12-5 shows the default L ayer 2 Et herne t inte rface V LAN configurat ion. Configuring a n Ethern et Interface as a Trunk P ort Because t runk po rts send a nd [...]

12-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Config uri ng V LAN Trunk s • If you try to enabl e IEEE 802 .1x on a t runk por t, an err or message appear s, and IE EE 802.1x is not enab led. If you try to chan ge the mode of an IEEE 802.1 x-ena bled por t to trunk , the po rt mode is not chan g[...]

12-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing VLAN Tr unks Defining the Allowed VLANs on a Trunk By default, a trunk port sends traf fic to and recei ves traf fic from all VLANs. All VLAN IDs, 1 to 4094, are al lo wed on each t runk. Ho we ver , you can re mo ve VLANs f rom the allo [...]

12-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Config uri ng V LAN Trunk s T o return to the def ault allo wed VLAN l ist of all V LANs, use the no switchport trunk allowed vlan interf ace conf iguration comman d. This exam ple sh ows how to remove VLAN 2 from th e a llowed VLAN list on a p ort: Sw[...]

12-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing VLAN Tr unks For informa tion ab out IEEE 802.1Q con figuratio n issues , see the “IEE E 802.1 Q Configurati on Consider ation s” sect ion on page 12-15 . Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure the nat[...]

12-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Config uri ng V LAN Trunk s Figure 12-2 shows two trunks conne cting s upporte d switche s. In this example, t he switches ar e configured as f oll ows: • VLANs 8 through 10 ar e assigne d a port prio rity of 16 on Trunk 1. • VLANs 3 thr ough 6 ret[...]

12-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configur ing VLAN Tr unks Load Sharing Using STP Path C ost Y ou ca n configure para llel tru nks to share VLAN traff ic by setting different pa th costs on a tru nk and associ ating the path costs with di ff erent sets of VLANs, blo cking dif ferent [...]

12-23 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Configuring VMPS Beginn ing in priv ileg ed EXEC mode, follo w these steps to co nfigur e the networ k shown in Figure 12-3 : Configuring VMPS The VLA N Quer y Protocol (V QP) is u sed to suppor t dynami c-ac cess ports , which are not perma nently ass[...]

12-24 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configuring VMPS • “T rouble shoot ing Dynami c-Acce ss Port VLAN M embership ” secti on on page 12-2 9 • “VMP S Conf igurat ion Exam ple” s ecti on on pa ge 12 -29 Understand ing VMP S Each time t he client switc h recei ve s the MA C add[...]

12-25 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Configuring VMPS If the link goes down on a dy namic -access por t, the p ort r eturns to an is olated st ate and do es not be long to a VLAN. An y hosts th at come online thr ough the por t are check ed again thr ough the VQP with the VMPS before the [...]

12-26 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configuring VMPS Configuring the VMPS Client Y ou c onfigure dy namic V LANs by usi ng the VMPS (s erver). Th e switc h can b e a VMPS cli ent; it canno t be a VMPS server . Entering the IP Address of the VMPS Y ou must f irst ente r the IP addr ess o[...]

12-27 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Configuring VMPS T o return an interfac e to its default conf iguration, use the defaul t interface interface-id interface conf iguration command. T o return an interfac e to its defa ult switchpo rt mode (dynamic a uto), use the no switchport mode int[...]

12-28 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configuring VMPS Changing the Retry Count Beginn ing in pri vileg ed EXEC mode, follo w th ese step s to change the number of times that the switch attempt s to conta ct the VMPS before q uerying t he nex t serv er: T o return the switch to it s def a[...]

12-29 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 2 Configuring VLANs Configuring VMPS Troublesho oting Dyna mic-Acce ss Port V LAN Memb ership The VMPS shuts down a dynamic -access port unde r these cond itions: • The VMPS is in secure mode, and it does not allo w the host to connect to the port. The VMPS shuts down t[...]

12-30 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 12 Configuring VLANs Configuring VMPS Figur e 12 -4 Dynamic P or t VLAN M embership Con figur ation Primar y VMPS Ser ver 1 Catalyst 6500 series Secondar y VMPS Ser ver 2 Catalyst 6500 series Secondar y VMPS Ser ver 3 172.20.26.150 172.20.26.151 Catalyst 6500 series switc[...]

C HAPTER 13-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 13 Configuring VTP This c hapter describ es how to us e t he VLA N Trunking Prot ocol ( VTP) a nd the VLAN databa se fo r managing VLANs with the Catalyst 2960 switc h. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the co[...]

13-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 13 Configuring VTP Unders tanding VTP These sect ions co ntain this co nceptu al in forma tion: • The VTP Do main, pa ge 13-2 • VTP Mode s, page 13-3 • VTP Ad vert isem ents , pag e 13-3 • VTP V ersi on 2, pa ge 1 3-4 • VTP Prun ing, page 13-4 The VTP Do main A V[...]

13-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 13 Configur ing VTP Understanding VTP VTP Mode s Y ou ca n configure a supp orted switc h to be in one of the VT P modes listed i n Ta b l e 1 3 - 1 . VTP Advertisements Each swi tch in the VTP domain sends period ic globa l configuratio n advertise ments f rom each trunk po[...]

13-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 13 Configuring VTP Unders tanding VTP • Update id entity an d update timestamp • MD5 diges t VLAN co nf igurat ion, in clud ing max imum tr ansmi ssion unit (M TU) si ze fo r each VLAN. • Frame fo rmat VTP adv ertis ements distrib ute this VLAN in formation for each [...]

13-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 13 Configur ing VTP Understanding VTP Figure 13-1 shows a switched network w ithout VTP pruni ng enabled. Port 1 on Switch A and Port 2 on Switch D are assigned to the Red VLAN . If a broadc ast is sent f rom the host connec ted to Switch A, Switch A floo ds the broa dcast a[...]

13-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 13 Configuring VTP Conf igu rin g VTP See the “Enabling VT P Pruning” section on page 13-1 4 . VTP pr uning t akes effect sev eral sec onds aft er you enable it. VTP pruni ng does no t prune traffic from VLANs tha t are pruni ng-ineligi ble. VL AN 1 and VLANs 1002 to 1[...]

13-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 13 Configur ing VTP Configuring VTP VTP Configuration Options Y ou ca n configure VTP by using th ese configurat ion mode s. • VTP Configura tion in Global Configuration Mode , page 1 3-7 • VTP Configuratio n in VLA N Datab ase Configuratio n Mode, page 13-7 Y ou access [...]

13-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 13 Configuring VTP Conf igu rin g VTP VTP Configu ra tion Guidelines These sec tions descr ibe guid eline s you should fol low when implem entin g VTP in your ne twork. Domain Names When co nfiguring VT P for t he first tim e, you must a lways assign a doma in nam e. Y ou [...]

13-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 13 Configur ing VTP Configuring VTP • Do not enable VTP V ersion 2 on a switch unless all of the switches in the same VTP domain are V ersion-2-ca pabl e. When yo u enable V ersion 2 on a switc h, all of the V ersion-2- capable sw itches in the domain en able V ersion 2. I[...]

13-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 13 Configuring VTP Conf igu rin g VTP When you con figure a domain na me, it cannot be rem oved; you can only rea ssign a switc h to a different domain. T o r eturn the sw itch to a no-passwor d stat e, u se the no vtp password global co nfigurati on comman d. This exampl[...]

13-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 13 Configur ing VTP Configuring VTP Configuring a VTP Client When a switch i s in VTP clie nt mode, you ca nnot cha nge its VLAN configuration . The cli ent switch recei v es VTP u pdates from a VTP serv er in th e VTP d omain and then modif ies its confi guration accor din[...]

13-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 13 Configuring VTP Conf igu rin g VTP Disabling V TP (VTP Tr anspar ent Mod e) When you conf igure the switch fo r VTP transparent mode, VTP is disable d on the switch. The switch does not send VTP u pdates and does no t act on VT P update s received from ot her switche s[...]

13-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 13 Configur ing VTP Configuring VTP Enabling V TP Versio n 2 VTP V ersion 2 is disabled by default on VTP V ersion 2-capab le switches. When you enabl e VTP V ersion 2 on a switch, e very VTP V ersion 2-capable switc h in the VTP domai n enables V ersion 2. Y ou can onl y c[...]

13-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 13 Configuring VTP Conf igu rin g VTP Enabling V TP Prunin g Pruning inc reases available bandwi dth by restric ting flood ed traffic to those trunk lin ks that the traff ic must use to acces s the destinat ion devices. Y ou can onl y enabl e VTP prun ing on a swit ch in [...]

13-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 13 Configur ing VTP Configuring VTP Beginning i n privileged E XEC mo de, follow these steps to ver ify an d res et the VTP configurati on revision number on a switch befor e adding it to a VTP domain: Y o u can also change the VTP domain name b y enterin g the vlan databas[...]

13-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 13 Configuring VTP Monito ring VTP Monitoring VTP Y ou monito r VTP by disp layin g VTP c onfiguration i nforma tion: th e dom ain na me, t he cur rent VT P revision, and the n umber of VLAN s. Y ou ca n also displa y stat istics about the advertis emen ts se nt and recei[...]

C HAPTER 14-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 14 Configuring Voic e VLAN This chap ter des cribes how t o conf igure the v oice VLAN feature on the Catalyst 2 960 switch . V oice VLAN is referr ed to as an auxi liary VLAN in some Catalyst 650 0 family switc h documen tation. Note For c omplete s yntax and usag e info r[...]

14-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 14 Configuring Voice V LAN Unders tanding Voice VL AN Figur e 14 -1 Cisco 7960 IP Phone Conne ct ed t o a S witc h Cisco IP Phone Voice Traffic Y o u can conf igu re an access port with an attached Cisc o IP Phone to use one VLAN fo r voic e traf f ic and anot her VL AN fo[...]

14-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 4 Configuring Voice VLA N Configuring Voice VLAN Configuring Vo ice VLAN These sec tions co ntain this co nfiguration info rmat ion: • Default V oic e VLAN Configuratio n, page 14-3 • V oice VLAN Configu ration Guidelines, page 14-3 • Configuring a Port C onnec ted t[...]

14-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 14 Configuring Voice V LAN Configuring Voice VLAN • If the Ci sco IP Phone an d a d e vice a ttached t o the Ci sco IP Ph one ar e in t he same VLAN, they must be in the same IP subnet. These co nditions indica te that they are in the same VLAN: – They both use IEEE 80[...]

14-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 4 Configuring Voice VLA N Configuring Voice VLAN Configuring IP Phone Voi ce Traffic Y ou c an con figure a port connec ted to the Cisco IP Phone to send CDP pac kets to th e phone to configu re the wa y in whic h the phon e sends voic e traf fic. The p hone can carry v oi[...]

14-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 14 Configuring Voice V LAN Displa ying Vo ice VLA N T o return the port to its defa ult setting, use the no swit chport v oice vlan inter face co nfig uration comm and. Configuring the Priori ty of Incoming Data Frames Y ou ca n connec t a PC or other dat a device to a Cis[...]

C HAPTER 15-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 15 Configuring STP This chapt er desc ribes how to configure the Sp anni ng T ree Protoc ol (STP) on port-ba sed VLAN s on the Catalyst 296 0 switch. Th e switch ca n use either th e per-VLAN span ning-tre e plus (PVST+) protocol based o n th e IEEE 802. 1D sta ndard a nd C[...]

15-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Unders tanding Spa nning-Tree Featu res • Spanning- T ree Interoper ability and Backwar d Compatibility , page 15-10 • STP and IEEE 802.1Q Trunks, page 15-10 For config uration infor mation, see the “Configuring Spanni ng-Tree Features ” sec tion[...]

15-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Unders tanding Spanni ng-Tree Featu res Spannin g-Tr ee Topo logy and BP DUs The stable, ac tiv e spanning-t ree topology of a switch ed network is controlle d by these elem ents: • The uni que bridge ID (sw itch p rior ity and MAC address) a ssociate d[...]

15-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Unders tanding Spa nning-Tree Featu res Bridge ID, Switch Priority , an d Extended Syste m ID The IE EE 80 2.1D standa rd requi res th at ea ch switc h has a n uni que bridge ident ifier (bri dge ID ), wh ich control s the select ion of the ro ot switc h[...]

15-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Unders tanding Spanni ng-Tree Featu res An interfac e mov es through these state s: • From initiali zation to blocking • From bl ocking to list ening or to disab led • From list ening to lea rning o r to di sabled • From le arning t o fo rwarding [...]

15-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Unders tanding Spa nning-Tree Featu res Blocking State A Layer 2 interf ace in th e blocking state does not p articipate in frame f orwardin g. After initi alization , a BPDU is sent to each swi tch interface. A switch initially functions as the root unt[...]

15-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Unders tanding Spanni ng-Tree Featu res Disabled State A Laye r 2 int erface in th e disab led state do es not parti cipa te in frame forwar ding or in the span ning tree. An interf ace in the disabled state is nonop erational. A disab led int erfac e per[...]

15-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Unders tanding Spa nning-Tree Featu res Spanning Tree and Redun dant Conn ectiv ity Y ou c an crea te a re dundant back bone wi th spannin g tre e by connect ing two switch in terface s to an other device or to two different devices, as shown in Figu re [...]

15-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Unders tanding Spanni ng-Tree Featu res Becau se each VLAN is a sepa rate span ning- tree ins tance, th e switch a ccelerate s aging o n a per -VLAN basis . A spanni ng- tree rec onf igur ation on one VLAN can ca use the dyn amic addr esse s learne d on t[...]

15-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Configur ing Spannin g-Tree Feat ures Spanning-Tree Interoperability and Backward Compatibility T ab le 15-2 lists the inter operability and compatibility among the s upported s panning-tree mo des in a network. In a mi xed MSTP and PV ST+ n etwork, the[...]

15-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Confi guring S panni ng-Tree Featu res • Disabling Spann ing Tree, page 1 5-13 (optiona l) • Configuring t he Root Switc h, page 15-1 4 (opt iona l) • Configuring a Second ary R oot Switch, page 1 5-15 (optional) • Configuring Por t Prio rity , p[...]

15-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Configur ing Spannin g-Tree Feat ures If 128 insta nces of spa nning tr ee are alread y in use, yo u can disabl e spanni ng tree on one of th e VLANs and then enable it on th e VLAN where yo u want it to run. Use th e no spanning-tree vlan vl an-id glob[...]

15-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Confi guring S panni ng-Tree Featu res T o return to the def ault settin g, use the no spanning-tr ee mode globa l configurat ion com mand. T o ret urn the port to its defa ult setting, use the no spanning-tre e link-type inter face co nf igurat ion comm[...]

15-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Configur ing Spannin g-Tree Feat ures Beginning in privileged EXEC mo de, fol low these steps to disabl e spanni ng-tree on a per-VLAN basi s. This proc edure is option al. T o re -enable spa nnin g-tree, use the spanning-tree vlan vlan-id global c onfi[...]

15-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Confi guring S panni ng-Tree Featu res Note After conf iguring the switch as the roo t switch, we recomme nd that you av o id manuall y config uring the hello t ime, forward- delay time, and m aximu m-age tim e thro ugh th e spanning-tree vlan vlan- id h[...]

15-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Configur ing Spannin g-Tree Feat ures Beginn ing in pri vile ged EXEC mode, follo w these step s to confi gure a switch to b ecome the second ary root for the speci fied VLAN. This pr ocedur e is optional. T o return to the default setting, use t he no [...]

15-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Confi guring S panni ng-Tree Featu res Note Th e show spanning-tree inter face interface- id privileged EXEC command displa ys informa tion only if th e port is in a l ink-up oper ative state. Othe rwise, you can use th e show running-conf ig interface p[...]

15-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Configur ing Spannin g-Tree Feat ures Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure the cost of an interf ace. This procedur e is optional. Note Th e show spanning-tree inter face interface- id privileged EXEC command displa ys[...]

15-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Confi guring S panni ng-Tree Featu res Configuring th e Switch Priority of a VLAN Y ou can con fi gure the swit ch pri ority and make it more lik ely that the switc h will b e chosen as the root switch. Note Exercis e care when using this comm and. F or [...]

15-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Configur ing Spannin g-Tree Feat ures The sectio ns that f ollow prov ide the c onfi guration ste ps. Configuring the Hello Time Y ou can conf igure the in terv al between th e generation of configu ration messages b y the root switch b y chan ging the [...]

15-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 15 Configur ing STP Confi guring S panni ng-Tree Featu res Configuring the Forwarding -Delay Time fo r a VLAN Beginning i n privileged E XEC mode, follow these ste ps to c onfigure t he forwarding -del ay ti me for a VLAN. Th is proc edure is opt ional . T o return to the d[...]

15-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 15 Configuring STP Displaying the Spannin g-Tree Stat us Displaying the Sp anning-Tre e Status T o display th e spannin g-tree st atus, use one or mor e of the pri vileged EXE C command s in T abl e 15-5 : Y ou ca n clear spanning- tree co unters by using the clear spanni[...]

C HAPTER 16-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 16 Configuring MSTP This chapte r describes ho w to conf igure the Ci sco implementation of the Multiple STP (MSTP) on the Catalyst 296 0 switc h. The MSTP e nables multip le VLANs to be mapp ed to th e same span ning-tree instance, reducin g the number o f spann ing-tree i[...]

16-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Unders tanding MST P Understandin g MSTP MSTP , which uses RSTP for ra pid con vergence, en ables VL ANs to be grouped int o a spanni ng-tree instan ce, w ith ea ch insta nce havin g a s panning -tree topo logy inde pendent of other spanning -tree insta[...]

16-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Unde rsta ndi ng M STP IST, CIST, an d CST Unlik e PVST+ and rapid PVST+ in which all the spanni ng-tre e instances ar e indepe ndent, the MSTP establishes and maintains tw o types of spanning trees: • An interna l spanning tree (IST) , which is the sp[...]

16-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Unders tanding MST P Operations Between M ST Regions If there are multip le regio ns or legac y 802.1D switches wit hin the network, MSTP esta blishes and maintains the CST , which includes all MST reg ions and all leg acy STP switches in the network. T[...]

16-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Unde rsta ndi ng M STP Hop Count The IST and M ST inst ances do not use the mes sage- age an d maxi mum-age infor mation in the configurati on BPDU to c ompute the sp anni ng-tre e topolo gy . Inst ead, they use th e pa th cost to the root and a h op-cou[...]

16-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Unders tanding RSTP Ho we ver , the switch does not autom atically re vert to t he MSTP mode if it no l onger rece iv es IEEE 802.1D BPDUs be caus e it can not dete ct whe ther the legacy switch h as been r emoved from t he link unless th e legacy switc[...]

16-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Understa nding RST P In a st able to pology with co nsisten t po rt roles througho ut the networ k, the RSTP ensur es that every root port a nd desi gnated p ort immedia tely transit ion to t he forwarding state while all a ltern ate and bac kup ports ar[...]

16-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Unders tanding RSTP When S witc h C is co nnecte d to Swi tch B , a simil ar set of hands haki ng mes sag es are exch an ged. Switch C select s the port conn ected to Swi tch B as its root port, and both ends imm ediately transition to the forwar ding s[...]

16-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Understa nding RST P Figur e 16 -3 Sequence of Ev ents Dur ing Rapid Con ve r gence Bridge Protoco l Data Unit Format an d Process ing The R STP BP DU for mat is th e sam e as t he IEEE 802.1D BPD U fo rmat exce pt tha t th e proto col vers ion is set to[...]

16-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Unders tanding RSTP The RSTP does not have a separate topo logy chan ge notificati on (TCN) BPD U. It uses the topology change (TC) f lag to show the topolo gy changes. Howe ver , for interoper ability with IEEE 8 02.1D switches, the RST P swit ch proc[...]

16-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Confi guring MST P Featu res • Protoc ol mi gration—F or backwa rd co mpatibil ity with IEEE 8 02.1D swi tches, RSTP selecti vely sends IEEE 802.1D configuratio n BPDUs and TCN BPDU s on a per-port basis. When a port is initializ ed, the migrate- de[...]

16-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Configur ing MSTP Featur es For informat ion about the suppor ted numbe r of spanni ng-tree instan ces, see the “Supp orted Spanning -T ree In stan ces” se ction on pag e 15-9 . MSTP Con figuration G uidelines These are th e configurat ion guide li[...]

16-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Confi guring MST P Featu res Specifying the MST Region Co nfiguration and En abling MST P For two or more swit ches t o be in the same MST re gion, they must ha v e the same VLAN-to -instance mappin g, the same con figuration revision numbe r , and the [...]

16-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Configur ing MSTP Featur es T o r etur n to th e defa ult M ST region c onfigurati on, u se th e no spanning-tree mst configurat ion globa l conf iguration c ommand. T o return to the default VLAN-to-in stance map, use the no instance instance-id [ vla[...]

16-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Confi guring MST P Featu res forward- delay ti me, and max imum-a ge time for a network of tha t diamet er , which ca n significantl y reduce the co n ve rg ence time. Y o u can u se the hello k eyw ord to o v erride t he autom atically calc ulated hell[...]

16-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Configur ing MSTP Featur es T o return the switch to it s def ault setting, use the no spanning-tree mst instance-id roo t global configurati on c ommand. Configuring Port Priority If a l oop occur s, the MST P uses the port priority when selec ting an[...]

16-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Confi guring MST P Featu res Note Th e show sp anning-t ree mst inte rface interface-id privileged EXEC comma nd displa ys informa tion only if the port is in a link- up oper ative state. Ot herwi se, you can use the show running-config interfac e privi[...]

16-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Configur ing MSTP Featur es Note Th e show sp anning-t ree mst inte rface interface-id privileged EXEC comma nd displa ys informa tion only for por ts that are in a link-up ope rative state. Other wise, you can use the show running-confi g privileged E[...]

16-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Confi guring MST P Featu res Beginning in privileged EXEC mod e, fo llow these steps to co nfigure the sw itch pri ority . T his pr ocedure is optional. T o return the switch to it s def ault setting, use the no spanning-tree mst instan ce-id priority g[...]

16-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Configur ing MSTP Featur es Configuring th e Forwarding-Dela y Time Beginn ing in pri vilege d EXEC mode, follo w th ese steps to conf igure the forwarding-d elay time for all MST inst ance s. This procedure is optio nal. T o return the switch to it s [...]

16-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 16 Configur ing MSTP Confi guring MST P Featu res Configuring th e Maximum-H op Cou nt Beginning i n privileged E XEC mo de, follow these steps to con figure th e ma ximum- hop c ount fo r all MST inst ance s. This procedure is optio nal. T o return the switch to its defaul[...]

16-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 16 Configuring MSTP Displaying the MST Configu ration and Stat us Restarting the Protocol Mi gration Proce ss A switch r unning M STP supp orts a built-in pr otocol migrat ion mecha nism that enable s it to i nteroper ate with legacy IEEE 802.1D switche s. If this switc h[...]

C HAPTER 17-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 17 Configuring Optional Spannin g-Tree Features This chap ter desc ribes how to configure optio nal spanni ng-tr ee featur es on th e Catalyst 2 960 swi tch. Y ou can configure a ll of these fe ature s when you r switch is ru nning the per-VLAN spann ing-tr ee plus (PVST+) [...]

17-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 17 Configu ring Opti onal Sp anning -Tree Feature s Unders tanding O ptional Spann ing-Tre e Features Understand ing Port Fa st Port Fast immedia tely br ings an inte rface configured as an acces s or trunk port to the forward ing state from a blocki ng sta te, bypa ssing[...]

17-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 7 Configuring Op tional Spa nning-Tree Features Unders tanding Opt ional Spanning- Tree Featu res Understanding BPDU Guard The BP DU guard feature can be global ly enab led on th e switch or can b e enab led per in terfa ce, b ut the featu re oper ate s wit h som e differe[...]

17-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 17 Configu ring Opti onal Sp anning -Tree Feature s Unders tanding O ptional Spann ing-Tre e Features Understanding UplinkFast Switches i n hie rarchic al ne tworks can be grou ped into bac kbone sw itches, distri bution switc hes, an d acces s switches . Figur e 17- 2 sh[...]

17-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 7 Configuring Op tional Spa nning-Tree Features Unders tanding Opt ional Spanning- Tree Featu res Figur e 1 7 -3 U plinkF ast Example Bef ore Di r ect Link F ailur e If Switch C detects a lin k failure on the cur rently acti ve link L2 on the root port (a dir e ct link fai[...]

17-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 17 Configu ring Opti onal Sp anning -Tree Feature s Unders tanding O ptional Spann ing-Tre e Features The swit ch tries to f ind if it has an alt ernate pa th to the r oot switch. If the inferior BPDU arri v es on a blocked inte rface, t he root port an d other b locked i[...]

17-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 7 Configuring Op tional Spa nning-Tree Features Unders tanding Opt ional Spanning- Tree Featu res Figur e 1 7 -6 Ba ckbon eF ast Exam ple Af t er Indir ect Li nk F ailure If a ne w switc h is introduced into a share d-medium topo logy as sho wn in Figu re 17-7 , Back boneF[...]

17-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 17 Configu ring Opti onal Sp anning -Tree Feature s Unders tanding O ptional Spann ing-Tre e Features Unders tanding Root Gu ard The Laye r 2 network of a service provide r (SP) can in clude ma ny connectio ns to swit ches that ar e not owned by the SP . In such a topolo [...]

17-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 7 Configuring Op tional Spa nning-Tree Features Confi guring Opti onal Spa nning- Tree Featu res Understand ing Loop Guard Y ou can use loo p guard to prevent altern ate o r roo t port s from b ecom ing de signated ports b ecause of a failur e that leads to a unidir ection[...]

17-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 17 Configu ring Opti onal Sp anning -Tree Feature s Configur ing Opti onal Spanni ng-Tree Features Optional Spa nning-Tree Co nfiguration Guid elines Y ou ca n configure Port Fast, BPDU gua rd, BPDU filteri ng, Ethe rChan nel guar d, root gua rd, or loop guard if your sw[...]

17-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 7 Configuring Op tional Spa nning-Tree Features Confi guring Opti onal Spa nning- Tree Featu res Note Y ou can use the spanning-tree portf ast default global configurat ion co mmand to gl oball y enab le the Port Fast featur e on all nont runking por ts. T o disab le th e[...]

17-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 17 Configu ring Opti onal Sp anning -Tree Feature s Configur ing Opti onal Spanni ng-Tree Features Enabling BPDU Filtering When you glo bally enable BPDU fi ltering on Port Fast-e nabled interf aces, it pr ev ents inte rfaces th at are in a Port F ast-operat ional state [...]

17-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 7 Configuring Op tional Spa nning-Tree Features Confi guring Opti onal Spa nning- Tree Featu res Enabling Up linkFast for Us e with R edundan t Link s UplinkFas t can not be enab led on VLAN s that have been configured with a swi tch p riority . T o en able UplinkF ast on[...]

17-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 17 Configu ring Opti onal Sp anning -Tree Feature s Configur ing Opti onal Spanni ng-Tree Features Enabling Ba ckbon eFast Y ou ca n enab le Backb oneFast to dete ct indire ct link fail ures and to star t the span ning-t ree reconfigur ation sooner. Note If you use Backb[...]

17-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 7 Configuring Op tional Spa nning-Tree Features Confi guring Opti onal Spa nning- Tree Featu res Y ou ca n use the show interfaces status err -disabled privileged EXEC co mman d to show which switch ports are disabled because of an Ethe rChannel misconfigu ration. O n the[...]

17-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 17 Configu ring Opti onal Sp anning -Tree Feature s Displaying the Spannin g-Tree Stat us Beginn ing in priv ileg ed EXEC mode, follo w these steps to enable lo op guard. This procedur e is optional. T o g lobal ly dis able lo op gua rd, use the no spanning-tree loopguar[...]

C HAPTER 18-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 18 Configuring Flex Link s This ch apter describ es how to configure Flex Links, a pair of interfaces o n the Cat alyst 2 960 switch tha t are use d to prov ide a mu tual ba ckup. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter ,[...]

18-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 18 Configuring Flex Links Configur ing Flex L inks Figur e 1 8-1 Flex Link s Configu ratio n Example If a p rimary (for warding) li nk go es down, a trap n otifies the network mana gement stations. If the stan dby link goes do wn, a trap notif ies the users. Flex Links are[...]

18-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 8 Configuring Fl ex Links Monitor ing Flex Li nks Configurin g Flex Link s Beginning i n privileged E XEC mo de, follow these s teps to con figure a pa ir of Fl ex Links : This e xample s ho ws ho w to conf igur e an interfa ce with a ba ckup int erfac e and to ve rify the[...]

18-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 18 Configuring Flex Links Monito ring Flex L inks[...]

C HAPTER 19-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 19 Configuring DHCP Features This ch apt er descri bes how to configur e DHC P snoopi ng and t he o ption-82 d ata in sertion featu res on the Catalyst 296 0 switc h. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comm[...]

19-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 19 Configuri ng DHCP Feature s Unders tanding DHCP Feat ures DHCP Server The DHCP server as signs IP addresse s from sp ecified address pools on a switch or router to DHCP clients a nd manag es them . If the D HCP server ca nnot give the DHCP client the requ ested c onfigu[...]

19-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 9 Configuring DH CP Features Understa nding DHCP Fe atures The s witch d rops a DHCP pack et when one of the se si tuations occur s: • A pack et from a DHCP serv er , such as a DHCPOFFER, DHCP A CK, DHCPN AK, or DHCP LEASEQU ER Y p acket, is r eceived from outsid e t he [...]

19-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 19 Configuri ng DHCP Feature s Unders tanding DHCP Feat ures Figur e 1 9-1 DHCP Relay A g ent in a Metr opolitan Ether net Networ k When you ena ble the DHCP snoo ping info rmation option 82 on th e switch, this sequenc e of eve n t s o c c u r s : • The host (DHCP clien[...]

19-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 9 Configuring DH CP Features Understa nding DHCP Fe atures In the port field of th e circu it ID subopt ion, the port numbers st art at 3. For example , on a switch w ith 24 10/100 p orts and sma ll form -factor pluggable (SFP) mo dule slots, port 3 is th e Fast Ethernet 0[...]

19-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 19 Configuri ng DHCP Feature s Configur ing DHCP Fe atures This is the format of the f ile with bindings: <initial-checksum> TYPE DHCP-SNOOPING VERSION 1 BEGIN <entry-1> <checksum-1> <entry-2> <checksum-1-2> ... ... <entry-n> <checksu[...]

19-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 9 Configuring DH CP Features Config uring DHC P Features Default DHCP Co nfiguration T ab le 19-1 shows the default DH CP co nfiguration. DHCP Snooping Config uration Guidelines These ar e the configur ation guidelin es for DHCP snoo ping. • Y ou must gl obally en able D[...]

19-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 19 Configuri ng DHCP Feature s Configur ing DHCP Fe atures • Before co nfiguring the DHCP sn ooping inf ormatio n optio n on your switch, be sure to configure t he de vice t hat is actin g as the DHCP serv er . F or ex ample, you must spec ify the IP ad dresse s that the[...]

19-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 9 Configuring DH CP Features Config uring DHC P Features Enabling DHC P Snoo ping and Op tion 82 Beginning in privileged EX EC mode , foll ow these ste ps to ena ble D HCP snoo ping on the sw itch: Comma nd Pu rpos e Step 1 conf igure t erminal Enter globa l configurati on[...]

19-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 19 Configuri ng DHCP Feature s Configur ing DHCP Fe atures T o disab le DHCP snoopi ng, use the no ip dhcp snooping global configurat ion comm and. T o di sable DHCP snoo ping o n a VLAN or range of VLA Ns, use the no ip dhcp snooping vlan vlan -range global configurati o[...]

19-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 1 9 Configuring DH CP Features Displaying DHCP Snooping Information T o s top u sing the da tabas e ag ent a nd bindi ng files, use the no ip dhcp snooping database global configurat ion c omma nd. T o rese t the t imeou t or de lay values, use th e ip dhcp snooping databas[...]

19-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 19 Configuri ng DHCP Feature s Display ing DHCP Sno oping Inform ation[...]

C HAPTER 20-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 20 Configuring IGMP Sno oping and MVR This cha pter descr ibes how to configure Int ernet Group Ma nageme nt Proto col (IGMP) snooping on the Catalyst 29 60 switch, incl uding an applicat ion of l ocal IGMP sno oping, Mu lticast VLAN Registrati on (MVR). It also includes pr[...]

20-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Unders tanding IGM P Snoopin g Note For mor e inf ormati on on IP m ulticast and IG MP , see RFC 1112 and RFC 2236. The multica st router sends out periodic gener al queri es to all VL ANs. All hosts intereste d in this multi cast tra f[...]

20-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping Note IGM Pv3 join an d leave messages are not suppo rted on switc hes runn ing IGMP filtering or MVR. An IGMPv 3 swit ch ca n rece iv e messa ges from and fo rward me ssages to a device ru nning the Sourc e [...]

20-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Unders tanding IGM P Snoopin g The switc h hardware ca n distingui sh IGMP informa tion packet s from othe r packets for th e multic ast group. T he in format ion in the table te lls the swit ching engine t o send fram es a ddres sed to[...]

20-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping When hosts want to lea v e a multicast group, the y can silently leav e, or the y can send a lea ve message. When the switc h rece iv es a lea v e messag e from a host, it se nds a group-spe cif ic qu ery to[...]

20-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Configuring IGMP Snooping If you di sable IGMP report supp ression, al l IGMP rep orts are fo rwarded t o the multic ast router s. Fo r configuration steps, see the “Disabling IG MP R eport Suppressi on” sec tion on page 20 -14 . Co[...]

20-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Global IGMP sn ooping overri des the V LAN IGMP sn ooping. If glo bal snoo ping is disabl ed, yo u canno t enab le VLAN sno oping. If global sno oping is ena bled, you can enab le or disa ble VLAN snooping. Be[...]

20-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Note If you w ant to use CGMP as th e learn ing method a nd no mu lticast rou ters in t he VLAN ar e CGMP proxy-en abl ed, you mu st enter th e ip cgmp router -only comm and to dyna micall y access the router .[...]

20-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping T o remo ve a multicas t router port from the VLAN , use the no ip igmp snooping vlan vlan-id mr outer interface inte rface-id global configurat ion comm and. This e xample sho ws how to enable a static conn e[...]

20-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Note Im media te Leave is supported only on IGM P V er sion 2 h osts. Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable IGMP Immed iate Lea ve : T o disabl e IGMP Immed iate Lea v e on a VLAN[...]

20-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping T o globally reset the IGMP lea ve timer to the default setting, use the no ip igmp snooping last-member -query-int erva l global configura tion co mman d. To re mov e the conf igured IGMP lea v e-time settin[...]

20-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Recovering from Flood Mode When a topology change occurs, t he span ning- tree roo t sends a speci al IGMP leave message (also known as global lea ve) with the group multic ast address 0.0.0.0 . Ho we ver , wh[...]

20-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configuring th e IGMP S nooping Qu erier Follow these guideli nes wh en configuring t he IGMP snoo ping queri er: • Conf igure the VLAN in glob al conf iguration mode. • Conf igure an IP addre ss on th e [...]

20-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Displaying IGMP Snooping Information This exam ple sh ows how to set th e IGM P snoop ing q uerie r sour ce add ress to 10.0.0 .64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.0.0.64 Switch(config)# end This [...]

20-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Displaying IGMP Snooping Information T o d isplay IGMP snoo ping i nform ation , use one or mo re of t he privileged EX EC comm ands in T ab le 20-4 . For more inform ation abou t the keywords and option s in thes e co mman ds, see th[...]

20-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Unde rs tand ing M ult icas t VLA N Re gist rat ion Understandin g Multicast VL AN Registration Multica st VLA N R egistration (MVR) is d esigned for appli cations using w ide-sc ale d eploymen t of multic ast tr aff ic acr oss an Et h[...]

20-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Understanding Multicast VLAN Registration Figur e 20-3 Multica st VLAN Registr ation Ex ample When a subscriber chan ges channels or turns of f the tele vision, the set-to p box sends an IGMP leav e message for t he multica st stream [...]

20-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Conf igu rin g MVR These messa ges dynamically re gister for streams o f multicast traf fic in the multicast VL AN on the Layer 3 device. Switch B. The a ccess layer sw itch, Swi tch A, modifies t he forward ing be havior to a llow the[...]

20-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Configuring MVR • Because MVR on the switch uses IP multicast ad dresses instead of MA C m ulticast add resses, aliased IP multicast addresses are allo wed on the switch . Ho we ver , if the sw itch is interoperatin g with Catalyst [...]

20-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Conf igu rin g MVR T o return the switch to its defau lt settings, use th e no mvr [ mode | group ip- ad dress | querytime | vlan ] global configurat ion comm ands. This e xample s ho ws ho w to enab le MVR, conf igur e the group addre[...]

20-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Displaying MVR Information T o return the interfa ce to its default setti ngs, use the no mvr [ ty pe | immediate | vl an vlan -id | gro up ] interf ace conf iguration comman ds. This exam ple sh ows how to co nfigure a port a s a r e[...]

20-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng Configuring IGMP Fi lteri ng and Throttling In some en vironments, for ex ample, metropo litan or multiple-dwell ing unit (MDU) installat ions, you might w ant to control th e set of mul[...]

20-23 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling Default IGMP Filtering and Throttling Configuration T ab le 20-7 shows the def ault IGMP filter ing config uration. When the maximum numb er of groups is in forward ing table, the de fault IGM[...]

20-24 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng T o delete a prof ile, us e the no ip ig mp pro f ile pr ofile number gl obal co nfigurati on comm and. T o delete an IP multicast addre ss or range of IP multicast add resses, use the n[...]

20-25 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling T o remo ve a p rof ile fro m an interf ace, u se the no ip igmp f ilter pr ofile nu mber inter face c onfigu ration comm and. This exam ple sh ows how to appl y IGMP profile 4 t o a port: Swi[...]

20-26 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng Foll ow these gui delines when conf iguring the IGMP thro ttling action : • Y o u can u se thi s comman d on a l ogic al Ethe rChann el interf ace but ca nnot u se it on ports th at be[...]

20-27 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 0 Configuring IGMP Sno oping and M VR Displaying IGMP Filtering and Throttling Configuration T o return to the def ault action of dro pping the repor t, use the no ip igmp max-groups ac tion interfac e configurati on c ommand. Displaying IGMP Filtering and Throttling Conf[...]

20-28 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 20 Configuring IGMP Snooping and MVR Displaying IGMP Filterin g and Thro ttling Configu ration[...]

C HAPTER 21-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 21 Configuring Port-Base d Traffic Con trol This chapte r descr ibes ho w to con fig ure the por t-base d traf f ic contro l featur es on the Cata lyst 2960 switch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comman[...]

21-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 21 C onfiguring Port-Based Traffic Contro l Configuring Storm Control Storm contro l use s one o f these metho ds to m easure t raf f ic acti vity: • Bandwidth as a perc entage of the tot al av ailable bandwidth of the por t that can be used b y the broadca st, mul ticas[...]

21-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 1 Configuring Port-B ased Traff ic Control Configuring Storm Control Default Storm Control Configuration By default, unicast, broad cast, and multicast sto rm control are disabled on the swit ch interf aces; that is, the suppression le ve l is 100 percent. Configur ing Sto[...]

21-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 21 C onfiguring Port-Based Traffic Contro l Configuring Storm Control Step 3 sto rm- con tr ol { br oadcast | mul ticast | unicast } le vel { le vel [ lev el-low ] | bps bps [ bps-low ] | pps pps [ pps-low ]} Configure broa dcast, m ultica st, or unica st storm c ontrol . [...]

21-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 1 Configuring Port-B ased Traff ic Control Configuring Protected Ports T o disabl e storm co ntrol, use the no storm-control { br oadcast | multicast | unicast } level interface configurati on c ommand. This exa mple shows how to ena ble un icast stor m c ontrol on a port [...]

21-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 21 C onfiguring Port-Based Traffic Contro l Configur ing Port Block ing Prot ected P ort Co n figuration Guidelines Y ou ca n configure protec ted port s on a physical inter face (for exam ple, Gi gabit Eth erne t port 1) o r an Ether Channel group (for example, port -chan[...]

21-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 1 Configuring Port-B ased Traff ic Control Confi guring Port Securi ty Blocking Flooded Tra ffic on an Interface Note Th e inter face can be a physica l interfac e or an Ether Chann el group. When you blo ck multic ast or unic ast traffic for a port chan nel, it is bloc ke[...]

21-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 21 C onfiguring Port-Based Traffic Contro l Configuring Port Security • Enab ling and Configurin g Port Se curity , page 2 1-11 • Enablin g and Configurin g Port Se curity Aging, page 21-15 Understand ing Port Secu rity These sect ions co ntain this co nceptu al in for[...]

21-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 1 Configuring Port-B ased Traff ic Control Confi guring Port Securi ty Security Violations It is a security violatio n when o ne of the se situatio ns occurs: • The max imum number of secur e MA C addre sses have been add ed to t he addre ss table, and a sta tion whose M[...]

21-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 21 C onfiguring Port-Based Traffic Contro l Configuring Port Security Default Port Security Configuration T ab le 21-2 shows the def ault port security conf iguration for an interface. Port Secu rity Con figuration Guidelines Foll ow these gui delines when co nfig uring p[...]

21-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 1 Configuring Port-B ased Traff ic Control Confi guring Port Securi ty T ab le 21-3 summarizes port secu rity compati bility with other por t-based f eatures. Enabling a nd Con figuring Port Security Beginn ing in privi leged EXEC mode, follo w these steps to restrict inp[...]

21-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 21 C onfiguring Port-Based Traffic Contro l Configuring Port Security Step 6 switchport port-security [ maximum value [ vlan { vlan-list | { acces s | vo i ce }}]] (Opti onal) Set th e maxim um number of se cure MAC addresses for the interfa ce. The ma xim um number of se[...]

21-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 1 Configuring Port-B ased Traff ic Control Confi guring Port Securi ty Step 8 switchport port-security [ mac-addre ss mac-ad dr ess [ vlan { vlan-id | { access | voice }}] (Optiona l) En ter a secu re M A C addr ess fo r th e int erface. Y ou can use this co mmand to ente[...]

21-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 21 C onfiguring Port-Based Traffic Contro l Configuring Port Security T o return the in terface to the defau lt conditi on as not a secu re port, use the no switchport port-se curity interf ace conf iguration command. I f you enter this command wh en sticky learning is en[...]

21-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 1 Configuring Port-B ased Traff ic Control Confi guring Port Securi ty Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice Switch(config-if)# switchport port-securi[...]

21-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 21 C onfiguring Port-Based Traffic Contro l Displaying Port-Base d Traffic Cont rol Settings T o di sable port se curity agi ng for all sec ure addr esses on a port, use the no switchport port-security aging tim e interfac e conf igur ation comma nd. T o disabl e aging fo[...]

C HAPTER 22-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 22 Configuring CDP This c hapter d escrib es how to configure Cisco Discovery Protoco l (C DP) on the Catalyst 2960 swi tch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comman d reference for t his release a nd the [...]

22-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 22 Co nfigu ring CD P Conf igu rin g CD P Configuring CDP These sec tions co ntain this co nfiguration in format ion: • Default CDP Configurat ion, pa ge 22-2 • Conf iguring the CDP Ch aracteri stics, page 22-2 • Dis ablin g an d Ena bli ng CDP , pa ge 22 -3 • Dis[...]

22-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 2 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This e xample sho ws ho w to conf igur e CDP character istics. Switch# configure terminal Switch(config)# cdp timer 50 Switch(config)# cdp holdtime 120 Switch(config)#[...]

22-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 22 Co nfigu ring CD P Conf igu rin g CD P Disabling an d Enab ling CDP on a n Interfac e CDP is enabled by def ault on all supported inter faces to send and to rece iv e CDP information . Beginning in privileged EX EC mo de, fol low these s teps to d isab le CDP on a p or[...]

22-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 2 Configuring CDP Monitoring and Maintaining CDP Monitoring and Maintaining CDP T o m onito r and m aintai n CDP on your device, per form one or mor e of these tasks, begi nning in privileged EXEC mode . Command Description clear cdp counters Reset the tr af fic counter s [...]

22-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapte r 22 Co nfigu ring CD P Monito ring and Mai ntainin g CDP[...]

C HAPTER 23-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 23 Configuring SPAN and RSPAN This chap ter des cribes ho w to conf igure Switc hed Port Analyzer (S P AN) and Rem ote SP AN (RSP AN) on the Ca talyst 29 60 sw itch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comma[...]

23-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Understan ding SPAN and RSPA N These sect ions co ntain this co nceptu al in forma tion: • Local SP AN, page 23-2 • Remo te SP AN, page 23-2 • SP AN and RSP AN Conce pts and T ermino logy , pa ge 23 -3 • SP AN a nd RSP AN Inte raction [...]

23-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN Figur e 23 -2 Example of R SP AN Configur ation SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts an d terminology associat ed with SP A N and RSP AN co nfiguration. SPAN Sessions SP AN [...]

23-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Understan ding SPAN and RSPA N An RSP AN source sessio n is ver y similar to a lo cal SP AN session, ex cept for where the pack et stre am is directe d. In an RSP AN source session, SP AN packets are r elabeled w ith the RSP AN VLAN ID and dir[...]

23-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN • T rans mit (T x) SP A N—Th e goal of tran smi t (or egress) SP AN is to moni tor as much as pos sible a ll the p ackets sent b y the sou rce int erfac e aft er all m odif ication and p rocess ing is perfor me[...]

23-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Understan ding SPAN and RSPA N • It ca n be a n acce ss por t, trunk port , or voic e VLA N port . • It ca nnot be a de stinati on po rt. • Source por ts can be in the same or differen t VLANs. • Y ou can monit or multiple so urce port[...]

23-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN A destinati on port has th ese charact eristics: • For a local SP A N session, the d estinat ion port must reside on the same sw itch as the source port. For an RSP AN session, it is located on the switch contain[...]

23-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Understan ding SPAN and RSPA N RSPAN V LAN The RSP AN VLAN c arries SP AN traf f ic betwe en RSP AN source and destination se ssions. It has these special ch aracter istics: • All traf fic i n the RS P AN VLAN i s alw ays flooded. • No MAC[...]

23-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Config uring SPAN and RSPAN If a physi cal por t that be longs to an Ethe rChan nel gro up is a d estinat ion port and the E therC hannel group is a sourc e, the port i s removed from t he E therCh annel g roup a nd from t he li st of mon itore [...]

23-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Configuring Local SPAN These sec tions co ntain this co nfiguration in format ion: • SP AN Co nfig uration Guideline s, page 23-10 • Creating a Loca l SP AN Session, page 23 -10 • Creati ng a Local SP AN Sessi[...]

23-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Config uring SPAN and RSPAN Step 3 monitor s ession session_numbe r source { interface in terface-id | vl an vlan-id } [ , | - ] [ both | rx | tx ] Specify the SP AN sessio n an d the source p ort (monit ored po rt). Fo r session _number , th e[...]

23-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no mo nitor session session _number gl obal c onfiguration c ommand. T o r emove a source or d estination port or VL AN from the SP A N sessi on, use the no monitor session sessio[...]

23-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Config uring SPAN and RSPAN This exampl e shows ho w to disab le rece iv ed traffic monitorin g on port 1, whic h was configured for bidirec tional mo nitorin g: Switch(config)# no monitor session 1 source interface gigabitethernet0/1 rx The mo[...]

23-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no mo nitor session session _number gl obal c onfiguration c ommand. T o r emove a source or d estination port or VL AN from the SP A N sessi on, use the no monitor session sessio[...]

23-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Config uring SPAN and RSPAN This example shows how to remov e any existing configuration on SP A N session 2, configure SP A N session 2 to mo nitor received traff ic on Gigabit Etherne t sourc e port 1, an d send it to destina tion Gi gabit Et[...]

23-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o monitor all VLANs on the trunk port, use the no monitor session session_nu mber filt er global configurati on c ommand. This example shows how to remov e any existing configuration on SP A N session 2, configure[...]

23-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Config uring SPAN and RSPAN • RSP AN VLANs a re included as sou rces for port- based RSP A N sessions when source trunk por ts ha ve acti ve RSP AN VLANs. RSP AN VLANs can also be sources in SP AN sessions. Ho wev er , since the swi tch do es[...]

23-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Creating an RSPAN S ource Session Beginning in privileged EXEC mo de, fol low these steps t o start an RSP AN source se ssion and to specif y the monito red source a nd the destin ation RSP AN VLAN: T o delete a SP [...]

23-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Config uring SPAN and RSPAN T o rem ove a source port or VLAN fro m the SP AN ses sion, use the no monitor session session_n umber sour ce { interface interface-id | vlan vlan-i d } global conf iguration comman d. T o remo ve th e RSP AN VLAN f[...]

23-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no mo nitor session session _number gl obal c onfiguration c ommand. T o r emove a destinat ion por t from the SP AN session, use the no monito r session session_ number destinati[...]

23-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Config uring SPAN and RSPAN T o delete an RSP AN session, use the no monitor session session_number global configuration comman d. T o remove a destin ation po rt from the RSP A N session, use the no monit or session session_num ber destination[...]

23-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Specifying VLANs to Filter Beginning in privileged EXEC mo de, follow these steps to con figure the RSP AN source session to limit RSP AN source traf f ic to specif ic VLANs: T o monitor all VLANs on the trunk port,[...]

23-23 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Displaying SPAN and RS PAN Sta tus Displaying SPAN and RSPAN Status T o displ ay the cu rrent SP AN or RSP AN configurat ion, use the show monitor user EXEC comm and. Y ou can also use t he show running-conf ig privileged EX EC comm and to d is[...]

23-24 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 23 Configuring SPAN and RSPAN Display ing SPAN and RSPAN Status[...]

C HAPTER 24-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 24 Configuring UDLD This c hapter descri bes how to c onfigure t he Un iDirec tional Link D etect ion (U DLD) protoc ol on t he Catalyst 2960 switch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comman d refere nce f[...]

24-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 24 Configuring UDLD Unders tanding U DLD In norm al mode, UDL D detect s a unidirec tional li nk when f iber strand s in a fi ber -opt ic port are misconnecte d and the Layer 1 mechanisms do not de tect this misconnec tion. If the po rts are connected correctl y bu t the t[...]

24-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 4 Configuring UD LD Understand ing UDLD • Ev ent-dr iv en det ection an d echoin g UDLD re lies on echo ing as its detec tion m echanism . Whene ver a U DLD de vice lear ns abou t a ne w neighb or or receives a resynchro nizat ion requ est from an out-of -sync nei ghbor,[...]

24-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 24 Configuring UDLD Conf igu ring U DLD Configuring UDLD These sec tions co ntain this co nfiguration in format ion: • Default UD LD Configurat ion, pa ge 24-4 • Configuration Gu idelines, page 24-4 • Ena bling UDLD Gl oball y , page 24-5 • Ena bling U DLD on an In[...]

24-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 4 Configuring UD LD Configur ing UDLD Enabling UDL D Globally Beginn ing in pri vilege d EXEC mode, follo w th ese steps to enable UDLD in the aggressi ve or nor mal mode a nd to se t th e co nfigurable m essag e time r on all fiber-optic p orts on the switch : T o d isab [...]

24-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 24 Configuring UDLD Displa ying U DLD Statu s Resetting an Interface Disabled by UDLD Beginn ing in pri vilege d EXEC mode, follo w these steps to reset all ports disable d by UDLD: Y ou ca n also bri ng up the port by using th ese comma nds: • The shutdown inter face co[...]

C HAPTER 25-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 25 Configuring RMON This c hapter describ es how to c onfigure Remo te N etwork Mo nitori ng (RMO N) on the C ataly st 2960 switch. RMON i s a standa rd m onitori ng specificati on that defines a se t of sta tistics a nd f unctions that can be exchanged between RMON-c ompli[...]

25-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 25 Configuring RMON Conf igu ring R MON Figur e 25 -1 Remote Monito r ing Ex ample The switc h supports these RM ON groups (defined in RFC 1757) : • Statistics ( RMON group 1)—Collects Ethernet statistics ( including F ast Ether net and Gig abit Ethern et statist ics, [...]

25-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 25 Configur ing RMON Confi guring RMON Default RMON Configuration RMON is disa bled by default ; no alarms or events are configur ed. Only RMON 1 is supp orted on the switch. Configuring R MON Alarms a nd Events Y ou can configure your s witc h for RMON by using t he com man[...]

25-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 25 Configuring RMON Conf igu ring R MON T o disable an alarm, use the no rm on al arm number global c onfigurati on com mand on e ach al arm you configured . Y o u ca nnot di sable at on ce al l the a larms that yo u con figured. T o disable an event, use t he no rmo n eve[...]

25-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 25 Configur ing RMON Confi guring RMON Collectin g Group Hist ory St atistics on an Interface Y ou must first c onfigure RM ON al arms an d events to displ ay co llec tion inf ormat ion. Beginn ing in pri vile ged EXEC mo de, follo w these steps to collect gr oup history sta[...]

25-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 25 Configuring RMON Displa ying RM ON Sta tus Collectin g Group Et hernet St atistics on an Interface Beginn ing in pr iv ileged EXEC mode, follo w thes e steps to collect g roup Ethernet statistic s on an interf ace. This proc edure is optional. T o disa ble t he coll ect[...]

C HAPTER 26-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 26 Configuring System Message Logg ing This chapter descr ibes ho w to configure syst em message logging on the Catalyst 2960 switch . Note For c omplete sy ntax a nd usag e info rmation for th e comman ds used in th is chapt er , see the Cisco IOS Configuration Fund amen t[...]

26-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 26 Config uring Syste m Message Logg ing Configur ing System Message L ogging Configuring Sy stem Message Lo gging These sec tions co ntain this co nfiguration in format ion: • System Log Me ssage Format, page 26-2 • Default Syste m Message Logg ing Con f igura tion, p[...]

26-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 6 Configuring Syste m Message L ogging Config uring Syst em Message Logging This example shows a partial switch system message : 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to [...]

26-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 26 Config uring Syste m Message Logg ing Configur ing System Message L ogging Beginning i n privileged E XEC mo de, follow these s teps to di sable message loggi ng. Thi s proc edure is optional. Disabling the logging process can slow d o wn the switc h because a process m[...]

26-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 6 Configuring Syste m Message L ogging Config uring Syst em Message Logging The logging buffered globa l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer . The buf fer is c ircul ar , so ne wer message s overwrite o lder m ess ages af ter t he buf[...]

26-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 26 Config uring Syste m Message Logg ing Configur ing System Message L ogging is retu rned. Ther efore , unsolici ted messag es and deb ug command output ar e not inter sperse d with solicite d device o utput and p rompts. Afte r the unsol icited m ess ages ap pear, the co[...]

26-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 6 Configuring Syste m Message L ogging Config uring Syst em Message Logging Enabling a nd Disab ling Time S tamps on Log M essages By default, log message s are not time-stam ped. Beginning in privileged EXEC mo de, follow these steps to enab le time-st ampin g of log me s[...]

26-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 26 Config uring Syste m Message Logg ing Configur ing System Message L ogging T o di sable seq uenc e numbers, use the no service seque nce-numbers global co nfiguration c omman d. This example shows part of a logging displa y with seque nce numbe rs enabl ed: 000019: %SYS[...]

26-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 6 Configuring Syste m Message L ogging Config uring Syst em Message Logging T ab le 26-3 descri bes the le vel keywords. It also li sts the corre sponding UNIX syslog definitions f rom the most se vere le vel to the least sev ere le v el. The sof tware genera tes fou r oth[...]

26-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 26 Config uring Syste m Message Logg ing Configur ing System Message L ogging Beginn ing in pr iv ilege d EXEC mode, follo w the se steps to change th e le ve l and hi story table si ze defaults. T his proc edure i s option al. When the histor y table is full (i t contain[...]

26-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 6 Configuring Syste m Message L ogging Config uring Syst em Message Logging Logging Messages to a UNIX Syslog Daemo n Before yo u can send system log messages to a UNIX syslog server , you must con figure the syslog daemon on a UNIX ser ver . T his p rocedur e i s opti on[...]

26-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 26 Config uring Syste m Message Logg ing Display ing the Log ging Confi guration T o remo ve a syslog serv er , use the no logging ho st gl obal c onfiguration comm and, and specif y the syslo g server IP address. T o disable logging to syslog servers, enter the no lo ggi[...]

C HAPTER 27-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 27 Configuring SNMP This chapt er describ es ho w to configure the Simpl e Network Mana gement Proto col (SNM P) on the Catalyst 2960 switch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comman d refere nce fo r th i[...]

27-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 27 Co nfiguring SNMP Unders tanding SNM P • Using SNMP to Access MIB V a riables, page 27-4 • SNMP Notif ications, page 27-5 • SNMP ifIn dex MIB Object V alue s, page 27 -5 SNMP Versio ns This sof tware re lease su pports t hese SN MP versions : • SNMPv1—Th e Sim[...]

27-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 27 Configur ing SNMP Underst anding SN MP T ab le 27-1 identif ies the charac teristics of the dif ferent combinations of secur ity models and le vels. Y ou must configure the SN MP agent to use the SNMP version supp orted by the mana gement station. Because an ag ent can co[...]

27-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 27 Co nfiguring SNMP Unders tanding SNM P SNMP Agen t Fun ctions The SNMP a gent responds to SNMP manage r requests as follo ws: • Get a MIB v ariable—Th e SNMP agent be gins this functi on in response to a request f rom the NMS. The agen t retri ev es the value of the[...]

27-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 27 Configur ing SNMP Underst anding SN MP Figur e 27 -1 SNMP Networ k For informati on on suppor ted MIBs and how to access them, see Appen dix A, “ Suppor ted MIBs. ” SNMP Notifications SNMP allo ws the switch to send n otifica tions to SN MP managers when par ticular e[...]

27-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 27 Co nfiguring SNMP Conf igu rin g SNMP The swi tch u ses on e of the v alue s in T able 2 7-3 to assign an ifInde x valu e to an interfac e: Note The switch m ight not use s equential va lues with in a ran ge. Configuring SNMP These sec tions co ntain this co nfiguration[...]

27-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 27 Configur ing SNMP Configuring SNMP SNMP Config ura tion Guidelines If the swi tch star ts and the wit ch startup conf igurat ion has at le ast one snmp-serv er globa l configuration comm and, the SNM P ag ent i s en ab led. An SNMP gr oup is a tab le th at maps SNMP users[...]

27-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 27 Co nfiguring SNMP Conf igu rin g SNMP Disabling the SNMP Agent Beginn ing in pr iv ileged EXEC mode, f ollo w these steps to disable the SNMP agent: The no snmp-server global con figuration co mman d disable s all runn ing versions (V ersi on 1, V ersio n 2C, an d V er [...]

27-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 27 Configur ing SNMP Configuring SNMP Note T o disa ble a ccess for an SNMP c ommunity , set th e commu nity string for th at com munity to the null string (do not enter a value for th e communi ty string ). T o remov e a specif ic community string, use the no snm p-s erver [...]

27-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 27 Co nfiguring SNMP Conf igu rin g SNMP Beginn ing in pri vileg ed EXEC mode, follo w th ese step s to configur e SNMP on the switch: Command Purpo se Step 1 co nfigure term ina l En ter global co nfiguration mo de. Step 2 sn mp- server en gi neID { loca l eng ineid-stri[...]

27-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 27 Configur ing SNMP Configuring SNMP Configuring SNMP Notifications A trap manag er is a mana geme nt statio n that recei ves and pr ocesses traps. T raps are sy stem aler ts that the switc h gen erates wh en cert ain events occu r . By default, no trap mana ger is defined[...]

27-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 27 Co nfiguring SNMP Conf igu rin g SNMP Note Th ough v isible in the com mand- line he lp strin gs, the cpu [ thre shol d ], insertion , a nd removal ke yword s are not sup ported. T o enab le the sendin g of SNMP infor m notifications, use the sn mp- server e nable trap[...]

27-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 27 Configur ing SNMP Configuring SNMP Beginn ing in pri vileg ed EXEC mode, f ollow these steps to conf igure th e switch to send traps or infor ms to a host: Command Purpose Step 1 conf igure terminal Enter globa l configurati on mode. Step 2 snmp-ser ver engineID r emot e[...]

27-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 27 Co nfiguring SNMP Conf igu rin g SNMP The snmp-ser ver host comman d speci fies which h osts r ecei ve the n otif ications. The snmp-ser ver enab le trap command global ly enable s the mech anism for t he specif ied notif ication (f or trap s and informs ). T o enable [...]

27-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 27 Configur ing SNMP Configuring SNMP Limiting TFTP Server s Used Thr ough SNM P Beginning i n privileged E XEC mo de, follow these s teps to lim it the TFTP servers u sed f or saving a nd loading c onfigu ration f iles thro ugh SNMP to the server s specif ied in a n access[...]

27-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 27 Co nfiguring SNMP Displaying SNMP Status This e xample shows h ow to allo w r ead-only ac cess for all objects to members of access list 4 that use the coma ccess community string. No other SNMP mana gers have access to any objects. SNMP Authentic ation Failu re traps [...]

C HAPTER 28-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 28 Configuring Network Security with ACLs This c hapter d escribes how to configure ne twork sec urity on the C atalyst 2960 switch by using acc ess contr ol lists (A CLs), which in comman ds and tables are also refer red to as access lists. Note In format ion in this ch ap[...]

28-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Unders tandin g ACLs Y ou co nfigure acc ess lists on a switc h to provide ba sic secur ity for your ne twork. If you do not configure A CLs, all packets pa ssing thro ugh the switc h could be al lowed onto all par ts of the networ[...]

28-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls Figur e 28 -1 Using A CLs t o Contr ol T ra ff ic t o a Netw or k When you apply a port A CL to a trunk port, the A CL filters traf fic on all VLANs presen t on the trunk port. When you apply a po rt ACL to [...]

28-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Conf iguri ng I Pv4 AC Ls Consid er acc ess l ist 102, conf igured wi th these command s, ap plied t o thre e frag mented p ackets : Switch(config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch(config)# access-list 1[...]

28-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs The sw itch does not support these Cisco IOS router ACL-related fe atures: • Non -IP prot ocol A CLs (see T abl e 28-1 on page 28-6 ) or bri dge-g roup A CLs • IP accoun ting • Inbound an d outbou nd ra[...]

28-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Conf iguri ng I Pv4 AC Ls Access List Numbers The numbe r you use to denote your ACL sho w s the type of access list that you are cre ating. T a ble 28-1 lists the ac cess-list number and cor respon ding acce ss li st type and sho [...]

28-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Creating a Numbered Standard ACL Beginning in privileged EX EC mode, fol low these steps t o create a nu mbered st anda rd A CL: Use th e no access-list access-list- number gl obal co nf igurati on comm and t[...]

28-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Conf iguri ng I Pv4 AC Ls The switch alwa ys re writes th e order of sta ndard acce ss lists so that e ntries with host matche s and en tries with mat ches having a do n’t car e mask of 0.0.0.0 ar e mov ed to the top of the list,[...]

28-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Beginn ing in pri vileg ed EXEC mode, follo w th ese step s to create an extended A CL: Command Purpo se Step 1 co nfi gure terminal En ter glob al co nfiguration mo de. Step 2a a ccess-list ac cess-list-n um[...]

28-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Conf iguri ng I Pv4 AC Ls or access-list access-list-number { deny | permit } pr o tocol host sour ce host d estination [ prec edence pr eceden ce ] [ tos tos ] [ fragmen ts ] [ tim e-range time- range-name ] [ dscp dsc p ] Def in[...]

28-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Use the no access-lis t access- list-number global con figur ation command to delete the enti re access list. Y ou canno t dele te in dividual ACEs from n umber ed acc ess lis ts. This e xample sho ws how to[...]

28-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Conf iguri ng I Pv4 AC Ls After c reating a numb ered e xtended A CL, you can apply it to termina l lines (see the “ Applying an IPv4 A CL to a T erminal Li ne” sec tion on page 2 8-16 ), to inter faces (see t he “ Appl ying[...]

28-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs T o remo ve a na med st andar d A CL, us e the no ip access-list standard name globa l configuratio n comm and. Beginn ing in pri vilege d EXEC mode, follo w th ese steps to create an extended A CL using nam[...]

28-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Conf iguri ng I Pv4 AC Ls After y ou creat e an A CL, any ad dition s are plac ed at the en d of the list. Y ou cannot se lecti v ely add A CL entrie s to a specif ic A CL. Howe ver , you can use no permit and no deny access-list [...]

28-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Repeat the steps if you ha ve multiple items that you w ant in ef fect at dif ferent times. T o remo ve a co nf igured time-ran ge limit ation , use the no time-ran ge time-range-na me globa l configurati on[...]

28-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Conf iguri ng I Pv4 AC Ls The rem ark ca n go before or after a permi t or deny statem ent. Y ou shou ld be con sistent ab out wh ere you put the rem ark so that it is cl ear which r emark describes w hich permit or den y statem e[...]

28-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs T o remo ve an A CL from a term inal line, use the no access-class access- list-number { in | out } l ine configurati on c ommand. Applying an IPv4 ACL to an Interface This se ction descri bes how to apply I[...]

28-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Conf iguri ng I Pv4 AC Ls IPv4 ACL Co nfiguration E xamples This se ction provides examples of con figuring a nd appl ying I Pv4 ACLs. For deta iled i nform ation a bout compilin g A CLs, see t he Cisco IOS Se curity Con figuratio[...]

28-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Named ACLs This exam ple c reates a n extende d A CL nam ed m arketing_group .The marketing_g r oup A CL allo ws any TCP T elne t traff ic to th e destina tion ad dress and w ildcar d 171.69 .0.0 0.0. 255.2 [...]

28-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Creating Nam ed MAC Ext ended ACL s In this example of a named A CL, the Jones su bnet is not a llowed to use outbou nd T elne t: Switch(config)# ip access-list extended telnetting Switch(config-ext-nacl)# remark Do not allow Jone[...]

28-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 8 Configuring Netw ork Securit y with ACLs Creat ing N ame d MA C Ex tend ed AC Ls Use the no mac access-list extended name global conf igurati on command to delete the entire A CL. Y ou can a lso del ete individual A CEs from nam ed MAC extende d A CLs. This exam ple sh [...]

28-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 28 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration After receiv ing a packet, the switc h checks i t agains t the inbou nd A CL. If the A CL permits it , the swit ch continue s to proc ess the pa cket. If the A CL rej ects the packet, the swit [...]

C HAPTER 29-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 29 Configuring QoS This chapte r describes ho w to conf igure quality of service (QoS) b y using automatic QoS (au to-QoS) comman ds or by using standard Q oS comman ds on the Ca talyst 2960 sw itch. With QoS, you can p rovide preferent ial treatment to c ertain types of tr[...]

29-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Unders tanding Q oS The QoS imple mentatio n is based on the Dif ferent iated Servi ces (Dif f- Serv) arc hitectur e, an emer gin g standar d from the In ternet Engineer ing T ask Forc e (IET F). This archite cture sp ecif ies th at each packe t is c[...]

29-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Unde rsta ndi ng QoS Figur e 29 -1 QoS Classificat ion La yer s in F r ames and P ac k ets All swi tches and rou ters t hat acce ss the Intern et rely o n the class inf ormation to pro vide th e sam e forwar ding treatmen t to packe ts with the same clas[...]

29-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Unders tanding Q oS Figure 29-2 sh o ws the basic QoS model. Actio ns at the ingress port incl ude classifying traf fic, policing , markin g, qu eueing , an d s chedul ing: • Classifying a distinct path for a pack et by associati ng it with a Qo S [...]

29-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Unde rsta ndi ng QoS Classification Classification is the pro cess of distingu ishing one kind of traffic from anothe r by e xamin ing the fields in the packe t. Classif ication is enab led only if QoS is globally ena bled on the switch. By defa ult, QoS[...]

29-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Unders tanding Q oS After cla ssification, th e pac ket is sent to the polic ing, marki ng, and the ing ress queue ing and schedul ing stag es. Figur e 29 -3 Classification Flow chart 86834 Generate the DSCP based on IP precedence in pack et. Use the[...]

29-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Unde rsta ndi ng QoS Classification Based on QoS ACLs Y ou c an us e IP sta ndard, IP extende d, or Layer 2 MA C ACLs to define a group of packet s with the sa me char act eris tics ( class ). In the QoS conte xt, the pe rmit and deny actions in the acce[...]

29-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Unders tanding Q oS Y o u creat e and name a p olic y map b y using the policy-map global con figuratio n comma nd. Wh en you enter this c ommand, the switch ente rs the polic y-map conf igur ation mode. In this mode, you spec ify the actions to tak [...]

29-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Unde rsta ndi ng QoS Policing on Physical Ports In policy m aps o n physic al por ts, y ou can create these types of pol icers: • Individual QoS applies the bandwid th limits specif ied in the policer separate ly to each matched traf f ic class. Y ou c[...]

29-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Unders tanding Q oS Figur e 29 -4 Po licing and M ar king Fl ow c hart o n Ph ysi cal P orts Mapping T ables During Qo S processing, the switc h represe nts the pri ority of a ll traff ic (inc luding non- IP traffic) with an QoS label base d on the [...]

29-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Unde rsta ndi ng QoS • Before the traf fic reache s the sched uling stag e, QoS stores th e pack et in an ingr ess and an e gress queue acco rding to the QoS lab el. The QoS label is based on the DSCP or the CoS valu e in the pack et and sel ects the [...]

29-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Unders tanding Q oS Weighted Tail Drop Both the in gress an d egr ess queu es use an enh anced v ersion of the tail-d rop cong estion -a vo idance mecha nism ca lled weight ed ta il dr op (WTD ). WT D is impleme nted o n que ues t o mana ge the queu[...]

29-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Unde rsta ndi ng QoS In shar ed mod e, the queues share th e band width am ong th em ac cordi ng to the configured weight s. The bandwidt h is guarante ed at t his level but not limit ed to i t. For example , if a queue i s emp ty and n o long er requir[...]

29-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Unders tanding Q oS The switch supports tw o conf igurable in gress queues, wh ich are se rviced b y SRR in shar ed mode only . T ab le 29-1 descr ibes the que ues. Y ou a ssign each packet t hat flows throug h the sw itch to a queu e and to a thre [...]

29-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Unde rsta ndi ng QoS Priorit y Queueing Y ou ca n configure one ingress que ue as the prio rity qu eue by using the mls qos srr -queue input priority-queue queue-id ba ndwi dt h weight globa l configura tion com mand . Th e prio rity q ueue shoul d be u[...]

29-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Unders tanding Q oS Figur e 29 -8 Queueing and Sc hedulin g Flow char t for Eg r ess P orts Each por t supports fo ur egress queue s, one of w hich (queue 1) can be the egress expedite qu eue. The se queues are assig ned to a queue-set. All traf f i[...]

29-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Unde rsta ndi ng QoS b uf fers) or not empty (f ree b uff ers). If the queue is no t ove r- limit, the sw itch can alloca te bu f fer space from t he r eserved poo l or f rom th e co mmon pool (if it is n ot emp ty). I f th ere a re no free buf fers i n[...]

29-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Unders tanding Q oS ID 1 a nd ID 2. T he drop thresho ld f or thre shold I D 3 i s pre set t o the queue-f ull sta te, and you c annot modify it . For more informa tion a bout how WTD works, see th e “W eighted T ail Drop” sectio n on page 29-1 [...]

29-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Configuring Auto-QoS The input mutatio n causes the DSCP to be rewritten depe nding on the new v alue of DSC P chosen. The set action in a polic y map also causes the DSCP to be re written. Configuring Auto-QoS Y ou c an use the auto-Q oS feat ure to si[...]

29-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Conf igu rin g Aut o-Q oS T ab le 29-3 shows the genera ted aut o-QoS c onfiguration for the ing ress q ueues. T ab le 29-4 shows the genera ted aut o-QoS c onfiguration for t he egress q ueues. When you en able the auto -QoS featu re on the f irst [...]

29-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Configuring Auto-QoS • When y ou enter the auto qos voip cisco-softphone interface co nfiguration c omma nd on a port at the ed ge of the ne twork tha t is conne cted to a device r unning the Cisco Sof tPhone, the switch uses policing to determine wh [...]

29-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Conf igu rin g Aut o-Q oS The switch au tomatical ly maps DSCP v alues to an ingress queue and t o a t hres hold ID. Switch(config)# no mls qos srr-queue input dscp-map Switch(config)# mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 [...]

29-23 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Configuring Auto-QoS The s witch a utoma tically configures the egre ss que ue buffer size s. It c onfigures t he bandw idth and th e SRR m ode ( shaped or shared) on the egress queues ma pped to the por t. Switch(config)# mls qos queue-set output 1 thr[...]

29-24 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Conf igu rin g Aut o-Q oS Effects of Auto-QoS on the Configuration When auto- QoS is en abled, th e aut o qo s v oip inter face configurat ion comm and and the gener ated configurati on are adde d to the ru nning configu ration. The swi tch applie s[...]

29-25 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Configuring Auto-QoS Enabling Auto-QoS for VoIP Beginn ing in pri vilege d EXEC mode, follo w th ese steps to enab le auto-QoS for V oIP within a QoS domain: T o display the QoS commands that are automatic ally generated when auto-QoS is enabled or disa[...]

29-26 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Conf igu rin g Aut o-Q oS This e xample sho ws how to enable auto-QoS an d to trust the QoS labels recei ved in incoming pack ets when the swi tch or rou ter conn ecte d to a port is a trus ted device: Switch(config)# interface gigabitethernet0/1 Sw[...]

29-27 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Configuring Auto-QoS Note Y o u shou ld no t configure a ny standard QoS com mands before enteri ng the auto-Qo S com mands. Y ou can fine-t une th e Qo S configura tion, but w e rec ommend tha t you d o so o nly after the a uto-Q oS conf iguration is c[...]

29-28 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Displa ying Aut o-QoS In format ion Displaying Auto-Q oS Information T o display the initial auto-Q oS conf iguration, use the show auto qos [ interfa ce [ interface-id ]] privileged EXEC comm and. T o di splay any user c hanges t o tha t configu ra[...]

29-29 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Default Standard QoS Configuration QoS is disa bled. Ther e is no conce pt of tru sted or untru sted por ts be cause the packet s are not m odified (the CoS, DSCP , and IP preceden ce v alues in the pack et are not changed). T [...]

29-30 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Default Egress Queue Configur ation T ab le 29-9 shows the default egre ss queue con figuration for ea ch qu eue-set when QoS is ena bled. All ports a re map ped to qu eue-se t 1. T he po rt ban dwidt h lim it is se t to 1[...]

29-31 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Default Mapping Table Conf iguration The default CoS-to-DSCP map is sho wn in T able 29- 12 on pa ge 2 9-51 . The default IP-pre cedenc e-to-D SCP map is shown in T able 29-13 on pa ge 29-52 . The de fault DSCP- to-CoS m ap is [...]

29-32 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS • On a po rt configu red f or QoS, a ll t raff ic re ceived through the po rt is class ified, poli ced, a nd ma rked accord ing to the policy map atta ched to t he port. On a trunk port configured for QoS, t raff ic in a[...]

29-33 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS • Enabl ing DS CP T ransparen cy Mo de, page 29-36 • Configuring the DSCP Tr ust Stat e on a Port Bo rder ing Anot her Qo S Domain , pag e 29-37 Configuring the Trust State on Po rts within the QoS Domain Pa ckets en tering[...]

29-34 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in pr iv ilege d EXEC mode, follo w the se steps to conf igure the port to trust t he classif icati on of the traf fic that it recei ves: T o return a port to its untrusted state, use the no mls qos trust inte r[...]

29-35 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Beginn ing in pri vilege d EXEC mode, follo w these steps to def ine the def ault CoS va lue of a port or to assign the def ault CoS to all incoming pack ets on the port: T o return to th e defa ult setting, u se the no mls qos[...]

29-36 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS W ith the t ruste d setti ng, you also c an use t he trusted bounda ry fea ture to prevent misuse o f a high-pr iority qu eue if a user bypasses the tel ephone a nd conne cts the PC di rectly to t he switch. W ithout trust[...]

29-37 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS If D SCP t rans par ency is en able d by u sin g the no mls qos rewrite ip dscp comman d, the swit ch does not modify the DS CP field in th e inco ming p acket, and the DSCP field in the outgoi ng packet is the same a s that in[...]

29-38 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Figur e 29 -12 DSCP -T rust ed Stat e on a P or t Bor der ing Another QoS Dom ain Beginn ing in pr iv ileged EXEC mode, follo w thes e steps to conf igure the DSCP-trusted stat e on a port and modi fy the D SCP-to-D SCP-mu[...]

29-39 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS T o return a port to its non-trusted state , use the no mls qos trust interfa ce conf igurat ion comm and. T o return to the def ault D SCP-to-DSCP-m utation map v alues, use th e no mls qos ma p dscp-mutation dscp -mut ati on-[...]

29-40 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Classifying Traffic by Using ACLs Y ou ca n classif y IP traffic by using IP standard or IP extended A CLs; you can classify no n-IP traffi c by usin g Laye r 2 MA C A CLs. Beginn ing in pri vilege d EXEC mode, follo w th [...]

29-41 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Beginn ing in pri vileg ed EXEC mode, follo w these steps to create an IP exte nded A CL for IP traff ic: T o delete an acc ess list, u se the no access-list access-l ist-number gl obal con f igura tion co mmand . This example [...]

29-42 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mod e, follow these st eps to c reate a L ayer 2 M A C A CL for non-IP t raff ic: T o delete an acc ess list, u se the no mac acce ss-list exte nded access- list-name global con figuration comm[...]

29-43 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Classifying Traffic by Using Class Ma ps Y ou use the class-map global con fig uration command to name and to i solate a spe cifi c traf fic flo w (or class) f rom all oth er traf fic. The class map d ef ines the cr iteria to u[...]

29-44 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g policy map, use the no policy-map poli cy-map- nam e global con figuration comm and. T o delet e an existing cl ass map, use the no cl ass-map [ match-all | match-any ] class-map-na me global conf i[...]

29-45 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Classifying, Policing, and Marking Traff ic on Physical Ports by Using Policy Maps Y ou can confi gure a polic y map on a physical port that spec ifies which traff ic class to act on. Actions can include tru sting the CoS, DSCP[...]

29-46 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Step 3 policy-map policy- map-nam e Creat e a po licy ma p by ente ring the p olicy map name , and e nter pol icy -map co nf igur ation mode . By defau lt, no pol icy maps are de fined. The defa ult behav ior of a polic y [...]

29-47 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS T o delete an existin g policy map, use the no policy-map poli cy-map- nam e global con figuration comm and. T o delet e an existing cl ass map, use the no class class-map-na me policy-map c onfiguration comm and. T o re turn t[...]

29-48 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS This e x ample sho ws ho w to creat e a polic y map and a ttach it to an ingress port. I n the co nf iguratio n, the IP standard A CL perm its tr aff ic from network 10 .1.0.0 . For traffic matching t his cl assification ,[...]

29-49 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Beginn ing in pri vileg ed EXEC mode, follo w th ese step s to create an aggre gate policer: Comma nd Purp ose Step 1 conf igure t erminal Enter glob al configur ation mo de. Step 2 mls qos aggregate-policer aggr e ga te-pol ic[...]

29-50 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS T o r emove the specified a ggregate pol icer from a pol icy map, use th e no police agg reg ate aggr egate-poli cer-nam e policy m ap c onfiguratio n mode . T o de lete a n ag gregate p olice r an d its parame ters, use t[...]

29-51 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Configuring DSCP Maps These sec tions co ntain this co nfiguration info rmat ion: • Conf iguring the CoS-to-DSCP Map, page 29-51 ( opt iona l) • Configuring the IP -Prece dence-t o-DS CP Map, page 29-52 (op tio na l) • Co[...]

29-52 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS T o return to the defau lt map, use the no mls qos cos-dscp global configurati on com mand. This exa mple shows ho w to modify and display the CoS-to-DSCP map: Switch(config)# mls qos map cos-dscp 10 15 20 25 30 35 40 45 S[...]

29-53 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS T o return to the defau lt map, use the no mls qos ip-pr ec-dscp global configurati on comm and. This exam ple sh ows how to modif y an d display the I P-pre cedenc e-to-D SCP map: Switch(config)# mls qos map ip-prec-dscp 10 15[...]

29-54 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS This exam ple sh ows ho w to map DSCP 50 t o 57 to a marked-down DS CP value of 0: Switch(config)# mls qos map policed-dscp 50 51 52 53 54 55 56 57 to 0 Switch(config)# end Switch# show mls qos maps policed-dscp Policed-ds[...]

29-55 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS T o return to the defau lt map, use the no mls qos dscp-cos global c onfiguration com mand. This exam ple sh ows how to map DS CP values 0, 8, 16, 24, 32, 40, 48, and 5 0 to CoS value 0 and t o display th e map: Switch(config)#[...]

29-56 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mo de, foll ow these steps to mod ify the DSCP-t o-DS CP-mutati on map . This proc edure is option al. T o return to the defau lt map, use the no mls qos dscp-mutation dscp-m utati on-na me glo[...]

29-57 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Note In the above DSCP-to- DSCP-m utati on map, t he mutat ed values are shown in the bod y of the matrix. Th e d1 colum n specif ies the most -signific ant digit of the origi nal DSCP; the d2 ro w specif ies the least-signif i[...]

29-58 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS T o re turn to the defau lt CoS input que ue thre shold ma p or the de fault DSCP i nput que ue threshol d map, use the no mls qos sr r -queue input c os-map or the no mls qos srr-queue input dscp-map glob al conf iguratio[...]

29-59 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS In this example, the DS CP values (0 to 6) are assigned the WT D thr eshold of 50 perce nt and will be dropped soone r than the D SCP values (2 0 to 26 ) assi gned to t he WTD thres hold of 70 pe rcent. Allocating Buffer Space [...]

29-60 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Allocating Bandwidth Between the Ingress Que ues Y ou nee d to specify how much of the av a ilable bandwi dth is alloca ted bet ween the i ngress queue s. The ratio of the weights is the ratio of the fr equency in which th[...]

29-61 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Configuring the Ingress Priority Queue Y ou should use the prior ity queue o nly for tr af f ic that nee ds to be e xpedi ted (for exam ple, v oice traf fic , which n eeds minimum d elay and ji tter). The priority qu eue is gua[...]

29-62 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Configuring E gress Queu e Characteristic s Depend ing on the co mplexity of yo ur networ k and your Qo S solution, you mig ht need to pe rform al l of the tasks in the ne xt sections. Y ou will need to make decisio ns abo[...]

29-63 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Beginning i n privileged EXEC mode, follow these steps to configure the me mory al loca tion and to drop thresholds for a queue-se t. This procedure is optional. Comma nd Pu rpos e Step 1 conf igure t erminal Enter globa l conf[...]

29-64 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS T o return to the de fault settin g, use the no mls qos queue- set output qse t-id bu ff e r s global conf igurati on comm and. T o return to the defaul t WTD thre shold percenta ges, use the no mls qos queue-set output qs[...]

29-65 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS T o r eturn to th e defaul t DSCP output queu e thre shold m ap o r the default C oS out put que ue th reshold map, u se the no mls qos srr -queue output dscp-map or th e no mls qo s srr -queue output cos-map global configurat [...]

29-66 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Configuring SRR Sh aped Weights on Egress Queues Y ou ca n specif y how much of t he av ailab le bandwi dth is all ocated to each queu e. The ra tio of the wei ghts is the r atio of fre quency in w hich the SRR schedul er [...]

29-67 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Confi guring Standard QoS Configuring SRR Sh ared Weights on Egress Queues In shar ed mod e, the queues share th e band width am ong th em ac cordi ng to the configured weight s. The bandwidth is gu aranteed at this le vel but n ot limited to it. F or e[...]

29-68 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Configur ing Standar d QoS Configuring the Egress Expedite Que ue Y ou can ensure that ce rtain pack ets ha ve prio rity o ver all oth ers by que uing them in the e gress e xpedite queue. SRR services this queue until i t is empty before servicin g [...]

29-69 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 2 9 Configuring Qo S Displaying Standard QoS Information Beginning i n privileged E XEC mo de, follow these steps to li mit t he band width on a n egress po rt. This procedur e is optional. T o return to the default setting, use the no srr- queue bandwidth limit inter face [...]

29-70 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapt er 29 Conf igur ing Q oS Display ing Standar d QoS Inform ation show mls qos queue-set [ qset-id ] D isplay QoS settings for the egress queues. show policy- map [ polic y-map- name [ clas s class-m ap-name ]] Display QoS po licy maps, w hich define cla ssification cri teria[...]

C HAPTER 30-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 30 Configuring EtherChannels This c hapter d escrib es how to configu re Et herChann els on Laye r 2 por ts on the C atalyst 2 960 sw itch. Ether Channel provides fault-tol erant high-spe ed links between sw itches, ro uter s, and ser vers. Y ou ca n use it t o inc rease th[...]

30-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 0 Config uring E therChan nels Unders tanding Ether Channel s EtherChann el Overview An EtherCh annel c onsists of individual Fast Ethernet or Giga bit Ether net links bundled int o a single logical lin k as shown in Figu re 30 -1 . Figur e 30 -1 T ypical EtherChannel Co[...]

30-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 0 Configuring EtherCh annels Understa nding Et herChann els Port-Chan nel Interfaces When you cre ate a La yer 2 Ethe rChan nel, a por t-c hannel logical i nterfac e is in volved. Y ou ca n crea te the Ethe rChan nel in these w ays: • Use the channel-group interface conf[...]

30-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 0 Config uring E therChan nels Unders tanding Ether Channel s Port Aggreg ation Pro tocol The Port Aggr egation Protocol (P AgP) is a Cisco -propr ietary pr otocol that can be run only on Ci sco switches and on tho se switches lice nsed by vendors to suppo rt P AgP . P A[...]

30-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 0 Configuring EtherCh annels Understa nding Et herChann els PAgP Interaction with Other Features The Dyna mic Trunking Protocol (DT P) and the Ci sco Discovery Protoco l (CDP) send and receive packets over the physica l ports in the Et herChann el. T runk ports send an d r[...]

30-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 0 Config uring E therChan nels Unders tanding Ether Channel s LACP Interaction with O ther Features The DT P and the CD P send a nd receive packets over the physical ports in t he Ether Chann el. Trunk ports send and rece ive LA CP PDUs on the l owest numbered VLA N. In [...]

30-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 0 Configuring EtherCh annels Understa nding Et herChann els W ith source -and-de stinati on MAC address forwardi ng, when packets ar e forward ed to an Ethe rCha nnel, they are distri buted across the por ts in the cha nnel based on bot h the source and destinat ion MAC ad[...]

30-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 0 Config uring E therChan nels Configur ing EtherChann els Figur e 30 -3 Load Distr ibution and F orwa rdin g Methods Configuring Eth erChannels These sec tions co ntain this co nfiguration in format ion: • Default Eth erCha nnel Configurat ion, pa ge 30-9 • Ether Ch[...]

30-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 0 Configuring EtherCh annels Config uring Et herCh annels Default EtherCh annel Con figuratio n T ab le 30-3 shows the default E therCh annel co nfiguration . EtherChann el Configuratio n Guidelin es If imp roper ly con figured, so me E therCha nnel ports are a utomati cal[...]

30-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 0 Config uring E therChan nels Configur ing EtherChann els • Do not configure an EtherC hanne l in bo th the P AgP an d LACP modes. Ether Channel group s running P AgP an d LACP can c oexist on the s ame sw itch. Individual EtherC hannel grou ps can run e ither P AgP [...]

30-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 0 Configuring EtherCh annels Config uring Et herCh annels T o r emove a p ort from t he E therCha nnel gro up, us e the no channel-group interface co nfiguration comm and. Step 3 switchport mode { access | trunk } switchport access vlan vla n-id Assign all ports as static[...]

30-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 0 Config uring E therChan nels Configur ing EtherChann els This example shows how to configure an EtherChann el. It assig ns two ports as static-access ports in VLAN 1 0 to c hannel 5 wi th the P AgP m ode desirable : Switch# configure terminal Switch(config)# interface[...]

30-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 0 Configuring EtherCh annels Config uring Et herCh annels T o return E therChannel load bala ncing to th e defa ult conf igura tion, use the no port-c hannel load-balanc e global con figurati on comm and. Configuring the PAgP Le arn Meth od and Priority Network devices ar[...]

30-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 0 Config uring E therChan nels Configur ing EtherChann els T o return the priority to its def ault setting, us e the no pagp port-priority interf ace c onfigu ration command. T o return th e learning m ethod to its def ault setting, u se the no pagp lear n-method inte r[...]

30-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 0 Configuring EtherCh annels Config uring Et herCh annels Determ ining wh ich p orts ar e act i ve and wh ich ar e hot st andby is a two-ste p proc edure. First th e syst em with a numerically lo wer sy stem priority and system-id is placed in char ge of the decision. Ne [...]

30-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 0 Config uring E therChan nels Displaying Eth erChannel, PA gP, and LACP Status Note If LA CP is not able to aggrega te all the ports tha t are compatible (for e xample, the remote system might ha ve more restric tiv e hardware lim itations), all the ports tha t cannot [...]

30-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 0 Configuring EtherCh annels Displaying EtherC hannel, P AgP, and LACP Status Y ou can clear L A CP c hannel -group i nform ation a nd t raff ic c ounters by using the clear lacp { channel -gr oup-numb er counters | counter s } pri vile ged EXEC com mand. For detailed inf[...]

30-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 3 0 Config uring E therChan nels Displaying Eth erChannel, PA gP, and LACP Status[...]

C HAPTER 31-1 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 31 Troubleshooting This chapter descr ibes how to iden tify and resolve softw are problems relat ed to the Cisco IOS software on the Cataly st 2960 switch. Depe nding on the natu re of t he problem , you c an u se the comma nd-lin e interf ace (CLI ), the d ev ice manager ,[...]

31-2 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Recovering f rom a Softwa re Failure Recovering fro m a Software Failure Switch software c an be c orru pted du ring an upgr ade, by downlo ading th e wr ong file to the swi tch, and by d eleting the im age f ile. In all o f these case s, the switch d o[...]

31-3 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd Step 8 If yo u had set the co nsole po rt sp eed to anything other than 9600, it ha s been reset to th at p articula r speed. Change the emulati on softw are line spe ed to mat ch that of the switch console[...]

31-4 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Recoveri ng from a Los t or Forgotten Password Se ver al lines of information about the softw are appear with instruct ions, informing you if the password recovery proc edure has b een di sabled or n ot. • If you see a messag e that begins wit h this:[...]

31-5 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd Step 5 Rename the conf ig uration file to conf ig.text.ol d. This file cont ains the passwo rd definition. switch: rename flash: config.text flash: config.text.old Step 6 Boot the system: switch: boot Y ou [...]

31-6 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Recoveri ng from a Los t or Forgotten Password Step 14 Reload the switch: Switch# reload Procedure w ith Passw ord Recove ry Disabled If the p assword-recovery mechanism is disabled, this m essage app ears: The password-recovery mechanism has been trigg[...]

31-7 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Recovering from a Command Switch Failure Step 5 At the swit ch prom pt, en ter privileged EXE C mode : Switch> enable Step 6 Enter global co nfiguration mo de: Switch# configure terminal Step 7 Change the password: Switch (config)# enable secret passw[...]

31-8 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Recoveri ng from a Com mand Switc h Failure Y ou can prep are f or a comma nd sw itch fai lure by assignin g an IP addre ss to a me mber sw itch o r an other switch tha t is command- capable , making a note of the comma nd-swi tch password, and ca bling[...]

31-9 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Recovering from a Command Switch Failure Would you like to enter basic management setup? [yes/no]: Step 10 En ter Y at th e f irst p rompt. The prom pts in the se tup pro gram vary dependi ng on the m embe r switch yo u selecte d to be th e comma nd swit[...]

31-10 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Recoveri ng from a Com mand Switc h Failure Step 4 Ente r the pa ssw ord of th e failed command swit ch. Step 5 Use the setup progra m to configur e the switc h IP informa tion. This pr ogram prompt s you for IP addre ss infor mation a nd p asswords. F[...]

31-11 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Recoveri ng from Lost Cluste r Member Con nectivi ty Recovering fro m Lost Cluster Member Connecti vity Some conf ig urations can prev ent the com mand switch from maintai ning contact wi th member switches. If you are una ble to ma intain ma nageme nt [...]

31-12 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Monitorin g SFP Modu le Status Note The security error message r eferences the GBIC_S ECURITY facility . The switch supports SFP modules and doe s not support GBIC modul es. Alt hough the err or me ssage text refers to GB IC int erfaces an d modules, t[...]

31-13 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Using Layer 2 Tr aceroute Executing Ping Beginning in privileged EXEC mode , use this co mman d to ping a nother device on the netwo rk from th e switch: Note Th ough o ther p roto col keywords ar e available w ith th e ping com mand, they ar e not supp[...]

31-14 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Using La yer 2 Tra cerout e Understand ing Layer 2 T raceroute The Lay er 2 tra cerou te feat ure al lows the swit ch to id entif y the physic al pat h that a packet takes fr om a source device to a destin ation device. La yer 2 trace route sup ports o[...]

31-15 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Using IP Traceroute • When multipl e dev ices are at tached to one port t hrough hubs (f or example , multiple CDP neighbors are de tecte d on a port) , the Layer 2 tra cerou te fea ture i s not support ed. Wh en m ore than on e CD P neighb or is dete[...]

31-16 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Using I P Trac eroute T o learn when a datagram reach es its destination, trace route sets the UDP destinati on port number in the datagram to a v ery larg e v alue that the destin ation host is unlikel y to be using. When a host recei ves a datagram d[...]

31-17 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Usin g TDR T o end a trace in progres s, enter the escape seq uence ( Ctrl-^ X by default). Simulta neously pres s and release th e Ctrl , Shif t , and 6 keys and then press t he X key . Using TDR These se ctions conta in this inf ormation: • Understa[...]

31-18 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Using D ebug Command s Using Debug Commands These sec tions explains how you use debug comma nds t o diag nose and r esolve int ernet working problems: • Enab ling De bugging o n a Spe cific Feature , page 31- 18 • Enab ling Al l-System Diag nostic[...]

31-19 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Using the show platf orm forwa rd Command Enabling All-Sy stem Diag nostics Beginn ing in pri vileged EXE C mode, ent er this comman d to enabl e all-system d iagnostics: Switch# debug all Cautio n Because debugging ou tput ta kes priori ty over other n[...]

31-20 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Using the s how platfo rm forward Co mmand This is an example of the out put from the s how p l at for m fo rw a rd comm and on port 1 in VLAN 5 whe n the packe t enteri ng tha t port is addr essed to unknown MAC addresses. T he pac ket should be flood[...]

31-21 Catalyst 2960 Switch Software Configuration Guide 78-16881-01 Chapter 3 1 Troubleshooti ng Usin g th e cr ashi nfo F ile Packet 1 Lookup Key-Used Index-Hit A-Data OutptACL 50_0D020202_0D010101-00_40000014_000A0000 01FFE 03000000 Port Vlan SrcMac DstMac Cos Dscpv Gi0/2 0005 0001.0001.0001 0009.43A8.0145 Using the crashinfo File The crashinfo f[...]

31-22 Catalyst 2960 Swi tch Software Configu ration Guide 78-16881-01 Chapter 31 Trouble shooting Using t he c rashinfo File[...]

A- 1 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 APPEND IX A Supported MIBs This append ix li sts the supp orted manage ment inf orma tion base (MIBs) for this r elea se on the Catalyst 29 60 switch. I t contains th ese sections: • MIB List, pa ge A-1 • Usin g F TP to Acce ss th e M IB Fil es, page A- 3 MIB List • BRIDGE-M[...]

A- 2 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendi x A Supported MI Bs MIB Li st • CISC O- P AGP-MI B • CISCO-PING-MIB • CISCO-PR ODUCTS-MIB • CISCO-PR OCESS-MIB • CISCO-R TTMON-M IB • CISCO- SM I-MIB • CISCO-ST A CKMAKER-MIB • CISCO-STP-EXTENSIONS-MIB • CISCO-SYSLOG-MI B • CISCO- TC-M IB • CISCO-TCP-[...]

A-3 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix A Supported M IBs Using FTP to Access the MIB Files • SNMPv 2-MIB • TCP-M IB • UDP-MIB Note Y ou ca n also use th is URL for a lis t of support ed MIBs for the Catal yst 2960 swit ch: ftp://ftp.cisco.com/pub/mibs/su ppo rtlists/cat2960 /cat2960-su pportlist.htmlY ou[...]

A- 4 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendi x A Supported MI Bs Usin g FTP to Acc es s the MIB Files[...]

B-1 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 APPEND IX B Working with the Cisco IOS File System, Configuration Files, an d Software Images This a ppendix descri bes how to m anipul ate the Cata lyst 2 960 flas h file syst em, how to copy configurati on files, and how to arc hiv e (upl oad a nd download) so ftware i mages t o [...]

B-2 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Work ing wit h the Flas h File Sys tem Displaying Available File Systems T o d isplay the av ailable file system s on your swit ch, use the show file systems pri vile ged EXEC comm and as [...]

B-3 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System Setting the Def ault File System Y ou can specify the fi le syst em or dir ectory th at the sy stem use s as the defau lt f ile syste m by using the [...]

B-4 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Work ing wit h the Flas h File Sys tem Creating and Removi ng Directorie s Beginning i n privileged E XEC mode, follow th ese s teps to c rea te an d remove a d irect ory: T o delete a dir[...]

B-5 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System Some in valid combin ation s of source and de stinatio n exist. Specificall y , you can not copy thes e comb inat ion s: • From a runni ng configur[...]

B-6 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Work ing wit h the Flas h File Sys tem Creating a tar File T o create a tar f ile a nd write f iles into it, use this pri vileged EX EC command: ar chiv e tar /cr eate de stin ati on- url [...]

B-7 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System This e xample shows h ow to display the contents of a switch tar f ile that is in flash memory: Switch# archive tar /table flash:c2960-lanbase-mz.122[...]

B-8 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wit h Configura tion Files Displaying th e Conte nts of a File T o display the contents of any reada ble file, including a f ile on a remote f ile system, use the more [ /ascii | /[...]

B-9 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files • Copying Configuration Fi les By Using RCP , page B-15 • Cle aring Conf igurat ion In forma tio n, pa ge B-18 Guidelines for Creating and Using Co[...]

B-10 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wit h Configura tion Files Creating a Configuration File By Using a T ext Editor When cre ating a configura tion file, you must lis t comman ds logicall y so that the syst em can [...]

B-11 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files • Ensure t hat the co nfig uration f ile to be do wnloaded is in th e correc t director y on the TFTP serv er (usually / tftpboot on a UNIX w orksta[...]

B-12 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wit h Configura tion Files The file is uploade d to the TFT P server . This example shows ho w to upload a configur ation file from a switch to a TFT P server: Switch# copy system[...]

B-13 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Preparing to Download or Uploa d a Configuration File By Using FTP Before yo u begin downloading or uplo ading a co nfiguration file by using FTP , do[...]

B-14 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wit h Configura tion Files This exam ple shows how to copy a c onfiguration file named host1-c onfg from th e neta dmi n1 directory on the remot e server w ith a n IP a ddress of [...]

B-15 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files This exam ple shows how to copy t he running configura tion file na med switch2-conf g to the netadmin1 directo ry on the rem ote ho st wi th an IP ad[...]

B-16 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wit h Configura tion Files • The r emote usern ame asso cia ted wi th the curre nt TTY (te rmina l) pr oces s. For ex ample, if th e u ser is connected to the router through T e[...]

B-17 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Downloading a Configura tion File By Using RCP Beginning in privileged EXEC mode , follow these steps to download a configuration file by using RCP: T[...]

B-18 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working wit h Configura tion Files Uploading a Configuration File By Using RCP Beginn ing in pr iv ileged EXEC mode, f ollo w these steps to upload a c onfigu ration f ile b y using RCP: [...]

B-19 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Clearing the Startup Con figuration File T o c lear the c ontent s of your start up co nfiguration, use the erase n vram: or the erase startup-conf ig pri[...]

B-20 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Softwa re Images • Copying Image Files By Using FTP , page B-24 • Copying Image Files By Using RCP , page B-29 Note For a l ist of sof twar e image s and the suppo rted [...]

B-21 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Copying Imag e Files By Us ing TF TP Y ou can do wnload a switc h image from a T FTP serv er or upload the image from the switch to a TFTP server . Y ou d[...]

B-22 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Softwa re Images Note Y ou must restart the in etd daemon af ter modifyi ng the /etc/in etd.conf an d /etc/services f iles. T o restar t the d aemon, e ither st op the inetd[...]

B-23 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The download a lgorithm verifies t hat t he im age is app rop riate f or t he swi tch m odel a nd tha t enou gh DRAM is prese nt, or it abor ts the proce [...]

B-24 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Softwa re Images Uploading an Image File By Using TFTP Y ou can upl oad an ima ge from the switch to a TFTP server . Y ou can later d o wnload this image to the switch or to[...]

B-25 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images These sec tions co ntain this co nfiguration info rmat ion: • Prepar ing to Do wnload or Upload an Ima ge File B y Using FTP , page B-25 • Do wnloadin[...]

B-26 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Softwa re Images Before yo u begin dow nload ing or uplo ading an image file b y using FTP , do these tasks: • Ensur e that the swit ch has a route to th e FTP serve r . T[...]

B-27 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The download a lgorithm verifies t hat t he im age is app rop riate f or t he swi tch m odel a nd tha t enou gh DRAM is prese nt, or it abor ts the proce [...]

B-28 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Softwa re Images The alg orithm instal ls the downloaded image onto the syste m board fla sh device (flash: ). The im age is placed into a ne w directory na med wit h the so[...]

B-29 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The archi ve upload-sw command b uilds an image f ile on the serv er by upl oading these f iles in order: info, t he Cisco IOS im age, and the we b manage[...]

B-30 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Softwa re Images • The r emote usern ame asso cia ted wi th the curre nt TTY (te rmina l) pr oces s. For ex ample, if th e u ser is connected to the router through T elnet[...]

B-31 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Downloading an Image File By Using RCP Y ou can d o wnload a ne w imag e f ile and replac e or k eep the curr ent ima ge. Beginning in privileged EXEC m o[...]

B-32 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Softwa re Images The do wnload algori thm veri fies that th e image is appropriate for the switch model and that enough DRAM is prese nt, or it abor ts the proce ss and repo[...]

B-33 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Beginn ing in pri vilege d EXEC mode, follo w th ese steps to upload an imag e to an RCP server: The a rc hive upload- sw pri vile ged EXEC c ommand bu il[...]

B-34 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix B W orking with the Cisco IOS File System, Co nfiguration Files, and Software Images Working w ith Softwa re Images[...]

C-1 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 APPEND IX C Recommendations for Upgrading a Catalyst 2950 Switch to a Catalyst 29 60 Switch This app endix describes th e confi guration co mpatibility i ssues and the f eature beha v ior dif f erences tha t you mi ght enc ounter w hen you u pgrade a Ca talyst 2950 s witch to a Cat[...]

C-2 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix C Recommendatio ns for Upgradi ng a Catalyst 2950 S witch to a Catalyst 2960 Switch Configura tion Compat ibility Issues T able C-1 Catalyst 2950 and 296 0 Switc h Configur ation Incompatib ilities Feature Cataly st 2950 Switch Command and E xplanatio n Result on the Cata [...]

C-3 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix C Recommendati ons for Upgrad ing a Catalyst 2950 Switch to a Catal yst 2960 Switc h Configuration Compatibility Issues IEEE 802.1x In Ci sco IOS 12.1E A, the Cat alyst 2950 swit ch ranges for t he IEE E 80 2.1x ser ver-timeout, supp-t imeout, and tx-pe riod are 1 to 6553[...]

C-4 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix C Recommendatio ns for Upgradi ng a Catalyst 2950 S witch to a Catalyst 2960 Switch Configura tion Compat ibility Issues QoS 2 There i s limite d QoS conf igura tion compa tibility between the Cataly st 2950 switch and the Ca talyst 2960 switch. W e recommend that you enab[...]

C-5 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix C Recommendati ons for Upgrad ing a Catalyst 2950 Switch to a Catal yst 2960 Switc h Feature Behavior Incompatibilities Feature Behavior In compatibilities Some fe ature s behave differently on the Ca talyst 2950 an d Cat alyst 2 960 sw itches, a nd som e fea tures are no[...]

C-6 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix C Recommendatio ns for Upgradi ng a Catalyst 2950 S witch to a Catalyst 2960 Switch Feature B ehavi or Incom patibil ities • QoS The Cat alyst 2 960 swi tch uses different port ha rdware t han the C atalyst 2950 switch, an d mor e QoS featu res are o ffered on t he Cat a[...]

D- 1 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 APPEND IX D Unsupported Co mmands in Cisco IOS Release 1 2.2(25) FX This app endix lists som e of the command-li ne interfa ce (CLI) c ommands th at appear when you enter the question mark (?) at th e Catalyst 2960 switch prompt but are not supported in this relea se, either be ca[...]

D- 2 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix D Unsuppo rted Co mmands in Cisco IOS Release 12.2( 25)FX IGMP Snooping Commands IGMP Snooping Comman ds Unsupporte d Global Con figuratio n Commands ip igmp snoo ping tcn Interface Command s Unsupporte d Privileged E XEC Commands show in terfac es [ interface-id | vlan v[...]

D-3 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix D Unsu pported Com mands in Cisco IO S Release 1 2.2(25) FX Miscell aneous Note Use the show ip igmp snoo ping groups privile ged EXE C command to display Laye r 2 multicast addr ess-tab le entrie s for a VLAN. Unsupporte d Global Con figuratio n Commands mac-ad dres s-ta[...]

D- 4 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix D Unsuppo rted Co mmands in Cisco IOS Release 12.2( 25)FX RADIUS Unsupporte d Interface Configuration Commands priority-gr oup RADIUS Unsupporte d Global Con figuratio n Commands aaa nas port extended radius-serv er attrib ute nas-port radius-serv er conf igur e radius-se[...]

D-5 Catalyst 2960 Switch Softwar e Configur ation Guide 78-16881-01 Append ix D Unsu pported Com mands in Cisco IO S Release 1 2.2(25) FX VTP Unsupported v lan-config Command private-vlan Unsupported Us er EXEC C ommands show running-conf ig vlan show vlan if index show vlan private-vlan VTP Unsupporte d Privileged E XEC Co mmands vtp { password pa[...]

D- 6 Catalyst 2960 Swit ch Software Configu ration Guide 78-16881-01 Appendix D Unsuppo rted Co mmands in Cisco IOS Release 12.2( 25)FX VTP[...]

IN-1 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 INDEX A abbrev iati ng comm ands 2-4 acces s-class comman d 28-16 acces s control entries See ACEs access-de nied r espons e, VM PS 12-24 access group s, appl ying IPv4 AC Ls to interf aces 28-17 access lists See ACLs access port s, define d 10-2 accoun ting with 80 2.1x 9-21 with[...]

Index IN-2 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 ACLs ( continue d) standa rd IPv4 crea ting 28-7 matc hing cri teria 28-5 support fo r 1-6 support in h ardware 28-17 time ranges 28-14 unsupport ed fea tures, IPv4 28-5 active link s 18-1 address aliasing 20-2 addresses displaying the MA C addre ss table 6-25 dynam ic accel[...]

Inde x IN-3 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 autoc onfigura tion 3-3 automatic QoS See QoS auto -MDIX config uring 10-15 describe d 10-15 autonegotiati on duplex mo de 1-3 interfa ce confi gurat ion guidel ines 10-11 misma tches 31-11 autose nsing, p ort spe ed 1-3 auxili ary VLAN See voi ce VLAN availabili ty, featur[...]

Index IN-4 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 CA trust point config uring 8-40 defined 8-38 caution , descr ibed xxviii CDP and truste d bounda ry 29-36 config uring 22-2 default confi guration 22-2 describe d 22-1 disabling for r outing de vice 22-3 to 22-4 ena bling and di sabl ing on an interface 22-4 on a switch 22-[...]

Inde x IN-5 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 comm and-l ine i nte rfac e See CLI comm and m odes 2-1 comm ands abbrev iating 2-4 no and defaul t 2-4 commands, sett ing privile ge levels 8-8 comm and sw itc h config urati on confl icts 31-11 defined 5-2 password privilege levels 5-4 recove ry from comm and-sw itc h fai[...]

Index IN-6 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 CoS in Layer 2 frames 29-2 override prior ity 14-6 trust pr iority 14-6 CoS input queue threshold map for QoS 29-14 CoS outp ut queu e t hreshol d map f or Q oS 29-17 CoS-to-DSCP map for QoS 29-51 counte rs, c lea ring i nte rface 10-19 cras hinfo file 31-21 crypto graph ic [...]

Inde x IN-7 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 device disco very prot ocol 22-1 device ma nager benefit s 1-2 describe d 1-2, 1-3 in- band ma nage ment 1-4 requir ements xxvii i upgradi ng a sw itch B-19 DHCP enab lin g relay ag ent 19-8 DHCP-b ased autoc onfig urati on client re quest m essage ex change 3-4 config urin[...]

Index IN-8 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 DHCP sno oping b inding datab ase (cont inued) delay va lue 19-11 timeout value 19-11 DHCP sno oping b inding tabl e See DHCP snooping binding da tabase Differ entiated Se rvices a rchitectur e, QoS 29-2 Differen tiated Serv ices Code Poin t 29-2 direct ed uni cast req uests[...]

Inde x IN-9 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 E editing featu res ena bling and di sabl ing 2-7 keystro kes us ed 2-7 wrapped l ines 2-8 enab le pass word 8-3 enable secret password 8-3 encrypt ion, Ci pherSuite 8-39 encrypt ion f or pa ssword s 8-3 enviro nment va riabl es, functi on of 3-15 error me ssages dur ing co[...]

Index IN- 10 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 F features, in compatible 21-11 fiber- optic, de tecting u nidirec tional li nks 24-1 files copying B- 4 cras hinfo descript ion 31-21 displaying t he contents of 31-21 location 31-21 deleting B-5 displaying t he contents of B-8 tar crea ting B-6 displaying t he contents o[...]

Inde x IN- 11 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 H hello time MSTP 16-19 STP 15-20 help, for the command line 2-3 history chan ging t he b uffer siz e 2-5 describe d 2-5 disabling 2-6 recal ling co mman ds 2-6 history t able, level and numbe r of sy slog me ssages 26-9 hosts, limit on dynami c ports 12-29 HP OpenView 1-[...]

Index IN- 12 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 IGMP (c onti nued ) queries 20-3 report su ppression describe d 20-5 disabling 20-14 supported ve rsions 20-2 support fo r 1-3 IGMP f ilte ring config uring 20-23 default confi guration 20-23 describe d 20-22 monitori ng 20-27 support fo r 1-3 IGMP gr oups configurin g fil[...]

Inde x IN- 13 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 interfac es (continue d) restar ting 10-19 shutting down 10-19 speed a nd du plex , co nfiguri ng 10-13 status 10-18 supported 10-4 types of 10-1 interf aces rang e macro co mmand 10-7 interfac e types 10-5 Intrusion De tection System See IDS appliances IP ACLs for QoS cl[...]

Index IN- 14 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 Link A ggrega tion C ontrol Pro tocol See E ther Chann el link re dundan cy See F lex Links links, unidirec tional 24-1 local SPAN 23-2 login a uthenticati on with RADIUS 8-23 wit h TACA CS+ 8-14 login banne rs 6-17 log message s See system me ssage loggin g Long-Re ach Et[...]

Inde x IN- 15 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 maximu m hop count , MSTP 16-21 member ship mod e, VLAN por t 12-3 member swit ch defined 5-2 managing 5-3 recove ring fr om l ost co nnec tivity 31-11 requir ements 5-3 See also cand idate switc h, cluster standby grou p, and standby comma nd switc h messages, to u sers [...]

Index IN- 16 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 MSTP (c ontinued) exten ded sy stem ID effec ts on ro ot swit ch 16-14 effec ts on se conda ry root swit ch 16-15 unexpec ted b ehavio r 16-14 instances supported 15-9 interface stat e, blocking t o forward ing 17-2 interoper ability and compat ibility among modes 15-10 in[...]

Inde x IN- 17 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Network Assistant benefit s 1-2 describe d 1-3 dow nloa ding ima ge f iles 1-2 gui de m ode 1-2 manageme nt options 1-2 requir ements xxvii i upgradi ng a sw itch B-19 wizard s 1-2 network c onfigura tion ex ample s increasing netw ork per formanc e 1-11 long-di stanc e, [...]

Index IN- 18 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 password s (conti nued) recove ry of 31-3 setting enab le 8-3 enab le sec ret 8-3 Telne t 8-6 with user names 8-7 VTP domain 13-8 path cost MSTP 16-17 STP 15-17 perform ance, netw ork design 1-11 perform ance f eatur es 1-3 persistent self -signed certif icate 8-38 per-V L[...]

Inde x IN- 19 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 port-base d auth enticati on ( continue d) ports author izatio n state and dot 1x port -cont rol comm and 9-4 autho rized an d unautho rized 9-4 voice VL AN 9-8 port security and voic e VLAN 9-8 describe d 9-7 interactio ns 9-7 multiple-hosts mod e 9-7 resetting to defau [...]

Index IN- 20 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 privileg e levels (continued ) logging i nto 8-10 mapping on me mber switc hes 5-4 overvi ew 8-2, 8-8 setting a command with 8-8 pr otect ed p orts 1-6, 21-5 prun ing, VT P disabling in VTP domain 13-14 on a port 12-19 enab lin g in VTP domain 13-14 on a port 12-19 exam pl[...]

Inde x IN- 21 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 QoS (conti nued) config uring (cont inued) policy m aps on physica l port s 29-45 port trust states with in the domain 29-33 trusted bou ndary 29-35 default auto configuration 29-19 default standard conf igurati on 29-29 displaying stat istics 29-69 DSCP tra nsp aren cy 2[...]

Index IN- 22 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 QoS (conti nued) queues (cont inued) high pr iority (expedi te) 29-18, 29-68 location of 29-11 SRR, descri bed 29-12 WTD , des cribe d 29-12 rewrites 29-18 support fo r 1-7 trust sta tes bordering anothe r do main 29-37 describe d 29-5 trusted de vice 29-35 within the dom [...]

Inde x IN- 23 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Remote Authent ication Dial -In User Service See RADIUS Remote C opy Pro toco l See RCP Remote Networ k Monitoring See RMON Remote SPAN See RSPAN remote SPAN 23-2 report su ppressi on, IG MP describe d 20-5 disabling 20-14 requir ements clu ster xxix device ma nager xxvii[...]

Index IN- 24 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 RSTP (contin ued) designated switch , define d 16-6 interoper ability with IEEE 802.1D describe d 16-5 restar ting migr ation pr ocess 16-22 topolo gy chan ges 16-10 overvi ew 16-6 port roles describe d 16-6 synchroniz ed 16-8 proposal -agree ment handsh ake pr ocess 16-7 [...]

Inde x IN- 25 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 Sim ple Netw ork Ma nage ment Protoc ol See SNMP Smartports macros applying Cisco- defaul t macros 11-6 applyi ng glo bal pa ramet er valu es 11-5, 11-6 applyi ng m acros 11-5 applyi ng para mete r va lues 11-5, 11-7 config urati on guideli nes 11-3 crea ting 11-4 default[...]

Index IN- 26 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 source- IP addre ss based forw arding , Ethe rChanne l 30-7 source- MAC addre ss forw arding, EtherCh annel 30-6 SPAN config urati on guideli nes 23-10 default confi guration 23-9 destinati on po rts 23-6 displaying sta tus 23-23 interact ion w ith othe r fea tures 23-8 mo[...]

Inde x IN- 27 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 statistics (cont inued) RMON group hist ory 25-5 SNMP input an d output 27-16 VTP 13-16 sticky l earning 21-8 storm contr ol config uring 21-3 describe d 21-1 disabling 21-5 displaying 21-16 support fo r 1-3 thr esh olds 21-1 STP acceler ating root port sele ction 17-4 Ba[...]

Index IN- 28 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 STP (continued) loop gu ard describe d 17-9 enab lin g 17-15 modes sup ported 15-9 multi cast addre sses , effec t of 15-8 option al featur es suppor ted 1-5 overvi ew 15-2 path costs 12-22, 12-23 Port Fast describe d 17-2 enab lin g 17-10 port prioritie s 12-21 preven tin[...]

Inde x IN- 29 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 system messa ge logging (c ontinued ) UNIX sysl og se rver s configur ing the daemon 26-11 configurin g the logging facility 26-11 facilities su pported 26-12 system name default confi guration 6-15 default setting 6-15 manua l conf igur ation 6-15 See also DN S system pr[...]

Index IN- 30 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 tracer oute, Lay er 2 and AR P 31-14 and CD P 31-14 broa dcas t tra ffic 31-14 describe d 31-14 IP addresse s and sub nets 31-14 MAC addresses and VLANs 31-14 multicas t traffic 31-14 mul tiple devi ces on a por t 31-15 unicast traf fic 31-14 usage gu ideline s 31-14 trace[...]

Inde x IN- 31 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 UDLD ( continue d) echoi ng detect ion mech anism 24-3 enab lin g globall y 24-5 per inter face 24-5 link- detect ion mech anism 24-1 neighbor da tabase 24-2 overvi ew 24-1 resettin g an interface 24-6 status, displaying 24-6 support fo r 1-5 unautho rized port s with IEE[...]

Index IN- 32 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 vlan d ataba se comm and 12-6 VLAN filter ing and SPAN 23-6 vlan g lobal c onfigur ation comm and 12-6 VLAN ID, disc overing 6-26 VLAN mana geme nt dom ain 13-2 VLAN M anagem ent Polic y Ser ver See VMPS VLAN memb ership confir ming 12-27 modes 12-3 VLAN Quer y Protocol Se[...]

Inde x IN- 33 Catalyst 2960 Switch S oftware Configur ation Guide 78-16881-01 voice V LAN (co ntinued) default confi guration 14-3 describe d 14-1 displaying 14-6 IP phone data tra ffic, descri bed 14-2 IP phone voice traf fic, d escrib ed 14-2 VQP 1-6, 12-23 VTP adding a cl ient to a d omain 13-14 advertisements 12- 16, 13-3 and exte nded -rang e [...]

Index IN- 34 Catalyst 2960 Switch Softwa re Co nfiguration Guide 78-16881-01 WTD describe d 29-12 setting thresholds egress queue -sets 29-62 ingress qu eues 29-57 support fo r 1-7, 1-8 X Xmodem prot ocol 31-2[...]