Cisco Systems 2950 Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Cisco Systems 2950 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Cisco Systems 2950, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Cisco Systems 2950 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Cisco Systems 2950. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung Cisco Systems 2950 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Cisco Systems 2950
- Den Namen des Produzenten und das Produktionsjahr des Geräts Cisco Systems 2950
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Cisco Systems 2950
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Cisco Systems 2950 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Cisco Systems 2950 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Cisco Systems finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Cisco Systems 2950 zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Cisco Systems 2950, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Cisco Systems 2950 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    Corporate He adquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 Catal yst 2950 Desktop S witc h Sof tware Configuration Guide Cisco IOS Release 12.1(1 1)EA1 August 20 02 Custome r Order Numb er: DO C-78113 80= Text Pa rt Nu mber: 78-[...]

  • Seite 2

    THE SPECIFICATIONS AND INFORMATION REG ARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOU T NOTICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TAKE FULL RESPON SIBILITY FOR THEIR AP PLICATION OF ANY PRO[...]

  • Seite 3

    iii Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 CONTENTS Preface xx iii Audienc e xxiii Pur pose xx iii Organi zation xx iv Conv enti ons xxvi Rela te d Publi cation s xxvi i Obtain ing Docu mentati on xxvi i World Wide Web xxvii Document ation C D-ROM xxv iii Orderi ng Documenta tion xxviii Docu m en ta t ion Fe ed bac [...]

  • Seite 4

    Cont ent s iv Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 CHAPTER 2 Using t he Command -Line I nterface 2-1 IOS Command Mode s 2-1 Gettin g Help 2-3 Abbrevi ating Comma nds 2-3 Using no an d defau lt Forms of Commands 2-4 Underst anding CL I Message s 2-4 Using Comma nd History 2-5 Changin g the Comma nd Hi story Buf fer[...]

  • Seite 5

    Content s v Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Topolo gy View Po pup Menus 3-21 Link Popu p Me nu 3-21 Device Po pup Menus 3-22 Inter action Mode s 3-23 Guide Mo de 3-2 4 Exper t Mod e 3-24 Wizards 3-24 Tool Ti ps 3-25 Online Help 3-25 CMS Window Compon ents 3-26 Host Na me List 3-26 Tabs, Li sts, and Tables 3-2[...]

  • Seite 6

    Cont ent s vi Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Manua lly As sign ing IP Infor matio n 4-10 Checki ng and Sav in g the Runn i ng Configu ration 4-10 CHAPTER 5 Configur ing IE2 100 CNS Agents 5-1 Underst anding I E2100 Series Config uratio n Registr ar Softwar e 5-1 CNS C onfigur ation Service 5-2 CNS E vent Se [...]

  • Seite 7

    Content s vii Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 HSRP and Sta ndby Comman d Swi tches 6-13 Virtua l IP Addr es s es 6-14 Other Consider ations for Clust er Stan dby Grou ps 6-14 Automa tic Recov ery of Clu ster Co nfigura tion 6-16 IP Ad dres ses 6-16 Host Na mes 6-17 Passw or ds 6-17 SNMP Communi ty Str ings 6-[...]

  • Seite 8

    Cont ent s viii Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Config urin g TACAC S+ 7-11 Defaul t TACACS+ Co nfi gurati on 7-12 Identi fying t he TACACS+ Server Host and Sett in g the Aut hentica tion Key 7-1 2 Config urin g TACAC S+ Logi n Authenti cation 7-13 Config urin g TACAC S+ Autho rizati on for Privi leged EXE C [...]

  • Seite 9

    Content s ix Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Config urin g a Sys tem Name and Prompt 7-46 Defaul t Syste m Name and Prompt Co nfig ura tion 7-46 Config urin g a Sys tem Name 7-46 Config urin g a System Promp t 7-47 Underst anding DNS 7-47 Defau lt D NS C onfig urat ion 7-4 8 Setti ng Up DNS 7-4 8 Displa ying [...]

  • Seite 10

    Cont ent s x Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Settin g t he S witch -to -Cli ent Fr ame -Re trans mis sion Num ber 8-13 Enab ling Mul tip le Host s 8-13 Resett ing th e 802 .1X Conf igurat ion to the Defaul t Values 8-14 Displa ying 802. 1X Stat is tics and Status 8-14 CHAPTER 9 Configur ing I nterfac e Charac[...]

  • Seite 11

    Content s xi Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Spannin g-Tr ee Interf ace State s 10-5 Blocki ng Stat e 10-7 List ening Sta te 10-7 Learni ng Stat e 10-7 Forw ardi ng S tat e 10-7 Disabl ed State 10-8 Spannin g-Tr ee Add ress Man age ment 10-8 STP and IE EE 802. 1Q Tr unks 10-8 Spannin g Tree an d Redundan t Co[...]

  • Seite 12

    Cont ent s xii Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Hop Count 11-10 Boundar y Ports 11-10 Intero per abili ty wi th 8 02.1D ST P 11-11 Config urin g RSTP and MSTP Fea tures 11-11 Defaul t RSTP and MSTP Con figurat ion 11-12 RSTP and MSTP Co nfig uration Guideli nes 11-1 2 Specif ying the MST Re gion Conf igura ti [...]

  • Seite 13

    Content s xiii Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Enabli ng Uplink Fast f or Use with Re dundan t Li nks 12-17 Enabli ng C ross-St ack Up linkFa st 12 -18 Enabli ng B ackbon eFast 12-19 Enab ling R oot G uard 12-19 Enab ling L oop G uard 12-20 Displa ying the Sp anning- Tree St at us 12-21 CHAPTER 13 Configur in[...]

  • Seite 14

    Cont ent s xiv Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Load S harin g Using STP 13-21 Load S harin g Using STP Port Prior ities 13-21 Load S harin g Using STP Path Co st 13-23 Config urin g VMPS 13-2 4 Underst anding VMPS 13-25 Dynamic Po rt VLAN Members hi p 13-25 VMPS Da t ab a se Co nf ig urat ion Fi le 13-2 6 Def[...]

  • Seite 15

    Content s xv Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Disabl ing VTP (VT P Trans par ent Mode ) 14-12 Enabli ng V TP Versi on 2 14-13 Enabli ng V TP Pruni ng 14-14 Adding a VT P Client Swi tch to a VTP Do main 14-15 Moni tori ng V TP 14-16 CHAPTER 15 Configur ing V oice VLAN 15-1 Underst anding Voi ce VLAN 15-1 Config[...]

  • Seite 16

    Cont ent s xvi Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Displa ying MVR Inf ormation 16-18 Config urin g IGMP Fil te ring 16-19 Defaul t IGMP Fil terin g Confi g ur ation 16-19 Config urin g IGMP Profi le s 16-20 Applyi ng IGMP Profi les 16 -21 Setti ng the Maximum Numb er of IGMP Grou ps 16-22 Displa ying IGMP Fi lte[...]

  • Seite 17

    Content s xvii Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 CHAPTER 19 Configur ing C DP 19-1 Underst anding CDP 19-1 Config urin g CDP 19-2 Defaul t CDP Conf ig urati on 19-2 Config urin g the CDP Chara cter is tics 19-2 Disabl ing and Ena bling CDP 19-3 Disabl ing and Ena blin g CDP on an Inte rface 19-4 Monit orin g an[...]

  • Seite 18

    Cont ent s xviii Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 CHAPTER 21 Configur ing R MON 21-1 Underst anding RMON 21-1 Config urin g RMON 21-2 Defaul t RMON Configur ation 21-3 Config uring RMON A la rms and Event s 21-3 Config urin g RMON Col lectio n on an Inter face 21-5 Displa ying RMON Stat us 21-6 CHAPTER 22 Conf[...]

  • Seite 19

    Content s xix Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Config urin g SNMP Groups and Us ers 23-8 Config urin g SNMP Notif icati ons 23-1 0 Setti ng the Age n t Contact and Locati on Infor matio n 23-13 Limit ing TFTP Se rve rs Us ed T hro ugh S NMP 23-13 SNM P Ex a m pl es 23-14 Displa ying SNMP Stat us 23 -15 CHAPTER[...]

  • Seite 20

    Cont ent s xx Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 CHAPTER 25 Configur ing Q oS 25-1 Underst anding QoS 25-2 Basic QoS Model 25-3 Classi ficati on 25-4 Classi ficati on Base d on Qo S ACLs 25-5 Classi ficati on Base d on Class Maps and Policy Maps 25-6 Polici ng a nd Mark ing 25-6 Mapping Ta bles 25-7 Queuein g an[...]

  • Seite 21

    Content s xxi Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 CHAPTER 26 Configur ing E therChannel s 26-1 Underst anding Et herCh ann els 26-1 Underst andi ng Po rt-Ch annel In terface s 26-2 Underst anding th e Port Aggregati on Protoc ol 26-3 PAgP Modes 26-4 Physic al L earners and Aggregat e-Po rt Lear ners 26-5 PAgP Int[...]

  • Seite 22

    Cont ent s xxii Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05[...]

  • Seite 23

    xxiii Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Preface Audience The Cataly st 2 950 Desktop Sw itch Sof tware Configuration Gui de is for t he n etwor k ma na ger responsible for conf igur ing the Catalyst 2950 switches, hereaf ter referred to as the switches . Befo re using this guide, y ou should be familia r with t[...]

  • Seite 24

    xxiv Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Preface Organizati on • Cluster Ma nageme nt Suite (CM S) info rmation — This guide provides an overview of the CMS web-base d, switc h ma nage ment inter face. For i nf ormat ion abou t CMS r equi reme nts an d the procedu res fo r browser and plug -in con figuration [...]

  • Seite 25

    xxv Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Pre face Organization Chapter 7, “ Administeri ng the Switc h, ” describes how to perform one-time operati ons to administ er your switch. It desc ribes how to pre vent unauthori zed access to you r switch throu gh the use of password s, pri vileg e le v els, the T ermi[...]

  • Seite 26

    xxvi Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Preface Conv ent ions Chapter 22, “ Conf i gurin g Syst em Mes sage Lo gging, ” describes how to configure system me ssage logging. It descri bes the messag e forma t and how to change the messa ge display destinat ion device, limit the typ e of me ssage s sent, c onfi[...]

  • Seite 27

    xxvii Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Pre face Related Publ icati ons Ti p Means the followin g will help yo u solve a pr oblem . The tips informat ion might not be trouble shootin g or even an ac tio n, but cou ld be use ful info rma ti on. Related Publications These do cuments p rovid e comple te informati [...]

  • Seite 28

    xxvii i Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Preface Obtain in g Technical Assis ta nce Documenta tion C D-ROM Cisco documentati on and additio nal literature are a v ailable in a Cisco Documentation CD-R OM packag e, w hich is shi pped with you r prod uct. T he Docu menta tion CD-ROM is up dated m onthl y and may[...]

  • Seite 29

    xxix Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 Pre face Ob taining Technical Assistance Cisco.com Cisco.com is t he foundation of a suite of inter acti ve, network ed services that prov ides immediate, open access to Cisco information, networkin g solut ions, serv ices , progr am s, and re sour ces at any time , from a[...]

  • Seite 30

    xxx Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Preface Obtain in g Technical Assis ta nce If you are a Ci sco. com registered use r, and you cannot resol ve your tech nica l issu es by using the C isco T AC W eb Site, you can open a ca se online by using the T AC Case Op en tool at t his URL: http://www .cisco.com/tac /[...]

  • Seite 31

    C HAPTER 1-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 1 Overview This chapter pro vides these topics ab out the Catalyst 2950 switch software: • Feat ures , page 1- 1 • Managem ent Options, page 1-5 • Network Configu ratio n Exa mp les, pa ge 1-7 • Where to Go Next, page 1-17 Features The Cat alyst 2950 sof tw[...]

  • Seite 32

    1-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Ch ap ter 1 Ov er vi ew Feature s Per for ma nce • Autosensing of spee d on the 10/ 100 and 1 0/100 / 1000 ports a nd auto negotiation o f du plex mode o n the 10 /100 port s f or op tim izing ba ndwid th • IEEE 8 02. 3X f low contr ol o n G iga bit E th erne t po rts o[...]

  • Seite 33

    1-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 1 Overview Features • In-band man agement access throug h up to 16 simultaneous T elnet connec tions for multiple comman d-l ine in terfa ce ( CL I)-ba sed se ssion s over the ne twork • In-band manage ment ac cess throu gh Simpl e Network Manage ment Prot ocol [...]

  • Seite 34

    1-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Ch ap ter 1 Ov er vi ew Feature s • The swit ch supp orts up t o 4094 VLA N IDs to all o w se rvice pro v ider netw orks t o suppor t the numb er of VLANs allo wed by th e IEEE 802.1Q st andard (a v ailable only with the EI ) • IEEE 80 2.1Q t runking proto col on all po[...]

  • Seite 35

    1-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 1 Overview Manageme nt Options • Policing – T raffic-policing p oli cies o n the switc h por t for a ll ocati ng t he a m ount of t he p ort ba ndwi dth to a speci fic tr af fic f lo w – Policing traf f ic flo ws to restric t specific applications or traf fic [...]

  • Seite 36

    1-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Ch ap ter 1 Ov er vi ew Managem e nt Optio ns Manageme nt Interface Optio ns Y o u can co nfigure and monit or individual swit ches and switc h clusters by using these interfac es: • CMS — CMS is a gra ph ical user int erfac e t hat can be laun ch ed fr om a nywhere in [...]

  • Seite 37

    1-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 1 Overview Network Configuration Examples • Apply a ctions from CMS to multipl e ports an d multiple switches at the same time to a v oid re-ente ring the same comma nds for eac h individual port or switch. Here are some examp les of globall y setting and ma nagin[...]

  • Seite 38

    1-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Bandwidt h alone is not the only c onsiderat ion when d esigning you r network. As you r network t raff ic profiles ev o lve, consid er providing network servic es tha t can supp ort ap plica tions suc h as voice an[...]

  • Seite 39

    1-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 1 Overview Network Configuration Examples Y o u can cr eate bac kup paths by using Fast Ethernet , Gigab it, Fast EtherCha nnel, or Gigabit EtherCha nnel li nks. Usi ng G igabit m odules on t wo of the sw i tches, yo u can have redunda nt uplink connec tio ns to a G[...]

  • Seite 40

    1-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Figur e 1 -1 Example Configur ations Small to Medium-Sized Network Configuration Figure 1-2 sh ows a con figurat ion for a n etwork th at has u p to 25 0 u ser s. User s in t his n etwor k re quir e e-mail, f ile- [...]

  • Seite 41

    1-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 1 Overview Network Configuration Examples A network backbone i s a high-ba ndwidth co nnectio n (such as Fast Ethe rnet or G igabit Ethe rnet) tha t interc onnects segm ents and netw ork resour ces. It is re qu i re d i f n um e r ou s s eg me nt s re qu i re ac ce[...]

  • Seite 42

    1-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Collaps ed Backbo ne an d Switch Clu ster Configuratio n Figure 1-3 sh ows a con figura tion for a n etwor k of appro xi mat ely 50 0 em pl oyees. Th is ne twor k u ses a collapse d back bone an d switch clust ers.[...]

  • Seite 43

    1-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 1 Overview Network Configuration Examples Figur e 1 -3 Collapsed Back bone and Switc h Clust er Conf iguration Large C ampus C onfiguration Figure 1-4 shows a c on f i gur atio n fo r a n etw ork of m ore th an 1 0 00 users. Be ca us e it ca n aggr eg ate up to 130[...]

  • Seite 44

    1-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Figur e 1 -4 Larg e Campus Confi gura tion Multidwelling Network Usi ng Catalyst 2950 Switches A growing segmen t of residen tial a nd co mmer cial cu stome rs ar e requir ing h igh-spe ed acc ess t o Ether net met[...]

  • Seite 45

    1-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 1 Overview Network Configuration Examples All ports on the resident ial Catalyst 2950 switches (a nd Catalyst 2912-LRE XL or 2924-LR E XL switche s if th ey ar e incl u ded) ar e configur ed a s 8 02. 1Q t r unks w it h p rote cted por t and STP ro ot g uard featu [...]

  • Seite 46

    1-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Long-Distan ce, High-Ba ndwidth T ransport C onfiguration Note T o u se the fea ture de scr ibed in thi s se ctio n, yo u m ust have the E I i nstall ed on you r s witc h. Figure 1-6 sh ows a conf iguration for tra[...]

  • Seite 47

    1-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 1 Overview Where t o Go Next Where to Go Next Before conf iguring the switch, re view th ese section s for start up inform ation: • Chapter 2, “ Usin g the Comma nd-Line Interfac e ” • Chapter 3, “ Getting Star ted with CMS ” • Chapter 4, “ Assignin[...]

  • Seite 48

    1-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Ch ap ter 1 Ov er vi ew Where to Go Nex t[...]

  • Seite 49

    C HAPTER 2-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 2 Using the Command-Line Interface This c ha pter d escri bes th e IO S comm an d-l ine int erfa ce ( CLI ) th at you c a n u se to con figure your switch es. I t conta ins th ese sec tions: • IOS Comma nd Modes, pa ge 2-1 • Getting He lp, pa ge 2-3 • Abbrevi[...]

  • Seite 50

    2-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce IOS Command Modes T able 2-1 Command Mo de Summary Mode Acces s Met hod Prom pt Exit Met hod About Th is Mode User EXE C Be gin a session with your sw itch . Switch> Enter logout or quit . Use this mo de to • Change[...]

  • Seite 51

    2-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 Using the Comm a nd-Line In terface Getting Help Getting Help Y ou can enter a qu es t i on ma rk (? ) at th e s y s tem pr om p t to d is p lay a lis t of co mm an d s a v ailab l e f or eac h comma nd mode . Y ou can als o obtain a list of asso ciated ke ywo rds[...]

  • Seite 52

    2-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Using no and default Forms of Comman ds Using no and defa ult Forms of Comman ds Almos t e v ery co nf iguration comma nd also has a no form. In ge neral, us e the no form to di sable a feature or fun ctio n or reverse t[...]

  • Seite 53

    2-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 Using the Comm a nd-Line In terface Using Com mand History Using Command History The IOS provid es a history or re cord of com mands tha t you have entered. This fe ature is pa rticularl y useful for re callin g long or compl ex commands or entri es, incl uding ac[...]

  • Seite 54

    2-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Using E diting Feature s Disabling the Comma nd History Fe ature The c ommand histor y feat ure is automatic ally enabled. T o disable the feature du ring the cu rrent ter minal sessi on, enter the terminal no history pr[...]

  • Seite 55

    2-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 Using the Comm a nd-Line In terface Using Edit ing Featu res Editing C ommands throu gh Keystrok es Ta b l e 2 - 5 show s the ke yst rokes that you need to edit comman d lines. T able 2-5 Editing Comma nds thr ough K e ystro k es Capability Key stroke 1 Purpose Mo[...]

  • Seite 56

    2-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Using E diting Feature s Editing C ommand Lines that Wrap Y o u can use a w rap aro und f eature for c om mands t hat extend b eyond a singl e l ine on th e scre en . Wh en the cursor reaches the right mar gin, the comma[...]

  • Seite 57

    2-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 Using the Comm a nd-Line In terface Searching and Filtering Output of show and m o re Co mm ands Use lin e wrapping with the co mman d history fe ature to recall and modif y previous complex co mmand entries. F or i nformation about recalling pre v ious co mmand e[...]

  • Seite 58

    2-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Access ing th e CLI from a Br owse r Accessing the CLI from a Bro wser This proc edure assu mes you have met the software re quirem ents (includ ing browser and Java plug-i n conf iguratio ns) and hav e assigned IP info[...]

  • Seite 59

    C HAPTER 3-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 3 Getting Started with CMS This chapte r provides these topics about the Cluste r Management Suite (CMS ) software: • Feat ures , page 3- 2 • Fro nt Pa nel V i e w , page 3-4 • T opology V iew , page 3-9 • Men us and T oolba r , page 3-14 • Int eracti on [...]

  • Seite 60

    3-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Feature s Features CMS p rovides these feat ures ( Figur e 3-1 ) for mana ging sw itch cl usters a nd ind ividual swi tches fr om W eb browsers such as Netsca pe Comm unica tor or Micro soft In ternet Explore r: • T wo views of your netw[...]

  • Seite 61

    3-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Features • T wo lev els of access to the conf iguration optio ns: read-wr ite access for users allo wed to change switch se ttings; read- only acce ss for users allo wed to on ly vie w switch settings • Consiste nt set of GU I com pon[...]

  • Seite 62

    3-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Front Panel Vi ew Front Panel View When CMS is laun ched from a comma nd switch, the Front Panel vi ew displays the front -pan el images of all swit ches in the clus ter ( Figure 3-2 ). W hen C MS is l aunc hed fro m a stan da lone or n on[...]

  • Seite 63

    3-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Front Pa nel Vie w Cluste r Tr ee The cl uster tre e ( Figure 3-2 ) appears in the left f rame of the Front P anel vie w and sh o ws the name of the cluste r and a list of its memb ers. The se quenc e of the clust er-tree icons ( Figure 3[...]

  • Seite 64

    3-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Front Panel Vi ew Figure 3-5 shows the por t icons as th ey appea r in the fron t-panel imag es. T o select a port, cl ick the por t on the front-panel image. The port is then hi ghlighted with a yell ow outline. T o select multip le ports[...]

  • Seite 65

    3-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Front Pa nel Vie w Port Modes and LEDs The por t mode s ( Ta b l e 3 - 4 ) dete rmi ne t he t y pe of i nfo rma tion d ispl ayed thr ough the port LED s. Whe n you change port mode s, the mean ings of the por t LED color s ( Ta b l e 3 - [...]

  • Seite 66

    3-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Front Panel Vi ew VLAN Membership Modes Ports in the Fr ont P anel vie w are ou tlined by colors ( Ta b l e 3 - 6 ) when y ou c li ck Highlight VLAN P ort Membership Modes on the Configu re V LANs tab on the VL AN w indow ( VLAN > VLAN [...]

  • Seite 67

    3-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Topol ogy View Topology Vie w The T opology vie w displays ho w the de vices within a switch cluster are conne cted and ho w the switch cluster i s con ne cte d to oth er cl usters and devices . From t his view , you c an a dd and remove [...]

  • Seite 68

    3-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Topology Vie w Figur e 3-6 Expan d Cluste r View Figur e 3-7 Collaps e Clust er View Right-click a link icon to displa y a link popup menu. Cluster members of cluster1 and other de vices connected to cluster1. 65722 Right-click a de vice [...]

  • Seite 69

    3-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Topol ogy View Topology Icons The T op ology view and the cl ust e r tree us e the sam e set of device icons to r epresen t cluster s, com mand and standby comma nd switch es, and m ember switches ( Figure 3-8 ). The T opology vi e w als[...]

  • Seite 70

    3-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Topology Vie w Figur e 3-9 T opol og y-V iew Link Icons Device and Link L abels The T opo logy view displays device and lin k informa tion by using thes e labels : • Cluster and switch names • Switch MAC and IP addres ses • Link typ[...]

  • Seite 71

    3-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Topol ogy View The c olor o f a d ev ice la bel sho ws the cl uster member ship o f the de vice ( Ta b l e 3 - 1 0 ). Topology Display Optio ns Y o u can set th e type of info rmati on displaye d in the T opology view b y changing the se[...]

  • Seite 72

    3-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Menu s an d Toolba r Menus and Tool bar The co nfigur ation a nd moni tori ng opt ions for configu ring sw itche s an d s wit ch c lust ers ar e av ailabl e from menu s and a toolbar . Menu Bar The menu bar provides the co mplet e list of[...]

  • Seite 73

    3-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Menus and To olbar Note • W e strongly recomm end that the hig hest-en d, comm and-ca pable sw itch in the clus ter be the comm an d s witc h: – If your switch cl uster has a Catalyst 3550 switch, that switch sho uld be the command s[...]

  • Seite 74

    3-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Menu s an d Toolba r T able 3-1 1 Menu Bar Menu-B ar O ptio ns T ask CMS Page Setup Set de fau lt doc um en t pr int er p rop er ties t o be use d whe n pr intin g f ro m CM S. Print Pre vie w V iew t he way the CMS win do w or help f ile[...]

  • Seite 75

    3-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Menus and To olbar IGMP Sn oopin g 2 E nable and di sable In ternet Group Manage ment Protoc ol (IGMP) snoo ping an d IGMP Immediate-Lea ve proc essing on the switch. Join or leav e multicast groups, an d configure multicast router s. 80[...]

  • Seite 76

    3-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Menu s an d Toolba r Port Statistic s Display port sta tistics. Bandwidth G raphs Display g ra phs t hat plot the tota l ba nd width in use by t he swi tc h. Link G raph s Displa y a gra ph showin g th e bandw idt h be ing use d fo r t he[...]

  • Seite 77

    3-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Menus and To olbar Toolbar The toolba r buttons display com monly- used switch and cluster configurat ion options and i nformat ion wind o ws such as le gends and on line h elp. Hove r the cu rsor o ver an icon to display t he featu re. [...]

  • Seite 78

    3-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Menu s an d Toolba r Front Panel V iew Po pup M enus These popu p menus ar e available in the Front Panel view . Device Popup Menu Y o u can displ ay a ll swit ch a nd clus ter c onfigura tion w ind ows from the menu ba r , or yo u c an d[...]

  • Seite 79

    3-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Menus and To olbar Topology View P opup Men us These popu p menus ar e available in the T o pology vi ew . Link Popup Menu Y o u can displ ay reports a nd graphs for a specific link displa yed in the T opol ogy view ( Ta b l e 3 - 1 5 ).[...]

  • Seite 80

    3-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Menu s an d Toolba r Device Popup Menus Specific devices in the T opolo gy v iew display a sp eci fic popup m e nu: • Cluster ( Ta b l e 3 - 1 6 ) • Command switch ( Ta b l e 3 - 1 7 ) • Membe r o r st andby co mman d s wi tch ( Ta [...]

  • Seite 81

    3-23 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Inter action Mo des Interaction Modes Y o u can ch an ge the inte ra ctio n m ode of CMS t o eit her gu ide or expert m ode . G uide m od e st ep s you through each fea ture optio n and provides i nformat ion about the parame ter . Exper[...]

  • Seite 82

    3-24 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Wizards Guide Mode Note Gu ide mode is not av ailable if you r switch ac cess lev el is re ad-only . For more informa tion ab out the read- only acc ess mode, s ee the “ Ac cess Modes in CMS ” sect ion o n page 3-29 . Guide mo de is f[...]

  • Seite 83

    3-25 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Tool Tips Tool Tips CMS disp lays a po pup messa ge when yo u move your m ouse over thes e devices: • A yell ow device icon in the c luste r tree or in T opol ogy vi ew — A popup displ ays a fault messag e, such as that the RPS is fa[...]

  • Seite 84

    3-26 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS CMS W indow Com ponents CMS Window Components CMS windo ws consistently present conf iguration info rmation. Figure 3-12 shows the components of a typical CMS window . Figur e 3-12 CMS Wind ow Comp onents Host Name List T o display or cha[...]

  • Seite 85

    3-27 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS CMS Wi nd ow Co mpo n ents window does n ot i ncl ud e Ca talyst 1900 a nd Cat alys t 282 0 switc he s even though t hey are pa rt o f the cluster . Similarly , the Host Name list on the LRE Prof iles wi ndow o nly lists th e LRE switc h[...]

  • Seite 86

    3-28 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Access ing CMS Accessing CMS This section assumes the follo wing: • Y o u know the IP addre ss and pa ssword of t he com mand sw itch or a spe cific switch. Th is inf ormati on is either: – Assigned to the switch by following the setu[...]

  • Seite 87

    3-29 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Acce s sing CMS Access Mo des in CMS CMS pro vides tw o le v e ls of acce ss to the co nf igurat ion options: read-wr ite ac cess and read -only ac cess. Privilege le vels 0 to 15 are suppor ted. • Pri vile ge le vel 15 provid es you w[...]

  • Seite 88

    3-30 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Verifying Yo ur Cha nges Verifying Your Changes CMS pr ovid es notif i cation cues to help y ou track and conf irm t he cha nges yo u mak e. Change Notification A green bo rder a rou nd a field or tab le ce l l mean s tha t you ma de an u[...]

  • Seite 89

    3-31 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Star ted with CMS Restoring Your Configuration Restoring Your Configuration After you sav e a switch c onfiguration, you can re store the configurati on to one or more swi tches for these reas ons: • Y o u ma de a n inco rre ct cha nge t o the cur re nt[...]

  • Seite 90

    3-32 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 3 Getting Started with CMS Where to Go Nex t Where to Go Next Before conf iguring the switch , refer to th ese places for start- up info rmation: • Switch r elease notes on Cisco .com: – CMS so ftwar e re qu irem e nts – Procedur es for run ning the set up pr[...]

  • Seite 91

    C HAPTER 4-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 4 Assigning the Switch IP Address and Default Gateway This chapt er describes ho w to create the initial switch conf iguration (for e xample, assig n the switch IP address an d default gateway informa tion) by using a variety of au tomati c and manua l methods. Not[...]

  • Seite 92

    4-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigning the S witch IP Add ress and Defau lt Gateway Assign ing Swi tch Info rmatio n The boot loader a lso provid es trap-door access in to the system if the o perating system has problems serious enoug h that i t cannot be use d. The trap- door me chan ism pro[...]

  • Seite 93

    4-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information Default Switch Information Ta b l e 4 - 1 shows the def ault switch informatio n. Understand ing DHCP-Ba sed Autoco nfiguration The DHCP prov ides confi guration information to[...]

  • Seite 94

    4-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigning the S witch IP Add ress and Defau lt Gateway Assign ing Swi tch Info rmatio n DHCP Client Request Proce ss When you b oot your swi tch, the D HCP c lien t i s inv oked and au toma ti cally r eque sts c onfigura tion informatio n from a DHCP serve r when [...]

  • Seite 95

    4-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information Configuring the DHCP Ser ver Y o u shoul d configure t he DHC P server wi th rese rved leases t hat ar e boun d to each switch by th e switc h hardware address. If you wa nt th[...]

  • Seite 96

    4-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigning the S witch IP Add ress and Defau lt Gateway Assign ing Swi tch Info rmatio n For the switch to successf ull y do wnl oad a conf igu ratio n f i le, the TFTP ser v er must contain one o r more configur ation files in its base direct ory . The files ca n [...]

  • Seite 97

    4-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information Figur e 4-2 Rela y Devic e Used in A utoconfig uration Obtaining Configurati on Files Depending on the a v aila bility of th e IP add ress and the conf iguratio n file name in [...]

  • Seite 98

    4-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigning the S witch IP Add ress and Defau lt Gateway Assign ing Swi tch Info rmatio n Note The switch br oadcasts TFTP server requests if the TFTP serv er is not obtained f rom the DHCP replies, if all attempts to read the conf iguration f il e through u nicast [...]

  • Seite 99

    4-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information DNS Ser ver Conf iguration The DNS server ma ps the TF TP server name ma ri ts u to IP address 10. 0.0.3 . TFTP Serve r Conf iguration (on UNIX) The TF TP server base di rector[...]

  • Seite 100

    4-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigning the S witch IP Add ress and Defau lt Gateway Checking and Saving th e Run ning Confi gura tion Manually Assigning IP Information Beginn ing in pri vilege d EXEC mode, follo w these steps to manually assign I P information to multiple switched virt ual i[...]

  • Seite 101

    4-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Checki n g an d Sav in g the Ru nnin g Co nfig ur atio n ! hostname Switch ! enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0 ! ip subnet-zero ! vlan 3020 cluster enable Test 0 cluster member 1 mac-address [...]

  • Seite 102

    4-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 4 Assigning the S witch IP Add ress and Defau lt Gateway Checking and Saving th e Run ning Confi gura tion no ip address shutdown ! interface Vlan1 ip address 172.20.139.133 255.255.255.224 no ip route-cache ! ip default-gateway 172.20.139.129 ip http server ! ip a[...]

  • Seite 103

    C HAPTER 5-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 5 Configuring IE2100 CNS Ag ents This chap ter describes h ow to c onfigure th e Intelligence Engine 2100 (IE2100) Series Cisco Netw orking Servic es (CNS) embe dded ag ent s on you r switc h. T o u se t he fea ture de scribed in thi s chapt er , you must ha ve th [...]

  • Seite 104

    5-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Confi guring I E2100 CNS Agent s Unders tan ding IE21 0 0 Series Config uration Reg istrar Softwar e Figur e 5-1 Configur ation Registra r Arc hit ect ural O vervie w These secti ons cont ain this co nceptu al in forma tion: • CNS Configurati on Se rvic e, pag e[...]

  • Seite 105

    5-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Configuring IE21 00 CNS Agents Understan ding IE2100 Series Configurat ion Registrar S oftware CNS E ven t Serv i ce The Conf iguration Regi strar uses the CNS Ev ent Servic e for rece ipt and ge neration of conf iguration e ven ts. The CNS e v ent agen t resides [...]

  • Seite 106

    5-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Confi guring I E2100 CNS Agent s Unders tan ding IE21 0 0 Series Config uration Reg istrar Softwar e DeviceID Each co nfigured s wi t ch part i cipati ng on th e ev ent bus has a un ique deviceID, w hich i s an alog ous to the switch source ad dress so that the sw[...]

  • Seite 107

    5-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Configuring IE21 00 CNS Agents Unde rstan ding CNS Embe dde d Ag ent s Understandin g CNS Embedde d Agents The CNS e v ent ag ent feature allo ws the swit ch to publish and su bscribe to e vents on the e v ent b us and works with the CNS configurati on agent. The [...]

  • Seite 108

    5-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Confi guring I E2100 CNS Agent s Configur ing CNS Em b edded A gen ts Incremental (Partial) Configur ation After t he ne twork is r unn ing, new serv ice s ca n b e ad de d by using t he CN S c onfigura tion ag en t. Increme ntal (p artial) c onf igura tions can b[...]

  • Seite 109

    5-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Configuring IE21 00 CNS Agents Config uri ng CNS Embe dded Ag en ts Note For more informatio n about running the setup program and cr eating templates o n the Configurat ion Registrar, refer to the Cisco Intelligen ce Engine 2100 Series Conf igurat ion Re gistr ar[...]

  • Seite 110

    5-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Confi guring I E2100 CNS Agent s Configur ing CNS Em b edded A gen ts Enabling th e CNS Ev ent Agent Note Y ou must e nable t he CNS ev ent agent on the s witch b efore y ou enab le the CNS conf igurat ion ag ent. Beginn ing in pri vilege d EXEC mode, follo w thes[...]

  • Seite 111

    5-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Configuring IE21 00 CNS Agents Config uri ng CNS Embe dded Ag en ts T o disable the CNS e v ent agent, use the no cns event { ip-address | hostname } glob al configur ation comm and. This e xample sho ws ho w to e nable the CNS e v ent agent, set the IP a ddress g[...]

  • Seite 112

    5-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Confi guring I E2100 CNS Agent s Configur ing CNS Em b edded A gen ts Step 3 config-cli or line -c li Enter config -cli to connect to the Config uration Registrar through t he interface de fined in cns c onfig connect-i ntf . Enter line-cli to connec t to th e Re[...]

  • Seite 113

    5-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Configuring IE21 00 CNS Agents Config uri ng CNS Embe dded Ag en ts T o disa ble t he CNS conf igurati on age nt, use t he no cns conf ig initia l { ip-add r ess | hostname } global configurati on comm a nd. This e xample sho ws ho w to conf igure a n initial c o[...]

  • Seite 114

    5-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Confi guring I E2100 CNS Agent s Displaying CNS Con figuration Enabling a Partial Configur ation Beginn ing in pri vilege d EXEC mode, follo w these st eps to enable the CNS conf iguration ag ent and to initiate a p artial conf iguration on the switch: T o disa b[...]

  • Seite 115

    5-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Configuring IE21 00 CNS Agents Displaying CNS Configuration show cns e v ent stats Displays statistic s about the CNS e ven t agent. show cns ev ent subject Disp la ys a li st of event ag en t s u bjec ts th at ar e s ubs cr ib ed t o by appli cations . T able 5-[...]

  • Seite 116

    5-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 5 Confi guring I E2100 CNS Agent s Displaying CNS Con figuration[...]

  • Seite 117

    C HAPTER 6-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 6 Clustering Switches This chapte r provides these topics to help you get started with switch clu stering: • Understa ndin g Swi tch Cl u sters , pa ge 6-2 • Planning a Sw itch Cluster, page 6-5 • Creating a Switch C l uster , pag e 6- 20 • Using the CL I t[...]

  • Seite 118

    6-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Unders tan din g Sw itch Cluste rs Understandin g Switch Clust ers A switch cluster i s a group of connected C atalyst swit ches that a re manage d as a sing le entity . In a sw itch clus ter , 1 swi tch mu st be the comma nd s wi tch a nd up t[...]

  • Seite 119

    6-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Underst anding Swi tch Clust ers Command Switch Character istics A Cataly st 2950 co mm an d swit ch m ust me et t hese r equi reme nts: • It is running Release 12.0(5.2) WC(1) or later . • It has an IP address . • It has Cisc o Discover[...]

  • Seite 120

    6-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Unders tan din g Sw itch Cluste rs Note Ca talyst 2950 com mand sw itches r unning R eleas e 12. 1(9)EA1 or la ter can conn ect to s tandby com mand swit ches in the ma nage ment VLAN. • It is redundantly connected to the c luster so that c o[...]

  • Seite 121

    6-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Planni ng a Swit ch Clust er Note Catalyst 2950 stand by command switche s runni ng Releas e 12. 1(9)EA1 or later can co nnect to candidat e and membe r switche s in VLANs di f fer ent from their mana gement VL ANs. Planning a Switch Cl uster [...]

  • Seite 122

    6-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Planning a Sw it ch Cl ust er Discovery through CDP Hops By using CDP , a comma nd switch can di scover switches up to se ven CDP hops away (the default is three hops) from the ed ge of the clus ter . The edge of the clus ter is where the las t[...]

  • Seite 123

    6-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Planni ng a Swit ch Clust er Figur e 6-2 Disco very thr ough CDP Hops (Co mmand S witch Running Releas e 12.1(9)E A1 or Lat er) Command s witch Member s witch 10 Member s witch 8 Member s witch 9 VLAN 62 Edge of cluster VLAN 16 74047 Switch 11[...]

  • Seite 124

    6-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Planning a Sw it ch Cl ust er Discovery through Non-CDP-Capabl e and Noncluster-Capable Devices If a comman d swi tch is connecte d to a non-CDP-c apable t hir d-party hub (such as a non -Cisc o hub), it can disco ver clus ter-en abled de vices[...]

  • Seite 125

    6-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Planni ng a Swit ch Clust er Discovery through the Same Managemen t VLAN A Catalyst 2900 XL command switch, a Ca talyst 2950 comma nd switch ru nning a rele ase earl ier than Release 12 .1(9) EA1, or a Catal yst 3500 XL comm and switc h must c[...]

  • Seite 126

    6-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Planning a Sw it ch Cl ust er Discovery through Different M anagement VLANs W e recomme nd usin g a Catalyst 3550 com mand switch or a Catalyst 29 50 comm and swit ch runni ng Releas e 12. 1(9)EA1 or la ter . These command switch es can disco [...]

  • Seite 127

    6-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Planni ng a Swit ch Clust er Figur e 6-6 Disco very thr ough Dif f er ent Ma nagem ent VLANs with a L ay er 3 Command S witch Discovery of Newly Installed Switches T o join a cluste r , the new , out-of-the -box switc h must be conne cted to [...]

  • Seite 128

    6-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Planning a Sw it ch Cl ust er Figur e 6-7 Disco v ery of Newly I nstalled S witc hes in the Sa me Manag ement VLAN Figur e 6-8 Disco very of Newly I nstalled S witc hes in Dif f er ent Ma nag ement VLANs AP AP Command s witch Catalyst 3500 XL [...]

  • Seite 129

    6-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Planni ng a Swit ch Clust er HSRP and S tandby Command Sw itches The switc h supp orts Hot Standby Router Protoc ol (HSRP) so that you ca n configure a gro up of standby comman d s wit che s. Beca use a c om mand sw itch ma nage s the fo rwar[...]

  • Seite 130

    6-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Planning a Sw it ch Cl ust er Virtual IP Addresses Y o u need to assig n a uniqu e virt ual IP add ress and gr oup num ber a nd name to t he clu ster sta ndby group. This i nf orm ation m ust b e co nfigured on th e m a nagem e nt V LAN on t h[...]

  • Seite 131

    6-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Planni ng a Swit ch Clust er • All stan dby-group memb ers must be me mber s of the clust er . Note The re is no lim it to the number of sw itches that you can assi gn as standb y command switches. Howe v er , the tot al number of switches [...]

  • Seite 132

    6-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Planning a Sw it ch Cl ust er Automatic Recover y of Cluster Configuration The act iv e comm and swit ch cont inually forwards cluster-configura tion info rmati on (but not device-configurat ion info rmation) to the standby com mand switch. Th[...]

  • Seite 133

    6-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Planni ng a Swit ch Clust er Host Names Y o u do not need to assign a host name to eit her a comm and swit ch or an el igible c luster mem ber . Ho we ver , a host name assigned to the command switch can help to identify the switc h cluster .[...]

  • Seite 134

    6-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Planning a Sw it ch Cl ust er TACACS+ an d RADIUS Inconsistent authenti cation configur ations in switch clusters cause CMS to continually pr ompt for a user name and pa ssword. If T erminal Acce ss Co ntro ller Acces s Co ntrol System Plus (T[...]

  • Seite 135

    6-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Planni ng a Swit ch Clust er Manageme nt VLAN Communication wi th the sw itch manag ement int erfaces i s through the comma nd-switch IP address. T he IP address is a ssociate d with th e management V LAN, whic h b y def ault is VL AN 1. T o [...]

  • Seite 136

    6-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Creating a Switch Cluster Availability of Switch-Specifi c Features in Switch Clusters The me nu bar on t he com mand switch disp lays al l optio ns available from the sw itch clust er . Therefore, feat ures spe cif ic to a member switch are a[...]

  • Seite 137

    6-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Creati ng a Swit ch Cluster If you did not enab le a command switch durin g initial switch setup, launch De vice Manager from a command-cap able switch, a nd select Cluster > Cr eate Cluster . Ente r a clust er numbe r (the default i s 0),[...]

  • Seite 138

    6-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Creating a Switch Cluster If a cand idat e s witc h in th e gr oup has a password di fferent from t he gr oup, on ly that speci fic candi dat e switch is no t adde d to t h e cl us ter . When a candidate switch joins a clu ster , it inherits t[...]

  • Seite 139

    6-23 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Creati ng a Swit ch Cluster Figur e 6-12 Using the T opolog y V iew t o A dd Membe r Switc hes Creating a Clu ster S tandby Group The cl uster s tandb y grou p member s must meet the requ irements descri bed in the “ Standby Command Switch [...]

  • Seite 140

    6-24 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Creating a Switch Cluster These a bbreviations are ap pended t o the switc h host nam es in the St andby Command G roup li st to show their eligib ility or status in the cluster standby group : • AC — Acti v e com mand swi tch • SC — S[...]

  • Seite 141

    6-25 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Creati ng a Swit ch Cluster Verifying a Switch Cluster When yo u fini sh adding cl uster me mbers , follo w these step s to v erify the clu ster: Step 1 Ent er the command switch IP addr ess in the bro w ser Location fiel d (Netsca pe Commun [...]

  • Seite 142

    6-26 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Using the CLI to Ma nage Swit ch Cl us ters Using the CLI to Manage Swit ch Clusters Y o u can co nfigure memb er switch es from the CLI by f irst logg ing into the command switch . Enter the rcommand user EXEC com mand and t he member switch [...]

  • Seite 143

    6-27 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switche s Using S NMP to Ma nage Swit ch Clust ers Using SNMP to Manage Switc h Clusters When you first power on the sw itch, SN MP is en abled i f you e nter the IP infor matio n by using the setup program a nd a ccep t i ts p rop ose d con figurat io[...]

  • Seite 144

    6-28 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 6 Clustering Switches Using SNMP to Ma nage Sw itch Cl usters[...]

  • Seite 145

    C HAPTER 7-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 7 Administering the Switch This cha pter descri bes how to perform one-t ime ope rations to administ er your switc h. This ch apter consists of t hese section s: • Pre ve nting Unauthorized Acc ess to Y our Switch, page 7-1 • Protectin g A cce ss to Pr ivileged[...]

  • Seite 146

    7-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Protecting A ccess to Privileged EXE C Comman ds • If you want to u se use rn ame and pa ssword p airs, but you wa nt to st ore t hem c e ntra lly o n a server instead o f locall y , you can store them in a database on a secur ity ser v[...]

  • Seite 147

    7-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds Setting o r Changin g a Static Enab le Pa ssword The en able password control s access to the privileged EXEC mode. Beginning in privileged EXEC mode, follo w these step s to set or[...]

  • Seite 148

    7-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Protecting A ccess to Privileged EXE C Comman ds Protecting En able and E nable Secre t Passw ord s with Enc ryption T o pro vide an additional layer of security , particularly for passwords tha t cross the network or that are stored on a[...]

  • Seite 149

    7-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds If bo th the en able and e nable sec ret pas sword s are de f ined, us ers must enter th e enable s ecret p asswo rd. Use th e level keyword to define a password fo r a sp ecific pr[...]

  • Seite 150

    7-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Protecting A ccess to Privileged EXE C Comman ds T o remo v e the passwo rd, use the no password global configurat ion comm and. This example sho ws ho w to set the T elnet password to let45me67i n89 : Switch(config)# line vty 10 Switch(c[...]

  • Seite 151

    7-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds Configuring Multiple Privilege Level s By default, the IOS sof tware has two mo des of password sec urity : user EX EC an d privileged EXEC. Y ou can con figu re up to 16 hierar chi[...]

  • Seite 152

    7-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Protecting A ccess to Privileged EXE C Comman ds When y ou set a command to a pr i vile ge le ve l, all command s whose syntax is a subs et of th at com mand are al so set to th at le v el. Fo r exa mple, if y ou set the show ip traffic c[...]

  • Seite 153

    7-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with TACACS+ Logging into and Exiting a Privilege Level Beginn ing in pri vile ged EXEC mode, f ollo w these steps to log in to a s pe c if ie d p r i v i l e ge le ve l an d t o e xi t to a specified pri vilege[...]

  • Seite 154

    7-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controlling Sw itch Acce ss w ith TACACS+ Figur e 7 -1 T ypical T ACACS+ N etwo r k Configur ation T A CA CS+, admin istered through the AA A securit y servic es, ca n prov ide th ese ser vices: • Authentic ation — Provides complete [...]

  • Seite 155

    7-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with TACACS+ TACACS+ Ope ration When a use r attempts a sim ple ASCII login b y authent icating to a switch using T A CA CS+, this proc ess occurs: 1. When th e connection is establishe d, the swi tch contact s[...]

  • Seite 156

    7-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controlling Sw itch Acce ss w ith TACACS+ This se ctio n c onta ins thi s configu ratio n inf or mat ion: • Default T A CA CS+ Configuration , page 7-12 • Identifyin g the T A CA CS+ Ser ver Ho st and Sett ing the A uthenticati on K [...]

  • Seite 157

    7-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with TACACS+ T o remo ve the specif ied T A CA CS+ server name or address, use the no tacacs- server ho st hostnam e global configurat ion comm and. T o remov e a server grou p from th e configur ation li st, u[...]

  • Seite 158

    7-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controlling Sw itch Acce ss w ith TACACS+ Beginn ing in pri vilege d EXEC mode, follo w these st eps to conf igure login authent ication: Comma nd Pu rpos e Step 1 conf igure t erminal Enter globa l configurati on mode. Step 2 aaa new-mo[...]

  • Seite 159

    7-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with TACACS+ T o disa ble A AA, us e the no aaa new-model glo bal co nfigur atio n c omm and. T o di sabl e AA A authenti cation, use th e no aaa aut hent ica tion l ogin { default | list-name } method1 [ metho[...]

  • Seite 160

    7-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controlling Sw itch Acce ss w ith TACACS+ Starting TACACS+ Accounting The AAA acco unting feature tracks th e services that users are acces sing an d the amoun t of netwo rk resources th at the y are co nsuming. When AAA ac counting is e[...]

  • Seite 161

    7-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with RADIUS Controlling Switch Access with RADIUS This sec tion descr ibes ho w to enab le and conf igu re the Remot e Authenti cation Dial -In User Service (RADIUS), which pro vides detailed ac counting i nfor[...]

  • Seite 162

    7-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controllin g Switch A cce ss wit h RA DIUS RADIUS is not suitable in these netw ork security situations: • Multipr otocol acce ss en vi ronmen ts. RADIUS do es not supp ort AppleT alk Remote Access (ARA) , NetBIOS F ram e Co ntrol P ro[...]

  • Seite 163

    7-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with RADIUS Configuring RADIUS This se ctio n de scri bes how to c onfigure your sw itch to su ppo rt R ADI US. At a mi nim um, y ou mus t identify the host or ho sts that run the RADIUS server software and de [...]

  • Seite 164

    7-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controllin g Switch A cce ss wit h RA DIUS Y o u iden tif y R ADI US secu ri ty s er vers by the ir host na me or I P ad dre ss, host name a nd spe c ific UDP port num bers, or t heir I P addre ss and spec ific UDP port numb ers. The com[...]

  • Seite 165

    7-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with RADIUS Beginning i n privileged E XEC mo de, foll ow these s teps to c on figure p er-server R ADI US ser ver comm unicatio n. This pr oced ure is requir ed. T o remo ve the specif ied RADIUS serv er , u s[...]

  • Seite 166

    7-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controllin g Switch A cce ss wit h RA DIUS This exampl e sho ws ho w to con fi gure one RADIUS ser ver to be us ed for au thentica tion and a nother to be us ed for ac coun ting : Switch(config)# radius-server host 172.29.36.49 auth-port[...]

  • Seite 167

    7-23 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with RADIUS Step 3 aaa authent ication logi n { default | list-name } method1 [ meth od2 ... ] Create a login auth entic ation meth od list. • T o create a defau lt list that is used when a named list is not [...]

  • Seite 168

    7-24 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controllin g Switch A cce ss wit h RA DIUS T o disa ble A AA, us e the no aaa new-model glo bal co nfigur atio n c omm and. T o di sabl e AA A authenti cation, use th e no aaa aut hent ica tion l ogin { default | list-name } method1 [ me[...]

  • Seite 169

    7-25 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with RADIUS Be ginning in pri v ile ged EXEC mode, fo llo w these step s to def ine the AAA ser ver group and associate a particula r RADIUS serve r with it: Comma nd Pu rpos e Step 1 conf igure t erminal Enter[...]

  • Seite 170

    7-26 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controllin g Switch A cce ss wit h RA DIUS T o remo ve the specif ied RADIUS serv er , u se the no radius-serv er host hostname | ip- address global configurat ion comm and. T o re move a server group from t he configurat ion list , use [...]

  • Seite 171

    7-27 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with RADIUS Beginn ing in pri vile ged EXEC mo de, follo w these ste ps to specif y RADIUS author ization for privile ged EXEC a cce ss an d n etwor k ser vi ces: T o disabl e auth orizat ion, us e the no aa a [...]

  • Seite 172

    7-28 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controllin g Switch A cce ss wit h RA DIUS Configuring Settings for All RADIUS S ervers Beginning i n privileged E X EC mo de , follow these s teps to c on figure gl obal com mun ica tion sett ings between the switch and all RADIUS serv [...]

  • Seite 173

    7-29 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Controlling Switch Access with RADIUS For e x am ple , th e f oll o wing A V p air acti vates Cis co ’ s mu ltiple n amed ip addr ess pools feature du r i ng IP author izatio n (dur ing PPP ’ s IPCP address a ssignmen t): cisco-avpa[...]

  • Seite 174

    7-30 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Controllin g Switch A cce ss wit h RA DIUS Beginning i n privileged EXEC mode, f ollow thes e steps to specif y a vendor-propr ietar y RADI US server host a nd a sh ared se cret te xt string : T o delet e the vendo r -proprietary RADIU S[...]

  • Seite 175

    7-31 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Configuring the Switch for Local Authentication and Authorization Configuring the Switch for Local Authentication and Authorizat ion Y ou can conf igur e AAA to operate without a server by setting th e switch to implem ent AAA i n local[...]

  • Seite 176

    7-32 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the Syste m Time and Date Managing the System Time and Date Y o u can ma nage the sy stem ti me and d ate o n y our swi tch usin g aut om atic con figurat ion, such a s the Network Time Protocol (NTP) , or manual configurati on[...]

  • Seite 177

    7-33 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e running NTP autom atically chooses as its time source the dev ice with the lo west stratum number with which it communic ates through NTP . This strategy ef fecti ve ly builds a self -organ izi[...]

  • Seite 178

    7-34 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the Syste m Time and Date Figur e 7 -3 T ypical NTP Netw or k Config ura tion Configuring NTP The Cat alyst 2950 switche s do not have a hardware- suppor ted cloc k, and th ey cannot funct ion as an NTP maste r clock to which p[...]

  • Seite 179

    7-35 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Default NTP Configurati on Ta b l e 7 - 2 shows the d efault NTP co nfigurati on. NTP is enable d on all interfa ces b y default. All in terfa ces recei v e NTP pack ets. Configuring NTP Authen[...]

  • Seite 180

    7-36 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the Syste m Time and Date T o dis ab le N TP au then tic atio n, use the no ntp authenticate global configurat ion comm and. T o re m ove an auth entication ke y , use th e no ntp authe ntic atio n-ke y number glob al co nfigur[...]

  • Seite 181

    7-37 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Y o u need to co nfigure only one end of an assoc iation; the other de vice can a utomat icall y establi sh the associat ion. If you are using the default NTP version (version 3) and NTP sync h[...]

  • Seite 182

    7-38 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the Syste m Time and Date T o disable the interface from s ending NTP broadcast pack ets, use the no ntp broadcast interface conf igurat ion command. This e xample sho ws ho w to conf igure an interf ace to send NTP version 2 p[...]

  • Seite 183

    7-39 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Creating an Access Gro up and Assigni ng a Basic IP Access List Beginn ing in pri vilege d EXEC mode, follo w these steps to contro l access to NTP services b y using access lists: The ac c ess[...]

  • Seite 184

    7-40 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the Syste m Time and Date If the source IP address m atches the access lists fo r more t han one acces s type, the f irst typ e is grant ed. If n o access gro ups are spec ifie d, all a ccess types are gr anted t o all de vices[...]

  • Seite 185

    7-41 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Beginn ing in pri vile ged EXEC mode, follo w these steps to conf igure a specif ic interf ace from which the IP sourc e ad dress is to be ta ke n: The specif i ed interface is u sed for the so[...]

  • Seite 186

    7-42 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the Syste m Time and Date Setting the System Clock If you have an outsid e source on the net work that pr ovides time ser vices, su ch as a n NTP server , you do not need to manuall y set the syste m clock. Begi nning in pri vi[...]

  • Seite 187

    7-43 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Configuring the Tim e Zone Beginn ing in pri vilege d EXEC mode, follo w these st eps to manually conf igure the time zone: The minutes-of fset v ariable in the clo ck timezone global con figur[...]

  • Seite 188

    7-44 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the Syste m Time and Date Configuring Summer Time (Daylight Saving Ti me) Beginning in pr ivileged EXEC mode, fo llow these steps t o co nfigure summer time (dayligh t saving time) in areas wh ere it start s and ends on a parti[...]

  • Seite 189

    7-45 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Beginning in privileged EX EC mode, fol low these steps if summ er time in your area do es not follow a recurr ing patt ern (con figure the exact da te and tim e of the next summe r time ev ent[...]

  • Seite 190

    7-46 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Configur ing a Sys tem Nam e and Prompt Configuring a System Name a nd Prompt Y o u configure the system name on the switc h to identi fy it. By default , the system na me and pr ompt are Switc h . If you have not c onfigured a sy stem p[...]

  • Seite 191

    7-47 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Confi guring a S ystem Name an d Prompt Configuring a System P rompt Beginning i n privileged EX EC mode , follow th ese s teps t o ma nual ly c on figure a s yst em prom pt: T o re turn to th e default p rom pt, use t h e no prompt [ s[...]

  • Seite 192

    7-48 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Configur ing a Sys tem Nam e and Prompt Default DNS Configur ation Ta b l e 7 - 3 shows the d efault DN S configur ation . Setting Up DNS Beginning i n privileged EX EC mo de , follow these s teps to s et up you r s witc h to use th e DN[...]

  • Seite 193

    7-49 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Creat ing a Bann er domain name is the v alue set by the ip d oma in -n ame glo bal c onfigurati on c om mand. I f ther e is a period (.) in th e hostn am e, t he IO S soft ware look s u p th e IP ad dress w itho ut appe nd ing any de f[...]

  • Seite 194

    7-50 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Creating a Banner Configurin g a Mess age-of-the -Day Log in Bann er Y ou can create a sing le or mult iline messa ge b anner tha t a ppea rs on th e scr een wh en so m eone lo g s in to the switch. Beginning in privileged EX EC mode, fo[...]

  • Seite 195

    7-51 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Creat ing a Bann er Configurin g a Login B anner Y o u c an co nfigur e a l og in ba nner t o be di spla yed on al l c onnec ted t ermin al s. Thi s ba nn er ap pe ar s after the M O TD ba nn er a nd befo re the lo gin pro mpt. Beginnin[...]

  • Seite 196

    7-52 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the MAC A ddre ss Table Managing the MAC Ad dress Tabl e The MA C address table cont ains add ress inf ormation that th e switc h uses to fo rwar d traf fic betwe en ports. All MA C addr esses in th e address ta ble ar e associ[...]

  • Seite 197

    7-53 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Managin g the MAC Addre ss Table MAC Addr esses an d VLANs All addr esses are as sociate d with a VLAN. An add ress can e xist in more than one VLA N and ha ve different de stinati ons in each. Multic ast add resses , for exa mple, cou [...]

  • Seite 198

    7-54 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the MAC A ddre ss Table T o retur n to the default v alue, use the no mac address-table agi ng-time global configurati on comma nd. Removi ng Dyn amic Ad dre ss E ntries T o remove all d ynamic en tries, use the cl ear m ac a d[...]

  • Seite 199

    7-55 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Managin g the MAC Addre ss Table Beginning i n privileged E X EC mo de , follow these s teps to c on figure th e switc h t o send M A C a ddress notif ication traps to an NMS host: Command Purpos e Step 1 configur e terminal Enter glob [...]

  • Seite 200

    7-56 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the MAC A ddre ss Table T o disable the switch fr om sending MA C address notification tra ps, use the no snmp-serv er enable traps mac-notification global con f igura tion co mman d. T o disab le the MAC address notification t[...]

  • Seite 201

    7-57 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Managin g the MAC Addre ss Table Beginning i n privileged EX EC mo de , follo w these steps to add a static address: T o re move sta t ic en tr i es fr om t he a ddres s t abl e, u se th e no mac address-tabl e static mac-addr vlan vlan[...]

  • Seite 202

    7-58 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the MAC A ddre ss Table Beginning i n privileged EX EC mo de , follow these s teps to a dd a se cure ad dress: T o remov e a secur e address, u se the no switchport port -security mac-addr ess mac-addr ess global configurati on[...]

  • Seite 203

    7-59 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adminis ter ing the Switch Managi ng the ARP Ta ble Managing the ARP Ta ble T o commun icate w ith a de vice (o v er Eth ernet, for e xam ple), the softw are f irst m ust dete rmine the 48-bi t MA C or the local data link addre ss of that device. The pro cess of [...]

  • Seite 204

    7-60 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 7 Adm inistering the Switch Managin g the ARP Table[...]

  • Seite 205

    C HAPTER 8-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 8 Configuring 802.1X Port-Ba sed Authen tication This cha pter describ es how to configure IEEE 802 .1X port-ba sed au thentic ation to pr e vent unautho rized devices (clie nt s) f rom ga ining ac cess to the network. As LANs extend to ho te l s, airp orts, and co[...]

  • Seite 206

    8-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configur ing 802. 1X Port-Bas ed Authen ticati on Unders tan ding 802.1X Port -Based A ut henticat io n Device Roles W it h 802.1X po rt-ba sed authentic ation, the de vices in the netw ork ha ve specif ic role s as sho wn in Figure 8-1 . Figu re 8- 1 80 2. 1X De [...]

  • Seite 207

    8-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configuring 8 02.1X Port-B as ed Authen ti cat ion Understandi ng 802.1X P ort-Based Aut henticat ion Authentication Initiation and Message Exchange The swi tch or th e client can initi ate authen tication. If you enable auth entication on a p ort b y using the do[...]

  • Seite 208

    8-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configur ing 802. 1X Port-Bas ed Authen ticati on Unders tan ding 802.1X Port -Based A ut henticat io n Ports in Au thorized and Un authorized S tates The switc h port state determi nes whet her or not the client is gran ted acces s to the net work. The por t star[...]

  • Seite 209

    8-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configuring 8 02.1X Port-B as ed Authen ti cat ion Configuring 802. 1X Authent ication Support ed Topo lo gies The 802 .1X port-ba sed au thentic ation is supp orted in two topologie s: • Point-to-poi nt • W ireless LAN In a po in t-to- point configur ati on ([...]

  • Seite 210

    8-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configur ing 802. 1X Port-Bas ed Authen ticati on Configur ing 80 2. 1X Au thent ica tion Default 802.1X Configuration Ta b l e 8 - 1 shows the d efault 80 2.1X configur ation . T able 8-1 Def ault 8 02.1X Configur ation Feature Default Setting Auth entic ation, a[...]

  • Seite 211

    8-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configuring 8 02.1X Port-B as ed Authen ti cat ion Configuring 802. 1X Authent ication 802.1X Configuration Guidelines These ar e the 80 2.1X authenti cation co nfigurati on guid elines : • When 802.1 X is enabl ed, port s are auth enticat ed befor e any other L[...]

  • Seite 212

    8-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configur ing 802. 1X Port-Bas ed Authen ticati on Configur ing 80 2. 1X Au thent ica tion Enabling 802.1X Authentication T o enable 802 .1X port-based auth entication , you must enable AAA and specify the au thenticatio n method list. A method list descri bes the [...]

  • Seite 213

    8-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configuring 8 02.1X Port-B as ed Authen ti cat ion Configuring 802. 1X Authent ication This e xample sho ws ho w to enable AAA and 802 .1X on Fast Ethernet port 0/ 1: Switch# configure terminal Switch(config)# aaa new-model Switch(config)# aaa authentication dot1x[...]

  • Seite 214

    8-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configur ing 802. 1X Port-Bas ed Authen ticati on Configur ing 80 2. 1X Au thent ica tion This exam ple sh ows how to specify the server w it h IP add re ss 172. 20. 39.46 a s the R ADI US server, to use port 1612 as the author izat ion port , an d to se t the en[...]

  • Seite 215

    8-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configuring 8 02.1X Port-B as ed Authen ti cat ion Configuring 802. 1X Authent ication Manually Re-Authenticating a Client Connected to a Port Y ou can manually re-authentic ate the client co nnected to a specif ic port at any time b y entering the dot1x re-a uth[...]

  • Seite 216

    8-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configur ing 802. 1X Port-Bas ed Authen ticati on Configur ing 80 2. 1X Au thent ica tion Changing the Sw itch-to-Clie nt Retran smission Time The client respon ds to the EAP-request/id entity frame fro m the switch with an EAP-response/i dentity frame. If the sw[...]

  • Seite 217

    8-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configuring 8 02.1X Port-B as ed Authen ti cat ion Configuring 802. 1X Authent ication Setting the Switch-to-Client Frame-Retransmission Number In addi ti on t o c hang i ng th e swi tch- to-c li ent re tra nsmiss io n ti m e, y ou ca n ch an ge the n umb er o f [...]

  • Seite 218

    8-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 8 Configur ing 802. 1X Port-Bas ed Authen ticati on Display ing 802.1 X Stat is t ics and Status T o disabl e multip le hosts on the po rt, use the no do t1x mu ltipl e-ho sts interface conf iguration c ommand. This e xample sho ws how to enable 802.1X on Fast Eth [...]

  • Seite 219

    C HAPTER 9-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 9 Configuring Interface Cha racteristics This c ha pter d efines the ty pes o f i nte rface s on th e swi tch and de scri bes how to c on figure th em . Th e chap ter has these sect ions: • Understa ndin g I nte rface T ypes, pa ge 9-1 • Using th e Interfa ce C[...]

  • Seite 220

    9-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Con figuring Interface Chara cteristics Unders tan ding Inte rfa ce Type s VLAN partitio ns provid e hard fire walls for traff ic in the VLAN, and each VLAN has its o wn MA C address table. A VLAN comes into exist ence when a local port is conf igured to be associ[...]

  • Seite 221

    9-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Configuring In te rface Charac teristics Unde rsta ndi n g In t erf ac e Ty p es Trunk Ports A trunk port carries th e traf f ic of multiple VLANs and by default is a member of all VLANs in the VLAN database . O nly IE EE 802. 1Q tru nk por t s are su pport ed. A [...]

  • Seite 222

    9-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Con figuring Interface Chara cteristics Using the Inter fa ce Command Figur e 9-1 Connecting VLANs with La y er 2 S witche s Using the Interf ace Command The swit ch supports these interf ace types: • Physical p ort s — Switch po rt s • VLANs — swi tch vir[...]

  • Seite 223

    9-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Configuring In te rface Charac teristics Using the Interface Command Procedures for Configuring In terfaces These ge neral instruc tions apply to all interfa ce conf igurati on processes. Step 1 Enter t he configur e t erminal comma nd at the pr ivileged EXEC prom[...]

  • Seite 224

    9-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Con figuring Interface Chara cteristics Using the Inter fa ce Command reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed input flow-control is off, output flow-control is off ARP type[...]

  • Seite 225

    9-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Configuring In te rface Charac teristics Using the Interface Command When usin g the interf ace range global configura tion co mman d, note th ese guide lines : • V alid entries for port- ra ng e : – vlan vlan -ID - vlan-I D , w h ere V LAN ID is from 1 to 409[...]

  • Seite 226

    9-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Con figuring Interface Chara cteristics Using the Inter fa ce Command If you ent e r multi pl e co nfigura t ion com mands whi l e you are in inter face rang e m ode, e ac h com ma nd is ex ecute d as it is entered. The commands are not ba tched togethe r and exe [...]

  • Seite 227

    9-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Configuring In te rface Charac teristics Configuring Layer 2 Interfaces • All interf aces in a range must be the sam e type; that is, all Fast Ethern et ports, all Gigab it Ethernet ports, a ll EtherCha nnel ports, or all VL ANs, b ut you c an combin e multiple [...]

  • Seite 228

    9-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Con figuring Interface Chara cteristics Configur ing Layer 2 In ter faces Configuring In terface Sp eed and Du plex M ode Ether net in terfaces on the switch op erate in 10, 1 00, or 1000 M bps and i n eith er full or hal f duplex mod e. In full-d uplex mo de, tw[...]

  • Seite 229

    9-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Configuring In te rface Charac teristics Configuring Layer 2 Interfaces These sec tions descr ibe how to configure the int erface speed and duplex mode: • Configuration Gu idelines, page 9-11 • Setting the Inte rface Spee d and Duplex P aramete rs, page 9-11 [...]

  • Seite 230

    9-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Con figuring Interface Chara cteristics Configur ing Layer 2 In ter faces Use the no spee d and no duplex interf a ce c onf igu ratio n comm and s to re turn th e inte rf ace to the d ef ault speed and duple x settin gs (autone gotiate ). T o return all interf ac[...]

  • Seite 231

    9-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Configuring In te rface Charac teristics Configuring Layer 2 Interfaces • rec e ive o f f an d send on : The port send s pause fra mes if the r emote device supports flow contro l but canno t recei v e pause f rames fr om the remo te de vice. • rec e ive o f [...]

  • Seite 232

    9-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Con figuring Interface Chara cteristics Monito rin g and Mai nt aining th e In terfaces Use the no description interface configurat ion comm and to delete the de script ion. This example shows ho w to a dd a descr iption on Fast Etherne t interface 0/4 and to ver[...]

  • Seite 233

    9-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Configuring In te rface Charac teristics Monitoring and Maintaining the Interfaces This exam ple sh ows how to displa y the stat us of a ll i nterfac es: Switch# show interfaces status Port Name Status Vlan Duplex Speed Type Fa0/1 connected 1 a-full a-100 10/100B[...]

  • Seite 234

    9-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Con figuring Interface Chara cteristics Monito rin g and Mai nt aining th e In terfaces no ip address mls qos cos 7 mls qos cos override end Clearing and Resetting Interfaces and Counters Ta b l e 9 - 3 lists the privileged EXEC mode clear commands t hat y ou c a[...]

  • Seite 235

    9-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Configuring In te rface Charac teristics Monitoring and Maintaining the Interfaces Shutting Down and Restarting the Interface Shutting d ow n an inte rface d isables a ll function s on the specifi ed interf ace an d marks th e interf ace as unav ailabl e on all m[...]

  • Seite 236

    9-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 9 Con figuring Interface Chara cteristics Monito rin g and Mai nt aining th e In terfaces[...]

  • Seite 237

    C HAPTER 10-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 10 Configuring STP This chapt er describ es ho w to configure the Span ning Tree Protocol (STP) on you r switch. For information about the Rapi d Spanning T ree Proto col (RSTP) and the Multiple Sp anning T ree Protocol (MSTP), see Chapter 11, “ Conf iguring R S[...]

  • Seite 238

    10-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures • Spanning Tree and Redun da nt Co nnec tivity , page 1 0-8 • Acceler ated Aging to Retain Connec tiv ity , page 10-9 STP Overvie w STP is a Lay er 2 link mana gement pr otocol t hat provide s path re[...]

  • Seite 239

    10-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Unders tanding Spanni ng-Tree Featu res • Message age • The iden tif ier of the sending interfac e • V alues for the he llo, for ward d elay , and max- age pro tocol time rs When a switch recei v es a conf igur ation BPDU that contains supe[...]

  • Seite 240

    10-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures BPDUs conta in informa tion about the sending switch and i ts ports, inclu ding switch a nd MA C addresses, swit ch pri ority , port prior ity , and path co st. Spanning tree uses this informati on to ele[...]

  • Seite 241

    10-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Unders tanding Spanni ng-Tree Featu res Creating the S pannin g-Tree To pology In Figure 10 -1 , Switch A is elected as the root swit ch because the switch prio rity of all the switches is set to the default (32768) and Sw itch A has the lowest M[...]

  • Seite 242

    10-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures An interfac e mov es through these state s: • From initiali zation to blocking • From bl ocki ng to li ste ning or to disab l ed • From list eni ng to le arni ng o r t o di sabl ed • From le arnin[...]

  • Seite 243

    10-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Unders tanding Spanni ng-Tree Featu res Blocking State A Layer 2 in ter f ace in th e b lo ckin g state does not p ar tic ipate in frame f o rw a rdin g. Af ter in iti aliz atio n , a BPDU is sent to each interf ace in the switch. A switch initia[...]

  • Seite 244

    10-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures Disabled State A Laye r 2 int erface in th e disab led state do es not parti cipa te in frame forwar ding or in the span ning tree. An interf ace in the disabled state is nonop erational. A disab led inte[...]

  • Seite 245

    10-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Confi guring S panni ng-Tree Featu res Figur e 1 0-3 Spanning T ree and Redun dan t Conne ctiv ity Y o u can also c reate red undan t links betwe en switches by using EtherCha nnel gro ups. For more inform ati on, see Chapter 26, “ Configuring [...]

  • Seite 246

    10-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Configur ing Span ning-T ree F eature s • Conf iguring the Hello T ime, page 10-19 • Conf iguring th e Fo rwa rding- Delay T ime for a VLAN, page 10-19 • Configuring t he M axi mu m-Ag ing Time for a V L AN , p ag e 10- 20 • Conf igu rin[...]

  • Seite 247

    10-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Confi guring S panni ng-Tree Featu res Cautio n Switches that are not running spanning tree still for ward BPDUs that the y recei v e so that the other switche s on the V LA N that have a run ning span ning -tree in stance can b reak l oops. T h[...]

  • Seite 248

    10-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Configur ing Span ning-T ree F eature s Disabling STP STP is e nabl ed by d efau lt on V LAN 1 a nd on al l newly cre ated V LAN s u p to the sp anni ng- tree lim it specif ied in T able 10- 3 . Disable STP only if you are sure there are no loop[...]

  • Seite 249

    10-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Confi guring S panni ng-Tree Featu res These e xamp les sho w the ef fect of th e spanning-tree vlan vlan-id roo t command with an d without the extended system ID support: • For Catalyst 2950 switches wit h the e xtended system ID (Release 12[...]

  • Seite 250

    10-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Configur ing Span ning-T ree F eature s Be gin n in g i n p r i vil e g ed E XEC m ode, follo w t he se s tep s to a swi tch to be co me the root f or th e sp eci f ied VLAN: T o retur n the switc h to its def ault settin g, use the no spanning-[...]

  • Seite 251

    10-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Confi guring S panni ng-Tree Featu res Beginn ing in pri vile ged EXEC mo de, follo w these step s to confi gure a switch to b ecome the second ary root for the specif ied VLAN: T o retur n the switc h to its def ault settin g, use the no spanni[...]

  • Seite 252

    10-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Configur ing Span ning-T ree F eature s Note Th e show spanning-tree int erface interface- id privileged EXEC command displa ys informat ion only if th e por t is i n a l ink -up op er ative state . O the rwi se, y ou can use th e show running-c[...]

  • Seite 253

    10-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Confi guring S panni ng-Tree Featu res Note Th e show spanning-tree int erface interface- id privileged EXEC command displa ys informat ion only for por ts that ar e in a link- up opera ti ve s tate. Ot herwis e, you can u se the show running-co[...]

  • Seite 254

    10-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Configur ing Span ning-T ree F eature s Configuring the Switch Priority of a VLAN Y ou can config ure the switch prior ity and make it more lik ely that the switc h will be chosen as t he root switch. Note Exercis e care when using this comm and[...]

  • Seite 255

    10-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Confi guring S panni ng-Tree Featu res Configuring the Hello Time Y ou can config ure the interv al b etween the genera tion of conf iguratio n messages by the root switch b y chan ging the hello tim e. Note Exercis e care when using this comm a[...]

  • Seite 256

    10-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Configur ing Span ning-T ree F eature s T o retur n the switc h to its def ault settin g, use the no spanning-tr ee vlan vlan -id for w a r d - t i m e gl obal configurati on comm a nd. Configuring the Maximum- Aging Time for a VLAN Beginning in[...]

  • Seite 257

    10-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Display ing the S panning -Tree St atus Figur e 1 0-4 Gig abi t Ether ne t Stac k Displaying the Sp anning-Tre e Status T o display the span ning-t ree stat us, use on e or more of the pri vile ged EXE C commands in T able 1 0-5 : For informati [...]

  • Seite 258

    10-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 10 Configuring STP Displaying the Spannin g-Tree Stat us[...]

  • Seite 259

    C HAPTER 11-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 11 Configuring RSTP and MST P This ch apter descr ibes how to co nfigure the C isco im plement ation of the IE EE 80 2.1W Ra pid Spa nning T ree Protocol (RSTP) and th e IEEE 802. 1S Multiple STP (MSTP) on your sw itch. T o use the feat ures descri bed i n t his c[...]

  • Seite 260

    11-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Unders tan din g RSTP Understandin g RSTP The RSTP takes ad vantage of point- to-po int wiring and provides rapi d conv ergence of the span ning tree . Reconfigur at ion of th e sp anni ng t ree can oc cur in less t han 1 s econd ([...]

  • Seite 261

    11-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Understa nding RST P T o be consistent with Cisco STP implementation s, this guide documents the por t state as bloc k ing instead of discar ding . Designated ports start i n the listening sta te. Rapid Con vergenc e The RSTP pro vides [...]

  • Seite 262

    11-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Unders tan din g RSTP Figur e 1 1 -1 Pr oposal an d A gr eement Handshaking for R apid Con ver gence Synchronizatio n of Port R oles When th e switc h receives a proposal me ssage on one of its port s and tha t port is selec ted as[...]

  • Seite 263

    11-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Understa nding RST P Figur e 1 1 -2 Sequence of Ev ents Dur ing Rapid Con ver ge nce Bridge Protoco l Data Unit Format an d Process ing The R STP BP DU for mat is th e sam e as t he IEEE 802.1D BPD U fo rmat exce pt tha t th e proto col[...]

  • Seite 264

    11-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Unders tan din g RSTP The RSTP does not have a separate topol ogy chan ge notificati on (TCN) BPDU . It uses the topology change (T C) flag to sho w the to pology cha nges. Ho wev er , f or interoper ability with 802 .1D switches, [...]

  • Seite 265

    11-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Unde rsta ndi n g MS TP • Propagatio n — When an RSTP s witch r ecei ves a TC message from another switch throug h a designat ed or r oot por t, it pro pa gate s the to pology c hange to a ll of it s n onedge , edge , de signa te d [...]

  • Seite 266

    11-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Unders tan din g MSTP IST, CIST, an d CST Unlike PVST+ i n which all the spann ing-tree instances ar e independe nt, the MST P establish es and maintain s two t ypes o f spanni ng-t ree s: • An interna l spanning tree (IST) , whi[...]

  • Seite 267

    11-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Unde rsta ndi n g MS TP Operations Between M ST Regions If there are multip le regio ns or legacy 802.1D switches within the netw ork, MSTP establishe s and maintains the CST , which includes all MST re gions and all le gac y STP switch[...]

  • Seite 268

    11-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Unders tan din g MSTP Hop Count The IST and M ST inst ances do not use the mes sage- age an d maximum -age informa tion in the configurati on BPDU to comp ut e t he sp an ning- tre e t opolo gy . Instead, they use th e path cost t[...]

  • Seite 269

    11-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Interoperability with 802.1D STP Interoperability with 802.1D STP A switch running both M STP a nd RST P supports a built-in p rotoco l migrati on m ec ha nism t ha t ena bl es it to interoperate with leg acy 802.1D switc hes. If this [...]

  • Seite 270

    11-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Configuring RSTP and MSTP Featur es Default RSTP and MS TP Configura tion T able 11-3 sh ows the de fault RST P a nd M STP c onfiguration . RSTP and MSTP C onfiguration Gu idelines These are th e configurat ion g uidelin es for RS[...]

  • Seite 271

    11-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Confi guring RSTP and MSTP Featu res Specifying the MST Region Co nfiguration and En abling MST P For two or more swit ches t o be in the same MST re gion, they must ha v e the same VLAN-to -instance mappin g, the same con figuration r[...]

  • Seite 272

    11-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Configuring RSTP and MSTP Featur es configurati on com mand. T o retur n to the default revision nu mber, use the no revision MST conf igurat ion comman d. T o re -ena ble PV ST , use th e no spanning-tree mode or t he spanning-tr[...]

  • Seite 273

    11-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Confi guring RSTP and MSTP Featu res Note Th e ro ot swi tch fo r eac h s pan ning -t ree inst anc e shoul d b e a ba ckbon e or dist ribution sw itch . D o no t conf igu re an acces s switch as the spanni ng-t ree prim ary roo t. Use [...]

  • Seite 274

    11-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Configuring RSTP and MSTP Featur es Configur ing a Se co ndar y R oot S witch When you con f igure a Catal yst 2950 switch that su pports the extended syste m ID a s the seco ndary ro ot, the spann ing-tre e switch prio rity is mo[...]

  • Seite 275

    11-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Confi guring RSTP and MSTP Featu res Configuring the Port Priority If a l oop occur s, the MST P uses the port priority when selec ting an in terface to put in to the for warding state. Y ou can assign hig her priority v alues (lo wer [...]

  • Seite 276

    11-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Configuring RSTP and MSTP Featur es Configuring the Path Cost The MSTP path cost def ault v alue is deri v ed from the media speed of an interf ace. If a loop oc curs, the MSTP use s cost when se lecting an interfac e to put in th[...]

  • Seite 277

    11-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Confi guring RSTP and MSTP Featu res Configuring the Switch Priority Y ou can config ure the switch prior ity and make it more lik ely that the switc h will be chosen as the root switch. Note Exercis e care when using this comm and. F [...]

  • Seite 278

    11-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Configuring RSTP and MSTP Featur es Beginn ing in pri vileg ed EXEC mode, follo w these st eps to conf igure the hello time for al l MST inst ance s: T o return the switch to its d ef ault setting , use th e no spanning-tree mst h[...]

  • Seite 279

    11-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Confi guring RSTP and MSTP Featu res Configuring the Maxi mum-Aging Time Beginning in privileged EX EC mode, fol low these steps to con figure the maxi mum- aging tim e for all MST inst ance s: T o return the swit ch to its default set[...]

  • Seite 280

    11-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Configuring RSTP and MSTP Featur es Specifying the Link Type to Ensure Rapid Transitions If you con nect a port to anothe r port throug h a point-t o-po int link an d the local port beco mes a designated por t, the RSTP negoti ate[...]

  • Seite 281

    11-23 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Configuring RSTP and MSTP Displaying the MST Configuration and Status Displaying the MST Configuratio n and Status T o display the span ning-t ree stat us, use on e or more of the pri vile ged EXE C commands in T able 1 1-4 : For informati on about oth er keywo[...]

  • Seite 282

    11-24 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 11 Co nfiguring R ST P and M ST P Displaying the MST Configu rat ion and Status[...]

  • Seite 283

    C HAPTER 12-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 12 Configuring Optional Spannin g-Tree Features This cha pter descri b es how to configure opt iona l span ning- t ree fea tu res. Y o u ca n configur e all of the se featu re s whe n you r swi t ch is run ning th e per-VLAN sp anni ng-tre e (PVST ). Y ou ca n onl[...]

  • Seite 284

    12-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures Understand ing Port Fa st Port Fast immedia tely br ings an inte rface configured as an acces s or trunk port to t he forwardin g state from a bloc kin g sta [...]

  • Seite 285

    12-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Unders tanding Opt ional Spanning- Tree Featu res Understanding BPDU Guard The BP DU guard feature can be global ly enab led on th e switch or can b e enab led per in terfa ce, b ut the featu re oper ate s with som[...]

  • Seite 286

    12-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures Understanding UplinkFast Switches i n hie rarchi cal ne tworks can be g rou ped int o b ackb one sw itch es, d istr ibution swi tc hes, an d acces s swit ches[...]

  • Seite 287

    12-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Unders tanding Opt ional Spanning- Tree Featu res Figur e 12-3 Upli nkF ast E xample Bef or e Di r ect Link F ailure If Switch C detects a link failu re on the currentl y acti ve lin k L2 on the root port (a dir ec[...]

  • Seite 288

    12-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures How CSUF Work s CSUF ensures that one link in the stack is elected as the path to the root. As shown in Figure 12-5 , Switch es A, B, and C are ca scaded thr [...]

  • Seite 289

    12-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Unders tanding Opt ional Spanning- Tree Featu res The switch sending the fast-tr ansition requ est needs to do a f ast transitio n to the f orwardi ng state of a port that it ha s chosen as the root po rt, and it m[...]

  • Seite 290

    12-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures Limitations These lim itations ap ply to CSUF: • CSUF uses the GigaStac k GBIC and runs on all Catalyst 3550 switches, all Catalyst 3500 XL switches, Ca tal[...]

  • Seite 291

    12-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Unders tanding Opt ional Spanning- Tree Featu res Figur e 12-6 Gig aStac k GBIC Connec tions an d Spanning-T ree Co nv er g ence Catalyst 2950G-24 S P E E D S Y S T E M R P S S T A T U S M O D E U T I L D U P L X C[...]

  • Seite 292

    12-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures Understand ing Back boneF ast Backbo neFas t detects ind irect failures in the core of th e backbon e. Backbo neFas t is a complem entary technol ogy to the [...]

  • Seite 293

    12-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Unders tanding Opt ional Spanning- Tree Featu res If lin k L 1 fail s as s hown in Figure 12 -8 , Switch C cannot det ect this f ailure bec ause it is not co nnected direct ly to link L1. Ho weve r, becau se Switc[...]

  • Seite 294

    12-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures Unders tanding Root Gu ar d The Laye r 2 network of a service provide r (SP) can incl ude many co nnectio ns to switche s that are no t owned by the SP . In [...]

  • Seite 295

    12-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures Understand ing Loop Guard Y o u can use loo p g ua rd t o p revent al tern ate o r roo t po rts f rom b ecom ing de signat ed po rt s bec ause o f a failur e that lea[...]

  • Seite 296

    12-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Configur ing Optiona l Spanning- Tree Fea tures Default Optional Spanning-Tree Conf iguration T able 12-1 sh ows the default opt iona l spa nn ing- tree co nfigurat ion. Enabling P ort Fast A port with the Po rt[...]

  • Seite 297

    12-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures Note Y ou ca n use the spa nning-tre e portfast default global con figuration co mmand to global ly enab le the Port Fast featur e on all nontrun king por ts. T o dis[...]

  • Seite 298

    12-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Configur ing Optiona l Spanning- Tree Fea tures T o disable BPDU guard, use the no spanning-tree por tfast bpduguard default global configur ation comm an d. Y ou can ov e rr ide the setting of th e no spanning-[...]

  • Seite 299

    12-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures T o disable BPDU filte ring, use t he no spanning-tree portfa st bpdufilt er default global configurat ion comm an d. Y o u c a n override th e s ett ing o f t he no [...]

  • Seite 300

    12-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Configur ing Optiona l Spanning- Tree Fea tures Enabling C ross-S tack Up linkFas t Before ena bling CSU F , make sure your sta ck switch es are proper ly connec ted. For more informat ion, see th e “ Connec t[...]

  • Seite 301

    12-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures Enabling Ba ckbon eFast Y o u can en able Bac kboneFast to detect indi rect li nk failures and to start the sp anning- tree reconfigur atio n soo ne r . Note If yo u [...]

  • Seite 302

    12-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Configur ing Optiona l Spanning- Tree Fea tures T o disa ble ro ot g uard, use the no spanning-tre e guard interf ace conf igurati on command. Enabling L oop Guard Y o u can use loo p g ua rd t o p revent al ter[...]

  • Seite 303

    12-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 12 Configuring Op tiona l Spa nni ng-Tree Features Display ing the S panning -Tree St atus Displaying the Sp anning-Tre e Status T o display the span ning-t ree stat us, use on e or more of the pri vile ged EXE C commands in T able 1 2-2 : For informati on about o[...]

  • Seite 304

    12-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 12 Configurin g Optiona l Spann ing-Tr ee Featu res Displaying the Spannin g-Tree Stat us[...]

  • Seite 305

    C HAPTER 13-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 13 Configuring VLANs This c hapt er d escri b es how to c onfigure norm al -ra nge V LAN s (V L AN IDs 1 to 100 5) and extended-ra nge V LANs (VLAN I Ds 100 6 to 4094 ). It include s inform ation about V LAN modes an d the VLAN Member ship Policy Serv er (VMPS). N[...]

  • Seite 306

    13-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Unders tan ding VLAN s Figure 13-1 shows an exam ple of V L ANs segmented into l ogica lly defined n etwor ks. Figur e 13-1 VLANs as Logically Defined Netw or k s VLANs are of ten assoc iated with IP su bnetw orks. F or ex ample, all the end [...]

  • Seite 307

    13-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Unde rst an din g VLA Ns VLAN Port M embership M odes Y o u configure a port to belong to a VLAN by assigning a me mber ship mode that de termin es the ki nd of traf fic the port c arries and t he number of V LANs to which i t can belon g. T a[...]

  • Seite 308

    13-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configur ing Normal- R ang e VLAN s Configuring Normal -Range VLANs Normal- range VL A Ns are VL ANs with VLA N I Ds 1 to 1005 . If the sw it ch is in VT P server or transpare nt mod e, y ou ca n a dd, modi fy or r e move configurat ions for [...]

  • Seite 309

    13-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Configur ing N orma l -Ran g e VL A N s This sect ion incl udes infor mation ab out these topics about norma l-ran ge VLAN s: • T oken Ring VLA Ns, page 1 3-5 • Normal -R ange VL AN Con figurat ion Guid eli nes , pa ge 13- 5 • VLAN Co nf[...]

  • Seite 310

    13-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configur ing Normal- R ang e VLAN s is to a llow all VLA Ns ), th e new VLAN is ca rrie d o n all t ru nk po rts. Dep end ing o n the topo l ogy of the network, this c ould crea te a loop in the n ew VLAN that would not be broken, pa rticul a[...]

  • Seite 311

    13-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Configur ing N orma l -Ran g e VL A N s Saving VL AN Configur ation The co nfiguration s of VLAN IDs 1 to 10 05 are a lways sa ved in the VLA N database (vlan.d at file). If VTP mode is transpa rent, they a re also saved in the swi tch runn in[...]

  • Seite 312

    13-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configur ing Normal- R ang e VLAN s Default Ethernet VLAN Configuration T able 13-2 shows the default co nfig uration for Ethernet VL ANs. Note The switch suppo rts Ethe rnet interf aces exc lusi v ely . Becaus e FDDI a nd T oken Ri ng VLANs [...]

  • Seite 313

    13-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Configur ing N orma l -Ran g e VL A N s Beginning i n privileged EXEC mode, f ollow these st eps to use config-vl an mode to cre ate or mo dify an Ethern et VLAN: T o return the VLAN name to the defaul t settings, use the no vlan name or no vl[...]

  • Seite 314

    13-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configur ing Normal- R ang e VLAN s T o return th e VLAN name to th e defaul t settings, use th e no vlan vlan-id name or no vl an vlan-i d mtu VLAN conf iguration comm and. This examp le shows how to use VLAN configurati on mode t o create [...]

  • Seite 315

    13-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Configur ing N orma l -Ran g e VL A N s Assigning S tatic-Ac cess Ports to a VLAN Y o u can assi gn a s tati c-ac cess port to a VLAN wi tho ut having VT P gl obal ly p rop agate V LAN configurat ion inf orm at ion ( VTP is di sabl ed). If y [...]

  • Seite 316

    13-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configur ing Extended-R ange VLA Ns Configuring Ex tended-Rang e VLANs When the switch is in VTP transparent mode (VT P disabled) and the EI is installed) , you can create extended -rang e VLA Ns ( in the ra nge 1006 t o 4094). E xte nded- r[...]

  • Seite 317

    13-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Confi guring Exte nded-Ra nge VL ANs • STP is enable d by default on extended -range V LANs, but you can di sable it by using the no spann ing- tre e vlan vlan-id global co nfigur ation c omm an d. Wh en t he m a ximum n umb er o f spann in[...]

  • Seite 318

    13-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Displa ying VL ANs T o delete an extend ed-range VLA N, use the no vlan vlan-i d global configurat ion comm and. The proc edure fo r assign ing stat ic-acc ess port s to an ext ended-r ange VLAN is the s ame as for normal-ra nge VL ANs. See [...]

  • Seite 319

    13-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Config uri n g VL AN Tr unk s Configuring VLAN T runks These sec tions descr ibe how VLAN trunks functio n on the swi tch: • T runking O verview , page 13 -15 • 802.1 Q Configuration Cons ider ation s, page 13-16 • Default La yer 2 Ethe[...]

  • Seite 320

    13-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configur ing VLAN Trunk s T o avoid this, yo u s hould configu re int erfac es conn ect ed t o devices tha t do no t sup port DTP to n ot forward D TP frame s, tha t i s, to t urn off DTP . • If you do not int end to trunk ac ross thos e l[...]

  • Seite 321

    13-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Config uri n g VL AN Tr unk s • Disabling span ning tree on the na ti v e VLAN of an 802.1 Q trunk without d isabling spann ing tree on e very VLAN i n the network can po tentia lly cause spa nning-t ree loops. W e recomm end that you leave[...]

  • Seite 322

    13-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configur ing VLAN Trunk s – STP Port F ast setting – trunk s tat us: i f o ne po rt i n a po rt g rou p ce as es t o b e a t runk, a ll por t s ce ase t o be t runk s. • If you tr y to enab le 802. 1X on a trun k port, a n erro r messa[...]

  • Seite 323

    13-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Config uri n g VL AN Tr unk s Switch(config-if)# switchport mode dynamic desirable Switch(config-if)# end Defining the Allowed VLANs on a Trunk By default, a trunk port sends traf f ic to and re cei ves tra ff ic from al l VLANs. All VLAN IDs[...]

  • Seite 324

    13-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configur ing VLAN Trunk s Changing the Pruning-Elig ible List The prunin g-eligible l ist applies o nly to t runk ports. Each tru nk port has its o wn eligibilit y list. V TP pruning m ust b e en ab led for t h is pr oc ed ure t o ta ke effe[...]

  • Seite 325

    13-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Config uri n g VL AN Tr unk s Beginning i n privileged EX EC mo de, foll ow these s teps to c onfigure th e nat iv e VL AN on an 8 02. 1Q trunk: T o return to the default nati v e VLAN, VLAN 1, use th e no switchport trunk native vlan inte r [...]

  • Seite 326

    13-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configur ing VLAN Trunk s In thi s way , Trunk 1 c arri es t r affic for VLA Ns 8 t hr oug h 10, a nd Trunk 2 c ar rie s tra ff ic fo r VLA Ns 3 through 6. If the a cti ve tru nk fails, th e trunk wit h the lo wer priority tak es ov er and c[...]

  • Seite 327

    13-23 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Config uri n g VL AN Tr unk s Load Sharing Using STP Path C ost Y o u can co nfigure paralle l trunks to share VLAN traffic by setting di fferent path costs on a trunk and associ ating the path costs with dif feren t sets of VLA Ns. The VLANs[...]

  • Seite 328

    13-24 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configuring VMPS Beginn ing in pri vile ged EXE C mode, follo w these steps to conf ig ure th e netw o rk sho wn in Figure 13-4 : Configuring VMPS The swi tch can not be a VMPS ser ver b ut can ac t as a client to the VMPS and communi cate w[...]

  • Seite 329

    13-25 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Configuring VMPS • “ Monitori ng the VMPS ” sectio n on pa ge 13-31 • “ T rouble sho oti ng Dy na mic Por t VLAN Memb er ship ” sectio n on page 13 -31 • “ VMPS C onfiguration Exa mple ” sectio n on pa ge 13-32 Understand in[...]

  • Seite 330

    13-26 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configuring VMPS If the link goes do wn on a dynamic por t, the port retur ns to an isolated state and does not belong to a VLAN. An y h osts that com e online through the port are chec ked again through t he VQP with the VMPS before the p o[...]

  • Seite 331

    13-27 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Configuring VMPS ! address <addr> vlan-name <vlan_name> ! address 0012.2233.4455 vlan-name hardware address 0000.6509.a080 vlan-name hardware address aabb.ccdd.eeff vlan-name Green address 1223.5678.9abc vlan-name ExecStaff addres[...]

  • Seite 332

    13-28 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configuring VMPS VMPS Configuration Guidelines These gui deline s and restric tions app ly to dynami c port VL AN memb ership: • Y o u must co nfigure the VMPS befo re you con figure ports as dyna mic. • The co mm unic ation be tw een a [...]

  • Seite 333

    13-29 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Configuring VMPS Beginn ing in pri vilege d EXEC mode, follo w these step s to enter the IP address of the VMPS: Note The switch port that is co nnected to the V MPS serv er cannot be a dynamic acc ess port. It can be either a stat ic ac cess[...]

  • Seite 334

    13-30 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configuring VMPS Reconfirming VLAN Memberships Beginning in privileged EXEC mo de, foll ow these steps to co nfirm the dynamic port VLAN me mbershi p assignments that the switc h has receiv ed from the VMPS: Changing the Reconfirmation In te[...]

  • Seite 335

    13-31 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Configuring VLA Ns Configuring VMPS T o retur n the switc h to its def ault settin g, use the no vmps r etry global configura tion c om mand . Monitoring the VMPS Y ou can display inform ation about th e VMPS b y usin g the sho w vmps pri vi le ged EXEC comman [...]

  • Seite 336

    13-32 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 13 Co n figuring VLANs Configuring VMPS VMPS Co nfig ur at ion Ex am ple Figure 13-5 shows a ne twork with a VMPS serve r switch and V MPS client switches with dynamic p orts. In this e xampl e, these assu mptions apply: • The VMPS serv er and th e VMPS client a[...]

  • Seite 337

    C HAPTER 14-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 14 Configuring VTP This c hapt er d escri b es how to us e t he V LAN Trunking Pr otoc ol ( VTP) a nd t he V LAN dat aba se for managing V LANs . Note For comple te syntax and us age inform ation for the co mmands used in this chapter , refer to the c ommand refer[...]

  • Seite 338

    14-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Unders tan din g VTP The VTP Do main A VTP do ma in ( also c alle d a VLA N ma nage ment domai n ) con sis ts of o ne sw itch or several interconn ected swit ches under th e same a dministrati ve responsibili ty sharing the same VTP d omain name.[...]

  • Seite 339

    14-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Understanding VTP VTP Mode s Y o u can co nfigure a supporte d switch to be in one of the VTP modes liste d in Ta b l e 1 4 - 1 . When the netwo rk is configu red with more than the maximu m 250 VLANs, the switch automatica lly changes from VTP s[...]

  • Seite 340

    14-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Unders tan din g VTP • MD5 diges t VLAN co nf igurat ion, in clud ing max imum tr ansmi ssion unit (M TU) si ze fo r each VLAN. • Frame fo rmat VTP adv ertis ements distrib ute this VLAN information for each conf igured VLAN: • VLAN IDs •[...]

  • Seite 341

    14-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Understanding VTP Figur e 14-1 Floodi ng T raffi c without VTP Pr uning Figure 14-2 shows a swi tched network w ith V T P pruni ng ena ble d. The broa dcast tra ff ic fro m Swit ch 1 is not for war ded to Switch es 3, 5, and 6 be cause tr aff ic [...]

  • Seite 342

    14-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Conf igu rin g VTP VTP pruning is not designed to func tion in VTP transparent mode . If one or more switches in the netwo rk are in VTP transparen t mode, yo u should do on e of thes e: • T urn off VTP prun ing in the en tire network . • T u[...]

  • Seite 343

    14-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Configuring VTP VTP Configuration Options Y o u can co nfigure VTP by using these co nfiguration mo des. • VTP Configurat ion in G lobal Co nfiguration M odes, page 14- 7 • VTP Configurat ion in VLA N Configuratio n Mod e, p ag e 14- 7 Y o u [...]

  • Seite 344

    14-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Conf igu rin g VTP VTP Configuration Guidelines These sec tions descr ibe guid elines you should fol low when implem entin g VTP in your ne twork. Domain Names When co nfiguring VTP f or the first tim e, y ou mu st always a ssign a do main n am e[...]

  • Seite 345

    14-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Configuring VTP VTP Ve rs ion Foll ow these gui delines whe n deciding which VTP ver sion to im plement: • All switches in a VTP domain must run the same VTP versi on. • A VTP ver sion 2-cap able switch can operat e in the same VTP doma in as[...]

  • Seite 346

    14-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Conf igu rin g VTP When you con figure a domain na me, it cannot be rem oved; you can only rea ssign a switc h to a different domain. T o retu rn the swi tch to a no-pa sswor d s tate, u se the no vtp password global co nfiguration c omman d. Th[...]

  • Seite 347

    14-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Configuring VTP This exam ple sh ows ho w to use VLA N configurat ion m ode to configure the switc h as a VTP server with the domain name eng_ gr oup an d t he pa ssword mypassw ord : Switch# vlan database Switch(vlan)# vtp server Switch(vlan)# [...]

  • Seite 348

    14-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Conf igu rin g VTP Note Y ou ca n also configur e a VTP client by using th e vlan database p rivile ged EXEC command to enter VLAN c onfiguratio n mode a nd e ntering the vtp client command, simi lar t o the secon d p rocedur e und er “ Config[...]

  • Seite 349

    14-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Configuring VTP Note Y ou ca n also configure V TP transpare nt mode by using the vlan dat abas e pri vileged EX EC comm and to ente r VLAN c onfiguratio n mode a nd by enter ing th e vtp tran spar ent command, si milar t o the s econd procedu r[...]

  • Seite 350

    14-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Conf igu rin g VTP Enabling V TP Prunin g Pruning inc reases available bandwi dth by restric ting flood ed traffic to those trunk links th at the traffic must use to acces s the destinat ion devices. Y ou can o nly ena ble V TP prunin g on a s w[...]

  • Seite 351

    14-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Configuring VTP Adding a VT P Client S witch to a VT P Domain Before adding a V TP clien t to a VT P domai n, always verify tha t its VTP co nfiguration revision number is lower than the co nfiguration r evision number of the other swi tches in [...]

  • Seite 352

    14-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 14 Configuring VTP Monito rin g VTP Monitoring VTP Y o u mon itor V TP by di sp layin g VT P configu ratio n in for matio n: th e dom ain name , the c ur rent V T P revision, and the n umb er of VL AN s. Y ou c a n al so di spla y stati stic s ab out th e ad verti[...]

  • Seite 353

    C HAPTER 15-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 15 Configuring Voic e VLAN This ch apt er descr ibes how to configure the voice VLAN f eature on yo ur sw itch. V oice VLA N is re ferred to as an auxiliary VLAN in the Cata lyst 6000 f amily swi tch do cumentation. Note For comple te syntax and us age inform atio[...]

  • Seite 354

    15-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 15 C onfiguring Voice VLAN Configuring Voic e VL AN Figure 15-1 shows one way to conne ct a Cisco 7 960 IP Phone. Figur e 15-1 Cisc o 7960 IP Phone Connect ed t o a S witc h When t he I P ph one con ne cts to t he s wit ch, the a ccess p ort (PC- t o-te lep hone ja[...]

  • Seite 355

    15-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 15 Configuring Voice VLA N Configuring Voice VLAN Voice V LAN Con figuration Guide lines These a re the v oic e VLAN con figu ration guid elines: • Y o u shou ld configu re voice VLA N on swi tch a cce ss port s. • The Port Fas t featu re is au tomatical ly en [...]

  • Seite 356

    15-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 15 C onfiguring Voice VLAN Configuring Voic e VL AN Configuring Ports to Carr y Voice Traffic in 802.1Q Frames Beginn ing in pri vileg ed EXEC mode, follo w thes e steps to conf igure a port to carry v oice traf fic in 802.1 Q fram es for a speci fic VLAN: T o r e [...]

  • Seite 357

    15-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 15 Configuring Voice VLA N Configuring Voice VLAN Overriding the CoS Pr iority of Incoming Data Frame s Y o u can conne ct a PC or o t her dat a device to a Cisco 7960 IP Phon e por t . T he PC can ge nerat e packets with an assigned CoS valu e. Y ou can configur e[...]

  • Seite 358

    15-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 15 C onfiguring Voice VLAN Displa ying Vo ice VLA N Configuring the IP Phone to Tr ust the CoS Priority of Inc oming Data Frames Y o u can conne ct a PC or o t her dat a device to a Cisco 7960 IP Phon e por t . T he PC can ge nerat e packets with an assigned CoS v [...]

  • Seite 359

    C HAPTER 16-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 16 Configuring IGMP Sno oping an d MVR This cha pter d escribes h ow to configure In ternet Gr oup Ma nageme nt Prot ocol (IGM P) snoop ing on your switch, including an applicatio n of loca l IGMP snoopi ng, Multica st VLAN Re gistration (MVR). It a lso include s [...]

  • Seite 360

    16-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Unders tan ding IGM P Snoo ping the switc h adds the host p ort numb er to the for wardin g table en try; when it recei ves an IGMP Lea v e Group message from a host, it remo ves the host port from the table entry . I t also[...]

  • Seite 361

    16-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping Figur e 16-1 Initial IGMP Join M essag e Router A se nds a genera l query to t he switc h, which f orwards the qu ery t o ports 2 thro ugh 5, a ll members of the same VLAN. Ho st 1 wants to join mul[...]

  • Seite 362

    16-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Unders tan ding IGM P Snoo ping Figur e 16-2 Second Hos t Joi ning a Multicast Gr oup Leaving a Multicast Group The ro uter send s periodic mu lticast genera l queri es and the sw itch forwar ds these que ries through al l p[...]

  • Seite 363

    16-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Note Y o u shou ld on ly u se the I mm ediat e- Leave proc essin g feat ure on V LANs wher e a si ng le h ost i s connect ed to each port. If Im mediate L eav e is enab led in VLANs where more th an o[...]

  • Seite 364

    16-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Configuring IG MP Sn ooping Beginning i n privileged E X EC mo de , follow these s teps to g loba ll y ena ble IGM P snoo ping on the switch: T o globa ll y d isabl e I GMP sno oping on a ll V LAN in terfa ces, use th e no i[...]

  • Seite 365

    16-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Beginn ing in pr i vileged EXEC m ode, follo w t hese step s to alter t he metho d in whic h a VLAN in terf ace dynamically accesses a multicast router : This example shows ho w to configure IGMP sno [...]

  • Seite 366

    16-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Configuring IG MP Sn ooping T o rem ov e a mul ticast route r port f rom the VLAN, use the no ip igmp snooping vlan vlan- id mr outer interface inte rface-id global configurat ion comm and. This e x am pl e sho ws ho w t o e[...]

  • Seite 367

    16-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Displaying IGMP Snooping Information Switch# show mac address-table multicast vlan 1 Vlan Mac Address Type Ports ---- ----------- ---- ----- 1 0100.5e00.0203 USER Gi0/1 Enabling IGM P Immediate -Leave Process ing When you ena [...]

  • Seite 368

    16-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Displaying IG MP Sn ooping Informa tion This is an example of output from the show ip igmp snooping privileged EXE C comm and for all VLAN interf aces on th e switch: Switch# show ip igmp snooping vlan 1 ---------- IGMP sno[...]

  • Seite 369

    16-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Displaying IGMP Snooping Information This i s an exampl e of outp ut f rom th e show ip igmp snooping pr i vile ged EXEC c ommand for a spec if ic VLAN interf ace: Switch# show ip igmp snooping vlan 1 vlan 1 ---------- IGMP s[...]

  • Seite 370

    16-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Unde rs ta n din g Mu ltic as t V LAN Reg i stra t io n Understandin g Multicast VL AN Registrati on Multica st VLA N R egistrat ion (M VR) is desi gned f or ap pli cati ons usi ng wi de-sc ale d ep loymen t of multica st t[...]

  • Seite 371

    16-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Underst anding Multicast VLAN Registration When a subscriber chan ges channels or turns of f the tele vision, the set-to p box sends an IGMP leav e messag e for th e mult icast st ream. T he swit ch CPU sends an IGMP g roup-s[...]

  • Seite 372

    16-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Conf igu rin g MVR MVR elimin ates the need to duplicate tele vision-c h annel multi cast traf fic for subscribers in e ach VLAN. Multica st traffic for a ll c hanne ls is only se nt a ro und t he V L AN trun k onc e — o [...]

  • Seite 373

    16-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Configuring MVR MVR Configuration Guidelines and Limitations Foll ow these gui delines when conf iguring MV R: • Receiver ports cann ot b e t runk p ort s. Re ceiver port s on a sw it ch c an be in d i fferent VL AN s, but [...]

  • Seite 374

    16-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Conf igu rin g MVR T o return t he switch to its defa ult settin gs, use the no mvr [ mode | group ip-a dd ress | querytime | vlan ] global configurati on comm ands. This e xample sho ws how to enable MVR, conf igure the MV[...]

  • Seite 375

    16-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Configuring MVR T o return the inter face to its default settings, u se the no mvr [ type | immediate | vl an vlan -id | gro up ] interf ace conf igu ration com mands. This exam ple sh ows how to co nfigure Giga bit Et hern e[...]

  • Seite 376

    16-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Disp l ay in g MV R Info rma t ion This is an example of output fro m the show mvr interface privileged EXEC com mand whe n the member keyword is inc lud ed : Switch# show mvr interface fastethernet0/2 members 224.0.1.1 DYN[...]

  • Seite 377

    16-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Con f ig u ri n g IG M P Fi lt e ri n g This is an example of output fro m the show mvr interface pri vile ged EXEC command for a specif ied interf ace: Switch# show mvr interface fastethernet0/2 224.0.1.1 DYNAMIC ACTIVE This[...]

  • Seite 378

    16-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Conf igu ring I GMP Filt eri ng Configuring IGMP Profiles T o conf igure an IGMP pr of ile, use the ip igmp prof ile glob al conf iguration co mmand with a prof ile number t o cre ate an IG MP profile a nd to e nte r IGM P [...]

  • Seite 379

    16-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Con f ig u ri n g IG M P Fi lt e ri n g This e xample show s how to crea te IGMP prof ile 4 allo wing access to the single IP multica st address and ho w to v erify t he conf iguration. If the acti on was to deny (the def aul[...]

  • Seite 380

    16-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Conf igu ring I GMP Filt eri ng Setting th e Maximum Numbe r of IGMP Groups Y o u can set the ma ximum number of IGM P groups tha t a La yer 2 in terface can join by usi ng the ip igmp mac-groups interfa ce con figuration c[...]

  • Seite 381

    16-23 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Configuring IGMP Sno oping and M VR Displaying IGMP Filtering Configuration Displaying IGMP Filtering Configuration Y o u can di splay I GMP profile cha ract eristics, and yo u can di splay the IGMP pr ofile and ma ximum gr oup conf iguration for all int erface[...]

  • Seite 382

    16-24 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 16 Co nfiguring IGMP S noo ping and M VR Displaying IGMP Filterin g Configura ti on[...]

  • Seite 383

    C HAPTER 17-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 17 Configuring Port-Base d Traffic Control This chapte r des cribes how t o conf igure th e port-b ased traf fic contro l featur es on your switch . Note For comple te syntax and us age inform ation for the co mmands used in this chapter , refer to the c ommand re[...]

  • Seite 384

    17-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port-Based Traffic Co ntro l Configuring Stor m Control The rising t hresho ld is the p erce nt age of to tal a v a ilab le b andwi dth assoc iate d with m ultica st, broad cast, or unicast t raf fi c before forwarding is block ed. The f alling t hre[...]

  • Seite 385

    17-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port -B ased Tra ffic Control Configuring Protected Ports Disabling Stor m Co nt rol Beginning i n privileged E X EC mo de , follow these s teps to d isab le sto rm c ontr ol: Configuring Prote cted Ports Some appl ications re quire tha t no traff ic[...]

  • Seite 386

    17-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port-Based Traffic Co ntro l Configuring Port Security T o disable prot ected p ort, use th e no switchport protected interface configurat ion comm and. This exam ple sh ows how to con figure Gigabi t E ther ne t i nte rface 0/1 a s a p rot ec ted po[...]

  • Seite 387

    17-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty Secure MAC Addresses A secure port can have from 1 to 132 associ ated sec ure addre sses. Afte r you have set th e maximu m number o f se cure MA C addres ses o n a por t, the secur e add ress[...]

  • Seite 388

    17-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port-Based Traffic Co ntro l Configuring Port Security If port sec urit y i s d isabl ed, the s ticky secur e M A C ad dresse s re ma in in t he r unnin g c onfigura tion. T o disabl e stick y le arni ng, ente r the no switchport port-security mac-ad[...]

  • Seite 389

    17-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty Port Security Configuration Guidelines Foll ow these gui delines when co nfig uring port security: • Port security can only be config ured on static access ports. • A secure port cann ot b[...]

  • Seite 390

    17-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port-Based Traffic Co ntro l Configuring Port Security Step 6 switchport port-security violation { protec t | r estrict | shutdown } (Optional) Se t the vi olatio n mode, the ac tion to be t aken when a secu rity violation i s detec ted, as one o f t[...]

  • Seite 391

    17-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty T o retur n the inter fac e to the de fault conditi on as not a secure p ort, use the no switchport port -security interf ace co nf igurati on com mand. If you enter this comman d when sticky [...]

  • Seite 392

    17-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port-Based Traffic Co ntro l Configuring Port Security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 Switch(config-if)# switchport port-security mac-address sticky Switch(config-if)# switchport port-security mac-address sti[...]

  • Seite 393

    17-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty Beginn ing in pri vilege d EXEC mode, follo w these st eps to confi gure port security ag ing: T o disable por t securi ty aging for a ll secure addr esses on a por t, use the no switchport p[...]

  • Seite 394

    17-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 17 Configuring Port-Based Traffic Co ntro l Displaying Port-Base d Traffic Cont rol Settings Displaying Port-Based Traffic Control Settings The show i nterfa ces i nterface-id switchport privileged EXEC c om mand disp lays (a mong ot her characteri stics) the inte[...]

  • Seite 395

    C HAPTER 18-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 18 Configuring UDLD This c hapt er d escri b es how to c onfigure the Un iDi rec tiona l Li n k De tect ion (UD LD) pr otoc ol o n y our switch. Note For comple te syntax and us age inform ation for the co mmands used in this chapter , refer to the c ommand refere[...]

  • Seite 396

    18-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 18 Co nfiguring UDLD Unders tan ding UDL D UDLD oper ates b y using two mech anisms: • Neighbor datab ase maintenance UDLD l ear ns ab out othe r UDL D-c apabl e n ei ghbor s by p er iodi cal ly sen ding a hel lo p acket (al so called an adve rtiseme nt or prob e[...]

  • Seite 397

    18-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 18 Configuring UD LD Configuring UDLD Configuring UDLD This se cti on de scri bes how to c onfigure UD LD o n your sw it ch. It con tai ns t his c on figurati on inform ation: • Default UD LD Configurati on, page 18-3 • Ena bling UDLD Gl oball y , page 18-4 •[...]

  • Seite 398

    18-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 18 Co nfiguring UDLD Conf igu ring U DLD Enabling UDL D Globally Beginn ing in pri vilege d EXEC mode, follo w these step s to enable UDLD in the aggressi v e or normal mode and to set the conf igurable message timer on all f iber -optic int erfaces on the switch: [...]

  • Seite 399

    18-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 18 Configuring UD LD Configuring UDLD T o disabl e UDLD on a no n-f ibe r- opti c inte rface , use the no udld enable interf ace conf igura tion comm an d. Note O n fiber-optic i n terface s, the no udld enable command r ev erts the i nterf ace c onf igur ation to [...]

  • Seite 400

    18-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 18 Co nfiguring UDLD Displa ying U DLD Statu s Displaying UDLD Status T o display the UDLD stat us for the s pecif ied i nterf ace or for all interf aces, use the show udld [ interface-id ] pri vileged EX EC comm and. For detailed in formation about the fie lds in [...]

  • Seite 401

    C HAPTER 19-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 19 Configuring CDP This c hapt er d escrib es how to configure Cisc o Discovery Pro toco l ( CDP ) on your swi tch . Note For comple te syntax and us age inform ation for the co mmands used in this chapter , refer to the c ommand refere nce fo r thi s r ele ase an[...]

  • Seite 402

    19-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 19 Co nfigu ri n g CDP Conf igu rin g CD P Configuring CDP These sec tions inclu de CDP con figuration info rmation a nd procedu res: • Default CDP Configurat ion, pa ge 19-2 • Conf igu ring the CD P Characteri stics, page 19- 2 • Dis ablin g an d Ena bli ng[...]

  • Seite 403

    19-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 19 Configuring CDP C onfiguring CDP Use the no form of the CDP commands to return to the def ault settings. This e xample sho ws how to confi gure an d veri fy CDP character istics . Switch# configure terminal Switch(config)# cdp timer 50 Switch(config)# cdp holdti[...]

  • Seite 404

    19-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 19 Co nfigu ri n g CDP Conf igu rin g CD P This example shows how to enable CDP if it has been di sabled . Switch# configure terminal Switch(config)# cdp run Switch(config)# end Disabling an d Enab ling CDP on a n Interfac e CDP is enabled by def ault on all suppo[...]

  • Seite 405

    19-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 19 Configuring CDP Monitoring and Maintaining CDP Monitoring and Maintaining CDP T o mon itor a nd mai ntai n CDP on yo ur device, per form one o r mor e of t hese ta sks, begi nnin g in privileged EXEC mo de . This i s a n exam ple of the o utput from t he show cd[...]

  • Seite 406

    19-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapte r 19 Co nfigu ri n g CDP Monito rin g and Mai nt aining CDP[...]

  • Seite 407

    C HAPTER 20-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 20 Configuring SPAN and RSPAN This chapte r descr ibes ho w to co nf igure Switc hed Port Analyzer (SP AN) and Remote SP AN (RSP AN) on your switc h. T o use the RSP AN feature descri bed in this cha pter , you must have the enhanced software imag e (EI) installed[...]

  • Seite 408

    20-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 C onfiguring SPAN and RSPAN Understan din g SPA N and RSPAN Figur e 20-1 Example SP AN Configur ation Only traffic that ent ers or le aves source port s c an be mon i tore d by us ing SP AN. RSP AN extends SP AN by enabling remote monitori ng of multiple switche[...]

  • Seite 409

    20-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts and te rminology associate d with SP AN and RSP AN co nfiguration. SPAN Session A local SP A N session is an a ssocia tion o f[...]

  • Seite 410

    20-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 C onfiguring SPAN and RSPAN Understan din g SPA N and RSPAN Source Port A source port (als o called a monitor ed p ort ) is a switch ed port th at you mo nitor fo r network tra f fic analy sis. I n a single loc al SP AN sessi on or R S P AN sourc e se ssion, yo [...]

  • Seite 411

    20-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN • It can be a physical port that is ass ig ned to a n Ether Channel gr oup, even if the Et herChan nel grou p is specif ied a s a SP AN source. The p ort is remo v ed from t he group while it is conf ig[...]

  • Seite 412

    20-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 C onfiguring SPAN and RSPAN Understan din g SPA N and RSPAN If a po rt is added to a mo nitored Ethe rChan nel gr oup, the new por t is a dded t o the SP AN sou rce por t list. If a por t is removed from a mo nitore d EtherC hannel group, it is aut omatic ally r[...]

  • Seite 413

    20-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 Configuring SPAN and RSPAN Configuring SPAN Configuring SPAN This sec tion d escribes h ow to configure SP AN on your switc h. It c ontains this configur ation i nform ation : • SP AN Co nfigurati on G uide line s, pa ge 20 -7 • Creating a SP AN Session an d[...]

  • Seite 414

    20-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 C onfiguring SPAN and RSPAN Configuring SPAN This exam ple shows how to set up a SP AN sessi on, s essi on 1 , for m oni tor ing s our ce p ort t raffi c to a destinati on port . Fi rst, any existing SP AN c onfigurat ion for se ssion 1 is c lea red, and t hen b[...]

  • Seite 415

    20-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 Configuring SPAN and RSPAN Configuring SPAN Removin g Ports from a SPAN Session Beginning in pr ivileged EXEC mode, fo llow these steps t o remove a por t as a SP AN source fo r a se ssion: T o remove a so urce o r des tina tion por t f rom the SP AN sessi on, u[...]

  • Seite 416

    20-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 C onfiguring SPAN and RSPAN Configuring RSPAN Configuring RSPAN This secti on descri bes how to configure RSP AN on you r switc h. It contai ns this co nfiguration inform ation: • RSP AN C onfigurati on Guid eli nes , pa ge 20 -1 0 • Creatin g an RSP AN Ses[...]

  • Seite 417

    20-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 Configuring SPAN and RSPAN Configuring RSPAN • Y o u shou ld cre ate a n RSP AN VL AN befo re c onfiguring a n RS P AN sou rce or de stina tion s ession . • If you enable VT P and VTP pruning, RSP AN traf f ic is pruned in the trunks to pre v ent the unw an[...]

  • Seite 418

    20-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 C onfiguring SPAN and RSPAN Configuring RSPAN This example shows ho w to clear any existing RSP AN configur ation fo r session 1, co nfigure RSP A N session 1 to monitor m ultiple sourc e interf aces, and c onfi gure the destination RSP AN VLAN and the reflect [...]

  • Seite 419

    20-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 Configuring SPAN and RSPAN Configuring RSPAN This exampl e shows ho w to configure VLA N 901 as the sou rce remo te VLAN and por t 5 as the destinatio n interface: Switch(config)# monitor session 1 source remote vlan 901 Switch(config)# monitor session 1 destin[...]

  • Seite 420

    20-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 20 C onfiguring SPAN and RSPAN Displaying SPAN and RS PAN Status Displaying SPAN and RSPAN Status T o display the statu s of the current SP AN or RSP AN configuratio n, use the show monitor pri vilege d EXEC co mmand. This i s a n exam ple of out put for th e show[...]

  • Seite 421

    C HAPTER 21-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 21 Configuring RMON This ch apter descr ibes how to con figure Remote Network Mo nitori ng (RMO N) on your swit ch. R MON is a standard monitoring specifi cation th at def ines a set of sta tistics and functions th at can be e xchanged betwee n RMON-com plian t co[...]

  • Seite 422

    21-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 21 Co n figuring RM ON Conf igu ring R MON Figur e 21 -1 Remot e Monit or i ng Example The switc h supports t hese RM ON groups (defined in RFC 1757) : • Statistics (RMON grou p 1) — Collec ts Ether net, F a st Ethernet, an d Gig abit Eth er net statisti cs on [...]

  • Seite 423

    21-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 21 Configuring RMON Confi guring RMON Default RMON Configuration RMON is disa bled by default ; no alarms or events are configured . Only RMON 1 is supp orted on the switch. Configuring R MON Alarms a nd Events Y o u ca n co nfigure you r s wit ch f or RM ON by usi[...]

  • Seite 424

    21-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 21 Co n figuring RM ON Conf igu ring R MON T o disable an al arm, use th e no rmo n alar m num ber global configura t ion com mand on e ach al arm you configured . Y ou c anno t disa ble at on ce a ll t he ala rms tha t yo u c on figured. T o disable a n event, use[...]

  • Seite 425

    21-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 21 Configuring RMON Confi guring RMON Configuring RMON Collection on an Interface Y o u must first c onfigure RM ON al ar ms an d events to displa y co llec tion i nf orma tio n. Beginning i n privileged EX EC mode , follow th ese s teps t o col le ct gro up hi sto[...]

  • Seite 426

    21-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 21 Co n figuring RM ON Displa ying RM ON Sta tus T o disabl e the co llecti on of g roup E thern et sta tistics , use th e no rmon collec tion stats index interf ace configurati on comm a nd. Displaying RMON Status T o display the RMON stat us, use one or more of t[...]

  • Seite 427

    C HAPTER 22-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 22 Configuring System Message Logg ing This c hapter d escrib es how to c onfigure system me ssage log ging on your sw itch. Note For comp lete syntax a nd usage i nformation f or the commands u sed in th is chapter , refer to the Ci sco IOS Configuration Fund am [...]

  • Seite 428

    22-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuri ng System Me ssage Logging Configur ing System Mes sage Logg ing Configuring Sy stem Me ssage Logging These sec ti ons de scr ibe how to c on figure s ystem m es sag e loggi n g: • System Log Me ssage Format, page 22-2 • Default Syste m Message Log[...]

  • Seite 429

    22-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuring Sys te m Message L ogging Config uring Syst em Message Logging This example shows a partial switch system message : 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed[...]

  • Seite 430

    22-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuri ng System Me ssage Logging Configur ing System Mes sage Logg ing Disabling an d Enab ling Me ssage Lo gging Message logging is enab led by de fault. It must be enabled to send messages to any destination othe r than the conso le. Wh en ena ble d, l og [...]

  • Seite 431

    22-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuring Sys te m Message L ogging Config uring Syst em Message Logging The logging buffered globa l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer . The buf fer is c irc ula r, so newer message s overwrite o lder m ess ages af ter[...]

  • Seite 432

    22-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuri ng System Me ssage Logging Configur ing System Mes sage Logg ing Synchronizing Log M essages Y o u can co nfigure the system t o synchroni ze unsolic ited message s and debug pri vileged EXEC comman d outpu t with solic ited device outpu t and promp ts[...]

  • Seite 433

    22-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuring Sys te m Message L ogging Config uring Syst em Message Logging T o disable syn chroni za t ion of unsoli c ited messa ge s and debug outpu t, use the no logging synchronous [ lev el sever ity-le vel | all ] [ limit number-of-buffers ] line conf igura[...]

  • Seite 434

    22-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuri ng System Me ssage Logging Configur ing System Mes sage Logg ing Enabling a nd Disab ling Seq uence Numb ers in Lo g Messa ges Becaus e th ere is a chan ce th at mo re than on e log me ssage can have the sam e time stam p, you ca n disp lay messages w [...]

  • Seite 435

    22-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuring Sys te m Message L ogging Config uring Syst em Message Logging Note Spe cifying a level c auses messages at that le v el an d numerical ly lo wer le v els to be displayed a t the destination. T o disable logging t o the console , use the no logging c[...]

  • Seite 436

    22-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuri ng System Me ssage Logging Configur ing System Mes sage Logg ing Limiting Syslog Messages Sent to the History Table and to SNMP If you enable d syslog message traps to be sent to an SNMP network manage ment station by using the snmp-ser ver enab le tr[...]

  • Seite 437

    22-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuring Sys te m Message L ogging Config uring Syst em Message Logging Logging Messages to a UNIX Syslog Daemo n Before yo u ca n send system log m essages to a UNIX syslog server , you m ust con figure the syslog daemon on a U N IX ser ver . Log in a s roo[...]

  • Seite 438

    22-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 22 Configuri ng System Me ssage Logging Display ing the Log gi ng Configur ation T o remov e a syslog s erv er , use the no logging host globa l configurati on co mman d, and spe cify the syslog server IP address. T o disable logging to syslog servers, enter the n[...]

  • Seite 439

    C HAPTER 23-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 23 Configuring SNMP This chapt er describ es ho w to configure the Sim ple Network Mana gement Prot ocol (SNM P) on your switch. Note For comp lete syntax and usag e informa tion for th e comman ds used i n this c hapter , refer to the switc h command re ference f[...]

  • Seite 440

    23-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNMP Unders tan ding SNMP • Using SNMP to Access MIB V ariables, page 23-4 • SNMP Notif ica tions, page 23-5 SNMP Versio ns This sof tware rel ease su ppor ts t hese SNM P version s: • SNMPv1 — The Simpl e N et work M anag eme nt Pr otoc ol, [...]

  • Seite 441

    23-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNM P Under standin g SNMP Y ou must co nfigure the SN MP agent to use the SNMP version support ed by the manage ment stat ion. Because an ag ent can commu nicate with multip le managers, y ou can conf igure the software to supp ort com munica tio ns[...]

  • Seite 442

    23-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNMP Unders tan ding SNMP SNMP Community String s SNMP comm unity stri ngs authent icate acc ess to MIB object s and functio n as embedde d passwords. In order for the NMS to access th e switch, the community string def initions on the NMS must match[...]

  • Seite 443

    23-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNM P Configuring SNMP SNMP Notifications SNMP allo ws t he switch to send n otif ications to SNMP manager s when p articular ev ents occur . SNMP notifications ca n be sent as tr aps or inform request s. In com mand synt ax, un less ther e is an opt[...]

  • Seite 444

    23-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNMP Conf igu rin g SNMP Default SNMP Configuration T able 23-3 sh ows the de fault SNM P c onfigurat ion. SNMP Configuration Guidelines An SNMP gr oup is a table th at ma ps SNM P use rs to SN MP views. A n SNM P use r is a member of an SNMP group. [...]

  • Seite 445

    23-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNM P Configuring SNMP Disabling the SNMP Agent Beginn ing in pr iv ileged EXEC mode, f ollo w these steps to disable the SNMP agent: The no snmp-server global con figuration com mand disabl es all ru nning version s (version 1, version 2C, and v ers[...]

  • Seite 446

    23-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNMP Conf igu rin g SNMP Note T o disabl e acce ss for an SNM P commun ity , set th e comm unity string for that co mmunity to the null string (do not enter a value for th e communi ty string ). T o remo ve a specif ic community string, use the no sn[...]

  • Seite 447

    23-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNM P Configuring SNMP Beginn ing in pri vileg ed EXEC mode, follo w these st eps to confi gure SNMP on the switch: Command Purpo se Step 1 c onfigure te rmina l Enter global configurat ion mode . Step 2 s nmp- server eng ineID { lo ca l eng ineid -s[...]

  • Seite 448

    23-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNMP Conf igu rin g SNMP Configuring SNMP Notifications A trap manag er is a mana geme nt statio n that recei ves and pro cesses tr aps. T rap s are sys tem alerts that the switc h gener ates whe n cert ain events occu r . By default , no trap mana [...]

  • Seite 449

    23-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNM P Configuring SNMP Some noti fication type s can not be c ontr olled wi th the sn mp-se rver ena ble globa l configurati on comm an d, for exampl e, tty a nd udp-port . Thes e no ti f ica tio n ty p es ar e a lw ay s en ab led. Y o u can u s e t[...]

  • Seite 450

    23-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNMP Conf igu rin g SNMP The snmp-serv er host co mmand s pecif ies which ho sts rec eiv e th e noti fica tions. T he snmp-serv er enab le trap command global ly enable s the mech anism for the specif ied notif icatio n (for tra ps and informs ). T [...]

  • Seite 451

    23-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNM P Configuring SNMP Setting th e Agent C ontact and Location In formation Beginn ing in pri vilege d EXEC mode, follo w these step s to set the system contact and locatio n of the SNMP agen t so that these de scripti ons can be accesse d through [...]

  • Seite 452

    23-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNMP Conf igu rin g SNMP SNMP Examp les This example shows ho w to enable all versions of SN MP . Th e configurati on permi ts any SNMP manager to access all objects with read-only permissions using the co mmunity string public . This configurati on[...]

  • Seite 453

    23-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNM P Disp la yin g S N M P S t at us Displaying SNMP Status T o display SN M P input and o utput sta tisti cs, i ncl udin g the num ber of illegal co mm unity strin g en tri es, errors, a nd re que ste d variable s, use t he show snmp privileged EX[...]

  • Seite 454

    23-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 23 Configuring SNMP Displaying SNM P Status[...]

  • Seite 455

    C HAPTER 24-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 24 Configuring Network Security with ACLs This cha pter d escri bes how to configu re net work se curit y on yo ur swi tch by usi ng a cce ss contr ol l ists (A CL s), whic h are also ref erred to in comm ands an d tables as acce ss lists . Y ou can create A CLs f[...]

  • Seite 456

    24-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Unders tandin g A CLs Understandin g ACLs Pack et f ilterin g can limit net work traff ic and restrict netw ork use b y certain users or de v ices. A CLs can fi lter traf f ic a s it passes thr ough a switch and permit [...]

  • Seite 457

    24-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Unde rsta ndi n g AC Ls Figur e 24-1 Usi ng AC Ls to Contr ol T raff ic t o a Netw or k Handling Fragmented and Unfragmented Traffic IP packets can be fragment ed as they cross the ne twork. Whe n this happens, only the [...]

  • Seite 458

    24-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Unders tandin g A CLs • Packet A is a TCP pa cket fro m ho st 10. 2. 2.2, po rt 65000 , go ing to h ost 10.1. 1.1 on th e SMTP por t. If this packe t is fragmented, the firs t fragment matches the f irs t A CE (a perm[...]

  • Seite 459

    24-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Unde rsta ndi n g AC Ls • Layer 4 fields: – TCP (Y ou c an sp eci fy a T CP so urce , de stin ation po rt n um ber, or both a t the same time. ) – UDP (Y ou c an sp ec ify a UD P sou rce, d estina tion por t nu mbe[...]

  • Seite 460

    24-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs Guidelines for Applying ACLs to Physical Interfaces When ap plyi ng ACLs to physic al in terfaces , f oll ow these configura tion g uide lines: • Only one A C L can be attached to an interface . Fo[...]

  • Seite 461

    24-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Confi guring ACLs Unsupporte d Features The switc h does not support these IOS rout er A CL-relat ed feature s: • Non -IP prot ocol A CL s (s ee T a ble 24- 2 on page 24 -8 ) • Bridge -group ACLs • IP accoun ting ?[...]

  • Seite 462

    24-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs ACL Numbers The numbe r you use to denote your A CL shows the type of access list th at you ar e cre ating. T abl e 24-2 lists t he acce ss l ist n umber and c orresp onding type a nd shows whe ther [...]

  • Seite 463

    24-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Confi guring ACLs Creating a Numbered Standard ACL Note For info rmati on about cr eati ng A CLs to app ly to a manage ment in terface, refer to the “ Conf igurin g IP Services ” sec tion of th e Cisco IOS IP a nd IP[...]

  • Seite 464

    24-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs This exampl e shows ho w to creat e a standard ACL to deny access to IP host 171 .69.1 98.102, pe rmit access to an y others, and display the results. Switch (config)# access-list 2 deny host 171.69[...]

  • Seite 465

    24-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Confi guring ACLs Note Th e switc h does not supp ort dyna mic or reflexive access lis ts. It al so does n ot suppor t filtering based on the min imize -mon eta ry-co st typ e of servic e (T oS ) bit. When crea ting A C[...]

  • Seite 466

    24-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs Beginn ing in pri vileg ed EXEC mode, follo w these st eps to create an exte nded A CL: Command Purp ose Step 1 co nfi gure terminal Ent er g loba l c onfigura tion m od e. Step 2 access-list access[...]

  • Seite 467

    24-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Confi guring ACLs Use the no a ccess-lis t a ccess-list-number gl obal conf igurat ion command to dele te the entire access list. Y o u ca nnot del ete in dividual ACEs from n umb ered a cce ss lis ts. This e xample sho[...]

  • Seite 468

    24-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs Be ginning in pri vile ged EXEC m ode, fo llo w thes e steps to cre ate a sta ndard n amed acces s list u sing names: Beginning in pr ivileged EXEC mode, follow these step s to crea te an extende d [...]

  • Seite 469

    24-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Confi guring ACLs When ma king t he stan dar d an d extend ed A CL, reme m ber tha t, by defaul t, the e nd o f the ACL conta ins an implicit deny statement f or everything if it did no t find a match befor e reachi ng [...]

  • Seite 470

    24-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs T o remov e a conf igu red time -ran ge, use the no time-r ange ti me-range-nam e globa l c onfigura tion comm and. Repeat t he steps if you ha ve multiple items tha t you w ant operational at dif f[...]

  • Seite 471

    24-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Confi guring ACLs deny tcp any any time-range new_year_day_2000 (inactive) deny tcp any any time-range thanskgiving_2000 (active) deny tcp any any time-range christmas_2000 (inactive) permit tcp any any time-range workh[...]

  • Seite 472

    24-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs In this exam ple, the Jones subnet is not allo wed to use outbound T elnet: Switch(config)# ip access-list extended telnetting Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out[...]

  • Seite 473

    24-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Confi guring ACLs This exam ple sh ows how to cr eate an d displ ay a n acc ess l ist name d mac1 , denying o nl y E the rT yp e DECnet Phase IV traf f ic, b ut permitting all other types of traf f ic. Switch(config)# m[...]

  • Seite 474

    24-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Applying ACLs to Ter m in al Lines or Phy sical Inter faces Applying ACLs to Terminal Line s or Physical Interfac es Note Be fore appl ying a n A CL to a phy sica l int erfac e , see the “ Guidelines for Applying A C[...]

  • Seite 475

    24-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Displaying ACL Information Applying ACLs to a Physical Interface Beginn ing in pr iv ileged EXEC mode, follo w thes e steps to control a ccess to a Layer 2 interfac e: This exam ple shows how to app ly a ccess li st 2 o[...]

  • Seite 476

    24-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Displa ying A CL Inf ormati on Displaying ACLs Y ou ca n display existi ng A CLs by using show commands. Beginn ing in priv ileged EXEC mode, follo w these steps to display access lists: This example shows all standard[...]

  • Seite 477

    24-23 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Examples for Compiling ACLs Displaying A ccess Groups Note Th is fea ture is available o nly i f your sw itch i s r unn ing the EI . Y o u use the ip ac cess-g roup int erface co nfiguration c omman d to apply A CLs t o[...]

  • Seite 478

    24-24 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Examples fo r Compilin g ACLs Use swi tch A CLs to d o these: • Create a standa rd A CL, and filter traff ic fr om a spe cific Interne t host with an addre ss 172.20. 128.64 . • Create an ex tended A CL, and filte [...]

  • Seite 479

    24-25 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Configuring Net work Securi t y with ACLs Examples for Compiling ACLs Numbered ACL Examples This example shows that the swi tch accept s addre sses on networ k 36.0.0.0 subnets and deni es all pac kets coming f rom 56.0 .0. 0 subn ets. T he ACL is th en a pplie[...]

  • Seite 480

    24-26 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 24 Con figuring Ne two rk Sec urity with ACLs Examples fo r Compilin g ACLs In this ex ample o f a num bered A CL, the W inter and Sm ith w orkstation s are not al lo wed to br o wse th e web: Switch(config)# access-list 100 remark Do not allow Winter to browse th[...]

  • Seite 481

    C HAPTER 25-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 25 Configuring QoS This chapter descr ibes ho w to conf igure quality of service (QoS) b y using QoS com mands. W ith QoS, you can p rovid e preferen tial treatm ent to cert ain types of traf fi c at the e xpense o f others. W ithou t QoS, the switch of f ers b es[...]

  • Seite 482

    25-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Unders tan ding QoS • V ideo w izard — Giv es traff ic th at origin ates from speci fied video servers a highe r priori ty than the prior ity of data t raf f ic. The wiz ard as sume s that the vi deo serv ers ar e con nected to a s ing[...]

  • Seite 483

    25-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Under sta n din g Q oS Figur e 25-1 QoS Cl assificatio n Lay ers in F ram es and P ack ets All swi tches and rou ters t hat acce ss the Intern et rely o n the class inf ormation to pro vide th e sam e forwar din g treatm ent to p ac ke ts with t[...]

  • Seite 484

    25-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Unders tan ding QoS • Markin g e va luates the policer an d conf iguration info rmation for the actio n to be taken when a packet is out of profile and d ecide s what t o do wi th the p acket (pa ss through a packe t witho ut modificat i[...]

  • Seite 485

    25-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Under sta n din g Q oS The trust DSCP con figur ation is meaningless fo r non-IP traf f ic. If you conf igure a por t with this option and no n-IP traffic is received, the switch assig ns the default port CoS value and classi f ies traf f ic bas[...]

  • Seite 486

    25-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Unders tan ding QoS Classification Based on Class Maps and Policy Map s A class map is a mechanism th at you use to isol ate and n ame a specif ic tr af fic flo w (or clas s) from all other traf f ic. Th e clas s map def ines the crite ria[...]

  • Seite 487

    25-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Under sta n din g Q oS • Only one policer can be applied to a pack et in the input direc tion. • Only t he a verag e rate and com mitted b urst parameter s are co nf igurable. • Policing occurs o n the ingress interface s: – 60 policers [...]

  • Seite 488

    25-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Unders tan ding QoS Port Prior ity Frames rec ei ve d from users in the adminis trati v ely-def ined VLANs are clas sif ied or tagge d for transmission to other de vices. Based on rules that you def ine, a unique identif ier (the tag) is i[...]

  • Seite 489

    25-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S Configuring QoS Before configur ing QoS, you must hav e a thoroug h understand ing of the se items: • The type s of applica tions used and the traffic patterns on yo ur network. • T ra ff i c chara cteri stics an d need s o[...]

  • Seite 490

    25-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Conf igu rin g QoS Configuration Guidelines Note Th ese guide lines are applicab le only if you r switch is ru nning the E I. Before beginni ng the QoS configu ration, yo u should be aware of this informat ion: • If you have EtherCh an [...]

  • Seite 491

    25-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S Note Both the EI a nd SI support this featur e. Configuring the Trust State on Po rts within the QoS Domain Pa ckets en tering a QoS domai n are classi fied at the edge of the QoS dom ain. When the pa ckets ar e classif ied at[...]

  • Seite 492

    25-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Conf igu rin g QoS Beginn ing in pr iv ilege d EXEC mode, follo w the se steps to conf igure the port to trust t he classif icati on of the traf f ic that it re cei ves : T o return a port to its untrusted state, use th e no mls qos t rus[...]

  • Seite 493

    25-13 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S Configuring the CoS Val ue for an Interface QoS assigns the CoS v al ue specif ied with the mls qos cos interfac e conf igu ration c ommand to unta gged frames re ceived on trusted and untrust ed port s. Beginn ing in pri vile[...]

  • Seite 494

    25-14 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Conf igu rin g QoS Ho we ver , if a user byp asses the telep hone and c onnects th e PC directl y to the switch, t he CoS labels generated by t he PC are trusted by the switch ( because o f the tr usted CoS setting) and can allo w misuse [...]

  • Seite 495

    25-15 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S Enabling Pass-Through Mode In software rel eases earl ier than Re lease 12. 1(11) EA1, the swit ch is in pas s-thr ough mode. It uses the CoS value of incoming pa ckets witho ut mod ifying the DSCP value and sen ds the packets[...]

  • Seite 496

    25-16 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Conf igu rin g QoS Configuring a QoS Policy Note Th is fea ture is available o nly i f your sw itch i s r unn ing the EI . Conf iguring a QoS polic y typical ly requires cla ssifying traf f i c into classes, co nf iguring policies applied[...]

  • Seite 497

    25-17 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S For more information abo ut creating IP standar d A CLs, see the “ Guidelin es f or A pplying ACLs to Physica l Interfa ces ” section on page 24-6 . T o delete an A CL, use the no access-list access-list-number global co n[...]

  • Seite 498

    25-18 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Conf igu rin g QoS Beginn ing in pri vileg ed EXEC mode, follo w the se steps to create an IP exte nded A CL for IP tra ff ic: Command Purpose Step 1 conf igure t erminal Enter g lo bal c onfigurat ion m ode. Step 2 access-list access- li[...]

  • Seite 499

    25-19 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S For more information about crea ting IP exten ded A CLs, see the “ Guidelines for Applyi ng A CLs to Physica l Interfa ces ” section on page 24-6 . T o delete an A CL, use the no access-list access-list-number global co nf[...]

  • Seite 500

    25-20 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Conf igu rin g QoS This e xample sho ws ho w to cr eate a Lay er 2 MA C A CL wit h a permit s tatement. Th e statem ent allo ws traff ic from the host wi th MA C address 0001.0 000.00 01 to the host with MA C address 00 02.000 0.0001. Swi[...]

  • Seite 501

    25-21 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S T o delete an exi sting class ma p, u se the no class-map cl ass-map- name gl obal conf igur ati on com man d. T o re move a m atch cr i ter ion, use th e no m atch { access-gr oup a cl-index | name acl-n ame | ip d sc p } cla[...]

  • Seite 502

    25-22 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Conf igu rin g QoS Beginning in privileged EX EC mode , follow these steps t o create a po licy map: Command Purpose Step 1 conf igure t erminal Enter g lo bal c onfigurat ion m ode. Step 2 access-list access-list- number permit { sourc e[...]

  • Seite 503

    25-23 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S T o delete an e xisting polic y map, use the no policy-map poli cy-m ap-n ame global configuration comm and. T o de lete an existi ng class ma p, use the no clas s class-map-nam e poli cy-map co nfigurati on comma nd. T o remo[...]

  • Seite 504

    25-24 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Conf igu rin g QoS Switch(config)# access-list 1 permit 10.1.0.0 0.0.255.255 Switch(config)# class-map ipclass1 Switch(config-cmap)# match access-group 1 Switch(config-cmap)# exit Switch(config)# policy-map flow1t Switch(config-pmap)# cla[...]

  • Seite 505

    25-25 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S Configuring the CoS-t o-DSCP Map Y ou use the CoS- to-DSCP ma p to map CoS v alues in incomin g pack ets to a DSCP v alu e that Qo S uses internall y to rep resent the priority o f the tr af fic . T able 25-3 shows the default[...]

  • Seite 506

    25-26 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Conf igu rin g QoS Configuring the DSCP-to- CoS Map Y o u use the DSCP- to-CoS ma p to map DSCP values in incom ing pac kets to a Co S value, which is used to sele ct one of the fou r egress queues . The switc h supports these D SCP value[...]

  • Seite 507

    25-27 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S Configur ing Qo S Config ur ing Co S an d WRR Note Th is feature is supported by both the EI and SI. This section de scribe s how to configure CoS pr iorities a nd weighted ro und-ro bin (WRR): • Conf iguring C oS Pri orit y Que ues, pa ge 25[...]

  • Seite 508

    25-28 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS Displa ying QoS Infor mation T o di sable th e WRR sche dule r an d ena ble th e st rict pri ori ty sc he du ler, use the no wrr -queue bandwidth globa l configuration command. Displaying QoS Information T o display QoS inform ation, use [...]

  • Seite 509

    25-29 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S QoS Config uratio n Examples QoS Configuration Exa mples Note These ex amples are applicab le only i f your switc h is run ning the EI . This se ction pr ovides a Q oS migr at ion pa th to he lp you quickl y imple ment Q oS featur es ba sed o n[...]

  • Seite 510

    25-30 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS QoS Configura tion Examp les QoS Configuration for the Existing Wiring Closet The exi sting wiring closet in Figure 25-4 consi sts of existing Ca talyst 290 0 X L and 3500 X L switche s. These sw itches ar e running IOS release 12.0(5)X P[...]

  • Seite 511

    25-31 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 25 Configuring Qo S QoS Config uratio n Examples Step 9 police 5000000 819 2 exce ed-ac tion drop Def ine a p olicer f or the classi fie d vide o traf f ic to drop tr af fic that exc eeds 5-Mb ps a v erag e tra f f ic rat e with an 81 92-b y te b u rst size . Step[...]

  • Seite 512

    25-32 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapt e r 2 5 Co nf igur ing Q oS QoS Configura tion Examp les[...]

  • Seite 513

    C HAPTER 26-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 26 Configuring EtherChannels This cha pter descri bes how to configure Ether Channel on Layer 2 interfaces. EtherCha nnel provi des fault-to lerant high- speed links betw een switc hes, ro uters, and ser vers. Y ou can use it to incre ase the bandwidt h betw een t[...]

  • Seite 514

    26-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 6 Configur ing Ethe rChannel s Unders tan ding Ether Channels Figur e 26-1 T ypical EtherChannel Con figur ation Each Et h erCha nne l ca n co ns is t of up to eigh t com pa tib ly configur ed Ethe rn et i nte rface s. A ll in te rface s in ea ch E ther Cha nn el[...]

  • Seite 515

    26-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 26 Configuring Eth erCh annels Understa nding Et herChann els Figur e 26-2 Relation ship of Ph ysical P or ts, Lo gical P o rt Cha nnels, and Channel Gr oup s After y ou co nf igu re an Eth erC hann el , conf ig urati on ch ange s appli ed to the por t-ch anne l in[...]

  • Seite 516

    26-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 6 Configur ing Ethe rChannel s Unders tan ding Ether Channels PAgP Modes T able 26-1 sh ows the user-configurab le Ethe rC han nel mode s f or the channel-group interfa ce configurati on comm a nd: on , auto , and desi r abl e . Switch interfaces e xchange P AgP [...]

  • Seite 517

    26-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 26 Configuring Eth erCh annels Understa nding Et herChann els Physical Learners an d Aggregate-P ort Learners Network devices are cla ssified as P AgP physic al lea rner s o r a ggregate- por t l ear ne rs. A d evice is a physical learn er i f i t lea rns a ddre ss[...]

  • Seite 518

    26-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 6 Configur ing Ethe rChannel s Unders tan ding Ether Channels Use the option tha t provi des the greatest v ariety in your conf iguration. For e xample, if the tr af fic on a chan nel is goi ng only to a single MA C address, usi ng the de stinat ion -M A C addres[...]

  • Seite 519

    26-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 26 Configuring Eth erCh annels Co nfiguri ng Ether Chann els Configuring Eth erChannels These sec tions descr ibe how to configure Ethe rChanne l interfac es: • Default Eth erCha nnel Configurat ion, pa ge 26-7 • Ether Channe l C onfigurat ion G uide lin es, pa[...]

  • Seite 520

    26-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 6 Configur ing Ethe rChannel s Configur ing Eth erChann els EtherChann el Configuratio n Guidelin es If improperly co nf igured, some EtherCh annel interf aces are automatic ally disabled to a v oid network loops and ot her pr oblems. Follow these g ui delin es t[...]

  • Seite 521

    26-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 26 Configuring Eth erCh annels Co nfiguri ng Ether Chann els Beginn ing in pri vileg ed EXEC mode, follo w these st eps to assign a Layer 2 Ethernet interfa ce to a Layer 2 EtherC hannel: Comma nd Pu rpos e Step 1 conf igure t erminal Enter gl obal configurat ion m[...]

  • Seite 522

    26-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 6 Configur ing Ethe rChannel s Configur ing Eth erChann els T o remove an inte rface from the Et herC hannel group, u se the no channel-group interface co nfiguration comm and. If you del ete th e Ethe rCha nnel by u sing the no interface port-c hannel global co[...]

  • Seite 523

    26-11 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 26 Configuring Eth erCh annels Displa ying Ethe rChannel and PAgP St atus T o ret urn EtherCh annel load balancing to the d efault c onfig uration, u se the no port-channel load-balanc e global con figurati on comm and. Configuring the PAgP Learn Method and Priori[...]

  • Seite 524

    26-12 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 2 6 Configur ing Ethe rChannel s Displaying Eth erCh annel and PA gP Status[...]

  • Seite 525

    C HAPTER 27-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 27 Troubleshooting This chapte r describes ho w to identify and resolv e software prob lems related to the IOS softwa re. Depen ding on the nature of the problem , you can use the comm and-li ne inte rface (CL I) or the Clu ster Managemen t Suite (C MS) to ide nti[...]

  • Seite 526

    27-2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 27 Trouble shooting Using Re covery Procedu res Recovering from Corru pted Softw are Switch software can be cor ru pted du ring an up grade , by downloadin g the wr ong file to the swi tch, and by d eleting the im age f ile. In all o f these case s, the switch d oe[...]

  • Seite 527

    27-3 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 27 Troublesho oti ng Using Reco very Pr ocedures Step 4 Press the Mode button, and at th e same time, reconnect the pow er cord to the switch. Y o u can re le ase th e Mode button a second or two af ter the LE D above port 1X goes off. Several lines of inform ation[...]

  • Seite 528

    27-4 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 27 Trouble shooting Using Re covery Procedu res Step 13 Copy the c onfiguration file into memory: switch# copy flash: config.text system: running-config Source filename [config.text]? Destination filename [running-config]? Press Return in response to the confirmati[...]

  • Seite 529

    27-5 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 27 Troublesho oti ng Using Reco very Pr ocedures Replacing a Failed Command Switch with a Cluster Member T o replace a faile d comm and switc h with a comman d-capab le member in the s ame clu ster , follo w these steps: Step 1 Disco nnect the command switch from t[...]

  • Seite 530

    27-6 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 27 Trouble shooting Using Re covery Procedu res Step 11 Respond to the questions in the setup program. When prom pted for t he host n ame, reca ll that on a comman d switch, the host nam e is limite d to 28 charac ters; on a member switch to 31 character s. Do n ot[...]

  • Seite 531

    27-7 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 27 Troublesho oti ng Using Reco very Pr ocedures Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system Would you like to enter basic management setup? [yes/no]:[...]

  • Seite 532

    27-8 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 27 Trouble shooting Preventing Autone gotiati on M ismatche s Preventing Autone gotiation Mismatc hes The IEE E 802.3A B auto negotiation proto col mana ges the sw itch sett ings for speed (10 Mbps, 100 Mbps, and 1 000 Mbps excludin g GBIC ports) and dup lex (hal f[...]

  • Seite 533

    27-9 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 27 Troublesho oti ng Using Debug C ommands Cautio n Beca use de bu gging output is assi gned hi gh pri orit y in the CP U proces s, it can re nder the sys tem unusab le. For th is re ason, use de bug com mands only to troublesh oot specific proble ms or during trou[...]

  • Seite 534

    27-10 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter 27 Trouble shooting Using t he c rashinfo File The no debug al l privileged EXEC comm and di sables all diagnost ic output . Using t he no debug all comm and is a convenient way to ensure th at you have not accide ntally l eft any debug co mmand s enab led. Redire[...]

  • Seite 535

    C HAPTER A-1 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 A Supported MIBs This appendix l ists the supp orted mana gement i nformat ion base (M IBs) for this re lease. I t contains t hese sections: • MIB List, pa ge A-1 • Usin g F TP to Acce ss th e MIB File s, pa ge A-2 MIB List • BRIDGE-MIB (R FC149 3) • CISCO-[...]

  • Seite 536

    A- 2 Catalyst 2950 Desktop Switch Software C onfiguratio n Guide 78-11380-05 Chapter A Supported MIBs Using FTP t o Acces s the MIB Fi le s • CISCO-VL AN-MEMB ERSHIP-M IB • CISCO-VTP-MIB • ENTI TY -MIB • IANAifT ype-MI B • IF-M IB (RFC 1573) • OLD-CISCO- CHASSIS-MIB • OLD-CISCO- CPU-MIB • OLD-CISCO- INTERF A CES-MIB • OLD-CISCO- I[...]

  • Seite 537

    IN-1 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 INDEX Numerics 802.1 D See STP 802.1 Q and trunk ports 9-3 config urati on limitat ions 13-16 nati ve VL AN fo r un tagge d tr affic 13-20 trunk m ode 3-8 802.1 S See MSTP 802.1 W See RSTP 802.1 X See port -based auth entication 802.3 Z flow con trol 9-12 A abbrev iati ng [...]

  • Seite 538

    Index IN-2 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 ACLs ( continue d) exten ded I P configuring for QoS classi fication 25-18 crea ting 24-10 matc hing cri teria 24-7 host keywor d 24-9 IP crea ting 24-7 implici t deny 24-9, 24-13, 24-15 implicit m asks 24-9 manage ment inter faces, a pplying to 24-20 matc hing cri [...]

  • Seite 539

    Inde x IN-3 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 alarm s, RM ON 21-3 allowed-V LAN list 13-19 Apply button 3-27 ARP table address resolution 7-59 managing 7-59 attribute s, RADIUS vendor-p ropri etary 7-29 vendor-s peci fic 7-28 authenti cation local mo de with AAA 7-31 NTP associations 7-35 RADIUS key 7-20 login [...]

  • Seite 540

    Index IN-4 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 BPDU guard describe d 12-3 enab lin g 12-15 support fo r 1-3 broa dcas t stor m cont rol config uring 17-1 disabling 17-3 browser conf i gurat ion 3-1, 6-1 buttons, CMS 3-27 C cables , monit oring for uni direct ional links 18-1 Cancel but ton 3-27 cand id ate s wi [...]

  • Seite 541

    Inde x IN-5 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 CLI (co ntinue d) history chan ging t he b uff er si z e 2-5 describe d 2-5 disabling 2-6 recal ling co mman ds 2-5 managing c luster s 6-26 no and de fault fo rms o f c om mand s 2-4 client mode , VTP 14-3 clo ck See system clock Cluster Ma nagement Suite 1-6 See C[...]

  • Seite 542

    Index IN-6 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 CMS (c onti nued) online help 3-25 requir ements 3-28 saving co nfig uration ch ange s 3-30 toolbar 3-19 tool tips 3-25 Topolog y v iew 3-9 verify ing confi gura tion chang es 3-30 window co mpon ents 3-26 wizard s 3-24 Coarse Wav e Division Mu ltiplexer See CWDM GB[...]

  • Seite 543

    Inde x IN-7 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 convent ions comm and xxvi for ex amples xxvi text xxvi CoS config uring 25-7 configurin g priority queues 25-27 defining 25-8 describe d 1-4 override prior ity 15-5 trust pr iority 15-6 CoS-to-DSCP map for QoS 25-25 counte rs, c lea ri n g int e rfac e 9-16 cras hi[...]

  • Seite 544

    Index IN-8 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 device ic ons Front Pane l vie w 3-5 Topolog y v iew 3-11 device la bels 3-12 Devi ce Mana ger 3-2 See also Swi tch Manager device pop -up men u Front Pane l vie w 3-20 Topolog y v iew 3-22 DHCP 1-2 DHCP-b ased autoc onfig urati on client re quest m essage ex change[...]

  • Seite 545

    Inde x IN-9 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 error ch ecking, CMS 3-30 erro r me ssag es during co mman d entry 2-4 setting the display destinati on device 22-4 severity levels 22-8 system message fo rmat 22-2 EtherC hannel automatic c reation of 26-3 config urati on guidelin es 26-8 default conf igur ati on 2[...]

  • Seite 546

    Index IN- 10 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 Front Pane l vie w clu ster t ree 3-5 comm an d sw it ch 3-4 describe d 3-4 pop- up me nus 3-20 port ic ons 3-6 port LED s 3-7 RPS LED 3-6 switch images 3-5 FTP, acc essing MIB files A-2 G GBICs 1000BASE -L X/LH modul e 1-9 1000BASE -SX m odu le 1-9 1000BASE -ZX m[...]

  • Seite 547

    Inde x IN- 11 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 icons (co ntinue d) editab le table cell 3-27 Front Pane l vie w 3-6 multilink 3-21 sorting 3-27 toolbar 3-19 Topolog y view 3-11 web link 3-27 IE2100 CNS embe dded agen ts describe d 5-5 enab lin g au to ma ted conf ig urat ion 5-6 enabli ng conf igurat ion agen [...]

  • Seite 548

    Index IN- 12 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 interfac es (continue d) supported 9-4 types of 9-1 interf aces rang e macro co mmand 9-8 inventor y, cluster 6-25 IOS comm and-line in terface See CLI IP named ex tended ACL 24-14 named stand ard ACL 24-14 numbere d extend ed ACL 24-10 numbere d standar d ACL 24-[...]

  • Seite 549

    Inde x IN- 13 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 link l abels 3-12 link pop-up me nu, To pology vi ew 3-21 links, unidirec tional 18-1 lists, CMS 3-27 login a uthenticati on with RADIUS 7-22 wit h TACA CS+ 7-13 login banne rs 7-49 log message s See system me ssage loggin g loop gu ar d describe d 12-13 enab lin [...]

  • Seite 550

    Index IN- 14 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 menu bar describe d 3-14 variatio ns 3-14 messages system 3-18 to user s thr ou gh banne rs 7-49 metrop olitan- area ne tworks See MANs MIBs accessing files with FT P A-2 location of files A-2 overvi ew 23-1 SNMP inte raction wi th 23-4 supported A-1 mini-poi nt-o[...]

  • Seite 551

    Inde x IN- 15 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 MSTP (c onti nued) exten ded s y st em I D affec ts on ro ot sw itch 11-14 affec ts on se conda ry r oot s wit ch 11-16 unexpec ted b ehavio r 11-14 interface stat e, blocking t o forwardi ng 12-2 interoper ability with 802.1D describe d 11-11 restar ting migr ati[...]

  • Seite 552

    Index IN- 16 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 network e xample s collapse d back bone an d switch clust er 1-12 design co ncepts cost -effec tiv e wiri ng clo set 1-8 high-pe rform ance wo rkgrou p 1-9 network pe rforman ce 1-7 network se rvices 1-8 redunda nt G igabi t b ackb one 1-9 large ca mpus 1-13 long-[...]

  • Seite 553

    Inde x IN- 17 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 PC (passi ve comman d switch) 6-13, 6-24 per-V LAN Spanni ng Tree (PV ST) 10-2 per-V LAN Span ning Tree+ (PVST+) 10-8 physica l p orts 9-2 PIM-DVM RP, as snooping method 16-6 policers conf iguring for e ach mat ched tr affi c class 25-21 describe d 25-3 number of [...]

  • Seite 554

    Index IN- 18 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 port po p-u p me nu, Fr ont Pane l v iew 3-20 port priority MSTP 11-17 STP 10-15 ports 802.1Q t runk 3-8 acces s 9-2 dynami c access 3-8, 13-3 negotia te trunk 3-8 priority 25-8 protec ted 17-3 secure 17-4 static-access 3- 8, 13-3, 13-11 switch 9-2 trunks 13-15 VL[...]

  • Seite 555

    Inde x IN- 19 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 QoS (conti nued) classifica tion (continued) trusted bou ndary , describ ed 25-13 trusted CoS, descri bed 25-4 type s for IP traffi c 25-5 type s for non -IP tr affic 25-4 class maps config uring 25-20 displaying 25-28 config urati on exam ples comm on wiring cl o[...]

  • Seite 556

    Index IN- 20 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 RADIUS (c ontinued) in clusters 6-18 limiting the services to the user 7-26 method lis t, defi ned 7-19 operati on of 7-18 overvi ew 7-17 suggeste d network en vironme nts 7-17 tracki ng se rvices acce ssed by user 7-27 range macro 9-8 of inter faces 9-6 Rapid Spa[...]

  • Seite 557

    Inde x IN- 21 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 RSPAN (continued ) displaying sta tus 20-14 interactio n with other featur es 20-5 monitore d ports 20-4 monit oring po rts 20-4 overvi ew 1-5, 20-1 recei ved tra ffic 20-3 refle ctor p ort 20-4 ses sio n li mit s 20-6 sessions crea ting 20-11 defined 20-3 removi [...]

  • Seite 558

    Index IN- 22 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 SNM P (co ntin ued) config urati on exam ples 23-14 default conf igur ati on 23-6 groups 23-8 in clusters 6-17 informs and tr ap keyw ord 23-10 describe d 23-5 differ ence s fro m trap s 23-5 enab lin g 23-12 limiting access by T FTP servers 23-13 limiting system [...]

  • Seite 559

    Inde x IN- 23 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 static access ports assigni ng to VLAN 13-11 defined 9-2, 13-3 static addre sses See ad dresses static VLAN memb ership 13-2 statistics 802.1 X 8-14 CDP 19-5 interfac e 9-14 QoS ingr ess and egre ss 25-28 RMON group Et herne t 21-5 RMON group hist ory 21-5 SNMP in[...]

  • Seite 560

    Index IN- 24 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 STP (continued) load sharing overvi ew 13-21 using pa th cost s 13-23 using port priori ties 13-21 loop gu ar d describe d 12-13 enab lin g 12-20 multi cast addres ses, af fec t of 10-8 overvi ew 10-2 path costs 13-23, 13-24 Port Fast describe d 12-2 enab lin g 12[...]

  • Seite 561

    Inde x IN- 25 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 system messa ge logging (c ontinued ) UNIX sysl og se rver s configur ing the daemon 22-11 configurin g the logging facility 22-11 facilities su pported 22-12 system messa ges on CMS 3-18 system name default conf igur ati on 7-46 default setting 7-46 manua l conf [...]

  • Seite 562

    Index IN- 26 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 TOS 1-4 traffic frag mented 24-3 unfragm ented 24-3 traffic polic ing 1-5 transp arent m ode, VTP 14-3, 14-12 trap- door mechan ism 4-2 traps configurin g MAC address notification 7-54 con figu rin g mana gers 23-10 defined 23-3 enab lin g 7-54, 23-10 notificat io[...]

  • Seite 563

    Inde x IN- 27 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 VLAN c onfi gur ation at bootu p 13-7 saving 13-7 VLAN c onfi gurat ion m ode 2-2, 13-6 VLAN database and st artup conf igurat ion fil e 13-7 and VT P 14-1 VLAN c onfi gurat ion save d in 13-7 VLANs saved in 13-4 vlan d ata base c omm an d 13-6 vlan g loba l c onf[...]

  • Seite 564

    Index IN- 28 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5 voice VLAN (continued) configurin g ports for voice traffic in 802.1 P priorit y tagged frames 15-4 802.1 Q fram es 15-4 connec tin g to a n I P p hon e 15-3 default conf igur ati on 15-2 describe d 15-1 displaying 15-6 VQP 13-24 VTP adding a cl ient to a d om ain[...]

  • Seite 565

    Inde x IN- 29 Catalyst 2950 Desktop Switch Software Conf igurati on Guide 78-11380-05 WRR config uring 25-27 defining 25-8 descript ion 25-8 X XMOD EM pr otoc ol 27-2[...]

  • Seite 566

    Index IN- 30 Catalyst 2950 Desktop Switch Software C onfigurati on Guide 78-11380-0 5[...]