Cisco Systems 2955 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Cisco Systems 2955. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Cisco Systems 2955 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Cisco Systems 2955 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Cisco Systems 2955 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Cisco Systems 2955
- nom du fabricant et année de fabrication Cisco Systems 2955
- instructions d'utilisation, de réglage et d’entretien de l'équipement Cisco Systems 2955
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Cisco Systems 2955 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Cisco Systems 2955 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Cisco Systems en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Cisco Systems 2955, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Cisco Systems 2955, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Cisco Systems 2955. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Americas Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 527-0883 Catal yst 2950 and Catal yst 2955 S witc h S of tw are Conf iguration Guide Cisco IOS Release 12.1(22)EA1 1 and Later Marc h 20 08 Text Part Number: OL -10101-02[...]

  • Page 2

    THE SPECIFICATION S AND INFORMATION RE GARDING THE PRODU CTS IN THIS MANU AL ARE SUBJECT T O CHANGE WITHOUT N OTICE. ALL STATEMENTS , INFORMATION , AND RECOMMEN DATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSI BILITY FOR THEIR APPLICATION OF ANY PR[...]

  • Page 3

    iii Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 CONTENTS Preface xxvii Audience xxvii Purpose xxvii Conventi ons xxviii Related Publica tions xxix Obtaining Documentation and Submitting a Serv ice Request xxx CHAPTER 1 Overview 1-1 Features 1-1 Ease of Deployment and Ease of Us e 1-2 Performance 1-3 Manageabil[...]

  • Page 4

    Contents iv Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 CHAPTER 2 Using the Command-Line Interface 2-1 Cisco IOS Command Modes 2-1 Getting Help 2-3 Abbreviating Command s 2-4 Using no and default Forms of Commands 2-4 Understanding CLI Messages 2-5 Using Command History 2-5 Changing the Co mmand History Buffer S[...]

  • Page 5

    Contents v Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Configuring Alarm Profiles 3-9 Creating o r Modifying an Alarm Profi le 3-9 Attaching an Alarm Profile to a Speci fic Port 3-10 Enabling SNMP Traps 3-11 Displaying Catalyst 2955 Switch Alarms Statu s 3-11 CHAPTER 4 Assigning the Switch IP Ad dress and Defa[...]

  • Page 6

    Contents vi Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Event Service 5-3 NameSpace Mapper 5-3 What You Should Know About the CNS IDs and Dev ice Hostnames 5-3 ConfigID 5-4 DeviceID 5-4 Hostname and DeviceID 5-4 Using Hostname, DeviceID, and ConfigID 5-5 Understanding Cisco IOS Agents 5-5 Initial Configuration 5[...]

  • Page 7

    Contents vii Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 TACACS+ and RADIUS 6-13 LRE Profiles 6-13 Catalyst 1900 and Catalyst 2820 CLI Considerations 6-14 Using SNMP to Manage Switch Clusters 6-14 CHAPTER 7 Administering the Switch 7-1 Managing the System Time and Date 7-1 Understanding the Sys tem Clock 7-1 U[...]

  • Page 8

    Contents viii Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Configuring MAC Address Notification Traps 7-21 Adding and Removing Static Address Entries 7-23 Configuring Unicast MAC Address Filtering 7-24 .Displaying Address Table Entries 7-25 Managing the ARP Table 7-26 CHAPTER 8 Configuring Switch-Based Authentica[...]

  • Page 9

    Contents ix Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Configuring RADIUS 8-19 Default RADIUS Configuration 8-20 Identifying the RADIUS Server Host 8-20 Configuring RADIUS Login Authentication 8-23 Defining AAA Server Groups 8-25 Configuring RADIUS Authorization for Us er Privileged Access and Network Serv ic[...]

  • Page 10

    Contents x Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Configuring IEEE 802.1x Authentication 9-12 Default IEEE 802.1x Authen tication Configuration 9-12 IEEE 802.1x Authentication Con figuration Guidelines 9-13 IEEE 802.1x Authentication 9-14 VLAN Assignment, Guest VLAN, and Restricted VLAN 9-14 Upgrading from [...]

  • Page 11

    Contents xi Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Configuring Media Types for Gigabit Ethernet Interface s on LRE Switches 10-13 Configuring IEEE 802.3x Flow Control on IEEE 80 2.3z Gigabit Ethernet Ports 10-13 Adding a Description fo r an Interface 10-14 Configuring Loopback Detection 10-15 Monitoring a[...]

  • Page 12

    Contents xii Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Using Rate Selection to Au tomatically Assign P rofiles 12-14 Precedence 12-15 Profile Locking 12-15 Link Qualification and SNR Margin s 12-16 Configuring LRE Link Persistence 12-19 Configuring LRE Link Monitor 12 -19 Configuring LRE Interleave 12-19 Confi[...]

  • Page 13

    Contents xiii Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Configuring Spanning-Tree Feature s 13-10 Default Spanning-Tree Configuration 13-11 Spanning-Tree Configuration Guid elines 13-11 Changing th e Spanning-Tree Mode 13-12 Disabling Spanning Tree 13-13 Configuring the Root Switch 13-14 Configuring a Second[...]

  • Page 14

    Contents xiv Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Configuring the Root Switch 14-14 Configuring a Secondary Root Switch 14-15 Configuring the Port Priority 14-16 Configuring the Path Cost 14-17 Configuring the Switch Priority 14 -18 Configuring the Hello Time 14-19 Configuring the Forwarding-De lay Time 1[...]

  • Page 15

    Contents xv Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Enabling Root Guar d 15-20 Enabling Loop Guard 15-20 Displaying the Spanning-Tree Status 15 -21 CHAPTER 16 Configuring VLANs 16-1 Understanding VLANs 16-1 Supported VLANs 16 -2 VLAN Port Membership Modes 16-3 Configuring Normal-Range VLANs 16-4 Token Ring[...]

  • Page 16

    Contents xvi Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Configuring VMPS 16-23 Understanding VMP S 16-23 Dynamic Port VLAN Membership 16-24 VMPS Database Config uration File 16-24 Default VMPS Client Configuration 16-25 VMPS Configuration Guid elines 16-25 Configuring the VMPS Client 16-26 Entering the IP Addre[...]

  • Page 17

    Contents xvii Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Enabling VTP Pruning 17-14 Adding a VTP Client Switch to a VTP Domain 17-14 Monitoring VTP 17-15 CHAPTER 18 Configuring Voice VLAN 18-1 Understanding Voice VLAN 18-1 Configuring Voice VLAN 18-2 Default Voice VLAN Configuration 18-2 Voice VLAN Configurat[...]

  • Page 18

    Contents xviii Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Configuring IGMP Snooping 20-6 Default IGMP Snooping Configuration 20-7 Enabling or Disabling IGMP Snooping 20-7 Setting the Sno oping Method 20-8 Configuring a Multicast Router Port 20-9 Configuring a Host Statically to Join a Group 20-9 Enabling IGMP I[...]

  • Page 19

    Contents xix Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Configuring Port Blocking 21 -5 Blocking Flooded Traffic on an Interface 21-5 Resuming Normal Fo rwarding on a Port 21-6 Configuring Port Security 21-6 Understanding Port Security 21-6 Secure MAC Addresses 21-6 Security Violations 21-7 Default Port Secur[...]

  • Page 20

    Contents xx Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 CHAPTER 24 Configuring SPAN and RSPAN 24-1 Understanding SPAN and RSPAN 24-1 SPAN and RSPAN Concepts and Terminolo gy 24-3 SPAN Session 24-3 Traffic Types 24-3 Source Port 24-4 Destination Port 24-4 Reflector Port 24-5 SPAN Traffic 24-5 SPAN and RSPAN Inter[...]

  • Page 21

    Contents xxi Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Disabling and Enabling Message Log ging 26-3 Setting the Mes sage Display Destination De vice 26-4 Synchronizing Log Messa ges 26-5 Enabling and Disabling Timestamps on Log Me ssages 26 -6 Enabling and Disabling Sequence Numbers in Log Messa ges 26-7 Def[...]

  • Page 22

    Contents xxii Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Creating Standard and Exte nded IP ACLs 28-7 ACL Numbers 28-7 Creating a Numbered Standard ACL 28-8 Creating a Numbered Extended ACL 28-10 Creating Named Standard and Extend ed ACLs 28-13 Applying Time Ranges to ACLs 28-14 Including Comments About Entries[...]

  • Page 23

    Contents xxiii Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Enabling Auto-QoS for VoIP 29-13 Displaying Auto-QoS Information 29-14 Auto-QoS Configuration Example 29-14 Configuring Standard QoS 29-16 Default Standard QoS Configuration 29-17 Configuration Guidelines 29-17 Configuring Classification Us ing Port Tr[...]

  • Page 24

    Contents xxiv Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Configuring Layer 2 EtherChannels 30-9 Configuring EtherChannel Lo ad Balancing 30-11 Configuring the PAgP Learn Method and Priority 30-12 Configuring the LACP Port Priority 30-12 Configuring Hot Standby Ports 30-13 Configuring the LACP System Priority 30[...]

  • Page 25

    Contents xxv Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 APPENDIX A Supported MIBs A-1 MIB List A-1 Using FTP to Access the MIB Files A-3 APPENDIX B Working with the Cisco IOS File System, Configuration Fi les, and Software Images B-1 Working with the Flash File System B-1 Displaying Available File Systems B-2[...]

  • Page 26

    Contents xxvi Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 tar File Format of Images on a Server or .com B-19 Copying Image Files By Using TFTP B-20 Preparing to Download or Upload an Image File By Using TFTP B-20 Downloading an Image File By Using TFTP B-21 Uploading an Image File By Using TFTP B-22 Copying Imag[...]

  • Page 27

    xxvii Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Preface Audience This guide is for the netw orking professi onal managi ng the Catalyst 29 50 and 2955 switches, hereafte r referred to as the switches . Before using this guide, y ou should ha ve e xperience working with the Cisco IOS and be famil iar with the[...]

  • Page 28

    xxviii Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Preface • CLI command information—This gu ide provides an o vervie w for using the CLI. For complete syntax and usage informat ion about the commands th at hav e been specifically created or changed for the switches, see the command reference for th is relea[...]

  • Page 29

    xxix Catalyst 2950 and Catalyst 2955 Swit ch Software Con figurat ion Guide OL-10101-02 Preface Related Publications These documents pro vide complete information about th e switch and are a v ailable from thi s Cisco.com site: http://www .cisco.com/en/US/ products/ps67 38/tsd_pro ducts_support_series_home.html http://www .cisco.com/en/US/ products[...]

  • Page 30

    xxx Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Preface Obtaining Documentation and Submitting a Service Request For info rmation on obtaining documentatio n, submitting a service request, and g athering additional information, see the mont hly What’ s New in Cisco Pr oduct Documentation , which also li sts al[...]

  • Page 31

    CH A P T E R 1-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 1 Overview This chapter p rovides these topics ab out the Catalyst 2950 and Catalyst 2955 switch software: • Features, page 1-1 • Management Options, page 1-9 • Network Confi guration Examples, p age 1-11 • Where to Go Next, page 1-24 Note In t[...]

  • Page 32

    1-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Features Certain Cisco Long-Reach Ethern et (LRE) custom er premises equipment (CPE) devices are not supported b y certain Catalyst 2950 LRE switches. In Ta b l e 1-2 , Ye s means that the CPE is supported by the switch; No means that the CPE is[...]

  • Page 33

    1-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Features – Accomplishing multiple conf iguration tasks from a single windo w without needing to remember command-line interface (CLI) commands to accomplish specif ic tasks. – Interacti ve guide mode that guides you in co nfiguring complex fe[...]

  • Page 34

    1-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Features • Port blocking on forw arding unknown u nicast and multicast traf fic (av ailable only on the Catalyst LRE sw itches and on the Catalyst 2950G-12-EI, 295 0G-24-EI, 2950G-24-EI-D C, 2950G-48-EI, and 2955 switches) • Per- port broadc[...]

  • Page 35

    1-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Features • Default conf iguration storage in flash memory to ensure that the switch can be connected to a network an d can forward tr af fic with minimal user intervent ion • In-band management access through the em bedded de vice manager thr[...]

  • Page 36

    1-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Features VLAN Support • The switches support 250 po rt-based VLANs for assignin g users to VLANs associated with appropriate network r esources, traf fic patterns, an d bandwidth Note The Catalyst 2950-12, Catalyst 2950- 24, Cataly st 2950SX-2[...]

  • Page 37

    1-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Features • IEEE 802.1x with wake-on-LAN to allo w dormant PC s to be powered on based on the receipt of a specific Ethernet frame • IEEE 802.1x with restricted VLAN to provide limited services to users who are IEEE 802.1x compliant, but do no[...]

  • Page 38

    1-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Features Monitoring • Switch LEDs that sho w port and switch status • Switched Port Analy zer (SP AN) and Rem ote SP AN (RSP AN) fo r traf fic mo nitoring on an y port or VLAN Note RSP AN is av ailable only in the EI. • SP AN support of In[...]

  • Page 39

    1-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Management Option s • Support for conf iguring the interleav e delay feature • Support for DC-inp ut po wer and compliance with the V DSL 997 band plan on Cataly st 2950ST -24 LRE 997 switc hes • Upstream po wer back-off mechanis m for norm[...]

  • Page 40

    1-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Management Option s • SNMP—SNMP provides a means to monitor and control the switch an d switch cluster members. Y ou can manage switch conf iguration settings, perf or mance, and security and collect st atistics by using SNMP mana gement ap[...]

  • Page 41

    1-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Network Co nfiguration Examples Network Configuration Examples This section pro vides network config uration concepts and includes e x amples of using the switch to create dedicated net work se gments and interconnect in g the se gments through [...]

  • Page 42

    1-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Network Config uration Examples Figure 1-1 sho w s conf iguration e x amples of using t he Catalyst switches to create these netw orks: • Cost-effecti ve wiring closet—A cost-effecti ve way to connect many users to th e wiring closet is to [...]

  • Page 43

    1-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Network Co nfiguration Examples – GigaStack GBIC module for crea ting a 1-Gb ps stack config uration of up to nine su pported switches. The GigaStack GBIC support s one full-duple x link (in a point-to- point conf iguration) or up to nine half[...]

  • Page 44

    1-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Network Config uration Examples Small to Medium-Sized Network Configuration Figure 1-2 sho w s a conf iguration for a netw ork that has up to 250 users. Users in this netw ork require e-mail, file-sharing, database, and Internet access. Y ou op[...]

  • Page 45

    1-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Network Co nfiguration Examples Servers are connected to the GBIC module ports on th e switches, allo wing 1-Gbps throug hput to users when needed. When th e switch and server ports are configured fo r full-duplex o peration, the links provide 2[...]

  • Page 46

    1-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Network Config uration Examples Figur e 1 -3 Collapsed Bac kbone and Switc h Cluster Con figurati on Hotel Network Configuration Figure 1-4 sho ws Catalyst 2950ST -8 LRE and 2950ST -24 LRE switches in a ho tel network en vironment with approxim[...]

  • Page 47

    1-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Network Co nfiguration Examples Note All telephones not di rectly connecte d to the hotel room CPE de vice require microfilters with a 300- ohm termination. Microf ilters improve v o ice call quality when voice and data equi pment are using the [...]

  • Page 48

    1-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Network Config uration Examples Figur e 1 -4 Netw or k Hotel Configur ation Service-Provider Central-Office Configuration Figure 1-5 sho ws the Catalyst 2950ST -24 LRE 997 switches in a service-prov ider central-off ice network en vironment. Th[...]

  • Page 49

    1-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Network Co nfiguration Examples Y ou c an use a PO TS splitter to connect the switc h es to the CPE de vices. The splitter routes data (high-frequency) to a Catalyst 295 0 LRE switch and voice (lo w-freque ncy) traf fic from the telephone line t[...]

  • Page 50

    1-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Network Config uration Examples Figur e 1 -5 Service Pr ovider Cen tral Of fice Configur ation Large Campus Configuration Figure 1-6 sho ws a configu ration for a netw ork of more than 1000 users. Because it can aggregate up to 130 Gigabit conn[...]

  • Page 51

    1-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Network Co nfiguration Examples Figur e 1 -6 Larg e Campus Configuration Multidwelling Network Using Catalyst 2950 Switches A gro wing segment of resi dential and commerci al cu stomers are requiring hi gh- speed access to Ethernet metropolitan-[...]

  • Page 52

    1-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Network Config uration Examples All ports on the residential Cata lyst 2950 and 29 55 switches (and Catalyst LRE switches if they are included) are conf igured as 802.1Q trunks with p rotected port and STP r oot guard features enabled. The prot[...]

  • Page 53

    1-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 1 Overview Network Co nfiguration Examples Long-Distance, High-Bandwidth Transport Configuration Note T o use the feature described in this section, you must hav e the EI installed on your switch. Figure 1-8 sho ws a conf iguration for transporting 8 Gigab[...]

  • Page 54

    1-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 1 Overvi ew Where to Go Next Where to Go Next Before conf iguring the switch, re view th ese sections for star t-up information: • Chapter 2, “Using t he Command-Line Interface” • Chapter 4, “ A ssigning the Swit ch IP Address and Default Gate wa[...]

  • Page 55

    CH A P T E R 2-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 2 Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) that you can use to configure your Catalyst 2950 and Catalyst 2955. It contains these sect ions: • Cisco IOS Command Modes, page 2-1 • Getting Help[...]

  • Page 56

    2-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 2 Using the Comman d-Line Interface Cisco IOS Command Modes Ta b l e 2-1 describes the main command modes, how to acce ss each one, the prompt you see in that mode, and ho w to exit th e mode. The examples in the tabl e use the host name Switc h . Ta b l e [...]

  • Page 57

    2-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 2 Using th e Co mmand-Line Interface Getting Help Getting Help Y o u can enter a question mark (?) at the system prompt to display a list of commands a vailabl e for each command mo de. Y o u can also obta in a list of asso ciated keyw ords and arg uments f[...]

  • Page 58

    2-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 2 Using the Comman d-Line Interface Abbreviating Command s Abbreviating Commands Y ou have to en ter only enough characters for the swit ch to recognize the co mmand as unique. This example sho ws how to enter the show conf iguration privileged EXEC command[...]

  • Page 59

    2-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 2 Using th e Co mmand-Line Interface Understanding CLI Messages Understanding CLI Messages Ta b l e 2-3 lists some error messages that you mi ght encounter while u sing the CLI to conf igure your switch. Using Command History The software pro vides a histor[...]

  • Page 60

    2-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 2 Using the Comman d-Line Interface Using Ed iting Features Recalling Commands T o recall commands from the history b uffer , perform one of the actions listed in Ta b l e 2-4 : Disabling the Command History Feature The command history feature is automatica[...]

  • Page 61

    2-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 2 Using th e Co mmand-Line Interface Using Editing Feature s T o globally disable enhanced editin g mode, en ter this command in line con figur ation mode: Switch(config-line)# no editing Editing Commands through Keystrokes Ta b l e 2-5 sho ws the ke ystrok[...]

  • Page 62

    2-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 2 Using the Comman d-Line Interface Using Ed iting Features Editing Command Lines that Wrap Y ou can use a wraparound feature for commands that extend b eyond a single line on the screen. When the cursor reaches the right margin, the command line shifts ten[...]

  • Page 63

    2-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 2 Using th e Co mmand-Line Interface Searching and Filtering Outpu t of show and more Commands Use line wrapping w ith the command history feat ur e to recall and modify pre vious complex comman d entries. For inf ormation about recalling pre vious command [...]

  • Page 64

    2-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 2 Using the Comman d-Line Interface Accessing the CLI[...]

  • Page 65

    CH A P T E R 3-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 3 Configuring Catalyst 2955 Switch Alarms This section descri bes ho w to conf igure the di f ferent alarms for the Cata lyst 2955 switch . Note The alarms described in this chapte r are not av aila ble on the Catalyst 2950 sw itch. For complete syntax[...]

  • Page 66

    3-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 3 Configuring Catalyst 2955 Switch Alarms Understanding Ca talyst 2955 Switch Alarms Global Status Monitoring Alarms The Catalyst 2955 switch contains facilities for processing alarms related to temperat ure and power supply conditions. These are referred t[...]

  • Page 67

    3-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 3 Configur ing Catalyst 2955 Switch Alarms Understanding Catalyst 2955 Switch Alarms Port Status Monitoring Alarms The Catalyst 2955 switch can al so monitor the status of the Ethernet ports and generate alarm messages based on the alarms listed in Ta b l e[...]

  • Page 68

    3-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 3 Configuring Catalyst 2955 Switch Alarms Configuring Catalyst 2955 Switch Alarms • SNMP T raps SNMP is an applicat ion-layer protocol that pr ovides a message format for communication between managers and agents. The SNMP system consists of an SNMP manag[...]

  • Page 69

    3-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 3 Configur ing Catalyst 2955 Switch Alarms Configuring Catalyst 2955 Switch Alarms Configuring the Power Supply Alarm This section describes ho w to conf igure the po wer supply alarm on your switch. It contains this configuration information: • Setting t[...]

  • Page 70

    3-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 3 Configuring Catalyst 2955 Switch Alarms Configuring Catalyst 2955 Switch Alarms T o disable sending the alarm to a relay , to syslog, or to an SNMP server , use the no alarm facility power -supply relay , no alarm facility power -supply notif ies , or no [...]

  • Page 71

    3-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 3 Configur ing Catalyst 2955 Switch Alarms Configuring Catalyst 2955 Switch Alarms Associating the Temperatur e Alarms to a Relay By default, the pr imary temperature alarm is a ssociated to the major rela y . Y ou can use the alarm facility temperature com[...]

  • Page 72

    3-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 3 Configuring Catalyst 2955 Switch Alarms Configuring Catalyst 2955 Switch Alarms Setting the FCS Error Threshold The switch generates an FCS bit error rate alarm w h en the actual FCS bit erro r rate is close to the configured FCS bit error rate. Use the f[...]

  • Page 73

    3-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 3 Configur ing Catalyst 2955 Switch Alarms Configuring Catalyst 2955 Switch Alarms Use the no alarm facility fcs-hyst eresis command to set the FCS error hysteresis threshold t o its default va lu e . Note The show running conf ig command displays any FCS e[...]

  • Page 74

    3-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 3 Configuring Catalyst 2955 Switch Alarms Configuring Catalyst 2955 Switch Alarms This example creates or modifies the alarm profile fastE for the fastEthernetPo rt with link-do wn ( alarmList ID 3) and an FCS error rate of 30 percent ( alarmList ID 4) ala[...]

  • Page 75

    3-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 3 Configur ing Catalyst 2955 Switch Alarms Displaying Catalyst 2955 Switch Alarms Status This example detaches an alarm profile named fastE from a port. Switch(config)# interface FastEthernet 0/2 Switch(config-if)# no alarm profile fastE Enabling SNMP Trap[...]

  • Page 76

    3-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 3 Configuring Catalyst 2955 Switch Alarms Displaying Catalyst 2955 Switch Alarms Status[...]

  • Page 77

    CH A P T E R 4-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 4 Assigning the Switch IP Address and Default Gateway This chapter describes how to creat e the initial switch conf iguration (for example, assign the switch IP address and default ga te way informatio n) for the Catalyst 2950 or Catalyst 2 955 switch [...]

  • Page 78

    4-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information The boot loader provides access to the flash fi le syst em before the operating system is lo aded. Normally , the boot loader is used only to load, uncompress, and launch th[...]

  • Page 79

    4-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information CLI-based setup program also allo ws you to configur e your switch as a comman d or member switch of a cluster or as a standalone switch. For more info rmation about the Exp[...]

  • Page 80

    4-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note The DHCP server feature i s only av ailable on Catalyst 2955 switches. During DHCP-based autoconf iguration, your switch (DHCP client) is a utomaticall y configured at [...]

  • Page 81

    4-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information In a DHCPREQUEST broadcast message, the client returns a for mal request for the of fered configuration information to the DHCP serv er . The formal request is broadcast so [...]

  • Page 82

    4-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information If you want the switch to recei ve IP address informat ion, yo u must configure the DHCP server with these lease options: • IP address of the client (required) • Subnet [...]

  • Page 83

    4-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Configuring the DNS The DHCP server uses the DNS server to resolve the TFTP serv e r name to an IP address. Y ou must configure the TFTP serv er name-t o-IP address map on t[...]

  • Page 84

    4-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Obtaining Configuration Files Depending on the a vailability o f the IP address a nd the conf iguration filename in the DHCP reserved lease, the switch obtains its confi gur[...]

  • Page 85

    4-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Example Configuration Figure 4-3 shows a sample network for retrieving IP info rmation by using DHCP-based autoconfiguration . Figur e 4-3 DHCP -Base d A utoconfiguration Ne[...]

  • Page 86

    4-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information switchb-confg switchc-confg switchd-confg prompt> cat network-confg ip host switch1 10.0.0.21 ip host switch2 10.0.0.22 ip host switch3 10.0.0.23 ip host switch4 10.0.0.[...]

  • Page 87

    4-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Assigning Switch Information Note The configur ation f ile that is downloaded from TFTP is mer ged with the switch es exist ing config uration in the running conf iguration and is not sa ved in the NVR[...]

  • Page 88

    4-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Checking and Saving the Ru nning Configuration Note Y ou should only conf igure and ena ble the Layer 3 inte rface. Do not assign an IP address or DHCP-based autoconf iguration with a sa ved conf igura[...]

  • Page 89

    4-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration T o store the conf iguration or changes you ha ve made to your startup conf iguration in flash memory , enter the copy running-config start up-confi g privile ged EX[...]

  • Page 90

    4-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration Specifying the Filename to Read and Write the System Configuration By default, the Cisco IO S software uses the f ile config .text to read and write a non volatile [...]

  • Page 91

    4-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Modifying the Startup Configuration T o disable manual booting, use the no boot manual global conf iguration command. Booting a Specific Software Image By default, th e switch attempts to automatically[...]

  • Page 92

    4-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Modifying the Star tup Configuration Controlling Environment Variables Y o u enter the boot loader mo de only through a switch console connection c onf igured for 9600 bp s. Unplug the switch po wer co[...]

  • Page 93

    4-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Scheduling a Re load of the Software Image Ta b l e 4-5 describes the function of th e most common en vironment v a riables. Scheduling a Reload of the Software Image Y o u can schedule a reload of the[...]

  • Page 94

    4-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image Note A scheduled reload must take pl ace within approxima tely 24 days. Configuring a Scheduled Reload T o config ure your switch to reload the softw are image[...]

  • Page 95

    4-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Scheduling a Re load of the Software Image Displaying Scheduled Reload Information T o display information abou t a pre viously scheduled reload or to d etermine if a reload has been scheduled on the s[...]

  • Page 96

    4-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 4 Assigning the Sw itch IP Address and Default Gateway Scheduling a Reload of the Software Image[...]

  • Page 97

    CH A P T E R 5-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 5 Configuring Cisco IOS CNS Agents This chapter describes ho w to config ure the Cisco IOS CNS agents on the Cat alyst 2950 or Catalyst 295 5 switch.T o use the feature described in this chapter , you must ha ve the en hanced software image (EI) instal[...]

  • Page 98

    5-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 5 Configurin g Cisco IOS CNS Agents Understanding Cisc o Configuration Engine Software Figur e 5-1 Configuration En gine Arc hitect ural Overview These sections contain this conceptual information: • Config uration Service, page 5-2 • Event Service, pag[...]

  • Page 99

    5-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 5 Configuring Cisco IOS CNS Agents Understanding Cisco Co nfiguration Engine Softw are The Configuration Service uses the CNS Event Service to send and recei ve conf iguration change e vents and to send success and fail ure notificatio ns. The configuration[...]

  • Page 100

    5-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 5 Configurin g Cisco IOS CNS Agents Understanding Cisc o Configuration Engine Software W ithin the scope o f a single ins tance of the conf igur ation serv er , no two conf ig ured switches can share the same v alue for Conf igID. W ithin the scope of a si [...]

  • Page 101

    5-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 5 Configuring Cisco IOS CNS Agents Understanding Cisco IOS Age nts Using Hostname, DeviceID, and ConfigID In standalone mode, when a hostname value is se t for a switch, the conf iguration server uses the hostname as the DeviceID when an e vent is sent on h[...]

  • Page 102

    5-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 5 Configurin g Cisco IOS CNS Agents Understanding Cisco IOS Agents Figur e 5-2 Initial Config uration Overview Incremental (Partial) Configuration After the networ k is running, ne w services can be added by using the Cisco IOS agent. Incremental (partial) [...]

  • Page 103

    5-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 5 Configuring Cisco IOS CNS Agents Configuring Cisco IOS Agents Configuring Cisco IOS Agents The Cisco IOS agents embedded in the switch Cisco IOS software allo w the switch to be connected and automatically configured as described in the “Enabling Automa[...]

  • Page 104

    5-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 5 Configurin g Cisco IOS CNS Agents Configuring Cisco IOS Agents Enabling the CNS Event Agent Note Y ou must enable the CNS e vent ag ent on the switch before you en able the CNS configuration agent. Beginni ng in pri vileged EXEC mod e, follo w these steps[...]

  • Page 105

    5-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 5 Configuring Cisco IOS CNS Agents Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS ev ent agent, start the Cisco IOS CNS agent on the switch. Y ou can enable the Cisco IOS agent with these commands: • The cns config in[...]

  • Page 106

    5-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 5 Configurin g Cisco IOS CNS Agents Configuring Cisco IOS Agents Step 7 cns id inte rface num { dns-re verse | ipaddress | mac-addr ess } [ eve nt ] or cns id { hardwar e-serial | hostname | string string } [ event ] Set the unique Ev entID or ConfigID use[...]

  • Page 107

    5-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 5 Configuring Cisco IOS CNS Agents Configuring Cisco IOS Agents T o disable the CNS Cisco IOS age nt, use the no cns conf ig initial { ip-address | hostname } global confi guration command. This ex ample sho ws how to conf igure an initial conf iguration o[...]

  • Page 108

    5-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 5 Configurin g Cisco IOS CNS Agents Displaying CNS Configuration Displaying CNS Configuration Y ou can use the pri vileged EXEC co mmands in Ta b l e 5-2 to display CNS conf iguration in formation. Ta b l e 5-2 Displaying CNS Configur ation Command Purpose[...]

  • Page 109

    CH A P T E R 6-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 6 Clustering Switches This chapter provides the concepts and pr oce dures to create and manage Catalyst 2950 and 2955 switch clusters. Y ou c an create and manage switch clusters by usi ng Cisco N etwork Ass istant (her eafter kno wn as Network Assista[...]

  • Page 110

    6-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Sw itches Understanding Switch Clusters In a switch cluster , 1 switch must be the cluster command swi tch an d up to 15 other switches can be cluster member sw itches . The total number of switches in a cluster cannot exceed 16 switch es. The [...]

  • Page 111

    6-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Switches Understanding Sw itch Clusters • It has an IP address. • It has Cisco Disco very Protocol (CDP ) version 2 enab led (the default). • It is not a command or cluster member swit ch of another cluster . • A Catalyst 2955 command s[...]

  • Page 112

    6-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Sw itches Planning a Switch Clus ter Note Non-LRE Catalyst 2950 command swit ches running Ci sco IOS Release 12.1(9)EA1 or later can connect to standb y command switches in the management VLAN. • It is redundantly connected t o the cluster so[...]

  • Page 113

    6-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Switches Planning a Switch Clu ster • IP Addresses, page 6-12 • Hostnames, page 6-12 • Passwords, pag e 6-12 • SNMP Community Strings, page 6- 13 • T A CA CS+ and RADIUS, pa ge 6-13 • LRE Prof iles, page 6-13 • Catalyst 19 00 and [...]

  • Page 114

    6-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Sw itches Planning a Switch Clus ter Figur e 6-1 Discovery Through CDP Hops Discovery Through Non-CDP-Capable and Noncluster-Capable Devices If a cluster command switch is connected to a non-CDP-capab le thir d-party hub (such as a non-Cisco hu[...]

  • Page 115

    6-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Switches Planning a Switch Clu ster Discovery Through Different VLANs If the cluster command switch is a Catalyst 2940, Catalyst 2950, Catal yst 2955, or Catalyst 3550 switch, the cluster can hav e cluster me mber switches in di fferent VLANs. [...]

  • Page 116

    6-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Sw itches Planning a Switch Clus ter • Switch 9 because automatic d iscovery does not exte nd bey ond a noncandidate de vice, which is switch 7 Figur e 6-4 Discovery Through Dif f erent Management VLANs with a Lay er 3 Clust er Command Swi tc[...]

  • Page 117

    6-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Switches Planning a Switch Clu ster Figur e 6-5 Discov ery of Newly Installed Switc hes HSRP and Standby Cluster Command Switches The switch uses Hot Standb y Router Protocol (HSRP) so that you can conf igure a group of standb y cluster command[...]

  • Page 118

    6-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Sw itches Planning a Switch Clus ter • Other Considerations for Cl uster Standby G roups, page 6-10 • Automatic Reco very of Clu ster Config uration, page 6-11 Virtual IP Addresses Y ou need to assign a unique virtual IP ad dress and group[...]

  • Page 119

    6-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Switches Planning a Switch Clu ster Figur e 6-6 VLAN Connectivity between Standby -Group Members and Clust er Members Automatic Recovery of Cluster Configuration The activ e cluster command switch continually forw ards cluster-conf iguration i[...]

  • Page 120

    6-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Sw itches Planning a Switch Clus ter IP Addresses Y ou must assign IP information to a cluster command switch. Y ou can a ssign more than one IP address to the cluster command swit ch, and you can access the cluster th rough any of th e comman[...]

  • Page 121

    6-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Switches Planning a Switch Clu ster For password considerations specific to the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and con figur ation guides for tho se switches. SNMP Community Strings A cluster member switch [...]

  • Page 122

    6-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Sw itches Using SNMP to Man age Switch Clusters The T elnet session a ccesses the member-switch CLI at the same privile g e le vel as on the command switch. The CLI commands then operate as u sual.For instru ctions on conf iguring the switch f[...]

  • Page 123

    6-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Switches Using SNMP to Mana ge Switch Clusters If a member switch has its o wn IP ad dress and community strin gs, they can be used in addition to the access provided by the command switch. For more in formation about SNMP and community string[...]

  • Page 124

    6-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 6 Clustering Sw itches Using SNMP to Man age Switch Clusters[...]

  • Page 125

    CH A P T E R 7-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 7 Administering the Switch This chapter describes ho w to perform one-t ime operations t o administer your Cat alyst 2950 or Catalyst 2955. This chapter consists of these sections: • Managing the System T ime and Date, page 7-1 • Config uring a Sys[...]

  • Page 126

    7-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the System Time and Date The system clock can provide time to these services: • User show commands • Logging and deb ugging messages The system clock keep s track of time internally based on Uni versal T ime Coordina[...]

  • Page 127

    7-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the System Time and Date Figur e 7 -1 T ypical NTP Netw ork Con figuration If the network is isolated from the Internet, Cisco’ s implementation of NTP allo ws a device to act as though it is synchro nized through NTP ,[...]

  • Page 128

    7-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the System Time and Date • Config uring NTP Broadcast Ser vice, page 7-6 • Config uring NTP Access Restrictions, page 7-8 • Config uring the Source IP Add ress for NTP Pack ets, page 7-10 • Displaying the NTP Con[...]

  • Page 129

    7-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the System Time and Date T o disable NTP authentica tion, use the no ntp authenticate global conf iguration co mmand. T o remove an authentication key , u se th e no ntp authentication-key number global conf iguration com[...]

  • Page 130

    7-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the System Time and Date Beginni ng in pri vileged EXEC mode, follo w these steps to form an NTP association with another de vice: Y ou need to configu re only one end of an association; the oth er de vice can automatica[...]

  • Page 131

    7-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the System Time and Date The switch can send or receiv e NTP broadcast packets on an interface-by -interfa ce basis if there is an NTP broadcast server , such as a router, broadcasting time i nformation on the netw ork. T[...]

  • Page 132

    7-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the System Time and Date T o disable an interface from rece i v ing NTP broadcast packets, use the no ntp br oadcast client interface confi guration command. T o change the estimated roun d-trip delay to the d efault, us[...]

  • Page 133

    7-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the System Time and Date The access group keyw ords are scanned in this orde r, from least restricti ve to most restr ictiv e: 1. peer —Allows time req uests and NTP control queries and allo ws the switch to synchronize[...]

  • Page 134

    7-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the System Time and Date T o re-enable receipt of NTP pack ets on an interface, use the no ntp disable interf ace configuration command. Configuring the Source IP Address for NTP Packets When the switch sends an NTP pac[...]

  • Page 135

    7-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the System Time and Date Configuring Time and Date Manually If no other source of time is av ai lable, you can manu ally conf igure the time and date after the system is restarted. The time remains accurate until the nex[...]

  • Page 136

    7-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the System Time and Date • .—T ime is authoritativ e, bu t NTP is not synchronized. Configuring the Time Zone Beginning in priv ileged EXEC mode, foll ow these steps to manually config ure the time zone: The minutes[...]

  • Page 137

    7-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the System Time and Date The first part of the clock summer -time global conf iguration command specifi es when summer time begins, and the second part specif ies when it ends. All times are relativ e to the local t ime [...]

  • Page 138

    7-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Configuring a System Nam e and Prompt The first part of the clock summer -time global conf iguration command specifi es when summer time begins, and t he second part specif ies when it ends. All times are relati ve to the local [...]

  • Page 139

    7-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Configuring a System Name and Prompt • Config uring a System Name, page 7-15 • Understanding DNS, page 7- 15 Default System Name and Prompt Configuration The default switch system name and prom pt is Switch . Configuring a Sy[...]

  • Page 140

    7-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Configuring a System Nam e and Prompt Default DNS Configuration Ta b l e 7-2 show s the default DNS co nfigu ration. Setting Up DNS Beginning in pri vileged EXEC mod e, follo w th ese steps to set up your switch to use the DNS: [...]

  • Page 141

    7-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Creating a Banner If you use the switch IP address as its hostname, th e IP address is used and no DNS query occurs. If you confi gure a hostname that contains no periods (.), a period follo wed by the def ault domain name is app[...]

  • Page 142

    7-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Creating a Banner T o delete the MO TD banner , use the no banner motd global conf iguration command. This examp le shows ho w to confi gure a MO TD banner for the swi tch by using t he pound sign (#) symbol as the begi nning an[...]

  • Page 143

    7-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the MAC Address Table T o delete the login banner , use the no banner login global conf iguration command. This example sho ws how to conf igure a login banner for the switch b y using the dollar sign ($) symbol as the b[...]

  • Page 144

    7-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the MAC Address Table • Adding and Remo ving Static Address Entries, page 7-23 • Config uring Unicast MA C Address Filtering, page 7-2 4 • .Displaying Address T able Entries, page 7- 25 Building the Address Table [...]

  • Page 145

    7-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the MAC Address Table Changing the Address Aging Time Dynamic addresses are source MAC addresses that the sw itch learns and then ages when they are not in use. The aging time parameter def i nes ho w long the switch ret[...]

  • Page 146

    7-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the MAC Address Table Beginning in priv ileged EXEC mode, foll ow th ese steps to conf igure the switch to send MA C address notif ication traps to an NMS host: Command Purpose Step 1 configure terminal Enter global con[...]

  • Page 147

    7-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the MAC Address Table T o disable the switch from sending MA C address notif ication traps, use the no snmp-serv er enable traps mac-notif ication global conf iguration command. T o disa ble the MA C address notification[...]

  • Page 148

    7-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the MAC Address Table Beginning in pri vileged EXEC mod e, follow these steps to add a static address: T o remove static entries from the address table, use the no mac address-tab le static mac-addr vlan vlan-id [ inter[...]

  • Page 149

    7-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 7 Administering the Switch Managing the MAC Address Table • If you add a unicast MA C address as a static address an d configure unicast MA C address filtering, the switch either ad ds the MA C address as a static address or drops packets with that MA C [...]

  • Page 150

    7-26 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 7 Administerin g the Switch Managing the ARP Table Managing the ARP Table T o communicate with a de vice (ov er Ethernet, for ex ample), the softw are first must determi ne the 48-bit MA C or the local data link address of that de vice. Th e process of det[...]

  • Page 151

    CH A P T E R 8-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 8 Configuring Switch-Based Authentication This chapter describe s ho w to configure switch-based authentica tio n on the Catalyst 2950 or Catalyst 2955. This chapter consists of these sections: • Pre venting Unauthorized A ccess to Y our Switch, page[...]

  • Page 152

    8-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Protecting Acce ss to Privileged EXEC Comma nds Protecting Access to Privileged EXEC Commands A simple wa y of provid ing terminal access control in yo ur network is t o use passwords and assign privile g e le vel[...]

  • Page 153

    8-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Protecting Ac cess to Privileged EXE C Commands Setting or Changing a Static Enable Password The enable password controls acces s to the pri vileged EX EC mode. Begin ning in pri vileged EXEC mode, follo w these st[...]

  • Page 154

    8-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Protecting Acce ss to Privileged EXEC Comma nds Protecting Enable and Enable Secret Passwords with Encryption T o provide an additional layer of security , particularly for passwords th at cross the netw ork or th[...]

  • Page 155

    8-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Protecting Ac cess to Privileged EXE C Commands Use the level keyw ord to def ine a password for a specif ic pri vilege le vel. After you specify the le vel and set a password, gi ve the password only to users who [...]

  • Page 156

    8-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Protecting Acce ss to Privileged EXEC Comma nds Beginning in priv ileged EXEC mode, foll ow th ese steps to disable password r ecov ery: T o re-enable password recov ery , use the service password-recovery global [...]

  • Page 157

    8-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Protecting Ac cess to Privileged EXE C Commands T o remove the passw ord, use the no password global conf iguration command . This example sho ws how to set the T elnet password to let45me67in89 : Switch(config)# l[...]

  • Page 158

    8-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Protecting Acce ss to Privileged EXEC Comma nds T o disable userna me authenticatio n for a specific user , use the no username name global configuration command. T o disable password checkin g and allo w connecti[...]

  • Page 159

    8-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Protecting Ac cess to Privileged EXE C Commands When you set a command to a privilege le vel, all commands whose syntax is a subset of that command are also set to that le vel. For e xample, if you set the show ip [...]

  • Page 160

    8-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ Logging into and Exiting a Privilege Level Beginni ng in pri vileged EXEC mode, follo w these steps to log in to a s pec if ie d pri vil eg e le v el and t o ex it to a spec[...]

  • Page 161

    8-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Swit ch Access w ith TACACS+ Figur e 8-1 T ypical T ACACS+ Netw ork Configur ation T A CA CS+, administered through the AAA secu ri ty services, can provide these services: • Authentication—Pro vid[...]

  • Page 162

    8-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ TACACS+ Operation When a user attempts a simple ASCII log in by authenticati ng to a switch by using T ACA CS+, this process occurs: 1. When the connection is established, t[...]

  • Page 163

    8-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Swit ch Access w ith TACACS+ • Config uring T A CA CS+ Authorization for Pri vileged EXEC A ccess and Network Services, page 8-16 • Starting T A CA CS+ Accounting, page 8- 16 Default TACACS+ Config[...]

  • Page 164

    8-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ T o remove the specified T ACA CS+ server name or address, use the no tacacs -server host hostname global conf iguration command. T o remov e a server gr oup from the conf i[...]

  • Page 165

    8-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Swit ch Access w ith TACACS+ T o disable AAA, use the no aaa new-model global conf iguration command. T o disable AAA authenticati on, use the no aaa authentication logi n { default | list-name } metho[...]

  • Page 166

    8-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with TACACS+ Configuring TACACS+ Authorization for Pr ivileged EXEC Access and Network Services AAA authorization limit s the servi ces a vailable to a user. When AA A authorizati on is [...]

  • Page 167

    8-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS Beginning in priv ileged EXEC mode, follow these steps to enable T A CACS+ accoun ting for each pri vilege le vel and for net work services: T o disable accounting, use t he n[...]

  • Page 168

    8-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS The RADIUS host is normally a mu ltiuser system running RADIUS server software from Cisco (Cisco Secure Access Control Server v ersion 3.0), Liv ingston, Merit, Microsof t, o[...]

  • Page 169

    8-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS Figur e 8-2 T ransitioni ng fr om R ADIUS t o T ACA CS+ Services RADIUS Operation When a user attempts to log in and auth enticate to a switch that is access controlled by a R[...]

  • Page 170

    8-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS A method list def ines the sequence and methods to be used to authenticate, to au thorize, or to keep accounts on a user. Y ou can use method lists to designate on e or more [...]

  • Page 171

    8-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS If two dif ferent host entries on the sam e RADIUS server are conf igured for the same service—for example, accounting— the second host e ntry configured acts as a f ail-o[...]

  • Page 172

    8-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS Beginning in priv ileged EXEC mode, foll ow these steps to conf igure per-serv er RADIUS server communication. This procedure is req uired. T o remove the specified RADIUS se[...]

  • Page 173

    8-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS This exampl e sho ws how to conf igure host1 as the RADIUS server an d to use the defaul t ports for both authentication an d accounting: Switch(config)# radius-server host ho[...]

  • Page 174

    8-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS Step 3 aaa authentication login { default | list-name } method1 [ method2... ] Create a login authen tication method list. • T o create a default list that is used when a n[...]

  • Page 175

    8-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o disable AAA, use the no aaa new-model global conf iguration command. T o disable AAA authenticati on, use the no aaa authentication logi n { default | list-name } method1 [...]

  • Page 176

    8-26 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS Beginning in pri vileged EXEC mode, fol lo w these st eps to define the AAA serv er group and associate a particular RADIUS server with it: Command Purpose Step 1 configur e [...]

  • Page 177

    8-27 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o remove the specified RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command. T o remov e a server group from t he configurati o[...]

  • Page 178

    8-28 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS T o disable authorization, use the no aaa authorization { network | exec } method1 global configuration command. Starting RADIUS Accounting The AAA accounting feature tracks [...]

  • Page 179

    8-29 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o return to the default setting f or the retransmit, timeout, and deadtime, use the no forms of these commands. Configuring the Switch to Use V endor-Specific RADI US Attrib[...]

  • Page 180

    8-30 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Controlling Switch Access with RADIUS This example sho ws how to specify an author ized VLAN in the RADIUS serv er database: cisco-avpair= ”tunnel-type(#64)=VLAN(13)” cisco-avpair= ”tunnel-medium-type(#65)=[...]

  • Page 181

    8-31 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Controlling Switch Access with RADIUS T o delete the vendor -proprietary RADIUS host, use the no radius-server host { hostname | ip-addr ess } non-standard global conf iguration command. T o disable the key , use [...]

  • Page 182

    8-32 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Configuring the Switch for Lo cal Authentication and Authorizatio n Configuring the Switch for Local Authentication and Authorization Y ou c an configure AAA to operate wi thout a server b y setting the switch to[...]

  • Page 183

    8-33 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Configuring th e Switch for Se cure Shell Configuring the Switch for Secure Shell This section describes how to configure the Secure Sh ell (SSH) feature. SSH is a cryptographic security feature that is subject to[...]

  • Page 184

    8-34 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Shell • T A CACS+ (for more information, see the “Control ling Switch Access with T ACA CS+” section on page 8-10 ) • RADIUS (for more information, see the “Controlling[...]

  • Page 185

    8-35 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Configuring th e Switch for Se cure Shell Cryptographic Software Image Guidelines These guidelines apply on ly to non-LR E Catalyst 2950 an d 2940 switches: The SSH feature uses a large amount of switch me mory , [...]

  • Page 186

    8-36 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Shell T o delete the RSA ke y pair , use the crypto key zeroize rsa global conf iguration command. After the RSA key pair is deleted, the SSH server is aut omatically disabled. C[...]

  • Page 187

    8-37 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 8 Configuri ng Switch-Based Authentication Configuring th e Switch for Se cure Shell Displaying the SSH Configuration and Status T o display the SSH server conf iguration and status, use one or more of the pri vileged EXEC commands in Ta b l e 8-2 : For mo[...]

  • Page 188

    8-38 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 8 Config uring Switch-Based Authentic ation Configuring the Switch for Secure Shell[...]

  • Page 189

    CH A P T E R 9-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 9 Configuring IEEE 802.1x Port-Based Authentication This chapter describes ho w to configure IEEE 802.1x port-based authen tication on the Catalyst 2950 or Catalyst 2955 switch. IEEE 802.1x authentication prev ents unauthorized de vices (c lients) from[...]

  • Page 190

    9-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802. 1x Port-Based Authentication • Using IEEE 802.1x Auth entication with VLAN A ssignment, page 9-7 • Using IEEE 802.1x Auth entication with Guest VLAN, page 9-8 • Using IEEE 802[...]

  • Page 191

    9-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication information wit h the authentication serv er , and rela ying a response to the client. The switch includes the RADIUS client, which is responsib le for [...]

  • Page 192

    9-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802. 1x Port-Based Authentication Figur e 9-2 Messag e Exc hang e Ports in Authorized and Unauthorized States During IEEE 802.1x authentication, depending on the switch port state, the s[...]

  • Page 193

    9-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • auto —enables IEEE 802.1x authenti cation and causes the port t o begin in t he unauthorized state, allowing only EAPOL frames to be sent and rece[...]

  • Page 194

    9-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802. 1x Port-Based Authentication IEEE 802.1x Accounting The IEEE 802.1x standard defines ho w users are au thorized and authenticated for network access but does not keep track of netwo[...]

  • Page 195

    9-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication For mo re i nf or m at io n ab ou t A V pa i rs , s e e R F C 3 58 0 , “IEEE 802.1X Remote Authen tication Dial In User Service (RADIUS) Usage Guideli[...]

  • Page 196

    9-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802. 1x Port-Based Authentication • Enable IEEE 802.1x authen tication (the VLAN assignment feature is automatically enabled when you conf igure IEEE 802.1x authenti cation on an acces[...]

  • Page 197

    9-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication Using IEEE 802.1x Authentication with Restricted VLAN Y ou can configure a restricted VLAN for each IEEE 802.1x port on a sw itch to pro vide limited se[...]

  • Page 198

    9-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802. 1x Port-Based Authentication Using IEEE 802.1x Authentication with Voice VLAN Ports A voice VLAN port is a special access por t associated with two VLAN identifi ers: • VVID to c[...]

  • Page 199

    9-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Po rt-Based Authentication • When an IEEE 802.1x client logs off, the port changes to an unauthenticated state, and all dynamic entries in the secure host table ar e cleared, i[...]

  • Page 200

    9-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication • Set the action to be tak en when the switch tries to re-authenticate the cli ent by using the T ermination-Action RADIUS attribut e (Attribut e[29]). If the v al[...]

  • Page 201

    9-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication IEEE 802.1x Authentication Configuration Guidelines These section has configuration guidelines for these features: • IEEE 802.1x Authentication, page 9-14 • VLAN[...]

  • Page 202

    9-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication IEEE 802.1x Authentication These are the IEEE 802.1x authenti cation configuration guidelines: • When IEEE 802.1x authen tication is enabled, ports are auth entica[...]

  • Page 203

    9-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication client times out and tr ies to get a host IP address from the DHCP serv er . Decrease the settings for the IEEE 802.1x authentication process ( dot1x timeout quiet-p[...]

  • Page 204

    9-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication Step 6 The switch sends an interim accountin g update to the ac counting server that is based on the result o f re-authentication. Step 7 The user disconnects from t[...]

  • Page 205

    9-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication T o disable AAA, use the no aaa new-model global configuration command. T o disable IEEE 802.1x AAA authentication, use the no aaa authentication dot1x { default | l[...]

  • Page 206

    9-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication T o delete the specified RADIUS server , use the no radius-server host { hostname | ip -addr ess } global confi guration command. This example sho ws how to specify [...]

  • Page 207

    9-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication Enabling Periodic Re-Authentication Y ou can enable periodic IEEE 802.1x client re-authe ntication and specify how often it occurs. If you do not specify a time peri[...]

  • Page 208

    9-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication Changing the Quiet Period When the switch cannot auth enticate the client, the switch remains idle for a set period of time, and then tries again. The id le time is [...]

  • Page 209

    9-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication T o return to the default retransmission time, use the no dot1x timeout tx-period interface conf iguration command. This exampl e show s how to set 60 as the number [...]

  • Page 210

    9-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication Configuring IEEE 802.1x Accounting Enabling AAA system accounting with IEEE 802.1x accounting allo ws system reload e vents to be sent to the accounting RADI US serv[...]

  • Page 211

    9-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication Configuring a Guest VLAN When you configure a guest VLAN, clients that are not IEEE 802.1x- capable are put into the guest VLAN when the server does not recei ve a r[...]

  • Page 212

    9-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication Y ou can enable optional guest VLAN beha vior by using the dot1x guest-vlan suppli cant global configuration command. When enabled, the switch do es not maintain the[...]

  • Page 213

    9-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication Beginni ng in pri vileged EXEC mode, foll ow t hese steps to conf igure a restricted VLAN. This procedure is optio nal. T o disable and remo ve the restrict ed VLAN,[...]

  • Page 214

    9-26 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication T o return to the default v alue, use the no dot1x auth-fail max-attempts interface conf iguration command. This example sho ws how to set 2 as the number of au then[...]

  • Page 215

    9-27 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Configuring IEEE 802.1x Authentication Configuring NAC Layer 2 IEEE 802.1x Validation In Cisco IOS Release 12.1 (22)EA6 or later , you can configure N A C Layer 2 IEEE 802.1x validation, which is also ref[...]

  • Page 216

    9-28 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Displaying IEEE 802.1x Statistics and Status Resetting the IEEE 802.1x Configuration to the Default Values Beginning in pri vileged EXEC mode, follow these steps to reset the IEEE 802.1x configuration to [...]

  • Page 217

    CH A P T E R 10-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 10 Configuring Interface Characteristics This chapter describes the ty pes of interfaces on a Catalyst 29 50 or Catalyst 2955and ho w to conf igure them. The chapter has these sections: • Understanding Interf ace T ypes, page 10-1 • Using the Inte[...]

  • Page 218

    10-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 10 Configur ing Interface Characteristics Understanding Interface Types These sections describes these types of interfaces: • Access Ports, page 10-2 • T runk Ports, page 10-2 • Port-Based VLANs, page 10-3 • EtherChannel Port Groups, page 10 -3 •[...]

  • Page 219

    10-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 10 Configuring Interfac e Characteristics Understanding Interface Types A trunk port can onl y become a member of a VLAN if VTP kno ws of the VLAN and the VLAN is in the enabled state. If VTP learns of a new , enabled VL AN and the VLAN is in the allo wed [...]

  • Page 220

    10-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 10 Configur ing Interface Characteristics Using the Interface Command When you conf igure an EtherChannel, you create a port -channel logical in terfa ce and assign an interface to the EtherChannel. For Layer 2 interfaces, the logi cal interface is dynamic[...]

  • Page 221

    10-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 10 Configuring Interfac e Characteristics Using the Inte rface Command Y ou can identify physical interfaces b y physically checking the interf ace location on the switch. Y ou can also use the Cisco IOS show pri vileged EXEC co mmands to display informati[...]

  • Page 222

    10-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 10 Configur ing Interface Characteristics Using the Interface Command Beg i nn in g i n pr ivi leg e d E XE C mo de , f o ll ow t he se st e ps to conf igure a range of interfaces with the same parameters: When using the interface range global conf igurati[...]

  • Page 223

    10-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 10 Configuring Interfac e Characteristics Using the Inte rface Command This example sho ws how to use a comma to add dif feren t interface type strings to t he range to enable all Fast Ethernet interfaces in t he range 0/1 to 0/3 and Gig abit Ethernet inte[...]

  • Page 224

    10-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 10 Configur ing Interface Characteristics Configuring Ethernet Inte rfaces – port-channel port-chann el-number - port-c hannel-number , where port-c hannel-nu mber is from 1 to 6. • Y o u must add a space between the interface numbers and the hyphen wh[...]

  • Page 225

    10-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 10 Configuring Interfac e Characteristics Configuring Ethernet Interfaces • Config uring Media T ypes for Gigabit Ethe rnet I nterfaces on LRE Switches, page 10-13 • Configuring I EEE 802.3x Flow Control on IEEE 802.3z Gi gabit Ethernet Ports, page 10 [...]

  • Page 226

    10-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 10 Configur ing Interface Characteristics Configuring Ethernet Inte rfaces Configuring Interface Speed and Duplex Mode The 10/100 Ethernet int erfaces on a non-LRE switch operate in 10 or 100 Mbps and in ei ther full- or half-duple x mode. The 10/100/1000[...]

  • Page 227

    10-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 10 Configuring Interfac e Characteristics Configuring Ethernet Interfaces • When connecting an interface to a 100B ASE-T device that does not autonegotiate, set the speed to a nonautonegot iation v alue (for example, none gotiate), and set the duple x m[...]

  • Page 228

    10-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 10 Configur ing Interface Characteristics Configuring Ethernet Inte rfaces Setting the Interface Speed and Duplex Parameters on a Non-LRE Switch Port Be gi nn in g i n pr ivi le ge d E X EC mo de , fo ll ow t he s e s te p s t o set the speed and duplex m[...]

  • Page 229

    10-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 10 Configuring Interfac e Characteristics Configuring Ethernet Interfaces Use the no local speed and no local duplex interface conf iguration commands to return the interf ace to the default speed and duplex setti ngs. T o return all interface set tings t[...]

  • Page 230

    10-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 10 Configur ing Interface Characteristics Configuring Ethernet Inte rfaces • rec ei ve on (or desired ) and send off : The port cannot send pause fra mes b ut can operate with an attached device that is required to or can send pause frames; the port can[...]

  • Page 231

    10-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 10 Configuring Interfac e Characteristics Monitoring and Ma intaining the Interfaces Use the no description interface co nfigu ration command to delete the descriptio n. This exampl e show s how to add a description on a port and to verify the description[...]

  • Page 232

    10-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 10 Configur ing Interface Characteristics Monitoring an d Ma intaining the Interfaces Monitoring Interface and Controller Status Commands entered at the pri vileged EXEC prompt di splay info rmation about the interf ace, including the version of th e soft[...]

  • Page 233

    10-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 10 Configuring Interfac e Characteristics Monitoring and Ma intaining the Interfaces T o clear the interface counters shown by the show interfaces privile ged EXEC command, use the clear counters pri vileged EXEC command. Th e clear counters command clear[...]

  • Page 234

    10-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 10 Configur ing Interface Characteristics Monitoring an d Ma intaining the Interfaces When the shutdown interf ace conf iguration command i s entered on an LRE interface, t he LRE link is shut do wn. T o shut down the 10/100 Ethernet ports on CPE de vice,[...]

  • Page 235

    CH A P T E R 11-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 11 Configuring Smartports Macros This chapter describes ho w to configure an d apply Smartports macros on t he Catalyst 2950 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command reference for[...]

  • Page 236

    11-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 11 Configur ing Smartport s Macros Configuring Smartports Macros Cisco also provides a collection of pretested, Ci sco-recommended baseline conf iguration templates for Catalyst switches. Th e online reference guide templates pr ovide t he CLI commands tha[...]

  • Page 237

    11-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 11 Configuring Smartports Macros Configuring Smartports Macros Smartports Macro Configuration Guidelines Follo w these guidelines when conf iguring macros on your switch: • When creating a macro, do not use the exit or end commands or change the command [...]

  • Page 238

    11-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 11 Configur ing Smartport s Macros Configuring Smartports Macros Creating Smartports Macros Beginning in priv ileged EXEC mode, foll ow these steps to create a Smartports macro: The no form of the macr o name global con figur ation command only deletes the[...]

  • Page 239

    11-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 11 Configuring Smartports Macros Configuring Smartports Macros Applying Smartports Macros Beginning in priv ileged EXEC mode, follow these steps to apply a Smartports macro: Y ou can delete a global macr o-applied conf iguration on a swi tch only b y enter[...]

  • Page 240

    11-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 11 Configur ing Smartport s Macros Configuring Smartports Macros This e xample sho ws how to ap ply the user -created macro cal led snmp , to set the host name address to test-server and t o set the IP precedence v alue to 7 : Switch(config)# macro global [...]

  • Page 241

    11-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 11 Configuring Smartports Macros Configuring Smartports Macros Y ou can delete a global macr o-applied conf iguration on a swi tch only b y entering the no version of each command that is in th e macro. Y ou can delete a macr o-applied configurat ion on an[...]

  • Page 242

    11-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 11 Configur ing Smartport s Macros Displaying Smartports Ma cros Displaying Smartports Macros T o display the Smartports macros, use one or more of the privileged EXEC commands in Ta b l e 11-2 . Ta b l e 11 - 2 C o m m a n d s f o r D i s p l a ying Smart[...]

  • Page 243

    CH A P T E R 12-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 12 Configuring LRE This chapter describe s ho w to configure the Lo ng-Reach Ethernet (LRE) features on your Catalyst 29 50 LRE switch. This chapter consists of these section s: • Understanding LR E Features, page 12-1 • Config uring LRE Ports, pa[...]

  • Page 244

    12-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Understanding LRE Features • LRE link—This is the co nnection between the switch LRE port and the RJ-11 w all port on an LRE CPE de vice such as the Cisco 575 LRE CPE or the Cisc o 585 LRE CPE. This connection can be through categor[...]

  • Page 245

    12-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Understanding LRE Features Note Use the rates and distances in Ta b l e 12-1 and Ta b l e 12-2 only as guidelines. Fact ors such as the type of cable that you use, ho w it is bundled, an d the inte rference and noise on the LR E link can[...]

  • Page 246

    12-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Understanding LRE Features Y o ur data rates will always be less than th e gross data rate listed in tables. A small percentage of the link rate is used b y the Catalyst 2950 LRE swi tch for supervisory func tions with the CPE de vice c[...]

  • Page 247

    12-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Understanding LRE Features LRE Sequences The LRE switches are shipped with predefined sequences. Sequences are sets of profiles and are used with the rate selection feature. Th e rate selection feature enables th e switch to automat ical[...]

  • Page 248

    12-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Understanding LRE Features Beginni ng with the f irst prof ile in a sequence, t he switch attempts to app ly each prof ile within that sequence to the LRE interf ace. The switch co nt inues these attempts until it con verg es ( con ver [...]

  • Page 249

    12-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Understanding LRE Features CPE toggle cannot be disabled on a Ci sco 575 LRE or Cisco 57 6 LRE 997 CPE link b ut can be disabled on a Cisco 585 LRE CPE. For more information, see the “Conf iguring CPE T oggle” section on page 12-21 .[...]

  • Page 250

    12-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Configuring LRE Ports • Event—The switch logs only LRE e vents. • Extended— The switch logs LRE e ven ts and all the LRE paramet ers. • Normal—The switch logs LRE e vents and the typical LRE parameters. Y o u can use the log[...]

  • Page 251

    12-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Configuring LRE Ports • Rate selectio n is enabled on al l interfaces, but a se quence with which to start rat e selection is not defined. • LRE link persi stence is enabled . The default is 3 second s. • LRE link mo nitoring is en[...]

  • Page 252

    12-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Configuring LRE Ports – Older installations o ver 30 years old often use hea vy gauge wire (2 2 or 20 A WG) with no signif icant twist. In man y cases, the cabling is set into the f abric of the building. The cables might be tightly [...]

  • Page 253

    12-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Configuring LRE Ports Guidelines for Configuring Cisco 575 LRE CPEs and 576 LRE 997 CPEs Y ou can configure the CPE Ethernet port to oper ate at 10 or 100 Mbps and at half- or full-dupl ex mode, depending on the capabi lity of the remot[...]

  • Page 254

    12-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Configuring LRE Ports The loopback interf ace conf iguration command is not supported on the LRE ports. Ext ernal loopback on the LRE ports is also not sup ported. Connecting a CPE Ethern et port to anoth er Ethernet port on the same C[...]

  • Page 255

    12-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Configuring LRE Ports T o delete the prof ile from a sequence, use the no prof ile pr of ile-name interface conf iguration command. T o display the LRE link st atistics and pr of ile information on the LRE ports, use the show controller[...]

  • Page 256

    12-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Configuring LRE Ports T o remove a sequence from a port, use the no sequence sequence- name interface conf iguration command. T o display the LRE link statistics and se quence information on the LRE ports, use the show controllers lre [...]

  • Page 257

    12-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Configuring LRE Ports Precedence The rate selection feature can be applied at bot h th e port le vel and at the swi tch lev el. Profiles and sequences hav e a system-defined prio rity lev el that work with rate selection to determine th[...]

  • Page 258

    12-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Configuring LRE Ports Link Qualification and SNR Margins When rate selection is running, the SNR is u sed as an indicator of lin k qualit y . The switch does not provid e any internal mech anism to ensure link quali ty . There can be d[...]

  • Page 259

    12-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Configuring LRE Ports Ta b l e 12-7 SNR Requirements f or Upstr eam Rates for the Catalyst 2950S T -8 LRE and the Catalyst 2950ST -24 LRE Swi tch es Profile Gross Data Rate QAM Theoretical Minimum SNR Low Noise SNR Medium Noise SNR High[...]

  • Page 260

    12-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Configuring LRE Ports The margin ran ge for link qualif ication is from 1 to 10 dB. The recommended valu e in a lo w-noise en vironment is 2 dB. The recommended v alue for medium noise en vironment is 4 dB. The recommend ed v alue in a[...]

  • Page 261

    12-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Configuring LRE Ports Configuring LRE Link Persistence If the LRE link shuts do wn and is automatically re-enabled quickly , the switch config uration might change. For example, the dynamic MA C addresses ar e remo ved from th e MA C ad[...]

  • Page 262

    12-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Configuring LRE Ports A lo wer v alue of the interlea ve block size means less tole rance to noise and causes a lo wer latency of frame transmis sion. For e xample, lowe r val ues of the interleave block size can be us ed for v oice ap[...]

  • Page 263

    12-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Configuring LRE Ports • Make sure that all t he CPEs in the prod uction network are runnin g the same LRE binary version . Use the show controllers lr e cpe version priv ileged EXEC com mand to display t he binary v ersion on all CPE [...]

  • Page 264

    12-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Configuring LRE Ports T o re-enable CPE toggle on the Cisco 585 LRE CPE link, use the cpe toggle [ port port -id ] interface confi guration command. Configuring Syslog Export If the syslog export feature is enabled, the swit ch sends t[...]

  • Page 265

    12-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Upgrading LRE Switch Firmware T o turn of f the logging of e vents, use the no logging lr e { eve nt | extended | normal } interface confi guration command. Upgrading LRE Switch Firmware The Catalyst 29 50 LRE switch can store and prope[...]

  • Page 266

    12-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Upgrading LRE Switch Firmware Note Y ou must remo ve global conf igurations that might af fect t he controll er and de vices connected to it. Note If you enter the lre upgrade default family global config uration command and the upgrad[...]

  • Page 267

    12-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Upgrading LRE Switch Firmware Y ou can use the upgrade controller conf iguration command to ov erride the system def ault selection of an LRE binary that will b e applied on either end of a particular LRE link. Con troller conf iguratio[...]

  • Page 268

    12-26 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Upgrading LRE Switch Firmware ! controller LongReachEthernet 1 ! controller LongReachEthernet 2 ! controller LongReachEthernet 3 ! controller LongReachEthernet 4 ! controller LongReachEthernet 5 ! controller LongReachEthernet 6 ! ! <[...]

  • Page 269

    12-27 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 12 Configuring LRE Displaying LRE St atus Displaying LRE Status T o display the LRE informat ion, use one or more of th e pri vileged EXEC command s in Ta b l e 12-10 . For detailed i nformation about the f ields in the command outputs, see the co mmand r[...]

  • Page 270

    12-28 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 12 Configurin g LRE Displaying LRE Status[...]

  • Page 271

    CH A P T E R 13-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 13 Configuring STP This chapter describe s ho w to configure the Spanning T ree Pro tocol (STP) on port-based VL ANs on your Catalyst 2950 or Catal yst 2955 switch. The switch can use either the per-VLAN spanning-tree pl us (PVST+) protocol based on t[...]

  • Page 272

    13-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Understandin g Spanning-T ree Features • Spanning-T ree Interoperability and Backw ard Compatibility , page 13-10 • STP and IEEE 802.1Q Trunks, page 13-10 For conf iguration information, see the “Configuring Span ning-T ree Featur[...]

  • Page 273

    13-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Understanding Spa nning-Tree Features When the switches in a network are powered up, each functions as the root switch. Each switch sends a confi guration BPDU through al l of its ports. The BPDUs co mmunicate and compute the sp anning-t[...]

  • Page 274

    13-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Understandin g Spanning-T ree Features In Cisco IOS Release 12.1(9)EA1 a nd later , Catalyst 2950 and Catalyst 2955 switches support the IEEE 802.1t spanning -tree extensions. Some of the bits pr e viously used for the switch priorit y [...]

  • Page 275

    13-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Understanding Spa nning-Tree Features • From forwarding to dis abled Figure 13-1 illustrates how an interf ace mo ves through the states. Figur e 13-1 Spanning-T ree Interf ace States When you power up the switch, span ning tree is ena[...]

  • Page 276

    13-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Understandin g Spanning-T ree Features • Receiv es BPDUs Listening State The listening state is the first state a Layer 2 interf ace enters after the blocking state. The interface enters this state when the spanning tree determines th[...]

  • Page 277

    13-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Understanding Spa nning-Tree Features How a Switch or Port Becomes the Root Switch or Root Port If all switches in a network are enabled with defaul t spanning-tree settings, the swi tch with the lo west MA C address becomes the root swi[...]

  • Page 278

    13-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Understandin g Spanning-T ree Features Figur e 13-3 Spanning T ree and Re dundant Connectivity Y ou can also create redundant links b etween sw itches by using Et herChannel groups. For more informatio n, see Chapter 30, “Config uring[...]

  • Page 279

    13-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Understanding Spa nning-Tree Features Spanning-Tree Modes and Protocols The switch support s these spanning-tre e modes and protocol s: PVST+—This spanning-tree mode is based on the IEEE 802.1D st andard and Cisco proprietary extension[...]

  • Page 280

    13-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Configuring Sp anning-Tree Featur es Spanning-Tree Interoperabi lity and Backward Compatibility Ta b l e 13-2 lists the interoperability an d compatibility among t he supported spanning-tree modes in a network. In a mixed MSTP an d PVS[...]

  • Page 281

    13-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Configuring Spa nning-Tree Features • Config uring the Root Swit ch, page 13-14 (optio nal) • Config uring a Secondary Root Swi tch, page 13-16 (optional) • Config uring the Port Priority , page 13-17 (optional) • Config uring t[...]

  • Page 282

    13-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Configuring Sp anning-Tree Featur es If 64 instances of spanning tree are alread y in use, you can disable spanning tree on one of t he VLANs and then enable it on the VLAN wh ere you want it to run . Use the no spanning-tr ee vlan vla[...]

  • Page 283

    13-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Configuring Spa nning-Tree Features T o return to the defau lt setting, use the no spanning-t ree mode global co nfigu ration command. T o return the port to its def ault setting, use the no spanning-tree link-type interface conf igurat[...]

  • Page 284

    13-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Configuring Sp anning-Tree Featur es Beginning in pri vileged EXEC mode, follo w these steps to disable spannin g tree on a per -VLAN basis. This procedure is optional. T o re-enable spanning tree, use the spanning-tree vlan vlan-id gl[...]

  • Page 285

    13-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Configuring Spa nning-Tree Features • For Catalyst 2950 swi tches without the ex tended system ID (softw are earlier than Cisco IOS Release 12.1(9)EA1), if al l network de vices in VLAN 100 ha ve th e default prio rity of 32768, enter[...]

  • Page 286

    13-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Configuring Sp anning-Tree Featur es T o return the switch to its default setting, use the no spanning-tr ee vlan vlan-id roo t global confi guration command. Configuring a Secondary Root Switch When you conf igure a Catalyst 2950 or C[...]

  • Page 287

    13-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Configuring Spa nning-Tree Features T o return the switch to its default setting, use the no spanning-tr ee vlan vlan-id roo t global confi guration command. Configuring the Port Priority If a loop occurs, spanning tree us es the port p[...]

  • Page 288

    13-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Configuring Sp anning-Tree Featur es Note The show spanning-tr ee interface interfac e-id pri vilege d EXEC command displays informati on only if the port is in a link-up operativ e s tate. Otherwise, you can use the show running-confi[...]

  • Page 289

    13-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Configuring Spa nning-Tree Features Note The show spanning-tr ee interface interfac e-id pri vilege d EXEC command displays informati on only for ports that are in a link-up operati ve state. Otherwise, you can use the show running-conf[...]

  • Page 290

    13-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Configuring Sp anning-Tree Featur es T o return the switch to its default setting, use the no spanning-tr ee vlan vlan-id priority global confi guration command. Configuring Spanning-Tree Timers Ta b l e 13-4 describes the timers that [...]

  • Page 291

    13-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Configuring Spa nning-Tree Features Configuring the Forwardi ng-Delay Time for a VLAN Beginni ng in pri vileged EXEC mod e, follo w these steps to conf igure the forwarding-delay time for a VLAN. This procedure is optional. T o return t[...]

  • Page 292

    13-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Configuring Sp anning-Tree Featur es Configuring Spanni ng Tree for Use in a Cascaded Stack Spanning tree uses def ault va lues that can be reduced when configuring your switch in cascaded configurations. If a root switch is part of a [...]

  • Page 293

    13-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 13 Configuring STP Displaying the Spanning -Tree Status Displaying the Spanning-Tree Status T o display the spanning-tree status, use o ne or more of the pri vileged EXEC commands in Ta b l e 13-6 : Y o u can clear spanning-tre e counters by using the cle[...]

  • Page 294

    13-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 13 Configur ing STP Displaying the Sp anning-Tree Status[...]

  • Page 295

    CH A P T E R 14-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 14 Configuring MSTP This chapter describe s ho w to configure the Cisco im plementation of the IEE E 802.1s Multiple STP (MSTP) on your Catalyst 2950 or Catalyst 29 55 switch. Note The multiple spanning-tree (MST) implementation is a prestandard imple[...]

  • Page 296

    14-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Understandi ng MSTP Understanding MSTP MSTP , which uses RSTP for rapid co n verge nce, en ables VLANs to be grou ped into a spanning-tree instance, with each instance h aving a spann ing-tree topology inde pendent of other spanning-t [...]

  • Page 297

    14-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Understanding M STP All MST instances within the same re gion share the same protocol timers, bu t each MST instance has its o wn topology parameters, such as root switch ID, root path cost, and so fort h. By default, all VLANs are assi[...]

  • Page 298

    14-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Understandi ng MSTP Figur e 14-1 MST Regions, IST Masters, and the CS T Root Figure 14-1 does not sho w additional MST instances for each reg ion. Note that the topology of MST instances can be dif ferent from that of the IST for the s[...]

  • Page 299

    14-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Understanding M STP recei ved remaining hop count b y one an d propagates this v alue as the rem aining hop count i n the BPDUs it generates. Wh en the count reaches zero, the switch discards the BPDU and ag es the information held for [...]

  • Page 300

    14-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Understandi ng RSTP Understanding RSTP The RSTP takes adv antage of point-to-poi nt wiring and pro vides rapid con vergence of the spanning tree. Reconfi guration of the sp anning tree can occu r in less than 1 second (in contrast to 5[...]

  • Page 301

    14-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Understanding RST P T o be consistent with Cisco STP implementations, th is guide def ines the port state as bloc king instead of discar ding . Designated ports sta rt in the l istening state. Rapid Convergence The RSTP provides for rap[...]

  • Page 302

    14-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Understandi ng RSTP Figur e 14-2 Proposal and Agr eement Hand shaking for Rapid Conv ergence Synchronization of Port Roles When the switch receiv es a proposal message on one of its ports and that port is selected as the ne w root port[...]

  • Page 303

    14-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Understanding RST P Figur e 14-3 Seq uence of Events Dur ing Rapid Conv erg ence Bridge Protocol Data Unit Format and Processing The RSTP BPDU format is the same as the IEEE 8 02.1D BPD U format except that the pr otocol version is set [...]

  • Page 304

    14-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Understandi ng RSTP The RSTP does not ha ve a separate topology change notificat ion (TCN) BPDU. It uses the topolog y change (TC) flag to sho w the to pology changes. Howe ver , for in teroperability with IEEE 802.1D switches, the RS[...]

  • Page 305

    14-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Configuring MSTP Features • Protocol migration—F or backward compatibilit y with IEEE 802.1D switches, RSTP selecti vely sends IEEE 802.1D conf iguration BPDUs and TCN BPDUs on a per -port basis. When a port is initialized, the mig[...]

  • Page 306

    14-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Configuring MSTP Features For info rmation about the supported number of spanning-tree instan ces, see the “Support ed Spanning-Tree Instances” section on page 13-9 . MSTP Configuration Guidelines These are the configurati on guid[...]

  • Page 307

    14-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Configuring MSTP Features Specifying the MST Region Configuration and Enabling MSTP For tw o or more switches to be in the same MST re gion, the y must hav e the same VLAN-to-instance mapping, the same conf iguration re vision number ,[...]

  • Page 308

    14-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Configuring MSTP Features T o return to the default MST region conf iguration, use the no spanning-tree mst conf iguration global confi guration command. T o return to the def ault VLAN-to-instance map, use the no instance instance-id[...]

  • Page 309

    14-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Configuring MSTP Features Use the diameter keyw ord, which is a vai lable only for MST instance 0, to specify the Layer 2 n etwork diameter (that is, th e maximum number of switch h ops between any tw o end stations in t he Layer 2 net[...]

  • Page 310

    14-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Configuring MSTP Features Y ou can execute this command on more than one sw itch to conf igure mu ltiple backup roo t switches. Use the same network d iameter and hello-time v alues that you used when you conf igured the primary root [...]

  • Page 311

    14-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Configuring MSTP Features Beginning in pri vileged EXEC mod e, follo w these steps to conf igure the MSTP port priority of an interface. This pro cedure is optional. Note The show spanning-tr ee mst interface interfac e-id pri vileged [...]

  • Page 312

    14-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Configuring MSTP Features Note The show spanning-tr ee mst interface interfac e-id pri vilege d EXEC command displays informati on only for ports that are in a link-up oper ati ve sta te. Otherwise, y ou can use t he show running-conf[...]

  • Page 313

    14-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Configuring MSTP Features Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure the switch priority . This procedure is optio nal. T o return the switch to its default setting, use the no spanning-tr ee mst instance-id[...]

  • Page 314

    14-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Configuring MSTP Features T o return the switch to its default setting, use the no spanning-tree mst hello-time global configuration command. Configuring the Forwarding-Delay Time Beginni ng in pri vileged EXEC mod e, follo w these st[...]

  • Page 315

    14-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 14 Configuring MSTP Configuring MSTP Features T o return the switch to its def a ult setting, use th e no spanning-tree mst max-age global co nfiguration command. Configuring the Maximum-Hop Count Beginni ng in pri vile ged EXEC mode, follo w these steps [...]

  • Page 316

    14-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 14 Configuring M STP Displaying the MST Configuration and Status T o return the switch to its default setting, use the no spanning-tr ee link-type interface configuration command. Restarting the Protocol Migration Process A switch running MSTP supports a [...]

  • Page 317

    CH A P T E R 15-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 15 Configuring Optional Spanning-Tree Features This chapter describes ho w to configu re optional spanning -tree features on your Catalyst 2 950 or Catalyst 2955 switch. Y ou can configu re all of these features when your switch is running the per -VL[...]

  • Page 318

    15-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Unde rstanding O ptional Span ning-Tree Fe atures Understanding Port Fast Port Fast immediately brings an interface conf igured as an access or trunk port from a blocking state to the forwarding state, bypas[...]

  • Page 319

    15-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Understanding Optio nal Spanning-Tree Features The BPDU guard feature pro vides a secure response to in v alid conf igurations because y ou must manually put the port b ack in service. Use the BPDU guard fea[...]

  • Page 320

    15-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Unde rstanding O ptional Span ning-Tree Fe atures Figur e 15-2 Switches in a Hier archical Netw ork If a switch loses connecti vity , it beg ins using the alte rnate paths as soon as th e spanning tree selec[...]

  • Page 321

    15-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Understanding Optio nal Spanning-Tree Features Figur e 15-3 UplinkF ast Example Befor e Direct Link F ailure If Switch C de tects a link f ailure on the currentl y acti ve link L2 on the ro ot port (a dir ec[...]

  • Page 322

    15-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Unde rstanding O ptional Span ning-Tree Fe atures How CSUF Works CSUF ensure s that one link in t he stack is electe d as the path to th e root. As shown in Figure 15-5 , Switches A, B, and C are cascaded th[...]

  • Page 323

    15-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Understanding Optio nal Spanning-Tree Features The switch sending the fa st-transition request needs to do a fast transiti on to the forw arding state of a port that it has chosen as the root po rt, and it m[...]

  • Page 324

    15-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Unde rstanding O ptional Span ning-Tree Fe atures Limitations These limitations apply to CSUF: • CSUF uses the GigaStack GBI C module and runs on al l Catalyst 3550 switches, all Catalyst 3500 XL switches,[...]

  • Page 325

    15-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Understanding Optio nal Spanning-Tree Features Figur e 15-6 GigaStack GBIC Module Connecti ons and Spanning-T ree Conv ergence Understanding BackboneFast BackboneFast detects indirect failures in the core of[...]

  • Page 326

    15-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Unde rstanding O ptional Span ning-Tree Fe atures to the root swit ch). Under spanni ng-tree rules, the switch ignores inferior BPDUs for the conf igured maximum aging time specif ied by t he spanning-tree [...]

  • Page 327

    15-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Understanding Optio nal Spanning-Tree Features Figur e 15-8 BackboneF ast Exa mple Af ter Indirect Link F ailure If a ne w switch is introd uced into a shar ed-medium topolog y as sho w n in Figure 15-9 , B[...]

  • Page 328

    15-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Unde rstanding O ptional Span ning-Tree Fe atures Y ou can enable this feature by u sing the spanning-tree ether channel guard misconfig global confi guration command. Understanding Root Guard The Layer 2 n[...]

  • Page 329

    15-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Configuring Optio nal Spanning-Tree Features Understanding Loop Guard Y ou can use loop guard to pre vent alternate or roo t ports from becoming designat ed ports because of a failure that leads to a unidir[...]

  • Page 330

    15-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Configuring Option al Spanning-Tree Featur es Optional Spanning-Tree Configuration Guidelines Y o u can configure PortFast, BPDU guard, BPDU filter ing, EtherChannel guard, roo t guard, or loop guard if you[...]

  • Page 331

    15-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Configuring Optio nal Spanning-Tree Features Note Y ou can use the spanning-tree portfast default global conf iguration comma nd to globally enable the Port Fast feature on all nontrun king ports. T o disab[...]

  • Page 332

    15-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Configuring Option al Spanning-Tree Featur es Beginni ng in pri vileged EXEC mode, follo w these steps to globally enable the BPDU guar d feature. This procedure is optional . T o disable BPDU guard, use th[...]

  • Page 333

    15-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Configuring Optio nal Spanning-Tree Features T o disable BPDU fi ltering, use the no spanning-tr ee portfast bpdufilter default global con figur ation command. Y o u can ov e rride the setting of the no spa[...]

  • Page 334

    15-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Configuring Option al Spanning-Tree Featur es When UplinkFast is enabled, the sw itch priority of all VLANs is set to 49152 . If you change the path cost to a va lue less than 3000 and you enable UplinkF as[...]

  • Page 335

    15-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Configuring Optio nal Spanning-Tree Features Enabling BackboneFast Y ou can enable BackboneFast to detect indirect li nk failures and to start the spanning-tree reconfiguration sooner . Note If you use Back[...]

  • Page 336

    15-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Configuring Option al Spanning-Tree Featur es After the conf iguration is corrected, enter the shutdown and no shutdown in terface conf iguration commands on the port-channel interf aces that were misconf i[...]

  • Page 337

    15-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 15 Configuring Optiona l Spanning-Tree Feature s Displaying the Spanning -Tree Status T o globally disable loop g uard, use the no spanning-tr ee loopguard default global configuratio n command. Y ou can override the setting of the no spanning-tree loopgu[...]

  • Page 338

    15-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 15 Configur ing Optional Spanning-Tree Featu res Displaying the Sp anning-Tree Status[...]

  • Page 339

    CH A P T E R 16-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 16 Configuring VLANs This chapter describes ho w to config ure normal-range VLANs on your Catalyst 2950 or Catalyst 295 5 . It includes information about VLAN modes and th e VLAN Membership Policy Serv er (VMPS). Note For complete syntax and usage in [...]

  • Page 340

    16-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Understandi ng VLANs Figure 16-1 sho ws an example of VLANs seg mented into logically def ined networks. Figur e 16-1 VLANs as Logically Defined Ne tw or ks VLANs are often associated with IP subnet works. F or example, all the end st[...]

  • Page 341

    16-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Understanding VLAN s VLAN Port Membership Modes Y ou configure a port to belong to a VLAN by assignin g a memb ership mode that determines the kind of traff ic the port carries and the numb er of VLANs to which it can belong. Ta b l e [...]

  • Page 342

    16-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring Norma l-Range VLANs Configuring Normal-Range VLANs Normal-range VLANs are VLA Ns with VLAN IDs 1 to 1005. If the switch is in VT P server or transparent mode, you can add, m odify or remo ve conf igurations for VLANs 2 to [...]

  • Page 343

    16-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring Normal-Rang e VLANs • Normal-Range VLAN Co nf ig uration Guidelines, page 16-5 • VLAN Config uration Mode Options, page 16 -6 • Saving VLAN Configuration, page 16-6 • Default Eth ernet VLAN Config uration, page 16-7[...]

  • Page 344

    16-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring Norma l-Range VLANs are se veral adjacent switches that all hav e run out of spanning-tree instances. Y ou can pre vent this possibility b y setting allo wed lists on the trunk po rts of switches that ha ve used up their a[...]

  • Page 345

    16-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring Normal-Rang e VLANs startup configuration f ile. Y ou can use the show running-conf ig vlan pri vile ged EXEC command to display the switch running conf iguration file. T o display the VLAN co nfigu ration, enter the show v[...]

  • Page 346

    16-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring Norma l-Range VLANs Creating or Modifying an Ethernet VLAN Each Ethernet VLAN in the VLAN databa se has a unique, 4-digit ID that can be a number fro m 1 to 1001. VLAN IDs 1002 to 1005 are reserved for T oken Ring and FDDI[...]

  • Page 347

    16-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring Normal-Rang e VLANs Beginning in pri vileged EXEC mode, follow these step s to use VLAN configurati on mode to create or modify an E thernet VLAN : Note Y ou cannot configure an RSP AN VLAN in VLAN database configuration mo[...]

  • Page 348

    16-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring Norma l-Range VLANs Beginni ng in pri vileged EXEC mode, follo w these steps to delete a VLAN on the switch b y using global confi guration mode: T o delete a VLAN in VLAN data base co nfiguratio n mode, use the vlan data[...]

  • Page 349

    16-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring Extende d-Range VLANs This example sho ws how to conf igure a port a s an access port in VLAN 2: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface Switch(conf[...]

  • Page 350

    16-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring Exten ded-Range VLANs • The switch must be in VTP tran sparent mode when you create ex tended -range VLANs. If VTP mode is server or client, an error message is gene rated, and the e xtended-ra nge VLAN is rejected. •[...]

  • Page 351

    16-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Displaying VLANs T o delete an extended-range VLAN, use t he no vlan vlan-id global conf iguration command. The procedure for assigning static-access ports to an extended-range VLAN is the same as for normal-range VLANs. See the “ A[...]

  • Page 352

    16-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring VLAN Tr unks Trunking Overview A trunk is a point-to-point link between one or more Ethernet switch inte rfaces and another networking de vice such as a router or a switch. Gi ga b it E th er n et t ru n ks carry the traf[...]

  • Page 353

    16-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring VLAN Trunk s – Manually shut do wn the GigaStack port by usin g the shutdown interf ace configuration command. – Manually conf igure trunk mode on th e GigaStack port b y using the switchport mode trunk interface conf [...]

  • Page 354

    16-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring VLAN Tr unks Default Layer 2 Ethernet Interface VLAN Configuration Ta b l e 16-5 shows th e default Layer 2 Ethernet interface V LAN conf iguration. Configuring an Ethernet Interface as a Trunk Port Because trunk ports se[...]

  • Page 355

    16-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring VLAN Trunk s • A port in dynam ic mode can ne gotiate with its neig hbor to become a trunk port. If you tr y to enable IEEE 802.1X on a dynamic port, an error message appears, and I EEE 802.1X is not enabled. If you try [...]

  • Page 356

    16-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring VLAN Tr unks Defining the Allowed VLANs on a Trunk By default, a trunk port sends traf fic to and rece i ves traf fic from all VLANs. All VLAN IDs are allo wed on each trunk. Ho wever , you can remo ve VLANs from the allo[...]

  • Page 357

    16-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring VLAN Trunk s This example sh ows ho w to remove VLAN 2 from the allo wed VLAN list: Switch(config)# interface Switch(config-if)# switchport trunk allowed vlan remove 2 Switch(config-if)# end Switch# Changing the Pruning-El[...]

  • Page 358

    16-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring VLAN Tr unks Beginning in pri vileged EXEC mo de, follow these steps to conf ig ure the native VLAN on an IEEE 802.1Q trunk: T o return to the default nati ve VLAN, VLAN 1, use the no switchport trunk nati ve vlan interfa[...]

  • Page 359

    16-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring VLAN Trunk s In this way , T runk 1 carries traf fic for VLANs 8 through 10, and T runk 2 carries traf fic for VL ANs 3 through 6. If the acti ve trunk fails, the trunk with th e lo wer priority takes o ver and carries the[...]

  • Page 360

    16-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring VLAN Tr unks Load Sharing Usin g STP Path Cost Y ou can configure paral lel trunks to share VLAN traf fic b y setting dif ferent path costs on a trunk and associating the path costs with dif ferent sets of VLANs. The VLAN[...]

  • Page 361

    16-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring VMPS Configuring VMPS The switch cannot be a VMPS server but can act as a client to the VMPS and commun icate with it through the VLAN Query Protocol (VQP). VM PS dynamically assigns dynamic access port VLAN membership. Th[...]

  • Page 362

    16-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring VMPS In response to a request, the VMPS takes one o f these actions: • If the assigned VLAN is restricted to a group of ports, the VMPS verif ies the requesting port against this group and responds as follo ws: – If t[...]

  • Page 363

    16-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring VMPS Y o u can configure a fallback VLAN na me. If you connect a device with a MA C address that is no t in the database, the VMPS sends the f allback VLAN name to the client. If you do not conf igure a fallback VLAN and t[...]

  • Page 364

    16-26 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring VMPS • Port channels cannot be conf igured as dynamic access ports. • The VTP mana gement domain of the VMPS clie nt and the VMPS server must be the same. • VQP does not supp ort extended-rang e VLANs (V LAN IDs hig[...]

  • Page 365

    16-27 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring VMPS Beginni ng in pri vileged EXEC mode, follo w these steps to conf igure a dynamic access port on a VMPS client swit ch: T o return an interface to its d efault conf iguration, use the default interface interface-id int[...]

  • Page 366

    16-28 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring VMPS Beginni ng in pri vileged EXEC mod e, follo w these steps to change the recon firmation i nterv al: T o return the switch to its default setting, use the no vmps re confirm glob al conf iguration command. Changing th[...]

  • Page 367

    16-29 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLANs Configuring VMPS This is an example of output for the show vmps pri vileged EXEC command: Switch# show vmps VQP Client Status: -------------------- VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain serve[...]

  • Page 368

    16-30 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 16 Configuring VLA Ns Configuring VMPS Figur e 16-5 Dynamic Por t VLAN Membe rship Configur at ion Primar y VMPS Ser v er 1 Catalyst 6500 series Secondar y VMPS Ser v er 2 Catalyst 6500 series Secondar y VMPS Ser v er 3 172.20.26.150 172.20.26.151 Catalys[...]

  • Page 369

    CH A P T E R 17-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 17 Configuring VTP This chapter describe s ho w to use the V LAN T r un king Protocol (V TP) and the VLAN database for managing VLANs on your Catalyst 2950 or Catalyst 2955 switch. Note For complete syntax and usage in formation for the co mmands used[...]

  • Page 370

    17-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 17 Configur ing VTP Understandi ng VTP The VTP Domain A VTP domain (also called a VLAN management domain) consist s of one switch or se veral interconnected switches und er the same administrat i ve responsibility sharing th e same VTP domain name. A switc[...]

  • Page 371

    17-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 17 Configuring VTP Understanding VT P When the networ k is confi gured with more than the maximum 25 0 VLANs supported by t he Catalyst 2950 switches running the enhanced softw are image (EI), or 128 VLANs supported b y the Catalyst 2950 switches ru nning [...]

  • Page 372

    17-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 17 Configur ing VTP Understandi ng VTP • VLAN state • Additional VLAN conf iguration information speci fic to the VLAN typ e VTP Version 2 If you use VTP i n your network, you must decide whether to use version 1 or version 2. By default, V TP operates[...]

  • Page 373

    17-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 17 Configuring VTP Understanding VT P Figur e 1 7 -1 Floo ding T raf fic wit hout VTP Pr uning Figure 17-2 sho ws a switched netw ork with VTP pruni ng enabled. The broadcast traf fic from Switch A is not forwarded to Switches C, E, and F because tr aff ic[...]

  • Page 374

    17-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 17 Configur ing VTP Configuring VTP • T urn off VTP pruni ng by making all VLANs on the trunk of th e switch upstream to the VTP transparent switch prunin g ineligible. T o config ure VTP pruning on an int erface, use the swi tchport trunk pruning vlan i[...]

  • Page 375

    17-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 17 Configuring VTP Configuring VTP VTP Configuration in Global Configuration Mode Y o u can use the vtp global configuration command t o set the VTP password, the v ersion, the VTP file name, the interface pr oviding updated VTP inf ormation, the domain na[...]

  • Page 376

    17-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 17 Configur ing VTP Configuring VTP VTP Configuration Guidelines These sections describe guidelines you should follo w when implem enting VTP in your netw ork. Domain Names When config uring VTP for the f irst time, you must al ways assign a domai n name. [...]

  • Page 377

    17-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 17 Configuring VTP Configuring VTP VTP Version Follo w these guidelines wh en decidi ng which VTP versio n to implem ent: • All switches in a VTP domain mu st run the same VTP version. • A VTP version 2-capable switch can operate in the same VTP dom ai[...]

  • Page 378

    17-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 17 Configur ing VTP Configuring VTP When you conf igure a domain name, it cannot be remo ved; you can only reassign a swi tch to a dif ferent domain. T o return the switch to a no-password state, use the no vtp passw ord global conf iguration command. Thi[...]

  • Page 379

    17-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 17 Configuring VTP Configuring VTP This exampl e shows h ow to use VLAN conf iguration mode to confi gure the switch as a VTP serv er with the domain name eng_gr oup an d the passw ord mypassword : Switch# vlan database Switch(vlan)# vtp server Switch(vla[...]

  • Page 380

    17-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 17 Configur ing VTP Configuring VTP Use the no vtp mode global configur ation command to return the switch to VTP server mode . T o return the switch to a no-password state, use the no vtp password global co nfigu ration command. When you confi gure a dom[...]

  • Page 381

    17-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 17 Configuring VTP Configuring VTP Note If extended-range VLANs are configured on the swit ch, you cannot change VTP mode to server . Y ou recei ve an error messa ge, and the conf iguration is not al lo wed. Note Y ou can also conf igure VTP transparent m[...]

  • Page 382

    17-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 17 Configur ing VTP Configuring VTP Enabling VTP Pruning Pruning increases a vail able bandwidth b y restricting flood ed traff ic to those trunk links that t he traff ic must use to access the destination de vices. Y ou can only enable VTP pruning on a s[...]

  • Page 383

    17-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 17 Configuring VTP Monitoring VTP Beginni ng in pri vileged EXEC mod e, follo w these steps to verify an d reset the VTP conf iguration revision number on a switch befor e adding it to a VTP domain: Y o u can also change the VTP domain name by entering th[...]

  • Page 384

    17-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 17 Configur ing VTP Monitoring VTP Ta b l e 17 -3 VTP Moni t or ing Commands Command Purpose show vtp status Display the VTP switch co nfiguration information. show vtp counters Disp lay counters about VTP messages th at ha ve been sent and recei ved.[...]

  • Page 385

    CH A P T E R 18-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 18 Configuring Voice VLAN This chapter d escribes how to configure the v oice VLAN feature on your Catalyst 2950 or Catalyst 2955 switch. V oice VLAN is sometime s referred to as an auxiliary VLAN in the Cat alyst 6000 famil y switch documentation. No[...]

  • Page 386

    18-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 18 Configurin g Voice VLAN Configuring Voice VLAN Figur e 18-1 Cisco 7960 IP Phone Connect ed to a Switc h When the IP Phone connects to the switch, the acce ss port (PC-to-telephone jack) of the IP phone can connect to a PC. Packets to and from the PC and[...]

  • Page 387

    18-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 18 Configuring Voice VLAN Configuring Vo ice VLAN Voice VLAN Configuration Guidelines These are the voice VLAN conf iguration guidelines: • Y o u should configure voice VLAN on switch acc ess ports. • The voice VLAN should be present and active on the [...]

  • Page 388

    18-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 18 Configurin g Voice VLAN Configuring Voice VLAN • Config uring the IP Phone to T rust the CoS Priority of Incoming Data Frames, p age 18-5 Configuring Ports to Carry Voice Traffic in IEEE 802.1Q Frames Beginning in pri vileged EX EC mode, follow these [...]

  • Page 389

    18-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 18 Configuring Voice VLAN Configuring Vo ice VLAN Overriding the CoS Priority of Incoming Data Frames Y o u can connect a PC or ot her data device to a Cisco 7960 IP Phone port. The PC can generate pack ets with an assigned CoS v alue. Y ou can configure t[...]

  • Page 390

    18-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 18 Configurin g Voice VLAN Displaying Voice VLAN Use the no switchport priority extend interface conf iguration command or the switchport pri ority extend cos 0 interface conf iguration command to return the port to its default set ting. Displaying Voice V[...]

  • Page 391

    CH A P T E R 21-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 21 Configuring Port-Based Traffic Control This chapter describes h ow to configure t he port-based traf fic control features on your Catalyst 29 50 or Catalyst 29 55 switch. Note For complete syntax and usage in formation for the co mmands used in thi[...]

  • Page 392

    21-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Storm Control Storm control uses one of th ese methods to measure traf fic act ivi ty: • Bandwidth based • T r af fic rate at which packets are recei ved (in pa ckets per second ) (av ailable only [...]

  • Page 393

    21-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Storm Control T o disable storm control, use the no storm-contr ol br oadcast leve l , the no storm-contr ol multicast level , or the no storm-control un icast lev el interface co nfiguratio n command.[...]

  • Page 394

    21-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Protec ted Ports Configuring Protected Ports Some applications require that no traffic be forw ar ded between ports on the same switch so that one neighbor does not see the traf fic generated b y anoth[...]

  • Page 395

    21-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Port B locking Configuring Port Blocking By default, the sw itch floods packet s with unkno wn destination MA C addresses to all ports. If unkno wn unicast and multicast traf fic is forwarded to a prot[...]

  • Page 396

    21-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Port Security Resuming Normal Forwarding on a Port Beginni ng in pri vileged EXEC mode, follow these steps to resume normal forw arding on a port: Configuring Port Security Y ou can use the port securi[...]

  • Page 397

    21-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Port Security • Stic ky secure MA C address es—These can be dynamically learned or manually conf igured, stored in the address table, and added t o the running conf iguration. If these addresses ar[...]

  • Page 398

    21-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Port Security Ta b l e 21-1 shows th e violation mode and t he actions taken when y ou conf igure an interface for port security . Default Port Security Configuration Ta b l e 21-2 shows th e default p[...]

  • Page 399

    21-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Port Security • When a voice VLAN is conf igured on a se cure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and a[...]

  • Page 400

    21-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Port Security T o return the interface to the default condition as not a secure po rt, use the no switchport port- security interface conf iguration command. If you enter this comm an d when sticky l [...]

  • Page 401

    21-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Port Security T o disable sticky learning on an interface, use the no switchport port-security mac-address stick y interface configuration command. The interf ace con ver ts the sticky secure MA C add[...]

  • Page 402

    21-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Configuring Port Security Beginni ng in pri vileged EXEC mode, follow these steps to conf igure port security aging: T o disable port security aging fo r all secure addresses on a port, use the no switchport port[...]

  • Page 403

    21-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Displaying Po rt-Based Tr affic Control Se ttings Displaying Port-Based Traffic Control Settings The show interfaces interface- id switchport pri vileged EXEC command displays (among other characteristics) the in[...]

  • Page 404

    21-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 21 Configuri ng Port-Based Traffic Control Displaying Port-Based Traffic Control Settings[...]

  • Page 405

    CH A P T E R 19-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 19 Configuring DHCP Features This chapter describes ho w to conf igure DHCP snooping and t he option-82 data inserti on features on the Catalyst 29 50 or Catalyst 2955 switch. Note For complete syntax and usage in formation for the co mmands used in t[...]

  • Page 406

    19-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 19 Config uring DHCP Feat ures Understanding DHCP Features DHCP Server The DHCP server assigns IP addr esses from specified ad dress pools on a switch or router to DHCP clients and manages them. If the DHCP server cannot giv e the DHCP client the requested[...]

  • Page 407

    19-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 19 Configuring DHCP Fea tures Understanding DHCP Feature s The switch drops a DHCP packet when one of these s ituations occurs: • A packet from a DHCP serv er , such as a DHCPOFFER, DHCP ACK, DHCPN AK, or DHCPLEASEQUER Y packet, is recei ved from outside[...]

  • Page 408

    19-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 19 Config uring DHCP Feat ures Understanding DHCP Features Figur e 19-1 DHCP Relay A gent in a Metr opolitan Ether net Networ k When you enable the DHCP snoopin g information option 82 on the swi tch, this sequence of ev ents occurs: • The host (DHCP cli[...]

  • Page 409

    19-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 19 Configuring DHCP Fea tures Configuring DHCP Features The port numbers in the port fiel d of the ci rcuit-ID suboption start at 0. For e xample, on a Catalyst 2950G-24-EI swit ch, port 0 is the F a st Ethernet 0/1 port, port 1 is the Fast Ethernet 0/2 po[...]

  • Page 410

    19-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 19 Config uring DHCP Feat ures Configuring DHCP Feat ures DHCP Snooping Configuration Guidelines These are the conf iguration guidelines for DHCP snooping. • Y ou must globally enable DHCP snooping on the swi tch. • DHCP snooping is not acti ve until D[...]

  • Page 411

    19-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 19 Configuring DHCP Fea tures Configuring DHCP Features Configuring the DHCP Server The Catalyst 2955 switch can act a s a DHCP server . By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These[...]

  • Page 412

    19-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 19 Config uring DHCP Feat ures Displaying DHCP Information T o disable DHCP snooping, use t he no ip dhcp snooping global conf iguration command. T o disable DHCP snooping on a VLAN or ran ge of VLANs, use the no ip dhcp snooping vlan vlan-id global confi [...]

  • Page 413

    CH A P T E R 20-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 20 Configuring IGMP Snooping and MVR This chapter describe s ho w to configure Internet Group M anagement Protocol (IGMP) snoopin g on your Catalyst 2950 or Catalyst 2955, including an application of lo cal IGMP snooping, Multicast VLAN Registration ([...]

  • Page 414

    20-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping the switch adds th e host port number to the forw ardi ng table entry; when i t receiv es an IGMP Leave Group message from a host, it remov es the host port from the tabl e entry . It also [...]

  • Page 415

    20-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Understanding IGM P Snooping An IGMPv3 switch can receive messages from and forwar d messages to a de vice running the Source Specif ic Multicast (SSM) feature. F or more information, see the “C onfiguring IP Multica[...]

  • Page 416

    20-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Understanding IGMP Snooping Note that the switch hardw are can distinguish IGMP information pack ets from other packets for the multicast group. • The fir st entry in the table tells the switching en gine to send IG[...]

  • Page 417

    20-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Understanding IGM P Snooping When hosts want to leav e a multicas t group, they can eithe r silently leave, or they can send a leave message. When the switch receives a lea ve message from a host, it sends a group-spec[...]

  • Page 418

    20-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping If the multicast router query al so includes requests for IGMPv3 reports, the swi tch forwards all IGMPv1, IGMPv2, and IGMPv3 reports for a group to the multicast d evices. If you disable IGM[...]

  • Page 419

    20-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Configuring IGM P Snooping • Config uring the Aging T ime, page 20-13 • Displaying IGMP Sn ooping Information, page 20 -13 Default IGMP Snooping Configuration Ta b l e 20-3 sho ws the defaul t IGMP snooping conf ig[...]

  • Page 420

    20-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping T o disable IGMP snooping on a VLAN interf ace, use the no ip igmp snooping vlan vlan-id global confi guration command for t he specifi ed VLAN number . Setting the Snooping Method Multicast-[...]

  • Page 421

    20-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Configuring IGM P Snooping T o return to the defa ult learning method, use th e no ip igmp snooping vlan vlan-id mr outer lear n cgmp global conf iguration command. Configuring a Multicast Router Port T o add a multica[...]

  • Page 422

    20-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping T o remove the Layer 2 port fr om the multicast group, use the no ip igmp snooping vlan vlan-id static mac-addr ess inter face interfa ce-id global conf iguration command. This example sho w[...]

  • Page 423

    20-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Configuring IGM P Snooping • The default lea ve time is 1000 milliseconds. • The IGMP confi gurable lea ve time is only support ed on hosts running IGMP V ersion 2. • The actual leav e latency in the network is [...]

  • Page 424

    20-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Configuring IGMP Snooping T o re-enable IGMP report suppression, use the ip i gmp snooping report-suppr ession gl obal confi guration command. Disabling IP Multicast-Source-Only Learning The IP multicast-sour ce-only[...]

  • Page 425

    20-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Displaying IGMP Snooping Information Configuring the Aging Time Y ou can set the aging time for forwarding-table entries th at the switch learns by using the IP multicast-source-only le arning method. Beginni ng in pr[...]

  • Page 426

    20-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Understanding Mu lticast VLAN Registration For more inf ormation about the ke ywords and options in these commands, see the co mmand reference for this release. For e xamples of output from the commands in Ta b l e 2[...]

  • Page 427

    20-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Understanding Multicast VLAN Registration The switch CPU identifies the MV R IP multicast streams and th eir associated MA C address es in the switch forwarding t able, intercepts the IGMP messages, and modif ies the [...]

  • Page 428

    20-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Understanding Mu lticast VLAN Registration Figur e 20-3 Multicast VLAN Registr ation Example MVR eliminates the need to dupli cate tele vision-channel multicast tr af fic for subscribers in each VLAN. Multicast traf [...]

  • Page 429

    20-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Configuring MVR Configuring MVR These sections include basic MVR confi guration inf ormation: • Defaul t MVR Confi guration, page 20-17 • MVR Conf iguration Guidel ines and Limitations, page 20-17 • Config uring[...]

  • Page 430

    20-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Configuring MVR Configuring MVR Global Parameters Y ou do not need to set the optional MVR parameters i f you choose to use the default settin gs. If you do want to chan ge the default parameters (e xcept for the MVR[...]

  • Page 431

    20-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Configuring MVR Switch(config)# mvr querytime 10 Switch(config)# mvr vlan 22 Switch(config)# mvr mode dynamic Switch(config)# end Switch# show mvr MVR Running: TRUE MVR multicast vlan: 22 MVR Max Multicast Groups: 256[...]

  • Page 432

    20-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Displaying MVR Information T o return the interface to its de fault settings, use the no mvr [ type | immed iate | vlan vlan-id | group ] interface configuration commands. This example sho ws how to conf igure a port[...]

  • Page 433

    20-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Configuring IGM P Filtering and Throttling Configuring IGMP Filtering and Throttling In some en vironments, for e xample, metropolitan or mult iple-dwelling unit (MDU) installations, you might want t o control the set[...]

  • Page 434

    20-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Configuring IGMP Filtering and Throttling When the maximum number of g roups is in forwar ding table, the defaul t IGMP throttling action is to deny the IGMP report. For conf iguration guidelines, see the “Conf igu[...]

  • Page 435

    20-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Configuring IGM P Filtering and Throttling Switch(config-igmp-profile)# permit Switch(config-igmp-profile)# range 229.9.9.0 Switch(config-igmp-profile)# end Switch# show ip igmp profile 4 IGMP Profile 4 permit range 2[...]

  • Page 436

    20-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Configuring IGMP Filtering and Throttling Setting the Maximum Number of IGMP Groups Y ou can set the maximum number of IGMP groups th at a Layer 2 interf ace can join by usi ng the ip igmp max-gr oups interface conf [...]

  • Page 437

    20-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 20 Configuring IGMP Sn ooping and MVR Displaying IGMP Filterin g and Throttling Configuration – If you conf igure the throttling action as deny , the entries that were previously in t he forwarding table are n ot remov ed but are a ged out. After these [...]

  • Page 438

    20-26 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 20 Config ur ing IGMP Snooping and MVR Displaying IGMP Filte ring and Throttling Configuration Use the privile ged EXEC commands in Ta b l e 20-8 to display IGMP filteri ng and throttling configuration: Ta b l e 20-8 Commands f or Displaying IG MP Filter [...]

  • Page 439

    CH A P T E R 22-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 22 Configuring UDLD This chapter descri bes how to configure the UniDirectional Li nk Detection (UD LD) protocol on you r Catalyst 2950 or Catalyst 29 55 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , [...]

  • Page 440

    22-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 22 Configuring UDLD Understanding UDLD A unidirectional link occurs whene ver traf fic sent by a local device is recei ved by its neighbor b ut traff ic from the neighbor is not receiv ed by the local de vice. In normal mode, UDLD detects a u nidirectional[...]

  • Page 441

    22-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 22 Configuring UDLD Configuring UDLD UDLD relies on echoing as i ts detection mechan ism. Whene ver a UDLD device learns about a ne w neighbor or recei ves a resynchronization request from an o ut-of-sync neighbor , it restarts the detection windo w on its[...]

  • Page 442

    22-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 22 Configuring UDLD Configuring UDLD Default UDLD Configuration Ta b l e 22-1 shows th e default UDLD con figur ation. Configuration Guidelines These are the UDLD configuration guidelines: • A UDLD-capable interface also cannot detect a un idirectional l[...]

  • Page 443

    22-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 22 Configuring UDLD Configuring UDLD Enabling UDLD Globally Beginni ng in pri vileged EXEC mode, follow these steps to enable UDLD in the aggressi ve or normal mode and to set the conf igurable message timer on all f iber-optic interf aces on the switch: T[...]

  • Page 444

    22-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 22 Configuring UDLD Configuring UDLD T o disable UDLD on a non-f iber- optic interface, use th e no udld port interface conf iguration command. Note On fiber -optic interfaces, the no udld port command re verts the interface conf iguration to the udld enab[...]

  • Page 445

    22-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 22 Configuring UDLD Displaying UDLD Status Displaying UDLD Status T o display the UDLD status for the s pecifie d interface or for all interfaces, use the show udld [ interface- id ] pri vileged EXEC command. For detailed i nformation about the f ields in [...]

  • Page 446

    22-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 22 Configuring UDLD Displaying UDLD Status[...]

  • Page 447

    CH A P T E R 23-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 23 Configuring CDP This chapter describes ho w to confi gure Cisco Disco very Protocol (CDP) on yo ur 2950 or Catalyst 2955 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see the command reference for [...]

  • Page 448

    23-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 23 Configur ing CDP Configuring CDP Configuring CDP These sections include CDP configur ation infor mation and procedures: • Default CD P Config uration, page 23-2 • Config uring the CDP Characteristics, page 23 -2 • Disabling an d Enabling CDP , pag[...]

  • Page 449

    23-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 23 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This exampl e shows ho w to configu re CDP characteristics. Switch# configure terminal Switch(config)# cdp timer 50 Switch(config)# cdp holdtime 120 [...]

  • Page 450

    23-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 23 Configur ing CDP Monitoring and Maintaining CDP Disabling and Enabling CDP on an Interface CDP is enabled b y default on all suppo rted interfaces to send and recei ve CDP information. Beginni ng in pri vileged EXEC mode, follow these steps to disable C[...]

  • Page 451

    23-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 23 Configuring CDP Monitoring and Maintaining CDP show cdp entry entry-name [ protocol | version ] Display information ab out a specif ic neighbor . Y ou c an enter an asterisk (*) to displa y all CDP neig hbors, or you can enter th e name of the neighbor [...]

  • Page 452

    23-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 23 Configur ing CDP Monitoring and Maintaining CDP[...]

  • Page 453

    CH A P T E R 24-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 24 Configuring SPAN and RSPAN This chapter de scribes ho w to configur e Switched Port An alyzer (SP AN) and Remote SP AN (RSP AN) on your Catalyst 2950 or Catalyst 29 55. Note For complete syntax and usage in formation for the co mmands used in this [...]

  • Page 454

    24-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 24 Config uring SPAN and RSPAN Understanding SPAN and RSPAN Figur e 24-1 Example SP AN Configuration Only traf fic th at enters or lea ves sour ce p orts can be monitored b y using SP AN. RSP AN extends SP AN by enabling remo te monitoring of multiple swit[...]

  • Page 455

    24-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 24 Configuring SPAN and RSPAN Understanding SPAN and RSPAN SPAN and RSPAN C oncepts and Terminology This section descri bes concepts and terminology associated with SP AN and RSP AN configuration. SPAN Session A local SP AN session is an association of a d[...]

  • Page 456

    24-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 24 Config uring SPAN and RSPAN Understanding SPAN and RSPAN Source Port A source port (also called a monitor ed port ) is a switched port that you monitor for network traf fic analysis. In a single local SP AN session o r RSP AN source session, you can mon[...]

  • Page 457

    24-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 24 Configuring SPAN and RSPAN Understanding SPAN and RSPAN Reflector Port The reflector port is the mechanism that copies packets onto an RSP AN VLAN. The reflector port forwards only the tr af fic f rom the RSP AN source session with whic h it is aff ilia[...]

  • Page 458

    24-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 24 Config uring SPAN and RSPAN Understanding SPAN and RSPAN • VLAN Trunking Protocol (VTP)— Y ou can use VTP to prune an RSP AN V LAN between switc hes. • VLAN and trunking—Y ou can modify VLAN membership or trunk sett ings for source, or destinati[...]

  • Page 459

    24-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 24 Configuring SPAN and RSPAN Configuring SPAN Default SPAN and RSPAN Configuration Ta b l e 24-1 sho ws the defaul t SP AN and RSP AN conf iguration. Configuring SPAN This section describes ho w to configure SP AN on your switch . It contains this conf ig[...]

  • Page 460

    24-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 24 Config uring SPAN and RSPAN Configuring SPAN – If you disable all sou rce ports or the destinat ion port, the SP AN function stops until both a source and the destination port are enabled. Creating a SPAN Session and Specifying Ports to Monitor Beginn[...]

  • Page 461

    24-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 24 Configuring SPAN and RSPAN Configuring SPAN Switch(config)# no monitor session 1 Switch(config)# monitor session 1 source interface fastethernet0/10/17 Switch(config)# monitor session 1 destination interface fastethernet0/80/18 encapsulation dot1q Switc[...]

  • Page 462

    24-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 24 Config uring SPAN and RSPAN Configuring SPAN This exampl e show s how to configu re the destination port for ing ress traf fic on VLAN 5 by using a security device that does not support IEEE 802.1Q encapsulation. Switch(config)# monitor session 1 desti[...]

  • Page 463

    24-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 24 Configuring SPAN and RSPAN Configuring RSPAN This exampl e show s how to disable recei ved traf fic monitor ing on a port that w as config ured for bidirectional monitoring: Switch(config)# no monitor session 1 source interface fastethernet0/1 rx The m[...]

  • Page 464

    24-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 24 Config uring SPAN and RSPAN Configuring RSPAN – All participatin g switches support RSP AN. Note The RSP AN VL AN cannot be VLAN 1 (t he default VLAN) or VLAN IDs 1002 through 1005 (reserv ed to T oken Ring and FDDI V LANs). • Y ou should create an[...]

  • Page 465

    24-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 24 Configuring SPAN and RSPAN Configuring RSPAN Creating an RSPAN Source Session Beginni ng in pri vileged EXEC mod e, follo w these st eps to start an RSP AN sour ce session and to specify the monitored source and the destination RSP AN VLAN: Command Pur[...]

  • Page 466

    24-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 24 Config uring SPAN and RSPAN Configuring RSPAN This exampl e sho ws how to clear any e xisting RSP AN confi guration for session 1 , conf igure RSP AN session 1 to monitor mul tiple source interfaces, and conf igure the destination RSP AN VLAN and the r[...]

  • Page 467

    24-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 24 Configuring SPAN and RSPAN Configuring RSPAN Removing Ports from an RSPAN Session Beginning in priv ileged EXEC mode, foll ow these steps to remove a port as an RSP AN source for a session: This exampl e show s how to remove po rt 17 as an RSP AN sourc[...]

  • Page 468

    24-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 24 Config uring SPAN and RSPAN Displaying SPAN and RSPAN Status Displaying SPAN and RSPAN Status T o display the status of the curren t SP AN or RSP AN conf iguration, use the show monitor pri vileged EXEC command. This is an example of output for the sho[...]

  • Page 469

    CH A P T E R 25-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 25 Configuring RMON This chapter describes ho w to configur e Remote Network Monit oring (RMON) on your Catal yst 2950 or Catalyst 2955 switch. RMON is a standard monitorin g spec ification that defines a set of statistics and functions that can be e [...]

  • Page 470

    25-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 25 Configuring RMON Configuring RMON Figur e 25-1 Remote Monit oring Example The switch supports these RMON groups (defined in RFC 1757): • Statistics (RMON grou p 1)—Collects Ethernet, F ast Ethernet, and G igabit Ethe rnet statist ics on an interface[...]

  • Page 471

    25-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 25 Configuring RMON Configuring RMO N Default RMON Configuration RMON is disabled by def a ult; no al arms or e vents are conf igured. Only RMON 1 is supported on the swit ch. Configuring RMON Alarms and Events Y ou can configure your swit ch for RMON by u[...]

  • Page 472

    25-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 25 Configuring RMON Configuring RMON T o disable an a larm, use the no rmon alarm number global conf iguration command on each alarm you confi gured. Y ou cannot disable at once all the alarms that you conf igured. T o disable an e vent, use the no rmon ev[...]

  • Page 473

    25-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 25 Configuring RMON Configuring RMO N Beginni ng in pri vileged EXEC mod e, follo w these steps to collect group hi story statistics on an interface: T o disable history collection, use the no rmon collection history inde x interface conf iguration command[...]

  • Page 474

    25-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 25 Configuring RMON Displaying RMON Status T o disable the collection of grou p Ethernet statistics, use the no rmon c ollection stats inde x inte rface confi guration command. Displaying RMON Status T o display the RMON status, use one or mo re of the pri[...]

  • Page 475

    CH A P T E R 26-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 26 Configuring System Message Logging This chapter describes ho w to configure syst em message logging on your Catalyst 2950 or Catalyst 2955 switch. Note For complete syntax and usage information for the co mmands used in this chapter , see the Cisco[...]

  • Page 476

    26-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 26 Config ur ing System Message Logging Configuring System Messa ge Logging Configuring System Message Logging These sections describe ho w to configure system message log ging: • System Log Message Format, page 26-2 • Default Syst em Message Logging C[...]

  • Page 477

    26-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 26 Configuring System Messag e Logging Configuring System Messa ge Logging This example sho ws a partial switch system message: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, c[...]

  • Page 478

    26-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 26 Config ur ing System Message Logging Configuring System Messa ge Logging Disabling the loggi ng process can slo w dow n the switch because a process mu st wait until t he messages are written to the console before co ntinuing. When the logging proces s [...]

  • Page 479

    26-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 26 Configuring System Messag e Logging Configuring System Messa ge Logging The logging buffer ed global conf iguration command copies logg ing messages to an internal b uffer . The buf fer is circular , so newer messages o verwrite older messag es after th[...]

  • Page 480

    26-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 26 Config ur ing System Message Logging Configuring System Messa ge Logging Beginni ng in pri vileged EXEC mode, follow these steps to conf igure synchronous logging: T o disable synchronizati on of unsolic ited messag es and debug outpu t, use the no logg[...]

  • Page 481

    26-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 26 Configuring System Messag e Logging Configuring System Messa ge Logging T o disable timestamps for both deb ug and log messages, use the no ser vice timestamps global confi guration command. This example shows part of a logging displa y with the service[...]

  • Page 482

    26-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 26 Config ur ing System Message Logging Configuring System Messa ge Logging Defining the Message Severity Level Y ou can limit messages displayed to the selected de vi ce by specifying the se verity le vel of the message, which are described in Ta b l e 26[...]

  • Page 483

    26-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 26 Configuring System Messag e Logging Configuring System Messa ge Logging The software generates four other cat egories of messages: • Error messages about software or hardware malfunctions that appear at le vels war nings through emergencies . These ty[...]

  • Page 484

    26-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 26 Config ur ing System Message Logging Configuring System Messa ge Logging When the history table is full (it contains the ma ximum number of message entries specif ied with the logging history size glob al configurati on command), the oldest messag e en[...]

  • Page 485

    26-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 26 Configuring System Messag e Logging Configuring System Messa ge Logging Configuring the UNIX System Logging Facility When sending system log messag es to an external de vice, you can c a use the switch to ident ify its messages as originating from an y[...]

  • Page 486

    26-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 26 Config ur ing System Message Logging Displaying the Logging Configuration Displaying the Logging Configuration T o display the logging conf iguration and the contents of the log buf fer , use the show logging privile ged EXEC command. For in formation [...]

  • Page 487

    CH A P T E R 27-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 27 Configuring SNMP This chapter describe s ho w to configure the Simpl e Network Management Protoc ol (SNMP) on your Catalyst 29 50 or Catalyst 2955 switch. Note For complete syntax and usage in formation for the co mmands used in this chapter , see [...]

  • Page 488

    27-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 27 Configu ring SNMP Understandi ng SNMP • Using SNMP to Access MIB V ariables, pa ge 27-4 • SNMP Notifi cations, page 27- 5 SNMP Versions This software release supports t hese SNMP versions: • SNMPv1—The Simple Netw ork Management Protoc ol, a Ful[...]

  • Page 489

    27-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 27 Configuring SNMP Understanding SN MP Y ou must configure the SNMP agent t o use the SNMP version su pported by the manag ement station. Because an agent can commu nicate with multiple manage rs, you can configur e the software to support communications [...]

  • Page 490

    27-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 27 Configu ring SNMP Understandi ng SNMP The SNMP agent also sends unsolicited trap messages to notify an NMS that a signif icant event has occurred on the agent. Examples of trap cond itions include, b ut are not limited to , when a port or module goes up[...]

  • Page 491

    27-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 27 Configuring SNMP Configuring SNMP SNMP Notifications SNMP allows the switch to send notifications to S N MP managers when particular ev ents occur . SNMP notifications can be sen t as traps or inform req uests. In command syntax, unless there is an opti[...]

  • Page 492

    27-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 27 Configu ring SNMP Configuring SNMP SNMP Configuration Guidelines If the switch starts and th e switch st artup conf iguration ha s at least one snmp-server global configuration command, the SNMP agent is enabled. An SNMP gr oup is a table that maps SNMP[...]

  • Page 493

    27-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 27 Configuring SNMP Configuring SNMP • Changing the v a lue of the SNMP engine ID has important side ef fects. A user's password (entered on the command line) is con verted to an MD5 or SH A securi ty digest based on t he password and the local engi[...]

  • Page 494

    27-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 27 Configu ring SNMP Configuring SNMP Beginni ng in pri v ile ged EXEC mode, follo w these st eps to configure a community string on the sw itch: Note T o disable access for an SNMP community , set the community string for that community to the null string[...]

  • Page 495

    27-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 27 Configuring SNMP Configuring SNMP T o remove a specific commu nity string, use the no snmp-server community string global configuration command. This example sho ws how to assign the string comaccess to SNMP , to allow read-only access, and to specify t[...]

  • Page 496

    27-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 27 Configu ring SNMP Configuring SNMP Step 3 snmp-s erv er group gr oupname { v1 | v2c | v3 { auth | noauth | priv }} [ rea d re a d v i e w ] [ write write view ] [ noti fy notifyview ] [ access access-list ] Config ure a new S NMP group on the remote de[...]

  • Page 497

    27-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 27 Configuring SNMP Configuring SNMP Configuring SNMP Notifications A trap manager is a management station that recei ves and processes traps. T rap s are system alerts that the switch generates when certain e vents occur . By de fault, no trap manager is[...]

  • Page 498

    27-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 27 Configu ring SNMP Configuring SNMP Y o u can use the snmp-server host global conf iguration command to a specif ic hos t to recei ve the notif ication types listed in Ta b l e 27 -4 . Beginni ng in pri vileged EXEC mode, configu re the switch to send t[...]

  • Page 499

    27-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 27 Configuring SNMP Configuring SNMP Step 3 snmp-server user username gr oupname { remote host [ udp-port port ]} { v1 [ access access -list ] | v2c [ access access-list ] | v3 [ encrypted ] [ access access-list ] [ auth { md5 | sha } auth-password ]} Con[...]

  • Page 500

    27-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 27 Configu ring SNMP Configuring SNMP The snmp-server host command specif ies which hosts receive the notif ications. The sn mp-server enable trap command globally enables the mechanism for the specif ied notif ication (for traps and informs). T o enable [...]

  • Page 501

    27-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 27 Configuring SNMP Configuring SNMP Limiting TFTP Servers Used Through SNMP Beginning in pri vileged EXEC mode, follow these steps to limit the TFTP servers used f or saving and loading configurat ion files through SNMP to the servers specif ied in an ac[...]

  • Page 502

    27-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 27 Configu ring SNMP Displaying SNMP Status This example sho ws how to allo w read-only acces s for all objects to members of access list 4 that use the comacces s community strin g. No other SNMP managers hav e access to any objects. SNMP Authentication [...]

  • Page 503

    CH A P T E R 28-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 28 Configuring Network Security with ACLs This chapter describes h ow t o conf igure network securi ty on a Catalyst 2950 or Catalyst 29 55 switch b y using acce ss control lists (A CLs), whic h are al so referred to in commands and tables as access l[...]

  • Page 504

    28-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Understanding ACLs Understanding ACLs Packet f iltering can limit ne twork traf fic and restrict network use by certain users or devices. A CLs can filt er traf fic as it passes through a switch and permit or deny[...]

  • Page 505

    28-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Understanding ACLs A CLs permit or deny packet forwarding based on ho w the packet matches the entries i n the A CL. For example, you can use A CLs to allow one host to acces s a part of a network, but to pre vent[...]

  • Page 506

    28-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Understanding ACLs Note In the first and second A CE s in the examples, the eq keyword after the destinati on addres s means to test for the TCP-destinat ion-port well-kno wn numbers equa ling Simple Mail T ransfe[...]

  • Page 507

    28-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Understanding ACLs – UDP (Y ou can specify a UDP source, destination port number , or both at the same time.) Note A mask can be a combination of either multiple Layer 3 and Layer 4 fields or of multiple Layer 2[...]

  • Page 508

    28-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Configuring ACLs – Fast Ethernet ports support up to 75 A CEs per 1 A CL across a range of 8 Fast Eth ernet ports. This means that ports 1 to 8 support a combined to tal of 75 A CEs, ports 9 to 16 support a comb[...]

  • Page 509

    28-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Configuring ACLs Unsupported Features The switch does not support these Ci sco IOS router A CL-related features: • Non-IP protocol A CLs (see Ta b l e 28-2 on page 28-8 ) • Bridge-group A CLs • IP accounting[...]

  • Page 510

    28-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Configuring ACLs Note In addition to num bered standard and e xtended A CLs , you can also create named standard and extended IP A CLs by using the supported numbers. That i s, the name of a standard IP A CL can b[...]

  • Page 511

    28-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Configuring ACLs Beginning in pri vileged EXEC mode, follow these steps to create a numbered standard IP A CL: Use the no access-list access-list-number global conf iguration command to delete th e entire A CL. Y [...]

  • Page 512

    28-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Configuring ACLs Creating a Numbered Extended ACL Although standard A C Ls use only source addresses for matching, you can use an e xtended AC L source and destination addresses for mat c hing operations and op t[...]

  • Page 513

    28-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Configuring ACLs Note For information about creating A CLs to apply to management interfaces, see th e “Configuri ng IP Services” section of Cisco IOS IP and IP Routing Conf igurati on Guide, Release 12.1 and[...]

  • Page 514

    28-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Configuring ACLs Use the no access-list access-list-number global configuration command to delete the entire access list. Y ou cannot delete individ ual A CEs from numbered access lists. This exampl e show s how [...]

  • Page 515

    28-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Configuring ACLs Creating Named Standard and Extended ACLs Y ou can identify IP A CLs with an alphanumeric string (a name) rather than a n umber . Y ou can use named A CLs to configure more IP access lists on a s[...]

  • Page 516

    28-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Configuring ACLs When making the standard and ext ended A CL, remember that, by default, the end of the A CL contains an implicit deny statement fo r ev erything if it did not find a match b efore reaching the en[...]

  • Page 517

    28-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Configuring ACLs • Y ou can control logging messages. A CL entries can log traf fic at certain times of the d ay , bu t not constantly . Therefore, you can simply deny access without h aving t o analyze many lo[...]

  • Page 518

    28-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Configuring ACLs time-range entry: new_year_day_2000 (inactive) absolute start 00:00 01 January 2000 end 23:59 01 January 2000 time-range entry: thanksgiving_2000 (inactive) absolute start 00:00 22 November 2000 [...]

  • Page 519

    28-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Configuring ACLs Switch(config)# access-list 1 permit 171.69.2.88 Switch(config)# access-list 1 remark Do not allow Smith workstation through Switch(config)# access-list 1 deny 171.69.3.13 For an entry in a named[...]

  • Page 520

    28-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Configuring ACLs This example sh ows ho w to create and display an access list named ma c1 , denying o nly EtherT ype DECnet Phase IV traff ic, but per mitting all oth er types of traf fic. Switch(config)# mac ac[...]

  • Page 521

    28-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Applying ACLs to Terminal Lines or Physic al Interfaces Applying ACLs to Terminal Lines or Physical Interfaces Note Before applying an A CL to a physical interface, see the “Guidelines for Applying A CLs to Phy[...]

  • Page 522

    28-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Displaying ACL Information Applying ACLs to a Physical Interface Beginni ng in pri vileged EXEC mod e, follo w thes e steps to control access to a Layer 2 interface: This exampl e show s how to apply access list [...]

  • Page 523

    28-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Displaying ACL Information Beginning in pri vileged EXEC mode, follow these steps to display access lists: This example sho ws all standard and extended A CLs: Switch# show access-lists Standard IP access list 1 [...]

  • Page 524

    28-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Examples for Co mpiling ACLs Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is permit Any Inbound access list is 13 [...]

  • Page 525

    28-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Examples for Compiling ACLs Figur e 28-2 Using Switch ACLs t o Contr ol T raf fic This example uses a standard A C L to allow access to a specific Internet host with the address 172.20.128 .64. Switch(config)# ac[...]

  • Page 526

    28-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Examples for Co mpiling ACLs Numbered ACL Examples This example sho ws that the switch accepts addresses on network 36.0.0.0 subnets and denies all pack ets coming from 56.0.0.0 subnets. Th e A CL is then applied[...]

  • Page 527

    28-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 28 Configuri ng Network Security with ACLs Examples for Compiling ACLs Switch(config)# access-list 100 deny host 171.69.3.85 any eq www Switch(config)# access-list 100 remark Do not allow Smith to browse the web Switch(config)# access-list 100 deny host 1[...]

  • Page 528

    28-26 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 28 Configurin g Network Security with ACLs Examples for Co mpiling ACLs[...]

  • Page 529

    CH A P T E R 29-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 29 Configuring QoS This chapter describe s ho w to configure quality of serv ice (QoS) by using automatic-QoS (auto-Q oS) commands or by using standard QoS commands. W ith QoS, you can gi ve preferential treatment to certain types of traf fic at the e[...]

  • Page 530

    29-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Understandi ng QoS Y ou can also use these wizards to conf igure QoS only if your swit ch is running the EI: • Priority data wizard—Lets you assign priori ty lev els to data application s based on their TCP or UDP ports. It has a sta[...]

  • Page 531

    29-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Understanding Qo S Layer 3 IP pack ets can carry a Dif ferentiated Serv ices Code Point (DSCP) v alue. The supported DSCP v alues are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. Figur e 29-1 QoS Classification Layers in F rames[...]

  • Page 532

    29-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Understandi ng QoS • Marking e valuates the policer and conf iguration informat ion for the action t o be taken when a packet is out of prof ile and decides what to do with the packet (pass through a pack et without modif ication, mark[...]

  • Page 533

    29-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Understanding Qo S The trust DSCP conf iguration is meanin gless for non-IP traf fic. If you conf igure a port with this option and non-IP traf fic is recei ved, the switch assigns the def ault port CoS v alue and classifies traf fic bas[...]

  • Page 534

    29-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Understandi ng QoS Classification Based on Cl ass Maps and Policy Maps A class map is a mechanism that y ou use to isolate and name a specif ic traff ic flow (or class) from all other traf fic. The cl ass map def ines the criteria used t[...]

  • Page 535

    29-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Understanding Qo S • Only one policer can be applied to a pack et in the input direct ion. • Only the av erage rate and committed burst p arameters are configurable. • Policing occurs on the ingress interf aces: – 60 policers are[...]

  • Page 536

    29-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Understandi ng QoS Port Priority Frames receiv ed from use rs in the administrati vel y defined VLANs are classified or tagged for transmission to other de vices. Based on rules that you define, a uni que identif ier (the tag) is inserte[...]

  • Page 537

    29-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Auto-QoS Y o u can enable the egress expedite queue and assi gn WRR weights to the other queues b y using the wrr -queue bandwidth weight1 weight 2 weight3 0 global conf iguration command. Configuring Auto-QoS Note This featu[...]

  • Page 538

    29-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Auto-QoS Ta b l e 29-3 lists the generated au to-QoS conf iguration for the egress queues. When you enable the auto-QoS feature on the first interface, these automatic actions occur: • When you enter the auto qos voip cisc[...]

  • Page 539

    29-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Auto-QoS Effects of Auto-QoS on the Configuration When auto-QoS is enabled, the auto qos voip interface conf iguration command and t he generated confi guration are added to the running conf iguration. The switch applies the[...]

  • Page 540

    29-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Auto-QoS Configuration Guidelines Before conf iguring auto-QoS, you sh ould be aw are of this informati on: • In releases earlier than Cisco IOS R elease 12.1( 20)EA2, auto-QoS conf igures the switch for V oIP only with Ci[...]

  • Page 541

    29-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Auto-QoS Enabling Auto-QoS for VoIP Beginning in pri vileged EXEC mode, follow these steps to enable auto-QoS for V oIP within a QoS domain: T o disable auto-QoS on the switch an d return to the def ault port trust state set[...]

  • Page 542

    29-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Displaying Auto-QoS Information Switch(config)# interface gigabitethernet0/1 Switch(config-if)# auto qos voip trust Displaying Auto-QoS Information T o display the initial au to-QoS confi guration, use the sho w auto qos [ interfa ce [ [...]

  • Page 543

    29-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Auto-QoS Configuration E xample Figur e 29-3 A uto-QoS Configur at ion Example Networ k The intelligent wiring clo sets in Figure 29-3 are composed of Catalyst 2950 switches running the EI and Catalyst 3550 switches. The object of this [...]

  • Page 544

    29-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS Beginni ng in priv ileged EXEC mode, follo w these steps to configur e the switch at the edge of the QoS domain to prioritize t he V oIP traff ic over all other traf fic: Configuring Standard QoS Before conf ig[...]

  • Page 545

    29-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S Note If your switch is running the SI, y ou can confi gure only the features descri bed in the “ Conf iguring Classification Usin g Port T ru st States ” and the “ Configuri ng the Egress Queues ” secti[...]

  • Page 546

    29-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS • Y ou must disable the IEEE 802.3x flo wcontrol on all ports befo re enabling QoS on the switch. T o disable it, use the flowcontrol r eceive off and flowcontr ol send off interface conf iguration commands. [...]

  • Page 547

    29-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S Configuring Classification Using Port Trust States This section descri bes ho w to classify incoming t raf fic b y using port trust states: • Config uring the T rust State on Ports within the QoS Domain, p ag[...]

  • Page 548

    29-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS T o return a port to its untrusted st ate, use the no mls qos trust interf ace configuration command. For information on ho w to change the default CoS v alue, see the “Configuring the CoS V alue for an Inter[...]

  • Page 549

    29-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S T o return to the default setting, use t he no mls qos cos { default-cos | ov erride } interface conf iguration command. Configuring Trusted Boundary In a typical net work, you connect a Cisco IP Ph one to a sw[...]

  • Page 550

    29-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS trusted boundary feature di sables the trusted setting on the swi tch port and pre vents misuse of a high-priority queue. No te that the trusted boundary fe ature is no t effect iv e if the PC and Cisco IP Phon[...]

  • Page 551

    29-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S Enabling Pass-Through Mode In software releases ear lier th an Cisco IOS Release 12.1(11)EA1, the switch is in pass-thr ough mode. It uses the CoS value of incoming pack ets without modifyi ng the DSCP v alue a[...]

  • Page 552

    29-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS Configuring a QoS Policy Note This feature is a v ailable only if your swit ch is running the EI. Config uring a QoS polic y typically requires classifying t raff ic into classes, conf iguring policies appli ed[...]

  • Page 553

    29-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S For more inf ormation about creating I P standard A CLs, see the “Guidelines for Applying A CLs to Physical Interf aces” section on page 28-5 . T o delete an A CL, use the no access-list access-list-number [...]

  • Page 554

    29-26 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS Beginning in priv ileged EXEC mode, foll ow these steps to create an IP exten ded A CL for IP traf fic: Command Purpose Step 1 configur e terminal Enter global conf iguration mode. Step 2 access-list access-lis[...]

  • Page 555

    29-27 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S For more inf ormation about creating I P extended A CLs, see the “Guidelines for Apply ing A CLs to Physical Interf aces” section on page 28-5 . T o delete an A CL, use the no access-list access-list-number[...]

  • Page 556

    29-28 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS This example sho ws how to create a Layer 2 MA C A C L with a permit statement. The statement allo ws traf fic from the host with MA C address 0001.0000.0001 to th e host with MA C address 0002.0000.0001. Switc[...]

  • Page 557

    29-29 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S T o delete an existing class map, use the no class-map class-map-name global co nfiguration command. T o remove a match criterion , use the no match { access-group acl-inde x | name acl-name | ip dscp } class-m[...]

  • Page 558

    29-30 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS Beginni ng in pri vileged EXEC mode, follow these steps to create a polic y map: Command Purpose Step 1 configur e terminal Enter global conf iguration mode. Step 2 access-list acces s-list-number permit { sour[...]

  • Page 559

    29-31 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S T o delete an existing polic y map, use the no policy-map policy-map-name global configuration command. T o delete an existin g class map, use the no class class-map-name poli cy-map co nfigu ration command. T [...]

  • Page 560

    29-32 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS Switch(config)# access-list 1 permit 10.1.0.0 0.0.255.255 Switch(config)# class-map ipclass1 Switch(config-cmap)# match access-group 1 Switch(config-cmap)# exit Switch(config)# policy-map flow1t Switch(config-p[...]

  • Page 561

    29-33 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S If these v alues are not appropriate for your network, you need to modify them. Beginni ng in pri vileged EXEC mod e, follo w these steps to modify the CoS-to-DSCP map: T o return to the default map, use the no[...]

  • Page 562

    29-34 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standa rd QoS If these v alues are not appropriate for your network, you need to modify them. Beginning in pri vileged EXEC mode, foll ow th ese steps to modify the DSCP-to-CoS map: T o return to the default map, u se the no[...]

  • Page 563

    29-35 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Configuring Standard Qo S Configuring the Egress Queues Note This feature is supported b y both the SI and EI. This section describes how to conf igure the egress queues: • Config uring CoS Priority Qu eues, page 29-35 • Config urin[...]

  • Page 564

    29-36 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Displaying Stan dard QoS Information T o disable the WRR scheduling and enable the strict priorit y scheduling, use the no wrr -queue bandwidth global conf iguration command. T o enable one of the queues as the expedite queue and to ena[...]

  • Page 565

    29-37 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Standard QoS Co nfiguration Examples Standard QoS Configuration Examples Note These examples are applicable only if your switch is runni ng the EI. This section sho ws a QoS migration path to help you quickly implement QoS features b as[...]

  • Page 566

    29-38 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Standard Q oS Configuration Examp les Figur e 29-5 QoS Configuration Example Networ k QoS Configuration for the Existing Wiring Closet Figure 29-5 sho ws an existing wir ing closet with Cata lyst 2900 XL and 3500 XL switches, for exampl[...]

  • Page 567

    29-39 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Standard QoS Co nfiguration Examples For the Catalyst 29 00 and 3500 XL switches, CoS conf ig ures each transmit p ort (the egress port ) with a normal-priority tr ansmit queue and a high-pr iority transmit queue, depend ing on the fram[...]

  • Page 568

    29-40 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 29 Configuring QoS Standard Q oS Configuration Examp les Step 18 show class-map videoclass show policy-map v ideopolicy show mls qos maps [ cos-dscp | dscp-cos ] V erify your entries. Step 19 copy running-conf ig startup-conf ig (Optional) Save your entri[...]

  • Page 569

    CH A P T E R 30-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 30 Configuring EtherChannels This chapter descri bes how to conf igure EtherChan nel on the Layer 2 interfaces of a Catalyst 2950 or Catalyst 29 55 switch. This chapter consists of these sections: • Understanding EtherChannels, page 30 -1 • EtherC[...]

  • Page 570

    30-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 30 Config uring EtherChannels Understanding EtherChannels Figur e 30-1 T ypica l EtherChannel Configuration Each EtherChannel can consist of up to eight compat i bly conf igured Ethernet int erfaces. All in terfaces in each EtherChannel must be the same sp[...]

  • Page 571

    30-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 30 Configuring EtherCh annels Understanding EtherCh annels Understanding Port-Channel Interfaces When you create an EtherChannel for Layer 2 interfa ces, a log ical interface is dynamically created, as sho wn in Figu re 30-2 . Y ou then manually assign an [...]

  • Page 572

    30-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 30 Config uring EtherChannels Understanding EtherChannels PAgP and LACP Modes Ta b l e 30-1 shows th e user -config urable EtherChannel modes for th e channel-gr oup interface configuration command. Switch interfaces exchan ge P AgP packets only w ith part[...]

  • Page 573

    30-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 30 Configuring EtherCh annels Understanding EtherCh annels Exchanging LACP Packets Both the active and passive LA CP modes allow interf aces to negotiate with partner interf aces to determine if the y can form an EtherChannel based on criteria such as inte[...]

  • Page 574

    30-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 30 Config uring EtherChannels Understanding EtherChannels EtherChannel On Mode EtherCha nnel on mode can be used to manually configur e an EtherChannel. The on mode forces a port to join an EtherChannel without negotiations. It can be usefu l if the remote[...]

  • Page 575

    30-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 30 Configuring EtherCh annels Configuring EtherChann els Figur e 30-3 Load Distr ibution and F orwar ding Methods Use the option that provides the greatest variety in your conf iguration. F or example, i f the traf fic on a channel is going only to a singl[...]

  • Page 576

    30- 8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 30 Config uring EtherChannels Configuring Et herChannels Default EtherChannel Configuration Ta b l e 30-2 shows the default EtherChannel configuration. EtherChannel Configuration Guidelines If improperly conf igured, some EtherChannel ports ar e automatic[...]

  • Page 577

    30-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 30 Configuring EtherCh annels Configuring EtherChann els • An EtherChannel supports the same al lo wed rang e of VLANs on all the int erfaces in a trunking Layer 2 EtherChannel. When conf iguring an interf ace for P AgP , if the allowed range of VLANs is[...]

  • Page 578

    30-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 30 Config uring EtherChannels Configuring Et herChannels Step 4 channel-group c hannel-gr oup-number mode {{ auto [ non-sil ent ] | desirable [ non-silent ] | on } | { active | passi ve }} Assign the port t o a channel group, and specify the P AgP or LA C[...]

  • Page 579

    30-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 30 Configuring EtherCh annels Configuring EtherChann els T o remove a po rt from the EtherChannel gro up, use the no channel-gr oup interface configuration command. If you delete the EtherChannel b y using the no interface port-channel global conf igurati[...]

  • Page 580

    30-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 30 Config uring EtherChannels Configuring Et herChannels T o return EtherChannel load balancing t o the default con figurat ion, use the no port-channel load-balance global conf iguration command. Configuring the PAgP Learn Method and Priority Network de [...]

  • Page 581

    30-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 30 Configuring EtherCh annels Configuring EtherChann els Configuring Hot Standby Ports When enabled, LA CP tries to configure the maximu m num ber of LA CP-compatible ports in a channel, up to a maximum of 16 po rts. Only eight LA CP links can be acti ve [...]

  • Page 582

    30-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 30 Config uring EtherChannels Displaying Ether Channel, PAgP, and LACP Status Displaying EtherChannel, PAgP, and LACP Status Y o u can use the privileged EXEC command s described in Ta b l e 30-3 to display EtherChannel, P A gP , and LA C P status informa[...]

  • Page 583

    CH A P T E R 31-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 31 Troubleshooting This chapter describes ho w to identify and resolve Catalyst 2950 and Catal yst 2955 software probl ems related to the Cisco IOS softw a re. Depending on the nature of the problem, you can use t he command-line interface (CLI ), the[...]

  • Page 584

    31-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Using Recover y Procedures Recovering from a Software Failure Switch software can be corrupted during an upgrad e, by do wnloading the wrong f ile to the switch, and by deleting th e image file. In all of these cases, th e switch does n[...]

  • Page 585

    31-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Using Recovery Procedure s flash_init load_helper boot Step 5 Initialize the flash f ile system: switch: flash_init Step 6 If you had set the consol e port speed to an ything othe r t han 9600, it has been reset to that p articular spee[...]

  • Page 586

    31-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Using Recover y Procedures Step 16 Return to pri vileged EXEC mode: switch(config)# exit switch# Step 17 Write the running conf iguration to the startup conf iguration file: switch# copy running-config startup-config The new password is[...]

  • Page 587

    31-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Using Recovery Procedure s Password Recovery with Password Recovery Enabled If the password-recov ery mechanism is enabled, this message appears: The system has been interrupted prior to initializing the flash file system. The following[...]

  • Page 588

    31-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Using Recover y Procedures Step 11 Change the password: Switch (config)# enable secret password The secret password can be from 1 to 25 alphanumer ic characters, can start with a number , is case sensitiv e, and allows spaces but ignore[...]

  • Page 589

    31-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Using Recovery Procedure s Step 2 Load any helper files: Switch: load_helper Step 3 Display the contents of flash memory: switch: dir flash: The switch file system appears in the directory . Step 4 Boot the sy stem: Switch: boot Y ou ar[...]

  • Page 590

    31-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Using Recover y Procedures Note The break key character is dif fer ent for each operating system. On a SUN work statio n running UNIX, Ctrl-C i s the break ke y . On a PC running W indo ws 2000, Ctrl-Break is the break k ey . Cisco T A [...]

  • Page 591

    31-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Using Recovery Procedure s Step 8 Display the contents of flash memory as in thi s example: switch# dir flash: Directory of flash:/ The switch file system appears in the directory . Step 9 Rename the conf iguration file t o config.te xt[...]

  • Page 592

    31-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Using Recover y Procedures Recovering from a Command Switch Failure This section describes ho w to recov er from a failed command switch. Y ou can configure a redundant command switch group b y using the Hot Standby Router Prot ocol (H[...]

  • Page 593

    31-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Using Recovery Procedure s Step 8 Return to pri vileged EXEC mode. Switch(config)# end Switch# Step 9 Use the manufa cturing defau lt confi guration, or set up th e switch through the man agement module. Step 10 Use the setup program t[...]

  • Page 594

    31-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Using Recover y Procedures Replacing a Failed Command Sw itch with Another Switch T o replace a failed command switch with a switch that is command-capable but not part of the cluster , follo w these steps: Step 1 Disconnect the comman[...]

  • Page 595

    31-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Preventing Auto nego tiation Mismatches Step 10 When prompted for the enable secr e t and enable passwo rds, enter the passwords of the failed comm and switch again. Step 11 When prompted, make sure to enable the swit ch as the cluster[...]

  • Page 596

    31-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting GBIC and SFP Module Security and Identification Note If a remote de vice does not autone gotiate, conf igure the duplex settings on the tw o ports to match. The speed parameter can adjust itself e ven if the connected port does n ot au[...]

  • Page 597

    31-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Diagnosing Connec tivity Problems • Destination unreachable—If the default gate wa y cannot reac h the sp ecified network, a destination-unr each able message is returned. • Network or host un reachable—If there is n o entry in[...]

  • Page 598

    31-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Diagnosing Co nnectivity Problems Using Layer 2 Traceroute This section descri bes this information: • Understanding Layer 2 T raceroute, page 31-16 • Usage Guidelines, page 31-16 • Displaying the Physical Path, page 31-17 Unders[...]

  • Page 599

    31-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Diagnosing LR E Connection Problems – If an ARP entry e xists for th e specified IP addr ess, the switch uses th e associated MA C address and identifies the ph ysical path. – If an ARP entr y does not exist, the switch sends an AR[...]

  • Page 600

    31-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Using De bug Commands Using Debug Commands This section e xplains how you use the deb ug commands to diagnose and resolv e internetworking problems. It contains this information: • Enabling Debugging o n a Specific Feature, page 31- [...]

  • Page 601

    31-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Using Debug Command s Caution Because debugg ing output is assigned high prio rity in the CPU process, it can render the syst em unusable. For thi s reason, use debug comm ands only to troubleshoot sp ecific pro blems or during trouble[...]

  • Page 602

    31-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Using De bug Commands The no debug all p rivile ged EXEC command disables all diagnostic output. Usi ng the no debug all command is a con venient way to en sure that you ha ve no t accidentally left any debug commands enabled. Redirect[...]

  • Page 603

    31-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Chapter 31 Troub leshooting Using the show controlle rs Commands For more inf ormation about auto-QoS , see the “Conf iguring Auto-QoS” section o n page 29-9 . This example sho ws how to displa y the QoS commands that are automa tically generated wh en auto-Q[...]

  • Page 604

    31-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Chapter 31 Troublesho oting Using the cr ashinfo File The information in the f ile includes the software imag e name and v ersion that failed , a dump of the processor registers, and a stack trace. Y ou can giv e this information to the technical support represen[...]

  • Page 605

    A-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 APPENDIX A Supported MIBs This appendix lists t he supported MIBs for this release. It contains these sections: • MIB List, page A-1 • Using FTP to Access the MIB Files, page A-3 MIB List Note The Cataly st 2955 switch supp orts the ENTI TY -MIB, CISCO-ENVMON-[...]

  • Page 606

    A-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix A Supported MIBs MIB List • CISCO-P AE-MIB • CISCO-P A GP-MIB • CISCO-PING-MIB • CISCO-POR T -SECURITY - MIB • CISCO-PR OCESS-MIB • CISCO-PR ODUCTS-MIB • CISCO-R TTMON-MIB (subsystems supported : sub_rtt_rmo n and sub_rtt_rmonli b) • CISCO-[...]

  • Page 607

    A-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix A Supported MIBs Using FTP to Access the MIB Files Note The IF-MIB and the CISCO-IETF-VDSL-LINE-MIB ar e supported as read-only MI Bs for the Fast Ethernet interfaces on the CPE devices. Using FTP to Access the MIB Files Y ou can get each MIB file b y usi[...]

  • Page 608

    A-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix A Supported MIBs Using FTP to A ccess the MIB Files[...]

  • Page 609

    B-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 APPENDIX B Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes ho w to manipulate the 2950 or 2955 flash file system, how to cop y conf iguration files, and how to archi ve (upload and do wnload) software images[...]

  • Page 610

    B-2 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with the Flash File System Displaying Available File Systems T o display the available f ile sy stems on your sw itch, use the show f ile systems pri vileged EX EC[...]

  • Page 611

    B-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with the Flash File Syste m Setting the Default File System Y o u can specify the file system or di rectory that the system uses as th e default file system by usi[...]

  • Page 612

    B-4 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with the Flash File System Creating and Removing Directories Beginning in pri vileged EXEC mode, foll ow th ese steps to create and remo ve a directory: T o delete[...]

  • Page 613

    B-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with the Flash File Syste m Local writable f ile systems include flash:. Some in valid comb inations of source and destination e xist. Specifically , you cannot co[...]

  • Page 614

    B-6 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with the Flash File System For destination-u rl , specify the de stination URL al ias for the lo cal or network f ile system and the name of the tar file to create[...]

  • Page 615

    B-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configura tion Files Extracting a tar File T o extract a tar file into a di rectory on the flash f ile system, use the privile ged EXEC command: archiv e tar [...]

  • Page 616

    B-8 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files • T o use the confi guration f ile for another switch. F or example, yo u might add another sw itch to your network an d want it to hav [...]

  • Page 617

    B-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configura tion Files confi guration f ile is a mixture of the e xisting conf iguration f ile and the copied config uration f ile, with the copied configuratio[...]

  • Page 618

    B-10 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Preparing to Download or Upload a Configuration File By Using TFTP Before you be gin do wnloading or uploading a conf iguration file b y [...]

  • Page 619

    B-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configura tion Files This example sho ws how to conf igure the software from t he file tok yo-confg at IP address 172.16.2.1 55: Switch# copy tftp://172.16.2[...]

  • Page 620

    B-12 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files The username and password must be associat ed with an account on the FTP server . If you are writing to the server , the FTP server must [...]

  • Page 621

    B-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configura tion Files This example sho ws how to cop y a config uration f ile named host1-confg from the netadmin1 dir ectory on the remo te server with an IP[...]

  • Page 622

    B-14 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files This examp le shows ho w to copy the running co nfigur ation file named switch2-conf g to the netadmin1 directory on the remote host with[...]

  • Page 623

    B-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configura tion Files • The username set by the ip rcmd r emote-username username global conf iguration command if the command is conf igured. • The remot[...]

  • Page 624

    B-16 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Working with Configuration Files Downloading a Configuration File By Using RCP Beginni ng in pri vileged EXEC mod e, follo w these steps to do wnload a conf iguration fil[...]

  • Page 625

    B-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Configura tion Files Uploading a Configuration File By Using RCP Beginning in pri vileged EXEC mode, follow these st eps to upload a configuration file b y u[...]

  • Page 626

    B-18 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Workin g with S oftware Images Caution Y ou cannot restore the startup conf iguration file after i t has been deleted. Deleting a Stored Configuration File T o delete a s[...]

  • Page 627

    B-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Y o u can use the s how ve rsio n pri vileged EXEC command to see the software v ersion that is currently running on your swit ch. In the dis[...]

  • Page 628

    B-20 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Workin g with S oftware Images Copying Image Files By Using TFTP Y ou can download a switch image fro m a TFTP serv er or upload the image from the switch to a TFTP serve[...]

  • Page 629

    B-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Downloading an Image File By Using TFTP Y o u can do wnload a new image f ile and repla ce the current image or keep the current image. Begin[...]

  • Page 630

    B-22 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Workin g with S oftware Images If you specify the /lea ve-old-sw , the existing f iles are not remo ved. If there is not enou gh space to install the ne w image and k eep[...]

  • Page 631

    B-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Y o u do w nload a switch image file from a server to upgrade the switch software. Y ou can overwrite the current im age with the ne w one or[...]

  • Page 632

    B-24 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Workin g with S oftware Images username global configuration command. This ne w name will be used during all archive operations. The new username is stored in NVRAM. If y[...]

  • Page 633

    B-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnload algorith m verif ies that the image is appropriate for the switch model and th at enough DRAM is present, or it stops the proce[...]

  • Page 634

    B-26 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Workin g with S oftware Images The archiv e upload-sw command bui lds an image file on t he server b y uploading these fil es in order: info, the Cisco IOS image, the HTM[...]

  • Page 635

    B-27 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images Preparing to Download or Upload an Image File By Using RCP RCP provid es another method of do wnloading and up loading image f iles between r[...]

  • Page 636

    B-28 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Workin g with S oftware Images If the switch IP address translates to Switch 1.company .com , the .rhosts file for User0 on the RCP server should contain t his line: Swit[...]

  • Page 637

    B-29 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The do wnload algorith m verif ies that the image is appropriate for the switch model and th at enough DRAM is present, or it stops the proce[...]

  • Page 638

    B-30 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Workin g with S oftware Images The algorithm instal ls the do wnload ed image onto the system board flas h de vice (flash:). The image is placed in a new directory named [...]

  • Page 639

    B-31 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 Appendix B Working with the Cisco IOS F ile System, Configuration Files, and Software Images Working with Software Images The archiv e upload-sw privile ged EXEC command builds an image f ile on the server by uploadin g these files in order: info, the Cisco IOS i[...]

  • Page 640

    B-32 Catalyst 2950 and Catalyst 2955 Sw itch Software Configuration Guide OL-10101-02 Appendix B Workin g with the Cisco IOS File System, Configuration Files, and Software Imag es Workin g with S oftware Images[...]

  • Page 641

    IN-1 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 INDEX Numerics 802.1Q and trunk po rts 10-2 encapsulation 16-14 802.3x flow co ntrol 10-13 A abbreviating commands 2-4 AC (command switch) 6-9 access-class command 28-19 access control entries See ACEs access control lists See ACLs access control parameter See AC[...]

  • Page 642

    Index IN-2 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 ACLs (continued) IP creating 28-7 implicit deny 28-9, 28-12, 28-14 implicit masks 28-9 management interfaces, applying to 28-19 matching criteria 28-2, 28-7 named 28-13 physical interfaces, applying to 28-20 undefined 28-18, 28-20 virtual terminal lines, set[...]

  • Page 643

    Index IN-3 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 authentication (continued) RADIUS defined 8-17 key 8-21 login 8-23 TACACS+ defined 8-11 key 8-13 login 8-14 See also port-based authentication authentication failed VLAN See restricted VLAN authoritative time so urce, described 7-2 authorization with RADIUS[...]

  • Page 644

    Index IN-4 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 BPDU guard (continued) support for 1-5 broadcast storm control See storm control C cables, monitoring for unidirect ional links 22-1 candidate switch automatic discovery 6-5 defined 6-4 requirements 6-4 See also command switch, cluster stand by group, and me[...]

  • Page 645

    Index IN-5 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 CiscoWorks 2000 1-10, 27-4 class maps for QoS configuring 29-28 described 29-6 displayin g 29-36 class of service See CoS clearing interfaces 10-16 CLI abbreviating commands 2-4 command modes 2-1 described 1-9 editing features enabling and disabling 2-6 key[...]

  • Page 646

    Index IN-6 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 command switch accessing 6-10 active (AC) 6-9 configuration conflicts 31-13 defined 6-2 passive (PC) 6-9 password privi lege levels 6-14 priority 6-9 recovery from command-switch failure 6-9 from failure 31-10 from lost member connectivity 31-13 redundant 6-[...]

  • Page 647

    Index IN-7 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 configuring (continued) or an LRE upgrade 12-23 LRE ports 12-8 speed on Cisco 575 LRE CPE 12-11 Configuring a Restricted VLAN 9-24 config-vlan mo de 2-2, 16-6 conflict s, configurat ion 31-13 connections, secure remote 8-33 connectivity problems 31-14 consi[...]

  • Page 648

    Index IN-8 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 default configuration (continued) MSTP 14-11 MVR 20-17 NTP 7-4 optional span ning-tree features 15-13 password and p rivilege level 8-2 port security 21-8 QoS 29-17 RADIUS 8-20 RMON 25-3 RSPAN 24-7 SNMP 27-5 SPAN 24-7 storm control 21-2 STP 13-11 system mess[...]

  • Page 649

    Index IN-9 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 DHCP snooping (continued) option 82 da ta insertion 19-3 trusted interfac e 19-2 untrusted interface 19-2 untrusted messages 19-2 DHCP snooping binding database described 19-2 displayin g 19-8 entries 19-2 DHCP snooping binding tabl e See DHCP snooping bind[...]

  • Page 650

    Index IN-10 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 egress port scheduling 29-8 enable password 8-4 enable secret password 8-4 encapsulation 29-8 encryption for pa sswords 8-4 environment variables function of 4-17 location in F lash 4-16 error messages during command entr y 2-5 setting the display destin at[...]

  • Page 651

    Index IN-11 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 files (continued) tar creating B-5 displaying t he contents of B-6 extracting B-7 image file fo rmat B-19 files, cras hinfo description 31-21 displaying t he contents of 31-22 file system displaying availabl e file systems B-2 displayin g file informat ion[...]

  • Page 652

    Index IN-12 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 HSRP automatic cluster recovery 6-11 cluster standby group consi derations 6-10 See also clusters, cluster standby group, and standby command switch I ICMP ping executing 31-15 overview 31-14 IE2100 described 1-9 support for 1-4 IEEE 802.1D See STP IEEE 802[...]

  • Page 653

    Index IN-13 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 interfaces (continued) configuring 10-5 configuring dupl ex mode 10-10 configuring speed 10-10 counters, clearing 10-16 described 10-14 descriptive nam e, adding 10-14 displayin g information a bout 10-16 flow control 10-13 monitoring 10-15 naming 10-14 ph[...]

  • Page 654

    Index IN-14 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 L LACP See EtherChannel Layer 2 frames, classification with CoS 29-2 Layer 2 interfaces, default configu ration 10-9 Layer 2 traceroute and ARP 31-16 and CDP 31-16 described 31-16 IP addresses and subnets 31-16 MAC addresses and VLANs 31-16 multicast traffi[...]

  • Page 655

    Index IN-15 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 LRE ports (continued) rate selection described 12-14 sequence s 12-5 troubleshooting 31-17 LRE profiles assigning global pro files 12-13 port sequences 12-13 private p rofiles 12-12 public profiles 12-12 considerations 12-10 described 12-2 rate selection 1[...]

  • Page 656

    Index IN-16 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 member switch automatic discovery 6-5 defined 6-2 passwords 6-12 recovering from lost connectivity 31-13 requirements 6-4 See also candidate switch, cluster standby group, and standby command switch message logging, LRE 12-7 metropolitan-area n etworks See [...]

  • Page 657

    Index IN-17 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 MSTP (continued) extended system ID effects on root switch 14-14 effects on secondary root switch 14-15 unexpected be havior 14-14 instances supported 13-9 interface state, blocking to forwarding 15-2 interoperability an d compatibility among modes 13-10 i[...]

  • Page 658

    Index IN-18 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 Network Assistant (continued) described 1-9 guide mode 1-3 management options 1-2 wizards 1-3 network examples collapsed backbone and switch cluster 1-15 design conc epts cost-effective wiring closet 1-12 high-performance workgroup 1-12 network performance [...]

  • Page 659

    Index IN-19 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 passwords (continued) setting enable 8-3 enable secret 8-4 Telnet 8-6 with usernames 8-7 VTP domain 17-8 patch pan el 1-17 path cost MSTP 14-17 STP 13-18 PBX 1-16 PC (passive command switch) 6-9 performing an LRE upgrade 12-23, 12-24 persistence, LRE link [...]

  • Page 660

    Index IN-20 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 port-based authentication (continued) initiation and message exchange 9-3 magic pack et 9-11 method lists 9-15 multiple-hosts mode, described 9-5 ports authorization state and d ot1x port-control command 9-4 authorized and u nauthorized 9-4 port security, m[...]

  • Page 661

    Index IN-21 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 private VL AN edge ports See protected ports privileged EXEC mode 2-2 privilege levels changing the default for li nes 8-9 command switch 6-14 exiting 8-10 logging into 8-10 mapping on member switch es 6-14 overview 8-2, 8-8 setting a command wi th 8-8 pro[...]

  • Page 662

    Index IN-22 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 QoS (continued) configuring auto-QoS 29-9 class maps 29-28 CoS and WRR 29-35 default port CoS v alue 29-20 egress queu es 29-35 IP extended ACLs 29-26 IP standard ACLs 29-24 MAC ACLs 29-27 policy maps 29-29 port trust states within th e domain 29-19 QoS pol[...]

  • Page 663

    Index IN-23 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 RADIUS (continued) identifying the server 8-20 in cluste rs 6-13 limiting the servi ces to the user 8-27 method list, defined 8-20 operation of 8-19 suggested ne twork environment s 8-18 tracking services accessed by user 8-28 range macro 10-7 of interface[...]

  • Page 664

    Index IN-24 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 RFC (continued) 2236, IP mult icast and IGMP 20-2 2273-2275, SNMP v3 27-2 RMON default configu ration 25-3 displaying st atus 25-6 enabling alarms and events 25-3 groups supported 25-2 overview 25-1 statistics collecting group Ethernet 25-5 collecting group[...]

  • Page 665

    Index IN-25 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 servers, BOOTP 1-4 service-provider netw ork, MSTP and RSTP 14-1 set-request operat ion 27-4 settings duplex mode 12-11 speed 12-11 set-top box, televisi on 1-16, 1-19 setup program, failed command swit ch replacement 31-10, 31-12 severity leve ls, definin[...]

  • Page 666

    Index IN-26 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 SNMP (continued) users 27-9 versions supported 27-2 snooping, IGMP 20-1 SNR definition of 12-16 downstream rate requirements 12-16, 12-17 margins 12-16 upstream rate requirements 12-17, 12-18 software, VLAN considerations 17-8 software images location in f [...]

  • Page 667

    Index IN-27 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 statistics (continued) IEEE 802.1x 9-28 interface 10-16 QoS ingress and egress 29-37 RMON group Ethe rnet 25-5 RMON group hist ory 25-5 SNMP input and out put 27-16 VTP 17-15 sticky learning configuration file 21-7 defined 21-7 disabling 21-7 enabling 21-7[...]

  • Page 668

    Index IN-28 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 STP (continued) interface states blocking 13-5 disabled 13-6 forwarding 13-5, 13-6 learning 13-6 listening 13-6 overview 13-4 interoperability and comp atibility among modes 13-10 limitations with IEEE 802.1Q tr unks 13-10 load sharing overview 16-20 using [...]

  • Page 669

    Index IN-29 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 system message logging (continued) enabling 26-3 facility keywords, described 26-11 level keywords, descri bed 26-8 limiting messages 26-9 message format 26-2 overview 26-1 sequence numbers, enabling an d disabling 26-7 setting the display dest ination dev[...]

  • Page 670

    Index IN-30 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 traceroute, Layer 2 and ARP 31-16 and CDP 31-16 described 31-16 IP addresses and subnets 31-16 MAC addresses and VLANs 31-16 multicast traffic 31-16 multiple device s on a port 31-17 unicast traffic 31-16 usage guid elines 31-16 traffic blocking flooded 21-[...]

  • Page 671

    Index IN-31 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 UniDirectional Link Detection protocol See UDLD UNIX syslog servers daemon configuration 26-10 facilities supported 26-11 message logging configurati on 26-11 unrecognized Type-Len gth-Value (TLV) support 17-4 upgrade behavior d etails 12-25 configuring fo[...]

  • Page 672

    Index IN-32 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02 VLANs (continued) creating in VLAN configuration mod e 16-9 default configu ration 16-7 deletin g 16-9 described 10-3, 16-1 displayin g 16-13 extended-range 16-11 illustrated 16-2 modifying 16-8 native, configu ring 16-19 normal-range 16-1, 16-4 parameters [...]

  • Page 673

    Index IN-33 Catalyst 2950 and Catalyst 2955 Swit ch Software Con figuration Guide OL-10101-02 VTP (continued) disabling 17-12 domain names 17-8 domains 17-2 modes client 17-3, 17-11 server 17-2, 17-9 transition s 17-2 transparent 17-3, 17-12 monitoring 17-15 passwords 17-8 pruning disabling 17-14 enabling 17-14 examples 17-5 overview 17-4 pruning-e[...]

  • Page 674

    Index IN-34 Catalyst 2950 and Catalyst 2955 Swit ch Software Configuration Guide OL-10101-02[...]