Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/newdedyk/domains/bkmanuals.com/public_html/includes/pages/manual_inc.php on line 26
Cisco Systems 2960-S manuale d’uso - BKManuals

Cisco Systems 2960-S manuale d’uso

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004

Vai alla pagina of

Un buon manuale d’uso

Le regole impongono al rivenditore l'obbligo di fornire all'acquirente, insieme alle merci, il manuale d’uso Cisco Systems 2960-S. La mancanza del manuale d’uso o le informazioni errate fornite al consumatore sono la base di una denuncia in caso di inosservanza del dispositivo con il contratto. Secondo la legge, l’inclusione del manuale d’uso in una forma diversa da quella cartacea è permessa, che viene spesso utilizzato recentemente, includendo una forma grafica o elettronica Cisco Systems 2960-S o video didattici per gli utenti. La condizione è il suo carattere leggibile e comprensibile.

Che cosa è il manuale d’uso?

La parola deriva dal latino "instructio", cioè organizzare. Così, il manuale d’uso Cisco Systems 2960-S descrive le fasi del procedimento. Lo scopo del manuale d’uso è istruire, facilitare lo avviamento, l'uso di attrezzature o l’esecuzione di determinate azioni. Il manuale è una raccolta di informazioni sull'oggetto/servizio, un suggerimento.

Purtroppo, pochi utenti prendono il tempo di leggere il manuale d’uso, e un buono manuale non solo permette di conoscere una serie di funzionalità aggiuntive del dispositivo acquistato, ma anche evitare la maggioranza dei guasti.

Quindi cosa dovrebbe contenere il manuale perfetto?

Innanzitutto, il manuale d’uso Cisco Systems 2960-S dovrebbe contenere:
- informazioni sui dati tecnici del dispositivo Cisco Systems 2960-S
- nome del fabbricante e anno di fabbricazione Cisco Systems 2960-S
- istruzioni per l'uso, la regolazione e la manutenzione delle attrezzature Cisco Systems 2960-S
- segnaletica di sicurezza e certificati che confermano la conformità con le norme pertinenti

Perché non leggiamo i manuali d’uso?

Generalmente questo è dovuto alla mancanza di tempo e certezza per quanto riguarda la funzionalità specifica delle attrezzature acquistate. Purtroppo, la connessione e l’avvio Cisco Systems 2960-S non sono sufficienti. Questo manuale contiene una serie di linee guida per funzionalità specifiche, la sicurezza, metodi di manutenzione (anche i mezzi che dovrebbero essere usati), eventuali difetti Cisco Systems 2960-S e modi per risolvere i problemi più comuni durante l'uso. Infine, il manuale contiene le coordinate del servizio Cisco Systems in assenza dell'efficacia delle soluzioni proposte. Attualmente, i manuali d’uso sotto forma di animazioni interessanti e video didattici che sono migliori che la brochure suscitano un interesse considerevole. Questo tipo di manuale permette all'utente di visualizzare tutto il video didattico senza saltare le specifiche e complicate descrizioni tecniche Cisco Systems 2960-S, come nel caso della versione cartacea.

Perché leggere il manuale d’uso?

Prima di tutto, contiene la risposta sulla struttura, le possibilità del dispositivo Cisco Systems 2960-S, l'uso di vari accessori ed una serie di informazioni per sfruttare totalmente tutte le caratteristiche e servizi.

Dopo l'acquisto di successo di attrezzature/dispositivo, prendere un momento per familiarizzare con tutte le parti del manuale d'uso Cisco Systems 2960-S. Attualmente, sono preparati con cura e tradotti per essere comprensibili non solo per gli utenti, ma per svolgere la loro funzione di base di informazioni e di aiuto.

Sommario del manuale d’uso

  • Pagina 1

    Americas Hea dquarters Cisc o Syst ems , Inc . 170 West Ta sman Driv e San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 527-0883 Catal yst 2960 and 2960-S S witc h So f t wa r e Configuration Guide Cisco IOS R elease 12.2(55 )SE August 20 1 0 Text Pa rt Nu mber: OL-8603- 09[...]

  • Pagina 2

    THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI ON, AND RE COMMENDATIONS IN T HIS MA NUAL ARE BELI EVED TO BE ACCURATE BUT ARE P RESENTED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY P[...]

  • Pagina 3

    iii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 CONTENTS Preface xxxv ii Audienc e xxx vii Pur pose xx xvii Conv enti ons x xxviii Rela ted Publi cati ons xxxix Obtain ing Docu mentat ion, Obt aining Su pport , and Secur ity Gui deline s xl CHAPTER 1 Overview 1-1 Featur es 1-1 Ease-o f-Depl oyment and E ase-o f-Use F ea[...]

  • Pagina 4

    Cont ent s iv Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Using Con figu ration Lo ggin g 2-4 Using Comma nd Hist ory 2-5 Changin g the Comma nd Histor y Buffe r Size 2-5 Recall ing Commands 2-6 Disabl ing th e Command Hist ory Featur e 2- 6 Using Edi tin g Featu res 2-6 Enabli ng and Di sablin g Edit ing Featu res 2-[...]

  • Pagina 5

    Content s v Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Automa ticall y Downl oading a Con figu ration Fi le 3-18 Specif ying the Fi lena me to Read and Wri te the System Confi gura tion 3-18 Bootin g Manu ally 3-19 Bootin g a Speci fic Soft ware Imag e 3-20 Contro lli ng Enviro nment Var iables 3-21 Schedul ing a Re lo[...]

  • Pagina 6

    Cont ent s vi Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g NTP Assoc iation s 5-6 Config urin g NTP Broa dcast Serv ice 5-7 Config urin g NTP Acces s Restric tions 5-9 Config urin g the Sour ce IP Addre ss for NTP Packets 5-11 Displa ying t he NTP Confi gurat ion 5-12 Config urin g Time and Date Manuall y[...]

  • Pagina 7

    Content s vii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Clust er C omm and S wit ch Ch arac teri stic s 6-3 Standby Clu ster Command S witch Char acteris tics 6-3 Candida te Swit ch and Cl uster Member Swit ch Charac teri stic s 6-4 Plan ning a Sw itc h Clu ster 6-5 Automa tic Disc overy of Cl uster Can didat es and M[...]

  • Pagina 8

    Cont ent s viii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Underst andi ng Auto-Upg rade an d Auto-A dvise 7-10 Auto-Up grade an d Auto- Advis e Example Me ssages 7-11 Incom pat ible S oftw are and Mem ber Im ag e Upg rad es 7-13 Stack Con figu ration Fi les 7-13 Additi onal Consider ation s for Sy stem-Wide Co nfig [...]

  • Pagina 9

    Content s ix Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Protec ting Access to Pri vileg ed EXEC Comma nds 9-2 Defaul t Passwo rd and Priv ileg e Level Configur ation 9-2 Setti ng or Chan ging a Stat ic Ena ble Passwor d 9-3 Protec ting Enab le and Enab le Se cret P asswor ds wi th Encr ypti on 9-3 Disabl ing Pas sword [...]

  • Pagina 10

    Cont ent s x Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g th e Switch to Use V endor -Specif ic R ADIUS A ttribu tes 9-36 Config urin g the Swit ch for Vend or-P ropriet ary RADIUS Ser ver Co mmunica tion 9-38 Config urin g CoA on the Swit ch 9- 39 Monitor ing and Tro uble shootin g CoA Funct ionali ty 9-[...]

  • Pagina 11

    Content s xi Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Ports in A utho rized an d Una uthor ized Sta tes 10-11 802.1x Authent icati on and Swit ch Stacks 10-12 802.1x Host Mode 10-1 3 Multid omain Authe ntic ation 10-13 802.1x Mult iple Au thent icati on Mode 10-15 MAC Move 10-16 MAC Replace 10-16 802.1x Acco untin g [...]

  • Pagina 12

    Cont ent s xii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 VLAN Assig nment, Gues t VLAN, Res trict ed VLAN, an d Inac cessibl e Authenti cati on Bypass 10- 39 MAC Auth enti cat ion By pas s 10 -40 Maxi mum N umbe r of Allow ed Dev ice s Per Po rt 10-4 0 Config urin g 802.1 x Readines s Check 10-40 Config urin g Voi c[...]

  • Pagina 13

    Content s xiii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Device Ro les 11-2 Host De tect ion 11-2 Sessio n Creat ion 11-3 Authent icat ion Proce ss 11-3 Local We b Aut hen tica tion Bann er 11-4 Web Auth enti cation Custo mizab le Web P ages 11-6 Guidel ines 11-6 Web-base d Authen ticati on Int eracti ons with Oth er [...]

  • Pagina 14

    Cont ent s xiv Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Dual- Pur pose U pli nk P orts 12-4 Powe r ove r Etherne t Ports 12-5 Support ed Pro tocols an d Standa rds 12-5 Powe red-D evi ce De tect ion and In itia l Po wer A lloc ation 12-6 Power Ma nagement Modes 12-7 Power Moni toring an d Power Po licing 12-8 Conne[...]

  • Pagina 15

    Content s xv Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Shutti ng Do wn and Restar ting the I nter face 12 -39 CHAPTER 13 Configur ing V LANs 13-1 Underst anding VL ANs 13-1 Support ed VL ANs 13-2 VLAN Port Membe rship Mode s 13-3 Config urin g Normal -Range VLANs 13-4 Token Ri ng VLANs 13-5 Normal- Range VL AN Configu[...]

  • Pagina 16

    Cont ent s xvi Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g Dynamic -Access Po rts on VMPS Clients 13-25 Reco nfirm ing V LA N Me mber ship s 13-26 Changin g the Rec onfirmat ion I nterval 13-26 Changin g the Ret ry Coun t 13-2 7 Moni tori ng t he VM PS 13-2 7 Troubl eshooti ng Dynami c-Access Port VL AN [...]

  • Pagina 17

    Content s xvii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Voice VLA N Conf igurat ion Gui delines 15-3 Config urin g a Port Co nnected t o a Cisco 7 960 I P Phone 15-4 Config urin g Cisco IP Phone Voi ce Traf fic 15-5 Config urin g the Pri ority of Inco ming Data Fr ames 15-6 Displa ying Vo ice VLA N 15-7 CHAPTER 16 Co[...]

  • Pagina 18

    Cont ent s xviii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g the Maxi mum-Aging Ti me for a VL AN 16-23 Config urin g the Tra nsmit Hold-C ount 16-24 Displa ying t he Spannin g-Tr ee Status 16 -24 CHAPTER 17 Configur ing MST P 17-1 Underst anding MSTP 17-2 Multip le Sp anning- Tree Regions 17-2 IST, C IS[...]

  • Pagina 19

    Content s xix Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Config urin g the Maxi mum-Hop Co unt 17-26 Specif ying t he Link Typ e to Ensu re Rapid Tr ansit ions 17-27 Designa ting the Ne ighbo r Ty pe 17-27 Restar ting the Pr otoc ol Migr atio n Proce ss 17- 28 Displa ying t he MST Config uration and Stat us 17-28 CHAPT[...]

  • Pagina 20

    Cont ent s xx Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Generat ing IG MP Repo rts 19-4 Leakin g IGMP Repo rts 19-4 Config urati on Exa mples 19- 4 MAC Address- Table Mo ve Update 19-6 Config urin g Flex Lin ks and th e MAC Address -Tabl e Move Update 19-7 Defau lt C onfig urat ion 19-8 Config urati on Guidel ines 1[...]

  • Pagina 21

    Content s xxi Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Config urin g DHCP Serv er Port-B ased Add ress Al locati on 20- 22 Defau lt P ort- Base d Ad dre ss Al loca tion Conf igur atio n 20-23 Port-B as ed Ad dres s A lloc atio n Con figu rat ion Guide line s 20-2 3 Enabli ng DHCP Ser ver Po rt-Based Addres s Alloc at[...]

  • Pagina 22

    Cont ent s xxii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g TCN-Relat ed Command s 22-12 Contro lli ng the Multi cast Flo oding Time After a TC N Event 22-12 Recover ing fr om Flood Mode 22-13 Disabl ing Multica st Flo oding During a T CN Eve nt 22-13 Config urin g the IGMP Sn ooping Que rier 22-14 Disab[...]

  • Pagina 23

    Content s xxiii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Secure MAC Add resses 23-9 Secu rity Vi olat ions 23-10 Defaul t Por t Se curity Conf igurat ion 23-11 Port S ecu rity Conf igur atio n Gui deli nes 23-1 1 Enabli ng a nd Co nfiguri ng P ort Sec urit y 23-13 Enabli ng and Co nfig uring Por t Secur ity Agin g 23[...]

  • Pagina 24

    Cont ent s xxiv Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urati on Guidel ines 26-5 Enabli ng L LDP 26-6 Config urin g LLDP Char acte ristic s 26-6 Config urin g LLDP-MED TLVs 26-7 Config urin g Network -Pol icy TLV 26-8 Config urin g Locat ion TLV a nd Wired Loca tion Servic e 26-9 Monitor ing an d Mainta in[...]

  • Pagina 25

    Content s xxv Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 CHAPTER 28 Configur ing R MON 28-1 Underst anding RMON 28-1 Config urin g RMON 28-2 Defaul t RMON Configur ation 28-3 Config urin g RMON Alarms and Ev ents 28- 3 Collec ting Grou p Hist ory S tati stics on a n In terface 28-5 Collec ting Group Et hernet St atis t[...]

  • Pagina 26

    Cont ent s xxvi Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 SNMP Conf igur ation Guidel ines 30-7 Disabl ing th e SNMP Agent 30-7 Config urin g Community St ring s 30-8 Config urin g SNMP Groups and Us ers 30-9 Config urin g SNMP Notifi cations 30-12 Settin g t he C PU Th res hold Not ifica tion Ty pes and Value s 30-[...]

  • Pagina 27

    Content s xxvii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Displ ayin g IPv4 ACL Con figur atio n 31 -24 CHAPTER 32 Configur ing Cisc o IOS IP SLAs Operat ions 32-1 Underst anding Ci sco IOS IP SLAs 32-2 Using Ci sco IOS IP SLAs to Measur e Networ k Performa nce 32-3 IP SL As R espo nde r and IP S LAs C ont rol Prot oc[...]

  • Pagina 28

    Cont ent s xxvii i Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Enabli ng Au to-Qo S 33-33 Troubl eshoo ting Au to Qo S Commands 33-34 Displa ying Au to-QoS Informat ion 33-35 Config urin g Standa rd QoS 33-35 Defau lt S tan dard Q oS Conf igur atio n 33 -36 Defaul t Ingr ess Queu e Configur ati on 33-3 6 Defaul t Egre[...]

  • Pagina 29

    Content s xxix Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Config urin g SRR Share d Weights on Egress Queues 33-7 7 Config urin g the Egr ess Expedi te Queu e 33-78 Limiti ng the B andwidth o n an Egres s Interf ace 33-78 Displa ying St andard QoS Infor matio n 33-79 CHAPTER 34 Configur ing S tatic IP Unic ast Rout ing[...]

  • Pagina 30

    Cont ent s xxx Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 MLD Messages 36-3 MLD Queries 36-3 Multica st Cl ient Aging Rob ustn ess 36-3 Multic ast Rout er Discov ery 36- 4 MLD Reports 36-4 MLD Done Messag es and Imme diate-L eave 36-4 Topolo gy Chang e Notifi catio n Process ing 36-5 MLD Snoop ing in Switch Stacks 36[...]

  • Pagina 31

    Content s xxxi Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Config urin g LACP Hot- Standby Po rts 37 -18 Config urin g the LACP System Prio rity 37-18 Config urin g the LACP Port Pr iority 37-19 Displa ying EtherC hannel , PA gP, and LACP Stat us 37-20 Underst andi ng Link-St ate Trac king 37 -20 Config urin g Link- Sta[...]

  • Pagina 32

    Cont ent s xxxii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Underst anding TDR 38-19 Running TDR and Dis playin g the Resu lts 38 -19 Using Deb ug Commands 38-20 Enabli ng Debug ging o n a Specifi c Featu re 38-20 Enabli ng Al l-Syst em Diagn osti cs 38-2 1 Redire ctin g Debug an d Error Messa ge Outp ut 38-21 Using [...]

  • Pagina 33

    Content s xxxii i Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Copyin g File s A-5 Dele ting F iles A-5 Creati ng, Di splayi ng, and Extracti ng tar Files A-6 Creat ing a ta r File A-6 Displa ying t he Content s of a tar File A-7 Extra ctin g a tar Fil e A-7 Displa ying t he Content s of a File A-8 Working with Confi gur[...]

  • Pagina 34

    Cont ent s xxxiv Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Download ing an I mage File By Using FT P A-3 0 Uploa ding an I mage File By U sing F TP A-32 Copyin g Image Fi les By Usin g RCP A-33 Prepar ing to Download or Upload an Image Fi le By Using RC P A-33 Download ing an I mage File By Using RCP A-34 Uploa ding[...]

  • Pagina 35

    Content s xxxv Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Unsuppor ted I nterfac e Confi gurati on Commands C-5 Unsuppor ted Po licy-Map Confi guratio n Command C-5 RADIUS C-5 Unsuppor ted Gl obal Conf igura tion Comman ds C-5 SNMP C-5 Unsuppor ted Gl obal Conf igura tion Comman ds C-5 SNMPv3 C-6 Unsu ppo rted 3 DES En[...]

  • Pagina 36

    Cont ent s xxxvi Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09[...]

  • Pagina 37

    xxxvi i Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Preface Audience This gu ide i s for the net working profession al m anaging the Ca talyst 2960 and 29 60-S swi tches, hereaf ter re ferred t o as th e switch . Befor e using thi s guide, y ou should ha v e ex perience working wi th the Cisco IOS softwar e and be famil[...]

  • Pagina 38

    xxxvii i Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Preface • Enter th e sho w lic ense pr iv ilege d EXEC c ommand, an d see w hich is th e acti ve image: Switch# show license Index 1 Feature: lanlite Period left: 0 minute 0 second Index 2 Feature: lanbase Period left: Life time License Type: Permanent License Sta[...]

  • Pagina 39

    xxxix Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Pre face Cautio n Means re a d e r b e c a re f u l . In this situation, you might do someth ing that could result in equipmen t dam age or loss of da ta. Related Publications These docum ents provide co mplete infor mation about the switch and are av ailable from this C[...]

  • Pagina 40

    xl Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Preface • For inform ation abou t the Net work Admissi on Control (N A C) featur es, see th e Network A dmission Contr ol Software Configuration Gu ide • Information a bout Cisco SFP , SFP+, and GBIC modules is av ailable from this Cisco.com site: http://www .cisco.co[...]

  • Pagina 41

    CH A P T E R 1-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 1 Overview This c hapter p rovides these topics a bout t he C atalyst 29 60 a nd 2960-S switch software : • Feat ures , page 1-1 • Defa ult Settin gs After I nitial Swi tch Conf iguration, page 1-16 • Network Configu ration E xamples, page 1-18 • Whe[...]

  • Pagina 42

    1-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s Ease -of-Dep loyme nt and Eas e-of-Use F eatur es • Express Se tup for quickly configur ing a swi tch for t he first time with ba sic IP i nforma tion, contac t inform ation, sw itch a nd T el net passwords, and Si mple Network Manageme [...]

  • Pagina 43

    1-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • Cisco FlexStack tec hnology on Catal yst 2960-S sw itches runn ing the LAN ba se image for – Connecting u p to four swi tches through their FlexSta ck ports to o perate as a single switch in t he network. – Creatin g a bi directio nal [...]

  • Pagina 44

    1-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s Performa nce Featu res • Cisco EnergyWise manages the en ergy usage of en d points in cludi ng power ov er Etherne t (PoE) devices and n on-Ci sco devices. For informa tion, see the Cisc o EnergyW ise Con figuration Guide . • Autosensi[...]

  • Pagina 45

    1-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • IGMP throttl ing for conf iguring the ac tion when the maximum numb er of entries is in the IGMP forwarding ta ble. • IGMP lea ve timer for conf iguring the lea v e latenc y for the netw ork. • Switch Data base Mana gement (SDM) temp l[...]

  • Pagina 46

    1-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • Cisco IO S Configuration Engine (previously k nown to as the Cisco IOS CNS agen t)-—C onfiguration service aut omat es the deploym ent and m anagem ent of netwo rk devices and services . Y ou can auto mate initial config urations and[...]

  • Pagina 47

    1-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • In-band mana gement acc ess thro ugh the device m anag er over a Net scape Navigator or Mic rosoft Intern et Explore r browser session • In-band manageme nt access fo r up to 16 sim ultan eous T elne t connect ions for mult iple CL I-bas[...]

  • Pagina 48

    1-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • USB mi ni-T ype B cons ole po rt in additi on to th e st andard RJ-45 consol e port . Co nsole inp ut is active on only one port at a t ime. (Cat alyst 2 960-S o nly) • USB T ype A por t for externa l Cisco U SB flas h memory devices[...]

  • Pagina 49

    1-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features – Loop gu ard for pr ev enting alterna te or roo t ports fr om bec oming d esignat ed port s because of a failur e that l eads t o a unidir ectional link • Flex Link Layer 2 interf aces to back up one ano ther as an alternati ve to STP for[...]

  • Pagina 50

    1-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • Support for VT P version 3 that i ncludes support for c onfiguring ext ended r ange V LANs (VLANs 1006 to 4094) in any VTP m ode, enhanc ed a uthenti cation ( hidden or se cret p asswords), propagat ion of other datab ases in add itio[...]

  • Pagina 51

    1-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • Dynamic ARP insp ection to pre vent mali cious attacks on t he swi tch b y not r elayi ng in valid ARP requests and responses to other ports in the same VLAN • IEEE 802. 1x port-ba sed au then ticatio n to prev ent unaut horize d device[...]

  • Pagina 52

    1-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s Note T o use v oic e aw are 802.1 x authe ntication , the switc h must be runnin g the LAN Base image. – MA C authen ticat ion bypass to author ize cl ients ba sed on the client M A C addre ss. Note T o use MA C authentic ation byp ass,[...]

  • Pagina 53

    1-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • Support for cr itical VLAN with multi ple-host aut hentication so that when a port is conf igured for multi-au th, and an AAA ser ver becomes unreachab le, the p ort is p laced in a critical VLAN in o rder to still permit access to critic[...]

  • Pagina 54

    1-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • Policing Note T o use polic y maps, the switch must be runnin g the LAN Base image – T raff ic-poli cing poli cies on the switc h port for mana ging how much of the port ba ndwidth should be allocate d to a sp ecif ic traf fic f lo [...]

  • Pagina 55

    1-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features Note T o use Auto -QoS enha ncemen ts, the switc h must be runnin g the LAN Base imag e. Laye r 3 F eatur es • When yo u conf igur e the lanbase-routing SDM tem plate, the switch suppo rts static routing and router ACLs on SVIs (support ed [...]

  • Pagina 56

    1-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Default Set tings A fter Initial Sw itch Conf iguration • T ime Domai n Reflect or (TDR) t o diagnose and reso lve cabling problems on 10/100 and 10/100/10 00 coppe r Ether net port s • SFP module diagnostic management interface to monitor phys[...]

  • Pagina 57

    1-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Default Settings After Initial Switch Configuration • IEEE 8 02.1x is d isabled. For more infor matio n, see Chapte r 10, “C onf i guring IEEE 802. 1x Port-Based Auth entication. ” • Port para meter s – Interface speed a nd duplex mode is au[...]

  • Pagina 58

    1-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Netwo rk Configura tion Examp les • MVR is disabled. F or more inform ation, see Chapter 22 , “ Configuring IGM P Snoopin g and MVR. ” Note T o us e MVR, the sw itch m ust b e runnin g the LAN Bas e imag e. • Port-bas ed traf fic – Broadc[...]

  • Pagina 59

    1-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Network Configuration Examples Design Co ncepts fo r Using the Switch As your network user s compe te for network b andw idth, i t takes lon ger to send and re ceive data. Whe n you configu re your network , consi der t he band width requi red by your[...]

  • Pagina 60

    1-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Netwo rk Configura tion Examp les Y o u can u se the switches an d switch sta cks to create the follo wing: • Catalyst 29 60-S switches. T o preserv e switch connecti vity if one swit ch in the stack f ails, conn ect the switc hes as reco mmended[...]

  • Pagina 61

    1-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Network Configuration Examples Figur e 1 -1 Cost-Ef f ective W ir ing C loset • Serv er aggr e gation ( Figure 1-2 )— Y ou can u se the switch es to in tercon nect groups of servers, central izing phy sical sec urity and ad ministra tion o f your [...]

  • Pagina 62

    1-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Netwo rk Configura tion Examp les Figu re 1 - 2 S erver Aggregati on Small to Medium-Sized Ne twork Using Catalyst 2960 an d 2960-S Switch es Figure 1-3 shows a configurat ion for a networ k of up t o 500 employees. This ne twork use s The switche [...]

  • Pagina 63

    1-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Network Configuration Examples Figur e 1 -3 Collapsed Bac kbone Confi gura tion Long-Distan ce, High-Ba ndwidth T ransport C onfiguration Note T o u se CW DM SF Ps , the s wit ch mu st b e run nin g th e LAN Base ima ge. Figure 1-4 shows a configurat [...]

  • Pagina 64

    1-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Where to Go Nex t Figur e 1 -4 Long-Distanc e, High-Bandw idth T ran spor t Configur ation Where to Go Next Before conf igurin g the switch, re v ie w these sections for startup informatio n: • Chapter 2, “Using the Comman d-Li ne In terfa ce?[...]

  • Pagina 65

    CH A P T E R 2-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 2 Using the Command-Line Interface This c hapte r descr ibes t he Cisc o IOS comm and-li ne in terface ( CLI) and how to use it to configure your Catalyst 296 0 or 2960-S switch. Unless othe rwise not ed, the term switc h refers to a stand alone switch and t[...]

  • Pagina 66

    2-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding Com mand M odes Ta b l e 2 - 1 describ es the ma in comm and mod es, how to access ea ch one, the prompt you see in th at mode , and how to exit the mode. Th e exampl es in the tab le use the h ostname Sw[...]

  • Pagina 67

    2-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Understa nding th e Help Syst em For more detail ed info rmat ion on the command mode s, see the c omma nd refe rence g uide for th is rel ease. Understandin g the Help Syste m Y ou can enter a ques tion mark (? ) at the sy st[...]

  • Pagina 68

    2-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding no and defa ult Form s of Commands Understandin g no and def ault Forms of Commands Almos t e very co nf igur ation co mmand also has a no for m. In ge nera l, use the no form to disa ble a fea ture or fu[...]

  • Pagina 69

    2-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Using Com mand History comm and was en tered, and the parser r etur n code fo r the c omman d. This feature incl udes a me chan ism for asyn chron ous no tification to r egistered applica tions whenever the c onfiguratio n cha[...]

  • Pagina 70

    2-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Using E diting Feature s Recalling Commands T o rec all co mman ds from the hi story buffer , perform one of t he actions listed i n Ta b l e 2 - 4 . These actions are op tio nal. Disabling the Comma nd History Fe ature[...]

  • Pagina 71

    2-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Featu res T o re-enable the enhanced editing mode for the curre nt terminal session, enter this command in privileged EXEC mode : Switch# terminal editing T o reconf igu re a s pecif ic line to ha ve enha nced e[...]

  • Pagina 72

    2-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Using E diting Feature s Editing C ommand Lines that Wrap Y ou can use a w raparo und f eature for c omma nds tha t extend b eyond a single l ine o n the scre en. W hen the cursor reaches the right mar gin, the comma nd[...]

  • Pagina 73

    2-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Searching and Filtering Output of show and m ore Commands The soft ware assum es you have a termin al screen that i s 80 col umns wide . If you have a width ot her tha n that, use the termina l width privileged E XEC c ommand [...]

  • Pagina 74

    2-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Access ing the CLI T o deb ug a spe cifi c st ack mem ber , you c an acce ss it from the s tack master by usin g the session stac k-member -num ber privileged EXE C comma nd. Th e stac k memb er numb er is ap pende d t[...]

  • Pagina 75

    CH A P T E R 3-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 3 Assigning the Switch IP Address and Default Gateway This chap ter de scribe s ho w to creat e the initi al switc h conf igur ation (f or e xampl e, assig ning th e IP address an d default gateway informat ion) for the Ca talyst 296 0 or 2960-S switc h by u[...]

  • Pagina 76

    3-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion The nor mal b oot p rocess involv es the opera tion of the boot lo ader software, which perfo rms the se acti vities: • Performs lo w-le vel CPU initializatio n. It initiali [...]

  • Pagina 77

    3-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information . Stacking is sup ported only on Catalyst 2960-S sw itch es.Use a DHCP server for centra lized cont rol and automatic assignmen t of IP informatio n after the serv er is c onf[...]

  • Pagina 78

    3-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion The DH CP server for y our sw itch can be on the same LA N or on a different LA N than the s witch. I f the DHCP se rver is r unning o n a different LAN, you sh ould c onfigure[...]

  • Pagina 79

    3-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information The DH CP hostn ame option allows a grou p of swi tches t o obtain hostnam es an d a sta ndard c onfiguration from the ce ntral ma nage ment DHCP s erv er . A cl ien t (switch[...]

  • Pagina 80

    3-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion Limitations and Restrictions These are the limita tions: • The DHCP -based au toconf iguration wit h a sa ved co nf igurati on pro cess sto ps if there is not at leas t one L[...]

  • Pagina 81

    3-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Depending on the settings of the DHCP serv er , the switch can recei ve IP address informatio n, the configurat ion file, or b oth. If you do not configure th e DHCP ser ver w[...]

  • Pagina 82

    3-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion If you specify the T FTP server na me in the D HCP s erver-lease da tabase, you m ust al so co nfigure t he TFTP s erv er nam e-to- IP-a ddre ss map ping in the DNS- serv er da[...]

  • Pagina 83

    3-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Figu re 3-2 Rel ay Devi ce Us ed in Autoconfigu ration Obtaining Configurati on Files Depending on the av ailability of th e IP ad dress and th e conf igu ration f ilename in [...]

  • Pagina 84

    3-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion Note The switch br oadcasts TFTP serv er requests if the TFTP ser ver is not obt ained fr om the DHCP replies, if all attempts to read the conf iguratio n f ile t hrough unica[...]

  • Pagina 85

    3-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information TFTP Serve r Conf iguration (on UNIX) The TF TP server base di rectory is set to / tftpserver/wor k/. This di recto ry contai ns the ne twork-conf g file used in the two -fil[...]

  • Pagina 86

    3-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion This e xample sh ow s ho w to conf igure a switch as a DHCP serv e r so that it will do wnload a config uratio n fil e: Switch# configure terminal Switch(config)# ip dhcp pool[...]

  • Pagina 87

    3-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information This example shows ho w to configure a switch as a D HCP server so it downloads a con f igura tion file: Switch# config terminal Switch(config)# ip dhcp pool pool1 Switch(dhc[...]

  • Pagina 88

    3-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion Configuring the Client Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure a switch to do wnload a configurat ion file an d n e w im age from a D HCP se rv[...]

  • Pagina 89

    3-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Chec king and Savin g the Runni ng Co nfig ura tion Manually Assigning IP Information Beginn ing in pri vilege d EXEC mode, follo w these step s to manually assign IP information to multip le switched vi[...]

  • Pagina 90

    3-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Checking and Saving th e Running Con figuration enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0 ! . <output truncated> . interface gigabitethernet6/0/1 ip address 172.20.137.50 255.255.255.0 ! interface [...]

  • Pagina 91

    3-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Beginn ing in p ri vileg ed EXE C mode, f ollo w thes e steps to conf igur e the NV RAM b uf fer siz e: This exampl e shows ho w to configure th e NVRAM buf fer size: [...]

  • Pagina 92

    3-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration Default Boot Configuration Ta b l e 3 - 3 shows the d efault bo ot-up c onfiguration. Automatically Downloadin g a Con figuratio n File Y ou can automa tical ly download [...]

  • Pagina 93

    3-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration T o return to the default setting, use the no boot config-f ile glo bal configurat ion comma nd. Booting Manua lly By def ault, the switch au tomatically boots u p; ho[...]

  • Pagina 94

    3-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration Booting a Specific Software Image By default, the switch attempts to automatic ally boot up the system using infor mation in the BOO T en vironment v ariab le. If this v [...]

  • Pagina 95

    3-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Controlling Environment Variables W ith a n ormall y op erati ng swi tch, y ou en ter the boot load er m ode onl y thro ugh a swit ch conso le connec tion con figured [...]

  • Pagina 96

    3-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Reload of the Software Image Scheduling a Re load of the Software Image Y o u can schedule a reload o f the softw are image to occur on the switch at a l ater time (f or e xample, lat e at nigh [...]

  • Pagina 97

    3-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Schedul ing a Reload of the Sof tware Image Configur ing a S chedu led Reload T o conf igure your switch to relo ad t he soft war e image at a later ti me, u se o ne of th ese co mmands in privileged EXE[...]

  • Pagina 98

    3-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Reload of the Software Image Displaying S chedu led Reload Information T o di splay infor matio n about a previou sly sched uled reloa d or to find out if a relo ad has been schedule d on the sw[...]

  • Pagina 99

    CH A P T E R 4-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 4 Configuring Cisco IOS Configuration Eng ine This c hapter d escrib es how to configure the f eature on th e Cata lyst 2960 and 2960-S switche s. Note For complete conf iguration information for the Cisco Conf igurati on Engine, go to http://www .cisco.com/[...]

  • Pagina 100

    4-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software Figur e 4-1 Configuration Engine Ar chitec tur al Ov ervie w • Configuration Ser vice, page 4-2 • Event Service , page 4-3 • What Y ou Should Know About the CN[...]

  • Pagina 101

    4-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco Configuration Engine Software Event Servic e The Ci sco C onfiguration Engine uses t he Event Se rvice for re ceipt and g enerat ion of configurat ion e v ents. The e v ent agen t is on the switch[...]

  • Pagina 102

    4-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software DeviceID Each co nfigured swit ch parti cipati ng on the ev ent bus has a un ique DeviceID, w hich is ana logous to the switch source ad dress so that the switch can[...]

  • Pagina 103

    4-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco IOS Agents Understandin g Cisco IOS Age nts The CNS e vent agent feature allo ws the switch to publish and subscribe to e v ents on the e v ent b us and works with the Cisc o IOS agent. Th e Cisco[...]

  • Pagina 104

    4-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Incremental (Partial) Configur ation After t he ne twork i s runn ing, new serv ices c an b e adde d by usi ng the Cisco IOS a gent. Increm ent al (partia l) co nfigurations can be sent to [...]

  • Pagina 105

    4-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Note For more informatio n about running the setup program and creating templ ates on the Config uration Engine , see the Cisc o Configuration En gine I nstallat ion and Setup Guide, 1. 5[...]

  • Pagina 106

    4-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable the CNS ev ent agen t on the switch: T o disable t he CNS e vent ag ent, use the no cn s event { ip-a ddr ess | hostna me[...]

  • Pagina 107

    4-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Enabling th e Cisco IOS C NS Agent After enabling th e CNS e vent agent , start t he Cisco IOS CNS agent o n the switc h. Y ou can enab le the Cisco IOS ag ent with the se comman ds: • [...]

  • Pagina 108

    4-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Step 7 discover { contr oller contr oller-type | dlci [ subinterface subint erface -numbe r ] | interface [ interface-typ e ] | line line-type } Specify the inte rface p arameters in the C[...]

  • Pagina 109

    4-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents T o disab le th e CNS C isco IO S agent , us e the no cns conf ig initial { ip- addr ess | hostname } globa l configurati on c ommand. This e xample sho ws ho w to c onf igure a n initia[...]

  • Pagina 110

    4-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents This e xample sho ws ho w to c onf igure a n initial c onf iguratio n on a remote swi tch when the switch IP address is kn own. The Configura tion En gine I P addr ess is 172.28 .129.2 2. [...]

  • Pagina 111

    4-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Displaying CNS Configuration Displaying CNS Configuration T able 4-2 Pr ivile ge d EXEC sho w Comm ands Command Purpose show cns conf ig connect ions Displ ays th e stat us of the C NS Cis co IOS a gent c onnect ion[...]

  • Pagina 112

    4-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Displaying CNS Con figuration[...]

  • Pagina 113

    CH A P T E R 5-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 5 Administering the Switch This ch apter d escr ibes how to perfor m one- time ope rati ons to adm inister the Ca talyst 296 0 and 2960- S switches. Unless otherwise noted, the term switch refer s to a standa lone switch and to a switc h stack. Note Stac kin[...]

  • Pagina 114

    5-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date • Enter the sh o w ver sion pri vile ged EXE C command. Th e line that sh o ws the product ID also end s in either -L (if running the LA N base im age) or -S ( if runn ing the LAN Li te image ). F o[...]

  • Pagina 115

    5-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The system c lock keep s trac k of wh ether the t ime i s authoritative or not (th at is, whether it has been set by a time source con sidered to be au thoritati ve). If it is not authoritat i v[...]

  • Pagina 116

    5-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Figure 5-1 sho ws a typic al network examp le using NTP . Switch A is the NTP master , with Switch es B, C, and D configure d in NTP server mod e, in server asso ciatio n with Switch A. Switch E is co[...]

  • Pagina 117

    5-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring NTP The switc h does not have a hardware-sup ported clo ck and cann ot functi on as an NTP maste r clock to which p eers syn chronize themse lves when an e x terna l NTP sour ce is n[...]

  • Pagina 118

    5-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date T o disab le N TP auth en tica tio n, use th e no ntp authenticate global co nfigurati on comma nd. T o remove an auth enticatio n k ey , use the n o ntp a uthe ntic atio n-k ey number glob al co nfig[...]

  • Pagina 119

    5-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Beginning in privileged EXE C mode, foll ow these steps to form a n NTP associ ation wit h another device: Y ou need to co nfigure only one en d of an associ ation; t he other device can aut oma[...]

  • Pagina 120

    5-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date The switc h can send or re ceive NTP broadcast packets on an interface -by-inte rface basis if there is an NTP broa dcast ser v er , such as a router , broadcas ting time info rmatio n on the net wor [...]

  • Pagina 121

    5-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te T o di sable a n inte rface fr om rece iving NTP broadc ast pac kets, use the no ntp broadcast client interfa ce configurat ion c omma nd. T o c hange the estima ted roun d-trip dela y to t he d[...]

  • Pagina 122

    5-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date The ac cess group keywords are sc anned i n thi s ord er , from l east restric tiv e to most r estrictive: 1. peer —Allo ws time requests and NTP control queries and allo ws the swit ch to synchron[...]

  • Pagina 123

    5-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Disabling N TP Service s on a S pecifi c Interface NTP service s are enabled on all interfa ces b y def ault. Beg i n ni n g i n pr ivi l eg ed E X E C mo de , fo l l ow t h es e s te p s t o d[...]

  • Pagina 124

    5-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Displaying the NTP Config uration Y ou can use two privileged EXEC comm ands to display NTP info rmat ion: • show ntp associations [ detail ] • show ntp status Note For detailed infor mation abou[...]

  • Pagina 125

    5-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Displaying the Time and Dat e Configuration T o display the time and date conf iguration , use the show clock [ det ail ] p ri vile ged E XEC co mmand . The syst em cl ock keeps an authoritativ[...]

  • Pagina 126

    5-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Configuring Summer Time (Daylight Saving Ti me) Beginning in pr ivileged EXEC mode, fo llow these steps t o co nfigure summer time (dayligh t saving time) in areas wh ere it sta rts and ends on a par[...]

  • Pagina 127

    5-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Confi guring a S ystem Name an d Prompt Beginning in privileged EX EC mode, fol low these steps if summ er tim e in your area do es not foll ow a recurr ing patt ern (con figure the exac t date and tim e of the next summe r time event[...]

  • Pagina 128

    5-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Configur ing a System Nam e and Prom pt For complete syntax and usag e informat ion for the commands used in this se ction, from the Cisco .com page, sel ect Documentation > Cisco IOS Software > 12.2 Ma inl ine > Command Refer[...]

  • Pagina 129

    5-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Confi guring a S ystem Name an d Prompt T o keep track o f doma in na mes, I P has def ined the c oncept of a d omain name serv er , which h olds a cach e (or dat abase) of na mes map ped to IP a ddresses. T o map domain names to IP a[...]

  • Pagina 130

    5-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Creating a Banner If you u se t he switc h IP ad dress a s its hostnam e, the IP a ddress i s used and no DNS query oc curs. I f you configure a ho stname tha t contai ns no periods (. ), a period fol lowed by the default domain na me [...]

  • Pagina 131

    5-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Creat ing a Bann er Configurin g a Mess age-of-the -Day Log in Bann er Y o u can cr eate a sing le or mult iline message banner tha t appears on th e screen when someo ne logs in to the switch. Beginning in privileged EX EC mode, fol [...]

  • Pagina 132

    5-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le Configurin g a Login B anner Y ou can co nfigure a lo gin ba nner to be displ ayed on all c onnect ed ter minal s. This ba nner appear s after the M O TD bann er and befo re the logi n prompt . Beginni[...]

  • Pagina 133

    5-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e These sec tions co ntain this co nfiguration info rmat ion: • Building the Ad dress T able, page 5 -21 • MA C Addre ss es a nd V LANs , pa ge 5 -21 • MA C Addresses and Switch Stacks, pa ge 5-22[...]

  • Pagina 134

    5-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le MAC Addr esses an d Switch Sta cks The MA C address ta bles on all sta ck members are sy nchron ized. A t any gi ve n time, eac h stac k membe r has th e same cop y of the add ress t ables for ea ch V [...]

  • Pagina 135

    5-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e Removi ng Dynami c Addres s Entries T o re move all dyna mic en tries, use the clea r ma c a ddress- tab le dy nami c comm and in pr ivileged EXE C mode. Y ou can also remo v e a sp ecif ic M A C a dd[...]

  • Pagina 136

    5-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le T o disabl e MA C addr ess-ch ange n otif icati on tra ps, us e the no snmp-ser ve r enable tra ps mac-no tificati on cha nge globa l configurati on com mand. T o di sable t he MAC address-cha nge noti[...]

  • Pagina 137

    5-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e Configuring MAC Addre ss Move Notification Traps When you configure M A C-move notification, an SN MP no tification is ge nerated a nd sent to the ne twork manageme nt system w henever a MA C address [...]

  • Pagina 138

    5-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le Configuring MAC Thresh old Noti fication Traps When you con figure MA C thr eshold notification, an SNMP noti fication is genera ted and sent to the network m anagem ent syste m when a M A C addre ss t[...]

  • Pagina 139

    5-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e T o disable MA C address-threshold n otific ation trap s, use the no snmp -server ena ble traps mac-notif ication thr eshold global configuration co mmand . T o disable th e MA C address- threshol d n[...]

  • Pagina 140

    5-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le T o remove st atic en tri es fr om t he addr ess ta ble, u se the no mac addre ss-table static m ac-add r vlan vlan-i d [ interface interface-id ] global configura tion co mman d. This exa mple s ho ws[...]

  • Pagina 141

    5-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e Beginning i n privileged EX EC mo de, follo w thes e steps to co nfi gure the switch to dr op a source o r destination unicast stati c address: T o disable unica st MA C addr ess f iltering, use the n[...]

  • Pagina 142

    5-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le • If you disab le MAC address l earni ng o n a VL AN c onfigured a s a private-VLAN prima ry V LAN, MA C addresses are still lear ned on the second ary VLAN tha t belongs to the p ri va te VLAN and a[...]

  • Pagina 143

    5-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managi ng the ARP Table Managing the ARP Ta ble T o commu nicate with a device (over Ethern et, for exam ple ), the softwa re first must lea rn the 48-b it MAC address o r the l ocal dat a lin k address o f that device. The pr ocess o[...]

  • Pagina 144

    5-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the ARP Table[...]

  • Pagina 145

    CH A P T E R 6-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 6 Clustering Switches This ch apter pr ov ides the co ncepts an d proce dures t o create an d mana ge Cat alyst 2960 and 2960 -S swit ch cl u ster s. Un les s ot her wis e no ted, th e ter m switch ref ers to a stan dalone swit ch and t o a switch stack. Not[...]

  • Pagina 146

    6-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Underst anding Swit ch Clusters Understandin g Switch Clust ers A switc h cluster i s a set of up to 1 6 connected, clus ter -capable Cataly st switches th at are manage d as a single en tity . The switch es in the c luster use the sw itch c[...]

  • Pagina 147

    6-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Underst anding Sw itch Cl usters Cluster Command Switc h Characteristics A cluster co mmand switch must me et these req uirements : • It is running Cisco IOS Release 12.2(25)FX or later for a Catalyst 2960 switch, or Cisco IOS Release 12[...]

  • Pagina 148

    6-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Underst anding Swit ch Clusters Note Standby cluster comma nd switches must be the same type of switches as the cluster command switc h. For example , if the cluster comman d switch is a Catalyst 2960 switch, the standby cluster command swit[...]

  • Pagina 149

    6-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Planning a Switch Cl uster Anticipatin g conflicts and compatib ility issues is a high priority when you manage se veral switches through a cl uster . This sect ion descr ibes t hese gu ideli nes, r equire ment[...]

  • Pagina 150

    6-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Discovery Through CDP Hops By usin g CDP , a cluster comman d switch ca n disco ver switch es up to se v en CDP hops aw ay (the de fa ult is three hop s) from the edge of the c luster . The e dge of the clu ster is[...]

  • Pagina 151

    6-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Discovery Through Non-CDP-Capabl e and Noncluster-Capable Devices If a cluster comman d switch is connec ted to a non-CDP- capab le third-party hub ( such as a non -Cisco hub), it can di scov er cluste r- enabl[...]

  • Pagina 152

    6-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Figur e 6-3 Discov ery Thr oug h Diff er ent VLANs Discovery Through Different M anagement VLANs Catalyst 297 0, Catalyst 355 0, Catalyst 3560, or Cata lyst 3750 clu ster comma nd switches ca n discover and mana ge[...]

  • Pagina 153

    6-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Figur e 6-4 Discov ery Thr oug h Diff er ent Manag ement VLANs with a La yer 3 Clust er Comma nd Sw i t ch Discovery of Newly Installed Switches T o jo in a cluster, the ne w , out-of-t he-box sw itch must be c[...]

  • Pagina 154

    6-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Figur e 6-5 Discov ery of N ewly Insta lled S witc hes HSRP and S tandby Cluster Command Switches The switc h uses Hot Stan dby Router Proto col (HSRP) so that you can configur e a group of standby cluste r comm a[...]

  • Pagina 155

    6-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Virtual IP Addresses Y ou need to as sign a unique vir tual I P addre ss and gr oup numbe r and nam e to the cluster stand by group. This info rmatio n must b e conf igur ed on a speci f ic VLAN or ro uted por[...]

  • Pagina 156

    6-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Catalyst 190 0, Catalyst 282 0, Catalyst 290 0 XL, Catalyst 2950, and Ca talyst 3500 XL clust er member switches mu st be conne cted to the cl uster stan dby group thro ugh their ma nageme nt VLANs. F or more info[...]

  • Pagina 157

    6-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er When the pre viously a cti ve cluster command swi tch resu mes its ac tiv e r ole, it recei ves a cop y of th e latest cl uster c onfigurat ion from the ac tive cluste r com mand swit ch, in cludi ng membe rs [...]

  • Pagina 158

    6-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster If yo u chan ge the member - switch passw ord to be d if feren t from the co mmand- switch pas swor d and sa v e the chang e, the switch is not manageab le by the clu ster command switch until you change the membe[...]

  • Pagina 159

    6-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Recall that sta ck members w ork together to beha v e as a unif ied system (as a single switch stack) in the network a nd ar e prese nted to the ne twork as such by Layer 2 an d Layer 3 pr otocol s. Th erefor [...]

  • Pagina 160

    6-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Using the CLI to Ma nage Swit ch Clusters TACACS+ an d RADIUS If T erminal Access Co ntroller Acc ess Control System Plus (T A CA CS+) is co nfig ured on a c luster member, it must be configured on all clus ter memb ers. Sim ilarly , if RAD[...]

  • Pagina 161

    6-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Using S NMP to Ma nage Swit ch Cl usters Command-switch pri vileg e le ve ls map t o the Catalyst 1900 and Cata lyst 2820 cluster member switc hes running standa rd and Ent erprise E dition Software as fol lows: • If the command -switch[...]

  • Pagina 162

    6-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Using SNMP to Ma nage Sw itch Clusters Figur e 6-7 SNMP Manag ement f or a Clust er Tr a p Tr a p Tr a p Command s witch T rap 1, T rap 2, T rap 3 Member 1 Member 2 Member 3 33020 SNMP Manager[...]

  • Pagina 163

    CH A P T E R 7-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 7 Managing Switch Stacks This ch apter p rovid es the c oncep ts and pr ocedu res to ma nage Catal yst 296 0-S s tack s, also r eferre d to as Cisco FlexSt acks. Se e the c omma nd refe rence for comman d s yntax and us age in format ion. Note Stac king is s[...]

  • Pagina 164

    7-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Ev ery member is uniquely identif ied b y its o wn stac k member numbe r . All members ar e eligib le masters. I f the master becomes una vailable, t he remaining m embers elect a ne w master from among th emselves.[...]

  • Pagina 165

    7-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks – Stack Mana gement Connectivity , pa ge 7-14 – Sta ck Co nf ig urati on Sc enar ios, page 7- 15 • This c oncept o n stac k topol ogy cha nges: – Data Rec overy After Stack T opology Cha nges, p age 7-1 6 St[...]

  • Pagina 166

    7-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Figur e 7 -1 Cr eating a S witch Stac k fr om T w o Standalon e S witche s Figur e 7 -2 A dding a S tandalone S witc h t o a Swit ch Stac k For informatio n about c abling an d po werin g switch stac ks, see t he ?[...]

  • Pagina 167

    7-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Master Election The st ack master is el ected based on o ne of t hese factor s in t he orde r liste d: 1. The swi tch that is currently the sta ck master . 2. The swi tch with th e highes t stack m ember pr iorit y [...]

  • Pagina 168

    7-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Stack MA C Address The MA C addr ess of the ma ster deter mines the st ack MA C addres s. When the stack initia lizes, the MA C address of the master determines the bridg e ID that identifies the stack in th e netwo[...]

  • Pagina 169

    7-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Member Prio rity Values A high priority v alue for a member increases the chance th at it will be elected mast er and keep its member num ber . The priority v al ue can be 1 to 15. The def ault priority val ue is 1.[...]

  • Pagina 170

    7-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks If you add a pro visioned switch that is a dif f erent type tha n specif ied in the pro visione d config uration to a po wered-do wn s witch s tack and t hen apply po wer , the swit ch stack rejects the (n o w incor[...]

  • Pagina 171

    7-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Note If the switch stack does not contain a pro visioned conf iguration for a ne w switch, the switch join s the stack wi th the d efault interface c onfigurati on. The switch st ack the n add s to its r unnin g con[...]

  • Pagina 172

    7-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Minor Version Number Inco mpatibility Among Switches Switches with the same major ver sion number b ut with a dif ferent minor versio n number as the master are co nsider ed par tially compatib le. Wh en conn ected[...]

  • Pagina 173

    7-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks • Automati c advise (au to-advise )—when t he auto-upg rade proc ess cannot find appropr iate version-mism atch me mber soft ware to copy to the switc h in version-mism atch mo de, the auto-a dvise pro cess tel[...]

  • Pagina 174

    7-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Old image for switch 1:flash1: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Old image will be deleted after download. *[...]

  • Pagina 175

    7-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Incompatible S oftware and Member Image Up grades Y ou can upgra de a switch that has an inc ompat ible software imag e by using the a rchive copy- sw privileged EXEC comm and to copy the software image fr om an ex[...]

  • Pagina 176

    7-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks • “Sp anning Tree and Switch Stack s” section on page 16-12 • “MSTP a nd Swi tch Stacks” se ction o n page 17 -9 • “DHCP Snoo ping and Switc h Stacks” section on pag e 20-8 • “IGMP Snoo ping a[...]

  • Pagina 177

    7-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Stack Th rough Console Ports Y ou can conne ct to the ma ster thr ough th e console port of on e or more mem bers. Be careful when u sing multiple CLI sessions to the master . Commands that you en ter in one sessio[...]

  • Pagina 178

    7-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Conf ig uri ng t he Sw it ch St ack Data Recov ery After Stack T opology C hange s When you add or re move a stack member, the stack topol ogy chan ges. Cisco IOS recovers the data flow . Configuring the Switch Stack • Default Switc h [...]

  • Pagina 179

    7-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Configuring the Switch Stack Default Switch Stack Configuration Ta b l e 7 - 3 shows the d efault sw itch st ack c onfiguration . Enabling P ersistent MA C Address The MAC address of the ma ster de termin es the stack M A C address. Whe[...]

  • Pagina 180

    7-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Conf ig uri ng t he Sw it ch St ack Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to enab le persistent MA C address. This procedur e is optional. Use the no stack-mac persistent timer global configura tion com mand to disab[...]

  • Pagina 181

    7-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Configuring the Switch Stack This exam ple shows how to configur e the persist ent MAC address feature for a 7-m inute t ime d elay and to v erify t he conf iguratio n: Switch(config)# stack-mac persistent timer 7 WARNING: The stack con[...]

  • Pagina 182

    7-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Conf ig uri ng t he Sw it ch St ack Setting the Member Prio rity Value Note This task is av ailable o nly from the master . Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to assign a priori ty v alue to a member: This procedu[...]

  • Pagina 183

    7-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Accessing the CLI of a Specific Member T o remo v e pro vision ed inf ormation and to a v oid r ecei ving an er ror me ssag e, remo ve the s pecif ied switch from t he stack befo re you use the no f orm o f th is c omma nd. This examp l[...]

  • Pagina 184

    7-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Displaying Stack Inform ation Displaying Stack Information T o display sa ved conf igura tion chan ges aft er reset ting a specif i c member or the st ack, use the se pri v ile ged EXE C command s: Troubleshooting Stacks • Manuall y Di[...]

  • Pagina 185

    7-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Troubl eshoo ting Stacks When y ou enter the switch stack-member-num ber stack port po rt-number disable pr ivileged EXEC comm and a nd • The stac k is in the ful l-ring sta te, you can di sable onl y one stac k port. This message app[...]

  • Pagina 186

    7-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Troub leshooting Stac ks T able 7 -5 sho w switc h stac k-ports summary Command O utput Field Description Switch#/ Port# Member nu mber and its stack por t numb er . Stack Port Status • Absent—No cable i s de tected on the st ack por[...]

  • Pagina 187

    CH A P T E R 8-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 8 Configuring SDM Templates The C atalyst 2960 and 29 60-S switc h comma nd refe rence h as comma nd synta x and usa ge info rmation. Unless otherwise note d, the term switch refers to a stan dalone switch and a swi tch stack. Note Con figuring an SDM templ [...]

  • Pagina 188

    8-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 8 Configuring SDM T emplates Underst anding th e SDM Templ ates • LAN base r outing —The lanba se-ro uting tem plate suppor ts IPv4 u nicast rou tes for c onfiguring sta tic routing SVIs Note The lanba se-rou ting t empl ate is s upport ed onl y on switche s [...]

  • Pagina 189

    8-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 8 Conf iguring SDM Te mplates Config uring t he Swit ch SDM Te mplat e Y ou can use the show switch privileged EXEC co mmand to se e if any stack me mb ers are in SDM mismatc h mode . This exa mple shows the o utput f rom the show switch privileged EXEC com mand [...]

  • Pagina 190

    8-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 8 Configuring SDM T emplates Conf ig uri ng t he Sw it ch SD M Tem pla te • If you try to co nfigure IPv6 features w ithout first select ing a dual IPv 4 and IP v6 templa te, a warning message a ppears. Note The dual template is not suppo rted on switche s runn[...]

  • Pagina 191

    8-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 8 Conf iguring SDM Te mplates .Displaying the SDM T emplates . Displaying the SDM Template s Use the show sdm pr efer pri vile ged EXE C comma nd with no parameter s to di splay the a cti v e template. Use the show sd m prefer [ default | dual-ipv4-and-ipv6 defau[...]

  • Pagina 192

    8-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 8 Configuring SDM T emplates .Display ing the SDM Template s[...]

  • Pagina 193

    CH A P T E R 9-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 9 Configuring Switch-Based Authentication This c hapter d escrib es how to configu re switch -based auth enticati on on t he Cat alyst 2960 and 2960-S switches. Unless otherwise noted, the term switch refer s to a standa lone switch and to a switc h stack. N[...]

  • Pagina 194

    9-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds • For an add itional l ayer of securi ty , yo u can al so co nfigure user name a nd password p airs, w hich a re locally stored on the switch. Thes e pair s are assign ed[...]

  • Pagina 195

    9-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Setting o r Changin g a Static Enab le Pa ssword The en able password control s access to the privileged EXEC mode. Beginning in privileged EXE C mode, follo w th es[...]

  • Pagina 196

    9-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Be ginnin g in pri vile ged EXE C mode, fo llo w these st eps to conf igure encryp tion for enab le and enab le secr et pas swords : If bo th the e nable and enable secre t[...]

  • Pagina 197

    9-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s This exampl e shows ho w to configure th e encr ypted pa ssword $1$F aD 0$Xyti5R kls3L oyxzS8 for pri vile ge le v el 2: Switch(config)# enable secret level 2 5 $1$F[...]

  • Pagina 198

    9-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Setting a Telnet P assword fo r a Terminal L ine When you power-up your switch for the first ti me, a n au tomat ic setup prog ram runs to as sign IP inform ation and t o c[...]

  • Pagina 199

    9-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Configuring Us ername and P assword Pairs Y ou can configure use rnam e and password pairs, which a re locally stored on the switch. These pa irs are assign ed to li[...]

  • Pagina 200

    9-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Configuring Multiple Privil ege Levels By default, the Cisco IO S software has two modes of passwor d security: use r EXEC and pr i vileged EXEC. Y ou ca n configure up t o[...]

  • Pagina 201

    9-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s When y ou set a comman d to a p ri vile ge le ve l, all co mmand s whose synta x is a s ubset of that command are al so set to that le vel. For e xample, if you set [...]

  • Pagina 202

    9-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Logging into and Exiting a Privilege Level Beginn ing in pri vile ged EXEC mode , follo w these st eps to log in to a s pec i f ie d pr i vil eg e le ve l a nd t o e xi t to a sp[...]

  • Pagina 203

    9-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ The goal of T A CA CS+ is to pro vide a method for managing mu ltiple networ k access points fro m a single manageme nt ser vice. Y our swit ch can b e a network a ccess se rver [...]

  • Pagina 204

    9-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ The T ACA C S+ prot ocol pr ovides auth entica tion bet ween th e switc h and th e T ACA CS+ daemon, and it ensures conf identi ality because all protocol exch anges between the [...]

  • Pagina 205

    9-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Configuring TACACS+ This se ction describe s how to configur e your switch to su pport T A CA C S+. At a m inimu m, you must identify th e host or hosts maintainin g the T A CA C[...]

  • Pagina 206

    9-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Beginn ing in pr i vilege d EXEC m ode, follo w these steps to identify the IP h ost or h ost mainta ining T A CA CS+ server and optiona lly set the encr yption key: T o remov e [...]

  • Pagina 207

    9-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ authe nticate users; if that m ethod fails to resp ond, the software selects the next a uthenti cation m ethod in the method list. This process contin ues until there is successf[...]

  • Pagina 208

    9-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ T o disa ble A AA, use the no aaa new-model global configurat ion comma nd. T o di sable AAA authenti cation, use th e no aaa auth entica tion log in { default | list-name } meth[...]

  • Pagina 209

    9-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to specif y T A CA CS+ authorization for pri v ile ged EXE C access and networ k servi ces: T o di sable authori zati o[...]

  • Pagina 210

    9-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if the AAA Server is Unreachable Note T o conf igure this comman d, the switch must be running th e LAN Base imag e. The aaa acc ounting syst [...]

  • Pagina 211

    9-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Use RADIUS in these networ k en vironments that require access security: • Netw orks with multiple-v endo r acces s serv ers, eac h suppo rting RAD IUS. F or ex ample, ac cess s[...]

  • Pagina 212

    9-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS RADIUS Operation When a user attem pts to log in and auth enticate to a switch that is a ccess controlled by a RADIU S serve r , these e vents o ccur: 1. The use r i s prom pted t[...]

  • Pagina 213

    9-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS • Session terminat ion with port shutdo wn • Session te rmina tion wit h por t bounce This feat ure is integrat ed with the Cisco Secure A ccess Contr ol Server (ACS) 5.1. For[...]

  • Pagina 214

    9-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Precondit ions T o use the CoA inter face, a session must alre ady e xist on the switch. Co A can be used to ide ntify a sessi on a nd enfo rce a di sconnec t req uest. The u pdat[...]

  • Pagina 215

    9-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS For disc onnect an d CoA re quest s targ eted to a p articul ar ses sion, any one of these sessi on identi f iers can be us ed: • Calling-Stat ion-ID (IE TF attrib u te 31, whic[...]

  • Pagina 216

    9-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Beginning w ith Cisc o IOS Relea se 12.2( 52)SE, the swi tch su pports th e co mman ds shown in T abl e 9-4 . Session Reau thentication The AAA server typically genera tes a sessi[...]

  • Pagina 217

    9-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Session Terminat ion There are three type s of CoA requests that can trigger session termina tion. A CoA Disconnect-Request terminate s the session, without disab ling the host po[...]

  • Pagina 218

    9-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Because th is comma nd is session-ori ented , it must be acc ompan ied by one or more of the sessi on identif ication attribut es described in the “Se ssi on Id entif ication ?[...]

  • Pagina 219

    9-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring RADIUS This se ction describe s how to c onfigure your switch to su pport R ADIUS. At a mini mum, y ou mus t identify the host or hosts that run the RADIUS ser v er so[...]

  • Pagina 220

    9-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Y o u identify RADIUS sec urity serv ers by the ir hostname or IP address, h ostname and specif ic UDP port numbers, or their I P addre ss and specific UDP port num bers. The comb[...]

  • Pagina 221

    9-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning i n privileged E XEC mo de, follow these steps to con figure p er-server RADI US ser ver comm unicatio n. This pr oced ure is requi red. T o remov e the specif ied RADIU[...]

  • Pagina 222

    9-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS This example shows ho w to configure host1 as t he RADIU S server and to use the default port s for bo th authenti cation and accoun ting: Switch(config)# radius-server host host1[...]

  • Pagina 223

    9-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Step 3 a aa au thenticati on logi n { default | list-name } method1 [ m ethod2. .. ] Create a login authen tication method list. • T o create a defa ult lis t that is us ed when[...]

  • Pagina 224

    9-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o disa ble A AA, use the no aaa new-model global configurat ion comma nd. T o di sable AAA authenti cation, use th e no aaa auth entica tion log in { default | list-name } metho[...]

  • Pagina 225

    9-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Be ginning in pri vile ged EXEC mode, follo w these steps to def ine the AAA ser ver group and associate a particula r RADIUS serv er with it: Command Purpose Step 1 configur e te[...]

  • Pagina 226

    9-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o remov e the specif ied RADIUS serve r , u se the no radius-ser ver host hostname | ip-add r ess global configurat ion comm and. T o remove a server gro up from the c onfigurat[...]

  • Pagina 227

    9-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginn ing in pri vil eged E XEC mode, follo w these ste ps to specif y RADIUS aut horizatio n for pri vile ged EXEC a ccess and n etwork ser vices: T o di sable authori zati on, [...]

  • Pagina 228

    9-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if the AAA Server is Unreachable Note T o conf igure this comman d, the switch must be running th e LAN Base imag e. The aaa acc ounting syst [...]

  • Pagina 229

    9-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS attributes no t suit able for g eneral use. The Ci sco RAD IUS impl ementa tion su pports on e vendor-speci fic option by using the format rec ommende d in the spec ification. Cis[...]

  • Pagina 230

    9-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Note For a comp lete list of RADIU S attri butes or mor e inform ation a bout vendor-speci fic attribute 26, se e the “RADIUS Attrib u tes” appendix in the Cisco IOS Security [...]

  • Pagina 231

    9-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o d elete the vendor-propriet ary RA DIUS ho st, use t he no radius-serv er host { hostn ame | ip -ad dress } non-standard global con figuration c omma nd. T o disabl e the key [...]

  • Pagina 232

    9-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Configur ing the Switc h for Lo cal Authe ntication a nd Authori zation T o disable AAA, use the no aaa new-model global co nfiguration com mand. T o disa ble the AA A server functiona lity on the swit ch, use t he no aa[...]

  • Pagina 233

    9-41 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o disa ble A AA, use the no aaa new-model global configurat ion c omma nd. T o disa ble a uthor ization, use the no aaa autho rization { network | exec } method1 globa l confi[...]

  • Pagina 234

    9-42 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Sh ell For SSH configuration examples, se e the “SSH Configura tion Ex amples ” secti on in the “C onfiguring Secure Shell” c hapter of the Cisco IOS Security Con figura[...]

  • Pagina 235

    9-43 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Limitations These lim itations ap ply to SSH: • The switc h supports Rivest, Shamir, and Adelman (R SA) authe nticat ion. • SSH supports only the ex ecution- shell applicati[...]

  • Pagina 236

    9-44 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Sh ell 3. Generate an RSA k ey pair fo r the switch , which automatical ly enab les SSH. F o llo w this procedure only if you are conf iguring the switch as an SSH serv er . 4. [...]

  • Pagina 237

    9-45 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o return to the def ault SSH c ontrol par ameters, u se the no ip ssh { timeout | auth enticati on-r etrie s } global configurat ion comm and. Displaying th e SSH Co nfigurati[...]

  • Pagina 238

    9-46 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Sw itch for Sec ure Sock et L aye r HT TP For more infor mation ab out these com mands, see th e “ Secure She ll Commands ” se ction in the “Other Securit y Features ” chapte r of the Cisc o I[...]

  • Pagina 239

    9-47 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP For secure HTT P conne ctions, we highly rec ommen d that you configure a CA trustpo int. If a CA trustpoint is not confi gured for the de vic e running the HTTPS se[...]

  • Pagina 240

    9-48 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Sw itch for Sec ure Sock et L aye r HT TP For additional informa tion on Certific ate Authoriti es, see the “Conf iguring Certif icatio n Authority Inte rope rabil ity ” chap ter in the Ci sco IO [...]

  • Pagina 241

    9-49 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP No CA trus tpoints a re configured. No self-si gned certi ficates are gene rated. SSL Configuration Guid elines When SSL is used in a switch cluster , the SSL sessio[...]

  • Pagina 242

    9-50 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Sw itch for Sec ure Sock et L aye r HT TP Use the no crypto ca tr ustpo int nam e global conf iguration command to delete all id entity information and ce rtifica tes as soci at ed wit h the C A. Conf[...]

  • Pagina 243

    9-51 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Use th e no ip http server global configu ration c ommand to disabl e the standa rd HTT P server . Use the no ip http secur e-serv er global co nfigurati on co mmand[...]

  • Pagina 244

    9-52 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Co py P rot oco l Use the no ip http client secur e-trustpo int nam e to remov e a client tru stpoint conf igurati on. Use the no ip http client sec ur e-ciphersuite to remov e [...]

  • Pagina 245

    9-53 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Config uring t he Swit ch fo r Secu re Copy Proto col Information Abo ut Secure Copy T o con figure the Sec ure Copy featu re, you sho uld under stand the se conce pts. The b ehavior of SCP is si milar to tha t of rem[...]

  • Pagina 246

    9-54 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Co py P rot oco l[...]

  • Pagina 247

    CH A P T E R 10-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 10 Configuring IEEE 802.1x Port-Based Auth entic ation IEEE 8 02.1x port-ba sed auth entic ation p revents unau thoriz ed d e vice s (cli ents) from gainin g acce ss to the netw ork. Unless otherwi se noted, the term switc h re fers t o a stan dalon e swit [...]

  • Pagina 248

    10-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • 802.1x Multip le Authentica tion Mode, page 10- 15 • MA C Move, page 10-16 • MA C Replace, pa ge 10-16 • 802.1 x Acco unting , page 10-17 [...]

  • Pagina 249

    10-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Device Roles Device roles with 80 2.1x port-base d authe nticat ion: Figu re 1 0- 1 802. 1x D evice Ro les • Client —the device (workst ation) [...]

  • Pagina 250

    10-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Authentic ation Pro cess When 802 .1x p ort- based a uthent icati on is e nable d and t he cl ient sup port s 802.1 x-compl iant c lient soft ware, [...]

  • Pagina 251

    10-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Figure 10- 2 sho ws the authentication pro cess. Figu re 1 0- 2 A uthent ic atio n Fl ow chart The swi tch re-aut hentica tes a client when one of [...]

  • Pagina 252

    10-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The T ermination- Action RADIUS att rib ute (Att rib ute [29] ) specif ies the action to tak e during re-authe ntic ation. T he ac tions are Initial[...]

  • Pagina 253

    10-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Figur e 1 0-3 Messag e Exc hang e If 802. 1x au thentic atio n times out while wai ting for an EAPOL message exchange and M A C authenti cation b y[...]

  • Pagina 254

    10-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Authentic ation M anager In C isc o I OS Re l ea s e 1 2. 2 (4 6 )S E an d ea r li er, y ou could not use the same authori zation methods, i ncludin[...]

  • Pagina 255

    10-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Per-User ACLs and Filter-Ids In rel eases e arlier t han Cisco IO S Rele ase 1 2.2(50 )SE, p er-user ACLs and filter Ids were only su pport ed in s[...]

  • Pagina 256

    10-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Authentication M anager CL I Commands The authenti cation- manager interf ace-conf iguration commands cont rol all the authen tication methods, suc[...]

  • Pagina 257

    10-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Beginnin g with Cisco IOS Release 12.2(55)SE, you can f ilter out ver bose system messages generated by th e authentica tion manager . The fi lter[...]

  • Pagina 258

    10-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • auto —en ables 802.1x authe nticati on and causes the port t o begin in the unauth orized state, allowing only E APOL f rames t o be se nt an[...]

  • Pagina 259

    10-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion 802.1x Ho st Mode Y ou can configure an 802.1x por t for singl e-hos t or for multi ple-ho sts mode. In single- host mode (se e Figure 10- 1 on pa[...]

  • Pagina 260

    10-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • V oic e VLA N assignm ent on an MDA-enable d port is sup ported i n Cisco IOS Re lease 12 .2(40) SE and la ter . Note If you use a dynamic VLAN[...]

  • Pagina 261

    10-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion 802.1x Multiple Au thentication Mode Multipl e-authentica tion (multiaut h) mode allo ws multip le authentic ated clien ts on the data VLAN. Each [...]

  • Pagina 262

    10-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation MAC Move When a MA C address is authenticated on one switch port, that add ress is not allowe d on another authen ticati on manager -enabled port o[...]

  • Pagina 263

    10-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion • The authenti cation manager r eplaces the MA C address of the current data host on the port with the new MA C addr ess. • The authen ticatio[...]

  • Pagina 264

    10-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Y ou can view the A V pai rs that ar e being sen t by the switch by entering the debug radius accounting pri v ile ged EXE C command. F or mo re in[...]

  • Pagina 265

    10-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion 802.1x Authentication with VLA N Ass ignme nt The RADIUS s erv er sends the VLAN assi gnment to conf igur e the switch po rt. The R ADIUS serv er [...]

  • Pagina 266

    10-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation T o con figure VLAN assi gnmen t you need to perfor m these t asks: • Enable AAA authoriza tion by u sing the net work ke yword to allow interfac[...]

  • Pagina 267

    10-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion outbound A CL by def ault. Because of li mited suppor t of Cisco IOS ac cess lists on the swit ch, the Filter-Id at tribute is supp orted o nly fo[...]

  • Pagina 268

    10-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The auth- defa ult A CL is crea ted when at leas t one host with an authoriz ation polic y is det ected o n the port. Th e auth-def ault A CL is re[...]

  • Pagina 269

    10-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Cisco Secure ACS and Attribu te-Value Pairs for the Redirect URL The swi tch u ses th ese cis co- av-p air VSAs : • url-redi rect is the HTT P t[...]

  • Pagina 270

    10-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Note Th is feature is no t supported on Cisco A CS Server . (The A CS server ignore s the sent VLAN-I Ds for new hosts and only a uthenti cates bas[...]

  • Pagina 271

    10-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion server a RADIUS -acce ss/request frame with a use rnam e and password based on the MAC address. If authori zation succee ds, the switch grants the[...]

  • Pagina 272

    10-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation 802.1x Authentication with Inac cess ible Authentic ation Bypass Use the inaccess ible authe nticati on by pass fea ture, also refer red to as cri [...]

  • Pagina 273

    10-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Feature Interactions Inaccessible au thenticatio n bypass interac ts with these features: • Guest VLAN—Inacce ssib le auth enticatio n b ypass[...]

  • Pagina 274

    10-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The IP p hone us es the VV ID for it s vo ice tra ff ic, rega rdless o f the au thorizatio n state of the p ort. This allo ws t he phone to work in[...]

  • Pagina 275

    10-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion • When you man ually r emove an 802. 1x c lient ad dress f rom th e por t secu rity table by us ing th e no switchp ort port-sec urity mac-a ddr[...]

  • Pagina 276

    10-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation 802.1x Authentication with MAC Authentic ation By pass Y ou can conf igure the switc h to auth orize cl ients based on the cl ient MA C address (se[...]

  • Pagina 277

    10-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Cisco IOS Release 12.2(55)SE an d later supports f iltering of verbose MAB system messages. See the “ A uthenti cation Mana ger CLI Com mands”[...]

  • Pagina 278

    10-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Network Admission Control Lay er 2 802.1x Va lidation Note T o us e Netwo rk Admi ssion Co ntrol, the switch must be runn ing th e LAN base imag e.[...]

  • Pagina 279

    10-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Open1x Authentication Open1x a uthent icati on allows a device acce ss to a port befor e that device is authent icate d. When open authe nticat io[...]

  • Pagina 280

    10-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Use the dot1x supplicant for c e-multicast glob al con figuration comm and o n th e supp licant switch for Network Edg e Access T opology (NE A T) [...]

  • Pagina 281

    10-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Using IEEE 802.1x Au thentication with AC Ls and the RAD IUS Filter-Id Attribute Note T o u se IE EE 80 2.1x au then tica tion w ith ACLs and the [...]

  • Pagina 282

    10-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion 1w0d: %MAB-5-SUCCESS: Authentication successful for client (0000.0000.0203) on Interface Fa4/0/4 AuditSessionID 160000050000000B288508E5 1w0d: %AUTHMGR-7-RESULT: Authe[...]

  • Pagina 283

    10-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Default 802.1x Authen tication Configuration T ab le 10-4 sh ows the defaul t 802. 1x au thentica tion configurati on. T a ble 1 0-4 Def ault 802. 1x A uthentication C[...]

  • Pagina 284

    10-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion 802.1x Authentication Co nfigura tion Gu idelines These sec tion has configu ration gui delines fo r these featur es: • 802.1 x Auth enticat ion, page 10 -38 • VLA[...]

  • Pagina 285

    10-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion – EtherC hann el port—Do not conf igure a por t that is an ac ti v e or a not-y et-act i ve me mber of an Ether Channel as an 802.1 x port. If you try to enab le 8[...]

  • Pagina 286

    10-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion MAC Authentication Bypass • Unless ot herwise state d, the MA C authenticati on byp ass guid elines are th e same as the 802 .1x authenti cation gu idelines. F o r m[...]

  • Pagina 287

    10-41 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginn ing in p ri vilege d EXEC mode, follo w these step s to enab le the 80 2.1x read iness check on the switch: This e xamp le sho ws ho w to enable a readi ness ch[...]

  • Pagina 288

    10-42 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion • If you use the errdisable reco ve ry cause securit y-viola tion global configu ration com mand to configure e rror-disa ble d recovery , the p ort i s auto mati ca[...]

  • Pagina 289

    10-43 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring 802.1x Violation Mo des Note T o conf igure viola tion modes, the switch must be running the LAN base image. Y ou can configure an 802.1 x port so tha t it[...]

  • Pagina 290

    10-44 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802.1x Authentication T o configu re 802.1x port -based authe nticati on, you must enable au thentica tion, author ization, and account ing (AAA) a nd spec[...]

  • Pagina 291

    10-45 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring the Sw itch-to-RADIUS-Serv er Communication RADIUS se curity servers are identi fied by their ho stname or IP ad dress, hostname and specific UDP por t num[...]

  • Pagina 292

    10-46 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o clear the specif ied RADIUS serv er , use the no radius-serv er host { hostname | ip -ad dress } gl obal configurati on c ommand. This exam ple sh ows how to speci[...]

  • Pagina 293

    10-47 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o di sable m ultiple ho sts on the port, use the no au then tica tion ho st-m ode or the no dot1x host-mode multi-host interface con figurati on comm and. This e xam[...]

  • Pagina 294

    10-48 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring Periodic Re-Authentication Y ou can enab le peri odic 802. 1x client re-authe nticat ion and sp ecify how often it occ urs. If you do not specify a tim e p[...]

  • Pagina 295

    10-49 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Thi s exa mple s ho ws h ow to ena ble pe riod ic re-a ut hent icat ion and s et the nu mbe r of se conds betwee n re-authe ntic ation atte mpts to 400 0: Switch(confi[...]

  • Pagina 296

    10-50 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Changing the Sw itch-to-Clie nt Retran smission Time The client respon ds to the EAP-request/id entity frame fr om the switch with an EAP-r esponse/identi ty frame. If[...]

  • Pagina 297

    10-51 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginnin g in priv ilege d EXEC mode, follo w these steps to set the switch-to-cl ient frame-re transmission number . This proc edure is opt ional. T o return to the d[...]

  • Pagina 298

    10-52 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o re turn to the de fault re-au thenti cation num ber, use the no dot1x max-reauth-req interf ace configurati on c ommand. This e xample shows ho w to se t 4 as t he[...]

  • Pagina 299

    10-53 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This exampl e sh ows how to enabl e MAC rep lace on a n in terfa ce: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# authentication violation replace[...]

  • Pagina 300

    10-54 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Use t he show radius statis tics privileged EXEC c omman d to dis play the numbe r of RAD IUS messa ges that do not recei ve the accoun ting res ponse me ssage. This e[...]

  • Pagina 301

    10-55 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o disab le and rem ov e the guest VLAN, use the no dot1x gue st-vlan interf ace conf iguration com mand. The port returns to the unau thorized state. This example sh[...]

  • Pagina 302

    10-56 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o disabl e and remo v e the re strict ed VLAN, us e the no dot1x auth-fail vlan interface co nfigurati on comm and. Th e port retu rns to the unautho rized st ate. T[...]

  • Pagina 303

    10-57 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This exam pl e sh ows how to set 2 as the number of authen tication atte mpts allo wed befo re the port mo ves to the r estricted VLAN: Switch(config-if)# dot1x auth-f[...]

  • Pagina 304

    10-58 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Step 4 radius-server host ip-address [acct- por t udp-port ] [ auth -por t udp-port ] [ test usern ame name [ idle-time time ] [ ignore-a cct- port ] [ ignore-auth-por[...]

  • Pagina 305

    10-59 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o return to the RADIUS serv er def ault setting s, use th e no radius-ser v er dead- criteria , the no radius-serv er deadt ime , and the no radius-server host globa[...]

  • Pagina 306

    10-60 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802.1x Au thentication with WoL Beginn ing in pri vileged EXEC mod e, follo w these steps to enab le 802.1x auth entication with W oL. This procedur e is o[...]

  • Pagina 307

    10-61 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring MAC Au thentication Bypass Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable MA C authentication by pass. This procedur e is optional. T [...]

  • Pagina 308

    10-62 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802.1x User Distribution Beginning in global configurat ion, f ollow these st eps to configure a VLAN group and to map a VL AN to it: This example shows ho[...]

  • Pagina 309

    10-63 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring NAC Layer 2 802.1x Validation Y ou can configure N A C Layer 2 802.1x v alida tion, w hich is al so referr ed to as 802.1x au then ticatio n with a RADIUS [...]

  • Pagina 310

    10-64 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring a n Authen ticator an d a Supplicant Switch with NEAT Configuring this feat ure requ ires that one swi tch outsi de a wir ing clo set is configur ed as a s[...]

  • Pagina 311

    10-65 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This example shows how to config ure a sw itch as a sup plica nt: Switch# configure terminal Switch(config)# cisp enable Switch(config)# dot1x credentials test Switch([...]

  • Pagina 312

    10-66 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring Downloadable AC Ls The policie s take ef fect after cli ent authe ntication and th e client IP addre ss addition to the I P de vice tracki ng table. The sw[...]

  • Pagina 313

    10-67 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This e xample s ho ws ho w to conf i gure a switch for a do wnload able pol icy: Switch# config terminal Enter configuration commands, one per line. End with CNTL/Z. S[...]

  • Pagina 314

    10-68 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring VLAN ID-b ased MAC Authentication Beginning i n privileged EX EC mo de, fol low these s teps: Ther e is no show comm and to confirm the status of VLA N ID-[...]

  • Pagina 315

    10-69 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring Open1x Beginning i n privileged EX EC mo de: This exampl e shows ho w to configure open 1x on a po rt: Switch# configure terminal Switch(config)# interface[...]

  • Pagina 316

    10-70 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Disabling 80 2.1x Auth entication on the Port Y ou can disab le 802.1x authent icati on on the port by using the no dot1x pae interface con fig uration comm and. Begin[...]

  • Pagina 317

    10-71 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Displaying 802.1x Statistics and Status Displaying 802.1x Statistics and Status T o display 802.1x statistics for all ports, use the show dot1x all st atisti cs pri vileged EXEC comma nd. T o display 802.[...]

  • Pagina 318

    10-72 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Displ ayin g 802 .1x S tat isti cs a nd St atus[...]

  • Pagina 319

    CH A P T E R 11-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 11 Configuring Web-Based Authentication This chap ter de scribe s ho w to con fig ure web- based authenti cation. I t contai ns these sec tions: • Understa nding W eb-B ased Authent ication, page 11-1 • Configuring W eb-Ba sed Authen ticatio n, page 11-[...]

  • Pagina 320

    11-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication • W eb A uthenti cation Custom izable W eb Pages, pa ge 11-6 • W eb- based Auth enticat ion I nterac tions w ith O ther Features , page 11 -7 Device Roles W it h web-based aut[...]

  • Pagina 321

    11-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Sess ion Cr eation When web-b ased authent ication detec ts a ne w host, it create s a session as follo ws: • Revie ws the exception list. If the host IP is included i n the[...]

  • Pagina 322

    11-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Local Web Authen tication Bann er Y o u can create a banne r that will appear whe n you log in to a switch by using web authentic ation. The banne r appear s on both the login pag[...]

  • Pagina 323

    11-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Figur e 1 1 -3 Customiz ed W eb Banner If you do not en able a banne r , only the user name a nd pa ssword di alog b oxes app ear in t he we b authe nticatio n logi n scr een,[...]

  • Pagina 324

    11-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Web Authen tication C ustomizable We b Page s During the web-b ased authentica tion process, the switch inter nal HTTP serv er hosts four HTML pages to deli v er to an authent ica[...]

  • Pagina 325

    11-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Figu re 1 1 -5 Customizeab le Authent icat ion P age For more infor mation, see the “Customizi ng the Auth enticati on Pr oxy W eb Pages” secti on on page 1 1-13 . Web-bas[...]

  • Pagina 326

    11-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication LAN Port IP Y ou can co nfigure LAN p ort IP (LPIP) and Layer 2 web- based au thenti cation on the sam e port. The h ost is authen ticated b y u sing web- based auth entication fi[...]

  • Pagina 327

    11-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation Configuring Web -Based Authenticat ion • Defa ult W eb-Based Authentica tion Configu ration, page 11-9 • W eb- Based Authentic ation Configuration Gui delines a nd Restricti[...]

  • Pagina 328

    11-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication • Hosts tha t are more t han one hop away might exper ience traffic disruption if a n STP to pology change r esults i n the host tr af f ic arri ving on a dif ferent port. Th is [...]

  • Pagina 329

    11-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation This exampl e shows ho w to verify the configurat ion: Switch# show ip admission configuration Authentication Proxy Banner not configured Authentication global cache time is 60[...]

  • Pagina 330

    11-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication The combi nation o f the IP addres s and UDP por t number creates a unique identif ier , that enab les RADIUS re quest s to be sent to mult iple U DP ports on a ser ver at the same[...]

  • Pagina 331

    11-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation Note Y ou need t o configure some settings on the RADIUS ser ver, includi ng: the swit ch IP address, the key string to be shared by both the ser ver and the switch, and the do[...]

  • Pagina 332

    11-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication When conf iguring customize d authentica tion proxy web pages, follo w these guidelines: • T o enable the custom web pa ges featur e, sp ecif y all four c ustom HTML f iles. If y[...]

  • Pagina 333

    11-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation Specifying a Redirection UR L for Successful Login Y ou can spec ify a URL to which t he us er is re dire cted af ter a uthenti cation, ef fect i vely re placing the internal S[...]

  • Pagina 334

    11-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication This e xample sho ws ho w to determine wheth er any con nected hosts are in the AAA Do wn state: Switch# show ip admission cache Authentication Proxy Cache Client IP 209.165.201.11[...]

  • Pagina 335

    11-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Displaying Web-Based Authentication Status This exampl e shows ho w to configure a loca l banne r with the custom message My Switc h : Switch(config) configure terminal Switch(config)# aaa new-model Switch(config)# aa[...]

  • Pagina 336

    11-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Display ing Web- Base d Authent ication Status[...]

  • Pagina 337

    CH A P T E R 12-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 12 Configuring Interface Cha racteristics This chapter defines the types o f Cata lyst 2960 a nd 296 0-S int erfaces a nd descr ibes how to configure them. • Understa nding I nterfac e T ypes, pa ge 12- 1 • Using the Switc h USB Ports (Catalyst 2960-S S[...]

  • Pagina 338

    12-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes • Connecti ng Int erfaces, pa ge 12- 10 Port-Based VLANs Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge. A VLAN is a switched netwo rk that [...]

  • Pagina 339

    12-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Note Whe n you change a Layer 3 i nter face into Laye r 2 mode, the configuration infor matio n relate d to the af fected interf ace mig ht be lost , and th e inter face is returned [...]

  • Pagina 340

    12-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Switch Virtual Interfaces A switch virtual i nterf ace (SVI ) rep resents a VLAN of swi tch po rts as one interf ace to the r outing or bridgi ng f unction in th e syst em. Y ou can asso c[...]

  • Pagina 341

    12-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Some switche s support dual-pur pose uplink ports. E ach uplink port is conside red as a sing le interface with dual front ends—an RJ-45 connector and a sma ll form-fa ctor pluggab[...]

  • Pagina 342

    12-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes High-p ower devices can ope rate in low-power mode on sw itches that d o not suppo rt power-negotiation C DP . Cisco intel ligent power manage ment is bac kward-compa tible wi th CDP with [...]

  • Pagina 343

    12-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es grants or de nies p ower . I f the reque st is grante d, the switc h upda tes t he power budget . If t he request i s denied, t he switch en sures that power to the po rt is turned o[...]

  • Pagina 344

    12-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes If yo u do n ot sp ecify a wat tage, the switc h pr e-all ocates th e maxim um v a lue. Th e switch po wers the port on ly if it d iscovers a powered device. Use the st atic setting on a h[...]

  • Pagina 345

    12-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es 3. Automatic ally when the switch sets the po wer usa ge of the de vice by using CDP power negotia tion or by the I EEE classification a nd L LDP power negot iation. Use the fir st o[...]

  • Pagina 346

    12-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Because t he swit ch suppor ts interna l power supplie s and the Cisco Redun dant Power System 2300 ( also referred to as the RPS 2300), the total amount of po wer a v ailable for the po [...]

  • Pagina 347

    12-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using the Switch USB Ports (Catalyst 2960-S Switches Only) Figur e 12 -2 Connecting VLANs with a La y er 3 S witc h Using the Switch USB Ports (Catalyst 2960-S Switches Only) The Catalyst 2960-S switc h has two USB po[...]

  • Pagina 348

    12-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Swit ch USB P orts (Cataly st 2960 -S Swit ches O nly) In the sampl e output, swit ch 1 has a connec ted USB co nsole cab le. Becaus e the bootlo ader did not change to the USB console, the f irst lo g from swi[...]

  • Pagina 349

    12-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using the Switch USB Ports (Catalyst 2960-S Switches Only) *Mar 1 00:34:27.498: %USB_CONSOLE-6-CONFIG_DISALLOW: Console media-type USB is disallowed by system configuration, media-type remains RJ45. (switch-stk-2) Thi[...]

  • Pagina 350

    12-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Swit ch USB P orts (Cataly st 2960 -S Swit ches O nly) If there is no (inpu t) acti vity on a USB conso le port for the conf igured number of minutes, th e inacti vity timeout setting applie s to the RJ-45 port[...]

  • Pagina 351

    12-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de Number of Configurations: 1 Speed: High Selected Configuration: 1 Selected Interface: 0 Configuration: Number: 1 Number of Interfaces: 1 Description: Storage Attributes: None Max[...]

  • Pagina 352

    12-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode T o configu re a physical inter face (port) on a Catalyst 296 0 switch or a C atalyst 2960-S switch r unning the LAN Lite image, specify the interf ace type, module number , and switc[...]

  • Pagina 353

    12-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de Identify the interf ace type and the interf ace num ber , Gigabit Ethe rnet port 1 in this ex ample: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# Note E nteri [...]

  • Pagina 354

    12-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode When usin g the interf ace ra nge global configurat ion comm and, no te these guide lines : • V alid entries for port- ra ng e, dependin g on p ort type s on the sw itch: – vlan v[...]

  • Pagina 355

    12-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de If yo u enter multi pl e conf iguration comm ands wh ile you are in inter fa ce-r ange mo de, ea ch comman d is executed as it is en tered . The comma nds a re not batc hed an d [...]

  • Pagina 356

    12-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Etherne t Managem ent Port (Ca talyst 29 60-S Onl y) • Y ou must add a space between the first interface num ber and th e hyphen whe n entering an interface- rang . For exam pl e, giga bitethe rnet 0/1 - 4 is[...]

  • Pagina 357

    12-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Usin g th e Eth ern et M ana gem ent Po rt (C ata lys t 296 0-S Onl y) Understand ing the Ethern et Mana gement Port The Ethe rnet ma nageme nt por t, also refe rred to as the F a0 or fastethe rnet0 port , is a Layer [...]

  • Pagina 358

    12-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Etherne t Managem ent Port (Ca talyst 29 60-S Onl y) • TFTP • Secure Shell ( SSH) • DHCP-bas ed autoc onfi guratio n • SMNP (only t he ENTIT Y -MIB a nd t he IF -MIB) • IP ping • Interfa ce f eatur [...]

  • Pagina 359

    12-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Configuring Eth ernet Inte rfaces These sec tions co ntain this co nfiguration info rmat ion: • Defaul t Ethern et Interfa ce Configu ratio n, page 12-2 3 • Setting the T ype of a D[...]

  • Pagina 360

    12-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Port enab le state All ports are enab led. Port d escriptio n None defined. Speed Autonegotia te. Dupl ex mode Aut onegotiat e. Flo w control Flo w control is set to rece iv e : off . I[...]

  • Pagina 361

    12-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Setting th e Type of a Dual-P urpose Uplink Po rt Note Onl y Cata lyst 2960 swit ches have dual-pur pose upli nks po rts. Some sw itches su pport d ual-purpo se upl ink po rts. By defau[...]

  • Pagina 362

    12-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s T o return to the default setting, use the media- type auto in terf ace or the no media-type in terface configurati on c ommands. e switch configur es both typ es to autonegoti ate spee[...]

  • Pagina 363

    12-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces – The 100 B ASE- x (w here - x is -BX, -CWDM, -LX, -SX, and -ZX ) SFP module ports supp ort only 100 Mb/ s. T hese mo dules suppo rt full - and half- duplex o ptions but do not suppor[...]

  • Pagina 364

    12-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Use the no spee d and no duplex interfa ce conf igur ation comman ds to return the inte rface to the def ault speed and duple x settings (autone gotiate ). T o return all interf ace set[...]

  • Pagina 365

    12-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Beg i n ni ng in p riv i le ge d E X EC m o de , f ol l ow t h es e s t ep s t o configur e flo w co ntrol on an interf ace: T o disabl e flo w control , use the flowcon trol rece ive o[...]

  • Pagina 366

    12-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Beg i n ni ng i n p riv i le ge d E X E C m o de , fo ll ow t h es e s te ps t o configur e auto-MDIX on an inter face: T o disabl e aut o-MDIX, use the no mdix auto in terface con figu[...]

  • Pagina 367

    12-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Beginn ing in pri vileg ed EXEC mode, follo w these steps to co nf ig ure a po w er m a n ag e m en t mo d e on a PoE-capable port: For informa tion ab out the outp ut of the show power[...]

  • Pagina 368

    12-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s the a ctual a mount of power ne eded . If the p owered device re ports a highe r cla ss th an it s actu al consumpt ion or doe s not suppor t power classification (default s to Class 0)[...]

  • Pagina 369

    12-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces T o return to the default setting, use the no power inl ine consumption defaul t globa l configura tion comm and. Beginning in privileged EXEC mo de, fol low these steps to co nf ig ur [...]

  • Pagina 370

    12-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Beg i n ni n g i n p r ivi l eg ed E X EC mo d e , f ol l ow t h es e s t e ps t o enable policing of the real-time po w er co ns um pt io n of a pow ered device co nnecte d to a PoE po[...]

  • Pagina 371

    12-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Layer 3 SVIs Beginn ing in pri vileg ed EXEC mode, follo w these steps to add a description for an interface: Use the no description i nter face configurat ion comm and to delete the de script ion. This ex[...]

  • Pagina 372

    12-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Conf igu rin g th e Sy stem MTU Beginning i n privileged EX EC mo de, fol low these s teps t o configure a La yer 3 SV I: T o remove an IP addre ss fro m an SVI, use the no ip addr ess interface co nfiguration c omman d.[...]

  • Pagina 373

    12-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to chan ge MTU size for all 10/100 or Gigab it Ethernet in terf aces: If you e nter a v alue th at is outsid e the a[...]

  • Pagina 374

    12-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es Monitoring Interface Status Command s entere d at the privileged EXEC pro mpt displ ay infor mati on about th e interfac e, includ ing the ver sions of the softw are and the [...]

  • Pagina 375

    12-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces T o clea r th e inte rface coun ter s shown by the show inte rfac es privileged EXEC comm and, use the clear counters pri vilege d EXEC co mmand . The clear counters comma nd [...]

  • Pagina 376

    12-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es[...]

  • Pagina 377

    CH A P T E R 13-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 13 Configuring VLANs This c hapter describ es how to c onfigure norm al- range VL ANs (V LAN IDs 1 t o 100 5) and extended-ra nge VLA Ns (VL AN IDs 1006 t o 4094) on the C atalyst 2960 and 2960 -S switche s. It incl udes inform ation abou t VLAN me mbers hi[...]

  • Pagina 378

    13-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Underst anding VL ANs Note Be fore you create VLANs , you mu st deci de wh ether to use V LAN Trunking Pr otocol (V TP) to maint ain global VL AN configurat ion for you r network. For more informa tion on VTP , see Cha pter 14, “Configuri [...]

  • Pagina 379

    13-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Unde rsta ndin g VLAN s Note U p to 64 VLANs are sup ported w hen the sw itch is ru nning the LAN Li te imag e. Although the swi tch stac k suppor ts a tot al of 25 5 (norm al range a nd extende d range) VLAN s, the num ber of configured fe[...]

  • Pagina 380

    13-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns For more de tailed definitions of acce ss and tru nk mo des and their f unctions, see T able 13 -4 on page 1 3-14 . When a port belongs to a VLAN , the switch l earns and ma nages the add resses associated w[...]

  • Pagina 381

    13-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Y ou use the interfa ce configura tion mod e to define the por t membershi p mode and to add and remove ports from VLANs. Th e results of these command s are written to the runni ng-conf iguratio n f ile[...]

  • Pagina 382

    13-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns Normal-Range VLAN Co nfiguratio n Guidelin es Follow these guidel ines wh en cre ating and mo dify ing norma l-rang e VLAN s in your ne twork: • The switc h supports 255 VLANs in VTP cli ent, server , and [...]

  • Pagina 383

    13-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns desc rip tion in the comma nd refe renc e for this release . When you have f inished t he configurat ion, you must e xit VL AN conf iguration mode f or the c onfi guratio n to tak e ef fec t. T o display[...]

  • Pagina 384

    13-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns Creating or Modifyin g an Et hernet VLAN Each E therne t VL AN in the VLAN d ataba se ha s a uni que, 4- digit ID t hat c an be a nu mber from 1 to 1 001. VL AN ID s 100 2 to 10 05 ar e re served for T oken [...]

  • Pagina 385

    13-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns T o return the VLAN name to the defa ult setting s, use the no name , no mtu , o r no r emote -spa n comm ands. This exampl e shows h ow to cre ate E the rnet V LAN 20, name it test20, and add it to the [...]

  • Pagina 386

    13-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Extend ed-Range VLANs Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to assign a port to a VLAN in the VLAN database: T o return an interfac e to its default conf igu ration, use the default interface interfa ce-id [...]

  • Pagina 387

    13-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Confi guring Exte nded- Range VLANs Default VLAN Configuration See T a ble 13-2 o n pag e 13-7 for t he defau lt con figuration f or Et hernet VLANs. Y ou can c hange on ly the MTU size and the remo te SP AN conf iguration state on ex tend[...]

  • Pagina 388

    13-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Extend ed-Range VLANs In VTP version 1 and 2, extende d-range VLANs a re not saved in the VLAN database ; they are saved in the switc h runnin g conf igur ation f ile. Y ou can sa ve the exten ded-r ange VLAN conf iguration i n[...]

  • Pagina 389

    13-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Displaying VL ANs Displaying VLANs Use the show vlan privi leged EXEC command to display a list of all VLA Ns on the switch, including extended -range V LANs. Th e displa y includ es VLAN status, port s, and co nfiguration inform ation . T[...]

  • Pagina 390

    13-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks T o avoid this , you s hould configure int erface s connec ted t o devices tha t do no t suppor t DTP to not forward DTP frame s, tha t is, to t urn off DT P . • If you do not int end to trunk ac ross tho se link[...]

  • Pagina 391

    13-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s Default Layer 2 Ethernet Inte rface VLAN Con figuratio n T ab le 13-5 sh ows the de fault Lay er 2 Ether net int erface VLAN co nfiguration. Configuring a n Ethern et Interface as a Trunk P ort Because t runk po[...]

  • Pagina 392

    13-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks • If you try to enabl e IEEE 802 .1x on a t runk por t, an err or message appear s, and IE EE 802.1x is not enab led. If you try to chan ge the mo de of an IEE E 802.1 x-ena bled por t to trunk , the port mode is[...]

  • Pagina 393

    13-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s Defining the Allowed VLANs on a Trunk By default, a trunk port sen ds traffic to and re ceives traff ic from al l VLAN s. All V LAN IDs, 1 to 4 094, are al lo wed o n each trun k. Ho wev er , you can remo v e VL[...]

  • Pagina 394

    13-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks T o return to the def ault allo wed VLAN li st of all V LANs, use the no switchport trunk allowed vlan interf ace c onfig uration co mmand. This exam ple sh ows how to remove VLAN 2 from th e a llowed VLAN list on [...]

  • Pagina 395

    13-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s For informa tion ab out IEEE 802.1Q con figuratio n issues , see the “IEE E 802.1 Q Configurati on Consider ation s” sect ion on page 13-14 . Beginning i n privileged E XEC mo de, follow these steps to con f[...]

  • Pagina 396

    13-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks • VLANs 3 thr ough 6 are a ssigned a po rt prior ity o f 16 on Trunk 2. • VLANs 8 thr ough 10 re tain the default port prio rity of 128 on T runk 2. In thi s way , Trunk 1 carri es tr aff ic for VLAN s 8 t hrou[...]

  • Pagina 397

    13-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s Load Sharing Using STP Path C ost Y ou can configure pa rallel tru nks to share VLAN traffic by setting different pa th costs on a trunk an d associat ing t he path costs with d ifferent sets of V LANs, blocking[...]

  • Pagina 398

    13-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS Beginn ing in pri vile ged EXEC mode, follo w these steps to config ure the networ k sho wn in Figure 13-3 : Configuring VMPS The VLA N Quer y Protocol (V QP) is u sed to suppor t dynami c-ac cess ports , which are not perm[...]

  • Pagina 399

    13-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS • “Troubleshoot ing Dynami c-Ac cess Port VLA N Membership” sec tion on pa ge 13-28 • “VMPS Co nf igu rat ion Ex ampl e” s ecti on on pa ge 13 -28 Understand ing VMP S Each time t he clien t switch recei v es t[...]

  • Pagina 400

    13-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS If the link goes down on a dy namic -access por t, the p ort r eturns to an is olated st ate and do es not be long to a VLAN. An y hosts th at come onlin e through the port are check ed again thr ough the VQP with the VMPS [...]

  • Pagina 401

    13-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS Configuring the VMPS Client Y ou configure dy namic VLANs by usi ng the VMPS (s erver). Th e sw itch ca n be a VMPS cli ent; it canno t be a VMPS server . Entering the IP Address of the VMPS Y ou must f irst enter the IP a[...]

  • Pagina 402

    13-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS T o return an interfac e to its default conf igu ration, use the default interface interfa ce-id interfa ce conf iguration command. T o return a n interfac e to its def ault switc hport mode (dyn amic auto), use the no swit[...]

  • Pagina 403

    13-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS Changing the Retry Count Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to chan ge the number of times that the swit ch attempt s to conta ct the VMPS befor e queryi ng the n ext serv er: T o return the switch [...]

  • Pagina 404

    13-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS Troublesho oting Dyna mic-Acce ss Po rt VLAN Memb ership The VMPS shuts down a dynamic -access port unde r these cond itions: • The VMPS is in secure mode, and it does not allo w the host to connect to the port. The VMPS [...]

  • Pagina 405

    13-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS Figur e 13-4 Dynamic P ort VLAN Member ship Configur ation Primar y VMPS Ser ver 1 Catalyst 6500 series Secondar y VMPS Ser ver 2 Catalyst 6500 series Secondar y VMPS Ser ver 3 172.20.26.150 172.20.26.151 Catalyst 6500 ser[...]

  • Pagina 406

    13-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS[...]

  • Pagina 407

    CH A P T E R 14-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 14 Configuring VTP This c hapter describ es how to us e t he VLA N Trunking Prot ocol ( VTP) a nd the VLAN databa se fo r managing VLANs with the Cat alyst 2960 and 29 60-S switc hes. Unle ss otherwi se noted, t he te rm switch refer s to a standa lone swit[...]

  • Pagina 408

    14-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Underst anding VTP The swit ch su pports 25 5 VL ANs, b ut t he num ber of c onf igured features af fec ts the usage o f the s witch hardw are. If the switch is notif ied b y VTP of a new VLAN and the switch is already using the maximum av ail[...]

  • Pagina 409

    14-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Understanding VTP When you make a change to t he VL AN co nfiguration on a V TP server, the chan ge is propaga ted to a ll switches in the VTP d omain. VTP adv ertisements ar e sent ov er all IEEE trunk connectio ns, includi ng IEEE 8 02.1Q. [...]

  • Pagina 410

    14-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Underst anding VTP VTP Advertisements Each swi tch in the VTP domain sends period ic globa l configuratio n advertise ments f rom each trunk port to a rese rved multica st addr ess. Neig hborin g switch es rece iv e these adv ertisemen ts and [...]

  • Pagina 411

    14-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Understanding VTP • VLAN state • Additional VLA N config uration information specif ic to the VLAN type In VTP ver sion 3, VTP adver tisements also incl ude the prim ary ser ver ID, an inst ance numbe r , and a start i ndex. VTP Vers ion [...]

  • Pagina 412

    14-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Underst anding VTP • Support for any da tabase i n a do main . In a ddition to propagat ing V TP info rmation, version 3 ca n propagat e Mult iple Sp anning Tree (MST ) protoc ol data base inf orma tion. A separ ate instan ce o f the VTP pro[...]

  • Pagina 413

    14-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Understanding VTP Figur e 14 -1 Flooding T raf fic wi thout VTP Pr uning Figure 14- 2 sho ws a switche d network with V TP pruning enabl ed. The bro adcast tra f fic from Switch A is not fo rwa rded to Swit ches C, E, and F because tr af f ic[...]

  • Pagina 414

    14-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P VTP pruning is not designed to func tion in VTP transparent mode . If one or more switches in the netwo rk are in VTP transpar ent mode , you should do one of the se: • T urn off V TP pruni ng in the en tire network . •[...]

  • Pagina 415

    14-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP • Configuring VT P on a Per-Port Basis, page 1 4-16 • Adding a VTP Cli ent Swi tch to a VTP Domain, page 14-1 7 Default VTP Configuration T ab le 14-2 shows the default VTP co nfig uration. VTP Configu ra tion Guidelines Y[...]

  • Pagina 416

    14-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P Domain Names When co nfiguring VT P for t he first tim e, you must a lways assign a doma in nam e. Y ou m ust configure all switche s in the VTP domain with the sam e domain name. Switc hes in VTP transparen t mode do not [...]

  • Pagina 417

    14-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP • Do not enable VTP v ersion 2 on a switch unless all of the switc hes in the same VTP domain are version-2-ca pable . When y ou ena ble versio n 2 on a switch, all of the version -2-ca pable sw itches i n the domain en abl[...]

  • Pagina 418

    14-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P • When you conf igure the switch for VTP transparent mode, VTP is disabled on the switch. The switch doe s not send V TP upda tes an d does n ot ac t on VTP update s rece i ved from other switches. Howe ver , a VTP trans[...]

  • Pagina 419

    14-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP When you con figure a domain na me, it cannot be rem ove d; you ca n only rea ssign a switch t o a different domain. T o re turn a switch in an other mod e to VTP server mode , use the no vt p mode global con figuration comma[...]

  • Pagina 420

    14-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P Configuring a VTP Version 3 Password Beginning in privileged EX EC mode , foll ow these s teps to c onfigure th e passwor d when using V TP version 3: T o clear the pa sswor d, enter the no vtp password global configura ti[...]

  • Pagina 421

    14-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP This examp le shows how to con figure a switch as the pr imary server f or the V LAN databa se (the default) when a h idden or se cret password was c onfigured: Switch# vtp primary vlan Enter VTP password: mypassw ord This sw[...]

  • Pagina 422

    14-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P T o return to the default VTP v ersion 1, use the no vtp version glob al configura tion co mman d . Enabling V TP Prunin g Pruning inc reases available bandwi dth by restric ting flood ed traffic to those trunk lin ks that[...]

  • Pagina 423

    14-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP T o disa ble V TP on t he in terf ace, use t he no vtp interf ace con fig uratio n comman d. Switch(config)# interface gigabitethernet 0/1 Switch(config-if)# vtp Switch(config-if)# end Adding a VT P Client S witch to a VT P D[...]

  • Pagina 424

    14-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Monito ring VTP Note Y ou can u se the vtp mode transpar ent global con figuration c ommand t o disab le VT P on the swi tch an d then to cha nge its VLAN inform ation without affecting the othe r switc hes in the V TP doma in. Monitoring VTP[...]

  • Pagina 425

    CH A P T E R 15-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 15 Configuring Voic e VLAN This c hapter describ es how to c onfigure the voice VLA N feat ure on the Cataly st 2960 and 2960-S switches. Unless otherwise noted, the term switc h ref ers to a stan dalone switc h and a swit ch stac k. V oice VLAN is referr e[...]

  • Pagina 426

    15-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Underst anding Voice VL AN Figure 15- 1 shows one w ay to conne ct a Cisco 7960 IP Phone. Figur e 15 -1 Cisco 7960 IP Phone Conne ct ed t o a S witc h Cisco IP Phone Voice Traffic Y ou can conf i gure an access por t with a n att ached[...]

  • Pagina 427

    15-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 5 Configuring Voice VLA N Configuring Voice VLAN Note Un tagged traffic from th e device a ttache d to t he Cisco I P Phone passes t hrou gh the phone unc hanged, regardless of the tr ust stat e of t he acce ss port on the phone. Configuring Vo ice VLAN These [...]

  • Pagina 428

    15-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Configuring Voice VLAN • If the Cisc o IP Phon e and a d e vice atta ched to th e phone a re in t he same VLAN , the y must be in the same IP subnet . These condit ions indicate that they ar e in the same VLAN: – They both use IEEE[...]

  • Pagina 429

    15-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 5 Configuring Voice VLA N Configuring Voice VLAN Configuring Cisco IP Phone V oice Traffic Y ou can con figure a po rt conn ected t o the Cisco IP Phone to send CDP pac kets to th e phon e to c onfigure the wa y in whic h the ph one send s v oice tr af f ic. T[...]

  • Pagina 430

    15-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Configuring Voice VLAN T o return the port to its default setting, use the no swit chport v oice vlan in terfa ce conf igurat ion comm and. Configuring the Priori ty of Incoming Data Frames Note T o s et prio rity of in coming dat a fr[...]

  • Pagina 431

    15-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 5 Configuring Voice VLA N Displaying Voice VLAN Displaying Voice VLAN T o display v oice VLAN co nf igurat ion fo r an in terf ace, u se th e show int erf aces interface-id swit chport pri v ile ged EXE C command .[...]

  • Pagina 432

    15-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Displa ying Vo ice VLA N[...]

  • Pagina 433

    CH A P T E R 16-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 16 Configuring STP This chapt er desc ribes how to configure the Sp anni ng T ree Protoc ol (STP) on port-ba sed VLANs on the Cataly st 2960 an d 2960-S s witche s. The switch can use eithe r the per -VLAN spanni ng-tre e plus (PVST+) protoc ol based on t h[...]

  • Pagina 434

    16-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures • Spanning -T ree Addr ess Man ageme nt, pa ge 16-9 • Acceler ated Aging to Retain Connecti vity , page 16-9 • Spanning-Tree Modes an d Protocols, pa ge 16-1 0 • Supporte d Spanning -Tree Instan[...]

  • Pagina 435

    16-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures Spannin g-Tr ee Topo logy an d BPDUs The stable, ac tiv e spanning -tree topolog y of a switched netw ork is controlled b y these elements: • The uni que bridge ID (sw itch p rior ity and MAC address[...]

  • Pagina 436

    16-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures Only one outgoin g port on the stack root switc h is selected as the root port. The remaining switch es in the stack become its designated switch es (Switch 2 and Switch 3) as sho wn in Figure 1 6-1 on [...]

  • Pagina 437

    16-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures The swi tch sup ports t he IEEE 802.1t spanni ng-tre e extension s, and some of t he bits pr eviously used for the switch prior ity are no w used as the VLAN ident ifie r . The result is that fe wer MA[...]

  • Pagina 438

    16-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures • From le arning t o fo rwarding o r to disable d • From for warding to d isabled Figure 16- 2 illustrates ho w an interface mo v es through the states. Figur e 16 -2 Spanning-T r ee Interf ace Stat[...]

  • Pagina 439

    16-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures • Does not lea rn addres ses • Rece ives BPDUs Listening State The li stenin g stat e is th e f irst state a Lay er 2 i nterf ace e nters af ter the blo cking s tate. The i nterf ace e nters this s[...]

  • Pagina 440

    16-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures How a Sw itch or Port Beco mes th e Root S witch o r Root Port If all switches in a netw ork are enabl ed with default spann ing-tree setti ngs, the switch with the lowe st MA C address beco mes the roo[...]

  • Pagina 441

    16-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures Figur e 16-4 Spanning T ree and Redun dant Connectiv ity Y ou can also cre ate redund ant lin ks betwee n switches by using EtherChann el gro ups. For more inform ation, see Ch apt er 37, “Configur i[...]

  • Pagina 442

    16-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures Span ning- Tree Modes a nd Pro tocols The switc h supports t hese spanni ng-tr ee modes an d protocols: • PVST+—Th is spann ing-tr ee mod e is ba sed on the IEEE 8 02.1D stand ard and Cisco proprie[...]

  • Pagina 443

    16-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures Spanning-Tree Interoperability and Backward Compatibility T ab le 16-2 lists the interoperability a nd compa tibility among the s upporte d spanning-tre e mode s in a network. In a mi xed MSTP and PV [...]

  • Pagina 444

    16-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Spanning Tree and Switch Sta cks These st atements ar e true when the switc h stack is operating in PVST+ or rap id-PVST+ mode: • A switch stack appears as a singl e spanni ng-tre e node to the re st of[...]

  • Pagina 445

    16-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Default Span ning-T ree Configur ation T ab le 16-3 sh ows the defaul t span ning-t ree co nfiguration . Spannin g-Tr ee Conf igura tion Guideli nes Each stack member runs its o wn spann ing tree, an d [...]

  • Pagina 446

    16-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures switch o n each l oop in the VLAN must be r unning span ning tre e. It is not abso lutely nec essary to ru n spannin g tree on al l switches in t he VLA N. Howe ver , i f you are ru nnin g spanning tree o[...]

  • Pagina 447

    16-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Changing the Spa nning-Tree M ode The sw itch s upports th ree spanning -tree mo des: PV ST+, rapi d PVST+, or MS TP . By defau lt, the switch runs th e PVST+ protocol . Beginning in privileged EXEC mod[...]

  • Pagina 448

    16-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Disabling Sp anning Tree Spanning tree is enab led by defau lt on V LAN 1 and on all newly crea ted VL ANs up to the spannin g-tree limit specif ied in the “Support ed Spann ing-Tree Instanc es” secti[...]

  • Pagina 449

    16-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Note Th e ro ot swit ch fo r eac h span ning -tree instan ce shou ld be a ba ckbone or di stribution switch . Do not conf igu re an acc ess switch as the span ning -tre e primar y root. Use the diameter[...]

  • Pagina 450

    16-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Configur ing a S econd ary Roo t Switch When you con figure a switch as the secondary root, the switc h priori ty is modified from t he default value (32768 ) to 28672. Th e switc h is then l ikely to bec[...]

  • Pagina 451

    16-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Note If your switch is a m ember of a switch stack, you mu st us e the spanning-tree [ vlan vlan-id ] cost cost interfac e configurati on comma nd instea d of the spanning-tree [ vlan vla n-id ] port-pr[...]

  • Pagina 452

    16-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures T o return to the default setting, use the no spanning-tree [ vlan vlan-id ] port-pr iori ty interf ace configurati on c ommand. For inf ormati on o n how to co nfigure l oad sh aring on trun k port s by [...]

  • Pagina 453

    16-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Note Th e show spanning-tree inter face interface- id privileged EXEC comma nd displays in format ion only for por ts that are in a lin k-up ope rati v e stat e. Othe rwise, y ou can u se the show runni[...]

  • Pagina 454

    16-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Configuring S pannin g-Tree Timers T ab le 16-4 descri bes the timer s that af fect the en tire s panning -tree p erforma nce. The sectio ns that follo w pro vide the conf igur ation steps. Configuring th[...]

  • Pagina 455

    16-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Configuring the Forwarding -Delay Time fo r a VLAN Beginning i n privileged E XEC mode, follow these ste ps to c onfigure t he forwarding -del ay ti me for a VLAN. Th is proc edure is opt ional . T o re[...]

  • Pagina 456

    16-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Displaying the Spannin g-Tree Stat us Configuring the Transmit Hold -Count Y ou can configure th e BPDU burst size by chang ing the t ransmit hol d count value. Note Changing this parameter to a hi gher va lue can ha ve a signif icant impact [...]

  • Pagina 457

    CH A P T E R 17-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 17 Configuring MSTP This chapte r describes ho w to conf igure the Ci sco implemen tation of the IEEE 802. 1s Multiple STP (MSTP) on th e Catal yst 2960 and 29 60-S swit ches. Note The multiple spanning-tree (MST) implementatio n is based on the IEEE 802.1s[...]

  • Pagina 458

    17-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P This chap ter cons ists of these sec tions: • Understa nding M STP , pag e 17-2 • Understa nding RSTP , page 1 7-10 • Configuring M STP Fea tures , p age 17-15 • Display ing the MST Configura tion and Statu s, pag[...]

  • Pagina 459

    17-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP IST, CIST, an d CST Unlik e PVST+ and rapid PVST+ in whi ch all the spann ing-t ree inst ances are in depend ent, the MST P establishes and maintains tw o types of sp anning trees: • An interna l spanning tree (IST) [...]

  • Pagina 460

    17-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P For correct operatio n, all switch es in the MST re gion m ust agree on th e same CIST re gional r oot. Theref ore, any two switches in the regi on only sync hronize their port roles for an MST insta nce if th ey conv erg[...]

  • Pagina 461

    17-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP Only the CST instance sends an d receives BPDUs, and MST insta nces add their spanning- tree informatio n into the BPDUs to inter act with neighb oring switches an d compute th e final sp anning-tr ee topology . Beca u[...]

  • Pagina 462

    17-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P Hop Count The IST and M ST inst ances do not use the mes sage- age an d maxi mum-age infor mation in the configurati on BPDU to c ompute the sp anni ng-tre e topolo gy . Inst ead, they use th e pa th cost to the root and [...]

  • Pagina 463

    17-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP IEEE 802.1s Implementation The Ci sco impl ementat ion of the I EEE MST s tandard includes featur es requir ed to me et the sta ndard, as well as some of the de sirable pre standard fun ctionality that is not yet incor[...]

  • Pagina 464

    17-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P Figur e 1 7 -2 Standar d and Pr estandard S witch Inte ro per ation Note W e re comme nd tha t you minim ize th e in teract ion be tween st andard and presta ndard M ST implemen tations. Detecting Unidirect ional Link Fai[...]

  • Pagina 465

    17-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP MSTP an d Switch S tacks Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge. A switch stack appe ars as a single spannin g-tree nod e to the re st of the ne two rk, and all st [...]

  • Pagina 466

    17-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding RSTP Understandin g RSTP The RSTP takes ad vantage of point- to-po int wiring and provides rapi d conv ergence of the span ning tree. Reconfigurat ion of th e spann ing tree ca n occur in less than 1 s econd (i n contra st to [...]

  • Pagina 467

    17-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Understa nding RST P T o be consistent with Cisco STP implement ations, this guide def in es the port state as bloc king instead of discarding . Designated ports start in the liste ning state. Rapid Con vergenc e The RSTP provides for ra pi[...]

  • Pagina 468

    17-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding RSTP Figur e 1 7 -4 Pr oposal an d A gr eemen t Handshak ing f or Rapid Con ver ge nce Synchronizatio n of Port R oles When th e switc h receives a proposal me ssage on one of its port s and tha t port is selec ted as the new [...]

  • Pagina 469

    17-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Understa nding RST P Figur e 1 7 -5 Se quence of Ev ents Du r ing Rapid Conv er g ence Bridge Protoco l Data Unit Format an d Process ing The R STP BP DU for mat is th e sam e as t he IEEE 802.1D BPD U fo rmat exce pt tha t th e proto col v[...]

  • Pagina 470

    17-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding RSTP The RSTP does not have a separate topo logy chan ge notificati on (TCN) BPD U. It uses the topology change (TC) f lag to show the topolo gy changes. Howe ver , for interoperab ility with IEEE 8 02.1D switches, the RST P s[...]

  • Pagina 471

    17-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res • Protoc ol m igratio n—F or bac kward comp atibility with IEEE 8 02.1D s witch es, RSTP selecti vely sends IEEE 802.1D configuratio n BPDUs and TCN BPDU s on a per-port basis. When a port is initializ ed, th[...]

  • Pagina 472

    17-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Default MSTP Configuration T ab le 17-4 sh ows the default MSTP configuration . For informat ion about the suppor ted numbe r of spanni ng-tree instan ces, see the “Supp orted Spanning -T ree In stance s” sect[...]

  • Pagina 473

    17-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res • VTP propa gation of the MST co nfiguration i s not suppo rted. Howev er , you can manu ally c onfigure the MS T co nfiguration (region n ame , revision num ber, and VLA N-to-in stance mappi ng) o n each switc[...]

  • Pagina 474

    17-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es T o retur n to the defa ult M ST region configurati on, u se th e no spanning- tr ee mst configurat ion globa l conf iguratio n command. T o return to the defa ult VLAN-to- instance map , use the no i nstance inst[...]

  • Pagina 475

    17-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Instance Vlans Mapped -------- --------------------- 0 1-9,21-4094 1 10-20 ------------------------------- Switch(config-mst)# exit Switch(config)# Configuring th e Root Switch The swi tch mainta ins a spannin g-[...]

  • Pagina 476

    17-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure a switch as the root switch. This procedur e is optional. T o return the switch to it s def ault setting, use the no spanning-tr ee mst insta[...]

  • Pagina 477

    17-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Beginning i n privileged EX EC mo de, fol low these s teps t o configure a swit ch as the se condary root switch. Th is procedure is option al. T o return the switch to it s def ault setting, use the no spanning-[...]

  • Pagina 478

    17-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure the MSTP port priority of an interf ace. This pr ocedure is option al. Note Th e show sp anning-t ree mst inte rface interface-id privileged [...]

  • Pagina 479

    17-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Configuring Path Cost The MSTP path cost def ault v alue i s deri ved fr om the media speed of an inte rface . If a loop occurs, the MSTP use s cost when se lecting an interfac e to put in the forwarding st ate. [...]

  • Pagina 480

    17-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Configuring the Switch Priority Y o u can conf igure the switch priority and mak e it more like ly that a standalone switc h or a switch in the stack will be c hosen as the root switch. Note Stac king is supp orte[...]

  • Pagina 481

    17-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Configuring the Hello Time Y o u can conf igure th e interv al between the generation of config uration messages b y the ro ot switch b y chan ging the hello tim e. Beginn ing in pri vileg ed EXEC mode, fo llo w [...]

  • Pagina 482

    17-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Configuring the Maxi mum-Aging Time Beginn ing in p ri vileg ed EXEC mode, fo llo w these steps to conf igure the maxim um-aging t ime for all MST inst ance s. This procedure is optio nal. T o return the switch to[...]

  • Pagina 483

    17-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Specifying the Link Type to Ensure Rapid Transitions If you con nect a port to anothe r port thr ough a point-t o-po int link an d the loc al port beco mes a designated por t, the RSTP negoti ates a rapid tran si[...]

  • Pagina 484

    17-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Displaying the MST Configu ration and Stat us T o return the port to its default setting, use the no spanning-tre e mst prestandard in terface configurati on c ommand. Restarting the Protocol Mi gration Proce ss A switch r unning M STP supp [...]

  • Pagina 485

    CH A P T E R 18-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 18 Configuring Optional Spannin g-Tree Features This ch apt er descr ibes how to co nfigure opt ional spa nning- tree f eatur es on the Cata lyst 2960 and 29 60-S switche s. Y ou can co nfigure all of th ese feat ures when your swit ch is ru nning the p er-[...]

  • Pagina 486

    18-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures • Understa nding R oot Guar d, page 1 8-10 • Understa nding L oop G uard, page 18-1 1 Understand ing Port Fa st Port Fast immedia tely br ings an inte rf[...]

  • Pagina 487

    18-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures configurat ion, suc h as the co nnect ion of an unauthor ized device, an d the BPD U guard fe ature put s the port in the e rror-disable d state. When t his ha pp[...]

  • Pagina 488

    18-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Figu re 1 8-2 Swit ches in a H ierarchical Network If a switch loses co nnectivity , i t begins using the alt ernate path s as soon as the span ning tre e se[...]

  • Pagina 489

    18-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Figur e 1 8-3 UplinkF ast Example Bef or e Dir e ct Link F ailur e If Switch C detects a link fa ilure on the curre ntly acti v e link L2 on the root port (a dir [...]

  • Pagina 490

    18-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures How CSUF Work s CSUF ensures that one link in the stack is elected as the path to the root. As shown in Figure 18-5 , the stack- root po rt on Sw itch 1 prov[...]

  • Pagina 491

    18-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Each switch in the stac k decides if the sending sw itch is a better choice than itself to be the stack root of this span ning- tree inst ance b y compar ing the [...]

  • Pagina 492

    18-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Backbon eFast, w hich is e nable d by us ing th e spanning-tree backbonefast global c onfiguratio n comm and, star ts when a ro ot port or bl ocked inter fac[...]

  • Pagina 493

    18-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Figur e 1 8-6 Backbon eF ast E xample Bef ore Indir ect Link F ailure If lin k L 1 fails as sh own in Figu re 18-7 , Switch C cannot detect this fail ure becaus e[...]

  • Pagina 494

    18-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Figur e 1 8-8 Adding a S witc h in a Sha r ed-Medi um T opology Understand ing Ethe rCha nnel Gua rd Y ou can use Et herC hannel gua rd to detect an Ethe rC[...]

  • Pagina 495

    18-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Root guard ena bled on an interf ace appli es to all the VLANs to whic h the interf ace belongs. VL ANs can be grou ped and map ped t o an M ST i nstance. Y ou c[...]

  • Pagina 496

    18-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Configuring Optio nal Spanning-Tre e Features These sec tions co ntain this co nfiguration in format ion: • Default Optiona l Spann ing- T ree Configur ation,[...]

  • Pagina 497

    18-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Enabling P ort Fast An int erface with the Port F ast fea ture enab led is m ov ed dir ectly to t he span ning-tree forw arding sta te without waiting f or the st [...]

  • Pagina 498

    18-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Enabling BP DU Guard When yo u global ly enable BPDU guard on ports that ar e Port Fas t-enab led (the por ts are in a Por t Fast-operat ional state), spanni ng[...]

  • Pagina 499

    18-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Enabling BPDU Filtering When you glo bally enable BPDU fi ltering on Port Fast -enabled in terfaces, it pre v ents interf aces that are in a Port F ast-operati ona[...]

  • Pagina 500

    18-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Enabling Up linkFast for Us e with R edundan t Link s UplinkFas t can not be enab led on VLAN s that have been configured with a swi tch p riority . T o enab le[...]

  • Pagina 501

    18-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Enabling C ross-St ack UplinkF ast When yo u enable or di sabl e the Upli nkF ast feat ure b y us ing the spanning-tr ee uplinkfast global configurati on c ommand,[...]

  • Pagina 502

    18-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Enabling E therChan nel Gua rd Y ou can enab le Ethe rChann el guar d to detect an Ether Channel miscon figuration if your switc h is running PVST+, rapid PVST+[...]

  • Pagina 503

    18-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures T o disa bl e root gua rd, use the no spanning-tree guard interf ace conf igurati on command. Enabling L oop Guard Y ou can use loo p gua rd to prevent altern ate [...]

  • Pagina 504

    18-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Displaying the Spannin g-Tree Stat us Displaying the Sp anning-Tre e Status T o display th e spannin g-tree s tatus, use one o r more of the pri vileg ed EXEC comm ands in Ta b l e 1 8 - 2 : Y ou can clear s[...]

  • Pagina 505

    CH A P T E R 19-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 19 Configuring Flex Link s and the MAC Address-Table Move Update Feature Note T o use Flex Links an d the MA C address- table move update feat ure, th e switch mu st be running t he LAN Base im age. This chapt er descri bes how to configure Flex Links, a pa[...]

  • Pagina 506

    19-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update Flex Links Flex Links are a pair of a Layer 2 in terfaces (sw itch po rts or port chan nels ) where one interface i[...]

  • Pagina 507

    19-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and the M AC A ddre ss-T able Mov e Up date VLAN Flex L ink Load Ba lancing an d Supp ort VLAN Flex Link loa d-bala ncing al lows you to configure a Flex[...]

  • Pagina 508

    19-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update Thoug h both Flex L ink p orts ar e part of the groups i n norm al ope rati on mode, all tr aff ic on t he bac kup [...]

  • Pagina 509

    19-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and the M AC A ddre ss-T able Mov e Up date Preemption Mode : off Multicast Fast Convergence : Off Bandwidth : 100000 Kbit (Gi0/11), 100000 Kbit (Gi0/12)[...]

  • Pagina 510

    19-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update ------------------------------------------------------------- 1 1.1.1.1 v2 Gi0/11 401 41.41.41.1 v2 Gi0/11 This is [...]

  • Pagina 511

    19-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address- Table Mo ve Update Switch A does n ot need to wa it for the MA C address-table u pdate. The switch detects a fa ilure on por t 1 and imme[...]

  • Pagina 512

    19-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate Default Configuration The Fle x Links ar e not conf igured, an d ther e ar e no bac kup i nterf aces def ined. The pr[...]

  • Pagina 513

    19-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address- Table Mo ve Update Configurin g Flex Link s Beginning i n privileged E XEC mo de, follow these s teps to con figure a pa ir of Fl ex Link[...]

  • Pagina 514

    19-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate Beginning in privileged EXEC mo de, f ollow these steps t o configure a p reempt ion schem e for a pa ir of Flex L i[...]

  • Pagina 515

    19-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address- Table Mo ve Update Switch# show interfaces switchport backup detail Active Interface Backup Interface State ----------------------------[...]

  • Pagina 516

    19-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate When a Fle x Link inter fac e goes do wn (LINK_DO WN), VLANs pr eferre d on this i nterf ace are mov ed to the peer [...]

  • Pagina 517

    19-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address- Table Mo ve Update Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to conf igure an access switch to send MA C address- table[...]

  • Pagina 518

    19-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Monito ring Flex L inks and t he MAC Addr ess-T able Move Upd ate Rcv packet count this min : 0 Rcv threshold exceed count : 0 Rcv last sequence# this min : 0 Rcv last interface : Po2[...]

  • Pagina 519

    CH A P T E R 20-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 20 Configuring DHCP Features and IP Source Guard Features This c hapter d escribes how to configure D HCP s nooping and o ption-82 data insertion, and t he DHC P server port- based addr ess alloc ation fe ature s on the Cata lyst 29 60 and 2 960-S sw itches[...]

  • Pagina 520

    20-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping Understandin g DHCP Snooping DHCP is w idely used in LAN en vironment s to dyna mically ass ign ho st IP ad dresses from a central ized server , w hich significantly r[...]

  • Pagina 521

    20-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping An untrusted DHCP message is a message that is recei v ed from outside th e network or f ire w all. When you use D HCP snoo ping in a ser vice-provid er environment, a n un[...]

  • Pagina 522

    20-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping Option-82 Data Insertion In resident ial, metr opolit an Ethern et-ac cess environments , DHCP can cen trally mana ge the IP ad dress assi gnmen ts for a l arg e num b[...]

  • Pagina 523

    20-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping • The DH CP ser ver recei ves the pack et. I f the s erv er is option -82-capa ble, it can use t he rem ote ID, the circuit ID, or both to assign IP addresses and impl em[...]

  • Pagina 524

    20-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping Figur e 20 -2 Suboption P ac k et F ormats Figure 20- 3 shows the packet formats for user-configured remot e-ID and ci rcuit- ID suboption s The switch uses these pa c[...]

  • Pagina 525

    20-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping Figur e 20 -3 User -Configur ed Suboptio n P ac k et For m ats DHCP Snoop ing Bind ing Da tabase When D HCP sn ooping is en abled, t he switch uses the D HCP snooping bindi[...]

  • Pagina 526

    20-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping This is the format of the f ile with bindings: <initial-checksum> TYPE DHCP-SNOOPING VERSION 1 BEGIN <entry-1> <checksum-1> <entry-2> <check[...]

  • Pagina 527

    20-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn oopi ng Configuring DHCP Snooping These sec tions co ntain this co nfiguration info rmat ion: • Default DHCP Sno oping C onfiguration , pa ge 20-9 • DHCP Sno oping Configurati[...]

  • Pagina 528

    20-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Configur ing DHCP Snoopi ng • Before glob ally en ablin g DHCP snoo ping on the swit ch, make sure that the devices ac ting as the DHCP server and th e DHC P rela y agent are co nfigured and e n[...]

  • Pagina 529

    20-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn oopi ng Configuring the DHCP Relay Agent Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable the DHCP relay agent on the switch: T o disabl e the DHCP s erv er an[...]

  • Pagina 530

    20-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Configur ing DHCP Snoopi ng T o di sable DHCP sno oping, use the no ip dhcp snooping global configurat ion co mman d. T o disabl e DHCP snoo ping o n a VLAN or range of VLA Ns, use the no ip dhcp [...]

  • Pagina 531

    20-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn oopi ng Enabling th e DHCP Sn ooping Bind ing Data base Agen t Beginning in privileged EX EC mode , foll ow these s teps to e nable a nd c onfigure the D HCP snoo ping binding d [...]

  • Pagina 532

    20-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Display ing DHCP Sno oping Inform ation Displaying DHCP Snoopi ng Information T o display the DHCP snooping information, use th e pri vile ged EXEC commands in T able 20- 2 : Note If DHCP snooping[...]

  • Pagina 533

    20-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Underst anding I P Sourc e Guard Source IP Add ress F iltering When I PSG is enable d with this o ption , IP tr af f ic i s f il tered b ased on the sou rce IP addr ess. T he swit ch forwards IP traf[...]

  • Pagina 534

    20-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Conf igu rin g IP Sour ce Gu ard Note Some IP hosts w ith multip le netw ork interf aces c an inject some in valid packe ts into a netwo rk interfac e. The in valid packets cont ain the IP or MAC [...]

  • Pagina 535

    20-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard • If you enable IP source gua rd with source IP and MA C address filte ring, DHCP snooping and port security must be enable d on the interf ace. Y ou must also ente[...]

  • Pagina 536

    20-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Conf igu rin g IP Sour ce Gu ard T o disable IP source guar d with source IP a ddress f iltering, use the no ip ver ify source interfac e configurati on c ommand. T o d elete a sta tic IP so urce [...]

  • Pagina 537

    20-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard This e xample shows ho w to st op IPSG with static ho sts on an interf ace. Switch(config-if)# no ip verify source Switch(config-if)# no ip device tracking max This e[...]

  • Pagina 538

    20-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Conf igu rin g IP Sour ce Gu ard This example shows how to enable I PSG for static ho sts with IP filters on a L ayer 2 access p ort and to verify the valid IP bindi ngs on the interface Gi0/3: Sw[...]

  • Pagina 539

    20-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard 200.1.1.2 0001.0600.0000 9 GigabitEthernet0/2 ACTIVE 200.1.1.2 0001.0600.0000 8 GigabitEthernet0/1 INACTIVE 200.1.1.3 0001.0600.0000 9 GigabitEthernet0/2 ACTIVE 200.1[...]

  • Pagina 540

    20-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Display ing IP Source G uard Info rmation Displaying IP So urce Guard Informa tion T o d isplay the IP sourc e g uard i nformat ion, u se one or more of the privileged EX EC co mman ds in T ab le [...]

  • Pagina 541

    20-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Config uring DHC P Server Port- Based Addr ess Allocat ion Default Port-Based Addres s Allocation Configuration By def ault, DHCP ser ver port-based address allo cation is d isabled. Port-Base d Addr[...]

  • Pagina 542

    20-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Configur ing DHCP Server Port-Base d Address Allocatio n not offered t o the client, and other clients are not ser ved by the p ool. By ent ering this com mand , users can configure a group of swi[...]

  • Pagina 543

    20-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Displa ying DHCP Ser ver Po rt-Based Address Allo cation ip dhcp subscriber-id interface-name ip dhcp excluded-address 10.1.1.1 10.1.1.3 ! ip dhcp pool dhcppool network 10.1.1.0 255.255.255.0 address[...]

  • Pagina 544

    20-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Display ing DHCP Server Port-Base d Address Allocatio n[...]

  • Pagina 545

    CH A P T E R 21-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 21 Configuring Dynamic ARP Insp ection Note T o use Dyn amic ARP insp ection, th e switch mu st be runn ing the LAN Bas e image. Note Th is chapte r describe s how to configure dynam ic Address R esolutio n Protoco l inspect ion (dyn amic ARP inspectio n) o[...]

  • Pagina 546

    21-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Underst anding D ynamic ARP I nspection Figur e 21 -1 ARP Cac he P oisoning Hosts A, B, and C are connected to the switch on interfaces A, B and C, all of which are on the same subnet. Their IP and MAC address es are sh[...]

  • Pagina 547

    21-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Understa nding Dynami c ARP Inspect ion Y ou can configure dyn amic AR P inspect ion to drop ARP pa ckets when the IP addre sses in the pac kets are i n v alid or when the M A C addresse s in the body of th e A RP packet[...]

  • Pagina 548

    21-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Underst anding D ynamic ARP I nspection Dynamic ARP i nspectio n ensure s that h osts (on untrust ed in terfaces) connec ted t o a sw itch run ning dynami c ARP inspect ion do not po ison the ARP ca ches of other hosts [...]

  • Pagina 549

    21-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Logging o f Dropped Packet s When th e switch d rops a p acke t, it pl aces an entry in the log b uffe r and then generates system messag es on a ra te-controlle d basis. Afte r the mes[...]

  • Pagina 550

    21-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection Dynamic ARP In spectio n Configuratio n Guidelin es These are the dynam ic ARP inspec tion con figu ration guidel ines: • Dynamic ARP inspectio n is an ingre ss security feat ure;[...]

  • Pagina 551

    21-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection • The operati ng rate for the p ort channe l is cumulati ve across all the phys ical ports wi thin the channel . For ex ample, if y ou conf igure the port ch annel with an ARP rate- l[...]

  • Pagina 552

    21-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection Beginning in privileged EXEC mode, f ollow these st eps to configure dyn amic ARP insp ection. Y ou must perform this proce dure on bo th switche s. This pr ocedure is requir ed. T [...]

  • Pagina 553

    21-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Configuring ARP ACLs for Non-DHCP Environments This proc edure shows how to configure dynam ic ARP inspe ction when Switch B shown in Figur e 21-2 on page 21-3 does not suppor t dynami [...]

  • Pagina 554

    21-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o remov e th e ARP A CL , use the no arp acce ss-list global c onfiguratio n comma nd. T o remove the ARP A CL attached to a V LAN, use the no ip arp inspe ction f ilter arp-acl-[...]

  • Pagina 555

    21-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection This exam ple sh ows how to configure an ARP ACL calle d host2 on Switch A, to pe rmit ARP pac kets from H ost 2 ( IP addre ss 1.1.1. 1 an d MAC address 0001.00 01.000 1), to apply the[...]

  • Pagina 556

    21-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o return to the default rate- limit confi guration , use the no ip ar p inspectio n limit in terfa ce configurati on comm and. T o disabl e error re covery for dynam ic ARP in sp[...]

  • Pagina 557

    21-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Be ginnin g in pri vile ged EXE C mode, follo w thes e steps to pe rform specif ic chec ks on in coming ARP packet s. This proced ure is optional. T o disable checki ng, use the no ip [...]

  • Pagina 558

    21-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection If the log b uf fer o verf low s, it means that a log e v ent does not f it into the log b uf f er , and the display for the show ip arp inspection l og pri vile ged EXEC co mmand [...]

  • Pagina 559

    21-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Displaying Dynamic ARP Inspection Information T o return to the default log b uf fer settin gs, use the no ip arp inspectio n log-buf fer { ent ries | logs } global configurati on com mand. T o ret urn to the default VL[...]

  • Pagina 560

    21-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Display ing Dyna mic ARP Insp ectio n Informat ion T o clear or display dynamic ARP inspec tion statistics, use th e pri vile ged EXEC commands in T ab le 21-3 : For t he show ip arp inspec tion statis tics c omma nd, [...]

  • Pagina 561

    CH A P T E R 22-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 22 Configuring IGMP Sno oping and MVR Note T o use MVR, th e swit ch m ust be r unnin g the LAN Base image. This cha pter descr ibes how to configure Int ernet Group Ma nageme nt Proto col (IGMP) snooping on the Catalyst 2960 and 2960-S switche s, including[...]

  • Pagina 562

    22-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Understandin g IGMP Snooping Layer 2 switches can use IGMP snooping to constra in the flooding of multic ast traf f ic b y dynamically conf iguring Layer 2 inter faces so that multicast tra ff i[...]

  • Pagina 563

    22-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping IGMP Versions The sw itch supports IGM P V ersion 1, I GMP V ersion 2, a nd IGM P V ersion 3. T hese versio ns are interope rable on th e sw itch. For exam ple, if IG MP snoo ping i s enabl ed o[...]

  • Pagina 564

    22-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Figur e 22 -1 Initial IGMP J oin Messa ge Router A sends a genera l quer y to th e switch , which forwar ds the qu ery to ports 2 t hroug h 5, whi ch are all members of the same VLAN. Host 1 wan[...]

  • Pagina 565

    22-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping Figur e 22 -2 Second Host J oining a M ulticast Group Leaving a Multicast Group The router sends periodic multicast general querie s, and the switch forw ards these queries throug h all ports in[...]

  • Pagina 566

    22-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Note Y ou shou ld only use t he Imm ediate Le ave feat ure on VLA Ns where a single host is conne cted to ea ch port. If Im media te Leave is enabled in VLANs wher e more than one host is connec[...]

  • Pagina 567

    22-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configuring IGMP Snoo ping IGMP snoop ing allows switch es to examine IG MP packets and make forwarding d ecisions ba sed on the ir conte nt. These sections con tain t his configura tion info rmat[...]

  • Pagina 568

    22-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Beginning i n privileged EX EC mo de, fol low these s teps t o globa lly ena ble I GMP snoo ping on the switch: T o g loba lly d isable I GMP sno oping on a ll VLA N in terfaces, use th e no ip igmp [...]

  • Pagina 569

    22-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Note If you w ant to use CGMP as the lear ning me thod and no multicast router s in the VL AN are CGMP proxy-en abl ed, you mu st enter th e ip cgmp rout er -only comm and to dyna micall y access [...]

  • Pagina 570

    22-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping T o remov e a mul ticast rout er por t from th e VLAN, use the no ip igmp snooping vlan vlan-i d mrouter interface inte rface-id global configurat ion comm and. This e xample s hows ho w to enable a[...]

  • Pagina 571

    22-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Note Im media te Leave is supported only on IGM P V ersion 2 hosts. Beginn ing in pri vile ged EXEC mode, follo w these step s to enable IGMP Immediat e Lea ve : T o disabl e IGMP Immed iate Lea [...]

  • Pagina 572

    22-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping T o globally reset the IGMP lea ve timer to the defa ult setting, use the no ip igmp snooping last-member -quer y-interv a l global configurat ion comm and. To remove th e confi gured IGMP lea ve -t[...]

  • Pagina 573

    22-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Recovering from Flood Mode When a topology change occurs, t he span ning- tree roo t sends a speci al IGMP leave message (also known as global lea ve) with the group multic ast address 0.0.0 .0. [...]

  • Pagina 574

    22-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configuring th e IGMP S nooping Qu erier Follow these guideli nes wh en configuring t he IGMP snoo ping queri er: • Conf igure the VLAN in glob al conf iguration mode. • Conf igure an IP addre s[...]

  • Pagina 575

    22-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping This exam ple sh ows how to set th e IGM P snoop ing q uerier s ource add ress to 10.0.0. 64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.0.0.64 Switch(config)# end Thi[...]

  • Pagina 576

    22-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Displaying IGMP Snooping Information Displaying IGMP Sn ooping Informa tion Y ou can display I GMP snooping inf ormati on fo r dynam ical ly lear ned and sta tical ly con figured rou ter ports a nd VLAN inter faces . Y ou ca[...]

  • Pagina 577

    22-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Understanding Multicast VLAN Registration For more inform ation abou t the keywords and option s in thes e co mman ds, see the c omma nd refe rence for th is re lease . Understandin g Multicast VL AN Registrati on Note T [...]

  • Pagina 578

    22-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding Mu lticas t VLAN Regi stratio n Using MVR in a M ulticast Television Application In a multicast tel ev ision applicatio n, a PC or a tele vision with a set-top box can re cei ve the multicast stream. Mult iple[...]

  • Pagina 579

    22-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring MVR When a subscriber chan ges channels or turns of f the tele vision, the set- top box sends an IGMP leav e message for t he multica st stream . The swi tch CPU sends a MAC-based general qu ery throu gh the r[...]

  • Pagina 580

    22-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Conf ig uri ng MV R MVR Configuratio n Gu idelin es and Limitatio ns Foll ow these g uidelines w hen conf igurin g MVR: • Receiver ports can onl y be acc ess ports; th ey cannot be trunk ports. Receiv er port s on a switc [...]

  • Pagina 581

    22-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring MVR T o return the switch t o its defaul t settings, u se the no mvr [ mode | group ip-a dd r es s | querytime | vlan ] global configurat ion comm ands. This example shows ho w to enable MVR, configure the gro[...]

  • Pagina 582

    22-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Conf ig uri ng MV R T o return the interfa ce to its default setti ngs, use the no mvr [ ty pe | immediate | vlan vlan-i d | gro up ] interf ace c onfig uration co mmands. This exam ple sh ows how to con figure a port a s a [...]

  • Pagina 583

    22-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Displaying MVR Information Displaying MVR Information Y o u can disp lay MVR i nformation f or the sw itch or f or a spec ifie d interf ace. Be ginning in pri vile ged EXEC mode, use th e comm ands in T able 22 -6 to di s[...]

  • Pagina 584

    22-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng IGMP f iltering is applicab le only to the dynamic lea rning of IP multicast group add resses, not static configurat ion. W ith the IGMP t hrottli ng feat ure, you ca n set th[...]

  • Pagina 585

    22-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling • permit : Spec ifie s that m atching addr esses are p ermitted. • rang e : Specif ies a ra nge of IP add ress es for the pr of ile. Y ou can enter a single IP addre ss or a r[...]

  • Pagina 586

    22-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng Beginn ing in pri vileg ed EXEC mode, follo w these steps to apply an IGMP prof ile to a switch port: T o remo ve a p rof ile fr om an int erfac e, use th e no ip igmp fil ter[...]

  • Pagina 587

    22-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling T o remove the maximum group limitatio n and return to the defa ult of no maxim um, use the no ip ig mp max-groups interf ace con fig urat ion comm and. This exampl e shows ho w t[...]

  • Pagina 588

    22-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Displaying IGMP Filterin g and Thro ttling Configu ration T o return to the defau lt action of dro pping the repor t, use the no ip igmp max- groups action interfa ce configurati on c ommand. Displaying IGMP Filtering and Th[...]

  • Pagina 589

    CH A P T E R 23-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 23 Configuring Port-Base d Traffic Con trol This chapte r describes ho w to conf ig ure the port-b ased traf f ic contro l features on the Cataly st 2960 and 2960- S switches . Un less othe rwise n oted, the ter m switc h refers to a standalon e switch and [...]

  • Pagina 590

    23-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Storm Control Storm control (or traff ic suppression) monito rs packets passing from an inter face to the switch ing bus and determi nes if the pack et is unicast, multicast, or bro adcast. The switc h counts[...]

  • Pagina 591

    23-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Configuring Storm Control Note Be cause p ackets do not arrive at unif orm in tervals, the 1-sec ond ti me int erval durin g whic h tra ff ic acti vity is meas ured can af fect the beha vi or of stor m contr ol. Y ou [...]

  • Pagina 592

    23-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Storm Control Step 3 storm- co ntr ol { broadcast | multicast | unicast } level { leve l [ leve l-low ] | bps bps [ bps-l ow ] | pps pps [ pps-low ]} Configure b roadcast, multic ast, or unicast stor m contro[...]

  • Pagina 593

    23-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Configuring Storm Control T o disabl e storm co ntrol, use the no storm-control { br oadcast | multicast | unicast } level interface configurati on c ommand. This exa mple shows how to ena ble un icast stor m c ontrol[...]

  • Pagina 594

    23-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Protected Po rts This e xamp le sho ws how to en able the sm all-fra me arri val-r ate fea ture, co nf igure th e port r ecov ery time, and co nfigure the thre shold for e rror di sablin g a port: Switch# con[...]

  • Pagina 595

    23-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Configuring Port Blocking Prot ected P ort Con figuration Guidelines Y ou can configure protec ted ports on a physic al inter face (fo r example, Gigabi t Ethern et port 1) or an Ether Channel group (for example, port[...]

  • Pagina 596

    23-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security Default Port Blocki ng Configuration The default is to not b lock flooding o f unknown multicast and u nicast traff i c out of a port, but to flood these pac kets to a ll ports. Blocking Flooded[...]

  • Pagina 597

    23-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity If a por t is conf igu red as a secu re port an d the maxi mum num ber of secu re MA C addresse s is reach ed, when the MA C addr ess of a sta tion attem pting t o ac cess the port is di f [...]

  • Pagina 598

    23-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security The stick y sec ure MA C addresse s do not automatically beco me part o f the co nf iguratio n f ile, wh ich is the startu p con fig uration used eac h time t he swit ch res tarts. If yo u sa v[...]

  • Pagina 599

    23-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Default Port Security Configuration T ab le 23-2 shows the default por t security conf igurat ion for an interface. Port Secu rity Con figuration Guidelines Foll ow these g uidelines whe n[...]

  • Pagina 600

    23-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security • When y ou en able por t secu rity on an interf ac e that i s al so conf igured w ith a v oic e VLAN, set t he maxim um allowed secur e addresse s on the port to two. When the port is conne [...]

  • Pagina 601

    23-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Enabling a nd Con figuring Port Security Beginn ing in pri vileged EXE C mode, follo w these steps to restrict input to an interfac e by limiting and identify ing MA C addresses of the sta[...]

  • Pagina 602

    23-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security Step 7 s wit chpor t port -sec urity [viola tion { protec t | r estrict | shutdown | shutdown vlan }] (Opt ional) Set the viola tion mod e, the actio n to be taken whe n a secur ity violatio n [...]

  • Pagina 603

    23-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Step 8 s witchport port-securit y [ mac-addre ss mac-address [ vlan { vlan-id | { access | voice }}] (Optiona l) En ter a secu re M A C addr ess fo r the inte rface. Y ou can use this co m[...]

  • Pagina 604

    23-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security T o return the inter face to th e defau lt conditi on as not a secu re port, u se the no switchport port -security interf ace conf iguration command. I f you enter this command when stick y lea[...]

  • Pagina 605

    23-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice Switch(config-if)# switchpor[...]

  • Pagina 606

    23-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Displaying Port-Base d Traffic Cont rol Settings T o di sable por t securit y aging for all sec ure addr esses on a port , use the no switchport port-security aging tim e interfac e conf iguration comma nd. T o disabl e[...]

  • Pagina 607

    23-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Displayin g Port-Bas ed Traf fic Cont rol Sett ings show port -secur ity [ int erface inte rf ac e-i d ] address Displays all secure MA C addresses configured o n all switch interfa ces or on a specified inte rface w[...]

  • Pagina 608

    23-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Displaying Port-Base d Traffic Cont rol Settings[...]

  • Pagina 609

    CH A P T E R 24-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 24 Configuring UDLD This c hapter descri bes how to c onfigure t he Un iDirec tional Link D etect ion (U DLD) protoc ol on t he Catalyst 2960 and 2960- S switch es. U nless ot herwis e noted, the term sw itch refers to a standalone switch and to a switch st[...]

  • Pagina 610

    24-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Underst andin g UDLD A unidirectio nal link occurs wh ene ve r traff ic sent by a local de vice is recei ved by its neighbor b ut traf f ic from the neighb or is not recei ved by the loca l devic e. In norm al mode, UDL D detect s a unidir ec[...]

  • Pagina 611

    24-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 4 Configuring UD LD Understand ing UDLD • Ev ent-dr i ven detect ion and ec hoing UDLD re lies on ech oing a s its detectio n mech anism. Whene v er a U DLD d e vice le arns about a ne w neighb or or receives a resynchro nizat ion requ est from an out-of -sy[...]

  • Pagina 612

    24-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Conf igu rin g UDLD Configuring UDLD These sec tions co ntain this co nfiguration in format ion: • Default UD LD Configurat ion, pa ge 24-4 • Configuration Gu idelines, page 24-4 • Ena bling UDLD Global ly , page 24 -5 • Ena bling UDL[...]

  • Pagina 613

    24-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 4 Configuring UD LD Configur ing UDLD Enabling UDL D Globally Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable UDLD in the aggressi ve or normal mode a nd to se t th e co nfigurable m essag e time r on all fiber-optic p orts on the switch an[...]

  • Pagina 614

    24-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Conf igu rin g UDLD Enabling UDL D on an Inte rface Beginn ing in p ri vileg ed EXEC mode, fo llo w thes e steps ei ther to enable U DLD in t he aggressi ve or normal m ode o r to d isable U DLD on a po rt: Resetting an Interface Disabled by [...]

  • Pagina 615

    24-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 4 Configuring UD LD Displaying UDLD Status Displaying UDLD Status T o display th e UDLD stat us for the specif ied port or for all port s, use the show udld [ interfa ce-id ] pri v ile ged EXE C command . For detaile d informat ion about the f ields in the com[...]

  • Pagina 616

    24-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Displa ying U DLD Sta tus[...]

  • Pagina 617

    CH A P T E R 25-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 25 Configuring CDP This c hapter d escrib es how to configure Cisco Discovery Protoco l (C DP) on the Catalyst 2960 and 2960-S switch es. Unless otherwise note d, the term switch refers to a standalo ne switch and to a switch stack. Note Stac king is supp o[...]

  • Pagina 618

    25-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 25 Conf iguring CDP Conf ig uri ng CD P On the switch, CDP enables Netw ork Assistant to display a graphical vie w of the netw ork. The switch uses CDP to find cluste r candi dates an d maintai n inform ation about clust er members a nd other devices up to thre[...]

  • Pagina 619

    25-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 5 Configuring CDP Configuring CDP Configuring the CD P Characteristics Y ou can configure the freq uency of CDP updat es, th e amount of time to hold t he inform ation before discar ding it, an d whether or no t to send V ersion-2 advert isement s. Beginn ing [...]

  • Pagina 620

    25-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 25 Conf iguring CDP Conf ig uri ng CD P Beginning in privileged EX EC mod e, follow these steps to di sable t he CDP device disc overy capability: Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable CDP when it has been disa bled: This example s[...]

  • Pagina 621

    25-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 5 Configuring CDP Monitoring and Maintaining CDP Beginning i n privileged E XEC mo de, follow these s teps to ena ble C DP on a port w hen it has been disabled : This exam ple sh ows how to enable CDP on a po rt wh en i t has been di sable d. Switch# configure[...]

  • Pagina 622

    25-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 25 Conf iguring CDP Monito ring and Mai ntainin g CDP[...]

  • Pagina 623

    CH A P T E R 26-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 26 Configuring LLDP, LL DP-MED, and Wire d Location Service Note T o use wired location service , the switch must be runnin g the LAN Base image. This c hapter d escrib es how to configu re the L ink La yer Discovery Prot ocol ( LLDP), L LDP M edia Endpoin [...]

  • Pagina 624

    26-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Underst anding L LDP, LLDP- MED, and Wired Locat ion Servic e LLDP sup ports a set of att ributes tha t it uses to discover neighbo r devices. The se at t ri b ut es co nt a in t yp e, length, and v a[...]

  • Pagina 625

    26-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Unde rsta ndin g LLDP , LL DP-M ED, and Wi red Loca tion Servic e • Po we r mana geme nt TL V Enab les ad va nced power mana gement betw een L LDP-ME D endp oint a nd ne twork con nectivity devices. [...]

  • Pagina 626

    26-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Underst anding L LDP, LLDP- MED, and Wired Locat ion Servic e The MSE starts the NMSP connec tion to the switch, which opens a serv er port. When the MSE connects to the swi tch t here are a set of me[...]

  • Pagina 627

    26-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Configuring LLDP, LLDP-MED, an d Wired Location Service • Default LL DP Configurat ion , page 26-5 • Configuration Gu idelines, page 26-5 • [...]

  • Pagina 628

    26-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Configur ing LLDP, L LDP-MED , and Wired Loc ation Service Enabling L LDP Beginn ing in pri vile ged EXEC mode, follo w these steps to enab le LLDP: T o disable LLDP , u se th e no lldp run global co [...]

  • Pagina 629

    26-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Use the no form of each of the LLDP commands to return to the def ault settin g. This e x ample sho ws h ow to conf igure LLDP ch aracter istics .[...]

  • Pagina 630

    26-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Configur ing LLDP, L LDP-MED , and Wired Loc ation Service Beginn ing in pri vile ged EXEC mode, follo w these step s to enable a TL V on an interf ace: This e x ample sho ws h ow to en able a T L V o[...]

  • Pagina 631

    26-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Use the no form of each com mand to return t o the default settin g. This exampl e shows ho w to configure VLA N 100 for voice appl icatio n with [...]

  • Pagina 632

    26-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Configur ing LLDP, L LDP-MED , and Wired Loc ation Service Use the no form o f each command t o retu rn to th e def ault sett ing. This e xampl e sho ws ho w to co nfi gure ci vic location in formati[...]

  • Pagina 633

    26-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service This e xample sho ws how to enable NMSP on a switch and to set the locat ion notif ication time to 10 seconds: Switch(config)# nms[...]

  • Pagina 634

    26-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Monito ring and Mai ntainin g LLDP, LLD P-MED , and Wired Lo catio n Service show network-policy pr ofil e Displ ay th e conf igured net w ork-p oli cy pr of iles. show nmsp Display the NMSP informat[...]

  • Pagina 635

    CH A P T E R 27-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 27 Configuring SPAN and RSPAN Note T o use RSP AN, th e switch mu st be runn ing the LAN Bas e image. This chap ter de scribe s ho w to conf igure Switched Port Analyzer ( SP AN) and Rem ote SP AN (RSP AN ) on the Catal yst 2960 and 2960-S sw itches. U nles[...]

  • Pagina 636

    27-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N These sect ions co ntain this co nceptu al in forma tion: • Local SP AN, page 27-2 • Remo te SP A N, page 27-3 • SP AN a nd RSP AN Conce pts and T ermino logy , page 27 -4 • SP AN a nd RSP A N[...]

  • Pagina 637

    27-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN Figure 27- 2 is an ex ampl e of a local SP AN in a swi tch st ack, where the so urce a nd de stination ports resid e on dif fer ent stack member s. Figur e 27 -2 Example o f Local SP AN Co nfigur atio[...]

  • Pagina 638

    27-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N Figur e 27 -3 Example o f RSP AN Co nfigur ation SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts an d terminology associat ed with SP A N and RSP AN configurati on. SPAN [...]

  • Pagina 639

    27-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN An RSP AN sour ce sessio n is ver y similar to a lo cal SP AN sessi on, ex cept for where the pa cket st ream is directe d. In an RSP AN so urce session, SP AN pack ets are relabeled w ith the RSP AN [...]

  • Pagina 640

    27-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N • T ransm it (T x) SP A N—Th e goal of tran smi t (or egress) SP AN is to moni tor as much as pos sibl e all the p ackets sent b y the sou rce int erf ace aft er al l modif ication an d proce ssin[...]

  • Pagina 641

    27-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN • It can be an ac cess por t, trunk port, or voice VLA N port. • It ca nnot be a de stinati on po rt. • Source por ts can be in the same or differen t VLANs. • Y o u can mo nitor multiple sour[...]

  • Pagina 642

    27-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N Destination Port Each local SP AN session o r RSP AN destinat ion session must h av e a destination port (also called a monitoring port ) th at rece iv es a copy of traffic from the sour ce port s or [...]

  • Pagina 643

    27-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN RSPAN V LAN The RSP AN VLAN carrie s SP AN traf f ic between RSP AN sou rce and destination se ssions. It h as these special ch aracter istics: • All traf fic i n the R SP AN VLAN i s al way s flood[...]

  • Pagina 644

    27-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN If a physi cal por t that be longs to an Ethe rChan nel gro up is a d estinat ion port and the E therC hannel group is a sourc e, the port i s removed from t he E therCh annel g roup a nd from t he li st[...]

  • Pagina 645

    27-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Default SPAN and R SPAN Configura tion T ab le 27-1 sh ows the default SP AN and R SP AN configuration . Configuring Local SPAN These sec tions co ntain this co nfiguration info rmat ion: • SP AN Co [...]

  • Pagina 646

    27-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN • Y ou can limit SP A N traff ic to specific VLAN s by using the filter vlan keyword. I f a tr unk po rt is being monitored , only traff ic on the VLANs specified with this ke yword is monitore d. By d[...]

  • Pagina 647

    27-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o d elete a SP AN session, use the no monitor session session _number global c onfiguration comma nd. T o r emove a sourc e or d estinat ion por t or VL AN fr om the SP AN sessio n, use t he no monit[...]

  • Pagina 648

    27-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN The mo nitoring of traffic receiv ed on port 1 is di sabled, but traff ic sent from t his port co ntinue s to be monitored. This example shows how to remov e any e xisting configuration on SP A N session[...]

  • Pagina 649

    27-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o d elete a SP AN session, use the no monitor session session _number global c onfiguration comma nd. T o r emove a sourc e or d estinat ion por t or VL AN fr om the SP AN sessio n, use t he no monit[...]

  • Pagina 650

    27-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN Specifying VLANs to Filter Beginn ing in pri vileged EXEC m ode, follo w these steps to limit SP AN source traf fic to specif ic VLANs: T o monitor all VLANs on the trunk port, use th e no monitor sessio[...]

  • Pagina 651

    27-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN This example shows how to remov e any e xisting configuration on SP A N session 2, configure SP A N sessi on 2 t o mon itor tra ff ic recei ved on Giga bit Et her net tr unk po rt 2, and send t raf fic[...]

  • Pagina 652

    27-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN • W e recomm end tha t you configur e an RSP A N VLAN bef ore you c onfigure an RS P AN sou rce or a destination session. • If you enable VT P and VTP pruning, RSP AN traf fi c is pruned in the trunk[...]

  • Pagina 653

    27-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Creating an RSPAN S ource Session Beginning in privileged EXEC mo de, fol low these steps t o start an RSP AN source se ssion and to specif y the monito red source and the d estination RSP AN VLAN: T o[...]

  • Pagina 654

    27-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o rem ove a source port or VLAN fro m the SP AN sess ion, use the no monitor session session_n umber sour ce { inter face interface- id | vlan vlan-id } global co nf igur ation co mmand. T o remov e th[...]

  • Pagina 655

    27-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o d elete a SP AN session, use the no monitor session session _number global c onfiguration comma nd. T o r emove a destina tion por t from the SP AN sessio n, use the no monitor session session_ num[...]

  • Pagina 656

    27-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete an RSP AN session, use the no monitor session session_number globa l configurati on comman d. T o remove a destin ation po rt from the RSP AN session, use the no monit or session session_num b[...]

  • Pagina 657

    27-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Specifying VLANs to Filter Beginning in privileged EXEC mo de, follow these steps t o configure the RSP A N source session to limit RSP AN source tr af f ic to specif ic VLANs: T o monitor all VLANs on[...]

  • Pagina 658

    27-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Display ing SPAN and RSPAN Status Displaying SPAN and RSPAN Status T o di splay the cu rrent SP A N or RSP A N configuration , use the show monitor us er EX EC co mmand. Y ou can also use t he show running-conf ig privileged EX EC[...]

  • Pagina 659

    CH A P T E R 28-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 28 Configuring RMON This chapt er desc ribes how to configure Re mote Networ k Monitor ing (RMO N) on t he Catalyst 2960 and 2960-S switch es. Unless otherwise note d, the term switch refers to a standalo ne switch and to a switch stack. Note Stac king is s[...]

  • Pagina 660

    28-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 28 Configuring RMON Conf igu rin g RMON Figur e 28 -1 Remote Mo nito r ing Ex ample The switc h supports these RM ON groups (defined in RFC 1757) : • Statistics ( RMON group 1)—Collects E thernet statistic s (includi ng Fast Ethernet and Giga bit Ethern et s[...]

  • Pagina 661

    28-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 28 Configur ing RMON Confi guring R MON • Collecting Group Histo ry Statisti cs on an Interf ace, page 28-5 (o ptional) • Collecting Group Eth ernet Statisti cs on a n Interf ace, page 28-5 (o ptio nal ) Default RMON Configuration RMON is disa bled by defaul[...]

  • Pagina 662

    28-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 28 Configuring RMON Conf igu rin g RMON T o disable an alarm, use the no rmon al ar m numb er global con figuration co mmand on each alarm you configured . Y ou ca nnot di sable at on ce al l the a larms that you con figured. T o disabl e an event, use the no rm[...]

  • Pagina 663

    28-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 28 Configur ing RMON Confi guring R MON Collectin g Group Hist ory St atistics on an Interface Y ou must f irst configure RM ON a larms and events to di splay collec tion inf orma tion. Beginn ing in pri vile ged EXE C mode, follo w these steps to colle ct group[...]

  • Pagina 664

    28-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 28 Configuring RMON Displa ying R MON Sta tus T o disabl e t he coll ection o f gr oup E thernet sta tistics , use the no rmon collection stats inde x i nterf ace configurati on c ommand. This e xample sho ws how to c ollect RMO N statistics f or the o w ner ro [...]

  • Pagina 665

    CH A P T E R 29-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 29 Configuring System Message Logg ing This c hapter d escrib es how to configure system me ssage l ogging on the C atalyst 2960 and 296 0-S switches. Unless othe rwise noted, the term switc h refers to a st andal one switch and to a switch st ack. Note Sta[...]

  • Pagina 666

    29-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Y o u can set the se v erity le vel of the messages to control the type of message s displayed on the consoles and ea ch o f the destin ation s. Y ou ca n tim e-stam p log m essag es o[...]

  • Pagina 667

    29-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng T ab le 29-1 d escribes the e lements of sy slog me ssages. This exam ple sh o ws a p artial s witch system m essage for a stack mast er and a stack memb er (hos tname Switc h-2 ): 0[...]

  • Pagina 668

    29-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Default Syste m Mess age Lo gging Con figuration T ab le 29-2 sh ows the default sy stem message l ogging configuratio n. Disabling M essag e Logging Message logging is enab led by def[...]

  • Pagina 669

    29-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng The logging sy nchronous global configura tion com mand also a f fects t he display o f me ssages t o the console . When this c omma nd is e nable d, messa ges ap pear only a fter yo[...]

  • Pagina 670

    29-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging The logging buffered g loba l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer . The b uf fer is circular , so newer messages ov erwrite ol der messages after[...]

  • Pagina 671

    29-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Beginning i n privileged EX EC mo de, fol low these s teps t o configure s ynchr onous log ging . This procedur e is optional. T o di sable synch ronizat ion of unsoli cited messa ge[...]

  • Pagina 672

    29-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Enabling a nd Disab ling Time S tamps on Log M essages By default, log message s are not time-stam ped. Beginning in privileged EXEC mo de, follow these steps to enab le time-st ampin [...]

  • Pagina 673

    29-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng T o d isable seq uenc e numbers, use the no service sequence- numbers global co nfiguration c omman d. This example shows part of a logging displa y with seque nce numbe rs enabl ed:[...]

  • Pagina 674

    29-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging T ab le 29-3 descri bes th e level ke ywords. It also lis ts the correspo nding UNIX s yslog de finitions from the most se vere le vel to the least sev ere le vel. The sof tware gener[...]

  • Pagina 675

    29-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Beginn ing in p ri vilege d EXEC mode, follo w these step s to chan ge the le vel and history ta ble size defaults. T his proc edure i s option al. When the histor y table is full ([...]

  • Pagina 676

    29-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Beginning i n privileged E XEC mo de, follow these s teps to enabl e con figuration loggin g: This e xample sho ws how to enable the conf iguratio n-change logger and to set the numbe[...]

  • Pagina 677

    29-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Logging Messages to a UNIX Syslog Daemo n Before yo u can send system log messages to a UNIX syslog server , you must con f igure the syslog daemon on a UNIX ser ver . T his p roced[...]

  • Pagina 678

    29-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Display ing the Log ging Confi guration T o remo ve a sysl og serv er, u se the no logging ho st globa l configurat ion co mman d, and specify t he syslo g server IP address. T o disab le logging to syslog servers, enter[...]

  • Pagina 679

    CH A P T E R 30-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 30 Configuring SNMP This chapt er describ es how to conf igure the Sim ple Network Mana gement Protocol (SN MP) on the Catalyst 2960 and 2960- S switch es. U nless ot herwis e noted, the term sw itch refers to a standalone switch and a swi tch st ack. Note [...]

  • Pagina 680

    30-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Underst anding SNM P These sect ions co ntain this co nceptu al in forma tion: • SNMP V ersions, page 30-2 • SNMP Manage r Functions , pag e 30-3 • SNMP Agent Functions, pa ge 30-4 • SNM P Co mmuni ty Str ings , pa ge 30 -4 • Using[...]

  • Pagina 681

    30-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Underst andin g SNMP T ab le 30-1 identifie s the character istics of the dif fer ent combinations o f security models and lev els. Y ou must configure the SN MP agent to use the SNMP version supp orted by the ma nageme nt station. Because a[...]

  • Pagina 682

    30-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Underst anding SNM P SNMP Agen t Fun ctions The SNMP a gent respond s to SNMP manager requests as follo ws: • Get a MIB v ariable —The SNMP agen t begins this f unction in response to a request from the NMS. The agent r etrie ve s the v [...]

  • Pagina 683

    30-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Underst andin g SNMP Figur e 30 -1 SNMP Networ k For informati on on suppor ted MIBs and how to access them, see Appe ndix B, “S uppor ted MIBs . ” SNMP Notifications SNMP allo ws the switch to send n otif ications to SNMP manag ers when[...]

  • Pagina 684

    30-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Note The switch m ight n ot use sequenti al v alues w ithin a range . Configuring SNMP • Default SNMP Con figuration, page 30-6 • SNMP Configuration Gu idelines, page 30-7 • Disablin g the SNMP Agent, page 30-7 •[...]

  • Pagina 685

    30-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP SNMP Config ura tion Guidelines If the switch starts and the switch startup conf ig uration has at least one sn mp -s er v er global conf igura tion comman d, the SNMP agen t is enabled. An SNMP gr oup is a tab le th at maps[...]

  • Pagina 686

    30-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Configuring Community Strings Y ou use the SNMP c ommun ity str ing to define the r elatio nship be tween the SN MP ma nager and th e agent. The co mmunity string ac ts like a passwor d to permit access to the ag ent on [...]

  • Pagina 687

    30-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP Note T o disa ble a ccess for an SNMP c ommun ity , set the co mmuni ty str ing for th at com munity to the null string (do not enter a value for th e communi ty string ). T o remov e a specif ic community string, use the no[...]

  • Pagina 688

    30-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Step 3 snmp-server group gr oupn ame { v1 | v2c | v3 { auth | noauth | priv }} [ rea d re a d v i e w ] [ write writevi ew ] [ notify notifyvie w ] [ access access -list ] Configure a ne w SNMP gro up on the remote devi[...]

  • Pagina 689

    30-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP Step 4 snmp-server use r us ernam e gr o upnam e { rem o te host [ udp-port port ]} { v1 [ access access -list ] | v2c [ acces s access-list ] | v3 [ encrypted ] [ acces s access-list ] [ aut h { md5 | sha } auth-password ][...]

  • Pagina 690

    30-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Configuring SNMP Notifications A trap manag er is a mana geme nt sta tion that re cei ves and proces ses trap s. T raps are system alerts that the switc h gener ates whe n cert ain events occu r . By default, no trap ma[...]

  • Pagina 691

    30-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP Note Though visible in the comm and-line help strings, t he insertion , and re mo va l keywords are not supported. Y ou can use the snm p-server host global co nfiguration comm and to a sp ecific h ost to receive the notif [...]

  • Pagina 692

    30-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Step 4 snmp-serv er gr oup gr oupname { v1 | v2c | v3 { auth | noauth | priv }} [ read re a d v i e w ] [ write write vie w ] [ notify notifyvie w ] [ access access-list ] Configure an SNMP g roup. Step 5 snmp-server ho[...]

  • Pagina 693

    30-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP The snmp-ser ver hos t comman d speci f ies wh ich ho sts rec ei ve the notif ications. Th e snmp-server enab le trap command global ly enable s the mech anism f or the speci f ied notif ication (fo r traps and informs ). T[...]

  • Pagina 694

    30-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Setting th e Agent C ontact and Location In formation Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to set the system conta ct and locatio n of the SNMP agen t so that these de scripti ons can be accesse d [...]

  • Pagina 695

    30-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP SNMP Examp les This example shows ho w to enable a ll versions of SNMP . The co nfiguration permits any SNMP man ager to access all objects with read-only permissions usin g the community string public . This conf igura tio[...]

  • Pagina 696

    30-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Displaying SNMP Status Displaying SNMP Status T o display SNMP input an d output stat istics, including th e number of i lle gal community str ing entries, errors, and request ed variable s, use t he show snmp privileged EXEC c omma nd. Y o[...]

  • Pagina 697

    CH A P T E R 31-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 31 Configuring Network Security with ACLs This chap ter desc ribes how to configu re network se curit y on the Catalyst 2960 a nd 2960- S switche s by using access co ntrol lists (A CLs), also referred to as a ccess lists. Unless othe rwise noted, the te rm[...]

  • Pagina 698

    31-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Underst andin g ACLs of conditio ns in the list is critical. I f no conditions match, the switch rejects the pack et. If there are no restri ctions , the switch f orwar ds the pack et; oth erwise, the switch drops the pa[...]

  • Pagina 699

    31-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls Port ACLs Port A CLs are A CLs tha t are app lied to L ayer 2 in terf aces on a sw itch. Port A CL s are su pported o nly on physical i nterfaces and not on EtherC hanne l interface s and can be[...]

  • Pagina 700

    31-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Underst andin g ACLs Note Y ou cannot apply more t han one IP ac cess l ist an d one M A C acce ss list t o a L ayer 2 inte rface. I f an IP acces s list or M A C a ccess list is alre ady conf igur ed on a Layer 2 interf[...]

  • Pagina 701

    31-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls Note In the first and seco nd A CEs in th e example s, the eq ke yword afte r the destination address means to test for the T CP-de stination- port w ell-known numbe rs eq ualing Sim ple Ma il T[...]

  • Pagina 702

    31-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Stack memb ers perfor m these ACL functions: • The y recei ve the A CL in format ion from th e master switc h and prog ram their har dwar e. • The y act as sta ndb y swi tches, ready t o tak [...]

  • Pagina 703

    31-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Creating Stan dard and Exten ded IPv4 AC Ls This sec tion describ es IP ACLs. An A CL is a se quentia l colle ction of perm it an d deny co nditions. One by one, the switch tes ts pack ets aga in[...]

  • Pagina 704

    31-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Note In addit ion to n umbered standa rd and ex tended A CLs, you can also cr eate stan dard a nd e xten ded nam ed IP A CLs by u sing th e sup ported numbers. That is, t he nam e of a standa rd [...]

  • Pagina 705

    31-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Note When creatin g an A CL, remembe r that, by def ault, t he end of the A CL contai ns an implici t deny statem ent for all packet s that it did n ot fin d a match fo r before r eaching the end[...]

  • Pagina 706

    31-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Note Th e switc h does not supp ort dyna mic or reflexive access lis ts. It al so does n ot suppor t filtering based on the ty pe of serv ice ( T oS) minim ize-m one tary-co st bit. Supporte d p[...]

  • Pagina 707

    31-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs or access-list access- list-num ber { deny | permit } protocol any any [ prec edence pr eced ence ] [ tos tos ] [ fragmen ts ] [ time-r ange time- range-name ] [ dscp dsc p ] In access -list con[...]

  • Pagina 708

    31-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Use the no access- list acc ess-list-number gl obal conf iguration comm and to delete the entire access list. Y ou canno t del ete in dividual ACEs from n umber ed a ccess li sts. This e xample [...]

  • Pagina 709

    31-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs After c reating a numbered e xtend ed A CL , you can a pply it to terminal lines (see the “ Applying an IPv4 A CL to a T ermi nal Li ne” sec tion on page 31-1 7 ), to interfaces (see the “[...]

  • Pagina 710

    31-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs T o remo ve a na med s tanda rd A CL, use the no ip access-list standard name g lobal configuratio n comm and. Beginn ing in pri vileg ed EXEC mode, follo w these steps to create an exte nded A [...]

  • Pagina 711

    31-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Using Time Ranges with ACLs Y ou can selec tiv ely apply extend ed ACLs based on the time of day and the week by using t he time- ran ge global con figuration co mman d. First, de fine a time-ra[...]

  • Pagina 712

    31-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs This exam ple shows how to c onfigure ti me rang es fo r w orkhou rs and to con figure Januar y 1, 2006, as a comp any holid ay and to ver ify you r con figuration. Switch(config)# time-range wo[...]

  • Pagina 713

    31-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs In this exam ple, the workstatio n that belongs to Jones is allowe d access, and the workstat ion that belongs to Smith is not allo wed access: Switch(config)# access-list 1 remark Permit only J[...]

  • Pagina 714

    31-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Applying an IPv4 ACL to an Interface Note these guidelines: • Apply an ACL only to inbo und Lay er 2 ports. • Apply an A CL to either in bound or outbo und VLAN interfa ces to filter packets[...]

  • Pagina 715

    31-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs This exam ple sh ows ho w to ap ply ac cess list 3 to filter packe ts going t o the CPU: Switch(config)# interface vlan 1 Switch(config-if)# ip access-group 3 in Note When you appl y the ip acce[...]

  • Pagina 716

    31-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs T o determine the specialize d hardwa re resources, enter the show platform layer4 acl map pri vileged EXEC co mmand. If th e switch does not ha ve av aila ble resou rces, the output sh o ws tha[...]

  • Pagina 717

    31-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Numbered ACLs This ACL accepts addr esses on net work 36.0.0 .0 subnet s and den ies all pac kets comi ng from 56.0. 0.0 subne ts. The A CL is applied to pack ets enter ing a por t. Switch(confi[...]

  • Pagina 718

    31-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Creating Nam ed MAC Ext ended ACL s ! Switch(config-ext-nacl)# exit Switch(config)# interface gigabitethernet0/2 Switch(config-if)# ip access-group strict in Commented IP ACL Entries In this ex ampl e of a number ed A C[...]

  • Pagina 719

    31-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Creat ing N ame d MA C Ex tend ed AC Ls Use the no mac access-list extended name glob al conf iguration command to delete the entire A CL. Y ou can a lso del ete individual A CEs from nam ed MAC extended A CLs. This [...]

  • Pagina 720

    31-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration Beginn ing in pri vile ged E XEC mode, fo llo w these ste ps to apply a MA C access list to co ntrol acce ss to a Layer 2 i nterface: T o remov e the spec if ied ac cess gro up, use [...]

  • Pagina 721

    31-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Displaying IPv4 ACL Configu ration T able 31 -2 Comman ds f or Displ ay ing A ccess Lists a nd A ccess Gr ou ps Comma nd Pu rpos e sho w ac ce ss- lis ts [ number | name ] Display the conte nts of one o r all curren [...]

  • Pagina 722

    31-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration[...]

  • Pagina 723

    CH A P T E R 32-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 32 Configuring Cisco IOS IP SLAs Operations Note T o use Cisco IOS IP Service Le vel Agreements (SLAs) , the switch must be running the LAN Base image. This c hapter d escrib es how to use Cisco IOS I P Serv ice Level Agreem ents (SL As) on the C ataly st 2[...]

  • Pagina 724

    32-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 32 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As Understandin g Cisco IOS IP SLAs Cisco IOS IP SLAs sends data across the network to measure per formance between multiple network locations or across multi ple network pa ths. It si[...]

  • Pagina 725

    32-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 32 Configur ing Cisco IOS IP SLA s Operation s Understa nding Ci sco IOS IP SLAs This section has this infor mation about IP SLAs funct ionality: • Using Cisco IOS IP SLAs to Measu re Network Perfo rmance , page 32-3 • IP SLAs Respond er and IP SLAs Con trol[...]

  • Pagina 726

    32-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 32 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As Note Th e switc h does n ot sup port V oice over IP ( V oIP) service lev els u sing th e gate keeper r egistration de lay operati ons measure men ts. Before configurin g any IP SLAs[...]

  • Pagina 727

    32-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 32 Configur ing Cisco IOS IP SLA s Operation s Confi guring IP S LAs Operati ons Figur e 32 -2 Cisco IOS IP SLAs Res ponder Time Stam ping An addi tional benef it of the tw o time sta mps at t he tar get d e vice is th e abili ty to tra ck one-wa y dela y , jitt[...]

  • Pagina 728

    32-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 32 Configuring Cisco IOS IP SLAs Operations Monito ring IP SLAs Operations Configurin g the IP SLAs Respond er The IP SLA s respond er is av ailabl e only on Ci sco IOS sof tware-based devices , includi ng some La yer 2 switches th at do not support full IP SLAs[...]

  • Pagina 729

    CH A P T E R 33-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 33 Configuring QoS This chapte r describes ho w to conf igure q uality of service (QoS ) by using automat ic QoS (auto-QoS) comman ds or by using standa rd QoS comma nds on the Cataly st 2960 an d 2960-S switc hes. Wi th QoS, you can p rov ide prefe rential[...]

  • Pagina 730

    33-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Understandin g QoS T ypically , netw orks oper ate on a best-ef fort deli very basis, whic h means that all t raf fi c has eq ual prior ity and an equ al chance of being d eli ve red in a timely ma nner . W hen co ngest[...]

  • Pagina 731

    33-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figur e 33 -1 QoS Classificat ion La y ers in Fr ames and P ack ets All swi tches and ro uters that a ccess the Inte rnet rely on the cla ss inf ormation to pro v ide the same forwar ding treatm ent to pack ets with t he[...]

  • Pagina 732

    33-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Basic QoS Model T o i mpleme nt QoS, t he switc h must distingu ish pac kets or fl ow from one a nother (classify) , assign a label t o in dicate the g i ven quali ty o f ser vice as the pack ets m ov e through th e swi[...]

  • Pagina 733

    33-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figur e 33 -2 Basic QoS Model Classification Classification is the pro cess of distingu ishing one kind of traffic from anothe r by e xamin ing the fields in the packe t. Classif icatio n is enabled only if QoS is globa [...]

  • Pagina 734

    33-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS For IP traff ic, you have these classificatio n options as shown in Figure 33-3 : • T r ust the DSCP v alue in the incomi ng packet (conf igure th e port to tr ust DSCP), a nd assign the same DSCP value to the p acket[...]

  • Pagina 735

    33-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figu re 33-3 Classi fica tio n Flowchart 86834 Generate the DSCP based on IP precedence in pack et. Use the IP-precedence-to-DSCP map . Use the DSCP value to generate the QoS label. Assign def ault por t CoS. Ye s Ye s N[...]

  • Pagina 736

    33-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Classification Based on QoS ACLs Note If the switch is running the LAN Lite im age, you can conf igur e A CLs, but you cann ot attach them to physical inter faces. Y ou can a ttach them to V LAN i nterfa ces to filter t[...]

  • Pagina 737

    33-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Y ou create a c lass map by using th e class-map g lobal configuration com mand or the class policy-map configurati on com mand. Y ou sh ould use t he class-ma p com mand wh en t he map is sh ared am ong many ports. W he[...]

  • Pagina 738

    33-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Policing on Physical Ports In policy m aps o n physic al por ts, y ou can create these types of pol icers: • Indi vidual—Qo S applies the bandwid t[...]

  • Pagina 739

    33-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figure 33- 4 shows the policing an d marking proces s. Figur e 33 -4 Po licing and M ar king Flow c har t on Ph ysical P orts Mapping T ables Note T o use mapping tables, the switch must be running the LAN Base image. D[...]

  • Pagina 740

    33-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Note Catalyst 2960-S switche s do not support ingress queue ing. • Durin g policing, QoS can ass ign anoth er DSCP v alue t o an IP or a non-IP packet ( if the pa cket is out o f prof il e and the po licer speci fies[...]

  • Pagina 741

    33-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Because the tota l inboun d bandw idth of all ports can exce ed the ba ndwid th of the intern al ring , ingress queues are lo cated after the p acket is class if ied, poli ced, a nd mar ked and b efore pack ets ar e for[...]

  • Pagina 742

    33-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS SRR Shaping and Sharing Both the in gress an d egr ess queu es are serv iced b y SRR, which contro ls the rate at which pa ckets ar e sent. On the in gress que ues, SR R sends pa ckets to the stac k or intern al ring. [...]

  • Pagina 743

    33-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Queueing and Scheduling on Ingre ss Queues Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Figure 33- 7 shows the queueing and sch eduling fl owchart for ingres s ports. Figur e 33 -7 Queueing an d Sc[...]

  • Pagina 744

    33-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS The switch supports tw o conf igurable ingress queu es, which are service d by SRR in shared mode only . T ab le 33-1 descri bes th e queue s. Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou ass[...]

  • Pagina 745

    33-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Priorit y Queueing Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou can configure one ingress que ue as the pri orit y queue by using the mls qos srr -queue input priority-queue queue-id bandwidth[...]

  • Pagina 746

    33-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Figur e 33 -8 Queueing and Sc hedulin g Flo w ch art f or Egress P orts Each p ort supp orts four egress queu es, o ne of whic h (qu eue 1) can be the egress expedi te qu eue. These queues a re configured by a queue -s[...]

  • Pagina 747

    33-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS b uf fers) or not empty (free b uf fer s). If the qu eue is not o ve r- limit, the s witch can allo cate b uf f er space from t he r eserved poo l or f rom th e co mmon pool (if it is n ot emp ty). I f th ere a re no fr[...]

  • Pagina 748

    33-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS modify it . Y ou map a port to queue-se t by using the queue-set qset-id interf ace co nf igura tion co mmand. Modify the queu e-set conf igurat ion to change the WTD threshol d percentages. F or more informa tion abou[...]

  • Pagina 749

    33-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Configuring Auto-QoS Note T o use auto- QoS, t he swit ch must be running the L AN Base image. Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou can use the au to-Q oS feature to simpl ify the depl[...]

  • Pagina 750

    33-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Generated Auto-QoS Configuration By def ault, auto-QoS is disabl ed on all po rts. P ackets ar e not modif ie d--the CoS, DSCP a nd IP preced en ce values in the packet are not ch an ged. Note Catal yst 2960-S sw[...]

  • Pagina 751

    33-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS For informat ion about the tru sted bounda ry feat ure, see t he “Con figuring a Trusted Bound ary to Ensure Port Security ” secti on on page 39-4 2 . When yo u enable auto-Qo S by using th e auto qos voip cisc o-ph[...]

  • Pagina 752

    33-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS • Global v alues change w ith the migr ation of enhance d commands . For a co mple te list of the genera ted comm ands that ar e a pplied t o the runnin g con figuration see Ta b l e 3 3 - 5 . Auto-Qo S Configu[...]

  • Pagina 753

    33-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Global Auto-QoS Configuration T able 33-5 Genera ted A ut o-QoS C onfigur ation Description Automatically Generated Command { voip} Enhanced Automatically Generated Command{Vid eo|T rust|Classify} The switch aut omatica[...]

  • Pagina 754

    33-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS The switch au tomatical ly maps DSCP v alues to an ingress queue and to a threshold ID. Note Catalyst 2960-S swit ches do not suppo rt ingress queuei ng. Switch(config)# no mls qos srr-queue input dscp-map Switch[...]

  • Pagina 755

    33-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS The switch au tomatical ly maps DSCP values to an egress que ue and to a threshold ID. Switch(config)# no mls qos srr-queue output dscp-map Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 [...]

  • Pagina 756

    33-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Auto-Qo S Generated Configurat ion For VoIP Devices If you ente red the auto qos voip cisco-phone command, the switc h automatica lly ena bles the tr usted bound ary featu re, which us es the CDP to de tect the p[...]

  • Pagina 757

    33-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Switch(config-pmap)# class AutoQoS-VoIP-Control-Trust Switch(config-pmap-c)# set dscp cs3 Switch(config-pmap-c)# police 32000 8000 exceed-action policed-dscp-transmit After creati ng the class maps and poli cy maps, th [...]

  • Pagina 758

    33-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS If you ente red the auto qos classify comman d, the swi tch aut omaticall y creat es class ma ps and p olic y maps. Switch(config)# mls qos map policed-dscp 0 10 18 to 8 Switch(config)# mls qos map cos-dscp 0 8 1[...]

  • Pagina 759

    33-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Switch(config-pmap-c)# set dscp cs3 Switch(config-pmap-c)# police 32000 8000 exceed-action drop Switch(config-pmap)# class AUTOQOS_DEFAULT_CLASS Switch(config-pmap-c)# set dscp default Switch(config-pmap-c)# police 1000[...]

  • Pagina 760

    33-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Switch(config-pmap-c)# set dscp af11 Switch(config-pmap-c)# police 10000000 8000 exceed-action policed-dscp-transmit Switch(config-pmap)# class AUTOQOS_TRANSACTION_CLASS Switch(config-pmap-c)# set dscp af21 Switc[...]

  • Pagina 761

    33-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS • After auto- QoS is en ab led, do no t modi fy a policy map o r agg regate po lic er th at in clud es Au t oQ o S in its n ame. If y ou need to modify the policy map or a ggregate p olicer, make a c opy of it, and ch[...]

  • Pagina 762

    33-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Troublesho oting Auto Qo S Comma nds T o display th e QoS com mands that are au tomatic ally gene rated when auto-QoS is enabl ed or d isabled, enter the deb ug auto qos pri vile ged EXEC comm and bef or e you en[...]

  • Pagina 763

    33-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Displaying Auto-QoS Information Displaying Auto-Q oS Information T o display the initial auto-Q oS conf iguration, use the show auto qos [ interf ace [ interface-id ]] privileged EXEC comm and. T o display any user change s to tha t configu[...]

  • Pagina 764

    33-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Default Standard QoS Configuration Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. QoS is disa bled. Ther e is no conce pt of tru sted or untru sted por ts be cause the packet s are not m odif[...]

  • Pagina 765

    33-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T ab le 33-8 sh ows the default D SCP i nput queue thre shold ma p whe n QoS i s enable d. Default Egress Queue Configur ation T ab le 33-9 sh ows the de fault egress queue c onfigurati on for each qu eue- set whe[...]

  • Pagina 766

    33-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T ab le 33-11 shows the default DSC P output que ue threshol d map when QoS is enabled . Default Mapping Table Conf iguration The default CoS-to-DSCP map is sho wn in T able 33- 12 on page 3 3-6 1 . The default [...]

  • Pagina 767

    33-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Policing Guid elines Note T o us e polic ing, t he swi tch must be runnin g the LAN Base im age. • The por t ASIC de vice, whic h cont rols more than one physic al port, suppo rts 256 poli cers (255 user-configu[...]

  • Pagina 768

    33-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Enabling Qo S Globally By default, QoS is disa bled on the sw itch. Beginn ing in pri vile ged EXEC mode, follo w these step s to enable QoS. This proced ure is required . T o disabl e QoS, use the no mls qos gl[...]

  • Pagina 769

    33-41 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Figu re 33-1 0 P ort T rusted State s wit hin the Qo S Do main Beginn ing in pr i vilege d EXEC m ode, follo w these step s to conf igur e the po rt to tru st the cl assific ation of the traf fic that it recei ves[...]

  • Pagina 770

    33-42 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return a port to its untrusted state, use the no mls qos trust inte rface c onfigura tion comm and. For informatio n on ho w to change th e defa ult CoS v alue, see the “Con f igu ring the Co S V alue fo r[...]

  • Pagina 771

    33-43 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T o return to the defa ult setting, use th e no mls qos cos { def ault-cos | override } interface configura tion comm and. Configuring a Truste d Boundary to Ensure Port Securit y In a t ypica l network , you c on[...]

  • Pagina 772

    33-44 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS trusted boundar y feature disables t he trusted setting on the switch port and pre v ents misuse of a high-pr iority queue . Note that the trusted bou ndary feature is not effective if the PC and Cisco IP Phon e[...]

  • Pagina 773

    33-45 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Reg ardless of the DSCP tr ansparenc y conf igura tion, the switch modif ies the internal DSCP va lue of the pack et, which the switch us es to generate a cla ss of ser vice (CoS ) v alue that re present s the pri[...]

  • Pagina 774

    33-46 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Figur e 33 -1 1 DSCP -T rust ed Stat e on a P ort Bor derin g Another Q oS Domain Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Beginn ing in pr i vilege d EXEC m ode, follo w these step s t[...]

  • Pagina 775

    33-47 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T o return a port to its non-trusted state , use the no mls qos trust interfa ce conf igur ation co mmand. T o return to the d efault D SCP-to-DS CP-mutation m ap v alues, u se the no mls qos ma p dscp-mutation ds[...]

  • Pagina 776

    33-48 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Classifying Traffic by Using ACLs Y ou can classif y IP traffic by using IP standard or IP extended A CLs; you can classify no n-IP traffi c by usin g Laye r 2 MA C A CLs . Beginn ing in pri vileg ed EXEC mode, [...]

  • Pagina 777

    33-49 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pri vile ged EXEC mode, follo w these step s to create an IP exte nded A CL f or IP traf f ic: T o delete an acc ess list, u se the no access-list access-l ist-number globa l configura tion comma nd.[...]

  • Pagina 778

    33-50 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mod e, follow these st eps to c reate a L ayer 2 M A C A CL for non-IP tra ff ic: T o delete an acc ess list, u se the no mac acce ss-list ex tended ac cess-list-name global configur[...]

  • Pagina 779

    33-51 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying Traffic by Using Class Ma ps Y ou use the class-map global conf iguration co mmand to name and to iso late a spe cif ic tra ff ic flow (o r class) f rom all o ther traf fic. Th e class m ap def ines th[...]

  • Pagina 780

    33-52 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existing policy map, use the no policy-map poli cy-ma p-nam e global configuration comm and. T o delet e an existing cl ass map, use the no c lass-map [ match-all | match-any ] class-map-na me glob[...]

  • Pagina 781

    33-53 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying, Policing, and Marking Traff ic on Physical Ports by Using Policy Maps Note T o use polic ing and ma rking, t he switch must be running the LAN Base ima ge. Y ou can conf igure a polic y map on a physi[...]

  • Pagina 782

    33-54 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EX EC mode , follow these steps t o creat e a policy map: Command Purpose Step 1 configur e terminal E nter g lobal configuration mode . Step 2 c lass-map [ match-all | mat ch-any ] class[...]

  • Pagina 783

    33-55 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Step 5 trust [ cos | dscp | ip-prece dence ] Configure the trust state, whi ch QoS uses to gene rate a CoS-ba sed or DSCP-based QoS lab el. Note This co mmand is mutuall y exclusi ve with the set comma nd withi n [...]

  • Pagina 784

    33-56 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existing policy map, use the no policy-map poli cy-ma p-nam e global configuration comm and. T o delet e an existing cl ass map, use the no class class-map -name poli cy-map configurati on comm and[...]

  • Pagina 785

    33-57 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police 1000000 8000 exceed-action policed-dscp-transmit Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet0/1 S[...]

  • Pagina 786

    33-58 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Switch# configure terminal Switch(config)# class-map cm-3 Switch(config-cmap)# match ip dscp 30 Switch(config-cmap)# match protocol ipv6 Switch(config-cmap)# exit Switch(config)# class-map cm-4 Switch(config-cma[...]

  • Pagina 787

    33-59 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to create an aggreg ate policer: Comma nd Pu rpose Step 1 configur e terminal Enter global configurat ion mode . Step 2 mls qos agg regate-policer aggr e [...]

  • Pagina 788

    33-60 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o r emove the specified a ggregate policer from a p olicy map, use th e no police aggr egate aggr egate-poli cer-nam e poli cy map c onfiguratio n mode . T o de lete an ag gregate police r an d its parame ters[...]

  • Pagina 789

    33-61 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring DSCP Maps These sec tions co ntain this co nfiguration info rmat ion: • Conf iguring the CoS-to-DSCP Map, page 33-61 (o ptio nal ) • Configuring the IP -Prece dence-t o-DS CP Map, page 33-62 (op ti[...]

  • Pagina 790

    33-62 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in pr iv ilege d EXEC mode, follo w these steps to modify t he CoS-to-DSCP m ap. This procedur e is optional. T o return to the default ma p, use the no mls qos cos-dscp global configurati on com mand[...]

  • Pagina 791

    33-63 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pr i vilege d EXEC m ode, follo w these step s to modify t he IP-pr ecedence- to-DSCP map. This proc edure is option al. T o return to the default ma p, use the no mls qos ip-pr ec-dscp global con fi[...]

  • Pagina 792

    33-64 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the default ma p, use the no mls qos policed- dscp global co nf igur ation co mman d. This exam ple sh ows ho w to map DSCP 50 to 57 t o a ma rked-down DSCP value of 0: Switch(config)# mls qos map [...]

  • Pagina 793

    33-65 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXEC mo de, foll ow these s teps to modif y the DSCP-to- CoS map. This procedur e is optional. T o return to the default ma p, use the no mls qos dscp-cos global c onfiguration com mand. Th[...]

  • Pagina 794

    33-66 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Y o u can c onfi gure multiple DSCP-to-DSCP-mutat ion maps on an ing ress port. T he def ault DSCP-to-DSCP-muta tion map is a null map, which maps an incoming DSCP value to the same DSCP va lu e. Beginning in pr[...]

  • Pagina 795

    33-67 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS 4 : 40 41 42 43 44 45 46 47 48 49 5 : 50 51 52 53 54 55 56 57 58 59 6 : 60 61 62 63 Note In the above DSCP-to- DSCP-m utati on map, t he mutat ed values are shown in the bod y of the matrix. Th e d1 colum n specif[...]

  • Pagina 796

    33-68 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXE C mode , follow these step s to map D SCP or CoS values to a n ingress que ue and to set WT D thre sholds. T his pro cedure is opt ional. T o re turn to the defau lt CoS input queue t[...]

  • Pagina 797

    33-69 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS This exampl e shows ho w to map DSCP values 0 to 6 to ingres s queue 1 an d to thresh old 1 with a dro p thresho ld of 50 p ercent. It m aps DSC P values 20 to 2 6 to in gress queu e 1 a nd to th reshold 2 with a [...]

  • Pagina 798

    33-70 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Allocating Bandwidth Between the Ingress Que ues Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou need to speci fy how much of the av a ilab le bandw idth is alloc ated between th e ingres[...]

  • Pagina 799

    33-71 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring the Ingress Priority Queue Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou should use the p riority qu eue onl y for traf fic that n eeds to be expe dited (for e xamp le, v oice[...]

  • Pagina 800

    33-72 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Configuring E gress Queu e Characteristic s Depend ing on the co mplexity of yo ur networ k and your Qo S solution, you mig ht need to pe rform al l of the tasks in the ne xt sections. Y ou will need to make dec[...]

  • Pagina 801

    33-73 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning i n privileged EXEC mode, follow these steps to configure the me mory al loca tion and to drop thresholds for a queue-se t. This procedure is optional. Comma nd Pu rpos e Step 1 configur e terminal Enter[...]

  • Pagina 802

    33-74 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the de fault settin g, use the no mls qos queue- set output qse t-i d bu f f e r s global conf igurati on comm and. T o retu rn to the defaul t WTD thre shold percenta ges, use the no mls qos queue[...]

  • Pagina 803

    33-75 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXE C mode, follow thes e st eps to map DSCP or CoS values to an egress queu e and to a thr eshold ID . This procedur e is optio nal. T o r eturn to th e de fault DSCP output queu e thre sh[...]

  • Pagina 804

    33-76 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Configuring SRR Sh aped Weights on Egress Queues Y ou can specif y how much of t he av ailabl e bandwid th is alloc ated to ea ch queu e. The ra tio of the weight s is the r atio of fre quency in w hich the SRR [...]

  • Pagina 805

    33-77 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring SRR Sh ared Weights on Egress Queues In shar ed mod e, the queues share th e band width am ong th em ac cordi ng to the configured weight s. The bandwidth is gu aranteed at this le vel but n ot limited[...]

  • Pagina 806

    33-78 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Configuring the Egress Expedite Que ue Y ou can en sure that certai n packets have priori ty over all othe rs by queu ing the m in t he egress exped ite queue. SRR services this queue until i t is empty before s[...]

  • Pagina 807

    33-79 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Displaying Standard QoS Information T o return to the default setting, use the no srr- queue bandwidth limit inter face conf ig uration comma nd. This exam ple sh ows how to limit the ba ndwid th on a port to 8 0 per cent: Switch(config)# i[...]

  • Pagina 808

    33-80 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Display ing Standar d QoS Inform ation show mls qos maps [ cos-ds cp | cos- input-q | cos-outpu t-q | dscp-cos | dscp-input-q | dscp-mutation dscp -mutat ion-na me | dscp-output-q | ip-prec-dsc p | policed-ds cp ] Display QoS mapping info[...]

  • Pagina 809

    CH A P T E R 34-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 34 Configuring Static IP Unicast Routing This c hapter d escribes how to configure I P V ersion 4 (IPv 4) stati c IP un icast ro uting on the Cataly st 2960-S an d 2960 swit ch. Sta tic rou ting is support ed onl y on switched v irtual interfac es (SVI s) a[...]

  • Pagina 810

    34-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 34 Configuring Static IP Unicast Routing Underst anding IP Ro uting Figur e 34 -1 Routing T opology E xample When Host A in VLAN 10 needs to communicate with Host B in VLAN 10, it sends a packet add ressed to that host. Swit ch A forwards th e packet dir ectly t[...]

  • Pagina 811

    34-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 34 Configur ing Static IP Unic ast Routing Steps f or Co nfiguri ng Rout ing Stack memb ers funct ions: • Act a s routi ng sta ndb y s witch es, ta king ov er if ele cted as the ne w stack master when t he stack mast er fails. • Program the routes in to hard[...]

  • Pagina 812

    34-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 34 Configuring Static IP Unicast Routing Enablin g IP Unicast Ro uting Enabling IP Un icast Routing By default, the swi tch is in Lay er 2 sw itching m ode, a nd IP routing is disa bled. T o u se the Layer 3 capabiliti es of the switch, e nable IP routing. Begin[...]

  • Pagina 813

    34-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 34 Configur ing Static IP Unic ast Routing Configuring Static Unicast Routes Configuring St atic Unicast Ro utes Static uni cast rou tes are use r -def ined routes that cause pac kets movin g betwee n a sourc e and a destinatio n to take a specif ied path. Stati[...]

  • Pagina 814

    34-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 34 Configuring Static IP Unicast Routing Monito ring and Mai ntainin g the IP Networ k[...]

  • Pagina 815

    CH A P T E R 35-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 35 Configuring IPv6 Host Functions This ch apter descr ibes how to con f igure IPv6 ho st functi ons on the C atalyst 2 960 and 2960-S switche s. Note T o use IPv6 Ho st Functions , the switch must be runni ng the LAN Base image . For information a bout con[...]

  • Pagina 816

    35-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Underst andin g IPv6 This se ction de scribe s IPv6 implem entati on on t he swit ch. • IPv6 Add resses, page 35 -2 • Supported IPv6 Host Feature s, page 35- 2 IPv6 Addres ses The switch supp orts only IPv 6 unicast address[...]

  • Pagina 817

    35-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Understanding IPv6 128-Bit Wide Unicast Addresses The s witch su pport s aggr e gatable global u nica st add resse s and l ink-l ocal uni cast ad dresse s. It does no t support site-local unic ast addresses. • Aggre gat abl[...]

  • Pagina 818

    35-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Underst andin g IPv6 IPv6 Stateless Autoconfiguration and Duplicate Address Detection The sw itch use s statel ess aut oconfiguratio n to ma nage li nk, subne t, an d site addressin g chang es, such as manage ment of host and m[...]

  • Pagina 819

    35-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Understanding IPv6 • If you try to c onfigure IPv6 w ithout first select ing a dual IPv 4 and IPv6 template, a warning me ssage appe ars. • In I Pv4-on ly en viron ments, th e swit ch app lies I Pv4 Q oS and A C Ls in har[...]

  • Pagina 820

    35-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Conf igu rin g IPv6 Basic network c onnec tivity ( ping ) must e xist between the c lient an d the serv er hosts b efore HT TP connec tions c an be made. For more inf ormation, see the “Managing Cisco IOS Ap plicatio ns o ver[...]

  • Pagina 821

    35-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Configur ing I Pv6 Configurin g IPv6 Add ressing a nd Enablin g IPv6 Host This section descri bes how to a ssign IPv6 addr esses to i ndividual La yer 3 interfac es and to gl obally forwar d IPv6 traf fic on the switch. Befor[...]

  • Pagina 822

    35-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Conf igu rin g IPv6 T o remov e an IPv6 ad dress fr om an inte rface , use the no ipv6 addr ess ipv6-p r efix/pr efix length eui-64 or no ipv6 address ipv6-addre ss link-local int erface conf iguration command. T o remov e all [...]

  • Pagina 823

    35-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Configur ing I Pv6 Configuring IPv6 IC MP Rate Limiting ICMP rat e limitin g is enabl ed b y def ault with a def ault inter va l betwee n error messages of 100 millisecond s and a bu cket size ( maximum numbe r of tokens t o [...]

  • Pagina 824

    35-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Conf igu rin g IPv6 Configuring Static Routes for IPv6 Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to conf ig ure an IPv6 static route: Comma nd Pu rpos e Step 1 configur e terminal Enter globa l configurat ion [...]

  • Pagina 825

    35-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Displaying I Pv6 T o remov e a configu red sta tic route, use the no ipv6 route ipv6-pr efi x/pr ef ix le ngth { ipv6-add r ess | interface- id [ ipv6-add r ess ]} [ admin istr at ive di stan ce ] glo bal configurat ion c om[...]

  • Pagina 826

    35-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Displa ying I Pv6 T ab le 35-3 sh ows the privileged EX EC co mman ds for di splayin g in format ion abo ut IPv4 and IPv6 address type s. This i s an exampl e of t he o utput from the show ipv6 inte rface privi leg ed EXEC com[...]

  • Pagina 827

    35-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Displaying I Pv6 This i s an exampl e of t he o utput from the show ipv6 neighbor pri vile ged E XEC co mmand: Switch# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface 3FFE:C000:0:7::777 - 0007.0007.0007 [...]

  • Pagina 828

    35-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Displa ying I Pv6[...]

  • Pagina 829

    CH A P T E R 36-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 36 Configuring IPv6 MLD Snooping Note T o use IPv6 ML D Snooping , the switch mu st be runni ng the LAN Base i mage. Y o u can u se Multic ast Listene r Disco ve ry (MLD) sn ooping to enable ef f icient d istrib ution of IP versio n 6 (IPv6) multicast data [...]

  • Pagina 830

    36-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Underst anding ML D Snoopin g Understandin g MLD Snooping In IP version 4 ( IPv4), La yer 2 sw itches c an use In ternet Gr oup Man agement Prot ocol ( IGMP) snoopi ng to limit the f looding of multi cast traf fic b y dynamicall [...]

  • Pagina 831

    36-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Unders tanding MLD Snoop ing MLD Mess ages MLDv1 sup ports three ty pes of message s: • Listen er Querie s are the equ i v alent of IGM Pv2 quer ies and are ei ther Gen eral Quer ies or Multicast -Address-Spec ific Queries (M[...]

  • Pagina 832

    36-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Underst anding ML D Snoopin g Multicast Rou ter Disc overy Like IG MP sn ooping, MLD s noopi ng perfo rms m ultica st r outer d iscovery , wi th th ese ch arac teristic s: • Ports c onfigured by a user never age out. • Dynami[...]

  • Pagina 833

    36-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping The numbe r of MASQs ge nerated is configured by using the ipv6 mld sno oping last-listener -quer y count global con figuration co mmand . The de fault numb er is 2. The MASQ i s sent to the IPv6[...]

  • Pagina 834

    36-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Default MLD S noopi ng Configuration T ab le 36-1 sh ows the default MLD sno oping configuratio n. MLD Snoo ping Co nfig uration Guidelines When configur ing MLD snoopi ng, c onsider the se guid el[...]

  • Pagina 835

    36-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping Enabling o r Disab ling MLD Sn ooping By default, IPv6 M LD sno oping i s globa lly d isabled on the switch and e nabled on al l VLAN s. When MLD snoop ing is glob ally disa bled, it is also disa[...]

  • Pagina 836

    36-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Configuring a Sta tic Multicast Group Hosts or La yer 2 port s normal ly join m ulticast groups dyna micall y , but you can al so statica lly configure an IPv6 mu lticast addre ss and membe r ports[...]

  • Pagina 837

    36-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to add a multicast ro uter port to a VLAN: T o remov e a multicast ro uter port fr om the VLAN, us e the no ipv6 mld snooping vlan vl an[...]

  • Pagina 838

    36-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Configur ing ML D Snoopi ng Querie s When Imme diate Le ave i s not en abled an d a port rece iv es an MLD Done message , the swit ch generat es MASQs on th e port and sends them to the I Pv6 mult[...]

  • Pagina 839

    36-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping This exam ple sh ows ho w to set the MLD sn oopi ng globa l robustness variab le to 3: Switch# configure terminal Switch(config)# ipv6 mld snooping robustness-variable 3 Switch(config)# exit Thi[...]

  • Pagina 840

    36-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Display ing MLD Sn ooping Inf ormation Displaying MLD Snoo ping Informatio n Y ou can displa y MLD snooping inform ation for dy namica lly lea rned and sta ticall y configured rou ter ports a nd VLAN inter faces . Y ou can als o[...]

  • Pagina 841

    CH A P T E R 37-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 37 Configuring EtherC hannels and Link-State Tracking Note T o u se link- state trac king, th e sw itch must be runnin g the LAN Base i mag e. This c hapter d escrib es how to configure Ether Chann els on the Cat alyst 29 60 an d 2960 -S switc hes. Ether Ch[...]

  • Pagina 842

    37-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Understandin g EtherChann els • EtherC hannel O verview , page 37-2 • Port-Cha nnel I nterfac es, page 37 -4 • Port Aggregation Prot ocol, page 37-5 • Link A ggreg[...]

  • Pagina 843

    37-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els The Et her Channel provides full-d uplex b andwidt h up to 800 Mb/ s (Fast E therCh annel) or 8 Gb/s (Gigab it Ethe rChanne l) betw een yo ur swit ch and anothe r switc h or h[...]

  • Pagina 844

    37-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Figur e 37 -3 Cros s-Stac k EtherChan nel Port-Chan nel Interfaces When you cre ate a La yer 2 Ethe rChan nel, a por t-c hannel logical i nterfac e is in volved. Y ou can [...]

  • Pagina 845

    37-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els Figur e 37 -4 Relationshi p of Ph ysical P orts, Lo gical P ort Channe ls, and Channel Gr oups After y ou conf igure an Ether Cha nnel, co nf igur ation ch ange s appli ed to [...]

  • Pagina 846

    37-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels PAgP Modes T ab le 37-1 sh ows the use r -configur able EtherC hanne l P Ag P mode s for the channel-group interface configurati on c ommand. Switch por ts exchange P AgP [...]

  • Pagina 847

    37-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els If the VSL between tw o switches fa ils, one sw itch does not kno w the statu s of the othe r . Both switches could ch ange to the act iv e mode, ca usin g a dual-active situa[...]

  • Pagina 848

    37-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Both the acti v e and passive LA CP mod es en able po rts to ne goti ate wit h part ner po rts to an EtherC hannel b ased on crit eria suc h as port spe ed and , for Layer[...]

  • Pagina 849

    37-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els W it h destin ation- MA C ad dress fo rw arding, wh en pack ets a re forw arded to an Et herCh annel , they are distributed acr oss the port s in the cha nnel base d on the de[...]

  • Pagina 850

    37-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Figur e 37 -5 Load Distr ibution and F orwardin g Methods EtherChann el and S witc h Stack s If a stack mem ber that ha s ports part icipati ng in an Eth erChanne l fails[...]

  • Pagina 851

    37-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels Configuring Eth erChannels These sec tions co ntain this co nfiguration info rmat ion: • Default Eth erCha nnel Configurat ion, pa ge 37-11 • Ether Channel C onfigurati on [...]

  • Pagina 852

    37-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els EtherChann el Configuratio n Guidelin es Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge. If imp roper ly con figured, so me E t[...]

  • Pagina 853

    37-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels • For Layer 2 Ethe rChanne ls: – Assign all p orts in the EtherChannel to the same V LAN, or co nf igure them a s trunks. Port s with different nat ive V LAN s cannot for m[...]

  • Pagina 854

    37-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els T o remove a p ort from the E therCha nnel gro up, us e the no channel-group interface configurat ion comm and. Step 4 ch annel-group channel-group-number mode { auto [ non-[...]

  • Pagina 855

    37-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels This exam ple sh o ws ho w to conf igu re a n Ether Chann el on a swit ch. It assig ns tw o po rts as stati c-acc ess ports i n VLAN 10 to cha nnel 5 with t he P AgP mode desir[...]

  • Pagina 856

    37-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els Be ginn ing i n pri vile ged E XEC mo de, f oll ow these ste ps to conf igure Ethe rCha nne l loa d bala nci ng. T his procedur e is optional. T o return E therChannel load [...]

  • Pagina 857

    37-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels Y ou also can configure a sing le port with in the group for all transmi ssions and use other port s for hot standby . Th e unused port s in the gr oup can be swappe d into ope[...]

  • Pagina 858

    37-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els T o return the priority to its def ault setting, us e the no pagp port-priority interf ace c onf iguration command. T o return th e learning m ethod to its def ault setting [...]

  • Pagina 859

    37-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to conf igur e the LA CP system priority . This procedur e is optional. T o return the LA CP system priority to the d[...]

  • Pagina 860

    37-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Displaying Eth erChannel, PA gP, and LACP Status T o return the LA CP port priority to the def ault v alue, u se the no lacp port-priorit y inter face configurati on c ommand. Displaying EtherCh annel,[...]

  • Pagina 861

    37-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understanding Link-State Tracking Note A n interfac e can b e an aggregati on of ports (an Et herChann el) , or a si ngle phys ical por t in a ccess or trunk mode. Figure 37- 6 on page 37-22 shows a networ[...]

  • Pagina 862

    37-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding L ink-State Tracking • If all of the upstream interfac es become una v ailable, link-state tracking automati cally puts the do wnst ream inter faces in the err or -disabl ed state . Co[...]

  • Pagina 863

    37-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Configuring Link-State Tracking Configuring Link -State Tracking • Default Lin k-Sta te T racking Configurati on, page 37-23 • Link-Sta te Tracking Co nfiguratio n Gui deline s, pa ge 37-23 • Conf ig[...]

  • Pagina 864

    37-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing Link-S tate Tracki ng This exam ple sh ows how to crea te a link- state gr oup a nd c onfigure the inte rfaces: Switch# configure terminal Switch(config)# link state track 1 Switch(config)[...]

  • Pagina 865

    CH A P T E R 38-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 38 Troubleshooting This chapter descr ibes ho w to identify and resolv e software probl ems related to the Cisco IOS software on the Cataly st 2960 and 2960 -S switche s. Dependi ng on the natur e of the problem, you can use the command-lin e interf ace (CL[...]

  • Pagina 866

    38-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recovering f rom a Softwa re Failure • Using th e show platform for ward Comm and, page 38- 22 • Using the c rashinfo Files, page 38-23 • Using On-Boar d Failure Log ging, p age 38- 24 • Memory Consistency Check Rout ines, page 38-2 6[...]

  • Pagina 867

    38-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd Step 6 Press the Mode button and at the same time, reco nnect the po wer cord to the switch. Y o u can r elease the Mo de button a second or two after t he LED above port 1 goes off. Se veral l[...]

  • Pagina 868

    38-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recoveri ng from a Los t or Forgotten Password Y ou enable or d isable pa ssword recovery by using the se rvice pa ssword -r eco very global c onfiguratio n comm and. When you e nter t he service password-recov ery or no service password-re c[...]

  • Pagina 869

    38-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd Step 2 If you had se t the co nsole po rt spe ed to anything other than 9600, i t ha s been reset to tha t par ticula r speed. Chan ge the emulati on sof twar e line speed to mat ch that of the[...]

  • Pagina 870

    38-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recoveri ng from a Los t or Forgotten Password Step 13 Write th e running c onfigu ration to t he startup c onfig uration f ile: Switch# copy running-config startup-config The new password is now in the startup con figuration. Note This proce[...]

  • Pagina 871

    38-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd The switch f ile system appears: Directory of flash: 13 drwx 192 Mar 01 1993 22:30:48 c2960-lanbase-mz.122-25.FX.0 16128000 bytes total (10003456 bytes free) Step 4 Boot up the system: Switch: [...]

  • Pagina 872

    38-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Prev ent in g Swi tch Stac k P rob lems Preventing Switch Stack Problems Note • Make sure that the swit ches that you add to or remove from th e switch stac k are pow ered off. For all po wering consider ations in switch stac ks, see t he ?[...]

  • Pagina 873

    38-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recovering from a Command Switch Failure If you have not configured a stan dby comma nd swi tch, and your comma nd switc h lose s power or fail s in some other way , management contact with the member switc hes is lost, and you must install [...]

  • Pagina 874

    38-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recoveri ng from a Com mand Switc h Failure Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Basic management setup configures only enough connectivity for management of the syst[...]

  • Pagina 875

    38-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recovering from a Command Switch Failure Replacing a Failed Comma nd Switch w ith Anoth er Switch T o replace a failed command switch with a switch that is command-c apable b ut not part of the clu ster , foll ow thes e steps : Step 1 Inser[...]

  • Pagina 876

    38-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recovering f rom Lost Clust er Member Conn ectivity Step 10 When pr ompted, assign a nam e to th e cl uster, and press Return . The clu ster name can be 1 to 31 al phan umeric charac ters, da shes, or un dersc ores. Step 11 When the initial [...]

  • Pagina 877

    38-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubleshooting Power over Ethernet Switch Ports Troubleshooting Power over Ethernet Switch Ports These sec tions descr ibe how to troublesho ot Power ov er Ethern et (PoE) por ts. Note Power ov er Ethernet Plus (PoE+ ) is not supported on [...]

  • Pagina 878

    38-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Monitorin g SFP Modu le Status If you are using a non-Cisco SFP module, remove the SFP mo dule from the switch, and replace it with a Cisco module. After inserting a Cisco SFP module, use the e rrdisable re cov ery cause gbi c-in valid globa[...]

  • Pagina 879

    38-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using Layer 2 Tr aceroute Executing Ping Beginning in privileged EXEC mode , use this co mman d to ping a nother device on the netwo rk from th e switch: Note Th ough o ther p roto col keywords ar e available w ith th e ping com mand, they [...]

  • Pagina 880

    38-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using La yer 2 Tra cero ute Understand ing Layer 2 T raceroute The Lay er 2 tra cerou te feat ure al lows the swit ch to id entif y the physic al pat h that a packet takes fr om a source device to a destin ation device. La yer 2 trace route [...]

  • Pagina 881

    38-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using IP Traceroute • When multipl e de vices are attached to one p ort through h ubs (for e xample, m ultiple CDP n eighbors are de tecte d on a port) , the Layer 2 tra cerou te fea ture i s not support ed. Wh en m ore than on e CD P nei[...]

  • Pagina 882

    38-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using I P Trac eroute T o learn when a datagram reaches its de stination, trace route sets the UDP destinati on port number in the datagram to a v ery lar ge v alue that the de stination host is unlik ely to be using. When a host recei ves a[...]

  • Pagina 883

    38-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Usin g TDR T o end a trace in pr ogres s, enter the escape s equence ( Ctrl-^ X by defaul t). Si multane ously pr ess a nd release th e Ctrl , Shift , and 6 keys and then p ress the X ke y . Using TDR These se ctions conta in this i nformat[...]

  • Pagina 884

    38-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using D ebug Command s T o display the resu lts, enter th e sho w cable -diagnos tics t dr interf ace inte rf ace -i d pri vilege d EX EC command . For a descriptio n of the f ields in the displa y , see the comm and refer ence for this rele[...]

  • Pagina 885

    38-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using Debug C ommands T o d isab le debugging of SP AN, e nter th is comm and in privileged EX EC m ode: Switch# no debug span-session Alterna tely , in pri vileg ed EXEC mod e, you can enter the undeb ug form of th e co mmand: Switch# unde[...]

  • Pagina 886

    38-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using the s how platfo rm forward Co mmand Using the show p latform forward Command The output from the s h o w p l a t fo r m fo r w ar d privileged EXE C com mand pr ovides so me u seful inform ation a bout the forwardin g result s if a pa[...]

  • Pagina 887

    38-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using the cr ashinfo Files This is an exam ple of the output whe n the packet coming in on port 1 in VLA N 5 is sent to an add ress already learne d on the VL AN on ano ther por t. It shou ld be forwa rded from the po rt on which the addre [...]

  • Pagina 888

    38-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using On-Board F ailure Lo gging Y o u can display the most recent basic crashinf o file (that is, the f ile with the highest sequ ence number at the end of its f ilename) b y entering the show stacks or the show tech-support privileged EXEC[...]

  • Pagina 889

    38-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using On-Board Failure Logging • T emp erat ure—T emperat ure of a standa lone s witch or a stack me mber • Uptime data—T ime when a standalone switch or a stack member starts, the rea son the switch restarts, and the length of time[...]

  • Pagina 890

    38-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Memory Con sistenc y Check Routi nes Displaying OBFL Information T o displ ay th e OBFL i nform ation , use one or more of t he pri vile ged EX EC com mands in T ab le 38-3 : For more info rmat ion abou t using t he comm ands i n T able 38-3[...]

  • Pagina 891

    38-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les Displaying T CAM M emory Con sistenc y Check E rro rs Beginning in privileged EX EC mode, use this comm and to displ ay the T CAM memo ry consis tency check errors detect ed on the s witch: This e xample sho ws inf[...]

  • Pagina 892

    38-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables Troubleshooting CPU Utilization This section lists some possible symptoms that co uld be caused by the CPU being too b usy and show s ho w to v erify a CPU utilizati on problem . T able 38 -5 lists the primary types o[...]

  • Pagina 893

    38-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les For complete information about CPU utilizatio n and ho w to troubleshoot utilizatio n problem s, see th e T r oubleshooting High CPU Utilization documen t on Cisco. com. Troublesho oting Pow er over Etherne t (PoE)[...]

  • Pagina 894

    38-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables No PoE on a ll port s or a group of p orts. T rouble is on all switch por ts. Nonpowered Et hern et devices canno t esta blish an Ethern et l ink on any por t, an d PoE devices do not power on. If there is a continuou[...]

  • Pagina 895

    38-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les Cisco IP Phone disconn ects or re sets. After working norma lly , a Cisco pho ne or wireless access point inter mittently reload s or d iscon nects from PoE . V erify all el ectric al conn ections fr om the swit ch[...]

  • Pagina 896

    38-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables Troublesho oting Switc h Stacks Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge. T able 38-6 S witch Stac k T r oubleshooting Scenar ios Sympt om/pr obl em How to V erif y [...]

  • Pagina 897

    38-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les Port nu mbe ring in one or more switches is incorrec t or changed. Enter the show switch detail us er EXEC comman d. Multiple Sta ckW ise cables a re discon nected from st ack m embers creat ing t wo separat e stac[...]

  • Pagina 898

    38-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables[...]

  • Pagina 899

    CH A P T E R 39-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 39 Configuring Online Diagnostics This c hapter d escribes how to configure the online diagnost ics on the 2960 and 2960-S switches. Note Onl ine dia gnostics is sup ported on ly o n Cataly st 2960- S switch es runni ng the L AN ba se im age. For complete s[...]

  • Pagina 900

    39-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 39 Config uring Onl ine Dia gnostic s Scheduli ng Onlin e Diagnos tics Scheduling On line Diagnost ics Y ou can schedule online dia gnostics to run at a designa ted time of da y or on a daily , weekly , or monthl y basis for a specific switch. Use the no form o[...]

  • Pagina 901

    39-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 9 Configuring On line Dia gnostics Runni ng Online Dia gnostic Tests This e xample shows h ow to configur e the specif ied test to r un e v e r y 2 m i n ut es: Switch(config)# diagnostic monitor interval switch 1 test 1 00:02:00 0 1 This example shows ho w to[...]

  • Pagina 902

    39-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 39 Config uring Onl ine Dia gnostic s Displa ying On line Dia gnostic Tests a nd Test Res ults Th is ex am pl e s h ows h ow to start diag nostic s test 2 on a sw itch d isrupt ing nor mal system op er a ti on s , causing the switch to lose st ack c onnecti vit[...]

  • Pagina 903

    39-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 9 Configuring On line Dia gnostics Displaying Onlin e Diagnostic Te sts and Te st Results Th is ex am p l e s h ows how to display the online diagno stics that are configured on a switch: Switch# show diagnostic content switch 3 Switch 3: Diagnostics test suit[...]

  • Pagina 904

    39-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 39 Config uring Onl ine Dia gnostic s Displa ying On line Dia gnostic Tests a nd Test Res ults ====== ==== ============================= =============================== ====== Switch# This e xample shows ho w to disp lay the o nline di agnostic te st schedule f[...]

  • Pagina 905

    A- 1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX A Working with the Cisco IOS File System, Configuration Files, an d Software Images This ap pendix d escrib es how to manipu late the Catalyst 2960 an d 2960 s witc h flash file syst em, how to copy conf iguration f iles, and ho w to a rchi v e (upload a nd do wn[...]

  • Pagina 906

    A- 2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System • Copying Fil es, p age A-5 • Deleting Files, page A-5 • Creating, Displaying, and Extractin g tar Files, page A-6 • Dis playi ng t [...]

  • Pagina 907

    A-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System Setting the Def ault File System Y o u can specify th e f ile system o r direct ory tha t the sy stem uses as the def ault f ile system b y [...]

  • Pagina 908

    A- 4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System T o display information about f iles on a fil e system, use one of the pri vileged EXEC commands in Ta b l e A - 2 : Changing Dir ector ies [...]

  • Pagina 909

    A-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System Use t he /recur sive keyword to dele te the n amed di recto ry and a ll subd irector ies and the f iles c ontained in it. Use the /f o rce k[...]

  • Pagina 910

    A- 6 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System Use the /rec ursiv e ke yword for del eting a dir ectory and all subdire ctories a nd the files containe d in it. Use the /f o rc e keyword [...]

  • Pagina 911

    A-7 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System This e xample sho ws ho w to create a tar f ile. This comman d writes the contents of the new -con f ig s directo ry on the loc al fl ash de[...]

  • Pagina 912

    A- 8 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files • For the RCP , the syntax is rcp : [[ // u ser name @ location ] / di r ector y ] / tar -f ilename .tar • For the TFTP , the syntax is tf[...]

  • Pagina 913

    A-9 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Y ou can copy ( downloa d ) configuration files from a TFTP , FTP , or R CP server t o the running configurati on or startup configura tion o [...]

  • Pagina 914

    A-10 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files command than the e xisting conf igur ation, the IP address in the copi ed conf iguration is used. Howe ver , some comm ands in th e existing c[...]

  • Pagina 915

    A-11 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Preparing to Download or Uploa d a Configuration File B y Using TFTP Before yo u begin downloading or uplo ading a co nfiguration file by usi[...]

  • Pagina 916

    A-12 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files This ex ample s ho ws ho w to conf igure the softw are from the f ile tokyo-confg at I P add ress 17 2.16.2. 155: Switch# copy tftp://172.16.2[...]

  • Pagina 917

    A-13 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files The user name and pass word must be asso ciat ed with an acco unt on the FTP server . If you ar e writi ng to the serv er , the FTP serv er m[...]

  • Pagina 918

    A-14 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files This exam ple shows how to copy a c onfiguration file named host1-c onfg from th e neta dmi n1 directory on the remot e server w ith a n IP a [...]

  • Pagina 919

    A-15 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Uploading a Configuration File By Using FTP Beginn ing in pr i vilege d EXEC m ode, follo w these steps to upload a conf iguratio n f ile b y[...]

  • Pagina 920

    A-16 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files T o u se RCP to copy files, the server from or to which you will be copying files must support RCP . The RCP copy comman ds rely on th e rsh s[...]

  • Pagina 921

    A-17 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files If the switch IP address tr anslates to Swit ch1.compa ny .c om , the .rhosts f ile for User0 on the RCP server shou ld conta in this line: S[...]

  • Pagina 922

    A-18 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Connected to 172.16.101.101 Loading 1112 byte file host2-confg:![OK] [OK] Switch# %SYS-5-CONFIG_NV:Non-volatile store configured from host2-co[...]

  • Pagina 923

    A-19 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Clearing Con figuration Informatio n Y ou can cl ear t he configurat ion i nform ation fr om t he start up co nfiguration . If you reboo t th[...]

  • Pagina 924

    A-20 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Archiving a Con figuration The con fig uratio n archi ve pro vides a mechani sm to sto re, or ganize, an d mana ge an arch i ve o f configurat[...]

  • Pagina 925

    A-21 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Configuration Guideli nes Follow these guidel ines wh en configu ring and perfo rmin g configurat ion repla cement and roll back : • Make s[...]

  • Pagina 926

    A-22 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Performing a Configurat ion Replacement or Rol lback Operation Starting in pri v ileg ed EXEC mode, fol lo w these ste ps to replac e the r un[...]

  • Pagina 927

    A-23 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Working with So ftware Image s This se ction descri bes how to a rchive (download an d upl oad) sof tware image files, whic h cont ain t he syst [...]

  • Pagina 928

    A-24 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Note For a l ist of sof twar e image s and the suppo rted upgrad e path s, se e the rel ease notes. Image Loca tion on the Sw itch The Ci sco IOS[...]

  • Pagina 929

    A-25 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Copying Imag e Files By Us ing TF TP Y o u can d o wnload a switch im age fr om a TF TP serv er or upload the ima ge from th e switch to a T FTP [...]

  • Pagina 930

    A-26 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Make sure tha t the /et c/service s fi le co ntains this line: tftp 69/udp Note Y ou must restart th e inetd daemon after modif ying the /etc/ine[...]

  • Pagina 931

    A-27 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The download a lgorithm verifies t hat t he im age is app rop riate f or t he swi tch m odel a nd tha t enou gh DRAM is prese nt, or it abor ts t[...]

  • Pagina 932

    A-28 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Uploading an Image File By Using TFTP Y o u can up load an image fr om the switc h to a T FTP serv er . Y ou can later d o wnload this image to t[...]

  • Pagina 933

    A-29 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images These sec tions co ntain this co nfiguration info rmat ion: • Prepar ing to Do wnload or Upload an I mage Fil e By U sing FTP , page A-29 • D[...]

  • Pagina 934

    A-30 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es and you have a valid usernam e, this username is used , and you do not ne ed to set th e FTP user name. Includ e t he us ern ame i n th e archive[...]

  • Pagina 935

    A-31 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The download a lgorithm verifies t hat t he im age is app rop riate f or t he swi tch m odel a nd tha t enou gh DRAM is prese nt, or it abor ts t[...]

  • Pagina 936

    A-32 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Uploading an Image File By Using FTP Y o u can upload an image fr om the switch to an FTP server . Y ou can later do wnlo ad this image to the sa[...]

  • Pagina 937

    A-33 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Copying Imag e F iles By Using RCP Y ou can do wnlo ad a s witch im age fr om an R CP se rver or u pload the im age from the s witch to an R CP s[...]

  • Pagina 938

    A-34 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es For the RCP c opy request to e xecu te succ essful ly , an account must be def ined on the net wor k serv er f or the remo te userna me. If the s[...]

  • Pagina 939

    A-35 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The download a lgorithm verifies t hat t he im age is app rop riate f or t he swi tch m odel a nd tha t enou gh DRAM is prese nt, or it abor ts t[...]

  • Pagina 940

    A-36 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es If yo u speci fy th e /lea v e-old-sw , the exis ting f iles are n ot remo v ed. If ther e is not enough room to instal l the ne w imag e an keep[...]

  • Pagina 941

    A-37 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The a rch ive upl oad-sw pri vile ged EXE C command b uil ds an image f i le on the serv er b y upload ing these fi les in order: in fo, the Cisc[...]

  • Pagina 942

    A-38 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Beginn ing in pri vile ged EXE C mode from the stac k member th at you want to upgrade, fo llo w these steps to copy the ru nning image file from[...]

  • Pagina 943

    B-1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX B Supported MIBs This a ppend ix list s the supporte d ma nagement infor matio n base (MIBs) for t his rel ease on the Catalyst 2960 and 2960- S switches . It contai ns these secti ons: • MIB List, pa ge B-1 • Usin g F TP to Acce ss th e M IB Fil es , pag e B [...]

  • Pagina 944

    B-2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendi x B Supported MI Bs MIB List • CISCO-IET F-IP-FOR W ARDING- MIB • CISCO- IGM P-FIL TER-M IB • CISCO -IMA GE-MIB (Onl y stac k mast er image d etails are sho wn. ) • CISCO IP-ST A T -MIB • CISCO-LAG-MIB • CISCO-M A C-A UTH-B YP A SS • CISCO-MAC-NO TI [...]

  • Pagina 945

    B-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix B Supported M IBs MIB List • INET -ADDRESS-MIB • LLDP MED MIB • OLD-CISCO-CHASSIS-MI B (Par tial suppor t; some obje cts reflect only the sta ck master .) • OLD-CISCO- FLASH-MIB (Su pports only the stack master . Use CISCO-FLASH_MIB.) • OLD-CISCO- INTER[...]

  • Pagina 946

    B-4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendi x B Supported MI Bs Using FTP to Acces s the MIB Files Using FTP to Access the MIB Files Y ou can get each MI B file by using this procedu re: Step 1 Make sure that you r FTP clie nt is in passiv e mode. Note Some FTP clie nts do n ot suppo rt passive mode. Step 2[...]

  • Pagina 947

    C-1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX C Unsupported Co mmands in Cisco IOS Rele ase 12.2(55)SE This app endix lists so me of the command -line inter face (CLI) comm ands that a ppear when you en ter the question mark (?) at the Cata lyst 2960 or 2960- S swit ch prom pt but ar e not supporte d in t his[...]

  • Pagina 948

    C-2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE Boot Lo ader Comman ds show acc ess-lists rate-limit [ destin ation ] show accounting show i p accounting [ checkpoint ] [ out put-pa ckets | access viol ations ] show ip cac he [ pr efix-mask ] [ type num[...]

  • Pagina 949

    C-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(55)SE Interface Command s Interface Command s Unsupporte d Privileged E XEC Co mmands show in terfac es [ interface-id | vlan vlan -id ] [ crb | fair -queue | irb | mac-acco unting | precede nce | irb | random-d[...]

  • Pagina 950

    C-4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE Miscella neous mac-ad dre ss-tab le static Miscellaneous Unsupported Us er EXEC C ommands veri fy Unsupporte d Privileged E XEC Commands f ile v erify auto show cabl e-diagnostics prbs test cable-diagnosti[...]

  • Pagina 951

    C-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(55)SE RADIUS Unsupporte d Interface Configuration Commands priority-gr oup rate-limit Unsupporte d Policy-Map Configuration Command class class-default wh ere class-default is the class-map-name . RADIUS Unsuppo[...]

  • Pagina 952

    C-6 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE SNMPv3 SNMPv3 Unsupporte d 3DES Enc ryption Command s All Spanning Tree Unsupporte d Global Con figuratio n Command spanning-tree pathcost method { long | short } Unsupporte d Interface Configuration Comma[...]

  • Pagina 953

    C-7 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(55)SE VTP Unsupporte d VLAN Databa se Co mmands vtp vlan show vlan private-vlan VTP Unsupporte d Privileged E XEC Co mmands vtp { password pass wor d | pruning | version number } Note This com mand h as be en re[...]

  • Pagina 954

    C-8 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE VTP[...]

  • Pagina 955

    A- 1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX A Recommendations for Upgrading a Catalyst 2950 Switch to a Catalyst 2960 Switch This app endix describe s the conf iguratio n compatibility issues and the featu re beha vior dif ferences that you mi ght enc ounter w hen you u pgrade a Ca talyst 2950 s witch to a[...]

  • Pagina 956

    A- 2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A Recommendation s for Upgradi ng a Catalyst 2950 Switch to a C atalyst 2960 Switch Conf igu rat ion Comp ati bil ity Is sues T able A -1 Ca talyst 2950 and 296 0 S witch Configur ation In compatib ilities Feature C ataly st 2950 Switch Comman d and Exp lanation[...]

  • Pagina 957

    A-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Recommen dations f or Upgradi ng a Catalyst 2950 Sw itch to a Cataly st 2960 Switch Configuration Compatibility Issues IEEE 802.1x I n Cisco IOS 12 .1EA, the Ca talyst 295 0 switch range s for t he IEE E 802.1 x server-timeou t, supp -time out, a nd tx-pe riod [...]

  • Pagina 958

    A- 4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A Recommendation s for Upgradi ng a Catalyst 2950 Switch to a C atalyst 2960 Switch Conf igu rat ion Comp ati bil ity Is sues QoS 2 There i s limite d QoS c onfi guration co mpatibility between the Cataly st 2950 switch an d the Catalyst 2960 switch. W e recomme[...]

  • Pagina 959

    A-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Recommen dations f or Upgradi ng a Catalyst 2950 Sw itch to a Cataly st 2960 Switch Feature Behavior Incompatibilities Feature Behavior In compatibilities Some fe ature s behave differently on the Ca talyst 2950 an d Cat alyst 2 960 sw itches, a nd som e fea tu[...]

  • Pagina 960

    A- 6 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A Recommendation s for Upgradi ng a Catalyst 2950 Switch to a C atalyst 2960 Switch Featu re Be havi or Inco mpat ib ilit ies • RSP AN The Catalyst 2950 switch uses an ext ra port, called the reflector port, for its RSP AN implementation. This is not ne cessar[...]

  • Pagina 961

    IN-1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 INDEX A abbrev iati ng comm ands 2-3 AC (c omma nd sw itc h) 6-10 acces s-class comma nd 31-17 acces s contr ol entries See ACEs access-de nied r espons e, VM PS 13-23 access group s Layer 3 31-19 access group s, appl ying IPv4 AC Ls to interf aces 31-18 acce ssing cluste[...]

  • Pagina 962

    Index IN-2 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 matc hi ng 31-7, 31-19 monitori ng 31-24 named, IPv4 31-13 number pe r QoS class map 33-38 port 31-2 prece denc e of 31-2 QoS 33-8, 33-48 resequenc ing entr ies 31-13 router 31-2 standard IP, configur ing for QoS cla ssification 33-48 standa rd IPv4 crea ting 31-8[...]

  • Pagina 963

    Inde x IN-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 key 9-13 login 9-14 See also por t-based au then ticatio n authenti cation co mpatibility with Catal yst 6000 switch es 10-9 authenti cation f ailed V LAN See rest ricted VLAN authe nticat ion mana ger CLI co mmands 10-10 compatibilit y with older 802.1x CLI comm a[...]

  • Pagina 964

    Index IN-4 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 boot loa der, f unction of 3-2 boot pr ocess 3-2 manually 3-19 spe cif ic im a ge 3-20 boot loader acce ssing 3-21 describe d 3-2 enviro nment variab les 3-21 pr ompt 3-21 trap- door mech anism 3-2 BPDU erro r-dis able d state 18-3 filtering 18-3 RSTP form at 17-1[...]

  • Pagina 965

    Inde x IN-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 CiscoWorks 200 0 1-5, 30-4 CISP 10-34 CIST reg ional r oot See MSTP CIST root See MSTP civ ic lo cat ion 26-3 class maps fo r QoS config uring 33-51 describe d 33-8 displaying 33-79 class of service See CoS clearin g inte rfaces 12-38 CLI abbrev iati ng comm ands 2[...]

  • Pagina 966

    Index IN-6 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 embedde d agent s describe d 4-5 enab ling a utoma ted c onfig uratio n 4-6 enabli ng conf igur ation ag ent 4-9 enab lin g eve nt agen t 4-7 manageme nt funct ions 1-6 CoA Request Comman ds 9-23 Coarse Wav e Division Mu ltiplexe r See CWDM SFPs comm and-l ine i n[...]

  • Pagina 967

    Inde x IN-7 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 uploadin g prep aring A-11, A-13, A-16 reasons for A-9 using FTP A-15 using RC P A-18 using T FTP A-12 config urati on logger 29-11 config urati on logging 2-4 config urati on repla cement A- 19 config urati on rollbac k A-19, A-20 config urati on settings , savin [...]

  • Pagina 968

    Index IN-8 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 EtherC hannel 37-11 Etherne t interf aces 12-23 Flex Links 19-8 IGMP f ilte ring 22-24 IGMP sn ooping 22-7, 36-6 IGMP throttling 22-24 initial switc h information 3-3 IP SLAs 32-5 IP source gua rd 20-16 IPv6 35-6 Layer 2 int erface s 12-23 LLDP 26-5 MAC a ddress t[...]

  • Pagina 969

    Inde x IN-9 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 config uring 3-11 to 3-14 underst anding 3-5 to 3-6 DHCP bind ing database See DHCP snooping binding da tabase DHCP bi nding table See DHCP snooping binding da tabase DHCP opt ion 82 circuit ID suboption 20-5 config urati on guideli nes 20-9 default confi guration [...]

  • Pagina 970

    Index IN- 10 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 overvi ew 5-16 setting up 5-17 support fo r 1-6 domain nam es DNS 5-16 VTP 14-10 Domain N ame Syste m See DNS dow nloa dabl e ACL 10-21, 10-23, 10-65 dow nloa di ng config urati on files prep aring A-11, A-13, A-16 reasons for A-9 using FTP A-13 using RC P A-17 [...]

  • Pagina 971

    Inde x IN- 11 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 log buffer clearin g 21-16 config uring 21-13 displaying 21-16 logging of dro pped pa ckets, described 21-5 man-in-t he mi ddle at tack, de scribe d 21-2 networ k secur ity issue s and i nterfac e trust s tates 21-3 priority o f ARP A CLs and DHCP sn ooping entri[...]

  • Pagina 972

    Index IN- 12 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 support fo r 1-4 with du al- action detec tion 37-6 port-chan nel interfa ces describe d 37-4 numberi ng of 37-4 port gr oups 12-4 stack ch an ges, ef fects of 37-10 support fo r 1-4 EtherC hannel guard describe d 18-10 disabling 18-18 enab lin g 18-18 Ethern et[...]

  • Pagina 973

    Inde x IN- 13 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 file system displaying ava ilable f ile syst ems A- 2 displaying file in formation A-3 local file system nam es A- 1 network fil e system names A-5 setting the default A-3 filtering non-IP tra ffic 31-22 show and mor e comm and out put 2-9 filtering show and more[...]

  • Pagina 974

    Index IN- 14 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 history chan ging t he b uffer siz e 2-5 describe d 2-5 disabling 2-6 recal ling co mman ds 2-6 history t able, level and numbe r of sy slog me ssages 29-10 host names, i n clusters 6-13 hosts, limit on dynami c ports 13-28 HP OpenView 1-5 HQATM sp ace 38-26 HSR[...]

  • Pagina 975

    Inde x IN- 15 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 disabling 22-15, 36-11 supported ve rsions 22-3 support fo r 1-4 IGMP f ilte ring config uring 22-24 default confi guration 22-24 describe d 22-23 monitoring 22-28 support fo r 1-4 IGMP gr oups configurin g filtering 22-27 setting the maximum number 22-26 IGMP Im[...]

  • Pagina 976

    Index IN- 16 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 interf aces ran ge macro command 12-19 interfac e types 12-16 Intern et Protocol version 6 See IPv6 inter-VLA N routing 34-1 Intrusion De tection System See IDS appliances inventor y mana gement TLV 26-3, 26-7 IP ACLs for QoS clas sificat ion 33-8 implici t deny[...]

  • Pagina 977

    Inde x IN- 17 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 config urati on guideli nes 20-16 default confi guration 20-16 describe d 20-14 disabling 20-18 displaying active IP or MAC b inding s 20-22 bindings 20-22 configuratio n 20-22 enab lin g 20-17, 20-18 filtering source IP addr ess 20-15 source IP and MAC ad dress [...]

  • Pagina 978

    Index IN- 18 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 multicas t traffic 38-16 mul tipl e devi ces on a po rt 38-17 unicast traf fic 38-16 usage gu idel ines 38-16 Layer 3 fe atures 1-15 Layer 3 int erface s assigning IP ad dresses to 34-4 assi gn ing IPv6 ad dress es to 35-7 chan ging fr om L ayer 2 mode 34-4 Laye[...]

  • Pagina 979

    Inde x IN- 19 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 displaying 5-30 displayi ng in the IP source bindin g table 20-22 dynam ic lear ning 5-21 removi ng 5-23 in ACLs 31-22 static adding 5-27 allowing 5-29, 5-30 char acte rist ics of 5-27 droppin g 5-29 removi ng 5-28 MAC a ddress learni ng 1-6 MAC a ddress learning[...]

  • Pagina 980

    Index IN- 20 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 passwords 6-13 recove ring fr om l ost co nnec tivity 38-12 requir ements 6-4 See also cand idate switc h, cluster standby grou p, and standby comma nd switc h memory consisten cy check er rors displaying 38-27 exam ple 38-27 memory consist ency c heck r outines[...]

  • Pagina 981

    Inde x IN- 21 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 operati ons betwee n regions 17-4 default confi guration 17-16 defau lt option al featur e config urat ion 18-12 displaying status 17-28 enab ling th e mod e 17-17 EtherC hannel g uard describe d 18-10 enab lin g 18-18 exten ded sy stem ID effec ts on ro ot swit [...]

  • Pagina 982

    Index IN- 22 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 and IGMP v3 22-20 config urati on guideli nes 22-20 configur ing interfaces 22-21 default confi guration 22-19 describe d 22-17 example app lication 22-18 modes 22-21 monitori ng 22-23 multicast t elevision a pplication 22-18 setting global paramete rs 22-20 sup[...]

  • Pagina 983

    Inde x IN- 23 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 default confi guration 5-5 displaying the c onfigur ation 5-12 overvi ew 5-3 restr icting access creatin g an access grou p 5-9 disabling NT P services pe r interface 5-11 source IP add ress, config uring 5-11 stratum 5-3 support fo r 1-6 synchroniz ing devic es [...]

  • Pagina 984

    Index IN- 24 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 Cisco intell igent power ma nageme nt 12-5 config uring 12-30 cutoff pow er determining 12-8 cutoff -powe r support fo r 12-8 devices supp orted 12-5 high-po wer devices ope rating in lo w-power mode 12-6 IEEE p ower class ifica tion levels 12-6 monitori ng 12-8[...]

  • Pagina 985

    Inde x IN- 25 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 config uring 10-65 to 10-67, ?? to 10-68 overvi ew 10-21 to 10-23 EAPO L-st art f ram e 10-6 EAP-request/ide ntity frame 10-6 EAP-response/iden tity frame 10-6 enab lin g 802.1X a uthenticati on 11-11 enca psul ation 10-3 flexible au thenticatio n ordering config[...]

  • Pagina 986

    Index IN- 26 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 port priority MSTP 17-21 STP 16-18 ports acces s 12-3 blocking 23- 7 dual-purp ose up link 12-4 dynami c access 13-4 protec ted 23-6 secure 23-9 static-access 13-3, 13-9 switch 12-2 trunks 13-3, 13-13 VLAN assignments 13-9 port security agi ng 23-17 and QoS tru [...]

  • Pagina 987

    Inde x IN- 27 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 categor izing tra ffic 33-22 config urati on and defau lts displa y 33-35 config urati on guideli nes 33-32 describe d 33-21 disabling 33-34 displaying gene rated c ommands 33-34 displaying the in itial configuratio n 33-35 effec ts on ru nning confi gurati on 33[...]

  • Pagina 988

    Index IN- 28 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 mapping D SCP or CoS value s 33-67 priorit y que ue, de scribe d 33-17 sc hedu ling , de scr ibed 33-4 setting WTD thresholds 33-67 WTD , des cri bed 33-16 IP phones automatic c lassificatio n and qu eueing 33-21 detection and truste d settings 33-21, 33-43 limi[...]

  • Pagina 989

    Inde x IN- 29 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 suggeste d network en viro nments 9-19 support fo r 1-12 tracki ng se rvic es acce ssed by us er 9-35 RADIUS Change of Aut horizatio n 9-20 range macro 12-19 of inter faces 12-17 rapid co nverg ence 17-11 rapid per- VLAN spann ing-tr ee plus See rapid PVST + rapi[...]

  • Pagina 990

    Index IN- 30 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 1166, IP addresse s 34-4 1305, N TP 5-3 1757, RM ON 28-2 1901, SN MPv2C 30-2 1902 to 1907, SN MPv2 30-2 2236, IP mult icast an d IGMP 22-2 2273-2275 , SNMPv3 30-2 RFC 5176 Compl iance 9-21 RMON default confi guration 28-3 displaying sta tus 28-6 enab ling alarms[...]

  • Pagina 991

    Inde x IN- 31 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 running conf igurati on, s aving 3-15 S SC (standby com mand switc h) 6-10 sche dul ed re loa ds 3-22 SCP and SSH 9-52 config uring 9-53 SDM templates config uring 8-4 number of 8-1 SDM templa te config urati on guideli nes 8-3 config uring 8-3 types of 8-1 Secur[...]

  • Pagina 992

    Index IN- 32 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 describe d 30-4 disabling 30-7 and IP SL As 32-2 authenti cation l evel 30-10 communi ty strings config uring 30-8 for cluster switch es 30-4 overvi ew 30-4 config urat ion exam ples 30-17 default confi guration 30-6 engine ID 30-7 groups 30-7, 30-9 host 30-7 if[...]

  • Pagina 993

    Inde x IN- 33 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 recei ved tra ffic 27-5 sessions conf igur in g ingr ess fo rwar ding 27-15, 27-22 crea ting 27-12 defined 27-4 limiting sourc e traffic to specific VLAN s 27-16 removing destinatio n (monitoring) ports 27-13 specifying mo nitore d ports 27-12 with ingress traf f[...]

  • Pagina 994

    Index IN- 34 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 See also stacks, switch stack me mber nu mber 12-16 stack pro tocol ver sion 7-9 stacks, switch accessing CLI of sp ecific member 7-21 assigning in formation member nu mber 7-19 priority value 7-20 provis ionin g a new memb er 7-20 auto -adv ise 7-11 auto-c opy [...]

  • Pagina 995

    Inde x IN- 35 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 See cluste r standby group and HS RP standby links 19-2 startup co nfigu ratio n booting manually 3-19 spe cif ic im a ge 3-20 clearin g A-19 config urati on file automatically downloadin g 3-18 specifying t he filename 3-18 default boot co nfigurat ion 3-18 stat[...]

  • Pagina 996

    Index IN- 36 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 disabling 16-16 displaying sta tus 16-24 EtherC hannel g uard describe d 18-10 disabling 18-18 enab lin g 18-18 exten ded sy stem ID effec ts on ro ot swit ch 16-16 effec ts on the second ary r oot sw itch 16-18 overvi ew 16-4 unexpec ted b ehavio r 16-16 featu [...]

  • Pagina 997

    Inde x IN- 37 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 See also cl usters, sw itch switch co nsole port 1-7 Switch Data base Mana gement See SDM Switched Port A nalyzer See SPAN switch ed ports 12-2 swi tchpor t bac kup inte rfac e 19-4, 19-5 switchpor t block multicast co mmand 23-8 switchp ort block uni cast co mma[...]

  • Pagina 998

    Index IN- 38 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 support fo r 1-12 tracki ng se rvic es acce ssed by us er 9-17 tar fi les crea ting A-6 displaying t he contents of A-7 extractin g A-7 image fi le format A-2 4 TCAM memory consisten cy check er rors displaying 38-27 exam ple 38-27 memory consist ency c heck r o[...]

  • Pagina 999

    Inde x IN- 39 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 traffic suppr ession 23-2 transmit hol d-co unt see STP transp arent m ode, VTP 14-4 trap- door mech anism 3-2 traps configurin g MAC address notification 5-23, 5-25, 5-26 con figu rin g mana gers 30-12 defined 30-3 enab lin g 5-23, 5-25, 5-26, 30-12 notificat io[...]

  • Pagina 1000

    Index IN- 40 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 config urati on guideli nes 5-28 describe d 5-28 unicast storm 23-1 unicas t storm cont rol comma nd 23-4 unicast tra ffic, bloc king 23-8 UniDir ectiona l Li nk Dete ction protoc ol See UDLD UNIX syslog servers daemon c onfigura tion 29-13 facilities su pported[...]

  • Pagina 1001

    Inde x IN- 41 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 confir ming 13-26 modes 13-3 VLAN Quer y Protocol See VQP VLANs adding 13-8 adding to VL AN datab ase 13-8 aging dyn amic ad dresse s 16-9 allowe d on trunk 13-17 and sp anning- tree in stance s 13-3, 13-6, 13-11 config urati on guidel ines , extend ed-r ange VLA[...]

  • Pagina 1002

    Index IN- 42 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 IP phone voice traf fic, d escrib ed 15-2 VQP 1-9, 13-22 VTP adding a cl ient to a d omain 14-17 advertisements 13-15, 14-4 and exte nded -rang e VLAN s 13-2, 14-2 and nor mal-rang e VLA Ns 13-2, 14-2 client mode, confi guring 14-13 configuratio n guideline s 14[...]

  • Pagina 1003

    Inde x IN- 43 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 X Xmodem prot ocol 38-2[...]

  • Pagina 1004

    Index IN- 44 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09[...]