Cisco Systems 2950 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Cisco Systems 2950, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Cisco Systems 2950 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Cisco Systems 2950. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Cisco Systems 2950 should contain:
- informations concerning technical data of Cisco Systems 2950
- name of the manufacturer and a year of construction of the Cisco Systems 2950 item
- rules of operation, control and maintenance of the Cisco Systems 2950 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Cisco Systems 2950 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Cisco Systems 2950, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Cisco Systems service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Cisco Systems 2950.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Cisco Systems 2950 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Corporate He adquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 Catal yst 2950 and Catal yst 2955 S witc h S of tware C onf iguration Guide Cisco IOS Release 12.1(20) EA 2 May 2 0 04 Custome r Order Numb er: DO C-78113 80= Text Pa rt[...]

  • Page 2

    THE SPECIFICATIONS AND INFORMATION REG ARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOU T NOTICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TAKE FULL RESPON SIBILITY FOR THEIR AP PLICATION OF ANY PRO[...]

  • Page 3

    iii Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 CONTENTS Preface xx ix Audienc e xxix Pur pose xx ix Conv enti ons xxx Rela te d Publi cation s xxxi Obtain ing Docu mentati on xxxi Cisco. com xxxi Orderi ng Documenta tion xxxii Document ation F eedback xxxi i Obtain ing Tec hnical As sist anc e xxxii Cisco Te c[...]

  • Page 4

    Cont ent s iv Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 CHAPTER 2 Using t he Command -Line I nterface 2-1 Cisco I OS Command Modes 2-1 Gettin g Help 2-3 Abbrevi ating Comma nds 2-4 Using no an d defau lt Forms of Commands 2-4 Underst anding CL I Message s 2-5 Using Comma nd History 2-5 Changin g the Comma nd Hi[...]

  • Page 5

    Content s v Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Config urin g Alarm Prof iles 3-9 Creati ng or Modif ying an Alar m Pro file 3-9 Attachi ng an Alar m Profile to a Specifi c Port 3-10 Enab ling S NMP T raps 3-11 Displa ying Cata lyst 2955 Switch Al ar ms Statu s 3-11 CHAPTER 4 Getting Started with CMS 4-[...]

  • Page 6

    Cont ent s vi Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 CHAPTER 5 Assigni ng the Switch IP Addr ess and Default Gateway 5-1 Underst anding th e Boot Pr oc ess 5-1 Assigni ng S witch Infor matio n 5-2 Defaul t Switch In format ion 5-3 Underst anding DHCP -Base d Aut oconf ig uration 5-3 DHCP Clie nt Reque st Pro[...]

  • Page 7

    Content s vii Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Underst anding CNS Emb edded Ag ent s 6-5 Initia l Co nfigur atio n 6-5 Incre m en ta l (P ar tial) Conf ig ur at ion 6-6 Synch ron ized C onf igur ation 6-6 Config urin g CNS Embe dded Age nts 6-6 Enabli ng Auto mate d CNS Confi g urati on 6-6 Enabl ing[...]

  • Page 8

    Cont ent s viii Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Creati ng a Switch Clus ter 7-18 Enabli ng a Command S witch 7-18 Adding Membe r Switches 7-19 Creati ng a Cluste r Stand by Gr oup 7-21 Verif ying a Switc h Cluster 7-22 Using th e CLI to Man age Swit ch Cluste rs 7-23 Cata lyst 1 900 a nd Cata lyst 282[...]

  • Page 9

    Content s ix Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Managing the MAC Address Table 8-2 1 Buildi ng the A ddr ess Tab le 8-22 MAC Addresse s and VLANs 8-22 Defaul t MAC Addres s Tab le Conf igurat ion 8-23 Changin g the Add ress Aging Time 8-23 Removing Dyna mic Addr ess Ent ries 8-24 Config urin g MAC Addr[...]

  • Page 10

    Cont ent s x Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Config urin g RADI US 9-20 Defaul t RADIUS Confi gu ration 9-20 Identi fying t he RADI US Serv er Host 9-21 Config urin g RADI US Login A uth enti cat ion 9-23 Defini ng AAA Server Groups 9-25 Config urin g RADI US Authori zation f or User Pri vi leged Acce[...]

  • Page 11

    Content s xi Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Config urin g th e Switch -t o-RADI US- Server Commun icat io n 10-13 Enabli ng P eriodi c Re-A uthenti cation 10-14 Manuall y Re-A uthenti cating a Cli ent Co nnect ed to a Port 10- 15 Changin g the Qui et Perio d 10-15 Changin g the Swi tch-to- Client R[...]

  • Page 12

    Cont ent s xii Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 CHAPTER 12 Configur ing S martports Macros 12-1 Underst anding Smar tports Macros 12-1 Config urin g Smar tport s Macros 12-2 Defaul t Smar tports Macro C onfig uratio n 12-2 Smartpor ts Macr o Con figurat ion Guid elines 12- 3 Creati ng Smart ports Macro[...]

  • Page 13

    Content s xiii Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Config urin g CPE Togg le 13-22 Config urin g Syslog Exp ort 13-22 Upgradi ng LRE Switc h Fi rmware 13-23 Config urin g for an LRE Upg rade 13-24 Perf ormi ng a n LR E Up grad e 13-24 Global Conf igurat ion of LRE Upgrades 13-25 Contro ller Confi gurati[...]

  • Page 14

    Cont ent s xiv Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Config urin g the Switch Priorit y of a VLAN 14-20 Config urin g Spanning -Tree T ime rs 14-2 1 Config urin g th e Hello Time 14-21 Config urin g th e Forwar ding-Del ay Time for a VLAN 14-22 Config urin g th e Maximum-A ging Time fo r a VLAN 14-22 Config[...]

  • Page 15

    Content s xv Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Specif ying the Li nk Typ e to Ensure Rapid Trans itions 15-22 Restar ting t he Pr otocol Migrat ion Pr ocess 15-2 2 Displa ying the MST Co nfig ura tion and St atus 15-23 CHAPTER 16 Configur ing Opti onal Spanning -Tree Featu res 16-1 Underst anding Opt [...]

  • Page 16

    Cont ent s xvi Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Config urin g Nor mal-Ra nge VLANs 17-4 Token Ri ng VLANs 17-5 Normal- Range VLAN Conf igurat ion Guide lines 17-5 VLAN Confi gurati on Mode Option s 17-6 VLAN Confi gurati on in confi g-vlan Mode 17-6 VLAN Confi gurati on i n VLAN Config uration Mode 17-[...]

  • Page 17

    Content s xvii Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Config urin g the VMPS Clie nt 17 -28 Enter ing the IP Ad dres s o f the V MP S 17-28 Config urin g Dynamic Acce ss Port s on VMPS Cli ents 17-28 Reco nfirm ing V LA N Me mber ship s 17-29 Changin g the Rec onfirmat ion Int er val 17-29 Changin g the Re[...]

  • Page 18

    Cont ent s xviii Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 CHAPTER 19 Configur ing V oice VLAN 19-1 Underst anding Voi ce VLAN 19-1 Config urin g Voi ce VLAN 19-2 Defau lt V oic e VLA N Co nfig urat ion 19 -2 Voice VLA N Config urat ion Guidel ines 19-3 Config urin g a Port to Con nect to a Cisco 7960 IP Ph one[...]

  • Page 19

    Content s xix Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Config urin g IGMP Snoop ing 21-6 Defaul t IGMP Snoo ping Co nfigura tion 21-6 Enabli ng o r Disab ling I GMP Snoop ing 21-7 Setti ng the Sno opi ng Metho d 21-8 Config urin g a Multi cas t Route r Port 21-9 Config urin g a Host Stati ca lly to Joi n a G[...]

  • Page 20

    Cont ent s xx Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Config urin g Port Secur ity 22-7 Underst andi ng Po rt Secu rity 22-7 Secure MAC Add resses 22-7 Secu rit y Viol atio ns 22-8 Defaul t Por t Secu rity C onfi guratio n 22-9 Port S ecu rity Conf igur atio n Gui deli nes 22-9 Enabli ng a nd Confi guring Por[...]

  • Page 21

    Content s xxi Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 CHAPTER 25 Configur ing S PAN and RSPAN 25-1 Underst anding SPA N and RSPAN 25-1 SPAN a n d RS P A N Conc ep t s and Te rm in ol og y 25-3 SPAN Sessi on 25-3 Traffi c Typ es 25-3 Source Po rt 25-4 Destin atio n Por t 25-4 Reflec tor Po rt 25 -5 SPAN Traf[...]

  • Page 22

    Cont ent s xxii Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 CHAPTER 27 Configur ing Syst em Me ssage Logging 27-1 Underst anding Sy stem Messa ge Logging 27-1 Config urin g Sys tem Messag e Logging 27-2 System Log Message Forma t 27-2 Defau lt S yst em M ess age L ogg ing Config ura tion 27-3 Disab ling an d En a[...]

  • Page 23

    Content s xxiii Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 CHAPTER 29 Configur ing Network Secur ity with ACLs 29-1 Underst anding ACL s 29-2 Handli ng Fragment ed and Unfra gmente d Tr affic 29-3 Unde rsta nding Ac cess C on trol Pa ram eters 29-4 Guidel ines f or Applyi ng ACLs to Phy sical In terf aces 29-5[...]

  • Page 24

    Cont ent s xxiv Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Queuein g and Sche duling 30-8 How Clas s of S ervice Works 30-8 Port Pr iori ty 30-8 Port Sche dul ing 30-8 Egress CoS Queues 30-9 Config urin g Auto-QoS 30-9 Generat ed Auto- Q oS Confi gur atio n 30-10 Effect s of Auto-Q oS on the Co nfigura tion 30-1[...]

  • Page 25

    Content s xxv Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 CHAPTER 31 Configur ing E therChannel s 31-1 Underst anding Et herCh ann els 31-1 Underst andi ng Po rt-Ch annel In terface s 31-2 Underst anding the Port Ag grega tion P rotocol and L ink Aggregat ion Pr otoco l 31-3 PAgP and LACP Modes 31-4 Physic al L[...]

  • Page 26

    Cont ent s xxvi Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Using Laye r 2 Tr ace ro ute 32-16 Underst anding La yer 2 Tr ace route 32-16 Usage Gu ideli nes 32 -17 Displa ying t he Ph ysic al Path 32-18 Diagnos ing LRE Conn ecti on Pr oble ms 32-18 Using Deb ug Commands 32-19 Enabli ng Debug ging on a Spe cific F[...]

  • Page 27

    Content s xxvii Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Copyin g Configur atio n Fi les By Usin g FTP B-1 2 Prepa ring to Downlo ad or U pload a C onfig urat ion File B y U sing F TP B-13 Download ing a Con fi gurati on File By Us ing FTP B-13 Uploadi ng a Conf igurat ion File By Using FTP B-14 Copyin g Con[...]

  • Page 28

    Cont ent s xxvii i Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10[...]

  • Page 29

    xxix Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Preface Audience This gu ide i s for the ne tworki ng profe ssional m anag ing th e Cata lyst 2 950 and 2955 s witc he s, he re after referr ed to as the switche s. Befo re using thi s guide , you shou ld have e xperience work ing with the Cisco IOS and be fam il[...]

  • Page 30

    xxx Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Preface Conv ent ions This gu i de pr ovide s proce du res for using th e com mands tha t have been cr eated or change d for u se wit h the switc h. It doe s not pro vide detailed information about these commands. For detailed informati on about t hese co mman ds, r[...]

  • Page 31

    xxxi Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Pre face Related Publ icati ons Related Publications These docum ents pro v ide co m plete in for matio n about the switc h and are av ailable from this Cisco.com site: http://www .ci sco.com/uni v ercd/cc/t d/doc/produ ct/lan/cat295 0/inde x.htm Y ou can order p[...]

  • Page 32

    xxxii Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Preface Docum ent ation Fe edback Y ou can acce ss internati onal Cisco webs ites at this URL : http://www .cisco .com/public/co untries_langu ages.shtml Ordering Docume ntation Y ou can find ins tr uct ions for or deri ng do cu me nta tio n at this URL: http://ww[...]

  • Page 33

    xxxii i Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Pre face Ob taining Technical Assistance Cisco Tec hnical Supp ort Webs ite The Ci sco T echnical Su pport W e bsite provide s onl ine do cume nts a nd tools fo r tr oub lesho oting a nd resolving techn ical i ssues wit h Cisco product s and tec hnologi es. Th[...]

  • Page 34

    xxxiv Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Preface Obtainin g Addi ti ona l Publicat io ns and Info rmatio n Obtaining Ad ditional Public ations and In formation Informa tion ab out Cisco pro ducts, tec hn ologie s, and net wor k solutions is available from various onlin e and printe d source s. • Cisco [...]

  • Page 35

    C HAPTER 1-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 1 Overview This c hapt er p rovides the se topic s a bout the C atalyst 2950 a nd Ca talyst 2955 sw itch so ftware: • Feat ures , page 1- 1 • Managem ent Options, page 1-8 • Network Configu ratio n Exa mp les, pa ge 1-1 0 • Where to Go Next, page 1-[...]

  • Page 36

    1-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Feature s Certai n Cis co Long-Re ach Eth ernet (LR E) cus tomer pr emises eq uipmen t (CPE) de vices are not supported by c ertain C atalyst 2950 LRE sw itches. In Ta b l e 1 - 2 , Ye s means t hat the CPE is supp orted by the switch; No mea[...]

  • Page 37

    1-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Features • Hot Sta ndby Rout er Pr otoc ol ( H SRP) for c omma nd-sw itch re du ndancy . The red und an t comm an d switche s u sed f or HSRP m ust have compat ibl e so ft ware rel ease s. Note Se e the “ Advantages of Using CMS and Cl usterin[...]

  • Page 38

    1-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Feature s Note DHCP repla ces the Bootstra p Protoc ol (BO O TP) featu re autoc onfiguratio n to e nsure re triev al of conf iguration fil es by unicast TFTP messages. BOO TP is a v ailable in earlier so ftware release s for th is sw itch. ?[...]

  • Page 39

    1-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Features • IEEE 802. 1s Multipl e Spanni ng T ree Protocol (MSTP) for gr ouping VL ANs into a spa nning-tr ee instan ce and for pr oviding mul tiple for warding pat hs for data traff ic and load balanci ng and rapi d per-VLAN Spanni ng-T ree pl [...]

  • Page 40

    1-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Feature s • DHCP snooping to filter untrusted DHCP m essages between untrusted hosts a nd DHC P servers (a v ailable on ly with the EI ) • Multile v el securit y for a choice o f security l ev el, notif ication, a nd resulti ng actions ?[...]

  • Page 41

    1-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Features Monitoring • Switch LEDs that pro vide visu al port an d switch stat us • Switc hed P o rt A nal yz er (S P AN) and Re m ot e S P AN (RSP AN) fo r tra ffic monit oring on any po rt or VLAN Note RSP AN is av ailab le only in the EI. ?[...]

  • Page 42

    1-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Managem e nt Optio ns • Upstr eam po wer ba ck-of f mechanism f or normali zation of the upst ream rece i ve po wer lev els by requiring th e CPE de vices on shorter lin es to transmit at a lower p ower le vel th an the CPEs on lo n ger lin[...]

  • Page 43

    1-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Manageme nt Options Advantage s of Usin g CMS and Clustering Switches Using CMS and switch clust ers can simp lify an d minimiz e your configura tion and mon itoring t asks. Y ou can use Cis co switch clu stering tec hnology to manage up to 16 int[...]

  • Page 44

    1-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Network Config uration E xamples This se cti on pr ovides ne twork co nfiguration c once pts and inc lude s examples of using th e s wit ch to creat e dedica ted network segment s and int erconne ctin g the[...]

  • Page 45

    1-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Network Configuration Examples Figure 1-1 sh ows conf igurati on exampl es of using the Catalyst switches to create these networks: • Cost-e ff ecti v e wiring closet—A co st-ef fe ctiv e w ay to connec t many users to the wir ing clo set is [...]

  • Page 46

    1-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples – GigaStack G BIC mo dule f or c reati ng a 1- Gbps stac k configurat ion of u p to nine support ed switches. The GigaStack GBI C support s one full-d uplex link (in a point- to-poin t configurat ion) or [...]

  • Page 47

    1-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Network Configuration Examples Small to Medium-Sized Network Configuration Figure 1-2 sh ows a con figurat ion for a n etwork th at has u p t o 25 0 u ser s. User s in t his n etwor k re quir e e-mail, f ile-sharing, database, and Inter net acces[...]

  • Page 48

    1-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Servers are co nnected t o the GBIC mo dule port s on the switche s, allowing 1-G bps throug hput to us ers when ne eded. Whe n the switch and s erv er ports ar e conf igur ed for full-du ple x opera tion, [...]

  • Page 49

    1-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Network Configuration Examples Figur e 1 -3 Collapsed Back bone and S witc h Clust er Configur ation Hotel Network Configuration Figure 1-4 shows Catalyst 2950ST -8 LRE and 295 0ST -24 LRE switche s in a hotel network en vironment with appr oxi m[...]

  • Page 50

    1-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Note All telephones not di rectly connec ted to the hotel room CPE devi ce requir e microf ilters with a 300-oh m termination . Microf ilters impro ve v oice call quali ty when v oice and data equipment are[...]

  • Page 51

    1-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Network Configuration Examples Figur e 1 -4 Networ k Hotel Conf igur ation Cisco 575 LRE CPE PSTN PBX Floor 3 Floor 4 Rooms and users Rooms and users Cisco LRE 48 PO TS splitters Cisco 2600 router Ser vers Catalyst 2950ST -8 LRE and 2950ST -24 LR[...]

  • Page 52

    1-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Service-Provider Central-Office Configur ation Figure 1-5 shows th e Cataly st 2950ST -24 LRE 997 sw itches in a service-p rovider centr al-off i ce networ k en v iron ment. Th e Ca talyst 2950ST -24 LRE 99[...]

  • Page 53

    1-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Network Configuration Examples Figur e 1 -5 Service Pr o vider Cen tral Office Configur ation Large C ampus C onfiguration Figure 1-6 shows a c on f i gur atio n fo r a n etw ork of m ore th an 1 0 00 users. Be ca us e it ca n ag gr e g ate up to[...]

  • Page 54

    1-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex amples Figur e 1 -6 Lar ge Campus Confi gurat ion Multidwelling Network Usi ng Catalyst 2950 Switches A growing segmen t of residen tial a nd co mmer cial cu stome rs ar e requir ing h igh-spe ed acc ess t o Ether[...]

  • Page 55

    1-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 1 Overview Network Configuration Examples All por ts on t he resid ent ial C ata lyst 29 50 a nd 295 5 swit ches (a nd Cat aly st L RE switch es if t hey are include d) are co nfigured as 80 2.1Q trunks wit h prote cted po rt and STP r oot guar d featu res [...]

  • Page 56

    1-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Ch ap ter 1 Ov er vi ew Where to Go Nex t Long-Distan ce, High-Ba ndwidth T ransport C onfiguration Note T o u se the f eat ure de scri bed in thi s sec tio n, yo u m ust have the EI inst alle d on your s wit ch. Figure 1-8 shows a configuration for transport i ng [...]

  • Page 57

    C HAPTER 2-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 2 Using the Command-Line Interface This c hap ter de sc ribe s the Ci sco IO S com ma nd-lin e inter face (C LI) that you ca n use t o configure y our Catalyst 295 0 and Catalyst 29 55 switche s. It cont ains these se ction s: • Cisc o IOS C omman d Mode [...]

  • Page 58

    2-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Cisco IOS Comm a nd Mode s Ta b l e 2 - 1 describes the ma in command mod es, ho w to access each on e, the prompt you s ee in that mode, an d ho w to exit the mode. The e xamples in the table use the host name S[...]

  • Page 59

    2-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 2 Using the Comm a nd-Line In terface Getting Help Getting Help Y o u can en ter a qu est ion ma rk (? ) at the sy s tem pr om p t to d i sp lay a lis t of co mm an d s a v ailab l e f or eac h comma nd mode . Y ou can also obtain a li st of asso ciated k e [...]

  • Page 60

    2-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Abbrevi at ing Comma nds Abbreviating Command s Y ou have to ente r on ly enou gh c hara cters for the switc h to re cogn ize the comma nd as un ique. T his exampl e shows how to ente r the show configuration pri[...]

  • Page 61

    2-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 2 Using the Comm a nd-Line In terface Understanding CLI Messages Understandin g CLI Message s Ta b l e 2 - 3 lists so me e rror me ssage s tha t y ou migh t e ncoun ter whi le using the C LI t o configure you r switch. Using Command History The software prov[...]

  • Page 62

    2-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Using E diting Feature s Recalling Commands T o recall c omman ds from the history buffer , pe rform one of the act ions listed in Ta b l e 2 - 4 : Disabling the Comma nd History Fe ature The c ommand histor y fe[...]

  • Page 63

    2-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 2 Using the Comm a nd-Line In terface Using Edit ing Featu res T o rec onf igur e a speci f ic line to ha v e enha nced e diting mode, en ter t his comm and in line conf i guration mode: Switch(config-line)# editing T o globally disable enhanc ed editing mod[...]

  • Page 64

    2-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Using E diting Feature s Editing C ommand Lines that Wrap Y ou can use a w rapa ro und f ea ture for c om mands tha t ext end b eyond a si ngle li ne o n the sc reen . W he n the cursor reaches the right mar gin,[...]

  • Page 65

    2-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 2 Using the Comm a nd-Line In terface Searching and Filtering Output of show and m o re Co mm ands Use lin e wrapping with the co mman d history fe ature to recall and modif y previous complex co mmand entries. F or i nformation about recalling pre v ious co[...]

  • Page 66

    2-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Access ing th e CLI from a Br owse r Accessing the CLI from a Bro wser This proc edure assu mes that you have met the soft ware requirem ents (includ ing browser and Java plug-in co nfigurat ions) and have assig[...]

  • Page 67

    C HAPTER 3-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 3 Configuring Catalyst 2955 Switch Alarms This se ction de scri bes how to configur e the d ifferent ala rms for th e Ca talyst 295 5 sw itc h. Note The alarms described in this chap ter are not a v ailable on the Catalyst 2950 switch. For complete syntax a[...]

  • Page 68

    3-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Catalyst 2955 Switch Alarms Underst anding Ca talyst 2955 Swit ch Alar ms Global Status Monitoring Ala rms The Cat alyst 2955 switch contain s faci lities for processing alarms related to temperatur e and po we r supply conditi ons. Thes e are [...]

  • Page 69

    3-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Cat alyst 2955 Swi tch Alarm s Understanding Catalyst 2955 Switch Alarms Port St atus Monito ring Ala rms The Cat alyst 2955 switch c an also m onitor the stat us of the E thernet ports an d genera te alar m message s based on the alarm s liste[...]

  • Page 70

    3-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Catalyst 2955 Switch Alarms Con fi gur ing C ata ly st 2955 S wit c h A la r m s • SNMP T raps SNMP is an appli cation - lay er pr ot oc ol that pro vides a mess a ge format for com mu ni cat ion be tween manage rs an d ag ents. T he SN MP sy[...]

  • Page 71

    3-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Cat alyst 2955 Swi tch Alarm s Configuring Catalyst 2955 Switch Alarms Configuring th e Power Su pply Alarm This se ction de scri bes how to c onfigure t he p ower suppl y al arm o n y our sw itch . It c ontai ns this conf iguration informatio [...]

  • Page 72

    3-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Catalyst 2955 Switch Alarms Con fi gur ing C ata ly st 2955 S wit c h A la r m s T o disa ble se nding the ala rm to a relay , to syslog, or to an SNMP serv er , use the no alarm facility power -supply relay , no alarm facility p ower -supply n[...]

  • Page 73

    3-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Cat alyst 2955 Swi tch Alarm s Configuring Catalyst 2955 Switch Alarms Associating the Temperature Ala rms to a Relay By defa ult, t he pr ima ry temp erat ure alarm is a sso ciat ed to the ma jor r elay . Y ou can us e the alarm facility tempe[...]

  • Page 74

    3-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Catalyst 2955 Switch Alarms Con fi gur ing C ata ly st 2955 S wit c h A la r m s Setting the FCS Erro r Threshold The swi tch generate s an FCS bit error rate alarm when the act ual FCS bi t error rate is close to the conf igured FCS bit error [...]

  • Page 75

    3-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Cat alyst 2955 Swi tch Alarm s Configuring Catalyst 2955 Switch Alarms Use t he no alarm facility fcs-hyster esis command to set the FCS error hysteresis threshold to its default va lu e . Note Th e show running conf ig command d is plays any F[...]

  • Page 76

    3-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Catalyst 2955 Switch Alarms Con fi gur ing C ata ly st 2955 S wit c h A la r m s This e xample cr eates or modif ies the al arm prof ile fast E for the fastEthernetPo rt with link-do wn ( alar mLi st ID 3) and an FCS error r ate of 30 percen t[...]

  • Page 77

    3-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Cat alyst 2955 Swi tch Alarm s Displaying Catal yst 2955 Switch Alarms Status This exam ple de ta ch es an a lar m pro file na m ed fastE from a port . Switch(config)# interface FastEthernet 0/2 Switch(config-if)# no alarm profile fastE Enabli[...]

  • Page 78

    3-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 3 Configuring Catalyst 2955 Switch Alarms Display ing Cata lyst 2955 Switch Al arms Status[...]

  • Page 79

    C HAPTER 4-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 4 Getting Started with CMS This chapt er contains t hese sect ions that desc ribe the Clust er Manage ment Suite (CM S) on the Catalyst 2950 or Catalyst 2955 switch: • “Under stand ing C MS” s ecti on on pa ge 4-1 • “Configuri ng CMS” section on[...]

  • Page 80

    4-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Started with CMS Unders tan din g CMS Topology View The T opo logy view displays a network ma p that uses ic ons represe nting swi tch cluster s, the comm and switch, clu ster members, clu ster candida tes, neighborin g dev ices that are not eligib[...]

  • Page 81

    4-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Star ted with CMS Understanding CMS • The feat ure bar sh ow s the featur es av ailable for the devi ces in you r cluster . By default, the featur e bar is in stand ard mod e. In this mode , the feat ure bar is always visi ble, and you ca n reduc[...]

  • Page 82

    4-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Started with CMS Unders tan din g CMS Figur e 4-2 F eatur es T ab and Sear ch T ab Note On ly featur es suppor ted by the devices in your cluster ar e displa yed in the feat ure bar . Y o u can sear ch for feat u res t hat a r e available f or y ou[...]

  • Page 83

    4-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Star ted with CMS Understanding CMS Online Help CMS provides co mprehen si ve online help t o assist you in und erstand ing and per formin g configuration and monito ring task s from the CMS windows. Online help is av ailabl e for fea tures th at a[...]

  • Page 84

    4-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Started with CMS Unders tan din g CMS Figur e 4-3 Guid e Mode and W izar ds Guide mode is not av ailable if your switc h access level is read-on ly . For more informat ion about the read- only acc ess mode, s ee the “Privilege Lev els” se ction[...]

  • Page 85

    4-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Star ted with CMS Configuring CMS Privilege Levels CMS pro vides tw o le v e ls of acce ss to the co nf igurat ion options: read-wr ite ac cess and read -only ac cess. If you know your privilege lev el, you must specify it in th e URL tha t you use[...]

  • Page 86

    4-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Started with CMS Conf igu rin g CMS CMS Requ irem ents This se cti on de scri bes th e ha rdwar e an d so ftwa re r eq uireme nts for r unnin g CMS: • “Mini mum Har dware Configurati on” secti on on page 4 -8 • “Op erating System an d Bro[...]

  • Page 87

    4-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Star ted with CMS Configuring CMS CMS Plug-In Y ou need to insta ll the CMS plug -in t o run CMS with yo ur we b browser . The plug-in is suppo rted both in W indows en vironments and on Solaris pl atform s. For more inform ation a bout the CMS plu[...]

  • Page 88

    4-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Started with CMS Displa ying CM S Specifying an HTTP Port (Nonde fault Conf iguration Only) If you chang e the HTTP por t, you must inc lude the new port number whe n you enter the IP add ress in the bro wser Loca ti on or Addr ess field (for exam[...]

  • Page 89

    4-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Star ted with CMS Displaying CMS The switc h home page appears, as shown in Figu re 4- 4 . Figur e 4-4 S witc h Home P age The switc h home pa ge has thes e tabs: • Express Setup —Open s the Express Setup pa ge Note Y o u ca n use E xpr ess Se[...]

  • Page 90

    4-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Started with CMS Displa ying CM S If you are ru nning an unsuppor ted ope rating syst em, web browser , CMS plug-in o r Jav a plug-in, or if the plug-in is no t enabled , the CMS Startup Report page appear s, as shown in Figure 4-5 . Figur e 4-5 C[...]

  • Page 91

    4-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Star ted with CMS Displaying CMS Front Panel V iew When CMS is laun ched from a command sw itch, you ca n display the Fro nt Panel view by clicking the Front P anel b utton on the too l bar , a s sho wn in Figure 4-6 . Figur e 4-6 T oolbar When CM[...]

  • Page 92

    4-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Started with CMS Displa ying CM S Note Figur e 4-7 shows a cluster with a Cat alyst 3550 switch as t h e command switch. Refer to the release notes for a li st of switc hes that can b e members of a cluster with a Catalyst 2950 or a Catalyst 2955 [...]

  • Page 93

    4-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Star ted with CMS Where t o Go Next The T opol ogy vie w sho ws how th e devic es within a switch cluster are co nnected and ho w the switch cluster i s con ne cte d to oth er cl usters and devices . From t his view , you can a dd a nd remove clus[...]

  • Page 94

    4-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 4 Getting Started with CMS Where to Go Nex t[...]

  • Page 95

    C HAPTER 5-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 5 Assigning the Switch IP Address and Default Gateway This chapt er describes ho w to create the initial switch conf iguration (for e xample, assig n the switch IP address an d d efault gateway infor mat ion) fo r the Cat alyst 295 0 o r Cat al yst 2 955 sw[...]

  • Page 96

    5-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Info rmatio n The bo ot loader prov ides acce ss to the flash f ile system bef ore the operatin g system is loaded. Normally , the bo ot load er is used o nly to load, unco mpress, a nd[...]

  • Page 97

    5-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information CLI-base d se tup prog ra m also allows you to configur e your swi tc h as a comm an d or me mber sw itch of a clu ster or as a stan da lone sw itch. For m ore in f orm[...]

  • Page 98

    5-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Info rmatio n W ith DHCP-b ased autoc onfiguration , no DHCP client -side c onfiguration is needed on your switch. Howe ver , you need to configu re the D HCP ser ver for various le ase[...]

  • Page 99

    5-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information The DHCP serv er sends the client a DHCPN A K denial broadcast message, which means that the of fered configurati on param eters have not been assign ed, tha t an error[...]

  • Page 100

    5-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Info rmatio n If you want the switch to rece iv e the configura tion file from a TFTP ser ver , you must configure the DHCP serv er with th ese lease op tions: • TFTP se rver name (re[...]

  • Page 101

    5-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information Configuring the DNS The DH CP ser ver uses the DNS s erv er to reso lve the TF TP serv er n ame t o an IP addr ess. Y ou must configure the T FTP ser ver n ame- to-I P [...]

  • Page 102

    5-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Info rmatio n Obtaining Configurati on Files Depending on the a v aila bility of th e IP add ress and the conf iguratio n file name in the DHCP r eserved lease, t he switch o btains i t[...]

  • Page 103

    5-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information Example Configuration Figure 5-3 shows a sampl e network f or ret rieving IP information by usin g DHCP-based autoconf iguration . Figur e 5-3 DHCP -Based A utoconfigur[...]

  • Page 104

    5-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Info rmatio n switchb-confg switchc-confg switchd-confg prompt> cat network-confg ip host switch1 10.0.0.21 ip host switch2 10.0.0.22 ip host switch3 10.0.0.23 ip host switch4 10.0.[...]

  • Page 105

    5-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Chec king and Savin g the Ru nnin g Co nfig ur atio n T o remo v e the switch IP ad dress, use the no ip address interface con figuratio n command . If you are remo ving the address through a T el[...]

  • Page 106

    5-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigning the Switch IP Address and Default Gateway Modifyin g th e Startup Config uration Default Boot Configuration Ta b l e 5 - 3 shows the d efault bo ot configura tio n. Automatically Downloading a Configuration File Y ou can au tomat ically download[...]

  • Page 107

    5-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Modifying the Startup Configuration T o return to the def ault setting, use the no boot conf ig-f ile global co nfigurat ion c omm and. Booting Manua lly By default, the swit ch automati cally boo[...]

  • Page 108

    5-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigning the Switch IP Address and Default Gateway Modifyin g th e Startup Config uration Beginning in privileged EXE C mode, f ollow these st eps to configu re the swi tch to boot a sp ecific image during the next b oot cycle: T o return to the def ault[...]

  • Page 109

    5-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Modifying the Startup Configuration En vironme nt variables st ore two kinds of da ta : • Data that controls code , which does not r ead the Cisco IO S confi guration f ile. For e xample, the n [...]

  • Page 110

    5-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigning the Switch IP Address and Default Gateway Scheduli ng a Re load of the S oft w are Image Scheduling a Re load of the Software Image Y o u can schedule a reload of the softw are image to occur only on an LRE switch at a later time (f or example, [...]

  • Page 111

    5-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Schedul ing a Rel oad of t he Sof tware Ima ge Note Use the at keyw ord only if the swit ch sy stem clo ck h as be en set (th rough N etwork T ime Protocol (NTP), the hardwa re calenda r , or m an[...]

  • Page 112

    5-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 5 Assigning the Switch IP Address and Default Gateway Scheduli ng a Re load of the S oft w are Image[...]

  • Page 113

    C HAPTER 6-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 6 Configuring IE2100 CNS Ag ents This chap ter describes h ow to c onfigure th e Intelligence Engine 2100 (IE2100) Se ries Cisco Netw orking Servic es (CN S) emb edd ed age nts on you r Cat aly st 2 950 or Cat aly st 2955 swi tch. T o use th e feat ure desc[...]

  • Page 114

    6-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configur ing IE2100 C NS Agents Unders tan ding IE21 0 0 Series Config uration Reg istrar Softwar e Figur e 6-1 Configur ation Regi stra r Arc hit ectur al Ov erview These secti ons cont ain this co nceptu al in forma tion: • CNS Configurati on Se rvic e[...]

  • Page 115

    6-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configuring IE21 00 CNS Agents Understan ding IE2100 Series Configurat ion Registrar Softwa re CNS E ven t Serv i ce The Conf iguration Regi strar uses the CNS Ev ent Servic e for rece ipt and ge neration of conf iguration e ven ts. The CNS e v ent agen t [...]

  • Page 116

    6-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configur ing IE2100 C NS Agents Unders tan ding IE21 0 0 Series Config uration Reg istrar Softwar e DeviceID Each co nfigured s wi t ch part i cipati ng on th e ev ent bus has a un ique deviceID, w hich i s an alog ous to the switch source ad dress so that[...]

  • Page 117

    6-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configuring IE21 00 CNS Agents Unde rstan ding CNS Embe dde d Ag ent s Understandin g CNS Embedde d Agents The CNS e v ent ag ent feature allo ws the swit ch to publish and su bscribe to e vents on the e v ent b us and works with the CNS configurati on age[...]

  • Page 118

    6-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configur ing IE2100 C NS Agents Configur ing CNS Em b edded A gen ts Incremental (Partial) Configur ation After t he ne twork is r unn ing, new serv ice s ca n b e ad de d by using t he CN S c onfigura tion ag en t. Increme ntal (p artial) c onf igura tion[...]

  • Page 119

    6-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configuring IE21 00 CNS Agents Config uri ng CNS Embe dded Ag en ts Note For more informatio n about running the setup program and cr eating templates o n the Configurat ion Registrar, refer to the Cisco Intelligen ce Engine 2100 Series Configu ration Re g[...]

  • Page 120

    6-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configur ing IE2100 C NS Agents Configur ing CNS Em b edded A gen ts Enabling th e CNS Ev ent Agent Note Y ou must e nable the CNS e v ent ag ent on t he swit ch bef ore you enable the CNS conf igurat ion agen t. Beginn ing in pri vilege d EXEC mode, follo[...]

  • Page 121

    6-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configuring IE21 00 CNS Agents Config uri ng CNS Embe dded Ag en ts Enabling the CNS Configuration Agent After en abling th e CNS e ve nt agent, sta rt the CN S confi guration agent on the swi tch. Y ou can enabl e the conf igura tion agent with these co m[...]

  • Page 122

    6-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configur ing IE2100 C NS Agents Configur ing CNS Em b edded A gen ts Step 6 ip rout e net work-numbe r Establish a stat ic route to the Conf ig uration Re gistrar whose I P addr ess is networ k-n umbe r . Step 7 cn s id interfac e num { dns-re verse | ipa[...]

  • Page 123

    6-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configuring IE21 00 CNS Agents Config uri ng CNS Embe dded Ag en ts T o disa ble t he CN S conf igurati on a gent, use the no cns conf ig init ial { ip-add r ess | hostname } global configurati on comm a nd. This e xample sho ws ho w to configure a n init[...]

  • Page 124

    6-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configur ing IE2100 C NS Agents Configur ing CNS Em b edded A gen ts Enabling a Partial Configur ation Beginn ing in pri vilege d EXEC mode, follo w these st eps to enable the CNS conf iguration ag ent and to initiate a p artial conf iguration on the swit[...]

  • Page 125

    6-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configuring IE21 00 CNS Agents Displaying CNS Configuration Displaying CNS Confi guration Y ou can use the privileged EXEC co mmands in Ta b l e 6 - 2 to display CNS Configurati on inform ation. T able 6-2 Dis playi ng CNS Configur ation Command Purpose s[...]

  • Page 126

    6-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 6 Configur ing IE2100 C NS Agents Displaying CNS Con figuration[...]

  • Page 127

    C HAPTER 7-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 7 Clustering Switches This chapte r provides these topics to help you get started with switch clu stering: • Understa ndin g Swi tch Cl u sters , pa ge 7-2 • Planning a Sw itch Cluster, page 7-5 • Creating a Switch C l uster, page 7- 18 • Using the [...]

  • Page 128

    7-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Unders tan din g Sw itch Cluste rs Understandin g Switch Clust ers A switch cluster i s a group of connected C atalyst swit ches that a re manage d as a sing le entity . In a s witch clus ter , 1 swi tch mu st be the comma nd swi tch a[...]

  • Page 129

    7-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Underst anding Swi tch Clust ers Command Switch Character istics A Catalyst 2950 or Catalyst 2955 command switch must meet these requir ements: • It is running Cisco IOS Release 12.0(5.2 )WC(1) or lat er . • It has an IP address . [...]

  • Page 130

    7-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Unders tan din g Sw itch Cluste rs • If a non-LRE Catalyst 2950 stan dby comma nd switch is runni ng a relea se earlie r than Cisc o IOS Releas e 12.1 (9)EA1, it is connected to the command switch and to other st andby command swit c[...]

  • Page 131

    7-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Planni ng a Swit ch Clust er Planning a Switch Cl uster Anticipatin g conflicts and compatibilit y issues is a high priority when you manage se v eral switches through a c lust er . This sec tion de scri bes t hes e gu idel ine s, requ[...]

  • Page 132

    7-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Planning a Sw it ch Cl ust er Discovery through CDP Hops By using CDP , a command switch ca n discover switches up to sev en CDP hops away (the default is three hops) from the edge of the cluster . The ed ge of the cluster is where the[...]

  • Page 133

    7-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Planni ng a Swit ch Clust er Figur e 7 -2 Disco very thr ough CDP Hops (Non- LRE Catalyst 2950 Comm and Sw itch Run ning Cisco IOS Relea se 12.1(9)EA1 or Lat er) Discovery through Non-CDP-Capab le and Noncluster-Capable Devices If a co[...]

  • Page 134

    7-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Planning a Sw it ch Cl ust er Discovery through the Same Management VLAN A Cataly st 2900 XL com ma nd sw itch , a Ca talyst 350 0 X L c om mand switc h, o r a non -LR E Catalyst 295 0 com mand sw itch ru nning a r ele ase ea rlie r th[...]

  • Page 135

    7-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Planni ng a Swit ch Clust er Discovery through Different M anagement VLANs W e recomm end usin g as a comman d switc h a Catalyst 3550 switch, a Cata lyst 2955 switc h, a Catalyst 2950 LRE switch, a no n-LRE Catalyst 2950 switch run ni[...]

  • Page 136

    7-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Planning a Sw it ch Cl ust er Discovery of Newly Installed Switches T o join a cluster, the ne w , out-of -the-b ox switch mu st be connecte d to the cluste r through one of its acces s ports. An access port ( AP) carries th e traf f [...]

  • Page 137

    7-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Planni ng a Swit ch Clust er Figur e 7 -7 Disco very of Newly Insta lled Sw itches in Dif f er ent Ma nagem ent VLANs HSRP and S tandby Command Sw itches The switc h supp orts Hot Standby Router Protoc ol (HSRP) so that you ca n confi[...]

  • Page 138

    7-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Planning a Sw it ch Cl ust er standby priority interface configurat ion comm and in the Cisco IOS Release 12 .1 docum entation set. The HS RP commands a re the same for changin g the prio rity of clus ter stan dby group membe rs and r[...]

  • Page 139

    7-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Planni ng a Swit ch Clust er – When the comma nd switch is a non-LRE Catal yst 2950 sw itch running Cisco IOS Release 12.1( 6)EA2 or lat er , all standby comm and switch es must be non -LRE Catal yst 295 0 switches run ning Cisco IO[...]

  • Page 140

    7-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Planning a Sw it ch Cl ust er Automatic Recover y of Cluster Configuration The act iv e comm and swit ch cont inually forwards cluster-configura tion info rmati on (but not device-configurat ion info rmation) to the standby com mand s[...]

  • Page 141

    7-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Planni ng a Swit ch Clust er Host Names Y ou do not ne ed to assig n a host name to either a c omman d switch or an eligibl e cluster member . Ho we ver , a host name assigned to the command switch can help to identify the switc h clu[...]

  • Page 142

    7-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Planning a Sw it ch Cl ust er TACACS+ an d RADIUS Inconsistent authenti cation configur ations in switch clusters cause CMS to continually pr ompt for a user name and p assword. If T A CA CS+ is configured on a cl uster m ember, it mu[...]

  • Page 143

    7-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Planni ng a Swit ch Clust er • If the com mand sw itch is a C ata lyst 2950 ru nnin g C isco IOS Rel ea se 12.1( 9)E A1 o r late r o r a Cataly st 2955, can didate an d member switch es can belon g to dif f erent manag ement VLANs. [...]

  • Page 144

    7-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Creating a Switch Cluster Creating a Switch Cluster Using CMS to create a cluste r is easier than using the CLI commands . This section pro vides this inform ation: • Enab ling a Comma nd Switc h, pa ge 7-1 8 • Adding Me mber Swit[...]

  • Page 145

    7-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Creati ng a Swit ch Cluster Figur e 7 -9 Cre ate Clus te r Window Adding Me mber Sw itches As explai ned in t he “ Aut omatic Discovery of Clust er Candida tes an d Members” section on page 7-5 , t he comm and s wi tc h aut om ati[...]

  • Page 146

    7-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Creating a Switch Cluster For additional authen tication consid erations in switch clu sters, see the “T A CACS+ an d RADIUS” section on page 7 -16 . Figur e 7 -1 0 A dd to Cluste r Window Figur e 7 -1 1 Using the T opolo gy V iew[...]

  • Page 147

    7-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Creati ng a Swit ch Cluster Creating a Clu ster S tandby Group The cl uster s tandb y grou p member s must meet the requ irements descri bed in the “Stand by Command Switch C haract eristics” section on pag e 7-3 and “HSRP and S[...]

  • Page 148

    7-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Creating a Switch Cluster Figu re 7-12 Sta ndby C omm and Conf ig urati on W indow Verifying a Switch Cluster When yo u fini sh adding cl uster me mbers , follo w these step s to v erify the clu ster: Step 1 Ent er the command switch [...]

  • Page 149

    7-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Using the CLI to Manage Switch Clusters Figur e 7 -13 Inv en tory Windo w If you lose connecti v ity with a memb er switch or if a com mand switch f ails, s ee the “Using Re covery Procedur es” sec tion on page 32-1 . For more inf[...]

  • Page 150

    7-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Using SNMP to Ma nage Sw itch Cl usters Catalyst 1900 and Catalyst 2820 CLI Considerations If your switch c lu ster has C atalyst 1900 and C atalyst 2 820 switches r unn ing sta nda rd edition software, the T elnet sessi on acc ess es[...]

  • Page 151

    7-25 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering Switche s Using S NMP to Ma nage Swit ch Clust ers Figur e 7 -14 SNMP Manag ement f or a Clust e r Tr a p Tr a p Tr a p Command s witch T rap 1, T rap 2, T rap 3 Member 1 Member 2 Member 3 33020 SNMP Manager[...]

  • Page 152

    7-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 7 Clustering S witches Using SNMP to Ma nage Sw itch Cl usters[...]

  • Page 153

    C HAPTER 8-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 8 Administering the Switch This chapt er describ es how to perform one-time operatio ns to admini ster your Cat alyst 2950 or Catalyst 2955 switch. This chapte r consists of these sec tions: • Managin g the System Time and Da te, pa ge 8-1 • Configuring[...]

  • Page 154

    8-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the Syste m Time and Date The sy stem clo ck can provid e time t o these servi ces: • User show comman ds • Logging and de bugging m essag es The syste m clock keeps tr ack of time internal ly based on Univ ersal Time[...]

  • Page 155

    8-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Figur e 8-1 T ypical NTP N etwor k Configura tion If the network is isolat ed from th e Internet, Cisco’ s implement ation of NT P allo ws a d evi ce to ac t as though it is sy nc hron[...]

  • Page 156

    8-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the Syste m Time and Date This se ctio n c onta ins thi s configu ratio n inf or mat ion: • Def ault NT P Co nf igur ati on, p age 8-4 • Conf iguring NTP Authen tication, page 8-4 • Configuring NT P Associati ons, p[...]

  • Page 157

    8-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e B e g i n n i n g i n p r i vi l e ge d E X E C m o de, f o l l ow t hes e s t e p s t o auth entic ate the associations (commu nicat ions betwee n devices running NT P that provid e for[...]

  • Page 158

    8-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the Syste m Time and Date Configuring NTP Associations An NTP associat ion can be a pe er asso cia tio n (this swi tch ca n eit her sync hroni ze to th e othe r device or allow the other device to sync hronize to it), or [...]

  • Page 159

    8-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Configuring NTP Broadcast Service The co mmunic ations bet ween devices run ning NTP (k nown as associations ) are us ually statically configured ; each device is giv en th e IP addresse[...]

  • Page 160

    8-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the Syste m Time and Date Beginning in privileged EXEC mode, follow these st eps to co nfigure the switc h to rec eiv e NTP broa dcast packets from c onnect ed peers: T o disable an inter face from rece iv ing NTP broadca[...]

  • Page 161

    8-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Creating an Access Gro up and Assigni ng a Basic IP Access List Beginn ing in pri vilege d EXEC mode, follo w these steps to contro l access to NTP services b y using access lists: The a[...]

  • Page 162

    8-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the Syste m Time and Date If the source IP address m atches the access lists fo r more t han one acces s type, the f irst typ e is grant ed. If n o access gro ups are spec ifie d, all a ccess types are gr anted t o all d[...]

  • Page 163

    8-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Beginn ing in pri vile ged EXEC mode, follo w these steps to conf igure a specif ic interf ace from which the IP sourc e ad dress is to be ta ke n: The specif i ed interface is u sed fo[...]

  • Page 164

    8-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the Syste m Time and Date Setting the System Clock If you have an outsid e source on the net work that pr ovides time ser vices, su ch as a n NTP server , you do not need to manuall y set the syste m clock. Begi nning in[...]

  • Page 165

    8-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Configuring the Tim e Zone Beginn ing in pri vilege d EXEC mode, follo w these st eps to manually conf igure the time zone: The minutes-of fset v ariable in the clo ck timezone global c[...]

  • Page 166

    8-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the Syste m Time and Date Configuring Summer Time (Daylight Saving Ti me) Beginning in pr ivileged EXEC mode, fo llow these steps t o co nfigure summer time (dayligh t saving time) in areas wh ere it start s and ends on [...]

  • Page 167

    8-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Beginning in privileged EX EC mode, fol low these steps if summ er time in your area do es not follow a recurr ing patt ern (con figure the exact da te and tim e of the next summe r tim[...]

  • Page 168

    8-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Configur ing a Sys tem Nam e and Prompt Configuring a System Name a nd Prompt Y ou configure t he system na me on the sw itch to ident ify it. By de fault, the syste m name a nd prompt are Switc h . If you have not c onfigured a s[...]

  • Page 169

    8-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Confi guring a S ystem Name an d Prompt Configuring a System P rompt Beginning i n privileged EX EC mode , follow th ese s teps t o ma nual ly c on figure a s yst em prom pt: T o retu rn to t h e de fault p rompt , use t h e no [...]

  • Page 170

    8-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Configur ing a Sys tem Nam e and Prompt Default DNS Configur ation Ta b l e 8 - 2 shows the d efault D NS configura tion . Setting Up DNS Beginning i n privileged EX EC mo de , follow these s teps to s et up you r s witc h to use [...]

  • Page 171

    8-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Creat ing a Bann er domain name is the v alue set by the ip d oma in -n ame glo bal c onfigurati on c om mand. I f ther e is a period (.) in th e hostnam e, the soft ware looks up t he IP address with out app ending a ny default[...]

  • Page 172

    8-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Creating a Banner Configurin g a Mess age-of-the -Day Log in Bann er Y o u can crea te a sin g le or mult iline message b anner tha t a ppea rs on th e scr een when so meo ne lo gs in to the switch. Beginning in privileged EX EC m[...]

  • Page 173

    8-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Managin g the MAC Addre ss Table Configurin g a Login B anner Y ou can co nfigure a log in banne r to be displ aye d on all conn ec ted ter mina ls. T hi s bann er ap pear s a fter the M O TD ba nn er a nd befo re the lo gin pro[...]

  • Page 174

    8-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the MAC A ddre ss Table This se ctio n c onta ins thi s configu ratio n inf or mat ion: • Building the A d dress T able, page 8 -22 • MA C Addre sses and VLA Ns, page 8-22 • Default MAC Address T able Con figuratio[...]

  • Page 175

    8-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Managin g the MAC Addre ss Table Default MAC Address Table Configuration Ta b l e 8 - 3 shows the default MA C address table con figuration. Changing the Addre ss Aging Time Dynami c add re s ses ar e so ur ce MA C add re s ses [...]

  • Page 176

    8-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the MAC A ddre ss Table Removi ng Dyn amic Ad dre ss E ntries T o remove all dyna mic en tries, use the clea r ma c a ddress- ta ble d ynam ic comm and i n privileged EXE C mode. Y ou can also r emo ve a specif ic MA C a[...]

  • Page 177

    8-25 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Managin g the MAC Addre ss Table T o disable th e switch fr om sending MA C address notification tra ps, use the no snmp-serv er enable traps mac-notification global con f igura tion co mman d. T o disable the MA C addre ss noti[...]

  • Page 178

    8-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the MAC A ddre ss Table Adding and Remo ving Sta tic Address E ntries A static address has these characteristics: • It is manu ally en tered in the a ddress tab le and must be manual ly removed. • It can be a unicast[...]

  • Page 179

    8-27 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Adminis ter ing the Switch Managin g the MAC Addre ss Table This example shows ho w to add the stati c address c2 f3.22 0a.12f4 t o the MAC address table. When a packet is recei ved in VLA N 4 with this MA C address as its d estination addres s, the packe[...]

  • Page 180

    8-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 8 Administering the Switch Managin g the ARP Table T o disabl e unicast M A C address f iltering , use the no mac address-table static mac-addr vlan vlan-id global configurat ion comm and. This e xample shows h ow to enable unicast MA C address f iltering a[...]

  • Page 181

    C HAPTER 9-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 9 Configuring Switch-Based Authentication This chapte r describes ho w to config ure switch-based authent ication on the Catalyst 2 950 or Catalyst 2955 switch. This chapte r consists of these sec tions: • Pre ve nting Unauthorized Acc ess to Y our Switch[...]

  • Page 182

    9-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Protecting Access to Privileged EXEC Command s A simpl e way of p rovidin g te rmi nal acces s c ontr ol i n you r netwo rk i s to use p ass words a nd as sign privile[...]

  • Page 183

    9-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds Setting o r Changin g a Static Enab le Pa ssword The en able password control s access to the privileged EXEC mode. Beginning in privileged EXEC mode, follo[...]

  • Page 184

    9-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Protecting En able and E nable Secre t Passw ord s with Enc ryption T o pro vide an additional layer of security , particularly for passwo rds that cross the network o[...]

  • Page 185

    9-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds If bo th the en able and e nable sec ret pas sword s are de f ined, us ers must enter th e enable s ecret p asswo rd. Use th e level keyword to define a pas[...]

  • Page 186

    9-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Beginning i n privileged E X EC mo de , follow these s teps to d isab le pa ssword r ecovery: T o re-e nabl e passwor d r ecovery , us e the service passw ord-r eco ve[...]

  • Page 187

    9-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds T o remo v e the passwo rd, use the no password global co nfigurati on comman d. This example sho ws ho w to set the T elnet password to let45me67in 89 : Sw[...]

  • Page 188

    9-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds T o di sable usernam e authe nticat ion for a specif ic user , u se the no username name glob al conf igurati on comman d. T o disab le passwor d checking an d allow c[...]

  • Page 189

    9-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds When y ou set a command to a pr i vile ge le ve l, all command s whose syntax is a subs et of th at com mand are al so set to th at le v el. Fo r exa mple, [...]

  • Page 190

    9-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss w ith TACACS+ Logging into and Exiting a Privilege Level Beginn ing in pri vile ged EXEC mode, f ollo w these steps to log in to a s pe c if ie d p r i vil e ge l e v e l a n d t o e xi t[...]

  • Page 191

    9-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Figur e 9-1 T ypical T ACA CS+ Netw or k Conf igur ation T A CA CS+, adminis tered through the AA A securit y ser vices, ca n pro vide these s ervices: • Authent ication?[...]

  • Page 192

    9-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss w ith TACACS+ TACACS+ Ope ration When a u ser attem pts a simple ASCII logi n by au thenticatin g to a switch b y using T ACA CS+, this process oc curs: 1. When th e connection is establi[...]

  • Page 193

    9-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ This se ctio n c onta ins thi s configu ratio n inf or mat ion: • Default T A CA CS+ Configuration, pag e 9-13 • Identif ying the T A CA CS+ Server Host and Setting th [...]

  • Page 194

    9-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss w ith TACACS+ T o remo v e the spec ifie d T A CA CS+ ser ver n ame or addr ess, use the no tac acs- server ho st hostna me global configurat ion comm and. T o re move a server group from[...]

  • Page 195

    9-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Beginning i n privileged E XEC mo de, foll ow these s teps to c on figure lo gi n au th entic a tion : Comma nd Pu rpos e Step 1 configur e terminal Enter globa l configura[...]

  • Page 196

    9-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss w ith TACACS+ T o disa ble A AA, u se the no aaa new-model glo bal co nfigurat ion c omm and. T o disa ble A AA authenti cation, use th e no aaa aut hent ica tion l ogin { default | list-[...]

  • Page 197

    9-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Starting TACACS+ Accounting The AA A accou nting featu re trac ks the servic es tha t users are a ccess ing an d the amoun t of ne twor k resources th at the y are co nsumi[...]

  • Page 198

    9-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Controlling Switch Access with RADIUS This secti on descri bes how to enable and co nfigure the RADIU S, whi ch provides de tailed accou nting inform ation a nd flexible ad[...]

  • Page 199

    9-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS RADIUS is not suitable in these netw ork security situations: • Multipr otocol acce ss en v ironmen ts. RADIUS do es not supp ort Apple T alk Remo te Access (A RA), NetBI [...]

  • Page 200

    9-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Configuring RADIUS This se ctio n de scri bes how to c onfigure yo ur sw itch to su ppo rt R ADI US. At a mi nim um, y ou mus t identify t he host or host s that ru n the R[...]

  • Page 201

    9-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Identifying the RADIUS Serve r Host Switch-t o-RADIUS-serv er communicatio n in v olves se v eral compone nts: • Host nam e or IP addr ess • Authentic ation destina tion[...]

  • Page 202

    9-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Beginn ing in pri vilege d EXEC mode, follo w these step s to configur e per-se rver RADIUS serv er comm unicatio n. This pr oced ure is requir ed. T o remo ve the spec ifi[...]

  • Page 203

    9-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS This exampl e sho ws ho w to con fi gure one RADIUS ser ver to be us ed for au thentica tion and a nother to be us ed for ac c ounti n g: Switch(config)# radius-server host [...]

  • Page 204

    9-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Beginn ing in pri vilege d EXEC mode, follo w these st eps to conf igure login authent ication. This procedu re is requi r ed. Comma nd Purp ose Step 1 configur e terminal [...]

  • Page 205

    9-25 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o disa ble A AA, u se the no aaa new-model glo bal co nfigurat ion c omm and. T o disa ble A AA authenti cation, use th e no aaa aut hent ica tion l ogin { default | list-[...]

  • Page 206

    9-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Be ginning in pri v ile ged EXEC mode, fo llo w these step s to def ine the AAA ser ver group and associate a particula r RADIUS serve r with it: Comma nd Pu rpos e Step 1 [...]

  • Page 207

    9-27 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o remo ve the spec ifie d RADIUS server , use the no radius-server host hostname | ip-address global configurati on comm and. T o remove a server gro up from the c onfigur[...]

  • Page 208

    9-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Beginn ing in pri vile ged EXEC mo de, follo w these ste ps to specif y RADIUS author ization for privile ged EXEC a cce ss an d n etwor k ser vi ces: T o disab le a uthor [...]

  • Page 209

    9-29 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring Settings for All RADIUS S ervers Beginning i n privileged E X EC mo de , follow these s teps to c on figure gl obal com mun ica tion sett ings between the switch[...]

  • Page 210

    9-30 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS For ex ample, this A V pai r act iv ates Cisco’ s multip le named ip addr ess pools featur e duri ng IP authorization (during PPP’ s IPCP address assignment): cisco-avp[...]

  • Page 211

    9-31 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning i n privileged EXEC mode, f ollow thes e steps to specif y a vendor-propr ietar y RADI US server host a nd a sh ared se cret te xt string : T o delete the vendor-p[...]

  • Page 212

    9-32 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Configur ing the Switc h fo r Local Au thentica tion and A uthorizat ion Configuring the Switch for Local Authentication and Authorization Y o u can c onfi gure AAA t o opera te witho ut a serv er b y set ting the s[...]

  • Page 213

    9-33 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Configuring the Switch for Se cure Sh ell This sec tion desc ribes how to co nfigure the Se cure She ll (SSH) fea ture. SSH i s a crypt ographi c secu rity feat ur e t ha [...]

  • Page 214

    9-34 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Swi tch for S ec ure S hel l SSH also supports these user authen tication methods: • T A CACS+ (for m ore inf orm ation , se e th e “Controlling Switch Acc ess with T A CA CS+” section on p[...]

  • Page 215

    9-35 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Cryptographic Softwar e Image Guidelines These gui delines apply only to non-L RE Catalys t 2950 switc hes: The SSH f eature use s a large amo unt of switc h memor y , whi[...]

  • Page 216

    9-36 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Swi tch for S ec ure S hel l T o delete the RSA key pair , use the cryp to ke y zer oi ze r sa globa l c onfigurati on com ma nd. A fte r t he RSA ke y pair is deleted, the SSH serv er is automat[...]

  • Page 217

    9-37 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuri ng Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Displaying th e SSH Co nfiguration an d Status T o di spla y t h e S SH se r v er co nf igur at i o n an d s t at us, us e o ne or mo re of t he pr i vilege d EXEC co mm a[...]

  • Page 218

    9-38 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Swi tch for S ec ure S hel l[...]

  • Page 219

    C HAPTER 10-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 10 Configuring 802.1x Port-Based Authentication This chap ter desc ribes how to con f igure IEEE 802.1x port-base d authe nticati on on the C atalyst 2950 o r Catalyst 295 5 switch to prevent unauthorize d devices (clients) from gaining a ccess to the ne t[...]

  • Page 220

    10-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Underst an ding 802 .1x Po rt-Based Authentica tion • Using 802 .1x w it h VL AN Assi gnmen t , p ag e 10- 7 • Using 802.1x with Gu est VLAN, page 10-8 Device Roles W ith 802.1x por t-based aut hentic at[...]

  • Page 221

    10-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Understand ing 802.1x P ort-Base d Authenti cation support EAP within the nati v e frame forma t. When the switch recei ve s frames from the authenti cation serv er , th e server’ s frame header is rem[...]

  • Page 222

    10-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Underst an ding 802 .1x Po rt-Based Authentica tion Figur e 1 0-2 Message Ex c han g e Ports in Au thorized and Un authorized S tates The switc h port state determi nes whet her or not the client is gran ted[...]

  • Page 223

    10-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Understand ing 802.1x P ort-Base d Authenti cation received. The switch re quests the identity of the clie nt and begins r elaying aut hentic ation m essages between the client and the authen tication se[...]

  • Page 224

    10-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Underst an ding 802 .1x Po rt-Based Authentica tion Figur e 1 0-3 Wireles s LAN Ex ample Using 802.1x with Port Security For switches runni ng the enha nced sof tware im age ( EI), you can e nable an 802 .1x[...]

  • Page 225

    10-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Understand ing 802.1x P ort-Base d Authenti cation Using 802.1x with Voice VLAN Ports A v oice V LAN port is a s pecial access p ort asso ciated with tw o VLA N identi fier s: • VVID to carr y voic e t[...]

  • Page 226

    10-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Underst an ding 802 .1x Po rt-Based Authentica tion • If an 802.1 x port is authent icate d and put i n the RADIU S server assi gned VLAN , any change to the port acce ss VLAN configurat ion does not take [...]

  • Page 227

    10-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Configur ing 802.1x Authent ication Configuring 802.1x Authentication These sec tions de scr ibe how to con figure 8 02. 1x po rt-b ased au t hent ica tion o n you r sw itc h: • Default 80 2.1x Configu[...]

  • Page 228

    10-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Configur ing 802. 1x Auth enticat ion 802.1x C onfiguration Gu idelines These a re the 8 02.1x authe ntication conf iguration guideline s: • When 80 2.1x is enabl ed, por ts are authen ticated be fore an [...]

  • Page 229

    10-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Configur ing 802.1x Authent ication – Switch ed Port A nalyz er (SP AN) and Remote SP AN (RSP AN) d estination por ts—Y ou can enable 80 2.1x on a port that is a SP AN desti nation, a n RSP A N dest[...]

  • Page 230

    10-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Configur ing 802. 1x Auth enticat ion T o allow VLAN ass ignment (for switc hes runn ing the EI ), you mus t enabl e AAA au thoriz ation to conf igure the switch for all netw ork-related ser vice requests. [...]

  • Page 231

    10-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Configur ing 802.1x Authent ication This e xample sho ws how to enable AAA and 802.1x on a port: Switch# configure terminal Switch(config)# aaa new-model Switch(config)# aaa authentication dot1x default[...]

  • Page 232

    10-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Configur ing 802. 1x Auth enticat ion This exam ple sh ows how to specify the server w it h IP add re ss 172. 20. 39.46 a s the R ADI US server, to use port 1612 as the author izat ion port , an d to se t t[...]

  • Page 233

    10-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Configur ing 802.1x Authent ication Manually Re-Authenticating a Client Connected to a Port Y o u can manually re-a uthenticate the client connec ted to a specifi c p ort at an y time by enter ing the d[...]

  • Page 234

    10-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Configur ing 802. 1x Auth enticat ion Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to change the amoun t of time that the switch waits for cli ent notific ation. This pro cedure is optional. T[...]

  • Page 235

    10-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Configur ing 802.1x Authent ication T o return to the def ault retransmission numb er , use the no dot1x max-req interf ace c onfig uration comm and. This e xample sho ws ho w to set 5 as the number of [...]

  • Page 236

    10-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Configur ing 802. 1x Auth enticat ion Configuring a Guest VLAN For switche s runnin g the E I, whe n you configure a guest VLAN, clients t hat a re not 80 2.1x- capabl e are put into the guest VLAN when the[...]

  • Page 237

    10-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Configur ing 802.1x Authent ication Configuring 802.1x Authentication T o conf igur e 802.1x port-ba sed authenti cation, you mu st enable AAA and specify the authentic ation method lis t. A me tho d li[...]

  • Page 238

    10-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Configur ing 802. 1x Auth enticat ion Configuring 802.1x Accounting Enabl ing AAA s ystem a ccount ing w ith 802. 1x acco unting allo ws sy stem r eload e v ents t o be sent t o the accou nting RA DIUS serv[...]

  • Page 239

    10-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 80 2.1x Port -B ased Aut hen ticatio n Displaying 802.1x Statistics and Status Note Y o u must configur e the RADIU S server to perf orm accou nting task s, such as logg ing start, stop, an d interim-upd ate messages and time stamps. T o tur[...]

  • Page 240

    10-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 10 Configuring 802.1x Port-Ba sed Authentica tion Displ ayin g 802 .1x St atis tics and S tat us[...]

  • Page 241

    C HAPTER 11-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 11 Configuring Interface Cha racteristics This chapte r describes the types of interface s on a Catalyst 2950 or Catalyst 2955 switch and ho w to conf igure them. The chap ter has thes e section s: • Understa ndin g I nte rface T ypes, page 11-1 • Usin[...]

  • Page 242

    11-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Con figuring Interface Characteristics Unders tan ding Inte rfa ce Type s These sectio ns describes these types o f interf aces: • Access Por ts, page 11 -2 • T runk Po rts, page 1 1-2 • Port-Ba sed VLA Ns, pa ge 11- 3 • EtherC hanne l Po rt G ro[...]

  • Page 243

    11-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Configuring Interf ace Char act eristics Unde rsta ndi n g In t erf ac e Ty p es member of t hat VLA N and traffic is forward ed to and fr om t he trun k port for that VL AN. I f VTP l earns of a ne w , enabled VLAN that is not in the allo we d list for [...]

  • Page 244

    11-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Con figuring Interface Characteristics Using the Inter fa ce Command Connecting Interfaces De vices with in a single V LAN ca n communic ate d irectly thro ugh an y switch . Ports in d if feren t VLA Ns cannot exchange data withou t going throu gh a rout[...]

  • Page 245

    11-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Configuring Interf ace Char act eristics Using the Interface Command Procedures for Configuring In terfaces These ge neral instruc tions apply to all interfa ce conf igurati on processes. Step 1 Enter t he configur e t erminal comma nd at the pr ivileged[...]

  • Page 246

    11-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Con figuring Interface Characteristics Using the Inter fa ce Command Beg i n ni n g i n p r iv i l eg ed E X E C m o d e , fo l l ow t h e s e s te p s t o configur e a range of interface s with the same paramet ers: When usin g the interf ace range gl o[...]

  • Page 247

    11-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Configuring Interf ace Char act eristics Using the Interface Command This e xam ple s ho ws ho w to use a comma to add di f fer ent in terfa ce t ype str ings t o the ran ge to en able a ll Fast Ethernet inter faces in the ra nge 0/1 to 0/3 an d Gigabit [...]

  • Page 248

    11-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Con figuring Interface Characteristics Configur ing Ethernet Int erfaces – longreachether net sl ot/{ first port } - { last port }, wh er e sl ot i s 0 – port-channel port-channe l-number - port-channe l-numb er , where port-channe l-numb er is from [...]

  • Page 249

    11-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Configuring Interf ace Char act eristics Configuring Ethernet Interfaces These sec tions descr ibe the default inte rface configurat ion and the optiona l feature s that you c an configure on mo st physical interface s: • Defaul t Ethern et Interfa ce [...]

  • Page 250

    11-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Con figuring Interface Characteristics Configur ing Ethernet Int erfaces Configuring In terface Sp eed and Du plex M ode The 10/1 00 Ethe rn et int erfac es on a no n-L RE sw it ch oper at e i n 10 or 1 00 Mb ps and i n eith er f ull- o r half-d uplex m[...]

  • Page 251

    11-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Configuring Interf ace Char act eristics Configuring Ethernet Interfaces • If both end s of the line supp ort aut onegotiation , we highly recomm end the defaul t setting of auto negotiatio n. • When conne cting an inter face to a 100B ASE-T devi ce[...]

  • Page 252

    11-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Con figuring Interface Characteristics Configur ing Ethernet Int erfaces Setting the Interface Speed and D uplex Parameter s on a Non-LRE Switch Port Beg i nn i n g i n pr ivi le ge d E X EC mo d e , f o l low t h es e s t e p s t o set the speed and du[...]

  • Page 253

    11-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Configuring Interf ace Char act eristics Configuring Ethernet Interfaces Use the no lo cal spe ed and no local duplex in ter f ac e c onf igur atio n co mman d s to re turn th e i nterfac e to the def ault spee d and duple x set tings. T o return all i [...]

  • Page 254

    11-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Con figuring Interface Characteristics Configur ing Ethernet Int erfaces • rec e ive o f f an d send on : The port send s pause fra mes if the r emote device supports flow contro l but canno t recei ve pause fram es from th e remote de vice. • rec e[...]

  • Page 255

    11-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Configuring Interf ace Char act eristics Monitoring and Maintaining the Interfaces Use the no description interface configurat ion comm and to delete the de script ion. This exam ple sh ows how to ad d a d escr ip tion o n a por t a nd t o verif y th e [...]

  • Page 256

    11-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Con figuring Interface Characteristics Monito rin g and Mai nt aining th e In terfaces For examples of the output fr om thes e comm ands, refe r to the co mman d refe rence for this rel ease and to the Cisco I OS I nterf ace Com mand R eference for Ci s[...]

  • Page 257

    11-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Configuring Interf ace Char act eristics Monitoring and Maintaining the Interfaces This exam ple sh ows how to cle ar a nd re set a po rt : Switch# clear interface fastethernet0/5 Shutting Down and Restarting the Interface Shutting d ow n an inte rface [...]

  • Page 258

    11-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 11 Con figuring Interface Characteristics Monito rin g and Mai nt aining th e In terfaces[...]

  • Page 259

    C HAPTER 12-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 12 Configuring Smartports Macro s This chapt er describ es ho w to configure and a pply Smartpo rts macr os on the Catalyst 295 0 switch. Note For comple te syntax and us age inform ation for the co mmands used in this chapter , refer to the c ommand refer[...]

  • Page 260

    12-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 12 Configur ing Smart ports Mac ros Configuring Smartpor ts Mac ros Cisco also provid es a collection of pretes ted, Cisco-recommende d baseline conf iguration tem plates for Catalyst switc hes. The online reference gui de template s provide th e CLI comman[...]

  • Page 261

    12-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 12 Configuring Smart por ts Macros Configuring Smartports Macros Smartports Macro Configuration Guidelines Follow these guideli nes when configuring ma cros on your sw itch: • When crea ting a macro , do not use the exit or end commands or change th e com[...]

  • Page 262

    12-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 12 Configur ing Smart ports Mac ros Configuring Smartpor ts Mac ros Creating Smartports Macro s Beginn ing in pr i vilege d EXEC mode, follo w the se steps to create a Smartports mac ro: The no form o f the macro name global conf igurati on command only de [...]

  • Page 263

    12-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 12 Configuring Smart por ts Macros Configuring Smartports Macros Applying Smar tpo rts Macro s Beginning i n privileged EX EC mode , follow th ese s teps t o app ly a Sma rtpor ts m acro : Y ou can d elete a global mac ro-app lied configur ation o n a switc[...]

  • Page 264

    12-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 12 Configur ing Smart ports Mac ros Configuring Smartpor ts Mac ros This exam pl e sh ows how to app ly t h e user-cre ate d ma cr o ca lle d snmp , to set the host name address to test- server and to set the IP pre cedence v alue to 7 : Switch(config)# mac[...]

  • Page 265

    12-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 12 Configuring Smart por ts Macros Configuring Smartports Macros Y ou can d elete a global mac ro-app lied configur ation o n a switch onl y by entering the no ver sio n of ea ch comm and th at is in the ma cro. Y ou can delete a ma cro-ap plied co nfigurat[...]

  • Page 266

    12-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 12 Configur ing Smart ports Mac ros Displaying Smartpor ts Mac ros Displaying Smartports Macros T o disp lay the Smar tports ma cros, use on e or more of the pri vile ged EXE C command s in T able 1 2-2 . T able 12-2 Comman ds f or Displ a y ing Smar tports[...]

  • Page 267

    C HAPTER 13-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 13 Configuring LRE This ch apter de scribe s ho w to con fig ure the Lo ng-Reac h Ethern et (LRE) features on you r Catalyst 2950 LRE switch. T his chapter consists of these sectio ns: • Understa ndin g L RE Featu re s, page 13 -1 • Conf igurin g LRE P[...]

  • Page 268

    13-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Unders tanding L RE Featu res Connecti ng a sw it ch L RE po rt to a rem ot e Et her net device (suc h as a PC) req uire s t wo type s of connec tio ns: • LRE link—Th is is the connec tion between the sw itch LRE por t and the RJ-11 [...]

  • Page 269

    13-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Underst anding LRE Fe atures Note Consult the regula tions for connecting to the public switched telep hone network (PST N) in your area. Note U se th e ra tes a nd dist ance s in T able 13-1 and T able 1 3-2 only as guidel ines. Fact ors[...]

  • Page 270

    13-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Unders tanding L RE Featu res Y o ur data rates will al ways be less than th e gross data rate listed in tables. A small percentage of the link rate is used by the Catal yst 2 950 LR E swi tch fo r supe rvis ory f unc tions wit h th e CP[...]

  • Page 271

    13-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Underst anding LRE Fe atures LRE Sequences The LRE sw itches are ship ped with p redef ined sequence s. Sequen ces are sets of prof iles an d are use d with th e rate sele ction feat ure. T he rate se lection fe ature enabl es the swit ch[...]

  • Page 272

    13-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Unders tanding L RE Featu res Beginn ing with the f irst prof ile in a sequence, the switc h attempts to apply each pro file within that sequence to the L RE interf ace. T he switch conti nues these att empts unti l it c on v e r ges ( c[...]

  • Page 273

    13-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Underst anding LRE Fe atures • Certain CPEs do not w ork with certain switch es. For detai ls, see the LRE switch and CPE compatibilit y matrix (see T abl e 1 -2 on page 1-2 ). Y ou ca n connect Ci sco 5 75 LRE CPEs an d Cisco 5 85 LR E[...]

  • Page 274

    13-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Conf igu rin g LR E Por ts LRE Mes sage L ogging Proc ess The Cataly st 2950 LRE switch softw are monito rs switch conditions on a pe r-por t basis and sends the debugging message s to an LRE me ssage logg ing proce ss that is different [...]

  • Page 275

    13-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Configuring LRE Ports Default LRE Configuration This is the defau lt LRE conf iguration: • On the Catal yst 2950ST -8 LRE an d the Cata lyst 2950ST -24 LRE swi tches, the profile on all LRE ports is LRE-10. • On th e Ca talyst 2950 ST[...]

  • Page 276

    13-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Conf igu rin g LR E Por ts • Age and ty pe of wiring— Y ou can estimat e th e type of w iring you h ave based on your site’ s age a nd type. – Newer installation s less than 15 yea rs old often use Category 3 cable in bundles of[...]

  • Page 277

    13-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Configuring LRE Ports • When the link betwee n the LRE switch and the CPE de vice must co -exist in the same cable b undle as an asymmetric di gital subscrib er line (ADSL), we recom mend that you use either the ANSI profile (LR E-9 98[...]

  • Page 278

    13-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Conf igu rin g LR E Por ts betwee n 1 00-Mb ps half dupl ex an d 100- Mbps f ull du plex. Use t he cpe duplex and cpe speed in terfa ce configurati on co mman ds, respe ctively , to configu re the duplex and speed se tting s on the C is[...]

  • Page 279

    13-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Configuring LRE Ports Assigning a Profile to a Specific LRE Port Y ou ca n set pro files on a pe r -port basis. Y ou can assign the same pr ofile or different pr ofiles to the L RE ports on th e switch. Th e default acti ve p rof ile on [...]

  • Page 280

    13-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Conf igu rin g LR E Por ts T o display the LRE lin k statistics and sequence informatio n on the LRE ports, use the show co ntroll ers lre status sequence de tails privileged EXEC comma nd. Assigning a Sequence to a Specific LRE Port Y [...]

  • Page 281

    13-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Configuring LRE Ports • When a link is lo st for 25 secon ds befo re be ing re stored • When a configur ed sequ en ce is mo dified In any of these cases, rate selection obta ins the optimal prof ile for your line condit ions. Note Wh[...]

  • Page 282

    13-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Conf igu rin g LR E Por ts T o unlock a p ort, use the no rate selection p rof ile lock inter face conf igurati on command. Link Qualification and SN R Margins When rate se lection is ru nning, th e SNR is used as an ind icator of li nk[...]

  • Page 283

    13-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Configuring LRE Ports LRE-15 -1 16.667 256 31 33 35 39 LRE-99 8-15- 4 16.667 256 31 33 35 39 LRE-99 7-10- 4 12 .5 256 31 33 35 39 LRE-2 2.08 4 13 15 17 20 LRE-3 3.13 4 13 15 17 20 LRE-4 4.17 4 13 15 17 20 T able 13-7 SNR Re quir ements f[...]

  • Page 284

    13-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Conf igu rin g LR E Por ts The margin ra nge for link qu alificatio n is from 1 to 10 dB. The re comm ended value in a low-noise en vi ronme nt is 2 dB . The recomm ende d value for me dium noi se environment i s 4 dB. T he reco mmen de[...]

  • Page 285

    13-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Configuring LRE Ports Beginning i n privileged E X EC mo de , follow these s teps to a ssign a m argin t o a spe cific LRE po rt: T o return to the default v alues, us e the no margin { downstream | upstre am } interf ace con figu ration[...]

  • Page 286

    13-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Conf igu rin g LR E Por ts Configuring LRE Link Monitor When link mon itor is e nabled, an LRE switch fe ature tracks undesi rable or in terestin g conditi ons on a link o r tak es sy stem-d ef ined ac tions after certai n thres holds a[...]

  • Page 287

    13-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Configuring LRE Ports T o return the port to its default set ting, use the no interleave downstream value upstr eam valu e interf ace conf igu ration com mand. Configuring Upstream Power Back-Off Y ou can co nfigure this fea ture only on[...]

  • Page 288

    13-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Conf igu rin g LR E Por ts T o ret urn the switc h to its d efault se tting, use th e no lr e upbo { noise-mode l | offs et va lue } globa l configurati on comm a nd. Configuring CPE Toggle The CPE togg le featu re is enable d by defaul[...]

  • Page 289

    13-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Upgrading LRE Switch Firmware Beginning i n privileged EX EC mo de , follow these s teps to e na ble t h e sw itch to send de bugging messages to the LRE message log ging process a nd to the system me ssage loggin g process: T o disab le[...]

  • Page 290

    13-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Upgradi ng L RE Switch F ir m w are Note Whe ther upg rading a sing le CPE device or all CPE devices conne cted to an LR E switch, the expected duration of an LRE upg rade is 3 to 6 minu tes. (CPE devices co nnecte d to marginal link s [...]

  • Page 291

    13-25 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Upgrading LRE Switch Firmware When executin g upgra des, you can e lect t o upgr ade a si ngle C PE d e vice or lo cal cont rolle r by using t he hw-module slot module-slot- number upgra de lre [ fo rc e ] [ local ctrlr-unit-number | rem[...]

  • Page 292

    13-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Upgradi ng L RE Switch F ir m w are The no upgrade co ntrolle r configura tion co mmand removes the com mand f or apply ing a p articul ar LR E binary . T o resume de fault upgra de behavior fo r a given control le r, do not configur e [...]

  • Page 293

    13-27 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configuring LRE Displaying LRE Sta tus The CPE de vice fi nishes resetti ng. Ethernet conne cti vity is a vailab le but at lo w s peeds. Upgrade data transfer begins. 00:23:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface LongReachEthernet0/1, change[...]

  • Page 294

    13-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 13 Configur ing LRE Displaying LRE Status[...]

  • Page 295

    C HAPTER 14-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 14 Configuring STP This chapt er describ es ho w to configure the Span ning Tree Protocol (STP) on port -based VLA Ns on your Cataly st 29 50 or Catal yst 2 955 switch. The switch u ses the pe r-VLAN spannin g-tree plus ( PVST+ ) protoc ol based on the IEE[...]

  • Page 296

    14-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures • Spanning- T ree Interoper ability and Backwar d Compatibility , page 14-10 • STP and IE EE 802. 1Q Trunks, pa ge 14- 10 For config uration infor mation, see the “Configuring Spanni ng-Tree[...]

  • Page 297

    14-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Unders tanding Spanni ng-Tree Featu res Spannin g- Tr ee To polo gy and BP DUs The stabl e, acti v e spanning -tree topo logy of a switched network is determ ined by these elem ents: • The un ique bridg e ID (s witch prio rity an d MAC [...]

  • Page 298

    14-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures Bridge ID, Switch Priority, and Extended System ID The IE EE 80 2.1D st anda rd require s that each switch has a n un ique br idge i denti fier (b ridge I D), which determ ines the select ion of t[...]

  • Page 299

    14-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Unders tanding Spanni ng-Tree Featu res • Forwardin g—T he inte rface forwa rds fram es. • Disabled —The interfa ce is not participat ing in spanning tree beca use of a shutdo wn port, no link on the po rt, or no span ni ng-t ree [...]

  • Page 300

    14-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures Blocking State A Layer 2 in ter f ace in th e b lo ckin g state does not p ar tic ipate in frame f o rw a rdin g. Af ter in iti aliz atio n , a BPDU is sent to each interf ace in the switch. A swi[...]

  • Page 301

    14-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Unders tanding Spanni ng-Tree Featu res Disabled State A Laye r 2 int erface in th e disab led state do es not parti cipa te in frame forwar ding or in the span ning tree. An interf ace in the disabled state is nonop erational. A disab le[...]

  • Page 302

    14-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures Spanning Tree and Redun dant Conn ectiv ity Y ou can crea te a redun dant ba ckbon e wit h spannin g tree by co nnecti ng two sw itch int erface s to an other de vice or to tw o dif ferent de vice[...]

  • Page 303

    14-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Unders tanding Spanni ng-Tree Featu res Becau se each VLAN is a sepa rate span ning- tree ins tance, th e switch a ccelerate s aging o n a per -VLAN basis . A spanni ng- tree rec onf igur ation on one VLAN can ca use the dyn amic addr ess[...]

  • Page 304

    14-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures Spanning-Tree Interoperability and Backward Compati bility T able 14-2 lists the interopera bility and com patibility among the s uppo rted s panning -tree mode s in a network. In a mi xed MSTP a[...]

  • Page 305

    14-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Configuring Sp anni ng-Tree Features These sec tions de scribe how to configure s panning -tree fe ature s: • Default Spanni ng-Tree Co nfiguration, p age 14- 11 • Spanning-Tree Co nfiguration G[...]

  • Page 306

    14-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s Spannin g- Tr ee Co nf igura tion Guideli ne s If more VLAN s are def ined in th e VTP than there are spanning -tree inst ances, you can enable PVST+ or rapid PVST+ on only 64 VL ANs. If the n umbe[...]

  • Page 307

    14-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Changing the Spa nning-Tree M ode The sw itch s upports th ree spanning -tree mo des: PV ST+, ra pid PVST +, o r MSTP . By defau lt, the switch runs th e PVST+ pr otoc ol. Beginning in privileged EX[...]

  • Page 308

    14-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s Disabling Sp anning Tree Spanning tree is enab led by defau lt on V LAN 1 and on all newly crea ted VL ANs up to the spannin g-tree limit specif ied in the “Supported Spa nning-Tree Instan ces”[...]

  • Page 309

    14-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Before Cisc o IO S Release 12.1 (9) EA1 , entering the spanning-t ree vlan vlan-id root global conf iguration command on a Catalyst 2950 switch (no extended system ID) ca used it to set its own swit[...]

  • Page 310

    14-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s Beginning in privileged EXEC mo de, fo llow these step s to configur e a switc h to bec ome th e root fo r the specif ied VLAN. Th is procedure is optional. T o ret urn the switc h to its d efault [...]

  • Page 311

    14-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Beginn ing in pri vile ged EXEC mo de, follo w these step s to confi gure a switch to b ecome the second ary root for the speci fied VLAN. This pr ocedur e is optional. T o ret urn the switc h to it[...]

  • Page 312

    14-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s Beginn ing in pri vilege d EXEC mode, follo w these st eps to conf igure the port priority of an interface. This proc edure is option al. Note Th e show spanning-tree int erface interface- id privi[...]

  • Page 313

    14-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Configuring the Path Cost The spanni ng-tr ee path c ost defaul t v alue i s derived from the med ia speed of an i nterfac e. If a loop occurs , spanning tree uses c ost when s electing an interfac [...]

  • Page 314

    14-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s T o ret urn the in terface to its d efault se tting, use the no spanning-tr ee [ vlan vlan-id ] cost interf ace configurati on comm a nd. For inf orm ati on on how to co nfigure loa d sh ari ng on [...]

  • Page 315

    14-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Configuring S pannin g-Tree Timers T able 14-4 descri bes th e timer s that af fect th e entir e spann ing-tree perfo rmanc e. The sectio ns that f ollow prov ide the c onfi guration ste ps. Configu[...]

  • Page 316

    14-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s Configuring the Forwarding -Delay Time fo r a VLAN Beginn ing in pri vilege d EXEC mode, follo w these st eps to conf igure the forwa rding-delay time fo r a VLAN. Th is proc edure is opt ional. T [...]

  • Page 317

    14-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res T o ret urn the switc h to its d efault se tting, use th e no spanning-tr ee vlan vl an-id max-age global configurati on comm a nd. Configuring Spanning Tree for Use in a Cascaded Stack Spanning tr [...]

  • Page 318

    14-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 14 Configuring STP Displaying the Spannin g-Tree Stat us Displaying the Sp anning-Tre e Status T o disp lay the span ning- tree stat us, use on e or more of the pri vile ged EXE C command s in T able 1 4-6 : Y ou can cl ear span ning-t ree counte rs by usi[...]

  • Page 319

    C HAPTER 15-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 15 Configuring MSTP This chapte r describes ho w to conf igure the Ci sco implementatio n of the IEEE 802.1s Multi ple STP (MSTP) o n y our Ca ta lyst 29 50 or Ca talys t 2955 switc h. Note The multiple spanning-tre e (MST) implementa tion is a pre-standa [...]

  • Page 320

    15-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Unders tan din g MSTP Understandin g MSTP MSTP , which uses RSTP fo r rapid conver gence , enable s VLANs to be grouped into a spanni ng-tree instan ce, wi th e ach inst anc e havin g a s pan ni ng-t ree t opol ogy inde pende nt o f oth[...]

  • Page 321

    15-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Unde rsta ndi n g MS TP All MST instances with in the same reg ion share the same protocol timer s, but eac h MST instance has its own topology para meters , such as root switch ID, ro ot path cost, and so fort h. By default, a ll VLANs [...]

  • Page 322

    15-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Unders tan din g MSTP Figur e 15-1 MST Re gions, IS T Mas ter s, and the CS T Root Figure 15-1 does n ot sh ow additional MST instance s for eac h region. Note tha t the to pology of M ST instan ce s ca n be di fferent f rom th at o f t[...]

  • Page 323

    15-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Unde rsta ndi n g MS TP received remain ing h op co unt by on e and p ropaga tes this value a s the re maini ng ho p cou nt in the BPD Us it ge nerates . When t he count reaches z ero, th e switch d iscard s the BPDU and ag es the inf or[...]

  • Page 324

    15-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Unders tan din g RSTP Understandin g RSTP The RSTP takes ad vantage of point- to-po int wiring and provides rapi d conv ergence of the span ning tree . Reconfigur at ion of th e sp anni ng t ree can oc cur in less t han 1 s econd (in co[...]

  • Page 325

    15-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Understa nding RST P T o be consisten t with Cisco STP implementatio ns, this guide docume nts the port state as bloc king instead of discar ding . Designated ports start i n the listening sta te. Rapid Con vergenc e The RSTP provides fo[...]

  • Page 326

    15-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Unders tan din g RSTP The swi tch dete rmi nes the lin k type fr om th e po rt du plex mode : a full -d uplex por t is c ons ide red t o hav e a point-to -poin t conne ction; a half -duplex por t is co nsidere d to have a shar ed co nne[...]

  • Page 327

    15-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Understa nding RST P Figur e 15-3 Sequence of Ev ents Du r ing Rapid Con ver g ence Bridge Protoco l Data Unit Format an d Process ing The R STP BP DU for mat is th e sam e as t he IEEE 802.1D BPD U fo rmat exce pt tha t th e proto col v[...]

  • Page 328

    15-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Unders tan din g RSTP The RSTP does not have a separate topol ogy chan ge notificati on (TCN) BPDU . It uses the topology change (T C) flag to sho w the to pology cha nges. Ho wev er , f or interoper ability with 802 .1D switches, th e[...]

  • Page 329

    15-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Confi guring MST P Featu res • Propagat ion—When an RSTP switch re ceives a TC messa ge from anot her switch t hrough a designat ed or r oot por t, it pro pagat es the cha ng e t o al l o f it s non ed ge, d esig na ted por ts a nd [...]

  • Page 330

    15-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Configur ing MSTP F eatures Default MSTP Configuration T able 15-3 shows the de fault M ST P configur ation . For informat ion about the suppor ted number of spanning- tree in stance s, see the “Supporte d Spanning -Tree Instan ce s?[...]

  • Page 331

    15-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Confi guring MST P Featu res of the MST regions mu st contain th e CST root, and al l of th e ot her MST r egions must have a better path to the r oot co ntaine d with in t he MST cl oud t han a pat h th rou gh the PVST+ or ra pid- PVST[...]

  • Page 332

    15-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Configur ing MSTP F eatures T o retur n to the defa ult M ST region configurat i on, u se th e no spanning- tree mst configurat ion globa l conf iguration c ommand. T o return to the defa u lt VLAN-to- instance map, use the no i nstanc[...]

  • Page 333

    15-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Confi guring MST P Featu res If an y root switch for the specif ied instance h as a switch p riority lo wer than 24576, th e switch sets its o wn prior ity to 4096 less than the lo west swit ch priority . (4 096 is the v alu e of the le[...]

  • Page 334

    15-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Configur ing MSTP F eatures T o ret urn the switc h to its d efault se tting, use th e no spanning-tr ee mst insta nce-id roo t globa l configurati on comm a nd. Configur ing a Se co ndar y R oot S witch When you c onfigure a C atal ys[...]

  • Page 335

    15-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Confi guring MST P Featu res T o ret urn the switc h to its d efault se tting, use th e no spanning-tr ee mst insta nce-id roo t globa l configurati on comm a nd. Configuring the Port Priority If a l oop occur s, the MST P uses the port[...]

  • Page 336

    15-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Configur ing MSTP F eatures Configuring the Path Cost The MSTP path cost def ault v alue is deri v ed from the media speed of an interf ace. If a loop oc curs, the MSTP use s cost when se lecting an interfac e to put in the for warding[...]

  • Page 337

    15-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Confi guring MST P Featu res Configuring the Switch Priority Y o u can conf igure the switc h priority and mak e it more likely that the switch will be chosen as the root switch. Note Exercis e care when using this comm and. F or mos t [...]

  • Page 338

    15-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Configur ing MSTP F eatures Beginn ing in pri vileg ed EXEC mode, follo w these st eps to conf igure the hello time for al l MST instances. This pro cedure is optional. T o retur n the sw itch to i ts def ault setting , use the no span[...]

  • Page 339

    15-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Confi guring MST P Featu res Configuring the Maxi mum-Aging Time Beginning in privileged EX EC mode, fol low these steps to con figure the maxi mum- aging tim e for all MST inst ance s. This proc edure is optio nal. T o return the switc[...]

  • Page 340

    15-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Configur ing MSTP F eatures Specifying the Link Type to Ensure Rapid Transitions If you con nect a port to anothe r port throug h a point-t o-po int link an d the local port beco mes a designated por t, the RSTP negoti ates a rapid tra[...]

  • Page 341

    15-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Configuring MSTP Displaying the MST Configuration and Status Displaying the MST Configuratio n and Status T o disp lay the span ning- tree stat us, use on e or more of the pri vile ged EXE C command s in T able 1 5-4 : For informati on about oth er keyw[...]

  • Page 342

    15-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 15 Co nfiguring MSTP Displaying the MST Configu rat ion and Status[...]

  • Page 343

    C HAPTER 16-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 16 Configuring Optional Spannin g-Tree Features This c hapt er d escri b es how to c onfigure opt iona l spa nn ing-tr ee f e atur es on yo ur Ca talyst 2950 o r Catalyst 2 955 sw itch. Y ou can configure a ll of t hese featur es whe n your switch is runn [...]

  • Page 344

    16-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures Understand ing Port Fa st Port Fast immedia tely br ings an inte rface configured as an acces s or trunk port to t he forwardin g state from a bloc ki[...]

  • Page 345

    16-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Understan ding Optio nal Spanni ng-Tr ee Features Y ou ca n enab le th e BPD U guar d featur e for th e ent ire sw itch or for an int erface . Understanding BPDU Filtering The BPDU fil tering featu re can b[...]

  • Page 346

    16-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures If a switch loo ses connecti vity , it be gins using t he alternate pa ths as soon as the spann ing tree selects a new root port . By e nabl ing U pli[...]

  • Page 347

    16-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Understan ding Optio nal Spanni ng-Tr ee Features Figur e 16-4 UplinkF ast E xample Af t er Dir ect Link F ailure Understand ing Cross -Stack Up linkFast Cross-stack UplinkF ast (CSUF) pro vides a fast span[...]

  • Page 348

    16-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures Figur e 16-5 Cros s-Stack U plinkF ast T opolog y CSUF uses the Stack Membe rship Discovery Protoc ol to build a neighb or list of stack m embers thr [...]

  • Page 349

    16-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Understan ding Optio nal Spanni ng-Tr ee Features Events that Cause Fast Convergence Depen ding on the ne twor k event or fai lure , t he CSU F fa st c onv ergence mi gh t or mig ht n ot oc c ur . Fast con [...]

  • Page 350

    16-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures Connecting the Stac k Ports A fas t transiti on occu rs across th e stack of switches if the multidro p backbone co nnectio ns are a continuo us link [...]

  • Page 351

    16-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Understan ding Optio nal Spanni ng-Tr ee Features Understand ing Back boneF ast Backbo neFas t detects ind irect failures in the core of th e backbon e. Backbo neFas t is a complem entary technol ogy to the[...]

  • Page 352

    16-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures If lin k L 1 fail s as s hown in Figur e 16-8 , Switch C cannot det ect this f ailure bec ause it is not co nnected direct ly to link L1. Ho weve r, [...]

  • Page 353

    16-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Understan ding Optio nal Spanni ng-Tr ee Features Understand ing Ethe rCha nnel Gua rd Y ou can use Ethe rCha nne l gua rd to det ect an Et herC han ne l mi sconfigurat ion be twee n the switc h a nd a con[...]

  • Page 354

    16-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Configur ing Optiona l Spanning- Tree Fea tures Figu re 1 6-10 Ro ot G uard in a Se rvic e-P rovider Network Understand ing Loop Guard Y ou can use l oo p g uard to p revent altern at e o r roo t po rts [...]

  • Page 355

    16-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures • Enab ling B ackb oneFast, page 1 6-1 8 (op tional) • Ena bling Ether Chann el Guar d, pa ge 16-1 8 (optiona l) • Enab ling Root Guard, pa ge 16-1 9 (o[...]

  • Page 356

    16-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Configur ing Optiona l Spanning- Tree Fea tures Beginn ing in pri vile ged EXEC mode, follo w these steps to enab le Port Fast. Th is procedure is optional. Note Y o u can use the spanning-tree por tfast[...]

  • Page 357

    16-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures Y ou ca n also use the spanning-tree bpduguard e nable interfac e conf iguration command to enable BPDU gu ar d on a n y po rt with o ut als o en ab ling th e[...]

  • Page 358

    16-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Configur ing Optiona l Spanning- Tree Fea tures Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to globally enab le the BPDU f iltering feat ure. This proc edure is option al. T o disab le BPD[...]

  • Page 359

    16-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures When UplinkF ast is enabled, the switc h priority of all VLANs is set to 49152. If you change th e path cost to a value less t han 3000 a nd you e nable Up li[...]

  • Page 360

    16-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Configur ing Optiona l Spanning- Tree Fea tures T o disa ble CSUF o n an interf ace, us e the no spanning-tree st ack-port interf ace conf iguration comman d. T o disabl e Uplin kFast on the switc h and [...]

  • Page 361

    16-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures T o disabl e the Ethe rChann el guar d feat ure, use the no spanning-tree et herchannel guard misconf ig global configurat ion comm and. Y ou can use the show[...]

  • Page 362

    16-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 16 Configurin g Optiona l Spann ing-Tr ee Featu res Displaying the Spannin g-Tree Stat us Y ou can en ab le this fea ture if yo ur sw itch i s r unnin g PVST+, r api d PVST +, or MST P . Beginn ing in privile ged EXEC mode, follo w these steps to enable l[...]

  • Page 363

    C HAPTER 17-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 17 Configuring VLANs This c hapt er d escri b es how to c onfigure norm al -ra nge V LAN s (V L AN IDs 1 to 100 5) and extended-ra ng e V LAN s ( VLAN I Ds 10 06 to 4 094) on y our C ataly st 2950 or Ca taly st 2955 switc h. I t includes info rmation about[...]

  • Page 364

    17-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Unders tan ding VLAN s Figure 17-1 shows an exam ple of V L ANs segmented into l ogica lly defined n etwor ks. Figur e 17 -1 VLANs as Logica lly Defined Netw or ks VLANs are of ten assoc iated with IP su bnetw orks. F or ex ample, all[...]

  • Page 365

    17-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Unde rst an din g VLA Ns VLAN Port M embership M odes Y ou configur e a port to belong t o a VLA N by assigning a memb ership mo de that de termi nes the kind of traf fic the port c arries and t he number of V LANs to which i t can bel[...]

  • Page 366

    17-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing Normal- R ang e VLAN s Configuring Normal -Range VLANs Normal- range VL A Ns are VL ANs with VLA N I Ds 1 to 1005 . If the sw it ch is in VT P server or transpare nt mod e, y ou ca n a dd, modi fy or r e move configurat i[...]

  • Page 367

    17-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Configur ing N orma l -R ang e VL A N s This sect ion incl udes infor mation ab out these topics about norma l-ran ge VLAN s: • T oken Ring VLAN s, page 17- 5 • Normal -R ange VL AN Con figurat ion Guid eli nes , pa ge 17- 5 • VL[...]

  • Page 368

    17-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing Normal- R ang e VLAN s is to a llow all VLA Ns ), th e new VLAN is ca rrie d o n all t ru nk po rts. Dep end ing o n the topo l ogy of the network, this c ould crea te a loop in the n ew VLAN that would not be broken, pa [...]

  • Page 369

    17-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Configur ing N orma l -R ang e VL A N s Saving VL AN Configur ation The co nfiguration s of VLAN IDs 1 to 10 05 are a lways sa ved in the VLA N database (vlan.d at file). If VTP mode is transpa rent, they a re also saved in the swi tch[...]

  • Page 370

    17-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing Normal- R ang e VLAN s Creating or Modifyin g an Et hernet VLAN Each E the rnet VL AN in th e VLAN d ata base ha s a u niq ue, 4- digit I D th at ca n b e a nu mber fr om 1 to 1 001. VLA N IDs 1002 to 1005 a re reserved f[...]

  • Page 371

    17-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Configur ing N orma l -R ang e VL A N s T o return the VLAN name to the defa ult settings, use the no vlan name , no vl an mtu , or no remote span config-vl an co mman ds. This e xam ple sh ow s ho w to us e conf ig- vlan mode to creat[...]

  • Page 372

    17-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing Normal- R ang e VLAN s Note Y o u canno t c onfigure an RSP AN VLAN in V LAN da tabase configu ratio n m ode. T o return the VLAN name to the defaul t settings, use th e no vlan vlan-id name or no vl an vlan-id mtu VLAN [...]

  • Page 373

    17-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Configur ing N orma l -R ang e VL A N s Assigning S tatic-Ac cess Ports to a VLAN Y ou can assig n a s tatic- acc ess po rt t o a V LAN wit ho ut having VTP globa ll y p ropaga te VLA N configurati on info rmation by disabling VTP (V [...]

  • Page 374

    17-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing Extended-R ange VLA Ns Configuring Ex tended-Rang e VLANs When the switch is in VTP transparent mode (VT P disabled) and the EI is installed) , you can create extended -rang e VLA Ns ( in the ra nge 1006 t o 4094). E xte[...]

  • Page 375

    17-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Confi guring Exte nded-Ra nge VL ANs • VLANs in the exten de d ra nge are n ot su ppo rte d by VQ P . They cann ot be co nfigured by VMPS. • STP is enable d by default on extended -range V LANs, but you can di sable it by using th[...]

  • Page 376

    17-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Displa ying VL ANs T o delete an exte nded-rang e VLAN, use the no vlan vlan-id global configurat ion comm and. The proc edure fo r assign ing stat ic-acc ess port s to an ext ended-r ange VLAN is the s ame as for normal-ra nge VL AN[...]

  • Page 377

    17-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Config uri n g VL AN Tr unk s Configuring VLAN T runks These sec tions descr ibe how VLAN trunks functio n on the swi tch: • T runking O verview , page 17-15 • 802.1 Q Configuration Cons ider ation s, page 17-16 • Default La yer[...]

  • Page 378

    17-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing VLAN Trunk s • If you do not int end to trunk ac ross thos e links, use th e switchport mode access inte rface configurati on comm a nd t o d isable tr unk ing. • T o enabl e tr unk ing t o a d evice tha t do es no t[...]

  • Page 379

    17-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Config uri n g VL AN Tr unk s • Make sur e t he nat ive VLAN f or an 80 2. 1Q tru nk is t he s am e on bo th ends of the tr unk li nk. I f the nativ e VLA N on one end of t he trunk is different from the na ti ve VLAN on the other e[...]

  • Page 380

    17-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing VLAN Trunk s Interaction with Other Features T runking i nteract s with othe r features in these way s: • A trunk por t c an not be a sec ure port . • T runk ports can be grouped i nto EtherC hanne l port gro ups, bu[...]

  • Page 381

    17-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Config uri n g VL AN Tr unk s T o return an interface to its default conf iguratio n, use the default interf ace interface-id interface configurat ion com mand. T o re set a ll tru nking cha r act eris tic s of a tr unk ing int erfac [...]

  • Page 382

    17-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing VLAN Trunk s T o ret urn to the def ault allo wed VLAN list o f all VLANs, use th e no switchport trunk allowed vlan interf ace conf igu ration com mand. This e xample shows ho w to remo v e VLAN 2 f rom the allo wed V L[...]

  • Page 383

    17-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Config uri n g VL AN Tr unk s T o retur n t o th e defaul t pr uning -e lig ibl e list o f a ll VLA Ns , u se the no switchport trunk pruning vlan interf ace conf igu ration com mand. Configuring the Native VLAN for Untagged Traff ic [...]

  • Page 384

    17-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing VLAN Trunk s Load Sha ring Using STP Load sha r ing d ivides the ban dw idth supp lied by par a llel t ru nks co nne ct ing s witc he s. T o avoid loop s, STP normally blo cks all b ut one parallel lin k between switches[...]

  • Page 385

    17-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Config uri n g VL AN Tr unk s Beginning in pr ivileged EXEC m ode, fol low these steps t o configure t he network shown in Figur e 17- 3 . Comma nd Purp ose Step 1 configur e terminal Ente r global configurati on mode on Swi tch 1. St[...]

  • Page 386

    17-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configur ing VLAN Trunk s Load Sharing Using STP Path C ost Y ou can co nfigure para llel trunks to sha re VLAN tr aff ic by setting different pat h costs on a trunk an d associ ating the path costs with dif feren t sets of VLA Ns. T[...]

  • Page 387

    17-25 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Configuring VMPS Configuring VMPS The swi tch c annot be a VMPS s erver b ut can act as a clien t to th e VMPS an d com municate w ith it through the VLAN Que ry Protocol (VQ P). VMPS dyna mically ass igns dynam ic acce ss port VLAN m[...]

  • Page 388

    17-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configuring VMPS • If the V LAN in the dat abase does not match th e cur rent VLA N on th e port a nd ac tiv e hosts exist o n the port, the VMPS sends an access- deni ed or a port -shut down resp onse, de pendi ng o n t he sec ur [...]

  • Page 389

    17-27 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Configuring VMPS Default VMPS Client Configuration T able 17-6 shows the de fault VM PS and dy na mic po rt c on figuration on clie nt sw itch es. VMPS Configuration Guidelines These gui deline s and restric tions appl y to dynamic a [...]

  • Page 390

    17-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configuring VMPS Configuring the VMPS Client Y ou con figure dyna mic VLA Ns by usin g the V MPS (s erver). Th e switc h can b e a VM PS clien t; it cannot be a VMPS server . Entering the IP Address of the VMPS Y o u must f irst ente[...]

  • Page 391

    17-29 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Configuring VMPS T o return an interface to its default conf iguratio n, use the default interf ace interface-id interface configurati on comm and. T o retu rn an inter face to its defa ult switch port mode (dynam ic desirab le), use [...]

  • Page 392

    17-30 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configuring VMPS T o ret urn the switc h to its d efault se tting, use th e no vmps r econf irm global configura tion co mman d. Changing the Retry Count Beginn ing in pri vileg ed EXEC mode, follo w these st eps to change the number[...]

  • Page 393

    17-31 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Configuring VLA Ns Configuring VMPS This i s a n exam ple of out put for th e show v mps privileged EXE C c omma nd: Switch# show vmps VQP Client Status: -------------------- VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS doma[...]

  • Page 394

    17-32 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 17 Co n figuring VLANs Configuring VMPS Figur e 17 -5 Dynamic P or t VLAN Membe rship Con figur ation Primar y VMPS Ser ver 1 Catalyst 6500 series Secondar y VMPS Ser ver 2 Catalyst 6500 series Secondar y VMPS Ser ver 3 172.20.26.150 172.20.26.151 Catalyst[...]

  • Page 395

    C HAPTER 18-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 18 Configuring VTP This c hapt er d escri b es how to us e t he V LAN Trunking Pr otoc ol ( VTP) a nd t he V LAN dat aba se for managing VLANs on you r Catalyst 2950 or Catalyst 2955 swi tch. Note For comple te syntax and us age inform ation for the co mma[...]

  • Page 396

    18-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Unders tan din g VTP The VTP Do main A VTP do ma in ( also c alle d a VLA N ma nage ment domai n ) con sis ts of o ne sw itch or several interconn ected swit ches under th e same a dministrati ve responsibili ty sharing the same VTP d oma[...]

  • Page 397

    18-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Understanding VTP VTP Mode s Y ou can co nfigure a support ed switch t o be in one of the VTP mod es listed in Ta b l e 1 8 - 1 . When the netwo rk is configu red with more than the maximu m 2 50 VLANs, the switch auto matically changes f[...]

  • Page 398

    18-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Unders tan din g VTP • MD5 diges t VLAN co nf igurat ion, in clud ing max imum tr ansmi ssion unit (M TU) si ze fo r each VLAN. • Frame fo rmat VTP adv ertis ements distrib ute this VLAN information for each conf igured VLAN: • VLAN[...]

  • Page 399

    18-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Understanding VTP Figur e 18-1 Flooding T raf fic w ithout VTP Pr uning Figure 18-2 shows a switched ne twork with VTP pr uni ng enabled. The broadcas t t raff ic from Switch A is not fo rwa rded to Swit ch es C, E, and F becaus e traf fi[...]

  • Page 400

    18-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Conf igu rin g VTP VTP pruning is not designed to func tion in VTP transparent mode . If one or more switches in the netwo rk are in VTP transparen t mode, yo u should do on e of thes e: • T urn off VTP prun ing in the en tire network .[...]

  • Page 401

    18-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Configuring VTP VTP Configuration Options Y ou can co nfigure VTP by using these configurati on modes. • VTP Configura tion i n G loba l Co nfigurati on M ode, pa ge 1 8-7 • VTP Configurat ion in VLA N Configuratio n Mod e, p ag e 18-[...]

  • Page 402

    18-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Conf igu rin g VTP VTP Configuration Guidelines These sec tions descr ibe guid elines you should fol low when implem entin g VTP in your ne twork. Domain Names When co nfiguring VTP f or the first tim e, y ou mu st always a ssign a do mai[...]

  • Page 403

    18-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Configuring VTP VTP Ve rs ion Foll ow these gui delines whe n deciding which VTP ver sion to im plement: • All switches in a VTP domain must run the same VTP versi on. • A VTP ver sion 2-capab le switch can op erate i n the same VTP d[...]

  • Page 404

    18-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Conf igu rin g VTP When you con figure a domain na me, it cannot be rem oved; you can only rea ssign a switc h to a different domain. T o retu rn the swit ch t o a no-pa ssword s ta te, us e t he no vtp password global configurati on com[...]

  • Page 405

    18-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Configuring VTP This exam ple sh ows ho w to use VLA N configurat ion m ode to configure the switc h as a VTP server with the domain name eng_ gr oup and th e password mypassw or d : Switch# vlan database Switch(vlan)# vtp server Switch([...]

  • Page 406

    18-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Conf igu rin g VTP Note Y o u can also c onfigure a VTP clie nt by using the vlan dat abase priv ileg ed EXEC command to enter VLAN c onfiguratio n mode a nd e ntering the vtp client command, simi lar t o the secon d p rocedur e und er ?[...]

  • Page 407

    18-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Configuring VTP Note Y o u can also c onfigure VTP transpa rent mod e by using the vlan data base privileged EXEC comm and to ente r VLAN c onfiguratio n mode a nd by enter ing th e vtp tran spar ent command, si milar t o the s econd pro[...]

  • Page 408

    18-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Conf igu rin g VTP Enabling V TP Prunin g Pruning inc reases available bandwi dth by restric ting flood ed traffic to those trunk links th at the traffic must use to acces s the destinat ion devices. Y ou can o nly ena ble VTP pr uning o[...]

  • Page 409

    18-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Configuring VTP Beginning i n privileged E XEC mo de, foll ow these s teps to ver ify an d r es et th e VTP co nfigurati on revision number on a switch befor e adding it to a VTP domain: Y o u can also ch ange the VTP domain na me by ent[...]

  • Page 410

    18-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 18 Configuring VTP Monito rin g VTP Monitoring VTP Y ou monito r VT P by disp layi ng V T P configura tion i n forma tion: th e dom ain name , t he c urre nt V TP revision, and the n umb er of VL AN s. Y ou ca n a lso displ ay stat ist ics ab out t h e adv[...]

  • Page 411

    C HAPTER 19-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 19 Configuring Voic e VLAN This ch apt er descri bes how to configu re the voice V LAN featur e on your Cat alyst 2950 or Cata lyst 2 955 switch. V oice VLAN is sometimes r eferred to as an auxiliary VLAN in the Catalyst 6 000 family swi tch documen tatio [...]

  • Page 412

    19-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 19 Configuring Voice VLAN Configuring Voic e VL AN Figure 19-1 shows one way to conne ct a Cisco 7960 IP Phone. Figur e 19-1 Cisco 7960 IP Ph one Connect ed to a S witc h When the IP Phone conne cts to the switch, the access p ort (PC-to- telep hone jack) o[...]

  • Page 413

    19-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 19 Configuring Voice VLA N Configuring Voice VLAN Voice V LAN Con figuration Guide lines These a re the v oic e VLAN con figu ration guid elines: • Y ou shou ld configure voice VLAN on sw it ch a ccess p orts. • The Port Fas t featu re is au tomatical l[...]

  • Page 414

    19-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 19 Configuring Voice VLAN Configuring Voic e VL AN Configuring Ports to Carr y Voice Traffic in 802.1Q Frames Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to conf igure a port to carry v oice tr af fic in 802.1 Q fram es for a speci fic VLAN: [...]

  • Page 415

    19-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 19 Configuring Voice VLA N Configuring Voice VLAN Overriding the CoS Pr iority of Incoming Data Frame s Y ou ca n con nect a PC or o ther d ata d evice to a Cisco 7960 IP Phon e port . T he PC can ge ne rate packets with an assigned CoS valu e. Y ou can con[...]

  • Page 416

    19-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 19 Configuring Voice VLAN Displa ying Vo ice VLA N Configuring the IP Phone to Tr ust the CoS Priority of Inc oming Data Frames Y ou ca n con nect a PC or o ther d ata d evice to a Cisco 7960 IP Phon e port . T he PC can ge ne rate packets with an assigned [...]

  • Page 417

    C HAPTER 20-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 20 Configuring DHCP Features This ch apt er descri bes how to configur e DHC P snoopi ng and t he o ption-82 d ata in sertion featu res on the Catalyst 2950 or Ca talyst 2955 swi tch. T o use the fea tures de scri bed i n this cha pter, you must have the e[...]

  • Page 418

    20-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 20 Configuri ng DHCP Feature s Unders tan din g D HCP Feature s DHCP Server The DHCP server as signs IP a ddresse s from specified address poo ls on a switch or r outer to DHCP clients a nd manag es them . If the D HCP server ca nnot give the DHCP client th[...]

  • Page 419

    20-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 20 Configuring DH CP Features Understa nding DHCP Fe atures The s witch d rops a DHCP pack et when one of the se si tuations occur s: • A pack et from a DHCP serv er , such as a DHCPOFFER, DHCP A CK, DHC PN AK, or DHCP LEA SEQU ER Y packet, is rec eived f[...]

  • Page 420

    20-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 20 Configuri ng DHCP Feature s Unders tan din g D HCP Feature s When you ena ble the DHCP snoo ping info rmati on optio n 82 on the switch, this seque nce of events occurs: • The host (DHCP client) genera tes a DHCP request and broadcasts it on the netw o[...]

  • Page 421

    20-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 20 Configuring DH CP Features Config uring DHC P Features Figur e 20-2 Suboption P ack et F or mats Configuring DHCP Features These sec tions de scri be how to c on figure DH CP snoo pi ng a nd opti on 82 o n y our swit ch: • Default DH CP Configuration ,[...]

  • Page 422

    20-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 20 Configuri ng DHCP Feature s Configur ing DHCP Fe at ures DHCP Snooping Configuration Guidelines These ar e the configur ation g uidelin es for DHCP snoo ping. • Y ou must globa lly en able DHCP snoo ping on the switch . • DHCP snooping is not acti ve[...]

  • Page 423

    20-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 20 Configuring DH CP Features Config uring DHC P Features Enabling DHC P Snoo ping and Op tion 82 Beginning in privileged E XEC mo de, fol low these s teps t o ena ble DHC P snoo pi ng on the swi tch . T o disable DHCP sno oping, use the no ip dhcp snooping[...]

  • Page 424

    20-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 20 Configuri ng DHCP Feature s Disp l ay in g DHC P In form atio n Displaying DHCP Information Y ou can di splay a DHCP sno oping bindi ng table and configuratio n informat ion for all interfaces on a switch. Displaying a Binding Table The DH CP snooping bi[...]

  • Page 425

    C HAPTER 21-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 21 Configuring IGMP Sno oping an d MVR This cha pter d escribes h ow to configure In ternet Gr oup Ma nageme nt Prot ocol (IGM P) snoop ing on your Catalyst 295 0 o r Catalyst 2 955 switch , including an a pplication of local IGMP s noop ing, Multicast VLA[...]

  • Page 426

    21-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Unders tan ding IGM P Snoo ping the switc h adds the host p ort numb er to the for wardin g table en try; when it recei ves an IGMP Lea v e Group message from a host, it remo ves the host port from the table entry . [...]

  • Page 427

    21-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping An IGMPv 3 sw itc h ca n r ece ive messages f rom a nd forwa rd me ssage s to a device ru nning the So urce Specif ic Multica st (SSM) featu r e. F or more in format ion, refer to the “ Co[...]

  • Page 428

    21-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Unders tan ding IGM P Snoo ping Note that the switc h hardware can distin guish IGMP information pack ets from other pack ets for the multicas t group. • The fir st entry in the table tells the switching engine to [...]

  • Page 429

    21-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping When ho sts want to lea v e a multic ast group , they can e ither silen tly lea ve, or the y can send a leav e message . When th e switc h receives a leave message f rom a h ost, it se nds o[...]

  • Page 430

    21-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Configuring IG MP Sn ooping The default learning method is IP mu lticast- source -only lea rning. Y ou can disable IP multic ast- sour ce-o nly lea rnin g by u sin g the no ip igmp snooping source- only-lear ning glo[...]

  • Page 431

    21-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Enabling or Disa bling IGM P Sn oopin g By default, IGM P snoopin g is globall y enab led on the swit ch. When glob ally en abled or disabled, i t is also enabled or disa bled in all existin g[...]

  • Page 432

    21-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Configuring IG MP Sn ooping Setting th e Snoo ping M ethod Multicast -capable rou ter ports are added to the forwa rding table fo r e very L ayer 2 multicast entry . The switch learn s of such port s through one of t[...]

  • Page 433

    21-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Vlan 1: -------- IGMP snooping :Enabled Immediate leave :Disabled Multicast router learning mode :pim-dvmrp Source only learning age timer :10 CGMP interoperability mode :IGMP_ONLY T o retur n[...]

  • Page 434

    21-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Configuring IG MP Sn ooping Configuring a Host Statically to Join a Group Hosts or La yer 2 port s normal ly join m ulticast groups dyna micall y , but you c an also stat ically con figure a host on an in terface . [...]

  • Page 435

    21-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping T o disa ble IGMP Immediate -Lea ve o n a VLAN, use the no ip igmp snooping vlan vl an-i d immediate-lea ve global c onfigurati on com mand. This exam ple sh ows how to enabl e I G MP i mm ed[...]

  • Page 436

    21-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Configuring IG MP Sn ooping Note W e strongly reco mmend that you do no t disable I P multicas t-source-only learnin g. IP multic ast- source -o nly lea rnin g sh ould be d isab led on ly i f your ne twork is n ot c[...]

  • Page 437

    21-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Displaying IGMP Snooping Information T o disable the ag ing of t he for wardi ng table en tri es, e nter the ip igmp snooping source-only-learning age-ti mer 0 g loba l c onfigura tion c om mand. If you disab le sourc[...]

  • Page 438

    21-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Unde rs ta n din g Mu ltic as t V LAN Reg i stra t io n Understandin g Multicast VL AN Registrati on Multica st VLA N R egistrat ion (M VR) is desi gned f or ap pli cati ons usi ng wi de-sc ale d ep loymen t of mult[...]

  • Page 439

    21-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Underst anding Multicast VLAN Registration Using MVR in a M ulticast Television Application In a multicast tel ev ision applicatio n, a PC or a television with a set-top box can recei ve the multicast stream. Mult ipl[...]

  • Page 440

    21-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Unde rs ta n din g Mu ltic as t V LAN Reg i stra t io n Figur e 21 -3 Multicast VLAN Registra tion Examp le MVR elimin ates the need to duplicate tele vision-c h annel multi cast traf fic for subscribers in e ach VL[...]

  • Page 441

    21-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Configuring MVR Configuring MVR These se ctions inc lude basi c MVR conf igur ation inf ormation : • Default MVR Co nfigurati on, p ag e 21- 17 • MVR Configurati on Guidel ines and Limit ations, page 21-17 • Con[...]

  • Page 442

    21-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Conf igu rin g MVR Configurin g MVR Glob al Para meters Y ou do not need to set the opt ional M VR para meters i f you ch oose to use th e default sett ings. If you do want to change th e default param eters (excep [...]

  • Page 443

    21-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Configuring MVR This e xample sho ws how to enable MVR, conf igure the MVR group addr ess, set the query time to 1 second (10 tenths), specif y the MVR multicast VLAN as VLAN 22, set the MVR mode as dynamic, and ve ri[...]

  • Page 444

    21-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Conf igu rin g MVR T o return the interface to its default settings, u se the no mvr [ typ e | immediate | vlan vlan -id | grou p ] interf ace conf igu ration com mands. This exam pl e sh ows how to con figure a por[...]

  • Page 445

    21-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Displaying MVR Information Displaying MVR Information Y o u can disp lay MVR i nformation fo r the switch or for a specif ied in terface. Beginning i n privileged EX EC mode , use t he c om mand s i n T able 21- 6 to [...]

  • Page 446

    21-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Con figur ing IGM P Fil ter in g an d Thr o tt li ng Note IGM Pv3 join an d leave messages are not suppo rted on switc hes runnin g IGMP filtering. Y ou can also set the maximum number of IGM P groups that a Layer 2[...]

  • Page 447

    21-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling • permit : Spec ifie s that matc hing addresses are perm itted. • rang e : Specif ies a ra nge o f IP addre ss es for th e prof ile. Y ou can enter a sin gle IP addre ss o[...]

  • Page 448

    21-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Con figur ing IGM P Fil ter in g an d Thr o tt li ng Applying IGMP P rofil es T o contr ol acc ess as d efined in an IGM P pro file, use th e ip igmp filte r interface c onfig uration command to apply the pro file t[...]

  • Page 449

    21-25 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling Setting th e Maximum Numbe r of IGMP Groups Y ou can set the maxim um numbe r of IGM P groups t hat a Layer 2 interface c an joi n by using the ip igmp max-groups interf ace c[...]

  • Page 450

    21-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Con figur ing IGM P Fil ter in g an d Thr o tt li ng • If you conf igure the throt tling action and set the maxi mum group limitation af ter an interfa ce has added mu lticast en tries to th e forwa rding tabl e, [...]

  • Page 451

    21-27 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Configuring IGMP Sno oping and M VR Displaying IGMP Filtering and Throttling Configuration Displaying IGMP Filtering and Throttling Configuration Y ou can display I GMP p rofile charac teristic s, and you can display t he IGM P profile and maximu m grou[...]

  • Page 452

    21-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 21 Co nfiguring IGMP S noo ping and M VR Displaying IGMP Filterin g and Thro tt ling Co nfigurat ion[...]

  • Page 453

    C HAPTER 22-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 22 Configuring Port-Base d Traffic Control This c hapt er desc ribes h ow to configure t he p ort-ba sed t raff ic control feat ures on you r C atalyst 2950 or Catalyst 2955 swi tch. Note For comple te syntax and us age inform ation for the co mmands used [...]

  • Page 454

    22-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port-Based Traffic Co ntro l Configuring Stor m Control Understand ing Storm Control A pack et storm occ urs when a lar ge numb er of broad cast, un icast, or multi cast pack ets ar e recei v ed on a port. Forward ing these packets can ca use[...]

  • Page 455

    22-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port -B ased Tra ffic Control Configuring Storm Control The outp ut f rom t he show storm-c ontrol privileged EXE C com ma nd shows the u ppe r, lo wer, and curren t thresho lds as a perc ent age of the tota l bandwi dth or the pa ckets per s[...]

  • Page 456

    22-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port-Based Traffic Co ntro l Configuring Protected Po rts Disabling Stor m Co nt rol Beginning i n privileged E X EC mo de , follow these s teps to d isab le sto rm c ontr ol: Configuring Prote cted Ports Some appl ications re quire tha t no [...]

  • Page 457

    22-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port -B ased Tra ffic Control Configuring Port Blocking Beginning in privileged EXE C mode, foll ow these step s to define a port as a pro tected port: T o disa ble pr otected p ort, use th e no switchport protected interface co nfigurati on [...]

  • Page 458

    22-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port-Based Traffic Co ntro l Configur ing Port Blocking Beginn ing in pri vile ged EXE C mod e, follo w these steps to disable th e f loodin g of mult icast and unica st packet s to an interfa ce: T o return the int er fac e to the def ault c[...]

  • Page 459

    22-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty Configuring Po rt Security Y o u can use the port security fe ature to restrict inpu t to an interfac e by limitin g and identifyin g MA C addresses of the stations allowed to access t[...]

  • Page 460

    22-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port-Based Traffic Co ntro l Configuring Port Security Security Violations It is a security violatio n when o ne of the se situatio ns occur s: • The max imum number of secure M A C addresse s have been added to the add ress tab le, and a s[...]

  • Page 461

    22-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty Default Port Security Configuration T able 22-2 shows the defau lt port security conf iguration for an interface. Port Security Configuration Guidelines Foll ow these gui delines when [...]

  • Page 462

    22-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port-Based Traffic Co ntro l Configuring Port Security Enabling a nd Con figuring Port S ecurity Beginn ing in privi leged EXEC mode, follo w these steps to restrict input to an interface by lim iting and identify ing MA C addres ses of the [...]

  • Page 463

    22-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty T o retur n the in terfac e to the default conditi on as not a secur e port, u se the no switchport port-securi ty interf ace co nf igurati on com mand. If you enter this comman d whe[...]

  • Page 464

    22-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port-Based Traffic Co ntro l Configuring Port Security Enabling a nd Con figuring Port S ecurity Aging Y ou can us e po rt secur ity aging to set the a ging time fo r stati c and dyna mic secur e addr es ses on a port . T wo types of agi ng [...]

  • Page 465

    22-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port -B ased Tra ffic Control Displayin g Port-Bas ed Traff ic Contr ol Setti ngs This e xample sho ws how to set t he aging time as 2 minute s for the in acti vity ag ing type wit h aging enab led fo r th e configur ed sec ure a dd resses o[...]

  • Page 466

    22-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 22 Configuring Port-Based Traffic Co ntro l Displaying Port-Base d Traffic Cont rol Settings[...]

  • Page 467

    C HAPTER 23-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 23 Configuring UDLD This c hapt er d escri b es how to c onfigure the Un iDi rec tiona l Li n k De tect ion (UD LD) pr otoc ol o n y our Catalyst 2950 or Catalyst 2955 switch. Note For comple te syntax and us age inform ation for the co mmands used in this[...]

  • Page 468

    23-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 23 Co nfiguring UDLD Unders tan ding UDL D A unidirectio nal link occurs when ev er traf f ic sent by a local de vice is re cei ved b y its neighbor b ut traf fic from the neighb or is not recei v ed by the loca l devi ce. In norm al mode, UDL D detects a u[...]

  • Page 469

    23-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 23 Configuring UD LD Understand ing UDLD • Ev ent-dr iv en det ection and echo ing UDLD re lies on echo ing as its detec tion m echanism . Whene v er a UDLD d ev ice le arns ab out a n ew neighb or or receives a resynchro nizati on request from an out-of-[...]

  • Page 470

    23-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 23 Co nfiguring UDLD Conf igu ring U DLD Configuring UDLD This se cti on de scri bes how to c onfigure UD LD o n your sw it ch. It con tai ns t his c on figurati on inform ation: • Default UD LD Configurati on, page 23-4 • Configuration Gu idelines, pag[...]

  • Page 471

    23-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 23 Configuring UD LD Configur ing UDLD Enabling UDL D Globally Beginn ing in pri vilege d EXEC mode, follo w these step s to enable UDLD in the aggressi v e or normal mode and to set the conf igurable message timer on all f iber -optic interf aces on the sw[...]

  • Page 472

    23-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 23 Co nfiguring UDLD Conf igu ring U DLD T o disable U DLD on a non- fiber-optic interface, use the no udld port interfa ce configur ation command. Note O n fi b e r- o p ti c i n t e r f a c e s , t h e no udld port command rev erts the int erface conf igu[...]

  • Page 473

    23-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 23 Configuring UD LD Displaying UDLD Status Displaying UDLD Status T o display the UDLD stat us for the s pecif ied i nterf ace or for all inter faces, use the show udld [ interface-id ] pri vileged EX EC comm and. For detailed in formation about the fie ld[...]

  • Page 474

    23-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 23 Co nfiguring UDLD Displa ying U DLD Statu s[...]

  • Page 475

    C HAPTER 24-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 24 Configuring CDP This c hapt er d escrib es how to configure Cisc o Discovery Pro toco l ( CDP ) on your C ataly st 2950 or Catalyst 2955 swi tch. Note For comple te syntax and us age inform ation for the co mmands used in this chapter , refer to the c o[...]

  • Page 476

    24-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 24 Co nfigu ri n g CDP Conf igu rin g CD P Configuring CDP These sec tions inclu de CDP con figuration info rmation a nd procedu res: • Default CDP Configurat ion, pa ge 24-2 • Conf igu ring the CD P Characteri stics, page 24- 2 • Dis ablin g an d En[...]

  • Page 477

    24-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 24 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This e xample sho ws ho w to conf igur e CDP character istics. Switch# configure terminal Switch(config)# cdp timer 50 Switch(config)# cdp holdtime 12[...]

  • Page 478

    24-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 24 Co nfigu ri n g CDP Conf igu rin g CD P Disabling an d Enab ling CDP on a n Interfac e CDP is enabled by def ault on all supported interf aces to send and recei ve CDP information. Beginn ing in pri vilege d EXEC mode, follo w these step s to disable CD[...]

  • Page 479

    24-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 24 Configuring CDP Monitoring and Maintaining CDP Monitoring and Maintaining CDP T o monito r a nd m aint ai n CD P on your device, p er form one or mor e of the se tasks, beginni n g in privileged EXEC mo de . Command Description clear cdp counters Reset t[...]

  • Page 480

    24-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapte r 24 Co nfigu ri n g CDP Monito rin g and Mai nt aining CDP[...]

  • Page 481

    C HAPTER 25-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 25 Configuring SPAN and RSPAN This chap ter des cribes ho w to conf igure Switc hed Port Analyzer (S P AN) an d Remot e SP AN (RSP AN) on your Catalyst 295 0 or Catalyst 2955 switch. Note For comple te syntax and us age inform ation for the co mmands used [...]

  • Page 482

    25-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Understan din g SPA N and RSPAN Figur e 25-1 Example SP AN Configur ation Only traffic that ent ers or le aves source port s c an be mon i tore d by us ing SP AN. RSP A N ext ends SP AN by enabl ing remot e m on itori ng of mu [...]

  • Page 483

    25-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts and te rminology associate d with SP AN and RSP AN configurat ion. SPAN Session A local SP AN session is an a ssociati[...]

  • Page 484

    25-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Understan din g SPA N and RSPAN Source Port A source port (als o called a monitor ed port ) i s a switched port that you monitor fo r network t raff ic analy sis. I n a single loc al SP AN sessi on or R SP AN sou rce se ssion, [...]

  • Page 485

    25-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN Reflector Port The r eflecto r por t is th e mech anism that copi es pac ket s onto an RSP AN VL AN. The reflect or po rt forwards onl y the t raffic from the RSP AN sourc e se ssion with whi ch i[...]

  • Page 486

    25-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Understan din g SPA N and RSPAN • VLAN Trunking Protoco l (VTP ) — Y ou can use VTP to pr une an RSP AN VLAN bet ween switch es. • VLAN an d trun king — Y ou can modi fy VLA N memb ership or trunk se ttings for source, [...]

  • Page 487

    25-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring SPAN Default SPAN and RSPAN Configuration T able 25-1 shows the de fault SP AN and R S P AN configuration . Configuring SPAN This sec tion d escribes h ow to configure SP AN on your switc h. It c ontains this config[...]

  • Page 488

    25-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring SPAN • When SP AN is enabl ed, conf iguration c hange s ha v e thes e result s: – If you change the VLAN confi guration of a destinati on port, the change is not ef f ectiv e until SP AN is disabled. – If you [...]

  • Page 489

    25-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring SPAN This example shows how to set up a SP A N session, session 1, for monit oring source port traffic to a destinati on port . Fi rst, any existing SP AN con figuratio n for se ssion 1 is c lea red, and the n bidir[...]

  • Page 490

    25-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring SPAN This exam ple sh ows how to configure th e de stin ati on po rt for i ngre ss tra ffic on VLAN 5 by u si ng a securi ty d evice tha t do es no t sup por t 80 2.1 Q e nc apsul ati on . Switch(config)# monitor s[...]

  • Page 491

    25-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring SPAN Removin g Ports from a SPAN Session Beginning in pr ivileged EXEC mode, fo llow these steps t o remove a por t as a SP AN source fo r a sessi on: T o remove a so urce or d es tinat ion por t f rom the SP AN se[...]

  • Page 492

    25-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN Configuring RSPAN This secti on descri bes how to configure RSP AN on your switch. It contain s this co nfiguration inform ation: • RSP A N C onfigurat ion G uide line s, page 25 -1 2 • Conf igurin g a VL[...]

  • Page 493

    25-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN Configuring a VLAN as an RSPAN VL AN First crea te a ne w VLAN to be the RSP AN VLAN for the RSP AN session. Y ou must create the RSP AN VLAN in all switches th at will participat e in RSP AN. If the RSP AN V[...]

  • Page 494

    25-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN This example shows ho w to clear any existing RSP AN configur ation for sessi on 1, configure RSP A N session 1 to monitor m ultiple source interfac es, and conf igur e the destina tion RSP AN VLAN and th e r[...]

  • Page 495

    25-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN Creating an R SPAN Des tination Sess ion Beginning i n privileged EX EC m ode, fo llow thes e step s to cr eate a n RSP AN d estinat ion sess ion a nd to specify th e source RSP AN VL AN and the de stinati on[...]

  • Page 496

    25-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN Removin g Ports from an RS PAN Sess ion Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to remov e a port as an RSP AN source for a session: This exam ple sh ows how to remove port 1 as an RSP AN s[...]

  • Page 497

    25-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Displa ying SPAN an d RSPAN St atus Displaying SPAN and RSPAN Status T o disp lay the st atus of th e curren t SP AN or RSP AN configuratio n, use th e show monitor privileged EXEC co mmand. This i s a n exam ple of out put fo[...]

  • Page 498

    25-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 25 Configuring SPAN and RSPAN Display ing SPAN and RSPAN Stat us[...]

  • Page 499

    C HAPTER 26-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 26 Configuring RMON This c hapt er d escri bes how to c onfigure Re mo te N etwork Mo nito ring ( RMON ) on yo ur Cat alyst 295 0 or Catalyst 2955 switch. RMON is a standard monitoring spec ificatio n that defin es a set of statistics and function s t hat [...]

  • Page 500

    26-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 26 Co n figuring RM ON Conf igu ring R MON Figur e 26-1 Remot e Monit or i ng Example The switc h supports t hese RM ON groups (defined in RFC 1757) : • Statistics (RMON grou p 1) — Collec ts Ether net, F a st Ethernet, an d Gig abit Eth er net statisti[...]

  • Page 501

    26-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 26 Configuring RMON Configuring RMON Default RMON Configuration RMON is disa bled by default ; no alarms or events are configured . Only RMON 1 is supp orted on the switch. Configuring R MON Alarms a nd Events Y ou can co nfigure you r s wit ch f or RMO N b[...]

  • Page 502

    26-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 26 Co n figuring RM ON Conf igu ring R MON T o di sable an al arm, use th e no rmo n alar m num ber global con figura t ion com mand on e ach al arm you configured . Y o u ca nno t disa ble a t on ce al l the a la rms t hat yo u con figured. T o disa ble an[...]

  • Page 503

    26-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 26 Configuring RMON Configuring RMON Configuring RMON Collection on an Interface Y ou must first configure RM ON al arms an d events to di spla y co lle ctio n i nfor ma tion. Beginning i n privileged EX EC mode , follow th ese s teps t o col le ct gro up h[...]

  • Page 504

    26-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 26 Co n figuring RM ON Displa ying RM ON Sta tus T o disabl e the co llecti on of g roup Ethern et sta tistics , use the no rmon collection stats index inte rface configurati on comm a nd. Displaying RMON Status T o display the RMON stat us, use one or mo r[...]

  • Page 505

    C HAPTER 27-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 27 Configuring System Message Logg ing This chapt er descr ibes how to configure system messa ge logging on your Cataly st 29 50 or Cataly st 2955 switch. Note For comp lete syntax a nd usage i nformation f or the commands u sed in th is chapter , refer to[...]

  • Page 506

    27-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing Configuring Sy stem Me ssage Logging These sec ti ons de scr ibe how to c on figure s ystem m es sag e loggi n g: • System Log Me ssage Format, page 27-2 • Default Syste m Mes[...]

  • Page 507

    27-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Configuring Sys te m Message L ogging Config uring Syst em Message Logging This example shows a partial switch system message : 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/1,[...]

  • Page 508

    27-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing Disabling an d Enab ling Me ssage Lo gging Message logging is enab led by de fault. It must be enabled to send messages to any destination othe r than the conso le. Wh en ena ble [...]

  • Page 509

    27-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Configuring Sys te m Message L ogging Config uring Syst em Message Logging The logging buffered globa l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer . The buf fer is c irc ula r, so newer message s overwrite o lder m ess age[...]

  • Page 510

    27-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing Synchronizing Log M essages Y ou can co nfigure the syste m to synchro nize unso licited messages and debug privileged EXEC comman d outpu t with solic ited device outpu t and pro[...]

  • Page 511

    27-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Configuring Sys te m Message L ogging Config uring Syst em Message Logging T o disable syn chroniza t ion of unsoli c ited messa ge s and debug outpu t, use the no logging synchronous [ lev el sever ity-le vel | all ] [ limit number-of-buffers ] line con[...]

  • Page 512

    27-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing Enabling a nd Disab ling Seq uence Numb ers in Lo g Messa ges Becaus e th ere is a chan ce th at mo re than on e log me ssage can have the sam e time stam p, you ca n disp lay mes[...]

  • Page 513

    27-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Configuring Sys te m Message L ogging Config uring Syst em Message Logging Note Specif ying a level ca uses mes sages at th at le vel and nume rically l ow er le vels to appear at the des tination. T o disable l ogging t o the co nsole, use the no loggin[...]

  • Page 514

    27-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing Limiting Syslog Messages Sent to the History Table and to SNMP If you enable d syslog message traps to be sent to an SNMP network manage ment station by using the snmp-ser ver en[...]

  • Page 515

    27-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Configuring Sys te m Message L ogging Config uring Syst em Message Logging Configuring UNIX Syslog Servers The next sec tions desc ribe how to con figure the U NIX server sys log dae mon an d how to define the UN IX system logg ing facilit y . Logging M[...]

  • Page 516

    27-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing T o r emov e a syslog serv er, u se the no logging host global configurati on co mman d, and spe cify the syslog server IP address. T o disable logging to syslog servers, enter t[...]

  • Page 517

    27-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Configuring Sys te m Message L ogging Displaying the Logging Configuration Displaying the Log ging Configuration T o displ ay the logging configuration and t he con tents o f the l og buffer , use the show logging pri vile ge d EXEC co mmand. F or info [...]

  • Page 518

    27-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 27 Confi guring S ystem Message Logging Display ing the Log gi ng Configur ation[...]

  • Page 519

    C HAPTER 28-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 28 Configuring SNMP This chapt er describ es ho w to configure the Sim ple Network Mana gement Prot ocol (SNM P) on your Catalyst 2950 or Catalyst 2955 switch. Note For comp lete syntax and usag e informa tion for th e comman ds used i n this c hapter , re[...]

  • Page 520

    28-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNMP Unders tan ding SNMP • Using SNMP to Access MIB V ariables, page 28-4 • SNMP Notif ica tions, page 28-5 SNMP Versio ns This sof tware rel ease su ppor ts t hese SNM P version s: • SNMPv1 — The Simpl e N et work M anag eme nt Pr o[...]

  • Page 521

    28-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNM P Underst anding SN MP T able 28-1 identifie s the charac teristics of the dif feren t combinations of secur ity models and le v els. Y ou must co nfigure the SNMP a gent to use the SNM P version supp orted by the manage ment stat ion. Be[...]

  • Page 522

    28-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNMP Unders tan ding SNMP SNMP Agen t Fun ctions The SNMP a gent responds to SNMP manage r requests as follo ws: • Get a MIB v ariable — The SNM P ag en t be gins this functi on in response to a requ est fro m the NM S. The agent r etriev[...]

  • Page 523

    28-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNM P Configuring SNMP Figur e 28-1 SNMP Networ k For informati on on supporte d MIBs and how to access them, s ee Appe ndix A, “ Supported MIBs. ” SNMP Notifications SNMP allo ws the switch to send notif icatio ns to SN MP managers w hen[...]

  • Page 524

    28-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNMP Conf igu rin g SNMP Default SNMP Configuration T able 28-3 shows the de fault SNM P c onfiguratio n. SNMP Configuration Guidelines If the switch starts and the switch startup conf iguration has at least one snmp -s er ve r global conf ig[...]

  • Page 525

    28-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNM P Configuring SNMP • When co n f igur in g SNMP in fo rm s , yo u n eed t o co nf igure the SNMP en gi ne ID fo r th e rem o te ag en t in the SNMP da tabase bef ore you can send pro xy request s or inform s to it. • Changi ng t he v [...]

  • Page 526

    28-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNMP Conf igu rin g SNMP Beginning in privileged EXEC mod e, follow these step s to configur e a comm uni ty stri ng on the switch: Note T o disa ble acce ss f or an SNM P commu nity , set the co mmunit y str ing fo r that co mmuni ty to t he[...]

  • Page 527

    28-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNM P Configuring SNMP This example shows how to assign the string co macc es s to SNMP , to allo w read-only access, and to specify that IP acc ess list 4 can use the commun ity stri ng to gain acc ess to the switch SNMP agent: Switch(config[...]

  • Page 528

    28-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNMP Conf igu rin g SNMP Step 3 s nmp- server group g r oupname { v1 | v2c | v3 { auth | noauth | priv }} [ re ad re a d v i e w ] [ write writevi ew ] [ notify notifyvie w ] [ access access -list ] Configure a ne w SNMP gro up on the remote[...]

  • Page 529

    28-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNM P Configuring SNMP Configuring SNMP Notifications A trap manag er is a mana geme nt statio n that recei ves and pr ocesses tr aps. T r aps are sys tem alerts that the switc h gen erates wh en cert ain events occu r . By defaul t, no trap[...]

  • Page 530

    28-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNMP Conf igu rin g SNMP Some noti fication type s can not be c ontr olled wi th the sn mp-se rver ena ble globa l configurati on comm an d, for exampl e, tty a nd udp-port . Thes e no ti f ica tio n ty p es ar e a lw ay s en ab led. Y o u c[...]

  • Page 531

    28-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNM P Configuring SNMP Step 3 snmp-serv er user username gr oupname { remo te ho st [ udp-port port ]} { v1 [ access access- list ] | v2c [ acces s access-list ] | v3 [ encryp ted ] [ acces s access-list ] [ auth { md5 | sha } auth-pas swor [...]

  • Page 532

    28-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNMP Conf igu rin g SNMP The snmp-serv er host co mmand s pecif ies which ho sts rec eiv e th e noti fica tions. T he snmp-serv er enab le trap command global ly enable s the mech anism for the specif ied notif icatio n (for tra ps and infor[...]

  • Page 533

    28-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNM P Configuring SNMP SNMP Examp les This example shows ho w to enable all versions of SN MP . Th e configurati on permi ts any SNMP manager to access all objects with read-only permissions using the co mmunity string public . T his conf ig[...]

  • Page 534

    28-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 28 Configuring SNMP Displaying SNM P Status This exa mple shows ho w to send Entity MIB traps to the host cis co.com . The comm unity stri ng is restrict ed. The f irst line enables th e switch to se nd Entity MIB traps in add ition to an y traps p re viou[...]

  • Page 535

    C HAPTER 29-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 29 Configuring Network Security with ACLs This ch apter descri bes how to configure n etwork se curity o n a Cat alyst 2950 or Ca talyst 2 955 switc h by using access cont rol lists (A C Ls), which ar e also referr ed to in comm ands a nd tab les as access[...]

  • Page 536

    29-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Unders tandin g A CLs Understandin g ACLs Pack et f ilterin g can limit net work traff ic and restrict net work use b y certain users or de vices. A CLs can fi lter traf f ic a s it passes thr ough a switch a nd[...]

  • Page 537

    29-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Unde rsta ndi n g AC Ls Figur e 29-1 Using A CLs t o Contr ol T raff ic t o a Netw or k Handling Fragmented and Unfragmented Traffic IP packets can be fragment ed as they cross the ne twork. Whe n this happens, o[...]

  • Page 538

    29-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Unders tandin g A CLs • Packet A is a TCP pa cket fro m ho st 10. 2. 2.2, po rt 65000 , go ing to h ost 10.1. 1.1 on th e SMTP por t. If this packe t is fragmented, the firs t fragment matches the f irs t A CE[...]

  • Page 539

    29-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Unde rsta ndi n g AC Ls Ther e are t wo ty pe s o f m as ks: • User-define d mask — masks that are de fin ed by the user . • System- defin ed mask — th ese masks can be conf igure d on any interf ace: Swi[...]

  • Page 540

    29-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs • All A CEs i n an A CL must ha ve the same user -defined m ask. Ho weve r , A CEs can ha ve d ifferent rules that use th e same mask. On a giv en inter face, o nly one type of use r-def in[...]

  • Page 541

    29-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Configuring ACLs Unsupporte d Features The switc h does not supp ort these Ci sco IOS rout er A CL-rel ated feat ures: • Non -IP prot ocol A C Ls ( see T able 29-2 on pa ge 29 -8 ) • Bridge -group ACLs • IP[...]

  • Page 542

    29-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs ACL Numbers The numbe r you use to denote your A CL shows the type of access list th at you ar e cre ating. T abl e 29-2 lists t he acce ss l ist n umber and c orresp onding type a nd shows w[...]

  • Page 543

    29-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Configuring ACLs Creating a Numbered Standard ACL Note For info rmati on about cr eati ng A CLs to app ly to a manage ment in terface, refer to the “ Conf iguri ng IP Services ” section of the Cisco IOS IP an[...]

  • Page 544

    29-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs This exampl e shows ho w to creat e a standard ACL to deny access to IP host 171 .69.1 98.102, pe rmit access to an y others, and display the results. Switch (config)# access-list 2 deny hos[...]

  • Page 545

    29-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Configuring ACLs Note Th e switc h does not supp ort dyna mic or reflexive access lis ts. It al so does n ot suppor t filtering based on the min imize -mon eta ry-co st typ e of servic e (T oS ) bit. When crea t[...]

  • Page 546

    29-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs Beginn ing in pri vileg ed EXEC mode, follo w these st eps to create an exte nded A CL: Command Purp ose Step 1 confi gure terminal Ente r g lobal configu ratio n m ode. Step 2 access-list a[...]

  • Page 547

    29-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Configuring ACLs Use the no a ccess-lis t a ccess-list-number gl obal conf igurat ion command to dele te the entire access list. Y ou canno t de le te i n dividual ACEs from n umb er ed acc ess l ist s. This e x[...]

  • Page 548

    29-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs Beginn ing in pr iv ileged EXEC mode, f ollo w these steps to create a sta ndard named access list using names: Beginning in pr ivileged EXEC mode, follow these step s to crea te an extende [...]

  • Page 549

    29-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Configuring ACLs When ma king t he stan dar d an d extend ed A CL, reme m ber tha t, by defaul t, the e nd o f the ACL conta ins an implicit deny statement f or everything if it did no t find a match befor e rea[...]

  • Page 550

    29-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs T o rem ov e a conf igured time -range , use the no time -range time- range-name g loba l configu ratio n comm and. Repeat t he steps if you ha ve multiple items that you wan t operati onal [...]

  • Page 551

    29-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Configuring ACLs Switch# show access-lists Extended IP access list 188 deny tcp any any time-range new_year_day_2000 (inactive) deny tcp any any time-range thanskgiving_2000 (active) deny tcp any any time-range [...]

  • Page 552

    29-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Conf igu ring A CLs Creating N amed MAC Ex tended ACL s Y o u can f ilter Layer 2 traf fi c on a physic al Layer 2 interf ace b y using MA C addresses and named MA C extended ACLs. The p roce dure i s sim ila r[...]

  • Page 553

    29-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Applying ACLs to Terminal Lines or Physical Interfa ces Creating MAC Access Groups Beginning in privileged EXEC mo de, follow these steps t o create M A C access group s and to apply a MA C a ccess list to a n i[...]

  • Page 554

    29-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Applying ACLs to Ter m in al Lines or Phy sical Inter faces After y ou cr eate an ACL, you can ap ply it to one or more ma nagem ent int erface s or t ermin al lin es. ACLs can be app lied on inbound i nterface[...]

  • Page 555

    29-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Displaying ACL Information This e xample sho ws how to apply access list 2 on an interfa ce to f ilter packets en tering the interf ace: Switch(config)# interface gigabitethernet0/2 Router(config-if)# ip access-[...]

  • Page 556

    29-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Displa ying A CL Inf ormati on This example shows all standard and extended ACLs: Switch# show access-lists Standard IP access list 1 permit 172.20.10.10 Standard IP ACL 10 permit 12.12.12.12 Standard IP access[...]

  • Page 557

    29-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Examples for Compiling ACLs This exampl e shows ho w to view all access gro ups configured for an inte rface: Switch# show ip interface fastethernet0/9 FastEthernet0/9 is down, line protocol is down Inbound acce[...]

  • Page 558

    29-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Examples for Compi ling ACL s Figur e 29-2 Using S witc h A CLs t o Contr ol T raf fic This e xample u ses a standar d A CL to all ow ac cess to a speci f ic Internet h ost with the ad dress 172.2 0.128.64. Swi[...]

  • Page 559

    29-25 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Configuring Net work Securi t y with ACLs Examples for Compiling ACLs Numbered ACL Examples This example shows that the swi tch accept s addre sses on networ k 36.0.0.0 subnets and deni es all pac kets coming fro m 56.0.0.0 subne ts. The A CL is then ap[...]

  • Page 560

    29-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 29 Con figuring Ne two rk Sec urity with ACLs Examples for Compi ling ACL s In this ex ample o f a num bered A CL, the W inter and Smith work stations are not allo wed t o bro wse the web: Switch(config)# access-list 100 remark Do not allow Winter to brows[...]

  • Page 561

    C HAPTER 30-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 30 Configuring QoS This chapte r describes ho w to conf igure quality of service (QoS) b y using automatic- QoS (auto-QoS) comm ands or by using stan dard QoS com mands . W ith QoS, you ca n giv e prefer entia l treat ment to certai n types of traffi c at [...]

  • Page 562

    30-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Y ou can al so use these wiz ards to configure QoS only if your switch is ru nning the EI: • Priority data wizar d — L ets you assi gn priorit y lev els t o data applic ations based on thei r TCP or UDP ports[...]

  • Page 563

    30-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Under sta n din g Q oS • Prioritiza tion bits in Layer 3 pack ets Layer 3 IP pac kets can carr y a Differentiat ed Servi ces Code Poin t (DSCP) value. The suppo rted DSCP values a r e 0, 8, 1 0, 16, 1 8, 24 , 26, 3 2, 34, 40 , 46 , 48,[...]

  • Page 564

    30-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Basic QoS Model Figure 30-2 shows the b asic Qo S model. Actions at th e ingr ess int erfac e inc lude cl assifyi ng tra ff ic, policing, a nd ma rk ing: Note If you hav e the SI instal led on your sw itch, onl y[...]

  • Page 565

    30-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Under sta n din g Q oS Classification Note Th is fea ture is available o nly i f your sw itch i s r unn ing the EI . Classification is the proce ss of distingu ishing one kind of traffic from another by examinin g the fields in th e pa c[...]

  • Page 566

    30-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS • Configuration of a deny ac ti on is n ot su ppor ted in Q oS ACLs on the s wi tch. • System- def ined masks are allow ed in class ma ps with these re stri ctions: – A combinat ion of sy stem-def ined and [...]

  • Page 567

    30-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Under sta n din g Q oS A polic y map also has thes e charact eristics: • A pol icy ma p c an co nt ain mu l tiple c la ss sta t emen ts . • A separate polic y-map cla ss can e xist for each ty pe of tr af fic recei ved through an int[...]

  • Page 568

    30-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Mapping T ables Note Th is fea ture is available o nly i f your sw itch i s r unn ing the EI . During classification, QoS uses a configurable CoS-to-DSCP map to derive an internal DSCP value from the received CoS[...]

  • Page 569

    30-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Configuring Auto-QoS CoS co nfigures ea ch tran smi t port (t he egr ess port) wit h a normal -pri ority tra nsmit queu e and a high-pr iority tra nsmit que ue, depe nding on the fra me tag or the port info rmation. Fr a mes i n th e nor[...]

  • Page 570

    30-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Conf igu rin g Aut o-Q oS Y ou u se au to-QoS comm ands to iden tify p orts co nnecte d to Ci sco IP Phones and to devices runni ng the Cisco Sof tPhone application . Y ou also use the command s to identify po rts that recei v e tr[...]

  • Page 571

    30-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Configuring Auto-QoS When you en able the auto- QoS featu re on the f irst interf ace, th ese automa tic actions occur: • When y ou enter the auto qos voip cisco-phone interface con figuration co mman d on a port at the edge o f a ne [...]

  • Page 572

    30-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Conf igu rin g Aut o-Q oS If you e nte re d th e auto qos voip cisco-softphone com mand , the swit ch automati cally cr eates clas s maps an d polic y maps. Switch(config)# class-map match-all AutoQoS-VoIP-RTP-Trust Switch(config-c[...]

  • Page 573

    30-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Configuring Auto-QoS Effects of Auto-QoS on the Configuration When auto- QoS is en abled, th e aut o qo s v oip inter face configurat ion comm and and the gener ated configurati on are add ed to the ru nning configuratio n. The swi tch [...]

  • Page 574

    30-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Conf igu rin g Aut o-Q oS Upgrading from a Previous So ftware Re lease In Cisco IOS Rel ease 12 .2(20)EA 2, the implem entat ion for auto-Q oS chang ed fro m the p revious relea se. The gene rated aut o-QoS configura tion was chang[...]

  • Page 575

    30-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Displaying Auto-QoS Information T o disable auto-QoS on the switch a nd return to the defau lt port trust state set (u ntrusted), follo w these steps: 1. Use the no auto qos voip interf ace conf igurati on command on all in terface s on[...]

  • Page 576

    30-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Auto-QoS Con figuration Example Auto-QoS Configuratio n Example Note Th is example is applica ble only if your switc h is runnin g the EI. This se ction de scri bes how you coul d imple ment aut o-Q oS in a networ k, a s sh own in [...]

  • Page 577

    30-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Auto-QoS C onfigur ation Ex ample Note Y o u should no t configu re a ny standar d-Qo S c omma nds befor e e nter ing the aut o-Qo S com ma nds. Y ou can fine-t une t h e Qo S c on figuratio n, but w e r ecom me nd tha t yo u d o s o o [...]

  • Page 578

    30-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S Configuring St anda rd QoS Before configur ing standar d QoS, you must have a thoroug h unders tanding of t hese item s: • The type s of applica tions used and the traffic patterns on your ne twork. •[...]

  • Page 579

    30-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS Note In softw are r eleases earlie r than Cisco IOS Rele ase 12.1 (11)EA1, the s witch u ses th e CoS v a lue of incoming packet s w ithout m odify i ng the DSCP value. Y ou can c on figure this by e nabli ng p[...]

  • Page 580

    30-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S Configuring Classification Using Port Trust States This se ction de scri bes how to cla ssify inc omi ng t raffic by using por t tru st st ates : • Conf iguring the T rust Stat e on Ports within the QoS[...]

  • Page 581

    30-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS Figu re 30- 4 Port T rusted State s wit hin the Qo S Do mai n Beginn ing in pr iv ileged EXEC mode, follo w thes e steps to confi gure the port to tr ust the classif ication of the traf fic that it recei ves: 1[...]

  • Page 582

    30-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S T o return a port to its untrusted state, use the no mls qos t rust inte rface co n figurati on co mm and. For informatio n on ho w to change th e defa ult CoS v alue , see the “ Configurin g the CoS V [...]

  • Page 583

    30-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS Configuring the CoS Val ue for an Interface QoS assigns the CoS v al ue specif ied with the mls qos cos interfac e conf igu ration c ommand to unta gged frames re ceived on trusted and untrust ed port s. Beginn[...]

  • Page 584

    30-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S W ith the t rust ed se tt ing, you al so c an use th e trust ed bou ndary fe at ure t o pr event misuse o f a high-pr iority qu eue if a user bypasses the tel ephone a nd conne cts the PC di rectly to t h[...]

  • Page 585

    30-25 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS Y ou canno t enab le truste d boundary if auto-Q oS is alre ady en abled an d vice-ver sa. If auto -QoS is enab l ed an d a Cisco I P Phone i s ab sent on a port , the port doe s not t rust th e clas sification[...]

  • Page 586

    30-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S T o disab le pass-t hroug h m ode , use the no mls qos trust pass-through dscp interface co nfigur ation comm an d. If you ente r the mls qos cos ov erride and th e mls qos trust [ cos | dscp ] inter face[...]

  • Page 587

    30-27 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS Classifying Traffic by Using ACLs Y ou ca n classif y IP t raff ic by using I P standa rd or IP extended A CLs; you ca n classif y Layer 2 traffic by usin g Laye r 2 MA C A CLs. Beginn ing in pri vilege d EXEC [...]

  • Page 588

    30-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to create an IP ex tended A CL for IP traff ic: Command Purpose Step 1 configur e terminal Ent er g loba l c onfigurati on m ode . Step 2 a ccess[...]

  • Page 589

    30-29 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS For more information about crea ting IP exten ded A CLs, see the “ Guidelines for Applyi ng A CLs to Physica l Interfa ces ” section on page 29-5 . T o delete an A CL, use th e no access -list access-list-n[...]

  • Page 590

    30-30 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S This e xample sho ws ho w to cr eate a Lay er 2 MA C AC L with a per mit state ment. The s tatemen t allo ws traff ic from the host wi th MA C address 0001.0 000.00 01 to the host with MA C address 0002.0[...]

  • Page 591

    30-31 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS T o d elete an e xisting class map, u se the no class-map cl ass-map-nam e gl obal conf ig urat ion com man d. T o re move a ma tch cr ite rio n, use t h e no m atch { access-g roup acl-index | name acl-nam e |[...]

  • Page 592

    30-32 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S Beginning in privileged EX EC mode , follow these steps t o create a po licy map: Command Purpose Step 1 configur e terminal Ent er g loba l c onfigurati on m ode . Step 2 a ccess-list access-list- number[...]

  • Page 593

    30-33 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS T o delete an existing polic y map, use the no policy-map policy- map-n ame global configuration comm and. T o dele te an existi ng class ma p, use the no class class-map-name poli cy-map co nfigurati on comma [...]

  • Page 594

    30-34 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S This e xample sho ws ho w to create a polic y map and attach it to an ingress i nterface. I n the conf iguration, the I P standard A CL permits tr af fi c from net work 10.1.0.0. For traf f ic matc hing t[...]

  • Page 595

    30-35 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS Configuring the CoS-t o-DSCP Map Y o u use the C oS-to-DSCP map to map CoS v alues in inco ming pack ets to a DSCP va lue that QoS uses internall y to rep resent the priority o f the tr af fic . T able 30-7 sho[...]

  • Page 596

    30-36 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S Configuring the DSCP-to- CoS Map Y ou use the DSCP-to-Co S ma p to map DS CP values in incom ing pac kets to a Co S value, which is used to sele ct one of the fou r egress queues . The switc h supports th[...]

  • Page 597

    30-37 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Confi guring Standard QoS Configuring th e Egress Qu eues Note Th is feature is supported by both the SI and EI. This se ction de scribe s how to configure the egress que ues: • Conf igurin g CoS Pri ori ty Que ues, pa ge 30 -37 • C[...]

  • Page 598

    30-38 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Configur ing Standard Qo S Configuring WRR Prior ity Beginn ing in priv ileged EXE C mode, follo w these steps to conf igure the WRR priority: T o disable the WRR scheduling and enable the strict priority scheduling, use the no wrr[...]

  • Page 599

    30-39 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Displaying Standard QoS Information Displaying Standard QoS In formation T o display standard Q oS infor mati on, use on e or mo re of the privileged EXEC comm ands in Ta b l e 3 0 - 9 : Standard QoS Co nfigurat ion Examp les Note These[...]

  • Page 600

    30-40 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Standard Q oS Con figuration Examples Figur e 30-5 QoS Configur ation Ex ample Netw or k QoS Configuration for the Existing Wiring Closet Figure 30-5 shows an existing w iring close t with Cat alyst 2900 XL and 35 00 XL switches, f[...]

  • Page 601

    30-41 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 30 Configuring Qo S Stan dard QoS Co nfigur ation Ex amples For the Cataly st 2900 and 35 00 XL sw itches, C oS configures each transm it port (t he egress p ort) wi th a normal-pr iority t ran smit queue and a high- prio rity transm it que ue, depend ing [...]

  • Page 602

    30-42 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapt e r 30 Conf igur ing Q o S Standard Q oS Con figuration Examples Step 18 show cl ass-map v ideoclass show policy-map videopolicy show mls qos maps [ co s-d scp | dscp-cos ] V eri fy yo ur en tries . Step 19 copy running-config startup-conf ig (Optional) Sa v[...]

  • Page 603

    C HAPTER 31-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 31 Configuring EtherChannels This c hapt er d escri bes how to c onfigure E ther Cha nnel on t he L ayer 2 inter faces of a C ataly st 29 50 or Catalyst 295 5 switch. EtherCha nn el provide s faul t-toler an t high-sp ee d links bet we e n switche s , ro u[...]

  • Page 604

    31-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Conf iguri ng Ethe rChannel s Unders tan ding Ether Channels Figur e 31 -1 T ypical EtherChanne l Configur ation Each Et h erCha nne l ca n co ns is t of up to eigh t com pa tib ly configur ed Ethe rn et i nte rface s. A ll in te rface s in ea ch E ther [...]

  • Page 605

    31-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Configuring Eth erCh annels Understa nding Et herChann els Figur e 31 -2 Relationship of P h ysical P orts, Lo gical P ort Channe ls, and Chann el Gr oups When a port joins an Ethe rChanne l, the physic al inter face for that port is shut down. When the [...]

  • Page 606

    31-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Conf iguri ng Ethe rChannel s Unders tan ding Ether Channels PAgP and LACP Modes T able 31-1 shows th e use r-configurab le Ethe rC hanne l m ode s fo r t he channel-group interf ace conf iguration com mand. Switch interf aces exc hange P AgP packets onl[...]

  • Page 607

    31-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Configuring Eth erCh annels Understa nding Et herChann els Note An Et herc hanne l c anno t be c on figured in b oth t h e P AgP an d LACP modes. Exchanging LA CP Packets Both the acti v e and passive LA CP modes allo w interface s to negotiate wit h par[...]

  • Page 608

    31-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Conf iguri ng Ethe rChannel s Unders tan ding Ether Channels PAgP and LACP Interaction wi th Other Features The Dyna mic Trunking Protocol (DT P) and Cisco Discovery Protocol (CD P) send and re ceive packets over the physical interfac es in t he E therCh[...]

  • Page 609

    31-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Configuring Eth erCh annels Config uring Et herChann els Figur e 31 -3 Load Distr ibuti on and F orwa rdin g Methods Configuring Eth erChannels These sec tions descr ibe how to configure Ethe rChanne l interfac es: • Default Eth erCha nnel Configurat i[...]

  • Page 610

    31-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Conf iguri ng Ethe rChannel s Configur ing Eth erChann els Default EtherCh annel Configura tion T able 31-2 shows th e de fault Et herCh ann el co nfigurati on . EtherChann el Configuratio n Guidelin es If improperly co nf igured, some EtherCh annel inte[...]

  • Page 611

    31-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Configuring Eth erCh annels Config uring Et herChann els • An Ethe rCh anne l sup por ts the sa me al lowed ran ge of V LA Ns on a ll the inte rface s i n a t runki ng Layer 2 Ethe rChanne l. When co nfiguring an int erface for P AgP , if the allowed r[...]

  • Page 612

    31-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Conf iguri ng Ethe rChannel s Configur ing Eth erChann els Step 3 channel-gr oup c hannel-group-number mode {{ auto [ non- silent ] | des irable [ non- silent ] | on } | { active | passive }} Assign the i nterface to a c hannel grou p, and speci fy the [...]

  • Page 613

    31-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Configuring Eth erCh annels Config uring Et herChann els T o remove an inte rface from the Eth erCha nnel gro up, us e the no channel-group interface configura tion comm and. If you del ete th e Ethe rCha nnel by u sing the no interface port-channel glo[...]

  • Page 614

    31-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Conf iguri ng Ethe rChannel s Configur ing Eth erChann els T o ret urn Ethe rChannel lo ad balanc ing to the defa ult conf iguratio n, use th e no port-channel load-balanc e global con figurati on comm and. Configuring the PAgP Learn Method and Priority[...]

  • Page 615

    31-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Configuring Eth erCh annels Config uring Et herChann els Configuring Hot Standby Ports When enabled , LA CP tries to co nfig ure the maximum number of LA CP- compatible port s in a channel, up to a m ax imu m of 1 6 po r ts . O nly e i gh t L A CP links[...]

  • Page 616

    31-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 31 Conf iguri ng Ethe rChannel s Displaying Eth erChannel, PA gP, and LACP Status Displaying EtherCh annel, PAgP, a nd LACP Status Y ou can use the privileged EXEC comma nds describ ed in T able 3 1-3 to displa y EtherC hannel, P AgP , and LACP status in f[...]

  • Page 617

    C HAPTER 32-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 32 Troubleshooting This ch ap ter descr ibe s how to i dent ify and re solve Ca ta lyst 295 0 a nd Cat alyst 2 955 sof tware p rob lem s relate d to the C isco IO S softwa re. D epen ding on the n atur e of t he p rob lem , you can us e the command-lin e i[...]

  • Page 618

    32-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Using Re covery Procedu res Recovering from Corru pted Softw are Switch software can be cor ru pted du ring an up grade , by downloadin g the wr ong file to the swi tch, and by d eleting the im age f ile. In all o f these case s, the swi[...]

  • Page 619

    32-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Using Recover y Proce dures Step 4 Press the Mode button, and at th e same time, reconnect the pow er cord to the switch. Y o u can r elease the Mo de b utton a seco nd or two after the LED above port 1X turns off. Sev eral lines of inf[...]

  • Page 620

    32-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Using Re covery Procedu res Step 15 Change the password: switch(config)# enable secret < password > or switch(config)# enable password < password > Step 16 Return to pri vile ged EXEC mode: switch(config)# exit switch# Step 1[...]

  • Page 621

    32-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Using Recover y Proce dures • If you see a messag e that begins wit h this: The password-recovery mechanism has been triggered, but is currently disabled. go to the “ Procedure wit h Password Recov ery Disabled ” sect ion on pa ge[...]

  • Page 622

    32-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Using Re covery Procedu res Step 9 Copy the configuration file into memor y: Switch# copy flash: config.text system: running-config Source filename [config.text]? Destination filename [running-config]? Press Return in response to the con[...]

  • Page 623

    32-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Using Recover y Proce dures • If you ent e r n (n o), the n orm al bo ot proce ss cont inu es as if th e Mode button had not bee n pr essed; you ca nnot ac cess the b oot lo ad er pr ompt , and y ou c annot ent er a new password. Y ou[...]

  • Page 624

    32-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Using Re covery Procedu res Note Th is proced ure is likely to leav e your swit ch VLAN in terface in a shutdown stat e. Y ou can see which interf ace is in this state b y enter ing the sho w running-config p ri vil eged EXEC comman d. T[...]

  • Page 625

    32-9 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Using Recover y Proce dures Step 4 When the bo ot loa der pr omp ts yo u, ent er th e bre ak key . This e xampl e sho ws the me ssages that appear on the conso le after the user enters a br eak ke y : The system has been interrupted pri[...]

  • Page 626

    32-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Using Re covery Procedu res Step 14 Enter global co nfigurati on mode: switch# configure terminal Step 15 Change the password: switch(config)# enable secret < password > or switch(config)# enable password < password > Step 1[...]

  • Page 627

    32-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Using Recover y Proce dures Replacing a Failed Command Switch with a Cluster Member T o rep lace a faile d comm and switc h with a comman d-capab le memb er in the s ame clu ster , follo w these steps: Step 1 Disco nnect the command sw[...]

  • Page 628

    32-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Using Re covery Procedu res Step 10 Ente r Y at the f irst prompt . The prom pts in the se tup pro gram vary dependi ng on the m embe r switch yo u selecte d to be th e comma nd switch: Continue with configuration dialog? [yes/no]: y or[...]

  • Page 629

    32-13 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Using Recover y Proce dures Step 5 Use the setup pro gram to configure the sw itch IP info rmati on. This pr ogr am p rom pts you fo r IP a dd ress i nfor ma tion and p asswords. From pr ivileged EXE C m ode , ent er setup , a nd press[...]

  • Page 630

    32-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Preventing Autone gotiati on M ismatche s Recove ring fro m L ost Memb er Co nnec tivi ty Some conf igur ations can pre v ent the c ommand switc h from maintai ning contact wi th member switc hes. If you are unable to maintain manag eme[...]

  • Page 631

    32-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Diagnosing Connectivit y Problems After inserting a Cisco-approve d GBIC or SFP module, use the errdisable r ecov ery caus e gbic-in v alid global configurati on comma nd to verify the por t status, a nd ent er a tim e interval for rec[...]

  • Page 632

    32-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Diagno sing Connec tivity Prob lems Note Th oug h o ther p roto col keywords ar e available wi th t h e ping comma nd, they are not supp orted i n this release. This exam ple sh ows how to ping an I P host : Switch# ping 172.20.52.3 Typ[...]

  • Page 633

    32-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Diagnosing Connectivit y Problems Usage Guidelines These a re the Layer 2 trac eroute usag e guideli nes: • Cisco Discovery Protocol (CDP) must be enabled on a ll the devices in the ne twork. For Layer 2 tracero ute to fun ction al p[...]

  • Page 634

    32-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Diagno si ng LRE Con nection Prob lems Displaying the Physical Path Y ou ca n disp la y physi cal p ath that a p acket takes fr om a s our ce device to a dest inat ion device by usi ng one of the se privileged EXEC c omman ds: • trace[...]

  • Page 635

    32-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Using Debug C ommands Using Debug Commands This se cti on expl ain s h ow you use th e debug co mmand s to dia gnose an d res olv e intern etw ork ing proble ms. I t co nt ain s thi s info rmat ion: • Enab ling D e bugging o n a Spe [...]

  • Page 636

    32-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Using D ebug Command s Cautio n Beca use de bu gging output is assi gned hi gh pri orit y in the CP U proces s, it can render the sys tem unusab le. For th is re ason, use de bug com mands only to troublesh oot specific proble ms or dur[...]

  • Page 637

    32-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Using Debug C ommands The no debug al l privileged EXEC comm and di sables all diagnost ic output . Using t he no debug all comm and is a convenient way to ensure th at you have not accide ntally l eft any debug co mmand s enab led. Re[...]

  • Page 638

    32-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Using the s how co ntrol ler s Comm and s For more information about auto-Q oS, see the “ Configur ing Auto-QoS ” section on pa ge 3 0-9 . This e xamp le sho ws ho w to d isplay t he QoS com mands that are aut omaticall y gene rated[...]

  • Page 639

    32-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Troublesho oti ng Usin g th e cr a shi n fo Fi le Using the crashinfo File This fea ture is av ailable if your switch i s running Cisco IO S Relea se 12. 1(11)EA 1 or later . The crashinfo f ile sav es informa tion that helps Cisco technical suppor t re[...]

  • Page 640

    32-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Chapter 32 Trouble shooting Using t he c rashinfo File[...]

  • Page 641

    A- 1 Catalyst 2950 and Catalyst 2955 Switch Software Conf iguration Gui de 78-11380-10 APPEND IX A Supported MIBs This a ppend ix li sts t he supp ort ed MI Bs for t his re leas e. I t c onta ins th ese sec tions: • MIB List, pa ge A-1 • Usin g F TP to Acce ss th e MIB File s, pa ge A-3 MIB List Note Th e Catalyst 295 5 switch suppo rts the ENT[...]

  • Page 642

    A- 2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendi x A Supported MI Bs MIB Li st • CISCO- P A E-MI B • CISC O- P A GP-MI B • CISCO-PING-MIB • CISCO-POR T -SECURITY -MIB • CISCO-PR OCESS-MIB • CISCO-PR ODUCTS-MIB • CISCO-R TTMON-M IB (subsystems supp orted: sub_rtt_rm on and sub_rt t_rmonli b) [...]

  • Page 643

    A-3 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix A Support ed M IBs Using FTP to Access the MIB Files Note The IF-MIB and the CI SCO- IETF-VDS L-LINE -MIB ar e suppor ted as rea d-only MIBs fo r the Fa st Ethern et in terf aces o n the C PE de vices. Using FTP to Access the MIB Files Y ou can obta in e[...]

  • Page 644

    A- 4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendi x A Supported MI Bs Using FTP t o Acces s the MIB Fi le s[...]

  • Page 645

    B-1 Catalyst 2950 and Catalyst 2955 Switch Software Conf iguration Gui de 78-11380-10 APPEND IX B Working with the Cisco IOS File System, Configuration Files, an d Software Images This a ppend ix desc ribe s how to manip ul ate t he Cata lyst 2950 o r 2 955 f lash file system , how to c opy configurati on files, and how to a rchive (upload a nd dow[...]

  • Page 646

    B-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w it h t he F lash File Sy st em Displaying Available File Systems T o display the av ailabl e file syst ems o n your swit ch, use the show file systems pri vi l[...]

  • Page 647

    B-3 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges W o rking with the Flash File System Setting the Default File System Y o u can specify the f ile sy stem or d irectory th at the system use s as the def ault f il[...]

  • Page 648

    B-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w it h t he F lash File Sy st em T o display info rmation about f iles on a fil e system, use one of the pri vile ged EXEC comma nds in Ta b l e B - 2 : Changing[...]

  • Page 649

    B-5 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges W o rking with the Flash File System Use t h e /recursi ve keyword to delet e the n am ed dire ctory and al l subdir ec torie s a nd t he files contai ned in it. [...]

  • Page 650

    B-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w it h t he F lash File Sy st em Use the /rec ursiv e keyword for deleting a director y and all subdire ctori es and the files contai ned in it. Use the /f or ce[...]

  • Page 651

    B-7 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges W o rking with the Flash File System Displaying the Contents of a tar File T o display the co ntents of a tar f ile on the screen, use this privile ged EXEC comma[...]

  • Page 652

    B-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files This e xample sho ws ho w to extra ct the conten ts of a tar f ile loc ated on the TFTP serv er at 172. 20.10.30. This command extract[...]

  • Page 653

    B-9 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Configuration Files This section includes this informa tion: • Guidel ines for Cre ating and Usi ng Configuratio n Files, page B-9 • Configuratio[...]

  • Page 654

    B-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files Configuration File Types and Location Startup co nfiguration files are use d during syst em startup to configure the sof tware. Runni[...]

  • Page 655

    B-11 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Configuration Files Preparing to Download or Uploa d a Configuration File By Using TFTP Before yo u begin downloading or uplo ading a co nfiguration[...]

  • Page 656

    B-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files This ex amp le sho ws ho w to config ure the sof twar e from the f ile tokyo-conf g a t IP a ddress 172. 16.2.155: Switch# copy tftp:[...]

  • Page 657

    B-13 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Configuration Files The user name and pass word must be asso ciat ed with an acco unt on the FTP server . If you are writ ing to the serv er , the F[...]

  • Page 658

    B-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files This exam ple shows how to copy a c onfigurati on file named host 1-confg from the ne tadm in1 directory on the remo te ser ver wi th[...]

  • Page 659

    B-15 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Configuration Files This exam ple shows how to copy t he run ni ng co nfigura tion file name d swi tch2-confg to the netadmin1 directo ry on t he r [...]

  • Page 660

    B-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files The RC P requires a client t o send a re mote user name with each RCP requ est to a ser ver . Whe n you copy a conf iguratio n file f[...]

  • Page 661

    B-17 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Configuration Files Downloading a Configura tion File By Using RCP Beginning in privileged EXEC mode , follow these steps to download a configuratio[...]

  • Page 662

    B-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files Uploading a Configuration File By Using RCP Beginn ing in pr iv ileged EXEC mode, f ollo w these steps to upload a c onfigu ration f [...]

  • Page 663

    B-19 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Software Image s Clearing Con figuration Informatio n Y ou ca n clea r the configurati on inf ormati on fr om the startup configurat ion. I f you re[...]

  • Page 664

    B-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images Note For a li st of softw are images and the supported upg rade paths, r efer to the release n otes. Image Loca tion on the Sw itch The s[...]

  • Page 665

    B-21 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Software Image s Copying Imag e Files By Us ing TF TP Y o u can d o wnload a switch imag e from a TFTP ser ver or uploa d the ima ge from th e switc[...]

  • Page 666

    B-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images • For download op erati ons , ensu re that the pe rmis sion s on the file ar e set co rrec tly . The per missi on on the file should be[...]

  • Page 667

    B-23 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Software Image s The download a lgor ithm verifies tha t t he i m age i s a pp ropri ate f or the swi tch m odel and t hat enou gh DRAM is present, [...]

  • Page 668

    B-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images The ar chive upl o ad-sw pri vileged EXEC command b uilds an image f ile on the serv er by uploadin g these fi les in order: info , the C[...]

  • Page 669

    B-25 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Software Image s If the ser ver has a dir ectory structur e, the im age f ile is written to or copied fr om the dir ectory asso ciated with the user[...]

  • Page 670

    B-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images The do wnload algori thm veri fies that th e image is appropriate for the switch model and that enough DRAM is present, or it stops th e [...]

  • Page 671

    B-27 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Software Image s The alg orithm instal ls the downloaded image ont o the system boa rd flas h device (flash:). The imag e is placed into a ne w di r[...]

  • Page 672

    B-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images The archiv e upload-sw command bu ilds an image f ile on the serve r by uploading these files in order: info, the Cisco IOS imag e, the H[...]

  • Page 673

    B-29 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Software Image s Before yo u begin dow nload ing or upload ing an image file b y using RCP , do these tasks: • Ensure that the wor kstat ion actin[...]

  • Page 674

    B-30 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images The do wnload algori thm veri fies that th e image is appropriate for the switch model and that enough DRAM is present, or it stops th e [...]

  • Page 675

    B-31 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Append ix B Workin g with the Cisco I OS File Syst em, Confi gura tion Files , a nd Sof tware Ima ges Working with Software Image s The alg orithm instal ls the downloaded image ont o the system boa rd flas h device (flash:). The imag e is placed in a ne w direct[...]

  • Page 676

    B-32 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images The ar chive upl o ad-sw pri vileged EXEC command b uilds an image f ile on the serv er by uploadin g these fi les in order: info, the Ci[...]

  • Page 677

    IN-1 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 INDEX Numerics 802.1 D See STP 802.1 Q and trunk ports 11-2 config urati on limitat ions 17-16 enca psul ation 17-15 nati ve VL AN fo r un tagge d tr affic 17-21 802.1 s See MSTP 802.1 w See RSTP 802.1 x See port -based auth entication 802.3 z flow con trol 11-13[...]

  • Page 678

    Index IN-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 ACLs ( continue d) config urati on guidelin es manage ment inter faces, a pplying to 29-6 physica l interf aces, ap plying t o 29-5 defined 29-2 displaying i nterfac e 29-23 exam ple s of 29-23 exten ded I P configuring for QoS classi fication 30-28 crea ting[...]

  • Page 679

    Inde x IN-3 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 ARP table address resolution 8-28 managing 8-28 asymmetric d igital subs criber line See ADSL attribute s, RADIUS vendor-p ropri etary 9-30 vendor-s peci fic 9-29 audie nce xxix authenti cation local mo de with AAA 9-32 NTP associations 8-4 RADIUS key 9-21[...]

  • Page 680

    Index IN-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 BPDU erro r-dis abled s tate 16-2 filtering 16-3 RSTP form at 15-9 BPDU filtering describe d 16-3 enab lin g 16-15 support fo r 1-5 BPDU guard describe d 16-2 enab lin g 16-14 support fo r 1-5 broa dcas t stor m cont rol config uring 22-2 disabling 22-4 brows[...]

  • Page 681

    Inde x IN-5 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 CDP (conti nued) transmission timer and holdtime, setting 24-2 update s 24-2 Cisco 575- LRE CP E 1-7 Cisco Access Analog Tru nk Gateway 1-19 Cisc o C all Man age r sof t wa re 1-14, 1-19 Cisco Disc overy Pr otocol See CDP Cisco Int ellige nce E ngine 2 100[...]

  • Page 682

    Index IN-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 clusters , switc h (continue d) See als o candidat e switch , com mand switch , cluste r standby gr oup, me mb er sw it ch, and sta ndb y comm an d sw it ch cluste r standby group automatic r ecovery 7-14 conside rations 7-12 crea ting 7-21 defined 7-2 requir[...]

  • Page 683

    Inde x IN-7 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 config urati on files clearin g the startup co nfigura tion B-19 creating using a text editor B-1 0 default n ame 5-12 deleting a stor ed conf igur ati on B-19 describe d B-8 dow nloa ding automatically 5- 12 prep aring B-11, B-13, B-16 reasons for B-8 usi[...]

  • Page 684

    Index IN-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 cross-stack UplinkFast, STP conn ecting s tack por ts 16-8 describe d 16-5 enab lin g 16-17 fast-c onver gence ev en ts 16-7 Fast Uplink Tr ansition Protocol 16-6 limitation s 16-7 normal -conver genc e even ts 16-7 Stack Memb ershi p Discov ery Protocol 16-6[...]

  • Page 685

    Inde x IN-9 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 DHCP-b ased autoc onfig urati on (contin ued) describe d 1-3 exam ple 5-9 lease opti ons for IP address infor matio n 5-5 for rec eivi ng the conf igur ati on fi le 5-6 overvi ew 5-3 relationship to BOOTP 5-4 DHCP bind i ng da tabase See DHCP snooping bind[...]

  • Page 686

    Index IN- 10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 DSCP 1-6, 30-3 DSCP-to-CoS ma p for QoS 30-36 DTP 1-5, 17-15 duplex mo de config uring 11-10 config uring , LRE 13-11 CPE Et hernet lin k 13-11 dynami c access po rts char act eris tics 17-3 config uring 17-28 defined 11-2 dynami c addresse s See ad dresses[...]

  • Page 687

    Inde x IN- 11 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 ETSI 1-7 European T elecommunicatio n Standard s Institute See ETSI even ts, R MON 26-3 exam ples convent ion s for xx x network c onfigurat ion 1-10 expedi te queue, Q oS 30-9 expert m ode 4-6 Express Setup 1-2, 4-11 See also h ardware installa tion gui[...]

  • Page 688

    Index IN- 12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 G GBICs 1000BASE -L X/LH modul e 1-11 1000BASE -SX m odu le 1-11 1000BASE -ZX modul e 1-11 Giga Stac k modul e 1-11 securit y and identification 32-14 get-bulk -requ est operati on 28-3 get-next -r eque st op er ati on 28-3, 28-4 get-requ est opera tion 28-[...]

  • Page 689

    Inde x IN- 13 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 IGMP f ilt eri ng config uring 21-22 default conf igur ati on 21-22 describe d 21-21 monitoring 21- 27 IGMP gr oup s configurin g the throttling action 21-25 setting the maximum number 21-25 IGMP pr of ile applyi ng 21-24 config urati on mode 21-22 confi[...]

  • Page 690

    Index IN- 14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 IP ACLs (c ontinu ed) manage ment inter faces, a pplying to 29-19 named 29-13 physica l interf aces, ap plying t o 29-20 stand ard, creat ing 29-9 undef ined 29-19, 29-21 virtual ter minal lines, setting on 29-20 IP addresses candi dat e o r me mb er 7-4, 7[...]

  • Page 691

    Inde x IN- 15 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 loop gu ar d describe d 16-12 enab lin g 16-19 support fo r 1-5 LRE en vironm ent guideline s 13-9 troublesh ooting 32-18 LRE i nterleav e delay 13-20 LRE li nk monitor 13-20 persistence 13-19 LRE li nks See LRE ports LRE mes sage logg ing 13-8 LRE por t[...]

  • Page 692

    Index IN- 16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 MAC addresses (continu ed) static adding 8-26 allowing 8- 28 char acte rist ics of 8-26 droppin g 8-27 removi ng 8-26 sticky se cure , adding 22-7 MAC address mult icast entrie s, monitoring 21-13 MAC addr ess-to-VL AN mapp ing 17-25 MAC ex tended access li[...]

  • Page 693

    Inde x IN- 17 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 monito ring ( cont inue d) network traf fic for analysis with probe 25-1 port protection 22-13 port pr otecti on 22-13 speed a nd du pl ex mode 11-12 traffic fl owi ng am ong sw itch es 26-1 traffic suppr es sion 22-13 VLANs 17-14 VMPS 17-30 VTP 18-16 MS[...]

  • Page 694

    Index IN- 18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 MSTP (c onti nued) root gu ar d describe d 16-11 enab lin g 16-19 root switch config uring 15-15 effec ts of extended syst em ID 15-14 unexpec ted b ehavio r 15-15 shutdown Po rt Fa st-e nable d port 16-2 multicas t groups and IGMP sno oping 21-6 Immedi ate[...]

  • Page 695

    Inde x IN- 19 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 NTP (continu ed) restr icting acc ess creatin g an access g roup 8-9 disabling NT P services pe r interfac e 8-10 source IP add ress, config uring 8-10 stratum 8-2 synchroniz ing devic es 8-6 time services 8-2 synchroniz ing 8-2 O out-of- profile ma rkdo[...]

  • Page 696

    Index IN- 20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 port-base d aut h entic ation ( cont inue d) config uring 802.1x auth entication 10-11, 10-19 guest VLAN 10-18 host mode 10-17 manual re-aut hentica tion of a clie nt 10-15 period ic re-authe nticat ion 10-14 quiet pe rio d 10-15 RADIUS server 10-14 RADIUS [...]

  • Page 697

    Inde x IN- 21 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 port security agi ng 22-12 config uring 22-10 default conf igur ati on 22-9 describe d 22-7 displaying 22-13 sticky l ear ning 22-7 violatio ns 22-8 with ot her fea ture s 22-9 port-shut down respon se, VMPS 17-25 POTS split ters homolog ated 1-16 nonhom[...]

  • Page 698

    Index IN- 22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 QoS, au to-QoS (conti nued ) egress queue def aults 30-10 ena bling for VoIP 30-14 exam ple, co nfigu rat ion 30-16 generat ed c omm ands 30-11 basic mo del 30-4 classification class maps, de scribed 30-6 defined 30-4 in fram es and pa ckets 30-3 IP ACLs, d[...]

  • Page 699

    Inde x IN- 23 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 QoS (conti nued) trusted bou ndary 30-23 trust sta tes 30-5 underst anding 30-2 qualifica tion, link 13-16 quality of service See QoS queries , IGMP 21-3 R RADIUS attributes vendor-p ropri etary 9-30 vendor-s peci fic 9-29 config uring accoun ting 9-28 a[...]

  • Page 700

    Index IN- 24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Remote C opy Pro toco l See RCP remote mon itori ng see RMON Remote Networ k Monitoring See RMON report su ppr ession , IGM P describe d 21-5 disabling 21-11 resettin g a UDLD-shutdown inter face 23-6 restr icting acc ess NTP serv ices 8-8 overvi ew 9-1 pas[...]

  • Page 701

    Inde x IN- 25 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 RSTP (contin ued) rapid co nverg ence describe d 15-7 edge po rts an d Po rt Fa st 15-7 point-to-poin t links 15-7, 15-22 root po rts 15-7 root po rt, de fine d 15-6 See also MST P running c onfi gurat ion, s avin g 5-11 S SC (standby c omma nd switch) 7[...]

  • Page 702

    Index IN- 26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 SNM P (co ntin ued) groups 28-9 in clusters 7-15 informs and tr ap keyw ord 28-11 describe d 28-5 differ ence s fro m trap s 28-5 enab lin g 28-14 limiting access by T FTP servers 28-14 limiting system log messages to NMS 27-10 manage r function s 28-3 mana[...]

  • Page 703

    Inde x IN- 27 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 Stack Memb ershi p Discov ery Protocol 16-6 Standby Com mand Config urati on window 7-22 standby comm a nd sw itch config uring 7-21 conside rations 7-12 defined 7-2 priority 7-11 requir ements 7-3 virtual IP add re ss 7-12 See also c lust er sta ndb y g[...]

  • Page 704

    Index IN- 28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 STP (continued) designat ed po rt, de fine d 14-3 designated swi tch, defi ned 14-3 detectin g indirec t link failu res 16-9 disabling 14-14 displaying sta tus 14-24 EtherC hanne l g ua rd describe d 16-11 enab lin g 16-18 exten ded s y st em I D affec ts o[...]

  • Page 705

    Inde x IN- 29 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 syslog expo rt and LR E logging 13-8 describe d 13-8 disabling 13-23 enab lin g 13-22 system clock config uring daylight sav ing time 8-14 manually 8-12 summ er t ime 8-14 time z ones 8-13 displaying the tim e and date 8-12 overvi ew 8-1 See also NT P sy[...]

  • Page 706

    Index IN- 30 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 TFTP config urati on files dow nloa ding B-11 prep aring the server B-11 uploadin g B-12 config uration fi les in base dire ctory 5-6 config uri ng for au t oconf ig urat ion 5-6 image fi les deleting B-23 dow nloa ding B-22 prep aring the server B-21 uploa[...]

  • Page 707

    Inde x IN- 31 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 U UDLD default conf igur ati on 23-4 echoi ng detect ion mech anism 23-3 enab lin g globall y 23-5 per inter face 23-5 link- detect ion mech anism 23-1 neighbor da tabase 23-2 overvi ew 23-1 resettin g an interface 23-6 status, displaying 23-7 unautho ri[...]

  • Page 708

    Index IN- 32 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 VLAN database and st artup conf igurat ion fil e 17-7 and VT P 18-1 VLAN c onfi gurat ion save d in 17-7 VLANs saved in 17-4 vlan d ata base c omm an d 17-6 vlan g loba l c onfi gur ation c omm and 17-6 VLAN ID, disc overing 8-28 VLAN mana geme nt dom ain 1[...]

  • Page 709

    Inde x IN- 33 Catalyst 2950 and Catalyst 2955 Switch Software Configur ation Gui de 78-11380-10 VQP 17-25 VTP adding a cl ient to a d om ain 18-14 advertisements 17- 17, 18-3 and exte nded -rang e VLAN s 18-1 and nor mal-rang e VLA Ns 18-1 client mode , c onf igur ing 18-11 configuratio n global con figu ra tio n m ode 18-7 guideline s 18-8 privile[...]

  • Page 710

    Index IN- 34 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10[...]