Manual Cisco Systems 2960-S

1004 pages 17.17 mb
Download

Go to site of 1004

Summary
  • Cisco Systems 2960-S - page 1

    Americas Hea dquarters Cisc o Syst ems , Inc . 170 West Ta sman Driv e San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 527-0883 Catal yst 2960 and 2960-S S witc h So f t wa r e Configuration Guide Cisco IOS R elease 12.2(55 )SE August 20 1 0 Text Pa rt Nu mber: OL-8603- 09 ...

  • Cisco Systems 2960-S - page 2

    THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI ON, AND RE COMMENDATIONS IN T HIS MA NUAL ARE BELI EVED TO BE ACCURATE BUT ARE P RESENTED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY P ...

  • Cisco Systems 2960-S - page 3

    iii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 CONTENTS Preface xxxv ii Audienc e xxx vii Pur pose xx xvii Conv enti ons x xxviii Rela ted Publi cati ons xxxix Obtain ing Docu mentat ion, Obt aining Su pport , and Secur ity Gui deline s xl CHAPTER 1 Overview 1-1 Featur es 1-1 Ease-o f-Depl oyment and E ase-o f-Use F ea ...

  • Cisco Systems 2960-S - page 4

    Cont ent s iv Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Using Con figu ration Lo ggin g 2-4 Using Comma nd Hist ory 2-5 Changin g the Comma nd Histor y Buffe r Size 2-5 Recall ing Commands 2-6 Disabl ing th e Command Hist ory Featur e 2- 6 Using Edi tin g Featu res 2-6 Enabli ng and Di sablin g Edit ing Featu res 2- ...

  • Cisco Systems 2960-S - page 5

    Content s v Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Automa ticall y Downl oading a Con figu ration Fi le 3-18 Specif ying the Fi lena me to Read and Wri te the System Confi gura tion 3-18 Bootin g Manu ally 3-19 Bootin g a Speci fic Soft ware Imag e 3-20 Contro lli ng Enviro nment Var iables 3-21 Schedul ing a Re lo ...

  • Cisco Systems 2960-S - page 6

    Cont ent s vi Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g NTP Assoc iation s 5-6 Config urin g NTP Broa dcast Serv ice 5-7 Config urin g NTP Acces s Restric tions 5-9 Config urin g the Sour ce IP Addre ss for NTP Packets 5-11 Displa ying t he NTP Confi gurat ion 5-12 Config urin g Time and Date Manuall y ...

  • Cisco Systems 2960-S - page 7

    Content s vii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Clust er C omm and S wit ch Ch arac teri stic s 6-3 Standby Clu ster Command S witch Char acteris tics 6-3 Candida te Swit ch and Cl uster Member Swit ch Charac teri stic s 6-4 Plan ning a Sw itc h Clu ster 6-5 Automa tic Disc overy of Cl uster Can didat es and M ...

  • Cisco Systems 2960-S - page 8

    Cont ent s viii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Underst andi ng Auto-Upg rade an d Auto-A dvise 7-10 Auto-Up grade an d Auto- Advis e Example Me ssages 7-11 Incom pat ible S oftw are and Mem ber Im ag e Upg rad es 7-13 Stack Con figu ration Fi les 7-13 Additi onal Consider ation s for Sy stem-Wide Co nfig ...

  • Cisco Systems 2960-S - page 9

    Content s ix Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Protec ting Access to Pri vileg ed EXEC Comma nds 9-2 Defaul t Passwo rd and Priv ileg e Level Configur ation 9-2 Setti ng or Chan ging a Stat ic Ena ble Passwor d 9-3 Protec ting Enab le and Enab le Se cret P asswor ds wi th Encr ypti on 9-3 Disabl ing Pas sword ...

  • Cisco Systems 2960-S - page 10

    Cont ent s x Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g th e Switch to Use V endor -Specif ic R ADIUS A ttribu tes 9-36 Config urin g the Swit ch for Vend or-P ropriet ary RADIUS Ser ver Co mmunica tion 9-38 Config urin g CoA on the Swit ch 9- 39 Monitor ing and Tro uble shootin g CoA Funct ionali ty 9- ...

  • Cisco Systems 2960-S - page 11

    Content s xi Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Ports in A utho rized an d Una uthor ized Sta tes 10-11 802.1x Authent icati on and Swit ch Stacks 10-12 802.1x Host Mode 10-1 3 Multid omain Authe ntic ation 10-13 802.1x Mult iple Au thent icati on Mode 10-15 MAC Move 10-16 MAC Replace 10-16 802.1x Acco untin g ...

  • Cisco Systems 2960-S - page 12

    Cont ent s xii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 VLAN Assig nment, Gues t VLAN, Res trict ed VLAN, an d Inac cessibl e Authenti cati on Bypass 10- 39 MAC Auth enti cat ion By pas s 10 -40 Maxi mum N umbe r of Allow ed Dev ice s Per Po rt 10-4 0 Config urin g 802.1 x Readines s Check 10-40 Config urin g Voi c ...

  • Cisco Systems 2960-S - page 13

    Content s xiii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Device Ro les 11-2 Host De tect ion 11-2 Sessio n Creat ion 11-3 Authent icat ion Proce ss 11-3 Local We b Aut hen tica tion Bann er 11-4 Web Auth enti cation Custo mizab le Web P ages 11-6 Guidel ines 11-6 Web-base d Authen ticati on Int eracti ons with Oth er ...

  • Cisco Systems 2960-S - page 14

    Cont ent s xiv Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Dual- Pur pose U pli nk P orts 12-4 Powe r ove r Etherne t Ports 12-5 Support ed Pro tocols an d Standa rds 12-5 Powe red-D evi ce De tect ion and In itia l Po wer A lloc ation 12-6 Power Ma nagement Modes 12-7 Power Moni toring an d Power Po licing 12-8 Conne ...

  • Cisco Systems 2960-S - page 15

    Content s xv Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Shutti ng Do wn and Restar ting the I nter face 12 -39 CHAPTER 13 Configur ing V LANs 13-1 Underst anding VL ANs 13-1 Support ed VL ANs 13-2 VLAN Port Membe rship Mode s 13-3 Config urin g Normal -Range VLANs 13-4 Token Ri ng VLANs 13-5 Normal- Range VL AN Configu ...

  • Cisco Systems 2960-S - page 16

    Cont ent s xvi Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g Dynamic -Access Po rts on VMPS Clients 13-25 Reco nfirm ing V LA N Me mber ship s 13-26 Changin g the Rec onfirmat ion I nterval 13-26 Changin g the Ret ry Coun t 13-2 7 Moni tori ng t he VM PS 13-2 7 Troubl eshooti ng Dynami c-Access Port VL AN ...

  • Cisco Systems 2960-S - page 17

    Content s xvii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Voice VLA N Conf igurat ion Gui delines 15-3 Config urin g a Port Co nnected t o a Cisco 7 960 I P Phone 15-4 Config urin g Cisco IP Phone Voi ce Traf fic 15-5 Config urin g the Pri ority of Inco ming Data Fr ames 15-6 Displa ying Vo ice VLA N 15-7 CHAPTER 16 Co ...

  • Cisco Systems 2960-S - page 18

    Cont ent s xviii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g the Maxi mum-Aging Ti me for a VL AN 16-23 Config urin g the Tra nsmit Hold-C ount 16-24 Displa ying t he Spannin g-Tr ee Status 16 -24 CHAPTER 17 Configur ing MST P 17-1 Underst anding MSTP 17-2 Multip le Sp anning- Tree Regions 17-2 IST, C IS ...

  • Cisco Systems 2960-S - page 19

    Content s xix Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Config urin g the Maxi mum-Hop Co unt 17-26 Specif ying t he Link Typ e to Ensu re Rapid Tr ansit ions 17-27 Designa ting the Ne ighbo r Ty pe 17-27 Restar ting the Pr otoc ol Migr atio n Proce ss 17- 28 Displa ying t he MST Config uration and Stat us 17-28 CHAPT ...

  • Cisco Systems 2960-S - page 20

    Cont ent s xx Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Generat ing IG MP Repo rts 19-4 Leakin g IGMP Repo rts 19-4 Config urati on Exa mples 19- 4 MAC Address- Table Mo ve Update 19-6 Config urin g Flex Lin ks and th e MAC Address -Tabl e Move Update 19-7 Defau lt C onfig urat ion 19-8 Config urati on Guidel ines 1 ...

  • Cisco Systems 2960-S - page 21

    Content s xxi Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Config urin g DHCP Serv er Port-B ased Add ress Al locati on 20- 22 Defau lt P ort- Base d Ad dre ss Al loca tion Conf igur atio n 20-23 Port-B as ed Ad dres s A lloc atio n Con figu rat ion Guide line s 20-2 3 Enabli ng DHCP Ser ver Po rt-Based Addres s Alloc at ...

  • Cisco Systems 2960-S - page 22

    Cont ent s xxii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urin g TCN-Relat ed Command s 22-12 Contro lli ng the Multi cast Flo oding Time After a TC N Event 22-12 Recover ing fr om Flood Mode 22-13 Disabl ing Multica st Flo oding During a T CN Eve nt 22-13 Config urin g the IGMP Sn ooping Que rier 22-14 Disab ...

  • Cisco Systems 2960-S - page 23

    Content s xxiii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Secure MAC Add resses 23-9 Secu rity Vi olat ions 23-10 Defaul t Por t Se curity Conf igurat ion 23-11 Port S ecu rity Conf igur atio n Gui deli nes 23-1 1 Enabli ng a nd Co nfiguri ng P ort Sec urit y 23-13 Enabli ng and Co nfig uring Por t Secur ity Agin g 23 ...

  • Cisco Systems 2960-S - page 24

    Cont ent s xxiv Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Config urati on Guidel ines 26-5 Enabli ng L LDP 26-6 Config urin g LLDP Char acte ristic s 26-6 Config urin g LLDP-MED TLVs 26-7 Config urin g Network -Pol icy TLV 26-8 Config urin g Locat ion TLV a nd Wired Loca tion Servic e 26-9 Monitor ing an d Mainta in ...

  • Cisco Systems 2960-S - page 25

    Content s xxv Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 CHAPTER 28 Configur ing R MON 28-1 Underst anding RMON 28-1 Config urin g RMON 28-2 Defaul t RMON Configur ation 28-3 Config urin g RMON Alarms and Ev ents 28- 3 Collec ting Grou p Hist ory S tati stics on a n In terface 28-5 Collec ting Group Et hernet St atis t ...

  • Cisco Systems 2960-S - page 26

    Cont ent s xxvi Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 SNMP Conf igur ation Guidel ines 30-7 Disabl ing th e SNMP Agent 30-7 Config urin g Community St ring s 30-8 Config urin g SNMP Groups and Us ers 30-9 Config urin g SNMP Notifi cations 30-12 Settin g t he C PU Th res hold Not ifica tion Ty pes and Value s 30- ...

  • Cisco Systems 2960-S - page 27

    Content s xxvii Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Displ ayin g IPv4 ACL Con figur atio n 31 -24 CHAPTER 32 Configur ing Cisc o IOS IP SLAs Operat ions 32-1 Underst anding Ci sco IOS IP SLAs 32-2 Using Ci sco IOS IP SLAs to Measur e Networ k Performa nce 32-3 IP SL As R espo nde r and IP S LAs C ont rol Prot oc ...

  • Cisco Systems 2960-S - page 28

    Cont ent s xxvii i Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Enabli ng Au to-Qo S 33-33 Troubl eshoo ting Au to Qo S Commands 33-34 Displa ying Au to-QoS Informat ion 33-35 Config urin g Standa rd QoS 33-35 Defau lt S tan dard Q oS Conf igur atio n 33 -36 Defaul t Ingr ess Queu e Configur ati on 33-3 6 Defaul t Egre ...

  • Cisco Systems 2960-S - page 29

    Content s xxix Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Config urin g SRR Share d Weights on Egress Queues 33-7 7 Config urin g the Egr ess Expedi te Queu e 33-78 Limiti ng the B andwidth o n an Egres s Interf ace 33-78 Displa ying St andard QoS Infor matio n 33-79 CHAPTER 34 Configur ing S tatic IP Unic ast Rout ing ...

  • Cisco Systems 2960-S - page 30

    Cont ent s xxx Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 MLD Messages 36-3 MLD Queries 36-3 Multica st Cl ient Aging Rob ustn ess 36-3 Multic ast Rout er Discov ery 36- 4 MLD Reports 36-4 MLD Done Messag es and Imme diate-L eave 36-4 Topolo gy Chang e Notifi catio n Process ing 36-5 MLD Snoop ing in Switch Stacks 36 ...

  • Cisco Systems 2960-S - page 31

    Content s xxxi Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Config urin g LACP Hot- Standby Po rts 37 -18 Config urin g the LACP System Prio rity 37-18 Config urin g the LACP Port Pr iority 37-19 Displa ying EtherC hannel , PA gP, and LACP Stat us 37-20 Underst andi ng Link-St ate Trac king 37 -20 Config urin g Link- Sta ...

  • Cisco Systems 2960-S - page 32

    Cont ent s xxxii Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Underst anding TDR 38-19 Running TDR and Dis playin g the Resu lts 38 -19 Using Deb ug Commands 38-20 Enabli ng Debug ging o n a Specifi c Featu re 38-20 Enabli ng Al l-Syst em Diagn osti cs 38-2 1 Redire ctin g Debug an d Error Messa ge Outp ut 38-21 Using ...

  • Cisco Systems 2960-S - page 33

    Content s xxxii i Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Copyin g File s A-5 Dele ting F iles A-5 Creati ng, Di splayi ng, and Extracti ng tar Files A-6 Creat ing a ta r File A-6 Displa ying t he Content s of a tar File A-7 Extra ctin g a tar Fil e A-7 Displa ying t he Content s of a File A-8 Working with Confi gur ...

  • Cisco Systems 2960-S - page 34

    Cont ent s xxxiv Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Download ing an I mage File By Using FT P A-3 0 Uploa ding an I mage File By U sing F TP A-32 Copyin g Image Fi les By Usin g RCP A-33 Prepar ing to Download or Upload an Image Fi le By Using RC P A-33 Download ing an I mage File By Using RCP A-34 Uploa ding ...

  • Cisco Systems 2960-S - page 35

    Content s xxxv Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Unsuppor ted I nterfac e Confi gurati on Commands C-5 Unsuppor ted Po licy-Map Confi guratio n Command C-5 RADIUS C-5 Unsuppor ted Gl obal Conf igura tion Comman ds C-5 SNMP C-5 Unsuppor ted Gl obal Conf igura tion Comman ds C-5 SNMPv3 C-6 Unsu ppo rted 3 DES En ...

  • Cisco Systems 2960-S - page 36

    Cont ent s xxxvi Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 ...

  • Cisco Systems 2960-S - page 37

    xxxvi i Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Preface Audience This gu ide i s for the net working profession al m anaging the Ca talyst 2960 and 29 60-S swi tches, hereaf ter re ferred t o as th e switch . Befor e using thi s guide, y ou should ha v e ex perience working wi th the Cisco IOS softwar e and be famil ...

  • Cisco Systems 2960-S - page 38

    xxxvii i Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Preface • Enter th e sho w lic ense pr iv ilege d EXEC c ommand, an d see w hich is th e acti ve image: Switch# show license Index 1 Feature: lanlite Period left: 0 minute 0 second Index 2 Feature: lanbase Period left: Life time License Type: Permanent License Sta ...

  • Cisco Systems 2960-S - page 39

    xxxix Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Pre face Cautio n Means re a d e r b e c a re f u l . In this situation, you might do someth ing that could result in equipmen t dam age or loss of da ta. Related Publications These docum ents provide co mplete infor mation about the switch and are av ailable from this C ...

  • Cisco Systems 2960-S - page 40

    xl Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Preface • For inform ation abou t the Net work Admissi on Control (N A C) featur es, see th e Network A dmission Contr ol Software Configuration Gu ide • Information a bout Cisco SFP , SFP+, and GBIC modules is av ailable from this Cisco.com site: http://www .cisco.co ...

  • Cisco Systems 2960-S - page 41

    CH A P T E R 1-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 1 Overview This c hapter p rovides these topics a bout t he C atalyst 29 60 a nd 2960-S switch software : • Feat ures , page 1-1 • Defa ult Settin gs After I nitial Swi tch Conf iguration, page 1-16 • Network Configu ration E xamples, page 1-18 • Whe ...

  • Cisco Systems 2960-S - page 42

    1-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s Ease -of-Dep loyme nt and Eas e-of-Use F eatur es • Express Se tup for quickly configur ing a swi tch for t he first time with ba sic IP i nforma tion, contac t inform ation, sw itch a nd T el net passwords, and Si mple Network Manageme ...

  • Cisco Systems 2960-S - page 43

    1-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • Cisco FlexStack tec hnology on Catal yst 2960-S sw itches runn ing the LAN ba se image for – Connecting u p to four swi tches through their FlexSta ck ports to o perate as a single switch in t he network. – Creatin g a bi directio nal ...

  • Cisco Systems 2960-S - page 44

    1-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s Performa nce Featu res • Cisco EnergyWise manages the en ergy usage of en d points in cludi ng power ov er Etherne t (PoE) devices and n on-Ci sco devices. For informa tion, see the Cisc o EnergyW ise Con figuration Guide . • Autosensi ...

  • Cisco Systems 2960-S - page 45

    1-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • IGMP throttl ing for conf iguring the ac tion when the maximum numb er of entries is in the IGMP forwarding ta ble. • IGMP lea ve timer for conf iguring the lea v e latenc y for the netw ork. • Switch Data base Mana gement (SDM) temp l ...

  • Cisco Systems 2960-S - page 46

    1-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • Cisco IO S Configuration Engine (previously k nown to as the Cisco IOS CNS agen t)-—C onfiguration service aut omat es the deploym ent and m anagem ent of netwo rk devices and services . Y ou can auto mate initial config urations and ...

  • Cisco Systems 2960-S - page 47

    1-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • In-band mana gement acc ess thro ugh the device m anag er over a Net scape Navigator or Mic rosoft Intern et Explore r browser session • In-band manageme nt access fo r up to 16 sim ultan eous T elne t connect ions for mult iple CL I-bas ...

  • Cisco Systems 2960-S - page 48

    1-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • USB mi ni-T ype B cons ole po rt in additi on to th e st andard RJ-45 consol e port . Co nsole inp ut is active on only one port at a t ime. (Cat alyst 2 960-S o nly) • USB T ype A por t for externa l Cisco U SB flas h memory devices ...

  • Cisco Systems 2960-S - page 49

    1-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features – Loop gu ard for pr ev enting alterna te or roo t ports fr om bec oming d esignat ed port s because of a failur e that l eads t o a unidir ectional link • Flex Link Layer 2 interf aces to back up one ano ther as an alternati ve to STP for ...

  • Cisco Systems 2960-S - page 50

    1-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • Support for VT P version 3 that i ncludes support for c onfiguring ext ended r ange V LANs (VLANs 1006 to 4094) in any VTP m ode, enhanc ed a uthenti cation ( hidden or se cret p asswords), propagat ion of other datab ases in add itio ...

  • Cisco Systems 2960-S - page 51

    1-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • Dynamic ARP insp ection to pre vent mali cious attacks on t he swi tch b y not r elayi ng in valid ARP requests and responses to other ports in the same VLAN • IEEE 802. 1x port-ba sed au then ticatio n to prev ent unaut horize d device ...

  • Cisco Systems 2960-S - page 52

    1-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s Note T o use v oic e aw are 802.1 x authe ntication , the switc h must be runnin g the LAN Base image. – MA C authen ticat ion bypass to author ize cl ients ba sed on the client M A C addre ss. Note T o use MA C authentic ation byp ass, ...

  • Cisco Systems 2960-S - page 53

    1-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • Support for cr itical VLAN with multi ple-host aut hentication so that when a port is conf igured for multi-au th, and an AAA ser ver becomes unreachab le, the p ort is p laced in a critical VLAN in o rder to still permit access to critic ...

  • Cisco Systems 2960-S - page 54

    1-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • Policing Note T o use polic y maps, the switch must be runnin g the LAN Base image – T raff ic-poli cing poli cies on the switc h port for mana ging how much of the port ba ndwidth should be allocate d to a sp ecif ic traf fic f lo ...

  • Cisco Systems 2960-S - page 55

    1-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features Note T o use Auto -QoS enha ncemen ts, the switc h must be runnin g the LAN Base imag e. Laye r 3 F eatur es • When yo u conf igur e the lanbase-routing SDM tem plate, the switch suppo rts static routing and router ACLs on SVIs (support ed ...

  • Cisco Systems 2960-S - page 56

    1-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Default Set tings A fter Initial Sw itch Conf iguration • T ime Domai n Reflect or (TDR) t o diagnose and reso lve cabling problems on 10/100 and 10/100/10 00 coppe r Ether net port s • SFP module diagnostic management interface to monitor phys ...

  • Cisco Systems 2960-S - page 57

    1-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Default Settings After Initial Switch Configuration • IEEE 8 02.1x is d isabled. For more infor matio n, see Chapte r 10, “C onf i guring IEEE 802. 1x Port-Based Auth entication. ” • Port para meter s – Interface speed a nd duplex mode is au ...

  • Cisco Systems 2960-S - page 58

    1-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Netwo rk Configura tion Examp les • MVR is disabled. F or more inform ation, see Chapter 22 , “ Configuring IGM P Snoopin g and MVR. ” Note T o us e MVR, the sw itch m ust b e runnin g the LAN Bas e imag e. • Port-bas ed traf fic – Broadc ...

  • Cisco Systems 2960-S - page 59

    1-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Network Configuration Examples Design Co ncepts fo r Using the Switch As your network user s compe te for network b andw idth, i t takes lon ger to send and re ceive data. Whe n you configu re your network , consi der t he band width requi red by your ...

  • Cisco Systems 2960-S - page 60

    1-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Netwo rk Configura tion Examp les Y o u can u se the switches an d switch sta cks to create the follo wing: • Catalyst 29 60-S switches. T o preserv e switch connecti vity if one swit ch in the stack f ails, conn ect the switc hes as reco mmended ...

  • Cisco Systems 2960-S - page 61

    1-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Network Configuration Examples Figur e 1 -1 Cost-Ef f ective W ir ing C loset • Serv er aggr e gation ( Figure 1-2 )— Y ou can u se the switch es to in tercon nect groups of servers, central izing phy sical sec urity and ad ministra tion o f your ...

  • Cisco Systems 2960-S - page 62

    1-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Netwo rk Configura tion Examp les Figu re 1 - 2 S erver Aggregati on Small to Medium-Sized Ne twork Using Catalyst 2960 an d 2960-S Switch es Figure 1-3 shows a configurat ion for a networ k of up t o 500 employees. This ne twork use s The switche ...

  • Cisco Systems 2960-S - page 63

    1-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Network Configuration Examples Figur e 1 -3 Collapsed Bac kbone Confi gura tion Long-Distan ce, High-Ba ndwidth T ransport C onfiguration Note T o u se CW DM SF Ps , the s wit ch mu st b e run nin g th e LAN Base ima ge. Figure 1-4 shows a configurat ...

  • Cisco Systems 2960-S - page 64

    1-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Where to Go Nex t Figur e 1 -4 Long-Distanc e, High-Bandw idth T ran spor t Configur ation Where to Go Next Before conf igurin g the switch, re v ie w these sections for startup informatio n: • Chapter 2, “Using the Comman d-Li ne In terfa ce? ...

  • Cisco Systems 2960-S - page 65

    CH A P T E R 2-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 2 Using the Command-Line Interface This c hapte r descr ibes t he Cisc o IOS comm and-li ne in terface ( CLI) and how to use it to configure your Catalyst 296 0 or 2960-S switch. Unless othe rwise not ed, the term switc h refers to a stand alone switch and t ...

  • Cisco Systems 2960-S - page 66

    2-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding Com mand M odes Ta b l e 2 - 1 describ es the ma in comm and mod es, how to access ea ch one, the prompt you see in th at mode , and how to exit the mode. Th e exampl es in the tab le use the h ostname Sw ...

  • Cisco Systems 2960-S - page 67

    2-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Understa nding th e Help Syst em For more detail ed info rmat ion on the command mode s, see the c omma nd refe rence g uide for th is rel ease. Understandin g the Help Syste m Y ou can enter a ques tion mark (? ) at the sy st ...

  • Cisco Systems 2960-S - page 68

    2-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding no and defa ult Form s of Commands Understandin g no and def ault Forms of Commands Almos t e very co nf igur ation co mmand also has a no for m. In ge nera l, use the no form to disa ble a fea ture or fu ...

  • Cisco Systems 2960-S - page 69

    2-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Using Com mand History comm and was en tered, and the parser r etur n code fo r the c omman d. This feature incl udes a me chan ism for asyn chron ous no tification to r egistered applica tions whenever the c onfiguratio n cha ...

  • Cisco Systems 2960-S - page 70

    2-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Using E diting Feature s Recalling Commands T o rec all co mman ds from the hi story buffer , perform one of t he actions listed i n Ta b l e 2 - 4 . These actions are op tio nal. Disabling the Comma nd History Fe ature ...

  • Cisco Systems 2960-S - page 71

    2-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Featu res T o re-enable the enhanced editing mode for the curre nt terminal session, enter this command in privileged EXEC mode : Switch# terminal editing T o reconf igu re a s pecif ic line to ha ve enha nced e ...

  • Cisco Systems 2960-S - page 72

    2-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Using E diting Feature s Editing C ommand Lines that Wrap Y ou can use a w raparo und f eature for c omma nds tha t extend b eyond a single l ine o n the scre en. W hen the cursor reaches the right mar gin, the comma nd ...

  • Cisco Systems 2960-S - page 73

    2-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Searching and Filtering Output of show and m ore Commands The soft ware assum es you have a termin al screen that i s 80 col umns wide . If you have a width ot her tha n that, use the termina l width privileged E XEC c ommand ...

  • Cisco Systems 2960-S - page 74

    2-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Access ing the CLI T o deb ug a spe cifi c st ack mem ber , you c an acce ss it from the s tack master by usin g the session stac k-member -num ber privileged EXE C comma nd. Th e stac k memb er numb er is ap pende d t ...

  • Cisco Systems 2960-S - page 75

    CH A P T E R 3-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 3 Assigning the Switch IP Address and Default Gateway This chap ter de scribe s ho w to creat e the initi al switc h conf igur ation (f or e xampl e, assig ning th e IP address an d default gateway informat ion) for the Ca talyst 296 0 or 2960-S switc h by u ...

  • Cisco Systems 2960-S - page 76

    3-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion The nor mal b oot p rocess involv es the opera tion of the boot lo ader software, which perfo rms the se acti vities: • Performs lo w-le vel CPU initializatio n. It initiali ...

  • Cisco Systems 2960-S - page 77

    3-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information . Stacking is sup ported only on Catalyst 2960-S sw itch es.Use a DHCP server for centra lized cont rol and automatic assignmen t of IP informatio n after the serv er is c onf ...

  • Cisco Systems 2960-S - page 78

    3-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion The DH CP server for y our sw itch can be on the same LA N or on a different LA N than the s witch. I f the DHCP se rver is r unning o n a different LAN, you sh ould c onfigure ...

  • Cisco Systems 2960-S - page 79

    3-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information The DH CP hostn ame option allows a grou p of swi tches t o obtain hostnam es an d a sta ndard c onfiguration from the ce ntral ma nage ment DHCP s erv er . A cl ien t (switch ...

  • Cisco Systems 2960-S - page 80

    3-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion Limitations and Restrictions These are the limita tions: • The DHCP -based au toconf iguration wit h a sa ved co nf igurati on pro cess sto ps if there is not at leas t one L ...

  • Cisco Systems 2960-S - page 81

    3-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Depending on the settings of the DHCP serv er , the switch can recei ve IP address informatio n, the configurat ion file, or b oth. If you do not configure th e DHCP ser ver w ...

  • Cisco Systems 2960-S - page 82

    3-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion If you specify the T FTP server na me in the D HCP s erver-lease da tabase, you m ust al so co nfigure t he TFTP s erv er nam e-to- IP-a ddre ss map ping in the DNS- serv er da ...

  • Cisco Systems 2960-S - page 83

    3-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Figu re 3-2 Rel ay Devi ce Us ed in Autoconfigu ration Obtaining Configurati on Files Depending on the av ailability of th e IP ad dress and th e conf igu ration f ilename in ...

  • Cisco Systems 2960-S - page 84

    3-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion Note The switch br oadcasts TFTP serv er requests if the TFTP ser ver is not obt ained fr om the DHCP replies, if all attempts to read the conf iguratio n f ile t hrough unica ...

  • Cisco Systems 2960-S - page 85

    3-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information TFTP Serve r Conf iguration (on UNIX) The TF TP server base di rectory is set to / tftpserver/wor k/. This di recto ry contai ns the ne twork-conf g file used in the two -fil ...

  • Cisco Systems 2960-S - page 86

    3-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion This e xample sh ow s ho w to conf igure a switch as a DHCP serv e r so that it will do wnload a config uratio n fil e: Switch# configure terminal Switch(config)# ip dhcp pool ...

  • Cisco Systems 2960-S - page 87

    3-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information This example shows ho w to configure a switch as a D HCP server so it downloads a con f igura tion file: Switch# config terminal Switch(config)# ip dhcp pool pool1 Switch(dhc ...

  • Cisco Systems 2960-S - page 88

    3-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion Configuring the Client Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure a switch to do wnload a configurat ion file an d n e w im age from a D HCP se rv ...

  • Cisco Systems 2960-S - page 89

    3-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Chec king and Savin g the Runni ng Co nfig ura tion Manually Assigning IP Information Beginn ing in pri vilege d EXEC mode, follo w these step s to manually assign IP information to multip le switched vi ...

  • Cisco Systems 2960-S - page 90

    3-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Checking and Saving th e Running Con figuration enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0 ! . <output truncated> . interface gigabitethernet6/0/1 ip address 172.20.137.50 255.255.255.0 ! interface ...

  • Cisco Systems 2960-S - page 91

    3-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Beginn ing in p ri vileg ed EXE C mode, f ollo w thes e steps to conf igur e the NV RAM b uf fer siz e: This exampl e shows ho w to configure th e NVRAM buf fer size: ...

  • Cisco Systems 2960-S - page 92

    3-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration Default Boot Configuration Ta b l e 3 - 3 shows the d efault bo ot-up c onfiguration. Automatically Downloadin g a Con figuratio n File Y ou can automa tical ly download ...

  • Cisco Systems 2960-S - page 93

    3-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration T o return to the default setting, use the no boot config-f ile glo bal configurat ion comma nd. Booting Manua lly By def ault, the switch au tomatically boots u p; ho ...

  • Cisco Systems 2960-S - page 94

    3-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration Booting a Specific Software Image By default, the switch attempts to automatic ally boot up the system using infor mation in the BOO T en vironment v ariab le. If this v ...

  • Cisco Systems 2960-S - page 95

    3-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Controlling Environment Variables W ith a n ormall y op erati ng swi tch, y ou en ter the boot load er m ode onl y thro ugh a swit ch conso le connec tion con figured ...

  • Cisco Systems 2960-S - page 96

    3-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Reload of the Software Image Scheduling a Re load of the Software Image Y o u can schedule a reload o f the softw are image to occur on the switch at a l ater time (f or e xample, lat e at nigh ...

  • Cisco Systems 2960-S - page 97

    3-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Schedul ing a Reload of the Sof tware Image Configur ing a S chedu led Reload T o conf igure your switch to relo ad t he soft war e image at a later ti me, u se o ne of th ese co mmands in privileged EXE ...

  • Cisco Systems 2960-S - page 98

    3-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Reload of the Software Image Displaying S chedu led Reload Information T o di splay infor matio n about a previou sly sched uled reloa d or to find out if a relo ad has been schedule d on the sw ...

  • Cisco Systems 2960-S - page 99

    CH A P T E R 4-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 4 Configuring Cisco IOS Configuration Eng ine This c hapter d escrib es how to configure the f eature on th e Cata lyst 2960 and 2960-S switche s. Note For complete conf iguration information for the Cisco Conf igurati on Engine, go to http://www .cisco.com/ ...

  • Cisco Systems 2960-S - page 100

    4-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software Figur e 4-1 Configuration Engine Ar chitec tur al Ov ervie w • Configuration Ser vice, page 4-2 • Event Service , page 4-3 • What Y ou Should Know About the CN ...

  • Cisco Systems 2960-S - page 101

    4-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco Configuration Engine Software Event Servic e The Ci sco C onfiguration Engine uses t he Event Se rvice for re ceipt and g enerat ion of configurat ion e v ents. The e v ent agen t is on the switch ...

  • Cisco Systems 2960-S - page 102

    4-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software DeviceID Each co nfigured swit ch parti cipati ng on the ev ent bus has a un ique DeviceID, w hich is ana logous to the switch source ad dress so that the switch can ...

  • Cisco Systems 2960-S - page 103

    4-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco IOS Agents Understandin g Cisco IOS Age nts The CNS e vent agent feature allo ws the switch to publish and subscribe to e v ents on the e v ent b us and works with the Cisc o IOS agent. Th e Cisco ...

  • Cisco Systems 2960-S - page 104

    4-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Incremental (Partial) Configur ation After t he ne twork i s runn ing, new serv ices c an b e adde d by usi ng the Cisco IOS a gent. Increm ent al (partia l) co nfigurations can be sent to ...

  • Cisco Systems 2960-S - page 105

    4-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Note For more informatio n about running the setup program and creating templ ates on the Config uration Engine , see the Cisc o Configuration En gine I nstallat ion and Setup Guide, 1. 5 ...

  • Cisco Systems 2960-S - page 106

    4-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable the CNS ev ent agen t on the switch: T o disable t he CNS e vent ag ent, use the no cn s event { ip-a ddr ess | hostna me ...

  • Cisco Systems 2960-S - page 107

    4-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Enabling th e Cisco IOS C NS Agent After enabling th e CNS e vent agent , start t he Cisco IOS CNS agent o n the switc h. Y ou can enab le the Cisco IOS ag ent with the se comman ds: • ...

  • Cisco Systems 2960-S - page 108

    4-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Step 7 discover { contr oller contr oller-type | dlci [ subinterface subint erface -numbe r ] | interface [ interface-typ e ] | line line-type } Specify the inte rface p arameters in the C ...

  • Cisco Systems 2960-S - page 109

    4-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents T o disab le th e CNS C isco IO S agent , us e the no cns conf ig initial { ip- addr ess | hostname } globa l configurati on c ommand. This e xample sho ws ho w to c onf igure a n initia ...

  • Cisco Systems 2960-S - page 110

    4-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents This e xample sho ws ho w to c onf igure a n initial c onf iguratio n on a remote swi tch when the switch IP address is kn own. The Configura tion En gine I P addr ess is 172.28 .129.2 2. ...

  • Cisco Systems 2960-S - page 111

    4-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Displaying CNS Configuration Displaying CNS Configuration T able 4-2 Pr ivile ge d EXEC sho w Comm ands Command Purpose show cns conf ig connect ions Displ ays th e stat us of the C NS Cis co IOS a gent c onnect ion ...

  • Cisco Systems 2960-S - page 112

    4-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Displaying CNS Con figuration ...

  • Cisco Systems 2960-S - page 113

    CH A P T E R 5-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 5 Administering the Switch This ch apter d escr ibes how to perfor m one- time ope rati ons to adm inister the Ca talyst 296 0 and 2960- S switches. Unless otherwise noted, the term switch refer s to a standa lone switch and to a switc h stack. Note Stac kin ...

  • Cisco Systems 2960-S - page 114

    5-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date • Enter the sh o w ver sion pri vile ged EXE C command. Th e line that sh o ws the product ID also end s in either -L (if running the LA N base im age) or -S ( if runn ing the LAN Li te image ). F o ...

  • Cisco Systems 2960-S - page 115

    5-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The system c lock keep s trac k of wh ether the t ime i s authoritative or not (th at is, whether it has been set by a time source con sidered to be au thoritati ve). If it is not authoritat i v ...

  • Cisco Systems 2960-S - page 116

    5-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Figure 5-1 sho ws a typic al network examp le using NTP . Switch A is the NTP master , with Switch es B, C, and D configure d in NTP server mod e, in server asso ciatio n with Switch A. Switch E is co ...

  • Cisco Systems 2960-S - page 117

    5-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring NTP The switc h does not have a hardware-sup ported clo ck and cann ot functi on as an NTP maste r clock to which p eers syn chronize themse lves when an e x terna l NTP sour ce is n ...

  • Cisco Systems 2960-S - page 118

    5-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date T o disab le N TP auth en tica tio n, use th e no ntp authenticate global co nfigurati on comma nd. T o remove an auth enticatio n k ey , use the n o ntp a uthe ntic atio n-k ey number glob al co nfig ...

  • Cisco Systems 2960-S - page 119

    5-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Beginning in privileged EXE C mode, foll ow these steps to form a n NTP associ ation wit h another device: Y ou need to co nfigure only one en d of an associ ation; t he other device can aut oma ...

  • Cisco Systems 2960-S - page 120

    5-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date The switc h can send or re ceive NTP broadcast packets on an interface -by-inte rface basis if there is an NTP broa dcast ser v er , such as a router , broadcas ting time info rmatio n on the net wor ...

  • Cisco Systems 2960-S - page 121

    5-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te T o di sable a n inte rface fr om rece iving NTP broadc ast pac kets, use the no ntp broadcast client interfa ce configurat ion c omma nd. T o c hange the estima ted roun d-trip dela y to t he d ...

  • Cisco Systems 2960-S - page 122

    5-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date The ac cess group keywords are sc anned i n thi s ord er , from l east restric tiv e to most r estrictive: 1. peer —Allo ws time requests and NTP control queries and allo ws the swit ch to synchron ...

  • Cisco Systems 2960-S - page 123

    5-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Disabling N TP Service s on a S pecifi c Interface NTP service s are enabled on all interfa ces b y def ault. Beg i n ni n g i n pr ivi l eg ed E X E C mo de , fo l l ow t h es e s te p s t o d ...

  • Cisco Systems 2960-S - page 124

    5-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Displaying the NTP Config uration Y ou can use two privileged EXEC comm ands to display NTP info rmat ion: • show ntp associations [ detail ] • show ntp status Note For detailed infor mation abou ...

  • Cisco Systems 2960-S - page 125

    5-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Displaying the Time and Dat e Configuration T o display the time and date conf iguration , use the show clock [ det ail ] p ri vile ged E XEC co mmand . The syst em cl ock keeps an authoritativ ...

  • Cisco Systems 2960-S - page 126

    5-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Configuring Summer Time (Daylight Saving Ti me) Beginning in pr ivileged EXEC mode, fo llow these steps t o co nfigure summer time (dayligh t saving time) in areas wh ere it sta rts and ends on a par ...

  • Cisco Systems 2960-S - page 127

    5-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Confi guring a S ystem Name an d Prompt Beginning in privileged EX EC mode, fol low these steps if summ er tim e in your area do es not foll ow a recurr ing patt ern (con figure the exac t date and tim e of the next summe r time event ...

  • Cisco Systems 2960-S - page 128

    5-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Configur ing a System Nam e and Prom pt For complete syntax and usag e informat ion for the commands used in this se ction, from the Cisco .com page, sel ect Documentation > Cisco IOS Software > 12.2 Ma inl ine > Command Refer ...

  • Cisco Systems 2960-S - page 129

    5-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Confi guring a S ystem Name an d Prompt T o keep track o f doma in na mes, I P has def ined the c oncept of a d omain name serv er , which h olds a cach e (or dat abase) of na mes map ped to IP a ddresses. T o map domain names to IP a ...

  • Cisco Systems 2960-S - page 130

    5-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Creating a Banner If you u se t he switc h IP ad dress a s its hostnam e, the IP a ddress i s used and no DNS query oc curs. I f you configure a ho stname tha t contai ns no periods (. ), a period fol lowed by the default domain na me ...

  • Cisco Systems 2960-S - page 131

    5-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Creat ing a Bann er Configurin g a Mess age-of-the -Day Log in Bann er Y o u can cr eate a sing le or mult iline message banner tha t appears on th e screen when someo ne logs in to the switch. Beginning in privileged EX EC mode, fol ...

  • Cisco Systems 2960-S - page 132

    5-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le Configurin g a Login B anner Y ou can co nfigure a lo gin ba nner to be displ ayed on all c onnect ed ter minal s. This ba nner appear s after the M O TD bann er and befo re the logi n prompt . Beginni ...

  • Cisco Systems 2960-S - page 133

    5-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e These sec tions co ntain this co nfiguration info rmat ion: • Building the Ad dress T able, page 5 -21 • MA C Addre ss es a nd V LANs , pa ge 5 -21 • MA C Addresses and Switch Stacks, pa ge 5-22 ...

  • Cisco Systems 2960-S - page 134

    5-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le MAC Addr esses an d Switch Sta cks The MA C address ta bles on all sta ck members are sy nchron ized. A t any gi ve n time, eac h stac k membe r has th e same cop y of the add ress t ables for ea ch V ...

  • Cisco Systems 2960-S - page 135

    5-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e Removi ng Dynami c Addres s Entries T o re move all dyna mic en tries, use the clea r ma c a ddress- tab le dy nami c comm and in pr ivileged EXE C mode. Y ou can also remo v e a sp ecif ic M A C a dd ...

  • Cisco Systems 2960-S - page 136

    5-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le T o disabl e MA C addr ess-ch ange n otif icati on tra ps, us e the no snmp-ser ve r enable tra ps mac-no tificati on cha nge globa l configurati on com mand. T o di sable t he MAC address-cha nge noti ...

  • Cisco Systems 2960-S - page 137

    5-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e Configuring MAC Addre ss Move Notification Traps When you configure M A C-move notification, an SN MP no tification is ge nerated a nd sent to the ne twork manageme nt system w henever a MA C address ...

  • Cisco Systems 2960-S - page 138

    5-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le Configuring MAC Thresh old Noti fication Traps When you con figure MA C thr eshold notification, an SNMP noti fication is genera ted and sent to the network m anagem ent syste m when a M A C addre ss t ...

  • Cisco Systems 2960-S - page 139

    5-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e T o disable MA C address-threshold n otific ation trap s, use the no snmp -server ena ble traps mac-notif ication thr eshold global configuration co mmand . T o disable th e MA C address- threshol d n ...

  • Cisco Systems 2960-S - page 140

    5-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le T o remove st atic en tri es fr om t he addr ess ta ble, u se the no mac addre ss-table static m ac-add r vlan vlan-i d [ interface interface-id ] global configura tion co mman d. This exa mple s ho ws ...

  • Cisco Systems 2960-S - page 141

    5-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e Beginning i n privileged EX EC mo de, follo w thes e steps to co nfi gure the switch to dr op a source o r destination unicast stati c address: T o disable unica st MA C addr ess f iltering, use the n ...

  • Cisco Systems 2960-S - page 142

    5-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le • If you disab le MAC address l earni ng o n a VL AN c onfigured a s a private-VLAN prima ry V LAN, MA C addresses are still lear ned on the second ary VLAN tha t belongs to the p ri va te VLAN and a ...

  • Cisco Systems 2960-S - page 143

    5-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managi ng the ARP Table Managing the ARP Ta ble T o commu nicate with a device (over Ethern et, for exam ple ), the softwa re first must lea rn the 48-b it MAC address o r the l ocal dat a lin k address o f that device. The pr ocess o ...

  • Cisco Systems 2960-S - page 144

    5-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the ARP Table ...

  • Cisco Systems 2960-S - page 145

    CH A P T E R 6-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 6 Clustering Switches This ch apter pr ov ides the co ncepts an d proce dures t o create an d mana ge Cat alyst 2960 and 2960 -S swit ch cl u ster s. Un les s ot her wis e no ted, th e ter m switch ref ers to a stan dalone swit ch and t o a switch stack. Not ...

  • Cisco Systems 2960-S - page 146

    6-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Underst anding Swit ch Clusters Understandin g Switch Clust ers A switc h cluster i s a set of up to 1 6 connected, clus ter -capable Cataly st switches th at are manage d as a single en tity . The switch es in the c luster use the sw itch c ...

  • Cisco Systems 2960-S - page 147

    6-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Underst anding Sw itch Cl usters Cluster Command Switc h Characteristics A cluster co mmand switch must me et these req uirements : • It is running Cisco IOS Release 12.2(25)FX or later for a Catalyst 2960 switch, or Cisco IOS Release 12 ...

  • Cisco Systems 2960-S - page 148

    6-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Underst anding Swit ch Clusters Note Standby cluster comma nd switches must be the same type of switches as the cluster command switc h. For example , if the cluster comman d switch is a Catalyst 2960 switch, the standby cluster command swit ...

  • Cisco Systems 2960-S - page 149

    6-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Planning a Switch Cl uster Anticipatin g conflicts and compatib ility issues is a high priority when you manage se veral switches through a cl uster . This sect ion descr ibes t hese gu ideli nes, r equire ment ...

  • Cisco Systems 2960-S - page 150

    6-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Discovery Through CDP Hops By usin g CDP , a cluster comman d switch ca n disco ver switch es up to se v en CDP hops aw ay (the de fa ult is three hop s) from the edge of the c luster . The e dge of the clu ster is ...

  • Cisco Systems 2960-S - page 151

    6-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Discovery Through Non-CDP-Capabl e and Noncluster-Capable Devices If a cluster comman d switch is connec ted to a non-CDP- capab le third-party hub ( such as a non -Cisco hub), it can di scov er cluste r- enabl ...

  • Cisco Systems 2960-S - page 152

    6-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Figur e 6-3 Discov ery Thr oug h Diff er ent VLANs Discovery Through Different M anagement VLANs Catalyst 297 0, Catalyst 355 0, Catalyst 3560, or Cata lyst 3750 clu ster comma nd switches ca n discover and mana ge ...

  • Cisco Systems 2960-S - page 153

    6-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Figur e 6-4 Discov ery Thr oug h Diff er ent Manag ement VLANs with a La yer 3 Clust er Comma nd Sw i t ch Discovery of Newly Installed Switches T o jo in a cluster, the ne w , out-of-t he-box sw itch must be c ...

  • Cisco Systems 2960-S - page 154

    6-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Figur e 6-5 Discov ery of N ewly Insta lled S witc hes HSRP and S tandby Cluster Command Switches The switc h uses Hot Stan dby Router Proto col (HSRP) so that you can configur e a group of standby cluste r comm a ...

  • Cisco Systems 2960-S - page 155

    6-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Virtual IP Addresses Y ou need to as sign a unique vir tual I P addre ss and gr oup numbe r and nam e to the cluster stand by group. This info rmatio n must b e conf igur ed on a speci f ic VLAN or ro uted por ...

  • Cisco Systems 2960-S - page 156

    6-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Catalyst 190 0, Catalyst 282 0, Catalyst 290 0 XL, Catalyst 2950, and Ca talyst 3500 XL clust er member switches mu st be conne cted to the cl uster stan dby group thro ugh their ma nageme nt VLANs. F or more info ...

  • Cisco Systems 2960-S - page 157

    6-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er When the pre viously a cti ve cluster command swi tch resu mes its ac tiv e r ole, it recei ves a cop y of th e latest cl uster c onfigurat ion from the ac tive cluste r com mand swit ch, in cludi ng membe rs ...

  • Cisco Systems 2960-S - page 158

    6-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster If yo u chan ge the member - switch passw ord to be d if feren t from the co mmand- switch pas swor d and sa v e the chang e, the switch is not manageab le by the clu ster command switch until you change the membe ...

  • Cisco Systems 2960-S - page 159

    6-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Recall that sta ck members w ork together to beha v e as a unif ied system (as a single switch stack) in the network a nd ar e prese nted to the ne twork as such by Layer 2 an d Layer 3 pr otocol s. Th erefor ...

  • Cisco Systems 2960-S - page 160

    6-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Using the CLI to Ma nage Swit ch Clusters TACACS+ an d RADIUS If T erminal Access Co ntroller Acc ess Control System Plus (T A CA CS+) is co nfig ured on a c luster member, it must be configured on all clus ter memb ers. Sim ilarly , if RAD ...

  • Cisco Systems 2960-S - page 161

    6-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Using S NMP to Ma nage Swit ch Cl usters Command-switch pri vileg e le ve ls map t o the Catalyst 1900 and Cata lyst 2820 cluster member switc hes running standa rd and Ent erprise E dition Software as fol lows: • If the command -switch ...

  • Cisco Systems 2960-S - page 162

    6-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Using SNMP to Ma nage Sw itch Clusters Figur e 6-7 SNMP Manag ement f or a Clust er Tr a p Tr a p Tr a p Command s witch T rap 1, T rap 2, T rap 3 Member 1 Member 2 Member 3 33020 SNMP Manager ...

  • Cisco Systems 2960-S - page 163

    CH A P T E R 7-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 7 Managing Switch Stacks This ch apter p rovid es the c oncep ts and pr ocedu res to ma nage Catal yst 296 0-S s tack s, also r eferre d to as Cisco FlexSt acks. Se e the c omma nd refe rence for comman d s yntax and us age in format ion. Note Stac king is s ...

  • Cisco Systems 2960-S - page 164

    7-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Ev ery member is uniquely identif ied b y its o wn stac k member numbe r . All members ar e eligib le masters. I f the master becomes una vailable, t he remaining m embers elect a ne w master from among th emselves. ...

  • Cisco Systems 2960-S - page 165

    7-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks – Stack Mana gement Connectivity , pa ge 7-14 – Sta ck Co nf ig urati on Sc enar ios, page 7- 15 • This c oncept o n stac k topol ogy cha nges: – Data Rec overy After Stack T opology Cha nges, p age 7-1 6 St ...

  • Cisco Systems 2960-S - page 166

    7-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Figur e 7 -1 Cr eating a S witch Stac k fr om T w o Standalon e S witche s Figur e 7 -2 A dding a S tandalone S witc h t o a Swit ch Stac k For informatio n about c abling an d po werin g switch stac ks, see t he ? ...

  • Cisco Systems 2960-S - page 167

    7-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Master Election The st ack master is el ected based on o ne of t hese factor s in t he orde r liste d: 1. The swi tch that is currently the sta ck master . 2. The swi tch with th e highes t stack m ember pr iorit y ...

  • Cisco Systems 2960-S - page 168

    7-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Stack MA C Address The MA C addr ess of the ma ster deter mines the st ack MA C addres s. When the stack initia lizes, the MA C address of the master determines the bridg e ID that identifies the stack in th e netwo ...

  • Cisco Systems 2960-S - page 169

    7-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Member Prio rity Values A high priority v alue for a member increases the chance th at it will be elected mast er and keep its member num ber . The priority v al ue can be 1 to 15. The def ault priority val ue is 1. ...

  • Cisco Systems 2960-S - page 170

    7-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks If you add a pro visioned switch that is a dif f erent type tha n specif ied in the pro visione d config uration to a po wered-do wn s witch s tack and t hen apply po wer , the swit ch stack rejects the (n o w incor ...

  • Cisco Systems 2960-S - page 171

    7-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Note If the switch stack does not contain a pro visioned conf iguration for a ne w switch, the switch join s the stack wi th the d efault interface c onfigurati on. The switch st ack the n add s to its r unnin g con ...

  • Cisco Systems 2960-S - page 172

    7-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Minor Version Number Inco mpatibility Among Switches Switches with the same major ver sion number b ut with a dif ferent minor versio n number as the master are co nsider ed par tially compatib le. Wh en conn ected ...

  • Cisco Systems 2960-S - page 173

    7-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks • Automati c advise (au to-advise )—when t he auto-upg rade proc ess cannot find appropr iate version-mism atch me mber soft ware to copy to the switc h in version-mism atch mo de, the auto-a dvise pro cess tel ...

  • Cisco Systems 2960-S - page 174

    7-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Old image for switch 1:flash1: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Old image will be deleted after download. * ...

  • Cisco Systems 2960-S - page 175

    7-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Incompatible S oftware and Member Image Up grades Y ou can upgra de a switch that has an inc ompat ible software imag e by using the a rchive copy- sw privileged EXEC comm and to copy the software image fr om an ex ...

  • Cisco Systems 2960-S - page 176

    7-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks • “Sp anning Tree and Switch Stack s” section on page 16-12 • “MSTP a nd Swi tch Stacks” se ction o n page 17 -9 • “DHCP Snoo ping and Switc h Stacks” section on pag e 20-8 • “IGMP Snoo ping a ...

  • Cisco Systems 2960-S - page 177

    7-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Stack Th rough Console Ports Y ou can conne ct to the ma ster thr ough th e console port of on e or more mem bers. Be careful when u sing multiple CLI sessions to the master . Commands that you en ter in one sessio ...

  • Cisco Systems 2960-S - page 178

    7-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Conf ig uri ng t he Sw it ch St ack Data Recov ery After Stack T opology C hange s When you add or re move a stack member, the stack topol ogy chan ges. Cisco IOS recovers the data flow . Configuring the Switch Stack • Default Switc h ...

  • Cisco Systems 2960-S - page 179

    7-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Configuring the Switch Stack Default Switch Stack Configuration Ta b l e 7 - 3 shows the d efault sw itch st ack c onfiguration . Enabling P ersistent MA C Address The MAC address of the ma ster de termin es the stack M A C address. Whe ...

  • Cisco Systems 2960-S - page 180

    7-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Conf ig uri ng t he Sw it ch St ack Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to enab le persistent MA C address. This procedur e is optional. Use the no stack-mac persistent timer global configura tion com mand to disab ...

  • Cisco Systems 2960-S - page 181

    7-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Configuring the Switch Stack This exam ple shows how to configur e the persist ent MAC address feature for a 7-m inute t ime d elay and to v erify t he conf iguratio n: Switch(config)# stack-mac persistent timer 7 WARNING: The stack con ...

  • Cisco Systems 2960-S - page 182

    7-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Conf ig uri ng t he Sw it ch St ack Setting the Member Prio rity Value Note This task is av ailable o nly from the master . Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to assign a priori ty v alue to a member: This procedu ...

  • Cisco Systems 2960-S - page 183

    7-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Accessing the CLI of a Specific Member T o remo v e pro vision ed inf ormation and to a v oid r ecei ving an er ror me ssag e, remo ve the s pecif ied switch from t he stack befo re you use the no f orm o f th is c omma nd. This examp l ...

  • Cisco Systems 2960-S - page 184

    7-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Displaying Stack Inform ation Displaying Stack Information T o display sa ved conf igura tion chan ges aft er reset ting a specif i c member or the st ack, use the se pri v ile ged EXE C command s: Troubleshooting Stacks • Manuall y Di ...

  • Cisco Systems 2960-S - page 185

    7-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Troubl eshoo ting Stacks When y ou enter the switch stack-member-num ber stack port po rt-number disable pr ivileged EXEC comm and a nd • The stac k is in the ful l-ring sta te, you can di sable onl y one stac k port. This message app ...

  • Cisco Systems 2960-S - page 186

    7-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Troub leshooting Stac ks T able 7 -5 sho w switc h stac k-ports summary Command O utput Field Description Switch#/ Port# Member nu mber and its stack por t numb er . Stack Port Status • Absent—No cable i s de tected on the st ack por ...

  • Cisco Systems 2960-S - page 187

    CH A P T E R 8-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 8 Configuring SDM Templates The C atalyst 2960 and 29 60-S switc h comma nd refe rence h as comma nd synta x and usa ge info rmation. Unless otherwise note d, the term switch refers to a stan dalone switch and a swi tch stack. Note Con figuring an SDM templ ...

  • Cisco Systems 2960-S - page 188

    8-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 8 Configuring SDM T emplates Underst anding th e SDM Templ ates • LAN base r outing —The lanba se-ro uting tem plate suppor ts IPv4 u nicast rou tes for c onfiguring sta tic routing SVIs Note The lanba se-rou ting t empl ate is s upport ed onl y on switche s ...

  • Cisco Systems 2960-S - page 189

    8-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 8 Conf iguring SDM Te mplates Config uring t he Swit ch SDM Te mplat e Y ou can use the show switch privileged EXEC co mmand to se e if any stack me mb ers are in SDM mismatc h mode . This exa mple shows the o utput f rom the show switch privileged EXEC com mand ...

  • Cisco Systems 2960-S - page 190

    8-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 8 Configuring SDM T emplates Conf ig uri ng t he Sw it ch SD M Tem pla te • If you try to co nfigure IPv6 features w ithout first select ing a dual IPv 4 and IP v6 templa te, a warning message a ppears. Note The dual template is not suppo rted on switche s runn ...

  • Cisco Systems 2960-S - page 191

    8-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 8 Conf iguring SDM Te mplates .Displaying the SDM T emplates . Displaying the SDM Template s Use the show sdm pr efer pri vile ged EXE C comma nd with no parameter s to di splay the a cti v e template. Use the show sd m prefer [ default | dual-ipv4-and-ipv6 defau ...

  • Cisco Systems 2960-S - page 192

    8-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 8 Configuring SDM T emplates .Display ing the SDM Template s ...

  • Cisco Systems 2960-S - page 193

    CH A P T E R 9-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 9 Configuring Switch-Based Authentication This c hapter d escrib es how to configu re switch -based auth enticati on on t he Cat alyst 2960 and 2960-S switches. Unless otherwise noted, the term switch refer s to a standa lone switch and to a switc h stack. N ...

  • Cisco Systems 2960-S - page 194

    9-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds • For an add itional l ayer of securi ty , yo u can al so co nfigure user name a nd password p airs, w hich a re locally stored on the switch. Thes e pair s are assign ed ...

  • Cisco Systems 2960-S - page 195

    9-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Setting o r Changin g a Static Enab le Pa ssword The en able password control s access to the privileged EXEC mode. Beginning in privileged EXE C mode, follo w th es ...

  • Cisco Systems 2960-S - page 196

    9-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Be ginnin g in pri vile ged EXE C mode, fo llo w these st eps to conf igure encryp tion for enab le and enab le secr et pas swords : If bo th the e nable and enable secre t ...

  • Cisco Systems 2960-S - page 197

    9-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s This exampl e shows ho w to configure th e encr ypted pa ssword $1$F aD 0$Xyti5R kls3L oyxzS8 for pri vile ge le v el 2: Switch(config)# enable secret level 2 5 $1$F ...

  • Cisco Systems 2960-S - page 198

    9-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Setting a Telnet P assword fo r a Terminal L ine When you power-up your switch for the first ti me, a n au tomat ic setup prog ram runs to as sign IP inform ation and t o c ...

  • Cisco Systems 2960-S - page 199

    9-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Configuring Us ername and P assword Pairs Y ou can configure use rnam e and password pairs, which a re locally stored on the switch. These pa irs are assign ed to li ...

  • Cisco Systems 2960-S - page 200

    9-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Configuring Multiple Privil ege Levels By default, the Cisco IO S software has two modes of passwor d security: use r EXEC and pr i vileged EXEC. Y ou ca n configure up t o ...

  • Cisco Systems 2960-S - page 201

    9-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s When y ou set a comman d to a p ri vile ge le ve l, all co mmand s whose synta x is a s ubset of that command are al so set to that le vel. For e xample, if you set ...

  • Cisco Systems 2960-S - page 202

    9-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Logging into and Exiting a Privilege Level Beginn ing in pri vile ged EXEC mode , follo w these st eps to log in to a s pec i f ie d pr i vil eg e le ve l a nd t o e xi t to a sp ...

  • Cisco Systems 2960-S - page 203

    9-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ The goal of T A CA CS+ is to pro vide a method for managing mu ltiple networ k access points fro m a single manageme nt ser vice. Y our swit ch can b e a network a ccess se rver ...

  • Cisco Systems 2960-S - page 204

    9-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ The T ACA C S+ prot ocol pr ovides auth entica tion bet ween th e switc h and th e T ACA CS+ daemon, and it ensures conf identi ality because all protocol exch anges between the ...

  • Cisco Systems 2960-S - page 205

    9-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Configuring TACACS+ This se ction describe s how to configur e your switch to su pport T A CA C S+. At a m inimu m, you must identify th e host or hosts maintainin g the T A CA C ...

  • Cisco Systems 2960-S - page 206

    9-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Beginn ing in pr i vilege d EXEC m ode, follo w these steps to identify the IP h ost or h ost mainta ining T A CA CS+ server and optiona lly set the encr yption key: T o remov e ...

  • Cisco Systems 2960-S - page 207

    9-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ authe nticate users; if that m ethod fails to resp ond, the software selects the next a uthenti cation m ethod in the method list. This process contin ues until there is successf ...

  • Cisco Systems 2960-S - page 208

    9-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ T o disa ble A AA, use the no aaa new-model global configurat ion comma nd. T o di sable AAA authenti cation, use th e no aaa auth entica tion log in { default | list-name } meth ...

  • Cisco Systems 2960-S - page 209

    9-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to specif y T A CA CS+ authorization for pri v ile ged EXE C access and networ k servi ces: T o di sable authori zati o ...

  • Cisco Systems 2960-S - page 210

    9-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if the AAA Server is Unreachable Note T o conf igure this comman d, the switch must be running th e LAN Base imag e. The aaa acc ounting syst ...

  • Cisco Systems 2960-S - page 211

    9-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Use RADIUS in these networ k en vironments that require access security: • Netw orks with multiple-v endo r acces s serv ers, eac h suppo rting RAD IUS. F or ex ample, ac cess s ...

  • Cisco Systems 2960-S - page 212

    9-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS RADIUS Operation When a user attem pts to log in and auth enticate to a switch that is a ccess controlled by a RADIU S serve r , these e vents o ccur: 1. The use r i s prom pted t ...

  • Cisco Systems 2960-S - page 213

    9-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS • Session terminat ion with port shutdo wn • Session te rmina tion wit h por t bounce This feat ure is integrat ed with the Cisco Secure A ccess Contr ol Server (ACS) 5.1. For ...

  • Cisco Systems 2960-S - page 214

    9-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Precondit ions T o use the CoA inter face, a session must alre ady e xist on the switch. Co A can be used to ide ntify a sessi on a nd enfo rce a di sconnec t req uest. The u pdat ...

  • Cisco Systems 2960-S - page 215

    9-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS For disc onnect an d CoA re quest s targ eted to a p articul ar ses sion, any one of these sessi on identi f iers can be us ed: • Calling-Stat ion-ID (IE TF attrib u te 31, whic ...

  • Cisco Systems 2960-S - page 216

    9-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Beginning w ith Cisc o IOS Relea se 12.2( 52)SE, the swi tch su pports th e co mman ds shown in T abl e 9-4 . Session Reau thentication The AAA server typically genera tes a sessi ...

  • Cisco Systems 2960-S - page 217

    9-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Session Terminat ion There are three type s of CoA requests that can trigger session termina tion. A CoA Disconnect-Request terminate s the session, without disab ling the host po ...

  • Cisco Systems 2960-S - page 218

    9-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Because th is comma nd is session-ori ented , it must be acc ompan ied by one or more of the sessi on identif ication attribut es described in the “Se ssi on Id entif ication ? ...

  • Cisco Systems 2960-S - page 219

    9-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring RADIUS This se ction describe s how to c onfigure your switch to su pport R ADIUS. At a mini mum, y ou mus t identify the host or hosts that run the RADIUS ser v er so ...

  • Cisco Systems 2960-S - page 220

    9-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Y o u identify RADIUS sec urity serv ers by the ir hostname or IP address, h ostname and specif ic UDP port numbers, or their I P addre ss and specific UDP port num bers. The comb ...

  • Cisco Systems 2960-S - page 221

    9-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning i n privileged E XEC mo de, follow these steps to con figure p er-server RADI US ser ver comm unicatio n. This pr oced ure is requi red. T o remov e the specif ied RADIU ...

  • Cisco Systems 2960-S - page 222

    9-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS This example shows ho w to configure host1 as t he RADIU S server and to use the default port s for bo th authenti cation and accoun ting: Switch(config)# radius-server host host1 ...

  • Cisco Systems 2960-S - page 223

    9-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Step 3 a aa au thenticati on logi n { default | list-name } method1 [ m ethod2. .. ] Create a login authen tication method list. • T o create a defa ult lis t that is us ed when ...

  • Cisco Systems 2960-S - page 224

    9-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o disa ble A AA, use the no aaa new-model global configurat ion comma nd. T o di sable AAA authenti cation, use th e no aaa auth entica tion log in { default | list-name } metho ...

  • Cisco Systems 2960-S - page 225

    9-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Be ginning in pri vile ged EXEC mode, follo w these steps to def ine the AAA ser ver group and associate a particula r RADIUS serv er with it: Command Purpose Step 1 configur e te ...

  • Cisco Systems 2960-S - page 226

    9-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o remov e the specif ied RADIUS serve r , u se the no radius-ser ver host hostname | ip-add r ess global configurat ion comm and. T o remove a server gro up from the c onfigurat ...

  • Cisco Systems 2960-S - page 227

    9-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginn ing in pri vil eged E XEC mode, follo w these ste ps to specif y RADIUS aut horizatio n for pri vile ged EXEC a ccess and n etwork ser vices: T o di sable authori zati on, ...

  • Cisco Systems 2960-S - page 228

    9-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if the AAA Server is Unreachable Note T o conf igure this comman d, the switch must be running th e LAN Base imag e. The aaa acc ounting syst ...

  • Cisco Systems 2960-S - page 229

    9-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS attributes no t suit able for g eneral use. The Ci sco RAD IUS impl ementa tion su pports on e vendor-speci fic option by using the format rec ommende d in the spec ification. Cis ...

  • Cisco Systems 2960-S - page 230

    9-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Note For a comp lete list of RADIU S attri butes or mor e inform ation a bout vendor-speci fic attribute 26, se e the “RADIUS Attrib u tes” appendix in the Cisco IOS Security ...

  • Cisco Systems 2960-S - page 231

    9-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o d elete the vendor-propriet ary RA DIUS ho st, use t he no radius-serv er host { hostn ame | ip -ad dress } non-standard global con figuration c omma nd. T o disabl e the key ...

  • Cisco Systems 2960-S - page 232

    9-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Configur ing the Switc h for Lo cal Authe ntication a nd Authori zation T o disable AAA, use the no aaa new-model global co nfiguration com mand. T o disa ble the AA A server functiona lity on the swit ch, use t he no aa ...

  • Cisco Systems 2960-S - page 233

    9-41 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o disa ble A AA, use the no aaa new-model global configurat ion c omma nd. T o disa ble a uthor ization, use the no aaa autho rization { network | exec } method1 globa l confi ...

  • Cisco Systems 2960-S - page 234

    9-42 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Sh ell For SSH configuration examples, se e the “SSH Configura tion Ex amples ” secti on in the “C onfiguring Secure Shell” c hapter of the Cisco IOS Security Con figura ...

  • Cisco Systems 2960-S - page 235

    9-43 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Limitations These lim itations ap ply to SSH: • The switc h supports Rivest, Shamir, and Adelman (R SA) authe nticat ion. • SSH supports only the ex ecution- shell applicati ...

  • Cisco Systems 2960-S - page 236

    9-44 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Sh ell 3. Generate an RSA k ey pair fo r the switch , which automatical ly enab les SSH. F o llo w this procedure only if you are conf iguring the switch as an SSH serv er . 4. ...

  • Cisco Systems 2960-S - page 237

    9-45 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o return to the def ault SSH c ontrol par ameters, u se the no ip ssh { timeout | auth enticati on-r etrie s } global configurat ion comm and. Displaying th e SSH Co nfigurati ...

  • Cisco Systems 2960-S - page 238

    9-46 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Sw itch for Sec ure Sock et L aye r HT TP For more infor mation ab out these com mands, see th e “ Secure She ll Commands ” se ction in the “Other Securit y Features ” chapte r of the Cisc o I ...

  • Cisco Systems 2960-S - page 239

    9-47 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP For secure HTT P conne ctions, we highly rec ommen d that you configure a CA trustpo int. If a CA trustpoint is not confi gured for the de vic e running the HTTPS se ...

  • Cisco Systems 2960-S - page 240

    9-48 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Sw itch for Sec ure Sock et L aye r HT TP For additional informa tion on Certific ate Authoriti es, see the “Conf iguring Certif icatio n Authority Inte rope rabil ity ” chap ter in the Ci sco IO ...

  • Cisco Systems 2960-S - page 241

    9-49 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP No CA trus tpoints a re configured. No self-si gned certi ficates are gene rated. SSL Configuration Guid elines When SSL is used in a switch cluster , the SSL sessio ...

  • Cisco Systems 2960-S - page 242

    9-50 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Sw itch for Sec ure Sock et L aye r HT TP Use the no crypto ca tr ustpo int nam e global conf iguration command to delete all id entity information and ce rtifica tes as soci at ed wit h the C A. Conf ...

  • Cisco Systems 2960-S - page 243

    9-51 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Use th e no ip http server global configu ration c ommand to disabl e the standa rd HTT P server . Use the no ip http secur e-serv er global co nfigurati on co mmand ...

  • Cisco Systems 2960-S - page 244

    9-52 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Co py P rot oco l Use the no ip http client secur e-trustpo int nam e to remov e a client tru stpoint conf igurati on. Use the no ip http client sec ur e-ciphersuite to remov e ...

  • Cisco Systems 2960-S - page 245

    9-53 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Config uring t he Swit ch fo r Secu re Copy Proto col Information Abo ut Secure Copy T o con figure the Sec ure Copy featu re, you sho uld under stand the se conce pts. The b ehavior of SCP is si milar to tha t of rem ...

  • Cisco Systems 2960-S - page 246

    9-54 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Co py P rot oco l ...

  • Cisco Systems 2960-S - page 247

    CH A P T E R 10-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 10 Configuring IEEE 802.1x Port-Based Auth entic ation IEEE 8 02.1x port-ba sed auth entic ation p revents unau thoriz ed d e vice s (cli ents) from gainin g acce ss to the netw ork. Unless otherwi se noted, the term switc h re fers t o a stan dalon e swit ...

  • Cisco Systems 2960-S - page 248

    10-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • 802.1x Multip le Authentica tion Mode, page 10- 15 • MA C Move, page 10-16 • MA C Replace, pa ge 10-16 • 802.1 x Acco unting , page 10-17 ...

  • Cisco Systems 2960-S - page 249

    10-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Device Roles Device roles with 80 2.1x port-base d authe nticat ion: Figu re 1 0- 1 802. 1x D evice Ro les • Client —the device (workst ation) ...

  • Cisco Systems 2960-S - page 250

    10-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Authentic ation Pro cess When 802 .1x p ort- based a uthent icati on is e nable d and t he cl ient sup port s 802.1 x-compl iant c lient soft ware, ...

  • Cisco Systems 2960-S - page 251

    10-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Figure 10- 2 sho ws the authentication pro cess. Figu re 1 0- 2 A uthent ic atio n Fl ow chart The swi tch re-aut hentica tes a client when one of ...

  • Cisco Systems 2960-S - page 252

    10-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The T ermination- Action RADIUS att rib ute (Att rib ute [29] ) specif ies the action to tak e during re-authe ntic ation. T he ac tions are Initial ...

  • Cisco Systems 2960-S - page 253

    10-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Figur e 1 0-3 Messag e Exc hang e If 802. 1x au thentic atio n times out while wai ting for an EAPOL message exchange and M A C authenti cation b y ...

  • Cisco Systems 2960-S - page 254

    10-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Authentic ation M anager In C isc o I OS Re l ea s e 1 2. 2 (4 6 )S E an d ea r li er, y ou could not use the same authori zation methods, i ncludin ...

  • Cisco Systems 2960-S - page 255

    10-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Per-User ACLs and Filter-Ids In rel eases e arlier t han Cisco IO S Rele ase 1 2.2(50 )SE, p er-user ACLs and filter Ids were only su pport ed in s ...

  • Cisco Systems 2960-S - page 256

    10-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Authentication M anager CL I Commands The authenti cation- manager interf ace-conf iguration commands cont rol all the authen tication methods, suc ...

  • Cisco Systems 2960-S - page 257

    10-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Beginnin g with Cisco IOS Release 12.2(55)SE, you can f ilter out ver bose system messages generated by th e authentica tion manager . The fi lter ...

  • Cisco Systems 2960-S - page 258

    10-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • auto —en ables 802.1x authe nticati on and causes the port t o begin in the unauth orized state, allowing only E APOL f rames t o be se nt an ...

  • Cisco Systems 2960-S - page 259

    10-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion 802.1x Ho st Mode Y ou can configure an 802.1x por t for singl e-hos t or for multi ple-ho sts mode. In single- host mode (se e Figure 10- 1 on pa ...

  • Cisco Systems 2960-S - page 260

    10-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • V oic e VLA N assignm ent on an MDA-enable d port is sup ported i n Cisco IOS Re lease 12 .2(40) SE and la ter . Note If you use a dynamic VLAN ...

  • Cisco Systems 2960-S - page 261

    10-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion 802.1x Multiple Au thentication Mode Multipl e-authentica tion (multiaut h) mode allo ws multip le authentic ated clien ts on the data VLAN. Each ...

  • Cisco Systems 2960-S - page 262

    10-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation MAC Move When a MA C address is authenticated on one switch port, that add ress is not allowe d on another authen ticati on manager -enabled port o ...

  • Cisco Systems 2960-S - page 263

    10-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion • The authenti cation manager r eplaces the MA C address of the current data host on the port with the new MA C addr ess. • The authen ticatio ...

  • Cisco Systems 2960-S - page 264

    10-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Y ou can view the A V pai rs that ar e being sen t by the switch by entering the debug radius accounting pri v ile ged EXE C command. F or mo re in ...

  • Cisco Systems 2960-S - page 265

    10-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion 802.1x Authentication with VLA N Ass ignme nt The RADIUS s erv er sends the VLAN assi gnment to conf igur e the switch po rt. The R ADIUS serv er ...

  • Cisco Systems 2960-S - page 266

    10-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation T o con figure VLAN assi gnmen t you need to perfor m these t asks: • Enable AAA authoriza tion by u sing the net work ke yword to allow interfac ...

  • Cisco Systems 2960-S - page 267

    10-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion outbound A CL by def ault. Because of li mited suppor t of Cisco IOS ac cess lists on the swit ch, the Filter-Id at tribute is supp orted o nly fo ...

  • Cisco Systems 2960-S - page 268

    10-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The auth- defa ult A CL is crea ted when at leas t one host with an authoriz ation polic y is det ected o n the port. Th e auth-def ault A CL is re ...

  • Cisco Systems 2960-S - page 269

    10-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Cisco Secure ACS and Attribu te-Value Pairs for the Redirect URL The swi tch u ses th ese cis co- av-p air VSAs : • url-redi rect is the HTT P t ...

  • Cisco Systems 2960-S - page 270

    10-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Note Th is feature is no t supported on Cisco A CS Server . (The A CS server ignore s the sent VLAN-I Ds for new hosts and only a uthenti cates bas ...

  • Cisco Systems 2960-S - page 271

    10-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion server a RADIUS -acce ss/request frame with a use rnam e and password based on the MAC address. If authori zation succee ds, the switch grants the ...

  • Cisco Systems 2960-S - page 272

    10-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation 802.1x Authentication with Inac cess ible Authentic ation Bypass Use the inaccess ible authe nticati on by pass fea ture, also refer red to as cri ...

  • Cisco Systems 2960-S - page 273

    10-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Feature Interactions Inaccessible au thenticatio n bypass interac ts with these features: • Guest VLAN—Inacce ssib le auth enticatio n b ypass ...

  • Cisco Systems 2960-S - page 274

    10-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The IP p hone us es the VV ID for it s vo ice tra ff ic, rega rdless o f the au thorizatio n state of the p ort. This allo ws t he phone to work in ...

  • Cisco Systems 2960-S - page 275

    10-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion • When you man ually r emove an 802. 1x c lient ad dress f rom th e por t secu rity table by us ing th e no switchp ort port-sec urity mac-a ddr ...

  • Cisco Systems 2960-S - page 276

    10-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation 802.1x Authentication with MAC Authentic ation By pass Y ou can conf igure the switc h to auth orize cl ients based on the cl ient MA C address (se ...

  • Cisco Systems 2960-S - page 277

    10-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Cisco IOS Release 12.2(55)SE an d later supports f iltering of verbose MAB system messages. See the “ A uthenti cation Mana ger CLI Com mands” ...

  • Cisco Systems 2960-S - page 278

    10-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Network Admission Control Lay er 2 802.1x Va lidation Note T o us e Netwo rk Admi ssion Co ntrol, the switch must be runn ing th e LAN base imag e. ...

  • Cisco Systems 2960-S - page 279

    10-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Open1x Authentication Open1x a uthent icati on allows a device acce ss to a port befor e that device is authent icate d. When open authe nticat io ...

  • Cisco Systems 2960-S - page 280

    10-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Use the dot1x supplicant for c e-multicast glob al con figuration comm and o n th e supp licant switch for Network Edg e Access T opology (NE A T) ...

  • Cisco Systems 2960-S - page 281

    10-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Using IEEE 802.1x Au thentication with AC Ls and the RAD IUS Filter-Id Attribute Note T o u se IE EE 80 2.1x au then tica tion w ith ACLs and the ...

  • Cisco Systems 2960-S - page 282

    10-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion 1w0d: %MAB-5-SUCCESS: Authentication successful for client (0000.0000.0203) on Interface Fa4/0/4 AuditSessionID 160000050000000B288508E5 1w0d: %AUTHMGR-7-RESULT: Authe ...

  • Cisco Systems 2960-S - page 283

    10-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Default 802.1x Authen tication Configuration T ab le 10-4 sh ows the defaul t 802. 1x au thentica tion configurati on. T a ble 1 0-4 Def ault 802. 1x A uthentication C ...

  • Cisco Systems 2960-S - page 284

    10-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion 802.1x Authentication Co nfigura tion Gu idelines These sec tion has configu ration gui delines fo r these featur es: • 802.1 x Auth enticat ion, page 10 -38 • VLA ...

  • Cisco Systems 2960-S - page 285

    10-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion – EtherC hann el port—Do not conf igure a por t that is an ac ti v e or a not-y et-act i ve me mber of an Ether Channel as an 802.1 x port. If you try to enab le 8 ...

  • Cisco Systems 2960-S - page 286

    10-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion MAC Authentication Bypass • Unless ot herwise state d, the MA C authenticati on byp ass guid elines are th e same as the 802 .1x authenti cation gu idelines. F o r m ...

  • Cisco Systems 2960-S - page 287

    10-41 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginn ing in p ri vilege d EXEC mode, follo w these step s to enab le the 80 2.1x read iness check on the switch: This e xamp le sho ws ho w to enable a readi ness ch ...

  • Cisco Systems 2960-S - page 288

    10-42 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion • If you use the errdisable reco ve ry cause securit y-viola tion global configu ration com mand to configure e rror-disa ble d recovery , the p ort i s auto mati ca ...

  • Cisco Systems 2960-S - page 289

    10-43 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring 802.1x Violation Mo des Note T o conf igure viola tion modes, the switch must be running the LAN base image. Y ou can configure an 802.1 x port so tha t it ...

  • Cisco Systems 2960-S - page 290

    10-44 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802.1x Authentication T o configu re 802.1x port -based authe nticati on, you must enable au thentica tion, author ization, and account ing (AAA) a nd spec ...

  • Cisco Systems 2960-S - page 291

    10-45 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring the Sw itch-to-RADIUS-Serv er Communication RADIUS se curity servers are identi fied by their ho stname or IP ad dress, hostname and specific UDP por t num ...

  • Cisco Systems 2960-S - page 292

    10-46 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o clear the specif ied RADIUS serv er , use the no radius-serv er host { hostname | ip -ad dress } gl obal configurati on c ommand. This exam ple sh ows how to speci ...

  • Cisco Systems 2960-S - page 293

    10-47 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o di sable m ultiple ho sts on the port, use the no au then tica tion ho st-m ode or the no dot1x host-mode multi-host interface con figurati on comm and. This e xam ...

  • Cisco Systems 2960-S - page 294

    10-48 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring Periodic Re-Authentication Y ou can enab le peri odic 802. 1x client re-authe nticat ion and sp ecify how often it occ urs. If you do not specify a tim e p ...

  • Cisco Systems 2960-S - page 295

    10-49 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Thi s exa mple s ho ws h ow to ena ble pe riod ic re-a ut hent icat ion and s et the nu mbe r of se conds betwee n re-authe ntic ation atte mpts to 400 0: Switch(confi ...

  • Cisco Systems 2960-S - page 296

    10-50 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Changing the Sw itch-to-Clie nt Retran smission Time The client respon ds to the EAP-request/id entity frame fr om the switch with an EAP-r esponse/identi ty frame. If ...

  • Cisco Systems 2960-S - page 297

    10-51 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginnin g in priv ilege d EXEC mode, follo w these steps to set the switch-to-cl ient frame-re transmission number . This proc edure is opt ional. T o return to the d ...

  • Cisco Systems 2960-S - page 298

    10-52 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o re turn to the de fault re-au thenti cation num ber, use the no dot1x max-reauth-req interf ace configurati on c ommand. This e xample shows ho w to se t 4 as t he ...

  • Cisco Systems 2960-S - page 299

    10-53 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This exampl e sh ows how to enabl e MAC rep lace on a n in terfa ce: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# authentication violation replace ...

  • Cisco Systems 2960-S - page 300

    10-54 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Use t he show radius statis tics privileged EXEC c omman d to dis play the numbe r of RAD IUS messa ges that do not recei ve the accoun ting res ponse me ssage. This e ...

  • Cisco Systems 2960-S - page 301

    10-55 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o disab le and rem ov e the guest VLAN, use the no dot1x gue st-vlan interf ace conf iguration com mand. The port returns to the unau thorized state. This example sh ...

  • Cisco Systems 2960-S - page 302

    10-56 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o disabl e and remo v e the re strict ed VLAN, us e the no dot1x auth-fail vlan interface co nfigurati on comm and. Th e port retu rns to the unautho rized st ate. T ...

  • Cisco Systems 2960-S - page 303

    10-57 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This exam pl e sh ows how to set 2 as the number of authen tication atte mpts allo wed befo re the port mo ves to the r estricted VLAN: Switch(config-if)# dot1x auth-f ...

  • Cisco Systems 2960-S - page 304

    10-58 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Step 4 radius-server host ip-address [acct- por t udp-port ] [ auth -por t udp-port ] [ test usern ame name [ idle-time time ] [ ignore-a cct- port ] [ ignore-auth-por ...

  • Cisco Systems 2960-S - page 305

    10-59 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o return to the RADIUS serv er def ault setting s, use th e no radius-ser v er dead- criteria , the no radius-serv er deadt ime , and the no radius-server host globa ...

  • Cisco Systems 2960-S - page 306

    10-60 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802.1x Au thentication with WoL Beginn ing in pri vileged EXEC mod e, follo w these steps to enab le 802.1x auth entication with W oL. This procedur e is o ...

  • Cisco Systems 2960-S - page 307

    10-61 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring MAC Au thentication Bypass Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable MA C authentication by pass. This procedur e is optional. T ...

  • Cisco Systems 2960-S - page 308

    10-62 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802.1x User Distribution Beginning in global configurat ion, f ollow these st eps to configure a VLAN group and to map a VL AN to it: This example shows ho ...

  • Cisco Systems 2960-S - page 309

    10-63 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring NAC Layer 2 802.1x Validation Y ou can configure N A C Layer 2 802.1x v alida tion, w hich is al so referr ed to as 802.1x au then ticatio n with a RADIUS ...

  • Cisco Systems 2960-S - page 310

    10-64 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring a n Authen ticator an d a Supplicant Switch with NEAT Configuring this feat ure requ ires that one swi tch outsi de a wir ing clo set is configur ed as a s ...

  • Cisco Systems 2960-S - page 311

    10-65 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This example shows how to config ure a sw itch as a sup plica nt: Switch# configure terminal Switch(config)# cisp enable Switch(config)# dot1x credentials test Switch( ...

  • Cisco Systems 2960-S - page 312

    10-66 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring Downloadable AC Ls The policie s take ef fect after cli ent authe ntication and th e client IP addre ss addition to the I P de vice tracki ng table. The sw ...

  • Cisco Systems 2960-S - page 313

    10-67 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This e xample s ho ws ho w to conf i gure a switch for a do wnload able pol icy: Switch# config terminal Enter configuration commands, one per line. End with CNTL/Z. S ...

  • Cisco Systems 2960-S - page 314

    10-68 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring VLAN ID-b ased MAC Authentication Beginning i n privileged EX EC mo de, fol low these s teps: Ther e is no show comm and to confirm the status of VLA N ID- ...

  • Cisco Systems 2960-S - page 315

    10-69 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring Open1x Beginning i n privileged EX EC mo de: This exampl e shows ho w to configure open 1x on a po rt: Switch# configure terminal Switch(config)# interface ...

  • Cisco Systems 2960-S - page 316

    10-70 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Disabling 80 2.1x Auth entication on the Port Y ou can disab le 802.1x authent icati on on the port by using the no dot1x pae interface con fig uration comm and. Begin ...

  • Cisco Systems 2960-S - page 317

    10-71 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Displaying 802.1x Statistics and Status Displaying 802.1x Statistics and Status T o display 802.1x statistics for all ports, use the show dot1x all st atisti cs pri vileged EXEC comma nd. T o display 802. ...

  • Cisco Systems 2960-S - page 318

    10-72 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Displ ayin g 802 .1x S tat isti cs a nd St atus ...

  • Cisco Systems 2960-S - page 319

    CH A P T E R 11-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 11 Configuring Web-Based Authentication This chap ter de scribe s ho w to con fig ure web- based authenti cation. I t contai ns these sec tions: • Understa nding W eb-B ased Authent ication, page 11-1 • Configuring W eb-Ba sed Authen ticatio n, page 11- ...

  • Cisco Systems 2960-S - page 320

    11-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication • W eb A uthenti cation Custom izable W eb Pages, pa ge 11-6 • W eb- based Auth enticat ion I nterac tions w ith O ther Features , page 11 -7 Device Roles W it h web-based aut ...

  • Cisco Systems 2960-S - page 321

    11-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Sess ion Cr eation When web-b ased authent ication detec ts a ne w host, it create s a session as follo ws: • Revie ws the exception list. If the host IP is included i n the ...

  • Cisco Systems 2960-S - page 322

    11-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Local Web Authen tication Bann er Y o u can create a banne r that will appear whe n you log in to a switch by using web authentic ation. The banne r appear s on both the login pag ...

  • Cisco Systems 2960-S - page 323

    11-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Figur e 1 1 -3 Customiz ed W eb Banner If you do not en able a banne r , only the user name a nd pa ssword di alog b oxes app ear in t he we b authe nticatio n logi n scr een, ...

  • Cisco Systems 2960-S - page 324

    11-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Web Authen tication C ustomizable We b Page s During the web-b ased authentica tion process, the switch inter nal HTTP serv er hosts four HTML pages to deli v er to an authent ica ...

  • Cisco Systems 2960-S - page 325

    11-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Figu re 1 1 -5 Customizeab le Authent icat ion P age For more infor mation, see the “Customizi ng the Auth enticati on Pr oxy W eb Pages” secti on on page 1 1-13 . Web-bas ...

  • Cisco Systems 2960-S - page 326

    11-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication LAN Port IP Y ou can co nfigure LAN p ort IP (LPIP) and Layer 2 web- based au thenti cation on the sam e port. The h ost is authen ticated b y u sing web- based auth entication fi ...

  • Cisco Systems 2960-S - page 327

    11-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation Configuring Web -Based Authenticat ion • Defa ult W eb-Based Authentica tion Configu ration, page 11-9 • W eb- Based Authentic ation Configuration Gui delines a nd Restricti ...

  • Cisco Systems 2960-S - page 328

    11-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication • Hosts tha t are more t han one hop away might exper ience traffic disruption if a n STP to pology change r esults i n the host tr af f ic arri ving on a dif ferent port. Th is ...

  • Cisco Systems 2960-S - page 329

    11-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation This exampl e shows ho w to verify the configurat ion: Switch# show ip admission configuration Authentication Proxy Banner not configured Authentication global cache time is 60 ...

  • Cisco Systems 2960-S - page 330

    11-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication The combi nation o f the IP addres s and UDP por t number creates a unique identif ier , that enab les RADIUS re quest s to be sent to mult iple U DP ports on a ser ver at the same ...

  • Cisco Systems 2960-S - page 331

    11-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation Note Y ou need t o configure some settings on the RADIUS ser ver, includi ng: the swit ch IP address, the key string to be shared by both the ser ver and the switch, and the do ...

  • Cisco Systems 2960-S - page 332

    11-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication When conf iguring customize d authentica tion proxy web pages, follo w these guidelines: • T o enable the custom web pa ges featur e, sp ecif y all four c ustom HTML f iles. If y ...

  • Cisco Systems 2960-S - page 333

    11-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation Specifying a Redirection UR L for Successful Login Y ou can spec ify a URL to which t he us er is re dire cted af ter a uthenti cation, ef fect i vely re placing the internal S ...

  • Cisco Systems 2960-S - page 334

    11-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication This e xample sho ws ho w to determine wheth er any con nected hosts are in the AAA Do wn state: Switch# show ip admission cache Authentication Proxy Cache Client IP 209.165.201.11 ...

  • Cisco Systems 2960-S - page 335

    11-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Displaying Web-Based Authentication Status This exampl e shows ho w to configure a loca l banne r with the custom message My Switc h : Switch(config) configure terminal Switch(config)# aaa new-model Switch(config)# aa ...

  • Cisco Systems 2960-S - page 336

    11-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Display ing Web- Base d Authent ication Status ...

  • Cisco Systems 2960-S - page 337

    CH A P T E R 12-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 12 Configuring Interface Cha racteristics This chapter defines the types o f Cata lyst 2960 a nd 296 0-S int erfaces a nd descr ibes how to configure them. • Understa nding I nterfac e T ypes, pa ge 12- 1 • Using the Switc h USB Ports (Catalyst 2960-S S ...

  • Cisco Systems 2960-S - page 338

    12-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes • Connecti ng Int erfaces, pa ge 12- 10 Port-Based VLANs Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge. A VLAN is a switched netwo rk that ...

  • Cisco Systems 2960-S - page 339

    12-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Note Whe n you change a Layer 3 i nter face into Laye r 2 mode, the configuration infor matio n relate d to the af fected interf ace mig ht be lost , and th e inter face is returned ...

  • Cisco Systems 2960-S - page 340

    12-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Switch Virtual Interfaces A switch virtual i nterf ace (SVI ) rep resents a VLAN of swi tch po rts as one interf ace to the r outing or bridgi ng f unction in th e syst em. Y ou can asso c ...

  • Cisco Systems 2960-S - page 341

    12-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Some switche s support dual-pur pose uplink ports. E ach uplink port is conside red as a sing le interface with dual front ends—an RJ-45 connector and a sma ll form-fa ctor pluggab ...

  • Cisco Systems 2960-S - page 342

    12-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes High-p ower devices can ope rate in low-power mode on sw itches that d o not suppo rt power-negotiation C DP . Cisco intel ligent power manage ment is bac kward-compa tible wi th CDP with ...

  • Cisco Systems 2960-S - page 343

    12-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es grants or de nies p ower . I f the reque st is grante d, the switc h upda tes t he power budget . If t he request i s denied, t he switch en sures that power to the po rt is turned o ...

  • Cisco Systems 2960-S - page 344

    12-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes If yo u do n ot sp ecify a wat tage, the switc h pr e-all ocates th e maxim um v a lue. Th e switch po wers the port on ly if it d iscovers a powered device. Use the st atic setting on a h ...

  • Cisco Systems 2960-S - page 345

    12-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es 3. Automatic ally when the switch sets the po wer usa ge of the de vice by using CDP power negotia tion or by the I EEE classification a nd L LDP power negot iation. Use the fir st o ...

  • Cisco Systems 2960-S - page 346

    12-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Because t he swit ch suppor ts interna l power supplie s and the Cisco Redun dant Power System 2300 ( also referred to as the RPS 2300), the total amount of po wer a v ailable for the po ...

  • Cisco Systems 2960-S - page 347

    12-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using the Switch USB Ports (Catalyst 2960-S Switches Only) Figur e 12 -2 Connecting VLANs with a La y er 3 S witc h Using the Switch USB Ports (Catalyst 2960-S Switches Only) The Catalyst 2960-S switc h has two USB po ...

  • Cisco Systems 2960-S - page 348

    12-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Swit ch USB P orts (Cataly st 2960 -S Swit ches O nly) In the sampl e output, swit ch 1 has a connec ted USB co nsole cab le. Becaus e the bootlo ader did not change to the USB console, the f irst lo g from swi ...

  • Cisco Systems 2960-S - page 349

    12-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using the Switch USB Ports (Catalyst 2960-S Switches Only) *Mar 1 00:34:27.498: %USB_CONSOLE-6-CONFIG_DISALLOW: Console media-type USB is disallowed by system configuration, media-type remains RJ45. (switch-stk-2) Thi ...

  • Cisco Systems 2960-S - page 350

    12-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Swit ch USB P orts (Cataly st 2960 -S Swit ches O nly) If there is no (inpu t) acti vity on a USB conso le port for the conf igured number of minutes, th e inacti vity timeout setting applie s to the RJ-45 port ...

  • Cisco Systems 2960-S - page 351

    12-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de Number of Configurations: 1 Speed: High Selected Configuration: 1 Selected Interface: 0 Configuration: Number: 1 Number of Interfaces: 1 Description: Storage Attributes: None Max ...

  • Cisco Systems 2960-S - page 352

    12-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode T o configu re a physical inter face (port) on a Catalyst 296 0 switch or a C atalyst 2960-S switch r unning the LAN Lite image, specify the interf ace type, module number , and switc ...

  • Cisco Systems 2960-S - page 353

    12-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de Identify the interf ace type and the interf ace num ber , Gigabit Ethe rnet port 1 in this ex ample: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# Note E nteri ...

  • Cisco Systems 2960-S - page 354

    12-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode When usin g the interf ace ra nge global configurat ion comm and, no te these guide lines : • V alid entries for port- ra ng e, dependin g on p ort type s on the sw itch: – vlan v ...

  • Cisco Systems 2960-S - page 355

    12-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de If yo u enter multi pl e conf iguration comm ands wh ile you are in inter fa ce-r ange mo de, ea ch comman d is executed as it is en tered . The comma nds a re not batc hed an d ...

  • Cisco Systems 2960-S - page 356

    12-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Etherne t Managem ent Port (Ca talyst 29 60-S Onl y) • Y ou must add a space between the first interface num ber and th e hyphen whe n entering an interface- rang . For exam pl e, giga bitethe rnet 0/1 - 4 is ...

  • Cisco Systems 2960-S - page 357

    12-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Usin g th e Eth ern et M ana gem ent Po rt (C ata lys t 296 0-S Onl y) Understand ing the Ethern et Mana gement Port The Ethe rnet ma nageme nt por t, also refe rred to as the F a0 or fastethe rnet0 port , is a Layer ...

  • Cisco Systems 2960-S - page 358

    12-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Etherne t Managem ent Port (Ca talyst 29 60-S Onl y) • TFTP • Secure Shell ( SSH) • DHCP-bas ed autoc onfi guratio n • SMNP (only t he ENTIT Y -MIB a nd t he IF -MIB) • IP ping • Interfa ce f eatur ...

  • Cisco Systems 2960-S - page 359

    12-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Configuring Eth ernet Inte rfaces These sec tions co ntain this co nfiguration info rmat ion: • Defaul t Ethern et Interfa ce Configu ratio n, page 12-2 3 • Setting the T ype of a D ...

  • Cisco Systems 2960-S - page 360

    12-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Port enab le state All ports are enab led. Port d escriptio n None defined. Speed Autonegotia te. Dupl ex mode Aut onegotiat e. Flo w control Flo w control is set to rece iv e : off . I ...

  • Cisco Systems 2960-S - page 361

    12-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Setting th e Type of a Dual-P urpose Uplink Po rt Note Onl y Cata lyst 2960 swit ches have dual-pur pose upli nks po rts. Some sw itches su pport d ual-purpo se upl ink po rts. By defau ...

  • Cisco Systems 2960-S - page 362

    12-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s T o return to the default setting, use the media- type auto in terf ace or the no media-type in terface configurati on c ommands. e switch configur es both typ es to autonegoti ate spee ...

  • Cisco Systems 2960-S - page 363

    12-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces – The 100 B ASE- x (w here - x is -BX, -CWDM, -LX, -SX, and -ZX ) SFP module ports supp ort only 100 Mb/ s. T hese mo dules suppo rt full - and half- duplex o ptions but do not suppor ...

  • Cisco Systems 2960-S - page 364

    12-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Use the no spee d and no duplex interfa ce conf igur ation comman ds to return the inte rface to the def ault speed and duple x settings (autone gotiate ). T o return all interf ace set ...

  • Cisco Systems 2960-S - page 365

    12-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Beg i n ni ng in p riv i le ge d E X EC m o de , f ol l ow t h es e s t ep s t o configur e flo w co ntrol on an interf ace: T o disabl e flo w control , use the flowcon trol rece ive o ...

  • Cisco Systems 2960-S - page 366

    12-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Beg i n ni ng i n p riv i le ge d E X E C m o de , fo ll ow t h es e s te ps t o configur e auto-MDIX on an inter face: T o disabl e aut o-MDIX, use the no mdix auto in terface con figu ...

  • Cisco Systems 2960-S - page 367

    12-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Beginn ing in pri vileg ed EXEC mode, follo w these steps to co nf ig ure a po w er m a n ag e m en t mo d e on a PoE-capable port: For informa tion ab out the outp ut of the show power ...

  • Cisco Systems 2960-S - page 368

    12-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s the a ctual a mount of power ne eded . If the p owered device re ports a highe r cla ss th an it s actu al consumpt ion or doe s not suppor t power classification (default s to Class 0) ...

  • Cisco Systems 2960-S - page 369

    12-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces T o return to the default setting, use the no power inl ine consumption defaul t globa l configura tion comm and. Beginning in privileged EXEC mo de, fol low these steps to co nf ig ur ...

  • Cisco Systems 2960-S - page 370

    12-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Beg i n ni n g i n p r ivi l eg ed E X EC mo d e , f ol l ow t h es e s t e ps t o enable policing of the real-time po w er co ns um pt io n of a pow ered device co nnecte d to a PoE po ...

  • Cisco Systems 2960-S - page 371

    12-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Layer 3 SVIs Beginn ing in pri vileg ed EXEC mode, follo w these steps to add a description for an interface: Use the no description i nter face configurat ion comm and to delete the de script ion. This ex ...

  • Cisco Systems 2960-S - page 372

    12-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Conf igu rin g th e Sy stem MTU Beginning i n privileged EX EC mo de, fol low these s teps t o configure a La yer 3 SV I: T o remove an IP addre ss fro m an SVI, use the no ip addr ess interface co nfiguration c omman d. ...

  • Cisco Systems 2960-S - page 373

    12-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to chan ge MTU size for all 10/100 or Gigab it Ethernet in terf aces: If you e nter a v alue th at is outsid e the a ...

  • Cisco Systems 2960-S - page 374

    12-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es Monitoring Interface Status Command s entere d at the privileged EXEC pro mpt displ ay infor mati on about th e interfac e, includ ing the ver sions of the softw are and the ...

  • Cisco Systems 2960-S - page 375

    12-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces T o clea r th e inte rface coun ter s shown by the show inte rfac es privileged EXEC comm and, use the clear counters pri vilege d EXEC co mmand . The clear counters comma nd ...

  • Cisco Systems 2960-S - page 376

    12-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es ...

  • Cisco Systems 2960-S - page 377

    CH A P T E R 13-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 13 Configuring VLANs This c hapter describ es how to c onfigure norm al- range VL ANs (V LAN IDs 1 t o 100 5) and extended-ra nge VLA Ns (VL AN IDs 1006 t o 4094) on the C atalyst 2960 and 2960 -S switche s. It incl udes inform ation abou t VLAN me mbers hi ...

  • Cisco Systems 2960-S - page 378

    13-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Underst anding VL ANs Note Be fore you create VLANs , you mu st deci de wh ether to use V LAN Trunking Pr otocol (V TP) to maint ain global VL AN configurat ion for you r network. For more informa tion on VTP , see Cha pter 14, “Configuri ...

  • Cisco Systems 2960-S - page 379

    13-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Unde rsta ndin g VLAN s Note U p to 64 VLANs are sup ported w hen the sw itch is ru nning the LAN Li te imag e. Although the swi tch stac k suppor ts a tot al of 25 5 (norm al range a nd extende d range) VLAN s, the num ber of configured fe ...

  • Cisco Systems 2960-S - page 380

    13-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns For more de tailed definitions of acce ss and tru nk mo des and their f unctions, see T able 13 -4 on page 1 3-14 . When a port belongs to a VLAN , the switch l earns and ma nages the add resses associated w ...

  • Cisco Systems 2960-S - page 381

    13-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Y ou use the interfa ce configura tion mod e to define the por t membershi p mode and to add and remove ports from VLANs. Th e results of these command s are written to the runni ng-conf iguratio n f ile ...

  • Cisco Systems 2960-S - page 382

    13-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns Normal-Range VLAN Co nfiguratio n Guidelin es Follow these guidel ines wh en cre ating and mo dify ing norma l-rang e VLAN s in your ne twork: • The switc h supports 255 VLANs in VTP cli ent, server , and ...

  • Cisco Systems 2960-S - page 383

    13-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns desc rip tion in the comma nd refe renc e for this release . When you have f inished t he configurat ion, you must e xit VL AN conf iguration mode f or the c onfi guratio n to tak e ef fec t. T o display ...

  • Cisco Systems 2960-S - page 384

    13-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns Creating or Modifyin g an Et hernet VLAN Each E therne t VL AN in the VLAN d ataba se ha s a uni que, 4- digit ID t hat c an be a nu mber from 1 to 1 001. VL AN ID s 100 2 to 10 05 ar e re served for T oken ...

  • Cisco Systems 2960-S - page 385

    13-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns T o return the VLAN name to the defa ult setting s, use the no name , no mtu , o r no r emote -spa n comm ands. This exampl e shows h ow to cre ate E the rnet V LAN 20, name it test20, and add it to the ...

  • Cisco Systems 2960-S - page 386

    13-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Extend ed-Range VLANs Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to assign a port to a VLAN in the VLAN database: T o return an interfac e to its default conf igu ration, use the default interface interfa ce-id ...

  • Cisco Systems 2960-S - page 387

    13-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Confi guring Exte nded- Range VLANs Default VLAN Configuration See T a ble 13-2 o n pag e 13-7 for t he defau lt con figuration f or Et hernet VLANs. Y ou can c hange on ly the MTU size and the remo te SP AN conf iguration state on ex tend ...

  • Cisco Systems 2960-S - page 388

    13-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Extend ed-Range VLANs In VTP version 1 and 2, extende d-range VLANs a re not saved in the VLAN database ; they are saved in the switc h runnin g conf igur ation f ile. Y ou can sa ve the exten ded-r ange VLAN conf iguration i n ...

  • Cisco Systems 2960-S - page 389

    13-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Displaying VL ANs Displaying VLANs Use the show vlan privi leged EXEC command to display a list of all VLA Ns on the switch, including extended -range V LANs. Th e displa y includ es VLAN status, port s, and co nfiguration inform ation . T ...

  • Cisco Systems 2960-S - page 390

    13-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks T o avoid this , you s hould configure int erface s connec ted t o devices tha t do no t suppor t DTP to not forward DTP frame s, tha t is, to t urn off DT P . • If you do not int end to trunk ac ross tho se link ...

  • Cisco Systems 2960-S - page 391

    13-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s Default Layer 2 Ethernet Inte rface VLAN Con figuratio n T ab le 13-5 sh ows the de fault Lay er 2 Ether net int erface VLAN co nfiguration. Configuring a n Ethern et Interface as a Trunk P ort Because t runk po ...

  • Cisco Systems 2960-S - page 392

    13-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks • If you try to enabl e IEEE 802 .1x on a t runk por t, an err or message appear s, and IE EE 802.1x is not enab led. If you try to chan ge the mo de of an IEE E 802.1 x-ena bled por t to trunk , the port mode is ...

  • Cisco Systems 2960-S - page 393

    13-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s Defining the Allowed VLANs on a Trunk By default, a trunk port sen ds traffic to and re ceives traff ic from al l VLAN s. All V LAN IDs, 1 to 4 094, are al lo wed o n each trun k. Ho wev er , you can remo v e VL ...

  • Cisco Systems 2960-S - page 394

    13-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks T o return to the def ault allo wed VLAN li st of all V LANs, use the no switchport trunk allowed vlan interf ace c onfig uration co mmand. This exam ple sh ows how to remove VLAN 2 from th e a llowed VLAN list on ...

  • Cisco Systems 2960-S - page 395

    13-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s For informa tion ab out IEEE 802.1Q con figuratio n issues , see the “IEE E 802.1 Q Configurati on Consider ation s” sect ion on page 13-14 . Beginning i n privileged E XEC mo de, follow these steps to con f ...

  • Cisco Systems 2960-S - page 396

    13-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks • VLANs 3 thr ough 6 are a ssigned a po rt prior ity o f 16 on Trunk 2. • VLANs 8 thr ough 10 re tain the default port prio rity of 128 on T runk 2. In thi s way , Trunk 1 carri es tr aff ic for VLAN s 8 t hrou ...

  • Cisco Systems 2960-S - page 397

    13-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s Load Sharing Using STP Path C ost Y ou can configure pa rallel tru nks to share VLAN traffic by setting different pa th costs on a trunk an d associat ing t he path costs with d ifferent sets of V LANs, blocking ...

  • Cisco Systems 2960-S - page 398

    13-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS Beginn ing in pri vile ged EXEC mode, follo w these steps to config ure the networ k sho wn in Figure 13-3 : Configuring VMPS The VLA N Quer y Protocol (V QP) is u sed to suppor t dynami c-ac cess ports , which are not perm ...

  • Cisco Systems 2960-S - page 399

    13-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS • “Troubleshoot ing Dynami c-Ac cess Port VLA N Membership” sec tion on pa ge 13-28 • “VMPS Co nf igu rat ion Ex ampl e” s ecti on on pa ge 13 -28 Understand ing VMP S Each time t he clien t switch recei v es t ...

  • Cisco Systems 2960-S - page 400

    13-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS If the link goes down on a dy namic -access por t, the p ort r eturns to an is olated st ate and do es not be long to a VLAN. An y hosts th at come onlin e through the port are check ed again thr ough the VQP with the VMPS ...

  • Cisco Systems 2960-S - page 401

    13-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS Configuring the VMPS Client Y ou configure dy namic VLANs by usi ng the VMPS (s erver). Th e sw itch ca n be a VMPS cli ent; it canno t be a VMPS server . Entering the IP Address of the VMPS Y ou must f irst enter the IP a ...

  • Cisco Systems 2960-S - page 402

    13-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS T o return an interfac e to its default conf igu ration, use the default interface interfa ce-id interfa ce conf iguration command. T o return a n interfac e to its def ault switc hport mode (dyn amic auto), use the no swit ...

  • Cisco Systems 2960-S - page 403

    13-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS Changing the Retry Count Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to chan ge the number of times that the swit ch attempt s to conta ct the VMPS befor e queryi ng the n ext serv er: T o return the switch ...

  • Cisco Systems 2960-S - page 404

    13-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS Troublesho oting Dyna mic-Acce ss Po rt VLAN Memb ership The VMPS shuts down a dynamic -access port unde r these cond itions: • The VMPS is in secure mode, and it does not allo w the host to connect to the port. The VMPS ...

  • Cisco Systems 2960-S - page 405

    13-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS Figur e 13-4 Dynamic P ort VLAN Member ship Configur ation Primar y VMPS Ser ver 1 Catalyst 6500 series Secondar y VMPS Ser ver 2 Catalyst 6500 series Secondar y VMPS Ser ver 3 172.20.26.150 172.20.26.151 Catalyst 6500 ser ...

  • Cisco Systems 2960-S - page 406

    13-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS ...

  • Cisco Systems 2960-S - page 407

    CH A P T E R 14-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 14 Configuring VTP This c hapter describ es how to us e t he VLA N Trunking Prot ocol ( VTP) a nd the VLAN databa se fo r managing VLANs with the Cat alyst 2960 and 29 60-S switc hes. Unle ss otherwi se noted, t he te rm switch refer s to a standa lone swit ...

  • Cisco Systems 2960-S - page 408

    14-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Underst anding VTP The swit ch su pports 25 5 VL ANs, b ut t he num ber of c onf igured features af fec ts the usage o f the s witch hardw are. If the switch is notif ied b y VTP of a new VLAN and the switch is already using the maximum av ail ...

  • Cisco Systems 2960-S - page 409

    14-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Understanding VTP When you make a change to t he VL AN co nfiguration on a V TP server, the chan ge is propaga ted to a ll switches in the VTP d omain. VTP adv ertisements ar e sent ov er all IEEE trunk connectio ns, includi ng IEEE 8 02.1Q. ...

  • Cisco Systems 2960-S - page 410

    14-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Underst anding VTP VTP Advertisements Each swi tch in the VTP domain sends period ic globa l configuratio n advertise ments f rom each trunk port to a rese rved multica st addr ess. Neig hborin g switch es rece iv e these adv ertisemen ts and ...

  • Cisco Systems 2960-S - page 411

    14-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Understanding VTP • VLAN state • Additional VLA N config uration information specif ic to the VLAN type In VTP ver sion 3, VTP adver tisements also incl ude the prim ary ser ver ID, an inst ance numbe r , and a start i ndex. VTP Vers ion ...

  • Cisco Systems 2960-S - page 412

    14-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Underst anding VTP • Support for any da tabase i n a do main . In a ddition to propagat ing V TP info rmation, version 3 ca n propagat e Mult iple Sp anning Tree (MST ) protoc ol data base inf orma tion. A separ ate instan ce o f the VTP pro ...

  • Cisco Systems 2960-S - page 413

    14-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Understanding VTP Figur e 14 -1 Flooding T raf fic wi thout VTP Pr uning Figure 14- 2 sho ws a switche d network with V TP pruning enabl ed. The bro adcast tra f fic from Switch A is not fo rwa rded to Swit ches C, E, and F because tr af f ic ...

  • Cisco Systems 2960-S - page 414

    14-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P VTP pruning is not designed to func tion in VTP transparent mode . If one or more switches in the netwo rk are in VTP transpar ent mode , you should do one of the se: • T urn off V TP pruni ng in the en tire network . • ...

  • Cisco Systems 2960-S - page 415

    14-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP • Configuring VT P on a Per-Port Basis, page 1 4-16 • Adding a VTP Cli ent Swi tch to a VTP Domain, page 14-1 7 Default VTP Configuration T ab le 14-2 shows the default VTP co nfig uration. VTP Configu ra tion Guidelines Y ...

  • Cisco Systems 2960-S - page 416

    14-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P Domain Names When co nfiguring VT P for t he first tim e, you must a lways assign a doma in nam e. Y ou m ust configure all switche s in the VTP domain with the sam e domain name. Switc hes in VTP transparen t mode do not ...

  • Cisco Systems 2960-S - page 417

    14-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP • Do not enable VTP v ersion 2 on a switch unless all of the switc hes in the same VTP domain are version-2-ca pable . When y ou ena ble versio n 2 on a switch, all of the version -2-ca pable sw itches i n the domain en abl ...

  • Cisco Systems 2960-S - page 418

    14-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P • When you conf igure the switch for VTP transparent mode, VTP is disabled on the switch. The switch doe s not send V TP upda tes an d does n ot ac t on VTP update s rece i ved from other switches. Howe ver , a VTP trans ...

  • Cisco Systems 2960-S - page 419

    14-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP When you con figure a domain na me, it cannot be rem ove d; you ca n only rea ssign a switch t o a different domain. T o re turn a switch in an other mod e to VTP server mode , use the no vt p mode global con figuration comma ...

  • Cisco Systems 2960-S - page 420

    14-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P Configuring a VTP Version 3 Password Beginning in privileged EX EC mode , foll ow these s teps to c onfigure th e passwor d when using V TP version 3: T o clear the pa sswor d, enter the no vtp password global configura ti ...

  • Cisco Systems 2960-S - page 421

    14-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP This examp le shows how to con figure a switch as the pr imary server f or the V LAN databa se (the default) when a h idden or se cret password was c onfigured: Switch# vtp primary vlan Enter VTP password: mypassw ord This sw ...

  • Cisco Systems 2960-S - page 422

    14-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P T o return to the default VTP v ersion 1, use the no vtp version glob al configura tion co mman d . Enabling V TP Prunin g Pruning inc reases available bandwi dth by restric ting flood ed traffic to those trunk lin ks that ...

  • Cisco Systems 2960-S - page 423

    14-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP T o disa ble V TP on t he in terf ace, use t he no vtp interf ace con fig uratio n comman d. Switch(config)# interface gigabitethernet 0/1 Switch(config-if)# vtp Switch(config-if)# end Adding a VT P Client S witch to a VT P D ...

  • Cisco Systems 2960-S - page 424

    14-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Monito ring VTP Note Y ou can u se the vtp mode transpar ent global con figuration c ommand t o disab le VT P on the swi tch an d then to cha nge its VLAN inform ation without affecting the othe r switc hes in the V TP doma in. Monitoring VTP ...

  • Cisco Systems 2960-S - page 425

    CH A P T E R 15-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 15 Configuring Voic e VLAN This c hapter describ es how to c onfigure the voice VLA N feat ure on the Cataly st 2960 and 2960-S switches. Unless otherwise noted, the term switc h ref ers to a stan dalone switc h and a swit ch stac k. V oice VLAN is referr e ...

  • Cisco Systems 2960-S - page 426

    15-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Underst anding Voice VL AN Figure 15- 1 shows one w ay to conne ct a Cisco 7960 IP Phone. Figur e 15 -1 Cisco 7960 IP Phone Conne ct ed t o a S witc h Cisco IP Phone Voice Traffic Y ou can conf i gure an access por t with a n att ached ...

  • Cisco Systems 2960-S - page 427

    15-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 5 Configuring Voice VLA N Configuring Voice VLAN Note Un tagged traffic from th e device a ttache d to t he Cisco I P Phone passes t hrou gh the phone unc hanged, regardless of the tr ust stat e of t he acce ss port on the phone. Configuring Vo ice VLAN These ...

  • Cisco Systems 2960-S - page 428

    15-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Configuring Voice VLAN • If the Cisc o IP Phon e and a d e vice atta ched to th e phone a re in t he same VLAN , the y must be in the same IP subnet . These condit ions indicate that they ar e in the same VLAN: – They both use IEEE ...

  • Cisco Systems 2960-S - page 429

    15-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 5 Configuring Voice VLA N Configuring Voice VLAN Configuring Cisco IP Phone V oice Traffic Y ou can con figure a po rt conn ected t o the Cisco IP Phone to send CDP pac kets to th e phon e to c onfigure the wa y in whic h the ph one send s v oice tr af f ic. T ...

  • Cisco Systems 2960-S - page 430

    15-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Configuring Voice VLAN T o return the port to its default setting, use the no swit chport v oice vlan in terfa ce conf igurat ion comm and. Configuring the Priori ty of Incoming Data Frames Note T o s et prio rity of in coming dat a fr ...

  • Cisco Systems 2960-S - page 431

    15-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 5 Configuring Voice VLA N Displaying Voice VLAN Displaying Voice VLAN T o display v oice VLAN co nf igurat ion fo r an in terf ace, u se th e show int erf aces interface-id swit chport pri v ile ged EXE C command . ...

  • Cisco Systems 2960-S - page 432

    15-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Displa ying Vo ice VLA N ...

  • Cisco Systems 2960-S - page 433

    CH A P T E R 16-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 16 Configuring STP This chapt er desc ribes how to configure the Sp anni ng T ree Protoc ol (STP) on port-ba sed VLANs on the Cataly st 2960 an d 2960-S s witche s. The switch can use eithe r the per -VLAN spanni ng-tre e plus (PVST+) protoc ol based on t h ...

  • Cisco Systems 2960-S - page 434

    16-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures • Spanning -T ree Addr ess Man ageme nt, pa ge 16-9 • Acceler ated Aging to Retain Connecti vity , page 16-9 • Spanning-Tree Modes an d Protocols, pa ge 16-1 0 • Supporte d Spanning -Tree Instan ...

  • Cisco Systems 2960-S - page 435

    16-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures Spannin g-Tr ee Topo logy an d BPDUs The stable, ac tiv e spanning -tree topolog y of a switched netw ork is controlled b y these elements: • The uni que bridge ID (sw itch p rior ity and MAC address ...

  • Cisco Systems 2960-S - page 436

    16-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures Only one outgoin g port on the stack root switc h is selected as the root port. The remaining switch es in the stack become its designated switch es (Switch 2 and Switch 3) as sho wn in Figure 1 6-1 on ...

  • Cisco Systems 2960-S - page 437

    16-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures The swi tch sup ports t he IEEE 802.1t spanni ng-tre e extension s, and some of t he bits pr eviously used for the switch prior ity are no w used as the VLAN ident ifie r . The result is that fe wer MA ...

  • Cisco Systems 2960-S - page 438

    16-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures • From le arning t o fo rwarding o r to disable d • From for warding to d isabled Figure 16- 2 illustrates ho w an interface mo v es through the states. Figur e 16 -2 Spanning-T r ee Interf ace Stat ...

  • Cisco Systems 2960-S - page 439

    16-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures • Does not lea rn addres ses • Rece ives BPDUs Listening State The li stenin g stat e is th e f irst state a Lay er 2 i nterf ace e nters af ter the blo cking s tate. The i nterf ace e nters this s ...

  • Cisco Systems 2960-S - page 440

    16-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures How a Sw itch or Port Beco mes th e Root S witch o r Root Port If all switches in a netw ork are enabl ed with default spann ing-tree setti ngs, the switch with the lowe st MA C address beco mes the roo ...

  • Cisco Systems 2960-S - page 441

    16-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures Figur e 16-4 Spanning T ree and Redun dant Connectiv ity Y ou can also cre ate redund ant lin ks betwee n switches by using EtherChann el gro ups. For more inform ation, see Ch apt er 37, “Configur i ...

  • Cisco Systems 2960-S - page 442

    16-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures Span ning- Tree Modes a nd Pro tocols The switc h supports t hese spanni ng-tr ee modes an d protocols: • PVST+—Th is spann ing-tr ee mod e is ba sed on the IEEE 8 02.1D stand ard and Cisco proprie ...

  • Cisco Systems 2960-S - page 443

    16-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures Spanning-Tree Interoperability and Backward Compatibility T ab le 16-2 lists the interoperability a nd compa tibility among the s upporte d spanning-tre e mode s in a network. In a mi xed MSTP and PV ...

  • Cisco Systems 2960-S - page 444

    16-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Spanning Tree and Switch Sta cks These st atements ar e true when the switc h stack is operating in PVST+ or rap id-PVST+ mode: • A switch stack appears as a singl e spanni ng-tre e node to the re st of ...

  • Cisco Systems 2960-S - page 445

    16-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Default Span ning-T ree Configur ation T ab le 16-3 sh ows the defaul t span ning-t ree co nfiguration . Spannin g-Tr ee Conf igura tion Guideli nes Each stack member runs its o wn spann ing tree, an d ...

  • Cisco Systems 2960-S - page 446

    16-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures switch o n each l oop in the VLAN must be r unning span ning tre e. It is not abso lutely nec essary to ru n spannin g tree on al l switches in t he VLA N. Howe ver , i f you are ru nnin g spanning tree o ...

  • Cisco Systems 2960-S - page 447

    16-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Changing the Spa nning-Tree M ode The sw itch s upports th ree spanning -tree mo des: PV ST+, rapi d PVST+, or MS TP . By defau lt, the switch runs th e PVST+ protocol . Beginning in privileged EXEC mod ...

  • Cisco Systems 2960-S - page 448

    16-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Disabling Sp anning Tree Spanning tree is enab led by defau lt on V LAN 1 and on all newly crea ted VL ANs up to the spannin g-tree limit specif ied in the “Support ed Spann ing-Tree Instanc es” secti ...

  • Cisco Systems 2960-S - page 449

    16-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Note Th e ro ot swit ch fo r eac h span ning -tree instan ce shou ld be a ba ckbone or di stribution switch . Do not conf igu re an acc ess switch as the span ning -tre e primar y root. Use the diameter ...

  • Cisco Systems 2960-S - page 450

    16-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Configur ing a S econd ary Roo t Switch When you con figure a switch as the secondary root, the switc h priori ty is modified from t he default value (32768 ) to 28672. Th e switc h is then l ikely to bec ...

  • Cisco Systems 2960-S - page 451

    16-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Note If your switch is a m ember of a switch stack, you mu st us e the spanning-tree [ vlan vlan-id ] cost cost interfac e configurati on comma nd instea d of the spanning-tree [ vlan vla n-id ] port-pr ...

  • Cisco Systems 2960-S - page 452

    16-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures T o return to the default setting, use the no spanning-tree [ vlan vlan-id ] port-pr iori ty interf ace configurati on c ommand. For inf ormati on o n how to co nfigure l oad sh aring on trun k port s by ...

  • Cisco Systems 2960-S - page 453

    16-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Note Th e show spanning-tree inter face interface- id privileged EXEC comma nd displays in format ion only for por ts that are in a lin k-up ope rati v e stat e. Othe rwise, y ou can u se the show runni ...

  • Cisco Systems 2960-S - page 454

    16-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Configuring S pannin g-Tree Timers T ab le 16-4 descri bes the timer s that af fect the en tire s panning -tree p erforma nce. The sectio ns that follo w pro vide the conf igur ation steps. Configuring th ...

  • Cisco Systems 2960-S - page 455

    16-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Configuring the Forwarding -Delay Time fo r a VLAN Beginning i n privileged E XEC mode, follow these ste ps to c onfigure t he forwarding -del ay ti me for a VLAN. Th is proc edure is opt ional . T o re ...

  • Cisco Systems 2960-S - page 456

    16-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Displaying the Spannin g-Tree Stat us Configuring the Transmit Hold -Count Y ou can configure th e BPDU burst size by chang ing the t ransmit hol d count value. Note Changing this parameter to a hi gher va lue can ha ve a signif icant impact ...

  • Cisco Systems 2960-S - page 457

    CH A P T E R 17-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 17 Configuring MSTP This chapte r describes ho w to conf igure the Ci sco implemen tation of the IEEE 802. 1s Multiple STP (MSTP) on th e Catal yst 2960 and 29 60-S swit ches. Note The multiple spanning-tree (MST) implementatio n is based on the IEEE 802.1s ...

  • Cisco Systems 2960-S - page 458

    17-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P This chap ter cons ists of these sec tions: • Understa nding M STP , pag e 17-2 • Understa nding RSTP , page 1 7-10 • Configuring M STP Fea tures , p age 17-15 • Display ing the MST Configura tion and Statu s, pag ...

  • Cisco Systems 2960-S - page 459

    17-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP IST, CIST, an d CST Unlik e PVST+ and rapid PVST+ in whi ch all the spann ing-t ree inst ances are in depend ent, the MST P establishes and maintains tw o types of sp anning trees: • An interna l spanning tree (IST) ...

  • Cisco Systems 2960-S - page 460

    17-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P For correct operatio n, all switch es in the MST re gion m ust agree on th e same CIST re gional r oot. Theref ore, any two switches in the regi on only sync hronize their port roles for an MST insta nce if th ey conv erg ...

  • Cisco Systems 2960-S - page 461

    17-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP Only the CST instance sends an d receives BPDUs, and MST insta nces add their spanning- tree informatio n into the BPDUs to inter act with neighb oring switches an d compute th e final sp anning-tr ee topology . Beca u ...

  • Cisco Systems 2960-S - page 462

    17-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P Hop Count The IST and M ST inst ances do not use the mes sage- age an d maxi mum-age infor mation in the configurati on BPDU to c ompute the sp anni ng-tre e topolo gy . Inst ead, they use th e pa th cost to the root and ...

  • Cisco Systems 2960-S - page 463

    17-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP IEEE 802.1s Implementation The Ci sco impl ementat ion of the I EEE MST s tandard includes featur es requir ed to me et the sta ndard, as well as some of the de sirable pre standard fun ctionality that is not yet incor ...

  • Cisco Systems 2960-S - page 464

    17-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P Figur e 1 7 -2 Standar d and Pr estandard S witch Inte ro per ation Note W e re comme nd tha t you minim ize th e in teract ion be tween st andard and presta ndard M ST implemen tations. Detecting Unidirect ional Link Fai ...

  • Cisco Systems 2960-S - page 465

    17-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP MSTP an d Switch S tacks Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge. A switch stack appe ars as a single spannin g-tree nod e to the re st of the ne two rk, and all st ...

  • Cisco Systems 2960-S - page 466

    17-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding RSTP Understandin g RSTP The RSTP takes ad vantage of point- to-po int wiring and provides rapi d conv ergence of the span ning tree. Reconfigurat ion of th e spann ing tree ca n occur in less than 1 s econd (i n contra st to ...

  • Cisco Systems 2960-S - page 467

    17-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Understa nding RST P T o be consistent with Cisco STP implement ations, this guide def in es the port state as bloc king instead of discarding . Designated ports start in the liste ning state. Rapid Con vergenc e The RSTP provides for ra pi ...

  • Cisco Systems 2960-S - page 468

    17-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding RSTP Figur e 1 7 -4 Pr oposal an d A gr eemen t Handshak ing f or Rapid Con ver ge nce Synchronizatio n of Port R oles When th e switc h receives a proposal me ssage on one of its port s and tha t port is selec ted as the new ...

  • Cisco Systems 2960-S - page 469

    17-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Understa nding RST P Figur e 1 7 -5 Se quence of Ev ents Du r ing Rapid Conv er g ence Bridge Protoco l Data Unit Format an d Process ing The R STP BP DU for mat is th e sam e as t he IEEE 802.1D BPD U fo rmat exce pt tha t th e proto col v ...

  • Cisco Systems 2960-S - page 470

    17-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding RSTP The RSTP does not have a separate topo logy chan ge notificati on (TCN) BPD U. It uses the topology change (TC) f lag to show the topolo gy changes. Howe ver , for interoperab ility with IEEE 8 02.1D switches, the RST P s ...

  • Cisco Systems 2960-S - page 471

    17-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res • Protoc ol m igratio n—F or bac kward comp atibility with IEEE 8 02.1D s witch es, RSTP selecti vely sends IEEE 802.1D configuratio n BPDUs and TCN BPDU s on a per-port basis. When a port is initializ ed, th ...

  • Cisco Systems 2960-S - page 472

    17-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Default MSTP Configuration T ab le 17-4 sh ows the default MSTP configuration . For informat ion about the suppor ted numbe r of spanni ng-tree instan ces, see the “Supp orted Spanning -T ree In stance s” sect ...

  • Cisco Systems 2960-S - page 473

    17-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res • VTP propa gation of the MST co nfiguration i s not suppo rted. Howev er , you can manu ally c onfigure the MS T co nfiguration (region n ame , revision num ber, and VLA N-to-in stance mappi ng) o n each switc ...

  • Cisco Systems 2960-S - page 474

    17-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es T o retur n to the defa ult M ST region configurati on, u se th e no spanning- tr ee mst configurat ion globa l conf iguratio n command. T o return to the defa ult VLAN-to- instance map , use the no i nstance inst ...

  • Cisco Systems 2960-S - page 475

    17-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Instance Vlans Mapped -------- --------------------- 0 1-9,21-4094 1 10-20 ------------------------------- Switch(config-mst)# exit Switch(config)# Configuring th e Root Switch The swi tch mainta ins a spannin g- ...

  • Cisco Systems 2960-S - page 476

    17-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure a switch as the root switch. This procedur e is optional. T o return the switch to it s def ault setting, use the no spanning-tr ee mst insta ...

  • Cisco Systems 2960-S - page 477

    17-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Beginning i n privileged EX EC mo de, fol low these s teps t o configure a swit ch as the se condary root switch. Th is procedure is option al. T o return the switch to it s def ault setting, use the no spanning- ...

  • Cisco Systems 2960-S - page 478

    17-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure the MSTP port priority of an interf ace. This pr ocedure is option al. Note Th e show sp anning-t ree mst inte rface interface-id privileged ...

  • Cisco Systems 2960-S - page 479

    17-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Configuring Path Cost The MSTP path cost def ault v alue i s deri ved fr om the media speed of an inte rface . If a loop occurs, the MSTP use s cost when se lecting an interfac e to put in the forwarding st ate. ...

  • Cisco Systems 2960-S - page 480

    17-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Configuring the Switch Priority Y o u can conf igure the switch priority and mak e it more like ly that a standalone switc h or a switch in the stack will be c hosen as the root switch. Note Stac king is supp orte ...

  • Cisco Systems 2960-S - page 481

    17-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Configuring the Hello Time Y o u can conf igure th e interv al between the generation of config uration messages b y the ro ot switch b y chan ging the hello tim e. Beginn ing in pri vileg ed EXEC mode, fo llo w ...

  • Cisco Systems 2960-S - page 482

    17-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Configuring the Maxi mum-Aging Time Beginn ing in p ri vileg ed EXEC mode, fo llo w these steps to conf igure the maxim um-aging t ime for all MST inst ance s. This procedure is optio nal. T o return the switch to ...

  • Cisco Systems 2960-S - page 483

    17-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Specifying the Link Type to Ensure Rapid Transitions If you con nect a port to anothe r port thr ough a point-t o-po int link an d the loc al port beco mes a designated por t, the RSTP negoti ates a rapid tran si ...

  • Cisco Systems 2960-S - page 484

    17-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Displaying the MST Configu ration and Stat us T o return the port to its default setting, use the no spanning-tre e mst prestandard in terface configurati on c ommand. Restarting the Protocol Mi gration Proce ss A switch r unning M STP supp ...

  • Cisco Systems 2960-S - page 485

    CH A P T E R 18-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 18 Configuring Optional Spannin g-Tree Features This ch apt er descr ibes how to co nfigure opt ional spa nning- tree f eatur es on the Cata lyst 2960 and 29 60-S switche s. Y ou can co nfigure all of th ese feat ures when your swit ch is ru nning the p er- ...

  • Cisco Systems 2960-S - page 486

    18-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures • Understa nding R oot Guar d, page 1 8-10 • Understa nding L oop G uard, page 18-1 1 Understand ing Port Fa st Port Fast immedia tely br ings an inte rf ...

  • Cisco Systems 2960-S - page 487

    18-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures configurat ion, suc h as the co nnect ion of an unauthor ized device, an d the BPD U guard fe ature put s the port in the e rror-disable d state. When t his ha pp ...

  • Cisco Systems 2960-S - page 488

    18-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Figu re 1 8-2 Swit ches in a H ierarchical Network If a switch loses co nnectivity , i t begins using the alt ernate path s as soon as the span ning tre e se ...

  • Cisco Systems 2960-S - page 489

    18-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Figur e 1 8-3 UplinkF ast Example Bef or e Dir e ct Link F ailur e If Switch C detects a link fa ilure on the curre ntly acti v e link L2 on the root port (a dir ...

  • Cisco Systems 2960-S - page 490

    18-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures How CSUF Work s CSUF ensures that one link in the stack is elected as the path to the root. As shown in Figure 18-5 , the stack- root po rt on Sw itch 1 prov ...

  • Cisco Systems 2960-S - page 491

    18-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Each switch in the stac k decides if the sending sw itch is a better choice than itself to be the stack root of this span ning- tree inst ance b y compar ing the ...

  • Cisco Systems 2960-S - page 492

    18-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Backbon eFast, w hich is e nable d by us ing th e spanning-tree backbonefast global c onfiguratio n comm and, star ts when a ro ot port or bl ocked inter fac ...

  • Cisco Systems 2960-S - page 493

    18-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Figur e 1 8-6 Backbon eF ast E xample Bef ore Indir ect Link F ailure If lin k L 1 fails as sh own in Figu re 18-7 , Switch C cannot detect this fail ure becaus e ...

  • Cisco Systems 2960-S - page 494

    18-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Figur e 1 8-8 Adding a S witc h in a Sha r ed-Medi um T opology Understand ing Ethe rCha nnel Gua rd Y ou can use Et herC hannel gua rd to detect an Ethe rC ...

  • Cisco Systems 2960-S - page 495

    18-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Root guard ena bled on an interf ace appli es to all the VLANs to whic h the interf ace belongs. VL ANs can be grou ped and map ped t o an M ST i nstance. Y ou c ...

  • Cisco Systems 2960-S - page 496

    18-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Configuring Optio nal Spanning-Tre e Features These sec tions co ntain this co nfiguration in format ion: • Default Optiona l Spann ing- T ree Configur ation, ...

  • Cisco Systems 2960-S - page 497

    18-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Enabling P ort Fast An int erface with the Port F ast fea ture enab led is m ov ed dir ectly to t he span ning-tree forw arding sta te without waiting f or the st ...

  • Cisco Systems 2960-S - page 498

    18-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Enabling BP DU Guard When yo u global ly enable BPDU guard on ports that ar e Port Fas t-enab led (the por ts are in a Por t Fast-operat ional state), spanni ng ...

  • Cisco Systems 2960-S - page 499

    18-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Enabling BPDU Filtering When you glo bally enable BPDU fi ltering on Port Fast -enabled in terfaces, it pre v ents interf aces that are in a Port F ast-operati ona ...

  • Cisco Systems 2960-S - page 500

    18-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Enabling Up linkFast for Us e with R edundan t Link s UplinkFas t can not be enab led on VLAN s that have been configured with a swi tch p riority . T o enab le ...

  • Cisco Systems 2960-S - page 501

    18-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Enabling C ross-St ack UplinkF ast When yo u enable or di sabl e the Upli nkF ast feat ure b y us ing the spanning-tr ee uplinkfast global configurati on c ommand, ...

  • Cisco Systems 2960-S - page 502

    18-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Enabling E therChan nel Gua rd Y ou can enab le Ethe rChann el guar d to detect an Ether Channel miscon figuration if your switc h is running PVST+, rapid PVST+ ...

  • Cisco Systems 2960-S - page 503

    18-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures T o disa bl e root gua rd, use the no spanning-tree guard interf ace conf igurati on command. Enabling L oop Guard Y ou can use loo p gua rd to prevent altern ate ...

  • Cisco Systems 2960-S - page 504

    18-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Displaying the Spannin g-Tree Stat us Displaying the Sp anning-Tre e Status T o display th e spannin g-tree s tatus, use one o r more of the pri vileg ed EXEC comm ands in Ta b l e 1 8 - 2 : Y ou can clear s ...

  • Cisco Systems 2960-S - page 505

    CH A P T E R 19-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 19 Configuring Flex Link s and the MAC Address-Table Move Update Feature Note T o use Flex Links an d the MA C address- table move update feat ure, th e switch mu st be running t he LAN Base im age. This chapt er descri bes how to configure Flex Links, a pa ...

  • Cisco Systems 2960-S - page 506

    19-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update Flex Links Flex Links are a pair of a Layer 2 in terfaces (sw itch po rts or port chan nels ) where one interface i ...

  • Cisco Systems 2960-S - page 507

    19-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and the M AC A ddre ss-T able Mov e Up date VLAN Flex L ink Load Ba lancing an d Supp ort VLAN Flex Link loa d-bala ncing al lows you to configure a Flex ...

  • Cisco Systems 2960-S - page 508

    19-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update Thoug h both Flex L ink p orts ar e part of the groups i n norm al ope rati on mode, all tr aff ic on t he bac kup ...

  • Cisco Systems 2960-S - page 509

    19-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and the M AC A ddre ss-T able Mov e Up date Preemption Mode : off Multicast Fast Convergence : Off Bandwidth : 100000 Kbit (Gi0/11), 100000 Kbit (Gi0/12) ...

  • Cisco Systems 2960-S - page 510

    19-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update ------------------------------------------------------------- 1 1.1.1.1 v2 Gi0/11 401 41.41.41.1 v2 Gi0/11 This is ...

  • Cisco Systems 2960-S - page 511

    19-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address- Table Mo ve Update Switch A does n ot need to wa it for the MA C address-table u pdate. The switch detects a fa ilure on por t 1 and imme ...

  • Cisco Systems 2960-S - page 512

    19-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate Default Configuration The Fle x Links ar e not conf igured, an d ther e ar e no bac kup i nterf aces def ined. The pr ...

  • Cisco Systems 2960-S - page 513

    19-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address- Table Mo ve Update Configurin g Flex Link s Beginning i n privileged E XEC mo de, follow these s teps to con figure a pa ir of Fl ex Link ...

  • Cisco Systems 2960-S - page 514

    19-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate Beginning in privileged EXEC mo de, f ollow these steps t o configure a p reempt ion schem e for a pa ir of Flex L i ...

  • Cisco Systems 2960-S - page 515

    19-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address- Table Mo ve Update Switch# show interfaces switchport backup detail Active Interface Backup Interface State ---------------------------- ...

  • Cisco Systems 2960-S - page 516

    19-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate When a Fle x Link inter fac e goes do wn (LINK_DO WN), VLANs pr eferre d on this i nterf ace are mov ed to the peer ...

  • Cisco Systems 2960-S - page 517

    19-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address- Table Mo ve Update Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to conf igure an access switch to send MA C address- table ...

  • Cisco Systems 2960-S - page 518

    19-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Monito ring Flex L inks and t he MAC Addr ess-T able Move Upd ate Rcv packet count this min : 0 Rcv threshold exceed count : 0 Rcv last sequence# this min : 0 Rcv last interface : Po2 ...

  • Cisco Systems 2960-S - page 519

    CH A P T E R 20-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 20 Configuring DHCP Features and IP Source Guard Features This c hapter d escribes how to configure D HCP s nooping and o ption-82 data insertion, and t he DHC P server port- based addr ess alloc ation fe ature s on the Cata lyst 29 60 and 2 960-S sw itches ...

  • Cisco Systems 2960-S - page 520

    20-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping Understandin g DHCP Snooping DHCP is w idely used in LAN en vironment s to dyna mically ass ign ho st IP ad dresses from a central ized server , w hich significantly r ...

  • Cisco Systems 2960-S - page 521

    20-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping An untrusted DHCP message is a message that is recei v ed from outside th e network or f ire w all. When you use D HCP snoo ping in a ser vice-provid er environment, a n un ...

  • Cisco Systems 2960-S - page 522

    20-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping Option-82 Data Insertion In resident ial, metr opolit an Ethern et-ac cess environments , DHCP can cen trally mana ge the IP ad dress assi gnmen ts for a l arg e num b ...

  • Cisco Systems 2960-S - page 523

    20-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping • The DH CP ser ver recei ves the pack et. I f the s erv er is option -82-capa ble, it can use t he rem ote ID, the circuit ID, or both to assign IP addresses and impl em ...

  • Cisco Systems 2960-S - page 524

    20-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping Figur e 20 -2 Suboption P ac k et F ormats Figure 20- 3 shows the packet formats for user-configured remot e-ID and ci rcuit- ID suboption s The switch uses these pa c ...

  • Cisco Systems 2960-S - page 525

    20-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping Figur e 20 -3 User -Configur ed Suboptio n P ac k et For m ats DHCP Snoop ing Bind ing Da tabase When D HCP sn ooping is en abled, t he switch uses the D HCP snooping bindi ...

  • Cisco Systems 2960-S - page 526

    20-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping This is the format of the f ile with bindings: <initial-checksum> TYPE DHCP-SNOOPING VERSION 1 BEGIN <entry-1> <checksum-1> <entry-2> <check ...

  • Cisco Systems 2960-S - page 527

    20-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn oopi ng Configuring DHCP Snooping These sec tions co ntain this co nfiguration info rmat ion: • Default DHCP Sno oping C onfiguration , pa ge 20-9 • DHCP Sno oping Configurati ...

  • Cisco Systems 2960-S - page 528

    20-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Configur ing DHCP Snoopi ng • Before glob ally en ablin g DHCP snoo ping on the swit ch, make sure that the devices ac ting as the DHCP server and th e DHC P rela y agent are co nfigured and e n ...

  • Cisco Systems 2960-S - page 529

    20-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn oopi ng Configuring the DHCP Relay Agent Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable the DHCP relay agent on the switch: T o disabl e the DHCP s erv er an ...

  • Cisco Systems 2960-S - page 530

    20-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Configur ing DHCP Snoopi ng T o di sable DHCP sno oping, use the no ip dhcp snooping global configurat ion co mman d. T o disabl e DHCP snoo ping o n a VLAN or range of VLA Ns, use the no ip dhcp ...

  • Cisco Systems 2960-S - page 531

    20-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn oopi ng Enabling th e DHCP Sn ooping Bind ing Data base Agen t Beginning in privileged EX EC mode , foll ow these s teps to e nable a nd c onfigure the D HCP snoo ping binding d ...

  • Cisco Systems 2960-S - page 532

    20-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Display ing DHCP Sno oping Inform ation Displaying DHCP Snoopi ng Information T o display the DHCP snooping information, use th e pri vile ged EXEC commands in T able 20- 2 : Note If DHCP snooping ...

  • Cisco Systems 2960-S - page 533

    20-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Underst anding I P Sourc e Guard Source IP Add ress F iltering When I PSG is enable d with this o ption , IP tr af f ic i s f il tered b ased on the sou rce IP addr ess. T he swit ch forwards IP traf ...

  • Cisco Systems 2960-S - page 534

    20-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Conf igu rin g IP Sour ce Gu ard Note Some IP hosts w ith multip le netw ork interf aces c an inject some in valid packe ts into a netwo rk interfac e. The in valid packets cont ain the IP or MAC ...

  • Cisco Systems 2960-S - page 535

    20-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard • If you enable IP source gua rd with source IP and MA C address filte ring, DHCP snooping and port security must be enable d on the interf ace. Y ou must also ente ...

  • Cisco Systems 2960-S - page 536

    20-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Conf igu rin g IP Sour ce Gu ard T o disable IP source guar d with source IP a ddress f iltering, use the no ip ver ify source interfac e configurati on c ommand. T o d elete a sta tic IP so urce ...

  • Cisco Systems 2960-S - page 537

    20-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard This e xample shows ho w to st op IPSG with static ho sts on an interf ace. Switch(config-if)# no ip verify source Switch(config-if)# no ip device tracking max This e ...

  • Cisco Systems 2960-S - page 538

    20-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Conf igu rin g IP Sour ce Gu ard This example shows how to enable I PSG for static ho sts with IP filters on a L ayer 2 access p ort and to verify the valid IP bindi ngs on the interface Gi0/3: Sw ...

  • Cisco Systems 2960-S - page 539

    20-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard 200.1.1.2 0001.0600.0000 9 GigabitEthernet0/2 ACTIVE 200.1.1.2 0001.0600.0000 8 GigabitEthernet0/1 INACTIVE 200.1.1.3 0001.0600.0000 9 GigabitEthernet0/2 ACTIVE 200.1 ...

  • Cisco Systems 2960-S - page 540

    20-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Display ing IP Source G uard Info rmation Displaying IP So urce Guard Informa tion T o d isplay the IP sourc e g uard i nformat ion, u se one or more of the privileged EX EC co mman ds in T ab le ...

  • Cisco Systems 2960-S - page 541

    20-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Config uring DHC P Server Port- Based Addr ess Allocat ion Default Port-Based Addres s Allocation Configuration By def ault, DHCP ser ver port-based address allo cation is d isabled. Port-Base d Addr ...

  • Cisco Systems 2960-S - page 542

    20-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Configur ing DHCP Server Port-Base d Address Allocatio n not offered t o the client, and other clients are not ser ved by the p ool. By ent ering this com mand , users can configure a group of swi ...

  • Cisco Systems 2960-S - page 543

    20-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Displa ying DHCP Ser ver Po rt-Based Address Allo cation ip dhcp subscriber-id interface-name ip dhcp excluded-address 10.1.1.1 10.1.1.3 ! ip dhcp pool dhcppool network 10.1.1.0 255.255.255.0 address ...

  • Cisco Systems 2960-S - page 544

    20-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Display ing DHCP Server Port-Base d Address Allocatio n ...

  • Cisco Systems 2960-S - page 545

    CH A P T E R 21-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 21 Configuring Dynamic ARP Insp ection Note T o use Dyn amic ARP insp ection, th e switch mu st be runn ing the LAN Bas e image. Note Th is chapte r describe s how to configure dynam ic Address R esolutio n Protoco l inspect ion (dyn amic ARP inspectio n) o ...

  • Cisco Systems 2960-S - page 546

    21-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Underst anding D ynamic ARP I nspection Figur e 21 -1 ARP Cac he P oisoning Hosts A, B, and C are connected to the switch on interfaces A, B and C, all of which are on the same subnet. Their IP and MAC address es are sh ...

  • Cisco Systems 2960-S - page 547

    21-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Understa nding Dynami c ARP Inspect ion Y ou can configure dyn amic AR P inspect ion to drop ARP pa ckets when the IP addre sses in the pac kets are i n v alid or when the M A C addresse s in the body of th e A RP packet ...

  • Cisco Systems 2960-S - page 548

    21-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Underst anding D ynamic ARP I nspection Dynamic ARP i nspectio n ensure s that h osts (on untrust ed in terfaces) connec ted t o a sw itch run ning dynami c ARP inspect ion do not po ison the ARP ca ches of other hosts ...

  • Cisco Systems 2960-S - page 549

    21-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Logging o f Dropped Packet s When th e switch d rops a p acke t, it pl aces an entry in the log b uffe r and then generates system messag es on a ra te-controlle d basis. Afte r the mes ...

  • Cisco Systems 2960-S - page 550

    21-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection Dynamic ARP In spectio n Configuratio n Guidelin es These are the dynam ic ARP inspec tion con figu ration guidel ines: • Dynamic ARP inspectio n is an ingre ss security feat ure; ...

  • Cisco Systems 2960-S - page 551

    21-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection • The operati ng rate for the p ort channe l is cumulati ve across all the phys ical ports wi thin the channel . For ex ample, if y ou conf igure the port ch annel with an ARP rate- l ...

  • Cisco Systems 2960-S - page 552

    21-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection Beginning in privileged EXEC mode, f ollow these st eps to configure dyn amic ARP insp ection. Y ou must perform this proce dure on bo th switche s. This pr ocedure is requir ed. T ...

  • Cisco Systems 2960-S - page 553

    21-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Configuring ARP ACLs for Non-DHCP Environments This proc edure shows how to configure dynam ic ARP inspe ction when Switch B shown in Figur e 21-2 on page 21-3 does not suppor t dynami ...

  • Cisco Systems 2960-S - page 554

    21-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o remov e th e ARP A CL , use the no arp acce ss-list global c onfiguratio n comma nd. T o remove the ARP A CL attached to a V LAN, use the no ip arp inspe ction f ilter arp-acl- ...

  • Cisco Systems 2960-S - page 555

    21-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection This exam ple sh ows how to configure an ARP ACL calle d host2 on Switch A, to pe rmit ARP pac kets from H ost 2 ( IP addre ss 1.1.1. 1 an d MAC address 0001.00 01.000 1), to apply the ...

  • Cisco Systems 2960-S - page 556

    21-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o return to the default rate- limit confi guration , use the no ip ar p inspectio n limit in terfa ce configurati on comm and. T o disabl e error re covery for dynam ic ARP in sp ...

  • Cisco Systems 2960-S - page 557

    21-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Be ginnin g in pri vile ged EXE C mode, follo w thes e steps to pe rform specif ic chec ks on in coming ARP packet s. This proced ure is optional. T o disable checki ng, use the no ip ...

  • Cisco Systems 2960-S - page 558

    21-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection If the log b uf fer o verf low s, it means that a log e v ent does not f it into the log b uf f er , and the display for the show ip arp inspection l og pri vile ged EXEC co mmand ...

  • Cisco Systems 2960-S - page 559

    21-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Displaying Dynamic ARP Inspection Information T o return to the default log b uf fer settin gs, use the no ip arp inspectio n log-buf fer { ent ries | logs } global configurati on com mand. T o ret urn to the default VL ...

  • Cisco Systems 2960-S - page 560

    21-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Display ing Dyna mic ARP Insp ectio n Informat ion T o clear or display dynamic ARP inspec tion statistics, use th e pri vile ged EXEC commands in T ab le 21-3 : For t he show ip arp inspec tion statis tics c omma nd, ...

  • Cisco Systems 2960-S - page 561

    CH A P T E R 22-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 22 Configuring IGMP Sno oping and MVR Note T o use MVR, th e swit ch m ust be r unnin g the LAN Base image. This cha pter descr ibes how to configure Int ernet Group Ma nageme nt Proto col (IGMP) snooping on the Catalyst 2960 and 2960-S switche s, including ...

  • Cisco Systems 2960-S - page 562

    22-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Understandin g IGMP Snooping Layer 2 switches can use IGMP snooping to constra in the flooding of multic ast traf f ic b y dynamically conf iguring Layer 2 inter faces so that multicast tra ff i ...

  • Cisco Systems 2960-S - page 563

    22-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping IGMP Versions The sw itch supports IGM P V ersion 1, I GMP V ersion 2, a nd IGM P V ersion 3. T hese versio ns are interope rable on th e sw itch. For exam ple, if IG MP snoo ping i s enabl ed o ...

  • Cisco Systems 2960-S - page 564

    22-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Figur e 22 -1 Initial IGMP J oin Messa ge Router A sends a genera l quer y to th e switch , which forwar ds the qu ery to ports 2 t hroug h 5, whi ch are all members of the same VLAN. Host 1 wan ...

  • Cisco Systems 2960-S - page 565

    22-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping Figur e 22 -2 Second Host J oining a M ulticast Group Leaving a Multicast Group The router sends periodic multicast general querie s, and the switch forw ards these queries throug h all ports in ...

  • Cisco Systems 2960-S - page 566

    22-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Note Y ou shou ld only use t he Imm ediate Le ave feat ure on VLA Ns where a single host is conne cted to ea ch port. If Im media te Leave is enabled in VLANs wher e more than one host is connec ...

  • Cisco Systems 2960-S - page 567

    22-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configuring IGMP Snoo ping IGMP snoop ing allows switch es to examine IG MP packets and make forwarding d ecisions ba sed on the ir conte nt. These sections con tain t his configura tion info rmat ...

  • Cisco Systems 2960-S - page 568

    22-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Beginning i n privileged EX EC mo de, fol low these s teps t o globa lly ena ble I GMP snoo ping on the switch: T o g loba lly d isable I GMP sno oping on a ll VLA N in terfaces, use th e no ip igmp ...

  • Cisco Systems 2960-S - page 569

    22-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Note If you w ant to use CGMP as the lear ning me thod and no multicast router s in the VL AN are CGMP proxy-en abl ed, you mu st enter th e ip cgmp rout er -only comm and to dyna micall y access ...

  • Cisco Systems 2960-S - page 570

    22-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping T o remov e a mul ticast rout er por t from th e VLAN, use the no ip igmp snooping vlan vlan-i d mrouter interface inte rface-id global configurat ion comm and. This e xample s hows ho w to enable a ...

  • Cisco Systems 2960-S - page 571

    22-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Note Im media te Leave is supported only on IGM P V ersion 2 hosts. Beginn ing in pri vile ged EXEC mode, follo w these step s to enable IGMP Immediat e Lea ve : T o disabl e IGMP Immed iate Lea ...

  • Cisco Systems 2960-S - page 572

    22-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping T o globally reset the IGMP lea ve timer to the defa ult setting, use the no ip igmp snooping last-member -quer y-interv a l global configurat ion comm and. To remove th e confi gured IGMP lea ve -t ...

  • Cisco Systems 2960-S - page 573

    22-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Recovering from Flood Mode When a topology change occurs, t he span ning- tree roo t sends a speci al IGMP leave message (also known as global lea ve) with the group multic ast address 0.0.0 .0. ...

  • Cisco Systems 2960-S - page 574

    22-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configuring th e IGMP S nooping Qu erier Follow these guideli nes wh en configuring t he IGMP snoo ping queri er: • Conf igure the VLAN in glob al conf iguration mode. • Conf igure an IP addre s ...

  • Cisco Systems 2960-S - page 575

    22-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping This exam ple sh ows how to set th e IGM P snoop ing q uerier s ource add ress to 10.0.0. 64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.0.0.64 Switch(config)# end Thi ...

  • Cisco Systems 2960-S - page 576

    22-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Displaying IGMP Snooping Information Displaying IGMP Sn ooping Informa tion Y ou can display I GMP snooping inf ormati on fo r dynam ical ly lear ned and sta tical ly con figured rou ter ports a nd VLAN inter faces . Y ou ca ...

  • Cisco Systems 2960-S - page 577

    22-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Understanding Multicast VLAN Registration For more inform ation abou t the keywords and option s in thes e co mman ds, see the c omma nd refe rence for th is re lease . Understandin g Multicast VL AN Registrati on Note T ...

  • Cisco Systems 2960-S - page 578

    22-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding Mu lticas t VLAN Regi stratio n Using MVR in a M ulticast Television Application In a multicast tel ev ision applicatio n, a PC or a tele vision with a set-top box can re cei ve the multicast stream. Mult iple ...

  • Cisco Systems 2960-S - page 579

    22-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring MVR When a subscriber chan ges channels or turns of f the tele vision, the set- top box sends an IGMP leav e message for t he multica st stream . The swi tch CPU sends a MAC-based general qu ery throu gh the r ...

  • Cisco Systems 2960-S - page 580

    22-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Conf ig uri ng MV R MVR Configuratio n Gu idelin es and Limitatio ns Foll ow these g uidelines w hen conf igurin g MVR: • Receiver ports can onl y be acc ess ports; th ey cannot be trunk ports. Receiv er port s on a switc ...

  • Cisco Systems 2960-S - page 581

    22-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring MVR T o return the switch t o its defaul t settings, u se the no mvr [ mode | group ip-a dd r es s | querytime | vlan ] global configurat ion comm ands. This example shows ho w to enable MVR, configure the gro ...

  • Cisco Systems 2960-S - page 582

    22-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Conf ig uri ng MV R T o return the interfa ce to its default setti ngs, use the no mvr [ ty pe | immediate | vlan vlan-i d | gro up ] interf ace c onfig uration co mmands. This exam ple sh ows how to con figure a port a s a ...

  • Cisco Systems 2960-S - page 583

    22-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Displaying MVR Information Displaying MVR Information Y o u can disp lay MVR i nformation f or the sw itch or f or a spec ifie d interf ace. Be ginning in pri vile ged EXEC mode, use th e comm ands in T able 22 -6 to di s ...

  • Cisco Systems 2960-S - page 584

    22-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng IGMP f iltering is applicab le only to the dynamic lea rning of IP multicast group add resses, not static configurat ion. W ith the IGMP t hrottli ng feat ure, you ca n set th ...

  • Cisco Systems 2960-S - page 585

    22-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling • permit : Spec ifie s that m atching addr esses are p ermitted. • rang e : Specif ies a ra nge of IP add ress es for the pr of ile. Y ou can enter a single IP addre ss or a r ...

  • Cisco Systems 2960-S - page 586

    22-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng Beginn ing in pri vileg ed EXEC mode, follo w these steps to apply an IGMP prof ile to a switch port: T o remo ve a p rof ile fr om an int erfac e, use th e no ip igmp fil ter ...

  • Cisco Systems 2960-S - page 587

    22-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling T o remove the maximum group limitatio n and return to the defa ult of no maxim um, use the no ip ig mp max-groups interf ace con fig urat ion comm and. This exampl e shows ho w t ...

  • Cisco Systems 2960-S - page 588

    22-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Displaying IGMP Filterin g and Thro ttling Configu ration T o return to the defau lt action of dro pping the repor t, use the no ip igmp max- groups action interfa ce configurati on c ommand. Displaying IGMP Filtering and Th ...

  • Cisco Systems 2960-S - page 589

    CH A P T E R 23-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 23 Configuring Port-Base d Traffic Con trol This chapte r describes ho w to conf ig ure the port-b ased traf f ic contro l features on the Cataly st 2960 and 2960- S switches . Un less othe rwise n oted, the ter m switc h refers to a standalon e switch and ...

  • Cisco Systems 2960-S - page 590

    23-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Storm Control Storm control (or traff ic suppression) monito rs packets passing from an inter face to the switch ing bus and determi nes if the pack et is unicast, multicast, or bro adcast. The switc h counts ...

  • Cisco Systems 2960-S - page 591

    23-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Configuring Storm Control Note Be cause p ackets do not arrive at unif orm in tervals, the 1-sec ond ti me int erval durin g whic h tra ff ic acti vity is meas ured can af fect the beha vi or of stor m contr ol. Y ou ...

  • Cisco Systems 2960-S - page 592

    23-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Storm Control Step 3 storm- co ntr ol { broadcast | multicast | unicast } level { leve l [ leve l-low ] | bps bps [ bps-l ow ] | pps pps [ pps-low ]} Configure b roadcast, multic ast, or unicast stor m contro ...

  • Cisco Systems 2960-S - page 593

    23-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Configuring Storm Control T o disabl e storm co ntrol, use the no storm-control { br oadcast | multicast | unicast } level interface configurati on c ommand. This exa mple shows how to ena ble un icast stor m c ontrol ...

  • Cisco Systems 2960-S - page 594

    23-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Protected Po rts This e xamp le sho ws how to en able the sm all-fra me arri val-r ate fea ture, co nf igure th e port r ecov ery time, and co nfigure the thre shold for e rror di sablin g a port: Switch# con ...

  • Cisco Systems 2960-S - page 595

    23-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Configuring Port Blocking Prot ected P ort Con figuration Guidelines Y ou can configure protec ted ports on a physic al inter face (fo r example, Gigabi t Ethern et port 1) or an Ether Channel group (for example, port ...

  • Cisco Systems 2960-S - page 596

    23-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security Default Port Blocki ng Configuration The default is to not b lock flooding o f unknown multicast and u nicast traff i c out of a port, but to flood these pac kets to a ll ports. Blocking Flooded ...

  • Cisco Systems 2960-S - page 597

    23-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity If a por t is conf igu red as a secu re port an d the maxi mum num ber of secu re MA C addresse s is reach ed, when the MA C addr ess of a sta tion attem pting t o ac cess the port is di f ...

  • Cisco Systems 2960-S - page 598

    23-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security The stick y sec ure MA C addresse s do not automatically beco me part o f the co nf iguratio n f ile, wh ich is the startu p con fig uration used eac h time t he swit ch res tarts. If yo u sa v ...

  • Cisco Systems 2960-S - page 599

    23-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Default Port Security Configuration T ab le 23-2 shows the default por t security conf igurat ion for an interface. Port Secu rity Con figuration Guidelines Foll ow these g uidelines whe n ...

  • Cisco Systems 2960-S - page 600

    23-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security • When y ou en able por t secu rity on an interf ac e that i s al so conf igured w ith a v oic e VLAN, set t he maxim um allowed secur e addresse s on the port to two. When the port is conne ...

  • Cisco Systems 2960-S - page 601

    23-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Enabling a nd Con figuring Port Security Beginn ing in pri vileged EXE C mode, follo w these steps to restrict input to an interfac e by limiting and identify ing MA C addresses of the sta ...

  • Cisco Systems 2960-S - page 602

    23-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security Step 7 s wit chpor t port -sec urity [viola tion { protec t | r estrict | shutdown | shutdown vlan }] (Opt ional) Set the viola tion mod e, the actio n to be taken whe n a secur ity violatio n ...

  • Cisco Systems 2960-S - page 603

    23-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Step 8 s witchport port-securit y [ mac-addre ss mac-address [ vlan { vlan-id | { access | voice }}] (Optiona l) En ter a secu re M A C addr ess fo r the inte rface. Y ou can use this co m ...

  • Cisco Systems 2960-S - page 604

    23-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security T o return the inter face to th e defau lt conditi on as not a secu re port, u se the no switchport port -security interf ace conf iguration command. I f you enter this command when stick y lea ...

  • Cisco Systems 2960-S - page 605

    23-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice Switch(config-if)# switchpor ...

  • Cisco Systems 2960-S - page 606

    23-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Displaying Port-Base d Traffic Cont rol Settings T o di sable por t securit y aging for all sec ure addr esses on a port , use the no switchport port-security aging tim e interfac e conf iguration comma nd. T o disabl e ...

  • Cisco Systems 2960-S - page 607

    23-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Displayin g Port-Bas ed Traf fic Cont rol Sett ings show port -secur ity [ int erface inte rf ac e-i d ] address Displays all secure MA C addresses configured o n all switch interfa ces or on a specified inte rface w ...

  • Cisco Systems 2960-S - page 608

    23-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Displaying Port-Base d Traffic Cont rol Settings ...

  • Cisco Systems 2960-S - page 609

    CH A P T E R 24-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 24 Configuring UDLD This c hapter descri bes how to c onfigure t he Un iDirec tional Link D etect ion (U DLD) protoc ol on t he Catalyst 2960 and 2960- S switch es. U nless ot herwis e noted, the term sw itch refers to a standalone switch and to a switch st ...

  • Cisco Systems 2960-S - page 610

    24-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Underst andin g UDLD A unidirectio nal link occurs wh ene ve r traff ic sent by a local de vice is recei ved by its neighbor b ut traf f ic from the neighb or is not recei ved by the loca l devic e. In norm al mode, UDL D detect s a unidir ec ...

  • Cisco Systems 2960-S - page 611

    24-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 4 Configuring UD LD Understand ing UDLD • Ev ent-dr i ven detect ion and ec hoing UDLD re lies on ech oing a s its detectio n mech anism. Whene v er a U DLD d e vice le arns about a ne w neighb or or receives a resynchro nizat ion requ est from an out-of -sy ...

  • Cisco Systems 2960-S - page 612

    24-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Conf igu rin g UDLD Configuring UDLD These sec tions co ntain this co nfiguration in format ion: • Default UD LD Configurat ion, pa ge 24-4 • Configuration Gu idelines, page 24-4 • Ena bling UDLD Global ly , page 24 -5 • Ena bling UDL ...

  • Cisco Systems 2960-S - page 613

    24-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 4 Configuring UD LD Configur ing UDLD Enabling UDL D Globally Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable UDLD in the aggressi ve or normal mode a nd to se t th e co nfigurable m essag e time r on all fiber-optic p orts on the switch an ...

  • Cisco Systems 2960-S - page 614

    24-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Conf igu rin g UDLD Enabling UDL D on an Inte rface Beginn ing in p ri vileg ed EXEC mode, fo llo w thes e steps ei ther to enable U DLD in t he aggressi ve or normal m ode o r to d isable U DLD on a po rt: Resetting an Interface Disabled by ...

  • Cisco Systems 2960-S - page 615

    24-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 4 Configuring UD LD Displaying UDLD Status Displaying UDLD Status T o display th e UDLD stat us for the specif ied port or for all port s, use the show udld [ interfa ce-id ] pri v ile ged EXE C command . For detaile d informat ion about the f ields in the com ...

  • Cisco Systems 2960-S - page 616

    24-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Displa ying U DLD Sta tus ...

  • Cisco Systems 2960-S - page 617

    CH A P T E R 25-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 25 Configuring CDP This c hapter d escrib es how to configure Cisco Discovery Protoco l (C DP) on the Catalyst 2960 and 2960-S switch es. Unless otherwise note d, the term switch refers to a standalo ne switch and to a switch stack. Note Stac king is supp o ...

  • Cisco Systems 2960-S - page 618

    25-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 25 Conf iguring CDP Conf ig uri ng CD P On the switch, CDP enables Netw ork Assistant to display a graphical vie w of the netw ork. The switch uses CDP to find cluste r candi dates an d maintai n inform ation about clust er members a nd other devices up to thre ...

  • Cisco Systems 2960-S - page 619

    25-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 5 Configuring CDP Configuring CDP Configuring the CD P Characteristics Y ou can configure the freq uency of CDP updat es, th e amount of time to hold t he inform ation before discar ding it, an d whether or no t to send V ersion-2 advert isement s. Beginn ing ...

  • Cisco Systems 2960-S - page 620

    25-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 25 Conf iguring CDP Conf ig uri ng CD P Beginning in privileged EX EC mod e, follow these steps to di sable t he CDP device disc overy capability: Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable CDP when it has been disa bled: This example s ...

  • Cisco Systems 2960-S - page 621

    25-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 5 Configuring CDP Monitoring and Maintaining CDP Beginning i n privileged E XEC mo de, follow these s teps to ena ble C DP on a port w hen it has been disabled : This exam ple sh ows how to enable CDP on a po rt wh en i t has been di sable d. Switch# configure ...

  • Cisco Systems 2960-S - page 622

    25-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 25 Conf iguring CDP Monito ring and Mai ntainin g CDP ...

  • Cisco Systems 2960-S - page 623

    CH A P T E R 26-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 26 Configuring LLDP, LL DP-MED, and Wire d Location Service Note T o use wired location service , the switch must be runnin g the LAN Base image. This c hapter d escrib es how to configu re the L ink La yer Discovery Prot ocol ( LLDP), L LDP M edia Endpoin ...

  • Cisco Systems 2960-S - page 624

    26-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Underst anding L LDP, LLDP- MED, and Wired Locat ion Servic e LLDP sup ports a set of att ributes tha t it uses to discover neighbo r devices. The se at t ri b ut es co nt a in t yp e, length, and v a ...

  • Cisco Systems 2960-S - page 625

    26-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Unde rsta ndin g LLDP , LL DP-M ED, and Wi red Loca tion Servic e • Po we r mana geme nt TL V Enab les ad va nced power mana gement betw een L LDP-ME D endp oint a nd ne twork con nectivity devices. ...

  • Cisco Systems 2960-S - page 626

    26-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Underst anding L LDP, LLDP- MED, and Wired Locat ion Servic e The MSE starts the NMSP connec tion to the switch, which opens a serv er port. When the MSE connects to the swi tch t here are a set of me ...

  • Cisco Systems 2960-S - page 627

    26-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Configuring LLDP, LLDP-MED, an d Wired Location Service • Default LL DP Configurat ion , page 26-5 • Configuration Gu idelines, page 26-5 • ...

  • Cisco Systems 2960-S - page 628

    26-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Configur ing LLDP, L LDP-MED , and Wired Loc ation Service Enabling L LDP Beginn ing in pri vile ged EXEC mode, follo w these steps to enab le LLDP: T o disable LLDP , u se th e no lldp run global co ...

  • Cisco Systems 2960-S - page 629

    26-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Use the no form of each of the LLDP commands to return to the def ault settin g. This e x ample sho ws h ow to conf igure LLDP ch aracter istics . ...

  • Cisco Systems 2960-S - page 630

    26-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Configur ing LLDP, L LDP-MED , and Wired Loc ation Service Beginn ing in pri vile ged EXEC mode, follo w these step s to enable a TL V on an interf ace: This e x ample sho ws h ow to en able a T L V o ...

  • Cisco Systems 2960-S - page 631

    26-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Use the no form of each com mand to return t o the default settin g. This exampl e shows ho w to configure VLA N 100 for voice appl icatio n with ...

  • Cisco Systems 2960-S - page 632

    26-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Configur ing LLDP, L LDP-MED , and Wired Loc ation Service Use the no form o f each command t o retu rn to th e def ault sett ing. This e xampl e sho ws ho w to co nfi gure ci vic location in formati ...

  • Cisco Systems 2960-S - page 633

    26-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service This e xample sho ws how to enable NMSP on a switch and to set the locat ion notif ication time to 10 seconds: Switch(config)# nms ...

  • Cisco Systems 2960-S - page 634

    26-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Monito ring and Mai ntainin g LLDP, LLD P-MED , and Wired Lo catio n Service show network-policy pr ofil e Displ ay th e conf igured net w ork-p oli cy pr of iles. show nmsp Display the NMSP informat ...

  • Cisco Systems 2960-S - page 635

    CH A P T E R 27-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 27 Configuring SPAN and RSPAN Note T o use RSP AN, th e switch mu st be runn ing the LAN Bas e image. This chap ter de scribe s ho w to conf igure Switched Port Analyzer ( SP AN) and Rem ote SP AN (RSP AN ) on the Catal yst 2960 and 2960-S sw itches. U nles ...

  • Cisco Systems 2960-S - page 636

    27-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N These sect ions co ntain this co nceptu al in forma tion: • Local SP AN, page 27-2 • Remo te SP A N, page 27-3 • SP AN a nd RSP AN Conce pts and T ermino logy , page 27 -4 • SP AN a nd RSP A N ...

  • Cisco Systems 2960-S - page 637

    27-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN Figure 27- 2 is an ex ampl e of a local SP AN in a swi tch st ack, where the so urce a nd de stination ports resid e on dif fer ent stack member s. Figur e 27 -2 Example o f Local SP AN Co nfigur atio ...

  • Cisco Systems 2960-S - page 638

    27-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N Figur e 27 -3 Example o f RSP AN Co nfigur ation SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts an d terminology associat ed with SP A N and RSP AN configurati on. SPAN ...

  • Cisco Systems 2960-S - page 639

    27-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN An RSP AN sour ce sessio n is ver y similar to a lo cal SP AN sessi on, ex cept for where the pa cket st ream is directe d. In an RSP AN so urce session, SP AN pack ets are relabeled w ith the RSP AN ...

  • Cisco Systems 2960-S - page 640

    27-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N • T ransm it (T x) SP A N—Th e goal of tran smi t (or egress) SP AN is to moni tor as much as pos sibl e all the p ackets sent b y the sou rce int erf ace aft er al l modif ication an d proce ssin ...

  • Cisco Systems 2960-S - page 641

    27-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN • It can be an ac cess por t, trunk port, or voice VLA N port. • It ca nnot be a de stinati on po rt. • Source por ts can be in the same or differen t VLANs. • Y o u can mo nitor multiple sour ...

  • Cisco Systems 2960-S - page 642

    27-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N Destination Port Each local SP AN session o r RSP AN destinat ion session must h av e a destination port (also called a monitoring port ) th at rece iv es a copy of traffic from the sour ce port s or ...

  • Cisco Systems 2960-S - page 643

    27-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN RSPAN V LAN The RSP AN VLAN carrie s SP AN traf f ic between RSP AN sou rce and destination se ssions. It h as these special ch aracter istics: • All traf fic i n the R SP AN VLAN i s al way s flood ...

  • Cisco Systems 2960-S - page 644

    27-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN If a physi cal por t that be longs to an Ethe rChan nel gro up is a d estinat ion port and the E therC hannel group is a sourc e, the port i s removed from t he E therCh annel g roup a nd from t he li st ...

  • Cisco Systems 2960-S - page 645

    27-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Default SPAN and R SPAN Configura tion T ab le 27-1 sh ows the default SP AN and R SP AN configuration . Configuring Local SPAN These sec tions co ntain this co nfiguration info rmat ion: • SP AN Co ...

  • Cisco Systems 2960-S - page 646

    27-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN • Y ou can limit SP A N traff ic to specific VLAN s by using the filter vlan keyword. I f a tr unk po rt is being monitored , only traff ic on the VLANs specified with this ke yword is monitore d. By d ...

  • Cisco Systems 2960-S - page 647

    27-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o d elete a SP AN session, use the no monitor session session _number global c onfiguration comma nd. T o r emove a sourc e or d estinat ion por t or VL AN fr om the SP AN sessio n, use t he no monit ...

  • Cisco Systems 2960-S - page 648

    27-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN The mo nitoring of traffic receiv ed on port 1 is di sabled, but traff ic sent from t his port co ntinue s to be monitored. This example shows how to remov e any e xisting configuration on SP A N session ...

  • Cisco Systems 2960-S - page 649

    27-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o d elete a SP AN session, use the no monitor session session _number global c onfiguration comma nd. T o r emove a sourc e or d estinat ion por t or VL AN fr om the SP AN sessio n, use t he no monit ...

  • Cisco Systems 2960-S - page 650

    27-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN Specifying VLANs to Filter Beginn ing in pri vileged EXEC m ode, follo w these steps to limit SP AN source traf fic to specif ic VLANs: T o monitor all VLANs on the trunk port, use th e no monitor sessio ...

  • Cisco Systems 2960-S - page 651

    27-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN This example shows how to remov e any e xisting configuration on SP A N session 2, configure SP A N sessi on 2 t o mon itor tra ff ic recei ved on Giga bit Et her net tr unk po rt 2, and send t raf fic ...

  • Cisco Systems 2960-S - page 652

    27-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN • W e recomm end tha t you configur e an RSP A N VLAN bef ore you c onfigure an RS P AN sou rce or a destination session. • If you enable VT P and VTP pruning, RSP AN traf fi c is pruned in the trunk ...

  • Cisco Systems 2960-S - page 653

    27-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Creating an RSPAN S ource Session Beginning in privileged EXEC mo de, fol low these steps t o start an RSP AN source se ssion and to specif y the monito red source and the d estination RSP AN VLAN: T o ...

  • Cisco Systems 2960-S - page 654

    27-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o rem ove a source port or VLAN fro m the SP AN sess ion, use the no monitor session session_n umber sour ce { inter face interface- id | vlan vlan-id } global co nf igur ation co mmand. T o remov e th ...

  • Cisco Systems 2960-S - page 655

    27-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o d elete a SP AN session, use the no monitor session session _number global c onfiguration comma nd. T o r emove a destina tion por t from the SP AN sessio n, use the no monitor session session_ num ...

  • Cisco Systems 2960-S - page 656

    27-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete an RSP AN session, use the no monitor session session_number globa l configurati on comman d. T o remove a destin ation po rt from the RSP AN session, use the no monit or session session_num b ...

  • Cisco Systems 2960-S - page 657

    27-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Specifying VLANs to Filter Beginning in privileged EXEC mo de, follow these steps t o configure the RSP A N source session to limit RSP AN source tr af f ic to specif ic VLANs: T o monitor all VLANs on ...

  • Cisco Systems 2960-S - page 658

    27-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Display ing SPAN and RSPAN Status Displaying SPAN and RSPAN Status T o di splay the cu rrent SP A N or RSP A N configuration , use the show monitor us er EX EC co mmand. Y ou can also use t he show running-conf ig privileged EX EC ...

  • Cisco Systems 2960-S - page 659

    CH A P T E R 28-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 28 Configuring RMON This chapt er desc ribes how to configure Re mote Networ k Monitor ing (RMO N) on t he Catalyst 2960 and 2960-S switch es. Unless otherwise note d, the term switch refers to a standalo ne switch and to a switch stack. Note Stac king is s ...

  • Cisco Systems 2960-S - page 660

    28-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 28 Configuring RMON Conf igu rin g RMON Figur e 28 -1 Remote Mo nito r ing Ex ample The switc h supports these RM ON groups (defined in RFC 1757) : • Statistics ( RMON group 1)—Collects E thernet statistic s (includi ng Fast Ethernet and Giga bit Ethern et s ...

  • Cisco Systems 2960-S - page 661

    28-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 28 Configur ing RMON Confi guring R MON • Collecting Group Histo ry Statisti cs on an Interf ace, page 28-5 (o ptional) • Collecting Group Eth ernet Statisti cs on a n Interf ace, page 28-5 (o ptio nal ) Default RMON Configuration RMON is disa bled by defaul ...

  • Cisco Systems 2960-S - page 662

    28-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 28 Configuring RMON Conf igu rin g RMON T o disable an alarm, use the no rmon al ar m numb er global con figuration co mmand on each alarm you configured . Y ou ca nnot di sable at on ce al l the a larms that you con figured. T o disabl e an event, use the no rm ...

  • Cisco Systems 2960-S - page 663

    28-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 28 Configur ing RMON Confi guring R MON Collectin g Group Hist ory St atistics on an Interface Y ou must f irst configure RM ON a larms and events to di splay collec tion inf orma tion. Beginn ing in pri vile ged EXE C mode, follo w these steps to colle ct group ...

  • Cisco Systems 2960-S - page 664

    28-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 28 Configuring RMON Displa ying R MON Sta tus T o disabl e t he coll ection o f gr oup E thernet sta tistics , use the no rmon collection stats inde x i nterf ace configurati on c ommand. This e xample sho ws how to c ollect RMO N statistics f or the o w ner ro ...

  • Cisco Systems 2960-S - page 665

    CH A P T E R 29-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 29 Configuring System Message Logg ing This c hapter d escrib es how to configure system me ssage l ogging on the C atalyst 2960 and 296 0-S switches. Unless othe rwise noted, the term switc h refers to a st andal one switch and to a switch st ack. Note Sta ...

  • Cisco Systems 2960-S - page 666

    29-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Y o u can set the se v erity le vel of the messages to control the type of message s displayed on the consoles and ea ch o f the destin ation s. Y ou ca n tim e-stam p log m essag es o ...

  • Cisco Systems 2960-S - page 667

    29-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng T ab le 29-1 d escribes the e lements of sy slog me ssages. This exam ple sh o ws a p artial s witch system m essage for a stack mast er and a stack memb er (hos tname Switc h-2 ): 0 ...

  • Cisco Systems 2960-S - page 668

    29-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Default Syste m Mess age Lo gging Con figuration T ab le 29-2 sh ows the default sy stem message l ogging configuratio n. Disabling M essag e Logging Message logging is enab led by def ...

  • Cisco Systems 2960-S - page 669

    29-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng The logging sy nchronous global configura tion com mand also a f fects t he display o f me ssages t o the console . When this c omma nd is e nable d, messa ges ap pear only a fter yo ...

  • Cisco Systems 2960-S - page 670

    29-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging The logging buffered g loba l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer . The b uf fer is circular , so newer messages ov erwrite ol der messages after ...

  • Cisco Systems 2960-S - page 671

    29-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Beginning i n privileged EX EC mo de, fol low these s teps t o configure s ynchr onous log ging . This procedur e is optional. T o di sable synch ronizat ion of unsoli cited messa ge ...

  • Cisco Systems 2960-S - page 672

    29-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Enabling a nd Disab ling Time S tamps on Log M essages By default, log message s are not time-stam ped. Beginning in privileged EXEC mo de, follow these steps to enab le time-st ampin ...

  • Cisco Systems 2960-S - page 673

    29-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng T o d isable seq uenc e numbers, use the no service sequence- numbers global co nfiguration c omman d. This example shows part of a logging displa y with seque nce numbe rs enabl ed: ...

  • Cisco Systems 2960-S - page 674

    29-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging T ab le 29-3 descri bes th e level ke ywords. It also lis ts the correspo nding UNIX s yslog de finitions from the most se vere le vel to the least sev ere le vel. The sof tware gener ...

  • Cisco Systems 2960-S - page 675

    29-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Beginn ing in p ri vilege d EXEC mode, follo w these step s to chan ge the le vel and history ta ble size defaults. T his proc edure i s option al. When the histor y table is full ( ...

  • Cisco Systems 2960-S - page 676

    29-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Beginning i n privileged E XEC mo de, follow these s teps to enabl e con figuration loggin g: This e xample sho ws how to enable the conf iguratio n-change logger and to set the numbe ...

  • Cisco Systems 2960-S - page 677

    29-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Logging Messages to a UNIX Syslog Daemo n Before yo u can send system log messages to a UNIX syslog server , you must con f igure the syslog daemon on a UNIX ser ver . T his p roced ...

  • Cisco Systems 2960-S - page 678

    29-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Display ing the Log ging Confi guration T o remo ve a sysl og serv er, u se the no logging ho st globa l configurat ion co mman d, and specify t he syslo g server IP address. T o disab le logging to syslog servers, enter ...

  • Cisco Systems 2960-S - page 679

    CH A P T E R 30-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 30 Configuring SNMP This chapt er describ es how to conf igure the Sim ple Network Mana gement Protocol (SN MP) on the Catalyst 2960 and 2960- S switch es. U nless ot herwis e noted, the term sw itch refers to a standalone switch and a swi tch st ack. Note ...

  • Cisco Systems 2960-S - page 680

    30-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Underst anding SNM P These sect ions co ntain this co nceptu al in forma tion: • SNMP V ersions, page 30-2 • SNMP Manage r Functions , pag e 30-3 • SNMP Agent Functions, pa ge 30-4 • SNM P Co mmuni ty Str ings , pa ge 30 -4 • Using ...

  • Cisco Systems 2960-S - page 681

    30-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Underst andin g SNMP T ab le 30-1 identifie s the character istics of the dif fer ent combinations o f security models and lev els. Y ou must configure the SN MP agent to use the SNMP version supp orted by the ma nageme nt station. Because a ...

  • Cisco Systems 2960-S - page 682

    30-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Underst anding SNM P SNMP Agen t Fun ctions The SNMP a gent respond s to SNMP manager requests as follo ws: • Get a MIB v ariable —The SNMP agen t begins this f unction in response to a request from the NMS. The agent r etrie ve s the v ...

  • Cisco Systems 2960-S - page 683

    30-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Underst andin g SNMP Figur e 30 -1 SNMP Networ k For informati on on suppor ted MIBs and how to access them, see Appe ndix B, “S uppor ted MIBs . ” SNMP Notifications SNMP allo ws the switch to send n otif ications to SNMP manag ers when ...

  • Cisco Systems 2960-S - page 684

    30-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Note The switch m ight n ot use sequenti al v alues w ithin a range . Configuring SNMP • Default SNMP Con figuration, page 30-6 • SNMP Configuration Gu idelines, page 30-7 • Disablin g the SNMP Agent, page 30-7 • ...

  • Cisco Systems 2960-S - page 685

    30-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP SNMP Config ura tion Guidelines If the switch starts and the switch startup conf ig uration has at least one sn mp -s er v er global conf igura tion comman d, the SNMP agen t is enabled. An SNMP gr oup is a tab le th at maps ...

  • Cisco Systems 2960-S - page 686

    30-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Configuring Community Strings Y ou use the SNMP c ommun ity str ing to define the r elatio nship be tween the SN MP ma nager and th e agent. The co mmunity string ac ts like a passwor d to permit access to the ag ent on ...

  • Cisco Systems 2960-S - page 687

    30-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP Note T o disa ble a ccess for an SNMP c ommun ity , set the co mmuni ty str ing for th at com munity to the null string (do not enter a value for th e communi ty string ). T o remov e a specif ic community string, use the no ...

  • Cisco Systems 2960-S - page 688

    30-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Step 3 snmp-server group gr oupn ame { v1 | v2c | v3 { auth | noauth | priv }} [ rea d re a d v i e w ] [ write writevi ew ] [ notify notifyvie w ] [ access access -list ] Configure a ne w SNMP gro up on the remote devi ...

  • Cisco Systems 2960-S - page 689

    30-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP Step 4 snmp-server use r us ernam e gr o upnam e { rem o te host [ udp-port port ]} { v1 [ access access -list ] | v2c [ acces s access-list ] | v3 [ encrypted ] [ acces s access-list ] [ aut h { md5 | sha } auth-password ] ...

  • Cisco Systems 2960-S - page 690

    30-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Configuring SNMP Notifications A trap manag er is a mana geme nt sta tion that re cei ves and proces ses trap s. T raps are system alerts that the switc h gener ates whe n cert ain events occu r . By default, no trap ma ...

  • Cisco Systems 2960-S - page 691

    30-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP Note Though visible in the comm and-line help strings, t he insertion , and re mo va l keywords are not supported. Y ou can use the snm p-server host global co nfiguration comm and to a sp ecific h ost to receive the notif ...

  • Cisco Systems 2960-S - page 692

    30-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Step 4 snmp-serv er gr oup gr oupname { v1 | v2c | v3 { auth | noauth | priv }} [ read re a d v i e w ] [ write write vie w ] [ notify notifyvie w ] [ access access-list ] Configure an SNMP g roup. Step 5 snmp-server ho ...

  • Cisco Systems 2960-S - page 693

    30-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP The snmp-ser ver hos t comman d speci f ies wh ich ho sts rec ei ve the notif ications. Th e snmp-server enab le trap command global ly enable s the mech anism f or the speci f ied notif ication (fo r traps and informs ). T ...

  • Cisco Systems 2960-S - page 694

    30-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Setting th e Agent C ontact and Location In formation Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to set the system conta ct and locatio n of the SNMP agen t so that these de scripti ons can be accesse d ...

  • Cisco Systems 2960-S - page 695

    30-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP SNMP Examp les This example shows ho w to enable a ll versions of SNMP . The co nfiguration permits any SNMP man ager to access all objects with read-only permissions usin g the community string public . This conf igura tio ...

  • Cisco Systems 2960-S - page 696

    30-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Displaying SNMP Status Displaying SNMP Status T o display SNMP input an d output stat istics, including th e number of i lle gal community str ing entries, errors, and request ed variable s, use t he show snmp privileged EXEC c omma nd. Y o ...

  • Cisco Systems 2960-S - page 697

    CH A P T E R 31-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 31 Configuring Network Security with ACLs This chap ter desc ribes how to configu re network se curit y on the Catalyst 2960 a nd 2960- S switche s by using access co ntrol lists (A CLs), also referred to as a ccess lists. Unless othe rwise noted, the te rm ...

  • Cisco Systems 2960-S - page 698

    31-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Underst andin g ACLs of conditio ns in the list is critical. I f no conditions match, the switch rejects the pack et. If there are no restri ctions , the switch f orwar ds the pack et; oth erwise, the switch drops the pa ...

  • Cisco Systems 2960-S - page 699

    31-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls Port ACLs Port A CLs are A CLs tha t are app lied to L ayer 2 in terf aces on a sw itch. Port A CL s are su pported o nly on physical i nterfaces and not on EtherC hanne l interface s and can be ...

  • Cisco Systems 2960-S - page 700

    31-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Underst andin g ACLs Note Y ou cannot apply more t han one IP ac cess l ist an d one M A C acce ss list t o a L ayer 2 inte rface. I f an IP acces s list or M A C a ccess list is alre ady conf igur ed on a Layer 2 interf ...

  • Cisco Systems 2960-S - page 701

    31-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls Note In the first and seco nd A CEs in th e example s, the eq ke yword afte r the destination address means to test for the T CP-de stination- port w ell-known numbe rs eq ualing Sim ple Ma il T ...

  • Cisco Systems 2960-S - page 702

    31-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Stack memb ers perfor m these ACL functions: • The y recei ve the A CL in format ion from th e master switc h and prog ram their har dwar e. • The y act as sta ndb y swi tches, ready t o tak ...

  • Cisco Systems 2960-S - page 703

    31-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Creating Stan dard and Exten ded IPv4 AC Ls This sec tion describ es IP ACLs. An A CL is a se quentia l colle ction of perm it an d deny co nditions. One by one, the switch tes ts pack ets aga in ...

  • Cisco Systems 2960-S - page 704

    31-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Note In addit ion to n umbered standa rd and ex tended A CLs, you can also cr eate stan dard a nd e xten ded nam ed IP A CLs by u sing th e sup ported numbers. That is, t he nam e of a standa rd ...

  • Cisco Systems 2960-S - page 705

    31-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Note When creatin g an A CL, remembe r that, by def ault, t he end of the A CL contai ns an implici t deny statem ent for all packet s that it did n ot fin d a match fo r before r eaching the end ...

  • Cisco Systems 2960-S - page 706

    31-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Note Th e switc h does not supp ort dyna mic or reflexive access lis ts. It al so does n ot suppor t filtering based on the ty pe of serv ice ( T oS) minim ize-m one tary-co st bit. Supporte d p ...

  • Cisco Systems 2960-S - page 707

    31-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs or access-list access- list-num ber { deny | permit } protocol any any [ prec edence pr eced ence ] [ tos tos ] [ fragmen ts ] [ time-r ange time- range-name ] [ dscp dsc p ] In access -list con ...

  • Cisco Systems 2960-S - page 708

    31-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Use the no access- list acc ess-list-number gl obal conf iguration comm and to delete the entire access list. Y ou canno t del ete in dividual ACEs from n umber ed a ccess li sts. This e xample ...

  • Cisco Systems 2960-S - page 709

    31-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs After c reating a numbered e xtend ed A CL , you can a pply it to terminal lines (see the “ Applying an IPv4 A CL to a T ermi nal Li ne” sec tion on page 31-1 7 ), to interfaces (see the “ ...

  • Cisco Systems 2960-S - page 710

    31-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs T o remo ve a na med s tanda rd A CL, use the no ip access-list standard name g lobal configuratio n comm and. Beginn ing in pri vileg ed EXEC mode, follo w these steps to create an exte nded A ...

  • Cisco Systems 2960-S - page 711

    31-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Using Time Ranges with ACLs Y ou can selec tiv ely apply extend ed ACLs based on the time of day and the week by using t he time- ran ge global con figuration co mman d. First, de fine a time-ra ...

  • Cisco Systems 2960-S - page 712

    31-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs This exam ple shows how to c onfigure ti me rang es fo r w orkhou rs and to con figure Januar y 1, 2006, as a comp any holid ay and to ver ify you r con figuration. Switch(config)# time-range wo ...

  • Cisco Systems 2960-S - page 713

    31-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs In this exam ple, the workstatio n that belongs to Jones is allowe d access, and the workstat ion that belongs to Smith is not allo wed access: Switch(config)# access-list 1 remark Permit only J ...

  • Cisco Systems 2960-S - page 714

    31-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Applying an IPv4 ACL to an Interface Note these guidelines: • Apply an ACL only to inbo und Lay er 2 ports. • Apply an A CL to either in bound or outbo und VLAN interfa ces to filter packets ...

  • Cisco Systems 2960-S - page 715

    31-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs This exam ple sh ows ho w to ap ply ac cess list 3 to filter packe ts going t o the CPU: Switch(config)# interface vlan 1 Switch(config-if)# ip access-group 3 in Note When you appl y the ip acce ...

  • Cisco Systems 2960-S - page 716

    31-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs T o determine the specialize d hardwa re resources, enter the show platform layer4 acl map pri vileged EXEC co mmand. If th e switch does not ha ve av aila ble resou rces, the output sh o ws tha ...

  • Cisco Systems 2960-S - page 717

    31-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Numbered ACLs This ACL accepts addr esses on net work 36.0.0 .0 subnet s and den ies all pac kets comi ng from 56.0. 0.0 subne ts. The A CL is applied to pack ets enter ing a por t. Switch(confi ...

  • Cisco Systems 2960-S - page 718

    31-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Creating Nam ed MAC Ext ended ACL s ! Switch(config-ext-nacl)# exit Switch(config)# interface gigabitethernet0/2 Switch(config-if)# ip access-group strict in Commented IP ACL Entries In this ex ampl e of a number ed A C ...

  • Cisco Systems 2960-S - page 719

    31-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Creat ing N ame d MA C Ex tend ed AC Ls Use the no mac access-list extended name glob al conf iguration command to delete the entire A CL. Y ou can a lso del ete individual A CEs from nam ed MAC extended A CLs. This ...

  • Cisco Systems 2960-S - page 720

    31-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration Beginn ing in pri vile ged E XEC mode, fo llo w these ste ps to apply a MA C access list to co ntrol acce ss to a Layer 2 i nterface: T o remov e the spec if ied ac cess gro up, use ...

  • Cisco Systems 2960-S - page 721

    31-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Displaying IPv4 ACL Configu ration T able 31 -2 Comman ds f or Displ ay ing A ccess Lists a nd A ccess Gr ou ps Comma nd Pu rpos e sho w ac ce ss- lis ts [ number | name ] Display the conte nts of one o r all curren ...

  • Cisco Systems 2960-S - page 722

    31-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration ...

  • Cisco Systems 2960-S - page 723

    CH A P T E R 32-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 32 Configuring Cisco IOS IP SLAs Operations Note T o use Cisco IOS IP Service Le vel Agreements (SLAs) , the switch must be running the LAN Base image. This c hapter d escrib es how to use Cisco IOS I P Serv ice Level Agreem ents (SL As) on the C ataly st 2 ...

  • Cisco Systems 2960-S - page 724

    32-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 32 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As Understandin g Cisco IOS IP SLAs Cisco IOS IP SLAs sends data across the network to measure per formance between multiple network locations or across multi ple network pa ths. It si ...

  • Cisco Systems 2960-S - page 725

    32-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 32 Configur ing Cisco IOS IP SLA s Operation s Understa nding Ci sco IOS IP SLAs This section has this infor mation about IP SLAs funct ionality: • Using Cisco IOS IP SLAs to Measu re Network Perfo rmance , page 32-3 • IP SLAs Respond er and IP SLAs Con trol ...

  • Cisco Systems 2960-S - page 726

    32-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 32 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As Note Th e switc h does n ot sup port V oice over IP ( V oIP) service lev els u sing th e gate keeper r egistration de lay operati ons measure men ts. Before configurin g any IP SLAs ...

  • Cisco Systems 2960-S - page 727

    32-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 32 Configur ing Cisco IOS IP SLA s Operation s Confi guring IP S LAs Operati ons Figur e 32 -2 Cisco IOS IP SLAs Res ponder Time Stam ping An addi tional benef it of the tw o time sta mps at t he tar get d e vice is th e abili ty to tra ck one-wa y dela y , jitt ...

  • Cisco Systems 2960-S - page 728

    32-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 32 Configuring Cisco IOS IP SLAs Operations Monito ring IP SLAs Operations Configurin g the IP SLAs Respond er The IP SLA s respond er is av ailabl e only on Ci sco IOS sof tware-based devices , includi ng some La yer 2 switches th at do not support full IP SLAs ...

  • Cisco Systems 2960-S - page 729

    CH A P T E R 33-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 33 Configuring QoS This chapte r describes ho w to conf igure q uality of service (QoS ) by using automat ic QoS (auto-QoS) comman ds or by using standa rd QoS comma nds on the Cataly st 2960 an d 2960-S switc hes. Wi th QoS, you can p rov ide prefe rential ...

  • Cisco Systems 2960-S - page 730

    33-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Understandin g QoS T ypically , netw orks oper ate on a best-ef fort deli very basis, whic h means that all t raf fi c has eq ual prior ity and an equ al chance of being d eli ve red in a timely ma nner . W hen co ngest ...

  • Cisco Systems 2960-S - page 731

    33-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figur e 33 -1 QoS Classificat ion La y ers in Fr ames and P ack ets All swi tches and ro uters that a ccess the Inte rnet rely on the cla ss inf ormation to pro v ide the same forwar ding treatm ent to pack ets with t he ...

  • Cisco Systems 2960-S - page 732

    33-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Basic QoS Model T o i mpleme nt QoS, t he switc h must distingu ish pac kets or fl ow from one a nother (classify) , assign a label t o in dicate the g i ven quali ty o f ser vice as the pack ets m ov e through th e swi ...

  • Cisco Systems 2960-S - page 733

    33-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figur e 33 -2 Basic QoS Model Classification Classification is the pro cess of distingu ishing one kind of traffic from anothe r by e xamin ing the fields in the packe t. Classif icatio n is enabled only if QoS is globa ...

  • Cisco Systems 2960-S - page 734

    33-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS For IP traff ic, you have these classificatio n options as shown in Figure 33-3 : • T r ust the DSCP v alue in the incomi ng packet (conf igure th e port to tr ust DSCP), a nd assign the same DSCP value to the p acket ...

  • Cisco Systems 2960-S - page 735

    33-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figu re 33-3 Classi fica tio n Flowchart 86834 Generate the DSCP based on IP precedence in pack et. Use the IP-precedence-to-DSCP map . Use the DSCP value to generate the QoS label. Assign def ault por t CoS. Ye s Ye s N ...

  • Cisco Systems 2960-S - page 736

    33-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Classification Based on QoS ACLs Note If the switch is running the LAN Lite im age, you can conf igur e A CLs, but you cann ot attach them to physical inter faces. Y ou can a ttach them to V LAN i nterfa ces to filter t ...

  • Cisco Systems 2960-S - page 737

    33-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Y ou create a c lass map by using th e class-map g lobal configuration com mand or the class policy-map configurati on com mand. Y ou sh ould use t he class-ma p com mand wh en t he map is sh ared am ong many ports. W he ...

  • Cisco Systems 2960-S - page 738

    33-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Policing on Physical Ports In policy m aps o n physic al por ts, y ou can create these types of pol icers: • Indi vidual—Qo S applies the bandwid t ...

  • Cisco Systems 2960-S - page 739

    33-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figure 33- 4 shows the policing an d marking proces s. Figur e 33 -4 Po licing and M ar king Flow c har t on Ph ysical P orts Mapping T ables Note T o use mapping tables, the switch must be running the LAN Base image. D ...

  • Cisco Systems 2960-S - page 740

    33-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Note Catalyst 2960-S switche s do not support ingress queue ing. • Durin g policing, QoS can ass ign anoth er DSCP v alue t o an IP or a non-IP packet ( if the pa cket is out o f prof il e and the po licer speci fies ...

  • Cisco Systems 2960-S - page 741

    33-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Because the tota l inboun d bandw idth of all ports can exce ed the ba ndwid th of the intern al ring , ingress queues are lo cated after the p acket is class if ied, poli ced, a nd mar ked and b efore pack ets ar e for ...

  • Cisco Systems 2960-S - page 742

    33-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS SRR Shaping and Sharing Both the in gress an d egr ess queu es are serv iced b y SRR, which contro ls the rate at which pa ckets ar e sent. On the in gress que ues, SR R sends pa ckets to the stac k or intern al ring. ...

  • Cisco Systems 2960-S - page 743

    33-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Queueing and Scheduling on Ingre ss Queues Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Figure 33- 7 shows the queueing and sch eduling fl owchart for ingres s ports. Figur e 33 -7 Queueing an d Sc ...

  • Cisco Systems 2960-S - page 744

    33-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS The switch supports tw o conf igurable ingress queu es, which are service d by SRR in shared mode only . T ab le 33-1 descri bes th e queue s. Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou ass ...

  • Cisco Systems 2960-S - page 745

    33-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Priorit y Queueing Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou can configure one ingress que ue as the pri orit y queue by using the mls qos srr -queue input priority-queue queue-id bandwidth ...

  • Cisco Systems 2960-S - page 746

    33-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Figur e 33 -8 Queueing and Sc hedulin g Flo w ch art f or Egress P orts Each p ort supp orts four egress queu es, o ne of whic h (qu eue 1) can be the egress expedi te qu eue. These queues a re configured by a queue -s ...

  • Cisco Systems 2960-S - page 747

    33-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS b uf fers) or not empty (free b uf fer s). If the qu eue is not o ve r- limit, the s witch can allo cate b uf f er space from t he r eserved poo l or f rom th e co mmon pool (if it is n ot emp ty). I f th ere a re no fr ...

  • Cisco Systems 2960-S - page 748

    33-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS modify it . Y ou map a port to queue-se t by using the queue-set qset-id interf ace co nf igura tion co mmand. Modify the queu e-set conf igurat ion to change the WTD threshol d percentages. F or more informa tion abou ...

  • Cisco Systems 2960-S - page 749

    33-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Configuring Auto-QoS Note T o use auto- QoS, t he swit ch must be running the L AN Base image. Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou can use the au to-Q oS feature to simpl ify the depl ...

  • Cisco Systems 2960-S - page 750

    33-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Generated Auto-QoS Configuration By def ault, auto-QoS is disabl ed on all po rts. P ackets ar e not modif ie d--the CoS, DSCP a nd IP preced en ce values in the packet are not ch an ged. Note Catal yst 2960-S sw ...

  • Cisco Systems 2960-S - page 751

    33-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS For informat ion about the tru sted bounda ry feat ure, see t he “Con figuring a Trusted Bound ary to Ensure Port Security ” secti on on page 39-4 2 . When yo u enable auto-Qo S by using th e auto qos voip cisc o-ph ...

  • Cisco Systems 2960-S - page 752

    33-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS • Global v alues change w ith the migr ation of enhance d commands . For a co mple te list of the genera ted comm ands that ar e a pplied t o the runnin g con figuration see Ta b l e 3 3 - 5 . Auto-Qo S Configu ...

  • Cisco Systems 2960-S - page 753

    33-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Global Auto-QoS Configuration T able 33-5 Genera ted A ut o-QoS C onfigur ation Description Automatically Generated Command { voip} Enhanced Automatically Generated Command{Vid eo|T rust|Classify} The switch aut omatica ...

  • Cisco Systems 2960-S - page 754

    33-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS The switch au tomatical ly maps DSCP v alues to an ingress queue and to a threshold ID. Note Catalyst 2960-S swit ches do not suppo rt ingress queuei ng. Switch(config)# no mls qos srr-queue input dscp-map Switch ...

  • Cisco Systems 2960-S - page 755

    33-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS The switch au tomatical ly maps DSCP values to an egress que ue and to a threshold ID. Switch(config)# no mls qos srr-queue output dscp-map Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 ...

  • Cisco Systems 2960-S - page 756

    33-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Auto-Qo S Generated Configurat ion For VoIP Devices If you ente red the auto qos voip cisco-phone command, the switc h automatica lly ena bles the tr usted bound ary featu re, which us es the CDP to de tect the p ...

  • Cisco Systems 2960-S - page 757

    33-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Switch(config-pmap)# class AutoQoS-VoIP-Control-Trust Switch(config-pmap-c)# set dscp cs3 Switch(config-pmap-c)# police 32000 8000 exceed-action policed-dscp-transmit After creati ng the class maps and poli cy maps, th ...

  • Cisco Systems 2960-S - page 758

    33-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS If you ente red the auto qos classify comman d, the swi tch aut omaticall y creat es class ma ps and p olic y maps. Switch(config)# mls qos map policed-dscp 0 10 18 to 8 Switch(config)# mls qos map cos-dscp 0 8 1 ...

  • Cisco Systems 2960-S - page 759

    33-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Switch(config-pmap-c)# set dscp cs3 Switch(config-pmap-c)# police 32000 8000 exceed-action drop Switch(config-pmap)# class AUTOQOS_DEFAULT_CLASS Switch(config-pmap-c)# set dscp default Switch(config-pmap-c)# police 1000 ...

  • Cisco Systems 2960-S - page 760

    33-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Switch(config-pmap-c)# set dscp af11 Switch(config-pmap-c)# police 10000000 8000 exceed-action policed-dscp-transmit Switch(config-pmap)# class AUTOQOS_TRANSACTION_CLASS Switch(config-pmap-c)# set dscp af21 Switc ...

  • Cisco Systems 2960-S - page 761

    33-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS • After auto- QoS is en ab led, do no t modi fy a policy map o r agg regate po lic er th at in clud es Au t oQ o S in its n ame. If y ou need to modify the policy map or a ggregate p olicer, make a c opy of it, and ch ...

  • Cisco Systems 2960-S - page 762

    33-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Troublesho oting Auto Qo S Comma nds T o display th e QoS com mands that are au tomatic ally gene rated when auto-QoS is enabl ed or d isabled, enter the deb ug auto qos pri vile ged EXEC comm and bef or e you en ...

  • Cisco Systems 2960-S - page 763

    33-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Displaying Auto-QoS Information Displaying Auto-Q oS Information T o display the initial auto-Q oS conf iguration, use the show auto qos [ interf ace [ interface-id ]] privileged EXEC comm and. T o display any user change s to tha t configu ...

  • Cisco Systems 2960-S - page 764

    33-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Default Standard QoS Configuration Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. QoS is disa bled. Ther e is no conce pt of tru sted or untru sted por ts be cause the packet s are not m odif ...

  • Cisco Systems 2960-S - page 765

    33-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T ab le 33-8 sh ows the default D SCP i nput queue thre shold ma p whe n QoS i s enable d. Default Egress Queue Configur ation T ab le 33-9 sh ows the de fault egress queue c onfigurati on for each qu eue- set whe ...

  • Cisco Systems 2960-S - page 766

    33-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T ab le 33-11 shows the default DSC P output que ue threshol d map when QoS is enabled . Default Mapping Table Conf iguration The default CoS-to-DSCP map is sho wn in T able 33- 12 on page 3 3-6 1 . The default ...

  • Cisco Systems 2960-S - page 767

    33-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Policing Guid elines Note T o us e polic ing, t he swi tch must be runnin g the LAN Base im age. • The por t ASIC de vice, whic h cont rols more than one physic al port, suppo rts 256 poli cers (255 user-configu ...

  • Cisco Systems 2960-S - page 768

    33-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Enabling Qo S Globally By default, QoS is disa bled on the sw itch. Beginn ing in pri vile ged EXEC mode, follo w these step s to enable QoS. This proced ure is required . T o disabl e QoS, use the no mls qos gl ...

  • Cisco Systems 2960-S - page 769

    33-41 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Figu re 33-1 0 P ort T rusted State s wit hin the Qo S Do main Beginn ing in pr i vilege d EXEC m ode, follo w these step s to conf igur e the po rt to tru st the cl assific ation of the traf fic that it recei ves ...

  • Cisco Systems 2960-S - page 770

    33-42 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return a port to its untrusted state, use the no mls qos trust inte rface c onfigura tion comm and. For informatio n on ho w to change th e defa ult CoS v alue, see the “Con f igu ring the Co S V alue fo r ...

  • Cisco Systems 2960-S - page 771

    33-43 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T o return to the defa ult setting, use th e no mls qos cos { def ault-cos | override } interface configura tion comm and. Configuring a Truste d Boundary to Ensure Port Securit y In a t ypica l network , you c on ...

  • Cisco Systems 2960-S - page 772

    33-44 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS trusted boundar y feature disables t he trusted setting on the switch port and pre v ents misuse of a high-pr iority queue . Note that the trusted bou ndary feature is not effective if the PC and Cisco IP Phon e ...

  • Cisco Systems 2960-S - page 773

    33-45 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Reg ardless of the DSCP tr ansparenc y conf igura tion, the switch modif ies the internal DSCP va lue of the pack et, which the switch us es to generate a cla ss of ser vice (CoS ) v alue that re present s the pri ...

  • Cisco Systems 2960-S - page 774

    33-46 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Figur e 33 -1 1 DSCP -T rust ed Stat e on a P ort Bor derin g Another Q oS Domain Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Beginn ing in pr i vilege d EXEC m ode, follo w these step s t ...

  • Cisco Systems 2960-S - page 775

    33-47 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T o return a port to its non-trusted state , use the no mls qos trust interfa ce conf igur ation co mmand. T o return to the d efault D SCP-to-DS CP-mutation m ap v alues, u se the no mls qos ma p dscp-mutation ds ...

  • Cisco Systems 2960-S - page 776

    33-48 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Classifying Traffic by Using ACLs Y ou can classif y IP traffic by using IP standard or IP extended A CLs; you can classify no n-IP traffi c by usin g Laye r 2 MA C A CLs . Beginn ing in pri vileg ed EXEC mode, ...

  • Cisco Systems 2960-S - page 777

    33-49 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pri vile ged EXEC mode, follo w these step s to create an IP exte nded A CL f or IP traf f ic: T o delete an acc ess list, u se the no access-list access-l ist-number globa l configura tion comma nd. ...

  • Cisco Systems 2960-S - page 778

    33-50 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mod e, follow these st eps to c reate a L ayer 2 M A C A CL for non-IP tra ff ic: T o delete an acc ess list, u se the no mac acce ss-list ex tended ac cess-list-name global configur ...

  • Cisco Systems 2960-S - page 779

    33-51 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying Traffic by Using Class Ma ps Y ou use the class-map global conf iguration co mmand to name and to iso late a spe cif ic tra ff ic flow (o r class) f rom all o ther traf fic. Th e class m ap def ines th ...

  • Cisco Systems 2960-S - page 780

    33-52 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existing policy map, use the no policy-map poli cy-ma p-nam e global configuration comm and. T o delet e an existing cl ass map, use the no c lass-map [ match-all | match-any ] class-map-na me glob ...

  • Cisco Systems 2960-S - page 781

    33-53 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying, Policing, and Marking Traff ic on Physical Ports by Using Policy Maps Note T o use polic ing and ma rking, t he switch must be running the LAN Base ima ge. Y ou can conf igure a polic y map on a physi ...

  • Cisco Systems 2960-S - page 782

    33-54 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EX EC mode , follow these steps t o creat e a policy map: Command Purpose Step 1 configur e terminal E nter g lobal configuration mode . Step 2 c lass-map [ match-all | mat ch-any ] class ...

  • Cisco Systems 2960-S - page 783

    33-55 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Step 5 trust [ cos | dscp | ip-prece dence ] Configure the trust state, whi ch QoS uses to gene rate a CoS-ba sed or DSCP-based QoS lab el. Note This co mmand is mutuall y exclusi ve with the set comma nd withi n ...

  • Cisco Systems 2960-S - page 784

    33-56 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existing policy map, use the no policy-map poli cy-ma p-nam e global configuration comm and. T o delet e an existing cl ass map, use the no class class-map -name poli cy-map configurati on comm and ...

  • Cisco Systems 2960-S - page 785

    33-57 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police 1000000 8000 exceed-action policed-dscp-transmit Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet0/1 S ...

  • Cisco Systems 2960-S - page 786

    33-58 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Switch# configure terminal Switch(config)# class-map cm-3 Switch(config-cmap)# match ip dscp 30 Switch(config-cmap)# match protocol ipv6 Switch(config-cmap)# exit Switch(config)# class-map cm-4 Switch(config-cma ...

  • Cisco Systems 2960-S - page 787

    33-59 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to create an aggreg ate policer: Comma nd Pu rpose Step 1 configur e terminal Enter global configurat ion mode . Step 2 mls qos agg regate-policer aggr e ...

  • Cisco Systems 2960-S - page 788

    33-60 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o r emove the specified a ggregate policer from a p olicy map, use th e no police aggr egate aggr egate-poli cer-nam e poli cy map c onfiguratio n mode . T o de lete an ag gregate police r an d its parame ters ...

  • Cisco Systems 2960-S - page 789

    33-61 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring DSCP Maps These sec tions co ntain this co nfiguration info rmat ion: • Conf iguring the CoS-to-DSCP Map, page 33-61 (o ptio nal ) • Configuring the IP -Prece dence-t o-DS CP Map, page 33-62 (op ti ...

  • Cisco Systems 2960-S - page 790

    33-62 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in pr iv ilege d EXEC mode, follo w these steps to modify t he CoS-to-DSCP m ap. This procedur e is optional. T o return to the default ma p, use the no mls qos cos-dscp global configurati on com mand ...

  • Cisco Systems 2960-S - page 791

    33-63 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pr i vilege d EXEC m ode, follo w these step s to modify t he IP-pr ecedence- to-DSCP map. This proc edure is option al. T o return to the default ma p, use the no mls qos ip-pr ec-dscp global con fi ...

  • Cisco Systems 2960-S - page 792

    33-64 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the default ma p, use the no mls qos policed- dscp global co nf igur ation co mman d. This exam ple sh ows ho w to map DSCP 50 to 57 t o a ma rked-down DSCP value of 0: Switch(config)# mls qos map ...

  • Cisco Systems 2960-S - page 793

    33-65 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXEC mo de, foll ow these s teps to modif y the DSCP-to- CoS map. This procedur e is optional. T o return to the default ma p, use the no mls qos dscp-cos global c onfiguration com mand. Th ...

  • Cisco Systems 2960-S - page 794

    33-66 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Y o u can c onfi gure multiple DSCP-to-DSCP-mutat ion maps on an ing ress port. T he def ault DSCP-to-DSCP-muta tion map is a null map, which maps an incoming DSCP value to the same DSCP va lu e. Beginning in pr ...

  • Cisco Systems 2960-S - page 795

    33-67 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS 4 : 40 41 42 43 44 45 46 47 48 49 5 : 50 51 52 53 54 55 56 57 58 59 6 : 60 61 62 63 Note In the above DSCP-to- DSCP-m utati on map, t he mutat ed values are shown in the bod y of the matrix. Th e d1 colum n specif ...

  • Cisco Systems 2960-S - page 796

    33-68 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXE C mode , follow these step s to map D SCP or CoS values to a n ingress que ue and to set WT D thre sholds. T his pro cedure is opt ional. T o re turn to the defau lt CoS input queue t ...

  • Cisco Systems 2960-S - page 797

    33-69 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS This exampl e shows ho w to map DSCP values 0 to 6 to ingres s queue 1 an d to thresh old 1 with a dro p thresho ld of 50 p ercent. It m aps DSC P values 20 to 2 6 to in gress queu e 1 a nd to th reshold 2 with a ...

  • Cisco Systems 2960-S - page 798

    33-70 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Allocating Bandwidth Between the Ingress Que ues Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou need to speci fy how much of the av a ilab le bandw idth is alloc ated between th e ingres ...

  • Cisco Systems 2960-S - page 799

    33-71 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring the Ingress Priority Queue Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Y ou should use the p riority qu eue onl y for traf fic that n eeds to be expe dited (for e xamp le, v oice ...

  • Cisco Systems 2960-S - page 800

    33-72 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Configuring E gress Queu e Characteristic s Depend ing on the co mplexity of yo ur networ k and your Qo S solution, you mig ht need to pe rform al l of the tasks in the ne xt sections. Y ou will need to make dec ...

  • Cisco Systems 2960-S - page 801

    33-73 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning i n privileged EXEC mode, follow these steps to configure the me mory al loca tion and to drop thresholds for a queue-se t. This procedure is optional. Comma nd Pu rpos e Step 1 configur e terminal Enter ...

  • Cisco Systems 2960-S - page 802

    33-74 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the de fault settin g, use the no mls qos queue- set output qse t-i d bu f f e r s global conf igurati on comm and. T o retu rn to the defaul t WTD thre shold percenta ges, use the no mls qos queue ...

  • Cisco Systems 2960-S - page 803

    33-75 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXE C mode, follow thes e st eps to map DSCP or CoS values to an egress queu e and to a thr eshold ID . This procedur e is optio nal. T o r eturn to th e de fault DSCP output queu e thre sh ...

  • Cisco Systems 2960-S - page 804

    33-76 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Configuring SRR Sh aped Weights on Egress Queues Y ou can specif y how much of t he av ailabl e bandwid th is alloc ated to ea ch queu e. The ra tio of the weight s is the r atio of fre quency in w hich the SRR ...

  • Cisco Systems 2960-S - page 805

    33-77 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring SRR Sh ared Weights on Egress Queues In shar ed mod e, the queues share th e band width am ong th em ac cordi ng to the configured weight s. The bandwidth is gu aranteed at this le vel but n ot limited ...

  • Cisco Systems 2960-S - page 806

    33-78 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Configuring the Egress Expedite Que ue Y ou can en sure that certai n packets have priori ty over all othe rs by queu ing the m in t he egress exped ite queue. SRR services this queue until i t is empty before s ...

  • Cisco Systems 2960-S - page 807

    33-79 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Displaying Standard QoS Information T o return to the default setting, use the no srr- queue bandwidth limit inter face conf ig uration comma nd. This exam ple sh ows how to limit the ba ndwid th on a port to 8 0 per cent: Switch(config)# i ...

  • Cisco Systems 2960-S - page 808

    33-80 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Display ing Standar d QoS Inform ation show mls qos maps [ cos-ds cp | cos- input-q | cos-outpu t-q | dscp-cos | dscp-input-q | dscp-mutation dscp -mutat ion-na me | dscp-output-q | ip-prec-dsc p | policed-ds cp ] Display QoS mapping info ...

  • Cisco Systems 2960-S - page 809

    CH A P T E R 34-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 34 Configuring Static IP Unicast Routing This c hapter d escribes how to configure I P V ersion 4 (IPv 4) stati c IP un icast ro uting on the Cataly st 2960-S an d 2960 swit ch. Sta tic rou ting is support ed onl y on switched v irtual interfac es (SVI s) a ...

  • Cisco Systems 2960-S - page 810

    34-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 34 Configuring Static IP Unicast Routing Underst anding IP Ro uting Figur e 34 -1 Routing T opology E xample When Host A in VLAN 10 needs to communicate with Host B in VLAN 10, it sends a packet add ressed to that host. Swit ch A forwards th e packet dir ectly t ...

  • Cisco Systems 2960-S - page 811

    34-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 34 Configur ing Static IP Unic ast Routing Steps f or Co nfiguri ng Rout ing Stack memb ers funct ions: • Act a s routi ng sta ndb y s witch es, ta king ov er if ele cted as the ne w stack master when t he stack mast er fails. • Program the routes in to hard ...

  • Cisco Systems 2960-S - page 812

    34-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 34 Configuring Static IP Unicast Routing Enablin g IP Unicast Ro uting Enabling IP Un icast Routing By default, the swi tch is in Lay er 2 sw itching m ode, a nd IP routing is disa bled. T o u se the Layer 3 capabiliti es of the switch, e nable IP routing. Begin ...

  • Cisco Systems 2960-S - page 813

    34-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 34 Configur ing Static IP Unic ast Routing Configuring Static Unicast Routes Configuring St atic Unicast Ro utes Static uni cast rou tes are use r -def ined routes that cause pac kets movin g betwee n a sourc e and a destinatio n to take a specif ied path. Stati ...

  • Cisco Systems 2960-S - page 814

    34-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 34 Configuring Static IP Unicast Routing Monito ring and Mai ntainin g the IP Networ k ...

  • Cisco Systems 2960-S - page 815

    CH A P T E R 35-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 35 Configuring IPv6 Host Functions This ch apter descr ibes how to con f igure IPv6 ho st functi ons on the C atalyst 2 960 and 2960-S switche s. Note T o use IPv6 Ho st Functions , the switch must be runni ng the LAN Base image . For information a bout con ...

  • Cisco Systems 2960-S - page 816

    35-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Underst andin g IPv6 This se ction de scribe s IPv6 implem entati on on t he swit ch. • IPv6 Add resses, page 35 -2 • Supported IPv6 Host Feature s, page 35- 2 IPv6 Addres ses The switch supp orts only IPv 6 unicast address ...

  • Cisco Systems 2960-S - page 817

    35-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Understanding IPv6 128-Bit Wide Unicast Addresses The s witch su pport s aggr e gatable global u nica st add resse s and l ink-l ocal uni cast ad dresse s. It does no t support site-local unic ast addresses. • Aggre gat abl ...

  • Cisco Systems 2960-S - page 818

    35-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Underst andin g IPv6 IPv6 Stateless Autoconfiguration and Duplicate Address Detection The sw itch use s statel ess aut oconfiguratio n to ma nage li nk, subne t, an d site addressin g chang es, such as manage ment of host and m ...

  • Cisco Systems 2960-S - page 819

    35-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Understanding IPv6 • If you try to c onfigure IPv6 w ithout first select ing a dual IPv 4 and IPv6 template, a warning me ssage appe ars. • In I Pv4-on ly en viron ments, th e swit ch app lies I Pv4 Q oS and A C Ls in har ...

  • Cisco Systems 2960-S - page 820

    35-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Conf igu rin g IPv6 Basic network c onnec tivity ( ping ) must e xist between the c lient an d the serv er hosts b efore HT TP connec tions c an be made. For more inf ormation, see the “Managing Cisco IOS Ap plicatio ns o ver ...

  • Cisco Systems 2960-S - page 821

    35-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Configur ing I Pv6 Configurin g IPv6 Add ressing a nd Enablin g IPv6 Host This section descri bes how to a ssign IPv6 addr esses to i ndividual La yer 3 interfac es and to gl obally forwar d IPv6 traf fic on the switch. Befor ...

  • Cisco Systems 2960-S - page 822

    35-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Conf igu rin g IPv6 T o remov e an IPv6 ad dress fr om an inte rface , use the no ipv6 addr ess ipv6-p r efix/pr efix length eui-64 or no ipv6 address ipv6-addre ss link-local int erface conf iguration command. T o remov e all ...

  • Cisco Systems 2960-S - page 823

    35-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Configur ing I Pv6 Configuring IPv6 IC MP Rate Limiting ICMP rat e limitin g is enabl ed b y def ault with a def ault inter va l betwee n error messages of 100 millisecond s and a bu cket size ( maximum numbe r of tokens t o ...

  • Cisco Systems 2960-S - page 824

    35-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Conf igu rin g IPv6 Configuring Static Routes for IPv6 Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to conf ig ure an IPv6 static route: Comma nd Pu rpos e Step 1 configur e terminal Enter globa l configurat ion ...

  • Cisco Systems 2960-S - page 825

    35-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Displaying I Pv6 T o remov e a configu red sta tic route, use the no ipv6 route ipv6-pr efi x/pr ef ix le ngth { ipv6-add r ess | interface- id [ ipv6-add r ess ]} [ admin istr at ive di stan ce ] glo bal configurat ion c om ...

  • Cisco Systems 2960-S - page 826

    35-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Displa ying I Pv6 T ab le 35-3 sh ows the privileged EX EC co mman ds for di splayin g in format ion abo ut IPv4 and IPv6 address type s. This i s an exampl e of t he o utput from the show ipv6 inte rface privi leg ed EXEC com ...

  • Cisco Systems 2960-S - page 827

    35-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Displaying I Pv6 This i s an exampl e of t he o utput from the show ipv6 neighbor pri vile ged E XEC co mmand: Switch# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface 3FFE:C000:0:7::777 - 0007.0007.0007 ...

  • Cisco Systems 2960-S - page 828

    35-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Displa ying I Pv6 ...

  • Cisco Systems 2960-S - page 829

    CH A P T E R 36-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 36 Configuring IPv6 MLD Snooping Note T o use IPv6 ML D Snooping , the switch mu st be runni ng the LAN Base i mage. Y o u can u se Multic ast Listene r Disco ve ry (MLD) sn ooping to enable ef f icient d istrib ution of IP versio n 6 (IPv6) multicast data ...

  • Cisco Systems 2960-S - page 830

    36-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Underst anding ML D Snoopin g Understandin g MLD Snooping In IP version 4 ( IPv4), La yer 2 sw itches c an use In ternet Gr oup Man agement Prot ocol ( IGMP) snoopi ng to limit the f looding of multi cast traf fic b y dynamicall ...

  • Cisco Systems 2960-S - page 831

    36-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Unders tanding MLD Snoop ing MLD Mess ages MLDv1 sup ports three ty pes of message s: • Listen er Querie s are the equ i v alent of IGM Pv2 quer ies and are ei ther Gen eral Quer ies or Multicast -Address-Spec ific Queries (M ...

  • Cisco Systems 2960-S - page 832

    36-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Underst anding ML D Snoopin g Multicast Rou ter Disc overy Like IG MP sn ooping, MLD s noopi ng perfo rms m ultica st r outer d iscovery , wi th th ese ch arac teristic s: • Ports c onfigured by a user never age out. • Dynami ...

  • Cisco Systems 2960-S - page 833

    36-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping The numbe r of MASQs ge nerated is configured by using the ipv6 mld sno oping last-listener -quer y count global con figuration co mmand . The de fault numb er is 2. The MASQ i s sent to the IPv6 ...

  • Cisco Systems 2960-S - page 834

    36-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Default MLD S noopi ng Configuration T ab le 36-1 sh ows the default MLD sno oping configuratio n. MLD Snoo ping Co nfig uration Guidelines When configur ing MLD snoopi ng, c onsider the se guid el ...

  • Cisco Systems 2960-S - page 835

    36-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping Enabling o r Disab ling MLD Sn ooping By default, IPv6 M LD sno oping i s globa lly d isabled on the switch and e nabled on al l VLAN s. When MLD snoop ing is glob ally disa bled, it is also disa ...

  • Cisco Systems 2960-S - page 836

    36-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Configuring a Sta tic Multicast Group Hosts or La yer 2 port s normal ly join m ulticast groups dyna micall y , but you can al so statica lly configure an IPv6 mu lticast addre ss and membe r ports ...

  • Cisco Systems 2960-S - page 837

    36-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to add a multicast ro uter port to a VLAN: T o remov e a multicast ro uter port fr om the VLAN, us e the no ipv6 mld snooping vlan vl an ...

  • Cisco Systems 2960-S - page 838

    36-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Configur ing ML D Snoopi ng Querie s When Imme diate Le ave i s not en abled an d a port rece iv es an MLD Done message , the swit ch generat es MASQs on th e port and sends them to the I Pv6 mult ...

  • Cisco Systems 2960-S - page 839

    36-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping This exam ple sh ows ho w to set the MLD sn oopi ng globa l robustness variab le to 3: Switch# configure terminal Switch(config)# ipv6 mld snooping robustness-variable 3 Switch(config)# exit Thi ...

  • Cisco Systems 2960-S - page 840

    36-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Display ing MLD Sn ooping Inf ormation Displaying MLD Snoo ping Informatio n Y ou can displa y MLD snooping inform ation for dy namica lly lea rned and sta ticall y configured rou ter ports a nd VLAN inter faces . Y ou can als o ...

  • Cisco Systems 2960-S - page 841

    CH A P T E R 37-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 37 Configuring EtherC hannels and Link-State Tracking Note T o u se link- state trac king, th e sw itch must be runnin g the LAN Base i mag e. This c hapter d escrib es how to configure Ether Chann els on the Cat alyst 29 60 an d 2960 -S switc hes. Ether Ch ...

  • Cisco Systems 2960-S - page 842

    37-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Understandin g EtherChann els • EtherC hannel O verview , page 37-2 • Port-Cha nnel I nterfac es, page 37 -4 • Port Aggregation Prot ocol, page 37-5 • Link A ggreg ...

  • Cisco Systems 2960-S - page 843

    37-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els The Et her Channel provides full-d uplex b andwidt h up to 800 Mb/ s (Fast E therCh annel) or 8 Gb/s (Gigab it Ethe rChanne l) betw een yo ur swit ch and anothe r switc h or h ...

  • Cisco Systems 2960-S - page 844

    37-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Figur e 37 -3 Cros s-Stac k EtherChan nel Port-Chan nel Interfaces When you cre ate a La yer 2 Ethe rChan nel, a por t-c hannel logical i nterfac e is in volved. Y ou can ...

  • Cisco Systems 2960-S - page 845

    37-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els Figur e 37 -4 Relationshi p of Ph ysical P orts, Lo gical P ort Channe ls, and Channel Gr oups After y ou conf igure an Ether Cha nnel, co nf igur ation ch ange s appli ed to ...

  • Cisco Systems 2960-S - page 846

    37-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels PAgP Modes T ab le 37-1 sh ows the use r -configur able EtherC hanne l P Ag P mode s for the channel-group interface configurati on c ommand. Switch por ts exchange P AgP ...

  • Cisco Systems 2960-S - page 847

    37-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els If the VSL between tw o switches fa ils, one sw itch does not kno w the statu s of the othe r . Both switches could ch ange to the act iv e mode, ca usin g a dual-active situa ...

  • Cisco Systems 2960-S - page 848

    37-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Both the acti v e and passive LA CP mod es en able po rts to ne goti ate wit h part ner po rts to an EtherC hannel b ased on crit eria suc h as port spe ed and , for Layer ...

  • Cisco Systems 2960-S - page 849

    37-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els W it h destin ation- MA C ad dress fo rw arding, wh en pack ets a re forw arded to an Et herCh annel , they are distributed acr oss the port s in the cha nnel base d on the de ...

  • Cisco Systems 2960-S - page 850

    37-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Figur e 37 -5 Load Distr ibution and F orwardin g Methods EtherChann el and S witc h Stack s If a stack mem ber that ha s ports part icipati ng in an Eth erChanne l fails ...

  • Cisco Systems 2960-S - page 851

    37-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels Configuring Eth erChannels These sec tions co ntain this co nfiguration info rmat ion: • Default Eth erCha nnel Configurat ion, pa ge 37-11 • Ether Channel C onfigurati on ...

  • Cisco Systems 2960-S - page 852

    37-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els EtherChann el Configuratio n Guidelin es Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge. If imp roper ly con figured, so me E t ...

  • Cisco Systems 2960-S - page 853

    37-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels • For Layer 2 Ethe rChanne ls: – Assign all p orts in the EtherChannel to the same V LAN, or co nf igure them a s trunks. Port s with different nat ive V LAN s cannot for m ...

  • Cisco Systems 2960-S - page 854

    37-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els T o remove a p ort from the E therCha nnel gro up, us e the no channel-group interface configurat ion comm and. Step 4 ch annel-group channel-group-number mode { auto [ non- ...

  • Cisco Systems 2960-S - page 855

    37-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels This exam ple sh o ws ho w to conf igu re a n Ether Chann el on a swit ch. It assig ns tw o po rts as stati c-acc ess ports i n VLAN 10 to cha nnel 5 with t he P AgP mode desir ...

  • Cisco Systems 2960-S - page 856

    37-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els Be ginn ing i n pri vile ged E XEC mo de, f oll ow these ste ps to conf igure Ethe rCha nne l loa d bala nci ng. T his procedur e is optional. T o return E therChannel load ...

  • Cisco Systems 2960-S - page 857

    37-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels Y ou also can configure a sing le port with in the group for all transmi ssions and use other port s for hot standby . Th e unused port s in the gr oup can be swappe d into ope ...

  • Cisco Systems 2960-S - page 858

    37-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els T o return the priority to its def ault setting, us e the no pagp port-priority interf ace c onf iguration command. T o return th e learning m ethod to its def ault setting ...

  • Cisco Systems 2960-S - page 859

    37-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to conf igur e the LA CP system priority . This procedur e is optional. T o return the LA CP system priority to the d ...

  • Cisco Systems 2960-S - page 860

    37-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Displaying Eth erChannel, PA gP, and LACP Status T o return the LA CP port priority to the def ault v alue, u se the no lacp port-priorit y inter face configurati on c ommand. Displaying EtherCh annel, ...

  • Cisco Systems 2960-S - page 861

    37-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understanding Link-State Tracking Note A n interfac e can b e an aggregati on of ports (an Et herChann el) , or a si ngle phys ical por t in a ccess or trunk mode. Figure 37- 6 on page 37-22 shows a networ ...

  • Cisco Systems 2960-S - page 862

    37-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding L ink-State Tracking • If all of the upstream interfac es become una v ailable, link-state tracking automati cally puts the do wnst ream inter faces in the err or -disabl ed state . Co ...

  • Cisco Systems 2960-S - page 863

    37-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Configuring Link-State Tracking Configuring Link -State Tracking • Default Lin k-Sta te T racking Configurati on, page 37-23 • Link-Sta te Tracking Co nfiguratio n Gui deline s, pa ge 37-23 • Conf ig ...

  • Cisco Systems 2960-S - page 864

    37-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing Link-S tate Tracki ng This exam ple sh ows how to crea te a link- state gr oup a nd c onfigure the inte rfaces: Switch# configure terminal Switch(config)# link state track 1 Switch(config) ...

  • Cisco Systems 2960-S - page 865

    CH A P T E R 38-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 38 Troubleshooting This chapter descr ibes ho w to identify and resolv e software probl ems related to the Cisco IOS software on the Cataly st 2960 and 2960 -S switche s. Dependi ng on the natur e of the problem, you can use the command-lin e interf ace (CL ...

  • Cisco Systems 2960-S - page 866

    38-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recovering f rom a Softwa re Failure • Using th e show platform for ward Comm and, page 38- 22 • Using the c rashinfo Files, page 38-23 • Using On-Boar d Failure Log ging, p age 38- 24 • Memory Consistency Check Rout ines, page 38-2 6 ...

  • Cisco Systems 2960-S - page 867

    38-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd Step 6 Press the Mode button and at the same time, reco nnect the po wer cord to the switch. Y o u can r elease the Mo de button a second or two after t he LED above port 1 goes off. Se veral l ...

  • Cisco Systems 2960-S - page 868

    38-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recoveri ng from a Los t or Forgotten Password Y ou enable or d isable pa ssword recovery by using the se rvice pa ssword -r eco very global c onfiguratio n comm and. When you e nter t he service password-recov ery or no service password-re c ...

  • Cisco Systems 2960-S - page 869

    38-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd Step 2 If you had se t the co nsole po rt spe ed to anything other than 9600, i t ha s been reset to tha t par ticula r speed. Chan ge the emulati on sof twar e line speed to mat ch that of the ...

  • Cisco Systems 2960-S - page 870

    38-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recoveri ng from a Los t or Forgotten Password Step 13 Write th e running c onfigu ration to t he startup c onfig uration f ile: Switch# copy running-config startup-config The new password is now in the startup con figuration. Note This proce ...

  • Cisco Systems 2960-S - page 871

    38-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd The switch f ile system appears: Directory of flash: 13 drwx 192 Mar 01 1993 22:30:48 c2960-lanbase-mz.122-25.FX.0 16128000 bytes total (10003456 bytes free) Step 4 Boot up the system: Switch: ...

  • Cisco Systems 2960-S - page 872

    38-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Prev ent in g Swi tch Stac k P rob lems Preventing Switch Stack Problems Note • Make sure that the swit ches that you add to or remove from th e switch stac k are pow ered off. For all po wering consider ations in switch stac ks, see t he ? ...

  • Cisco Systems 2960-S - page 873

    38-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recovering from a Command Switch Failure If you have not configured a stan dby comma nd swi tch, and your comma nd switc h lose s power or fail s in some other way , management contact with the member switc hes is lost, and you must install ...

  • Cisco Systems 2960-S - page 874

    38-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recoveri ng from a Com mand Switc h Failure Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Basic management setup configures only enough connectivity for management of the syst ...

  • Cisco Systems 2960-S - page 875

    38-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recovering from a Command Switch Failure Replacing a Failed Comma nd Switch w ith Anoth er Switch T o replace a failed command switch with a switch that is command-c apable b ut not part of the clu ster , foll ow thes e steps : Step 1 Inser ...

  • Cisco Systems 2960-S - page 876

    38-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recovering f rom Lost Clust er Member Conn ectivity Step 10 When pr ompted, assign a nam e to th e cl uster, and press Return . The clu ster name can be 1 to 31 al phan umeric charac ters, da shes, or un dersc ores. Step 11 When the initial ...

  • Cisco Systems 2960-S - page 877

    38-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubleshooting Power over Ethernet Switch Ports Troubleshooting Power over Ethernet Switch Ports These sec tions descr ibe how to troublesho ot Power ov er Ethern et (PoE) por ts. Note Power ov er Ethernet Plus (PoE+ ) is not supported on ...

  • Cisco Systems 2960-S - page 878

    38-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Monitorin g SFP Modu le Status If you are using a non-Cisco SFP module, remove the SFP mo dule from the switch, and replace it with a Cisco module. After inserting a Cisco SFP module, use the e rrdisable re cov ery cause gbi c-in valid globa ...

  • Cisco Systems 2960-S - page 879

    38-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using Layer 2 Tr aceroute Executing Ping Beginning in privileged EXEC mode , use this co mman d to ping a nother device on the netwo rk from th e switch: Note Th ough o ther p roto col keywords ar e available w ith th e ping com mand, they ...

  • Cisco Systems 2960-S - page 880

    38-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using La yer 2 Tra cero ute Understand ing Layer 2 T raceroute The Lay er 2 tra cerou te feat ure al lows the swit ch to id entif y the physic al pat h that a packet takes fr om a source device to a destin ation device. La yer 2 trace route ...

  • Cisco Systems 2960-S - page 881

    38-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using IP Traceroute • When multipl e de vices are attached to one p ort through h ubs (for e xample, m ultiple CDP n eighbors are de tecte d on a port) , the Layer 2 tra cerou te fea ture i s not support ed. Wh en m ore than on e CD P nei ...

  • Cisco Systems 2960-S - page 882

    38-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using I P Trac eroute T o learn when a datagram reaches its de stination, trace route sets the UDP destinati on port number in the datagram to a v ery lar ge v alue that the de stination host is unlik ely to be using. When a host recei ves a ...

  • Cisco Systems 2960-S - page 883

    38-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Usin g TDR T o end a trace in pr ogres s, enter the escape s equence ( Ctrl-^ X by defaul t). Si multane ously pr ess a nd release th e Ctrl , Shift , and 6 keys and then p ress the X ke y . Using TDR These se ctions conta in this i nformat ...

  • Cisco Systems 2960-S - page 884

    38-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using D ebug Command s T o display the resu lts, enter th e sho w cable -diagnos tics t dr interf ace inte rf ace -i d pri vilege d EX EC command . For a descriptio n of the f ields in the displa y , see the comm and refer ence for this rele ...

  • Cisco Systems 2960-S - page 885

    38-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using Debug C ommands T o d isab le debugging of SP AN, e nter th is comm and in privileged EX EC m ode: Switch# no debug span-session Alterna tely , in pri vileg ed EXEC mod e, you can enter the undeb ug form of th e co mmand: Switch# unde ...

  • Cisco Systems 2960-S - page 886

    38-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using the s how platfo rm forward Co mmand Using the show p latform forward Command The output from the s h o w p l a t fo r m fo r w ar d privileged EXE C com mand pr ovides so me u seful inform ation a bout the forwardin g result s if a pa ...

  • Cisco Systems 2960-S - page 887

    38-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using the cr ashinfo Files This is an exam ple of the output whe n the packet coming in on port 1 in VLA N 5 is sent to an add ress already learne d on the VL AN on ano ther por t. It shou ld be forwa rded from the po rt on which the addre ...

  • Cisco Systems 2960-S - page 888

    38-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using On-Board F ailure Lo gging Y o u can display the most recent basic crashinf o file (that is, the f ile with the highest sequ ence number at the end of its f ilename) b y entering the show stacks or the show tech-support privileged EXEC ...

  • Cisco Systems 2960-S - page 889

    38-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using On-Board Failure Logging • T emp erat ure—T emperat ure of a standa lone s witch or a stack me mber • Uptime data—T ime when a standalone switch or a stack member starts, the rea son the switch restarts, and the length of time ...

  • Cisco Systems 2960-S - page 890

    38-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Memory Con sistenc y Check Routi nes Displaying OBFL Information T o displ ay th e OBFL i nform ation , use one or more of t he pri vile ged EX EC com mands in T ab le 38-3 : For more info rmat ion abou t using t he comm ands i n T able 38-3 ...

  • Cisco Systems 2960-S - page 891

    38-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les Displaying T CAM M emory Con sistenc y Check E rro rs Beginning in privileged EX EC mode, use this comm and to displ ay the T CAM memo ry consis tency check errors detect ed on the s witch: This e xample sho ws inf ...

  • Cisco Systems 2960-S - page 892

    38-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables Troubleshooting CPU Utilization This section lists some possible symptoms that co uld be caused by the CPU being too b usy and show s ho w to v erify a CPU utilizati on problem . T able 38 -5 lists the primary types o ...

  • Cisco Systems 2960-S - page 893

    38-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les For complete information about CPU utilizatio n and ho w to troubleshoot utilizatio n problem s, see th e T r oubleshooting High CPU Utilization documen t on Cisco. com. Troublesho oting Pow er over Etherne t (PoE) ...

  • Cisco Systems 2960-S - page 894

    38-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables No PoE on a ll port s or a group of p orts. T rouble is on all switch por ts. Nonpowered Et hern et devices canno t esta blish an Ethern et l ink on any por t, an d PoE devices do not power on. If there is a continuou ...

  • Cisco Systems 2960-S - page 895

    38-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les Cisco IP Phone disconn ects or re sets. After working norma lly , a Cisco pho ne or wireless access point inter mittently reload s or d iscon nects from PoE . V erify all el ectric al conn ections fr om the swit ch ...

  • Cisco Systems 2960-S - page 896

    38-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables Troublesho oting Switc h Stacks Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge. T able 38-6 S witch Stac k T r oubleshooting Scenar ios Sympt om/pr obl em How to V erif y ...

  • Cisco Systems 2960-S - page 897

    38-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les Port nu mbe ring in one or more switches is incorrec t or changed. Enter the show switch detail us er EXEC comman d. Multiple Sta ckW ise cables a re discon nected from st ack m embers creat ing t wo separat e stac ...

  • Cisco Systems 2960-S - page 898

    38-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables ...

  • Cisco Systems 2960-S - page 899

    CH A P T E R 39-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 39 Configuring Online Diagnostics This c hapter d escribes how to configure the online diagnost ics on the 2960 and 2960-S switches. Note Onl ine dia gnostics is sup ported on ly o n Cataly st 2960- S switch es runni ng the L AN ba se im age. For complete s ...

  • Cisco Systems 2960-S - page 900

    39-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 39 Config uring Onl ine Dia gnostic s Scheduli ng Onlin e Diagnos tics Scheduling On line Diagnost ics Y ou can schedule online dia gnostics to run at a designa ted time of da y or on a daily , weekly , or monthl y basis for a specific switch. Use the no form o ...

  • Cisco Systems 2960-S - page 901

    39-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 9 Configuring On line Dia gnostics Runni ng Online Dia gnostic Tests This e xample shows h ow to configur e the specif ied test to r un e v e r y 2 m i n ut es: Switch(config)# diagnostic monitor interval switch 1 test 1 00:02:00 0 1 This example shows ho w to ...

  • Cisco Systems 2960-S - page 902

    39-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 39 Config uring Onl ine Dia gnostic s Displa ying On line Dia gnostic Tests a nd Test Res ults Th is ex am pl e s h ows h ow to start diag nostic s test 2 on a sw itch d isrupt ing nor mal system op er a ti on s , causing the switch to lose st ack c onnecti vit ...

  • Cisco Systems 2960-S - page 903

    39-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 9 Configuring On line Dia gnostics Displaying Onlin e Diagnostic Te sts and Te st Results Th is ex am p l e s h ows how to display the online diagno stics that are configured on a switch: Switch# show diagnostic content switch 3 Switch 3: Diagnostics test suit ...

  • Cisco Systems 2960-S - page 904

    39-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 39 Config uring Onl ine Dia gnostic s Displa ying On line Dia gnostic Tests a nd Test Res ults ====== ==== ============================= =============================== ====== Switch# This e xample shows ho w to disp lay the o nline di agnostic te st schedule f ...

  • Cisco Systems 2960-S - page 905

    A- 1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX A Working with the Cisco IOS File System, Configuration Files, an d Software Images This ap pendix d escrib es how to manipu late the Catalyst 2960 an d 2960 s witc h flash file syst em, how to copy conf iguration f iles, and ho w to a rchi v e (upload a nd do wn ...

  • Cisco Systems 2960-S - page 906

    A- 2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System • Copying Fil es, p age A-5 • Deleting Files, page A-5 • Creating, Displaying, and Extractin g tar Files, page A-6 • Dis playi ng t ...

  • Cisco Systems 2960-S - page 907

    A-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System Setting the Def ault File System Y o u can specify th e f ile system o r direct ory tha t the sy stem uses as the def ault f ile system b y ...

  • Cisco Systems 2960-S - page 908

    A- 4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System T o display information about f iles on a fil e system, use one of the pri vileged EXEC commands in Ta b l e A - 2 : Changing Dir ector ies ...

  • Cisco Systems 2960-S - page 909

    A-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System Use t he /recur sive keyword to dele te the n amed di recto ry and a ll subd irector ies and the f iles c ontained in it. Use the /f o rce k ...

  • Cisco Systems 2960-S - page 910

    A- 6 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System Use the /rec ursiv e ke yword for del eting a dir ectory and all subdire ctories a nd the files containe d in it. Use the /f o rc e keyword ...

  • Cisco Systems 2960-S - page 911

    A-7 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System This e xample sho ws ho w to create a tar f ile. This comman d writes the contents of the new -con f ig s directo ry on the loc al fl ash de ...

  • Cisco Systems 2960-S - page 912

    A- 8 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files • For the RCP , the syntax is rcp : [[ // u ser name @ location ] / di r ector y ] / tar -f ilename .tar • For the TFTP , the syntax is tf ...

  • Cisco Systems 2960-S - page 913

    A-9 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Y ou can copy ( downloa d ) configuration files from a TFTP , FTP , or R CP server t o the running configurati on or startup configura tion o ...

  • Cisco Systems 2960-S - page 914

    A-10 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files command than the e xisting conf igur ation, the IP address in the copi ed conf iguration is used. Howe ver , some comm ands in th e existing c ...

  • Cisco Systems 2960-S - page 915

    A-11 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Preparing to Download or Uploa d a Configuration File B y Using TFTP Before yo u begin downloading or uplo ading a co nfiguration file by usi ...

  • Cisco Systems 2960-S - page 916

    A-12 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files This ex ample s ho ws ho w to conf igure the softw are from the f ile tokyo-confg at I P add ress 17 2.16.2. 155: Switch# copy tftp://172.16.2 ...

  • Cisco Systems 2960-S - page 917

    A-13 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files The user name and pass word must be asso ciat ed with an acco unt on the FTP server . If you ar e writi ng to the serv er , the FTP serv er m ...

  • Cisco Systems 2960-S - page 918

    A-14 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files This exam ple shows how to copy a c onfiguration file named host1-c onfg from th e neta dmi n1 directory on the remot e server w ith a n IP a ...

  • Cisco Systems 2960-S - page 919

    A-15 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Uploading a Configuration File By Using FTP Beginn ing in pr i vilege d EXEC m ode, follo w these steps to upload a conf iguratio n f ile b y ...

  • Cisco Systems 2960-S - page 920

    A-16 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files T o u se RCP to copy files, the server from or to which you will be copying files must support RCP . The RCP copy comman ds rely on th e rsh s ...

  • Cisco Systems 2960-S - page 921

    A-17 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files If the switch IP address tr anslates to Swit ch1.compa ny .c om , the .rhosts f ile for User0 on the RCP server shou ld conta in this line: S ...

  • Cisco Systems 2960-S - page 922

    A-18 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Connected to 172.16.101.101 Loading 1112 byte file host2-confg:![OK] [OK] Switch# %SYS-5-CONFIG_NV:Non-volatile store configured from host2-co ...

  • Cisco Systems 2960-S - page 923

    A-19 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Clearing Con figuration Informatio n Y ou can cl ear t he configurat ion i nform ation fr om t he start up co nfiguration . If you reboo t th ...

  • Cisco Systems 2960-S - page 924

    A-20 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Archiving a Con figuration The con fig uratio n archi ve pro vides a mechani sm to sto re, or ganize, an d mana ge an arch i ve o f configurat ...

  • Cisco Systems 2960-S - page 925

    A-21 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Configuration Guideli nes Follow these guidel ines wh en configu ring and perfo rmin g configurat ion repla cement and roll back : • Make s ...

  • Cisco Systems 2960-S - page 926

    A-22 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Performing a Configurat ion Replacement or Rol lback Operation Starting in pri v ileg ed EXEC mode, fol lo w these ste ps to replac e the r un ...

  • Cisco Systems 2960-S - page 927

    A-23 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Working with So ftware Image s This se ction descri bes how to a rchive (download an d upl oad) sof tware image files, whic h cont ain t he syst ...

  • Cisco Systems 2960-S - page 928

    A-24 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Note For a l ist of sof twar e image s and the suppo rted upgrad e path s, se e the rel ease notes. Image Loca tion on the Sw itch The Ci sco IOS ...

  • Cisco Systems 2960-S - page 929

    A-25 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Copying Imag e Files By Us ing TF TP Y o u can d o wnload a switch im age fr om a TF TP serv er or upload the ima ge from th e switch to a T FTP ...

  • Cisco Systems 2960-S - page 930

    A-26 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Make sure tha t the /et c/service s fi le co ntains this line: tftp 69/udp Note Y ou must restart th e inetd daemon after modif ying the /etc/ine ...

  • Cisco Systems 2960-S - page 931

    A-27 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The download a lgorithm verifies t hat t he im age is app rop riate f or t he swi tch m odel a nd tha t enou gh DRAM is prese nt, or it abor ts t ...

  • Cisco Systems 2960-S - page 932

    A-28 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Uploading an Image File By Using TFTP Y o u can up load an image fr om the switc h to a T FTP serv er . Y ou can later d o wnload this image to t ...

  • Cisco Systems 2960-S - page 933

    A-29 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images These sec tions co ntain this co nfiguration info rmat ion: • Prepar ing to Do wnload or Upload an I mage Fil e By U sing FTP , page A-29 • D ...

  • Cisco Systems 2960-S - page 934

    A-30 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es and you have a valid usernam e, this username is used , and you do not ne ed to set th e FTP user name. Includ e t he us ern ame i n th e archive ...

  • Cisco Systems 2960-S - page 935

    A-31 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The download a lgorithm verifies t hat t he im age is app rop riate f or t he swi tch m odel a nd tha t enou gh DRAM is prese nt, or it abor ts t ...

  • Cisco Systems 2960-S - page 936

    A-32 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Uploading an Image File By Using FTP Y o u can upload an image fr om the switch to an FTP server . Y ou can later do wnlo ad this image to the sa ...

  • Cisco Systems 2960-S - page 937

    A-33 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Copying Imag e F iles By Using RCP Y ou can do wnlo ad a s witch im age fr om an R CP se rver or u pload the im age from the s witch to an R CP s ...

  • Cisco Systems 2960-S - page 938

    A-34 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es For the RCP c opy request to e xecu te succ essful ly , an account must be def ined on the net wor k serv er f or the remo te userna me. If the s ...

  • Cisco Systems 2960-S - page 939

    A-35 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The download a lgorithm verifies t hat t he im age is app rop riate f or t he swi tch m odel a nd tha t enou gh DRAM is prese nt, or it abor ts t ...

  • Cisco Systems 2960-S - page 940

    A-36 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es If yo u speci fy th e /lea v e-old-sw , the exis ting f iles are n ot remo v ed. If ther e is not enough room to instal l the ne w imag e an keep ...

  • Cisco Systems 2960-S - page 941

    A-37 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images The a rch ive upl oad-sw pri vile ged EXE C command b uil ds an image f i le on the serv er b y upload ing these fi les in order: in fo, the Cisc ...

  • Cisco Systems 2960-S - page 942

    A-38 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Beginn ing in pri vile ged EXE C mode from the stac k member th at you want to upgrade, fo llo w these steps to copy the ru nning image file from ...

  • Cisco Systems 2960-S - page 943

    B-1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX B Supported MIBs This a ppend ix list s the supporte d ma nagement infor matio n base (MIBs) for t his rel ease on the Catalyst 2960 and 2960- S switches . It contai ns these secti ons: • MIB List, pa ge B-1 • Usin g F TP to Acce ss th e M IB Fil es , pag e B ...

  • Cisco Systems 2960-S - page 944

    B-2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendi x B Supported MI Bs MIB List • CISCO-IET F-IP-FOR W ARDING- MIB • CISCO- IGM P-FIL TER-M IB • CISCO -IMA GE-MIB (Onl y stac k mast er image d etails are sho wn. ) • CISCO IP-ST A T -MIB • CISCO-LAG-MIB • CISCO-M A C-A UTH-B YP A SS • CISCO-MAC-NO TI ...

  • Cisco Systems 2960-S - page 945

    B-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix B Supported M IBs MIB List • INET -ADDRESS-MIB • LLDP MED MIB • OLD-CISCO-CHASSIS-MI B (Par tial suppor t; some obje cts reflect only the sta ck master .) • OLD-CISCO- FLASH-MIB (Su pports only the stack master . Use CISCO-FLASH_MIB.) • OLD-CISCO- INTER ...

  • Cisco Systems 2960-S - page 946

    B-4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendi x B Supported MI Bs Using FTP to Acces s the MIB Files Using FTP to Access the MIB Files Y ou can get each MI B file by using this procedu re: Step 1 Make sure that you r FTP clie nt is in passiv e mode. Note Some FTP clie nts do n ot suppo rt passive mode. Step 2 ...

  • Cisco Systems 2960-S - page 947

    C-1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX C Unsupported Co mmands in Cisco IOS Rele ase 12.2(55)SE This app endix lists so me of the command -line inter face (CLI) comm ands that a ppear when you en ter the question mark (?) at the Cata lyst 2960 or 2960- S swit ch prom pt but ar e not supporte d in t his ...

  • Cisco Systems 2960-S - page 948

    C-2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE Boot Lo ader Comman ds show acc ess-lists rate-limit [ destin ation ] show accounting show i p accounting [ checkpoint ] [ out put-pa ckets | access viol ations ] show ip cac he [ pr efix-mask ] [ type num ...

  • Cisco Systems 2960-S - page 949

    C-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(55)SE Interface Command s Interface Command s Unsupporte d Privileged E XEC Co mmands show in terfac es [ interface-id | vlan vlan -id ] [ crb | fair -queue | irb | mac-acco unting | precede nce | irb | random-d ...

  • Cisco Systems 2960-S - page 950

    C-4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE Miscella neous mac-ad dre ss-tab le static Miscellaneous Unsupported Us er EXEC C ommands veri fy Unsupporte d Privileged E XEC Commands f ile v erify auto show cabl e-diagnostics prbs test cable-diagnosti ...

  • Cisco Systems 2960-S - page 951

    C-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(55)SE RADIUS Unsupporte d Interface Configuration Commands priority-gr oup rate-limit Unsupporte d Policy-Map Configuration Command class class-default wh ere class-default is the class-map-name . RADIUS Unsuppo ...

  • Cisco Systems 2960-S - page 952

    C-6 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE SNMPv3 SNMPv3 Unsupporte d 3DES Enc ryption Command s All Spanning Tree Unsupporte d Global Con figuratio n Command spanning-tree pathcost method { long | short } Unsupporte d Interface Configuration Comma ...

  • Cisco Systems 2960-S - page 953

    C-7 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(55)SE VTP Unsupporte d VLAN Databa se Co mmands vtp vlan show vlan private-vlan VTP Unsupporte d Privileged E XEC Co mmands vtp { password pass wor d | pruning | version number } Note This com mand h as be en re ...

  • Cisco Systems 2960-S - page 954

    C-8 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE VTP ...

  • Cisco Systems 2960-S - page 955

    A- 1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX A Recommendations for Upgrading a Catalyst 2950 Switch to a Catalyst 2960 Switch This app endix describe s the conf iguratio n compatibility issues and the featu re beha vior dif ferences that you mi ght enc ounter w hen you u pgrade a Ca talyst 2950 s witch to a ...

  • Cisco Systems 2960-S - page 956

    A- 2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A Recommendation s for Upgradi ng a Catalyst 2950 Switch to a C atalyst 2960 Switch Conf igu rat ion Comp ati bil ity Is sues T able A -1 Ca talyst 2950 and 296 0 S witch Configur ation In compatib ilities Feature C ataly st 2950 Switch Comman d and Exp lanation ...

  • Cisco Systems 2960-S - page 957

    A-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Recommen dations f or Upgradi ng a Catalyst 2950 Sw itch to a Cataly st 2960 Switch Configuration Compatibility Issues IEEE 802.1x I n Cisco IOS 12 .1EA, the Ca talyst 295 0 switch range s for t he IEE E 802.1 x server-timeou t, supp -time out, a nd tx-pe riod ...

  • Cisco Systems 2960-S - page 958

    A- 4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A Recommendation s for Upgradi ng a Catalyst 2950 Switch to a C atalyst 2960 Switch Conf igu rat ion Comp ati bil ity Is sues QoS 2 There i s limite d QoS c onfi guration co mpatibility between the Cataly st 2950 switch an d the Catalyst 2960 switch. W e recomme ...

  • Cisco Systems 2960-S - page 959

    A-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Recommen dations f or Upgradi ng a Catalyst 2950 Sw itch to a Cataly st 2960 Switch Feature Behavior Incompatibilities Feature Behavior In compatibilities Some fe ature s behave differently on the Ca talyst 2950 an d Cat alyst 2 960 sw itches, a nd som e fea tu ...

  • Cisco Systems 2960-S - page 960

    A- 6 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A Recommendation s for Upgradi ng a Catalyst 2950 Switch to a C atalyst 2960 Switch Featu re Be havi or Inco mpat ib ilit ies • RSP AN The Catalyst 2950 switch uses an ext ra port, called the reflector port, for its RSP AN implementation. This is not ne cessar ...

  • Cisco Systems 2960-S - page 961

    IN-1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 INDEX A abbrev iati ng comm ands 2-3 AC (c omma nd sw itc h) 6-10 acces s-class comma nd 31-17 acces s contr ol entries See ACEs access-de nied r espons e, VM PS 13-23 access group s Layer 3 31-19 access group s, appl ying IPv4 AC Ls to interf aces 31-18 acce ssing cluste ...

  • Cisco Systems 2960-S - page 962

    Index IN-2 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 matc hi ng 31-7, 31-19 monitori ng 31-24 named, IPv4 31-13 number pe r QoS class map 33-38 port 31-2 prece denc e of 31-2 QoS 33-8, 33-48 resequenc ing entr ies 31-13 router 31-2 standard IP, configur ing for QoS cla ssification 33-48 standa rd IPv4 crea ting 31-8 ...

  • Cisco Systems 2960-S - page 963

    Inde x IN-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 key 9-13 login 9-14 See also por t-based au then ticatio n authenti cation co mpatibility with Catal yst 6000 switch es 10-9 authenti cation f ailed V LAN See rest ricted VLAN authe nticat ion mana ger CLI co mmands 10-10 compatibilit y with older 802.1x CLI comm a ...

  • Cisco Systems 2960-S - page 964

    Index IN-4 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 boot loa der, f unction of 3-2 boot pr ocess 3-2 manually 3-19 spe cif ic im a ge 3-20 boot loader acce ssing 3-21 describe d 3-2 enviro nment variab les 3-21 pr ompt 3-21 trap- door mech anism 3-2 BPDU erro r-dis able d state 18-3 filtering 18-3 RSTP form at 17-1 ...

  • Cisco Systems 2960-S - page 965

    Inde x IN-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 CiscoWorks 200 0 1-5, 30-4 CISP 10-34 CIST reg ional r oot See MSTP CIST root See MSTP civ ic lo cat ion 26-3 class maps fo r QoS config uring 33-51 describe d 33-8 displaying 33-79 class of service See CoS clearin g inte rfaces 12-38 CLI abbrev iati ng comm ands 2 ...

  • Cisco Systems 2960-S - page 966

    Index IN-6 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 embedde d agent s describe d 4-5 enab ling a utoma ted c onfig uratio n 4-6 enabli ng conf igur ation ag ent 4-9 enab lin g eve nt agen t 4-7 manageme nt funct ions 1-6 CoA Request Comman ds 9-23 Coarse Wav e Division Mu ltiplexe r See CWDM SFPs comm and-l ine i n ...

  • Cisco Systems 2960-S - page 967

    Inde x IN-7 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 uploadin g prep aring A-11, A-13, A-16 reasons for A-9 using FTP A-15 using RC P A-18 using T FTP A-12 config urati on logger 29-11 config urati on logging 2-4 config urati on repla cement A- 19 config urati on rollbac k A-19, A-20 config urati on settings , savin ...

  • Cisco Systems 2960-S - page 968

    Index IN-8 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 EtherC hannel 37-11 Etherne t interf aces 12-23 Flex Links 19-8 IGMP f ilte ring 22-24 IGMP sn ooping 22-7, 36-6 IGMP throttling 22-24 initial switc h information 3-3 IP SLAs 32-5 IP source gua rd 20-16 IPv6 35-6 Layer 2 int erface s 12-23 LLDP 26-5 MAC a ddress t ...

  • Cisco Systems 2960-S - page 969

    Inde x IN-9 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 config uring 3-11 to 3-14 underst anding 3-5 to 3-6 DHCP bind ing database See DHCP snooping binding da tabase DHCP bi nding table See DHCP snooping binding da tabase DHCP opt ion 82 circuit ID suboption 20-5 config urati on guideli nes 20-9 default confi guration ...

  • Cisco Systems 2960-S - page 970

    Index IN- 10 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 overvi ew 5-16 setting up 5-17 support fo r 1-6 domain nam es DNS 5-16 VTP 14-10 Domain N ame Syste m See DNS dow nloa dabl e ACL 10-21, 10-23, 10-65 dow nloa di ng config urati on files prep aring A-11, A-13, A-16 reasons for A-9 using FTP A-13 using RC P A-17 ...

  • Cisco Systems 2960-S - page 971

    Inde x IN- 11 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 log buffer clearin g 21-16 config uring 21-13 displaying 21-16 logging of dro pped pa ckets, described 21-5 man-in-t he mi ddle at tack, de scribe d 21-2 networ k secur ity issue s and i nterfac e trust s tates 21-3 priority o f ARP A CLs and DHCP sn ooping entri ...

  • Cisco Systems 2960-S - page 972

    Index IN- 12 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 support fo r 1-4 with du al- action detec tion 37-6 port-chan nel interfa ces describe d 37-4 numberi ng of 37-4 port gr oups 12-4 stack ch an ges, ef fects of 37-10 support fo r 1-4 EtherC hannel guard describe d 18-10 disabling 18-18 enab lin g 18-18 Ethern et ...

  • Cisco Systems 2960-S - page 973

    Inde x IN- 13 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 file system displaying ava ilable f ile syst ems A- 2 displaying file in formation A-3 local file system nam es A- 1 network fil e system names A-5 setting the default A-3 filtering non-IP tra ffic 31-22 show and mor e comm and out put 2-9 filtering show and more ...

  • Cisco Systems 2960-S - page 974

    Index IN- 14 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 history chan ging t he b uffer siz e 2-5 describe d 2-5 disabling 2-6 recal ling co mman ds 2-6 history t able, level and numbe r of sy slog me ssages 29-10 host names, i n clusters 6-13 hosts, limit on dynami c ports 13-28 HP OpenView 1-5 HQATM sp ace 38-26 HSR ...

  • Cisco Systems 2960-S - page 975

    Inde x IN- 15 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 disabling 22-15, 36-11 supported ve rsions 22-3 support fo r 1-4 IGMP f ilte ring config uring 22-24 default confi guration 22-24 describe d 22-23 monitoring 22-28 support fo r 1-4 IGMP gr oups configurin g filtering 22-27 setting the maximum number 22-26 IGMP Im ...

  • Cisco Systems 2960-S - page 976

    Index IN- 16 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 interf aces ran ge macro command 12-19 interfac e types 12-16 Intern et Protocol version 6 See IPv6 inter-VLA N routing 34-1 Intrusion De tection System See IDS appliances inventor y mana gement TLV 26-3, 26-7 IP ACLs for QoS clas sificat ion 33-8 implici t deny ...

  • Cisco Systems 2960-S - page 977

    Inde x IN- 17 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 config urati on guideli nes 20-16 default confi guration 20-16 describe d 20-14 disabling 20-18 displaying active IP or MAC b inding s 20-22 bindings 20-22 configuratio n 20-22 enab lin g 20-17, 20-18 filtering source IP addr ess 20-15 source IP and MAC ad dress ...

  • Cisco Systems 2960-S - page 978

    Index IN- 18 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 multicas t traffic 38-16 mul tipl e devi ces on a po rt 38-17 unicast traf fic 38-16 usage gu idel ines 38-16 Layer 3 fe atures 1-15 Layer 3 int erface s assigning IP ad dresses to 34-4 assi gn ing IPv6 ad dress es to 35-7 chan ging fr om L ayer 2 mode 34-4 Laye ...

  • Cisco Systems 2960-S - page 979

    Inde x IN- 19 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 displaying 5-30 displayi ng in the IP source bindin g table 20-22 dynam ic lear ning 5-21 removi ng 5-23 in ACLs 31-22 static adding 5-27 allowing 5-29, 5-30 char acte rist ics of 5-27 droppin g 5-29 removi ng 5-28 MAC a ddress learni ng 1-6 MAC a ddress learning ...

  • Cisco Systems 2960-S - page 980

    Index IN- 20 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 passwords 6-13 recove ring fr om l ost co nnec tivity 38-12 requir ements 6-4 See also cand idate switc h, cluster standby grou p, and standby comma nd switc h memory consisten cy check er rors displaying 38-27 exam ple 38-27 memory consist ency c heck r outines ...

  • Cisco Systems 2960-S - page 981

    Inde x IN- 21 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 operati ons betwee n regions 17-4 default confi guration 17-16 defau lt option al featur e config urat ion 18-12 displaying status 17-28 enab ling th e mod e 17-17 EtherC hannel g uard describe d 18-10 enab lin g 18-18 exten ded sy stem ID effec ts on ro ot swit ...

  • Cisco Systems 2960-S - page 982

    Index IN- 22 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 and IGMP v3 22-20 config urati on guideli nes 22-20 configur ing interfaces 22-21 default confi guration 22-19 describe d 22-17 example app lication 22-18 modes 22-21 monitori ng 22-23 multicast t elevision a pplication 22-18 setting global paramete rs 22-20 sup ...

  • Cisco Systems 2960-S - page 983

    Inde x IN- 23 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 default confi guration 5-5 displaying the c onfigur ation 5-12 overvi ew 5-3 restr icting access creatin g an access grou p 5-9 disabling NT P services pe r interface 5-11 source IP add ress, config uring 5-11 stratum 5-3 support fo r 1-6 synchroniz ing devic es ...

  • Cisco Systems 2960-S - page 984

    Index IN- 24 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 Cisco intell igent power ma nageme nt 12-5 config uring 12-30 cutoff pow er determining 12-8 cutoff -powe r support fo r 12-8 devices supp orted 12-5 high-po wer devices ope rating in lo w-power mode 12-6 IEEE p ower class ifica tion levels 12-6 monitori ng 12-8 ...

  • Cisco Systems 2960-S - page 985

    Inde x IN- 25 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 config uring 10-65 to 10-67, ?? to 10-68 overvi ew 10-21 to 10-23 EAPO L-st art f ram e 10-6 EAP-request/ide ntity frame 10-6 EAP-response/iden tity frame 10-6 enab lin g 802.1X a uthenticati on 11-11 enca psul ation 10-3 flexible au thenticatio n ordering config ...

  • Cisco Systems 2960-S - page 986

    Index IN- 26 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 port priority MSTP 17-21 STP 16-18 ports acces s 12-3 blocking 23- 7 dual-purp ose up link 12-4 dynami c access 13-4 protec ted 23-6 secure 23-9 static-access 13-3, 13-9 switch 12-2 trunks 13-3, 13-13 VLAN assignments 13-9 port security agi ng 23-17 and QoS tru ...

  • Cisco Systems 2960-S - page 987

    Inde x IN- 27 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 categor izing tra ffic 33-22 config urati on and defau lts displa y 33-35 config urati on guideli nes 33-32 describe d 33-21 disabling 33-34 displaying gene rated c ommands 33-34 displaying the in itial configuratio n 33-35 effec ts on ru nning confi gurati on 33 ...

  • Cisco Systems 2960-S - page 988

    Index IN- 28 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 mapping D SCP or CoS value s 33-67 priorit y que ue, de scribe d 33-17 sc hedu ling , de scr ibed 33-4 setting WTD thresholds 33-67 WTD , des cri bed 33-16 IP phones automatic c lassificatio n and qu eueing 33-21 detection and truste d settings 33-21, 33-43 limi ...

  • Cisco Systems 2960-S - page 989

    Inde x IN- 29 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 suggeste d network en viro nments 9-19 support fo r 1-12 tracki ng se rvic es acce ssed by us er 9-35 RADIUS Change of Aut horizatio n 9-20 range macro 12-19 of inter faces 12-17 rapid co nverg ence 17-11 rapid per- VLAN spann ing-tr ee plus See rapid PVST + rapi ...

  • Cisco Systems 2960-S - page 990

    Index IN- 30 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 1166, IP addresse s 34-4 1305, N TP 5-3 1757, RM ON 28-2 1901, SN MPv2C 30-2 1902 to 1907, SN MPv2 30-2 2236, IP mult icast an d IGMP 22-2 2273-2275 , SNMPv3 30-2 RFC 5176 Compl iance 9-21 RMON default confi guration 28-3 displaying sta tus 28-6 enab ling alarms ...

  • Cisco Systems 2960-S - page 991

    Inde x IN- 31 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 running conf igurati on, s aving 3-15 S SC (standby com mand switc h) 6-10 sche dul ed re loa ds 3-22 SCP and SSH 9-52 config uring 9-53 SDM templates config uring 8-4 number of 8-1 SDM templa te config urati on guideli nes 8-3 config uring 8-3 types of 8-1 Secur ...

  • Cisco Systems 2960-S - page 992

    Index IN- 32 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 describe d 30-4 disabling 30-7 and IP SL As 32-2 authenti cation l evel 30-10 communi ty strings config uring 30-8 for cluster switch es 30-4 overvi ew 30-4 config urat ion exam ples 30-17 default confi guration 30-6 engine ID 30-7 groups 30-7, 30-9 host 30-7 if ...

  • Cisco Systems 2960-S - page 993

    Inde x IN- 33 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 recei ved tra ffic 27-5 sessions conf igur in g ingr ess fo rwar ding 27-15, 27-22 crea ting 27-12 defined 27-4 limiting sourc e traffic to specific VLAN s 27-16 removing destinatio n (monitoring) ports 27-13 specifying mo nitore d ports 27-12 with ingress traf f ...

  • Cisco Systems 2960-S - page 994

    Index IN- 34 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 See also stacks, switch stack me mber nu mber 12-16 stack pro tocol ver sion 7-9 stacks, switch accessing CLI of sp ecific member 7-21 assigning in formation member nu mber 7-19 priority value 7-20 provis ionin g a new memb er 7-20 auto -adv ise 7-11 auto-c opy ...

  • Cisco Systems 2960-S - page 995

    Inde x IN- 35 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 See cluste r standby group and HS RP standby links 19-2 startup co nfigu ratio n booting manually 3-19 spe cif ic im a ge 3-20 clearin g A-19 config urati on file automatically downloadin g 3-18 specifying t he filename 3-18 default boot co nfigurat ion 3-18 stat ...

  • Cisco Systems 2960-S - page 996

    Index IN- 36 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 disabling 16-16 displaying sta tus 16-24 EtherC hannel g uard describe d 18-10 disabling 18-18 enab lin g 18-18 exten ded sy stem ID effec ts on ro ot swit ch 16-16 effec ts on the second ary r oot sw itch 16-18 overvi ew 16-4 unexpec ted b ehavio r 16-16 featu ...

  • Cisco Systems 2960-S - page 997

    Inde x IN- 37 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 See also cl usters, sw itch switch co nsole port 1-7 Switch Data base Mana gement See SDM Switched Port A nalyzer See SPAN switch ed ports 12-2 swi tchpor t bac kup inte rfac e 19-4, 19-5 switchpor t block multicast co mmand 23-8 switchp ort block uni cast co mma ...

  • Cisco Systems 2960-S - page 998

    Index IN- 38 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 support fo r 1-12 tracki ng se rvic es acce ssed by us er 9-17 tar fi les crea ting A-6 displaying t he contents of A-7 extractin g A-7 image fi le format A-2 4 TCAM memory consisten cy check er rors displaying 38-27 exam ple 38-27 memory consist ency c heck r o ...

  • Cisco Systems 2960-S - page 999

    Inde x IN- 39 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 traffic suppr ession 23-2 transmit hol d-co unt see STP transp arent m ode, VTP 14-4 trap- door mech anism 3-2 traps configurin g MAC address notification 5-23, 5-25, 5-26 con figu rin g mana gers 30-12 defined 30-3 enab lin g 5-23, 5-25, 5-26, 30-12 notificat io ...

  • Cisco Systems 2960-S - page 1000

    Index IN- 40 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 config urati on guideli nes 5-28 describe d 5-28 unicast storm 23-1 unicas t storm cont rol comma nd 23-4 unicast tra ffic, bloc king 23-8 UniDir ectiona l Li nk Dete ction protoc ol See UDLD UNIX syslog servers daemon c onfigura tion 29-13 facilities su pported ...

  • Cisco Systems 2960-S - page 1001

    Inde x IN- 41 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 confir ming 13-26 modes 13-3 VLAN Quer y Protocol See VQP VLANs adding 13-8 adding to VL AN datab ase 13-8 aging dyn amic ad dresse s 16-9 allowe d on trunk 13-17 and sp anning- tree in stance s 13-3, 13-6, 13-11 config urati on guidel ines , extend ed-r ange VLA ...

  • Cisco Systems 2960-S - page 1002

    Index IN- 42 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 IP phone voice traf fic, d escrib ed 15-2 VQP 1-9, 13-22 VTP adding a cl ient to a d omain 14-17 advertisements 13-15, 14-4 and exte nded -rang e VLAN s 13-2, 14-2 and nor mal-rang e VLA Ns 13-2, 14-2 client mode, confi guring 14-13 configuratio n guideline s 14 ...

  • Cisco Systems 2960-S - page 1003

    Inde x IN- 43 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 X Xmodem prot ocol 38-2 ...

  • Cisco Systems 2960-S - page 1004

    Index IN- 44 Catalyst 2960 and 2960- S Switch Software Config uration Guid e OL-8603-09 ...

Manufacturer Cisco Systems Category Model Vehicle

Documents that we receive from a manufacturer of a Cisco Systems 2960-S can be divided into several groups. They are, among others:
- Cisco Systems technical drawings
- 2960-S manuals
- Cisco Systems product data sheets
- information booklets
- or energy labels Cisco Systems 2960-S
All of them are important, but the most important information from the point of view of use of the device are in the user manual Cisco Systems 2960-S.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Cisco Systems 2960-S, service manual, brief instructions and user manuals Cisco Systems 2960-S. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Cisco Systems 2960-S.

Similar manuals

A complete manual for the device Cisco Systems 2960-S, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Cisco Systems 2960-S by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Cisco Systems 2960-S.

A complete Cisco Systems manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Cisco Systems 2960-S - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Cisco Systems 2960-S, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Cisco Systems 2960-S, that we can find in the current document
3. Tips how to use the basic functions of the device Cisco Systems 2960-S - which should help us in our first steps of using Cisco Systems 2960-S
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Cisco Systems 2960-S
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Cisco Systems 2960-S in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Cisco Systems 2960-S?

Use the form below

If you did not solve your problem by using a manual Cisco Systems 2960-S, ask a question using the form below. If a user had a similar problem with Cisco Systems 2960-S it is likely that he will want to share the way to solve it.

Copy the text from the picture

Comments (0)