7-16
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter7 Clustering Switches
Planning a Switch Cluster
TACACS+ and RADIUS
Inconsistent authentication configurations in switch clusters cause CMS to continually prompt for a user
name and password. If TACACS+ is configured on a cluster member, it must be configured on all cluster
members. Similarly, if RADIUS is configured on a cluster member, it must be configur ed on all cluster
members. Further, the same switch cluster cannot have some members configured with TACACS+ and
other members configured with RADIUS.
For more information about TA CA CS+, see the “Contro lling Switch Access with TACACS+” section on
page 9-10. For more information about RADIUS, see the “Controlling Switch Access with RADIUS”
section on page 9-18.
Access Modes in CMS
CMS provides two levels of access to the configuration options: read-write ac cess and r ead-only access.
Privilege levels 0to 15 are supported.
Privilege level15 provides you with read-write access to CMS.
Privilege levels1 to 14 provide you with read-only access to CMS. Any options in the CMS
windows, menu bar, toolbar, and popup menus that change the switch or cluste r configur ati on are
not shown in read-only mode.
Privilege level0 denies access to CMS.
For more information about CMS access modes, see the “Privilege Levels” section on page4-7.
Note If your cluster has these member switches running earlier software releases and if you have
read-only access to these member switches, some configuration windows for thos e switches display
incomplete information:
Catalyst 2900XL o r C atalyst 3500 XL member switches running Cisco IOS
Release 12.0(5)WC2 or earlier
Non-LRE Catalyst 2950 member switches running Cisco IOS Release 12.0(5)WC2 or earlier
Catalyst 3550 member switches running Cisco IOS Release 12.1(6)EA1 or earlier
For more information about this limitation, refer to the release notes.
These switches do not support read-only mode on CMS:
Catalyst 1900 and Catalyst 2820
Catalyst 2900 XL switches with 4-MB CPU DRAM
In read-only mode, these switches appear as unavailable devices and ca nno t be con figure d fro m
CMS.
Management VLAN
Communication with the switch management interfaces is through the command-switch IP address. The
IP address is associated with the management VLAN, which by default is VLAN 1. To manage switches
in a cluster, the command switch, member switches, and candidat e switches must be connected through
ports assigned to the command-switch management VLAN.