Main
Catalyst 2950 Desktop Switch Software Configuration Guide
Page
CONTENTS
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Preface
Audience
Purpose
Organization
Page
Conventions
Related Publications
Obtaining Documentation
World Wide Web
Documentation CD-ROM
Ordering Documentation
Obtaining Technical Assistance
Cisco.com
Technical Assistance Center
Cisco TAC Website
Cisco TAC Escalation Center
Overview
Features
Page
Page
Page
Management Options
Management Interface Options
Advantages of Using CMS and Clustering Switches
Network Configuration Examples
Design Concepts for Using the Switch
Page
Page
1-10
Small to Medium-Sized Network Configuration
Page
Collapsed Backbone and Switch Cluster Configuration
Large Campus Configuration
Multidwelling Network Using Catalyst 2950 Switches
Page
Long-Distance, High-Bandwidth Transport Configuration
Where to Go Next
Page
Using the Command-Line Interface
IOS Command Modes
Page
Getting Help
Abbreviating Commands
Using no and default Forms of Commands
Understanding CLI Messages
Using Command History
Changing the Command History Buffer Size
Recalling Commands
Disabling the Command History Feature
Using Editing Features
Enabling and Disabling Editing Features
Editing Commands through Keystrokes
Editing Command Lines that Wrap
Searching and Filtering Output of show and more Commands
Accessing the CLI
Accessing the CLI from a Browser
Getting Started with CMS
Features
3-3
switch settings; read-only access for users allowed to only view switch settings
uniform approach to viewing and setting configuration parameters
3-4
Front Panel View
Cluster Tree
Front-Panel Images
Redundant Power System LED
Port Modes and LEDs
VLAN Membership Modes
Topology View
3-10
Topology Icons
Device and Link Labels
Colors in the Topology View
Topology Display Options
Menus and Toolbar
Menu Bar
Page
Page
Page
Page
Toolbar
Front Panel View Popup Menus
Device Popup Menu
Port Popup Menu
Topology View Popup Menus
Link Popup Menu
Device Popup Menus
Interaction Modes
Guide Mode
Expert Mode
Wizards
Tool Tips
Online Help
3-26
CMS Window Components
Host Name List
Tabs, Lists, and Tables
Icons Used in Windows
Buttons
Accessing CMS
Access Modes in CMS
HTTP Access to CMS
Verifying Your Changes
Change Notification
Error Checking
Saving Your Configuration
Restoring Your Configuration
CMS Preferences
Using Different Versions of CMS
Where to Go Next
Assigning the Switch IP Address and Default Gateway
Understanding the Boot Process
Assigning Switch Information
Default Switch Information
Understanding DHCP-Based Autoconfiguration
DHCP Client Request Process
Configuring the DHCP Server
Configuring the TFTP Server
Configuring the DNS
Configuring the Relay Device
Obtaining Configuration Files
Example Configuration
Page
Manually Assigning IP Information
Checking and Saving the Running Configuration
4-11
4-12
Configuring IE2100 CNS Agents
Understanding IE2100 Series Configuration Registrar Software
CNS Configuration Service
CNS Event Service
NameSpace Mapper
What You Should Know About ConfigID, DeviceID, and Host Name
ConfigID
DeviceID
Host Name and DeviceID
Using Host Name, DeviceID, and ConfigID
Understanding CNS Embedded Agents
Initial Configuration
V
Incremental (Partial) Configuration
Synchronized Configuration
Configuring CNS Embedded Agents
Enabling Automated CNS Configuration
Page
Enabling the CNS Event Agent
Enabling the CNS Configuration Agent
Enabling an Initial Configuration
Page
Page
Enabling a Partial Configuration
Displaying CNS Configuration
Page
Page
Clustering Switches
Understanding Switch Clusters
Command Switch Characteristics
Standby Command Switch Characteristics
Candidate Switch and Member Switch Characteristics
Planning a Switch Cluster
Automatic Discovery of Cluster Candidates and Members
Discovery through CDP Hops
6-7
Discovery through Non-CDP-Capable and Noncluster-Capable Devices
Discovery through the Same Management VLAN
Discovery through Different Management VLANs
Discovery of Newly Installed Switches
6-12
HSRP and Standby Command Switches
Virtual IP Addresses
Other Considerations for Cluster Standby Groups
Page
Automatic Recovery of Cluster Configuration
IP Addresses
Host Names
Passwords
SNMP Community Strings
TACACS+ and RADIUS
Access Modes in CMS
Management VLAN
LRE Profiles
Availability of Switch-Specific Features in Switch Clusters
Creating a Switch Cluster
Enabling a Command Switch
Adding Member Switches
Page
Creating a Cluster Standby Group
Page
Verifying a Switch Cluster
Using the CLI to Manage Switch Clusters
Catalyst 1900 and Catalyst 2820 CLI Considerations
Using SNMP to Manage Switch Clusters
Page
Administering the Switch
Preventing Unauthorized Access to Your Switch
Protecting Access to Privileged EXEC Commands
Default Password and Privilege Level Configuration
Setting or Changing a Static Enable Password
Protecting Enable and Enable Secret Passwords with Encryption
Setting a Telnet Password for a Terminal Line
Configuring Username and Password Pairs
Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command
Changing the Default Privilege Level for Lines
Logging into and Exiting a Privilege Level
Controlling Switch Access with TACACS+
Understanding TACACS+
Page
TACACS+ Operation
Configuring TACACS+
Default TACACS+ Configuration
Identifying the TACACS+ Server Host and Setting the Authentication Key
Configuring TACACS+ Login Authentication
Page
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Starting TACACS+ Accounting
Displaying the TACACS+ Configuration
Controlling Switch Access with RADIUS
Understanding RADIUS
RADIUS Operation
Configuring RADIUS
Default RADIUS Configuration
Identifying the RADIUS Server Host
Page
Page
Configuring RADIUS Login Authentication
Page
Defining AAA Server Groups
Page
Configuring RADIUS Authorization for User Privileged Access and Network Services
Starting RADIUS Accounting
Configuring Settings for All RADIUS Servers
Configuring the Switch to Use Vendor-Specific RADIUS Attributes
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication
Displaying the RADIUS Configuration
Configuring the Switch for Local Authentication and Authorization
Managing the System Time and Date
Understanding the System Clock
Understanding Network Time Protocol
Page
Configuring NTP
Default NTP Configuration
Configuring NTP Authentication
Configuring NTP Associations
Configuring NTP Broadcast Service
Configuring NTP Access Restrictions
Creating an Access Group and Assigning a Basic IP Access List
Disabling NTP Services on a Specific Interface
Configuring the Source IP Address for NTP Packets
Displaying the NTP Configuration
Configuring Time and Date Manually
Setting the System Clock
Displaying the Time and Date Configuration
Configuring the Time Zone
Configuring Summer Time (Daylight Saving Time)
Page
Configuring a System Name and Prompt
Default System Name and Prompt Configuration
Configuring a System Name
Configuring a System Prompt
Understanding DNS
Default DNS Configuration
Setting Up DNS
Displaying the DNS Configuration
Creating a Banner
Default Banner Configuration
Configuring a Message-of-the-Day Login Banner
Configuring a Login Banner
Managing the MAC Address Table
Building the Address Table
MAC Addresses and VLANs
Default MAC Address Table Configuration
Changing the Address Aging Time
Removing Dynamic Address Entries
Configuring MAC Address Notification Traps
Page
Adding and Removing Static Address Entries
Adding and Removing Secure Addresses
Displaying Address Table Entries
Managing the ARP Table
Page
Configuring 802.1X Port-Based Authentication
Understanding 802.1X Port-Based Authentication
Device Roles
Authentication Initiation and Message Exchange
Ports in Authorized and Unauthorized States
Supported Topologies
Configuring 802.1X Authentication
Default 802.1X Configuration
802.1X Configuration Guidelines
Enabling 802.1X Authentication
Configuring the Switch-to-RADIUS-Server Communication
Enabling Periodic Re-Authentication
Manually Re-Authenticating a Client Connected to a Port
Changing the Quiet Period
Changing the Switch-to-Client Retransmission Time
Setting the Switch-to-Client Frame-Retransmission Number
Enabling Multiple Hosts
Resetting the 802.1X Configuration to the Default Values
Displaying 802.1X Statistics and Status
Configuring Interface Characteristics
Understanding Interface Types
Port-Based VLANs
Switch Ports
Access Ports
Trunk Ports
EtherChannel Port Groups
Connecting Interfaces
Using the Interface Command
Procedures for Configuring Interfaces
Configuring a Range of Interfaces
Page
Configuring and Using Interface Range Macros
Configuring Layer 2 Interfaces
Default Layer 2 Ethernet Interface Configuration
Configuring Interface Speed and Duplex Mode
Configuration Guidelines
Setting the Interface Speed and Duplex Parameters
Configuring IEEE 802.3X Flow Control on Gigabit Ethernet Ports
Adding a Description for an Interface
Monitoring and Maintaining the Interfaces
Monitoring Interface and Controller Status
9-15
This example shows how to display the status of all interfaces:
This example shows how to display the status of switching ports:
This example shows how to display the running configuration of Fast Ethernet interface 0/2 :
Table9-2 Show Commands for Interfaces (continued)
Clearing and Resetting Interfaces and Counters
Shutting Down and Restarting the Interface
Page
Configuring STP
Understanding Spanning-Tree Features
STP Overview
Supported Spanning-Tree Instances
Bridge Protocol Data Units
Election of the Root Switch
Bridge ID, Switch Priority, and Extended System ID
Spanning-Tree Timers
Creating the Spanning-Tree Topology
Spanning-Tree Interface States
Page
Blocking State
Listening State
Learning State
Forwarding State
Disabled State
Spanning-Tree Address Management
STP and IEEE 802.1Q Trunks
Spanning Tree and Redundant Connectivity
Accelerated Aging to Retain Connectivity
Configuring Spanning-Tree Features
Default STP Configuration
STP Configuration Guidelines
Page
Disabling STP
Configuring the Root Switch
Page
Configuring a Secondary Root Switch
Configuring the Port Priority
Configuring the Path Cost
Page
Configuring the Switch Priority of a VLAN
Configuring the Hello Time
Configuring the Forwarding-Delay Time for a VLAN
Configuring the Maximum-Aging Time for a VLAN
Configuring STP for Use in a Cascaded Stack
Displaying the Spanning-Tree Status
Page
Configuring RSTP and MSTP
Understanding RSTP
Port Roles and the Active Topology
Rapid Convergence
Synchronization of Port Roles
Bridge Protocol Data Unit Format and Processing
Processing Superior BPDU Information
Processing Inferior BPDU Information
Topology Changes
Understanding MSTP
Multiple Spanning-Tree Regions
IST, CIST, and CST
Operations Within an MST Region
Operations Between MST Regions
Hop Count
Boundary Ports
Interoperability with 802.1D STP
Configuring RSTP and MSTP Features
Default RSTP and MSTP Configuration
RSTP and MSTP Configuration Guidelines
Specifying the MST Region Configuration and Enabling MSTP
Configuring the Root Switch
Page
Configuring a Secondary Root Switch
Configuring the Port Priority
Configuring the Path Cost
Configuring the Switch Priority
Configuring the Hello Time
Configuring the Forwarding-Delay Time
Configuring the Maximum-Aging Time
Configuring the Maximum-Hop Count
Specifying the Link Type to Ensure Rapid Transitions
Restarting the Protocol Migration Process
Displaying the MST Configuration and Status
Page
Configuring Optional Spanning-Tree Features
Understanding Optional Spanning-Tree Features
Understanding Port Fast
Understanding BPDU Guard
Understanding BPDU Filtering
Understanding UplinkFast
Understanding Cross-Stack UplinkFast
How CSUF Works
Events That Cause Fast Convergence
Limitations
Connecting the Stack Ports
12-9
Catalyst2950 Desktop Switch Software Configuration Guide 78-11380-05
2 34 5 6 78 9 10 910 910 910
Catalyst 2950G-48
2 3 4 5 6 78 9 10 1112
Understanding BackboneFast
Page
Understanding Root Guard
Understanding Loop Guard
Configuring Optional Spanning-Tree Features
Default Optional Spanning-Tree Configuration
Enabling Port Fast
Enabling BPDU Guard
Enabling BPDU Filtering
Enabling UplinkFast for Use with Redundant Links
Enabling Cross-Stack UplinkFast
Enabling BackboneFast
Enabling Root Guard
Enabling Loop Guard
Displaying the Spanning-Tree Status
Page
Configuring VLANs
Understanding VLANs
Supported VLANs
VLAN Port Membership Modes
Configuring Normal-Range VLANs
Token Ring VLANs
Normal-Range VLAN Configuration Guidelines
VLAN Configuration Mode Options
VLAN Configuration in config-vlan Mode
VLAN Configuration in VLAN Configuration Mode
Saving VLAN Configuration
Default Ethernet VLAN Configuration
Creating or Modifying an Ethernet VLAN
Page
Deleting a VLAN
Assigning Static-Access Ports to a VLAN
Configuring Extended-Range VLANs
Default VLAN Configuration
Extended-Range VLAN Configuration Guidelines
Creating an Extended-Range VLAN
Displaying VLANs
Configuring VLAN Trunks
Trunking Overview
802.1Q Configuration Considerations
Default Layer 2 Ethernet Interface VLAN Configuration
Configuring an Ethernet Interface as a Trunk Port
Interaction with Other Features
Configuring a Trunk Port
Defining the Allowed VLANs on a Trunk
Changing the Pruning-Eligible List
Configuring the Native VLAN for Untagged Traffic
Load Sharing Using STP
Load Sharing Using STP Port Priorities
Page
Load Sharing Using STP Path Cost
Configuring VMPS
Understanding VMPS
Dynamic Port VLAN Membership
VMPS Database Configuration File
13-27
Default VMPS Configuration
Table13-6 shows the de fault VM PS and dy nami c po rt c on figuration on clie nt sw itch es.
Table13-6 Default VMPS Client and Dynamic Port Configuration
VMPS Configuration Guidelines
Configuring the VMPS Client
Entering the IP Address of the VMPS
Configuring Dynamic Access Ports on VMPS Clients
Reconfirming VLAN Memberships
Changing the Reconfirmation Interval
Changing the Retry Count
Monitoring the VMPS
Troubleshooting Dynamic Port VLAN Membership
13-32
VMPS Configuration Example
Catalyst 2950 Switch 2
Catalyst 3500 XL Switch 9
Configuring VTP
Understanding VTP
The VTP Domain
VTP Modes
VTP Advertisements
VTP Version 2
VTP Pruning
Page
Configuring VTP
Default VTP Configuration
VTP Configuration Options
VTP Configuration in Global Configuration Modes
VTP Configuration in VLAN Configuration Mode
VTP Configuration Guidelines
Domain Names
Passwords
Upgrading from Previous Software Releases
VTP Version
Configuring a VTP Server
Page
Configuring a VTP Client
Disabling VTP (VTP Transparent Mode)
Enabling VTP Version 2
Enabling VTP Pruning
Adding a VTP Client Switch to a VTP Domain
Monitoring VTP
Configuring Voice VLAN
Understanding Voice VLAN
Configuring Voice VLAN
Default Voice VLAN Configuration
Voice VLAN Configuration Guidelines
Configuring a Port to Connect to a Cisco 7960 IP Phone
Configuring Ports to Carry Voice Traffic in 802.1Q Frames
Configuring Ports to Carry Voice Traffic in 802.1P Priority Tagged Frames
Overriding the CoS Priority of Incoming Data Frames
Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames
Displaying Voice VLAN
Configuring IGMP Snooping and MVR
Understanding IGMP Snooping
Joining a Multicast Group
Page
Leaving a Multicast Group
Immediate-Leave Processing
Configuring IGMP Snooping
Default IGMP Snooping Configuration
Enabling or Disabling IGMP Snooping
Setting the Snooping Method
Configuring a Multicast Router Port
Configuring a Host Statically to Join a Group
Enabling IGMP Immediate-Leave Processing
Displaying IGMP Snooping Information
Page
Page
Understanding Multicast VLAN Registration
Using MVR in a Multicast Television Application
Page
Configuring MVR
Default MVR Configuration
MVR Configuration Guidelines and Limitations
Configuring MVR Global Parameters
Configuring MVR Interfaces
Page
Displaying MVR Information
Configuring IGMP Filtering
Default IGMP Filtering Configuration
Configuring IGMP Profiles
Applying IGMP Profiles
Setting the Maximum Number of IGMP Groups
Displaying IGMP Filtering Configuration
Page
Configuring Port-Based Traffic Control
Configuring Storm Control
Understanding Storm Control
Default Storm Control Configuration
Enabling Storm Control
Disabling Storm Control
Configuring Protected Ports
Configuring Port Security
Understanding Port Security
Secure MAC Addresses
Security Violations
Default Port Security Configuration
Port Security Configuration Guidelines
Enabling and Configuring Port Security
Page
Page
Enabling and Configuring Port Security Aging
Page
Displaying Port-Based Traffic Control Settings
Configuring UDLD
Understanding UDLD
Page
Configuring UDLD
Default UDLD Configuration
Enabling UDLD Globally
Enabling UDLD on an Interface
Resetting an Interface Shut Down by UDLD
Displaying UDLD Status
Configuring CDP
Understanding CDP
Configuring CDP
Default CDP Configuration
Configuring the CDP Characteristics
Disabling and Enabling CDP
Disabling and Enabling CDP on an Interface
Monitoring and Maintaining CDP
Page
Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
Page
SPAN and RSPAN Concepts and Terminology
SPAN Session
Traffic Types
Source Port
Destination Port
Reflector Port
SPAN Traffic
SPAN and RSPAN Interaction with Other Features
SPAN and RSPAN Session Limits
Default SPAN and RSPAN Configuration
Configuring SPAN
SPAN Configuration Guidelines
Creating a SPAN Session and Specifying Ports to Monitor
Page
Removing Ports from a SPAN Session
Configuring RSPAN
RSPAN Configuration Guidelines
Creating an RSPAN Session
Creating an RSPAN Destination Session
Removing Ports from an RSPAN Session
Displaying SPAN and RSPAN Status
Configuring RMON
Understanding RMON
Configuring RMON
Default RMON Configuration
Configuring RMON Alarms and Events
Page
Configuring RMON Collection on an Interface
Displaying RMON Status
Configuring System Message Logging
Understanding System Message Logging
Configuring System Message Logging
System Log Message Format
Default System Message Logging Configuration
Disabling and Enabling Message Logging
Setting the Message Display Destination Device
Page
Synchronizing Log Messages
Enabling and Disabling Timestamps on Log Messages
Enabling and Disabling Sequence Numbers in Log Messages
Defining the Message Severity Level
Page
Limiting Syslog Messages Sent to the History Table and to SNMP
Configuring UNIX Syslog Servers
Logging Messages to a UNIX Syslog Daemon
Configuring the UNIX System Logging Facility
Displaying the Logging Configuration
Configuring SNMP
Understanding SNMP
SNMP Versions
SNMP Manager Functions
SNMP Agent Functions
SNMP Community Strings
Using SNMP to Access MIB Variables
SNMP Notifications
Configuring SNMP
Default SNMP Configuration
SNMP Configuration Guidelines
Disabling the SNMP Agent
Configuring Community Strings
Configuring SNMP Groups and Users
Page
Configuring SNMP Notifications
Page
Page
Setting the Agent Contact and Location Information
Limiting TFTP Servers Used Through SNMP
SNMP Examples
Displaying SNMP Status
Page
Configuring
Understanding ACLs
Handling Fragmented and Unfragmented Traffic
Understanding Access Control Parameters
Page
Guidelines for Applying ACLs to Physical Interfaces
Configuring ACLs
Unsupported Features
Creating Standard and Extended IP ACLs
ACL Numbers
Creating a Numbered Standard ACL
Creating a Numbered Extended ACL
Page
Page
Creating Named Standard and Extended ACLs
Page
Applying Time Ranges to ACLs
Page
Including Comments About Entries in ACLs
Creating Named MAC Extended ACLs
Creating MAC Access Groups
Applying ACLs to Terminal Lines or Physical Interfaces
Applying ACLs to a Terminal Line
Applying ACLs to a Physical Interface
Displaying ACL Information
Displaying ACLs
Displaying Access Groups
Examples for Compiling ACLs
Page
Numbered ACL Examples
Extended ACL Examples
Named ACL Example
Commented IP ACL Entry Examples
Page
Configuring
Understanding QoS
Basic QoS Model
Classification
Classification Based on QoS ACLs
Classification Based on Class Maps and Policy Maps
Policing and Marking
Mapping Tables
Queueing and Scheduling
How Class of Service Works
Port Priority
Port Scheduling
CoS and WRR
Configuring QoS
Default QoS Configuration
Configuration Guidelines
Configuring Classification Using Port Trust States
Configuring the Trust State on Ports within the QoS Domain
Page
Configuring the CoS Value for an Interface
Configuring Trusted Boundary
Page
Enabling Pass-Through Mode
Configuring a QoS Policy
Classifying Traffic by Using ACLs
Page
Page
Page
Classifying Traffic by Using Class Maps
Classifying, Policing, and Marking Traffic by Using Policy Maps
Page
Page
25-24
All the maps are globally defined.
Configuring CoS Maps
Note This feature is available only if your switch is running the EI .
This section describes how to configure the CoS maps:
Configuring the CoS-to-DSCP Map, page 25-25 Configuring the DSCP-to-CoS Map, page 25-26
Configuring the CoS-to-DSCP Map
Configuring the DSCP-to-CoS Map
Configuring CoS and WRR
Configuring CoS Priority Queues
Configuring WRR
Displaying QoS Information
25-29
QoS Configuration Examples
QoS Configuration for the Existing Wiring Closet
QoS Configuration for the Intelligent Wiring Closet
Page
Page
Configuring EtherChannels
Understanding EtherChannels
Understanding Port-Channel Interfaces
Understanding the Port Aggregation Protocol
PAgP Modes
Physical Learners and Aggregate-Port Learners
PAgP Interaction with Other Features
Understanding Load Balancing and Forwarding Methods
Page
Configuring EtherChannels
Default EtherChannel Configuration
EtherChannel Configuration Guidelines
Configuring Layer 2 EtherChannels
Page
Configuring EtherChannel Load Balancing
Configuring the PAgP Learn Method and Priority
Displaying EtherChannel and PAgP Status
Page
Troubleshooting
Using Recovery Procedures
Recovering from Corrupted Software
Recovering from a Lost or Forgotten Password
Page
Recovering from a Command Switch Failure
Replacing a Failed Command Switch with a Cluster Member
Replacing a Failed Command Switch with Another Switch
Recovering from Lost Member Connectivity
Preventing Autonegotiation Mismatches
GBIC Module Security and Identification
Using Debug Commands
Enabling Debugging on a Specific Feature
Enabling All-System Diagnostics
Redirecting Debug and Error Message Output
Using the crashinfo File
A
Supported MIBs
MIB List
Using FTP to Access the MIB Files
INDEX
Numerics
A
Page
B
C
Page
Page
D
E
F
G
H
I
Page
J
L
M
Page
N
O
P
Page
Q
R
Page
S
Page
Page
Page
T
U
V
Page
W
X
