Main              
Catalyst 2960 and 2960-S Switch Software  Configuration Guide
            Page
              CONTENTS
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
            Page
              Preface
Audience                
Purpose
              Conventions
              Related Publications
              Obtaining Documentation, Obtaining Support, and Security  Guidelines
              Overview
Features              
Ease-of-Deployment and Ease-of-Use Features
            Page
              Performance Features
              Management Options
              Manageability Features
            Page
              Availability and Redundancy Features
              VLAN Features
              Security Features
            Page
            Page
              QoS and CoS Features
            Page
              Layer 3 Features
Power over Ethernet Features                
Monitoring Features
              Default Settings After Initial Switch Configuration
            Page
              Network Configuration Examples
              Design Concepts for Using the Switch
            Page
            Page
              Small to Medium-Sized Network Using Catalyst 2960 and 2960-S Switches
              Long-Distance, High-Bandwidth Transport Configuration
1-24                
Figure 1-4 Long-Distance, High-Bandwidth Transport Configuration
              Where to Go Next
Before configuring the switch, review these sections for startup information:              
Using the Command-Line Interface
Understanding Command Modes            
Page
              Understanding the Help System
Understanding Abbreviated Commands              
Understanding no and default Forms of Commands
Understanding CLI Error Messages                
Using Configuration Logging
              Using Command History
Changing the Command History Buffer Size                
Recalling Commands
Disabling the Command History Feature              
Using Editing Features
Enabling and Disabling Editing Features              
Editing Commands through Keystrokes
              Editing Command Lines that Wrap
              Searching and Filtering Output of show and more Commands
Accessing the CLI              
Accessing the CLI through a Console Connection or through Telnet
              Assigning the Switch IP Address and Default  Gateway
Understanding the Boot Process              
Assigning Switch Information
              Default Switch Information
Understanding DHCP-Based Autoconfiguration              
DHCP Client Request Process
              Understanding DHCP-based Autoconfiguration and Image Update
DHCP Autoconfiguration                 
DHCP Auto-Image Update
Limitations and Restrictions              
Configuring DHCP-Based Autoconfiguration
DHCP Server Configuration Guidelines              
Configuring the TFTP Server
              Configuring the DNS
Configuring the Relay Device              
Obtaining Configuration Files
              Example Configuration
              Configuring the DHCP Auto Configuration and Image Update Features
Configuring DHCP Autoconfiguration (Only Configuration File)              
Configuring DHCP Auto-Image Update (Configuration File and Image)
            Page
              Configuring the Client
Manually Assigning IP Information              
Checking and Saving the Running Configuration
              Configuring the NVRAM Buffer Size
              Modifying the Startup Configuration
              Default Boot Configuration
Automatically Downloading a Configuration File                 
Specifying the Filename to Read and Write the System Configuration
              Booting Manually
              Booting a Specific Software Image
              Controlling Environment Variables
              Scheduling a Reload of the Software Image
              Configuring a Scheduled Reload
              Displaying Scheduled Reload Information
              Configuring Cisco IOS Configuration Engine
Understanding Cisco Configuration Engine Software              
Configuration Service
              Event Service
NameSpace Mapper                
What You Should Know About the CNS IDs and Device Hostnames
ConfigID              
DeviceID
Hostname and DeviceID                
Using Hostname, DeviceID, and ConfigID
              Understanding Cisco IOS Agents
Initial Configuration                
V
Incremental (Partial) Configuration                
Synchronized Configuration
              Configuring Cisco IOS Agents
Enabling Automated CNS Configuration              
Enabling the CNS Event Agent
            Page
              Enabling the Cisco IOS CNS Agent
Enabling an Initial Configuration            
Page
            Page
              Enabling a Partial Configuration
              Displaying CNS Configuration
            Page
              Administering the Switch
Identifying the Switch Image              
Managing the System Time and Date
Understanding the System Clock               
Understanding Network Time Protocol
            Page
              Configuring NTP
Default NTP Configuration                
Configuring NTP Authentication
              Configuring NTP Associations
              Configuring NTP Broadcast Service
            Page
              Configuring NTP Access Restrictions
Creating an Access Group and Assigning a Basic IP Access List            
Page
Disabling NTP Services on a Specific Interface               
Configuring the Source IP Address for NTP Packets
Displaying the NTP Configuration              
Configuring Time and Date Manually
Setting the System Clock              
Displaying the Time and Date Configuration
Configuring the Time Zone               
Configuring Summer Time (Daylight Saving Time)
              Configuring a System Name and Prompt
              Default System Name and Prompt Configuration
Configuring a System Name                
Understanding DNS
              Default DNS Configuration
Setting Up DNS                
Displaying the DNS Configuration
              Creating a Banner
Default Banner Configuration              
Configuring a Message-of-the-Day Login Banner
Configuring a Login Banner              
Managing the MAC Address Table
              Building the Address Table
MAC Addresses and VLANs              
MAC Addresses and Switch Stacks
Default MAC Address Table Configuration                
Changing the Address Aging Time
              Removing Dynamic Address Entries
Configuring MAC Address Change Notification Traps            
Page
              Configuring MAC Address Move Notification Traps
              Configuring MAC Threshold Notification Traps
              Adding and Removing Static Address Entries
              Configuring Unicast MAC Address Filtering
              Disabling MAC Address Learning on a VLAN
              Displaying Address Table Entries
              Managing the ARP Table
            Page
              Clustering Switches
              Understanding Switch Clusters
              Cluster Command Switch Characteristics
Standby Cluster Command Switch Characteristics              
Candidate Switch and Cluster Member Switch Characteristics
              Planning a Switch Cluster
Automatic Discovery of Cluster Candidates and Members              
Discovery Through CDP Hops
              Discovery Through Non-CDP-Capable and Noncluster-Capable Devices
Discovery Through Different VLANs              
Discovery Through Different Management VLANs
              Discovery of Newly Installed Switches
              HSRP and Standby Cluster Command Switches
              Virtual IP Addresses
Other Considerations for Cluster Standby Groups              
Automatic Recovery of Cluster Configuration
              IP Addresses
Hostnames                
Passwords
              SNMP Community Strings
Switch Clusters and Switch Stacks            
Page
TACACS+ and RADIUS                
LRE Profiles
              Using the CLI to Manage Switch Clusters
              Using SNMP to Manage Switch Clusters
              6-18
Figure 6-7 SNMP Management for a Cluster              
Managing Switch Stacks
Understanding Stacks            
Page
              Stack Membership
            Page
              Master Election
              Stack MAC Address
Member Numbers              
Member Priority Values
Stack Offline Configuration                
Effects of Adding a Provisioned Switch to a Stack
            Page
Effects of Replacing a Provisioned Switch in a Stack                
Effects of Removing a Provisioned Switch from a Stack
              Stack Software Compatibility Recommendations
Stack Protocol Version Compatibility                
Major Version Number Incompatibility Among Switches
              Minor Version Number Incompatibility Among Switches
Understanding Auto-Upgrade and Auto-Advise              
Auto-Upgrade and Auto-Advise Example Messages
              7-12
              Incompatible Software and Member Image Upgrades
Stack Configuration Files                
Additional Considerations for System-Wide Configuration on Switch Stacks
              Stack Management Connectivity
Stack Through an IP Address                
Stack Through an SSH Session
Stack Through Console Ports                
Specific Members
              Stack Configuration Scenarios
Data Recovery After Stack Topology Changes              
Configuring the Switch Stack
              Default Switch Stack Configuration
Enabling Persistent MAC Address            
Page
              Assigning Stack Member Information
Assigning a Member Number              
Setting the Member Priority Value
Provisioning a New Member for a Stack                
Changing the Stack Membership
              Accessing the CLI of a Specific Member
              Displaying Stack Information
Troubleshooting Stacks                
Manually Disabling a Stack Port
              Re-Enabling a Stack Port While Another Member Starts
Understanding the show switch stack-ports summary Output            
Page
              Configuring SDM Templates
Understanding the SDM Templates              
SDM Templates and Switch Stacks
              Configuring the Switch SDM Template
Default SDM Template                
SDM Template Configuration Guidelines
              Setting the SDM Template
            Page
            Page
              Configuring Switch-Based Authentication
Preventing Unauthorized Access to Your Switch              
Protecting Access to Privileged EXEC Commands
Default Password and Privilege Level Configuration              
Setting or Changing a Static Enable Password
Protecting Enable and Enable Secret Passwords with Encryption            
Page
              Disabling Password Recovery
              Setting a Telnet Password for a Terminal Line
              Configuring Username and Password Pairs
              Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command              
Changing the Default Privilege Level for Lines
Logging into and Exiting a Privilege Level              
Controlling Switch Access with TACACS+ 
Understanding TACACS+            
Page
              TACACS+ Operation
              Configuring TACACS+
Default TACACS+ Configuration                
Identifying the TACACS+ Server Host and Setting the Authentication Key
              Configuring TACACS+ Login Authentication
            Page
              Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
              Starting TACACS+ Accounting
Establishing a Session with a Router if the AAA Server is Unreachable                
Displaying the TACACS+ Configuration
              Controlling Switch Access with RADIUS 
Understanding RADIUS            
Page
              RADIUS Operation
RADIUS Change of Authorization                
Overview
              Change-of-Authorization Requests
RFC 5176 Compliance                 
Preconditions 
              CoA Request Response Code
Session Identification                
CoA ACK Response Code
CoA NAK Response Code              
CoA Request Commands
              Session Reauthentication
Session Reauthentication in a Switch Stack              
Session Termination
CoA Disconnect-Request                
CoA Request: Disable Host Port
CoA Request: Bounce-Port               
Stacking Guidelines for Session Termination
Stacking Guidelines for CoA-Request Bounce-Port                
Stacking Guidelines for CoA-Request Disable-Port 
              Configuring RADIUS
Default RADIUS Configuration                
Identifying the RADIUS Server Host 
            Page
            Page
              Configuring RADIUS Login Authentication
            Page
              Defining AAA Server Groups
            Page
              Configuring RADIUS Authorization for User Privileged Access and Network Services
              Starting RADIUS Accounting
              Establishing a Session with a Router if the AAA Server is Unreachable
Configuring Settings for All RADIUS Servers                
Configuring the Switch to Use Vendor-Specific RADIUS Attributes
            Page
              Configuring the Switch for Vendor-Proprietary RADIUS Server Communication
              Configuring CoA on the Switch
Monitoring and Troubleshooting CoA Functionality                
Configuring RADIUS Server Load Balancing
Displaying the RADIUS Configuration              
Configuring the Switch for Local Authentication and  Authorization
              Configuring the Switch for Secure Shell
              Understanding SSH 
SSH Servers, Integrated Clients, and Supported Versions                
Limitations 
              Configuring SSH
Setting Up the Switch to Run SSH              
Configuring the SSH Server
              Displaying the SSH Configuration and Status
              Configuring the Switch for Secure Socket Layer HTTP 
Understanding Secure HTTP Servers and Clients                
Certificate Authority Trustpoints
            Page
CipherSuites              
Configuring Secure HTTP Servers and Clients
Default SSL Configuration              
SSL Configuration Guidelines
Configuring a CA Trustpoint              
Configuring the Secure HTTP Server
              Configuring the Secure HTTP Client
Displaying Secure HTTP Server and Client Status              
Configuring the Switch for Secure Copy Protocol
              Information About Secure Copy 
            Page
              Configuring IEEE 802.1x Port-Based  Authentication
Understanding IEEE 802.1x Port-Based Authentication            
Page
              Device Roles
              Authentication Process
              10-5
Figure 10-2 shows the authentication process.                
Figure 10-2 Authentication Flowchart 
The switch re-authenticates a client when one of these situations occurs:              
Authentication Initiation and Message Exchange
            Page
              Authentication Manager
Port-Based Authentication Methods              
Per-User ACLs and Filter-Ids
              Authentication Manager CLI Commands
              Ports in Authorized and Unauthorized States
              802.1x Authentication and Switch Stacks
              802.1x Host Mode
Multidomain Authentication            
Page
              802.1x Multiple Authentication Mode
              MAC Move
MAC Replace              
802.1x Accounting
802.1x Accounting Attribute-Value Pairs              
802.1x Readiness Check
              802.1x Authentication with VLAN Assignment
              Using 802.1x Authentication with Per-User ACLs
              802.1x Authentication with Downloadable ACLs and Redirect URLs
            Page
              Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL
Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs                
VLAN ID-based MAC Authentication
              802.1x Authentication with Guest VLAN
              802.1x Authentication with Restricted VLAN
              802.1x Authentication with Inaccessible Authentication Bypass
Support on Multiple-Authentication Ports                
Authentication Results
Feature Interactions              
802.1x Authentication with Voice VLAN Ports
              802.1x Authentication with Port Security
              802.1x Authentication with Wake-on-LAN
              802.1x Authentication with MAC Authentication Bypass
              802.1x User Distribution
802.1x User Distribution Configuration Guidelines              
Network Admission Control Layer 2 802.1x Validation
Flexible Authentication Ordering              
Open1x Authentication
Using Voice Aware 802.1x Security                
802.1x Supplicant and Authenticator Switches with Network Edge Access  Topology (NEAT) 
              Guidelines
4                
1
2 3 5              
Using IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute
Common Session ID              
Configuring 802.1x Authentication
              Default 802.1x Authentication Configuration
              802.1x Authentication Configuration Guidelines
802.1x Authentication               
VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass
MAC Authentication Bypass                
Maximum Number of Allowed Devices Per Port
              Configuring 802.1x Readiness Check
              Configuring Voice Aware 802.1x Security
            Page
              Configuring 802.1x Violation Modes
              Configuring 802.1x Authentication
              Configuring the Switch-to-RADIUS-Server Communication
              Configuring the Host Mode
            Page
              Configuring Periodic Re-Authentication
              Manually Re-Authenticating a Client Connected to a Port
Changing the Quiet Period              
Changing the Switch-to-Client Retransmission Time
Setting the Switch-to-Client Frame-Retransmission Number              
Setting the Re-Authentication Number
              Enabling MAC Move
Enabling MAC Replace              
Configuring 802.1x Accounting
              Configuring a Guest VLAN
              Configuring a Restricted VLAN
            Page
              Configuring the Inaccessible Authentication Bypass Feature
            Page
            Page
              Configuring 802.1x Authentication with WoL
              Configuring MAC Authentication Bypass
              Configuring 802.1x User Distribution
              Configuring NAC Layer 2 802.1x Validation
              Configuring an Authenticator and a Supplicant Switch with NEAT
Configuring NEAT with Auto Smartports Macros              
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs
              Configuring Downloadable ACLs
Configuring a Downloadable Policy            
Page
              Configuring VLAN ID-based MAC Authentication
Configuring Flexible Authentication Ordering               
Configuring Open1x
              Disabling 802.1x Authentication on the Port
Resetting the 802.1x Authentication Configuration to the Default Values              
Displaying 802.1x Statistics and Status
            Page
              Configuring Web-Based Authentication
Understanding Web-Based Authentication              
Device Roles
Host Detection              
Session Creation
Authentication Process              
Local Web Authentication Banner
            Page
              Web Authentication Customizable Web Pages
Guidelines              
Web-based Authentication Interactions with Other Features
Port Security              
LAN Port IP
Gateway IP                
ACLs
Context-Based Access Control                
802.1x Authentication
              Configuring Web-Based Authentication
Default Web-Based Authentication Configuration                
Web-Based Authentication Configuration Guidelines and Restrictions
              Web-Based Authentication Configuration Task List
Configuring the Authentication Rule and Interfaces              
Configuring AAA Authentication
Configuring Switch-to-RADIUS-Server Communication             
Page
              Configuring the HTTP Server
Customizing the Authentication Proxy Web Pages             
Page
Specifying a Redirection URL for Successful Login              
Configuring an AAA Fail Policy
              Configuring the Web-Based Authentication Parameters
Configuring a Web Authentication Local Banner                
Removing Web-Based Authentication Cache Entries
              Displaying Web-Based Authentication Status
            Page
              Configuring Interface Characteristics
Understanding Interface Types              
Port-Based VLANs
Switch Ports              
Access Ports
Trunk Ports              
Switch Virtual Interfaces
EtherChannel Port Groups                
Dual-Purpose Uplink Ports
              Power over Ethernet Ports
Supported Protocols and Standards              
Powered-Device Detection and Initial Power Allocation
              Power Management Modes
              Power Monitoring and Power Policing
Maximum Power Allocation (Cutoff Power) on a PoE Port            
Page
              Connecting Interfaces
              Using the Switch USB Ports (Catalyst 2960-S Switches Only)
USB Mini-Type B Console Port                 
Console Port Change Logs
              Configuring the Console Media Type
              Configuring the USB Inactivity Timeout
              USB Type A Port 
12-15                
This is sample output from the show usb port command:
              Using Interface Configuration Mode
The switch supports these interface types:              
Procedures for Configuring Interfaces
              Configuring a Range of Interfaces
            Page
              Configuring and Using Interface Range Macros
              Using the Ethernet Management Port (Catalyst 2960-S Only)
              Understanding the Ethernet Management Port
Supported Features on the Ethernet Management Port              
Configuring the Ethernet Management Port
TFTP and the Ethernet Management Port              
Configuring Ethernet Interfaces
Default Ethernet Interface Configuration            
Page
              Setting the Type of a Dual-Purpose Uplink Port
              Configuring Interface Speed and Duplex Mode
Speed and Duplex Configuration Guidelines              
Setting the Interface Speed and Duplex Parameters
              Configuring IEEE 802.3x Flow Control 
              Configuring Auto-MDIX on an Interface
              Configuring a Power Management Mode on a PoE Port
              Budgeting Power for Devices Connected to a PoE Port
            Page
              Configuring Power Policing
              Adding a Description for an Interface 
              Configuring Layer 3 SVIs
              Configuring the System MTU
              Monitoring and Maintaining the Interfaces
              Monitoring Interface Status 
Clearing and Resetting Interfaces and Counters              
Shutting Down and Restarting the Interface
            Page
              Configuring VLANs
Understanding VLANs              
Supported VLANs
              VLAN Port Membership Modes
              Configuring Normal-Range VLANs
              Token Ring VLANs
              Normal-Range VLAN Configuration Guidelines 
Configuring Normal-Range VLANs               
Default Ethernet VLAN Configuration
              Creating or Modifying an Ethernet VLAN
              Deleting a VLAN
Assigning Static-Access Ports to a VLAN              
Configuring Extended-Range VLANs
              Default VLAN Configuration
Extended-Range VLAN Configuration Guidelines                
Creating an Extended-Range VLAN
            Page
              Displaying VLANs
Configuring VLAN Trunks                
Trunking Overview
              IEEE 802.1Q Configuration Considerations
              Default Layer 2 Ethernet Interface VLAN Configuration
Configuring an Ethernet Interface as a Trunk Port                
Interaction with Other Features
              Configuring a Trunk Port
              Defining the Allowed VLANs on a Trunk
              Changing the Pruning-Eligible List
Configuring the Native VLAN for Untagged Traffic              
Configuring Trunk Ports for Load Sharing
Load Sharing Using STP Port Priorities            
Page
              Load Sharing Using STP Path Cost
              Configuring VMPS
              Understanding VMPS
Dynamic-Access Port VLAN Membership              
Default VMPS Client Configuration
VMPS Configuration Guidelines              
Configuring the VMPS Client
Entering the IP Address of the VMPS                
Configuring Dynamic-Access Ports on VMPS Clients
              Reconfirming VLAN Memberships
Changing the Reconfirmation Interval                
Changing the Retry Count
              Monitoring the VMPS
              Troubleshooting Dynamic-Access Port VLAN Membership
VMPS Configuration Example              
13-29
Figure 13-4 Dynamic Port VLAN Membership Configuration            
Page
              Configuring VTP
Understanding VTP              
The VTP Domain 
              VTP Modes
              VTP Advertisements
              VTP Version 2
VTP Version 3              
VTP Pruning
            Page
VTP and Switch Stacks              
Configuring VTP
              Default VTP Configuration
VTP Configuration Guidelines              
Domain Names
Passwords                
VTP Version
Configuration Requirements              
Configuring VTP Mode
            Page
            Page
              Configuring a VTP Version 3 Password
Configuring a VTP Version 3 Primary Server              
Enabling the VTP Version
              Enabling VTP Pruning
Configuring VTP on a Per-Port Basis              
Adding a VTP Client Switch to a VTP Domain
              Monitoring VTP
              Configuring Voice VLAN
Understanding Voice VLAN              
Cisco IP Phone Voice Traffic
Cisco IP Phone Data Traffic              
Configuring Voice VLAN
Default Voice VLAN Configuration                
Voice VLAN Configuration Guidelines
              Configuring a Port Connected to a Cisco 7960 IP Phone
              Configuring Cisco IP Phone Voice Traffic 
              Configuring the Priority of Incoming Data Frames
            Page
            Page
              Configuring STP
Understanding Spanning-Tree Features              
STP Overview
              Spanning-Tree Topology and BPDUs
              Bridge ID, Switch Priority, and Extended System ID
              Spanning-Tree Interface States
              Blocking State
              Listening State
Learning State                
Forwarding State
Disabled State              
How a Switch or Port Becomes the Root Switch or Root Port
Spanning Tree and Redundant Connectivity              
Spanning-Tree Address Management
Accelerated Aging to Retain Connectivity              
Spanning-Tree Modes and Protocols
Supported Spanning-Tree Instances              
Spanning-Tree Interoperability and Backward Compatibility
STP and IEEE 802.1Q Trunks                
Spanning Tree and Switch Stacks
              Configuring Spanning-Tree Features
              Default Spanning-Tree Configuration
Spanning-Tree Configuration Guidelines            
Page
              Changing the Spanning-Tree Mode
              Disabling Spanning Tree
Configuring the Root Switch            
Page
              Configuring a Secondary Root Switch
Configuring Port Priority            
Page
              Configuring Path Cost
              Configuring the Switch Priority of a VLAN
              Configuring Spanning-Tree Timers
Configuring the Hello Time              
Configuring the Forwarding-Delay Time for a VLAN
Configuring the Maximum-Aging Time for a VLAN                
Configuring the Transmit Hold-Count 
              Displaying the Spanning-Tree Status
              Configuring MSTP
              Understanding MSTP
Multiple Spanning-Tree Regions              
IST, CIST, and CST
Operations Within an MST Region              
Operations Between MST Regions
              IEEE 802.1s Terminology
              Hop Count
Boundary Ports              
IEEE 802.1s Implementation
Port Role Naming Change                
Interoperation Between Legacy and Standard Switches
              Detecting Unidirectional Link Failure
              MSTP and Switch Stacks
Interoperability with IEEE 802.1D STP              
Understanding RSTP
Port Roles and the Active Topology              
Rapid Convergence
              Synchronization of Port Roles
              Bridge Protocol Data Unit Format and Processing
Processing Superior BPDU Information                
Processing Inferior BPDU Information
              Topology Changes
              Configuring MSTP Features
              Default MSTP Configuration
MSTP Configuration Guidelines              
Specifying the MST Region Configuration and Enabling MSTP
            Page
              Configuring the Root Switch
              Configuring a Secondary Root Switch
              Configuring Port Priority 
            Page
              Configuring Path Cost
              Configuring the Switch Priority
              Configuring the Hello Time
Configuring the Forwarding-Delay Time              
Configuring the Maximum-Aging Time
Configuring the Maximum-Hop Count              
Specifying the Link Type to Ensure Rapid Transitions
Designating the Neighbor Type                
Restarting the Protocol Migration Process
              Displaying the MST Configuration and Status
              Configuring Optional Spanning-Tree Features
Understanding Optional Spanning-Tree Features              
Understanding Port Fast
Understanding BPDU Guard              
Understanding BPDU Filtering
Understanding UplinkFast            
Page
              Understanding Cross-Stack UplinkFast
              How CSUF Works
Events that Cause Fast Convergence              
Understanding BackboneFast
            Page
            Page
              Understanding EtherChannel Guard
Understanding Root Guard              
Understanding Loop Guard
              Configuring Optional Spanning-Tree Features
Default Optional Spanning-Tree Configuration                
Optional Spanning-Tree Configuration Guidelines
              Enabling Port Fast
              Enabling BPDU Guard
              Enabling BPDU Filtering
              Enabling UplinkFast for Use with Redundant Links
              Enabling Cross-Stack UplinkFast
Enabling BackboneFast              
Enabling EtherChannel Guard
Enabling Root Guard              
Enabling Loop Guard
              Displaying the Spanning-Tree Status
              Configuring Flex Links and the MAC  Address-Table Move Update Feature
Understanding Flex Links and the MAC Address-Table  Move Update              
Flex Links
              VLAN Flex Link Load Balancing and Support
Flex Link Multicast Fast Convergence                
Learning the Other Flex Link Port as the mrouter Port
              Generating IGMP Reports
Leaking IGMP Reports                
Configuration Examples
            Page
              MAC Address-Table Move Update
              Configuring Flex Links and the MAC Address-Table Move  Update
              Default Configuration
              Configuring Flex Links
            Page
              Configuring VLAN Load Balancing on Flex Links
              Configuring the MAC Address-Table Move Update Feature
            Page
              Monitoring Flex Links and the MAC Address-Table  Move Update
              Configuring DHCP Features and IP Source Guard  Features
              Understanding DHCP Snooping
DHCP Server                
DHCP Relay Agent
DHCP Snooping            
Page
              Option-82 Data Insertion
            Page
              Circuit ID Suboption Frame Format
Remote ID Suboption Frame Format              
DHCP Snooping Binding Database
Circuit ID Suboption Frame Format (for user-configured string):                
Remote ID Suboption Frame Format (for user-configured string):
              DHCP Snooping and Switch Stacks
              Configuring DHCP Snooping
Default DHCP Snooping Configuration                
DHCP Snooping Configuration Guidelines
            Page
              Configuring the DHCP Relay Agent 
Enabling DHCP Snooping and Option 82            
Page
              Enabling the DHCP Snooping Binding Database Agent
              Displaying DHCP Snooping Information
Understanding IP Source Guard              
Source IP Address Filtering
Source IP and MAC Address Filtering                
IP Source Guard for Static Hosts
              Configuring IP Source Guard
Default IP Source Guard Configuration                
IP Source Guard Configuration Guidelines
              Enabling IP Source Guard
              Configuring IP Source Guard for Static Hosts
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port            
Page
              20-20
              20-21
This example displays all active IP or MAC binding entries for all interfaces:                
This example displays the count of all IP device tracking host entries for all interfaces:
              Displaying IP Source Guard Information
Understanding DHCP Server Port-Based Address Allocation                
Configuring DHCP Server Port-Based Address Allocation
              Default Port-Based Address Allocation Configuration
Port-Based Address Allocation Configuration Guidelines                
Enabling DHCP Server Port-Based Address Allocation
            Page
              Displaying DHCP Server Port-Based Address Allocation
            Page
              Configuring Dynamic ARP Inspection 
Understanding Dynamic ARP Inspection            
Page
              Interface Trust States and Network Security
              Rate Limiting of ARP Packets
Relative Priority of ARP ACLs and DHCP Snooping Entries                
Logging of Dropped Packets
              Configuring Dynamic ARP Inspection
Default Dynamic ARP Inspection Configuration              
Dynamic ARP Inspection Configuration Guidelines
              Configuring Dynamic ARP Inspection in DHCP Environments
            Page
              Configuring ARP ACLs for Non-DHCP Environments
            Page
              Limiting the Rate of Incoming ARP Packets
              Performing Validation Checks
              Configuring the Log Buffer
            Page
              Displaying Dynamic ARP Inspection Information
            Page
              Configuring IGMP Snooping and MVR
              Understanding IGMP Snooping
              IGMP Versions
Joining a Multicast Group            
Page
              Leaving a Multicast Group
Immediate Leave               
IGMP Configurable-Leave Timer
IGMP Report Suppression                
IGMP Snooping and Switch Stacks
              Configuring IGMP Snooping
Default IGMP Snooping Configuration                
Enabling or Disabling IGMP Snooping
              Setting the Snooping Method
              Configuring a Multicast Router Port
              Configuring a Host Statically to Join a Group
Enabling IGMP Immediate Leave              
Configuring the IGMP Leave Timer
              Configuring TCN-Related Commands
Controlling the Multicast Flooding Time After a TCN Event              
Recovering from Flood Mode
Disabling Multicast Flooding During a TCN Event              
Configuring the IGMP Snooping Querier
              Disabling IGMP Report Suppression
              Displaying IGMP Snooping Information
              Understanding Multicast VLAN Registration
              Using MVR in a Multicast Television Application
              Configuring MVR
Default MVR Configuration              
MVR Configuration Guidelines and Limitations
Configuring MVR Global Parameters              
Configuring MVR Interfaces
            Page
              Displaying MVR Information
Configuring IGMP Filtering and Throttling              
Default IGMP Filtering and Throttling Configuration
Configuring IGMP Profiles              
Applying IGMP Profiles
              Setting the Maximum Number of IGMP Groups
              Configuring the IGMP Throttling Action
              Displaying IGMP Filtering and Throttling Configuration
              Configuring Port-Based Traffic Control
Configuring Storm Control                
Understanding Storm Control
            Page
              Default Storm Control Configuration
Configuring Storm Control and Threshold Levels            
Page
              Configuring Small-Frame Arrival Rate
              Configuring Protected Ports
Default Protected Port Configuration                
Protected Port Configuration Guidelines
Configuring a Protected Port              
Configuring Port Blocking
Default Port Blocking Configuration                
Blocking Flooded Traffic on an Interface
              Configuring Port Security
              Understanding Port Security
Secure MAC Addresses              
Security Violations
              Default Port Security Configuration
Port Security Configuration Guidelines            
Page
              Enabling and Configuring Port Security
            Page
            Page
            Page
              Enabling and Configuring Port Security Aging
Port Security and Switch Stacks              
Displaying Port-Based Traffic Control Settings
            Page
            Page
              Configuring UDLD
Understanding UDLD                
Modes of Operation
              Methods to Detect Unidirectional Links
            Page
              Configuring UDLD
Default UDLD Configuration              
Enabling UDLD Globally
              Enabling UDLD on an Interface
Resetting an Interface Disabled by UDLD              
Displaying UDLD Status
            Page
              Configuring CDP
Understanding CDP                
CDP and Switch Stacks
              Configuring CDP
Default CDP Configuration              
Configuring the CDP Characteristics
Disabling and Enabling CDP              
Disabling and Enabling CDP on an Interface
              Monitoring and Maintaining CDP
            Page
              Configuring LLDP, LLDP-MED, and Wired  Location Service
Understanding LLDP, LLDP-MED, and Wired Location Service                
LLDP
              LLDP-MED
              Wired Location Service
            Page
              Configuring LLDP, LLDP-MED, and Wired Location Service
Default LLDP Configuration              
Enabling LLDP
Configuring LLDP Characteristics              
Configuring LLDP-MED TLVs
              Configuring Network-Policy TLV
              Configuring Location TLV and Wired Location Service
            Page
              Monitoring and Maintaining LLDP, LLDP-MED, and Wired  Location Service
            Page
              Configuring SPAN and RSPAN
Understanding SPAN and RSPAN              
Local SPAN
              Remote SPAN
              SPAN and RSPAN Concepts and Terminology
SPAN Sessions              
Monitored Traffic 
              Source Ports
              Source VLANs
VLAN Filtering              
Destination Port
RSPAN VLAN              
SPAN and RSPAN Interaction with Other Features
SPAN and RSPAN and Switch Stacks              
Configuring SPAN and RSPAN
              Default SPAN and RSPAN Configuration
Configuring Local SPAN                
SPAN Configuration Guidelines
              Creating a Local SPAN Session
            Page
              Creating a Local SPAN Session and Configuring Incoming Traffic
            Page
              Specifying VLANs to Filter
              Configuring RSPAN
RSPAN Configuration Guidelines              
Configuring a VLAN as an RSPAN VLAN
              Creating an RSPAN Source Session
              Creating an RSPAN Destination Session
              Creating an RSPAN Destination Session and Configuring Incoming Traffic
            Page
              Specifying VLANs to Filter
              Displaying SPAN and RSPAN Status
              Configuring RMON
Understanding RMON              
Configuring RMON
              Default RMON Configuration
Configuring RMON Alarms and Events            
Page
              Collecting Group History Statistics on an Interface
Collecting Group Ethernet Statistics on an Interface              
Displaying RMON Status
              Configuring System Message Logging
Understanding System Message Logging              
Configuring System Message Logging
System Log Message Format            
Page
              Default System Message Logging Configuration
Disabling Message Logging              
Setting the Message Display Destination Device
              Synchronizing Log Messages
            Page
              Enabling and Disabling Time Stamps on Log Messages
Enabling and Disabling Sequence Numbers in Log Messages              
Defining the Message Severity Level
              Limiting Syslog Messages Sent to the History Table and to SNMP
              Enabling the Configuration-Change Logger
              Configuring UNIX Syslog Servers
              Logging Messages to a UNIX Syslog Daemon
Configuring the UNIX System Logging Facility              
Displaying the Logging Configuration
              Configuring SNMP
Understanding SNMP              
SNMP Versions
              SNMP Manager Functions
              SNMP Agent Functions
SNMP Community Strings                
Using SNMP to Access MIB Variables 
              SNMP Notifications
SNMP ifIndex MIB Object Values              
Configuring SNMP
Default SNMP Configuration              
SNMP Configuration Guidelines
Disabling the SNMP Agent              
Configuring Community Strings
              Configuring SNMP Groups and Users
            Page
            Page
              Configuring SNMP Notifications
            Page
            Page
              Setting the CPU Threshold Notification Types and Values
              Setting the Agent Contact and Location Information
Limiting TFTP Servers Used Through SNMP              
SNMP Examples
              Displaying SNMP Status
              Configuring Network Security with ACLs
Understanding ACLs              
Supported ACLs
              Port ACLs
Router ACLs              
Handling Fragmented and Unfragmented Traffic
              ACLs and Switch Stacks
              Configuring IPv4 ACLs
              Creating Standard and Extended IPv4 ACLs
Access List Numbers              
Creating a Numbered Standard ACL
              Creating a Numbered Extended ACL
            Page
            Page
            Page
              Resequencing ACEs in an ACL
Creating Named Standard and Extended ACLs            
Page
              Using Time Ranges with ACLs
              Including Comments in ACLs
              Applying an IPv4 ACL to a Terminal Line
              Applying an IPv4 ACL to an Interface
              Hardware and Software Treatment of IP ACLs
Troubleshooting ACLs              
IPv4 ACL Configuration Examples
              Numbered ACLs
Extended ACLs                
Named ACLs
Time Range Applied to an IP ACL                
Commented IP ACL Entries
              Creating Named MAC Extended ACLs
              Applying a MAC ACL to a Layer 2 Interface
              Displaying IPv4 ACL Configuration
            Page
            Page
              Configuring Cisco IOS IP SLAs Operations
              Understanding Cisco IOS IP SLAs
              Using Cisco IOS IP SLAs to Measure Network Performance
              IP SLAs Responder and IP SLAs Control Protocol 
Response Time Computation for IP SLAs               
Configuring IP SLAs Operations
Default Configuration                
Configuring the IP SLAs Responder
              Monitoring IP SLAs Operations
              Configuring QoS
              Understanding QoS
            Page
              Basic QoS Model
              Classification
            Page
              33-7
Figure 33-3 Classification Flowchart              
Classification Based on QoS ACLs 
Classification Based on Class Maps and Policy Maps              
Policing and Marking
              Policing on Physical Ports
              Mapping Tables
              Queueing and Scheduling Overview
              Weighted Tail Drop
              SRR Shaping and Sharing
33-15              
Queueing and Scheduling on Ingress Queues
Figure 33-7 shows the queueing and scheduling flowchart for ingress ports.                
Figure 33-7 Queueing and Scheduling Flowchart for Ingress Ports
              WTD Thresholds
Buffer and Bandwidth Allocation                
Priority Queueing
              Queueing and Scheduling on Egress Queues
            Page
              Buffer and Memory Allocation
WTD Thresholds                
Shaped or Shared Mode
              Packet Modification
              Configuring Auto-QoS
              Generated Auto-QoS Configuration
VOIP Device Specifics              
Enhanced Auto-QoS for Video, Trust, and Classification
              Auto-QoS Configuration Migration
              Global Auto-QoS Configuration
              33-26
The switch automatically maps  DSCP values to an ingress queue  and to a threshold ID.                
Note Catalyst 2960-S switches 
do not support ingress  queueing.                
Table 33-5 Generated Auto-QoS Configuration (continued)
              33-27
The switch automatically maps  DSCP values to an egress queue  and to a threshold ID.                
Table 33-5 Generated Auto-QoS Configuration (continued)
Description Automatically Generated Command {voip}                
Enhanced Automatically Generated  Command{Video|Trust|Classify}
              Auto-QoS Generated Configuration For VoIP Devices
              Auto-QoS Generated Configuration For Enhanced Video, Trust, and Classify Devices
              33-30
              33-31
This is the enhanced configuration for the auto qos voip cisco-phone command:                
This is the enhanced configuration for the auto qos voip cisco-softphone command:
              Effects of Auto-QoS on the Configuration
Auto-QoS Configuration Guidelines                
Auto-QoS Enhanced Considerations
              Enabling Auto-QoS 
              Troubleshooting Auto QoS Commands
              Displaying Auto-QoS Information
Configuring Standard QoS              
Default Standard QoS Configuration
Default Ingress Queue Configuration              
Default Egress Queue Configuration
Default Mapping Table Configuration              
Standard QoS Configuration Guidelines
QoS ACL Guidelines              
Policing Guidelines
General QoS Guidelines              
Enabling QoS Globally
Configuring Classification Using Port Trust States                
Configuring the Trust State on Ports within the QoS Domain
            Page
              Configuring the CoS Value for an Interface
              Configuring a Trusted Boundary to Ensure Port Security
              Enabling DSCP Transparency Mode
              Configuring the DSCP Trust State on a Port Bordering Another QoS Domain
            Page
              Configuring a QoS Policy
              Classifying Traffic by Using ACLs
            Page
            Page
              Classifying Traffic by Using Class Maps
            Page
              Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps 
            Page
            Page
            Page
              33-57
This example shows how to configure default traffic class to a policy map:                
33-58
              Classifying, Policing, and Marking Traffic by Using Aggregate Policers
Note To use policing and marking, the switch must be running the LAN Base image.            
Page
            Page
              Configuring DSCP Maps
Configuring the CoS-to-DSCP Map              
Configuring the IP-Precedence-to-DSCP Map
              Configuring the Policed-DSCP Map
              Configuring the DSCP-to-CoS Map
              Configuring the DSCP-to-DSCP-Mutation Map
            Page
              Configuring Ingress Queue Characteristics
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds            
Page
              Allocating Buffer Space Between the Ingress Queues
              Allocating Bandwidth Between the Ingress Queues
              Configuring the Ingress Priority Queue
              Configuring Egress Queue Characteristics
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set            
Page
              Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID
            Page
              Configuring SRR Shaped Weights on Egress Queues
              Configuring SRR Shared Weights on Egress Queues
              Configuring the Egress Expedite Queue
Limiting the Bandwidth on an Egress Interface              
Displaying Standard QoS Information
            Page
              Configuring Static IP Unicast Routing
Understanding IP Routing              
Types of Routing
IP Routing and Switch Stacks              
Steps for Configuring Routing 
              Enabling IP Unicast Routing 
Assigning IP Addresses to SVIs              
Configuring Static Unicast Routes
Monitoring and Maintaining the IP Network            
Page
              Configuring IPv6 Host Functions
Understanding IPv6               
IPv6 Addresses
Supported IPv6 Host Features              
128-Bit Wide Unicast Addresses 
DNS for IPv6                
ICMPv6 
Neighbor Discovery              
IPv6 Stateless Autoconfiguration and Duplicate Address Detection
IPv6 Applications                 
Dual IPv4 and IPv6 Protocol Stacks
              SNMP and Syslog Over IPv6
HTTP(S) Over IPv6                
IPv6 and Switch Stacks
              Configuring IPv6
Default IPv6 Configuration              
Configuring IPv6 Addressing and Enabling IPv6 Host 
            Page
              Configuring IPv6 ICMP Rate Limiting
              Configuring Static Routes for IPv6
              Displaying IPv6
            Page
              35-13
This is an example of the output from the show ipv6 neighbor privileged EXEC command:                
This is an example of the output from the show ipv6 route privileged EXEC command:
This is an example of the output from the show ipv6 traffic privileged EXEC command.            
Page
              Configuring IPv6 MLD Snooping
              Understanding MLD Snooping
              MLD Messages
MLD Queries                
Multicast Client Aging Robustness
              Multicast Router Discovery
MLD Reports                
MLD Done Messages and Immediate-Leave
Topology Change Notification Processing                
MLD Snooping in Switch Stacks 
              Configuring IPv6 MLD Snooping
              Default MLD Snooping Configuration
MLD Snooping Configuration Guidelines              
Enabling or Disabling MLD Snooping
              Configuring a Static Multicast Group
Configuring a Multicast Router Port              
Enabling MLD Immediate Leave
              Configuring MLD Snooping Queries
              Disabling MLD Listener Message Suppression
              Displaying MLD Snooping Information
              Configuring EtherChannels and Link-State  Tracking
              Understanding EtherChannels
EtherChannel Overview            
Page
              Port-Channel Interfaces
              Port Aggregation Protocol
              PAgP Modes 
PAgP Interaction with Virtual Switches and Dual-Active Detection                
PAgP Interaction with Other Features 
              Link Aggregation Control Protocol
LACP Modes                
LACP Interaction with Other Features 
              EtherChannel On Mode
Load Balancing and Forwarding Methods            
Page
              EtherChannel and Switch Stacks
              Configuring EtherChannels
Default EtherChannel Configuration              
EtherChannel Configuration Guidelines
              Configuring Layer 2 EtherChannels 
            Page
              Configuring EtherChannel Load Balancing
              Configuring the PAgP Learn Method and Priority
            Page
              Configuring LACP Hot-Standby Ports
Configuring the LACP System Priority              
Configuring the LACP Port Priority
              Displaying EtherChannel, PAgP, and LACP Status
Understanding Link-State Tracking            
Page
              37-22
Figure 37-6 Typical Link-State Tracking Configuration              
Configuring Link-State Tracking
Default Link-State Tracking Configuration                
Link-State Tracking Configuration Guidelines
Configuring Link-State Tracking              
Displaying Link-State Tracking Status
              Troubleshooting
              Recovering from a Software Failure
              Recovering from a Lost or Forgotten Password
              Procedure with Password Recovery Enabled
            Page
              Procedure with Password Recovery Disabled
            Page
              Preventing Switch Stack Problems
Recovering from a Command Switch Failure              
Replacing a Failed Command Switch with a Cluster Member
            Page
              Replacing a Failed Command Switch with Another Switch
              Recovering from Lost Cluster Member Connectivity
Preventing Autonegotiation Mismatches              
Troubleshooting Power over Ethernet Switch Ports
Disabled Port Caused by Power Loss                
Disabled Port Caused by False Link Up
SFP Module Security and Identification              
Monitoring SFP Module Status
Using Ping                
Understanding Ping 
Executing Ping              
Using Layer 2 Traceroute
              Understanding Layer 2 Traceroute
Usage Guidelines                
Displaying the Physical Path
              Using IP Traceroute
Understanding IP Traceroute               
Executing IP Traceroute
              Using TDR
Understanding TDR                
Running TDR and Displaying the Results
              Using Debug Commands
Enabling Debugging on a Specific Feature              
Enabling All-System Diagnostics
Redirecting Debug and Error Message Output              
Using the show platform forward Command
              Using the crashinfo Files
Basic crashinfo Files                
Extended crashinfo Files
              Using On-Board Failure Logging
Understanding OBFL              
Configuring OBFL
Displaying OBFL Information              
Memory Consistency Check Routines
Displaying TCAM Memory Consistency Check Errors              
Troubleshooting Tables
              Troubleshooting CPU Utilization
Possible Symptoms of High CPU Utilization                 
Verifying the Problem and Cause
              Troubleshooting Power over Ethernet (PoE)
            Page
            Page
              Troubleshooting Switch Stacks
            Page
            Page
              Configuring Online Diagnostics 
Understanding How Online Diagnostics Work              
Scheduling Online Diagnostics
Configuring Health-Monitoring Diagnostics              
Running Online Diagnostic Tests
Starting Online Diagnostic Tests              
Displaying Online Diagnostic Tests and Test Results
              39-5
This example sh ows how to display the online diagnostics that are configured on a switch:                
This example  shows how to display the online diagnostic resu lts for a switch:
This exampl e shows how  to display the online diagnos tic test status:                
Table 39-1 show diagnostic Commands
              39-6
This example shows how to display the online diagnostic test schedule for a switch:              
A
Working with the Cisco IOS File System,  Configuration Files, and Software Images                
Working with the Flash File System
              Displaying Available File Systems
              Setting the Default File System
Displaying Information about Files on a File System              
Changing Directories and Displaying the Working Directory
Creating and Removing Directories              
Copying Files
Deleting Files              
Creating, Displaying, and Extracting tar Files
Creating a tar File              
Displaying the Contents of a tar File
Extracting a tar File                
Displaying the Contents of a File
              Working with Configuration Files
              Guidelines for Creating and Using Configuration Files
              Configuration File Types and Location n 
Creating a Configuration File By Using a Text Editor                
Copying Configuration Files By Using TFTP
              Preparing to Download or Upload a Configuration File B y Using TFTP
Downloading the Configuration File By Using TFTP                
Uploading the Configuration File By Using TFTP
              Copying Configuration Files By Using FTP
              Preparing to Download or Upload a Configuration File By Using FTP
Downloading a Configuration File By Using FTP            
Page
Uploading a Configuration File By Using FTP              
Copying Configuration Files By Using RCP
              Preparing to Download or Upload a Configuration File By Using RCP
              Downloading a Configuration File By Using RCP
              Uploading a Configuration File By Using RCP
              Clearing Configuration Information
Clearing the Startup Configuration File                
Deleting a Stored Configuration File
Replacing and Rolling Back Configurations                
Understanding Configuration Replacement and Rollback
              Archiving a Configuration
Replacing a Configuration                
Rolling Back a Configuration
              Configuring the Configuration Archive
              Performing a Configuration Replacement or Rollback Operation
              Working with Software Images
              Image Location on the Switch
tar File Format of Images on a Server or Cisco.com              
Copying Image Files By Using TFTP
Preparing to Download or Upload an Image File By Using TFTP              
Downloading an Image File By Using TFTP
            Page
Uploading an Image File By Using TFTP              
Copying Image Files By Using FTP
              Preparing to Download or Upload an Image File By Using FTP
              Downloading an Image File By Using FTP
            Page
              Uploading an Image File By Using FTP
              Copying Image Files By Using RCP
Preparing to Download or Upload an Image File By Using RCP              
Downloading an Image File By Using RCP
            Page
              Uploading an Image File By Using RCP
              Copying an Image File from One Stack Member to Another
            Page
              B
Supported MIBs                
MIB List
            Page
            Page
              Using FTP to Access the MIB Files
              C
Unsupported Commands in  Cisco IOS Release 12.2(55)SE                
Access Control Lists
              Boot Loader Commands
Debug Commands                
IGMP Snooping Commands
              Interface Commands
Unsupported Interface Configuration Commands                
MAC Address Commands
              Miscellaneous
Network Address Translation (NAT) Commands                
QoS
Unsupported Interface Configuration Commands                
Unsupported Policy-Map Configuration Command
              RADIUS
SNMP              
SNMPv3
Spanning Tree                
VLAN
Unsupported VLAN Database Commands              
VTP
            Page
              A
Recommendations for Upgrading a  Catalyst 2950 Switch to a Catalyst 2960 Switch                
Configuration Compatibility Issues
            Page
            Page
            Page
              Feature Behavior Incompatibilities
            Page
               
INDEX                
A
            Page
               
B              
 
C            
Page
            Page
               
D            
Page
            Page
            Page
               
E              
 
F              
 
G                
H
               
I            
Page
            Page
               
J                
L
               
M            
Page
            Page
            Page
               
N              
 
O                
P
            Page
            Page
               
Q            
Page
               
R            
Page
            Page
               
S            
Page
            Page
            Page
            Page
            Page
               
T            
Page
               
U              
 
V            
Page
               
W