This gu ide i s for the net working profession al m anaging the Ca talyst 2960 and 29 60-S swi tches, hereaf ter re ferred t o as th e switch .
Enter th e sho w lic ense pr iv ilege d EXEC c ommand, an d see w hich is th e acti ve image: Switch# show license
For inform ation abou t the Net work Admissi on Control (N A C) featur es, see th e Network A dmission Contr ol Software Configuration Gu ide. Information a bout Cisco SFP , SFP+, and GBIC modules is av ailable from this Cisco.
CH A P T E R 1-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 1 Overview This c hapter p rovides these topics a bout t he C atalyst 29 60 a nd 2960-S switch software : .
1-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s Ease -of-Dep loyme nt and Eas e-of-Use F eatur es • Express Se tup for quickly configur.
1-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • Cisco FlexStack tec hnology on Catal yst 2960-S sw itches runn ing the LAN ba se image for – Connecting u p to four swi tches through their FlexSta ck ports to o perate as a single switch in t he network.
1-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s Performa nce Featu res • Cisco EnergyWise manages the en ergy usage of en d points in cludi ng power ov er Etherne t (PoE) devices and n on-Ci sco devices.
1-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • IGMP throttl ing for conf iguring the ac tion when the maximum numb er of entries is in the IGMP forwarding ta ble. • IGMP lea ve timer for conf iguring the lea v e latenc y for the netw ork.
1-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • Cisco IO S Configuration Engine (previously k nown to as the Cisco IOS CNS agen t)-—C onfiguration service aut omat es the deploym ent and m anagem ent of netwo rk devices and services .
1-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • In-band mana gement acc ess thro ugh the device m anag er over a Net scape Navigator or M.
1-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • USB mi ni-T ype B cons ole po rt in additi on to th e st andard RJ-45 consol e port . Co nsole inp ut is active on only one port at a t ime.
1-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features – Loop gu ard for pr ev enting alterna te or roo t ports fr om bec oming d esignat ed port .
1-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • Support for VT P version 3 that i ncludes support for c onfiguring ext ended r ange .
1-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • Dynamic ARP insp ection to pre vent mali cious attacks on t he swi tch b y not r elayi ng in valid ARP requests and responses to other ports in the same VLAN • IEEE 802.
1-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s Note T o use v oic e aw are 802.1 x authe ntication , the switc h must be runnin g the LAN Base image. – MA C authen ticat ion bypass to author ize cl ients ba sed on the client M A C addre ss.
1-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features • Support for cr itical VLAN with multi ple-host aut hentication so that when a port is co.
1-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Feature s • Policing Note T o use polic y maps, the switch must be runnin g the LAN Base image .
1-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Features Note T o use Auto -QoS enha ncemen ts, the switc h must be runnin g the LAN Base imag e.
1-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Default Set tings A fter Initial Sw itch Conf iguration • T ime Domai n Reflect or (TDR) t o dia.
1-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Default Settings After Initial Switch Configuration • IEEE 8 02.1x is d isabled. For more infor matio n, see Chapte r 10, “C onf i guring IEEE 802. 1x Port-Based Auth entication.
1-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Netwo rk Configura tion Examp les • MVR is disabled. F or more inform ation, see Chapter 22 , “ Configuring IGM P Snoopin g and MVR. ” Note T o us e MVR, the sw itch m ust b e runnin g the LAN Bas e imag e.
1-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Network Configuration Examples Design Co ncepts fo r Using the Switch As your network user s compe te for network b andw idth, i t takes lon ger to send and re ceive data.
1-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Netwo rk Configura tion Examp les Y o u can u se the switches an d switch sta cks to create the follo wing: • Catalyst 29 60-S switches.
1-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Network Configuration Examples Figur e 1 -1 Cost-Ef f ective W ir ing C loset • Serv er aggr e gati.
1-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Netwo rk Configura tion Examp les Figu re 1 - 2 S erver Aggregati on Small to Medium-Sized Ne twork Using Catalyst 2960 an d 2960-S Switch es Figure 1-3 shows a configurat ion for a networ k of up t o 500 employees.
1-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 Overview Network Configuration Examples Figur e 1 -3 Collapsed Bac kbone Confi gura tion Long-Distan ce, High-Ba ndwidth T ransport C onfiguration Note T o u se CW DM SF Ps , the s wit ch mu st b e run nin g th e LAN Base ima ge.
1-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Ch apter 1 Ov erv iew Where to Go Nex t Figur e 1 -4 Long-Distanc e, High-Bandw idth T ran spor t Configur ation Where t.
CH A P T E R 2-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 2 Using the Command-Line Interface This c hapte r descr ibes t he Cisc o IOS comm and-li ne in terface ( CLI) and how to use it to configure your Catalyst 296 0 or 2960-S switch.
2-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding Com mand M odes Ta b l e 2 - 1 describ es the ma in comm and mod es, how to access ea ch one, the prompt you see in th at mode , and how to exit the mode.
2-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Understa nding th e Help Syst em For more detail ed info rmat ion on the command mode s, see the c omma nd refe rence g uide for th is rel ease.
2-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding no and defa ult Form s of Commands Understandin g no and def ault Forms of Commands Almos t e very co nf igur ation co mmand also has a no for m.
2-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Using Com mand History comm and was en tered, and the parser r etur n code fo r the c omman d.
2-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Using E diting Feature s Recalling Commands T o rec all co mman ds from the hi story buffer , perform one of t he actions listed i n Ta b l e 2 - 4 .
2-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Featu res T o re-enable the enhanced editing mode for the cur.
2-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Using E diting Feature s Editing C ommand Lines that Wrap Y ou can use a w raparo und f eature for c omma nds tha t extend b eyond a single l ine o n the scre en.
2-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 Using the Comma nd-Line In terface Searching and Filtering Output of show and m ore Commands The soft ware assum es you have a termin al screen that i s 80 col umns wide .
2-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Access ing the CLI T o deb ug a spe cifi c st ack mem ber , you c an acce ss it from the s tack master by usin g the session stac k-member -num ber privileged EXE C comma nd.
CH A P T E R 3-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 3 Assigning the Switch IP Address and Default Gateway This chap ter de scribe s ho w to creat e the initi al.
3-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion The nor mal b oot p rocess involv es the opera tion of the boot lo ader software, which perfo rms the se acti vities: • Performs lo w-le vel CPU initializatio n.
3-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information .
3-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion The DH CP server for y our sw itch can be on the same LA N or on a different LA N than the s witch.
3-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information The DH CP hostn ame option allows a grou p of swi tches t o obtain hostnam es an d a sta ndard c onfiguration from the ce ntral ma nage ment DHCP s erv er .
3-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion Limitations and Restrictio.
3-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Depending on the settings of the DHCP serv er , the switch can recei ve IP address informatio n, the configurat ion file, or b oth.
3-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion If you specify the T FTP s.
3-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Figu re 3-2 Rel ay Devi c.
3-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion Note The switch br oadcas.
3-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information TFTP Serve r Conf iguration (on UNIX) The TF TP server base di rectory is set to / tftpserver/wor k/.
3-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion This e xample sh ow s ho .
3-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information This example shows ho w .
3-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch In format ion Configuring the Client Be.
3-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Chec king and Savin g the Runni ng Co nfig ura tion M.
3-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Checking and Saving th e Running Con figuration enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0 ! . <output truncated> .
3-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Beginn ing in p r.
3-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration Default Boot Configuration Ta b l e 3 - 3 shows the d efault bo ot-up c onfiguration.
3-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration T o return to the default setting, use the no boot config-f ile glo bal configurat ion comma nd.
3-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration Booting a Specific Software Image By default, the switch attempts to automatic ally boot up the system using infor mation in the BOO T en vironment v ariab le.
3-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Controlling Envir.
3-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Reload of the Software Image Scheduling a Re.
3-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Schedul ing a Reload of the Sof tware Image Configur .
3-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Reload of the Software Image Displaying S ch.
CH A P T E R 4-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 4 Configuring Cisco IOS Configuration Eng ine This c hapter d escrib es how to configure the f eature on th e Cata lyst 2960 and 2960-S switche s. Note For complete conf iguration information for the Cisco Conf igurati on Engine, go to http://www .
4-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software Figur e 4-1 Con.
4-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco Configuration Engine Software Event Servic e The Ci sco C onfiguration Engine uses t he Event Se rvice for re ceipt and g enerat ion of configurat ion e v ents.
4-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software DeviceID Each c.
4-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco IOS Agents Understandin g Cisco IOS Age nts The CNS e vent agent feature allo ws the switch to publish and subscribe to e v ents on the e v ent b us and works with the Cisc o IOS agent.
4-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Incremental (Partial) Configur ation After t he ne twork i s runn ing, new serv ices c an b e adde d by usi ng the Cisco IOS a gent.
4-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Note For more informatio n about running the setup program and creating templ ates on the Config uration Engine , see the Cisc o Configuration En gine I nstallat ion and Setup Guide, 1.
4-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Beginn ing in pri vileg ed EXEC mode, f.
4-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Enabling th e Cisco IOS C NS Agent After enabling th e CNS e vent agent , start t he Cisco IOS CNS agent o n the switc h.
4-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Step 7 discover { contr oller contr ol.
4-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents T o disab le th e CNS C isco IO S agent , us e the no cns conf ig initial { ip- addr ess | hostname } globa l configurati on c ommand.
4-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents This e xample sho ws ho w to c onf igure a n initial c onf iguratio n on a remote swi tch when the switch IP address is kn own.
4-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Displaying CNS Configuration Displaying CNS Configuration T able .
4-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 4 Configuring Cisco IOS Configuration Engine Displaying CNS Con figuration.
CH A P T E R 5-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 5 Administering the Switch This ch apter d escr ibes how to perfor m one- time ope rati ons to adm inister the Ca talyst 296 0 and 2960- S switches. Unless otherwise noted, the term switch refer s to a standa lone switch and to a switc h stack.
5-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date • Enter the sh o w ver sion pri vile ged EXE C command. Th e line that sh o ws the product ID also end s in either -L (if running the LA N base im age) or -S ( if runn ing the LAN Li te image ).
5-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The system c lock keep s trac k of wh ether the t ime i s authoritative or not (th at is, whether it has been set by a time source con sidered to be au thoritati ve).
5-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Figure 5-1 sho ws a typic al network examp le using NTP . Switch A is the NTP master , with Switch es B, C, and D configure d in NTP server mod e, in server asso ciatio n with Switch A.
5-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring NTP The switc h does not have a .
5-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date T o disab le N TP auth en tica tio n, use th e no ntp authenticate global co nfigurati on comma nd.
5-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Beginning in privileged EXE C mode, foll ow .
5-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date The switc h can send or re ceive NTP broadcast pac.
5-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te T o di sable a n inte rface fr om rece iving NTP broadc ast pac kets, use the no ntp broadcast client interfa ce configurat ion c omma nd.
5-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date The ac cess group keywords are sc anned i n thi s ord er , from l east restric tiv e to most r estrictive: 1.
5-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Disabling N TP Service s on a S pecifi c Interface NTP service s are enabled on all interfa ces b y def ault.
5-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Displaying the NTP Config uration Y ou can use tw.
5-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Displaying the Time and Dat e Configuration T o display the time and date conf iguration , use the show clock [ det ail ] p ri vile ged E XEC co mmand .
5-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Configuring Summer Time (Daylight Saving Ti me) B.
5-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Confi guring a S ystem Name an d Prompt Beginning in privileged EX EC mode, fol low .
5-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Configur ing a System Nam e and Prom pt For complete syntax and usag e informat ion for the commands used in this se ction, from the Cisco .
5-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Confi guring a S ystem Name an d Prompt T o keep track o f doma in na mes, I P has def ined the c oncept of a d omain name serv er , which h olds a cach e (or dat abase) of na mes map ped to IP a ddresses.
5-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Creating a Banner If you u se t he switc h IP ad dress a s its hostnam e, the IP a ddress i s used and no DNS query oc curs. I f you configure a ho stname tha t contai ns no periods (.
5-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Creat ing a Bann er Configurin g a Mess age-of-the -Day Log in Bann er Y o u can cr eate a sing le or mult iline message banner tha t appears on th e screen when someo ne logs in to the switch.
5-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le Configurin g a Login B anner Y ou can co nfigure a lo gin ba nner to be displ ayed on all c onnect ed ter minal s.
5-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e These sec tions co ntain this co nfiguration info .
5-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le MAC Addr esses an d Switch Sta cks The MA C address ta bles on all sta ck members are sy nchron ized.
5-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e Removi ng Dynami c Addres s Entries T o re move all dyna mic en tries, use the clea r ma c a ddress- tab le dy nami c comm and in pr ivileged EXE C mode.
5-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le T o disabl e MA C addr ess-ch ange n otif icati on tra ps, us e the no snmp-ser ve r enable tra ps mac-no tificati on cha nge globa l configurati on com mand.
5-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e Configuring MAC Addre ss Move Notification Traps W.
5-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le Configuring MAC Thresh old Noti fication Traps When.
5-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e T o disable MA C address-threshold n otific ation trap s, use the no snmp -server ena ble traps mac-notif ication thr eshold global configuration co mmand .
5-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le T o remove st atic en tri es fr om t he addr ess ta ble, u se the no mac addre ss-table static m ac-add r vlan vlan-i d [ interface interface-id ] global configura tion co mman d.
5-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managin g the MAC Ad dress Tabl e Beginning i n privileged EX EC mo de, follo w thes.
5-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the MAC A ddress Tab le • If you disab le MAC address l earni ng o n a VL.
5-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 5 Administer ing the Switch Managi ng the ARP Table Managing the ARP Ta ble T o commu nicate with a device (over Ethern et, for exam ple ), the softwa re first must lea rn the 48-b it MAC address o r the l ocal dat a lin k address o f that device.
5-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 5 Administering the Switch Managin g the ARP Table.
CH A P T E R 6-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 6 Clustering Switches This ch apter pr ov ides the co ncepts an d proce dures t o create an d mana ge Cat alyst 2960 and 2960 -S swit ch cl u ster s. Un les s ot her wis e no ted, th e ter m switch ref ers to a stan dalone swit ch and t o a switch stack.
6-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Underst anding Swit ch Clusters Understandin g Switch Clust ers A switc h cluster i s a set of up to 1 6 connected, clus ter -capable Cataly st switches th at are manage d as a single en tity .
6-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Underst anding Sw itch Cl usters Cluster Command Switc h Characteristics A cluster co mmand switch must me et these req uirements : • It is running Cisco IOS Release 12.
6-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Underst anding Swit ch Clusters Note Standby cluster comma nd switches must be the same type of switches as the cluster command switc h.
6-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Planning a Switch Cl uster Anticipatin g conflicts and compatib ility issues is a high priority when you manage se veral switches through a cl uster .
6-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Discovery Through CDP Hops By usin g CDP , a cluster comman d switch ca n disco ver switch es up to se v en CDP hops aw ay (the de fa ult is three hop s) from the edge of the c luster .
6-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Discovery Through Non-CDP-Capabl e and Noncluster-Capable De.
6-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Figur e 6-3 Discov ery Thr oug h Diff er ent VLANs Discovery Thr.
6-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Figur e 6-4 Discov ery Thr oug h Diff er ent Manag ement VLA.
6-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Figur e 6-5 Discov ery of N ewly Insta lled S witc hes HSRP and.
6-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Virtual IP Addresses Y ou need to as sign a unique vir tual I P addre ss and gr oup numbe r and nam e to the cluster stand by group.
6-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster Catalyst 190 0, Catalyst 282 0, Catalyst 290 0 XL, Catalyst 2950, and Ca talyst 3500 XL clust er member switches mu st be conne cted to the cl uster stan dby group thro ugh their ma nageme nt VLANs.
6-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er When the pre viously a cti ve cluster command swi tch resu .
6-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Planning a Sw itch Cluster If yo u chan ge the member - switch passw ord to be d if feren .
6-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Planni ng a Swi tch Clust er Recall that sta ck members w ork together to beha v e as a unif ied system (as a single switch stack) in the network a nd ar e prese nted to the ne twork as such by Layer 2 an d Layer 3 pr otocol s.
6-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Using the CLI to Ma nage Swit ch Clusters TACACS+ an d RADIUS If T erminal Access Co ntroller Acc ess Control System Plus (T A CA CS+) is co nfig ured on a c luster member, it must be configured on all clus ter memb ers.
6-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 6 Clus tering Switche s Using S NMP to Ma nage Swit ch Cl usters Command-switch pri vileg e le ve ls map t o the.
6-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 6 Clustering Switches Using SNMP to Ma nage Sw itch Clusters Figur e 6-7 SNMP Manag ement f or a Clust er Tr a p.
CH A P T E R 7-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 7 Managing Switch Stacks This ch apter p rovid es the c oncep ts and pr ocedu res to ma nage Catal yst 296 0-S s tack s, also r eferre d to as Cisco FlexSt acks.
7-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Ev ery member is uniquely identif ied b y its o wn stac k member numbe r . All members ar e eligib le masters. I f the master becomes una vailable, t he remaining m embers elect a ne w master from among th emselves.
7-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks – Stack Mana gement Connectivity , pa ge 7-14 – Sta ck Co nf .
7-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Figur e 7 -1 Cr eating a S witch Stac k fr om T w o Standalon e S.
7-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Master Election The st ack master is el ected based on o ne of t hese factor s in t he orde r liste d: 1. The swi tch that is currently the sta ck master .
7-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Stack MA C Address The MA C addr ess of the ma ster deter mines the st ack MA C addres s.
7-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Member Prio rity Values A high priority v alue for a member increases the chance th at it will be elected mast er and keep its member num ber .
7-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks If you add a pro visioned switch that is a dif f erent type tha n.
7-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Note If the switch stack does not contain a pro visioned conf iguration for a ne w switch, the switch join s the stack wi th the d efault interface c onfigurati on.
7-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks Minor Version Number Inco mpatibility Among Switches Switches with the same major ver sion number b ut with a dif ferent minor versio n number as the master are co nsider ed par tially compatib le.
7-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks • Automati c advise (au to-advise )—when t he auto-upg rade .
7-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Old image for switch 1:flash1: *Mar 11 20:36:15.
7-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Incompatible S oftware and Member Image Up grades Y ou can upgra.
7-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Underst anding Sta cks • “Sp anning Tree and Switch Stack s” section on page 16-1.
7-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Unders tanding Stacks Stack Th rough Console Ports Y ou can conne ct to the ma ster thr ough th e console port of on e or more mem bers. Be careful when u sing multiple CLI sessions to the master .
7-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Conf ig uri ng t he Sw it ch St ack Data Recov ery After Stack T opology C hange s When you add or re move a stack member, the stack topol ogy chan ges.
7-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Configuring the Switch Stack Default Switch Stack Configuration Ta b l e 7 - 3 shows the d efault sw itch st ack c onfiguration . Enabling P ersistent MA C Address The MAC address of the ma ster de termin es the stack M A C address.
7-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Conf ig uri ng t he Sw it ch St ack Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to enab le persistent MA C address. This procedur e is optional.
7-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Configuring the Switch Stack This exam ple shows how to configur e the persist ent MAC.
7-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Conf ig uri ng t he Sw it ch St ack Setting the Member Prio rity Value Note This task is av ailable o nly from the master .
7-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Accessing the CLI of a Specific Member T o remo v e pro vision ed inf ormation and to a v oid r ecei ving an er ror me ssag e, remo ve the s pecif ied switch from t he stack befo re you use the no f orm o f th is c omma nd.
7-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Displaying Stack Inform ation Displaying Stack Information T o display sa ved conf igur.
7-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 7 Managing Swi tch Stacks Troubl eshoo ting Stacks When y ou enter the switch stack-member-num ber stack port po rt-number disable pr ivileged EXEC comm and a nd • The stac k is in the ful l-ring sta te, you can di sable onl y one stac k port.
7-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 7 Managing Switch Stacks Troub leshooting Stac ks T able 7 -5 sho w switc h stac k-ports summary Command O utput Field Description Switch#/ Port# Member nu mber and its stack por t numb er .
CH A P T E R 8-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 8 Configuring SDM Templates The C atalyst 2960 and 29 60-S switc h comma nd refe rence h as comma nd synta x and usa ge info rmation. Unless otherwise note d, the term switch refers to a stan dalone switch and a swi tch stack.
8-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 8 Configuring SDM T emplates Underst anding th e SDM Templ ates • LAN base r outing —The lanba se-ro uting te.
8-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 8 Conf iguring SDM Te mplates Config uring t he Swit ch SDM Te mplat e Y ou can use the show switch privileged EXEC co mmand to se e if any stack me mb ers are in SDM mismatc h mode .
8-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 8 Configuring SDM T emplates Conf ig uri ng t he Sw it ch SD M Tem pla te • If you try to co nfigure IPv6 features w ithout first select ing a dual IPv 4 and IP v6 templa te, a warning message a ppears.
8-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 8 Conf iguring SDM Te mplates .Displaying the SDM T emplates . Displaying the SDM Template s Use the show sdm pr efer pri vile ged EXE C comma nd with no parameter s to di splay the a cti v e template.
8-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 8 Configuring SDM T emplates .Display ing the SDM Template s.
CH A P T E R 9-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 9 Configuring Switch-Based Authentication This c hapter d escrib es how to configu re switch -based auth enticati on on t he Cat alyst 2960 and 2960-S switches.
9-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds • For an add itional l ayer of securi ty , yo u can al so co nfigure user name a nd password p airs, w hich a re locally stored on the switch.
9-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Setting o r Changin g a Static Enab le Pa ssword The en able password control s access to the privileged EXEC mode.
9-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Be ginnin g in pri vil.
9-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s This exampl e s.
9-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Setting a Telnet P ass.
9-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Configuring Us ername and P assword Pairs Y ou can configure use rnam e and password pairs, which a re locally stored on the switch.
9-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Configuring Multiple Privil ege Levels By default, the Cisco IO S software has two modes of passwor d security: use r EXEC and pr i vileged EXEC.
9-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s When y ou set a comman d to a p ri vile ge le ve l, all co mmand s whose synta x is a s ubset of that command are al so set to that le vel.
9-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Logging into and Exiting a P.
9-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ The goal of T A CA CS+ is to pro vide a method for managing mu ltiple networ k access points fro m a single manageme nt ser vice.
9-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ The T ACA C S+ prot ocol pr .
9-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Configuring TACACS+ This se ction describe s how to configur e your switch to su pport T A CA C S+.
9-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Beginn ing in pr i vilege d .
9-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ authe nticate users; if that m ethod fails to resp ond, the software selects the next a uthenti cation m ethod in the method list.
9-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ T o disa ble A AA, use the no aaa new-model global configurat ion comma nd.
9-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Beginn ing in pri vileg ed E.
9-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if the AAA Server is Unreachable Note T o conf igure this comman d, the switch must be running th e LAN Base imag e.
9-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Use RADIUS in these networ k en vironments that require access security: • Netw orks with multiple-v endo r acces s serv ers, eac h suppo rting RAD IUS.
9-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS RADIUS Operation When a user attem pts to log in and auth enticate to a switch that is a ccess controlled by a RADIU S serve r , these e vents o ccur: 1.
9-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS • Session terminat ion with port shutdo wn • Session te rmina tion wit h por t bounce This feat ure is integrat ed with the Cisco Secure A ccess Contr ol Server (ACS) 5.
9-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Precondit ions T o use the CoA inter face, a session must alre ady e xist on the switch.
9-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS For disc onnect an d CoA re q.
9-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Beginning w ith Cisc o IOS Relea se 12.2( 52)SE, the swi tch su pports th e co mman ds shown in T abl e 9-4 .
9-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Session Terminat ion There are three type s of CoA requests that can trigger session termina tion.
9-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Because th is comma nd is ses.
9-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring RADIUS This se ction describe s how to c onfigure your switch to su pport R ADIUS.
9-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Y o u identify RADIUS sec urity serv ers by the ir hostname or IP address, h ostname and specif ic UDP port numbers, or their I P addre ss and specific UDP port num bers.
9-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning i n privileged E XEC mo de, follow these steps to con figure p er-server RADI US ser ver comm unicatio n.
9-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS This example shows ho w to co.
9-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Step 3 a aa au thenticati on logi n { default | list-name } method1 [ m ethod2. .
9-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o disa ble A AA, use the no aaa new-model global configurat ion comma nd.
9-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Be ginning in pri vile ged EX.
9-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o remov e the specif ied RADIUS serve r , u se the no radius-ser ver host hostname | ip-add r ess global configurat ion comm and.
9-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginn ing in pri vil eged E .
9-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if the AAA Server is Unreachable Note T o conf igure this comman d, the switch must be running th e LAN Base imag e.
9-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS attributes no t suit able for g eneral use. The Ci sco RAD IUS impl ementa tion su pports on e vendor-speci fic option by using the format rec ommende d in the spec ification.
9-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Note For a comp lete list of .
9-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o d elete the vendor-propriet ary RA DIUS ho st, use t he no radius-serv er host { hostn ame | ip -ad dress } non-standard global con figuration c omma nd.
9-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Configur ing the Switc h for Lo cal Authe ntication a nd Authori zation T o disable AAA, use the no aaa new-model global co nfiguration com mand.
9-41 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o disa ble A AA, use the no aaa new-model global configurat ion c omma nd.
9-42 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Sh ell For SSH configuratio.
9-43 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Limitations These lim itations ap ply to SSH: • The switc h supports Rivest, Shamir, and Adelman (R SA) authe nticat ion.
9-44 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Sh ell 3. Generate an RSA k ey pair fo r the switch , which automatical ly enab les SSH.
9-45 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o return to the def ault SSH c ontrol par ameters, u se the no ip ssh { timeout | auth enticati on-r etrie s } global configurat ion comm and.
9-46 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Sw itch for Sec ure Sock et L aye r HT TP For more.
9-47 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP For secure HTT P conne ctions, we highly rec ommen d that you configure a CA trustpo int.
9-48 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Sw itch for Sec ure Sock et L aye r HT TP For addi.
9-49 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP No CA trus tpoints a re configured. No self-si gned certi ficates are gene rated.
9-50 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf igu rin g th e Sw itch for Sec ure Sock et L aye r HT TP Use the no crypto ca tr ustpo int nam e global conf iguration command to delete all id entity information and ce rtifica tes as soci at ed wit h the C A.
9-51 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Use th e no ip http server global configu ration c ommand to disabl e the standa rd HTT P server .
9-52 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Co py P rot oco l Use the no ip http client secur e-trustpo int nam e to remov e a client tru stpoint conf igurati on.
9-53 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 9 Configuring Sw itch-Ba sed Auth entication Config uring t he Swit ch fo r Secu re Copy Proto col Information Abo ut Secure Copy T o con figure the Sec ure Copy featu re, you sho uld under stand the se conce pts.
9-54 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 9 Configuring Switch-Based Authentication Conf ig uri ng t he Sw it ch f or Se cur e Co py P rot oco l.
CH A P T E R 10-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 10 Configuring IEEE 802.1x Port-Based Auth entic ation IEEE 8 02.1x port-ba sed auth entic ation p revents unau thoriz ed d e vice s (cli ents) from gainin g acce ss to the netw ork.
10-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • 802.1x Multip le Authentica tion Mode, page 10- 15 • MA C Move, page 10-16 • MA C Replace, pa ge 10-16 • 802.
10-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Device Roles Device roles with 80 2.1x port-base d authe nticat ion: Figu re 1 0- 1 802.
10-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Authentic ation Pro cess When 802 .1x p ort- based a uthent icati on is e nable d and t he cl ient sup port s 802.
10-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Figure 10- 2 sho ws the authentication pro cess.
10-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The T ermination- Action RADIUS att rib ute (Att rib ute [29] ) specif ies the action to tak e during re-authe ntic ation.
10-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.
10-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Authentic ation M anager In C isc o I OS Re l ea s e 1 2.
10-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Per-User ACLs and Filter-Ids In rel eases e arlier t han Cisco IO S Rele ase 1 2.
10-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Beginnin g with Cisco IOS Release 12.2(55)SE, you can f ilter out ver bose system messages generated by th e authentica tion manager .
10-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion 802.1x Ho st Mode Y ou can configure an 802.1x por t for singl e-hos t or for multi ple-ho sts mode.
10-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • V oic e VLA N assignm ent on an MDA-enable d port is sup ported i n Cisco IOS Re lease 12 .
10-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion 802.1x Multiple Au thentication Mode Multipl e-authentica tion (multiaut h) mode allo ws multip le authentic ated clien ts on the data VLAN.
10-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion • The authenti cation manager r eplaces the MA C address of the current data host on the port with the new MA C addr ess.
10-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Y ou can view the A V pai rs that ar e being sen t by the switch by entering the debug radius accounting pri v ile ged EXE C command.
10-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion 802.1x Authentication with VLA N Ass ignme nt The RADIUS s erv er sends the VLAN assi gnment to conf igur e the switch po rt.
10-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.
10-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The auth- defa ult A CL is crea ted when at leas t one host with an authoriz ation polic y is det ected o n the port.
10-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.
10-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Note Th is feature is no t supported on Cisco A CS Server .
10-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion server a RADIUS -acce ss/request frame with a use rnam e and password based on the MAC address.
10-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.
10-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The IP p hone us es the VV ID for it s vo ice tra ff ic, rega rdless o f the au thorizatio n state of the p ort.
10-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.
10-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Cisco IOS Release 12.2(55)SE an d later supports f iltering of verbose MAB system messages.
10-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Network Admission Control Lay er 2 802.1x Va lidation Note T o us e Netwo rk Admi ssion Co ntrol, the switch must be runn ing th e LAN base imag e.
10-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Open1x Authentication Open1x a uthent icati on allows a device acce ss to a port befor e that device is authent icate d.
10-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 8 02.1x Port-Base d Auth enticat ion Using IEEE 802.1x Au thentication with AC Ls and the RAD IUS Filter-Id Attribute Note T o u se IE EE 80 2.
10-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion 1w0d: %MAB-5-SUCCESS: Authentication successful for client (0000.0000.
10-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Default 802.1x Authen tication Configuration T ab le 10-4 sh ows the defaul t 802.
10-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion 802.1x Authentication Co nfigura tion Gu idelines These sec tion has configu ration gui delines fo r these featur es: • 802.
10-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion – EtherC hann el port—Do not conf igure a por t that is an ac ti v e or a not-y et-act i ve me mber of an Ether Channel as an 802.
10-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion MAC Authentication Bypass • Unless ot herwise state d, the MA C authenticati on byp ass guid elines are th e same as the 802 .
10-41 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginn ing in p ri vilege d EXEC mode, follo w these step s to enab le the 80 2.
10-42 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-43 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring 802.1x Violation Mo des Note T o conf igure viola tion modes, the switch must be running the LAN base image.
10-44 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-45 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.
10-46 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o clear the specif ied RADIUS serv er , use the no radius-serv er host { hostname | ip -ad dress } gl obal configurati on c ommand.
10-47 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o di sable m ultiple ho sts on the port, use the no au then tica tion ho st-m ode or the no dot1x host-mode multi-host interface con figurati on comm and.
10-48 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring Periodic Re-Authentication Y ou can enab le peri odic 802.
10-49 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.
10-50 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Changing the Sw itch-to-Clie nt Retran smission Time The client respon ds to the EAP-request/id entity frame fr om the switch with an EAP-r esponse/identi ty frame.
10-51 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginnin g in priv ilege d EXEC mode, follo w these steps to set the switch-to-cl ient frame-re transmission number .
10-52 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o re turn to the de fault re-au thenti cation num ber, use the no dot1x max-reauth-req interf ace configurati on c ommand.
10-53 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.
10-54 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Use t he show radius statis tics privileged EXEC c omman d to dis play the numbe r of RAD IUS messa ges that do not recei ve the accoun ting res ponse me ssage.
10-55 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o disab le and rem ov e the guest VLAN, use the no dot1x gue st-vlan interf ace conf iguration com mand.
10-56 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o disabl e and remo v e the re strict ed VLAN, us e the no dot1x auth-fail vlan interface co nfigurati on comm and.
10-57 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.
10-58 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-59 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.
10-60 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802.1x Au thentication with WoL Beginn ing in pri vileged EXEC mod e, follo w these steps to enab le 802.
10-61 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring MAC Au thentication Bypass Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable MA C authentication by pass.
10-62 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-63 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring NAC Layer 2 802.1x Validation Y ou can configure N A C Layer 2 802.
10-64 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-65 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.
10-66 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring Downloadable AC Ls The policie s take ef fect after cli ent authe ntication and th e client IP addre ss addition to the I P de vice tracki ng table.
10-67 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This e xample s ho ws ho w to conf i gure a switch for a do wnload able pol icy: Switch# config terminal Enter configuration commands, one per line.
10-68 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-69 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.
10-70 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Disabling 80 2.1x Auth entication on the Port Y ou can disab le 802.
10-71 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Displaying 802.1x Statistics and Status Displaying 802.1x Statistics and Status T o display 802.1x statistics for all ports, use the show dot1x all st atisti cs pri vileged EXEC comma nd.
10-72 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Displ ayin g 802 .
CH A P T E R 11-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 11 Configuring Web-Based Authentication This chap ter de scribe s ho w to con fig ure web- based authenti cation.
11-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication • W eb A uthenti cation Cus.
11-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Sess ion Cr eation When web-b ased authent ication detec ts a ne w host, it create s a session as follo ws: • Revie ws the exception list.
11-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Local Web Authen tication Bann er Y o u can create a banne r that will appear whe n you log in to a switch by using web authentic ation.
11-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Figur e 1 1 -3 Customiz e.
11-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Web Authen tication C ustomiz.
11-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Figu re 1 1 -5 Customizeab le Authent icat ion P age For more infor mation, see the “Customizi ng the Auth enticati on Pr oxy W eb Pages” secti on on page 1 1-13 .
11-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication LAN Port IP Y ou can co nfigure LAN p ort IP (LPIP) and Layer 2 web- based au thenti cation on the sam e port.
11-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation Configuring Web -Based Auth.
11-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication • Hosts tha t are more t han one hop away might exper ience traffic disruption if a n STP to pology change r esults i n the host tr af f ic arri ving on a dif ferent port.
11-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation This exampl e shows ho w t.
11-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication The combi nation o f the IP ad.
11-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation Note Y ou need t o configu.
11-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication When conf iguring customize d authentica tion proxy web pages, follo w these guidelines: • T o enable the custom web pa ges featur e, sp ecif y all four c ustom HTML f iles.
11-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring W eb-Based Auth enti cation Specifying a Redirection U.
11-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication This e xample sho ws ho w to determine wheth er any con nected hosts are in the AAA Do wn state: Switch# show ip admission cache Authentication Proxy Cache Client IP 209.
11-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 1 Configuring Web-Base d Authe nticati on Displaying Web-Based Authentication Status This exampl e shows ho w.
11-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 11 Configuring Web-Based Authentication Display ing Web- Base d Authent ication Status.
CH A P T E R 12-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 12 Configuring Interface Cha racteristics This chapter defines the types o f Cata lyst 2960 a nd 296 0-S int erfaces a nd descr ibes how to configure them.
12-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes • Connecti ng Int erfaces, pa ge 12- 10 Port-Based VLANs Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge.
12-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Note Whe n you change a Layer 3 .
12-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Switch Virtual Interfaces A switch virtual i nterf ace (SVI ) rep resents a VLAN of swi tch po rts as one interf ace to the r outing or bridgi ng f unction in th e syst em.
12-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es Some switche s support dual-pur pose uplink ports.
12-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes High-p ower devices can ope rate in low-power mode on sw itches that d o not suppo rt power-negotiation C DP .
12-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es grants or de nies p ower . I f the reque st is grante d, the switc h upda tes t he power budget .
12-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes If yo u do n ot sp ecify a wat tage, the switc h pr e-all ocates th e maxim um v a lue. Th e switch po wers the port on ly if it d iscovers a powered device.
12-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es 3. Automatic ally when the switch sets the po wer usa ge of the de vice by using CDP power negotia tion or by the I EEE classification a nd L LDP power negot iation.
12-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Because t he swit ch suppor ts intern.
12-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using the Switch USB Ports (Catalyst 2960-S Switches Only) Figur e .
12-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Swit ch USB P orts (Cataly st 2960 -S Swit ches O nly) In the sampl e output, swit ch 1 has a connec ted USB co nsole cab le.
12-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using the Switch USB Ports (Catalyst 2960-S Switches Only) *Mar 1 00:34:27.498: %USB_CONSOLE-6-CONFIG_DISALLOW: Console media-type USB is disallowed by system configuration, media-type remains RJ45.
12-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Swit ch USB P orts (Cataly st 2960 -S Swit ches O nly) If th.
12-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de Number of Configurations: 1 .
12-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode T o configu re a physical inter f.
12-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de Identify the interf ace type.
12-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode When usin g the interf ace ra nge.
12-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface C onfigu ration Mo de If yo u enter multi pl e conf iguration comm ands wh ile you are in inter fa ce-r ange mo de, ea ch comman d is executed as it is en tered .
12-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Etherne t Managem ent Port (Ca talyst 29 60-S Onl y) • Y ou must add a space between the first interface num ber and th e hyphen whe n entering an interface- rang .
12-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Usin g th e Eth ern et M ana gem ent Po rt (C ata lys t 296 0-S Onl.
12-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Using the Etherne t Managem ent Port (Ca talyst 29 60-S Onl y) • TFT.
12-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Configuring Eth ernet Inte rfaces T.
12-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Port enab le state All ports are enab led. Port d escriptio n None defined. Speed Autonegotia te.
12-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Setting th e Type of a Dual-P urpose Uplink Po rt Note Onl y Cata lyst 2960 swit ches have dual-pur pose upli nks po rts.
12-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s T o return to the default setting, use the media- type auto in terf ace or the no media-type in terface configurati on c ommands.
12-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces – The 100 B ASE- x (w here - x is -BX, -CWDM, -LX, -SX, and -ZX ) SFP module ports supp ort only 100 Mb/ s.
12-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Use the no spee d and no duplex interfa ce conf igur ation comman ds to return the inte rface to the def ault speed and duple x settings (autone gotiate ).
12-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Beg i n ni ng in p riv i le ge d E .
12-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Beg i n ni ng i n p riv i le ge d E.
12-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Beginn ing in pri vileg ed EXEC mod.
12-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s the a ctual a mount of power ne eded .
12-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces T o return to the default setting, use the no power inl ine consumption defaul t globa l configura tion comm and.
12-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Beg i n ni n g i n p r ivi l eg ed .
12-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Layer 3 SVIs Beginn ing in pri vileg ed EXEC mode, follo w these steps to add a description for an interface: Use the no description i nter face configurat ion comm and to delete the de script ion.
12-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Conf igu rin g th e Sy stem MTU Beginning i n privileged EX EC mo de, fol low these s teps t o configure a La yer 3 SV I: T o remove an IP addre ss fro m an SVI, use the no ip addr ess interface co nfiguration c omman d.
12-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces Beginn ing in pri vileg e.
12-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es Monitoring Interface Sta.
12-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 2 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces T o clea r th e inte rface coun ter s shown by the show inte rfac es privileged EXEC comm and, use the clear counters pri vilege d EXEC co mmand .
12-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es.
CH A P T E R 13-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 13 Configuring VLANs This c hapter describ es how to c onfigure norm al- range VL ANs (V LAN IDs 1 t o 100 5) and extended-ra nge VLA Ns (VL AN IDs 1006 t o 4094) on the C atalyst 2960 and 2960 -S switche s.
13-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Underst anding VL ANs Note Be fore you create VLANs , you mu st deci de wh ether to use V LAN Trunking Pr otocol (V TP) to maint ain global VL AN configurat ion for you r network.
13-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Unde rsta ndin g VLAN s Note U p to 64 VLANs are sup ported w hen the sw itch is ru nning the LAN Li te imag e.
13-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns For more de tailed definitions of acce ss and tru nk mo des and their f unctions, see T able 13 -4 on page 1 3-14 .
13-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Y ou use the interfa ce configura tion mod e to define the por t membershi p mode and to add and remove ports from VLANs.
13-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns Normal-Range VLAN Co nfiguratio n Guidelin es Follow thes.
13-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns desc rip tion in the comma nd refe renc e for this release . When you have f inished t he configurat ion, you must e xit VL AN conf iguration mode f or the c onfi guratio n to tak e ef fec t.
13-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Normal- Range VLA Ns Creating or Modifyin g an Et hernet VLAN Each E therne t VL AN in the VLAN d ataba se ha s a uni que, 4- digit ID t hat c an be a nu mber from 1 to 1 001.
13-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns T o return the VLAN name to the defa ult setting s, use the no name , no mtu , o r no r emote -spa n comm ands.
13-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Extend ed-Range VLANs Beginn ing in pri vileg ed EXEC mode, fo llo w these st.
13-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Confi guring Exte nded- Range VLANs Default VLAN Configuration See T a ble 13-2 o n pag e 13-7 for t he defau lt con figuration f or Et hernet VLANs.
13-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing Extend ed-Range VLANs In VTP version 1 and 2, extende d-range VLANs a re not saved in the VLAN database ; they are saved in the switc h runnin g conf igur ation f ile.
13-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Displaying VL ANs Displaying VLANs Use the show vlan privi leged EXEC command to display a list of all VLA Ns on the switch, including extended -range V LANs.
13-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks T o avoid this , you s hould configure int erface s connec ted t o devices tha t do no t suppor t DTP to not forward DTP frame s, tha t is, to t urn off DT P .
13-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s Default Layer 2 Ethernet Inte rface VLAN Con figuratio n T ab le 13-5 sh ows the de fault Lay er 2 Ether net int erface VLAN co nfiguration.
13-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks • If you try to enabl e IEEE 802 .1x on a t runk por t, an err or message appear s, and IE EE 802.1x is not enab led.
13-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s Defining the Allowed VLANs on a Trunk By default, a trunk port sen ds traffic to and re ceives traff ic from al l VLAN s.
13-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks T o return to the def ault allo wed VLAN li st of all V LANs, use the no switchport trunk allowed vlan interf ace c onfig uration co mmand.
13-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s For informa tion ab out IEEE 802.1Q con figuratio n issues , see the “IEE E 802.1 Q Configurati on Consider ation s” sect ion on page 13-14 .
13-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configur ing VLAN Tr unks • VLANs 3 thr ough 6 are a ssigned a po rt prior ity o f 16 on Trunk 2. • VLANs 8 thr ough 10 re tain the default port prio rity of 128 on T runk 2.
13-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Config uri ng V LAN Trunk s Load Sharing Using STP Path C ost Y ou can configure pa ralle.
13-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS Beginn ing in pri vile ged EXEC mode, follo w these steps to config ure t.
13-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS • “Troubleshoot ing Dynami c-Ac cess Port VLA N Membership” sec ti.
13-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS If the link goes down on a dy namic -access por t, the p ort r eturns to an is olated st ate and do es not be long to a VLAN.
13-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS Configuring the VMPS Client Y ou configure dy namic VLANs by usi ng the VMPS (s erver). Th e sw itch ca n be a VMPS cli ent; it canno t be a VMPS server .
13-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS T o return an interfac e to its default conf igu ration, use the default interface interfa ce-id interfa ce conf iguration command.
13-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS Changing the Retry Count Beginn ing in pri vileg ed EXEC mode, fo llo w .
13-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS Troublesho oting Dyna mic-Acce ss Po rt VLAN Memb ership The VMPS shuts down a dynamic -access port unde r these cond itions: • The VMPS is in secure mode, and it does not allo w the host to connect to the port.
13-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 3 Configuring VLANs Configuring VMPS Figur e 13-4 Dynamic P ort VLAN Member ship Configur ation Primar y VMPS Ser ver 1 Catalyst 6500 series Secondar y VMPS Ser ver 2 Catalyst 6500 series Secondar y VMPS Ser ver 3 172.
13-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 13 Configuring VLANs Configuring VMPS.
CH A P T E R 14-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 14 Configuring VTP This c hapter describ es how to us e t he VLA N Trunking Prot ocol ( VTP) a nd the VLAN databa se fo r managing VLANs with the Cat alyst 2960 and 29 60-S switc hes.
14-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Underst anding VTP The swit ch su pports 25 5 VL ANs, b ut t he num ber of c onf igured features af fec ts the usage o f the s witch hardw are.
14-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Understanding VTP When you make a change to t he VL AN co nfiguration on a V TP server, the chan ge is propaga ted to a ll switches in the VTP d omain.
14-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Underst anding VTP VTP Advertisements Each swi tch in the VTP domain sends period ic globa l configuratio n advertise ments f rom each trunk port to a rese rved multica st addr ess.
14-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Understanding VTP • VLAN state • Additional VLA N config uration information specif ic to the VLAN type In VTP ver sion 3, VTP adver tisements also incl ude the prim ary ser ver ID, an inst ance numbe r , and a start i ndex.
14-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Underst anding VTP • Support for any da tabase i n a do main . In a ddition to propagat ing V TP info rmation, version 3 ca n propagat e Mult iple Sp anning Tree (MST ) protoc ol data base inf orma tion.
14-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Understanding VTP Figur e 14 -1 Flooding T raf fic wi thout VTP Pr uning Figure 14- 2 sho ws a switche d network with V TP pruning enabl ed.
14-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P VTP pruning is not designed to func tion in VTP transparent mode . If one or more switches in the netwo rk are in VTP transpar ent mode , you should do one of the se: • T urn off V TP pruni ng in the en tire network .
14-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP • Configuring VT P on a Per-Port Basis, page 1 4-16 • Adding a VTP Cli ent Swi tch to a VTP Domain, page 14-1 7 Default VTP Configuration T ab le 14-2 shows the default VTP co nfig uration.
14-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P Domain Names When co nfiguring VT P for t he first tim e, you must a lways assign a doma in nam e. Y ou m ust configure all switche s in the VTP domain with the sam e domain name.
14-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP • Do not enable VTP v ersion 2 on a switch unless all of the switc hes in the same VTP domain are version-2-ca pable .
14-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P • When you conf igure the switch for VTP transparent mode, VTP is disabled on the switch. The switch doe s not send V TP upda tes an d does n ot ac t on VTP update s rece i ved from other switches.
14-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP When you con figure a domain na me, it cannot be rem ove d; you ca n only rea ssign a switch t o a different domain.
14-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P Configuring a VTP Version 3 Password Beginning in privileged EX EC mode .
14-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP This examp le shows how to con figure a switch as the pr imary server f or .
14-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Conf ig uri ng VT P T o return to the default VTP v ersion 1, use the no vtp version glob al configura tion co mman d .
14-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 4 Configuring VTP Configuring VTP T o disa ble V TP on t he in terf ace, use t he no vtp interf ace con fig uratio n comman d.
14-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 14 Configuring VTP Monito ring VTP Note Y ou can u se the vtp mode transpar ent global con figuration c ommand t o disab le VT P on the swi tch an d then to cha nge its VLAN inform ation without affecting the othe r switc hes in the V TP doma in.
CH A P T E R 15-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 15 Configuring Voic e VLAN This c hapter describ es how to c onfigure the voice VLA N feat ure on the Cataly st 2960 and 2960-S switches. Unless otherwise noted, the term switc h ref ers to a stan dalone switc h and a swit ch stac k.
15-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Underst anding Voice VL AN Figure 15- 1 shows one w ay to conne ct a Cisco 7960 IP Phone.
15-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 5 Configuring Voice VLA N Configuring Voice VLAN Note Un tagged traffic from th e device a ttache d to t he Cisco I P Phone passes t hrou gh the phone unc hanged, regardless of the tr ust stat e of t he acce ss port on the phone.
15-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Configuring Voice VLAN • If the Cisc o IP Phon e and a d e vice atta ched to th e phone a re in t he same VLAN , the y must be in the same IP subnet .
15-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 5 Configuring Voice VLA N Configuring Voice VLAN Configuring Cisco IP Phone V oice Traffic Y ou can con figure a po rt conn ected t o the Cisco IP Phone to send CDP pac kets to th e phon e to c onfigure the wa y in whic h the ph one send s v oice tr af f ic.
15-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Configuring Voice VLAN T o return the port to its default setting, use the no swit chport v oice vlan in terfa ce conf igurat ion comm and.
15-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 5 Configuring Voice VLA N Displaying Voice VLAN Displaying Voice VLAN T o display v oice VLAN co nf igurat ion fo r an in terf ace, u se th e show int erf aces interface-id swit chport pri v ile ged EXE C command .
15-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 15 Configuring Voice V LAN Displa ying Vo ice VLA N.
CH A P T E R 16-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 16 Configuring STP This chapt er desc ribes how to configure the Sp anni ng T ree Protoc ol (STP) on port-ba sed VLANs on the Cataly st 2960 an d 2960-S s witche s.
16-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures • Spanning -T ree Addr ess Man ageme nt, pa ge 16-.
16-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures Spannin g-Tr ee Topo logy an d BPDUs The stable, ac.
16-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures Only one outgoin g port on the stack root switc h is selected as the root port.
16-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures The swi tch sup ports t he IEEE 802.1t spanni ng-tre e extension s, and some of t he bits pr eviously used for the switch prior ity are no w used as the VLAN ident ifie r .
16-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures • From le arning t o fo rwarding o r to disable d • From for warding to d isabled Figure 16- 2 illustrates ho w an interface mo v es through the states.
16-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures • Does not lea rn addres ses • Rece ives BPDUs Listening State The li stenin g stat e is th e f irst state a Lay er 2 i nterf ace e nters af ter the blo cking s tate.
16-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures How a Sw itch or Port Beco mes th e Root S witch o r.
16-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures Figur e 16-4 Spanning T ree and Redun dant Connectiv ity Y ou can also cre ate redund ant lin ks betwee n switches by using EtherChann el gro ups.
16-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Underst anding Spa nning- Tree Fea tures Span ning- Tree Modes a nd Pro tocols The switc h supports t hese spanni ng-tr ee modes an d protocols: • PVST+—Th is spann ing-tr ee mod e is ba sed on the IEEE 8 02.
16-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Unders tanding Spanni ng-Tr ee Fe atures Spanning-Tree Interoperability and Backward Compatibility T ab le 16-2 lists the interoperability a nd compa tibility among the s upporte d spanning-tre e mode s in a network.
16-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Spanning Tree and Switch Sta cks These st atements ar .
16-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Default Span ning-T ree Configur ation T ab le 16-3 sh ows the defaul t span ning-t ree co nfiguration .
16-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures switch o n each l oop in the VLAN must be r unning span ning tre e. It is not abso lutely nec essary to ru n spannin g tree on al l switches in t he VLA N.
16-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Changing the Spa nning-Tree M ode The sw itch s upports th ree spanning -tree mo des: PV ST+, rapi d PVST+, or MS TP .
16-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Disabling Sp anning Tree Spanning tree is enab led by .
16-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Note Th e ro ot swit ch fo r eac h span ning -tree instan ce shou ld be a ba ckbone or di stribution switch .
16-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Configur ing a S econd ary Roo t Switch When you con figure a switch as the secondary root, the switc h priori ty is modified from t he default value (32768 ) to 28672.
16-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Note If your switch is a m ember of a switch stack, .
16-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures T o return to the default setting, use the no spanning-tree [ vlan vlan-id ] port-pr iori ty interf ace configurati on c ommand.
16-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Note Th e show spanning-tree inter face interface- id privileged EXEC comma nd displays in format ion only for por ts that are in a lin k-up ope rati v e stat e.
16-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Configur ing Spannin g-Tree Feat ures Configuring S pannin g-Tree Timers T ab le 16-4 descri bes the timer s that af fect the en tire s panning -tree p erforma nce.
16-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 6 Configuring STP Confi guring Spanni ng-Tr ee Fe atures Configuring the Forwarding -Delay Time fo r a VLAN Beginning i n privileged E XEC mode, follow these ste ps to c onfigure t he forwarding -del ay ti me for a VLAN.
16-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 16 Configuring STP Displaying the Spannin g-Tree Stat us Configuring the Transmit Hold -Count Y ou can configure th e BPDU burst size by chang ing the t ransmit hol d count value.
CH A P T E R 17-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 17 Configuring MSTP This chapte r describes ho w to conf igure the Ci sco implemen tation of the IEEE 802. 1s Multiple STP (MSTP) on th e Catal yst 2960 and 29 60-S swit ches.
17-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P This chap ter cons ists of these sec tions: • Understa nding M STP , .
17-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP IST, CIST, an d CST Unlik e PVST+ and rapid PVST+ in whi ch all the .
17-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P For correct operatio n, all switch es in the MST re gion m ust agree on th e same CIST re gional r oot.
17-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP Only the CST instance sends an d receives BPDUs, and MST insta nces add their spanning- tree informatio n into the BPDUs to inter act with neighb oring switches an d compute th e final sp anning-tr ee topology .
17-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P Hop Count The IST and M ST inst ances do not use the mes sage- age an d maxi mum-age infor mation in the configurati on BPDU to c ompute the sp anni ng-tre e topolo gy .
17-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP IEEE 802.1s Implementation The Ci sco impl ementat ion of the I EEE .
17-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding MST P Figur e 1 7 -2 Standar d and Pr estandard S witch Inte ro per ation Note W e re comme nd tha t you minim ize th e in teract ion be tween st andard and presta ndard M ST implemen tations.
17-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Unde rsta ndi ng M STP MSTP an d Switch S tacks Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge.
17-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding RSTP Understandin g RSTP The RSTP takes ad vantage of point- to-po int wiring and provides rapi d conv ergence of the span ning tree.
17-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Understa nding RST P T o be consistent with Cisco STP implement ations, this guide def in es the port state as bloc king instead of discarding .
17-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding RSTP Figur e 1 7 -4 Pr oposal an d A gr eemen t Handshak ing f or Rapid Con .
17-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Understa nding RST P Figur e 1 7 -5 Se quence of Ev ents Du r ing Rapid Conv er g ence Bridge Protoco l Data Unit Format an d Process ing The R STP BP DU for mat is th e sam e as t he IEEE 802.
17-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Underst anding RSTP The RSTP does not have a separate topo logy chan ge notificati on (TCN) BPD U. It uses the topology change (TC) f lag to show the topolo gy changes.
17-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res • Protoc ol m igratio n—F or bac kward comp atibility with IEEE 8 02.1D s witch es, RSTP selecti vely sends IEEE 802.
17-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Default MSTP Configuration T ab le 17-4 sh ows the default MSTP configuration .
17-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res • VTP propa gation of the MST co nfiguration i s not suppo rted.
17-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es T o retur n to the defa ult M ST region configurati on, u se th e no spanning- tr ee mst configurat ion globa l conf iguratio n command.
17-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Instance Vlans Mapped -------- --------------------- 0 1-9,21-.
17-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure a switch as the root switch. This procedur e is optional.
17-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Beginning i n privileged EX EC mo de, fol low these s teps t o configure a swit ch as the se condary root switch.
17-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure the MSTP port priority of an interf ace. This pr ocedure is option al.
17-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Configuring Path Cost The MSTP path cost def ault v alue i s deri ved fr om the media speed of an inte rface . If a loop occurs, the MSTP use s cost when se lecting an interfac e to put in the forwarding st ate.
17-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Configuring the Switch Priority Y o u can conf igure the switch priority and mak e it more like ly that a standalone switc h or a switch in the stack will be c hosen as the root switch.
17-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Configuring the Hello Time Y o u can conf igure th e interv al between the generation of config uration messages b y the ro ot switch b y chan ging the hello tim e.
17-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Configur ing MSTP Featur es Configuring the Maxi mum-Aging Time Beginn ing in p ri vileg ed EXEC mode, fo llo w these steps to conf igure the maxim um-aging t ime for all MST inst ance s.
17-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 7 Configuring MSTP Confi guring MSTP Featu res Specifying the Link Type to Ensure Rapid Transitions If you co.
17-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 17 Configuring MSTP Displaying the MST Configu ration and Stat us T o return the port to its default setting, use the no spanning-tre e mst prestandard in terface configurati on c ommand.
CH A P T E R 18-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 18 Configuring Optional Spannin g-Tree Features This ch apt er descr ibes how to co nfigure opt ional spa nning- tree f eatur es on the Cata lyst 2960 and 29 60-S switche s.
18-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures • Und.
18-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures configurat ion, suc h as the co nnect ion of an unauthor ized device, an d the BPD U guard fe ature put s the port in the e rror-disable d state.
18-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Figu re.
18-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Figur e 1 8-.
18-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures How CSUF Work s CSUF ensures that one link in the stack is elected as the path to the root.
18-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Each switch .
18-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Backbon.
18-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Figur e 1 8-.
18-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Figur .
18-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanni ng-Tree Fe atures Root guard ena bled on an interf ace appli es to all the VLANs to whic h the interf ace belongs.
18-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Configurin.
18-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Enabling P or.
18-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Enabling B.
18-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Enabling BPDU.
18-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Enabling Up linkFast for Us e with R edundan t Link s UplinkFas t can not be enab led on VLAN s that have been configured with a swi tch p riority .
18-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures Enabling C ro.
18-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Enabling E.
18-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 8 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanni ng-Tree Fe atures T o disa bl e root gua rd, use the no spanning-tree guard interf ace conf igurati on command.
18-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 18 Configu ring Opt iona l Spann ing-Tr ee Featu res Displaying the Spannin g-Tree Stat us Displaying the Sp a.
CH A P T E R 19-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 19 Configuring Flex Link s and the MAC Address-Table Move Update Feature Note T o use Flex Links an d the MA C address- table move update feat ure, th e switch mu st be running t he LAN Base im age.
19-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Underst andin g Flex Links and the.
19-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and.
19-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Underst andin g Flex Links and the.
19-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and.
19-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update ------------------------------------------------------------- 1 1.
19-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address- Table Mo ve Update Switch A does n ot need to wa it for the MA C address-table u pdate.
19-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate Default Configuration The Fle x Links ar e not conf igured, an d ther e ar e no bac kup i nterf aces def ined.
19-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e .
19-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Configur ing Flex L inks and th e.
19-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e.
19-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Configur ing Flex L inks and th e.
19-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 1 9 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e.
19-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 19 Configurin g Flex Link s and the MAC Addr ess-Ta ble Move Updat e Feature Monito ring Flex L inks and t he .
CH A P T E R 20-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 20 Configuring DHCP Features and IP Source Guard Features This c hapter d escribes how to configure D HCP s.
20-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping Understandin g DH.
20-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping An untrusted DHCP message is a message that is recei v ed from outside th e network or f ire w all.
20-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping Option-82 Data In.
20-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping • The DH CP ser ver recei ves the pack et.
20-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping Figur e 20 -2 Sub.
20-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping Figur e 20 -3 User -Co.
20-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Underst anding DHCP Sn ooping This is the forma.
20-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn oopi ng Configuring DHCP Snoo.
20-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Configur ing DHCP Snoopi ng • Before glob al.
20-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn oopi ng Configuring the DHCP.
20-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Configur ing DHCP Snoopi ng T o di sable DHCP sno oping, use the no ip dhcp snooping global configurat ion co mman d.
20-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn oopi ng Enabling th e DHCP S.
20-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Display ing DHCP Sno oping Inform ation Displa.
20-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Underst anding I P Sourc e Guard Source IP Add ress F iltering When I PSG is enable d with this o ption , IP tr af f ic i s f il tered b ased on the sou rce IP addr ess.
20-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Conf igu rin g IP Sour ce Gu ard Note Some IP hosts w ith multip le netw ork interf aces c an inject some in valid packe ts into a netwo rk interfac e.
20-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard • If you enable IP source gua rd with source IP and MA C address filte ring, DHCP snooping and port security must be enable d on the interf ace.
20-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Conf igu rin g IP Sour ce Gu ard T o disable IP source guar d with source IP a ddress f iltering, use the no ip ver ify source interfac e configurati on c ommand.
20-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard This e xample shows ho w to st op IPSG with static ho sts on an interf ace.
20-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Conf igu rin g IP Sour ce Gu ard This example .
20-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard 0001.0600.0000 9 GigabitEthernet0/2 ACTIVE 0001.
20-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Display ing IP Source G uard Info rmation Disp.
20-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Config uring DHC P Server Port- Based Addr ess Allocat ion Default Port-Based Addres s Allocation Configuration By def ault, DHCP ser ver port-based address allo cation is d isabled.
20-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Configur ing DHCP Server Port-Base d Address Allocatio n not offered t o the client, and other clients are not ser ved by the p ool.
20-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 0 Configuring DH CP Features and IP Sou rce Guard Fe atures Displa ying DHCP Ser ver Po rt-Based Address Allo cation ip dhcp subscriber-id interface-name ip dhcp excluded-address 10.
20-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 20 Config uring DHC P Featur es and IP So urce Gua rd Featu res Display ing DHCP Server Port-Base d Address Al.
CH A P T E R 21-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 21 Configuring Dynamic ARP Insp ection Note T o use Dyn amic ARP insp ection, th e switch mu st be runn ing the LAN Bas e image.
21-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Underst anding D ynamic ARP I nspection Figur e 21 -1 ARP Cac he P oisoning Hosts A, B, and C are connected to the switch on interfaces A, B and C, all of which are on the same subnet.
21-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Understa nding Dynami c ARP Inspect ion Y ou can configure dyn amic AR.
21-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Underst anding D ynamic ARP I nspection Dynamic ARP i nspectio n ensu.
21-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Logging o f Dropped Packet s When th e switch d rops a p acke t, it pl aces an entry in the log b uffe r and then generates system messag es on a ra te-controlle d basis.
21-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection Dynamic ARP In spectio n Config.
21-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection • The operati ng rate for the p ort channe l is cumulati ve across all the phys ical ports wi thin the channel .
21-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection Beginning in privileged EXEC mode, f ollow these st eps to configure dyn amic ARP insp ection.
21-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Configuring ARP ACLs for Non-DHCP E.
21-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o remov e th e ARP A CL , use the no arp acce ss-list global c onfiguratio n comma nd.
21-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection This exam ple sh ows how to configure an ARP ACL calle d host2 on Switch A, to pe rmit ARP pac kets from H ost 2 ( IP addre ss 1.
21-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o return to the default rate- limit confi guration , use the no ip ar p inspectio n limit in terfa ce configurati on comm and.
21-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Be ginnin g in pri vile ged EXE C mode, follo w thes e steps to pe rform specif ic chec ks on in coming ARP packet s.
21-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Configur ing Dynam ic ARP Insp ection If the log b uf fer o verf low.
21-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 1 Configuring Dy namic ARP In spectio n Displaying Dynamic ARP Inspection Information T o return to the default log b uf fer settin gs, use the no ip arp inspectio n log-buf fer { ent ries | logs } global configurati on com mand.
21-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 21 Config uring Dyn amic AR P Inspec tion Display ing Dyna mic ARP Insp ectio n Informat ion T o clear or disp.
CH A P T E R 22-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 22 Configuring IGMP Sno oping and MVR Note T o use MVR, th e swit ch m ust be r unnin g the LAN Base image.
22-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Understandin g IGMP Snooping Layer 2 switche.
22-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping IGMP Versions The sw itch supports IGM P V ersion 1, I GMP V ersion 2, a nd IGM P V ersion 3. T hese versio ns are interope rable on th e sw itch.
22-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Figur e 22 -1 Initial IGMP J oin Messa ge Router A sends a genera l quer y to th e switch , which forwar ds the qu ery to ports 2 t hroug h 5, whi ch are all members of the same VLAN.
22-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping Figur e 22 -2 Second Host J oining a M ultic.
22-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Note Y ou shou ld only use t he Imm ediate Le ave feat ure on VLA Ns where a single host is conne cted to ea ch port.
22-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configuring IGMP Snoo ping IGMP snoop ing allows switch es to examine IG MP packets and make forwarding d ecisions ba sed on the ir conte nt.
22-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Beginning i n privileged EX EC mo de, fol low the.
22-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Note If you w ant to use CGMP as the lear ning.
22-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping T o remov e a mul ticast rout er por t from th e VLAN, use the no ip igmp snooping vlan vlan-i d mrouter interface inte rface-id global configurat ion comm and.
22-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Note Im media te Leave is supported only on IGM P V ersion 2 hosts.
22-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping T o globally reset the IGMP lea ve timer to the defa ult setting, use the no ip igmp snooping last-member -quer y-interv a l global configurat ion comm and.
22-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Recovering from Flood Mode When a topology change occurs, t he span ning- tree roo t sends a speci al IGMP leave message (also known as global lea ve) with the group multic ast address 0.
22-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configuring th e IGMP S nooping Qu erier Follow these guideli nes wh en configuring t he IGMP snoo ping queri er: • Conf igure the VLAN in glob al conf iguration mode.
22-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping This exam ple sh ows how to set th e IGM P snoop ing q uerier s ource add ress to 10.0.0. 64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.
22-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Displaying IGMP Snooping Information Displaying IGMP Sn ooping Informa tion Y ou can display I GMP snooping inf ormati on fo r dynam ical ly lear ned and sta tical ly con figured rou ter ports a nd VLAN inter faces .
22-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Understanding Multicast VLAN Registration For more inform ation abou t the keywords and option s in thes e co mman ds, see the c omma nd refe rence for th is re lease .
22-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Underst anding Mu lticas t VLAN Regi stratio n Using MVR in a M ulticast Television Application In a multicast tel ev ision applicatio n, a PC or a tele vision with a set-top box can re cei ve the multicast stream.
22-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring MVR When a subscriber chan ges channels or turns of f the tele vision, the set- top box sends an IGMP leav e message for t he multica st stream .
22-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Conf ig uri ng MV R MVR Configuratio n Gu idelin es and Limitatio ns Foll ow these g uidelines w hen conf igurin g MVR: • Receiver ports can onl y be acc ess ports; th ey cannot be trunk ports.
22-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring MVR T o return the switch t o its defaul t settings, u se the no mvr [ mode | group ip-a dd r es s | querytime | vlan ] global configurat ion comm ands.
22-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Conf ig uri ng MV R T o return the interfa ce to its default setti ngs, use the no mvr [ ty pe | immediate | vlan vlan-i d | gro up ] interf ace c onfig uration co mmands.
22-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Displaying MVR Information Displaying MVR Information Y o u can disp lay MVR i nformation f or the sw itch or f or a spec ifie d interf ace.
22-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng IGMP f iltering is applicab le only to the dynamic lea rning of IP multicast group add resses, not static configurat ion.
22-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling • permit : Spec ifie s that m atching addr esses are p ermitted. • rang e : Specif ies a ra nge of IP add ress es for the pr of ile.
22-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng Beginn ing in pri vileg e.
22-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 2 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling T o remove the maximum group limitatio n and return to the defa ult of no maxim um, use the no ip ig mp max-groups interf ace con fig urat ion comm and.
22-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 22 Configuring IGMP Snooping and MVR Displaying IGMP Filterin g and Thro ttling Configu ration T o return to the defau lt action of dro pping the repor t, use the no ip igmp max- groups action interfa ce configurati on c ommand.
CH A P T E R 23-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 23 Configuring Port-Base d Traffic Con trol This chapte r describes ho w to conf ig ure the port-b ased traf f ic contro l features on the Cataly st 2960 and 2960- S switches .
23-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Storm Control Storm control (or traff ic suppression) monito rs packets passing from an inter face to the switch ing bus and determi nes if the pack et is unicast, multicast, or bro adcast.
23-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Configuring Storm Control Note Be cause p ackets do not arrive at unif orm in tervals, the 1-sec ond ti me int erval durin g whic h tra ff ic acti vity is meas ured can af fect the beha vi or of stor m contr ol.
23-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Storm Control Step 3 storm- co ntr ol { broadcast | multic.
23-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Configuring Storm Control T o disabl e storm co ntrol, use the no storm-control { br oadcast | multicast | unicast } level interface configurati on c ommand.
23-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Protected Po rts This e xamp le sho ws how to en able the .
23-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Configuring Port Blocking Prot ected P ort Con figuration Guideline.
23-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security Default Port Blocki ng Configuration The default is to not b lock flooding o f unknown multicast and u nicast traff i c out of a port, but to flood these pac kets to a ll ports.
23-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity If a por t is conf igu red as a secu re.
23-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security The stick y sec ure MA C addresse s do not automatically beco me part o f the co nf iguratio n f ile, wh ich is the startu p con fig uration used eac h time t he swit ch res tarts.
23-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Default Port Security Configuration T ab le 23-2 shows the default por t security conf igurat ion for an interface.
23-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security • When y ou en able por t secu rity on an interf ac e that i s al so conf igured w ith a v oic e VLAN, set t he maxim um allowed secur e addresse s on the port to two.
23-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Enabling a nd Con figuring Port Securi.
23-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security Step 7 s wit chpor t port -sec urity [viola.
23-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Step 8 s witchport port-securit y [ mac-addre ss mac-address [ vlan { vlan-id | { access | voice }}] (Optiona l) En ter a secu re M A C addr ess fo r the inte rface.
23-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Configuring Port Security T o return the inter face to th e defau lt conditi on as not a secu re port, u se the no switchport port -security interf ace conf iguration command.
23-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port-security mac-address sticky 0000.
23-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Displaying Port-Base d Traffic Cont rol Settings T o di sable por t securit y aging for all sec ure addr esses on a port , use the no switchport port-security aging tim e interfac e conf iguration comma nd.
23-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 3 Configuring Port-B ased Traff ic Control Displayin g Port-Bas ed Traf fic Cont rol Sett ings show port -sec.
23-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 23 Configuring Port-Based Traffic Control Displaying Port-Base d Traffic Cont rol Settings.
CH A P T E R 24-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 24 Configuring UDLD This c hapter descri bes how to c onfigure t he Un iDirec tional Link D etect ion (U DLD) protoc ol on t he Catalyst 2960 and 2960- S switch es.
24-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Underst andin g UDLD A unidirectio nal link occurs wh ene ve r traff ic sent by a local de vice is recei ved by its neighbor b ut traf f ic from the neighb or is not recei ved by the loca l devic e.
24-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 4 Configuring UD LD Understand ing UDLD • Ev ent-dr i ven detect ion and ec hoing UDLD re lies on ech oing a s its detectio n mech anism.
24-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Conf igu rin g UDLD Configuring UDLD These sec tions co ntain this co nfiguration in format .
24-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 4 Configuring UD LD Configur ing UDLD Enabling UDL D Globally Beginn ing in pri vileg ed EXEC mode, follo w th.
24-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Conf igu rin g UDLD Enabling UDL D on an Inte rface Beginn ing in p ri vileg ed EXEC mode, f.
24-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 4 Configuring UD LD Displaying UDLD Status Displaying UDLD Status T o display th e UDLD stat us for the specif ied port or for all port s, use the show udld [ interfa ce-id ] pri v ile ged EXE C command .
24-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 24 Configuring UDLD Displa ying U DLD Sta tus.
CH A P T E R 25-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 25 Configuring CDP This c hapter d escrib es how to configure Cisco Discovery Protoco l (C DP) on the Catalyst 2960 and 2960-S switch es. Unless otherwise note d, the term switch refers to a standalo ne switch and to a switch stack.
25-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 25 Conf iguring CDP Conf ig uri ng CD P On the switch, CDP enables Netw ork Assistant to display a graphical vie w of the netw ork.
25-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 5 Configuring CDP Configuring CDP Configuring the CD P Characteristics Y ou can configure the freq uency of CDP updat es, th e amount of time to hold t he inform ation before discar ding it, an d whether or no t to send V ersion-2 advert isement s.
25-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 25 Conf iguring CDP Conf ig uri ng CD P Beginning in privileged EX EC mod e, follow these steps to di sable t h.
25-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 5 Configuring CDP Monitoring and Maintaining CDP Beginning i n privileged E XEC mo de, follow these s teps to ena ble C DP on a port w hen it has been disabled : This exam ple sh ows how to enable CDP on a po rt wh en i t has been di sable d.
25-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 25 Conf iguring CDP Monito ring and Mai ntainin g CDP.
CH A P T E R 26-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 26 Configuring LLDP, LL DP-MED, and Wire d Location Service Note T o use wired location service , the switch must be runnin g the LAN Base image.
26-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Underst anding L LDP, LLDP- MED, and Wired Locat ion Servic e LLDP sup ports a set of att ributes tha t it uses to discover neighbo r devices.
26-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Unde rsta ndin g LLDP , LL DP-M ED, and Wi red Loca tion Servic e • Po we r mana geme nt TL V Enab les ad va nced power mana gement betw een L LDP-ME D endp oint a nd ne twork con nectivity devices.
26-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Underst anding L LDP, LLDP- MED, and Wired Locat ion Servic e The MSE starts the NMSP connec tion to the switch, which opens a serv er port.
26-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Configuring LLDP, LLDP-MED, and Wired Location Serv.
26-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Configur ing LLDP, L LDP-MED , and Wired Loc ation.
26-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Use the no form of each of the LLDP commands to return to the def ault settin g.
26-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Configur ing LLDP, L LDP-MED , and Wired Loc ation.
26-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Use the no form of each com mand to return t o the default settin g.
26-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Configur ing LLDP, L LDP-MED , and Wired Loc ation Service Use the no form o f each command t o retu rn to th e def ault sett ing.
26-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 6 Configuring LLDP, LLDP-M ED, and Wired Location Serv ice Monitoring and Maintaining LLDP, LLDP-MED, and Wir.
26-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Lo cation S ervice Monito ring and Mai ntainin g LLDP, LLD P-MED , and Wired Lo catio n Service show network-policy pr ofil e Displ ay th e conf igured net w ork-p oli cy pr of iles.
CH A P T E R 27-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 27 Configuring SPAN and RSPAN Note T o use RSP AN, th e switch mu st be runn ing the LAN Bas e image. This chap ter de scribe s ho w to conf igure Switched Port Analyzer ( SP AN) and Rem ote SP AN (RSP AN ) on the Catal yst 2960 and 2960-S sw itches.
27-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N These sect ions co ntain this co nceptu al in form.
27-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN Figure 27- 2 is an ex ampl e of a local SP AN in a swi tch st ack, where the so urce a nd de stination ports resid e on dif fer ent stack member s.
27-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N Figur e 27 -3 Example o f RSP AN Co nfigur ation SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts an d terminology associat ed with SP A N and RSP AN configurati on.
27-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN An RSP AN sour ce sessio n is ver y similar to a lo cal SP AN sessi on, ex cept for where the pa cket st ream is directe d.
27-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N • T ransm it (T x) SP A N—Th e goal of tran sm.
27-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN • It can be an ac cess por t, trunk port, or voice VLA N port. • It ca nnot be a de stinati on po rt.
27-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N Destination Port Each local SP AN session o r RSP .
27-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Understandi ng S PAN and R SPAN RSPAN V LAN The RSP AN VLAN carrie s SP AN traf f ic between RSP AN sou rce and destination se ssions.
27-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN If a physi cal por t that be longs to an Ethe rChan n.
27-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Default SPAN and R SPAN Configura tion T ab le 27-1 sh ows the default SP AN and R SP AN configuration .
27-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN • Y ou can limit SP A N traff ic to specific VLAN s by using the filter vlan keyword. I f a tr unk po rt is being monitored , only traff ic on the VLANs specified with this ke yword is monitore d.
27-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o d elete a SP AN session, use the no monitor session session _number global c onfiguration comma nd.
27-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN The mo nitoring of traffic receiv ed on port 1 is di sabled, but traff ic sent from t his port co ntinue s to be monitored.
27-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o d elete a SP AN session, use the no monitor session session _number global c onfiguration comma nd.
27-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN Specifying VLANs to Filter Beginn ing in pri vileged .
27-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN This example shows how to remov e any e xisting con.
27-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN • W e recomm end tha t you configur e an RSP A N VLAN bef ore you c onfigure an RS P AN sou rce or a destination session.
27-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Creating an RSPAN S ource Session Beginning in priv.
27-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o rem ove a source port or VLAN fro m the SP AN sess ion, use the no monitor session session_n umber sour ce { inter face interface- id | vlan vlan-id } global co nf igur ation co mmand.
27-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o d elete a SP AN session, use the no monitor session session _number global c onfiguration comma nd.
27-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete an RSP AN session, use the no monitor session session_number globa l configurati on comman d.
27-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 27 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Specifying VLANs to Filter Beginning in privileged .
27-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 27 Configuring SPAN and RSP AN Display ing SPAN and RSPAN Status Displaying SPAN and RSPAN Status T o di splay the cu rrent SP A N or RSP A N configuration , use the show monitor us er EX EC co mmand.
CH A P T E R 28-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 28 Configuring RMON This chapt er desc ribes how to configure Re mote Networ k Monitor ing (RMO N) on t he Catalyst 2960 and 2960-S switch es. Unless otherwise note d, the term switch refers to a standalo ne switch and to a switch stack.
28-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 28 Configuring RMON Conf igu rin g RMON Figur e 28 -1 Remote Mo nito r ing Ex ample The switc h supports these R.
28-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 28 Configur ing RMON Confi guring R MON • Collecting Group Histo ry Statisti cs on an Interf ace, page 28-5 (o.
28-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 28 Configuring RMON Conf igu rin g RMON T o disable an alarm, use the no rmon al ar m numb er global con figuration co mmand on each alarm you configured . Y ou ca nnot di sable at on ce al l the a larms that you con figured.
28-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 28 Configur ing RMON Confi guring R MON Collectin g Group Hist ory St atistics on an Interface Y ou must f irst configure RM ON a larms and events to di splay collec tion inf orma tion.
28-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 28 Configuring RMON Displa ying R MON Sta tus T o disabl e t he coll ection o f gr oup E thernet sta tistics , use the no rmon collection stats inde x i nterf ace configurati on c ommand.
CH A P T E R 29-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 29 Configuring System Message Logg ing This c hapter d escrib es how to configure system me ssage l ogging on the C atalyst 2960 and 296 0-S switches. Unless othe rwise noted, the term switc h refers to a st andal one switch and to a switch st ack.
29-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Y o u can set the se v erity le vel of the messages to control the type of message s displayed on the consoles and ea ch o f the destin ation s.
29-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng T ab le 29-1 d escribes the e lements of sy slog me ssages.
29-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Default Syste m Mess age Lo gging Con figuration T ab le 29-2 sh ows the default sy stem message l ogging configuratio n.
29-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng The logging sy nchronous global configura tion com mand also a f fects t he display o f me ssages t o the console .
29-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging The logging buffered g loba l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer .
29-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Beginning i n privileged EX EC mo de, fol low these s teps t o configure s ynchr onous log ging .
29-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Enabling a nd Disab ling Time S tamps on Log M essages By default, log message s are not time-stam ped.
29-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng T o d isable seq uenc e numbers, use the no service sequence- numbers global co nfiguration c omman d.
29-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging T ab le 29-3 descri bes th e level ke ywords. It also lis ts the correspo nding UNIX s yslog de finitions from the most se vere le vel to the least sev ere le vel.
29-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Beginn ing in p ri vilege d EXEC mode, follo w these step s to chan ge the le vel and history ta ble size defaults.
29-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Configur ing System Message L ogging Beginning i n privileged E XEC mo.
29-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 2 9 Configuring Syste m Message L ogging Config uring S ystem Mess age Loggi ng Logging Messages to a UNIX Syslog Daemo n Before yo u can send system log messages to a UNIX syslog server , you must con f igure the syslog daemon on a UNIX ser ver .
29-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 2 9 Config uring S ystem Message Logging Display ing the Log ging Confi guration T o remo ve a sysl og serv er, u se the no logging ho st globa l configurat ion co mman d, and specify t he syslo g server IP address.
CH A P T E R 30-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 30 Configuring SNMP This chapt er describ es how to conf igure the Sim ple Network Mana gement Protocol (SN MP) on the Catalyst 2960 and 2960- S switch es. U nless ot herwis e noted, the term sw itch refers to a standalone switch and a swi tch st ack.
30-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Underst anding SNM P These sect ions co ntain this co nceptu al in forma tion: • SNMP V e.
30-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Underst andin g SNMP T ab le 30-1 identifie s the character istics of the dif fer ent combinations o f security models and lev els. Y ou must configure the SN MP agent to use the SNMP version supp orted by the ma nageme nt station.
30-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Underst anding SNM P SNMP Agen t Fun ctions The SNMP a gent respond s to SNMP manager requests as follo ws: • Get a MIB v ariable —The SNMP agen t begins this f unction in response to a request from the NMS.
30-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Underst andin g SNMP Figur e 30 -1 SNMP Networ k For informati on on suppor ted MIBs and how to access them, see Appe ndix B, “S uppor ted MIBs .
30-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Note The switch m ight n ot use sequenti al v alues w ithin a range .
30-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP SNMP Config ura tion Guidelines If the switch starts and the switch startup conf ig uration has at least one sn mp -s er v er global conf igura tion comman d, the SNMP agen t is enabled.
30-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Configuring Community Strings Y ou use the SNMP c ommun ity str ing to define the r elatio nship be tween the SN MP ma nager and th e agent.
30-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP Note T o disa ble a ccess for an SNMP c ommun ity , set the co mmuni ty str ing for th at com munity to the null string (do not enter a value for th e communi ty string ).
30-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Step 3 snmp-server group gr oupn ame { v1 | v2c | v3 { auth | noauth .
30-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP Step 4 snmp-server use r us ernam e gr o upnam e { rem o te host [ udp-po.
30-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Configuring SNMP Notifications A trap manag er is a mana geme nt sta tion that re cei ves and proces ses trap s. T raps are system alerts that the switc h gener ates whe n cert ain events occu r .
30-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP Note Though visible in the comm and-line help strings, t he insertion , and re mo va l keywords are not supported.
30-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Step 4 snmp-serv er gr oup gr oupname { v1 | v2c | v3 { auth | noauth | priv }} [ read re a d v i e w ] [ write write vie w ] [ notify notifyvie w ] [ access access-list ] Configure an SNMP g roup.
30-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP The snmp-ser ver hos t comman d speci f ies wh ich ho sts rec ei ve the notif ications. Th e snmp-server enab le trap command global ly enable s the mech anism f or the speci f ied notif ication (fo r traps and informs ).
30-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Conf ig uri ng SN MP Setting th e Agent C ontact and Location In formation Beginn ing in p.
30-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 0 Configuring SNMP Configuring SNMP SNMP Examp les This example shows ho w to enable a ll versions of SNMP . The co nfiguration permits any SNMP man ager to access all objects with read-only permissions usin g the community string public .
30-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 30 Co nfiguring SNMP Displaying SNMP Status Displaying SNMP Status T o display SNMP input an d output stat istics, including th e number of i lle gal community str ing entries, errors, and request ed variable s, use t he show snmp privileged EXEC c omma nd.
CH A P T E R 31-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 31 Configuring Network Security with ACLs This chap ter desc ribes how to configu re network se curit y on the Catalyst 2960 a nd 2960- S switche s by using access co ntrol lists (A CLs), also referred to as a ccess lists.
31-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Underst andin g ACLs of conditio ns in the list is critical.
31-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls Port ACLs Port A CLs are A CLs tha t are app lied to L ayer 2 in terf aces on a sw itch.
31-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Underst andin g ACLs Note Y ou cannot apply more t han one IP ac cess l ist an d one M A C acce ss list t o a L ayer 2 inte rface.
31-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls Note In the first and seco nd A CEs in th e .
31-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Stack memb ers perfor m these ACL functions: • The y recei ve the A CL in format ion from th e master switc h and prog ram their har dwar e.
31-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Creating Stan dard and Exten ded IPv4 AC Ls This sec tion describ es IP ACLs. An A CL is a se quentia l colle ction of perm it an d deny co nditions.
31-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Note In addit ion to n umbered standa rd and ex tended A CLs, you can also cr eate stan dard a nd e xten ded nam ed IP A CLs by u sing th e sup ported numbers.
31-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Note When creatin g an A CL, remembe r that, .
31-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Note Th e switc h does not supp ort dyna mic or reflexive access lis ts. It al so does n ot suppor t filtering based on the ty pe of serv ice ( T oS) minim ize-m one tary-co st bit.
31-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs or access-list access- list-num ber { deny |.
31-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Use the no access- list acc ess-list-number gl obal conf iguration comm and to delete the entire access list.
31-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs After c reating a numbered e xtend ed A CL ,.
31-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs T o remo ve a na med s tanda rd A CL, use the no ip access-list standard name g lobal configuratio n comm and.
31-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Using Time Ranges with ACLs Y ou can selec tiv ely apply extend ed ACLs based on the time of day and the week by using t he time- ran ge global con figuration co mman d.
31-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs This exam ple shows how to c onfigure ti me rang es fo r w orkhou rs and to con figure Januar y 1, 2006, as a comp any holid ay and to ver ify you r con figuration.
31-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs In this exam ple, the workstatio n that belo.
31-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs Applying an IPv4 ACL to an Interface Note these guidelines: • Apply an ACL only to inbo und Lay er 2 ports.
31-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs This exam ple sh ows ho w to ap ply ac cess .
31-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Conf igu ring I Pv4 ACLs T o determine the specialize d hardwa re resources, enter the show platform layer4 acl map pri vileged EXEC co mmand.
31-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Numbered ACLs This ACL accepts addr esses on net work 36.0.0 .0 subnet s and den ies all pac kets comi ng from 56.
31-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Creating Nam ed MAC Ext ended ACL s ! Switch(config-ext-nacl)# exit S.
31-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Creat ing N ame d MA C Ex tend ed AC Ls Use the no mac access-list extended name glob al conf iguration command to delete the entire A CL.
31-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration Beginn ing in pri vile ged E XEC.
31-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 1 Configuring Netw ork Securit y with ACLs Displaying IPv4 ACL Configu ration T able 31 -2 Comman ds f or Dis.
31-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 31 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration.
CH A P T E R 32-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 32 Configuring Cisco IOS IP SLAs Operations Note T o use Cisco IOS IP Service Le vel Agreements (SLAs) , the switch must be running the LAN Base image.
32-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 32 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As Understandin g Cisco IOS IP SLAs Cisco IOS IP SLAs sends data across the network to measure per formance between multiple network locations or across multi ple network pa ths.
32-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 32 Configur ing Cisco IOS IP SLA s Operation s Understa nding Ci sco IOS IP SLAs This section has this infor mat.
32-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 32 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As Note Th e switc h does n ot sup port V oice over IP ( V oIP) service lev els u sing th e gate keeper r egistration de lay operati ons measure men ts.
32-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 32 Configur ing Cisco IOS IP SLA s Operation s Confi guring IP S LAs Operati ons Figur e 32 -2 Cisco IOS IP SLAs.
32-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 32 Configuring Cisco IOS IP SLAs Operations Monito ring IP SLAs Operations Configurin g the IP SLAs Respond er T.
CH A P T E R 33-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 33 Configuring QoS This chapte r describes ho w to conf igure q uality of service (QoS ) by using automat ic QoS (auto-QoS) comman ds or by using standa rd QoS comma nds on the Cataly st 2960 an d 2960-S switc hes.
33-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Understandin g QoS T ypically , netw orks oper ate on a best-ef fort deli very basis, whic h means that all t raf fi c has eq ual prior ity and an equ al chance of being d eli ve red in a timely ma nner .
33-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figur e 33 -1 QoS Classificat ion La y ers in Fr ames and P ack ets Al.
33-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Basic QoS Model T o i mpleme nt QoS, t he switc h must distingu ish p.
33-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figur e 33 -2 Basic QoS Model Classification Classification is the pro cess of distingu ishing one kind of traffic from anothe r by e xamin ing the fields in the packe t.
33-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS For IP traff ic, you have these classificatio n options as shown in F.
33-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figu re 33-3 Classi fica tio n Flowchart 86834 Generate the DSCP based on IP precedence in pack et. Use the IP-precedence-to-DSCP map .
33-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Classification Based on QoS ACLs Note If the switch is running the LAN Lite im age, you can conf igur e A CLs, but you cann ot attach them to physical inter faces.
33-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Y ou create a c lass map by using th e class-map g lobal configuration com mand or the class policy-map configurati on com mand.
33-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing.
33-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Figure 33- 4 shows the policing an d marking proces s. Figur e 33 -4 Po licing and M ar king Flow c har t on Ph ysical P orts Mapping T ables Note T o use mapping tables, the switch must be running the LAN Base image.
33-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Note Catalyst 2960-S switche s do not support ingress queue ing.
33-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Because the tota l inboun d bandw idth of all ports can exce ed the b.
33-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS SRR Shaping and Sharing Both the in gress an d egr ess queu es are serv iced b y SRR, which contro ls the rate at which pa ckets ar e sent.
33-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Queueing and Scheduling on Ingre ss Queues Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. Figure 33- 7 shows the queueing and sch eduling fl owchart for ingres s ports.
33-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS The switch supports tw o conf igurable ingress queu es, which are service d by SRR in shared mode only . T ab le 33-1 descri bes th e queue s.
33-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Priorit y Queueing Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing.
33-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Figur e 33 -8 Queueing and Sc hedulin g Flo w ch art f or Egress P orts Each p ort supp orts four egress queu es, o ne of whic h (qu eue 1) can be the egress expedi te qu eue.
33-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS b uf fers) or not empty (free b uf fer s). If the qu eue is not o ve r- limit, the s witch can allo cate b uf f er space from t he r eserved poo l or f rom th e co mmon pool (if it is n ot emp ty).
33-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Underst andin g QoS modify it . Y ou map a port to queue-se t by using the queue-set qset-id interf ace co nf igura tion co mmand. Modify the queu e-set conf igurat ion to change the WTD threshol d percentages.
33-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Configuring Auto-QoS Note T o use auto- QoS, t he swit ch must be running the L AN Base image. Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing.
33-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Generated Auto-QoS Configuration By def ault, auto-QoS is disabl ed on all po rts. P ackets ar e not modif ie d--the CoS, DSCP a nd IP preced en ce values in the packet are not ch an ged.
33-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS For informat ion about the tru sted bounda ry feat ure, see t he “Con figuring a Trusted Bound ary to Ensure Port Security ” secti on on page 39-4 2 .
33-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS • Global v alues change w ith the migr ation of enhance d commands . For a co mple te list of the genera ted comm ands that ar e a pplied t o the runnin g con figuration see Ta b l e 3 3 - 5 .
33-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Global Auto-QoS Configuration T able 33-5 Genera ted A ut o-QoS C onf.
33-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS The switch au tomatical ly maps DSCP v alues to an ingress queue and to a threshold ID. Note Catalyst 2960-S swit ches do not suppo rt ingress queuei ng.
33-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS The switch au tomatical ly maps DSCP values to an egress que ue and to a threshold ID.
33-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Auto-Qo S Generated Configurat ion For VoIP Devices If you ent.
33-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Switch(config-pmap)# class AutoQoS-VoIP-Control-Trust Switch(config-p.
33-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS If you ente red the auto qos classify comman d, the swi tch aut omaticall y creat es class ma ps and p olic y maps.
33-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Switch(config-pmap-c)# set dscp cs3 Switch(config-pmap-c)# police 320.
33-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Switch(config-pmap-c)# set dscp af11 Switch(config-pmap-c)# po.
33-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Configuring Auto-QoS • After auto- QoS is en ab led, do no t modi fy a policy map o r agg regate po lic er th at in clud es Au t oQ o S in its n ame.
33-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Conf ig uri ng A uto -QoS Troublesho oting Auto Qo S Comma nds T o display th e QoS com .
33-35 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Displaying Auto-QoS Information Displaying Auto-Q oS Information T o display the initial auto-Q oS conf iguration, use the show auto qos [ interf ace [ interface-id ]] privileged EXEC comm and.
33-36 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Default Standard QoS Configuration Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing. QoS is disa bled.
33-37 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T ab le 33-8 sh ows the default D SCP i nput queue thre shold ma p whe n QoS i s enable d.
33-38 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T ab le 33-11 shows the default DSC P output que ue threshol d map when QoS is enabled . Default Mapping Table Conf iguration The default CoS-to-DSCP map is sho wn in T able 33- 12 on page 3 3-6 1 .
33-39 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Policing Guid elines Note T o us e polic ing, t he swi tch must be runnin g the LAN Base im age.
33-40 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Enabling Qo S Globally By default, QoS is disa bled on the sw itch. Beginn ing in pri vile ged EXEC mode, follo w these step s to enable QoS.
33-41 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Figu re 33-1 0 P ort T rusted State s wit hin the Qo S Do main .
33-42 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return a port to its untrusted state, use the no mls qos trust inte rface c onfigura tion comm and.
33-43 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T o return to the defa ult setting, use th e no mls qos cos { def ault-cos | override } interface configura tion comm and.
33-44 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS trusted boundar y feature disables t he trusted setting on the switch port and pre v ents misuse of a high-pr iority queue .
33-45 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Reg ardless of the DSCP tr ansparenc y conf igura tion, the swi.
33-46 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Figur e 33 -1 1 DSCP -T rust ed Stat e on a P ort Bor derin g Another Q oS Domain Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing.
33-47 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T o return a port to its non-trusted state , use the no mls qos trust interfa ce conf igur ation co mmand.
33-48 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Classifying Traffic by Using ACLs Y ou can classif y IP traffic by using IP standard or IP extended A CLs; you can classify no n-IP traffi c by usin g Laye r 2 MA C A CLs .
33-49 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pri vile ged EXEC mode, follo w these step s to create an IP exte nded A CL f or IP traf f ic: T o delete an acc ess list, u se the no access-list access-l ist-number globa l configura tion comma nd.
33-50 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mod e, follow these st eps to c .
33-51 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying Traffic by Using Class Ma ps Y ou use the class-map global conf iguration co mmand to name and to iso late a spe cif ic tra ff ic flow (o r class) f rom all o ther traf fic.
33-52 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existing policy map, use the no policy-map poli cy-ma p-nam e global configuration comm and.
33-53 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying, Policing, and Marking Traff ic on Physical Ports by Using Policy Maps Note T o use polic ing and ma rking, t he switch must be running the LAN Base ima ge.
33-54 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EX EC mode , follow these steps t o creat e a policy map: Command Purpose Step 1 configur e terminal E nter g lobal configuration mode .
33-55 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Step 5 trust [ cos | dscp | ip-prece dence ] Configure the trust state, whi ch QoS uses to gene rate a CoS-ba sed or DSCP-based QoS lab el.
33-56 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existing policy map, use the no policy-map poli cy-ma p-nam e global configuration comm and.
33-57 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police.
33-58 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Switch# configure terminal Switch(config)# class-map cm-3 Swi.
33-59 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pri vileg ed EXEC mode, fo llo w these steps to create an aggreg ate policer: Comma nd Pu rpose Step 1 configur e terminal Enter global configurat ion mode .
33-60 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o r emove the specified a ggregate policer from a p olicy map, use th e no police aggr egate aggr egate-poli cer-nam e poli cy map c onfiguratio n mode .
33-61 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring DSCP Maps These sec tions co ntain this co nfigurat.
33-62 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in pr iv ilege d EXEC mode, follo w these steps to modify t he CoS-to-DSCP m ap. This procedur e is optional.
33-63 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pr i vilege d EXEC m ode, follo w these step s to modify t he IP-pr ecedence- to-DSCP map. This proc edure is option al.
33-64 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the default ma p, use the no mls qos policed- dscp global co nf igur ation co mman d.
33-65 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXEC mo de, foll ow these s teps to modif y the DSCP-to- CoS map. This procedur e is optional.
33-66 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Y o u can c onfi gure multiple DSCP-to-DSCP-mutat ion maps on an ing ress port. T he def ault DSCP-to-DSCP-muta tion map is a null map, which maps an incoming DSCP value to the same DSCP va lu e.
33-67 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS 4 : 40 41 42 43 44 45 46 47 48 49 5 : 50 51 52 53 54 55 56 57 58 59 6 : 60 61 62 63 Note In the above DSCP-to- DSCP-m utati on map, t he mutat ed values are shown in the bod y of the matrix.
33-68 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXE C mode , follow these step s to map D SCP or CoS values to a n ingress que ue and to set WT D thre sholds.
33-69 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS This exampl e shows ho w to map DSCP values 0 to 6 to ingres s queue 1 an d to thresh old 1 with a dro p thresho ld of 50 p ercent.
33-70 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Allocating Bandwidth Between the Ingress Que ues Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing.
33-71 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring the Ingress Priority Queue Note Catal yst 2960-S sw itches do not suppo rt ingress que ueing.
33-72 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Configuring E gress Queu e Characteristic s Depend ing on the co mplexity of yo ur networ k and your Qo S solution, you mig ht need to pe rform al l of the tasks in the ne xt sections.
33-73 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning i n privileged EXEC mode, follow these steps to configure the me mory al loca tion and to drop thresholds for a queue-se t.
33-74 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the de fault settin g, use the no mls qos queue- set output qse t-i d bu f f e r s global conf igurati on comm and.
33-75 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXE C mode, follow thes e st eps to map DSCP or CoS values to an egress queu e and to a thr eshold ID .
33-76 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Configuring SRR Sh aped Weights on Egress Queues Y ou can specif y how much of t he av ailabl e bandwid th is alloc ated to ea ch queu e.
33-77 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring SRR Sh ared Weights on Egress Queues In shar ed mod e, the queues share th e band width am ong th em ac cordi ng to the configured weight s.
33-78 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Configuring the Egress Expedite Que ue Y ou can en sure that certai n packets have priori ty over all othe rs by queu ing the m in t he egress exped ite queue.
33-79 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 3 Configuring Qo S Displaying Standard QoS Information T o return to the default setting, use the no srr- queue bandwidth limit inter face conf ig uration comma nd.
33-80 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 33 Conf igur ing Q oS Display ing Standar d QoS Inform ation show mls qos maps [ cos-ds cp | cos- input-q | co.
CH A P T E R 34-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 34 Configuring Static IP Unicast Routing This c hapter d escribes how to configure I P V ersion 4 (IPv 4) stati c IP un icast ro uting on the Cataly st 2960-S an d 2960 swit ch.
34-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 34 Configuring Static IP Unicast Routing Underst anding IP Ro uting Figur e 34 -1 Routing T opology E xample When Host A in VLAN 10 needs to communicate with Host B in VLAN 10, it sends a packet add ressed to that host.
34-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 34 Configur ing Static IP Unic ast Routing Steps f or Co nfiguri ng Rout ing Stack memb ers funct ions: • Act a s routi ng sta ndb y s witch es, ta king ov er if ele cted as the ne w stack master when t he stack mast er fails.
34-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 34 Configuring Static IP Unicast Routing Enablin g IP Unicast Ro uting Enabling IP Un icast Routing By default, the swi tch is in Lay er 2 sw itching m ode, a nd IP routing is disa bled.
34-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 34 Configur ing Static IP Unic ast Routing Configuring Static Unicast Routes Configuring St atic Unicast Ro utes Static uni cast rou tes are use r -def ined routes that cause pac kets movin g betwee n a sourc e and a destinatio n to take a specif ied path.
34-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 34 Configuring Static IP Unicast Routing Monito ring and Mai ntainin g the IP Networ k.
CH A P T E R 35-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 35 Configuring IPv6 Host Functions This ch apter descr ibes how to con f igure IPv6 ho st functi ons on the C atalyst 2 960 and 2960-S switche s. Note T o use IPv6 Ho st Functions , the switch must be runni ng the LAN Base image .
35-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Underst andin g IPv6 This se ction de scribe s IPv6 implem entati on on t he swit ch.
35-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Understanding IPv6 128-Bit Wide Unicast Addresses The s witch su pport s aggr e gatable global u nica st add resse s and l ink-l ocal uni cast ad dresse s.
35-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Underst andin g IPv6 IPv6 Stateless Autoconfiguration and Duplicate Address D.
35-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Understanding IPv6 • If you try to c onfigure IPv6 w ithout first select ing a dual IPv 4 and IPv6 template, a warning me ssage appe ars.
35-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Conf igu rin g IPv6 Basic network c onnec tivity ( ping ) must e xist between the c lient an d the serv er hosts b efore HT TP connec tions c an be made.
35-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Configur ing I Pv6 Configurin g IPv6 Add ressing a nd Enablin g IPv6 Host This section descri bes how to a ssign IPv6 addr esses to i ndividual La yer 3 interfac es and to gl obally forwar d IPv6 traf fic on the switch.
35-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Conf igu rin g IPv6 T o remov e an IPv6 ad dress fr om an inte rface , use the no ipv6 addr ess ipv6-p r efix/pr efix length eui-64 or no ipv6 address ipv6-addre ss link-local int erface conf iguration command.
35-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Configur ing I Pv6 Configuring IPv6 IC MP Rate Limiting ICMP rat e limitin .
35-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Conf igu rin g IPv6 Configuring Static Routes for IPv6 Beginn ing in pri vil.
35-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Displaying I Pv6 T o remov e a configu red sta tic route, use the no ipv6 .
35-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Displa ying I Pv6 T ab le 35-3 sh ows the privileged EX EC co mman ds for di splayin g in format ion abo ut IPv4 and IPv6 address type s.
35-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 5 Configuring IPv6 Hos t Functions Displaying I Pv6 This i s an exampl e of t he o utput from the show ipv6 neighbor pri vile ged E XEC co mmand: Switch# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface 3FFE:C000:0:7::777 - 0007.
35-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 35 Configuring IPv6 Host Functions Displa ying I Pv6.
CH A P T E R 36-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 36 Configuring IPv6 MLD Snooping Note T o use IPv6 ML D Snooping , the switch mu st be runni ng the LAN Base i mage.
36-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Underst anding ML D Snoopin g Understandin g MLD Snooping In IP version 4 ( IPv.
36-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Unders tanding MLD Snoop ing MLD Mess ages MLDv1 sup ports three ty pes of me.
36-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Underst anding ML D Snoopin g Multicast Rou ter Disc overy Like IG MP sn ooping, MLD s noopi ng perfo rms m ultica st r outer d iscovery , wi th th ese ch arac teristic s: • Ports c onfigured by a user never age out.
36-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping The numbe r of MASQs ge nerated is configured by using the ipv6 mld sno oping last-listener -quer y count global con figuration co mmand .
36-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Default MLD S noopi ng Configuration T ab le 36-1 sh ows the default MLD sno oping configuratio n.
36-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping Enabling o r Disab ling MLD Sn ooping By default, IPv6 M LD sno oping i s globa lly d isabled on the switch and e nabled on al l VLAN s.
36-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Configuring a Sta tic Multicast Group Hosts or .
36-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping Beginn ing in pri vileg ed EXEC mode, fo llo .
36-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Configur ing IPv6 MLD Snoo ping Configur ing ML D Snoopi ng Querie s When Imme.
36-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 6 Configuring IPv6 M LD Snooping Confi guring IPv6 MLD Sn ooping This exam ple sh ows ho w to set the MLD sn .
36-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 36 Configuring IPv6 MLD Snooping Display ing MLD Sn ooping Inf ormation Displaying MLD Snoo ping Informatio n Y ou can displa y MLD snooping inform ation for dy namica lly lea rned and sta ticall y configured rou ter ports a nd VLAN inter faces .
CH A P T E R 37-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 37 Configuring EtherC hannels and Link-State Tracking Note T o u se link- state trac king, th e sw itch must be runnin g the LAN Base i mag e. This c hapter d escrib es how to configure Ether Chann els on the Cat alyst 29 60 an d 2960 -S switc hes.
37-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Understandin g EtherC.
37-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els The Et her Channel provid.
37-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Figur e 37 -3 Cros s-Stac k EtherChan nel Port-Chan nel Interfaces When you cre ate a La yer 2 Ethe rChan nel, a por t-c hannel logical i nterfac e is in volved.
37-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els Figur e 37 -4 Relationshi.
37-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels PAgP Modes T ab le 37-1 sh ows the use r -configur able EtherC hanne l P Ag P mode s for the channel-group interface configurati on c ommand.
37-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els If the VSL between tw o switches fa ils, one sw itch does not kno w the statu s of the othe r .
37-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Both the acti v e and.
37-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els W it h destin ation- MA C.
37-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding Et herChan nels Figur e 37 -5 Load D.
37-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels Configuring Eth erChannels.
37-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els EtherChann el Configuratio n Guidelin es Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge.
37-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels • For Layer 2 Ethe rChanne ls: – Assign all p orts in the EtherChannel to the same V LAN, or co nf igure them a s trunks.
37-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els T o remove a p ort from the E therCha nnel gro up, us e the no channel-group interface configurat ion comm and.
37-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels This exam ple sh o ws ho w to conf igu re a n Ether Chann el on a swit ch.
37-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els Be ginn ing i n pri vile ged E XEC mo de, f oll ow these ste ps to conf igure Ethe rCha nne l loa d bala nci ng.
37-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels Y ou also can configure a sing le port with in the group for all transmi ssions and use other port s for hot standby .
37-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing EtherChann els T o return the priority to its def ault setting, us e the no pagp port-priority interf ace c onf iguration command.
37-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Config uring Et herCh annels Beginn ing in pri vileg ed EXEC mode, follo w th ese steps to conf igur e the LA CP system priority .
37-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Displaying Eth erChannel, PA gP, and LACP Status T o return the LA CP port priority to the def ault v alue, u se the no lacp port-priorit y inter face configurati on c ommand.
37-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Understanding Link-State Tracking Note A n interfac e can b e an aggregati on of ports (an Et herChann el) , or a si ngle phys ical por t in a ccess or trunk mode.
37-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Underst anding L ink-State Tracking • If all of the upstream interfac es become una v ailable, link-state tracking automati cally puts the do wnst ream inter faces in the err or -disabl ed state .
37-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 7 Configuring EtherCh annels and Link-Stat e Tracking Configuring Link-State Tracking Configuring Link -State.
37-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapte r 37 Configu ring Eth erChann els and Lin k-Sta te Track ing Configur ing Link-S tate Tracki ng This exam ple sh.
CH A P T E R 38-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 38 Troubleshooting This chapter descr ibes ho w to identify and resolv e software probl ems related to the Cisco IOS software on the Cataly st 2960 and 2960 -S switche s.
38-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recovering f rom a Softwa re Failure • Using th e show platform for ward Comm and, page 38.
38-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd Step 6 Press the Mode button and at the same time, reco nnect the po wer cord to the switch. Y o u can r elease the Mo de button a second or two after t he LED above port 1 goes off.
38-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recoveri ng from a Los t or Forgotten Password Y ou enable or d isable pa ssword recovery by using the se rvice pa ssword -r eco very global c onfiguratio n comm and.
38-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd Step 2 If you had se t the co nsole po rt spe ed to anything other than 9600, i t ha s been reset to tha t par ticula r speed.
38-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recoveri ng from a Los t or Forgotten Password Step 13 Write th e running c onfigu ration to t he startup c onfig uration f ile: Switch# copy running-config startup-config The new password is now in the startup con figuration.
38-7 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recoverin g from a Lost or For gotten Passwo rd The switch f ile system appears: Directory of flash: 13 drwx 192 Mar 01 1993 22:30:48 c2960-lanbase-mz.
38-8 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Prev ent in g Swi tch Stac k P rob lems Preventing Switch Stack Problems Note • Make sure that the swit ches that you add to or remove from th e switch stac k are pow ered off.
38-9 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recovering from a Command Switch Failure If you have not configured a stan dby comma nd swi.
38-10 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recoveri ng from a Com mand Switc h Failure Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'.
38-11 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Recovering from a Command Switch Failure Replacing a Failed Comma nd Switch w ith Anoth er.
38-12 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Recovering f rom Lost Clust er Member Conn ectivity Step 10 When pr ompted, assign a nam e to th e cl uster, and press Return . The clu ster name can be 1 to 31 al phan umeric charac ters, da shes, or un dersc ores.
38-13 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubleshooting Power over Ethernet Switch Ports Troubleshooting Power over Ethernet Switch Ports These sec tions descr ibe how to troublesho ot Power ov er Ethern et (PoE) por ts.
38-14 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Monitorin g SFP Modu le Status If you are using a non-Cisco SFP module, remove the SFP mo dule from the switch, and replace it with a Cisco module.
38-15 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using Layer 2 Tr aceroute Executing Ping Beginning in privileged EXEC mode , use this co m.
38-16 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using La yer 2 Tra cero ute Understand ing Layer 2 T raceroute The Lay er 2 tra cerou te feat ure al lows the swit ch to id entif y the physic al pat h that a packet takes fr om a source device to a destin ation device.
38-17 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using IP Traceroute • When multipl e de vices are attached to one p ort through h ubs (for e xample, m ultiple CDP n eighbors are de tecte d on a port) , the Layer 2 tra cerou te fea ture i s not support ed.
38-18 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using I P Trac eroute T o learn when a datagram reaches its de stination, trace route sets the UDP destinati on port number in the datagram to a v ery lar ge v alue that the de stination host is unlik ely to be using.
38-19 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Usin g TDR T o end a trace in pr ogres s, enter the escape s equence ( Ctrl-^ X by defaul t). Si multane ously pr ess a nd release th e Ctrl , Shift , and 6 keys and then p ress the X ke y .
38-20 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using D ebug Command s T o display the resu lts, enter th e sho w cable -diagnos tics t dr interf ace inte rf ace -i d pri vilege d EX EC command .
38-21 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using Debug C ommands T o d isab le debugging of SP AN, e nter th is comm and in privilege.
38-22 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using the s how platfo rm forward Co mmand Using the show p latform forward Command The out.
38-23 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using the cr ashinfo Files This is an exam ple of the output whe n the packet coming in on port 1 in VLA N 5 is sent to an add ress already learne d on the VL AN on ano ther por t.
38-24 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Using On-Board F ailure Lo gging Y o u can display the most recent basic crashinf o file (t.
38-25 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Using On-Board Failure Logging • T emp erat ure—T emperat ure of a standa lone s witch.
38-26 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Memory Con sistenc y Check Routi nes Displaying OBFL Information T o displ ay th e OBFL i n.
38-27 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les Displaying T CAM M emory Con sistenc y Check E rro rs Beginning .
38-28 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables Troubleshooting CPU Utilization This section lists some possible symptoms that co uld be caused by the CPU being too b usy and show s ho w to v erify a CPU utilizati on problem .
38-29 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les For complete information about CPU utilizatio n and ho w to troubleshoot utilizatio n problem s, see th e T r oubleshooting High CPU Utilization documen t on Cisco.
38-30 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables No PoE on a ll port s or a group of p orts. T rouble is on all switch por ts. Nonpowered Et hern et devices canno t esta blish an Ethern et l ink on any por t, an d PoE devices do not power on.
38-31 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les Cisco IP Phone disconn ects or re sets. After working norma lly , a Cisco pho ne or wireless access point inter mittently reload s or d iscon nects from PoE .
38-32 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables Troublesho oting Switc h Stacks Note Stac king is supp orted only on Cat alyst 2960-S sw itches runni ng the LAN base ima ge.
38-33 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 8 Troubleshooti ng Troubl esho oting Tab les Port nu mbe ring in one or more switches is incorrec t or changed. Enter the show switch detail us er EXEC comman d.
38-34 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapter 38 Trouble shooting Troubles hooting Tables.
CH A P T E R 39-1 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 39 Configuring Online Diagnostics This c hapter d escribes how to configure the online diagnost ics on the 2960 and 2960-S switches. Note Onl ine dia gnostics is sup ported on ly o n Cataly st 2960- S switch es runni ng the L AN ba se im age.
39-2 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 39 Config uring Onl ine Dia gnostic s Scheduli ng Onlin e Diagnos tics Scheduling On line Diagnost ics Y ou can schedule online dia gnostics to run at a designa ted time of da y or on a daily , weekly , or monthl y basis for a specific switch.
39-3 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 9 Configuring On line Dia gnostics Runni ng Online Dia gnostic Tests This e xample shows h ow to configur e th.
39-4 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 39 Config uring Onl ine Dia gnostic s Displa ying On line Dia gnostic Tests a nd Test Res ults Th is ex am pl e.
39-5 Catalyst 2960 and 296 0-S Switch Software Conf iguratio n Guide OL-8603-09 Chapter 3 9 Configuring On line Dia gnostics Displaying Onlin e Diagnostic Te sts and Te st Results Th is ex am p l e s .
39-6 Catalyst 2960 and 2960- S Switch So ftware Configura tion Guide OL-8603-09 Chapt er 39 Config uring Onl ine Dia gnostic s Displa ying On line Dia gnostic Tests a nd Test Res ults ====== ==== ====.
A- 1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX A Working with the Cisco IOS File System, Configuration Files, an d Software Images This ap pendix d escrib es ho.
A- 2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F i.
A-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash Fi.
A- 4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F i.
A-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System Use t he /recur sive keyword to dele te the n amed di recto ry and a ll subd irector ies and the f iles c ontained in it.
A- 6 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System Use the /rec ursiv e ke yword for del eting a dir ectory and all subdire ctories a nd the files containe d in it.
A-7 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System This e xample sho ws ho w to create a tar f ile.
A- 8 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files • For the RCP , the syntax is rcp : [[ // u ser name @ location ] / di r ector y ] / tar -f ilename .
A-9 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuratio.
A-10 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files command than the e xisting conf igur ation, the IP address in the copi ed conf iguration is used.
A-11 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configurati.
A-12 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files This ex ample s ho ws ho w to conf igure the softw are from the f ile tokyo-confg at I P add ress 17 2.
A-13 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files The user name and pass word must be asso ciat ed with an acco unt on the FTP server .
A-14 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati o.
A-15 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configurati.
A-16 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files T o u se RCP to copy files, the server from or to which you will be copying files must support RCP .
A-17 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files If the switch IP address tr anslates to Swit ch1.
A-18 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Connected to 172.
A-19 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Clearing Con figuration Informatio n Y ou can cl ear t he configurat ion i nform ation fr om t he start up co nfiguration .
A-20 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati o.
A-21 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configurati.
A-22 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati o.
A-23 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Im.
A-24 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Note For a l ist of sof twar e image s and the suppo rted upgrad e path s, se e the rel ease notes.
A-25 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Im.
A-26 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Ima.
A-27 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Im.
A-28 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Uploading an Image File By Using TFTP Y o u can up load an image fr om the switc h to a T FTP serv er .
A-29 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Im.
A-30 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es and you have a valid usernam e, this username is used , and you do not ne ed to set th e FTP user name.
A-31 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Im.
A-32 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es Uploading an Image File By Using FTP Y o u can upload an image fr om the switch to an FTP server .
A-33 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Im.
A-34 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es For the RCP c opy request to e xecu te succ essful ly , an account must be def ined on the net wor k serv er f or the remo te userna me.
A-35 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Im.
A-36 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Imag es If yo u speci fy th e /lea v e-old-sw , the exis ting f iles are n ot remo v ed.
A-37 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Im.
A-38 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Soft ware Ima.
B-1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX B Supported MIBs This a ppend ix list s the supporte d ma nagement infor matio n base (MIBs) for t his rel ease on the Catalyst 2960 and 2960- S switches .
B-2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendi x B Supported MI Bs MIB List • CISCO-IET F-IP-FOR W ARDING- MIB • CISCO- IGM P-FIL TER-M IB • CISCO -IMA GE-MIB (Onl y stac k mast er image d etails are sho wn.
B-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix B Supported M IBs MIB List • INET -ADDRESS-MIB • LLDP MED MIB • OLD-CISCO-CHASSIS-MI B (Par tial suppor t; some obje cts reflect only the sta ck master .) • OLD-CISCO- FLASH-MIB (Su pports only the stack master .
B-4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendi x B Supported MI Bs Using FTP to Acces s the MIB Files Using FTP to Access the MIB Files Y ou can get each MI B file by using this procedu re: Step 1 Make sure that you r FTP clie nt is in passiv e mode.
C-1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX C Unsupported Co mmands in Cisco IOS Rele ase 12.2(55)SE This app endix lists so me of the command -line inter fac.
C-2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE Boot Lo ader Comman ds show acc ess-lists rate-limit [ .
C-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(55)SE Interface Command s Interface Command s Unsupporte d Pr.
C-4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE Miscella neous mac-ad dre ss-tab le static Miscellaneou.
C-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(55)SE RADIUS Unsupporte d Interface Configuration Commands priority-gr oup rate-limit Unsupporte d Policy-Map Configuration Command class class-default wh ere class-default is the class-map-name .
C-6 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE SNMPv3 SNMPv3 Unsupporte d 3DES Enc ryption Command s A.
C-7 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(55)SE VTP Unsupporte d VLAN Databa se Co mmands vtp vlan show.
C-8 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix C Unsupported Command s in Cisco I OS Release 12.2(55 )SE VTP.
A- 1 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 APPENDIX A Recommendations for Upgrading a Catalyst 2950 Switch to a Catalyst 2960 Switch This app endix describe s the co.
A- 2 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A Recommendation s for Upgradi ng a Catalyst 2950 Switch to a C atalyst 2960 Switch Conf igu rat ion Comp ati bi.
A-3 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Recommen dations f or Upgradi ng a Catalyst 2950 Sw itch to a Cataly st 2960 Switch Configuration Compatibility Issues IEEE 802.1x I n Cisco IOS 12 .1EA, the Ca talyst 295 0 switch range s for t he IEE E 802.
A- 4 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A Recommendation s for Upgradi ng a Catalyst 2950 Switch to a C atalyst 2960 Switch Conf igu rat ion Comp ati bil ity Is sues QoS 2 There i s limite d QoS c onfi guration co mpatibility between the Cataly st 2950 switch an d the Catalyst 2960 switch.
A-5 Catalyst 2960 and 2960-S Switch Software Configurati on Guide OL-8603-09 Append ix A Recommen dations f or Upgradi ng a Catalyst 2950 Sw itch to a Cataly st 2960 Switch Feature Behavior Incompatib.
A- 6 Catalyst 2960 and 2960- S Switch Software Configura tion Guide OL-8603-09 Appendix A Recommendation s for Upgradi ng a Catalyst 2950 Switch to a C atalyst 2960 Switch Featu re Be havi or Inco mpat ib ilit ies • RSP AN The Catalyst 2950 switch uses an ext ra port, called the reflector port, for its RSP AN implementation.
