Cisco 2950 Software Configuration Guide

Cisco 2950 - Catalyst Switch Manual

Get Cisco 2950 - Catalyst Switch PDF manuals and user guides
UPC - 746320454504
View all Cisco 2950 manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco 2950 manual content summary:

  • Cisco 2950 | Software Configuration Guide - Page 1
    Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide Cisco IOS Release 12.1(20)EA2 May 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number:
  • Cisco 2950 | Software Configuration Guide - Page 2
    Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0403R) Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide Copyright © 2001-2004 Cisco Systems, Inc. All rights reserved4
  • Cisco 2950 | Software Configuration Guide - Page 3
    10 Small to Medium-Sized Network Configuration 1-13 Collapsed Backbone and Switch Cluster Configuration 1-14 Hotel Network Configuration 1-15 Service-Provider Central-Office Configuration 1-18 Large Campus Configuration 1-19 Multidwelling Network Using Catalyst 2950 Switches 1-20 Long-Distance, High
  • Cisco 2950 | Software Configuration Guide - Page 4
    3-2 Port Status Monitoring Alarms 3-3 Triggering Alarm Options 3-3 Configuring Catalyst 2955 Switch Alarms 3-4 Default Catalyst 2955 Switch Alarm Configuration 3-4 Configuring the Power Supply Alarm 3-5 Setting the Power Mode 3-5 Setting the Power Supply Alarm Options 3-5 Configuring the Switch
  • Cisco 2950 | Software Configuration Guide - Page 5
    to a Specific Port 3-10 Enabling SNMP Traps 3-11 Displaying Catalyst 2955 Switch Alarms Status 3-11 Getting Started with CMS 4-1 Understanding CMS 4-1 Front Panel View 4-1 Topology View 4-2 CMS Menu Bar, Toolbar, and Feature Bar 4-2 Online Help 4-5 Configuration Modes 4-5 Guide Mode 4-5 Expert Mode
  • Cisco 2950 | Software Configuration Guide - Page 6
    11 Modifying the Startup Configuration 5-11 Default Boot Configuration 5-12 Automatically Downloading a Configuration File 5-12 Specifying the Filename to Read and Write the System Configuration 5-12 Booting Manually 5-13 Booting a Specific Software Image 5-13 Controlling Environment Variables 5-14
  • Cisco 2950 | Software Configuration Guide - Page 7
    Standby Command Switches 7-11 Virtual IP Addresses 7-12 Other Considerations for Cluster Standby Groups 7-12 Automatic Recovery of Cluster Configuration 7-14 IP Addresses 7-14 Host Names 7-15 Passwords 7-15 SNMP Community Strings 7-15 TACACS+ and RADIUS 7-16 Access Modes in CMS 7-16 Management VLAN
  • Cisco 2950 | Software Configuration Guide - Page 8
    17 Default DNS Configuration 8-18 Setting Up DNS 8-18 Displaying the DNS Configuration 8-19 Creating a Banner 8-19 Default Banner Configuration 8-19 Configuring a Message-of-the-Day Login Banner 8-20 Configuring a Login Banner 8-21 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 9
    to Your Switch 9-1 Protecting Access to Privileged EXEC Commands 9-2 Default Password and Privilege Level Configuration 9-2 Setting or Changing a Static Enable Password 9-3 Protecting Enable and Enable Secret Passwords with Encryption 9-4 Disabling Password Recovery 9-5 Setting a Telnet Password for
  • Cisco 2950 | Software Configuration Guide - Page 10
    with Guest VLAN 10-8 Configuring 802.1x Authentication 10-9 Default 802.1x Configuration 10-9 802.1x Configuration Guidelines 10-10 Upgrading from a Previous Software Release 10-11 Enabling 802.1x Authentication 10-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide x 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 11
    Interface 11-14 Monitoring and Maintaining the Interfaces 11-15 Monitoring Interface and Controller Status 11-15 Clearing and Resetting Interfaces and Counters 11-16 Shutting Down and Restarting the Interface 11-17 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xi
  • Cisco 2950 | Software Configuration Guide - Page 12
    12-2 Smartports Macro Configuration Guidelines 12-3 Creating Smartports Macros 12-4 Applying Smartports Macros 12-5 Applying Cisco-default Smartports Macros 12-6 Displaying Smartports Macros 12-8 Configuring LRE 13-1 Understanding LRE Features 13-1 Ports on the Catalyst 2950 LRE Switches
  • Cisco 2950 | Software Configuration Guide - Page 13
    14-12 Changing the Spanning-Tree Mode 14-13 Disabling Spanning Tree 14-14 Configuring the Root Switch 14-14 Configuring a Secondary Root Switch 14-16 Configuring the Port Priority 14-17 Configuring the Path Cost 14-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xiii
  • Cisco 2950 | Software Configuration Guide - Page 14
    MSTP Features 15-11 Default MSTP Configuration 15-12 MSTP Configuration Guidelines 15-12 Specifying the MST Region Configuration and Enabling MSTP 15-13 Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring the Port Priority 15-17 Configuring the Path Cost 15
  • Cisco 2950 | Software Configuration Guide - Page 15
    16-18 Enabling Root Guard 16-19 Enabling Loop Guard 16-19 Displaying the Spanning-Tree Status 16-20 Configuring VLANs 17-1 Understanding VLANs 17-1 Supported VLANs 17-2 VLAN Port Membership Modes 17-3 Contents 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xv
  • Cisco 2950 | Software Configuration Guide - Page 16
    in config-vlan Mode 17-6 VLAN Configuration in VLAN Configuration Mode 17-6 Saving VLAN Configuration 17-7 Default Ethernet VLAN Configuration 17-7 Creating or Modifying an Ethernet VLAN 17-8 Deleting a VLAN 17-10 Assigning Static-Access Ports to a VLAN 17-11 Configuring Extended-Range VLANs 17-12
  • Cisco 2950 | Software Configuration Guide - Page 17
    -9 Configuring a VTP Client 18-11 Disabling VTP (VTP Transparent Mode) 18-12 Enabling VTP Version 2 18-13 Enabling VTP Pruning 18-14 Adding a VTP Client Switch to a VTP Domain 18-14 Monitoring VTP 18-16 Contents 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xvii
  • Cisco 2950 | Software Configuration Guide - Page 18
    Voice VLAN 19-1 Understanding Voice VLAN 19-1 Configuring Voice VLAN 19-2 Default Voice VLAN Configuration 19-2 Voice VLAN Configuration Guidelines 19-3 Configuring a Port to Connect to a Cisco 7960 IP Phone 19-3 Configuring Ports to Carry Voice Traffic in 802.1Q Frames 19-4 Configuring Ports to
  • Cisco 2950 | Software Configuration Guide - Page 19
    22-2 Enabling Storm Control 22-2 Disabling Storm Control 22-4 Configuring Protected Ports 22-4 Configuring Port Blocking 22-5 Blocking Flooded Traffic on an Interface 22-5 Resuming Normal Forwarding on a Port 22-6 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xix
  • Cisco 2950 | Software Configuration Guide - Page 20
    CDP 24-1 Configuring CDP 24-2 Default CDP Configuration 24-2 Configuring the CDP Characteristics 24-2 Disabling and Enabling CDP 24-3 Disabling and Enabling CDP on an Interface 24-4 Monitoring and Maintaining CDP 24-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xx
  • Cisco 2950 | Software Configuration Guide - Page 21
    Limits 25-6 Default SPAN and RSPAN Configuration 25-7 Configuring SPAN 25-7 SPAN Configuration Guidelines 25-7 Creating a SPAN Session and Specifying Ports to Monitor 25-8 Creating a SPAN Session and Enabling Ingress Traffic 25-9 Removing Ports from a SPAN Session 25-11 Configuring RSPAN 25-12 RSPAN
  • Cisco 2950 | Software Configuration Guide - Page 22
    Groups and Users 28-9 Configuring SNMP Notifications 28-11 Setting the Agent Contact and Location Information 28-14 Limiting TFTP Servers Used Through SNMP 28-14 SNMP Examples 28-15 Displaying SNMP Status 28-16 xxii Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 23
    Understanding Access Control Parameters 29-4 Guidelines for Applying ACLs to Physical Interfaces 29-5 Configuring ACLs 29-6 Unsupported Features 29-7 Creating Standard and Extended Mapping Tables 30-8 Contents 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xxiii
  • Cisco 2950 | Software Configuration Guide - Page 24
    Class of Service Works 30-8 Port Priority 30-8 Port Scheduling 30-8 Egress CoS Queues 30-9 Configuring Auto-QoS 30-9 Generated Auto-QoS Configuration 30-10 Effects of Auto-QoS on the Configuration 30-13 Configuration Guidelines 30-13 Upgrading from a Previous Software Release 30-14 Enabling Auto-QoS
  • Cisco 2950 | Software Configuration Guide - Page 25
    Hot Standby Ports 31-13 Configuring the LACP System Priority 31-13 Displaying EtherChannel, PAgP, and LACP Status 31-14 Troubleshooting 32-1 Using Recovery Procedures 32-1 Recovering from Corrupted Software 32-2 Recovering from Lost or Forgotten Passwords on Non-LRE Catalyst 2950 Switches 32
  • Cisco 2950 | Software Configuration Guide - Page 26
    Copying Configuration Files By Using TFTP B-10 Preparing to Download or Upload a Configuration File By Using TFTP B-11 Downloading the Configuration File By Using TFTP B-11 Uploading the Configuration File By Using TFTP B-12 xxvi Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 27
    Image File By Using FTP B-27 Copying Image Files By Using RCP B-28 Preparing to Download or Upload an Image File By Using RCP B-28 Downloading an Image File By Using RCP B-29 Uploading an Image File By Using RCP B-31 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 28
    Contents xxviii Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 29
    ." The Catalyst 2955 switch also supports an additional set of features that are described in Chapter 3, "Configuring Catalyst 2955 Switch Alarms." The switch has facilities to process alarms related to the temperature, power supply conditions, and status of the Ethernet ports. Use this guide with
  • Cisco 2950 | Software Configuration Guide - Page 30
    . This guide does not repeat the concepts and CLI procedures provided in the standard Cisco IOS Release 12.1 documentation. For information about the standard Cisco IOS Release 12.1 commands, refer to the Cisco IOS documentation set available from the Cisco.com home page at Service and Support
  • Cisco 2950 | Software Configuration Guide - Page 31
    or upgrading the switch, refer to the release notes on Cisco.com for the latest information. For information about the switch, refer to these documents: • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide (order number DOC-7811380=) • Catalyst 2950 and Catalyst 2955 Switch Command
  • Cisco 2950 | Software Configuration Guide - Page 32
    features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller. xxxii Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 33
    restore service to satisfactory levels. Severity 4 (S4)-You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 34
    Protocol Journal at this URL: http://www.cisco.com/ipj • World-class networking training is available from Cisco. You can view current offerings at this URL: http://www.cisco.com/en/US/learning/index.html xxxiv Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 35
    -48-EI Catalyst 2950ST-8 LRE Catalyst 2950ST-24 LRE Catalyst 2950ST-24 LRE 997 Catalyst 2950SX-24 Catalyst 2950SX-48-SI Catalyst 2950T-24 Catalyst 2950T-48-SI Software Image SI1 SI EI2 EI EI EI EI EI EI EI SI SI EI SI 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 36
    Supported (continued) Switch Catalyst 2955C-12 Catalyst 2955S-12 Catalyst 2955T-12 1. SI = standard software image 2. EI = enhanced software image Software Image EI EI EI Certain Cisco Long-Reach Ethernet (LRE) customer premises equipment (CPE) devices are not supported by certain Catalyst 2950
  • Cisco 2950 | Software Configuration Guide - Page 37
    switches, routers, and servers • Support for frames larger than 1500 bytes. These switches support frame sizes from 1500 to 1530 bytes: - Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, and 2950G-48-EI switches running Cisco IOS Release 12.1(6)EA2 or later - Catalyst 2950 LRE switches - Catalyst
  • Cisco 2950 | Software Configuration Guide - Page 38
    , cross-stack UplinkFast, and BackboneFast for fast convergence after a spanning-tree topology change and for achieving load balancing between redundant uplinks, including Gigabit uplinks and cross-stack Gigabit uplinks Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-4 78
  • Cisco 2950 | Software Configuration Guide - Page 39
    , and bandwidth Note The Catalyst 2950-12, Catalyst 2950-24, Catalyst 2950SX-24, Catalyst 2950SX-48-SI, and Catalyst 2950T-48-SI switches support only 64 port-based VLANs. • The switch supports up to 4094 VLAN IDs to allow service provider networks to support the number of VLANs allowed by the IEEE
  • Cisco 2950 | Software Configuration Guide - Page 40
    limits Note Policing is available only in the EI. • Egress Policing and Scheduling of Egress Queues-Four egress queues on all switch ports. Support for strict priority and weighted round-robin (WRR) CoS policies Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-6 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 41
    modules instead of Gigabit Interface Converter (GBIC) modules • Support for configuring the interleave delay feature • Support for DC-input power and compliance with the VDSL 997 band plan on Catalyst 2950ST-24 LRE 997 switches Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-7
  • Cisco 2950 | Software Configuration Guide - Page 42
    directly to the switch console port or by using Telnet or SSH from a remote management station. For more information about the CLI, see Chapter 2, "Using the Command-Line Interface." • IE2100-Cisco Intelligence Engine 2100 Series Configuration Registrar is a network management device that works
  • Cisco 2950 | Software Configuration Guide - Page 43
    ports and switches: - Port configuration such as speed and duplex settings - Port and console port security settings - NTP, STP, VLAN, and quality of service (QoS) configurations - Inventory and statistic reporting and link and switch-level monitoring and troubleshooting - Group software upgrades
  • Cisco 2950 | Software Configuration Guide - Page 44
    profiles evolve, consider providing network services that can support applications such as voice and data integration and security. Table 1-4 describes some network demands and how you can meet those demands. 1-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 45
    or an intranet at higher speeds • Use the Catalyst 2900 LRE XL or Catalyst 2950 LRE switches to provide up to 15 Mb of IP connectivity over existing infrastructure (existing telephone lines). Figure 1-1 shows configuration examples of using the Catalyst switches to create these networks: • Cost
  • Cisco 2950 | Software Configuration Guide - Page 46
    3550-12T or Catalyst 3550-12G switch Catalyst 3550-12G switch 1-Gbps HSRP Si Si Redundant Gigabit Backbone 60992 Catalyst 2900 XL, Catalyst 2950, Catalyst 2955, Catalyst 3500 XL, and Catalyst 3550 cluster 1-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 47
    -Sized Network Configuration Cisco 2600 router Catalyst 2900 XL, Catalyst 2950, Catalyst 3550, and Catalyst 3500 XL GigaStack configured as a switch cluster, with primary and secondary command switches for redundant cluster management. Workstations are connected directly to the 10/100 switch ports
  • Cisco 2950 | Software Configuration Guide - Page 48
    100 inline-power ports on the Catalyst 3550-24PWR switches and to the 10/100 ports on the Catalyst 2950 switches. These multiservice switch ports automatically detect any IP phones that are connected. Cisco CallManager controls call processing, routing, and IP phone features and configuration. Users
  • Cisco 2950 | Software Configuration Guide - Page 49
    Phones IP IP IP Cisco IP Phones 60994 Hotel Network Configuration Figure 1-4 shows Catalyst 2950ST-8 LRE and 2950ST-24 LRE switches in a hotel network environment with approximately 200 rooms. This network includes a PBX switchboard, a router, and high-speed servers. Connected to the telephone
  • Cisco 2950 | Software Configuration Guide - Page 50
    as 10/100/1000 switch ports. For example, you can configure port-based VLANs on the LRE ports to provide individual port security and protected ports to further prevent unwanted broadcasts within the VLANs. 1-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 51
    controls Cisco 585 LRE CPE Floor 3 Patch panel Cisco LRE 48 POTS splitters Catalyst 2950ST-8 LRE and 2950ST-24 LRE switches PSTN PBX Catalyst 2950 or Catalyst 3550 switch Servers Cisco 2600 router 89514 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 52
    Central-Office Configuration Figure 1-5 shows the Catalyst 2950ST-24 LRE 997 switches in a service-provider central-office network environment. The Catalyst 2950ST-24 LRE 997 switches have DC-input power supply and are compliant with the VDSL 997 band plan. The Catalyst 2950 LRE switches are located
  • Cisco 2950 | Software Configuration Guide - Page 53
    users Laptop POTS telephones POTS splitter Building 3 Cisco 576 LRE 997 Required microfilter POTS splitter Building 4 Catalyst 2950ST-24 LRE 997 switches (DC-input power) Cisco 576 LRE 997 CPE 89380 Large Campus Configuration Figure 1-6 shows a configuration for a network of more than 1000
  • Cisco 2950 | Software Configuration Guide - Page 54
    IP Phones IP IP IP Cisco IP Phones 60995 Multidwelling Network Using Catalyst 2950 Switches A growing segment of residential and commercial customers are requiring high-speed access to Ethernet metropolitan-area networks (MANs). Figure 1-7 shows a configuration for a Gigabit Ethernet MAN ring
  • Cisco 2950 | Software Configuration Guide - Page 55
    " and "Large Campus Configuration." Figure 1-7 Catalyst 2950 Switches in a MAN Configuration Cisco 12000 Gigabit switch routers Catalyst 6500 switches Si Service Provider POP Si Catalyst 3550 Si multilayer switches Si Si Mini-POP Si Gigabit MAN Si Si Catalyst switches Set-top box TV
  • Cisco 2950 | Software Configuration Guide - Page 56
    information: • Chapter 2, "Using the Command-Line Interface" • Chapter 4, "Getting Started with CMS" • Chapter 5, "Assigning the Switch IP Address and Default Gateway" • Chapter 6, "Configuring IE2100 CNS Agents" 1-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 57
    describes the Cisco IOS command-line interface (CLI) that you can use to configure your Catalyst 2950 and Catalyst 2955 switches. It contains these sections: • Cisco IOS Command Modes, page 2-1 • Getting Help, page 2-3 • Abbreviating Commands, page 2-4 • Using no and default Forms of Commands, page
  • Cisco 2950 | Software Configuration Guide - Page 58
    that apply to the entire switch. To exit to global configuration mode, enter the exit command. To return to privileged EXEC mode, press Ctrl-Z or enter end. Use this mode to configure VLAN parameters. When VTP mode is transparent, you can create extended-range VLANs (VLAN IDs greater than 1005
  • Cisco 2950 | Software Configuration Guide - Page 59
    : Switch# di? dir disable disconnect Complete a partial command name. For example: Switch# sh conf Switch# show configuration List all commands available for a particular command mode. For example: Switch> ? 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 2-3
  • Cisco 2950 | Software Configuration Guide - Page 60
    as the no form. However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 2-4 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 61
    configuration mode, enter this command to configure the number of command lines the switch records for all sessions on a particular line: Switch(config-line)# history [size number-of-lines] The range is from 0 to 256. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 62
    enhanced editing mode is automatically enabled, you can disable it. To re-enable the enhanced editing mode for the current terminal session, enter this command in privileged EXEC mode: Switch# terminal editing Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 2-6 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 63
    a specific line to have enhanced editing mode, enter this command in line configuration mode: Switch(config-line)# editing To globally disable enhanced editing mode, enter this command in line configuration mode: Switch(config-line)# no editing Editing Commands through Keystrokes Table 2-5 shows
  • Cisco 2950 | Software Configuration Guide - Page 64
    to execute the command. The dollar sign ($) appears at the end of the line to show that the line has been scrolled to the right: Switch(config)# access-list privileged EXEC command to set the width of your terminal. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 2-8 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 65
    switch supports up to five simultaneous secure SSH sessions. After you connect through the console port, or through a Telnet session, or through an SSH session, the user EXEC prompt appears on the management station. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 66
    the CLI by clicking Web Console - HTML access to the command line interface from a cached copy of the Cisco Systems Access page. To prevent unauthorized access to CMS and the CLI, exit your browser to end the browser session. 2-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 67
    section includes information about these topics: • Global Status Monitoring Alarms, page 3-2 • FCS Error Hysteresis Threshold, page 3-2 • Port Status Monitoring Alarms, page 3-3 • Triggering Alarm Options, page 3-3 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 3-1
  • Cisco 2950 | Software Configuration Guide - Page 68
    and functions. Table 3-1 Catalyst 2955 Global Status Monitoring Alarms Alarm Power Supply Alarm Temperature Alarms Description The switch monitors dual DC power supply levels. If the system is configured to operate in a dual power mode, an alarm triggers if a power supply fails or is missing
  • Cisco 2950 | Software Configuration Guide - Page 69
    is assigned a severity level based on the Cisco IOS System Error Message Severity Level. See the "Configuring Catalyst 2955 Switch Alarms" section on page 3-4 for more information on configuring the relays. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 3-3
  • Cisco 2950 | Software Configuration Guide - Page 70
    3-3 Default Catalyst 2955 Switch Alarm Configuration Global Port Alarm Power Supply Alarm Primary Temperature Alarm Secondary Temperature Alarm Link Fault Alarm Port not Forwarding Alarm Port is not Operating Alarm FCS Bit Error Rate Alarm Default Setting Enabled in switch single power mode. No
  • Cisco 2950 | Software Configuration Guide - Page 71
    Set the system to dual mode operation. end Return to privileged EXEC mode. show alarm settings Verify the configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no power-supply dual command to disable this alarm by setting the switch
  • Cisco 2950 | Software Configuration Guide - Page 72
    from 40oC to 95oC. end Return to privileged EXEC mode. show alarm settings Verify the configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no alarm facility temperature secondary threshold global configuration command to disable the
  • Cisco 2950 | Software Configuration Guide - Page 73
    temperature alarm traps to a syslog server. end Return to privileged EXEC mode. show alarm settings Verify the configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. Note Before you can use the notifies command to send alarm traps to an SNMP
  • Cisco 2950 | Software Configuration Guide - Page 74
    to 10. The default value is 10 percent. end Return to privileged EXEC mode. show running config Verify the configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 3-8 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 75
    3 Configuring Catalyst 2955 Switch Alarms Configuring Catalyst 2955 Switch Alarms Use the no alarm facility fcs-hysteresis command to set the FCS error hysteresis threshold to its default value. Note The show running config command displays any FCS error hysteresis that is not the default value
  • Cisco 2950 | Software Configuration Guide - Page 76
    . end Return to privileged EXEC mode. show alarm profile Verify the configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. To detach an alarm profile from a specific port, use the no alarm-profile name interface configuration command. This
  • Cisco 2950 | Software Configuration Guide - Page 77
    Enable the switch to send SNMP traps. end Return to privileged EXEC mode. show alarm settings Verify the configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. Displaying Catalyst 2955 Switch Alarms Status To display the global and port
  • Cisco 2950 | Software Configuration Guide - Page 78
    Displaying Catalyst 2955 Switch Alarms Status Chapter 3 Configuring Catalyst 2955 Switch Alarms 3-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 79
    -panel image of a specific set of switches in a cluster. From this view, you can select multiple ports or multiple switches and configure them with the same settings. For more information, see the "Displaying CMS" section on page 4-10. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software
  • Cisco 2950 | Software Configuration Guide - Page 80
    intervals, the views to open at CMS startup, and the color of administratively shutdown ports. Save the configuration of the cluster or a switch to Flash memory. Upgrade the software for the cluster or a switch. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-2 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 81
    enable the feature bar, click CMS > Feature Bar, and select Standard Mode. - To hide the feature bar, click CMS > Feature Bar, and select Autohide Mode. Figure 4-2 shows the features available in a sample cluster. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-3
  • Cisco 2950 | Software Configuration Guide - Page 82
    features supported by modes affect the availability of features from CMS. Some CMS features are not available in read-only mode. For more information about how access modes affect CMS, see the "Privilege Levels" section on page 4-7. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 83
    , or popup menu to launch that feature in Guide Mode. If you change the interaction mode after selecting a configuration option, the mode change does not take effect until you select another configuration option. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-5
  • Cisco 2950 | Software Configuration Guide - Page 84
    feature, as shown in Figure 4-3 on page 4-6. Wizards are not available or for read-only access levels. For more information about the read-only access mode, see the "Privilege Levels" section on page 4-7. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-6 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 85
    Cisco IOS Release 12.0(5)WC2 or earlier • Catalyst 2950 member switches running Cisco IOS Release 12.0(5)WC2 or earlier For more information about this limitation, refer to the release notes. These switches do not support read-only mode on CMS: • Catalyst 1900 and Catalyst 2820 switches • Catalyst
  • Cisco 2950 | Software Configuration Guide - Page 86
    cluster 7.0 for the OS and Motif library patch 103461-24 1. Service Pack 1 or higher is required for Internet Explorer 5.5. Microsoft Internet Explorer1 5.5 or 6.0 5.5 or 6.0 5.5 or 6.0 5.5 or 6.0 Not supported Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-8 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 87
    web browser. If you have not configured a specific (nondefault) HTTP port and are using the enable password (or no password) for access to the switch, you can go to the "Displaying CMS" section on page 4-10. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-9
  • Cisco 2950 | Software Configuration Guide - Page 88
    2 Step 3 Step 4 Command configure terminal ip http authentication {enable | local | tacacs} end show running-config Purpose Enter global configuration mode. Configure the HTTP server interface for the type of authentication you want to use. • enable-Enable password, which is the default method of
  • Cisco 2950 | Software Configuration Guide - Page 89
    , and the Cisco Technical Assistance Center (TAC) Click Cluster Management Suite to launch the CMS interface. The CMS Startup Report runs and verifies that your PC or workstation can correctly run CMS. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-11
  • Cisco 2950 | Software Configuration Guide - Page 90
    must upgrade your browser first. If you install the CMS plug-in and then upgrade your browser, the plug-in is not registered with the new browser. When your PC or workstation is correctly configured, CMS launches. 4-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 91
    -click on a switch port to configure that port. Figure 4-7 Front Panel View and Port Popup Menu 1 2 98674 3 4 1 Cluster tree 2 Command switch 3 Checkboxes to show switches 4 Port configuration popup menu 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-13
  • Cisco 2950 | Software Configuration Guide - Page 92
    Menus 1 2 3 4 98675 1 Link popup menu 2 Command switch 3 Command switch popup menu 4 Cluster member popup menu Note Figure 4-8 shows multiple popup menus. Only one popup menu at a time appears in the CMS. 4-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 93
    rest of this guide provides information about the command-line interface (CLI) procedures for the software features supported in this release. For CMS procedures and window descriptions, refer to the online help. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-15
  • Cisco 2950 | Software Configuration Guide - Page 94
    Where to Go Next Chapter 4 Getting Started with CMS 4-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 95
    only on the Catalyst 2950 LRE switch) Understanding the Boot Process To start your switch, you need to follow the procedures in the hardware installation guide about installing and powering on the switch, and setting up the initial configuration (IP address, subnet mask, default gateway, secret and
  • Cisco 2950 | Software Configuration Guide - Page 96
    12.1(14)EA1 and Catalyst 2950 LRE switches running a release prior to Cisco IOS Release 12.1(19)EA1 do not support Express Setup. Use the switch Express Setup or CLI-based setup program if you want to be prompted for specific IP information. With these programs, you can also configure a default
  • Cisco 2950 | Software Configuration Guide - Page 97
    mask Default gateway Enable secret password Host name Telnet password Cluster command switch functionality Cluster name Default Setting No IP address or subnet mask are defined. No default gateway is defined. No password is defined. The factory-assigned default host name is Switch. No password is
  • Cisco 2950 | Software Configuration Guide - Page 98
    and the service config global configuration command is disabled on the switch. • When a configuration file is present and the service config global configuration command is enabled on the switch. In this case, the switch broadcasts TFTP requests for the configuration file. Figure 5-1 shows the
  • Cisco 2950 | Software Configuration Guide - Page 99
    can act as both the DHCP client and the DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch. Note The DHCP server feature is only available on Catalyst 2955 switches. You should configure the DHCP server with reserved leases that are bound to each
  • Cisco 2950 | Software Configuration Guide - Page 100
    network-confg or the cisconet.cfg file (known as the default configuration files). • The router-confg or the ciscortr.cfg file (These files contain commands common to all switches. Normally, if the DHCP and TFTP servers are properly configured, these files are not accessed.) If you specify the TFTP
  • Cisco 2950 | Software Configuration Guide - Page 101
    address 10.0.0.1 Figure 5-2 Relay Device Used in Autoconfiguration Switch (DHCP client) Cisco router (Relay) 10.0.0.1 10.0.0.2 20.0.0.1 20.0.0.2 20.0.0.3 20.0.0.4 DHCP server TFTP server DNS server 49068 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 5-7
  • Cisco 2950 | Software Configuration Guide - Page 102
    requests if the TFTP server is not obtained from the DHCP replies, if all attempts to read the configuration file through unicast transmissions fail, or if the TFTP server name cannot be resolved to an IP address. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 5-8 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 103
    Autoconfiguration Network Example Switch 1 Switch 2 Switch 3 Switch 4 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 111394 DHCP server DNS server TFTP server (tftpserver) Table 5-2 shows the configuration of the reserved
  • Cisco 2950 | Software Configuration Guide - Page 104
    to manually assign IP information to VLANs or ports: Step 1 Step 2 Command configure terminal interface vlan vlan-id Step 3 Step 4 Step 5 ip address ip-address subnet-mask exit ip default-gateway ip-address Step 6 end Step 7 show interfaces vlan vlan-id Purpose Enter global configuration mode
  • Cisco 2950 | Software Configuration Guide - Page 105
    to modify the switch startup configuration only on a Catalyst 2950 LRE switch. It contains this configuration information: • Default Boot Configuration, page 5-12 • Automatically Downloading a Configuration File, page 5-12 • Booting Manually, page 5-13 • Booting a Specific Software Image, page 5-13
  • Cisco 2950 | Software Configuration Guide - Page 106
    these steps to specify a different configuration filename: Step 1 Step 2 Command configure terminal boot config-file flash:/file-url Step 3 end Step 4 show boot Step 5 copy running-config startup-config Purpose Enter global configuration mode. Specify the configuration file to load during the
  • Cisco 2950 | Software Configuration Guide - Page 107
    configure terminal boot manual end show boot Step 5 copy running-config startup-config Purpose Enter global configuration mode. Enable the switch to manually boot during the next boot cycle. Return to privileged EXEC mode. Verify your entries. The boot manual global command changes the setting
  • Cisco 2950 | Software Configuration Guide - Page 108
    to boot a specific image during the next boot cycle: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal boot system filesystem:/file-url end show boot copy running-config startup-config Purpose Enter global configuration mode. Configure the switch to boot a specific image in flash
  • Cisco 2950 | Software Configuration Guide - Page 109
    BOOT Boot Loader Command Cisco IOS Global Configuration Command set MANUAL_BOOT yes boot manual Decides whether the switch automatically or manually boots. Valid values are 1, yes, 0, and no. If it is set to no or 0, the boot loader attempts to automatically boot the system. If it is set
  • Cisco 2950 | Software Configuration Guide - Page 110
    of the Software Image Chapter 5 Assigning the Switch IP Address and Default Gateway Table 5-5 Environment Variables (continued) Variable CONFIG_FILE CONFIG_BUFSIZE Boot Loader Command Cisco IOS Global Configuration Command set CONFIG_FILE flash:/file-url boot config-file flash:/file-url
  • Cisco 2950 | Software Configuration Guide - Page 111
    reload command after you save the switch configuration information to the startup configuration (copy running-config startup-config). If your switch is configured for manual booting, do not reload it from a virtual terminal. This restriction prevents the switch from entering the boot loader mode and
  • Cisco 2950 | Software Configuration Guide - Page 112
    Scheduling a Reload of the Software Image Chapter 5 Assigning the Switch IP Address and Default Gateway 5-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 113
    describes how to configure the Intelligence Engine 2100 (IE2100) Series Cisco Networking Services (CNS) embedded agents on your Catalyst 2950 or Catalyst 2955 switch. To use the feature described in this chapter, you must have the enhanced software image (EI) installed on your switch. Note For
  • Cisco 2950 | Software Configuration Guide - Page 114
    is a web server that uses configuration templates and the device-specific configuration information stored in the embedded (standalone mode) or remote (server mode) directory. Configuration templates are text files containing static configuration information in the form of CLI commands. In the
  • Cisco 2950 | Software Configuration Guide - Page 115
    on application, device ID or group ID, and event. Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate events by using any desired naming convention. When
  • Cisco 2950 | Software Configuration Guide - Page 116
    set when you run Setup on the Configuration Registrar. Note For more information about running the setup program on the Configuration Registrar, refer to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 117
    autoconfiguration. Figure 6-2 Initial Configuration Overview IE2100 Configuration Registrar V WAN TFTP server DHCP server Distribution layer DHCP relay agent default gateway 71445 Access layer switches 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 6-5
  • Cisco 2950 | Software Configuration Guide - Page 118
    the switch Cisco IOS software allow the switch to be connected and automatically configured as described in the "Enabling Automated CNS Configuration" section on page 6-6. If you want to change the configuration or install a custom configuration, see these sections for instructions: • Enabling the
  • Cisco 2950 | Software Configuration Guide - Page 119
    to the template. Note For more information about running the setup program and creating templates on the Configuration Registrar, refer to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 6-7
  • Cisco 2950 | Software Configuration Guide - Page 120
    configuration command. This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set 120 seconds as the keepalive interval, and set 10 as the retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Catalyst 2950 and Catalyst 2955 Switch Software
  • Cisco 2950 | Software Configuration Guide - Page 121
    through FastEthernet0/0, the command config-cli ip route 0.0.0.0 0.0.0.0 & generates the command ip route 0.0.0.0 0.0.0.0 FastEthernet0/0. Return to global configuration mode. Enter the host name for the switch. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 6-9
  • Cisco 2950 | Software Configuration Guide - Page 122
    hardware-serial to set the switch serial number as the unique ID, enter hostname (the default) to select the switch host name as the unique ID, or enter an arbitrary text string for string string as the unique ID. 6-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 123
    CNS Embedded Agents Step 8 Command cns config initial {ip-address | hostname} [port-number] [event] [no-persist] [page page] [source ip-address] [syntax-check] Step 9 Step 10 Step 11 end show cns config connections show running-config Purpose Enable the configuration agent, and initiate an
  • Cisco 2950 | Software Configuration Guide - Page 124
    5 Step 6 Command configure terminal cns config partial {ip-address | hostname} [port-number] [source ip-address] end show cns config stats or show cns config outstanding show running-config copy running-config startup-config Purpose Enter global configuration mode. Enable the configuration agent
  • Cisco 2950 | Software Configuration Guide - Page 125
    the CNS configuration agent. Displays the status of the CNS event agent connections. Displays statistics about the CNS event agent. Displays a list of event agent subjects that are subscribed to by applications. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 6-13
  • Cisco 2950 | Software Configuration Guide - Page 126
    Displaying CNS Configuration Chapter 6 Configuring IE2100 CNS Agents 6-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 127
    does not provide complete descriptions of the cluster features for these other switches. For complete cluster information for a specific Catalyst platform, refer to the software configuration guide for that switch. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-1
  • Cisco 2950 | Software Configuration Guide - Page 128
    the required software versions. These sections describe: • Command Switch Characteristics, page 7-3 • Standby Command Switch Characteristics, page 7-3 • Candidate Switch and Member Switch Characteristics, page 7-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-2 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 129
    non-LRE Catalyst 2950 standby command switch is running Cisco IOS Release 12.1(9)EA1 or later, it is connected to other standby switches through its management VLAN and to all member switches through a common VLAN. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-3
  • Cisco 2950 | Software Configuration Guide - Page 130
    also be Catalyst 2955 switches. When the command switch is a non-LRE Catalyst 2950 switch running Cisco IOS Release 12.1(6)EA2 or later, all standby command switches must be non-LRE Catalyst 2950 switches running Cisco IOS Release 12.1(6)EA2 or later. Refer to the switch configuration guide of other
  • Cisco 2950 | Software Configuration Guide - Page 131
    Standby Command Switches, page 7-11 • IP Addresses, page 7-14 • Host Names, page 7-15 • Passwords, page 7-15 • SNMP Community Strings, page 7-15 • TACACS+ and RADIUS, page 7-16 • Access Modes in CMS, page 7-16 • Management VLAN, page 7-16 • LRE Profiles, page 7-17 • Availability of Switch-Specific
  • Cisco 2950 | Software Configuration Guide - Page 132
    the non-LRE Catalyst 2950 command switch is running a release earlier than Cisco IOS Release 12.1(9)EA1 and has ports assigned to management VLAN 16. In Figure 7-2, the non-LRE Catalyst 2950 command switch is running Cisco IOS Release 12.1(9)EA1 or later and has ports assigned to VLANs 16 and 62
  • Cisco 2950 | Software Configuration Guide - Page 133
    Hops (Non-LRE Catalyst 2950 Command Switch Running Cisco IOS Release 12.1(9)EA1 or Later) Command switch VLAN 16 Member switch 8 Member switch 9 Switch 11 candidate switch Edge of cluster VLAN 62 Member switch 10 Switch 12 Switch 13 Candidate switches Switch 14 Switch 15 74047 Discovery through
  • Cisco 2950 | Software Configuration Guide - Page 134
    Same Management VLAN A Catalyst 2900 XL command switch, a Catalyst 3500 XL command switch, or a non-LRE Catalyst 2950 command switch running a release earlier than Cisco IOS Release 12.1(9)EA1 must connect to all cluster members through its management VLAN. The default management VLAN is VLAN 1. For
  • Cisco 2950 | Software Configuration Guide - Page 135
    their management VLAN. In contrast, a Catalyst 2900 XL command switch, a non-LRE Catalyst 2950 command switch running a release earlier than Cisco IOS Release 12.1(9)EA1, or a Catalyst 3500 XL command switch must connect to all cluster members through its management VLAN. The default management VLAN
  • Cisco 2950 | Software Configuration Guide - Page 136
    its default management VLAN changes to the VLAN of the immediately upstream neighbor. The new switch also configures its access port to belong to the VLAN of the immediately upstream neighbor. Figure 7-6 shows a non-LRE Catalyst 2950 command switch running a release earlier than Cisco IOS Release 12
  • Cisco 2950 | Software Configuration Guide - Page 137
    is a Catalyst 2950 LRE switch, all standby command switches must be Catalyst 2950 LRE switches. • When the command switch is a Catalyst 2940 switch, all standby command switches must be Catalyst 2940 switches. • When the command switch is a non-LRE Catalyst 2950 switch running Cisco IOS Release 12
  • Cisco 2950 | Software Configuration Guide - Page 138
    Cluster Chapter 7 Clustering Switches standby priority interface configuration command in the Cisco IOS Release 12.1 documentation set. The HSRP commands are the same for changing the priority of cluster standby group members and router-redundancy group members. Note The HSRP standby hold time
  • Cisco 2950 | Software Configuration Guide - Page 139
    VLAN. Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, Catalyst 2940, Catalyst 2950, Catalyst 2955, and Catalyst 3500 XL member switches must be connected to the cluster standby group through their management VLANs. Note Non-LRE Catalyst 2950 standby command switches running Cisco IOS Release 12
  • Cisco 2950 | Software Configuration Guide - Page 140
    Address field (Internet Explorer), as described in the "HTTP Access to CMS" section on page 4-9. For more information about IP addresses, see Chapter 5, "Assigning the Switch IP Address and Default Gateway." 7-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 141
    Unauthorized Access to Your Switch" section on page 9-1. For password considerations specific to the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides for those switches. SNMP Community Strings A member switch inherits the command-switch first read-only (RO
  • Cisco 2950 | Software Configuration Guide - Page 142
    the management VLAN, which by default is VLAN 1. To manage switches in a cluster, the command switch, member switches, and candidate switches must be connected through ports assigned to the command-switch management VLAN. 7-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 143
    must connect to the command switch through their management VLAN. • Catalyst 2950 standby command switches running Cisco IOS Release 12.1(9)EA1 or later and Catalyst 2955 standby command switches can connect to candidate and member switches in VLANs different from their management VLANs. If you add
  • Cisco 2950 | Software Configuration Guide - Page 144
    a cluster number (the default is 0), and use up to 31 characters to name the cluster (Figure 7-9). Instead of using CMS to enable a command switch, you can use the cluster enable global configuration command. 7-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 145
    candidate switch is not added to the cluster. When a candidate switch joins a cluster, it inherits the command-switch password. For more information about setting passwords, see the "Passwords" section on page 7-15. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 146
    View to Add Member Switches Thin line means a connection to a candidate switch. Right-click a candidate switch to display the pop-up menu, and select Add to Cluster to add the switch to the cluster. 7-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 65725 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 147
    seconds. The default HSRP standby hello time interval is 3 seconds. For more information about the standby hold time and hello time intervals, refer to the Cisco IOS Release 12.1 documentation set on Cisco.com. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-21
  • Cisco 2950 | Software Configuration Guide - Page 148
    Status. Instead of using CMS to verify the cluster, you can use the show cluster members user EXEC command from the command switch or use the show cluster user EXEC command from the command switch or from a member switch. 7-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 149
    same privilege level as on the command switch. The CLI commands then operate as usual. For instructions on configuring the switch for a Telnet session, see the "Disabling Password Recovery" section on page 9-5. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-23
  • Cisco 2950 | Software Configuration Guide - Page 150
    to enter the IP information and SNMP was not enabled, you can enable it as described in the "Configuring SNMP" section on page 28-5. On Catalyst 1900 and Catalyst 2820 switches, SNMP is enabled by default. When you create a cluster, the command switch manages the exchange of messages between member
  • Cisco 2950 | Software Configuration Guide - Page 151
    7 Clustering Switches Using SNMP to Manage Switch Clusters Figure 7-14 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Trap Trap Member 1 Member 2 Member 3 Trap 33020 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-25
  • Cisco 2950 | Software Configuration Guide - Page 152
    Using SNMP to Manage Switch Clusters Chapter 7 Clustering Switches 7-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 153
    switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference for Cisco IOS Release 12.1. This
  • Cisco 2950 | Software Configuration Guide - Page 154
    is the NTP master, with Switches B, C, and D configured in NTP server mode, in server association with Switch A. Switch E is configured as an NTP peer to the upstream and downstream switches, Switch B and Switch F. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-2 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 155
    when an external NTP source is not available. The switch also has no hardware support for a calendar. As a result, the ntp update-calendar and the ntp master global configuration commands are not available. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-3
  • Cisco 2950 | Software Configuration Guide - Page 156
    This procedure must be coordinated with the administrator of the NTP server; the information you configure in this procedure must be matched by the servers used by the switch to synchronize its time to the NTP server. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-4 78
  • Cisco 2950 | Software Configuration Guide - Page 157
    Step 7 Command configure terminal ntp authenticate ntp authentication-key number md5 value ntp trusted-key key-number end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enable the NTP authentication feature, which is disabled by default. Define the
  • Cisco 2950 | Software Configuration Guide - Page 158
    This keyword reduces switching back and forth between peers and servers. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. You need to configure only one end of an association
  • Cisco 2950 | Software Configuration Guide - Page 159
    no ntp broadcast interface configuration command. This example shows how to configure a port to send NTP version 2 packets: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ntp broadcast version 2 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-7
  • Cisco 2950 | Software Configuration Guide - Page 160
    Step 7 Step 8 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Specify the interface to receive NTP broadcast packets, and enter interface configuration mode. Enable the interface to receive NTP broadcast packets. By default, no interfaces receive
  • Cisco 2950 | Software Configuration Guide - Page 161
    to control access to NTP services by using access lists: Step 1 Step 2 Command configure terminal ntp access-group {query-only | serve-only | serve | peer} access-list-number Step 3 access-list access-list-number permit source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy
  • Cisco 2950 | Software Configuration Guide - Page 162
    are enabled on all interfaces by default. Beginning in privileged EXEC mode, follow these steps to disable NTP packets from being received on an interface: Step 1 Step 2 Step 3 Command configure terminal interface interface-id ntp disable Step 4 Step 5 Step 6 end show running-config copy running
  • Cisco 2950 | Software Configuration Guide - Page 163
    Switch Managing the System Time and Date Beginning in privileged EXEC mode, follow these steps to configure a specific interface from which the IP source address is to be taken: Step 1 Step 2 Command configure terminal ntp source type number Step 3 Step 4 Step 5 end show running-config copy
  • Cisco 2950 | Software Configuration Guide - Page 164
    time services, such as an NTP server, you do not need to manually set the system clock. Beginning in privileged EXEC mode, follow these steps to set the system clock: Step 1 Command clock set hh:mm:ss day month year or clock set hh:mm:ss month day year Step 2 show running-config Step 3 copy
  • Cisco 2950 | Software Configuration Guide - Page 165
    steps to manually configure the time zone: Step 1 Step 2 Command configure terminal clock timezone zone hours-offset [minutes-offset] Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Set the time zone. The switch keeps
  • Cisco 2950 | Software Configuration Guide - Page 166
    summer time. The default is 60. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. The first part of the clock summer-time global configuration command specifies when summer
  • Cisco 2950 | Software Configuration Guide - Page 167
    command. This example shows how to set summer time to start on October 12, 2000, at 02:00, and end on April 26, 2001, at 02:00: Switch(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 168
    system name: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal hostname name end show running-config copy running-config startup-config Purpose Enter global configuration mode. Manually configure a system name. The default setting is switch. The name must follow the rules for ARPANET
  • Cisco 2950 | Software Configuration Guide - Page 169
    terminal prompt string Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Configure the command-line prompt to override the setting from the hostname command. The default prompt is either switch or the name defined with the
  • Cisco 2950 | Software Configuration Guide - Page 170
    EXEC mode, follow these steps to set up your switch to use the DNS: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Command configure terminal ip domain-name name ip name-server server-address1 [server-address2 ... server-address6] ip domain-lookup end show running-config copy running-config
  • Cisco 2950 | Software Configuration Guide - Page 171
    syntax and usage information for the commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference for Cisco IOS Release 12.1. This section contains this configuration information: • Default Banner Configuration, page 8-19 • Configuring a Message-of-the-Day Login
  • Cisco 2950 | Software Configuration Guide - Page 172
    the switch. Beginning in privileged EXEC mode, follow these steps to configure a MOTD login banner: Step 1 Step 2 Command configure terminal banner motd c message c Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Specify
  • Cisco 2950 | Software Configuration Guide - Page 173
    . Beginning in privileged EXEC mode, follow these steps to configure a login banner: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal banner login c message c end show running-config copy running-config startup-config Purpose Enter global configuration mode. Specify the login message
  • Cisco 2950 | Software Configuration Guide - Page 174
    learned or statically associated with a port in the other VLAN. Addresses that are statically entered in one VLAN must be configured as static addresses in all other VLANs or remain unlearned in the other VLANs. 8-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 175
    address table aging time: Step 1 Step 2 Command configure terminal mac address-table aging-time [0 | 10-1000000] Step 3 Step 4 Step 5 end show mac address-table aging-time copy running-config startup-config Purpose Enter global configuration mode. Set the length of time that a dynamic entry
  • Cisco 2950 | Software Configuration Guide - Page 176
    use the mac-notification keyword. snmp-server enable traps mac-notification Enable the switch to send MAC address traps to the NMS. mac address-table notification Enable the MAC address notification feature. 8-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 177
    (config-if)# snmp trap mac-notification added You can verify the previous commands by entering the show mac address-table notification interface and the show mac address-table notification privileged EXEC commands. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 178
    add a static address: Step 1 Step 2 Command configure terminal mac address-table static mac-addr vlan vlan-id interface interface-id Step 3 Step 4 Step 5 end show mac address-table static copy running-config startup-config Purpose Enter global configuration mode. Add a static address to the MAC
  • Cisco 2950 | Software Configuration Guide - Page 179
    or destination unicast static address: Step 1 Step 2 Command configure terminal mac address-table static mac-addr vlan vlan-id drop Step 3 end Purpose Enter global configuration mode. Enable unicast MAC address filtering and configure the switch to drop a packet with the specified source or
  • Cisco 2950 | Software Configuration Guide - Page 180
    arpa keyword) is enabled on the IP interface. ARP entries added manually to the table do not age and must be manually removed. For CLI procedures, refer to the Cisco IOS Release 12.1 documentation on Cisco.com. 8-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 181
    the switch through a port or line, they must enter the password specified for the port or line before they can access the switch. For more information, see the "Protecting Access to Privileged EXEC Commands" section on page 9-2. • For an additional layer of security, you can also configure username
  • Cisco 2950 | Software Configuration Guide - Page 182
    Command Reference for Cisco IOS Release 12.1. This section describes how to control access to the configuration file and privileged EXEC commands. It contains this configuration information: • Default Password and Privilege Level Configuration, page 9-2 • Setting or Changing a Static Enable Password
  • Cisco 2950 | Software Configuration Guide - Page 183
    Enable Password The enable password controls access to the privileged EXEC mode. Beginning in privileged EXEC mode, follow these steps to set or change a static enable password: Step 1 Step 2 Command configure terminal enable password password Step 3 Step 4 Step 5 end show running-config copy
  • Cisco 2950 | Software Configuration Guide - Page 184
    enable secret passwords: Step 1 Step 2 Command configure terminal enable password [level level] {password | encryption-type encrypted-password} or enable secret [level level] {password | encryption-type encrypted-password} Step 3 service password-encryption Step 4 Step 5 end copy running-config
  • Cisco 2950 | Software Configuration Guide - Page 185
    on Catalyst 2950 LRE switches; it is not available for non-LRE Catalyst 2950 switches or for Catalyst 2955 switches. Note If you disable password recovery, we recommend that you keep a backup copy of the configuration file on a secure server in case the end user interrupts the boot process and sets
  • Cisco 2950 | Software Configuration Guide - Page 186
    recovery: Step 1 Step 2 Command configure terminal no service password-recovery Step 3 end Step 4 show version Purpose Enter global configuration mode. Disable password recovery. This setting is saved in an area of the flash memory that is accessible by the boot loader and the software image
  • Cisco 2950 | Software Configuration Guide - Page 187
    3 Step 4 Step 5 Step 6 Step 7 Command configure terminal username name [privilege level] {password encryption-type password} line console 0 or line vty 0 15 login local end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enter the username, privilege
  • Cisco 2950 | Software Configuration Guide - Page 188
    from 1 to 25 alphanumeric characters. The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-8 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 189
    mode level level command global configuration command. This example shows how to set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands: Switch(config)# privilege exec level 14 configure Switch(config)# enable password
  • Cisco 2950 | Software Configuration Guide - Page 190
    access server along with other Cisco routers and access servers. A network access server provides connections to a single user, to a network or subnetwork, and to interconnected networks as shown in Figure 9-1. 9-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 191
    + server 1) Catalyst 6500 series switch 171.20.10.7 UNIX workstation (TACACS+ server 2) 171.20.10.8 Workstations Configure the switches with the TACACS+ server addresses. Set an authentication key (also configure the same key on the TACACS+ servers). Enable AAA. Create a login authentication
  • Cisco 2950 | Software Configuration Guide - Page 192
    software selects the next method in the list. This process continues until there is successful communication with a listed method or the method list is exhausted. 9-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 193
    , specify the encryption key for encrypting and decrypting all traffic between the switch and the TACACS+ daemon. You must configure the same key on the TACACS+ daemon for encryption to be successful. Enable AAA. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-13
  • Cisco 2950 | Software Configuration Guide - Page 194
    Controlling Switch Access with TACACS+ Chapter 9 Configuring Switch-Based Authentication Step 4 Step 5 Step 6 Step 7 Step 8 Command aaa group server tacacs+ group-name server ip-address end show tacacs copy running-config startup-config Purpose (Optional) Define the AAA server-group with a group
  • Cisco 2950 | Software Configuration Guide - Page 195
    Step 8 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enable AAA. Create a login authentication method list. • To create a default list that is used when a named list is not specified in the login authentication command, use the default keyword
  • Cisco 2950 | Software Configuration Guide - Page 196
    access and network services: Step 1 Step 2 Command configure terminal aaa authorization network tacacs+ Step 3 aaa authorization exec tacacs+ Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Configure the switch for user
  • Cisco 2950 | Software Configuration Guide - Page 197
    5 Step 6 Command configure terminal aaa accounting network start-stop tacacs+ aaa accounting exec start-stop tacacs+ end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enable TACACS+ accounting for all network-related service requests. Enable TACACS
  • Cisco 2950 | Software Configuration Guide - Page 198
    packets, bytes, and so forth) used during the session. An Internet service provider might use a freeware-based version of RADIUS access control and accounting software to meet special security and billing needs. 9-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 199
    included with the ACCEPT or REJECT packets includes these items: • Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-19
  • Cisco 2950 | Software Configuration Guide - Page 200
    AAA are disabled by default. To prevent a lapse in security, you cannot configure RADIUS through a network management application. When enabled, RADIUS can authenticate users accessing the switch through the CLI. 9-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 201
    the same device for accounting services. (The RADIUS host entries are tried in the order that they are configured.) A RADIUS server and the switch use a shared secret text string to encrypt passwords and exchange responses. To configure RADIUS to use the AAA security commands, you must specify the
  • Cisco 2950 | Software Configuration Guide - Page 202
    Step 2 Command configure terminal radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number] [timeout seconds] [retransmit retries] [key string] Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode
  • Cisco 2950 | Software Configuration Guide - Page 203
    36.50 acct-port 1618 key rad2 This example shows how to configure host1 as the RADIUS server and to use the default ports for both authentication and accounting: Switch(config)# radius-server host host1 Note You also need to configure some settings on the RADIUS server. These settings include the IP
  • Cisco 2950 | Software Configuration Guide - Page 204
    If you specify default, use the default list created with the aaa authentication login command. • For list-name, specify the list created with the aaa authentication login command. Return to privileged EXEC mode. 9-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 205
    Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS Step 7 Step 8 Command Purpose show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. To disable AAA, use the no aaa new-model
  • Cisco 2950 | Software Configuration Guide - Page 206
    order in which you specify them. Set the timeout, retransmit, and encryption key values to use with the specific RADIUS host. Enable AAA. Define the AAA server-group with a group name. This command puts the switch in a server group configuration mode. Associate a particular RADIUS server with the
  • Cisco 2950 | Software Configuration Guide - Page 207
    Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS Step 8 Step 9 Command copy running-config startup-config Purpose (Optional) Save your entries in the configuration file. Enable RADIUS login authentication. See the "Configuring RADIUS Login Authentication"
  • Cisco 2950 | Software Configuration Guide - Page 208
    EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services: Step 1 Step 2 Step 3 Command configure terminal aaa accounting network start-stop radius aaa accounting exec start-stop radius Step 4 Step 5 Step 6 end show running-config copy
  • Cisco 2950 | Software Configuration Guide - Page 209
    settings between the switch and all RADIUS servers: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Command configure terminal radius-server key string radius-server retransmit retries radius-server timeout seconds radius-server deadtime minutes end show running-config copy running-config
  • Cisco 2950 | Software Configuration Guide - Page 210
    . If you enter this command without keywords, both accounting and authentication vendor-specific attributes are used. end Return to privileged EXEC mode. show running-config Verify your settings. copy running-config startup-config (Optional) Save your entries in the configuration file. For
  • Cisco 2950 | Software Configuration Guide - Page 211
    string: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal radius-server host {hostname | ip-address} non-standard radius-server key string end show running-config copy running-config startup-config Purpose Enter global configuration mode. Specify the IP address or host name of
  • Cisco 2950 | Software Configuration Guide - Page 212
    password must be from 1 to 25 characters, can contain embedded spaces, and must be the last option specified in the username command. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration
  • Cisco 2950 | Software Configuration Guide - Page 213
    or an SSHv2 server. The switch supports an SSHv1 client. SSH supports the Data Encryption Standard (DES) encryption algorithm, the Triple DES (3DES) encryption algorithm, and password-based user authentication. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-33
  • Cisco 2950 | Software Configuration Guide - Page 214
    an IP domain name by using the ip domain-name global configuration command. • When configuring the local authentication and authorization authentication method, make sure that AAA is disabled on the console. 9-34 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 215
    crypto key generate rsa Step 5 Step 6 Step 7 end show ip ssh or show ssh copy running-config startup-config Purpose Enter global configuration mode. Configure a host name for your switch. Configure a host domain for your switch. Enable the SSH server for local and remote authentication on the
  • Cisco 2950 | Software Configuration Guide - Page 216
    2 Command configure terminal ip ssh version [1 | 2] Step 3 ip ssh {timeout seconds | authentication-retries number} Step 4 Step 5 Step 6 end show ip ssh or show ssh copy running-config startup-config Purpose Enter global configuration mode. (Optional) Configure the switch to run SSH version
  • Cisco 2950 | Software Configuration Guide - Page 217
    Security Features" chapter of the Cisco IOS Security Command Reference, Cisco IOS Release 12.2, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fothercr/ srfssh.htm. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-37
  • Cisco 2950 | Software Configuration Guide - Page 218
    Configuring the Switch for Secure Shell Chapter 9 Configuring Switch-Based Authentication 9-38 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 219
    • Ports in Authorized and Unauthorized States, page 10-4 • 802.1x Accounting, page 10-5 • Supported Topologies, page 10-5 • Using 802.1x with Port Security, page 10-6 • Using 802.1x with Voice VLAN Ports, page 10-7 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10
  • Cisco 2950 | Software Configuration Guide - Page 220
    EAP frame is re-encapsulated in the RADIUS format. The EAP frames are not modified or examined during encapsulation, and the authentication server must 10-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 221
    client and 802.1x. Authentication Initiation and Message Exchange The switch or the client can initiate authentication. If you enable authentication on a port by using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the
  • Cisco 2950 | Software Configuration Guide - Page 222
    client. This is the default setting. • force-unauthorized-causes the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the interface. • auto-enables 802.1x authentication and causes
  • Cisco 2950 | Software Configuration Guide - Page 223
    a client leaves or is replaced with another client, the switch changes the port link state to down, and the port returns to the unauthorized state. Figure 10-3 shows 802.1x port-based authentication in a wireless LAN. The 802.1x port is configured as a multiple-hosts port that becomes authorized as
  • Cisco 2950 | Software Configuration Guide - Page 224
    For switches running the enhanced software image (EI), you can enable an 802.1x port for port security in either single-host or multiple-hosts mode. (You must also configure port security on the port by using the switchport port-security interface configuration command.) When you enable port
  • Cisco 2950 | Software Configuration Guide - Page 225
    are connected in series, the switch recognizes only the one directly connected to it. When 802.1x is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away. When 802.1x is enabled on a port, you cannot configure a port VLAN that is equal
  • Cisco 2950 | Software Configuration Guide - Page 226
    -Specific RADIUS Attributes" section on page 9-29. Using 802.1x with Guest VLAN For switches running the EI, you can configure a guest VLAN for each 802.1x port on the switch to provide limited services to clients (for example, how to download the 802.1x client). These clients might be upgrading
  • Cisco 2950 | Software Configuration Guide - Page 227
    Time, page 10-15 (optional) • Setting the Switch-to-Client Frame-Retransmission Number, page 10-16 (optional) • Configuring the Host Mode, page 10-17 (optional) • Configuring a Guest VLAN, page 10-18 (optional) • Resetting the 802.1x Configuration to the Default Values, page 10-18 (optional
  • Cisco 2950 | Software Configuration Guide - Page 228
    ports-Do not configure a port that is an active or a not-yet-active member of an EtherChannel as an 802.1x port. If you try to enable 802.1x on an EtherChannel port, an error message appears, and 802.1x is not enabled. 10-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 229
    for 802.1x authentication with EAP-Transparent LAN Services (TLS) and EAP-MD5 and your switch is running Cisco IOS Release 12.1(14)EA1, make sure that the device is running ACS Version 3.2.1 or later. • After you configure a guest VLAN for an 802.1x port to which a DHCP client is connected, you
  • Cisco 2950 | Software Configuration Guide - Page 230
    dot1x port-control auto Step 8 end Step 9 show dot1x Step 10 copy running-config startup-config Purpose Enter global configuration mode. Enable AAA. Create an 802.1x authentication method list. To create a default list that is used when a named list is not specified in the authentication command
  • Cisco 2950 | Software Configuration Guide - Page 231
    new-model Switch(config)# aaa authentication dot1x default group radius Switch(config)# dot1x system-auth-control Switch(config)# interface fastethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# dot1x port-control auto Switch(config-if)# end Configuring the Switch-to-RADIUS
  • Cisco 2950 | Software Configuration Guide - Page 232
    -period seconds end show dot1x interface interface-id copy running-config startup-config Purpose Enter global configuration mode. Specify the interface to be configured, and enter interface configuration mode. Enable periodic re-authentication of the client, which is disabled by default. Set the
  • Cisco 2950 | Software Configuration Guide - Page 233
    frame. Note You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-15
  • Cisco 2950 | Software Configuration Guide - Page 234
    mode, follow these steps to set the switch-to-client frame-retransmission number. This procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Step 3 dot1x max-req count Step 4 Step 5 Step 6 end show dot1x interface interface-id copy running-config startup-config
  • Cisco 2950 | Software Configuration Guide - Page 235
    configuration command. This example shows how to enable a port to allow multiple hosts: Switch(config)# interface fastethernet0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x host-mode multi-host 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 236
    to configure a guest VLAN. This procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Step 3 dot1x guest-vlan vlan-id Step 4 Step 5 Step 6 end show dot1x interface interface-id copy running-config startup-config Purpose Enter global configuration mode. Specify
  • Cisco 2950 | Software Configuration Guide - Page 237
    1x Port-Based Authentication Configuring 802.1x Authentication Step 3 Step 4 Step 5 Step 6 Command dot1x default end show dot1x interface interface-id copy running-config startup-config Purpose Reset the configurable 802.1x parameters to the default values. Return to privileged EXEC mode. Verify
  • Cisco 2950 | Software Configuration Guide - Page 238
    Step 7 dot1x port-control auto Step 8 Step 9 Step 10 end show dot1x copy running-config startup-config Purpose Create an 802.1x authentication method list. To create a default list that is used when a named list is not specified in the authentication command, use the default keyword followed by
  • Cisco 2950 | Software Configuration Guide - Page 239
    enabled on your switch. This procedure is optional. Step 1 Step 2 Step 3 Step 4 Command configure terminal interface interface-id aaa accounting dot1x default start-stop group radius aaa accounting system default start-stop group radius Step 5 Step 6 Step 7 end show running-config copy running
  • Cisco 2950 | Software Configuration Guide - Page 240
    Displaying 802.1x Statistics and Status Chapter 10 Configuring 802.1x Port-Based Authentication 10-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 241
    port by negotiating with the port on the other end of the link. Configure switch ports by using the switchport interface configuration commands. For detailed information about configuring access port and trunk port characteristics, see Chapter 17, "Configuring VLANs." Note The physical switch ports
  • Cisco 2950 | Software Configuration Guide - Page 242
    Dynamic access ports on the switch are assigned to a VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be a Catalyst 6000 series switch; the Catalyst 2950 or Catalyst 2955 switch does not support the function of a VMPS. You can also configure an access port with an attached Cisco IP Phone
  • Cisco 2950 | Software Configuration Guide - Page 243
    added to the VLAN database. When VTP mode is transparent, the VTP and VLAN configuration is saved in the switch running configuration, and you can save it in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. Add ports to a VLAN by using
  • Cisco 2950 | Software Configuration Guide - Page 244
    to Host B. Figure 11-1 Connecting VLANs with Layer 2 Switches Cisco router Switch Host A Host B 46647 VLAN 20 VLAN 30 Using the Interface Command To configure a physical interface (port), use the interface global configuration command to enter interface configuration mode and to specify the
  • Cisco 2950 | Software Configuration Guide - Page 245
    Procedures for Configuring Interfaces These general instructions apply to all interface configuration processes. Step 1 Step 2 Enter the configure terminal command at the privileged EXEC prompt: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config
  • Cisco 2950 | Software Configuration Guide - Page 246
    5 Step 6 end show interfaces [interface-id] copy running-config startup-config Purpose Enter global configuration mode. Enter interface-range configuration mode by entering the range of interfaces (VLANs or physical ports) to be configured. • You can use the interface range command to configure up
  • Cisco 2950 | Software Configuration Guide - Page 247
    : Step 1 Step 2 Command configure terminal define interface-range macro_name interface-range Step 3 interface range macro macro_name Step 4 Step 5 Step 6 end show running-config | include define copy running-config startup-config Purpose Enter global configuration mode. Define the interface
  • Cisco 2950 | Software Configuration Guide - Page 248
    Switch# show run | include define Configuring Ethernet Interfaces The switch supports these interface types: • Physical ports-Switch ports, including access and trunk ports • Port-channels-EtherChannel of interfaces • VLANs 11-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 249
    "Configuring Port-Based Traffic Control." Table 11-1 Default Ethernet Interface Configuration Feature Default Setting Operating mode Layer 2. Allowed VLAN range VLANs 1 to 1005 with the SI installed or 1 to 4094 with the EI installed. Default VLAN (for access ports) VLAN 1. Native VLAN (for
  • Cisco 2950 | Software Configuration Guide - Page 250
    on the Catalyst 2950SX-24 switch • 1000BASE-SX ports on the Catalyst 2950SX-48-SI switch • GBIC ports • Fiber-optic SFP-module ports on the Catalyst 2950 LRE switch Note You cannot configure speed or duplex mode on GBIC ports, but for certain types of GBICs, you can configure speed to not negotiate
  • Cisco 2950 | Software Configuration Guide - Page 251
    on the Catalyst 2950T-24 and Catalyst 2950T-48-SI switches to autonegotiate the duplex mode by using the duplex auto interface configuration command, or you can manually set the duplex mode to full by using the duplex full command. The 10/100/1000 ports on the Catalyst 2950T-24 switches operate only
  • Cisco 2950 | Software Configuration Guide - Page 252
    configuration command. This example shows how to set the interface speed to 10 Mbps and the duplex mode to half on a port: Switch# configure terminal Switch(config)# interface fastethernet0/3 Switch(config-if)# speed 10 Switch(config-if)# duplex half Switch(config)# end Setting the Interface Speed
  • Cisco 2950 | Software Configuration Guide - Page 253
    default setting of SFP-preferred. To configure media types, use the media-type {auto-select | rj45 | sfp} interface configuration command. For more information, refer to the command reference for this release. Configuring IEEE 802.3z Flow Control on Gigabit Ethernet Ports Flow control is supported
  • Cisco 2950 | Software Configuration Guide - Page 254
    off | desired} Configure the flow control mode for the port. end Return to privileged EXEC mode. show interfaces interface-id Verify the interface flow control settings. copy running-config startup-config (Optional) Save your entries in the configuration file. To disable flow control, use the
  • Cisco 2950 | Software Configuration Guide - Page 255
    administrative and operational status of switching (nonrouting) ports. show interfaces [interface-id] description Display the description configured on an interface or all interfaces and the interface status. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 11-15
  • Cisco 2950 | Software Configuration Guide - Page 256
    10) Use the clear interface or clear line privileged EXEC command to clear and reset an interface or serial line. Under most circumstances, you do not need to clear the hardware logic on interfaces or serial lines. 11-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 257
    configure terminal Enter global configuration mode. interface {vlan vlan-id} | {{fastethernet | gigabitethernet} Select the interface to be configured. interface-id} | {port-channel port-channel-number} shutdown Shut down an interface. end Return to privileged EXEC mode. show running-config
  • Cisco 2950 | Software Configuration Guide - Page 258
    Monitoring and Maintaining the Interfaces Chapter 11 Configuring Interface Characteristics 11-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 259
    the show parser macro user EXEC command. Table 12-1 Cisco-Default Smartports Macros Macro Name1 cisco-global cisco-desktop Description Use this global configuration macro to enable load balancing across VLANs, provide rapid convergence of spanning-tree instances and to enable port error recovery
  • Cisco 2950 | Software Configuration Guide - Page 260
    12-3 • Creating Smartports Macros, page 12-4 • Applying Smartports Macros, page 12-5 • Applying Cisco-default Smartports Macros, page 12-6 Default Smartports Macro Configuration There are no Smartports macros enabled. 12-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 261
    by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-3
  • Cisco 2950 | Software Configuration Guide - Page 262
    addresses and also includes two help string keywords by using # macro keywords: Switch(config)# macro name test switchport access vlan $VLANID switchport port-security maximum $MAX #macro keywords $VLANID $MAX @ 12-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 263
    7 macro description text Step 8 Step 9 Step 10 end show parser macro description [interface interface-id] copy running-config startup-config Purpose Enter global configuration mode. Apply each individual command defined in the macro to the switch by entering macro global apply macro-name. Specify
  • Cisco 2950 | Software Configuration Guide - Page 264
    -created macro called desktop-config and to replace all occurrences of VLAN 1 with VLAN 25: Switch(config-if)# macro apply desktop-config vlan 25 Applying Cisco-Default Smartports Macros Beginning in privileged EXEC mode, follow these steps to apply a Smartports macro: Command Step 1 show parser
  • Cisco 2950 | Software Configuration Guide - Page 265
    interface configuration command. This example shows how to display the cisco-desktop macro, how to apply the macro, and to set the access VLAN ID to 25 on an interface: Switch# show parser macro cisco-desktop Macro name : cisco-desktop Macro type : default # Basic interface - Enable data VLAN only
  • Cisco 2950 | Software Configuration Guide - Page 266
    [interface interface-id] Purpose Displays all configured macros. Displays a specific macro. Displays the configured macro names. Displays the macro description for all interfaces or for a specified interface. 12-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 267
    on your Catalyst 2950 LRE switch. This chapter consists of these sections: • Understanding LRE Features, page 13-1 • Configuring LRE Ports, page 13-8 • Upgrading LRE Switch Firmware, page 13-23 • Displaying LRE Status, page 13-27 Note For complete syntax and usage information for the commands used
  • Cisco 2950 | Software Configuration Guide - Page 268
    , the switch downloads its profile settings to the CPE device so that the switch and CPE device operate with the same configuration. The LRE switches are shipped with system-defined profiles. You can configure a profile on a global or per-port basis. By default, all LRE ports on the Catalyst 2950ST
  • Cisco 2950 | Software Configuration Guide - Page 269
    performance. Contact Cisco Systems for show controllers lre profile names privileged EXEC command output. Table 13-1 LRE Profiles for the Catalyst 2950ST-8 LRE and the 2950ST-24 LRE Switches Profile Name LRE-15 LRE-10 (default Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-3
  • Cisco 2950 | Software Configuration Guide - Page 270
    Chapter 13 Configuring LRE Table 13-2 LRE Profiles for the Catalyst 2950ST-24 LRE 997 Switches Profile Name LRE-12-9 LRE-12-3 LRE-9 LRE-9-6 LRE-9-4 LRE-9-3 LRE-6 (default) LRE-6-4 LRE-6-3 LRE-4 LRE-4-3 LRE Link LRE Link Upstream Rate Downstream Rate (Mbps) (Mbps) 12.500 9.375 12.500 3.125
  • Cisco 2950 | Software Configuration Guide - Page 271
    enables the switch to automatically select profiles. You can also define your own sets of sequences by using the command-line interface (CLI) commands or Cluster Management Catalyst 2950ST-8 LRE and the 2950ST-24 LRE Switches Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-5
  • Cisco 2950 | Software Configuration Guide - Page 272
    • You cannot configure the flow-control setting on the LRE ports. The flow-control setting on the CPE Ethernet port is automatically disabled in half-duplex mode and is automatically enabled in full-duplex mode. 13-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 273
    the upstream and downstream directions. You can use the information that you get from the link monitor to log events, set traps, change to a lower rate profile, and disable the automatic power back-off feature. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-7
  • Cisco 2950 | Software Configuration Guide - Page 274
    ) • Configuring Upstream Power Back-Off, page 13-21 (available only on the Catalyst 2950ST-24 LRE 997 switch) (optional) • Configuring CPE Toggle, page 13-22 (optional) • Configuring Syslog Export, page 13-22 (optional) 13-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 275
    13 Configuring LRE Configuring LRE Ports Default LRE Configuration This is the default LRE configuration: • On the Catalyst 2950ST-8 LRE and the Catalyst 2950ST-24 LRE switches, the profile on all LRE ports is LRE-10. • On the Catalyst 2950ST-24 LRE 997 switches, the profile on all LRE ports is
  • Cisco 2950 | Software Configuration Guide - Page 276
    24 American Wire Gauge (AWG) wiring with between 1 and 12 many cases, the cabling is set into the fabric of the cable binders and adjusts power levels on each high end of use the asymmetric port profiles. These profiles Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 277
    the CPE Ethernet port is set to half-duplex mode. Use duplex autonegotiation only if the remote device supports 802.3x full-duplex flow control. The PC user should notice no significant difference in performance 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-11
  • Cisco 2950 | Software Configuration Guide - Page 278
    default global profile, use the no lre profile profile-name global configuration command. To display the LRE link statistics and profile information on the LRE ports, use the show controllers lre privileged EXEC commands. 13-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 279
    mode. show controllers lre status sequence Verify the change. copy running-config startup-config (Optional) Save your entries in the configuration file. To delete the assigned sequence, use the no lre rate selection sequence sequence-name global configuration command. 78-11380-10 Catalyst
  • Cisco 2950 | Software Configuration Guide - Page 280
    13-6). end Return to privileged EXEC mode. show controllers lre status sequence Verify the change. copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a sequence from a port, use the no sequence sequence-name interface configuration command. To
  • Cisco 2950 | Software Configuration Guide - Page 281
    Command configure terminal interface interface-id Step 3 rate selection profile lock Purpose Enter global configuration mode. Specify the LRE port to be configured, and enter interface configuration mode. Lock the profile. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration
  • Cisco 2950 | Software Configuration Guide - Page 282
    Configuring LRE Ports Chapter 13 Configuring LRE Step 4 Step 5 Step 6 Command Purpose end Return to privileged EXEC mode. show controllers lre profile details Verify the change. copy running-config startup-config (Optional) Save your entries in the configuration file. To unlock a port, use
  • Cisco 2950 | Software Configuration Guide - Page 283
    Chapter 13 Configuring LRE Configuring LRE Ports Table 13-6 SNR Requirements for Downstream Rates for the Catalyst 2950ST-8 LRE and the Catalyst 2950ST-24 LRE Switches (continued) Profile LRE-15-1 LRE-998-15-4 LRE-997-10-4 LRE-2 LRE-3 LRE-4 Gross Data Rate 16.667 16.667 12.5 2.08 3.13 4.17
  • Cisco 2950 | Software Configuration Guide - Page 284
    Configuring LRE Ports Chapter 13 Configuring LRE Table 13-8 SNR Requirements for Downstream Rates for the Catalyst 2950ST-24 LRE 997 Switches Profile LRE-12-9 LRE-12-3 LRE-9 LRE-9-6 LRE-9-4 LRE-9-3 LRE-6 (default) LRE-6-4 LRE-6-3 LRE-4 LRE-4-3 Gross Data Rate 12.500 12.500 9.375 9.375 9.375 9.
  • Cisco 2950 | Software Configuration Guide - Page 285
    steps to set the delay duration on a specific LRE port: Step 1 Step 2 Command configure terminal interface interface-id Step 3 persistence delay Step 4 Step 5 Step 6 end show controllers lre status persistence copy running-config startup-config Purpose Enter global configuration mode. Specify
  • Cisco 2950 | Software Configuration Guide - Page 286
    1 Step 2 Command configure terminal interface interface-id Step 3 Step 4 Step 5 Step 6 link monitor end show running-config copy running-config startup-config Purpose Enter global configuration mode. Specify the LRE port to be configured, and enter interface configuration mode. Enable LRE link
  • Cisco 2950 | Software Configuration Guide - Page 287
    LRE Configuring LRE Ports Step 4 Step 5 Step 6 Command end show controllers lre status interleave copy running-config startup-config Purpose Return to privileged EXEC mode. Verify the change. (Optional) Save your entries in the configuration file. To return the port to its default setting, use
  • Cisco 2950 | Software Configuration Guide - Page 288
    Configuring LRE Ports Chapter 13 Configuring LRE Step 3 Step 4 Step 5 Command end show controllers lre status psd show controllers lre cpe version copy running-config startup-config Purpose Return to privileged EXEC mode. Verify the change. Displays the LRE binary version running on the CPE. (
  • Cisco 2950 | Software Configuration Guide - Page 289
    Firmware Beginning in privileged EXEC mode, follow these steps to enable the switch to send debugging messages to the LRE message logging process and to the system message logging process: Step 1 Step 2 Command configure terminal lre syslog Step 3 Step 4 Step 5 end show running-config copy
  • Cisco 2950 | Software Configuration Guide - Page 290
    default, a system-wide upgrade applies the most recent versions of LRE binaries that are most compatible with each upgradable hardware module. The system-wide upgrade method is the one that you use in almost all situations. 13-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 291
    (in other words, not upgrade) some of the CPE devices connected to a particular controller but allow upgrades to others, you can enter controller upgrade configuration commands for the links you want to upgrade. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-25
  • Cisco 2950 | Software Configuration Guide - Page 292
    a particular LRE binary. To resume default upgrade behavior for a given controller, do not configure the custom upgrade commands on that controller. LRE Upgrade Details This example shows how to upgrade your LRE switch: Switch> enable Switch# hw-module slot 0 upgrade lre You are about to start an
  • Cisco 2950 | Software Configuration Guide - Page 293
    LRE profiles. Display the LRE link statistics and profile information on an LRE switch port. For detailed information about the fields in the command outputs, refer to the command reference for this release. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-27
  • Cisco 2950 | Software Configuration Guide - Page 294
    Displaying LRE Status Chapter 13 Configuring LRE 13-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 295
    , page 14-8 • Spanning-Tree Address Management, page 14-8 • Accelerated Aging to Retain Connectivity, page 14-8 • Spanning-Tree Modes and Protocols, page 14-9 • Supported Spanning-Tree Instances, page 14-9 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-1
  • Cisco 2950 | Software Configuration Guide - Page 296
    blocking state. The spanning-tree port priority value represents the location of an interface in the network topology and how well it is located to pass traffic. The path cost value represents the media speed. 14-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 297
    . Root ports and designated ports are put in the forwarding state. • All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-3
  • Cisco 2950 | Software Configuration Guide - Page 298
    configured on it. Each VLAN on the switch has a unique 8-byte bridge ID; the two most-significant bytes are used for the switch priority, and the remaining six bytes are derived from the switch MAC address. In Cisco IOS Release 12.1(9)EA1 and later, Catalyst 2950 and Catalyst 2955 switches support
  • Cisco 2950 | Software Configuration Guide - Page 299
    end-station location information for the forwarding database. 4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where both learning and frame forwarding are enabled. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 300
    port • Discards frames switched from another interface for forwarding • Does not learn addresses • Receives BPDUs Learning State A Layer port • Forwards frames switched from another port • Learns addresses • Receives BPDUs 14-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 301
    or Port Becomes the Root Switch or Root Port If all switches in a network are enabled with default spanning-tree settings, the switch with the lowest MAC address becomes the root switch. In Figure 14-2, Switch A is elected as the root switch because the switch priority of all the switches is set to
  • Cisco 2950 | Software Configuration Guide - Page 302
    table and then relearned. The accelerated aging is the same as the forward-delay parameter value (spanning-tree vlan vlan-id forward-time seconds global configuration command) when the spanning tree reconfigures. 14-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 303
    Cisco proprietary extensions. It is the default spanning-tree mode used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network. The PVST+ provides Layer
  • Cisco 2950 | Software Configuration Guide - Page 304
    link between the switches. The external spanning-tree behavior on access ports and trunk ports is not affected by PVST+ or rapid PVST+. For more information on 802.1Q trunks, see Chapter 17, "Configuring VLANs." 14-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 305
    • Configuring Spanning-Tree Timers, page 14-21 (optional) Default Spanning-Tree Configuration Table 14-3 shows the default spanning-tree configuration. Table 14-3 Default Spanning-Tree Configuration Feature Enable state Spanning-tree mode Switch priority Spanning-tree port priority (configurable
  • Cisco 2950 | Software Configuration Guide - Page 306
    Compatibility" section on page 14-10. For configuration guidelines about UplinkFast, BackboneFast, and cross-stack UplinkFast, see the "Optional Spanning-Tree Configuration Guidelines" section on page 16-13. 14-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 307
    -to-point end clear spanning-tree detected-protocols show spanning-tree summary and show spanning-tree interface interface-id copy running-config startup-config Purpose Enter global configuration mode. Configure a spanning-tree mode. • Select pvst to enable PVST+ (the default setting). • Select mst
  • Cisco 2950 | Software Configuration Guide - Page 308
    VLAN basis. This procedure is optional. Step 1 Step 2 Command configure terminal no spanning-tree vlan vlan-id Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id copy running-config startup-config Purpose Enter global configuration mode. Disable spanning tree on a per-VLAN basis. For vlan
  • Cisco 2950 | Software Configuration Guide - Page 309
    system ID support: • For Catalyst 2950 and Catalyst 2955 switches with the extended system ID (Cisco IOS Release 12.1(9)EA1 and later), if all network devices in VLAN 20 have the default priority of 32768, entering the spanning-tree vlan 20 root primary command on the switch sets the switch priority
  • Cisco 2950 | Software Configuration Guide - Page 310
    procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree vlan vlan-id root primary [diameter net-diameter [hello-time seconds]] Step 3 Step 4 Step 5 end show spanning-tree detail copy running-config startup-config Purpose Enter global configuration mode. Configure a switch
  • Cisco 2950 | Software Configuration Guide - Page 311
    procedure is optional. Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal spanning-tree vlan vlan-id root secondary [diameter net-diameter [hello-time seconds]] end show spanning-tree detail copy running-config startup-config Purpose Enter global configuration mode. Configure a switch
  • Cisco 2950 | Software Configuration Guide - Page 312
    procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Step 3 spanning-tree port-priority priority Step 4 spanning-tree vlan vlan-id port-priority priority Step 5 Step 6 Step 7 end show spanning-tree interface interface-id or show spanning-tree vlan vlan-id copy
  • Cisco 2950 | Software Configuration Guide - Page 313
    procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Step 3 spanning-tree cost cost Step 4 spanning-tree vlan vlan-id cost cost Step 5 Step 6 Step 7 end show spanning-tree interface interface-id or show spanning-tree vlan vlan-id copy running-config startup
  • Cisco 2950 | Software Configuration Guide - Page 314
    switch priority of a VLAN. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree vlan vlan-id priority priority Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id copy running-config startup-config Purpose Enter global configuration mode. Configure the switch
  • Cisco 2950 | Software Configuration Guide - Page 315
    hello time of a VLAN. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree vlan vlan-id hello-time seconds Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id copy running-config startup-config Purpose Enter global configuration mode. Configure the hello time
  • Cisco 2950 | Software Configuration Guide - Page 316
    aging time for a VLAN. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree vlan vlan-id max-age seconds Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id copy running-config startup-config Purpose Enter global configuration mode. Configure the maximum-aging
  • Cisco 2950 | Software Configuration Guide - Page 317
    Ethernet Stack Catalyst 3550 series switch Catalyst 2950, Cisco 7000 2955, or 3550 router switches Catalyst 2950, 2955, or 3550 switches Catalyst 2950, 2955, or 3550 switches Catalyst 3550 or 6000 series backbone Catalyst 6000 switch Layer 3 backbone Cisco 7000 router Option 1: standalone
  • Cisco 2950 | Software Configuration Guide - Page 318
    the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. 14-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 319
    release. This chapter consists of these sections: • Understanding MSTP, page 15-2 • Understanding RSTP, page 15-6 • Configuring MSTP Features, page 15-11 • Displaying the MST Configuration and Status, page 15-23 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-1
  • Cisco 2950 | Software Configuration Guide - Page 320
    spanning-tree mst configuration global configuration command, after which the switch enters the MST configuration mode. From this mode, you can map VLANs to an MST instance by using the instance MST configuration command, specify the region name by using the name MST configuration command, and set
  • Cisco 2950 | Software Configuration Guide - Page 321
    in the CST that encompasses the entire switched domain. The CIST is formed as a result of the spanning-tree algorithm running between switches that support the 802.1w, 802.1s and 802 RSTP runs in all regions. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-3
  • Cisco 2950 | Software Configuration Guide - Page 322
    to trigger a reconfiguration). The root switch of the instance always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the maximum value. When a switch receives this BPDU, it decrements the 15-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 323
    and TCN BPDUs or version 3 MSTP BPDUs on a boundary port. A boundary port connects to a LAN, the designated switch of which is either a single spanning-tree switch or a switch with a different MST configuration. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-5
  • Cisco 2950 | Software Configuration Guide - Page 324
    always in the discarding state (equivalent to blocking in 802.1D). The port state controls the operation of the forwarding and learning processes. Table 15-1 provides a comparison of 802.1D and RSTP port states. 15-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 325
    port on an RSTP switch by using the spanning-tree portfast interface configuration command, the edge port immediately transitions to the forwarding state. An edge port is the same as a Port Fast-enabled port, and you should enable it only on ports that connect to a single end station. • Root ports
  • Cisco 2950 | Software Configuration Guide - Page 326
    the port duplex mode: a full-duplex port is considered to have a point-to-point connection; a half-duplex port is considered to have a shared connection. You can override the default setting that is determined by the duplex setting by using the spanning-tree link-type interface configuration command
  • Cisco 2950 | Software Configuration Guide - Page 327
    message is always set to the designated port. The sending switch sets the agreement flag in the RSTP BPDU to accept the previous proposal. The port role in the agreement message is always set to the root port. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-9
  • Cisco 2950 | Software Configuration Guide - Page 328
    to an 802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support 802.1D switches. The RSTP BPDUs never have the TCA bit set. 15-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 329
    port. Configuring MSTP Features These sections describe how to configure basic MSTP features: • Default MSTP Configuration, page 15-12 • MSTP Configuration Guidelines, page 15-12 • Specifying the MST Region Configuration and Enabling MSTP, page 15-13 (required) • Configuring the Root Switch, page
  • Cisco 2950 | Software Configuration Guide - Page 330
    These are the configuration guidelines for MSTP: • When you enable MST by using the spanning-tree mode mst global configuration command, RSTP is automatically enabled. Per-VLAN RSTP is not supported in software releases earlier than Cisco IOS Release 12.1(13)EA1. • For two or more switches to be in
  • Cisco 2950 | Software Configuration Guide - Page 331
    support up to 16 spanning-tree instances. You can assign a VLAN to only one spanning-tree instance at a time. Beginning in privileged EXEC mode, follow these steps to specify the MST region configuration and enable MSTP. This procedure is required. Step 1 Step 2 Step 3 Command configure terminal
  • Cisco 2950 | Software Configuration Guide - Page 332
    Features Chapter 15 Configuring MSTP Command Step 8 spanning-tree mode mst Purpose Enable MSTP. RSTP is also enabled. Step 9 Step 10 Step 11 end show running-config copy running-config startup-config Caution Changing spanning-tree modes can disrupt traffic because all spanning-tree instances
  • Cisco 2950 | Software Configuration Guide - Page 333
    the switch sets its own priority to 4096 less than the lowest switch priority. (4096 is the value of the least-significant bit of a 4-bit switch priority value as shown in Table 14-1 on page 14-4.) Note Catalyst 2950 switches running software earlier than Cisco IOS Release 12.1(9)EA1 do not support
  • Cisco 2950 | Software Configuration Guide - Page 334
    3 Step 4 Step 5 Command end show spanning-tree mst instance-id copy running-config startup-config Purpose Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst instance
  • Cisco 2950 | Software Configuration Guide - Page 335
    Step 4 Step 5 Step 6 Command configure terminal interface interface-id spanning-tree mst instance-id port-priority priority end show spanning-tree mst interface interface-id or show spanning-tree mst instance-id copy running-config startup-config Purpose Enter global configuration mode. Specify an
  • Cisco 2950 | Software Configuration Guide - Page 336
    the default value is derived from the media speed of the interface. end Return to privileged EXEC mode. show spanning-tree mst interface interface-id Verify your entries. or show spanning-tree mst instance-id copy running-config startup-config (Optional) Save your entries in the configuration
  • Cisco 2950 | Software Configuration Guide - Page 337
    the switch priority. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree mst instance-id priority priority Step 3 Step 4 Step 5 end show spanning-tree mst instance-id copy running-config startup-config Purpose Enter global configuration mode. Configure the switch
  • Cisco 2950 | Software Configuration Guide - Page 338
    time for all MST instances. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree mst hello-time seconds Step 3 Step 4 Step 5 end show spanning-tree mst copy running-config startup-config Purpose Enter global configuration mode. Configure the hello time for all MST
  • Cisco 2950 | Software Configuration Guide - Page 339
    time for all MST instances. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree mst max-age seconds Step 3 Step 4 Step 5 end show spanning-tree mst copy running-config startup-config Purpose Enter global configuration mode. Configure the maximum-aging time for all
  • Cisco 2950 | Software Configuration Guide - Page 340
    mode, follow these steps to override the default link-type setting. This procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Step 3 Step 4 Step 5 Step 6 spanning-tree link-type point-to-point end show spanning-tree mst interface interface-id copy running-config
  • Cisco 2950 | Software Configuration Guide - Page 341
    4094 when the EI is installed. The valid port-channel range is 1 to 6. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-23
  • Cisco 2950 | Software Configuration Guide - Page 342
    Displaying the MST Configuration and Status Chapter 15 Configuring MSTP 15-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 343
    Understanding Cross-Stack UplinkFast, page 16-5 • Understanding BackboneFast, page 16-9 • Understanding EtherChannel Guard, page 16-11 • Understanding Root Guard, page 16-11 • Understanding Loop Guard, page 16-12 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-1
  • Cisco 2950 | Software Configuration Guide - Page 344
    to end stations. If you enable Port Fast on a port connecting to another switch, you risk creating a spanning-tree loop. You can enable this feature by using the spanning-tree portfast interface configuration or the spanning-tree portfast default global configuration command. Figure 16-1 Port Fast
  • Cisco 2950 | Software Configuration Guide - Page 345
    enable BPDU filtering on Port Fast-enabled ports by using the spanning-tree portfast bpdufilter default global configuration command. This command prevents ports that are in a Port Fast-operational state from sending or receiving BPDUs. The ports still send a few BPDUs at link-up before the switch
  • Cisco 2950 | Software Configuration Guide - Page 346
    as soon as the spanning tree selects a new root port. By enabling UplinkFast with the spanning-tree uplinkfast global configuration command, you can accelerate the choice of a new root port when a link or switch fails or when the spanning tree reconfigures itself. The root port transitions to the
  • Cisco 2950 | Software Configuration Guide - Page 347
    state. If Switch A fails, if its stack-root port fails, or if Link A fails, CSUF selects either the Switch B or Switch C alternate stack-root port and puts it into the forwarding state in less than 1 second. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-5
  • Cisco 2950 | Software Configuration Guide - Page 348
    Mbps Stack-root port Alternate stackroot port Alternate stackroot port Switch A Stack port Switch B Stack port Switch C Stack port 49067 per-VLAN basis and affects only one spanning-tree instance at a time. 16-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 349
    XL, Catalyst 2950, and Catalyst 2900 XL switches, up to 64 VLANs with spanning tree enabled are supported. If the stack consists of only Catalyst 3550 switches, up to 128 VLANs with spanning tree enabled are supported. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 350
    RPS STATUS UTIL DUPLX SPEED MODE 12 1X 34 2X 56 78 9 10 9 10 9 10 9 10 12 11X1X 34 21X2X 56 78 9 10 9 10 9 10 9 10 12 11X1X 34 21X2X 56 Catalyst 2950 78 9 10 9 10 9 10 9 10 1 1 2 1 65276 16-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 351
    Layer 2 interface on Switch C that connects directly to Switch B is in the blocking state. Figure 16-7 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 78-11380-10 L2 L3 Blocked port Switch C 44963 Catalyst 2950 and Catalyst 2955 Switch Software Configuration
  • Cisco 2950 | Software Configuration Guide - Page 352
    that Switch B is the designated bridge to Switch A, the root switch. Figure 16-9 Adding a Switch in a Shared-Medium Topology Switch A (Root) Switch C Blocked port Switch B (Designated bridge) Added switch 44965 16-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 353
    ], putting [chars] in err-disable state. You can enable this feature by using the spanning-tree etherchannel guard misconfig global configuration command. Understanding Root Guard The Layer 2 network of a service provider (SP) can include many connections to switches that are not owned by the SP. In
  • Cisco 2950 | Software Configuration Guide - Page 354
    on the entire switched network. You can enable this feature by using the spanning-tree loopguard default global configuration command. When the switch is operating in PVST+ or rapid-PVST+ mode, loop guard prevents alternate and root ports from becoming designated ports, and spanning tree does not
  • Cisco 2950 | Software Configuration Guide - Page 355
    voice VLAN, the Port Fast feature is not automatically disabled. For more information, see Chapter 19, "Configuring Voice VLAN." You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16
  • Cisco 2950 | Software Configuration Guide - Page 356
    enable Port Fast on trunk ports, you must use the spanning-tree portfast trunk interface configuration command. The spanning-tree portfast command will not work on trunk ports. Step 4 Step 5 Step 6 end show spanning-tree interface interface-id portfast copy running-config startup-config Caution
  • Cisco 2950 | Software Configuration Guide - Page 357
    EXEC mode, follow these steps to globally enable the BPDU guard feature. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree portfast bpduguard default Step 3 interface interface-id Step 4 Step 5 Step 6 Step 7 spanning-tree portfast end show running-config copy
  • Cisco 2950 | Software Configuration Guide - Page 358
    mode, follow these steps to globally enable the BPDU filtering feature. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree portfast bpdufilter default Step 3 interface interface-id Step 4 Step 5 Step 6 Step 7 spanning-tree portfast end show running-config copy
  • Cisco 2950 | Software Configuration Guide - Page 359
    this command only on access switches. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16
  • Cisco 2950 | Software Configuration Guide - Page 360
    follow these steps to enable BackboneFast. This procedure is optional. Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal spanning-tree backbonefast end show spanning-tree summary copy running-config startup-config Purpose Enter global configuration mode. Enable BackboneFast. Return to
  • Cisco 2950 | Software Configuration Guide - Page 361
    on all interfaces. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. To disable root guard, use the no spanning-tree guard interface configuration command. Enabling Loop Guard
  • Cisco 2950 | Software Configuration Guide - Page 362
    3 Command show spanning-tree active or show spanning-tree mst configure terminal spanning-tree loopguard default Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Determine which ports are alternate or root ports. Enter global configuration mode. Enable loop
  • Cisco 2950 | Software Configuration Guide - Page 363
    to configure normal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 1006 to 4094) on your Catalyst 2950 or Catalyst 2955 switch. It includes information about VLAN modes and the VLAN Membership Policy Server (VMPS). Note For complete syntax and usage information for the commands
  • Cisco 2950 | Software Configuration Guide - Page 364
    it is known as interface-based, or static, VLAN membership. Supported VLANs Catalyst 2950 switches that run the standard software image (SI) support 64 VLANs; Catalyst 2950 and Catalyst 2955 switches that run the enhanced software image (EI) support 250 VLANs. Refer to the release notes for the list
  • Cisco 2950 | Software Configuration Guide - Page 365
    be a Catalyst 5000 or Catalyst 6500 series switch, for example, but never a Catalyst 2950 or 2955 switch. You can have dynamic-access ports and trunk ports on the same switch, but you must connect the dynamic-access port to an end station and not to another switch. VTP is required. Configure the
  • Cisco 2950 | Software Configuration Guide - Page 366
    the port membership mode and to add and remove ports from VLANs. The results of these commands are written to the running-configuration file, and you can display the file by entering the show running-config privileged EXEC command. You can set these parameters when you create a new normal-range VLAN
  • Cisco 2950 | Software Configuration Guide - Page 367
    instances on a switch, adding another VLAN anywhere in the VTP domain creates a VLAN on that switch that is not running spanning-tree. If you have the default allowed list on the trunk ports of that switch (which 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-5
  • Cisco 2950 | Software Configuration Guide - Page 368
    the show vlan privileged EXEC command. You must use this config-vlan mode when creating extended-range VLANs (VLAN IDs greater than 1005). See the "Configuring Extended-Range VLANs" section on page 17-12. VLAN Configuration in VLAN Configuration Mode To access VLAN configuration mode, enter the vlan
  • Cisco 2950 | Software Configuration Guide - Page 369
    If VTP mode is transparent, they are also saved in the switch running configuration file and you can enter the copy running-config startup-config privileged EXEC command to save the configuration in the startup configuration file. You can use the show running-config vlan privileged EXEC command to
  • Cisco 2950 | Software Configuration Guide - Page 370
    -12. For the list of default parameters that are assigned when you add a VLAN, see the "Configuring Normal-Range VLANs" section on page 17-4. Beginning in privileged EXEC mode, follow these steps to use config-vlan mode to create or modify an Ethernet VLAN: Step 1 Step 2 Command configure terminal
  • Cisco 2950 | Software Configuration Guide - Page 371
    to the default settings, use the no vlan name, no vlan mtu, or no remote span config-vlan commands. This example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name
  • Cisco 2950 | Software Configuration Guide - Page 372
    steps to delete a VLAN on the switch by using global configuration mode: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal no vlan vlan-id end show vlan brief copy running-config startup config Purpose Enter global configuration mode. Remove the VLAN by entering the VLAN ID. Return to
  • Cisco 2950 | Software Configuration Guide - Page 373
    shows how to configure a port as an access port in VLAN 2: Switch# configure terminal Enter configuration commands, one per line. Switch(config)# interface fastethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 2 Switch(config-if)# end Switch# End
  • Cisco 2950 | Software Configuration Guide - Page 374
    VTP mode is transparent, they are stored in the switch running configuration file, and you can save the configuration in the startup configuration file by using the copy running-config startup-config privileged EXEC command. Note Although the switch supports 4094 VLAN IDs when the EI is installed
  • Cisco 2950 | Software Configuration Guide - Page 375
    steps to create an extended-range VLAN: Step 1 Step 2 Step 3 Command configure terminal vtp mode transparent vlan vlan-id Step 4 mtu mtu-size Step 5 Step 6 Step 7 end show vlan id vlan-id copy running-config startup config Purpose Enter global configuration mode. Configure the switch for VTP
  • Cisco 2950 | Software Configuration Guide - Page 376
    shows how to create a new extended-range VLAN (when the EI is installed) with all default characteristics, enter config-vlan mode, and save the new VLAN in the switch startup configuration file: Switch(config)# vtp mode transparent Switch(config)# vlan 2000 Switch(config-vlan)# end Switch# copy
  • Cisco 2950 | Software Configuration Guide - Page 377
    17-15 • 802.1Q Configuration Considerations, page 17-16 • Default Layer 2 Ethernet Interface VLAN Configuration, page 17-17 Trunking Overview A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch. Fast Ethernet and
  • Cisco 2950 | Software Configuration Guide - Page 378
    two switches in a stack are connected by GigaStack GBIC links, you must manually configure trunking in this manner: - Manually shut down the GigaStack port by using the shutdown interface configuration command. - Manually configure trunk mode on the GigaStack port by using the switchport mode trunk
  • Cisco 2950 | Software Configuration Guide - Page 379
    , page 17-21 Note The default mode for Layer 2 interfaces is switchport mode dynamic desirable. If the neighboring interface supports trunking and is configured to allow trunking, the link is a Layer 2 trunk. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-17
  • Cisco 2950 | Software Configuration Guide - Page 380
    privileged EXEC mode. show interfaces interface-id switchport Display the switchport configuration of the interface in the Administrative Mode and the Administrative Trunking Encapsulation fields of the display. 17-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 381
    .1Q trunking. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface fastethernet0/4 Switch(config-if)# switchport mode dynamic desirable Switch(config-if)# end Defining the Allowed VLANs on a Trunk By default, a trunk port sends traffic to
  • Cisco 2950 | Software Configuration Guide - Page 382
    by default. end Return to privileged EXEC mode. show interfaces interface-id switchport Verify your entries in the Trunking VLANs Enabled field of the display. copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default allowed VLAN list
  • Cisco 2950 | Software Configuration Guide - Page 383
    Step 6 Command Purpose end Return to privileged EXEC mode. show interfaces interface-id switchport Verify your entries in the Pruning VLANs Enabled field of the display. copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default pruning
  • Cisco 2950 | Software Configuration Guide - Page 384
    any trunk port. Figure 17-3 Load Sharing by Using STP Port Priorities Switch A Trunk 1 VLANs 8 - 10 (priority 16) VLANs 3 - 6 (priority 128) Switch B Trunk 2 VLANs 3 - 6 (priority 16) VLANs 8 - 10 (priority 128) 93370 17-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 385
    fastethernet0/1 spanning-tree vlan 8-10 port-priority 16 spanning-tree vlan 10 port-priority 16 exit interface fastethernet0/2 spanning-tree vlan 3-6 port-priority 16 end show running-config copy running-config startup-config Purpose Enter global configuration mode on Switch 1. Configure a VTP
  • Cisco 2950 | Software Configuration Guide - Page 386
    the other switches. Verify that Switch A has learned the VLAN configuration. Enter global configuration mode. Enter interface configuration mode, and define Fast Ethernet port 0/1 as the interface to set the STP cost. 17-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 387
    Step 12 Step 13 Command spanning-tree vlan 2-4 cost 30 end Step 14 exit Step 15 show running-config Step 16 copy running-config startup-config Purpose Set the spanning-tree path cost to 30 for VLANs 2 through 4. Return to global configuration mode. Repeat Steps 9 through 11 on Switch A interface
  • Cisco 2950 | Software Configuration Guide - Page 388
    from the VMPS, it disables the port. The port must be manually re-enabled by using the CLI, CMS, or SNMP. You can also use an explicit entry in the configuration table to deny access to specific MAC addresses for security reasons. If you enter the none keyword for the VLAN name, the VMPS sends an
  • Cisco 2950 | Software Configuration Guide - Page 389
    Chapter 17 Configuring VLANs Configuring VMPS Default VMPS Client Configuration Table 17-6 shows the default VMPS and dynamic port configuration on client switches. Table 17-6 Default VMPS Client and Dynamic Port Configuration Feature VMPS domain server VMPS reconfirm interval VMPS server retry
  • Cisco 2950 | Software Configuration Guide - Page 390
    Step 2 Command configure terminal interface interface-id Step 3 switchport mode access Purpose Enter global configuration mode. Enter interface configuration mode and the switch port that is connected to the end station. Set the port to access mode. 17-28 Catalyst 2950 and Catalyst 2955 Switch
  • Cisco 2950 | Software Configuration Guide - Page 391
    Chapter 17 Configuring VLANs Configuring VMPS Command Step 4 switchport access vlan dynamic Step 5 Step 6 Step 7 end show interfaces interface-id switchport copy running-config startup-config Purpose Configure the port as eligible for dynamic VLAN membership. The dynamic access port must be
  • Cisco 2950 | Software Configuration Guide - Page 392
    17 Configuring VLANs Command Step 4 show vmps Step 5 copy running-config startup-config Purpose Verify the dynamic VLAN reconfirmation status in the Reconfirm Interval field of the display. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use
  • Cisco 2950 | Software Configuration Guide - Page 393
    EXEC command: Switch# show vmps VQP Client Status VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172.20.128.86 (primary, current) 172.20.128.87 Reconfirmation status VMPS Action: No Dynamic Port Troubleshooting Dynamic Port VLAN Membership
  • Cisco 2950 | Software Configuration Guide - Page 394
    Switch H Dynamic-access port Catalyst 6500 series Secondary VMPS Server 3 172.20.26.157 Client switch I 172.20.26.158 Trunk port 172.20.26.159 Switch J 101363t Ethernet segment (Trunk link) TFTP server Router 172.20.22.7 17-32 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 395
    image (EI) is installed. This section contains information about these VTP parameters: • The VTP Domain, page 18-2 • VTP Modes, page 18-3 • VTP Advertisements, page 18-3 • VTP Version 2, page 18-4 • VTP Pruning, page 18-4 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration
  • Cisco 2950 | Software Configuration Guide - Page 396
    mode are saved in the switch running configuration and can be saved to the switch startup configuration file. For domain name and password configuration guidelines, see the "VTP Configuration Guidelines" section on page 18-8. 18-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 397
    in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. When the network is configured with more than the maximum 250 VLANs, the switch automatically changes from VTP server or client mode to VTP transparent mode. The switch then operates
  • Cisco 2950 | Software Configuration Guide - Page 398
    default, VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported with VTP version 1 and version 2. Figure 18-1 shows a switched network without VTP pruning enabled. Port 1 on Switch A and Port
  • Cisco 2950 | Software Configuration Guide - Page 399
    Chapter 18 Configuring VTP Figure 18-1 Flooding Traffic without VTP Pruning Switch D Port 2 Switch E Switch B Red VLAN Understanding VTP Port 1 89240 Switch F Switch C Switch A Figure 18-2 shows a switched network with VTP pruning enabled. The broadcast traffic from Switch A is not
  • Cisco 2950 | Software Configuration Guide - Page 400
    the default VTP configuration. Table 18-2 Default VTP Configuration Feature VTP domain name VTP mode VTP version 2 enable state VTP password VTP pruning Default Setting Null. Server. Version 2 is disabled. None. Disabled. 18-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 401
    mode (transparent) are saved in the switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 402
    propagate VLAN configuration information to other switches and to learn the VLANs enabled on the network, you must configure the switch with the correct domain name and domain password and change the VTP mode to VTP server. 18-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 403
    switch for VTP server mode (the default). Configure the VTP administrative-domain name. The name can be from 1 to 32 characters. All switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name. 78-11380-10 Catalyst 2950
  • Cisco 2950 | Software Configuration Guide - Page 404
    configuration mode to configure the switch as a VTP server: Step 1 Step 2 Step 3 Command vlan database vtp server vtp domain domain-name Step 4 vtp password password Step 5 exit Step 6 show vtp status Purpose Enter VLAN configuration mode. Configure the switch for VTP server mode (the default
  • Cisco 2950 | Software Configuration Guide - Page 405
    as a VTP client: Step 1 Step 2 Command configure terminal vtp mode client Step 3 vtp domain domain-name Step 4 Step 5 Step 6 vtp password password end show vtp status Purpose Enter global configuration mode. Configure the switch for VTP client mode. The default setting is VTP server. (Optional
  • Cisco 2950 | Software Configuration Guide - Page 406
    the default). Beginning in privileged EXEC mode, follow these steps to configure VTP transparent mode and save the VTP configuration in the switch startup configuration file: Step 1 Step 2 Step 3 Step 4 Command configure terminal vtp mode transparent end show vtp status Step 5 copy running-config
  • Cisco 2950 | Software Configuration Guide - Page 407
    Beginning in privileged EXEC mode, follow these steps to enable VTP version 2: Step 1 Step 2 Command configure terminal vtp version 2 Step 3 end Step 4 show vtp status Purpose Enter global configuration mode. Enable VTP version 2 on the switch. VTP version 2 is disabled by default on VTP version
  • Cisco 2950 | Software Configuration Guide - Page 408
    Step 1 Step 2 Command configure terminal vtp pruning Step 3 end Step 4 show vtp status Purpose Enter global configuration mode. Enable pruning in the VTP administrative domain. By default, pruning is disabled. You need to enable pruning on only one switch in VTP server mode. Return to privileged
  • Cisco 2950 | Software Configuration Guide - Page 409
    EXEC mode, follow these steps to verify and reset the VTP configuration revision number on a switch before adding it to a VTP domain: Command Step 1 show vtp status Step 2 Step 3 Step 4 configure terminal vtp domain domain-name end Step 5 Step 6 Step 7 Step 8 show vtp status configure terminal
  • Cisco 2950 | Software Configuration Guide - Page 410
    . Table 18-3 VTP Monitoring Commands Command show vtp status show vtp counters Purpose Display the VTP switch configuration information. Display counters about VTP messages that have been sent and received. 18-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 411
    devices: • Port 1 connects to the switch or other voice-over-IP (VoIP) device. • Port 2 is an internal 10/100 interface that carries the IP phone traffic. • Port 3 (access port) connects to a PC or other device. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 19-1
  • Cisco 2950 | Software Configuration Guide - Page 412
    0. Note In software releases earlier than Cisco IOS Release 12.1(13)EA1, the CoS value is trusted for all 802.1p or 802.1Q tagged traffic, and the IP Phone does not override the priority of the incoming traffic. 19-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 413
    voice VLAN on switch access ports. • The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the Port Fast feature is not automatically disabled. • When you enable port security on an interface that is also configured with a voice VLAN, you must set
  • Cisco 2950 | Software Configuration Guide - Page 414
    voice VLAN entries. copy running-config startup-config (Optional) Save your entries in the configuration file. To return the port to its default setting, use the no switchport voice vlan interface configuration command. 19-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 415
    in the configuration file. Use the no switchport priority extend interface configuration command or the switchport priority extend cos 0 interface configuration command to return the port to its default setting. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 19-5
  • Cisco 2950 | Software Configuration Guide - Page 416
    copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no switchport priority extend interface configuration command or the switchport priority extend cos 0 interface configuration command to return the port to its default setting. Displaying Voice VLAN
  • Cisco 2950 | Software Configuration Guide - Page 417
    , page 20-2 • Option-82 Data Insertion, page 20-3 For information about the DCHP client, refer to the "IP Addressing and Services" section in the Cisco IOS IP and IP Routing Configuration Guide, Release 12.1. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-1
  • Cisco 2950 | Software Configuration Guide - Page 418
    is enabled, the switch compares the source MAC address and the DHCP client hardware address. If addresses match (the default), the switch forwards the packet. If the addresses do not match, the switch drops the packet. 20-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 419
    the server. Figure 20-1 DHCP Relay Agent in a Metropolitan Ethernet Network DHCP server Catalyst switch (DHCP relay agent) Access layer Host A (DHCP client) Subscribers VLAN 10 Host B (DHCP client) 98813 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-3
  • Cisco 2950 | Software Configuration Guide - Page 420
    ID suboption and the circuit ID suboption. The switch uses the packet formats when DHCP snooping is globally enabled and when the ip dhcp snooping information option global configuration command is entered. 20-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 421
    option DHCP snooping limit rate Default Setting Enabled1 Enabled2 None configured Enabled (invalid messages are dropped)2 Replace the existing relay agent information2 Disabled Enabled None configured 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-5
  • Cisco 2950 | Software Configuration Guide - Page 422
    . For procedures to configure the switch as a DHCP server, refer to the "Configuring DHCP" section of the "IP addressing and Services" section of the Cisco IOS IP and IP Routing Configuration Guide, Release 12.1. 20-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 423
    9 Step 10 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enable DHCP snooping globally. Enable DHCP snooping on a VLAN or range of VLANs. The range is 1 to 4094. You can enter a single VLAN ID identified by VLAN ID number, a series of VLAN IDs
  • Cisco 2950 | Software Configuration Guide - Page 424
    trusted port. Use the show ip dhcp snooping binding privileged EXEC command to display only the dynamically configured bindings in the DHCP snooping binding database. If DHCP snooping is enabled and an interface changes to the down state, the switch does not delete the manually configured bindings
  • Cisco 2950 | Software Configuration Guide - Page 425
    switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 426
    constrains traffic to approximately the same set of ports as the IGMP snooping feature on IGMPv2 or IGMPv1 hosts. Note IGMPv3 join and leave messages are not supported on switches running IGMP filtering or MVR. 21-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 427
    forward messages to a device running the Source Specific Multicast (SSM) feature. For more information, refer to the "Configuring IP Multicast Layer 3 Switching" chapter in the Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, Cisco IOS Release 12.1(12c)EW at this URL: http://www
  • Cisco 2950 | Software Configuration Guide - Page 428
    traffic, the router continues forwarding the multicast traffic to the VLAN. The switch forwards multicast group traffic to only those hosts listed in the forwarding table for that Layer 2 multicast group. 21-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 429
    IGMP join or leave messages. The switch learns about IP multicast groups from the IP multicast data stream by using the source-only learning method. The switch forwards traffic only to the multicast router ports. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-5
  • Cisco 2950 | Software Configuration Guide - Page 430
    configuration. Table 21-3 Default IGMP Snooping Configuration Feature IGMP snooping Multicast routers Multicast router learning (snooping) method Default Setting Enabled globally and per VLAN. None configured. PIM-DVMRP. 21-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 431
    these steps to globally enable IGMP snooping on the switch: Step 1 Step 2 Step 3 Step 4 Command configure terminal ip igmp snooping end copy running-config startup-config Purpose Enter global configuration mode. Globally enable IGMP snooping in all existing VLAN interfaces. Return to privileged
  • Cisco 2950 | Software Configuration Guide - Page 432
    a multicast router: Step 1 Step 2 Command configure terminal ip igmp snooping vlan vlan-id mrouter learn {cgmp | pim-dvmrp} Step 3 Step 4 Step 5 end show ip igmp snooping copy running-config startup-config Purpose Enter global configuration mode. Enable IGMP snooping on a VLAN.The VLAN ID range
  • Cisco 2950 | Software Configuration Guide - Page 433
    the EI is installed. end Return to privileged EXEC mode. show ip igmp snooping mrouter [vlan vlan-id] Verify that IGMP snooping is enabled on the VLAN interface. copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a multicast router port from
  • Cisco 2950 | Software Configuration Guide - Page 434
    Step 3 Command configure terminal ip igmp snooping vlan vlan-id immediate-leave end Purpose Enter global configuration mode Enable IGMP Immediate-Leave processing on the VLAN interface. Return to privileged EXEC mode. 21-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 435
    global configuration command. This example shows how to enable IGMP immediate-leave processing on VLAN 130: Switch# configure terminal Switch(config)# ip igmp snooping vlan 130 immediate-leave Switch(config)# end Disabling IGMP Report Suppression IGMP report suppression is enabled by default. When
  • Cisco 2950 | Software Configuration Guide - Page 436
    (10 minutes). end Return to privileged EXEC mode. show running-config | include source-only-learning Verify the aging time. copy running-config startup-config (Optional) Save your entries in the configuration file. 21-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 437
    compatibility mode, and the ports that are associated with each group. (Optional) Enter vlan vlan-id to display information for a single VLAN. Display information on dynamically learned and manually configured multicast router interfaces. Note When you enable IGMP snooping, the switch automatically
  • Cisco 2950 | Software Configuration Guide - Page 438
    interface to receive the multicast stream. Therefore, in this mode, MVR does not support dynamic membership joins on source ports. Note IGMPv3 join and leave messages are not supported on switches running MVR. 21-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 439
    is received, the receiver port is removed from multicast group membership, which speeds up leave latency. Enable the Immediate Leave feature only on receiver ports to which a single receiver device is connected. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-15
  • Cisco 2950 | Software Configuration Guide - Page 440
    are sent to the same MAC addresses as the multicast data. The Switch A CPU must capture all IGMP join and leave messages from receiver ports and forward them to the multicast VLAN of the source (uplink) port. 21-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 441
    Interfaces, page 21-19 Default MVR Configuration Table 21-5 shows the default MVR configuration. Table 21-5 Default MVR Configuration Feature MVR Multicast addresses Query response time Multicast VLAN Mode Interface (per port) default Immediate Leave Default Setting Disabled globally and per
  • Cisco 2950 | Software Configuration Guide - Page 442
    or show mvr members copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default settings, use the no mvr [mode | group ip-address | querytime | vlan] global configuration commands. 21-18 Catalyst 2950 and Catalyst 2955 Switch
  • Cisco 2950 | Software Configuration Guide - Page 443
    mode, this command applies to only receiver ports. In dynamic mode, it applies to receiver ports and source ports. Receiver ports can also dynamically join multicast groups by using IGMP join and leave messages. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 444
    receiver Switch(config-if)# mvr vlan 22 group 228.1.23.4 Switch(config-if)# mvr immediate Switch(config)# end Switch# show mvr interface gigabitethernet0/1 Type: RECEIVER Status: ACTIVE Immediate Leave: ENABLED 21-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 445
    interface. Beginning in privileged EXEC mode, use the commands in Table 21-6 to display MVR configuration: Table 21-6 Commands for Displaying MVR Information show mvr Displays MVR status and values for the switch-whether MVR is enabled or disabled, the multicast VLAN, the maximum (256) and
  • Cisco 2950 | Software Configuration Guide - Page 446
    by using these commands: • deny: Specifies that matching addresses are denied; this is the default condition. • exit: Exits from igmp-profile configuration mode. • no: Negates a command or sets its defaults. 21-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 447
    to create an IGMP profile: Step 1 Step 2 Command configure terminal ip igmp profile profile number Step 3 permit | deny Step 4 range ip multicast address Step 5 Step 6 Step 7 end show ip igmp profile profile number copy running-config startup-config Purpose Enter global configuration mode
  • Cisco 2950 | Software Configuration Guide - Page 448
    profile to a switch port: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal interface interface-id ip igmp filter profile number end show running configuration interface interface-id copy running-config startup-config Purpose Enter global configuration mode. Enter interface
  • Cisco 2950 | Software Configuration Guide - Page 449
    use it on ports that belong to an EtherChannel port group. • When the maximum group limitation is set to the default (no maximum), entering the ip igmp max-groups action {deny | replace} command has no effect. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-25
  • Cisco 2950 | Software Configuration Guide - Page 450
    action {deny | replace} Step 4 Step 5 Step 6 end show running-config interface interface-id copy running-config startup-config Purpose Enter global configuration mode. Enter interface configuration mode, and enter the physical interface to configure. The interface can be a Layer 2 port that does
  • Cisco 2950 | Software Configuration Guide - Page 451
    interface or the configuration of all interfaces on the switch, including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-27
  • Cisco 2950 | Software Configuration Guide - Page 452
    Displaying IGMP Filtering and Throttling Configuration Chapter 21 Configuring IGMP Snooping and MVR 21-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 453
    storm control configuration information and procedures: • Understanding Storm Control, page 22-2 • Default Storm Control Configuration, page 22-2 • Enabling Storm Control, page 22-2 • Disabling Storm Control, page 22-4 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 454
    these steps to enable storm control: Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the port to configure, and enter interface configuration mode. 22-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 455
    end Return to privileged EXEC mode. show storm-control [interface] [{broadcast Verify your entries. | history | multicast | unicast}] copy running-config startup-config (Optional) Save your entries in the configuration file. The output from the show storm-control privileged EXEC command shows
  • Cisco 2950 | Software Configuration Guide - Page 456
    Command configure terminal interface interface-id no storm-control {broadcast | multicast | unicast} level no storm-control action {shutdown | trap} end show storm-control {broadcast | multicast | unicast} copy running-config startup-config Purpose Enter global configuration mode. Specify the port
  • Cisco 2950 | Software Configuration Guide - Page 457
    enabled on protected ports; you must explicitly configure it. The port blocking feature is only supported on these switches: • Catalyst 2950 Long-Reach Ethernet (LRE) switches running Cisco IOS Release 12.1(14)EA1 or later • Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, 2950G-48-EI
  • Cisco 2950 | Software Configuration Guide - Page 458
    switchport block unicast end show interfaces interface-id switchport copy running-config startup-config Purpose Enter global configuration mode. Specify the interface to configure and enter interface configuration mode. Enable unknown multicast flooding to the port. Enable unknown unicast flooding
  • Cisco 2950 | Software Configuration Guide - Page 459
    to dynamic secure addresses and are removed from the running configuration. A secure port can have from 1 to 132 associated secure addresses. The total number of available secure addresses on the switch is 1024. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-7
  • Cisco 2950 | Software Configuration Guide - Page 460
    psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shutdown interface configuration commands. This is the default mode. Table 22-1 shows the violation mode and the actions taken when you configure an interface for port security. Table 22
  • Cisco 2950 | Software Configuration Guide - Page 461
    cannot configure port security on a per-VLAN basis. • The switch does not support port security aging of sticky secure MAC addresses. • The protect and restrict options cannot be simultaneously enabled on an interface. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 462
    . Note If you enable sticky learning after you enter this command, the secure addresses that were dynamically learned are converted to sticky secure MAC addresses and are added to the running configuration. 22-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 463
    Configuring Port-Based Traffic Control Configuring Port Security Step 8 Step 9 Step 10 Step 11 Command switchport port-security mac-address sticky end show port-security copy running-config startup-config Purpose (Optional) Enable sticky learning on the interface. Return to privileged EXEC mode
  • Cisco 2950 | Software Configuration Guide - Page 464
    configuration command. This example shows how to set the aging time as 2 hours for the secure addresses on a port: Switch(config)# interface fastethernet0/1 Switch(config-if)# switchport port-security aging time 120 22-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 465
    Traffic Control Displaying Port-Based Traffic Control Settings This example shows how to set the aging time as 2 minutes for the inactivity aging type with aging enabled for the configured secure addresses on the interface: Switch(config-if)# switchport port-security aging time 2 Switch(config-if
  • Cisco 2950 | Software Configuration Guide - Page 466
    Displaying Port-Based Traffic Control Settings Chapter 22 Configuring Port-Based Traffic Control 22-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 467
    interfaces. When you enable both autonegotiation and UDLD, the Layer 1 and Layer 2 detections work together to prevent physical and logical unidirectional connections and the malfunctioning of other protocols. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 23-1
  • Cisco 2950 | Software Configuration Guide - Page 468
    affected by the configuration change. UDLD sends at least one message to inform the neighbors to flush the part of their caches affected by the status change. The message is intended to keep the caches synchronized. 23-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 469
    same port. If UDLD is in aggressive mode, it detects the problem and disables the port. If UDLD is in normal mode, the logical link is considered undetermined, and UDLD does not disable the interface. Switch B 98648 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 470
    a unidirectional link if it is connected to a UDLD-incapable port of another switch. • When configuring the mode (normal or aggressive), make sure that the same mode is configured on both sides of the link. 23-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 471
    -5. end Return to privileged EXEC mode. show udld Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. To disable UDLD globally, use the no udld enable global configuration command to disable normal mode UDLD on all fiber-optic ports
  • Cisco 2950 | Software Configuration Guide - Page 472
    Configuring UDLD Command Step 3 udld port [aggressive] Step 4 Step 5 Step 6 end show udld interface-id copy running-config startup-config Purpose Specify the UDLD mode of operation: • (Optional) aggressive- Enables UDLD in aggressive mode on the specified interface. UDLD is disabled by default
  • Cisco 2950 | Software Configuration Guide - Page 473
    the specified interface or for all interfaces, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the display, refer to the command reference for this release. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 23-7
  • Cisco 2950 | Software Configuration Guide - Page 474
    Displaying UDLD Status Chapter 23 Configuring UDLD 23-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 475
    uses CDP to find cluster candidates and maintain information about cluster members and other devices up to three cluster-enabled devices away from the command switch by default. The switch supports CDP Version 2. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-1
  • Cisco 2950 | Software Configuration Guide - Page 476
    your device before discarding it. The range is 10 to 255 seconds; the default is 180 seconds. (Optional) Configure CDP to send Version-2 advertisements. This is the default state. Return to privileged EXEC mode. 24-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 477
    mode. Enable CDP after disabling it. Return to privileged EXEC mode. This example shows how to enable CDP if it has been disabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24
  • Cisco 2950 | Software Configuration Guide - Page 478
    file. This example shows how to enable CDP on an interface when it has been disabled. Switch# configure terminal Switch(config)# interface fastethernet0/1 Switch(config-if)# cdp enable Switch(config-if)# end 24-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 479
    Chapter 24 Configuring CDP Monitoring and Maintaining CDP Monitoring and Maintaining CDP To monitor and maintain CDP on your device, perform one or more of these tasks, beginning in privileged EXEC mode. Command clear cdp counters clear cdp table show cdp show cdp entry entry-name [protocol |
  • Cisco 2950 | Software Configuration Guide - Page 480
    Monitoring and Maintaining CDP Chapter 24 Configuring CDP 24-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 481
    and RSPAN, page 25-1 • Configuring SPAN, page 25-7 • Configuring RSPAN, page 25-12 • Displaying SPAN and RSPAN Status, page 25-17 Understanding SPAN and RSPAN You can analyze network traffic passing through ports by using SPAN to send a copy of the traffic to another port on the switch that has been
  • Cisco 2950 | Software Configuration Guide - Page 482
    TCP session of a suspected attacker. Note You cannot use the RSPAN destination port to inject traffic from a network security device. The switch does not support ingress forwarding on an RSPAN destination port. 25-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 483
    configure SPAN sessions on disabled ports; however, a SPAN session does not become active unless you enable the destination port and at least one source port for that session. The show monitor session session_number privileged EXEC command displays the operational status of a SPAN session. A SPAN
  • Cisco 2950 | Software Configuration Guide - Page 484
    port receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it could become congested. This could affect traffic forwarding on one or more of the source ports. 25-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 485
    an RSPAN VLAN. • Cisco Discovery Protocol (CDP)-A SPAN destination port does not participate in CDP while the SPAN session is active. After the SPAN session is disabled, the port again participates in CDP. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 25-5
  • Cisco 2950 | Software Configuration Guide - Page 486
    has one or more destination interfaces for each RSPAN VLAN that they support. • RSPAN destination sessions are limited to two, or one if a local SPAN or a source RSPAN session is configured on the same switch. 25-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 487
    in any VLAN spanning tree. SPAN does include BPDUs in the monitored traffic, so any spanning-tree BPDUs received on the SPAN destination port for a SPAN session were copied from the SPAN source ports. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 25-7
  • Cisco 2950 | Software Configuration Guide - Page 488
    session session_number destination interface interface-id [encapsulation {dot1q}] end show monitor [session session_number] copy running-config startup-config Purpose Enter global configuration mode. Clear any existing SPAN configuration for the session. For session_number, specify 1. Specify all
  • Cisco 2950 | Software Configuration Guide - Page 489
    Configuring SPAN This example shows how to set up a SPAN session, session 1, for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is cleared, and then bidirectional traffic is mirrored from source port 1 to destination port 8. Switch(config
  • Cisco 2950 | Software Configuration Guide - Page 490
    a default VLAN. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that does not support 802.1Q encapsulation. Switch(config
  • Cisco 2950 | Software Configuration Guide - Page 491
    EXEC mode, follow these steps to remove a port as a SPAN source for a session: Step 1 Step 2 Command configure terminal no monitor session session_number source interface interface-id [, | -] [both | rx | tx] Step 3 Step 4 Step 5 end show monitor [session session_number] copy running-config
  • Cisco 2950 | Software Configuration Guide - Page 492
    the RSPAN VLAN. - All participating switches support RSPAN. Note The RSPAN VLAN cannot be VLAN 1 (the default VLAN) or VLAN IDs 1002 through 1005 (reserved to Token Ring and FDDI VLANs). • You should create an RSPAN VLAN before configuring an RSPAN source or destination session. • If you enable VTP
  • Cisco 2950 | Software Configuration Guide - Page 493
    it back to a normal VLAN, use the no remote-span VLAN configuration command. This example shows how to create RSPAN VLAN 901. Switch(config)# vlan 901 Switch(config-vlan)# remote span Switch(config-vlan)# end Creating an RSPAN Source Session Beginning in privileged EXEC mode, follow these steps to
  • Cisco 2950 | Software Configuration Guide - Page 494
    25 Configuring SPAN and RSPAN Step 3 Command monitor session session_number source interface interface-id [, | -] [both | rx | tx] Step 4 monitor session session_number destination remote vlan vlan-id reflector-port interface Step 5 Step 6 Step 7 end show monitor [session session_number] copy
  • Cisco 2950 | Software Configuration Guide - Page 495
    port: Step 1 Step 2 Command configure terminal monitor session session_number source remote vlan vlan-id Step 3 monitor session session_number destination interface interface-id [encapsulation {dot1q}] Step 4 Step 5 Step 6 end show monitor [session session_number] copy running-config
  • Cisco 2950 | Software Configuration Guide - Page 496
    EXEC mode, follow these steps to remove a port as an RSPAN source for a session: Step 1 Step 2 Command configure terminal no monitor session session_number source interface interface-id [, | -] [both | rx | tx] Step 3 Step 4 Step 5 end show monitor [session session_number] copy running-config
  • Cisco 2950 | Software Configuration Guide - Page 497
    TX Only : None Both : None Source RSPAN VLAN : None Destination Ports : Fa0/5 Encapsulation: DOT1Q Ingress: Enabled, default VLAN = 5 Reflector Port : None Filter VLANs : None Dest RSPAN VLAN : None 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 25-17
  • Cisco 2950 | Software Configuration Guide - Page 498
    Displaying SPAN and RSPAN Status Chapter 25 Configuring SPAN and RSPAN 25-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 499
    Fundamentals Command Reference for Cisco IOS Release 12.1. This chapter consists of these sections: • Understanding RMON, page 26-1 • Configuring RMON, page 26-2 • Displaying RMON Status, page 26-6 Understanding RMON RMON is an Internet Engineering Task Force (IETF) standard monitoring specification
  • Cisco 2950 | Software Configuration Guide - Page 500
    RMON on your switch. It contains this configuration information: • Default RMON Configuration, page 26-3 • Configuring RMON Alarms and Events, page 26-3 • Configuring RMON Collection on an Interface, page 26-5 26-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 501
    28, "Configuring SNMP." Note RMON configuration, status, and display for remote CPE Fast Ethernet interfaces is supported through SNMP only by using the RMON-MIB. Beginning in privileged EXEC mode, follow these steps to enable RMON alarms and events: Step 1 Step 2 Command configure terminal rmon
  • Cisco 2950 | Software Configuration Guide - Page 502
    string used for this trap. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. To disable an alarm, use the no rmon alarm number global configuration command on each alarm you
  • Cisco 2950 | Software Configuration Guide - Page 503
    . The range is from 1 to 65535. • (Optional) For owner ownername, enter the name of the owner of the RMON group of statistics. end Return to privileged EXEC mode. show running-config Verify your entries. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-5
  • Cisco 2950 | Software Configuration Guide - Page 504
    the RMON history table. Displays the RMON statistics table. For information about the fields in these displays, refer to the Cisco IOS Configuration Fundamentals Command Reference for Cisco IOS Release 12.1. 26-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 505
    system message logging on your Catalyst 2950 or Catalyst 2955 switch. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Configuration Fundamentals Command Reference for Cisco IOS Release 12.1. This chapter consists of these sections
  • Cisco 2950 | Software Configuration Guide - Page 506
    a list of supported facilities, see Table 27-4 on page 27-12. severity Single-digit code from 0 to 7 that is the severity of the message. For a description of the severity levels, see Table 27-3 on page 27-9. 27-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 507
    Table 27-3 on page 27-9). 4096 bytes. 1 message. Disabled. Disabled. Disabled. None configured. Local7 (see Table 27-4 on page 27-12). Informational (and numerically lower levels; see Table 27-3 on page 27-9). 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-3
  • Cisco 2950 | Software Configuration Guide - Page 508
    for other tasks. Use the show memory privileged EXEC command to view the free processor memory on the switch; however, this value is the maximum available, and the buffer size should not be set to this amount. 27-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 509
    Message Logging Configuring System Message Logging Command Step 3 logging host Step 4 logging file flash:filename [max-file-size] [min-file-size] [severity-level-number | type] Step 5 end Step 6 terminal monitor Step 7 show running-config Step 8 copy running-config startup-config Purpose Log
  • Cisco 2950 | Software Configuration Guide - Page 510
    level. • (Optional) For limit number-of-buffers, specify the number of buffers to be queued for the terminal after which new messages are dropped. The default is 20. Return to privileged EXEC mode. 27-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 511
    vty2 (10.34.195.36) This example shows part of a logging display with the service timestamps log uptime global configuration command enabled: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-7
  • Cisco 2950 | Software Configuration Guide - Page 512
    default, sequence numbers in log messages are not displayed. Beginning in privileged EXEC mode, follow these steps to enable sequence numbers in log messages: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal service sequence-numbers end show running-config copy running-config startup
  • Cisco 2950 | Software Configuration Guide - Page 513
    information; switch functionality is not affected. • Reload requests and low-process stack messages, displayed at the informational level. This message is only for information; switch functionality is not affected. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27
  • Cisco 2950 | Software Configuration Guide - Page 514
    to the default level, use the no logging history global configuration command. To return the number of messages in the history table to the default value, use the no logging history size global configuration command. 27-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 515
    Purpose Enter global configuration mode. Log messages to a UNIX syslog server host by entering its IP address. To build a list of syslog servers that receive logging messages, enter this command more than once. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-11
  • Cisco 2950 | Software Configuration Guide - Page 516
    Logging Chapter 27 Configuring System Message Logging Command Step 3 logging trap level Step 4 logging facility facility-type Step 5 Step 6 Step 7 end show running-config copy running-config startup-config Purpose Limit messages logged to the syslog servers. Be default, syslog servers receive
  • Cisco 2950 | Software Configuration Guide - Page 517
    of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, refer to the Cisco IOS Configuration Fundamentals Command Reference for Cisco IOS Release 12.1. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-13
  • Cisco 2950 | Software Configuration Guide - Page 518
    Displaying the Logging Configuration Chapter 27 Configuring System Message Logging 27-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 519
    (SNMP) on your Catalyst 2950 or Catalyst 2955 switch. Note For complete syntax and usage information for the commands used in this chapter, refer to the switch command reference for this release and to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. This chapter consists
  • Cisco 2950 | Software Configuration Guide - Page 520
    image is installed. Both SNMPv1 and SNMPv2C use a community-based form of security. The community of managers able to access the agent's MIB is defined by an IP address access control list and password and SNMPv3. 28-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 521
    operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-3
  • Cisco 2950 | Software Configuration Guide - Page 522
    , restarts, link status (up or down), MAC address tracking, and so forth. The SNMP agent also responds to MIB-related queries sent by the SNMP manager in get-request, get-next-request, and set-request format. 28-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 523
    and Users, page 28-9 • Configuring SNMP Notifications, page 28-11 • Setting the Agent Contact and Location Information, page 28-14 • Limiting TFTP Servers Used Through SNMP, page 28-14 • SNMP Examples, page 28-15 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-5
  • Cisco 2950 | Software Configuration Guide - Page 524
    remote option. The remote agent's SNMP engine ID and user password are used to compute the authentication and privacy digests. If you do not configure the remote engine ID first, the configuration command fails. 28-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 525
    SNMP agent: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal no snmp-server end show running-config copy running-config startup-config Purpose Enter global configuration mode. Disable the SNMP agent operation. Return to privileged EXEC mode. Verify your entries. (Optional) Save your
  • Cisco 2950 | Software Configuration Guide - Page 526
    -list access-list-number {deny | permit} source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Configure the community string. • For string, specify a string that acts like a password and permits access to
  • Cisco 2950 | Software Configuration Guide - Page 527
    engineID local 1234 • If you select remote, specify the ip-address of the device that contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. The default is 162. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-9
  • Cisco 2950 | Software Configuration Guide - Page 528
    is the default if no keyword is specified. priv-Enables Data Encryption Standard (DES) packet encryption (also called privacy). Note The priv keyword is available only when the cryptographic software image Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 529
    name of the access list. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. Configuring SNMP Notifications A trap manager is a management station that receives and processes
  • Cisco 2950 | Software Configuration Guide - Page 530
    traps or informs to a host: Step 1 Step 2 Command configure terminal snmp-server engineID remote ip-address engineid-string Purpose Enter global configuration mode. Specify the engine ID for the remote host. 28-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 531
    Optional) Define how often to resend trap messages. The range is 1 to 1000; the default is 30 seconds. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-13
  • Cisco 2950 | Software Configuration Guide - Page 532
    be accessed through the configuration file: Step 1 Step 2 Command configure terminal snmp-server contact text Step 3 snmp-server location text Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Set the system contact string
  • Cisco 2950 | Software Configuration Guide - Page 533
    Chapter 28 Configuring SNMP Configuring SNMP Step 3 Command access-list access-list-number {deny | permit} source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Create a standard access list, repeating the command as many times as
  • Cisco 2950 | Software Configuration Guide - Page 534
    displays, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. Table 28-5 Commands for Displaying SNMP Information Feature show snmp show snmp engineID [local | remote] show snmp group show snmp user Default Setting Displays SNMP statistics. Displays information
  • Cisco 2950 | Software Configuration Guide - Page 535
    interface is defined as a management VLAN or any traffic that is going directly to the CPU, such as SNMP, Telnet, or web traffic. You can create ACLs for management interfaces with the standard software image (SI) or the enhanced software image (EI) installed on your switch. However, you must have
  • Cisco 2950 | Software Configuration Guide - Page 536
    , but to prevent another host from accessing the same part. In Figure 29-1, ACLs applied at the switch input allow Host A to access the Human Resources network, but prevent Host B from accessing the same network. 29-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 537
    Layer 4 information. Consider access list 102, configured with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch (config)# access-list 102 deny tcp any host 10.1.1.2 eq telnet Switch (config)# access-list 102 deny
  • Cisco 2950 | Software Configuration Guide - Page 538
    port number, or both at the same time.) Note A mask can be a combination of either multiple Layer 3 and Layer 4 fields or of multiple Layer 2 fields. Layer 2 fields cannot be combined with Layer 3 or Layer 4 fields. 29-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 539
    8 support a combined total of 75 ACEs, ports 9 to 16 support a combined total of 75 ACEs, and so on. For more information, refer to the ip access-group interface command in the command reference for this release. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29
  • Cisco 2950 | Software Configuration Guide - Page 540
    about the commands, refer to the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1. For a list of Cisco IOS features not supported on the switch, see the "Unsupported Features" section on page 29-7. 29-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 541
    Network Security with ACLs Configuring ACLs Unsupported Features The switch does not support these Cisco IOS router ACL-related features: • Non-IP protocol ACLs (see Table 29-2 on page 29-8) • Bridge-group ACLs • IP accounting • ACL support on the outbound direction • Inbound and outbound
  • Cisco 2950 | Software Configuration Guide - Page 542
    be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete individual entries from a named list. 29-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 543
    item.) Note The log option is not supported on the switches. end Return to privileged EXEC mode. show access-lists [number | name] Show the access list configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no access-list access
  • Cisco 2950 | Software Configuration Guide - Page 544
    2. No support for type of service (ToS) minimize monetary cost bit. For more details about the specific keywords relative to each protocol, refer to the Cisco IP and IP Routing Command Reference, Cisco IOS Release 12.1. 29-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 545
    IP Services" section of Cisco IOS IP and IP Routing Configuration Guide, Release 12.1 and the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1. You can apply ACLs only to a management interface or the CPU, such as SNMP, Telnet, or web traffic. 78-11380-10 Catalyst 2950 and
  • Cisco 2950 | Software Configuration Guide - Page 546
    Time Ranges to ACLs" section on page 29-15. show access-lists [number | name] Verify the access list configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. 29-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 547
    address means to test for the TCP destination port number equaling Telnet.) Switch(config)# access-list 102 deny tcp 171.69.198.0 0.0.0.255 172.20.52.0 0.0.0.255 eq telnet Switch(config)# access-list 102 permit tcp any any Switch(config)# end Switch# show access-lists Extended IP access list 102
  • Cisco 2950 | Software Configuration Guide - Page 548
    not supported on the switches. end Return to privileged EXEC mode. show access-lists [number | name] Show the access list configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. Beginning in privileged EXEC mode, follow these steps to create
  • Cisco 2950 | Software Configuration Guide - Page 549
    6 Command show access-lists [number | name] copy running-config startup-config Purpose Show the access list configuration. (Optional) Save your entries in the configuration file. When making the standard and extended ACL, remember that, by default, the end of the ACL contains an implicit deny
  • Cisco 2950 | Software Configuration Guide - Page 550
    188 deny tcp any any time-range thanskgiving_2000 Switch(config)# access-list 188 deny tcp any any time-range christmas_2000 Switch(config)# access-list 188 permit tcp any any time-range workhours Switch(config)# end 29-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 551
    to use outbound Telnet: Switch(config)# ip access-list extended telnetting Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out Switch(config-ext-nacl)# deny tcp host 171.69.2.88 any eq telnet 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-17
  • Cisco 2950 | Software Configuration Guide - Page 552
    mac1 Switch(config-ext-macl)# deny any any decnet-iv Switch(config-ext-macl)# permit any any Switch(config-ext-macl)# end Switch # show access-list Extended MAC access list mac1 deny any any decnet-iv permit any any 29-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 553
    Command configure terminal interface interface-id mac access-group {name} {in} end show mac-access group copy running-config startup-config Purpose Enter global configuration mode. Identify a specific interface for configuration, and enter interface configuration mode. The interface must be a Layer
  • Cisco 2950 | Software Configuration Guide - Page 554
    -class access-list-number {in} end show running-config copy running-config startup-config Purpose Enter global configuration mode. Identify a specific line for configuration, and enter in-line configuration mode. Enter console for the console terminal line. The console port is DCE. Enter vty for
  • Cisco 2950 | Software Configuration Guide - Page 555
    ACL Information Step 4 Step 5 Step 6 Command end show running-config copy running-config startup-config Purpose Return to privileged EXEC mode. Display the access list configuration. (Optional) Save your entries in the configuration file. This example shows how to apply access list 2 on an
  • Cisco 2950 | Software Configuration Guide - Page 556
    .255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is permit Any Inbound access list is 13 29-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 557
    trap link-status no cdp enable end! Examples for Compiling ACLs For detailed information about compiling ACLs, refer to the Security Configuration Guide and the "IP Services" chapter of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1. Figure 29-2 shows a small networked
  • Cisco 2950 | Software Configuration Guide - Page 558
    Chapter 29 Configuring Network Security with ACLs Figure 29-2 Using Switch ACLs to Control Traffic Internet Workstation Cisco router 65289 End workstations This example uses a standard ACL to allow access to a specific Internet host with the address 172.20.128.64. Switch(config)# access-list
  • Cisco 2950 | Software Configuration Guide - Page 559
    Permit only Jones workstation through Switch(config)# access-list 1 permit 171.69.2.88 Switch(config)# access-list 1 remark Do not allow Smith workstation through Switch(config)# access-list 1 deny 171.69.3.13 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-25
  • Cisco 2950 | Software Configuration Guide - Page 560
    outbound Telnet: Switch(config)# ip access-list extended telnetting Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out Switch(config-ext-nacl)# deny tcp 171.69.0.0 0.0.255.255 any eq telnet 29-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 561
    (CMS) or through the command-line interface (CLI). Refer to the CMS online help for configuration procedures through CMS. For information about accessing and using CMS, see Chapter 4, "Getting Started with CMS." 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-1
  • Cisco 2950 | Software Configuration Guide - Page 562
    as Layer 2 802.1Q trunks, all traffic is in 802.1Q frames except for traffic in the native VLAN. Other frame types cannot carry Layer 2 CoS values. Layer 2 CoS values range from 0 for low priority to 7 for high priority. 30-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 563
    Chapter 30 Configuring QoS Understanding QoS • Prioritization bits in Layer 3 packets Layer 3 IP packets can carry a Differentiated Services Code Point (DSCP) value. The supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. Figure 30-1 QoS Classification Layers in Frames
  • Cisco 2950 | Software Configuration Guide - Page 564
    to the configured policer, and the policer limits the bandwidth consumed by a flow of CoS, determines into which of the egress queues to place the packet, then services the queues according to the configured weights. 60979 30-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 565
    a CoS value, the switch assigns the default port CoS value to the incoming frame. • Trust the CoS value in the incoming frame (configure the port to trust CoS). Layer 2 802.1Q frame headers carry the CoS value in the three most-significant bits of the Tag Control Information field. CoS values
  • Cisco 2950 | Software Configuration Guide - Page 566
    switch enters the policy-map configuration mode. In this mode, you specify the actions to take on a specific traffic class by using the class policy-map configuration or set policy-map class configuration command. To make the policy map effective, you attach it to an interface by using the service
  • Cisco 2950 | Software Configuration Guide - Page 567
    a policy map by using the policy-map configuration command. When configuring policing and policers, keep these items in mind: • By default, no policers are configured. • Policers can only be configured on a physical port. There is no support for policing at a VLAN level. • Only one policer can be
  • Cisco 2950 | Software Configuration Guide - Page 568
    , it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS. A tagged frame continues to use its assigned CoS value when it passes through the ingress port. 30-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 569
    are serviced by WRR scheduling. You can enable the egress expedite queue and assign WRR weights to the other queues by using the wrr-queue bandwidth weight1 weight2 weight3 0 global configuration command. Configuring Auto-QoS Note This feature is available only if your switch is running the EI. You
  • Cisco 2950 | Software Configuration Guide - Page 570
    . Table 30-3 Auto-QoS Configuration for the Egress Queues Egress Queue Expedite 70% WRR 20% WRR 10% WRR Queue Number 4 3 2 1 CoS-to-Queue Map 5 3, 6, 7 2, 4 0,1 Queue Weight - 70 percent 20 percent 10 percent 30-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 571
    voip cisco-phone command, the switch automatically enables the trusted boundary feature, which uses the CDP to detect the presence or absence of a Cisco IP Phone. Switch(config-if)# mls qos trust device cisco-phone 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 572
    select queue 2. • CoS values 3, 6, and 7 select queue 3. • CoS value 5 selects queue 4 (expedite queue). Because the expedite queue (queue 4) contains the VoIP data traffic, the queue is serviced until empty. 30-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 573
    application. Note When a device running Cisco SoftPhone is connected to a port, the switch supports only one Cisco SoftPhone application per port. • To take advantage of the auto-QoS defaults, you should enable auto-QoS before you configure other QoS commands. If necessary, you can fine-tune
  • Cisco 2950 | Software Configuration Guide - Page 574
    your configuration file: 1. Upgrade your switch to Cisco IOS Release 12.2(20)EA2 or later. 2. Disable auto-QoS on all ports on which auto-QoS was enabled. 3. Return all the global auto-QoS settings to their default values by using the no commands. 4. Re-enable auto-QoS on the ports on which auto-QoS
  • Cisco 2950 | Software Configuration Guide - Page 575
    one of these commands: • show mls qos • show mls qos map cos-dscp • show wrr-queue bandwidth • show wrr-queue cos-map For more information about these commands, refer to the command reference for this release. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-15
  • Cisco 2950 | Software Configuration Guide - Page 576
    the EI and Catalyst 3550 switches. The object of this example is to prioritize the VoIP traffic over all other traffic. To do so, enable auto-QoS on the switches at the edge of the QoS domains in the wiring closets. 30-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 577
    11 show auto qos Step 12 copy running-config startup-config Purpose Enable debugging for auto-QoS. When debugging is enabled, the switch displays the QoS configuration that is automatically generated when auto-QoS is enabled. Enter global configuration mode. Enable CDP globally. By default, it
  • Cisco 2950 | Software Configuration Guide - Page 578
    DSCP-to-CoS map is shown in Table 30-8. • The default scheduling method for the egress queues is strict priority. • For default CoS and WRR values, see the "Configuring the Egress Queues" section on page 30-37. 30-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 579
    Note In software releases earlier than Cisco IOS Release 12.1(11)EA1, the switch uses the CoS value of incoming packets without modifying the DSCP value. You can configure this by enabling pass-through mode on the port. For more information, see the "Enabling Pass-Through Mode" section on page 30-25
  • Cisco 2950 | Software Configuration Guide - Page 580
    , the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every switch within the QoS domain. Figure 30-4 shows a sample network topology. 30-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 581
    2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the interface to be trusted, and enter interface configuration mode. Valid interfaces include physical interfaces. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 582
    Standard QoS Chapter 30 Configuring QoS Command Step 3 mls qos trust [cos | dscp] Step 4 Step 5 Step 6 end show mls qos interface [interface-id] [policers] copy running-config startup-config Purpose Configure the port trust state. By default, the port is not trusted. The keywords have
  • Cisco 2950 | Software Configuration Guide - Page 583
    to all incoming packets on the port: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal interface interface-id mls qos cos {default-cos | override} end show mls qos interface copy running-config startup-config Purpose Enter global configuration mode. Specify the interface to be
  • Cisco 2950 | Software Configuration Guide - Page 584
    Step 5 mls qos trust device cisco-phone Step 6 mls qos trust cos Step 7 Step 8 Step 9 end show mls qos interface [interface-id] [policers] copy running-config startup-config Purpose Enter global configuration mode. Enable CDP globally. By default, it is enabled. Specify the interface to be
  • Cisco 2950 | Software Configuration Guide - Page 585
    the DSCP value. end Return to privileged EXEC mode. show mls qos interface [interface-id] Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-25
  • Cisco 2950 | Software Configuration Guide - Page 586
    cos pass-through dscp interface configuration command when the mls qos cos override and the mls qos trust [cos | dscp] interface commands are already configured, pass-through mode is disabled. Configuring a QoS Policy Note This feature is available only if your switch is running the EI. Configuring
  • Cisco 2950 | Software Configuration Guide - Page 587
    list access-list-number {permit | remark} {source source-wildcard | host source | any} end show access-lists copy running-config startup-config Purpose Enter global configuration mode. Create an IP standard ACL, repeating the command as many times as necessary. For access-list-number, enter the ACL
  • Cisco 2950 | Software Configuration Guide - Page 588
    [operator port] [dscp dscp-value] [time-range time-range-name] Step 3 end Purpose Enter global configuration mode. Create an IP extended ACL, repeating the command as many 29-15. Return to privileged EXEC mode. 30-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 589
    with TCP port number 25: Switch(config)# access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.1.2 0.0.0.0 eq 25 Beginning in privileged EXEC mode, follow these steps to create a Layer 2 MAC ACL for Layer 2 traffic: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command Purpose configure terminal
  • Cisco 2950 | Software Configuration Guide - Page 590
    -echo |vines-ip | xns-idp] class-map class-map-name Create a class map, and enter class-map configuration mode. By default, no class maps are defined. For class-map-name, specify the name of the class map. 30-30 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 591
    Configuring QoS Configuring Standard QoS Step 4 Command match {access-group acl-index | access-group name acl-name | ip dscp dscp-list} Step 5 Step 6 Step 7 end show class-map [class-map-name] copy running-config startup-config Purpose Define the match criterion to classify traffic. By default
  • Cisco 2950 | Software Configuration Guide - Page 592
    ACL created in Step 2. Note In a policy map, the class named class-default is not supported. The switch does not filter traffic based on the policy map defined by the class class-default policy-map configuration command. 30-32 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 593
    map per interface per direction is supported. Step 11 end Return to privileged EXEC mode. Step 12 show policy-map [policy-map-name class Verify your entries. class-name] Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file. To delete an existing
  • Cisco 2950 | Software Configuration Guide - Page 594
    maclist2 Switch(config-pmap-c)# set ip dscp 48 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# mls qos trust cos Switch(config-if)# service-policy input macpolicy1 Configuring CoS Maps
  • Cisco 2950 | Software Configuration Guide - Page 595
    to the default map, use the no mls qos map cos-dscp global configuration command. This example shows how to modify and display the CoS-to-DSCP map: Switch# configure terminal Switch(config)# mls qos map cos-dscp 8 8 8 8 24 32 56 56 Switch(config)# end Switch# show mls qos maps cos-dscp Cos-dscp map
  • Cisco 2950 | Software Configuration Guide - Page 596
    is the default. Switch(config)# mls qos map dscp-cos 26 48 to 7 Switch(config)# exit Switch# show mls qos maps dscp-cos Dscp-cos map: dscp: 0 8 10 16 18 24 26 32 34 40 46 48 56 cos: 0 1 1 2 2 3 7 4 4 5 5 7 7 30-36 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 597
    7 4 Return to privileged EXEC mode. Display the mapping of the CoS priority queues. To disable the new CoS settings and return to default settings, use the no wrr-queue cos-map global configuration command. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-37
  • Cisco 2950 | Software Configuration Guide - Page 598
    queues. The range of WRR weights for weight1, weight2, and weight3 is 1 to 255. end Return to privileged EXEC mode. show wrr-queue bandwidth Display the WRR bandwidth allocation for the CoS priority queues. 30-38 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 599
    for the CoS priority queues. 1. Available only on a switch running the EI. 2. Access control parameters are called masks in the switch CLI commands and output. Standard QoS Configuration Examples Note These examples are applicable only if your switch is running the EI. This section shows a QoS
  • Cisco 2950 | Software Configuration Guide - Page 600
    by using the switchport priority default override interface configuration command. For Catalyst 2950 and Catalyst 2900 XL switches and other 3500 XL models that do not have the override feature, the Catalyst 3550-12T switch at the distribution layer can override the 802.1p CoS value by using the mls
  • Cisco 2950 | Software Configuration Guide - Page 601
    the ingress interface. Return to global configuration mode. Assign a higher WRR weight to queue 4. Configure the CoS-to-egress-queue map so that CoS values 6 and 7 select queue 4. Return to privileged EXEC mode. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-41
  • Cisco 2950 | Software Configuration Guide - Page 602
    QoS Command Step 18 show class-map videoclass show policy-map videopolicy show mls qos maps [cos-dscp | dscp-cos] Step 19 copy running-config startup-config Purpose Verify your entries. (Optional) Save your entries in the configuration file. 30-42 Catalyst 2950 and Catalyst 2955 Switch Software
  • Cisco 2950 | Software Configuration Guide - Page 603
    configure EtherChannel on the Layer 2 interfaces of a Catalyst 2950 or Catalyst 2955 switch. EtherChannel provides fault-tolerant high-speed links between switches, routers your switch and another switch or host. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-1
  • Cisco 2950 | Software Configuration Guide - Page 604
    in Figure 31-2. You then manually assign an interface to the EtherChannel by using the channel-group interface configuration command. Each EtherChannel has a logical port-channel interface numbered from 1 to 6. 31-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 605
    interfaces with the same speed, duplex mode, native VLAN, VLAN range, and trunking status and type. After grouping the links into an EtherChannel, PAgP adds the group to the spanning tree as a single switch port. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-3
  • Cisco 2950 | Software Configuration Guide - Page 606
    silent partner prevents that switch port from ever becoming operational; however, the silent setting allows PAgP to operate, to attach the interface to a channel group, and to use the interface for transmission. 31-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 607
    . Caution You should exercise care when setting the mode to on (manual configuration). All ports configured in the on mode are bundled in the same group and are forced to have similar characteristics. If the group is misconfigured, packet loss or spanning-tree loops might occur. Physical Learners
  • Cisco 2950 | Software Configuration Guide - Page 608
    and forwarding method by using the port-channel load-balance global configuration command. In Figure 31-3, multiple workstations are connected to a switch, and an EtherChannel connects the switch to the router. Source-based load balancing is used on the switch end of the EtherChannel to ensure that
  • Cisco 2950 | Software Configuration Guide - Page 609
    interface apply to all the physical interfaces assigned to the port-channel interface, and configuration changes applied to the physical interface affect only the interface where you apply the configuration. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-7
  • Cisco 2950 | Software Configuration Guide - Page 610
    EtherChannels are configured on switch interfaces, remove the EtherChannel configuration from the interfaces before globally enabling 802.1x on a switch by using the dot1x system-auth-control global configuration command. 31-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 611
    PAgP-type EtherChannels on Catalyst 2950 Long-Reach Ethernet (LRE) switch ports. Configuring Layer 2 EtherChannels You configure Layer 2 EtherChannels by configuring the Ethernet interfaces with the channel-group interface configuration command, which creates the port-channel logical interface. You
  • Cisco 2950 | Software Configuration Guide - Page 612
    and LACP Modes" section on page 31-4. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. 31-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380
  • Cisco 2950 | Software Configuration Guide - Page 613
    global configuration command. end Return to privileged EXEC mode. show etherchannel load-balance Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31
  • Cisco 2950 | Software Configuration Guide - Page 614
    Step 3 Step 4 Step 5 Step 6 Command configure terminal interface interface-id lacp port-priority priority-value end show running-config or show lacp channel-group-number internal copy running-config startup-config Purpose Enter global configuration mode. Specify the interface for transmission, and
  • Cisco 2950 | Software Configuration Guide - Page 615
    based on: • LACP port-priority • Port ID All ports default to the same port priority. You can change the port priority of LACP EtherChannel ports to specify which hot standby links become active first by using the lacp port-priority interface configuration command to set the port priority to a value
  • Cisco 2950 | Software Configuration Guide - Page 616
    Displaying EtherChannel, PAgP, and LACP Status Chapter 31 Configuring EtherChannels Step 3 Step 4 Step 5 end show running-config or show lacp channel-group-number internal copy running-config startup-config Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the
  • Cisco 2950 | Software Configuration Guide - Page 617
    (LRE) Catalyst 2950 switch. Note For complete syntax and usage information for the commands used in this chapter, refer to the command reference for this release and the Cisco IOS Command Summary for Cisco IOS Release 12.1. This chapter consists of these sections: • Using Recovery Procedures, page
  • Cisco 2950 | Software Configuration Guide - Page 618
    switch power cord. Reconnect the power cord to the switch. The software image does not load. The switch starts in boot loader mode, which is indicated by the switch# prompt. Use the boot loader to enter commands, and start the transfer. switch# copy xmodem: flash:image_filename.bin When the Xmodem
  • Cisco 2950 | Software Configuration Guide - Page 619
    Troubleshooting Using Recovery Procedures Step 4 Press the Mode button, and at the same time, reconnect the power cord to the switch. You can release the Mode button a second or two after the LED above port 1X turns off. Several lines of information about the software appear, as do instructions
  • Cisco 2950 | Software Configuration Guide - Page 620
    Troubleshooting Recovering from Lost or Forgotten Passwords on Catalyst 2950 LRE Switches An end user with physical access to the switch can recover from a lost password by interrupting the boot process during power-on and by entering a new password. This is the default configuration for Catalyst
  • Cisco 2950 | Software Configuration Guide - Page 621
    software: flash_init load_helper boot Follow these steps when the password-recovery is enabled: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Initialize the flash file system: switch# flash_init If you had set the console port speed to anything other than 9600, it has been reset to that
  • Cisco 2950 | Software Configuration Guide - Page 622
    show running-config privileged EXEC command. To re-enable the interface, enter the interface vlan vlan-id global configuration command, and specify the VLAN ID of the shutdown interface. With the switch in interface configuration mode, enter the no shutdown command. Procedure with Password Recovery
  • Cisco 2950 | Software Configuration Guide - Page 623
    Mode button had not been pressed; you cannot access the boot loader prompt, and you cannot enter a new password. You see the message: Press Enter to continue........ • If you enter y (yes), the configuration file in flash memory and the VLAN database file are deleted. When the default configuration
  • Cisco 2950 | Software Configuration Guide - Page 624
    Recovery Procedures Chapter 32 Troubleshooting Note This procedure is likely to leave your switch VLAN interface in a shutdown state. You can see which interface is in this state by entering the show running-config privileged EXEC command. To re-enable the interface, enter the interface vlan vlan
  • Cisco 2950 | Software Configuration Guide - Page 625
    the Catalyst 2955T-12 switch, the port 1 LED blinks green, and the port 2 LED is off during the initial appearance of the boot loader prompt. Initialize the flash file system: switch# flash_init Step 6 Step 7 If you set the console port speed to anything other than 9600, it has been reset to that
  • Cisco 2950 | Software Configuration Guide - Page 626
    Using Recovery Procedures Step 14 Enter global configuration mode: switch# configure terminal Step 15 Change the password: switch(config)# enable secret or switch(config)# enable password Step 16 Return to privileged EXEC mode: switch(config)# exit switch# Step 17 Write
  • Cisco 2950 | Software Configuration Guide - Page 627
    console port, refer to the switch hardware installation guide. At the switch prompt, enter privileged EXEC mode: Switch> enable Switch# Enter the password of the failed command switch. Enter global configuration mode. Switch# configure terminal Enter configuration commands, one per line. End with
  • Cisco 2950 | Software Configuration Guide - Page 628
    details about using the console port, refer to the switch hardware installation guide. At the switch prompt, enter privileged EXEC mode: Switch> enable Switch# Enter the password of the failed command switch. 32-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 629
    Chapter 32 Troubleshooting Using Recovery Procedures Step 5 Use the setup program to configure the switch IP information. This program prompts you for IP address information and passwords. From privileged EXEC mode, enter setup, and press Return. Switch# setup --- System Configuration Dialog ---
  • Cisco 2950 | Software Configuration Guide - Page 630
    the switch places the interface in an error-disabled state. Note If you are using a non-Cisco approved CWDM GBIC or SFP module, remove the GBIC or SFP module from the switch, and replace it with a Cisco-approved module. 32-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 631
    Chapter 32 Troubleshooting Diagnosing Connectivity Problems After inserting a Cisco-approved GBIC or SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state. After the
  • Cisco 2950 | Software Configuration Guide - Page 632
    Problems Chapter 32 Troubleshooting Note Though other protocol keywords are available with the ping command, they are not supported in this release. This example shows how to ping an IP host: Switch host. 32-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 633
    traceroute feature is not supported. When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and an error message appears. • This feature is not supported in Token Ring VLANs. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 32-17
  • Cisco 2950 | Software Configuration Guide - Page 634
    } [detail] For more information, refer to the command reference for this release. Diagnosing LRE Connection Problems Table 32-2 lists problems that you might encounter when configuring and monitoring the LRE ports on the Catalyst 2950 LRE switches. For more information about LRE connections, see
  • Cisco 2950 | Software Configuration Guide - Page 635
    : • Enabling Debugging on a Specific Feature, page 32-20 • Enabling All-System Diagnostics, page 32-20 • Redirecting Debug and Error Message Output, page 32-21 • Using the debug auto qos Command, page 32-21 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 32-19
  • Cisco 2950 | Software Configuration Guide - Page 636
    privileged EXEC command generates more output than any other debug command, it can severely diminish switch performance or even render it unusable. In virtually all cases, it is best to use more specific debug commands. 32-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 637
    Step 4 auto qos voip {cisco-phone | trust} Purpose Enable debugging for auto-QoS. When debugging is enabled, the switch displays the QoS commands that are automatically generated when auto-QoS is enabled or disabled. Enter global configuration mode. Enter interface configuration mode, and specify
  • Cisco 2950 | Software Configuration Guide - Page 638
    Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# auto qos voip cisco-phone Using the show controllers Commands You can display the statistics, configuration, and other information about the Catalyst 2950 LRE switch, the
  • Cisco 2950 | Software Configuration Guide - Page 639
    entering the show stacks or the show tech-support privileged EXEC command. You also can access the file by using any command that can copy or display files, such as the more or the copy privileged EXEC command. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 32-23
  • Cisco 2950 | Software Configuration Guide - Page 640
    Using the crashinfo File Chapter 32 Troubleshooting 32-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 641
    • CISCO-IETF-VDSL-LINE-MIB (Catalyst 2950 Long-Reach Ethernet [LRE] only) • CISCO-IGMP-FILTER-MIB • CISCO-IMAGE-MIB • CISCO-LRE-CPR-MIB (Catalyst 2950 LRE only) • CISCO-MAC-NOTIFICATION-MIB • CISCO-MEMORY-POOL-MIB 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide A-1
  • Cisco 2950 | Software Configuration Guide - Page 642
    -IP-MIB • OLD-CISCO-MEMORY-MIB • OLD-CISCO-SYSTEM-MIB • OLD-CISCO-TCP-MIB • OLD-CISCO-TS-MIB • RFC1213-MIB • RFC1398-MIB • RMON-MIB (RFC 1757) • RS-232-MIB • SNMPv2-MIB • SNMPv2-SMI • SNMPv2-TC • TCP-MIB • UDP-MIB Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide A-2 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 643
    the /pub/mibs/v2. Use the get MIB_filename command to obtain a copy of the MIB file. You can also access information about MIBs on the Cisco website: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide A-3
  • Cisco 2950 | Software Configuration Guide - Page 644
    Using FTP to Access the MIB Files Appendix A Supported MIBs Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide A-4 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 645
    Catalyst 2950 or 2955 flash file system, how to copy configuration files, and how to archive (upload and download) software images. Note For complete syntax and usage information for the commands used in this chapter, refer to the command reference for this release and the Cisco IOS Configuration
  • Cisco 2950 | Software Configuration Guide - Page 646
    the Flash File System Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Displaying Available File Systems To display the available file systems on your switch, use the show file systems privileged EXEC command as shown in this example: Switch# show file
  • Cisco 2950 | Software Configuration Guide - Page 647
    system does not already contain a configuration file with the same name. Similarly, before copying a flash configuration file to another location, you might want to verify its filename for use in another command. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-3
  • Cisco 2950 | Software Configuration Guide - Page 648
    , semicolons, or colons. Verify your entry. To delete a directory with all its files and subdirectories, use the delete /force /recursive filesystem:/file-url privileged EXEC command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-4 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 649
    to the same device (for example, the copy flash: flash: command is invalid) For specific examples of using the copy command with configuration files, see the "Working with Configuration Files" section on page B-8. To copy software images either by downloading a new version or uploading the existing
  • Cisco 2950 | Software Configuration Guide - Page 650
    command writes the contents of the new-configs directory on the local flash device to a file named saved.tar on the TFTP server at 172.20.10.30: Switch# archive tar /create tftp:172.20.10.30/saved.tar flash:/new-configs Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-6 78
  • Cisco 2950 | Software Configuration Guide - Page 651
    Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying the Contents of a tar File To display the contents of a tar file on the screen, use this privileged EXEC command -10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-7
  • Cisco 2950 | Software Configuration Guide - Page 652
    load, and maintain configuration files. You can create a basic configuration file by using the setup program or by entering the setup privileged EXEC command. For more information, see Chapter 5, "Assigning the Switch IP Address and Default Gateway." You can copy (download) configuration files from
  • Cisco 2950 | Software Configuration Guide - Page 653
    , and ports and modules are not disabled. • If no passwords have been set on the switch, you must set them on each switch by entering the enable secret secret-password global configuration command. Enter a blank line for this command. The password is saved in the configuration file as clear text
  • Cisco 2950 | Software Configuration Guide - Page 654
    ). Make sure the permissions on the file are set to world-read. Copying Configuration Files By Using TFTP You can configure the switch by using configuration files you create, download from another switch, or download from a TFTP server. You can copy (upload) configuration files to a TFTP
  • Cisco 2950 | Software Configuration Guide - Page 655
    directory]/filename] system:running-config • copy tftp:[[[//location]/directory]/filename] nvram:startup-config 78-11380-10 The configuration file downloads, and the commands are executed as the file is parsed line-by-line. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-11
  • Cisco 2950 | Software Configuration Guide - Page 656
    Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images This example shows how to configure the software from the file tokyo-confg at IP address 172.16.2.155: Switch# copy tftp://172.16.2.155/tokyo-confg system:running-config Configure using tokyo-confg from 172
  • Cisco 2950 | Software Configuration Guide - Page 657
    the switch through the console port or a Telnet session. Enter global configuration mode on the switch. This step is required only if you override the default remote username or password (see Steps 4, 5, and 6). 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-13
  • Cisco 2950 | Software Configuration Guide - Page 658
    the Cisco IOS File System, Configuration Files, and Software Images Step 4 Step 5 Step 6 Step 7 Command Purpose ip ftp username username (Optional) Change the default remote username. ip ftp password password (Optional) Change the default password. end Return to privileged EXEC mode. copy
  • Cisco 2950 | Software Configuration Guide - Page 659
    (Optional) Change the default remote username. ip ftp password password (Optional) Change the default password. end Return to privileged EXEC mode. copy system:running-config Using FTP, store the switch running or startup configuration ftp:[[[//[username[:password]@]location]/directory] file
  • Cisco 2950 | Software Configuration Guide - Page 660
    Files Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images The RCP requires a client to send a remote username with each RCP request to a server. When you copy a configuration file from the switch to a server, the software sends the first valid username
  • Cisco 2950 | Software Configuration Guide - Page 661
    privileged EXEC mode, follow these steps to download a configuration file by using RCP: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal ip rcmd remote-username username end copy rcp:[[[//[username@]location]/directory]/filename] system:running-config or copy rcp:[[[//[username
  • Cisco 2950 | Software Configuration Guide - Page 662
    netadmin2 Switch(config)# end Switch# copy nvram:startup-config rcp: Remote host[]? 172.16.101.101 Name of configuration file to write [switch2-confg]? Write file switch2-confg on host 172.16.101.101?[confirm] ![OK] B-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78
  • Cisco 2950 | Software Configuration Guide - Page 663
    software, Cisco IOS code, and the web management HTML files. You download a switch image file from a TFTP, FTP, or RCP server to upgrade the switch software. You can replace the current image with the new one or keep the current image in flash memory after a download. You upload a switch image file
  • Cisco 2950 | Software Configuration Guide - Page 664
    images and the supported upgrade paths, refer to the release notes. Image Location on the Switch The software image is stored as a .bin file in a directory that shows the version number. A subdirectory contains the HTML files needed for web management. The image is stored on the system board flash
  • Cisco 2950 | Software Configuration Guide - Page 665
    between subnets. Check connectivity to the TFTP server by using the ping command. • Ensure that the image to be downloaded is in the correct directory on the TFTP server (usually /tftpboot on a UNIX workstation). 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-21
  • Cisco 2950 | Software Configuration Guide - Page 666
    B Working with the Cisco IOS File System, Configuration Files, and Software Images • For download operations, ensure that the permissions on the file are set correctly. The permission on the file should be world-read. • Before uploading the image file, you might need to create an empty file on
  • Cisco 2950 | Software Configuration Guide - Page 667
    version, you must specify the /overwrite option. The Catalyst 2950 LRE switch supports only one complete set of Cisco IOS, HTML, LRE binary files, and one Cisco IOS binary file on the flash device. You cannot have two complete image sets on the flash device. If you specify the /leave-old-sw, the
  • Cisco 2950 | Software Configuration Guide - Page 668
    ftp password commands to specify a username and password for all copies. Include the username in the archive download-sw or archive upload-sw privileged EXEC command if you want to specify a username only for that operation. B-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 669
    to the "Preparing to Download or Upload an Image File By Using FTP" section on page B-24. Log into the switch through the console port or a Telnet session. Enter global configuration mode. This step is required only if you override the default remote username or password (see Steps 4, 5, and
  • Cisco 2950 | Software Configuration Guide - Page 670
    B Working with the Cisco IOS File System, Configuration Files, and Software Images Step 7 Step 8 Command Purpose archive download-sw /overwrite /reload ftp:[[//username[:password]@location]/directory] /image-name.tar Download the image file from the FTP server to the switch, and overwrite the
  • Cisco 2950 | Software Configuration Guide - Page 671
    "Preparing to Download or Upload a Configuration File By Using FTP" section on page B-13. Log into the switch through the console port or a Telnet session. configure terminal Enter global configuration mode. This step is required only if you override the default remote username or password (see
  • Cisco 2950 | Software Configuration Guide - Page 672
    , the Cisco IOS image, the HTML files, and info.ver. After these files are uploaded, the upload algorithm creates the tar file format. Caution For the download and upload algorithms to operate properly, do not rename image names. Copying Image Files By Using RCP You can download a switch image from
  • Cisco 2950 | Software Configuration Guide - Page 673
    referring to the "Preparing to Download or Upload an Image File By Using RCP" section on page B-28. Log into the switch through the console port or a Telnet session. Enter global configuration mode. This step is required only if you override the default remote username (see Steps 4 and 5). (Optional
  • Cisco 2950 | Software Configuration Guide - Page 674
    . If you specify the /leave-old-sw, the existing files are not removed. If there is not enough room to install the new image an keep the running image, the download process stops, and an error message appears. B-30 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 675
    referring to the "Preparing to Download or Upload an Image File By Using RCP" section on page B-28. Log into the switch through the console port or a Telnet session. Enter global configuration mode. This step is required only if you override the default remote username (see Steps 4 and 5). (Optional
  • Cisco 2950 | Software Configuration Guide - Page 676
    Cisco IOS image, the HTML files, and info.ver. After these files are uploaded, the upload algorithm creates the tar file format. Caution For the download and upload algorithms to operate properly, do not rename image names. B-32 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 677
    ports 11-2 configuration limitations 17-16 encapsulation 17-15 native VLAN for untagged traffic 17-21 802.1s See MSTP 802.1w See RSTP 802.1x See port-based authentication 802.3z flow control 11-13 A abbreviating commands 2-4 AC (command switch) 7-11, 7-21 access-class command 29-20 access control
  • Cisco 2950 | Software Configuration Guide - Page 678
    MSTP 15-20 for STP 14-8, 14-22 MAC address table 8-23 maximum for MSTP 15-21 for STP 14-22 alarms, RMON 26-3 allowed-VLAN list 17-19 American National Standards Institute See ANSI ANSI 1-7 IN-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 679
    database blocking packets 22-5 booting boot loader, function of 5-2 boot process 5-1 manually 5-13 specific image 5-13 boot loader accessing 5-14 described 5-2 environment variables 5-14 prompt 5-14 trap-door mechanism 5-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-3
  • Cisco 2950 | Software Configuration Guide - Page 680
    a relay 3-7 setting a secondary temperature threshold 3-6 default alarm configuration 3-4 displaying Catalyst 2955 switch alarms 3-11 enabling SNMP traps 3-11 FCS error hysteresis threshold 3-2 global status monitoring alarms power supply alarm 3-2 temperature alarm 3-2 port status monitoring alarms
  • Cisco 2950 | Software Configuration Guide - Page 681
    recovery 7-11 CLI 7-23 host names 7-15 IP addresses 7-14 LRE profiles 7-17 management VLAN 7-16 passwords 7-15 RADIUS 7-16 SNMP 7-15, 7-24 switch-specific features 7-17 TACACS+ 7-16 redundancy 7-21 troubleshooting 7-23 verifying 7-22 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software
  • Cisco 2950 | Software Configuration Guide - Page 682
    command modes 2-1 commands abbreviating 2-4 no and default 2-4 setting privilege levels 9-8 command switch accessing 7-12 active (AC) 7-11, 7-21 command switch with HSRP disabled (CC) 7-21 configuration conflicts 32-14 defined 7-2 enabling 7-18 passive (PC) 7-11, 7-21 password privilege levels 7-24
  • Cisco 2950 | Software Configuration Guide - Page 683
    using TFTP B-12 VMPS database 17-26 configuration modes, CMS 4-5 configuration settings, saving 5-11 configure terminal command 11-5 configuring duplex mode 13-11 for an LRE upgrade 13-24 LRE ports 13-8 speed on Cisco 575 LRE CPE 13-11 config-vlan mode 2-2, 17-6 Index conflicts, configuration 32-14
  • Cisco 2950 | Software Configuration Guide - Page 684
    D daylight saving time 8-14 debugging enabling all system diagnostics 32-20 enabling for a specific feature 32-20 redirecting error message output 32-21 using commands 32-19 default commands 2-4 default configuration 802.1x 10-9 auto-QoS 30-10 banners 8-19 booting 5-12 CDP 24-2 DHCP 20-5 DHCP option
  • Cisco 2950 | Software Configuration Guide - Page 685
    B-11, B-13, B-16 reasons for B-8 using FTP B-13 using RCP B-17 using TFTP B-11 image files deleting old image B-23 preparing B-21, B-24, B-28 reasons for B-19 using CMS 4-15 using FTP B-25 using RCP B-29 using TFTP B-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-9
  • Cisco 2950 | Software Configuration Guide - Page 686
    described 31-2 numbering of 31-2 port groups 11-3 source MAC address forwarding 31-6 EtherChannel guard described 16-11 enabling 16-18 Ethernet VLANs adding 17-8 defaults and ranges 17-8 modifying 17-8 IN-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 687
    accessing MIB files A-3 configuration files downloading B-13 overview B-12 preparing the server B-13 uploading B-14 image files deleting old image B-27 downloading B-25 preparing the server B-24 uploading B-27 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-11
  • Cisco 2950 | Software Configuration Guide - Page 688
    cluster recovery 7-14 cluster standby group considerations 7-12 See also clusters, cluster standby group, and standby command switch I ICMP ping executing 32-15 overview 32-15 IDS, using with SPAN and RSPAN 25-2 IE2100 CNS embedded agents described 6-5 enabling automated configuration 6-6 enabling
  • Cisco 2950 | Software Configuration Guide - Page 689
    78-11380-10 Index interfaces Cisco IOS supported 1-8 configuration guidelines 11-10 configuring 11-5 configuring duplex mode 11-10 configuring speed 11-10 counters, clearing 11-16 described 11-14 descriptive name, adding 11-14 displaying information about 11-15 flow control 11-13 monitoring 11-15
  • Cisco 2950 | Software Configuration Guide - Page 690
    access 7-2 command switch 7-3, 7-12, 7-14 discovering 8-28 management VLAN 7-16 redundant clusters 7-12 standby command switch 7-12, 7-14 See also IP information ip igmp profile command 21-22 IP information assigned manually 5-10 through DHCP-based autoconfiguration 5-3 default configuration 5-3 IP
  • Cisco 2950 | Software Configuration Guide - Page 691
    considerations in switch clusters 7-17 lre shutdown command 13-6 LRE switch, upgrading firmware 13-23 LRE technology 13-1 See also LRE ports and CPE LRE upstream power back-off 13-21 M MAC addresses aging time 8-23 and VLAN association 8-22 building the address table 8-22 default configuration 8-23
  • Cisco 2950 | Software Configuration Guide - Page 692
    MSTP 15-21 membership mode, VLAN port 17-3 member switch adding 7-19 automatic discovery 7-5 defined 7-2 managing 7-23 passwords 7-14 recovering from lost connectivity 32-14 requirements 7-4 See also candidate switch, cluster standby group, and standby command switch menu bar,variations 4-4 message
  • Cisco 2950 | Software Configuration Guide - Page 693
    with probe 25-1 port protection 22-13 port protection 22-13 speed and duplex mode 11-12 traffic flowing among switches 26-1 traffic suppression 22-13 VLANs 17-14 VMPS 17-30 VTP 18-16 MSTP boundary ports configuration guidelines 15-12 described 15-5 BPDU filtering described 16-3 enabling 16-15 BPDU
  • Cisco 2950 | Software Configuration Guide - Page 694
    modes 17-6 defined 17-1 note, described xxx NSM 6-3 NTP associations authenticating 8-4 defined 8-2 enabling broadcast messages 8-7 peer 8-6 server 8-6 default configuration 8-4 displaying the configuration 8-11 overview 8-2 IN-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 695
    9-1 recovery of 32-2 setting enable 9-3 enable secret 9-4 Telnet 9-6 with usernames 9-7 VTP domain 18-8 patch panel 1-16 path cost MSTP 15-18 STP 14-19 PBX 1-15 78-11380-10 PC (passive command switch) 7-11, 7-21 performing an LRE upgrade 13-24 persistence, LRE link 13-19 per-VLAN spanning-tree
  • Cisco 2950 | Software Configuration Guide - Page 696
    LRE 13-1 priority 30-8 protected 22-4 secure 22-7 speed, setting and checking 13-11 static-access 17-3, 17-11 switch 11-1 trunks 17-15 VLAN assignments 17-11 See also CPE See also LRE ports port scheduling 30-8 IN-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 697
    , assigning 13-13 private VLAN edge ports See protected ports privileged EXEC mode 2-2 privilege levels changing the default for lines 9-9 command switch 7-24 exiting 9-10 logging into 9-10 mapping on member switches 7-24 overview 9-2, 9-8 setting a command with 9-8 profile acquisition, automatic
  • Cisco 2950 | Software Configuration Guide - Page 698
    described 30-7 number of 30-7 types of 30-7 policing, described 30-4, 30-7 policy maps characteristics of 30-31 configuring 30-31 displaying 30-39 queueing, defined 30-4 scheduling, defined 30-4 support for 1-6 IN-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • Cisco 2950 | Software Configuration Guide - Page 699
    14-8 multidrop backbone 16-5 path cost 17-24 port priority 17-22 redundant clusters See cluster standby group redundant links and UplinkFast 16-16 reloading software 5-16 Remote Authentication Dial-In User Service See RADIUS Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-23
  • Cisco 2950 | Software Configuration Guide - Page 700
    26-5 collecting group history 26-5 root guard described 16-11 enabling 16-19 support for 1-5 root switch MSTP 15-14 STP 14-14 RSPAN configuration guidelines 25-12 default configuration 25-7 destination ports 25-4 displaying status 25-17 IDS 25-2 interaction with other features 25-5 monitored
  • Cisco 2950 | Software Configuration Guide - Page 701
    12-2 SNAP 24-1 SNMP accessing MIB variables with 28-4 agent described 28-4 disabling 28-7 community strings configuring 28-7 for cluster switches 28-4 overview 28-4 configuration examples 28-15 default configuration 28-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN
  • Cisco 2950 | Software Configuration Guide - Page 702
    -8 software images location in flash B-20 recovery procedures 32-2 scheduling reloads 5-16 tar file format, described B-20 See also downloading and uploading source addresses, in ACLs 29-12 SPAN configuration guidelines 25-7 default configuration 25-7 destination ports 25-4 displaying status 25-17
  • Cisco 2950 | Software Configuration Guide - Page 703
    See cluster standby group and HSRP startup configuration booting manually 5-13 specific image 5-13 clearing B-19 configuration file automatically downloading 5-12 specifying the filename 5-12 default boot configuration 5-12 static access ports assigning to VLAN 17-11 defined 11-2, 17-3 static
  • Cisco 2950 | Software Configuration Guide - Page 704
    switched ports 11-1 Switch Manager 4-9 switchport block multicast command 22-6 switchport block unicast command 22-6 switchport protected command 22-5 switch priority MSTP 15-19 STP 14-20 syslog See system message logging IN-28 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
  • Cisco 2950 | Software Configuration Guide - Page 705
    Telnet accessing management interfaces 2-9 accessing the CLI 1-8 from a browser 2-10 setting a password 9-6 Terminal Access Controller Access Control System Plus See TACACS+ terminal lines, setting a password 9-6 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN
  • Cisco 2950 | Software Configuration Guide - Page 706
    29-3 traffic policing 1-6 transparent mode, VTP 18-3, 18-12 trap-door mechanism 5-2 traps configuring MAC address notification 8-24 configuring managers 28-11 defined 28-3 enabling 8-24, 28-11 notification types 28-11 overview 28-1, 28-4 troubleshooting connectivity problems 32-15 detecting
  • Cisco 2950 | Software Configuration Guide - Page 707
    details 13-26 configuring for 13-24 controller configuration 13-25 example 13-26 global configuration 13-25 LRE switch firmware upgrade 13-23 performing 13-24 upgrading software, VLAN considerations 18-8 upgrading software images See downloading UplinkFast described 16-3 enabling 16-16 support for
  • Cisco 2950 | Software Configuration Guide - Page 708
    -12 creating in config-vlan mode 17-8 creating in VLAN configuration mode 17-9 default configuration 17-7 deleting 17-10 described 11-3, 17-1 displaying 17-14 extended-range 17-1, 17-12 illustrated 17-2 modifying 17-8 native, configuring 17-21 normal-range 17-1, 17-4 parameters 17-4 port membership
  • Cisco 2950 | Software Configuration Guide - Page 709
    18-9 version 1 18-4 version 2 configuration guidelines 18-9 disabling 18-13 enabling 18-13 overview 18-4 W Weighted Round Robin See WRR wizards 4-6 WRR configuring 30-38 defining 30-9 description 30-9 X Xmodem protocol 32-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-33
  • Cisco 2950 | Software Configuration Guide - Page 710
    Index IN-34 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
  • 493
  • 494
  • 495
  • 496
  • 497
  • 498
  • 499
  • 500
  • 501
  • 502
  • 503
  • 504
  • 505
  • 506
  • 507
  • 508
  • 509
  • 510
  • 511
  • 512
  • 513
  • 514
  • 515
  • 516
  • 517
  • 518
  • 519
  • 520
  • 521
  • 522
  • 523
  • 524
  • 525
  • 526
  • 527
  • 528
  • 529
  • 530
  • 531
  • 532
  • 533
  • 534
  • 535
  • 536
  • 537
  • 538
  • 539
  • 540
  • 541
  • 542
  • 543
  • 544
  • 545
  • 546
  • 547
  • 548
  • 549
  • 550
  • 551
  • 552
  • 553
  • 554
  • 555
  • 556
  • 557
  • 558
  • 559
  • 560
  • 561
  • 562
  • 563
  • 564
  • 565
  • 566
  • 567
  • 568
  • 569
  • 570
  • 571
  • 572
  • 573
  • 574
  • 575
  • 576
  • 577
  • 578
  • 579
  • 580
  • 581
  • 582
  • 583
  • 584
  • 585
  • 586
  • 587
  • 588
  • 589
  • 590
  • 591
  • 592
  • 593
  • 594
  • 595
  • 596
  • 597
  • 598
  • 599
  • 600
  • 601
  • 602
  • 603
  • 604
  • 605
  • 606
  • 607
  • 608
  • 609
  • 610
  • 611
  • 612
  • 613
  • 614
  • 615
  • 616
  • 617
  • 618
  • 619
  • 620
  • 621
  • 622
  • 623
  • 624
  • 625
  • 626
  • 627
  • 628
  • 629
  • 630
  • 631
  • 632
  • 633
  • 634
  • 635
  • 636
  • 637
  • 638
  • 639
  • 640
  • 641
  • 642
  • 643
  • 644
  • 645
  • 646
  • 647
  • 648
  • 649
  • 650
  • 651
  • 652
  • 653
  • 654
  • 655
  • 656
  • 657
  • 658
  • 659
  • 660
  • 661
  • 662
  • 663
  • 664
  • 665
  • 666
  • 667
  • 668
  • 669
  • 670
  • 671
  • 672
  • 673
  • 674
  • 675
  • 676
  • 677
  • 678
  • 679
  • 680
  • 681
  • 682
  • 683
  • 684
  • 685
  • 686
  • 687
  • 688
  • 689
  • 690
  • 691
  • 692
  • 693
  • 694
  • 695
  • 696
  • 697
  • 698
  • 699
  • 700
  • 701
  • 702
  • 703
  • 704
  • 705
  • 706
  • 707
  • 708
  • 709
  • 710
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Catalyst 2950 and Catalyst 2955 Switch
Software Configuration Guide
Cisco IOS Release 12.1(20)EA2
May 2004
Customer Order Number: DOC-7811380=
Text Part Number: 78-11380-10