Cisco 2950G 24 Software Configuration Guide
Cisco 2950G 24 - Catalyst Switch Manual
 |
UPC - 746320687711
View all Cisco 2950G 24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Cisco 2950G 24 manual content summary:
- Cisco 2950G 24 | Software Configuration Guide - Page 1
Catalyst 2950 Desktop Switch Software Configuration Guide Cisco IOS Release 12.1(11)EA1 and 12.1(11)YJ November 2002 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer - Cisco 2950G 24 | Software Configuration Guide - Page 2
SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL relationship Catalyst 2950 Desktop Switch Software Configuration Guide Copyright © 2001-2002, Cisco Systems, Inc. All rights - Cisco 2950G 24 | Software Configuration Guide - Page 3
Assistance xxx Cisco.com xxxi Technical Assistance Center xxxi Cisco TAC Website xxxi Cisco TAC Escalation Center Catalyst 2950 Switches 1-18 Long-Distance, High-Bandwidth Transport Configuration 1-20 Where to Go Next 1-21 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 4
10 Topology Icons 3-12 Device and Link Labels 3-13 Colors in the Topology View 3-14 Topology Display Options 3-15 Menus and Toolbar 3-15 Menu Bar 3-15 Toolbar 3-20 Front Panel View Popup Menus 3-21 Device Popup Menu 3-21 Port Popup Menu 3-21 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 5
DHCP-Based Autoconfiguration 4-3 DHCP Client Request Process 4-4 Configuring the DHCP Server 4-5 Configuring the TFTP Server 4-5 Configuring the DNS 4-6 Configuring the Relay Device 4-6 Obtaining Configuration Files 4-7 Catalyst 2950 Desktop Switch Software Configuration Guide v - Cisco 2950G 24 | Software Configuration Guide - Page 6
-CDP-Capable and Noncluster-Capable Devices 6-7 Discovery through the Same Management VLAN 6-8 Discovery through Different Management VLANs 6-9 Discovery of Newly Installed Switches 6-10 HSRP and Standby Command Switches 6-12 Catalyst 2950 Desktop Switch Software Configuration Guide vi 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 7
Privilege Level for Lines 7-9 Logging into and Exiting a Privilege Level 7-10 Controlling Switch Access with TACACS+ 7-10 Understanding TACACS+ 7-10 TACACS+ Operation 7-12 Configuring TACACS+ 7-12 Default TACACS+ Configuration 7-13 Catalyst 2950 Desktop Switch Software Configuration Guide vii - Cisco 2950G 24 | Software Configuration Guide - Page 8
NTP Configuration 7-43 Configuring Time and Date Manually 7-43 Setting the System Clock 7-44 Displaying the Time and Date Configuration 7-44 Configuring the Time Zone 7-45 Configuring Summer Time (Daylight Saving Time) 7-46 Catalyst 2950 Desktop Switch Software Configuration Guide viii 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 9
8-7 Enabling 802.1X Authentication 8-8 Configuring the Switch-to-RADIUS-Server Communication 8-9 Enabling Periodic Re-Authentication 8-10 Manually Re-Authenticating a Client Connected to a Port 8-11 Changing the Quiet Period 8-11 Catalyst 2950 Desktop Switch Software Configuration Guide ix - Cisco 2950G 24 | Software Configuration Guide - Page 10
9-19 10 C H A P T E R Configuring LRE 10-1 Ports on the 2950 LRE 10-1 LRE Links and LRE Profiles 10-2 LRE Profiles 10-2 LRE Sequences 10-4 CPE Ethernet Links 10-5 Configuring LRE Ports 10-5 Environmental Guidelines for LRE Links 10-6 Catalyst 2950 Desktop Switch Software Configuration Guide x 78 - Cisco 2950G 24 | Software Configuration Guide - Page 11
to All LRE Ports 10-9 Assigning a Sequence to a Specific LRE Port 10-10 Using Rate Selection to Automatically Assign Profiles 10-10 Precedence 10-11 Profile Locking 10-11 Link Qualification and SNR Margins 10-12 LRE Link Persistence 10-14 LRE Link Monitor 10-14 Upgrading LRE Switch Firmware 10-15 - Cisco 2950G 24 | Software Configuration Guide - Page 12
Boundary Ports 12-10 Interoperability with 802.1D STP 12-11 Configuring RSTP and MSTP Features 12-11 Default RSTP and MSTP Configuration 12-12 RSTP and MSTP Configuration Guidelines 12-12 Specifying the MST Region Configuration and Enabling MSTP 12-13 Configuring the Root Switch 12-14 Catalyst 2950 - Cisco 2950G 24 | Software Configuration Guide - Page 13
Convergence 13-7 Limitations 13-8 Connecting the Stack Ports 13-8 Understanding BackboneFast 13-10 Understanding Root Guard 13-12 Understanding Loop Guard 13-13 Configuring Optional Spanning-Tree Tree Status 13-21 Contents 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide xiii - Cisco 2950G 24 | Software Configuration Guide - Page 14
Sharing Using STP Path Cost 14-23 Configuring VMPS 14-24 Understanding VMPS 14-25 Dynamic Port VLAN Membership 14-25 VMPS Database Configuration File 14-26 Default VMPS Configuration 14-27 VMPS Configuration Guidelines 14-28 Catalyst 2950 Desktop Switch Software Configuration Guide xiv 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 15
Troubleshooting Dynamic Port 12 Enabling VTP Version 2 15-13 Enabling VTP Pruning 15-14 Adding a VTP Client Switch to a VTP Domain 15-15 Monitoring VTP 15-16 Configuring Voice VLAN 16-1 Understanding Voice VLAN 16-1 Configuring Voice VLAN 16-2 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 16
16-3 Configuring a Port to Connect to a Cisco 7960 IP Phone 16-3 Configuring Ports to Carry Voice Traffic in 802.1Q Frames 16-4 Configuring Ports to Carry Voice Traffic Displaying IGMP Filtering Configuration 17-24 Catalyst 2950 Desktop Switch Software Configuration Guide xvi 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 17
an Interface 20-4 Monitoring and Maintaining CDP 20-5 Configuring SPAN and RSPAN 21-1 Understanding SPAN and RSPAN 21-1 SPAN and RSPAN Concepts and Terminology 21-3 Catalyst 2950 Desktop Switch Software Configuration Guide xvii - Cisco 2950G 24 | Software Configuration Guide - Page 18
Creating a SPAN Session and Specifying Ports to Monitor 21-9 Removing Ports from a SPAN Session 21-11 Specifying VLANs to Monitor 21-12 Specifying VLANs to Filter 21-13 23-3 Disabling and Enabling Message Logging 23-4 xviii Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 19
Access Control Parameters 25-4 Guidelines for Applying ACLs to Physical Interfaces 25-6 Configuring ACLs 25-6 Unsupported Features 25-7 Creating Standard and Extended IP ACLs 25-7 Catalyst 2950 Desktop Switch Software Configuration Guide xix - Cisco 2950G 24 | Software Configuration Guide - Page 20
Class of Service Works 26-7 Port Priority 26-8 Port Scheduling 26-8 10 Configuring Classification Using Port Trust States 26-10 Configuring the Trust State on Ports within the QoS Domain 26-11 Configuring the CoS Value for an Interface 26-13 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 21
CoS Maps 26-24 Configuring the CoS Troubleshooting 28-1 LRE Statistics 28-1 Using Recovery Procedures 28-6 Recovering from Corrupted Software 28-6 Recovering from a Lost or Forgotten Password 28-6 Recovering from a Command Switch Failure 28-8 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 22
E N D I X Replacing a Failed Command Switch with a Cluster Member 28-9 Replacing a Failed Command Switch with Another Switch 28-10 Recovering from Lost Member Connectivity 28-11 Preventing Autonegotiation Mismatches 28-12 Troubleshooting LRE Port Configuration 28-12 GBIC and SFP Module Security and - Cisco 2950G 24 | Software Configuration Guide - Page 23
Cisco.com B-21 Copying Image Files By Using TFTP B-22 Preparing to Download or Upload an Image File By Using TFTP B-22 Downloading an Image File By Using TFTP B-23 Uploading an Image File By Using TFTP B-24 Using RCP B-32 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide xxiii - Cisco 2950G 24 | Software Configuration Guide - Page 24
Contents xxiv Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 25
This guide provides information about configuring and troubleshooting a Catalyst 2950 or Catalyst 2950 Long-Reach Ethernet (LRE) switch or switch clusters. It includes descriptions of the management interface options and the features supported by the switch software. The non-LRE switch is supported - Cisco 2950G 24 | Software Configuration Guide - Page 26
at Service and Support > Technical Documents. On the Cisco Product Documentation home page, select Release 12.1 from the Cisco IOS Software drop-down list. Note This guide describes the features for Catalyst 2950 switches. Cisco IOS Release 12.1(11)EA1 is not for use with the Long-Reach Ethernet - Cisco 2950G 24 | Software Configuration Guide - Page 27
. Chapter 10, "Configuring LRE," describes how to configure LRE-specific features on your switch. Chapter 11, "Configuring STP," describes how to configure the Spanning Tree Protocol (STP) on your switch. Chapter 12, "Configuring RSTP and MSTP," describes how to configure the Cisco implementation of - Cisco 2950G 24 | Software Configuration Guide - Page 28
that could result in equipment damage or loss of data. Tip Means the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information. xxviii Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 29
GBIC Installation Notes (not orderable but is available on Cisco.com) • Cisco LRE CPE Hardware Installation Guide (order number DOC-7811469=) • Installation Notes for the Cisco LRE 48 POTS Splitter (not orderable but is available on Cisco.com) • Release Notes for the Catalyst 2950 Desktop Switch, 12 - Cisco 2950G 24 | Software Configuration Guide - Page 30
, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site. Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 31
technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register: http://www.cisco.com/register/ 78-14982-01 Catalyst 2950 Desktop Switch - Cisco 2950G 24 | Software Configuration Guide - Page 32
level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number. xxxii Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 33
. Table 1-1 Switches Supported Switch Catalyst 2950-12 Software Image SI1 Catalyst 2950-24 SI Catalyst 2950C-24 EI2 Catalyst 2950G-12-EI EI Catalyst 2950G-24-EI EI Catalyst 2950G-24-EI-DC EI Catalyst 2950G-48-EI EI Catalyst 2950SX-24 SI Catalyst 2950T-24 EI Catalyst 2950ST-24-LRE - Cisco 2950G 24 | Software Configuration Guide - Page 34
converters (GBIC); GigaStack is not supported on the 2950 LRE Note Most Catalyst 2950 features also work on the Catalyst 2950 LRE switch, with the difference that LRE switches use Long-Reach Ethernet rather than Fast Ethernet and Gigabit for the Gigabit ports. For information about the Cisco LRE - Cisco 2950G 24 | Software Configuration Guide - Page 35
frames larger than 1500 bytes. The Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, and 2950G-48-EI switches running Cisco IOS Release 12.1(6)EA2 or later support frame sizes from 1500 to 1530 bytes • Per-port broadcast storm control for preventing faulty end stations from degrading overall system - Cisco 2950G 24 | Software Configuration Guide - Page 36
Fast-enabled ports that receive BPDUs - BPDU filtering for preventing a Port Fast-enabled port from sending or receiving BPDUs - Root guard for preventing switches outside the network core from becoming the spanning-tree root Catalyst 2950 Desktop Switch Software Configuration Guide 1-4 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 37
2950-12, Catalyst 2950-24, and Catalyst 2950SX-24 switches support only 64 port-based VLANs. • The switch supports up to 4094 VLAN IDs to allow service provider networks to support the number of VLANs allowed by the IEEE 802.1Q standard (available only with the EI) • IEEE 802.1Q trunking protocol - Cisco 2950G 24 | Software Configuration Guide - Page 38
on 10/100 ports and 8 Mbps on 10/100/1000 ports - Out-of-profile markdown for packets that exceed bandwidth utilization limits Note Policing is available only in the EI. • Egress Policing and Scheduling of Egress Queues-Four egress queues on all switch ports. Support for strict priority and weighted - Cisco 2950G 24 | Software Configuration Guide - Page 39
Chapter 24, "Configuring SNMP." Advantages of Using CMS and Clustering Switches Using CMS and switch clusters can simplify and minimize your configuration and monitoring tasks. You can use Cisco switch clustering technology to manage up to 16 interconnected and supported Catalyst switches through - Cisco 2950G 24 | Software Configuration Guide - Page 40
monitor interconnected Catalyst switches (refer to the release notes for a list of supported switches), regardless of their geographic proximity and interconnection media, including Ethernet, Fast Ethernet, Fast EtherChannel, Cisco GigaStack Gigabit Interface Converter (GBIC), Gigabit Ethernet, and - Cisco 2950G 24 | Software Configuration Guide - Page 41
Use switches that support at least two queues per port Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches through GigaStack GBIC connections. When you use a stack of Catalyst 2950G-48 switches, you can connect up to 432 users. To preserve switch connectivity if one switch - Cisco 2950G 24 | Software Configuration Guide - Page 42
configuration) to other Gigabit Ethernet devices. Using the required Cisco proprietary signaling and cabling, the GigaStack GBIC-to-GigaStack GBIC connection cannot exceed 3 feet (1 meter). - Catalyst 2950 LRE switches support SFP GBIC as well as 10/100/1000 copper connections • Redundant Gigabit - Cisco 2950G 24 | Software Configuration Guide - Page 43
the amount of traffic that travels over a network backbone, thereby increasing the bandwidth available to each user and improving server response time. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 1-11 - Cisco 2950G 24 | Software Configuration Guide - Page 44
Cisco 2600 router Catalyst 2900, Catalyst 2950, Catalyst 3550, and Catalyst 3500 GigaStack cluster 100 Mbps (200 Mbps full duplex) Gigabit server 1 Gbps (2 Gbps full duplex) Gigabit server 10/100 Mbps (20/200 Mbps full duplex) 81634 Single workstations 1-12 Catalyst 2950 Desktop Switch - Cisco 2950G 24 | Software Configuration Guide - Page 45
SoftPhone software integrates telephony and IP networks, and the IP network supports both voice and data. Each 10/100 inline-power port on the Catalyst 3524-PWR XL switches provides -48 VDC power to the Cisco IP Phone. The IP phone can receive redundant power when it also is connected to an AC power - Cisco 2950G 24 | Software Configuration Guide - Page 46
. • Cisco Access gateway (such as Cisco Access Digital Trunk Gateway or Cisco Access Analog Trunk Gateway) that connects the IP network to the Public Switched Telephone Network (PSTN) or to users in an IP telephony network. 1-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 47
GigaStack cluster 1 Gbps (2 Gbps full duplex) Catalyst 3524-PWR GigaStack cluster Workstations running Cisco SoftPhone software IP IP Cisco IP Phones IP IP IP Cisco IP Phones Network Configuration Examples 81636 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 1-15 - Cisco 2950G 24 | Software Configuration Guide - Page 48
LRE profile named LRE-998-15-4. The Catalyst 2950 LRE switches are cascaded through their 10/100/1000 switch ports. Each switch also has a 10/100/1000 connection to an aggregation switch, such as a 3550-12G switch. The aggregation switch can connect to: • Accounting, billing, and provisioning - Cisco 2950G 24 | Software Configuration Guide - Page 49
to which they are connected. The Catalyst 2950 LRE switch ports support the same software features as 10/100/1000 switch ports. For example, you can configure port-based VLANs on the LRE ports to provide individual port security and protected ports to further prevent unwanted broadcasts within the - Cisco 2950G 24 | Software Configuration Guide - Page 50
a configuration for a Gigabit Ethernet MAN ring using Catalyst 3550 multilayer switches as aggregation switches in the mini-point-of-presence (POP) location. These switches are connected through 1000BASE-X GBIC ports. The resident switches can be Catalyst 2950 switches, providing customers with high - Cisco 2950G 24 | Software Configuration Guide - Page 51
Network Configuration Examples Figure 1-6 Catalyst 2950 Switches in a MAN Configuration Cisco 12000 Gigabit switch routers Catalyst 6500 switches Si Si Service Provider POP Catalyst 3550 Si multilayer switches Si Si Mini-POP Si Gigabit MAN Si Si Catalyst switches Set-top box TV - Cisco 2950G 24 | Software Configuration Guide - Page 52
not apply to the Catalyst 2950 LRE switches. Figure 1-7 shows a configuration for transporting Gigabits of data from one location to an off-site backup facility over a single fiber-optic cable. The Catalyst switches have Coarse Wave Division Multiplexer (CWDM) fiber-optic GBIC modules installed. The - Cisco 2950G 24 | Software Configuration Guide - Page 53
start up information: • Chapter 2, "Using the Command-Line Interface" • Chapter 3, "Getting Started with CMS" • Chapter 4, "Assigning the Switch IP Address and Default Gateway" • Chapter 5, "Configuring IE2100 CNS Agents" 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 1-21 - Cisco 2950G 24 | Software Configuration Guide - Page 54
Where to Go Next Chapter 1 Overview 1-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 55
used when the switch reboots. To access the various configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and line configuration mode. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 2-1 - Cisco 2950G 24 | Software Configuration Guide - Page 56
command. To return to privileged EXEC mode, press Ctrl-Z or enter end. Use this mode for all upgrade related commands (for further information on upgrading, see the "Upgrading LRE Switch Firmware" section on page 10-15). Catalyst 2950 Desktop Switch Software Configuration Guide 2-2 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 57
For example: Switch# di? dir disable disconnect Complete a partial command name. For example: Switch# sh conf Switch# show configuration List all commands available for a particular command mode. For example: Switch> ? 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 2-3 - Cisco 2950G 24 | Software Configuration Guide - Page 58
configure port 4 on a switch, you enter: switch(config)#interface fa 0/4 To configure port 4 on a 10/100 module in the first module slot on the switch, you enter: switch(config)#interface fa 1/4 • Interface type-Each switch in the Catalyst 2950 and Catalyst 3550 platform supports different types - Cisco 2950G 24 | Software Configuration Guide - Page 59
• Port number-The number of the physical port on the switch. Refer to your switch for the port numbers. Abbreviating Commands You have to enter only enough characters for the switch to enter with the command are displayed. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 2-5 - Cisco 2950G 24 | Software Configuration Guide - Page 60
setting of the terminal history global configuration command and history line configuration command. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. Catalyst 2950 Desktop Switch Software Configuration Guide 2-6 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 61
a specific line to have enhanced editing mode, enter this command in line configuration mode: Switch(config-line)# editing To globally disable enhanced editing mode, enter this command in line configuration mode: Switch(config-line)# no editing 78-14982-01 Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 62
line to Press Ctrl-B, or press the Move the cursor back one character. make changes or corrections. left arrow key. end of the word. Designate a particular keystroke as Press Ctrl-V or Esc Q. an executable command, perhaps as a shortcut. Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 63
line, but you can scroll back and check the syntax at the beginning of the command. To scroll back to the beginning of the extends beyond one line. When the cursor first reaches the end of the line, the line is shifted ten spaces to the Catalyst 2950 Desktop Switch Software Configuration Guide 2-9 - Cisco 2950G 24 | Software Configuration Guide - Page 64
The switch supports up to 16 simultaneous Telnet sessions. Changes made by one Telnet user are reflected in all other Telnet sessions. After you connect through the console port or through a Telnet session, the user EXEC prompt appears on the management station. 2-10 Catalyst 2950 Desktop Switch - Cisco 2950G 24 | Software Configuration Guide - Page 65
IP information and a Telnet password to the switch or command switch, as described in the release Cisco Systems Access page. To prevent unauthorized access to CMS and the CLI, exit your browser to end the browser session. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 66
Accessing the CLI from a Browser Chapter 2 Using the Command-Line Interface 2-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 67
• Topology View, page 3-10 • Menus and Toolbar, Catalyst 2950 and Catalyst 2950 LRE switches. Refer to the appropriate switch documentation for descriptions of the web-based management software used on other Catalyst switches. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 68
front-panel image of a specific switch or the front-panel images of all switches in a cluster. From this view, you can select multiple ports or multiple switches and configure them with the performing tasks from the window. Catalyst 2950 Desktop Switch Software Configuration Guide 3-2 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 69
, the button displays the legend of icons and color codes. Click Guide or Expert interaction mode to change how some configuration options are presented to you. 65717 Front Panel view of the cluster. Topology view of the cluster. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration - Cisco 2950G 24 | Software Configuration Guide - Page 70
switches in this window. Figure 3-2 Front Panel View from a 2950 LRE Command Switch cluster1 10.1.1.2 Cluster tree. Right-click a member switch switch image to display the cluster pop-up menu, and select a cluster- related option. 86458 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 71
only the front panel of the specific switch (see Figure 3-5 for a 2950 switch and Figure 3-4 for a 2950 LRE switch). Figure 3-4 Front Panel View from a Standalone 2950 LRE Switch 2950-24 2950-24 86459 Left-click the Mode button to change the meaning of the port LEDs. LEDs display the current - Cisco 2950G 24 | Software Configuration Guide - Page 72
Panel View Chapter 3 Getting Started with CMS Figure 3-5 Front Panel View from a 2950 non-LRE Standalone Switch 2950-24 2950-24 Left-click the Mode LEDs display the Right-click a port to button to change current port mode display the port pop-up the meaning of the and the status of the menu - Cisco 2950G 24 | Software Configuration Guide - Page 73
All Ports from the port popup menu. Figure 3-7 Port Icons Table 3-2 describes the colors representing the wavelengths on the CWDM GBIC modules. For port status LED information, see the "Port Modes and LEDs" section on page 3-8. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 74
Table 3-3). Certain switches in the switch cluster use a specific RPS model: • Cisco RPS 300 (model PWR300-AC-RPS-N1)-Catalyst 2900 LRE XL, Catalyst 2950, Catalyst 3524-PWR XL, and Catalyst 3550 switches • Cisco RPS 600 (model PWR600-AC-RPS)-Catalyst 2900 XL and Catalyst 3500 XL switches, except the - Cisco 2950G 24 | Software Configuration Guide - Page 75
of the ports or the Ethernet link status on the remote customer premises equipment (CPE) device. This is the default mode except for the Catalyst 2950 LRE switches. Duplex setting on the ports. The default setting on the 10/100 ports is auto. The default setting on the 10/100/1000 ports is full - Cisco 2950G 24 | Software Configuration Guide - Page 76
switch cluster and network neighborhood of the specific command or member switch that you access. To display a different switch cluster, you need to access the command switch or member switch icons to any area in the view. 3-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 77
Cluster View cluster1 Neighboring cluster connected to cluster1. Devices connected to cluster1 that are not eligible to join the cluster. 65722 65723 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 3-11 - Cisco 2950G 24 | Software Configuration Guide - Page 78
, click the link that you want to select. To select multiple links, press the Ctrl key, and click the links that you want to select. 3-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 79
these labels: • Cluster and switch names • Switch MAC and IP addresses • Link type between the devices • Link speed and IDs of the interfaces on both ends of the link When using these selecting View > Topology Options. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 3-13 - Cisco 2950G 24 | Software Configuration Guide - Page 80
Green Cyan Yellow Color Meaning A cluster member, either a member switch or the command switch A candidate switch that is eligible to join the cluster An unknown device or a device that is not eligible to join the cluster 3-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 81
a specific switch, the menu bar displays the features supported only by that switch. • If you launch CMS from a command switch, the menu bar displays the features supported on the switches in the cluster, with these exceptions: - If the command switch is a Layer 3 switch, such as a Catalyst 3550 - Cisco 2950G 24 | Software Configuration Guide - Page 82
or EI). In the event of a failover, the standby command switch must support the same configuration and services that are running on the command switch. - If you have a Catalyst 3550 command switch, the standby command switches should be Catalyst 3550 switches. - If you have a Catalyst 2950 command - Cisco 2950G 24 | Software Configuration Guide - Page 83
group to provide command-switch redundancy. Enter the number of hops away that a command switch looks for members and for candidate switches. Launch Device Manager for a specific switch. Change the host name of a switch. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 3-17 - Cisco 2950G 24 | Software Configuration Guide - Page 84
ports to VLANs, and configure 802.1Q trunks. Display and configure the VLAN Trunking Protocol (VTP) for interswitch VLAN membership. Change the management VLAN on the switch. Configure the VLAN Membership Policy Server (VMPS). 3-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950G 24 | Software Configuration Guide - Page 85
port Catalyst 2950 switch running Release 12.1(6)EA2 or later or a Catalyst 3550 switch running Release 12.1(8)EA1 or later. For more information about system messages, refer to the switch system message guide. Perform a ping, Layer 2 traceroute, or Layer 3 traceroute operation on or to a specific - Cisco 2950G 24 | Software Configuration Guide - Page 86
right on the toolbar. Table 3-12 Toolbar Buttons Toolbar Option Print Preferences1 Save Configuration2 Software Upgrade2 Port Settings1 VLAN1 Inventory Refresh Front Panel same as clicking Help from the active window. 3-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 87
VLAN1 Port Security1 2 Task Display and configure port settings. Define the VLAN mode for a port or ports and add ports to VLANs. Not available for the Catalyst 1900 and Catalyst 2820 switches. Enable port security on a port. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 88
two devices, when you click the link icon and right-click, the Multilink Content window appears (see Figure 3-12). Click the link icon in this window, and right-click to display the link popup menu specific for that link. 3-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 89
popup menu, click an icon, and right-click. Table 3-16 Device Popup Menu of a Cluster Icon Popup Menu Option Expand cluster Properties Task View a cluster-specific topology view. Display information about the device. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 3-23 - Cisco 2950G 24 | Software Configuration Guide - Page 90
of a Command-Switch Icon Popup Menu Option Task Collapse cluster Host Name1 View the neighborhood outside a specific cluster. Change the host name of a switch. Bandwidth Graphs Display in CMS" section on page 3-31. 3-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 91
option that supports guide mode, CMS displays a specific parameter of the feature with information about the parameter field. To configure the feature, you provide the information that CMS requests in each step until you click Finish in the last step. Clicking Cancel at any time closes and ends the - Cisco 2950G 24 | Software Configuration Guide - Page 92
> Contents, provides background information and concepts on the features. • Dialog-specific help, available from Help on the CMS windows, provides procedures for performing to Cisco. We appreciate and value your comments. 3-26 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 93
interface. Enter the first letters of the topic, and click Find to search the index. Click Back and Forward to redisplay previously displayed pages. Click Feedback to send us your comments about the online help. 81677 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 3-27 - Cisco 2950G 24 | Software Configuration Guide - Page 94
to select the specific switch from the Host Name Catalyst 1900 and Catalyst 2820 switches even though they are part of the cluster. Similarly, the Host Name list on the LRE Profiles window only lists the LRE switches in the cluster. 3-28 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 95
in Windows Some window have icons for sorting information in tables, for showing which cells in a table are editable, and for displaying further information from Cisco.com (see Figure 3-16). Figure 3-16 Window Icons 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 3-29 - Cisco 2950G 24 | Software Configuration Guide - Page 96
Service (RADIUS) feature on the switch, you can still access the switch through CMS. For information about how inconsistent authentication configurations in switch clusters can affect access through CMS, see the "TACACS+ and RADIUS" section on page 6-17. 3-30 Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 97
or earlier - Catalyst 2950 member switches running Release 12.0(5)WC2 or earlier - Catalyst 3550 member switches running Release 12.1(6)EA1 or earlier For more information about this limitation, refer to the release notes. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 3-31 - Cisco 2950G 24 | Software Configuration Guide - Page 98
border replaces the red border until you either save or cancel the change. If there is an error in communicating with the switch or if you make an error while performing an action, a message notifies you about the error. 3-32 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 99
your changes to Flash memory, they are lost when the switch restarts. Note Catalyst 1900 and Catalyst 2820 switches automatically save configuration changes to Flash memory as they occur. memory when you exited from CMS. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 3-33 - Cisco 2950G 24 | Software Configuration Guide - Page 100
7, "Administering the Switch" The rest of this guide provides information about and CLI procedures for the software features supported in this release. For CMS procedures and window descriptions, refer to the online help. 3-34 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 101
the operating system. After the boot loader gives the operating system control of the CPU, the boot loader is not active until the next system reset or power-on. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 4-1 - Cisco 2950G 24 | Software Configuration Guide - Page 102
program described earlier. This section contains this configuration information: • Default Switch Information, page 4-3 • Understanding DHCP-Based Autoconfiguration, page 4-3 • Manually Assigning IP Information, page 4-10 Catalyst 2950 Desktop Switch Software Configuration Guide 4-2 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 103
default gateway is defined. No password is defined. The factory-assigned default host name is Switch. No password is defined. Disabled. No DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 4-3 - Cisco 2950G 24 | Software Configuration Guide - Page 104
has had a chance to formally request the address. If the switch accepts replies from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to obtain the switch configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 4-4 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 105
on page 4-6. If your DHCP server is a Cisco device, refer to the "IP Addressing and Services" section in the Cisco IOS IP and IP Routing Configuration Guide for Release 12.1. Configuring the TFTP Server Based on the DHCP server configuration, the switch attempts to download one or more configuration - Cisco 2950G 24 | Software Configuration Guide - Page 106
is a Cisco router, enable 10.0.0.2: router(config-if)# ip helper-address 20.0.0.2 router(config-if)# ip helper-address 20.0.0.3 router(config-if)# ip helper-address 20.0.0.4 On interface 20.0.0.1 router(config-if)# ip helper-address 10.0.0.1 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 107
truncated to eight characters. If the switch cannot read the network-confg, cisconet.cfg, or the hostname file, it reads the router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 4-7 - Cisco 2950G 24 | Software Configuration Guide - Page 108
confg switch2 Switch-3 00e0.9f1e.2003 10.0.0.23 255.255.255.0 10.0.0.10 10.0.0.2 maritsu or 10.0.0.3 switch3-confg switch3 Switch-4 00e0.9f1e.2004 10.0.0.24 255.255.255.0 10.0.0.10 10.0.0.2 maritsu or 10.0.0.3 switch4-confg switch4 Catalyst 2950 Desktop Switch Software Configuration Guide 4-8 78 - Cisco 2950G 24 | Software Configuration Guide - Page 109
). • It reads the configuration file that corresponds to its host name; for example, it reads switch1-confg from the TFTP server. Switches 2 through 4 retrieve their configuration files and IP addresses in the same way. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 4-9 - Cisco 2950G 24 | Software Configuration Guide - Page 110
to manually assign IP information to multiple switched virtual interfaces (SVIs) or ports: Step 12.1 no service pad service timestamps debug uptime service timestamps log datetime no service password-encryption service sequence-numbers 4-10 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 111
tree portfast trunk ! interface FastEthernet0/12 switchport mode access switchport voice vlan 4011 no ip address shutdown spanning-tree portfast trunk ! interface GigabitEthernet0/1 no ip address shutdown ! interface GigabitEthernet0/2 Catalyst 2950 Desktop Switch Software Configuration Guide 4-11 - Cisco 2950G 24 | Software Configuration Guide - Page 112
traps MAC-Notification ! line con 0 password letmein line vty 0 4 password letmein login line vty 5 15 password letmein login ! end To store the configuration or changes you or more startup-config privileged EXEC command. 4-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 113
Registrar supports an embedded CNS Directory Service. In this mode, no external directory or other data store is required. In server mode, the Configuration Registrar supports the use of a user-defined external directory. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 5-1 - Cisco 2950G 24 | Software Configuration Guide - Page 114
of the syntax check. The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server. Catalyst 2950 Desktop Switch Software Configuration Guide 5-2 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 115
switch must match the configID for the corresponding switch definition on the Configuration Registrar. The configID is fixed at boot time and cannot be changed until reboot, even when the switch host name is reconfigured. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 5-3 - Cisco 2950G 24 | Software Configuration Guide - Page 116
is analogous to the switch source address so that the switch can be targeted as a specific destination on the bus. All switches configured with the cns to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual. Catalyst 2950 Desktop Switch Software Configuration Guide 5-4 78- - Cisco 2950G 24 | Software Configuration Guide - Page 117
with the CNS configuration agent. The CNS configuration agent feature supports the switch by providing: • Initial configurations • Incremental (partial) relay agent default gateway 71445 Access layer switches 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 5-5 - Cisco 2950G 24 | Software Configuration Guide - Page 118
setup prompt, do nothing: The switch begins the initial configuration as described in the "Initial Configuration" section on page 5-5. When the full configuration file is loaded on your switch, you need to do nothing else. Catalyst 2950 Desktop Switch Software Configuration Guide 5-6 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 119
the device to the template. Note For more information about running the setup program and creating templates on the Configuration Registrar, refer to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 5-7 - Cisco 2950G 24 | Software Configuration Guide - Page 120
not supported. end Return to privileged EXEC mode. show cns event connections Verify information about the event agent. show running-config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 121
seconds, enter the interval between successive ping attempts. The range is 1 to 30 seconds. The default is 10 seconds. • (Optional) For retries num, enter the number of ping retries. The range is 1 to 30. The default is 5. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 5-9 - Cisco 2950G 24 | Software Configuration Guide - Page 122
is replaced with example, Ethernet, Group- switch serial number as the unique ID, enter hostname (the default) to select the switch host name as the unique ID, or enter an arbitrary text string for string string as the unique ID. 5-10 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 123
exit Switch(config)# hostname RemoteSwitch RemoteSwitch(config)# ip route 10.1.1.1 255.255.255.255 11.11.11.1 RemoteSwitch(config)# cns id Ethernet 0 ipaddress RemoteSwitch(config)# cns config initial 10.1.1.1 no-persist 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 5-11 - Cisco 2950G 24 | Software Configuration Guide - Page 124
the switch: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal cns config partial {ip-address | hostname} [port-number] [source ip-address] end show , use the cns config cancel privileged EXEC command. 5-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 125
event agent connections. Displays statistics about the CNS event agent. Displays a list of event agent subjects that are subscribed to by applications. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 5-13 - Cisco 2950G 24 | Software Configuration Guide - Page 126
Displaying CNS Configuration Chapter 5 Configuring IE2100 CNS Agents 5-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 127
capable Catalyst switches, but it does not provide complete descriptions of the cluster features for these other switches. For complete cluster information for a specific Catalyst platform, refer to the software configuration guide for that switch. 78-14982-01 Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 128
, and the required software versions. These sections describe: • Command Switch Characteristics, page 6-3 • Standby Command Switch Characteristics, page 6-3 • Candidate Switch and Member Switch Characteristics, page 6-4 Catalyst 2950 Desktop Switch Software Configuration Guide 6-2 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 129
• If the Catalyst 2950 standby command switch is running a release earlier than Release 12.1(9)EA1, it is connected to the command switch and to other standby command switches and member switches through its management VLAN. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 6-3 - Cisco 2950G 24 | Software Configuration Guide - Page 130
through at least one common VLAN. • If the Catalyst 2950 member or candidate switch is running a release earlier than Release 12.1(9)EA1, it is connected to the command switch through the command-switch management VLAN. Catalyst 2950 Desktop Switch Software Configuration Guide 6-4 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 131
Non-CDP-Capable and Noncluster-Capable Devices, page 6-7 • Discovery through the Same Management VLAN, page 6-8 • Discovery through Different Management VLANs, page 6-9 • Discovery of Newly Installed Switches, page 6-10 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 6-5 - Cisco 2950G 24 | Software Configuration Guide - Page 132
Release 12.1(9)EA1) Command switch Management VLAN 16 Member switch 8 Member switch 9 Switch 11 candidate switch Edge of cluster Management VLAN 16 Member switch 10 Switch 12 Switch 13 Candidate switches Switch 14 Switch 15 65281 Catalyst 2950 Desktop Switch Software Configuration Guide 6-6 78 - Cisco 2950G 24 | Software Configuration Guide - Page 133
through Non-CDP-Capable and Noncluster-Capable Devices Command switch Third-party hub (non-CDP-capable) Catalyst 3500 XL candidate switch Catalyst 5000 switch (noncluster-capable) Catalyst 2950 candidate switch 65290 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 6-7 - Cisco 2950G 24 | Software Configuration Guide - Page 134
2900 XL, Catalyst 2950, and Catalyst 3500 XL switches Switch 4 (management VLAN 9) Switch 7 (management VLAN 4) VLAN 9 Switch 9 (management VLAN 9) Switch 8 (management VLAN 9) VLAN 4 Switch 10 (management VLAN 4) 65277 Catalyst 2950 Desktop Switch Software Configuration Guide 6-8 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 135
XL, Catalyst 2950, and Catalyst 3500 XL switches Switch 4 (management VLAN 16) Switch 7 (management VLAN 4) VLAN 62 Switch 9 (management VLAN 62) Switch 8 (management VLAN 9) VLAN 4 Switch 10 (management VLAN 4) 74049 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 6-9 - Cisco 2950G 24 | Software Configuration Guide - Page 136
When the new Catalyst 3550 and Catalyst 2950 switches join the cluster: • The Catalyst 3550 switch and its access port are assigned to VLAN 9. • The Catalyst 2950 switch and its access port are assigned to management VLAN 16. 6-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 137
switch VLAN 9 Catalyst 2950 switch (Management VLAN 9) AP VLAN 9 New (out-of-box) Catalyst 3550 switch VLAN 16 Catalyst 3500 XL switch AP (Management VLAN 16) VLAN 16 New (out-of-box) Catalyst 2950 switch 74050 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 138
HSRP standby hold time interval is 10 seconds. The default HSRP standby switches: • Virtual IP Addresses, page 6-13 • Other Considerations for Cluster Standby Groups, page 6-13 • Automatic Recovery of Cluster Configuration, page 6-15 6-12 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 139
switches must be Catalyst 3550 switches. - When the command switch is a Catalyst 2950 switch running Release 12.1(9)EA1 or later, all standby command switches must be Catalyst 2950 switches running Release 12.1(9)EA1 or later. - When the command switch is a Catalyst 2950 switch running Release 12 - Cisco 2950G 24 | Software Configuration Guide - Page 140
9 Catalyst 3550 switch Management VLAN 9 VLAN 9 VLAN 9 Management VLAN 16 Catalyst 2950 switch Management VLAN 16 Catalyst 2900 XL or Catalyst 3500 XL switch VLAN 16 Catalyst 3550 Si multilayer switch Member switches 65280 6-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950G 24 | Software Configuration Guide - Page 141
it to manage it as a standalone switch. Note Changing the command switch IP address ends your CMS session on the switch. Restart your CMS session by entering 4, "Assigning the Switch IP Address and Default Gateway." 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 6-15 - Cisco 2950G 24 | Software Configuration Guide - Page 142
and community strings, see Chapter 24, "Configuring SNMP." For SNMP considerations specific to the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides specific to those switches. 6-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 143
switches do not support read-only mode on CMS: - Catalyst 1900 and Catalyst 2820 - Catalyst 2900 XL switches with 4-MB CPU DRAM In read-only mode, these switches appear as unavailable devices and cannot be configured from CMS. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 144
by default is VLAN 1. To manage switches in a cluster, the command switch, member switches, and candidate switches must be connected through ports assigned to the command-switch management VLAN. Note • If the command switch is a Catalyst 2950 running Release 12.1(9)EA1 or later, candidate and member - Cisco 2950G 24 | Software Configuration Guide - Page 145
switch, name the cluster, and assign an IP address and a password to the command switch when you run the setup program during initial switch setup. For information about using the setup program, refer to the release notes. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 146
can be added it to the cluster. If the candidate switch does not have a password, any entry is ignored. If multiple candidates switches have the same password, you can select them as a group, and add them at the same time. 6-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 147
2900-LRE-24-1 Select a switch, and click Add. Press Ctrl and leftclick to select more than one switch. Enter the password of the candidate switch. If no password exists for the switch, leave this field blank. 65724 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 6-21 - Cisco 2950G 24 | Software Configuration Guide - Page 148
2950 switches running Release 12.1(6)EA2 or later. • When the command switch is running Release 12.0(5)WC2 or earlier, the standby command switches can be these switches: Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL switches. 6-22 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 149
-1 3550-150 (cisco WS-C3550-12T, SC, ... Active command switch. Standby command switch. Must be a valid IP address in the same subnet as the active command switch. Once entered, this information cannot be changed. 65726 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 6-23 - Cisco 2950G 24 | Software Configuration Guide - Page 150
"Using Recovery Procedures" section on page 28-6. For more information about creating and managing clusters, refer to the online help. For information about the cluster commands, refer to the switch command reference. 65727 6-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 151
operate as usual. For instructions on configuring the switch for a Telnet session, see the "Disabling Password Recovery" section on page 7-5. Catalyst 1900 and Catalyst 2820 CLI Considerations If your switch cluster has Catalyst 1900 and Catalyst 2820 switches running standard edition software, the - Cisco 2950G 24 | Software Configuration Guide - Page 152
about SNMP and community strings, see Chapter 24, "Configuring SNMP." Figure 6-15 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Trap Trap 33020 Trap Member 1 Member 2 Member 3 6-26 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 153
the switch through a port or line, they must enter the password specified for the port or line before they can access the switch. For more information, see the "Protecting Access to Privileged EXEC Commands" section on page 7-2. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 154
). The password is not encrypted in the configuration file. No password is defined. The default is level 15 (privileged EXEC level). The password is encrypted before it is written to the configuration file. No password is defined. Catalyst 2950 Desktop Switch Software Configuration Guide 7-2 78 - Cisco 2950G 24 | Software Configuration Guide - Page 155
command. This example shows how to change the enable password to l1u2c3k4y5. The password is not encrypted and provides access to level 15 (traditional privileged EXEC mode access): Switch(config)# enable password l1u2c3k4y5 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-3 - Cisco 2950G 24 | Software Configuration Guide - Page 156
the password is defined or when the configuration is written. Encryption prevents the password from being readable in the configuration file. Return to privileged EXEC mode. (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 7-4 78 - Cisco 2950G 24 | Software Configuration Guide - Page 157
on Catalyst 2950 LRE switches; it is not available for Catalyst 2950 Gigabit Ethernet switches. Note If you disable password recovery, we recommend that you keep a backup copy of the configuration file on a secure server in case the end user interrupts the start process and sets the system back to - Cisco 2950G 24 | Software Configuration Guide - Page 158
lines of the display. To re-enable password recovery, use the service password-recovery global configuration command. Note Disabling password recovery does not work if you have set the switch to start manually by using the boot manual global configuration command because this command allows the - Cisco 2950G 24 | Software Configuration Guide - Page 159
to 15). Enable local password checking at login time. Authentication is based on the username specified in Step 2. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-7 - Cisco 2950G 24 | Software Configuration Guide - Page 160
a string from 1 to 25 alphanumeric characters. The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 7-8 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 161
password to enable the higher privilege level. You might specify a high level or privilege level for your console line to restrict line usage. To return to the default line privilege level, use the no privilege level line configuration command. 78-14982-01 Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 162
management service. Your switch can be a network access server along with other Cisco routers and access servers. A network access server provides connections to a single user, to a network or subnetwork, and to interconnected networks as shown in Figure 7-1. 7-10 Catalyst 2950 Desktop Switch - Cisco 2950G 24 | Software Configuration Guide - Page 163
7-1 Typical TACACS+ Network Configuration UNIX workstation (TACACS+ server 1) Catalyst 6500 series switch 171.20.10.7 UNIX workstation (TACACS+ server 2) 171.20.10.8 Catalyst 2950 or 3550 switches Workstations Configure the switches with the TACACS+ server addresses. Set an authentication key - Cisco 2950G 24 | Software Configuration Guide - Page 164
services - Connection parameters, including the host or client IP address, access list, and user timeouts Configuring TACACS+ This section describes how to configure your switch to support the method list is exhausted. 7-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 165
use them for a particular service. The server group is server host hostname [port integer] [timeout switch and the TACACS+ daemon. You must configure the same key on the TACACS+ daemon for encryption to be successful. Enable AAA. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 166
end show tacacs copy running-config startup-config Purpose (Optional) Define the AAA server-group with a group name. This command puts the switch it must be applied to a specific interface before any of the defined authentication Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 167
] line-number [ending-line-number] login authentication {default | list-name} Step 6 Step 7 Step 8 end show running-config information in the database by using the username name password global configuration command. • none-Do not use Catalyst 2950 Desktop Switch Software Configuration Guide 7-15 - Cisco 2950G 24 | Software Configuration Guide - Page 168
configuration mode. Configure the switch for user TACACS+ authorization for all network-related service requests. Configure the switch for user TACACS+ authorization {network | exec} method1 global configuration command. 7-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 169
privileged EXEC mode, follow these steps to enable TACACS+ accounting for each Cisco IOS privilege level and for network services: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 , use the show tacacs privileged EXEC command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-17 - Cisco 2950G 24 | Software Configuration Guide - Page 170
the Cisco IOS Security Command Reference for Release 12.1. supported Cisco routers and switches, including Catalyst 3550 multilayer switches and Catalyst 2950 series switches. Clients send authentication requests to a central RADIUS server, which contains all user authentication and network service - Cisco 2950G 24 | Software Configuration Guide - Page 171
if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model. Figure 7-2 Transitioning from RADIUS to TACACS+ Services R1 RADIUS server R2 RADIUS server Remote PC Catalyst 2950 or 3550 switch T1 TACACS+ server - Cisco 2950G 24 | Software Configuration Guide - Page 172
Server Host Switch-to-RADIUS-server communication involves several components: • Host name or IP address • Authentication destination port • Accounting destination port • Key string • Timeout period • Retransmission value 7-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 173
specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier, allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service . 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-21 - Cisco 2950G 24 | Software Configuration Guide - Page 174
spaces are ignored, but spaces within and at the end of the key are used. If you use spaces Switch(config)# radius-server host 172.29.36.49 auth-port 1612 key rad1 Switch(config)# radius-server host 172.20.36.50 acct-port 1618 key rad2 7-22 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 175
server and to use the default ports for both authentication and accounting: Switch(config)# radius-server host host1 they are performed; it must be applied to a specific interface before any of the defined authentication methods are Catalyst 2950 Desktop Switch Software Configuration Guide 7-23 - Cisco 2950G 24 | Software Configuration Guide - Page 176
line-number [ending-line-number] login authentication {default | list-name} Step 6 Step 7 Step 8 end show running-config information in the database by using the username password global configuration command. - none-Do not 24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 177
of the IP address and UDP port number), allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. If you configure two different the optional auth-port and acct-port keywords. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-25 - Cisco 2950G 24 | Software Configuration Guide - Page 178
within and at the end of the key are used port number is different. The switch software searches for hosts in the order in which you specify them. Set the timeout, retransmit, and encryption key values to use with the specific Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 179
for the same services. The second host entry acts as a fail-over backup to the first entry. Switch(config)# radius-server host 172.20.0.1 auth-port 1000 acct-port 1001 Switch(config)# radius-server host 172.10.0.1 auth-port 1645 acct-port 1646 Switch(config)# aaa new-model Switch(config)# aaa group - Cisco 2950G 24 | Software Configuration Guide - Page 180
end. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable accounting, use the no aaa accounting {network | exec} {start-stop} method1... global configuration command. 7-28 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 181
and at the end of the key Cisco TACACS+ specification, and sep is = for mandatory attributes and * for optional attributes. This allows the full set of features available for TACACS+ authorization to also be used for RADIUS. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 182
For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, refer to the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide for Release 12.1. Configuring the Switch for Vendor-Proprietary RADIUS Server Communication Although an IETF draft - Cisco 2950G 24 | Software Configuration Guide - Page 183
Switch(config)# radius-server host 172.20.30.15 nonstandard Switch(config)# radius-server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration, use the show running-config privileged EXEC command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 184
related service requests. username name [privilege level] Enter the local database, and establish a username-based authentication {password encryption-type password} system | exec} method1 global configuration command. 7-32 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 185
to the release notes for this release. For information about configuring SSH and displaying SSH settings, refer to the "Configuring Secure Shell" section in the Cisco IOS Security Configuration Guide for Release 12.2. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-33 - Cisco 2950G 24 | Software Configuration Guide - Page 186
manual configuration methods. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12 of one another. 7-34 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 187
access list-based restriction scheme and an encrypted authentication mechanism. Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or be time-synchronized as well. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-35 - Cisco 2950G 24 | Software Configuration Guide - Page 188
, page 7-38 • Configuring NTP Broadcast Service, page 7-39 • Configuring NTP Access Restrictions, page 7-40 • Configuring the Source IP Address for NTP Packets, page 7-42 • Displaying the NTP Configuration, page 7-43 7-36 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 189
number. The range is 1 to 4294967295. • md5 specifies that message authentication support is provided by using the message digest algorithm 5 (MD5). • For value synchronizing the switch to a device that is not trusted. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-37 - Cisco 2950G 24 | Software Configuration Guide - Page 190
Time and Date Chapter 7 Administering the Switch Step 5 Step 6 Step 7 Command end show running-config copy running-config startup- synchronization. This keyword reduces switching back and forth between peers and servers. 7-38 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 191
to the peer. • (Optional) For destination-address, specify the IP address of the peer that is synchronizing its clock to this switch. end Return to privileged EXEC mode. show running-config Verify your entries. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-39 - Cisco 2950G 24 | Software Configuration Guide - Page 192
control NTP access on two levels as described in these sections: • Creating an Access Group and Assigning a Basic IP Access List, page 7-41 • Disabling NTP Services on a Specific Interface, page 7-42 7-40 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 193
access-list access-list-number permit source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Create an access list criteria. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-41 - Cisco 2950G 24 | Software Configuration Guide - Page 194
taken from the specified interface. This command is useful if the address on an interface cannot be used as the destination for reply packets. 7-42 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 195
the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. Configuring Time and Date Manually If no other source of time is available, you can manually configure Time (Daylight Saving Time), page 7-46 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-43 - Cisco 2950G 24 | Software Configuration Guide - Page 196
the Switch Setting the System Clock If you have an outside source on the network that provides time services, such as an NTP server, you do not need to manually set • .-Time is authoritative, but NTP is not synchronized. 7-44 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 197
, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-45 - Cisco 2950G 24 | Software Configuration Guide - Page 198
• (Optional) For hh:mm, specify the time (24-hour format) in hours and minutes. • (Optional) ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 7-46 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 199
(Optional) For hh:mm, specify the time (24-hour format) in hours and minutes. • ( 12, 2000, at 02:00, and end on April 26, 2001, at 02:00: Switch(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 200
, refer to the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP and IP Routing Command Reference for Release 12.1. This section contains this , use the no hostname global configuration command. 7-48 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 201
, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com. To keep track of domain Displaying the DNS Configuration, page 7-51 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-49 - Cisco 2950G 24 | Software Configuration Guide - Page 202
ip name-server server-address1 [server-address2 ... server-address6] ip domain-lookup end show running-config copy running-config startup-config Purpose Enter global configuration mode. Define to an IP address. The default 7-50 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 203
commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. This section contains this configuration information: • Default and login banners are not configured. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-51 - Cisco 2950G 24 | Software Configuration Guide - Page 204
a pound sign (#), and press the Return key. The delimiting character signifies the beginning and end of the banner text. Characters after the ending delimiter contact technical support. User Access Verification Password: 7-52 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 205
banner for the switch by using the dollar sign ($) symbol as the beginning and ending delimiter: Switch(config)# banner login $ Access for authorized users only. Please enter your username and password. $ Switch(config)# 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-53 - Cisco 2950G 24 | Software Configuration Guide - Page 206
address is on the port that sent the packet, the packet is filtered and not forwarded. The switch always uses the store-and-forward method: complete packets are stored and checked for errors before transmission. 7-54 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 207
table. For vlan-id, valid IDs are 1 to 4094 when the enhanced software image (EI) is installed and 1 to 1005 when the standard software image (SI) is installed. Do not enter leading zeros. Return to privileged EXEC mode. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-55 - Cisco 2950G 24 | Software Configuration Guide - Page 208
for each hardware port for which the trap is enabled. MAC address notifications are generated for dynamic and secure MAC addresses; events are not generated for self addresses, multicast addresses, or other static addresses. 7-56 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 209
informs to send SNMP informs to the host. • Specify the SNMP version to support. Version 1, the default, is not available with informs. • For community-string, from this interface. end Return to privileged EXEC mode. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 7-57 - Cisco 2950G 24 | Software Configuration Guide - Page 210
100 entries, and enable traps whenever a MAC address is added on Fast Ethernet interface 0/4. Switch(config)# snmp-server host 172.20.10.10 traps private Switch(config)# snmp-server enable traps mac-notification Switch . 7-58 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 211
MAC address is received. Valid VLAN IDs are 1 to 4094 when the EI is installed and 1 to 1005 when the SI is installed; do not is a manually entered unicast address or dynamically learned address that is forwarded to only one port per VLAN Catalyst 2950 Desktop Switch Software Configuration Guide 7-59 - Cisco 2950G 24 | Software Configuration Guide - Page 212
for all VLANs or the specified VLAN. Displays static MAC address table entries only. Displays the MAC address table information for the specified VLAN. 7-60 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 213
age and must be manually removed. For CLI procedures, refer to the Cisco IOS Release 12.1 documentation on Cisco.com. Switch Software Releases The switch software is regularly updated with new features and bug fixes, and you might want to upgrade your Catalyst 2950 switch with the latest software - Cisco 2950G 24 | Software Configuration Guide - Page 214
Switch Software Releases Chapter 7 Administering the Switch 7-62 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 215
sections describe 802.1X port-based authentication: • Device Roles, page 8-2 • Authentication Initiation and Message Exchange, page 8-3 • Ports in Authorized and Unauthorized States, page 8-4 • Supported Topologies, page 8-5 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 8-1 - Cisco 2950G 24 | Software Configuration Guide - Page 216
in the network have specific roles as shown in Figure 8-1. Figure 8-1 802.1X Device Roles Workstations (clients) Catalyst 2950 or 3550 (switch) Authentication server (RADIUS) 74615 • Client-the device (workstation) that requests access to the LAN and switch services and responds to requests - Cisco 2950G 24 | Software Configuration Guide - Page 217
page 8-4. The specific exchange of EAP frames depends on the authentication method being used. Figure 8-2 shows a message exchange initiated by the client using the One-Time-Password (OTP) authentication method with a RADIUS server. Figure 8-2 Message Exchange Client Catalyst 2950 or 3550 switch - Cisco 2950G 24 | Software Configuration Guide - Page 218
-logoff message, causing the switch port to transition to the unauthorized state. If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state. Catalyst 2950 Desktop Switch Software Configuration Guide 8-4 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 219
8-12 (optional) • Setting the Switch-to-Client Frame-Retransmission Number, page 8-13 (optional) • Enabling Multiple Hosts, page 8-13 (optional) • Resetting the 802.1X Configuration to the Default Values, page 8-14 (optional) 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 220
Multiple host support Client timeout period specified. Disabled (force-authorized). The port sends and receives normal traffic without switch waits for a reply before resending the response to the server. This setting is not configurable.) Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 221
Port Analyzer (SPAN) destination port-You can enable 802.1X on a port that is a SPAN destination port; however, 802.1X is disabled until the port is removed as a SPAN destination. You can enable 802.1X on a SPAN source port. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 222
[method2...] Step 4 interface interface-id Step 5 dot1x port-control auto Step 6 end Step 7 show dot1x Step 8 copy running-config startup- dot1x port-control force-authorized or the no dot1x port-control interface configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 8-8 - Cisco 2950G 24 | Software Configuration Guide - Page 223
.1X on Fast Ethernet port 0/1: Switch# configure terminal Switch(config)# aaa new-model Switch(config)# aaa authentication dot1x default group radius Switch(config)# interface fastethernet0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# end Configuring the Switch-to-RADIUS-Server - Cisco 2950G 24 | Software Configuration Guide - Page 224
ports. To manually re-authenticate the client connected to a specific port, see the "Manually Re-Authenticating a Client Connected to a Port end Switch(config)# dot1x re-authentication Switch(config)# dot1x timeout re-authperiod 4000 8-10 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 225
on page 8-10. This example shows how to manually re-authenticate the client connected to Fast Ethernet port 0/1: Switch# dot1x re set the quiet time on the switch to 30 seconds: Switch(config)# dot1x timeout quiet-period 30 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 8-11 - Cisco 2950G 24 | Software Configuration Guide - Page 226
. This example shows how to set 60 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request: Switch(config)# dot1x timeout tx-period 60 8-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 227
multiple hosts are indirectly attached. Allow multiple hosts (clients) on an 802.1X-authorized port. Make sure that the dot1x port-control interface configuration command set is set to auto for the specified interface. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 8-13 - Cisco 2950G 24 | Software Configuration Guide - Page 228
operational status for a specific interface, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, refer to the command reference for this release. 8-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 229
switch ports switches can be 10/100 Ethernet ports, 10/100/1000 Ethernet ports, 100BASE-FX ports, 1000BASE-SX ports, GBIC module ports, and Long-Reach Ethernet (LRE) ports. For more information, refer to the switch hardware installation guide. 78-14982-01 Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 230
assigned to a VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be a Catalyst 6000 series switch; the Catalyst 2950 switch does not support the function of a VMPS. Trunk Ports A trunk port carries the traffic of multiple VLANs and by default is a member of all VLANs in the VLAN database - Cisco 2950G 24 | Software Configuration Guide - Page 231
. In the configuration shown in Figure 9-1, when Host A in VLAN 20 sends data to Host B in VLAN 30, it must go from Host A to the switch, to the router, back to the switch, and then to Host B. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 9-3 - Cisco 2950G 24 | Software Configuration Guide - Page 232
type, slot, and number. • Type-Fast Ethernet (fastethernet or fa) for 10/100 Ethernet or Gigabit Ethernet (gigabitethernet or gi) • Slot-The slot number on the switch (always 0 on this switch). • Port number-The interface number on the switch. The port numbers always begin at 1, starting at the - Cisco 2950G 24 | Software Configuration Guide - Page 233
(10 sec) Auto-duplex, Auto-speed input flow-control is off, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters never 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 9-5 - Cisco 2950G 24 | Software Configuration Guide - Page 234
0 collisions, 2 interface resets 0 babbles, 0 late port-range: - vlan vlan-ID - vlan-ID, where VLAN ID is from 1 to 1005 with the SI installed or 1 to 4094 with the EI installed - fastethernet slot/{first port} - {last port}, where slot is 0 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 235
a range must be the same type; that is, all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or VLAN interfaces. This example shows how to use the interface range interface-range configuration mode. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 9-7 - Cisco 2950G 24 | Software Configuration Guide - Page 236
range macro macro_name Step 4 Step 5 Step 6 end show running-config | include define copy running- Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs, but you can combine multiple interface types in a macro. Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 237
Speed and Duplex Mode, page 9-11 • Configuring Media Types for Gigabit Interfaces, page 9-14 • Configuring IEEE 802.3X Flow Control on Gigabit Ethernet Ports, page 9-14 • Adding a Description for an Interface, page 9-16 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 9-9 - Cisco 2950G 24 | Software Configuration Guide - Page 238
labeled Uplink Port 1 and Uplink Port 2 on the Catalyst 2950 LRE switch. Within each port, you can use only one of the two physical ports, either the SFP module port or the 10/100/1000 port. For example, you can connect to either the SFP module port or the 10/100/1000 port under Uplink Port 1. The - Cisco 2950G 24 | Software Configuration Guide - Page 239
commands. You can configure interface speed on Fast Ethernet (10/100-Mbps) and Gigabit Ethernet (10/100/1000-Mbps) interfaces on the Catalyst 2950 switch; you cannot configure speed on 100BASE-FX, 1000BASE-SX, and Gigabit Interface Converter (GBIC) module interfaces. You can configure duplex mode on - Cisco 2950G 24 | Software Configuration Guide - Page 240
interface speed and duplex mode: • Configuration Guidelines, page 9-12 • Setting the Interface Speed and Duplex Parameters, page 9-13 Note The CPE Ethernet port settings have special considerations and different default settings from the switch 10/100 ports. For this information, see the CPE device - Cisco 2950G 24 | Software Configuration Guide - Page 241
config-if)# speed 10 Switch(config-if)# duplex half Switch(config)# end Switch# show running-config Building configuration... Current configuration : 1954 bytes ! version 12.1 no service pad service timestamps debug uptime 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 9-13 - Cisco 2950G 24 | Software Configuration Guide - Page 242
: media-type {auto-select | sfp | rj45} See the Catalyst 2950 Desktop Switch Command Reference for further details. Configuring IEEE 802.3X Flow Control on Gigabit Ethernet Ports Flow control is supported only on switch and module ports operating at 1000 Mbps. Flow control enables connected Gigabit - Cisco 2950G 24 | Software Configuration Guide - Page 243
Ethernet interface 0/1 and to display the results: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# flowcontrol receive off Switch(config-if)# flowcontrol send off Switch(config-if)# end Switch# show running-config 78-14982-01 Catalyst 2950 Desktop Switch - Cisco 2950G 24 | Software Configuration Guide - Page 244
can display the full list of show commands by using the show ? command at the privileged EXEC prompt.) These commands are fully described in the Cisco IOS Interface Command Reference for Release 12.1. 9-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 245
the status of all interfaces: Switch# show interfaces status Port Fa0/1 Fa0/2 Fa0/3 Name Status connected notconnect notconnect Vlan 1 1 1 Duplex a-full auto auto Speed Type a-100 10/100BaseTX auto 10/100BaseTX auto 10/100BaseTX Fa0/23 Fa0/24 Gi0/1 Gi0/2 notconnect - Cisco 2950G 24 | Software Configuration Guide - Page 246
of the LRE interface is never auto-negotiated, but is always forced (in other words, the speed and duplex will be 100 Mbps and half-duplex, 100 Mbps and full-duplex, 10 Mbps and half-duplex, or 10 Mbps and full-duplex). 9-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 247
} | {{fastethernet | gigabitethernet | longreachethernet} interface-id} | {port-channel port-channel-number} shutdown Purpose Enter global configuration mode. Select the interface to be configured. Shut down an interface. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 9-19 - Cisco 2950G 24 | Software Configuration Guide - Page 248
output. The shutdown command shuts down the LRE link when applied to an LRE interface. To shut down the Fast Ethernet port(s) on the CPE device use this command in interface configuration scope: cpe shutdown [port ] 9-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 249
provided to the PC user is 5.69 Mbps, not 100 Mbps. For LRE troubleshooting information, see the "Troubleshooting LRE Port Configuration" section on page 28-12. Additional LRE details are in the switch command reference. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 10-1 - Cisco 2950G 24 | Software Configuration Guide - Page 250
10-2 • LRE Sequences, page 10-4 • CPE Ethernet Links, page 10-5 LRE Profiles You can assign profiles on a per-port or switch-wide basis. When the LRE switch establishes a link with the CPE device, the switch EXEC command. 10-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 251
switch uses the global profile except on any LRE ports on which a specific profile was assigned. When you assign a different profile to a switch LRE port, the port immediately resets and uses the newly assigned profile. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 10-3 - Cisco 2950G 24 | Software Configuration Guide - Page 252
profiles, port and global 10-3 LRE-3 LRE-2 LRE-4-1 LRE-SEQVIDEOTRANSMIT1 LRE-15 LRE-15-5 LRE-15-3 LRE-15-1 LRE-10 LRE-10-5 LRE-10-3 LRE-10-1 LRE-SEQVIDEOTRANSMIT2 LRE-15 LRE-15-5 LRE-10 LRE-10-5 LRE-15-3 LRE-10-3 LRE-15-1 LRE-10-1 10-4 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 253
to All LRE Ports, page 10-8 • Assigning a Profile to a Specific LRE Port, page 10-9 • Using Rate Selection to Automatically Assign Profiles, page 10-10 • LRE Link Persistence, page 10-14 • LRE Link Monitor, page 10-14 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 10-5 - Cisco 2950G 24 | Software Configuration Guide - Page 254
15 to 30 years old often use 26 AWG wiring with between 1 and 12 twists per foot (possibly type-2) in bundles of 100 or more. - Older installations (Europe) 15 to 30 years old often use the performance of all connections. 10-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 255
on the capability of the remote Ethernet device. Autonegotiation for port speed and duplex mode is supported. The default speed for the CPE Ethernet port is auto. The default duplex mode is half duplex with back pressure. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 10-7 - Cisco 2950G 24 | Software Configuration Guide - Page 256
lre profile profile_name end show controllers lre profile details Purpose Enter global configuration mode. Enter the global profile name. Select from the list in Table 10-1. Return to privileged EXEC mode. Verify the change. 10-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 257
LRE-10. The switch resets the ports with the updated profile settings when changed. Beginning in privileged EXEC mode, follow these steps to assign a profile to a specific LRE port: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal interface LRE-interface profile profile_name end show - Cisco 2950G 24 | Software Configuration Guide - Page 258
When the switch is booted • When you enable the rate selection feature • When you connect a new CPE device to the switch • When a link is lost for 25 seconds before being restored • When a configured sequence is modified 10-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 259
lre profile details Purpose Enter global configuration mode. Enter interface configuration mode, and enter the number of the LRE port to be configured. Lock the profile. Return to privileged EXEC mode. Verify the change. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 10-11 - Cisco 2950G 24 | Software Configuration Guide - Page 260
established. Downstream means the remote end of the link, and upstream the local end. The link has to satisfy 24 32 39 32 32 32 39 39 39 39 39 20 20 20 Table 10-4 lists the SNR requirements for upstream rates for different profiles. 10-12 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 261
LRE port to be configured. margin [downstream value | upstream value] Enter the downstream or upstream margin value (in dB) end Return to privileged EXEC mode. show controllers lre profile details Verify the change. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 10-13 - Cisco 2950G 24 | Software Configuration Guide - Page 262
gives an indirect measure of the received power level. Higher values mean that the receive power is lower (and thus in need of more boost). 10-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 263
back-off feature. See the reference pages for the link monitor commands in the Catalyst 2950 Desktop Switch Command Reference for further details. Upgrading LRE Switch Firmware The 2950 Long-Reach Ethernet (LRE) switch not supported. You Catalyst 2950 Desktop Switch Software Configuration Guide 10-15 - Cisco 2950G 24 | Software Configuration Guide - Page 264
Refer to the reference pages for the upgrade commands in the Catalyst 2950 Desktop Switch Command Reference for further details. Performing an LRE Upgrade You can option is given, a system-wide upgrade is performed. 10-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 265
or a specific VDSL link: Step 1 Step 2 Step 3 Command configure terminal controller lre chipset_number upgrade Step 4 end Step 5 the custom upgrade commands on that controller. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 10-17 - Cisco 2950G 24 | Software Configuration Guide - Page 266
. Ethernet connectivity is again disrupted until the CPE finishes resetting. • The link comes up when the CPE device comes back up Reset the CPE device. 00:23:56: %LINK-3-UPDOWN: Interface LongReachEthernet0/1, changed state to up 10-18 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 267
-3-UPDOWN: Interface LongReachEthernet0/1, changed state to up 00:24:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface LongReachEthernet0/1, changed state to up Operation resumes in the profile link up state. Switch# 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 10-19 - Cisco 2950G 24 | Software Configuration Guide - Page 268
Upgrading LRE Switch Firmware Chapter 10 Configuring LRE 10-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 269
page 11-2 • Supported Spanning-Tree Instances, page 11-2 • Bridge Protocol Data Units, page 11-2 • Election of the Root Switch, page 11-3 • Bridge ID, Switch Priority, and Extended STP and IEEE 802.1Q Trunks, page 11-8 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 11-1 - Cisco 2950G 24 | Software Configuration Guide - Page 270
Each configuration BPDU contains this information: • The unique bridge ID of the switch that the sending switch identifies as the root switch • The spanning-tree path cost to the root • The bridge ID of the sending switch 11-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 271
root switch is the logical center of the spanning-tree topology in a switched network. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 272
unique 8-byte bridge ID; the two most-significant bytes are used for the switch priority, and the remaining six bytes are derived from the switch MAC address. In Release 12.1(9)EA1 and later, Catalyst 2950 switches support the 802.1T spanning-tree extensions, and some of the bits previously used for - Cisco 2950G 24 | Software Configuration Guide - Page 273
a higher number than the root port can cause a root-port change. The goal is to make the fastest link the root port. For example, assume that one port on Switch B is a Gigabit Ethernet link and that another port on Switch B (a 10/100 link) is the root port. Network traffic might be more efficient - Cisco 2950G 24 | Software Configuration Guide - Page 274
the switch learns end-station location information for the forwarding database. 4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where both learning and frame forwarding are enabled. 11-6 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 275
state from the learning state. An interface in the forwarding state performs as follows: • Receives and forwards frames received on the port • Forwards frames switched from another port • Learns addresses • Receives BPDUs 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 11-7 - Cisco 2950G 24 | Software Configuration Guide - Page 276
. When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch uses per-VLAN spanning tree port priority and port ID are added together, and spanning tree disables the link with the lowest value. 11-8 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 277
the Root Switch, page 11-12 • Configuring a Secondary Root Switch, page 11-14 • Configuring the Port Priority, page 11-15 • Configuring the Path Cost, page 11-16 • Configuring the Switch Priority of a VLAN, page 11-18 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 11-9 - Cisco 2950G 24 | Software Configuration Guide - Page 278
2 trunk ports) 100 Mbps: 19. 10 Mbps: 100. Hello more information, see the Chapter 12, "Configuring RSTP and MSTP." specific VLAN, and use the spanning-tree vlan vlan-id global configuration command to enable STP on the desired VLAN. 11-10 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 279
removed when the last interface is moved to another VLAN. You can configure switch and port parameters before a spanning-tree instance is created; these parameters are applied when the spanning-tree instance is created. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 11-11 - Cisco 2950G 24 | Software Configuration Guide - Page 280
id Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id copy switch for the specified VLAN has a switch priority lower than 8192, the switch sets its own priority for the specified VLAN to 1 less than the lowest switch priority. 11-12 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 281
system ID support: • For Catalyst 2950 switches with the extended system ID (Release 12.1(9)EA1 switch hops between any two end stations in the Layer 2 network). When you specify the network diameter, the switch the switch as the root switch, we recommend that you avoid manually configuring the - Cisco 2950G 24 | Software Configuration Guide - Page 282
. This is assuming that the other network switches use the default switch priority of 32768 and therefore are unlikely to become the root switch. For Catalyst 2950 switches without the extended system ID support (software earlier than Release 12.1(9)EA1), the switch priority is changed to 16384. You - Cisco 2950G 24 | Software Configuration Guide - Page 283
global configuration mode. Enter interface configuration mode, and specify an interface to configure. Valid interfaces include physical interfaces and port-channel logical interfaces (port-channel port-channel-number). 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 11-15 - Cisco 2950G 24 | Software Configuration Guide - Page 284
Step 3 spanning-tree port-priority priority Step 4 spanning-tree vlan vlan-id port-priority priority Step 5 Step 6 Step 7 end show spanning-tree interface and port-channel logical interfaces (port-channel port-channel-number). 11-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78- - Cisco 2950G 24 | Software Configuration Guide - Page 285
Step 6 Step 7 end show spanning-tree interface interface the range is 1 to 4094 when the EI is installed and 1 to 1005 when the SI ports by using spanning-tree path costs, see the "Load Sharing Using STP" section on page 14-21. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 286
mode. Configure the switch priority of a VLAN. • For vlan-id, the range is 1 to 4094 when the EI is installed and 1 switch to its default setting, use the no spanning-tree vlan vlan-id priority global configuration command. 11-18 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 287
Step 5 end show spanning- switch is alive. • For vlan-id, the range is 1 to 4094 when the EI is installed and 1 to 1005 when the SI is installed. Do not enter leading zeros. • For seconds, the range is 1 to 10 seconds a port waits Catalyst 2950 Desktop Switch Software Configuration Guide 11-19 - Cisco 2950G 24 | Software Configuration Guide - Page 288
Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id is 1 to 4094 when the EI is installed and 1 to 1005 when switch failure. Figure 11-4 shows switches in three cascaded stacks that use the GigaStack GBIC 10 6 4 7 4 11-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 289
11-4 Gigabit Ethernet Stack Displaying the Spanning-Tree Status Catalyst 3550 series switch Catalyst 2950 Cisco 7000 or 3550 router switches Catalyst 2950 or 3550 switches Catalyst 2950 or 3550 switches Catalyst 3550 or 6000 series backbone Catalyst 6000 switch Layer 3 backbone Cisco 7000 - Cisco 2950G 24 | Software Configuration Guide - Page 290
Displaying the Spanning-Tree Status Chapter 11 Configuring STP 11-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 291
: • Understanding RSTP, page 12-2 • Understanding MSTP, page 12-7 • Interoperability with 802.1D STP, page 12-11 • Configuring RSTP and MSTP Features, page 12-11 • Displaying the MST Configuration and Status, page 12-23 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12-1 - Cisco 2950G 24 | Software Configuration Guide - Page 292
port states. Table 12-1 Port State Comparison Operational Status Enabled Enabled Enabled STP Port State Blocking Listening Learning RSTP Port State Discarding Discarding Learning Is Port Included in the Active Topology? No No Yes 12-2 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 293
connection; a half-duplex port is considered to have a shared connection. You can override the default setting that is determined by the duplex setting by using the spanning-tree link-type interface configuration command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12-3 - Cisco 2950G 24 | Software Configuration Guide - Page 294
to its root port. When the switches connected by a point-to-point link are in agreement about their port roles, the RSTP immediately transitions the port states to forwarding. The sequence of events is shown in Figure 12-2. 12-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 295
the proposal message is always set to the designated port. The sending switch sets the agreement flag in the RSTP BPDU to accept the previous proposal. The port role in the agreement message is always set to the root port. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12-5 - Cisco 2950G 24 | Software Configuration Guide - Page 296
a root port connected to an 802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support 802.1D switches. The RSTP BPDUs never have the TCA bit set. 12-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950G 24 | Software Configuration Guide - Page 297
of processing RSTP BPDUs. There is no limit to the number of MST regions in a network, but each region can support up to 16 spanning-tree instances. You can assign a VLAN to only one spanning-tree instance at a time. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12-7 - Cisco 2950G 24 | Software Configuration Guide - Page 298
by a switch to support multiple switches in the MST region must agree on the same IST master. Therefore, any two switches in the region synchronize their port roles for an MST instance only if they converge to a common IST master. 12-8 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 299
) can be configured on both the CST instance and the MST instance. MSTP switches use version 3 RSTP BPDUs or 802.1D STP BPDUs to communicate with legacy 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. Catalyst 2950 Desktop Switch Software Configuration Guide 12-9 - Cisco 2950G 24 | Software Configuration Guide - Page 300
boundary port with the IST root or designated port role receives a topology change notice external to the MST cloud, the MSTP switch triggers a topology change in the IST instance and in all the MST instances active on that port. 12-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950G 24 | Software Configuration Guide - Page 301
12-21 (optional) • Configuring the Maximum-Hop Count, page 12-21 (optional) • Specifying the Link Type to Ensure Rapid Transitions, page 12-22 (optional) • Restarting the Protocol Migration Process, page 12-22 (optional) 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12 - Cisco 2950G 24 | Software Configuration Guide - Page 302
network into a large number of regions is not recommended. However, if this situation is unavoidable, we recommend that you partition the switched LAN into smaller LANs interconnected by routers or non-Layer 2 devices. 12-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 303
to the number of MST regions in a network, but each region can support up to 16 spanning-tree instances. You can assign a VLAN to only RSTP is also enabled. Step 9 Step 10 Step 11 end show running-config copy running-config startup- Catalyst 2950 Desktop Switch Software Configuration Guide 12-13 - Cisco 2950G 24 | Software Configuration Guide - Page 304
mode, map VLANs 10 to 20 to MST support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. 12-14 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 305
privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst instance-id root global configuration command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12-15 - Cisco 2950G 24 | Software Configuration Guide - Page 306
. This is assuming that the other network switches use the default switch priority of 32768 and therefore are unlikely to become the root switch. For Catalyst 2950 switches without the extended system ID support (software earlier than Release 12.1(9)EA1), the switch priority is changed to 16384. You - Cisco 2950G 24 | Software Configuration Guide - Page 307
configure terminal interface interface-id spanning-tree mst instance-id port-priority priority end show spanning-tree mst interface interface-id or show spanning-tree -id port-priority interface configuration command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12-17 - Cisco 2950G 24 | Software Configuration Guide - Page 308
value is derived from the media speed of the interface. end Return to privileged EXEC mode. show spanning-tree mst interface privileged EXEC command displays information only for ports that are in a link-up operative 12-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 309
steps to configure the switch priority: Step 1 Step 2 Command configure terminal spanning-tree mst instance-id priority priority Step 3 Step 4 Step 5 end show spanning-tree mst commands to modify the hello time. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12-19 - Cisco 2950G 24 | Software Configuration Guide - Page 310
switch. These messages mean that the switch is alive. For seconds, the range is 1 to 10 Step 5 end show seconds a port waits before switch to its default setting, use the no spanning-tree mst forward-time global configuration command. 12-20 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 311
3 Step 4 Step 5 end show spanning-tree mst copy discarded, and the information held for a port is aged. For hop-count, the switch to its default setting, use the no spanning-tree mst max-hops global configuration command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12 - Cisco 2950G 24 | Software Configuration Guide - Page 312
detected-protocols privileged EXEC command. Use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command to restart the protocol migration process on a specific interface. 12-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 313
. The valid VLAN range is 1 to 4094; the valid port-channel range is 1 to 6. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 12-23 - Cisco 2950G 24 | Software Configuration Guide - Page 314
Displaying the MST Configuration and Status Chapter 12 Configuring RSTP and MSTP 12-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 315
the enhanced software image (EI) installed on your switch. For information on configuring tree features work: • Understanding Port Fast, page 13-2 • 10 • Understanding Root Guard, page 13-12 • Understanding Loop Guard, page 13-13 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 316
13-1 Port Fast-Enabled Ports Catalyst 6000 series switch Catalyst 3550 switch Catalyst 2950 or 3550 switch Port Fast-enabled ports Workstations Catalyst 2950 or 3550 Server switch Port Fast-enabled port Workstations 74622 13-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 317
provides a secure response to invalid configurations because you must manually put the port back in service. Use the BPDU guard feature in a service-provider network to prevent an access port from participating in the spanning tree. If your switch is running PVST or MSTP, you can enable the BPDU - Cisco 2950G 24 | Software Configuration Guide - Page 318
Catalyst 3550 switches Root bridge Backbone switches Catalyst 3550 switches Distribution switches 74623 2950 2950 Active link Blocked link 2950 2950 Access switches If a switch looses connectivity, it begins using the alternate paths as soon as the spanning tree selects a new root port - Cisco 2950G 24 | Software Configuration Guide - Page 319
. You enable CSUF by using the spanning-tree stack-port interface configuration command. The CSUF feature is supported only when the switch is running PVST. CSUF might not provide a fast Convergence" section on page 13-7. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 13-5 - Cisco 2950G 24 | Software Configuration Guide - Page 320
100 or 1000 Mbps Stack-root port Alternate stackroot port Alternate stackroot port Switch A Stack port Switch B Stack port Switch C Stack port 49067 Multidrop backbone (GigaStack GBIC stack port to stack members. 13-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 321
failed, is powered on. • A new switch, which might become the stack root, is added to the stack. • A switch other than the stack root is powered off or failed. • A link fails between stack ports on the multidrop backbone. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 13-7 - Cisco 2950G 24 | Software Configuration Guide - Page 322
XL switches, Catalyst 2950 switches with GBIC module slots, and only on modular Catalyst 2900 XL switches that have the 1000BASE-X module installed. • Up to nine stack switches can be connected through their stack ports to the multidrop backbone. Only one stack port per switch is supported. • Each - Cisco 2950G 24 | Software Configuration Guide - Page 323
2 1 2 Catalyst 2950G-48 SYSTEM RPS STATUS UTIL DUPLX SPEED MODE 12 1X 34 2X 56 78 9 10 9 10 9 10 9 10 12 11X1X 34 21X2X 56 78 9 10 9 10 9 10 9 10 12 11X1X 34 21X2X 56 Catalyst 2950 78 9 10 9 10 9 10 9 10 1 1 2 1 65276 78-14982-01 Catalyst 2950 Desktop Switch - Cisco 2950G 24 | Software Configuration Guide - Page 324
2 interface on Switch C that connects directly to Switch B is in the blocking state. Figure 13-7 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 Blocked port Switch C 44963 13-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 325
learns that Switch B is the designated bridge to Switch A, the root switch. Figure 13-9 Adding a Switch in a Shared-Medium Topology Switch A (Root) Switch C Blocked port Switch B (Designated bridge) Added switch 44965 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 13 - Cisco 2950G 24 | Software Configuration Guide - Page 326
guard enabled Service-provider network Desired root switch Enable the root-guard feature on these interfaces to prevent switches in the customer network from becoming the root switch or being in the path to the root. 43578 13-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950G 24 | Software Configuration Guide - Page 327
EI installed on your switch. When the switch is operating in PVST mode, loop guard prevents alternate and root ports from becoming designated ports, and spanning tree does not send BPDUs on root or alternate ports. When the switch -01 Catalyst 2950 Desktop Switch Software Configuration Guide 13-13 - Cisco 2950G 24 | Software Configuration Guide - Page 328
Port Fast on a trunk port. Caution Make sure that there are no loops in the network between the trunk port and the workstation or server before you enable Port Fast on a trunk port. By default, Port Fast is disabled on all ports. 13-14 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 329
. Globally enable BPDU guard. By default, BPDU guard is disabled. Enter interface configuration mode, and specify the interface connected to an end station. Enable the Port Fast feature. Return to privileged EXEC mode. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 13-15 - Cisco 2950G 24 | Software Configuration Guide - Page 330
configuration mode, and specify the interface connected to an end station. Enable the Port Fast feature. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 13-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 331
switch. You cannot configure UplinkFast on an individual VLAN. The UplinkFast feature is supported only when the switch converges more slowly after a loss of connectivity. end Return to privileged EXEC mode. show spanning-tree Catalyst 2950 Desktop Switch Software Configuration Guide 13-17 - Cisco 2950G 24 | Software Configuration Guide - Page 332
disable CSUF on an interface, use the no spanning-tree stack-port interface configuration command. To disable UplinkFast on the switch and all its VLANs, use the no spanning-tree uplinkfast global configuration command. 13-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 333
4 end Purpose Enter global configuration mode. Enter interface configuration mode, and specify an interface to configure. Enable root guard on the interface. By default, root guard is disabled on all interfaces. Return to privileged EXEC mode. 78-14982-01 Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 334
Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Determine which ports are alternate or root ports. Enter global configuration mode. guard loop interface configuration command. 13-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 335
of port states or displays the total lines of the spanning-tree state section. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the command reference for this release. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 13 - Cisco 2950G 24 | Software Configuration Guide - Page 336
Displaying the Spanning-Tree Status Chapter 13 Configuring Optional Spanning-Tree Features 13-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 337
you can group end stations even if they are not physically located on the same LAN segment. Any switch port can belong to can support its own implementation of spanning tree. See Chapter 11, "Configuring STP" and Chapter 12, " Catalyst 2950 Desktop Switch Software Configuration Guide 14-1 - Cisco 2950G 24 | Software Configuration Guide - Page 338
Guidelines" section on page 14-5 for more information about the number of spanning-tree instances and the number of VLANs. The switch supports IEEE 802.1Q trunking for sending VLAN traffic over Ethernet ports. 14-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 339
. The VMPS can be a Catalyst 5000 or Catalyst 6000 series switch, for example, but never a Catalyst 2950 switch. You can have dynamic-access ports and trunk ports on the same switch, but you must connect the dynamic-access port to an end station and not to another switch. VTP is required. Configure - Cisco 2950G 24 | Software Configuration Guide - Page 340
EI is installed, you can also create extended-range VLANs (VLANs with IDs from 1006 to 4094), but these VLANs are not saved in the VLAN database. See the "Configuring Extended-Range VLANs" section on page 14-12 manually (Ethernet, Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 341
Creating or Modifying an Ethernet VLAN, page 14-8 • Deleting a VLAN, page 14-10 • Assigning Static-Access Ports to a VLAN, page 14-11 Token Ring VLANs Although the switch does not support Token Ring connections, a remote device such as a Catalyst 5000 series switch with Token Ring connections could - Cisco 2950G 24 | Software Configuration Guide - Page 342
ports of switches that have used up their allocation of spanning-tree instances. If the number of VLANs on the switch exceeds the number of supported 14-12. VLAN switches in the VTP domain, and the privileged EXEC mode prompt appears. 14-6 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 343
for the first 1005 VLANs use the VLAN database information • If the switch is running IOS Release 12.1(9)EA1 or later and you use an older startup configuration file to boot up the is lost when the system boots up. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 14-7 - Cisco 2950G 24 | Software Configuration Guide - Page 344
and Token Ring VLANs are not locally supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global advertisements to other switches. Table 14-2 Ethernet VLAN Defaults and Ranges Parameter VLAN ID VLAN name 802.10 SAID MTU size Translational bridge 1 Translational - Cisco 2950G 24 | Software Configuration Guide - Page 345
4094 when the EI is installed; do on page 14-12. name vlan- Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end Catalyst 2950 Desktop Switch Software Configuration Guide 14-9 - Cisco 2950G 24 | Software Configuration Guide - Page 346
in the switch startup configuration file. To delete a VLAN by using VLAN configuration mode, use the vlan database privileged EXEC command to enter VLAN configuration mode and the no vlan vlan-id VLAN configuration command. 14-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 347
Enter configuration commands, one per line. Switch(config)# interface fastethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 2 Switch(config-if)# end Switch# End with CNTL/Z. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 14-11 - Cisco 2950G 24 | Software Configuration Guide - Page 348
the switch will boot up in VTP transparent mode. Otherwise, you will lose extended-range VLAN configuration if the switch resets. • VLANs in the extended range are not supported by VQP. They cannot be configured by VMPS. 14-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 349
-range VLAN has the default Ethernet VLAN characteristics (see Table 14 switch startup configuration file. Otherwise, if the switch resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 350
VLANs on the switch. Display parameters for all VLANs or the specified VLAN on the switch. For more details about the show command options and explanations of output fields, refer to the command reference for this release. 14-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 351
2950 switch 802.1Q trunk Catalyst 3500 XL switch VLAN2 VLAN2 VLAN1 VLAN3 44962 You can configure a trunk on a single Ethernet interface or on an EtherChannel bundle. For more information about EtherChannel, see Chapter 27, "Configuring EtherChannels." Ethernet trunk interfaces support - Cisco 2950G 24 | Software Configuration Guide - Page 352
• Make sure the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result. 14-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 353
first port to be added to the group. If you change the configuration of one of these parameters, the switch propagates the setting you entered to all ports in the group: - allowed-VLAN list - STP port priority for each VLAN 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 14 - Cisco 2950G 24 | Software Configuration Guide - Page 354
trunking. switchport trunk native vlan vlan-id Specify the native VLAN. end Return to privileged EXEC mode. show interfaces interface-id switchport Display command to configure the port as a static-access port. 14-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 355
configure the Fast Ethernet interface 0/4 as an 802.1Q trunk. The example assumes that the neighbor interface is configured to support 802.1Q trunking. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface fastethernet0/4 Switch(config-if - Cisco 2950G 24 | Software Configuration Guide - Page 356
dependent on the management VLAN. For information about 802.1Q configuration issues, see the "802.1Q Configuration Considerations" section on page 14-16. 14-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 357
10 on Trunk 1. • VLANs 3 through 6 retain the default port priority of 128 on Trunk 1. • VLANs 3 through 6 are assigned a port priority of 10 on Trunk 2. • VLANs 8 through 10 retain the default port priority of 128 on Trunk 2. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 358
VLAN information to Switch 2. Verify that Switch 2 has learned the VLAN configuration. Enter global configuration mode on Switch 1. Enter interface configuration mode, and define the interface to set the STP port priority. 14-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 359
Load-Sharing Trunks with Traffic Distributed by Path Cost Switch 1 Trunk port 1 VLANs 2 - 4 (path cost 30) VLANs 8 - 10 (path cost 19) Trunk port 2 VLANs 8 - 10 (path cost 30) VLANs 2 - 4 (path cost 19) 16591 Switch 2 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 14-23 - Cisco 2950G 24 | Software Configuration Guide - Page 360
end Step 16 exit Step 17 show running-config Step 18 copy running-config startup-config Purpose Enter global configuration mode on Switch 1. Enter interface configuration mode, and define Fast Ethernet port page 14-28 14-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 361
on the VMPS secure mode setting). Multiple hosts (MAC addresses) can be active on a dynamic port if they are all in the same VLAN; however, the VMPS shuts down a dynamic port if more than 20 hosts are active on the port. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 14-25 - Cisco 2950G 24 | Software Configuration Guide - Page 362
Fast Ethernet port 4 on member switch 3. When port names are required, these naming conventions must be followed in the VMPS database configuration file when it is configured to support a cluster. This example shows a example of a VMPS database configuration file as it appears on a Catalyst 6000 - Cisco 2950G 24 | Software Configuration Guide - Page 363
on client switches. Table 14-6 Default VMPS Client and Dynamic Port Configuration Feature VMPS domain server VMPS reconfirm interval VMPS server retry count Dynamic ports Default Setting None 60 minutes 3 None configured 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 14 - Cisco 2950G 24 | Software Configuration Guide - Page 364
the IP Address of the VMPS You must first enter the IP address of the server to configure the switch as a client. Note If the VMPS is being defined for a cluster of switches, enter the address on the command switch. 14-28 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 365
switchport mode (dynamic desirable), use the no switchport mode interface configuration command. To reset the access mode to the default VLAN for the switch, use the no switchport access interface configuration command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 14-29 - Cisco 2950G 24 | Software Configuration Guide - Page 366
dynamic port VLAN membership assignments that the switch 10; the default is 3. Return to privileged EXEC mode. Verify your entry in the Server Retry Count field of the display. (Optional) Save your entries in the configuration file. 14-30 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 367
shuts down the port to prevent the host from connecting to the network. • More than 20 active hosts reside on a dynamic port. To re-enable a disabled dynamic port, enter the no shutdown interface configuration command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 14-31 - Cisco 2950G 24 | Software Configuration Guide - Page 368
Ethernet segment (Trunk link) Switch 5 172.20.26.154 Switch 6 172.20.26.155 Switch 7 172.20.26.156 End station 2 Switch 8 Dynamic-access port Switch 9 Secondary VMPS Server 3 Switch 10 172.20.26.157 Client 172.20.26.158 Trunk port 172.20.26.159 30769 14-32 Catalyst 2950 Desktop Switch - Cisco 2950G 24 | Software Configuration Guide - Page 369
image (EI) is installed. This section contains information about these VTP parameters: • The VTP Domain, page 15-2 • VTP Modes, page 15-3 • VTP Advertisements, page 15-3 • VTP Version 2, page 15-4 • VTP Pruning, page 15-4 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 15-1 - Cisco 2950G 24 | Software Configuration Guide - Page 370
are saved in the switch running configuration and can be saved to the switch startup configuration file. For domain name and password configuration guidelines, see the "VTP Configuration Guidelines" section on page 15-8. 15-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 371
trunk ports, see the "Configuring VLAN Trunks" section on page 14-15. VTP advertisements distribute this global domain information: • VTP domain name • VTP configuration revision number • Update identity and update timestamp 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 15 - Cisco 2950G 24 | Software Configuration Guide - Page 372
VLAN configuration information specific to the VLAN Value (TLV) support-A VTP server Switch 1, Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN. 15-4 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 373
always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 15-5 - Cisco 2950G 24 | Software Configuration Guide - Page 374
Mode), page 15-12 • Enabling VTP Version 2, page 15-13 • Enabling VTP Pruning, page 15-14 • Adding a VTP Client Switch to a VTP Domain password VTP pruning Default Setting Null. Server. Version 2 is disabled. None. Disabled. 15-6 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 375
to set the VTP password, the version, the VTP switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 376
VLAN configuration information to other switches and to learn the VLANs enabled on the network, you must configure the switch with the correct domain name and domain password and change the VTP mode to VTP server. 15-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 377
you must configure a trunk port so that the switch can send and receive VTP switches operating in VTP server or client mode under the same administrative responsibility must be configured with the same domain name. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 378
the display. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. To return the switch to a no-password state, use the no vtp password VLAN configuration command. 15-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 379
server mode. To return the switch to a no-password state, use the no vtp password global configuration command. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 15-11 - Cisco 2950G 24 | Software Configuration Guide - Page 380
mode, use the no vtp mode global configuration command. Note If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You receive an error message, and the configuration is not allowed. 15-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 381
on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version mode VLAN configuration command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 15-13 - Cisco 2950G 24 | Software Configuration Guide - Page 382
Step 3 end Step 4 . Pruning is supported with VTP version ports. Reserved VLANs and extended-range VLANs cannot be pruned. To change the pruning-eligible VLANs, see the "Changing the Pruning-Eligible List" section on page 14-20. 15-14 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 383
return to privileged EXEC mode. After resetting the configuration revision number, add the switch to the VTP domain. Note You switch, and then change its VLAN information without affecting the other switches in the VTP domain. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 384
EXEC command: Switch# show vtp status VTP Version : 2 Configuration Revision : 25 Maximum VLANs supported locally : at 3-1-93 00:18:42 Local updater ID is 10.1.1.59 on interface Vl1 (lowest numbered VLAN interface found) Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 385
to these devices: • Port 1 connects to the switch or other voice-over-IP (VoIP) device. • Port 2 is an internal 10/100 interface that carries the IP phone traffic. • Port 3 (access port) connects to a PC or other device. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 16-1 - Cisco 2950G 24 | Software Configuration Guide - Page 386
-1 shows one way to connect a Cisco 7960 IP Phone. Figure 16-1 Cisco 7960 IP Phone Connected to a Switch Cisco IP Phone 7960 Phone ASIC Catalyst 2950 or P2 PC 3550 switch P1 3-port P3 switch Access port 74710 When the IP phone connects to the switch, the access port (PC-to-telephone jack) of - Cisco 2950G 24 | Software Configuration Guide - Page 387
Port to Connect to a Cisco 7960 IP Phone Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco 7960 IP Phone can carry mixed traffic. You can configure the port -01 Catalyst 2950 Desktop Switch Software Configuration Guide 16-3 - Cisco 2950G 24 | Software Configuration Guide - Page 388
voice VLAN entries. copy running-config startup-config (Optional) Save your entries in the configuration file. To return the port to its default setting, use the no switchport voice vlan interface configuration command. 16-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 389
Cisco 7960 IP Phone port. The PC can generate packets with an assigned CoS value. You can configure the switch to override the priority of frames arriving on the IP phone port is 0. end Return port to its default setting. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 16-5 - Cisco 2950G 24 | Software Configuration Guide - Page 390
priority extend trust Set the IP phone access port to trust the priority received from the PC or the attached device. end Return to privileged EXEC mode. show interfaces refer to the command reference for this release. 16-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 391
LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17-1 - Cisco 2950G 24 | Software Configuration Guide - Page 392
port spanning-tree, a port group, or a VLAN ID change occurs, the IGMP snooping-learned multicast groups from this port on the VLAN are deleted. The switches support a maximum of 255 IP multicast groups and support 17-1. 17-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 393
is not flooded to other ports on the switch. Any known multicast traffic is forwarded to the group and not to the CPU. Any unknown multicast traffic is flooded to the VLAN and sent to the CPU until it becomes known. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17-3 - Cisco 2950G 24 | Software Configuration Guide - Page 394
connected to that interface are interested in traffic for the specific multicast group. The switch then updates the forwarding table for that MAC group so switched network, even when multiple multicast groups are simultaneously in use. 17-4 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 395
to a port, some hosts might be inadvertently dropped. Immediate Leave is supported with only IGMP version 2 hosts. Configuring IGMP Snooping IGMP snooping allows switches to examine enable or disable VLAN snooping. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17-5 - Cisco 2950G 24 | Software Configuration Guide - Page 396
terminal ip igmp snooping vlan vlan-id end copy running-config startup-config Purpose Enter global ports through only PIM-DVMRP packets, use the ip igmp snooping vlan vlan-id mrouter learn pim-dvmrp global configuration command. 17-6 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 397
pim-dvmrp} Step 3 Step 4 Step 5 end show ip igmp snooping copy running-config startup-config Configuring a Multicast Router Port To add a multicast router port (add a static EI is installed; do not enter leading zeros. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17-7 - Cisco 2950G 24 | Software Configuration Guide - Page 398
(Optional) Save your entries in the configuration file. To remove the Layer 2 port from the multicast group, use the no ip igmp snooping vlan vlan-id static mac-address interface interface-id global configuration command. 17-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 399
-Source-Only Learning The IP multicast-source-only learning method is enabled by default. The switch learns the IP multicast group from the IP multicast data stream and only forwards traffic to the multicast router ports. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17-9 - Cisco 2950G 24 | Software Configuration Guide - Page 400
no service password-encryption ! hostname Switch ! enable password my_password ! ip subnet-zero no ip igmp snooping source-only-learning ! ! spanning-tree extend system-id no spanning-tree vlan 1 ! ! interface FastEthernet0/1 no ip address ! 17-10 Catalyst 2950 Desktop Switch - Cisco 2950G 24 | Software Configuration Guide - Page 401
statically configured router ports and VLAN manually configured multicast router interfaces. Note When you enable IGMP snooping, the switch 10 ---------IGMP snooping is globally enabled IGMP snooping is enabled on this Vlan 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 402
specific VLAN interface: Switch# switch: Switch# show mac address-table multicast count Multicast MAC Entries for all vlans: 10 Switch# show mac address-table multicast vlan 1 igmp-snooping count Number of user programmed entries: 2 17-12 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 403
VLAN as a forwarding destination of the specified multicast stream when it is received from the multicast VLAN. Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17-13 - Cisco 2950G 24 | Software Configuration Guide - Page 404
only on receiver ports to which a single receiver device is connected. Figure 17-3 Multicast VLAN Registration Example Multicast VLAN Cisco router Catalyst 3550 switch SP SP SP Catalyst 2950 switch SP SP SP1 Multicast data Catalyst 3550 switch S1 Multicast server Catalyst 2950 switch SP SP2 - Cisco 2950G 24 | Software Configuration Guide - Page 405
Multicast VLAN Mode Interface (per port) default Immediate Leave Default Setting Disabled globally and per interface None configured 0.5 second VLAN 1 Compatible Neither a receiver nor a source port Disabled on all ports 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17-15 - Cisco 2950G 24 | Software Configuration Guide - Page 406
from 1 to 100 and the default is 5 tenths or one-half second. (Optional) Specify the VLAN in which multicast data is received; all source ports must belong to this VLAN. The VLAN range is 1 to 4094. The default is VLAN 1. 17-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 407
Enter global configuration mode. Enable MVR on the switch. Enter interface configuration mode, and enter the type and number of the port to configure, for example, gi0/1 or gigabitethernet 0/1 for Gigabit Ethernet port 1. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17-17 - Cisco 2950G 24 | Software Configuration Guide - Page 408
mvr type receiver Switch(config-if)# mvr vlan 22 group 228.1.23.4 Switch(config-if)# mvr immediate Switch(config)# end Switch# show mvr interface gigabitethernet0/2 Type: RECEIVER Status: ACTIVE Immediate Leave: ENABLED 17-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 409
: Switch# show mvr interface Port Type Status ---- ---- Fa0/1 SOURCE ACTIVE/UP Fa0/2 SOURCE ACTIVE/UP Fa0/3 SOURCE ACTIVE/DOWN Fa0/5 SOURCE ACTIVE/DOWN Immediate Leave DISABLED DISABLED DISABLED DISABLED 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17 - Cisco 2950G 24 | Software Configuration Guide - Page 410
the multicast group, the IGMP report from the port is forwarded for normal processing. IGMP filtering controls only group specific query and membership reports, including join and leave that a Layer 2 interface can join. 17-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 411
to be used for filtering IGMP join requests from a port. When you are in IGMP profile configuration mode, address or a range with a start and an end address. The default is for the switch to have no IGMP profiles configured. When a Catalyst 2950 Desktop Switch Software Configuration Guide 17-21 - Cisco 2950G 24 | Software Configuration Guide - Page 412
port that does not belong to an EtherChannel port Switch(config)# interface fastethernet0/12 Switch(config-if)# ip igmp filter 4 Switch(config-if)# end Switch# show running-config interface fastethernet0/12 Building configuration... 17-22 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 413
running-config interface fastethernet0/12 Building configuration... Current configuration : 123 bytes ! interface FastEthernet0/12 no ip address shutdown snmp trap link-status ip igmp max-groups 25 ip igmp filter 4 end 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 17-23 - Cisco 2950G 24 | Software Configuration Guide - Page 414
running-config interface fastethernet0/12 Building configuration... Current configuration : 123 bytes ! interface FastEthernet0/12 no ip address shutdown snmp trap link-status ip igmp max-groups 25 ip igmp filter 4 end 17-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 415
-1 • Configuring Protected Ports, page 18-3 • Configuring Port Security, page 18-4 • Displaying Port-Based Traffic Control Settings, page 18-12 Configuring Storm Control These the broadcast, multicast, or unicast traffic. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 18-1 - Cisco 2950G 24 | Software Configuration Guide - Page 416
port end Return to privileged EXEC mode. show storm-control [interface] [{broadcast Verify your entries. | history | multicast | unicast}] copy running-config startup-config (Optional) Save your entries in the configuration file. 18-2 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 417
CPE device ports. You can do this with the cpe protected command. Devices connected to different ports on the same CPE cannot exchange data directly between each other without being forwarded by an Layer 3 device. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 18-3 - Cisco 2950G 24 | Software Configuration Guide - Page 418
page 18-5 • Default Port Security Configuration, page 18-7 • Port Security Configuration Guidelines, page 18-7 • Enabling and Configuring Port Security, page 18-7 • Enabling and Configuring Port Security Aging, page 18-10 18-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 419
device ensures that the device has the full bandwidth of the port. The switch supports these types of secure MAC addresses: • Static secure MAC addresses-These are manually configured by using the switchport port-security mac-address mac-address interface configuration command, stored in the - Cisco 2950G 24 | Software Configuration Guide - Page 420
allowed on the port, packets with recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shutdown interface configuration commands. This is the default mode. 18-6 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 421
port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually port. Enable port security on the interface. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 422
port-security mac-address sticky switchport port-security mac-address sticky mac-address Step 10 end Step 11 show port-security show port-security address show port-security interface interface-id Step 12 file. 18-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 423
to enable port security on Fast Ethernet port 1 and to set the maximum number of secure addresses to 50. The violation mode is the default, no static secure MAC addresses are configured, and sticky learning is enabled. Switch# configure terminal Enter configuration commands, one per line. End with - Cisco 2950G 24 | Software Configuration Guide - Page 424
port without manually deleting the existing secure MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the aging of statically-configured secure addresses on a per-port basis. 18-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950G 24 | Software Configuration Guide - Page 425
switchport port-security aging type inactivity Switch(config-if)# switchport port-security aging static You can verify the previous commands by entering the show port-security interface interface-id privileged EXEC command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 18 - Cisco 2950G 24 | Software Configuration Guide - Page 426
, and the violation mode. show port-security [interface interface-id] address Displays all secure MAC addresses configured on all switch interfaces or on a specified interface with aging information for each address. 18-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 427
and whether traffic is flowing bidirectionally between the correct neighbors. This check cannot be performed by autonegotiation because autonegotiation operates at Layer 1. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 19-1 - Cisco 2950G 24 | Software Configuration Guide - Page 428
Switch A TX RX Switch B successfully receives traffic from Switch A on this port. However, Switch A does not receive traffic from Switch B on the same port. UDLD detects the problem and disables the port. TX RX Switch B 43583 19-2 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 429
fiber-optic interfaces Disabled on all Ethernet 10/100 and 1000BASE-TX interfaces Disabled A UDLD-capable interface also cannot detect a unidirectional link if it is connected to a UDLD-incapable port of another switch. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 19-3 - Cisco 2950G 24 | Software Configuration Guide - Page 430
the "Enabling UDLD on an Interface" section on page 19-4. end Return to privileged EXEC mode. show udld Verify your entries. copy mode UDLD on all fiber-optic ports. Use the no udld aggressive global configuration command to disable 19-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 431
aggressive | enable} Step 4 Step 5 Step 6 end show udld interface-id copy running-config startup-config command setting. This command is not supported on non-fiber-optic interfaces. Resetting an Interface Shut Down by UDLD Beginning in Catalyst 2950 Desktop Switch Software Configuration Guide 19-5 - Cisco 2950G 24 | Software Configuration Guide - Page 432
show udld [interface-id] privileged EXEC command. For detailed information about the fields in the display, refer to the command reference for this release. 19-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 433
The switch uses CDP to find cluster candidates and maintain information about cluster members and other devices up to three cluster-enabled devices away from the command switch by default. The switch supports CDP version 2. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 20 - Cisco 2950G 24 | Software Configuration Guide - Page 434
4 cdp advertise-v2 Step 5 end Purpose Enter global configuration mode. 10 to 255 seconds; the default is 180 seconds. (Optional) Configure CDP to send version-2 advertisements. This is the default state. Return to privileged EXEC mode. 20-2 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 435
these steps to enable CDP when it has been disabled: Step 1 Step 2 Step 3 Command configure terminal cdp run end Purpose Enter global configuration mode. Enable CDP after disabling it. Return to privileged EXEC mode. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 20-3 - Cisco 2950G 24 | Software Configuration Guide - Page 436
configuration file. This example shows how to enable CDP on an interface when it has been disabled. Switch# configure terminal Switch(config)# interface fastethernet0/5 Switch(config-if)# cdp enable Switch(config-if)# end 20-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 437
of the output from the show cdp privileged EXEC commands: Switch# show cdp Global CDP information: Sending CDP packets every 50 seconds Sending a holdtime value of 120 seconds Sending CDPv2 advertisements is enabled 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 20-5 - Cisco 2950G 24 | Software Configuration Guide - Page 438
Monitoring and Maintaining CDP Chapter 20 Configuring CDP 20-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 439
, in Figure 21-1, all traffic on port 5 (the source port) is mirrored to port 10 (the destination port). A network analyzer on port 10 receives all network traffic from port 5 without being physically attached to port 5. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 21-1 - Cisco 2950G 24 | Software Configuration Guide - Page 440
or sent by the source interfaces are sent to the destination interface. Except for traffic that is required for the SPAN or RSPAN session, reflector ports and destination ports do not receive or forward traffic. 21-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 441
processing have no effect on SPAN; the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), IP 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 21-3 - Cisco 2950G 24 | Software Configuration Guide - Page 442
is sent to the destination port. This feature affects only traffic forwarded to the destination SPAN port and does not affect the switching of normal traffic. This feature is not allowed in sessions with VLAN sources. 21-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 443
looped-back traffic on a reflector port is the RSPAN VLAN. • The reflector port loops back untagged traffic to the switch. The traffic is then placed on the RSPAN VLAN and flooded to any trunk ports that carry the RSPAN VLAN. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 444
is switched to a2, both incoming and outgoing packets are sent to destination port d1. Both packets are the same (unless a Layer-3 rewrite occurs, in which case the packets are different because of the added Layer 3 information). 21-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950G 24 | Software Configuration Guide - Page 445
port. • You can enable 802.1X on a port that is a SPAN destination or reflector port; however, 802.1X is disabled until the port is removed as a SPAN destination or reflector port. You can enable 802.1X on a SPAN source port. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 446
1X is disabled until the port is removed as a SPAN destination or reflector port. • For SPAN source ports, you can monitor transmitted traffic for a single port and received traffic for a series or range of ports or VLANs. 21-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 447
at the same time. • You can limit SPAN traffic to specific VLANs by using the filter vlan keyword. If a trunk port is being monitored, only traffic on the VLANs specified with this keyword remove all remote SPAN sessions. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 21-9 - Cisco 2950G 24 | Software Configuration Guide - Page 448
port 10. Switch(config)# no monitor session 1 Switch(config)# monitor session 1 source interface fastEthernet0/1 Switch(config)# monitor session 1 destination interface fastEthernet0/10 encapsulation dot1q Switch(config)# end 21-10 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 449
the encapsulation type back to the Switch(config)# no monitor session 1 source interface fastEthernet0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 450
all ports belonging to VLAN 10. Switch(config)# no monitor session 2 Switch(config)# monitor session 2 source vlan 1 - 3 rx Switch(config)# monitor session 2 destination interface gigabitethernet0/7 Switch(config)# monitor session 2 source vlan 10 rx Switch(config)# end 21-12 Catalyst 2950 Desktop - Cisco 2950G 24 | Software Configuration Guide - Page 451
2 Switch(config)# monitor session 2 source interface gigabitethernet0/4 rx Switch(config)# monitor session 2 filter vlan 1 - 5 , 9 Switch(config)# monitor session 2 destination interface gigabitethernet0/8 Switch(config)# end 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 452
as an RSPAN VLAN as long as these conditions are met: - No access port is configured in the RSPAN VLAN. - The same RSPAN VLAN is used for an RSPAN session in all the switches. - All participating switches support RSPAN. 21-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 453
remote vlan vlan-id reflector-port interface end Purpose Enter global configuration mode. port. For interface, specify the interface that will flood the RSPAN traffic onto the RSPAN VLAN. Return to privileged EXEC mode. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 454
901 as the source remote VLAN and port 5 as the destination interface: Switch(config)# monitor session 1 source remote vlan 901 Switch(config)# monitor session 1 destination interface fastEthernet0/5 Switch(config)# end 21-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 455
for bidirectional monitoring: Switch(config)# no monitor session 1 source interface fastEthernet0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 21-17 - Cisco 2950G 24 | Software Configuration Guide - Page 456
(config)# monitor session 2 source vlan 1 - 3 rx Switch(config)# monitor session 2 destination remote vlan 902 reflector-port gigabitethernet0/7 Switch(config)# monitor session 2 source vlan 10 rx Switch(config)# end 21-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 457
RSPAN source traffic to specific VLANs: Step 1 Step Switch(config)# monitor session 2 filter vlan 1 - 5 , 9 Switch(config)# monitor session 2 destination remote vlan 902 reflector-port gigabitethernet0/8 Switch(config)# end 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 458
: None Both: None Source VLANs: RX Only: None TX Only: None Both: None Source RSPAN VLAN: None Destination Ports: None Encapsulation: Native Reflector Port: Fa0/4 Filter VLANs: None Dest RSPAN VLAN: 901 21-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 459
your switch. RMON is a standard monitoring specification that Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. switch to monitor all the traffic flowing among switches on all connected LAN segments. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 460
and statistic collection enabled. Catalyst 2950 switch Catalyst 3550 switch 74602 Workstations Workstations The switch supports these RMON groups (defined in RFC 1757): • Statistics (RMON group 1)-Collects Ethernet, Fast Ethernet, and Gigabit Ethernet statistics on an interface. • History - Cisco 2950G 24 | Software Configuration Guide - Page 461
supported on the switch. Configuring RMON Alarms and Events You can configure your switch switch to access RMON MIB objects. For more information, see Chapter 24 and one for when the alarm is reset. The range for the rising threshold and Catalyst 2950 Desktop Switch Software Configuration Guide 22-3 - Cisco 2950G 24 | Software Configuration Guide - Page 462
string used for this trap. end Return to privileged EXEC mode. is reset and can be triggered again. Switch(config)# rmon alarm 10 ifEntry.20 Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones 22-4 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 463
in privileged EXEC mode, follow these steps to collect group Ethernet statistics on an interface: Step 1 Step 2 Step group of statistics. end Return to privileged EXEC mode. show running-config Verify your entries. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 22-5 - Cisco 2950G 24 | Software Configuration Guide - Page 464
switch statistics table. (Optional) Save your entries in the configuration file. To disable the collection of group Ethernet statistics refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. 22-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982- - Cisco 2950G 24 | Software Configuration Guide - Page 465
server. The switch software saves syslog messages in an internal buffer. You can remotely monitor system messages by accessing the switch through Telnet, through the console port, or by viewing the logs on a syslog server. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 23-1 - Cisco 2950G 24 | Software Configuration Guide - Page 466
only if the service timestamps log supported facilities, see Table 23-4 on page 23-12. severity Single-digit code from 0 to 7 that is the severity of the message. For a description of the severity levels, see Table 23-3 on page 23-9. 23-2 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 467
levels; see Table 23-3 on page 23-9). 4096 bytes. 1 message. Disabled. Disabled. Disabled. None configured. Local7 (see Table 23-4 on page 23-12). Informational (and numerically lower levels; see Table 23-3 on page 23-9). 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 23-3 - Cisco 2950G 24 | Software Configuration Guide - Page 468
configure terminal no logging on end show running-config or show you can send messages to specific locations in addition to switch; however, this value is the maximum available, and the buffer size should not be set to this amount. 23-4 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 469
steps, see the "Configuring UNIX Syslog Servers" section on page 23-10. Store log messages in a file in Flash memory. • For and do not remain in effect after the session has ended. You must perform this step for each session to see 01 Catalyst 2950 Desktop Switch Software Configuration Guide 23-5 - Cisco 2950G 24 | Software Configuration Guide - Page 470
specific console port end Purpose Enter global configuration mode. Specify the line to be configured for synchronous logging of messages. • Use the console keyword for configurations that occur through the switch console port Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 471
by vty2 (10.34.195.36) This example shows part of a logging display with the service timestamps log uptime global configuration command enabled: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 23-7 - Cisco 2950G 24 | Software Configuration Guide - Page 472
Step 2 Step 3 Step 4 Step 5 Command configure terminal service sequence-numbers end show running-config copy running-config startup-config Purpose Enter Servers" section on page 23-10. Return to privileged EXEC mode. 23-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 473
for information; switch functionality is not affected. • Reload requests and low-process stack messages, displayed at the informational level. This message is only for information; switch functionality is not affected. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 23-9 - Cisco 2950G 24 | Software Configuration Guide - Page 474
table. The default is to store one message. The range is 1 to 500 messages. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup- the UNIX system logging facility. 23-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 475
/syslog.conf: local7.debug /usr/adm/logs/cisco.log The local7 keyword specifies the logging facility to be used; see Table 23-4 on page 23-12 for information on the facilities. The debug keyword 23-9 for level keywords. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 23-11 - Cisco 2950G 24 | Software Configuration Guide - Page 476
system facilities supported by the Cisco IOS software. For more information about these facilities, consult the operator's manual for your to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. 23-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 477
, or other significant events. This section includes information about these topics: • SNMP Versions, page 24-2 • SNMP Manager Functions, page 24-3 • SNMP Agent Functions, page 24-3 • SNMP Community Strings, page 24-4 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 24-1 - Cisco 2950G 24 | Software Configuration Guide - Page 478
security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. Table 24-1 identifies the characteristics of the different combinations of security models and levels. 24-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 479
to support set-request Stores a value in a specific variable. trap An unsolicited message sent port or module goes up or down, when spanning-tree topology changes occur, and when authentication failures occur. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 24 - Cisco 2950G 24 | Software Configuration Guide - Page 480
Get-request, Get-next-request, Get-bulk, Set-request Network device 43581 SNMP Manager Get-response, traps MIB SNMP Agent For information on supported MIBs and how to access them, see Appendix A, "Supported MIBs." 24-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 481
Groups and Users, page 24-8 • Configuring SNMP Notifications, page 24-10 • Setting the Agent Contact and Location Information, page 24-13 • Limiting TFTP Servers Used Through SNMP, page 24-13 • SNMP Examples, page 24-14 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 24-5 - Cisco 2950G 24 | Software Configuration Guide - Page 482
affects all users associated with that group. Refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 for information about when you should configure notify views. when the engine ID changes. 24-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 483
2C, and version 3) on the device. No specific IOS command exists to enable SNMP. The first snmp string. • For string, specify a string that acts like a password and permits access to the SNMP protocol. You can configure one or Catalyst 2950 Desktop Switch Software Configuration Guide 24-7 - Cisco 2950G 24 | Software Configuration Guide - Page 484
value for the community string). To remove a specific community string, use the no snmp-server community switch. You can configure an SNMP server group that maps SNMP users to SNMP views, and you can add new users to the SNMP group. 24-8 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 485
, specify the ip-address of the device that contains the remote copy of SNMP and the optional UDP port on the remote device. The default is 162. snmp-server group groupname {v1 | v2c | v3 is the name of the access list. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 24-9 - Cisco 2950G 24 | Software Configuration Guide - Page 486
Description Generates a trap for Catalyst 2950-specific notifications. Generates a trap when the cluster configuration changes. Generates a trap for SNMP configuration changes. Generates a trap for SNMP entity changes. 24-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 487
for SNMP syslog notifications. Sends Cisco enterprise-specific notifications when a Transmission Control groupname remote host [udp-port port] {v1 | v2c | v3 [auth {md5 | sha} auth-password]} [encrypted] [access access . 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 24-11 - Cisco 2950G 24 | Software Configuration Guide - Page 488
, to the host. To disable informs, use the no snmp-server host informs global configuration command. To disable a specific trap type, use the no snmp-server enable traps notification-types global configuration command. 24-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 489
-server contact text Step 3 snmp-server location text Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Set the deny statement for everything. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 24-13 - Cisco 2950G 24 | Software Configuration Guide - Page 490
example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public 24-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 491
the fields in the output displays, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. Table 24-5 Commands for Displaying SNMP Information Feature show snmp in the SNMP users table. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 24-15 - Cisco 2950G 24 | Software Configuration Guide - Page 492
Displaying SNMP Status Chapter 24 Configuring SNMP 24-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 493
chapter, refer to the command reference for this release and the "Configuring IP Services" section of the Cisco IOS IP and IP Routing Configuration Guide and the Command Reference for IOS Release 12.1. This chapter consists of these sections: • Understanding ACLs, page 25-2 • Configuring ACLs, page - Cisco 2950G 24 | Software Configuration Guide - Page 494
a network, but to prevent another host from accessing the same part. In Figure 25-1, ACLs applied at the switch input allow Host A to access the Human Resources network, but prevent Host B from accessing the same network. 25-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 495
the first and second ACEs in the examples, the eq keyword after the destination address means to test for the TCP-destination-port well-known numbers equaling Simple Mail Transfer Protocol (SMTP) and Telnet, respectively. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 25-3 - Cisco 2950G 24 | Software Configuration Guide - Page 496
packet is TCP and that the destination is 10.1.1.1.) • Packet B is from host 10.2.2.2, port 65001, going to host 10.1.1.2 on the Telnet port. If this packet is fragmented, the first simultaneously to define a flow. 25-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 497
configuration is consistent with other Cisco Catalyst switches. However, there are significant restrictions for configuring ACLs on the switches. Only four user-defined masks can be defined for the entire system. These can be used for either security or quality of service (QoS) but cannot be shared - Cisco 2950G 24 | Software Configuration Guide - Page 498
information about the commands, refer to the Cisco IOS IP and IP Routing Command Reference for IOS Release 12.1. For a list of IOS features not supported on the switch, see the "Unsupported Features" section on page 25-7. 25-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 499
name and access conditions. Step 2 Apply the ACL to interfaces or terminal lines. The software supports these kinds of IP access lists: • Standard IP access lists use source addresses for matching the steps for using them. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 25-7 - Cisco 2950G 24 | Software Configuration Guide - Page 500
using the supported numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP ACL can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete individual entries from a named list. 25-8 Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 501
statement for all packets that it did not find a match for before reaching the end. With standard access lists, if you omit the mask from an associated IP host address ACL specification, 0.0.0.0 is assumed to be the mask. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 25-9 - Cisco 2950G 24 | Software Configuration Guide - Page 502
. 2. No support for type of service (ToS) minimize monetary cost bit. For more details about the specific keywords relative to each protocol, refer to the Cisco IP and IP Routing Command Reference for IOS Release 12.1. 25-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 503
IP Services" section of Cisco IOS IP and IP Routing Configuration Guide and the Command Reference for IOS Release 12.1. You can apply ACLs only to a management interface or the CPU, such as SNMP, Telnet, or web traffic. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 25 - Cisco 2950G 24 | Software Configuration Guide - Page 504
source 0.0.0.0. dscp-Enter to match packets with any of the supported 13 DSCP values (0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use the question mark (?) to see Save your entries in the configuration file. 25-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 505
end. With standard access lists, if you omit the mask from an associated IP host address ACL specification can also be a number in the supported range of access list numbers. That an extended IP ACL can be 100 to 199. The advantage of Catalyst 2950 Desktop Switch Software Configuration Guide 25-13 - Cisco 2950G 24 | Software Configuration Guide - Page 506
. dscp-Enter to match packets with any of the supported 13 DSCP values ( 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use the question mark (?) to section on page 25-15. end Return to privileged EXEC mode. 25-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 507
the end. For standard ACLs, if you omit the mask from an associated IP host address access list specification, application (identified by an IP address mask pair and a port number). • You can control logging messages. ACL entries Catalyst 2950 Desktop Switch Software Configuration Guide 25-15 - Cisco 2950G 24 | Software Configuration Guide - Page 508
Switch(config)# access-list 188 deny tcp any any time-range christmas_2000 Switch(config)# access-list 188 permit tcp any any time-range workhours Switch(config)# end Switch# show access-lists Extended IP access list 188 25-16 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 509
is limited to 100 characters. The Switch(config)# access-list 1 deny 171.69.3.13 For an entry in a named IP ACL, use the remark access-list global configuration command. To remove the remark, use the no form of this command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 510
more information about the supported non-IP protocols in deny any source MAC address or a specific host source MAC address and any destination ip | xns-idp-(a non-IP protocol). end Return to privileged EXEC mode. show access- Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 511
you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied to the interface and permits all packets. Remember this behavior if you use undefined ACLs as a means of network security. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 25-19 - Cisco 2950G 24 | Software Configuration Guide - Page 512
refer to the "Configuring IP Services" section of the Cisco IOS IP and IP Routing Configuration Guide and the Command Reference for IOS Release 12.1. Note The limitations that apply your entries in the configuration file. 25-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 513
specific end Return switch, and you can display the ACLs that have been applied to physical and management interfaces. This section consists of these topics: • Displaying ACLs, page 25-22 • Displaying Access Groups, page 25-23 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 514
20.10.10 Standard IP access list 10 permit 12.12.12.12 Standard IP access list 12 deny 1.3.3.2 Standard IP access list 32 permit 172.20.20.20 Standard IP access list 34 permit 10.24.35.56 permit 23.45.56.34 Extended IP access list 120 25-22 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 515
IP Services" chapter of the Cisco IOS IP and IP Routing Configuration Guide for IOS Release 12.1. Figure 25-2 shows a small networked office with a stack of switches that are connected to a Cisco router. A host is connected to the network through the Internet using a WAN link. 78-14982-01 Catalyst - Cisco 2950G 24 | Software Configuration Guide - Page 516
but allow all other types of access. Figure 25-2 Using Switch ACLs to Control Traffic Internet Workstation Cisco router Catalyst 2950 Catalyst 2950 65289 Catalyst 2950 End workstations This example uses a standard ACL to allow access to a specific Internet host with the address 172.20.128.64 - Cisco 2950G 24 | Software Configuration Guide - Page 517
128.88.0.0 0.0.255.255 eq 25 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group 102 in SMTP uses TCP port 25 on one end of the connection and a random port number on the other end. The same port numbers are used throughout the life of the connection. Mail packets coming - Cisco 2950G 24 | Software Configuration Guide - Page 518
to use outbound Telnet: Switch(config)# ip access-list extended telnetting Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out Switch(config-ext-nacl)# deny tcp 171.69.0.0 0.0.255.255 any eq telnet 25-26 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 519
26-9 "Default QoS Configuration" section on page 26-9 "Configuring Classification Using Port Trust States" section on page 26-10 "Configuring CoS and WRR" section on page 26-27 Note For complete about using this wizard. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 26-1 - Cisco 2950G 24 | Software Configuration Guide - Page 520
you configure the QoS feature, you can select specific network traffic, prioritize it according to its relative Services Code Point (DSCP) value. The supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. 26-2 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 521
all devices along a path provide a consistent per-hop behavior, you can construct an end-to-end QoS solution. Implementing QoS in your network can be a simple or complex task and depends and Marking" section on page 26-6. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 26-3 - Cisco 2950G 24 | Software Configuration Guide - Page 522
(configure the port to trust CoS). Layer 2 802.1Q frame headers carry the CoS value in the three most-significant bits of the Tag Control Information field. CoS values range from 0 for low priority to 7 for high priority. 26-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 523
incoming packet (configure the port to trust DSCP). The switch assigns the same DSCP to supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. • Trust the CoS value (if present) in the incoming packet. The switch Catalyst 2950 Desktop Switch Software Configuration Guide 26-5 - Cisco 2950G 24 | Software Configuration Guide - Page 524
command. When configuring policing and policers, keep these items in mind: • By default, no policers are configured. • Policers can only be configured on a physical port. There is no support for policing at a VLAN level. 26-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 525
the ingress interfaces: - 60 policers are supported on ingress Gigabit-capable Ethernet ports. - 6 policers are supported on ingress 10/100 Ethernet ports. - Granularity for the average burst rate is 1 Mbps for 10/100 ports and 8 Mbps for Gigabit Ethernet ports. • On an interface configured for QoS - Cisco 2950G 24 | Software Configuration Guide - Page 526
defined. CoS and WRR The switch supports four CoS queues for each egress port. For each queue, you can the queue. For example, if one queue has a weight of 3 and another has a weight of 4, three packets are sent from the first Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 527
switch uses the CoS value of incoming packets without modifying the DSCP value. You can configure this by enabling pass-through mode on the port. For more information, see the "Enabling Pass-Through Mode" section on page 26-15. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 528
states: • Configuring the Trust State on Ports within the QoS Domain, page 26-11 • Configuring the CoS Value for an Interface, page 26-13 • Configuring Trusted Boundary, page 26-13 • Enabling Pass-Through Mode, page 26-15 26-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 529
shows a sample network topology. Figure 26-3 Port Trusted States within the QoS Domain Trusted interface Catalyst 3550-12T switch Catalyst 2950 wiring closet Trunk Classification of traffic performed here IP 81163 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 26-11 - Cisco 2950G 24 | Software Configuration Guide - Page 530
switch is running the EI. Note In software releases earlier than Release 12.1(11)EA1, the mls qos trust command is available only when the switch is running the EI. Use the cos keyword if your network is composed of Ethernet -12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 531
connect a Cisco IP phone to a switch port as shown in Figure switch CLI to override the priority of the traffic received from the PC. With this command, you can prevent a PC from taking advantage of a high-priority data queue. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 532
command, the port does not trust the classification of the traffic that it receives, even when it is connected to a Cisco IP phone. Table 26-2 lists the port configuration when an IP phone is present or absent. 26-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 533
QoS Table 26-2 Port Configurations When Trusted Boundary is Enabled Port Configuration When a Cisco IP Phone is Present When a Cisco IP Phone is Absent The port trusts the CoS value , pass-through mode is disabled. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 26-15 - Cisco 2950G 24 | Software Configuration Guide - Page 534
is available only if your switch is running the EI. Configuring a QoS policy typically to specify an ACL entry comment up to 100 characters. Note Deny statements are not supported for QoS ACLs. See the "Classification Based on Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 535
Configuring QoS Step 3 Step 4 Step 5 Command end show access-lists copy running-config startup-config Purpose Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 536
TCP port names only for TCP traffic. • Use UDP port names only for UDP traffic. Enter dscp to match packets with any of the 13 supported DSCP values (0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and privileged EXEC mode. 26-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 537
88.1.2 with TCP port number 25: Switch(config)# access-list are matched. Note Deny statements are not supported for QoS ACLs. See the "Classification | xns-idp (a non-IP protocol). end Return to privileged EXEC mode. show access- Catalyst 2950 Desktop Switch Software Configuration Guide 26-19 - Cisco 2950G 24 | Software Configuration Guide - Page 538
use to match against a specific traffic flow to further classify port] {destination destination-wildcard | host destination | any} [operator port 25-18. Note Deny statements are not supported for QoS ACLs. See the "Classification Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 539
against incoming packets. Separate each value with a space. The supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. Return to privileged EXEC mode. Verify your entries in the input direction. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 26-21 - Cisco 2950G 24 | Software Configuration Guide - Page 540
[operator port] {destination destination-wildcard | host destination | any} [operator port] [ supported. The switch does not filter traffic based on the policy map defined by the class class-default policy-map configuration command. 26-22 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 541
18, 24, 26, 32, 34, 40, 46, 48, and 56. Step 6 police rate-bps burst-byte [exceed-action {drop | dscp dscp-value}] Define a policer for the classified traffic. You can configure up to 60 policers on ingress Gigabit-capable Ethernet ports and up to 6 policers on ingress 10/100 Ethernet ports. For - Cisco 2950G 24 | Software Configuration Guide - Page 542
only if your switch is running the EI. This section describes how to configure the CoS maps: • Configuring the CoS-to-DSCP Map, page 26-25 • Configuring the DSCP-to-CoS Map, page 26-26 All the maps are globally defined. 26-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 543
CoS-to-DSCP map: Switch# configure terminal Switch(config)# mls qos map cos-dscp 8 8 8 8 24 32 56 56 Switch(config)# end Switch# show mls qos maps cos-dscp Cos-dscp map: cos: 0 1 2 3 4 5 6 7 dscp: 8 8 8 8 24 32 56 56 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 26-25 - Cisco 2950G 24 | Software Configuration Guide - Page 544
CoS mapping is the default. Switch(config)# mls qos map dscp-cos 26 48 to 7 Switch(config)# exit Switch# show mls qos maps dscp-cos Dscp-cos map: dscp: 0 8 10 16 18 24 26 32 34 40 46 48 56 cos: 0 1 1 2 2 3 7 4 4 5 5 7 7 26-26 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 545
. Assign WRR weights to the four CoS queues. (Ranges for the WRR values are 1 to 255.) Return to privileged EXEC mode. Step 4 show wrr-queue bandwidth Display the WRR bandwidth allocation for the CoS priority queues. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 26-27 - Cisco 2950G 24 | Software Configuration Guide - Page 546
WRR bandwidth allocation for the CoS priority queues. 1. Available only on a switch running the EI. 2. You can define up to 13 DSCP values for which byte or packet are called masks in the switch CLI commands and output. 26-28 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 547
link Gigabit Ethernet 0/5 Catalyst 3550-12G switch Gigabit Ethernet 0/2 Trunk link Gigabit Ethernet 0/2 Intelligent wiring closet Catalyst 2950 switches Video server 172.20.10.16 Gigabit Ethernet 0/1 End stations 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 26-29 - Cisco 2950G 24 | Software Configuration Guide - Page 548
which supports the QoS-based IEEE 802.1P CoS values. QoS classifies frames by assigning priority-indexed CoS values to them and gives preference to higher-priority traffic. Recall that on the Catalyst 2900 and 3500 XL switches, you can classify untagged (native) Ethernet frames at the ingress ports - Cisco 2950G 24 | Software Configuration Guide - Page 549
a higher WRR weight to queue 4. Configure the CoS-to-egress-queue map so that CoS values 6 and 7 select queue 4. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 26-31 - Cisco 2950G 24 | Software Configuration Guide - Page 550
QoS Configuration Examples Chapter 26 Configuring QoS 26-32 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 551
recovery Ethernet or Gigabit Ethernet links bundled into a single logical link as shown in Figure 27-1. The EtherChannel provides full-duplex bandwidth up to 800 Mbps (Fast EtherChannel) or 2 Gbps (Gigabit EtherChannel) between your switch and another switch or host. 78-14982-01 Catalyst 2950 - Cisco 2950G 24 | Software Configuration Guide - Page 552
Gigabit EtherChannel Catalyst 3550-12T switch 1000BASE-X 1000BASE-X Catalyst 3550-12T switch Catalyst 2950G-24 switch 10/100 Switched links 10/100 Switched links 74618 Workstations Workstations Each EtherChannel can consist of up to eight compatibly configured Ethernet interfaces. All - Cisco 2950G 24 | Software Configuration Guide - Page 553
SYST RPS STAT UTIL DUPLX SPEED MODE 1 1X 23 45 67 8 9 10 11 12 11X 2X 12X 13 13X 14 15 16 17 18 19 20 21 22 23 24 23X 14X 24X 10/100 ports Physical ports 1 Catalyst 2950 SERIES 2 GBIC module slots After you configure an EtherChannel, configuration changes applied to the - Cisco 2950G 24 | Software Configuration Guide - Page 554
to on (manual configuration). All ports configured in switch port from ever becoming operational; however, the silent setting allows PAgP to operate, to attach the interface to a channel group, and to use the interface for transmission. 27-4 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 555
selection based on the destination- MAC address of the packet The switch supports up to eight ports in a PAgP group. PAgP Interaction with Other Features The Dynamic Trunking Protocol (DTP) and Cisco Discovery Protocol (CDP) send and receive packets over the physical interfaces in the EtherChannel - Cisco 2950G 24 | Software Configuration Guide - Page 556
in better load balancing. Figure 27-3 Load Distribution and Forwarding Methods Catalyst 2950 or 3550 switch with source-based forwarding enabled EtherChannel Cisco router with destination-based forwarding enabled 74619 27-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 557
page 27-8 • Configuring EtherChannel Load Balancing, page 27-10 • Configuring the PAgP Learn Method and Priority, page manually configured, is not supported on the Catalyst 2950 LRE ports; the PAgP-enabled version is supported. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 558
the Ethernet interfaces with the channel-group interface configuration command, which creates the port-channel logical interface. Note Layer 2 interfaces must be connected and functioning for IOS to create port-channel interfaces. 27-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950G 24 | Software Configuration Guide - Page 559
end compatibly configured Ethernet interfaces. For switch and its partner, see the "PAgP Modes" section on page 27-4. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 560
configuration command is set to on, set the load-distribution method based on the source-MAC address by using the port-channel load-balance src-mac global configuration command. end Return to privileged EXEC mode. 27-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 561
ports. For compatibility with Catalyst 1900 series switches, configure the Catalyst 2950 switches for source-MAC load distribution. The Catalyst 2950 switch supports address learning only on aggregate ports even though the physical-port Catalyst 2950 Desktop Switch Software Configuration Guide 27-11 - Cisco 2950G 24 | Software Configuration Guide - Page 562
Displaying EtherChannel and PAgP Status Chapter 27 Configuring EtherChannels 27-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 563
Interface Converter (GBIC) problems, you must have the enhanced software image (EI) installed on your switch. Note For complete syntax and usage information for the commands used in this chapter, refer to the command reference for this release and the Cisco IOS Command Summary for Release 12.1. This - Cisco 2950G 24 | Software Configuration Guide - Page 564
frames received by a port. It excludes frames received with errors, with multicast or broadcast destination addresses, or with oversized or undersized frames. Also excluded are frames discarded or without a destination. 28-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 565
Chapter 28 Troubleshooting LRE Statistics Table 28-1 Ethernet Port Statistics (continued) Statistic Type Multicast Frames Broadcast Frames Discarded Frames Alignment than the maximum sized frame (of length 1518 bytes). 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 28-3 - Cisco 2950G 24 | Software Configuration Guide - Page 566
Statistics Chapter 28 Troubleshooting Table 28-2 LRE errors being received on the CPE RJ-11 wall port. Table 28-3 CPE Ethernet Link Statistics Counter Transmit Bytes Unicast Frames Multicast Frames transmission attempt. 28-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 567
Chapter 28 Troubleshooting LRE Statistics Table 28-3 CPE Ethernet Link Statistics The total number of well-formed multicast frames received by a port. It excludes frames received with errors, with unicast or broadcast 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 28-5 - Cisco 2950G 24 | Software Configuration Guide - Page 568
port. For more information, refer to the switch hardware installation guide. Note You can configure your switch for Telnet by following the procedure in the "Accessing the CLI" section on page 2-10. Step 2 Set the line speed on the emulation software to 9600 baud. 28-6 Catalyst 2950 Desktop Switch - Cisco 2950G 24 | Software Configuration Guide - Page 569
dialog? [yes/no]: N Step 11 At the switch prompt, change to privileged EXEC mode: switch> enable Step 12 Rename the configuration file to its original name: switch# rename flash:config.text.old flash:config.text 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide 28-7 - Cisco 2950G 24 | Software Configuration Guide - Page 570
for replacing a failed command switch: • Replacing a failed command switch with a cluster member • Replacing a failed command switch with another switch For information on command-capable switches, refer to the release notes. 28-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950G 24 | Software Configuration Guide - Page 571
port, refer to the switch hardware installation guide. At the switch prompt, enter privileged EXEC mode: Switch> enable Switch# Step 5 Step 6 Enter the password of the failed command switch. Enter global configuration mode. Switch# configure terminal Enter configuration commands, one per line. End - Cisco 2950G 24 | Software Configuration Guide - Page 572
any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. 28-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 573
, Catalyst 2950, Catalyst 3500 XL, Catalyst 2900 XL, Catalyst 2820, and Catalyst 1900 switch) connected to the command switch through a secured port can lose connectivity if the port is disabled because of a security violation. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 574
adjust itself even if the connected port does not autonegotiate. Troubleshooting LRE Port Configuration Table 28-4 lists problems that you might encounter when configuring and monitoring the Long-Reach Ethernet (LRE) ports on the Catalyst 2950 LRE switches. For additional information about what - Cisco 2950G 24 | Software Configuration Guide - Page 575
you are using a non-Cisco approved GBIC module, remove the GBIC from the switch, and replace it with a Cisco-approved module. After inserting a Cisco-approved GBIC or SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time - Cisco 2950G 24 | Software Configuration Guide - Page 576
in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging - Cisco 2950G 24 | Software Configuration Guide - Page 577
Cisco technical support representative by using the show tech-support privileged EXEC command. All crashinfo files are kept in this directory on the Flash file system: flash:/crashinfo/crashinfo_n where n is a sequence number. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 578
end of its filename) by entering the show stacks or the show tech-support privileged EXEC command. You also can access the file by using any command that can copy or display files, such as the more or the copy privileged EXEC command. 28-16 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 579
-MIB • CISCO-MAC-NOTIFICATION-MIB • CISCO-MEMORY-POOL-MIB • CISCO-PAGP-MIB • CISCO-PING-MIB • CISCO-PROCESS-MIB • CISCO-PRODUCTS-MIB • CISCO-SMI • CISCO-STACKMAKER-MIB • CISCO-STP-EXTENSIONS-MIB • CISCO-SYSLOG-MIB • CISCO-TC 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide A-1 - Cisco 2950G 24 | Software Configuration Guide - Page 580
-MIB and the CISCO-IETF-VDSL-LINE-MIB are supported as read-only MIBs cisco.com. Log in with the username anonymous. Enter your e-mail username when prompted for the password. At the ftp> prompt, change directories to /pub/mibs/supportlists. Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 581
XL MIBs. Step 6 Use the get MIB_filename command to obtain a copy of the MIB file. Note You can also access information about MIBs on the Cisco web site: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide A-3 - Cisco 2950G 24 | Software Configuration Guide - Page 582
Using FTP to Access the MIB Files Appendix A Supported MIBs Catalyst 2950 Desktop Switch Software Configuration Guide A-4 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 583
refer to the Catalyst 2950 LRE Command Reference for this release and the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. This appendix consists page B-6 • Displaying the Contents of a File, page B-8 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-1 - Cisco 2950G 24 | Software Configuration Guide - Page 584
system is a locally generated pseudo file system (for example, the system) or a download interface, such as brimux. unknown-The file system is an unknown type. Catalyst 2950 Desktop Switch Software Configuration Guide B-2 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 585
name. Similarly, before copying a Flash configuration file to another location, you might want to verify its filename for use in another command. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-3 - Cisco 2950G 24 | Software Configuration Guide - Page 586
information about each of the files on a file system. Display information about a specific file. Display a list of open file descriptors. File descriptors are the internal semicolons, or colons. Verify your entry. Catalyst 2950 Desktop Switch Software Configuration Guide B-4 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 587
Transfer Protocol (FTP)-ftp:[[//username [:password]@location]/directory]/filename Remote Copy Protocol example, the copy flash: flash: command is invalid) For specific examples of using the copy command with configuration files, see -01 Catalyst 2950 Desktop Switch Software Configuration Guide B-5 - Cisco 2950G 24 | Software Configuration Guide - Page 588
supported: • For the local Flash file system, the syntax is flash: • For the File Transfer Protocol (FTP), the syntax is ftp:[[//username[:password 20.10.30: Switch# archive tar /create tftp:172.20.10.30/saved.tar flash:/new-configs Catalyst 2950 Desktop Switch Software Configuration Guide B-6 78 - Cisco 2950G 24 | Software Configuration Guide - Page 589
For the File Transfer Protocol (FTP), the syntax is ftp:[[//username[:password]@location]/directory]/tar-filename.tar • For the Remote Copy Protocol (RCP), the syntax is rcp:[[//username@location]/directory]/tar-filename.tar 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-7 - Cisco 2950G 24 | Software Configuration Guide - Page 590
to the new switch, you can change the relevant parts rather than recreating the whole file. • To load the same configuration commands on all the switches in your network so that all the switches have similar configurations. Catalyst 2950 Desktop Switch Software Configuration Guide B-8 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 591
configuration command in the file because the password verification will fail. If you enter a password in the configuration file, the switch mistakenly attempts to execute the passwords as commands as it executes the file. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-9 - Cisco 2950G 24 | Software Configuration Guide - Page 592
commands in the existing configuration might not be replaced or negated. In this case, the resulting the Configuration File By Using TFTP" section on page B-12, the "Downloading a Configuration File By Using FTP" section 10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 593
TFTP, page B-12 • Uploading the Configuration File By Using TFTP, page B-12 Preparing to Download the inetd daemon after modifying the /etc/inetd.conf and /etc/services files. To restart the daemon, either stop the inetd process and Catalyst 2950 Desktop Switch Software Configuration Guide B-11 - Cisco 2950G 24 | Software Configuration Guide - Page 594
how to upload a configuration file from a switch to a TFTP server: Switch# copy system:running-config tftp://172.16.2.155/tokyo-confg Write file tokyo-confg on host 172.16.2.155? [confirm] y # Writing tokyo-confg!!! [OK] B-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 595
client to send a remote username and password on each FTP request to a server. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username is stored in 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-13 - Cisco 2950G 24 | Software Configuration Guide - Page 596
on the remote server with an IP address of 172.16.101.101 to the switch startup configuration. Switch# configure terminal Switch(config)# ip ftp username netadmin1 Switch(config)# ip ftp password mypass Switch(config)# end B-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 597
16.101.101: Switch# copy system:running-config ftp://netadmin1:[email protected]/switch2-confg Write file switch2-confg on host 172.16.101.101?[confirm] Building configuration...[OK] Connected to 172.16.101.101 Switch# 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-15 - Cisco 2950G 24 | Software Configuration Guide - Page 598
Switch# configure terminal Switch(config)# ip ftp username netadmin2 Switch(config)# ip ftp password mypass Switch(config)# end Switch be copying files must support RCP. The RCP from the switch to a server, the Cisco IOS software Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 599
the switch through the console port or a Telnet session. Enter global configuration mode. This step is required only if you override the default remote username (see Steps 4 and 5). (Optional) Specify the remote username. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-17 - Cisco 2950G 24 | Software Configuration Guide - Page 600
RCP" section on page B-17. Log into the switch through the console port or a Telnet session. Enter global configuration mode. This step is required only if you override the default remote username (see Steps 4 and 5). B-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 601
Files Step 4 Step 5 Step 6 Command ip rcmd remote-username username end copy system:running-config rcp:[[[//[username@]location]/directory]/filename] or copy nvram: startup configuration file after it has been deleted. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-19 - Cisco 2950G 24 | Software Configuration Guide - Page 602
the switch prompts for confirmation on destructive file operations. For more information about the file prompt command, refer to the Cisco IOS Command Reference for Release 12.1. Caution might have stored in Flash memory. B-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 603
or Cisco.com Software images located on a server or downloaded from Cisco.com are switch • LRE binary files needed for the proper functioning of LRE interfaces and LRE CPE devices • info.ver file The info.ver file is always at the end Catalyst 2950 Desktop Switch Software Configuration Guide B-21 - Cisco 2950G 24 | Software Configuration Guide - Page 604
• Uploading an Image File By Using TFTP, page B-24 Preparing to Download or Upload an Image File By Using daemon after modifying the /etc/inetd.conf and /etc/services files. To restart the daemon, either stop the inetd process Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 605
Using TFTP You can download a new image file and replace the current image or keep the current image. Beginning into the switch through the console port or a Telnet session. Download the image file from the TFTP server to the switch, and Catalyst 2950 Desktop Switch Software Configuration Guide B-23 - Cisco 2950G 24 | Software Configuration Guide - Page 606
must specify the /overwrite option. However, the 2950 LRE only supports one complete set of IOS, HTML, and Log into the switch through the console port or a Telnet session. Upload the currently running switch image to the TFTP 24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 607
client to send a remote username and password on each FTP request to a server. When you copy an image file from the switch to a server by using FTP, the Cisco IOS software sends the first valid as the remote username. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-25 - Cisco 2950G 24 | Software Configuration Guide - Page 608
step is required only if you override the default remote username or password (see Steps 4, 5, and 6). (Optional) Change the default remote username. (Optional) Change the default password. Return to privileged EXEC mode. B-26 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 609
the configuration has been changed and not been saved. • For //username[:password], specify the username and password; these must be associated with an account on the FTP server. For and an error message is displayed. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-27 - Cisco 2950G 24 | Software Configuration Guide - Page 610
Log into the switch through the console port or a password (see Steps 4, 5, and 6). ip ftp username username (Optional) Change the default remote username. ip ftp password password (Optional) Change the default password. end Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 611
will be copying files must support RCP. The RCP copy commands image from the switch to a server by using RCP, the Cisco IOS software sends switch software sends the Telnet username as the remote username. • The switch host name. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 612
and replace or switch through the console port or a Telnet session. Enter global configuration mode. This step is required only if you override the default remote username (see Steps 4 and 5). (Optional) Specify the remote username. B-30 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 613
, and Software Images Working with Software Images Step 5 Step 6 Step 7 Command end archive download-sw /overwrite /reload rcp:[[[//[username@]location]/directory]/image-na me.tar] archive specify the /overwrite option. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-31 - Cisco 2950G 24 | Software Configuration Guide - Page 614
the switch through the console port or a Telnet session. Enter global configuration mode. This step is required only if you override the default remote username (see Steps 4 and 5). (Optional) Specify the remote username. B-32 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982 - Cisco 2950G 24 | Software Configuration Guide - Page 615
5 Step 6 Command end archive upload-sw rcp:[[[//[username@]location]/directory]/image-na me.tar] Purpose Return to privileged EXEC mode. Upload the currently running switch image to the RCP , do not rename image names. 78-14982-01 Catalyst 2950 Desktop Switch Software Configuration Guide B-33 - Cisco 2950G 24 | Software Configuration Guide - Page 616
Working with Software Images Appendix B Working with the IOS File System, Configuration Files, and Software Images B-34 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 - Cisco 2950G 24 | Software Configuration Guide - Page 617
access ports defined 9-2 in switch clusters 6-10 accounting with RADIUS 7-28 with TACACS+ 7-11, 7-17 ACEs defined 25-2 Ethernet 25-2 IP 25-2 Layer 3 parameters 25-10 Layer 4 parameters 25-10 ACLs , applying to 25-6 defined 25-2 Catalyst 2950 Desktop Switch Software Configuration Guide IN-1 - Cisco 2950G 24 | Software Configuration Guide - Page 618
numbers 25-8 protocol parameters 25-10 standard IP configuring for QoS Catalyst 2950 Desktop Switch Software Configuration Guide default ports See EtherChannel aging, accelerating 11-9 aging time accelerated for MSTP 12-20 for STP 11-9, 11-19 MAC address table 7-55 maximum for MSTP 12 - Cisco 2950G 24 | Software Configuration Guide - Page 619
mechanism 4-2 BPDU error-disabled state 13-3 filtering 13-3 RSTP format 12-5 BPDU filtering described 13-3 enabling 13-16 support for 1-4 BPDU guard described 13-3 enabling 13-15 support for 1-4 broadcast storm control configuring 18-1 Catalyst 2950 Desktop Switch Software Configuration Guide IN-3 - Cisco 2950G 24 | Software Configuration Guide - Page 620
14 IN-4 Catalyst 2950 Desktop Switch Software Configuration Guide Cisco Discovery Protocol See CDP Cisco Intelligence Engine 2100 Series Configuration Registrar See IE2100 Cisco IP Phones 1-13 Cisco LRE 48 POTS Splitter (PS-1M-LRE-48) 1-2, 1-16 Cisco Networking Services See IE2100 Cisco SoftPhone - Cisco 2950G 24 | Software Configuration Guide - Page 621
6-5 automatic recovery 6-12 CLI 6-25 host names 6-16 IP addresses 6-15 LRE profiles 6-18 management VLAN 6-18 passwords 6-16 RADIUS 6-17 SNMP 6-16, 6-26 switch-specific features 6-19 TACACS+ 6-17 redundancy 6-22 troubleshooting 6-24 verifying 6-24 See also candidate switch, command switch, cluster - Cisco 2950G 24 | Software Configuration Guide - Page 622
11 defined 6-2 enabling 6-19 passive (PC) 6-12, 6-23 password privilege levels 6-25 priority 6-12 recovery from command-switch failure 6-12 from failure 28-8 from lost member connectivity 28-11 redundant 6-12, 6-22 replacing with another switch 28-10 with cluster member 28-9 requirements 6-3 standby - Cisco 2950G 24 | Software Configuration Guide - Page 623
27-7 IGMP filtering 17-21 IGMP snooping 17-5 initial switch information 4-3 Layer 2 interfaces 9-10 MAC address table 7-55 MVR 17-15 NTP 7-37 optional spanning-tree features 13-14 password and privilege level 7-2 QoS 26-9 RADIUS 7-20 Catalyst 2950 Desktop Switch Software Configuration Guide IN-7 - Cisco 2950G 24 | Software Configuration Guide - Page 624
12-12 SNMP 24-6 SPAN 21-8 STP 11-10 system message logging 23-3 system name and prompt 7-48 TACACS+ 7-13 UDLD 19-3 VLAN, Layer 2 Ethernet interfaces 14-17 VLANs 14-8 VMPS 14-27 voice VLAN 16-2 VTP 15-6 default gateway 4-10 deleting VLANs 14-10 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950G 24 | Software Configuration Guide - Page 625
11 modes 27-4 overview 27-3 silent mode 27-4 support for 1-3 port-channel interfaces described 27-2 numbering of 27-2 port groups 9-3 source MAC address forwarding 27-5 Ethernet VLANs adding 14-8 defaults and ranges 14-8 modifying 14-8 Catalyst 2950 Desktop Switch Software Configuration Guide IN-9 - Cisco 2950G 24 | Software Configuration Guide - Page 626
IN-10 Catalyst 2950 Desktop Switch Software Configuration Guide file 12-20 STP 11-6, 11-19 forwarding See broadcast storm control Front Panel images, CMS 3-7 Front Panel view 3-2 cluster tree 3-6 command switch 3-4, 3-5 described 3-4 pop-up menus 3-21 port icons 3-7 port LEDs 3-8 RPS LED 3-8 switch - Cisco 2950G 24 | Software Configuration Guide - Page 627
fast transition of redundant link 13-5 See also GBICs global configuration mode 2-2 graphs, bandwidth 3-8 guide audience xxv ogranization of xxvi purpose xxv guidelines, CPE Ethernet links 10-7 guide mode 3-25 H HC (candidate switch) 6-23 hello time MSTP 12-19 STP 11-19 help, for the command line - Cisco 2950G 24 | Software Configuration Guide - Page 628
-6 Immediate-Leave, IGMP 17-4 ingress port scheduling 26-8 Integrated Services Digital Network See ISDN Intelligence Engine 2100 Series CNS Agents See IE2100 interaction modes, CMS 3-25 IN-12 Catalyst 2950 Desktop Switch Software Configuration Guide interface number 9-4 range macros 9-8 interface - Cisco 2950G 24 | Software Configuration Guide - Page 629
login authentication with RADIUS 7-23 with TACACS+ 7-14 login banners 7-51 log messages See system message logging loop guard described 13-13 enabling 13-20 support for 1-5 LRE environment 10-6 Catalyst 2950 Desktop Switch Software Configuration Guide IN-13 - Cisco 2950G 24 | Software Configuration Guide - Page 630
-8 rate selection 10-10 sequences 10-4 troubleshooting 28-12 LRE profiles assigning global profiles 10-9 port sequences 10-10 private profiles 10-9 public profiles 10-8 considerations 10-7 described 10-2 rate selection 10-10 IN-14 Catalyst 2950 Desktop Switch Software Configuration Guide table of - Cisco 2950G 24 | Software Configuration Guide - Page 631
traffic for analysis with probe 21-1 port protection 18-12 speed and duplex mode 9-13 traffic flowing among switches 22-1 traffic suppression 18-12 VLANs 14-14 VMPS 14-31 VTP 15-16 MSTP boundary ports configuration guidelines 12-12 Catalyst 2950 Desktop Switch Software Configuration Guide IN-15 - Cisco 2950G 24 | Software Configuration Guide - Page 632
defined 12-8 master 12-8 IN-16 Catalyst 2950 Desktop Switch Software Configuration Guide operations within a region 12-8 loop guard described 13-13 enabling 13-20 mapping VLANs to MST instance 12-13 MST region CIST 12-8 configuring 12-13 described 12-7 hop-count mechanism 12-10 IST 12-8 supported - Cisco 2950G 24 | Software Configuration Guide - Page 633
7-42 stratum 7-35 synchronizing devices 7-38 time services 7-35 synchronizing 7-34 O OK button 3-30 online help 3-26 out-of-profile markdown 1-6 overheating indication, switch 3-6 P PAgP See EtherChannel pass-through mode 26-15 Catalyst 2950 Desktop Switch Software Configuration Guide IN-17 - Cisco 2950G 24 | Software Configuration Guide - Page 634
26-28 IN-18 Catalyst 2950 Desktop Switch Software Configuration Guide POP 1-18 Port Aggregation Protocol See EtherChannel See PAgP port-based authentication authentication server defined 8-2 RADIUS server 8-2 client, defined 8-2 configuration guidelines 8-7 configuring manual re-authentication of - Cisco 2950G 24 | Software Configuration Guide - Page 635
private branch exchange See PBX private LRE profiles assigning 10-9 private VLAN edge ports see protected ports privileged EXEC mode 2-2 privilege levels access modes read-only 3-31 read-write 3-31 changing the default for lines 7-9 Catalyst 2950 Desktop Switch Software Configuration Guide IN-19 - Cisco 2950G 24 | Software Configuration Guide - Page 636
15-14 PSTN 1-2, 1-14, 1-16 publications, related xxix public LRE profiles assigning 10-8 Public Switched Telephone Network See PSTN PVST 14-2 IN-20 Catalyst 2950 Desktop Switch Software Configuration Guide Q QoS basic model 26-3 classification class maps, described 26-6 defined 26-3 in frames - Cisco 2950G 24 | Software Configuration Guide - Page 637
26-28 queueing, defined 26-4 scheduling, defined 26-4 support for 1-6 trusted bounday 26-13 trust states 26-4 understanding 26-2 qualification, link 10-12 quality of service See QoS queries, IGMP 17-3 R RADIUS attributes vendor-proprietary 7-30 vendor-specific 7-29 configuring 78-14982-01 Index - Cisco 2950G 24 | Software Configuration Guide - Page 638
19-5 restricting access NTP services 7-40 overview 7-1 passwords and privilege levels 7-2 RADIUS 7-18 TACACS+ 7-10 retry count, VMPS, changing 14-30 RFC 1112, IP multicast and IGMP 17-2 1157, SNMPv1 24-2 1305, NTP 7-34 IN-22 Catalyst 2950 Desktop Switch Software Configuration Guide 1757, RMON 22 - Cisco 2950G 24 | Software Configuration Guide - Page 639
global assigning 10-9 specific port assigning 10-10 server mode, VTP 15-3 servers, BOOTP 1-3 service-provider network, MSTP and RSTP 12-1 set-request operation 24-4 settings duplex mode 10-7 speed 10-7 set-top box, television 1-16 setup program, failed command switch replacement 28-9, 28-10 severity - Cisco 2950G 24 | Software Configuration Guide - Page 640
informs 24-5 enabling 24-10 enabling MAC address notification 7-56 overview 24-1, 24-4 types of 24-10 users 24-8 IN-24 Catalyst 2950 Desktop Switch Software Configuration Guide versions supported 24-2 snooping, IGMP 17-1 SNR definition of 10-12 downstream rate requirements 10-12 margins 10-12 - Cisco 2950G 24 | Software Configuration Guide - Page 641
-delay time 11-19 hello time 11-19 in cascaded stack 11-20 maximum aging time 11-20 path cost 11-16 port priority 11-15, 12-17 root switch 11-12 secondary root switch 11-14 switch priority 11-18 cross-stack UplinkFast described 13-5 Catalyst 2950 Desktop Switch Software Configuration Guide IN-25 - Cisco 2950G 24 | Software Configuration Guide - Page 642
14-23, 14-24 Port Fast described 13-2 enabling 13-14 port priorities 14-22 preventing root switch selection 13-12 IN-26 Catalyst 2950 Desktop Switch Software Configuration Guide redundant connectivity 11-8 root guard described 13-12 enabling 13-19 root port, defined 11-3 root switch affects of - Cisco 2950G 24 | Software Configuration Guide - Page 643
a password 7-6 TFTP configuration files downloading B-12 preparing the server B-11 uploading B-12 configuration files in base directory 4-6 configuring for autoconfiguration 4-5 image files deleting B-24 downloading B-23 preparing the server B-22 uploading B-24 Catalyst 2950 Desktop Switch Software - Cisco 2950G 24 | Software Configuration Guide - Page 644
7-56, 24-10 notification types 24-10 overview 24-1, 24-4 IN-28 Catalyst 2950 Desktop Switch Software Configuration Guide troubleshooting detecting unidirectional links 19-1 displaying crash information 28-15 GBIC security and identification 28-13 LRE ports 28-12 statistics 28-1 CPE Ethernet links - Cisco 2950G 24 | Software Configuration Guide - Page 645
resetting an interface 19-5 status, displaying 19-6 unauthorized ports with 802.1X 8-4 UniDirectional Link Detection protocol See UDLD UNIX syslog servers daemon configuration 23-11 facilities supported 23-12 , normal-range VLANs 14-5 Catalyst 2950 Desktop Switch Software Configuration Guide IN-29 - Cisco 2950G 24 | Software Configuration Guide - Page 646
guidelines 14-28 default configuration 14-27 description 14-24 dynamic port membership described 14-25 reconfirming 14-30 troubleshooting 14-31 entering server address 14-28 IN-30 Catalyst 2950 Desktop Switch Software Configuration Guide mapping MAC addresses to VLANs 14-25 monitoring 14 - Cisco 2950G 24 | Software Configuration Guide - Page 647
overview 15-4 W warnings xxviii web-based management software See CMS 78-14982-01 Index Weighted Round Robin See WRR window components, CMS 3-28 wizards 3-26 WRR configuring 26-27 defining 26-8 description 26-8 X XMODEM protocol 28-6 Catalyst 2950 Desktop Switch Software Configuration Guide IN-31 - Cisco 2950G 24 | Software Configuration Guide - Page 648
Index IN-32 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
-
625
-
626
-
627
-
628
-
629
-
630
-
631
-
632
-
633
-
634
-
635
-
636
-
637
-
638
-
639
-
640
-
641
-
642
-
643
-
644
-
645
-
646
-
647
-
648
 |
 |
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Catalyst 2950 Desktop Switch Software
Configuration Guide
Cisco IOS Release 12.1(11)EA1 and 12.1(11)YJ
November 2002
Customer Order Number: DOC-7814982=
Text Part Number: 78-14982-01