Cisco WS-2960-24LC-S Software Guide
Cisco WS-2960-24LC-S - Catalyst Switch Manual
 |
UPC - 882658286469
View all Cisco WS-2960-24LC-S manuals
Add to My Manuals
Save this manual to your list of manuals |
Cisco WS-2960-24LC-S manual content summary:
- Cisco WS-2960-24LC-S | Software Guide - Page 1
Catalyst 2960 Switch Software Configuration Guide Cisco IOS Release 12.2(40)SE Revised September 2007 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 2
Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise - Cisco WS-2960-24LC-S | Software Guide - Page 3
Obtaining Support, and Security Guidelines xxxii Overview 1-1 Features 1-1 Ease-of-Deployment and Ease-of-Use Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability Features 1-4 Availability and Redundancy Features 1-6 VLAN Features 1-7 Security Features 1-7 QoS and CoS Features - Cisco WS-2960-24LC-S | Software Guide - Page 4
3-12 Booting Manually 3-13 Booting a Specific Software Image 3-14 Controlling Environment Variables 3-14 Scheduling a Reload of the Software Image 3-16 Configuring a Scheduled Reload 3-16 Displaying Scheduled Reload Information 3-17 Catalyst 2960 Switch Software Configuration Guide iv OL-8603 - Cisco WS-2960-24LC-S | Software Guide - Page 5
Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event Service 4-3 Cisco IOS Agents 4-5 Initial Configuration 4-5 Incremental (Partial) Configuration 4-6 Synchronized Configuration 4-6 Configuring Cisco IOS Newly Installed Switches - Cisco WS-2960-24LC-S | Software Guide - Page 6
5-13 SNMP Community Strings 5-13 TACACS+ and RADIUS 5-14 LRE Profiles 5-14 Using the CLI to Manage Switch Clusters 5-14 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-14 Using SNMP to Manage Switch Clusters 5-15 6 C H A P T E R Administering the Switch 6-1 Managing the System Time and Date - Cisco WS-2960-24LC-S | Software Guide - Page 7
MAC Addresses and VLANs 6-20 Default MAC Address Table Configuration 6-21 Changing the Address Aging Time 6-21 Removing Dynamic Address Entries 6-22 Configuring MAC Address Notification Traps 6-22 Adding and Access and Network Services 8-16 Catalyst 2960 Switch Software Configuration Guide vii - Cisco WS-2960-24LC-S | Software Guide - Page 8
the Switch to Use Vendor-Specific RADIUS Attributes 8-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-31 Displaying the RADIUS Configuration Copy Protocol 8-43 Information About Secure Copy 8-44 Catalyst 2960 Switch Software Configuration Guide viii OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 9
Release 9-22 Configuring IEEE 802.1x Authentication 9-22 Configuring the Switch-to-RADIUS-Server Communication 9-24 Configuring the Host Mode 9-25 Configuring Periodic Re-Authentication 9-25 Manually Re-Authenticating a Client Connected to a Port 9-26 Changing the Quiet Period 9-26 Changing the - Cisco WS-2960-24LC-S | Software Guide - Page 10
the Inaccessible Authentication Bypass Feature 9-33 Configuring IEEE -14 Configuring Auto-MDIX on an Interface 10-15 Adding a Description for an Interface 10-16 Configuring the System MTU 10-16 11-1 Understanding Smartports Macros 11-1 Catalyst 2960 Switch Software Configuration Guide x OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 11
Applying Cisco-Default Smartports Macros 11-6 Displaying Smartports Macros 11-8 Configuring VLANs 12-1 Understanding VLANs 12-1 Supported VLANs Configuring an Ethernet Interface as a Trunk Port 12-16 Interaction with Other Features 12-16 Configuring a Trunk Port 12-17 Defining the Allowed VLANs on - Cisco WS-2960-24LC-S | Software Guide - Page 12
Interval 12-27 Changing the Retry Count 12-28 Monitoring the VMPS 12-28 Troubleshooting Dynamic-Access Port VLAN Membership 12-29 VMPS Configuration Example 12-29 Configuring VTP VTP Version 2 13-13 Enabling VTP Pruning 13-14 Catalyst 2960 Switch Software Configuration Guide xii OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 13
Cisco IP Phone Voice Traffic 14-2 Cisco Cisco 7960 IP Phone 14-4 Configuring Cisco IP Phone Voice Traffic 14-4 Configuring the Priority of Incoming Data Frames 14-6 Displaying Voice VLAN 14-6 Configuring STP 15-1 Understanding Spanning-Tree Features -9 Supported Spanning -Tree Features 15- - Cisco WS-2960-24LC-S | Software Guide - Page 14
15-20 Configuring the Hello Time 15-20 Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN 15-21 Inferior BPDU Information 16-13 Topology Changes 16-13 Configuring MSTP Features 16-14 Default MSTP Configuration 16-14 MSTP Configuration Guidelines - Cisco WS-2960-24LC-S | Software Guide - Page 15
-Aging Time 16-23 Configuring the Maximum-Hop Count 16-24 Specifying the Link Type to Ensure Rapid Transitions 16-24 Designating the Neighbor Type 16-25 Restarting the Protocol Migration Process 16-25 Displaying the MST Configuration and Status 16-26 Configuring Optional Spanning-Tree Features 17 - Cisco WS-2960-24LC-S | Software Guide - Page 16
Timer 18-11 Configuring TCN-Related Commands 18-12 Controlling the Multicast Flooding Time After a TCN Event 18-12 Recovering from Flood Mode 18-12 Disabling 19-1 Configuring Storm Control 19-1 Understanding Storm Control 19-1 Catalyst 2960 Switch Software Configuration Guide xvi OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 17
Configuration 21-3 Configuring LLDP Characteristics 21-4 Disabling and Enabling LLDP Globally 21-5 Disabling and Enabling LLDP on an Interface 21-5 Configuring LLDP-MED TLVs 21-6 Catalyst 2960 Switch Software Configuration Guide xvii - Cisco WS-2960-24LC-S | Software Guide - Page 18
Filtering 23-6 Destination Port 23-6 RSPAN VLAN 23-7 SPAN and RSPAN Interaction with Other Features 23-8 Configuring SPAN and RSPAN 23-9 Default SPAN and RSPAN Configuration 23-9 Configuring an RSPAN Destination Session 23-19 xviii Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 19
Destination Device 25-5 Synchronizing Log Messages 25-6 Enabling and Disabling Time Stamps on Log Messages 25-7 Enabling and Disabling Sequence Numbers SNMP Agent Functions 26-4 SNMP Community Strings 26-4 Using SNMP to Access MIB Variables 26-4 Catalyst 2960 Switch Software Configuration Guide xix - Cisco WS-2960-24LC-S | Software Guide - Page 20
Community Cisco IOS IP SLAs Operations 27-1 Understanding Cisco IOS IP SLAs 27-1 Using Cisco IOS IP SLAs to Measure Network Performance 27-2 IP SLAs Responder and IP SLAs Control Protocol 27-3 Response Time Scheduling Overview 28-12 Weighted Tail Drop 28-12 SRR - Cisco WS-2960-24LC-S | Software Guide - Page 21
Ingress Queue and Setting WTD Thresholds 28-58 Allocating Buffer Space Between the Ingress Queues 28-59 Allocating Bandwidth Between the Ingress Queues 28-60 Catalyst 2960 Switch Software Configuration Guide xxi - Cisco WS-2960-24LC-S | Software Guide - Page 22
-65 Configuring SRR Shaped Weights on Egress Queues 28-66 Configuring SRR Shared Weights on Egress Queues 28- -1 Understanding IPv6 29-1 IPv6 Addresses 29-2 Supported IPv6 Unicast Routing Features 29-3 128-Bit Wide Unicast Addresses 29 Catalyst 2960 Switch Software Configuration Guide xxii OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 23
Modes 31-4 PAgP Interaction with Other Features 31-5 Link Aggregation Control Protocol 31-5 LACP Modes 31-5 LACP Interaction with Other Features 31-6 EtherChannel On Mode 31-6 Load Tracking 31-20 Displaying Link-State Tracking Status 31-21 Catalyst 2960 Switch Software Configuration Guide xxiii - Cisco WS-2960-24LC-S | Software Guide - Page 24
Results 32-18 Using Debug Commands 32-18 Enabling Debugging on a Specific Feature 32-18 Enabling All-System Diagnostics 32-19 Redirecting Debug and Error Message Supported MIBs A-1 MIB List A-1 Using FTP to Access the MIB Files A-3 xxiv Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 25
I X Working with the Cisco IOS File System, Configuration Files, Replacement and Rollback B-19 Configuration Guidelines B-21 Configuring the Configuration Archive B-21 Performing a Configuration Replacement or Rollback Operation B-22 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 26
a Catalyst 2950 Switch to a Catalyst 2960 Switch C-1 Configuration Compatibility Issues C-1 Feature Behavior Incompatibilities C-5 Unsupported Commands in Cisco IOS Release Commands D-3 Unsupported Global Configuration Commands D-3 xxvi Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 27
Interface Configuration Command D-6 VLAN D-6 Unsupported Global Configuration Command D-6 Unsupported vlan-config Command D-6 Unsupported User EXEC Commands D-6 VTP D-6 Unsupported Privileged EXEC Commands D-6 Contents OL-8603-04 Catalyst 2960 Switch Software Configuration Guide xxvii - Cisco WS-2960-24LC-S | Software Guide - Page 28
Contents xxviii Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 29
the information that you need to configure Cisco IOS software features on your switch. The Catalyst 2960 software provides enterprise-class intelligent services such as access control lists (ACLs) and quality of service (QoS) features. This guide provides procedures for using the commands that - Cisco WS-2960-24LC-S | Software Guide - Page 30
Preface Conventions This publication uses these conventions to convey instructions and information: Command descriptions use these conventions: • Commands and keywords are in boldface text. • Arguments for which you supply values are in italic. • Square brackets ([ ]) mean optional elements - Cisco WS-2960-24LC-S | Software Guide - Page 31
number DOC-7810372=) • Cisco RPS 675 Redundant Power System Hardware Installation Guide (order number DOC-7815201=) • Cisco Redundant Power System 2300 Hardware Installation Guide (order number DOC-7817647=) • For more information about the Network Admission Control (NAC) features, see the Network - Cisco WS-2960-24LC-S | Software Guide - Page 32
aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html xxxii Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 33
described in this chapter are available only on the cryptographic (supports encryption) version of the software. You must obtain authorization to use this feature and to download the cryptographic version of the software from Cisco.com. For more information, see the release notes for this release - Cisco WS-2960-24LC-S | Software Guide - Page 34
guide. • User-defined and Cisco specific tasks. - Interactive guide mode that guides you in configuring complex features such as VLANs, ACLs, and quality of service time, such as VLAN and QoS settings, inventory and statistic reports, link- and switch-level monitoring and troubleshooting (SFP) - Cisco WS-2960-24LC-S | Software Guide - Page 35
support for user-selected features • Cisco IOS IP Service Level Agreements (SLAs), a part of Cisco IOS software that uses active traffic monitoring for measuring network performance Support for Cisco IOS IP Service the getting started guide. For more information about the device manager, see the switch online - Cisco WS-2960-24LC-S | Software Guide - Page 36
single switch, a cluster of switches, or a community of devices. For more information about Network Assistant, see Getting Started with Cisco Network Assistant, available on Cisco.com. • CLI-The Cisco IOS software supports desktop- and multilayer-switching features. You can access the CLI either by - Cisco WS-2960-24LC-S | Software Guide - Page 37
switch configuration or switch image files (requires the cryptographic version of the software) • Configuration replacement and rollback to replace the running configuration on a switch with any saved Cisco IOS configuration file OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-5 - Cisco WS-2960-24LC-S | Software Guide - Page 38
for redundant backbone connections and loop-free networks. STP has these features: - Up to 128 spanning-tree instances supported - Per-VLAN spanning-tree plus (PVST+) for load balancing an alternative to STP for basic link redundancy Catalyst 2960 Switch Software Configuration Guide 1-6 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 39
link on another Cisco Ethernet switch. • RPS support through the Cisco RPS 300 and Cisco RPS 675 for enhancing power reliability VLAN Features These are the VLAN features: • Support for up to stations allowed to access the port OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-7 - Cisco WS-2960-24LC-S | Software Guide - Page 40
Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption, and message integrity and HTTP client authentication to allow secure HTTP communications (requires the cryptographic version of the software) Catalyst 2960 Switch Software Configuration Guide 1-8 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 41
features by classifying traffic and configuring egress queues • Classification - IP type-of-service/Differentiated Services should be allocated to a specific traffic flow - In Cisco IOS Release 12.2(25)SED priority queue) - Weighted tail drop (WTD Catalyst 2960 Switch Software Configuration Guide 1-9 - Cisco WS-2960-24LC-S | Software Guide - Page 42
DHCP Features and IP Source Guard." • Switch cluster is disabled. For more information about switch clusters, see Chapter 5, "Clustering Switches," and the Getting Started with Cisco Network Assistant, available on Cisco.com. 1-10 Catalyst 2960 Switch Software Configuration Guide OL-8603 - Cisco WS-2960-24LC-S | Software Guide - Page 43
features are disabled. For more information, see Chapter 17, "Configuring Optional Spanning-Tree Features ." • Flex Links are not configured. For more information, see Chapter 21, "Configuring Flex Links and the MAC Address-Table Move Update Feature , "Configuring DHCP Features and IP Source - Cisco WS-2960-24LC-S | Software Guide - Page 44
information, see Chapter 18, "Configuring IGMP Snooping and MVR." • The IGMP snooping querier feature is disabled. For more information, see Chapter 18, "Configuring IGMP Snooping and MVR." • the network applications that they use. 1-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 45
and its connected workstations. • Increased power of new PCs, workstations, and servers high-speed segment. • Use the EtherChannel feature between the switch and its connected servers providing network services that can support applications for Catalyst 2960 Switch Software Configuration Guide 1-13 - Cisco WS-2960-24LC-S | Software Guide - Page 46
the documentation sets specific to these switches for LRE information. You can use the switches to create the following: • Cost-effective Gigabit-to-the-desktop for high-performance workgroups (Figure 1-1)-For high-speed access to network resources, you can use the Cisco Catalyst 2960 switches in - Cisco WS-2960-24LC-S | Software Guide - Page 47
Cisco 2600 router Access-layer Catalyst features on SFP module uplinks from the switches provides redundant uplinks to the network core. Using SFP modules provides flexibility in media and distance options through fiber-optic connections. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 48
telephony and IP networks, and the IP network supports both voice and data. The routers also provide firewall services, Network Address Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access. 1-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 49
cable. The CWDM OADM modules on the receiving end separate (or demultiplex) the different wavelengths. For more information about the CWDM SFP modules and CWDM OADM modules, see the Cisco CWDM GBIC and CWDM SFP Installation Note. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-17 - Cisco WS-2960-24LC-S | Software Guide - Page 50
the switch, review these sections for startup information: • Chapter 2, "Using the Command-Line Interface" • Chapter 3, "Assigning the Switch IP Address and Default Gateway" 95750 1-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 51
Using Editing Features, page 2-7 • Searching and Filtering Output of show and more Commands, page 2-10 • Accessing the CLI, page 2-10 Understanding Command Modes The Cisco IOS user interface is mode and line configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 2-1 - Cisco WS-2960-24LC-S | Software Guide - Page 52
a password to protect access to this mode. To exit to privileged EXEC mode, enter exit or end, or press Ctrl-Z. Use this mode to configure parameters that apply to the entire switch. To for VLANs 1 to 1005 in the VLAN database. Catalyst 2960 Switch Software Configuration Guide 2-2 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 53
interface command (with a specific interface). Switch(config-if)# privileged EXEC mode, press Ctrl-Z or enter end. Use this mode to configure parameters for command-entry Purpose Obtain a brief description of the help system in any command Catalyst 2960 Switch Software Configuration Guide 2-3 - Cisco WS-2960-24LC-S | Software Guide - Page 54
. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default. Configuration commands can also have a default form command and sets variables to their default values. Catalyst 2960 Switch Software Configuration Guide 2-4 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 55
Using Configuration Logging Beginning with Cisco IOS Release 12.2(25)SED, use the Configuration Change Logging and Notification feature to track changes on a per- time that the command was entered, and the parser return code for the command. This feature feature module at this URL: http://www.cisco. - Cisco WS-2960-24LC-S | Software Guide - Page 56
2-6 (optional) • Recalling Commands, page 2-6 (optional) • Disabling the Command History Feature, page 2-7 (optional) Changing the Command History Buffer Size By default, the switch on ANSI-compatible terminals such as VT100s. Catalyst 2960 Switch Software Configuration Guide 2-6 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 57
optional) Enabling and Disabling Editing Features Although enhanced editing mode is automatically enabled, you can disable it, re-enable it, or configure a specific line to have enhanced editing. back one character. left arrow key. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 2-7 - Cisco WS-2960-24LC-S | Software Guide - Page 58
Using Editing Features Chapter 2 word at the cursor to lowercase. Press Esc U. Capitalize letters from the cursor to the end of the word. Designate a particular keystroke as Press Ctrl-V or Esc Q. an executable command, perhaps as a shortcut. Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 59
Features Wrap You can use a wraparound feature for commands that extend beyond When the cursor first reaches the end of the line, the line to the left. Each time the cursor reaches the end of the line, the dollar sign ($) appears at the end of the line to show that command history feature to recall - Cisco WS-2960-24LC-S | Software Guide - Page 60
port and power on the switch, as described in the getting started guide that the switch getting started guide or hardware installation guide. • Use any Telnet section on page 8-6. The switch supports up to 16 simultaneous Telnet on page 8-33. The switch supports up to five simultaneous secure SSH - Cisco WS-2960-24LC-S | Software Guide - Page 61
and manual methods. It also describes how to modify the switch startup configuration. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services from - Cisco WS-2960-24LC-S | Software Guide - Page 62
power-on. The boot loader also provides trap-door access into the system if the operating system has problems , see the hardware installation guide. Use a DHCP manually configure the switch. Otherwise, use the setup program described previously. Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 63
Manually Assigning IP Information, page 3-10 Default Switch Information Table 3-1 shows the default switch information. Table 3-1 Default Switch Information Feature replaces the BOOTP client functionality on your switch. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 64
present and the configuration includes the ip address dhcp interface configuration command on specific routed interfaces, the DHCP client is invoked and requests the IP address TFTP requests to obtain the switch configuration file. Catalyst 2960 Switch Software Configuration Guide 3-4 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 65
Addressing and Services" section of the Cisco IOS IP Configuration Guide from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides. DHCP Server options does not affect autoconfiguration. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-5 - Cisco WS-2960-24LC-S | Software Guide - Page 66
must configure this relay device to forward received broadcast packets on an interface to the destination host. If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration - Cisco WS-2960-24LC-S | Software Guide - Page 67
helper-address 10.0.0.1 Figure 3-2 Relay Device Used in Autoconfiguration Switch (DHCP client) Cisco router (Relay) 10.0.0.1 10.0.0.2 20.0.0.1 20.0.0.2 20.0.0.3 20.0.0.4 49068 DHCP the switch reads the cisconet.cfg file.) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-7 - Cisco WS-2960-24LC-S | Software Guide - Page 68
3 Switch 4 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 111394 DHCP server DNS server TFTP server 24 255.255.255.0 10.0.0.10 10.0.0.2 tftpserver or 10.0.0.3 Catalyst 2960 Switch Software Configuration Guide 3-8 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 69
example, it reads switch1-confg from the TFTP server. Switches B through D retrieve their configuration files and IP addresses in the same way. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-9 - Cisco WS-2960-24LC-S | Software Guide - Page 70
# show running-config Building configuration... Current configuration: 1363 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch A ! 3-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 71
Manually, page 3-13 • Booting a Specific Software Image, page 3-14 • Controlling Environment Variables, page 3-14 See also Appendix B, "Working with the Cisco IOS File System, Configuration Files, and Software Images," for information about switch configuration files. OL-8603-04 Catalyst 2960 - Cisco WS-2960-24LC-S | Software Guide - Page 72
feature. For more information, see the "Understanding DHCP-Based Autoconfiguration" section on page 3-3. Specifying the Filename to Read and Write the System Configuration By default, the Cisco IOS :/file-url Step 3 end Step 4 show boot Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 73
terminal boot manual end show boot Step 5 copy running-config startup-config Purpose Enter global configuration mode. Enable the switch to manually boot up disable manual booting, use the no boot manual global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3- - Cisco WS-2960-24LC-S | Software Guide - Page 74
1 Step 2 Step 3 Step 4 Step 5 Command configure terminal boot system filesystem:/file-url end show boot copy running-config startup-config Purpose Enter global configuration mode. Configure the switch to boot a specific image in flash memory during the next boot cycle. • For filesystem:, use flash - Cisco WS-2960-24LC-S | Software Guide - Page 75
, you must manually boot up the switch from the boot loader mode. Enables manually booting up the Cisco IOS uses to read and write a nonvolatile copy of the system configuration. This command changes the CONFIG_FILE environment variable. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 76
system clock has been set (through Network Time Protocol (NTP), the hardware calendar, or manually). The time is relative to the configured time zone on the switch. To schedule hours and 25 minutes) Proceed with reload? [confirm] 3-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 77
This example shows how to reload the software on the switch at a future time: Switch# reload at 02:00 jun 20 Reload scheduled for 02:00:00 the show reload privileged EXEC command. It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if - Cisco WS-2960-24LC-S | Software Guide - Page 78
Scheduling a Reload of the Software Image Chapter 3 Assigning the Switch IP Address and Default Gateway 3-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 79
, the Configuration Engine supports an embedded Directory Service. In this mode, no external directory or other data store is required. In server mode, the Configuration Engine supports the use of a user-defined external directory. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 4-1 - Cisco WS-2960-24LC-S | Software Guide - Page 80
Service when they start up on the network for the first time. The Configuration Service uses the CNS Event Service that reference the device-specific configuration information stored in a directory. The Cisco IOS agent can perform a Catalyst 2960 Switch Software Configuration Guide 4-2 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 81
subject-name strings to those known by Cisco IOS. For a subscriber, when given a unique device ID and event, the namespace mapping service returns a set of events to Configuration Engine. The ConfigID is fixed at startup time and cannot be changed until the device restarts, even if the switch - Cisco WS-2960-24LC-S | Software Guide - Page 82
Cisco IOS CNS Agents DeviceID Each configured switch participating on the event bus has a unique DeviceID, which is analogous to the switch source address so that the switch can be targeted as a specific the DeviceID value to the Cisco IOS hostname each time this connection is established. The - Cisco WS-2960-24LC-S | Software Guide - Page 83
Cisco IOS CNS Agents Understanding Cisco IOS Agents Understanding Cisco IOS Agents The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and works with the Cisco IOS agent. The Cisco IOS agent feature supports the switch by providing these features - Cisco WS-2960-24LC-S | Software Guide - Page 84
" section on page 4-6. If you want to change the configuration or install a custom configuration, see these sections for instructions: • Enabling the CNS Event Agent, page 4-8 • Enabling the Cisco IOS CNS Agent, page 4-9 Enabling Automated CNS Configuration To enable automated CNS configuration - Cisco WS-2960-24LC-S | Software Guide - Page 85
Cisco IOS CNS Agents Configuring Cisco IOS to communicate with the Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux at this URL: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_ guide_book09186a00803b59db.html OL-8603-04 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 86
Cisco IOS Agents Chapter 4 Configuring Cisco IOS seconds retry-count] [source ip-address] end show cns event connections show running-config the encrypt and force-fmt1 keywords are not supported. Return to privileged EXEC mode. Verify Catalyst 2960 Switch Software Configuration Guide 4-8 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 87
Cisco IOS CNS Agents Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS event agent, start the Cisco IOS CNS agent on the switch. You can enable the Cisco IOS agent with these commands: • The cns config initial global configuration command enables the Cisco IOS - Cisco WS-2960-24LC-S | Software Guide - Page 88
[no-persist] [page page] [source ip-address] [syntax-check] Enable the Cisco IOS agent, and initiate an initial configuration. • For {ip-address | hostname}, enter the is not supported. end Return to privileged EXEC mode. 4-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 89
Cisco IOS the Cisco IOS agent and to initiate a partial configuration on the switch: Step 1 Step 2 Command configure terminal cns config partial {ip-address | hostname} [port-number] [source ip-address] Step 3 Step 4 Step 5 Step 6 end is not supported. Return to the Cisco IOS agent, - Cisco WS-2960-24LC-S | Software Guide - Page 90
Chapter 4 Configuring Cisco IOS CNS Agents Displaying event subject Purpose Displays the status of the CNS Cisco IOS agent connections. Displays information about incremental (partial) CNS are not yet completed. Displays statistics about the Cisco IOS agent. Displays the status of the CNS event - Cisco WS-2960-24LC-S | Software Guide - Page 91
for clusters mixed with other cluster-capable Catalyst switches, but it does not provide complete descriptions of the cluster features for these other switches. For complete cluster information for a specific Catalyst platform, refer to the software configuration guide for that switch. This chapter - Cisco WS-2960-24LC-S | Software Guide - Page 92
and Cluster Capability Switch Catalyst 3750 Catalyst 3560 Catalyst 3550 Catalyst 2970 Catalyst 2960 Catalyst 2955 Catalyst 2950 Catalyst 2950 LRE Catalyst 2940 Catalyst 3500 XL Catalyst 2900 XL (8-MB switches) Catalyst 2900 XL (4-MB switches) Catalyst 1900 and 2820 Cisco IOS Release 12.1(11)AX - Cisco WS-2960-24LC-S | Software Guide - Page 93
Characteristics A standby cluster command switch must meet these requirements: • It is running Cisco IOS 12.2(25)FX or later. • It has an IP address. • It has is a Catalyst switch, the standby cluster command switches must also be Catalyst switches. Refer to the switch configuration guide of other - Cisco WS-2960-24LC-S | Software Guide - Page 94
guide for that specific switch. This requirement does not apply if you have a Catalyst 2970, Catalyst 3550, Catalyst 3560, or Catalyst • Hostnames, page 5-12 • Passwords, page 5-13 • SNMP Community Strings, page 5-13 • TACACS+ and RADIUS, page 5-14 command switch uses Cisco Discovery Protocol (CDP - Cisco WS-2960-24LC-S | Software Guide - Page 95
VLANs, page 5-6 • Discovery Through Different Management VLANs, page 5-7 • Discovery of Newly Installed Switches, page 5-8 Discovery Through CDP Hops By using CDP, a cluster command switch can devices Device 14 Device 15 101321 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-5 - Cisco WS-2960-24LC-S | Software Guide - Page 96
Cisco device. Figure 5-2 shows that the cluster command switch discovers the switch that is connected to a third-party hub. However, the cluster command switch does not discover the switch that is connected to a Catalyst VLANs." Catalyst 2960 Switch Software Configuration Guide 5-6 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 97
VLAN is VLAN 1. Note If the switch cluster has a Catalyst 3750 switch or switch stack, that switch or switch stack must be the cluster command switch. The cluster command switch extend beyond a noncandidate device, which is switch 7 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-7 - Cisco WS-2960-24LC-S | Software Guide - Page 98
62) Device 8 (management VLAN 9) VLAN 4 Device 10 (management VLAN 4) 101323 Discovery of Newly Installed Switches To join a cluster, the new, out-of-the-box switch must be connected to the port are assigned to management VLAN 16. Catalyst 2960 Switch Software Configuration Guide 5-8 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 99
the forwarding of all communication and configuration information to all time interval should be greater than or equal to three times the hello time interval. The default HSRP standby hold time interval is 10 seconds. The default HSRP standby hello time interval is 3 seconds. OL-8603-04 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 100
to the cluster standby group. This information must be configured on a specific VLAN or routed port on the active cluster command switch. The active cluster a Catalyst 2960 switch, the standby cluster command switches must also be Catalyst 2960 switches. Refer to the switch configuration guide of - Cisco WS-2960-24LC-S | Software Guide - Page 101
at least one VLAN in common with the switch cluster. Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL cluster member switches must be connected to the the active cluster command switch fails. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-11 - Cisco WS-2960-24LC-S | Software Guide - Page 102
Catalyst 3550, Catalyst 3560, and Catalyst 3750 command and standby cluster command switches: If the active cluster command switch and standby cluster command switch become disabled at the same time A cluster member switch is managed and communicates with other cluster member switches through the - Cisco WS-2960-24LC-S | Software Guide - Page 103
support an unlimited number of community strings and string lengths. For more information about SNMP and community strings, see Chapter 26, "Configuring SNMP." For SNMP considerations specific to the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides - Cisco WS-2960-24LC-S | Software Guide - Page 104
Cisco IOS commands then operate as usual. For instructions on configuring the switch for a Telnet session, see the "Disabling Password Recovery" section on page 8-5. Catalyst 1900 and Catalyst password to access the menu console. 5-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 105
Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides for those switches. Using SNMP to Manage Switch Clusters When you first power knowledge. Use the first read-write and read-only community strings to communicate with the cluster command switch if there is a - Cisco WS-2960-24LC-S | Software Guide - Page 106
strings, they can be used in addition to the access provided by the cluster command switch. For more information about SNMP and community strings, see Chapter 26, "Configuring SNMP." Figure 5-7 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Trap Trap 33020 - Cisco WS-2960-24LC-S | Software Guide - Page 107
the System Clock The heart of the time service is the system clock. This clock runs from the moment the system starts up and keeps track of the date and time. The system clock can then be set from these sources: • NTP • Manual configuration OL-8603-04 Catalyst 2960 Switch Software Configuration - Cisco WS-2960-24LC-S | Software Guide - Page 108
authentication mechanism. Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet. Catalyst 2960 Switch - Cisco WS-2960-24LC-S | Software Guide - Page 109
Time isolated from the Internet, Cisco's implementation of NTP allows time are available, NTP is always considered to be more authoritative. NTP time overrides the time time-synchronized as well. Configuring NTP The switch does not have a hardware-supported has no hardware support for a calendar. As - Cisco WS-2960-24LC-S | Software Guide - Page 110
Table 6-1 Default NTP Configuration Feature NTP authentication NTP peer or server associations NTP broadcast service NTP access restrictions NTP packet mode. Enable the NTP authentication feature, which is disabled by default. Catalyst 2960 Switch Software Configuration Guide 6-4 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 111
end show running-config copy running-config startup-config Purpose Define the authentication keys. By default, none are defined. • For number, specify a key number. The range is 1 to 4294967295. • md5 specifies that message authentication support Catalyst 2960 Switch Software Configuration Guide 6-5 - Cisco WS-2960-24LC-S | Software Guide - Page 112
switching back and forth between peers and servers. end Return to privileged EXEC mode. show running- 172.16.22.44 version 2 Configuring NTP Broadcast Service The communications between devices running NTP (known as associations) Catalyst 2960 Switch Software Configuration Guide 6-6 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 113
packets to a peer. [destination-address] By default, this feature is disabled on all interfaces. • (Optional) For number, that is synchronizing its clock to this switch. end Return to privileged EXEC mode. show running-config Verify Catalyst 2960 Switch Software Configuration Guide 6-7 - Cisco WS-2960-24LC-S | Software Guide - Page 114
6-8 • Disabling NTP Services on a Specific Interface, page 6-10 Creating time requests and NTP control queries and allows the switch to synchronize to the remote device. For access-list-number, enter a standard IP access list number from 1 to 99. Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 115
Time and Date Step 3 Command access-list access-list-number permit source [source-wildcard] Step 4 Step 5 Step 6 end types are granted. To remove access control to the switch NTP services, use the no ntp access-group {query-only | serve-only Catalyst 2960 Switch Software Configuration Guide 6-9 - Cisco WS-2960-24LC-S | Software Guide - Page 116
Time and Date Chapter 6 Administering the Switch Disabling NTP Services on a Specific Interface NTP services follow these steps to configure a specific interface from which the IP source 3 Step 4 Step 5 end show running-config copy running to be used for a specific association, use the source - Cisco WS-2960-24LC-S | Software Guide - Page 117
Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. Configuring Time and Date Manually If no other source of time is available, you can manually configure the time that provides time services, such as an NTP server, you do not need to manually set the - Cisco WS-2960-24LC-S | Software Guide - Page 118
3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Set the time zone. The switch keeps internal time in universal time coordinated (UTC), so this command is used only for display purposes and when the time is manually set. • For zone - Cisco WS-2960-24LC-S | Software Guide - Page 119
. This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 OL-8603-04 Catalyst 2960 Switch Software Configuration - Cisco WS-2960-24LC-S | Software Guide - Page 120
the Cisco.com page, select Documentation > Cisco IOS Software > 12.2 Mainline > Command References and see the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols. 6-14 Catalyst 2960 Switch Software Configuration Guide OL - Cisco WS-2960-24LC-S | Software Guide - Page 121
end show running-config copy running-config startup-config Purpose Enter global configuration mode. Manually support cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco Catalyst 2960 Switch Software Configuration Guide 6-15 - Cisco WS-2960-24LC-S | Software Guide - Page 122
server-address2 ... server-address6] ip domain-lookup end Purpose Enter global configuration mode. Define a default -based hostname-to-address translation on your switch. This feature is enabled by default. If your network devices require Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 123
ip domain-name global configuration command. If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname. To login banners are not configured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-17 - Cisco WS-2960-24LC-S | Software Guide - Page 124
configure terminal banner motd c message c Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode , contact technical support. User Access Verification Password: 6-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 125
using the dollar sign ($) symbol as the beginning and ending delimiter: Switch(config)# banner login $ Access for authorized ages when it is not in use. • Static address: a manually entered unicast address that does not age and that is not lost Catalyst 2960 Switch Software Configuration Guide 6-19 - Cisco WS-2960-24LC-S | Software Guide - Page 126
Displaying Address Table Entries, page 6-26 Building the Address Table With multiple MAC addresses supported on all ports, you can connect any port on the switch to individual workstations associated with a port in the other VLAN. 6-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 127
Feature Aging time Dynamic time: Step 1 Step 2 Command configure terminal mac address-table aging-time [0 | 10-1000000] [vlan vlan-id] Step 3 Step 4 Step 5 end show mac address-table aging-time time global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration - Cisco WS-2960-24LC-S | Software Guide - Page 128
EXEC mode. You can also remove a specific MAC address (clear mac address-table dynamic address the SNMP version to support. Version 1, the default, is not available with informs. • For community-string, specify the string feature. 6-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 129
Step 10 end show mac specific interface, use the no snmp trap mac-notification {added | removed} interface configuration command. To disable the MAC address notification feature address notification feature, set the interval time to 60 seconds Catalyst 2960 Switch Software Configuration Guide 6-23 - Cisco WS-2960-24LC-S | Software Guide - Page 130
has these characteristics: • It is manually entered in the address table and must be manually removed. • It can be a -id interface interface-id Step 3 Step 4 Step 5 end show mac address-table static copy running-config startup-config Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 131
specific source or destination MAC addresses. This feature is disabled by default and only supports unicast static addresses. Follow these guidelines when using this feature drop Step 3 Step 4 Step 5 end show mac address-table static copy Catalyst 2960 Switch Software Configuration Guide 6-25 - Cisco WS-2960-24LC-S | Software Guide - Page 132
Description To communicate manually to the table do not age and must be manually removed. Note For CLI procedures, see the Cisco IOS Release 12.2 documentation from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline. 6-26 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 133
supported in each template. Table 7-1 Approximate Number of Feature Resources Allowed by Each Template Resource Unicast MAC addresses IPv4 IGMP groups IPv4 unicast routes Default QoS Dual 8 K 8 K 8 K 256 256 256 0 0 0 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 134
7 Configuring SDM Templates Table 7-1 Approximate Number of Feature Resources Allowed by Each Template (continued) Resource Default QoS maximize feature usage: Command Step 1 configure terminal Purpose Enter global configuration mode. Catalyst 2960 Switch Software Configuration Guide 7-2 - Cisco WS-2960-24LC-S | Software Guide - Page 135
-ipv4-and-ipv6 default | qos} end reload Purpose Specify the SDM template to be used on the switch: The keywords have these meanings: • default-Gives balance to all functions. • dual-ipv4-and-ipv6 default-Allows the switch to be used in dual stack environments (supporting both IPv4 and IPv6). • qos - Cisco WS-2960-24LC-S | Software Guide - Page 136
.Displaying the SDM Templates Chapter 7 Configuring SDM Templates Catalyst 2960 Switch Software Configuration Guide 7-4 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 137
how to configure switch-based authentication on the Catalyst 2960 switch. It consists of these sections: should configure one or more of these security features: • At a minimum, you should configure privilege levels, you can also assign a specific privilege level (with associated rights and privileges - Cisco WS-2960-24LC-S | Software Guide - Page 138
see the Cisco IOS Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > Table 8-1 Default Password and Privilege Levels Feature Enable password and privilege level Enable secret . Catalyst 2960 Switch Software Configuration Guide 8-2 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 139
1 Step 2 Command configure terminal enable password password Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Define a cannot be in effect simultaneously. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-3 - Cisco WS-2960-24LC-S | Software Guide - Page 140
service password-encryption Step 4 Step 5 end only type 5, a Cisco proprietary encryption algorithm, keyword to define a password for a specific privilege level. After you specify the service password-encryption global configuration command. Catalyst 2960 Switch Software Configuration Guide 8-4 OL - Cisco WS-2960-24LC-S | Software Guide - Page 141
Disabling password recovery will not work if you have set the switch to boot up manually by using the boot manual global configuration command. This command produces the boot loader prompt (switch:) after the switch is power cycled. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-5 - Cisco WS-2960-24LC-S | Software Guide - Page 142
Line When you power-up your switch for the first time, an automatic 0 15 Step 5 password password Step 6 end Step 7 show running-config Step 8 copy specific privilege level (with associated rights and privileges) to each username and password pair. Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 143
0 15 login local end show running-config copy running name, specify the user ID as one word. Spaces and quotation marks are not allowed. username authentication for a specific user, use the no By default, the Cisco IOS software has two modes Catalyst 2960 Switch Software Configuration Guide 8-7 - Cisco WS-2960-24LC-S | Software Guide - Page 144
Command configure terminal privilege mode level level command enable password level level password end show running-config or show privilege copy running-config startup-config Purpose Enter )# enable password level 14 SecretPswd14 Catalyst 2960 Switch Software Configuration Guide 8-8 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 145
Command configure terminal line vty line privilege level level Step 4 Step 5 Step 6 end show running-config or show privilege copy running-config startup-config Purpose Enter global configuration . For level, the range is 0 to 15. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-9 - Cisco WS-2960-24LC-S | Software Guide - Page 146
Cisco IOS . TACACS+ services are maintained TACACS+ features on Cisco routers and access servers. A network access server provides connections to a single user, to a network or subnetwork, and to interconnected networks as shown in Figure 8-1. 8-10 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 147
, mother's maiden name, service type, and social security number). The TACACS+ authentication service can also send messages to support. You can also enforce restrictions on what commands a user can execute with the TACACS+ authorization feature Catalyst 2960 Switch Software Configuration Guide 8-11 - Cisco WS-2960-24LC-S | Software Guide - Page 148
and service can begin. If the switch is configured to require authorization, authorization begins at this time. services • Connection parameters, including the host or client IP address, access list, and user timeouts Configuring TACACS+ This section describes how to configure your switch to support - Cisco WS-2960-24LC-S | Software Guide - Page 149
can group servers to select a subset of the configured server hosts and use them for a particular service. The server group is used with a global server-host list and contains the list of IP + daemon for encryption to be successful. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-13 - Cisco WS-2960-24LC-S | Software Guide - Page 150
group server tacacs+ group-name server ip-address end show tacacs copy running-config startup-config Purpose it must be applied to a specific port before any of the defined there is successful communication with a listed authentication Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 151
[console | tty | vty] line-number [ending-line-number] login authentication {default | list-name} Step 6 Step 7 Step 8 end show running-config copy running-config startup-config Purpose | list-name} line configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-15 - Cisco WS-2960-24LC-S | Software Guide - Page 152
Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services AAA authorization limits the services Step 6 end show running Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 153
feature tracks the services each Cisco IOS privilege level and for network services: service requests. Enable TACACS+ accounting to send a start-record accounting notice at the beginning of a privileged EXEC process and a stop-record at the end Catalyst 2960 Switch Software Configuration Guide 8-17 - Cisco WS-2960-24LC-S | Software Guide - Page 154
network security environments in which applications support the RADIUS protocol, such as Cisco device if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model. 8-18 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 155
items: • Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address RADIUS This section describes how to configure your switch to support RADIUS. At a minimum, you must identify the host or Catalyst 2960 Switch Software Configuration Guide 8-19 - Cisco WS-2960-24LC-S | Software Guide - Page 156
successful communication with features Specific RADIUS Attributes, page 8-29 (optional) • Configuring the Switch for Vendor-Proprietary RADIUS Server Communication specific UDP port numbers, or their IP address and specific a specific AAA service. for the same service-for example, services, the - Cisco WS-2960-24LC-S | Software Guide - Page 157
communicating with the switch, use the three unique global configuration commands: radius-server timeout, radius-server retransmit, and radius-server key. To apply these values on a specific Server Groups" section on page 8-25. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-21 - Cisco WS-2960-24LC-S | Software Guide - Page 158
per-server RADIUS server communication. This procedure is required are ignored, but spaces within and at the end of the key are used. If you use encryption key values to use with the specific RADIUS host. Return to privileged EXEC mode Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 159
which they are performed; it must be applied to a specific port before any of the defined authentication methods are performed. . This process continues until there is successful communication with a listed authentication method or until all Catalyst 2960 Switch Software Configuration Guide 8-23 - Cisco WS-2960-24LC-S | Software Guide - Page 160
[console | tty | vty] line-number [ending-line-number] login authentication {default | list-name} Step 6 Step 7 Step 8 end show running-config copy running-config startup-config Save your entries in the configuration file. 8-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 161
Documentation > Cisco IOS Software > 12.2 Mainline > Command References. Defining AAA Server Groups You can configure the switch to use AAA server groups to group existing server hosts for authentication. You select a subset of the configured server hosts and use them for a particular service. The - Cisco WS-2960-24LC-S | Software Guide - Page 162
Leading spaces are ignored, but spaces within and at the end of the key are used. If you use spaces in your timeout, retransmit, and encryption key values to use with the specific RADIUS host. Enable AAA. Define the AAA server-group with Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 163
and group2). Group1 has two different host entries on the same RADIUS server configured for the same services. The second host entry acts as a fail-over backup to the first entry. Switch(config if authorization has been configured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-27 - Cisco WS-2960-24LC-S | Software Guide - Page 164
client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services: Step 1 Step 2 Step 3 Command configure terminal aaa accounting network start-stop radius aaa accounting exec start-stop radius - Cisco WS-2960-24LC-S | Software Guide - Page 165
method for communicating vendor-specific information between the switch and the RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes not suitable for general use. The Cisco RADIUS implementation - Cisco WS-2960-24LC-S | Software Guide - Page 166
-In User Service (RADIUS)." specific attributes are used. end specific attribute 26, see the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. 8-30 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 167
communicating vendor-proprietary information between the switch and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports , but spaces within and at the end of the key are used. If Catalyst 2960 Switch Software Configuration Guide 8-31 - Cisco WS-2960-24LC-S | Software Guide - Page 168
for all network-related service requests. username name [ For name, specify the user ID as one word. Spaces and quotation marks are not allowed. option specified in the username command. end Return to privileged EXEC mode. show Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 169
the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2. Configuring the Switch for Secure Shell This section describes how to configure the Secure Shell (SSH) feature. To use this feature, you must install the cryptographic (encrypted) software image on your - Cisco WS-2960-24LC-S | Software Guide - Page 170
Triple DES (3DES) encryption algorithm, and password-based user authentication. SSH also supports these user authentication methods: • TACACS+ (for more information, see the " by using the hostname global configuration command. 8-34 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 171
your switch to run SSH: 1. Download the cryptographic software image from Cisco.com. This step is required. For more information, see the crypto key generate rsa Step 5 Step 6 Step 7 end show ip ssh or show ssh copy running-config startup Catalyst 2960 Switch Software Configuration Guide 8-35 - Cisco WS-2960-24LC-S | Software Guide - Page 172
ssh Step 5 Step 6 Step 7 end show ip ssh or show ssh copy supported by the SSH client. For example, if the SSH client supports SSHv1 and SSHv2, the SSH server selects SSHv2. Configure the SSH control parameters: • Specify the time Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 173
the commands used in this section, see the "HTTPS - HTTP Server and Client with SSL 3.0" feature description for Cisco IOS Release 12.2(15)T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008015a4c6. html Understanding Secure HTTP Servers and Clients - Cisco WS-2960-24LC-S | Software Guide - Page 174
) is to respond to Cisco IOS application requests for HTTPS User Agent services, perform HTTPS User Agent services for the application, and IOS-Self-Signed-Certificate-3080755072 revocation-check none rsakeypair TP-self-signed-3080755072 ! ! 8-38 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 175
Cisco IOS Security Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS from those on the list that are supported by both. For example, Netscape Communicator 4.76 supports U.S. security with RSA Public Key Catalyst 2960 Switch Software Configuration Guide 8-39 - Cisco WS-2960-24LC-S | Software Guide - Page 176
a local configuration name for the CA trustpoint and enter CA trustpoint configuration mode. Specify the URL to which the switch should send certificate requests. 8-40 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 177
crypto ca enroll name Step 13 Step 14 Step 15 end show crypto ca trustpoints copy running-config startup-config Purpose the HTTP server to determine if the secure HTTP server feature is supported in the software. You should see one of these Catalyst 2960 Switch Software Configuration Guide 8-41 - Cisco WS-2960-24LC-S | Software Guide - Page 178
and client to negotiate a CipherSuite that they both support. This is the default. Step 6 ip http The default is 180 seconds (3 minutes). • life-the maximum time period from the time that the connection is established. The range is Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 179
SCP) feature provides a secure and authenticated method for copying switch configurations or switch image files. SCP relies on Secure Shell (SSH), an application and a protocol that provides a secure replacement for the Berkeley r-tools. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 180
and verify SCP, see the "Secure Copy Protocol" chapter of the Cisco IOS New Features, Cisco IOS Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087b18 .html 8-44 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 181
in the Cisco IOS Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > to a switch port before making available any services offered by the switch or the LAN. Host Mode, page 9-7 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-1 - Cisco WS-2960-24LC-S | Software Guide - Page 182
in the network have specific roles, as shown in service is transparent to the client. In this release, the RADIUS security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server. It is available Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 183
Cisco Catalyst 3750-E, Catalyst 3560-E, Catalyst 3750, Catalyst 3560, Catalyst 3550, Catalyst 2970, Catalyst 2960, Catalyst 2955, Catalyst 2950, Catalyst 2940 switches, or a wireless access point. These devices must be running software that supports VLAN that provides limited services if a guest VLAN - Cisco WS-2960-24LC-S | Software Guide - Page 184
timer expires. You can configure the re-authentication timer to use a switch-specific value or to be based on values from the RADIUS server. After IEEE (Attribute[27]) specifies the time after which re-authentication occurs. Catalyst 2960 Switch Software Configuration Guide 9-4 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 185
ends manually or supported on the supplies specific exchange of EAP frames depends on the authentication method being used. Figure 9-3 shows a message exchange initiated by the client when the client uses the One-Time-Password (OTP) authentication method with a RADIUS server. OL-8603-04 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 186
Port Authorized EAPOL-Logoff 101228 Port Unauthorized If IEEE 802.1x authentication times out while waiting for an EAPOL message exchange and MAC authentication bypass is packet RADIUS Access/Request RADIUS Access/Accept 141681 Catalyst 2960 Switch Software Configuration Guide 9-6 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 187
If a client that does not support IEEE 802.1x authentication connects to request for a fixed number of times. Because no response is received, The switch cannot provide authentication services to the client through the If a client leaves or is replaced with another client, the switch changes the port - Cisco WS-2960-24LC-S | Software Guide - Page 188
packets are sent by a switch: • START-sent when a new user session starts • INTERIM-sent during an existing session for updates • STOP-sent when a session terminates Catalyst 2960 Switch Software Configuration Guide 9-8 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 189
maintains the username-to-VLAN mappings, assigning the VLAN based on the username of the client connected to the switch port. You can use this feature to limit network access for certain users. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-9 - Cisco WS-2960-24LC-S | Software Guide - Page 190
: • If no VLAN is supplied by the RADIUS server or if authentication with VLAN assignment feature is not supported on trunk ports, dynamic feature is automatically enabled when you configure IEEE 802.1x authentication on an access port). 9-10 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 191
Switch to Use Vendor-Specific RADIUS Attributes" section switch to provide limited services to clients, such feature is not supported on trunk ports; it is supported only on access ports. The switch supports MAC authentication bypass in Cisco IOS Catalyst 2960 Switch Software Configuration Guide 9-11 - Cisco WS-2960-24LC-S | Software Guide - Page 192
to provide limited services to clients that services. The administrator can control the services services to both types of users. Without this feature this feature, you are supported only feature is not supported on trunk ports; it is supported only on access ports. This feature security features such - Cisco WS-2960-24LC-S | Software Guide - Page 193
1x Authentication with Inaccessible Authentication Bypass In Cisco IOS Release 12.2(25)SEE and later, the authentication state. The behavior of the inaccessible authentication bypass feature depends on the authorization state of the port: • If Catalyst 2960 Switch Software Configuration Guide 9-13 - Cisco WS-2960-24LC-S | Software Guide - Page 194
is a link, and the device MAC address appears after the first CDP message from the IP phone. Cisco IP phones do not relay CDP messages from other devices. As a result, if several IP phones are IEEE 802.1x authentication on a port, 9-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 195
Violations" section on page 19-9. • When you manually remove an IEEE 802.1x client address from the feature allows dormant PCs to be powered when the switch receives a specific Ethernet frame, known as the magic packet. You can use this feature Catalyst 2960 Switch Software Configuration Guide 9-15 - Cisco WS-2960-24LC-S | Software Guide - Page 196
previous session ended because the Termination times out, the switch uses the MAC authentication bypass feature to initiate re-authorization. For more information about these AV pairs, see RFC 3580, "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines." 9-16 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 197
Cisco IOS Release 12.2(25)SED and later, the switch supports support IEEE 802.1x functionality. This feature can authenticate up to eight users on the same shared port and apply the appropriate policies for each end host on a shared port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 198
-Server Communication, page 9-24 (required) • Configuring the Host Mode, page 9-25 (optional) • Configuring Periodic Re-Authentication, page 9-25 (optional) • Manually Re-Authenticating a Client Connected to a Port, page 9-26 (optional) 9-18 Catalyst 2960 Switch Software Configuration Guide OL - Cisco WS-2960-24LC-S | Software Guide - Page 199
Configuration Feature Switch IEEE times that the switch restarts the authentication process before the port changes to the unauthorized state). 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client). OL-8603-04 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 200
9-2 Default IEEE 802.1x Authentication Configuration (continued) Feature Retransmission time Maximum retransmission number Client timeout period Authentication server timeout to which a port is assigned shuts down or is removed. 9-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 201
times feature is supported on IEEE 802.1x port in single-host mode and multihosts mode. - If the client is running Windows XP and the port to which the client is connected is in the critical-authentication state, Windows XP might report that the interface is not authenticated. OL-8603-04 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 202
VLAN feature is not supported on trunk ports; it is supported only a Previous Software Release In Cisco IOS Release 12.2(25)SEE, the to configure the switch for all network-related service requests. This is the IEEE 802.1x AAA Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 203
Step 11 Step 12 Step 13 end show dot1x copy running-config startup- the group radius keywords are supported. Enable IEEE 802.1x authentication authorization for all network-related service requests, such as VLAN .1x authentication on the port. For feature interaction information, see the "IEEE 802 - Cisco WS-2960-24LC-S | Software Guide - Page 204
Communication RADIUS security servers are identified by their hostname or IP address, hostname and specific UDP port numbers, or IP address and specific are ignored, but spaces within and at the end of the key are used. If you use spaces Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 205
to recognize and use vendor-specific attributes (VSAs). interface interface host-mode multi-host Switch(config-if)# end Configuring Periodic Re-Authentication You can enable periodic time period before enabling re-authentication, the number of seconds between attempts is 3600. OL-8603-04 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 206
is enabled. end Return to privileged Manually Re-Authenticating a Client Connected to a Port You can manually re-authenticate the client connected to a specific port at any time time to the user by entering a number smaller than the default. 9-26 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 207
5 Step 6 end show dot1x interface interface specific behavioral problems with certain clients and authentication servers. Beginning in privileged EXEC mode, follow these steps to change the amount of time time, use the no dot1x timeout tx-period interface configuration command. OL-8603-04 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 208
-id dot1x max-reauth-req count Step 4 Step 5 Step 6 end show dot1x interface interface-id copy running-config startup-config Purpose Enter links or specific behavioral problems with certain clients and authentication servers. 9-28 Catalyst 2960 Switch Software Configuration Guide OL-8603 - Cisco WS-2960-24LC-S | Software Guide - Page 209
terminal interface interface-id dot1x max-reauth-req count Step 4 Step 5 Step 6 end show dot1x interface interface-id copy running-config startup-config Purpose Enter global configuration and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-29 - Cisco WS-2960-24LC-S | Software Guide - Page 210
start-stop group radius Step 5 Step 6 Step 7 end show running-config copy running-config startup-config Purpose fail authentication are not granted network access. The switch supports guest VLANs in single-host or multiple-hosts mode. Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 211
not receive a valid username and password. The switch supports restricted VLANs only in single-host mode. Beginning in auth-fail vlan vlan-id Step 6 Step 7 Step 8 end show dot1x interface interface-id copy running-config startup-config 04 Catalyst 2960 Switch Software Configuration Guide 9-31 - Cisco WS-2960-24LC-S | Software Guide - Page 212
Step 9 dot1x auth-fail max-attempts max attempts end show dot1x interface interface-id copy running-config startup-config configured, and enter interface configuration mode. For the supported port types, see the "IEEE 802.1x Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 213
the inaccessible authentication bypass feature. This procedure is optional. Step 1 Step 2 Step 3 Command configure terminal radius-server dead-criteria time time tries tries radius- minutes (24 hours). The default is 0 minutes. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-33 - Cisco WS-2960-24LC-S | Software Guide - Page 214
and encryption key for all RADIUS communication between the switch and the , but spaces within and at the end of the key are used. If supported port types, see the "IEEE 802.1x Authentication Configuration Guidelines" section on page 9-20. 9-34 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 215
bypass feature: Switch(config)# radius-server dead-criteria time 30 critical vlan 20 Switch(config-if)# end Configuring IEEE 802.1x Authentication with and enter interface configuration mode. For the supported port types, see the "IEEE 802.1x Catalyst 2960 Switch Software Configuration Guide 9-35 - Cisco WS-2960-24LC-S | Software Guide - Page 216
configured, and enter interface configuration mode. For the supported port types, see the "IEEE 802.1x Authentication EAP for authorization. Step 5 Step 6 Step 7 end show dot1x interface interface-id copy running-config startup-config Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 217
1x Authentication Configuring NAC Layer 2 IEEE 802.1x Validation In Cisco IOS Release 12.2(25)SED or later, you can configure NAC Layer switch only if periodic re-authentication is enabled. end Return to privileged EXEC mode. show dot1x 04 Catalyst 2960 Switch Software Configuration Guide 9-37 - Cisco WS-2960-24LC-S | Software Guide - Page 218
Specify the authentication and encryption key for RADIUS communication between the switch and the RADIUS daemon. network access server to recognize and use vendor-specific attributes (VSAs). Enable the IP device tracking table end 9-38 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 219
information, see the Network Admission Control Software Configuration Guide on Cisco.com. Specify the port to be configured, and Switch(config-if)# ip admission rule1 Switch(config-if)# end Beginning in privileged EXEC mode, follow these steps to Catalyst 2960 Switch Software Configuration Guide 9-39 - Cisco WS-2960-24LC-S | Software Guide - Page 220
-if)# dot1x fallback fallback1 Switch(config-if)# end For more information about the dot1x fallback command, commands, see the Network Admission Control Software Configuration Guide on Cisco.com. Disabling IEEE 802.1x Authentication on the Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 221
configure terminal interface interface-id dot1x default end show dot1x interface interface-id copy To display IEEE 802.1x statistics for a specific port, use the show dot1x statistics interface 802.1x administrative and operational status for a specific port, use the show dot1x interface interface - Cisco WS-2960-24LC-S | Software Guide - Page 222
Displaying IEEE 802.1x Statistics and Status Chapter 9 Configuring IEEE 802.1x Port-Based Authentication 9-42 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 223
Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. Understanding Interface Types This section describes the different types of interfaces supported 10-4 • Connecting Interfaces, page 10-4 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-1 - Cisco WS-2960-24LC-S | Software Guide - Page 224
as the receiving port. Network devices in different VLANs cannot communicate with one another without a Layer 3 device to route switchport mode by negotiating with the port on the other end of the link. Switch ports are used for managing Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 225
Two types of access ports are supported: • Static access ports are manually assigned to a VLAN (or a Catalyst 6500 series switch; the Catalyst 2960 switch cannot be a VMPS server. You can also configure an access port with an attached Cisco IP Catalyst 2960 Switch Software Configuration Guide 10-3 - Cisco WS-2960-24LC-S | Software Guide - Page 226
port, and one shows the status of the SFP module port. The port LED is on for whichever connector is active. For more information about the LEDs, see the hardware installation guide. Connecting Interfaces Devices within a single VLAN can communicate directly through any switch. Ports in different - Cisco WS-2960-24LC-S | Software Guide - Page 227
specific interface or all the interfaces on the switch. The remainder of this chapter primarily provides physical interface configuration procedures. Procedures for Configuring Interfaces These general instructions feature options. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-5 - Cisco WS-2960-24LC-S | Software Guide - Page 228
| macro macro_name} Step 3 Step 4 Step 5 Step 6 end show interfaces [interface-id] copy running-config startup-config Purpose Enter are not supported. - fastethernet module/{first port} - {last port}, where the module is always 0 10-6 Catalyst 2960 Switch Software Configuration Guide OL-8603 - Cisco WS-2960-24LC-S | Software Guide - Page 229
the interface range macro global configuration command string, you must use the define interface-range global configuration command to define the macro. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-7 - Cisco WS-2960-24LC-S | Software Guide - Page 230
macro macro_name Step 4 Step 5 Step 6 end show running-config | include define copy line interface shows options to set multiple VLANs, these options are not supported. - fastethernet module/{first port} - {last port}, where the Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 231
enet_list Switch(config)# end Switch# show run an Interface, page 10-15 • Adding a Description for an Interface, page 10-16 Default Feature Allowed VLAN range Default VLAN (for access ports) Default Setting VLANs 1 to 4094. VLAN 1. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 232
device-such as Cisco IP phones and access points that do not fully support IEEE 802.3af-if that powered device is connected to the switch through a crossover cable. This is regardless of whether auto-MIDX is enabled on the switch port. Keepalive messages Disabled on SFP module ports; enabled - Cisco WS-2960-24LC-S | Software Guide - Page 233
sfp} Step 4 Step 5 Step 6 end type of installed SFP module, -The switch disables the SFP module interface. If you powers Catalyst 2960 switch operates with 100BASE-x (where -x is -BX, -FX-FE, -LX) SFP modules as follows: • When the 100BASE -x SFP SFP module interface. • When the 100BASE-x SFP module - Cisco WS-2960-24LC-S | Software Guide - Page 234
but do not support autonegotiation. For information about which SFP modules are supported on your switch, see the product release notes. • If both ends of the line support autonegotiation, we interface during the reconfiguration. 10-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 235
Step 5 Step 6 Step 7 end show interfaces interface-id copy running 1000 to set a specific speed for the interface. SFP module ports operate only at 1000 Mb/s but can be configured to not negotiate if connected to a device that does not support Catalyst 2960 Switch Software Configuration Guide 10-13 - Cisco WS-2960-24LC-S | Software Guide - Page 236
20, speed and duplex do not apply when they are operating in SFP module mode. For interfaces gi0/23 and gi0/24, speed and congested nodes to pause link operation at the other end. If one port experiences congestion and cannot receive any Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 237
)# flowcontrol receive on Switch(config-if)# end Configuring Auto-MDIX on an Interface When installation guide. Auto-MDIX is enabled by default. When you enable auto-MDIX, you must also set the interface speed and duplex to auto so that the feature operates correctly. Auto-MDIX is supported - Cisco WS-2960-24LC-S | Software Guide - Page 238
operating at 10 or 100 Mb/s by using the system mtu global configuration command. You can increase the MTU size to support jumbo frames on all Gigabit Ethernet interfaces by using the system mtu jumbo global configuration command. 10-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 239
system mtu jumbo bytes Step 4 Step 5 Step 6 end copy running-config startup-config reload Purpose Enter global configuration a value that is outside the allowed range for the specific type of interface, the value is not accepted. Once the Catalyst 2960 Switch Software Configuration Guide 10-17 - Cisco WS-2960-24LC-S | Software Guide - Page 240
. Display the hardware configuration, software version, the names and sources of configuration files, and the boot images. Display the operational state of the auto-MDIX feature on the interface. 10-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 241
clear only a specific interface type from a specific interface number. command displays. This information is communicated to other network servers through number} shutdown Shut down an interface. end Return to privileged EXEC mode. show Catalyst 2960 Switch Software Configuration Guide 10-19 - Cisco WS-2960-24LC-S | Software Guide - Page 242
Monitoring and Maintaining the Interfaces Chapter 10 Configuring Interface Characteristics 10-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 243
. You can use Smartports macros to enable features and settings based on the location of a EXEC command. Table 11-1 Cisco-Default Smartports Macros Macro Name1 cisco-global cisco-desktop Description Use this global configuration -8603-04 Catalyst 2960 Switch Software Configuration Guide 11-1 - Cisco WS-2960-24LC-S | Software Guide - Page 244
macros vary depending on the software version running on your switch. Cisco also provides a collection of pretested, Cisco-recommended baseline configuration templates for Catalyst switches. The online reference guide templates provide the CLI commands that you can use to create Smartports - Cisco WS-2960-24LC-S | Software Guide - Page 245
required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 11-3 - Cisco WS-2960-24LC-S | Software Guide - Page 246
commands with one command per line. Use the @ character to end the macro. Use the # character at the beginning of a help string to specify the keywords. Enter # macro keywords word to define the keywords that are available for use with the Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 247
description text Step 8 Step 9 Step 10 end show parser macro description matching occurrences of the keyword are replaced with the corresponding value. Some Specify unique parameter values that are specific to the interface. You can enter Catalyst 2960 Switch Software Configuration Guide 11-5 - Cisco WS-2960-24LC-S | Software Guide - Page 248
-if)# macro apply desktop-config Switch(config-if)# end Switch# show parser macro description Interface Macro Description Gi0/2 desktop-config This example shows how to apply the user-created macro called desktop-config and to replace all occurrences of VLAN 1 with VLAN 25: Switch - Cisco WS-2960-24LC-S | Software Guide - Page 249
}] Step 8 Step 9 Step 10 end show running-config interface interface-id copy running-config startup-config Purpose Append the Cisco-default macro with the required values by Switch(config-if)# macro apply cisco-desktop $AVID 25 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 11-7 - Cisco WS-2960-24LC-S | Software Guide - Page 250
parser macro description [interface interface-id] Purpose Displays all configured macros. Displays a specific macro. Displays the configured macro names. Displays the macro description for all interfaces or for a specified interface. 11-8 Catalyst 2960 Switch Software Configuration Guide OL-8603 - Cisco WS-2960-24LC-S | Software Guide - Page 251
the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same bridge Management Information Base (MIB) information and can support its own implementation of spanning tree. See Chapter 15 Catalyst 2960 Switch Software Configuration Guide 12-1 - Cisco WS-2960-24LC-S | Software Guide - Page 252
, all the end stations in a particular IP subnet belong to the same VLAN. Interface VLAN membership on the switch is assigned manually on an interface supports only IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports. 12-2 Catalyst 2960 Switch Software Configuration Guide OL - Cisco WS-2960-24LC-S | Software Guide - Page 253
manually Catalyst 2960 switch. The Catalyst 2960 switch is a VMPS client. You can have dynamic-access ports and trunk ports on the same switch, but you must connect the dynamic-access port to an end port attached to a Cisco IP Phone, configured Catalyst 2960 Switch Software Configuration Guide 12-3 - Cisco WS-2960-24LC-S | Software Guide - Page 254
flash memory. Caution You can cause inconsistency in the VLAN database if you attempt to manually delete the vlan.dat file. If you want to modify the VLAN configuration, use the commands see the command reference for this release. 12-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 255
more information on configuring Token Ring VLANs, see the Catalyst 5000 Series Software Configuration Guide. Normal-Range VLAN Configuration Guidelines Follow these guidelines when creating and modifying normal-range VLANs in your network: • The switch supports 255 VLANs in VTP client, server, and - Cisco WS-2960-24LC-S | Software Guide - Page 256
the number of VLANs on the switch exceeds the number of supported spanning-tree instances, we recommend that you configure the IEEE 802 mode, see the vlan global configuration command description in the command reference for this release. Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 257
supports Ethernet interfaces exclusively. Because FDDI and Token Ring VLANs are not locally supported, you only configure FDDI and Token Ring media-specific active active, suspend Remote SPAN disabled enabled, disabled OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-7 - Cisco WS-2960-24LC-S | Software Guide - Page 258
is entered for the VLAN, the default is to append the vlan-id with leading zeros to the word VLAN. For example, VLAN0004 is a default VLAN name for VLAN 4. mtu mtu-size (Optional) config-vlan)# name test20 Switch(config-vlan)# end 12-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 259
not support RSPAN VLAN of consecutive VLANs by entering vlan first-vlan-id end last-vlan-id. Note When entering a VLAN ID append the vlan-id with leading zeros to the word VLAN. For example, VLAN0004 is a default VLAN the VLAN is deleted only on that specific switch. You cannot delete the default - Cisco WS-2960-24LC-S | Software Guide - Page 260
2 Step 3 Step 4 Step 5 Command configure terminal no vlan vlan-id end show vlan brief copy running-config startup config Purpose Enter global configuration mode. port to a VLAN. Valid VLAN IDs are 1 to 4094. end Return to privileged EXEC mode. show running-config interface interface-id Verify the - Cisco WS-2960-24LC-S | Software Guide - Page 261
vlan 2 Switch(config-if)# end Configuring Extended-Range VLANs When the 1006 to 4094). Extended-range VLANs enable service providers to extend their infrastructure to a The extended range is not supported in VLAN database configuration mode Catalyst 2960 Switch Software Configuration Guide 12-11 - Cisco WS-2960-24LC-S | Software Guide - Page 262
the switch supports a total of 255 (normal-range and extended-range) VLANs, the number of configured features affects the the only parameters you can change. See the description of the vlan global configuration command in the command Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 263
, only the mtu mtu-size, and remote-span commands are supported for extended-range VLANs. (Optional) Configure the VLAN as the Switch(config)# vlan 2000 Switch(config-vlan)# end Switch# copy running-config startup config Displaying VLANs Catalyst 2960 Switch Software Configuration Guide 12-13 - Cisco WS-2960-24LC-S | Software Guide - Page 264
across an entire network. The Catalyst 2960 switch supports IEEE 802.1Q encapsulation. ." Ethernet trunk interfaces support different trunking modes (see interfaces connected to devices that do not support DTP to not forward DTP frames, that a device that does not support DTP, use the switchport mode - Cisco WS-2960-24LC-S | Software Guide - Page 265
is access or trunk. You must manually configure the neighboring interface as a Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco Catalyst 2960 Switch Software Configuration Guide 12-15 - Cisco WS-2960-24LC-S | Software Guide - Page 266
19 • Configuring the Native VLAN for Untagged Traffic, page 12-19 Interaction with Other Features Trunking interacts with other features in these ways: • A trunk port cannot be a secure port. • Trunk 40 trunk ports in MST mode. 12-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 267
is configured to support IEEE 802.1Q trunking. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet0/2 Switch(config-if)# switchport mode dynamic desirable Switch(config-if)# end OL-8603-04 Catalyst 2960 Switch Software - Cisco WS-2960-24LC-S | Software Guide - Page 268
remove specific VLANs from the allowed list. Note VLAN 1 is the default VLAN on all trunk ports in all Cisco switches -specified ranges. All VLANs are allowed by default. end Return to privileged EXEC mode. show interfaces interface-id Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 269
traffic. The default list of VLANs allowed to be pruned contains VLANs 2 to 1001. end Return to privileged EXEC mode. show interfaces interface-id switchport Verify your entries in the Pruning VLAN can be assigned any VLAN ID. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-19 - Cisco WS-2960-24LC-S | Software Guide - Page 270
Step 4 Step 5 Step 6 end show interfaces interface-id switchport copy Load Sharing Load sharing divides the bandwidth supplied by parallel trunks connecting switches. To for the VLAN. Figure 12-2 shows two trunks connecting supported switches. In this example, the switches are configured as - Cisco WS-2960-24LC-S | Software Guide - Page 271
show vlan configure terminal interface gigabitethernet 0/1 Step 9 switchport mode trunk Step 10 end Step 11 show interfaces gigabitethernet 0/1 switchport Step 12 Step 13 Step 14 show Enter global configuration mode on Switch A. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-21 - Cisco WS-2960-24LC-S | Software Guide - Page 272
port-priority 16 exit interface gigabitethernet0/2 spanning-tree vlan 3-6 port-priority 16 end show running-config copy running-config startup-config Purpose Define the interface to mode. Configure the port as a trunk port. 12-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 273
2-4 cost 30 end Step 14 exit VQP) is used to support dynamic-access ports, addresses seen on the port. Each time an unknown MAC address is seen, a client to the VMPS and communicate with it through VQP. These section on page 12-28 • "Troubleshooting Dynamic-Access Port VLAN Membership" section - Cisco WS-2960-24LC-S | Software Guide - Page 274
switch receives a port-shutdown response from the VMPS, it disables the port. The port must be manually re-enabled by using Network Assistant, the CLI, or SNMP. Dynamic-Access Port VLAN Membership A dynamic is assigned to a VLAN. 12-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 275
the VLAN can change over time, depending on the MAC addresses seen. Default VMPS Client Configuration Table 12-6 shows the default VMPS and dynamic-access port configuration on client switches. Table 12-6 Default VMPS Client and Dynamic-Access Port Configuration Feature VMPS domain server VMPS - Cisco WS-2960-24LC-S | Software Guide - Page 276
the end station, and enter interface configuration mode. Set the port to access mode. Configure the port as eligible for dynamic VLAN membership. The dynamic-access port must be connected to an end station. Return to privileged EXEC mode. 12-26 Catalyst 2960 Switch Software Configuration Guide OL - Cisco WS-2960-24LC-S | Software Guide - Page 277
1 Step 2 Step 3 Step 4 Step 5 Command configure terminal vmps reconfirm minutes end show vmps copy running-config startup-config Purpose Enter global configuration mode. Enter the no vmps reconfirm global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-27 - Cisco WS-2960-24LC-S | Software Guide - Page 278
Step 4 Step 5 Command configure terminal vmps retry count end show vmps copy running-config startup-config Purpose Enter global • VMPS VQP Version-the version of VQP used to communicate with the VMPS. The switch queries the VMPS that is Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 279
Catalyst 6500 series Switch C and Switch J are secondary VMPS servers. • End stations are connected to the clients, Switch B and Switch I. • The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 280
.20.26.152 172.20.26.153 Switch E 172.20.26.154 Switch F 172.20.26.155 Switch G 172.20.26.156 End station 2 Switch H Dynamic-access port Catalyst 6500 series Secondary VMPS Server 3 172.20.26.157 Client switch I 172.20.26.158 Trunk port 172.20.26.159 Switch J 101363t - Cisco WS-2960-24LC-S | Software Guide - Page 281
problems, such as duplicate VLAN names, incorrect VLAN-type specifications VLAN database. The switch supports 255 VLANs, but the number of configured features affects the usage of supported by VTP or stored in the VTP VLAN database. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-1 - Cisco WS-2960-24LC-S | Software Guide - Page 282
be saved to the switch startup configuration file. For domain name and password configuration guidelines, see the "VTP Configuration Guidelines" section on page 13-8. 13-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 283
Modes Table 13-1 You can configure a supported switch to be in one of the VTP modes listed in Table 13-1. VTP Modes VTP Mode Description VTP server In VTP server mode, you number • Update identity and update timestamp OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-3 - Cisco WS-2960-24LC-S | Software Guide - Page 284
configuration information specific to the VLAN type VTP Version 2 If you use VTP in your network, you must decide whether to use Version 1 or Version 2. By default, VTP operates in Version 1. VTP Version 2 supports these features that are not supported in Version 1: • Token Ring support-VTP Version - Cisco WS-2960-24LC-S | Software Guide - Page 285
-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-5 - Cisco WS-2960-24LC-S | Software Guide - Page 286
to a VTP Domain, page 13-14 Default VTP Configuration Table 13-2 shows the default VTP configuration. Table 13-2 Default VTP Configuration Feature VTP domain name VTP mode VTP version VTP password VTP pruning Default Setting Null. Server. Version 1 (Version 2 is disabled). None. Disabled - Cisco WS-2960-24LC-S | Software Guide - Page 287
, and to disable or enable pruning. For more information about available keywords, see the command descriptions in the command reference for this release. The VTP information is saved in the VTP VLAN -config privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-7 - Cisco WS-2960-24LC-S | Software Guide - Page 288
when implementing VTP in your network. Domain Names When configuring VTP for the first time, you must always assign a domain name. You must configure all switches in the Version 2-capable switch (Version 2 is disabled by default). 13-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 289
Command configure terminal vtp mode server vtp domain domain-name Step 4 vtp password password Step 5 end Step 6 show vtp status Purpose Enter global configuration mode. Configure the switch for VTP server fields of the display. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-9 - Cisco WS-2960-24LC-S | Software Guide - Page 290
(config)# vtp domain eng_group Switch(config)# vtp password mypassword Switch(config)# end You can also use VLAN database configuration mode to configure VTP parameters. Beginning (vlan)# exit APPLY completed. Exiting.... Switch# 13-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 291
VLAN database file (vlan.dat). If the switch is then powered off, it resets the VTP configuration to the default. To -name Step 4 Step 5 Step 6 vtp password password end show vtp status Purpose Enter global configuration mode. Configure the Catalyst 2960 Switch Software Configuration Guide 13-11 - Cisco WS-2960-24LC-S | Software Guide - Page 292
: Step 1 Step 2 Step 3 Step 4 Command configure terminal vtp mode transparent end show vtp status Step 5 copy running-config startup-config Purpose Enter global configuration mode message, and the configuration is not allowed. 13-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 293
VTP Version 2 unless every switch in the VTP domain supports Version 2. Note In TrCRF and TrBRF Token ring environments Step 2 Command configure terminal vtp version 2 Step 3 end Step 4 show vtp status Purpose Enter global configuration mode Catalyst 2960 Switch Software Configuration Guide 13-13 - Cisco WS-2960-24LC-S | Software Guide - Page 294
Step 2 Command configure terminal vtp pruning Step 3 end Step 4 show vtp status Purpose Enter global configuration by using the vtp pruning privileged EXEC command. Pruning is supported with VTP Version 1 and Version 2. If you enable Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 295
Step 3 Step 4 configure terminal vtp domain domain-name end Step 5 Step 6 Step 7 Step 8 show vtp status configure terminal vtp domain domain-name end Step 9 show vtp status Purpose Check the VTP switches in the VTP domain. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-15 - Cisco WS-2960-24LC-S | Software Guide - Page 296
vtp status show vtp counters Purpose Display the VTP switch configuration information. Display counters about VTP messages that have been sent and received. 13-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 297
feature enables access ports to carry IP voice traffic from an IP phone. When the switch is connected to a Cisco 7960 IP Phone, the phone sends voice traffic with Layer 3 IP precedence and Layer 2 class of service or other device. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 14-1 - Cisco WS-2960-24LC-S | Software Guide - Page 298
ports on the switch to send Cisco Discovery Protocol (CDP) packets that instruct an attached phone to send voice traffic Cisco IP Phone receive a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default. 14-2 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 299
. • If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the same IP subnet. These conditions indicate that they are in the same VLAN: - They both use IEEE 802.1p or untagged frames. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 14-3 - Cisco WS-2960-24LC-S | Software Guide - Page 300
VLAN. • The Cisco IP Phone and a device attached to the phone cannot communicate if they are in Cisco 7960 IP Phone Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 301
VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP Phone forwards the voice traffic with an IEEE 802.1p priority end To return the port to its default setting, use the no switchport voice vlan interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 302
CDP packets to instruct the phone how to send data packets from the device attached to the access port on the Cisco IP Phone. The value | trust} Step 4 Step 5 Step 6 end show interfaces interface-id switchport copy running-config startup Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 303
Catalyst 2960 switch. The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco spanning-tree features such as Port Fast, Supported Spanning-Tree Instances, page 15-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 304
messages (to ensure the connection is up) only on interfaces that do not have small form-factor pluggable (SFP) modules. You can use the [no] keepalive interface configuration command to change the default for an interface. 15-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 305
Configuring STP Understanding Spanning-Tree Features Spanning-Tree Topology and BPDUs The are powered up, each functions as the root switch. Each switch sends a configuration BPDU through all of its ports. The BPDUs communicate and 8603-04 Catalyst 2960 Switch Software Configuration Guide 15-3 - Cisco WS-2960-24LC-S | Software Guide - Page 306
Understanding Spanning-Tree Features Chapter 15 address to make the bridge ID unique for each VLAN. Support for the extended system ID affects how you manually configure the root switch, the secondary root switch, and the port. 15-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 307
Spanning-Tree Features An interface moves Power-on initialization Blocking state Listening state Disabled state Learning state 43569 Forwarding state When you power continues to block frame forwarding as the switch learns end-station location information for the forwarding database. 4. - Cisco WS-2960-24LC-S | Software Guide - Page 308
Understanding Spanning-Tree Features Chapter 15 Configuring STP Blocking State A Layer 2 interface in the blocking state does not the interface • Forwards frames switched from another interface • Learns addresses • Receives BPDUs 15-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 309
STP Understanding Spanning-Tree Features Disabled State A Layer is calculated based on default parameters, the path between source and destination end stations in a switched network might not be ideal. For instance, connecting OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-7 - Cisco WS-2960-24LC-S | Software Guide - Page 310
Understanding Spanning-Tree Features Chapter 15 Configuring STP Spanning Tree and Redundant parameter value (spanning-tree vlan vlan-id forward-time seconds global configuration command) when the spanning tree reconfigures. 15-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 311
-Tree Features Because supports these spanning-tree modes and protocols: • PVST+-This spanning-tree mode is based on the IEEE 802.1D standard and Cisco is that you can migrate a large PVST+ install base to rapid PVST+ without having to learn the Catalyst 2960 Switch Software Configuration Guide 15-9 - Cisco WS-2960-24LC-S | Software Guide - Page 312
Features Chapter 15 Configuring STP Spanning-Tree Interoperability and Backward Compatibility Table 15-2 lists the interoperability and compatibility among the supported network of Cisco switches connected through Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco Features - Cisco WS-2960-24LC-S | Software Guide - Page 313
-Tree Configuration Feature Enable state Spanning Enabled on VLAN 1. For more information, see the "Supported Spanning-Tree Instances" section on page 15-9. PVST+. time: 2 seconds. Forward-delay time: 15 seconds. Maximum-aging time: 20 seconds. Transmit hold count: 6 BPDUs OL-8603-04 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 314
Features to disable spanning tree on a specific VLAN, and use the spanning-tree supports PVST+, rapid PVST+, and MSTP, but only one version can be active at any time end of the link has a directly connected device that is running STP. 15-12 Catalyst 2960 Switch Software Configuration Guide OL- - Cisco WS-2960-24LC-S | Software Guide - Page 315
STP Configuring Spanning-Tree Features Changing the Spanning-Tree Mode. The switch supports three spanning-tree interface-id spanning-tree link-type point-to-point end clear spanning-tree detected-protocols show spanning-tree summary Catalyst 2960 Switch Software Configuration Guide 15-13 - Cisco WS-2960-24LC-S | Software Guide - Page 316
tree vlan vlan-id end show spanning-tree support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. 15-14 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 317
Features manually configuring the hello time, forward-delay time, and maximum-age time through the spanning-tree vlan vlan-id hello-time, spanning-tree vlan vlan-id forward-time [hello-time seconds]] Step 3 Step 4 Step 5 end show spanning Catalyst 2960 Switch Software Configuration Guide 15-15 - Cisco WS-2960-24LC-S | Software Guide - Page 318
Configuring Spanning-Tree Features Chapter 15 Configuring STP -tree vlan vlan-id root secondary [diameter net-diameter [hello-time seconds]] end show spanning-tree detail copy running-config startup-config Purpose Enter . 15-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 319
15 Configuring STP Configuring Spanning-Tree Features Beginning in privileged EXEC mode, vlan vlan-id port-priority priority Step 5 Step 6 Step 7 end show spanning-tree interface interface-id or show spanning-tree vlan vlan- . OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-17 - Cisco WS-2960-24LC-S | Software Guide - Page 320
Configuring Spanning-Tree Features Chapter 15 Configuring STP spanning-tree vlan vlan-id cost cost Step 5 Step 6 Step 7 end show spanning-tree interface interface-id or show spanning-tree vlan vlan-id confirm the configuration. 15-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 321
Configuring STP Configuring Spanning-Tree Features To return to the default spanning-tree vlan vlan-id priority priority Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id copy running-config startup-config Purpose Enter OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-19 - Cisco WS-2960-24LC-S | Software Guide - Page 322
in privileged EXEC mode, follow these steps to configure the hello time of a VLAN. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree vlan vlan-id hello-time seconds Step 3 Step 4 Step 5 end show spanning-tree vlan vlan-id copy running-config startup-config - Cisco WS-2960-24LC-S | Software Guide - Page 323
Chapter 15 Configuring STP Configuring Spanning-Tree Features Configuring the Forwarding-Delay Time for a VLAN Beginning in privileged EXEC mode, follow these steps to configure the forwarding-delay time for a VLAN. This procedure is optional. Step 1 Step 2 Command configure terminal spanning- - Cisco WS-2960-24LC-S | Software Guide - Page 324
configure terminal spanning-tree transmit hold-count value Step 3 Step 4 Step 5 end show spanning-tree detail copy running-config startup-config Purpose Enter global configuration mode. the command reference for this release. 15-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 325
of the IEEE 802.1s Multiple STP (MSTP) on the Catalyst 2960 switch. Note The multiple spanning-tree (MST) implementation in Cisco IOS Release 12.2(25)SED is based on the IEEE 802.1s standard. The MST implementations in earlier Cisco IOS releases are prestandard. The MSTP enables multiple VLANs to be - Cisco WS-2960-24LC-S | Software Guide - Page 326
16-8 • Configuring MSTP Features, page 16-14 • Displaying of spanning-tree instances required to support a large number of VLANs. information, see the "Configuring MSTP Features" section on page 16-14. regions in a network, but each region can support up to 65 spanning-tree instances. Instances can - Cisco WS-2960-24LC-S | Software Guide - Page 327
the entire switched domain. The CIST is formed by the spanning-tree algorithm running among switches that support the IEEE 802.1w, IEEE 802.1s, and IEEE 802.1D standards. The CIST inside an contains the true CIST regional root. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-3 - Cisco WS-2960-24LC-S | Software Guide - Page 328
interact with neighboring switches and compute the final spanning-tree topology. Because of this, the spanning-tree parameters related to BPDU transmission (for example, 16-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 329
. MSTP switches use MSTP BPDUs to communicate with MSTP switches. IEEE 802.1s Terminology Some MST naming conventions used in Cisco's prestandard implementation have been changed to with a cost of 0 and the hop count set to the OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-5 - Cisco WS-2960-24LC-S | Software Guide - Page 330
Boundary Ports In the Cisco prestandard implementation, a boundary receives its respective M-record. The Cisco prestandard implementation treats a port The primary change from the Cisco prestandard implementation is that a The Cisco implementation of the IEEE MST standard includes features required - Cisco WS-2960-24LC-S | Software Guide - Page 331
MST standard, but this boundary concept is maintained in Cisco's implementation. However, an MST instance port at a no load balancing is possible between A and B. The same problem exists on segment X, but B might transmit topology changes. Catalyst 2960 Switch Software Configuration Guide 16-7 - Cisco WS-2960-24LC-S | Software Guide - Page 332
This feature is not yet present in the IEEE MST standard, but it is included in this Cisco IOS release. Interoperability with IEEE 802.1D STP A switch running MSTP supports a built-in protocol migration mechanism that enables it to Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 333
and Processing, page 16-12 For configuration information, see the "Configuring MSTP Features" section on page 16-14. Port Roles and the Active Topology The RSTP ? No No Yes Yes No To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. - Cisco WS-2960-24LC-S | Software Guide - Page 334
as a Port Fast-enabled port, and you should enable it only on ports that connect to a single end station. • Root ports-If the RSTP selects a new root port, it blocks the old root port tree link-type interface configuration command. 16-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 335
synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-11 - Cisco WS-2960-24LC-S | Software Guide - Page 336
10 11 4 5 6 7 Function Topology change (TC) Proposal Port role: Unknown Alternate port Root port Designated port Learning Forwarding Agreement Topology change acknowledgement (TCA) 16-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 337
for the port. The new root port requires twice the forward-delay time to transition to the forwarding state. If the superior information received on the to support IEEE 802.1D switches. The RSTP BPDUs never have the TCA bit set. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-13 - Cisco WS-2960-24LC-S | Software Guide - Page 338
Features is started (specifies the minimum time during which RSTP BPDUs are sent . Configuring MSTP Features These sections contain Time, page 16-22 (optional) • Configuring the Forwarding-Delay Time, page 16-23 (optional) • Configuring the Maximum-Aging Time MSTP Configuration Feature Spanning-tree - Cisco WS-2960-24LC-S | Software Guide - Page 339
with Other Features" section on page 12-16. • VTP propagation of the MST configuration is not supported. However, you can manually configure the MST cloud. You might have to manually configure the switches in the clouds. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-15 - Cisco WS-2960-24LC-S | Software Guide - Page 340
Configuring MSTP Features Chapter 16 Configuring but each region can only support up to 65 spanning-tree instances. You can assign a VLAN to only one spanning-tree instance at a time. Beginning in privileged EXEC mode same time. 16-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 341
MSTP Features Step 9 Step 10 Step 11 Command end show of the root switches. Because of the extended system ID support, the switch sets its own priority for the specified instance ID support will become the root switch. The extended system ID increases the switch priority value every time the - Cisco WS-2960-24LC-S | Software Guide - Page 342
Features manually configuring the hello time, forward-delay time, and maximum-age time through the spanning-tree mst hello-time, spanning-tree mst forward-time time seconds]] Step 3 Step 4 Step 5 end extended system ID support as the Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 343
Features You can execute this command on more than one switch to configure multiple backup root switches. Use the same network diameter and hello-time diameter net-diameter [hello-time seconds]] Step 3 Step 4 Step 5 end show spanning-tree mst Catalyst 2960 Switch Software Configuration Guide 16-19 - Cisco WS-2960-24LC-S | Software Guide - Page 344
Configuring MSTP Features Chapter 16 Configuring configure terminal interface interface-id spanning-tree mst instance-id port-priority priority end show spanning-tree mst interface interface-id or show spanning-tree mst instance- . 16-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 345
16 Configuring MSTP Configuring MSTP Features Beginning in privileged EXEC mode ; the default value is derived from the media speed of the interface. end Return to privileged EXEC mode. show spanning-tree mst interface interface-id Verify Catalyst 2960 Switch Software Configuration Guide 16-21 - Cisco WS-2960-24LC-S | Software Guide - Page 346
time for all MST instances. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree mst hello-time seconds Step 3 Step 4 Step 5 end the no spanning-tree mst hello-time global configuration command. 16-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 347
Features Configuring the Forwarding-Delay Time Beginning in privileged EXEC mode, follow these steps to configure the forwarding-delay time for all MST instances. This procedure is optional. Step 1 Step 2 Command configure terminal spanning-tree mst forward-time seconds Step 3 Step 4 Step 5 end - Cisco WS-2960-24LC-S | Software Guide - Page 348
Configuring MSTP Features Chapter 16 terminal spanning-tree mst max-hops hop-count Step 3 Step 4 Step 5 end show spanning-tree mst copy running-config startup-config Purpose Enter global configuration mode. command. 16-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 349
Features spanning-tree mst pre-standard end show spanning-tree mst interface switch running MSTP supports a built-in specific interface, use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 350
the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. 16-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 351
features on the Catalyst 2960 switch. You can configure all of these features when your switch is running the per-VLAN spanning-tree plus (PVST+). You can configure only the noted features 17-8 • Understanding Loop Guard, page 17-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-1 - Cisco WS-2960-24LC-S | Software Guide - Page 352
time interfaces must wait for spanning-tree to converge, it is effective only when used on interfaces connected to end the connection of an unauthorized device, and the BPDU guard feature puts the port in the error-disabled state. When Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 353
The BPDU guard feature provides a secure response to invalid configurations because you must manually put the interface back in service. Use the BPDU guard feature in a service-provider network to tree blocks to prevent loops. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-3 - Cisco WS-2960-24LC-S | Software Guide - Page 354
It is not appropriate for backbone devices. This feature might not be useful for other types of (per VLAN), only one of which is forwarding at any given time. Specifically, an uplink group consists of the root port (which is forwarding Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 355
Spanning-Tree Features Understanding Optional Spanning-Tree Features Figure 17-3 technology to the UplinkFast feature, which responds to timer, which controls the amount of time the switch stores protocol information received on aging time specified by the spanning-tree vlan vlan-id max- - Cisco WS-2960-24LC-S | Software Guide - Page 356
Features switch, causes the maximum aging time on the root port to it expires the maximum aging time on the interface that received switch expires the maximum aging time on the interface that received the maximum aging time for the interface Forward Delay time if the default Forward Delay time of 15 - Cisco WS-2960-24LC-S | Software Guide - Page 357
occur if the channel parameters are not the same at both ends of the EtherChannel. For EtherChannel configuration guidelines, see the " feature by using the spanning-tree etherchannel guard misconfig global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 358
network Service-provider network Potential spanning-tree root without root guard enabled Desired root switch Enable the root-guard feature on these interfaces to prevent switches in the customer network from becoming the root switch or being in the path to the root. 101232 17-8 Catalyst 2960 - Cisco WS-2960-24LC-S | Software Guide - Page 359
becoming designated ports because of a failure that leads to a unidirectional link. This feature is most effective when it is enabled on the entire switched network. Loop guard prevents all interfaces. Disabled on all interfaces. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-9 - Cisco WS-2960-24LC-S | Software Guide - Page 360
standard forward-time delay. Caution Use Port Fast only when connecting a single end station to an access or trunk port. Enabling this feature on an problems. If you enable the voice VLAN feature, the Port Fast feature is automatically enabled. When you disable voice VLAN, the Port Fast feature - Cisco WS-2960-24LC-S | Software Guide - Page 361
invalid configurations because you must manually put the port back in service. Use the BPDU guard feature in a service-provider network to prevent an access port from participating in the spanning tree. Caution Configure Port Fast only on ports that connect to end stations; otherwise, an accidental - Cisco WS-2960-24LC-S | Software Guide - Page 362
is disabled. Specify the interface connected to an end station, and enter interface configuration mode. Enable the Port Fast feature. Return to privileged EXEC mode. Verify your entries enable interface configuration command. 17-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 363
-tree topology converges more slowly after a loss of connectivity. end Return to privileged EXEC mode. show spanning-tree summary Verify supported on Token Ring VLANs. This feature is supported for use with third-party switches. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 364
configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. 17-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 365
to be used by the UplinkFast feature. With UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case default, root guard is disabled on all interfaces. end Return to privileged EXEC mode. show running-config Catalyst 2960 Switch Software Configuration Guide 17-15 - Cisco WS-2960-24LC-S | Software Guide - Page 366
Status Chapter 17 Configuring Optional Spanning-Tree Features Command Step 3 spanning-tree loopguard default Step 4 Step 5 Step 6 end show running-config copy running-config startup- see the command reference for this release. 17-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 367
Cisco IOS IP Command Reference, Volume 3 of 3:Multicast, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Note You can either manage IP multicast group addresses through features such as IGMP snooping and MVR, or you can use Catalyst 2960 Switch Software Configuration Guide 18-1 - Cisco WS-2960-24LC-S | Software Guide - Page 368
can forward the IGMPv3 report to the multicast router. Note The switch supports IGMPv3 snooping based only on the destination multicast MAC address. It does not support snooping based on the source MAC address or on proxy reports. 18-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 369
not supported on switches running IGMP filtering or MVR. An IGMPv3 switch can receive messages from and forward messages to a device running the Source Specific Multicast (SSM) feature. For more information about source-specific multicast with IGMPv3 and IGMP, see the following URL: http://www.cisco - Cisco WS-2960-24LC-S | Software Guide - Page 370
PFC 0 VLAN 45751 Forwarding table 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Table 18-2 Updated IGMP Snooping Forwarding Table Destination Address 224.1.2.3 Type of Packet IGMP Ports 1, 2, 5 18-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 371
simultaneously in use. Note You should only use the Immediate Leave feature on VLANs where a single host is connected to each port. time that the switch waits after sending a group-specific query to determine if hosts are still interested in a specific multicast group. The IGMP leave response time - Cisco WS-2960-24LC-S | Software Guide - Page 372
report suppression is supported only when the multicast query has IGMPv1 and IGMPv2 reports. This feature is not supported when the query Feature IGMP snooping Multicast routers Default Setting Enabled globally and per VLAN None configured 18-6 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 373
Default IGMP Snooping Configuration (continued) Feature Multicast router learning (snooping) method Step 3 Step 4 Command configure terminal ip igmp snooping end copy running-config startup-config Purpose Enter global configuration mode. Catalyst 2960 Switch Software Configuration Guide 18-7 - Cisco WS-2960-24LC-S | Software Guide - Page 374
Routing Protocol (DVMRP) packets • Listening to Cisco Group Management Protocol (CGMP) packets from other learn {cgmp | pim-dvmrp} Step 3 Step 4 Step 5 end show ip igmp snooping copy running-config startup-config Purpose Enter global Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 375
be a physical interface or a port channel. The port-channel range is 1 to 6. end Return to privileged EXEC mode. show ip igmp snooping mrouter [vlan vlan-id] Verify that IGMP interface gigabitethernet0/2 Switch(config)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-9 - Cisco WS-2960-24LC-S | Software Guide - Page 376
feature when there is a single receiver present on every port in the VLAN. Note Immediate Leave is supported end Purpose Enter global configuration mode. Enable IGMP Immediate Leave on the VLAN interface. Return to privileged EXEC mode. 18-10 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 377
)# end Configuring the time globally or on a per-VLAN basis. • Configuring the leave time on a VLAN overrides the global setting. • The default leave time is 1000 milliseconds. • The IGMP configurable leave time is only supported IGMP leave time. (Optional configured IGMP leave-time setting from - Cisco WS-2960-24LC-S | Software Guide - Page 378
terminal ip igmp snooping tcn flood query count count Step 3 Step 4 Step 5 end show ip igmp snooping copy running-config startup-config Purpose Enter global configuration mode. Specify default, query solicitation is disabled. 18-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 379
2 Command configure terminal ip igmp snooping tcn query solicit Step 3 Step 4 Step 5 end show ip igmp snooping copy running-config startup-config Purpose Enter global configuration mode. Send an interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-13 - Cisco WS-2960-24LC-S | Software Guide - Page 380
address on the switch. • The IGMP snooping querier supports IGMP Versions 1 and 2. • When administratively enabled, the IGMP version number that the querier feature uses. Select 1 or 2. Step 8 end Return to privileged EXEC mode. Step 9 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 381
(config)# end Disabling IGMP Report Suppression Note IGMP report suppression is supported only when the multicast query has IGMPv1 and IGMPv2 reports. This feature is not supported when the for a VLAN configured for IGMP snooping. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-15 - Cisco WS-2960-24LC-S | Software Guide - Page 382
count]] Display multicast table information for a multicast VLAN or about a specific parameter for the VLAN: • vlan-id-The VLAN ID range is information on dynamically learned and manually configured multicast router interfaces. Note Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 383
based service-provider network (for example, the broadcast of multiple television channels over a service-provider mechanism of IGMP snooping, the two features operate independently of each other. One can be supported. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-17 - Cisco WS-2960-24LC-S | Software Guide - Page 384
VLAN are called MVR source ports. Figure 18-3 Multicast VLAN Registration Example Multicast VLAN Cisco router Switch B SP SP SP Multicast server SP SP SP1 Multicast data SP SP2 ports belong to the multicast VLAN. 18-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 385
top box must respond within the maximum response time specified in the query. If the CPU If no reports are received in a configured time period, the receiver port is removed from multicast Enable the Immediate-Leave feature only on receiver ports Feature MVR Multicast addresses Query response time - Cisco WS-2960-24LC-S | Software Guide - Page 386
18-5 Default MVR Configuration (continued) Feature Interface (per port) default Immediate Leave port is not forwarded to MVR source ports. • MVR does not support IGMPv3 messages. Configuring MVR Global Parameters You do not need to set Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 387
Catalyst 3500 XL and Catalyst 2900 XL switches and does not support IGMP dynamic joins on source ports. The default is compatible mode. end This example shows how to enable MVR, configure the group address, set the query time to 1 second (10 tenths), specify the MVR multicast VLAN as VLAN 22, and - Cisco WS-2960-24LC-S | Software Guide - Page 388
messages. mvr immediate (Optional) Enable the Immediate-Leave feature of MVR on the port. Note This command end Switch# show mvr interface Port Type Status Immediate Leave ---- ---- ------- Gi0/2 RECEIVER ACTIVE/DOWN ENABLED 18-22 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 389
current (0 through 256) number of multicast groups, the query response time, and the MVR mode. show mvr interface [interface-id] Displays all MVR interfaces and their MVR configurations. [members [vlan vlan-id]] When a specific interface is entered, displays this information: • Type-Receiver or - Cisco WS-2960-24LC-S | Software Guide - Page 390
, not static configuration. With the IGMP throttling feature, you can set the maximum number of IGMP replace the randomly selected multicast entry with the received IGMP report. Note IGMPv3 join and leave messages are not supported Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 391
addresses for the profile. You can enter a single IP address or a range with a start and an end address. The default is for the switch to have no IGMP profiles configured. When a profile is configured one profile applied to it. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-25 - Cisco WS-2960-24LC-S | Software Guide - Page 392
: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# ip igmp filter 4 Switch(config-if)# end Setting the Maximum Number of IGMP Groups You can set the maximum number of IGMP groups that in the configuration file. 18-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 393
and the maximum number of entries is in the forwarding table, specify the action that the interface takes: • deny-Drop the report. • replace-Replace the existing group with the new group for which the IGMP report was received. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-27 - Cisco WS-2960-24LC-S | Software Guide - Page 394
Chapter 18 Configuring IGMP Snooping and MVR Step 4 Step 5 Step 6 Command end show running-config interface interface-id copy running-config startup-config Purpose Return to belong and the IGMP profile applied to the interface. 18-28 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 395
the port-based traffic control features on the Catalyst 2960 switch. Note For complete stack implementation, mistakes in network configurations, or users issuing a denial-of-service time interval and compares the measurement with a predefined suppression-level threshold. OL-8603-04 Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 396
all multicast traffic except control traffic, such as bridge protocol data unit (BDPU) and Cisco Discovery Protocol (CDP) frames, are blocked. The graph in Figure 19-1 shows broadcast , or unicast traffic on that port is blocked. 19-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 397
differ from the configured level by several percentage points. Note Storm control is supported on physical interfaces. You can also configure storm control on an EtherChannel. When , and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-3 - Cisco WS-2960-24LC-S | Software Guide - Page 398
] | pps pps [pps-low]} Step 4 storm-control action {shutdown | trap} Step 5 end Purpose Configure broadcast, multicast, or unicast storm control. By default, storm control is disabled. The . Return to privileged EXEC mode. 19-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 399
switch drops all broadcast traffic until the end of the traffic-storm-control interval: Switch traffic between these ports on the switch. Protected ports have these features: • A protected port does not forward any traffic (unicast OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-5 - Cisco WS-2960-24LC-S | Software Guide - Page 400
interface-id Step 3 Step 4 Step 5 Step 6 switchport protected end show interfaces interface-id switchport copy running-config startup-config Purpose Enter global Switch(config-if)# switchport protected Switch(config-if)# end 19-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 401
Step 5 Step 6 Step 7 switchport block multicast switchport block unicast end show interfaces interface-id switchport copy running-config startup-config Purpose Enter (config-if)# switchport block unicast Switch(config-if)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-7 - Cisco WS-2960-24LC-S | Software Guide - Page 402
Configuring Port Security You can use the port security feature to restrict input to an interface by limiting and The switch supports these types of secure MAC addresses: • Static secure MAC addresses-These are manually configured by 19-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 403
state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. when a violation occurs OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-9 - Cisco WS-2960-24LC-S | Software Guide - Page 404
switch returns an error message if you manually configure an address that would cause a Port Security Configuration Feature Port security Sticky supported on access ports and not on trunk ports, even though the configuration is allowed. 19-10 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 405
support port security aging of sticky secure MAC addresses. Table 19-3 summarizes port security compatibility with other port-based features. Table 19-3 Port Security Compatibility with Other Switch Features Type of Port or Feature -8603-04 Catalyst 2960 Switch Software Configuration Guide 19-11 - Cisco WS-2960-24LC-S | Software Guide - Page 406
if that port is not the access VLAN. If an interface is configured for voice VLAN, configure a maximum of two secure MAC addresses. 19-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 407
state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command. You can manually re-enable it by entering the shutdown and no shutdown interface configuration commands or by using the clear errdisable interface vlan privileged EXEC - Cisco WS-2960-24LC-S | Software Guide - Page 408
appears, and you cannot enter a sticky secure MAC address. Step 11 Step 12 Step 13 end show port-security copy running-config startup-config (Optional) vlan-set a per-VLAN maximum value your entries in the configuration file. 19-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 409
all secure addresses on the interface except those that were manually configured are deleted. You must specifically delete configured secure MAC addresses from the address table by using security mac-address 0000.02000.0004 vlan 3 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-15 - Cisco WS-2960-24LC-S | Software Guide - Page 410
to set the aging time for all secure addresses on a port. Two types of aging are supported per port: • the specified aging time. Use this feature to remove and add devices on a secure port without manually deleting the existing secure Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 411
type {absolute | inactivity}} aging time or type. Note The switch does not support port security aging of sticky secure addresses. Step 4 Step 5 Step 6 end show port-security [interface interface- and port security settings. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-17 - Cisco WS-2960-24LC-S | Software Guide - Page 412
each address. show port-security interface interface-id vlan Displays the number of secure MAC addresses configured per VLAN on the specified interface. 19-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 413
Discovery Protocol (CDP) on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the "System Management Commands" section in the Cisco IOS Configuration Fundamentals Command Reference, Release - Cisco WS-2960-24LC-S | Software Guide - Page 414
configuration. Table 20-1 Default CDP Configuration Feature CDP global state CDP interface state 3 cdp holdtime seconds Step 4 cdp advertise-v2 Step 5 end Purpose Enter global configuration mode. (Optional) Set the transmission Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 415
CDP CDP is enabled by default. Note Switch clusters and other Cisco devices (such as Cisco IP Phones) regularly exchange CDP messages. Disabling CDP can interrupt cluster terminal Switch(config)# cdp run Switch(config)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 20-3 - Cisco WS-2960-24LC-S | Software Guide - Page 416
enabled by default on all supported interfaces to send and to Step 5 no cdp enable end copy running-config startup-config 4 Step 5 cdp enable end copy running-config startup-config enable Switch(config-if)# end Monitoring and Maintaining CDP To cdp table show cdp Description Reset the traffic - Cisco WS-2960-24LC-S | Software Guide - Page 417
show cdp neighbors [interface-id] [detail] show cdp traffic Description Display information about a specific neighbor. You can enter an asterisk (*) to display all port ID. You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. - Cisco WS-2960-24LC-S | Software Guide - Page 418
Monitoring and Maintaining CDP Chapter 20 Configuring CDP 20-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 419
stack. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the "System Management Commands" section in the Cisco IOS to learn about each other. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 21-1 - Cisco WS-2960-24LC-S | Software Guide - Page 420
devices such as IP phones and network devices such as switches. It specifically provides support for voice over IP (VoIP) applications and provides additional TLVs for capabilities discovery, network policy, Power over Ethernet, inventory management and location information. By default, all LLDP-MED - Cisco WS-2960-24LC-S | Software Guide - Page 421
are street address, road name, and postal community name information. - ELIN location information Provides the configuration commands. Table 21-1 Default LLDP Configuration Feature LLDP global state LLDP holdtime (before discarding) 04 Catalyst 2960 Switch Software Configuration Guide 21-3 - Cisco WS-2960-24LC-S | Software Guide - Page 422
LLDP and LLDP-MED Table 21-1 Default LLDP Configuration Feature LLDP interface state LLDP receive LLDP transmit LLDP med-tlv end For additional LLDP show commands, see the "Monitoring and Maintaining LLDP and LLDP-MED" section on page 21-7. 21-4 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 423
terminal Switch(config)# lldp run Switch(config)# end Disabling and Enabling LLDP on an Interface LLDP is enabled by default on all supported interfaces to send and to receive LLDP information. are received on the interface. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 21-5 - Cisco WS-2960-24LC-S | Software Guide - Page 424
5 Step 6 lldp transmit lldp receive end copy running-config startup-config Purpose Enter global power-management Description LLDP-MED inventory management TLV LLDP-MED location TLV LLDP-MED network policy TLV LLDP-MED power management TLV 21-6 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 425
Description Reset the traffic counters to zero. Delete the LLDP table of information about neighbors. Display global information, such as frequency of transmissions, the holdtime for packets being sent, and the delay time for LLDP to initialize on an interface. Display information about a specific - Cisco WS-2960-24LC-S | Software Guide - Page 426
neighbors of a specific interface or expand the display to provide more detailed information. Display LLDP counters, including the number of packets sent and received, number of packets discarded, and number of unrecognized TLVs. 21-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 427
alerts you. Unidirectional links can cause a variety of problems, including spanning-tree topology loops. Modes of Operation UDLD supports two modes of operation: normal (the default) and is not received by the local device. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 22-1 - Cisco WS-2960-24LC-S | Software Guide - Page 428
also detect a unidirectional link when one of these problems exists: • On fiber-optic or twisted-pair time (hold time or time-to-live) expires. If the switch receives a new hello message before an older cache entry ages, the switch replaces Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 429
Configuring UDLD Understanding UDLD If the detection window ends and no valid reply message is received, the traffic from Switch B on the same port. If UDLD is in aggressive mode, it detects the problem and disables the port. If UDLD is in normal mode, the logical link is considered undetermined, - Cisco WS-2960-24LC-S | Software Guide - Page 430
UDLD configuration. Default UDLD Configuration Feature UDLD global enable state UDLD per configuration guidelines: • UDLD is not supported on ATM ports. • A UDLD- end of the link has a directly connected device that is running STP. 22-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 431
For more information, see the "Enabling UDLD on an Interface" section on page 22-5. end Return to privileged EXEC mode. show udld Verify your entries. copy running-config startup-config , and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 22-5 - Cisco WS-2960-24LC-S | Software Guide - Page 432
UDLD Command Step 3 udld port [aggressive] Step 4 Step 5 Step 6 end show udld interface-id copy running-config startup-config Purpose UDLD is disabled by default command output, see the command reference for this release. 22-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 433
Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the - Cisco WS-2960-24LC-S | Software Guide - Page 434
Concepts and Terminology, page 23-3 • SPAN and RSPAN Interaction with Other Features, page 23-8 Local SPAN Local SPAN supports a SPAN session entirely within one switch; all source ports or source VLANs on Switch C in the figure. 23-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 435
ports Switch C RSPAN destination session Understanding SPAN and RSPAN Intermediate switches must support RSPAN VLAN RSPAN VLAN Switch A RSPAN source session A RSPAN source ports sends it out the RSPAN destination port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-3 - Cisco WS-2960-24LC-S | Software Guide - Page 436
and source VLANs in the same session. • The switch supports up to two source sessions (local SPAN and RSPAN source features include IP standard and extended input access control lists (ACLs), ingress QoS policing, and egress QoS policing. 23-4 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 437
copy for SPAN. These features include IP standard and extended Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk up to the maximum number of VLANs supported). However, the switch supports a maximum of two sessions (local Catalyst 2960 Switch Software Configuration Guide 23-5 - Cisco WS-2960-24LC-S | Software Guide - Page 438
on the trunk are monitored. You can limit SPAN traffic monitoring on trunk source ports to specific VLANs by using VLAN filtering. • VLAN filtering applies only to trunk ports or to voice to the user, usually a network analyzer. 23-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 439
cannot be an EtherChannel group or a VLAN. • It can participate in only one SPAN session at a time (a destination port in one SPAN session cannot be a destination port for a second SPAN session). • When on SPAN destination ports. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-7 - Cisco WS-2960-24LC-S | Software Guide - Page 440
manually configure all intermediate switches. It is normal to have multiple RSPAN VLANs in a network at the same time Interaction with Other Features SPAN interacts with these features: • STP-A times the multicast packet is sent. 23-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 441
the default SPAN and RSPAN configuration. Table 23-1 Default SPAN and RSPAN Configuration Feature SPAN state (SPAN and RSPAN) Source port traffic to monitor Encapsulation type ( 23-13 • Specifying VLANs to Filter, page 23-14 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-9 - Cisco WS-2960-24LC-S | Software Guide - Page 442
at least one source port or source VLAN are enabled. • You can limit SPAN traffic to specific VLANs by using the filter vlan keyword. If a trunk port is being monitored, only traffic on remote to remove all remote SPAN sessions. 23-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 443
. Note You can use the monitor session session_number source command multiple times to configure multiple source ports. Specify the SPAN session and the session_number destination command multiple times to configure multiple destination ports. OL-8603-04 Catalyst 2960 Switch Software Configuration - Cisco WS-2960-24LC-S | Software Guide - Page 444
Switch(config)# no monitor session 1 source interface gigabitethernet0/1 Switch(config)# end This example shows how to disable received traffic monitoring on port 1, (config)# monitor session 2 source vlan 10 Switch(config)# end 23-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 445
traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). For details about the keywords not related to incoming traffic, type with the specified VLAN as the default VLAN. end Return to privileged EXEC mode. show monitor [session session_number - Cisco WS-2960-24LC-S | Software Guide - Page 446
6 Switch(config)# end Specifying VLANs to Filter Beginning in privileged EXEC mode, follow these steps to limit SPAN source traffic to specific VLANs: Step 1 Step and after the comma; enter a space before and after the hyphen. 23-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 447
id [, | -] [encapsulation {dot1q | replicate}]} Step 6 Step 7 Step 8 end show monitor [session session_number] show running-config copy running-config startup-config Purpose Specify -20 • Specifying VLANs to Filter, page 23-21 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-15 - Cisco WS-2960-24LC-S | Software Guide - Page 448
to selectively filter or monitor specific packets. Specify these ACLs on the VLAN remote-span feature is supported in all the participating switches manually delete the RSPAN VLAN from all trunks that do not need to carry the RSPAN traffic. 23-16 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 449
VLAN 901. Switch(config)# vlan 901 Switch(config-vlan)# remote span Switch(config-vlan)# end Creating an RSPAN Source Session Beginning in privileged EXEC mode, follow these steps to start an to remove all remote SPAN sessions. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-17 - Cisco WS-2960-24LC-S | Software Guide - Page 450
Step 3. For vlan-id, specify the source RSPAN VLAN to monitor. end Return to privileged EXEC mode. show monitor [session session_number] Verify the (config)# monitor session 1 destination remote vlan 901 Switch(config)# end 23-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 451
session_number destination interface interface-id Step 8 end Step 9 show monitor [session session_number] show in the command-line help string, encapsulation replicate is not supported for RSPAN. The original VLAN ID is overwritten by the Catalyst 2960 Switch Software Configuration Guide 23-19 - Cisco WS-2960-24LC-S | Software Guide - Page 452
/1 Switch(config)# end Creating an RSPAN Destination a network security device (such as a Cisco IDS Sensor Appliance). For details about the help string, encapsulation replicate is not supported for RSPAN. The original VLAN ID Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 453
config)# end Specifying VLANs to Filter Beginning in privileged EXEC mode, follow these steps to configure the RSPAN source session to limit RSPAN source traffic to specific VLANs: comma; enter a space before and after the hyphen. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-21 - Cisco WS-2960-24LC-S | Software Guide - Page 454
session session_number destination remote vlan vlan-id Step 6 Step 7 Step 8 end show monitor [session session_number] show running-config copy running-config startup-config Purpose to display configured SPAN or RSPAN sessions. 23-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 455
> Cisco IOS Software > 12.2 Mainline > Command References. This chapter consists of these sections: • Understanding RMON, page 24-1 • Configuring RMON, page 24-2 • Displaying RMON Status, page 24-6 Understanding RMON RMON is an Internet Engineering Task Force (IETF) standard monitoring specification - Cisco WS-2960-24LC-S | Software Guide - Page 456
and supported interfaces) for a specified polling interval. • Alarm (RMON group 3)-Monitors a specific management monitoring is more efficient, and little processing power is required. Configuring RMON These sections -5 (optional) 24-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 457
1 to 65535. • For variable, specify the MIB object to monitor. • For interval, specify the time in seconds the alarm monitors the MIB variable. The range is 1 to 4294967295 seconds. • Specify the , specify the owner of the alarm. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 24-3 - Cisco WS-2960-24LC-S | Software Guide - Page 458
the event table by this command. This example also generates an SNMP trap when the event is triggered. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones 24-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 459
number] [interval seconds] [owner ownername] Step 4 Step 5 Step 6 Step 7 end show running-config show rmon history copy running-config startup-config Purpose Enter global configuration , and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 24-5 - Cisco WS-2960-24LC-S | Software Guide - Page 460
of the RMON group of statistics. end Return to privileged EXEC mode. Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. 24-6 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 461
message logging on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command - Cisco WS-2960-24LC-S | Software Guide - Page 462
sign depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. 25-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 463
and time of the message or event. This information appears only if the service timestamps supported facilities, see Table 25-4 on page 25-13. severity Single-digit code from 0 to 7 that is the severity of the message. For a description Feature Catalyst 2960 Switch Software Configuration Guide 25-3 - Cisco WS-2960-24LC-S | Software Guide - Page 464
Message Logging Configuration (continued) Feature Time stamps Synchronous logging Logging server Step 4 Step 5 Command configure terminal no logging console end show running-config or show logging copy running-config startup-config 25-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 465
enabled, you can send messages to specific locations in addition to the console. -file-size]] [severity-level-number | type] Step 5 end Step 6 terminal monitor Step 7 show running-config Step do not remain in effect after the session has ended. You must perform this step for each session to - Cisco WS-2960-24LC-S | Software Guide - Page 466
with solicited device output and prompts for a specific console port line or virtual terminal line. You configure terminal line [console | vty] line-number [ending-line-number] Purpose Enter global configuration mode. Specify the 25-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 467
to 2147483647. The default is 20. end Return to privileged EXEC mode. show running- service timestamps log datetime global configuration command enabled: *Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 468
Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal service sequence-numbers end show running-config copy running-config startup-config Purpose Enter global configuration mode levels (see Table 25-3 on page 25-9). 25-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 469
Step 4 logging trap level Step 5 Step 6 Step 7 end show running-config or show logging copy running-config startup-config 0 1 2 3 4 5 6 7 Description System unstable Immediate action needed Critical conditions Error affected. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-9 - Cisco WS-2960-24LC-S | Software Guide - Page 470
default is to store one message. The range is 0 to 500 messages. end Return to privileged EXEC mode. show running-config Verify your entries. copy running- default is 100). You can clear the log at any time by entering the no logging enable command followed by the logging enable command to disable - Cisco WS-2960-24LC-S | Software Guide - Page 471
number] number [end-number] | statistics} [provisioning] privileged EXEC command to display the complete configuration log or the log for specified parameters. The default is that configuration logging is disabled. For information about the commands, see the Cisco IOS Configuration Fundamentals and - Cisco WS-2960-24LC-S | Software Guide - Page 472
Add a line such as the following to the file /etc/syslog.conf: local7.debug /usr/adm/logs/cisco.log The local7 keyword specifies the logging facility to be used; see Table 25-4 on page 25-13 for , enter this command more than once. 25-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 473
For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-13 - Cisco WS-2960-24LC-S | Software Guide - Page 474
Displaying the Logging Configuration Chapter 25 Configuring System Message Logging 25-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 475
configure the Simple Network Management Protocol (SNMP) on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the - Cisco WS-2960-24LC-S | Software Guide - Page 476
in RFC 1157. • SNMPv2C replaces the Party-based Administrative and Security Framework of SNMPv2Classic with the community-string-based Administrative Framework of SNMPv2C while retaining the bulk retrieval and improved error handling of SNMPv2Classic. It has these features: - SNMPv2-Version 2 of the - Cisco WS-2960-24LC-S | Software Guide - Page 477
support communications using SNMPv1, SNMPv2C, or SNMPv3. SNMP Manager Functions The SNMP manager uses information in the MIB to perform the operations described in Table 26-2. Table 26-2 SNMP Operations Operation Description specific Catalyst 2960 Switch Software Configuration Guide 26-3 - Cisco WS-2960-24LC-S | Software Guide - Page 478
the community specific information. The results of a poll can be displayed as a graph and analyzed to troubleshoot internetworking problems, increase network performance, verify the configuration of devices, monitor traffic loads, and more. 26-4 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 479
to specify whether to send SNMP notifications as traps or informs. Note SNMPv1 does not support informs. Traps are unreliable because the receiver does not send an acknowledgment when it receives is not required, use traps. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-5 - Cisco WS-2960-24LC-S | Software Guide - Page 480
interfaces) Null 1. SVI = switch virtual interface 2. SFP = small form-factor pluggable ifIndex Range 1-4999 5000- • Disabling the SNMP Agent, page 26-8 • Configuring Community Strings, page 26-8 • Configuring SNMP Groups and Users, -6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 481
. Table 26-4 Default SNMP Configuration Feature SNMP agent Default Setting Disabled1. SNMP affects all users associated with that group. See the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 for information about -04 Catalyst 2960 Switch Software Configuration Guide 26-7 - Cisco WS-2960-24LC-S | Software Guide - Page 482
specific Cisco IOS community string to gain access to the agent • A MIB view, which defines the subset of all MIB objects accessible to the given community • Read and write or read-only permission for the MIB objects accessible to the community 26-8 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 483
SNMP community, set the community string for that community to the null string (do not enter a value for the community string). To remove a specific community string, use the no snmp-server community string global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 484
to specify that IP access list 4 can use the community string to gain access to the switch SNMP agent: Switch(config)# snmp-server community comaccess ro 4 Configuring SNMP Groups and Users You can device. The default is 162. 26-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 485
called privacy). Note The priv keyword is available only when the cryptographic software image is installed. • (Optional) Enter read readview with a string (not to exceed 64 characters) that that is the name of the access list. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-11 - Cisco WS-2960-24LC-S | Software Guide - Page 486
certain events occur. By default, no trap manager is defined, and no traps are sent. Switches running this Cisco IOS release can have an unlimited number of trap managers. Note Many commands use the word traps in the command syntax. Unless there is an option in the command to select either traps or - Cisco WS-2960-24LC-S | Software Guide - Page 487
pim port-security Description Generates a trap of these environmental traps: fan, shutdown, status, supply, temperature. Generates a trap for a port enable any or all of these traps: Cisco specific, errors, link-state advertisement, rate limit Catalyst 2960 Switch Software Configuration Guide 26-13 - Cisco WS-2960-24LC-S | Software Guide - Page 488
command to a specific host to support informs. • (Optional) For Version 3, select authentication level auth, noauth, or priv. Note The priv keyword is available only when the cryptographic software image is installed. • For community Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 489
queue-length length snmp-server trap-timeout seconds end show running-config copy running-config startup- configuration command. To disable a specific trap type, use the no snmp SNMP agent so that these descriptions can be accessed through the Catalyst 2960 Switch Software Configuration Guide 26-15 - Cisco WS-2960-24LC-S | Software Guide - Page 490
-number {deny | permit} source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Limit TFTP ) Save your entries in the configuration file. 26-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 491
Failure traps are sent by SNMPv2C to the host cisco.com using the community string public. Switch(config)# snmp-server community comaccess ro 4 Switch(config)# snmp-server enable traps Switch(config)# snmp-server inform retries 0 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-17 - Cisco WS-2960-24LC-S | Software Guide - Page 492
statistics, including the number of illegal community string entries, errors, and requested variables Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Table 26-6 Commands for Displaying SNMP Information Feature Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 493
services, and assist with network troubleshooting. The Catalyst 2960 switch supports only IP SLAs responder functionality and must be configured with another device that supports full IP SLAs functionality. For more information about IP SLAs, see the Cisco IOS IP SLAs Configuration Guide, Release - Cisco WS-2960-24LC-S | Software Guide - Page 494
measurement that immediately identifies problems and saves troubleshooting time. • Multiprotocol Label Switching (MPLS) performance monitoring and network verification (if the switch supports MPLS) This section includes this information about IP SLAs functionality: • Using Cisco IOS IP SLAs to - Cisco WS-2960-24LC-S | Software Guide - Page 495
specific chapters in the Cisco IOS IP SLAs Configuration Guide at this URL: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_book09186a0080707055 .html Note The switch does not support Voice over IP (VoIP) service level analysis or IP service uses the Cisco IOS IP SLAs - Cisco WS-2960-24LC-S | Software Guide - Page 496
can be a Cisco IOS Layer 2, responder-configurable switch, such as a Catalyst 2960 or Cisco ME 2400 switch. The responder does not need to support full IP SLAs functionality. Figure 27-1 shows where the Cisco IOS IP SLAs responder fits in the IP network. The responder listens on a specific port for - Cisco WS-2960-24LC-S | Software Guide - Page 497
details are included in the Cisco IOS IP SLAs Configuration Guide. It includes only the procedure for configuring the responder, ad the Catalyst 2960 switch includes only responder support. For details about configuring other operations, see he Cisco IOS IP SLAs Configuration Guide at this URL: http - Cisco WS-2960-24LC-S | Software Guide - Page 498
Cisco IOS software-based devices, including some Layer 2 switches that do not support full IP SLAs functionality, such as the Catalyst 2960 or the Cisco ip-address port port-number end show ip sla responder copy running Catalyst 3750 or Catalyst 3560, that has full IP SLAs support. Refer to - Cisco WS-2960-24LC-S | Software Guide - Page 499
Chapter 27 Configuring Cisco IOS IP SLAs Operations Monitoring IP SLAs Operations Monitoring IP SLAs Operations Use the User EXEC or Display IP SLAs authentication information. Display information about the IP SLAs responder. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 27-7 - Cisco WS-2960-24LC-S | Software Guide - Page 500
Monitoring IP SLAs Operations Chapter 27 Configuring Cisco IOS IP SLAs Operations 27-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 501
has equal priority and an equal chance of being delivered in a timely manner. When congestion occurs, all traffic has an equal chance of being dropped. When you configure the QoS feature, you can select specific network traffic, prioritize it according to its relative importance, and use congestion - Cisco WS-2960-24LC-S | Software Guide - Page 502
of service (CoS supports the use of either value because DSCP values are backward-compatible with IP precedence values. IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Note IPv6 QoS is not supported in this release. 28-2 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 503
end-to-end QoS solution. Implementing QoS in your network can be a simple or complex task and depends on the QoS features to indicate the given quality of service as the packets move through the specific traffic profile (shape). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-3 - Cisco WS-2960-24LC-S | Software Guide - Page 504
Scheduling services the four egress queues based on their configured SRR shared or shaped weights. One of the queues (queue 1) can be the expedited queue, which is serviced until empty before the other queues are serviced. Basic QoS Model 28-4 Catalyst 2960 Switch Software Configuration Guide OL - Cisco WS-2960-24LC-S | Software Guide - Page 505
DSCP value for the packet by using the configurable IP-precedence-to-DSCP map. The IP Version 4 specification defines the 3 most-significant bits of the 1-byte ToS field as the IP precedence. IP precedence " section on page 28-34. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-5 - Cisco WS-2960-24LC-S | Software Guide - Page 506
-profile action configured for this policer. Mark Drop Drop packet. Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done 86835 28-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 507
and the switch offers best-effort service to the packet. • If end of the access list contains before reaching the end. After a traffic use to name a specific traffic flow (or class) and a specific list traffic class; setting a specific DSCP or IP precedence take on a specific traffic class by - Cisco WS-2960-24LC-S | Software Guide - Page 508
are exceeded. To enable the policy map, you attach it to a port by using the service-policy interface configuration command. For more information, see the "Policing and Marking" section on Aggregate Policers" section on page 28-49. 28-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 509
and leaks at a rate that you specify as the average traffic rate in bits per second. Each time a token is added to the bucket, the switch verifies that there is enough room in the bucket. -policer global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-9 - Cisco WS-2960-24LC-S | Software Guide - Page 510
action configured for this policer. Mark Drop Drop packet. Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done 86835 28-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 511
the same DSCP value. The DSCP-to-DSCP-mutation map is the only map you apply to a specific port. All other maps apply to the entire switch. For configuration information, see the "Configuring DSCP Maps " section on page 28-16. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-11 - Cisco WS-2960-24LC-S | Software Guide - Page 512
and Scheduling Overview The switch has queues at specific points to help prevent congestion as shown in congestion, outbound queues are located after the internal ring. Weighted Tail Drop Both the ingress and egress queues use an 28-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 513
ingress and egress queues are serviced by SRR, which controls it is the only mode supported. In shaped mode, Weights on Egress Queues" section on page 28-66, and the "Configuring SRR Shared Weights on Egress Queues" section on page 28-67. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 514
weights. Drop packet. Send packet to the internal ring. 90564 Note SRR services the priority queue for its configured share before servicing the other queue. The switch supports two configurable ingress queues, which are serviced -14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 515
. Specifically, you support works, see the "Weighted Tail Drop" section weights is weight services the priority queue for its configured weight weight global configuration command. Then, SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights servicing - Cisco WS-2960-24LC-S | Software Guide - Page 516
? No Queue the packet. Service the queue according to the SRR weights. Drop packet. Rewrite DSCP and /or CoS value as appropriate. Send the packet out the port. 90565 Done Each port supports Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 517
Thresholds You can assign each packet that flows through the switch to a queue and to a threshold. Specifically, you map DSCP or CoS values to an egress queue and map DSCP or CoS values to a queue queue-id {cos1...cos8 | threshold OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-17 - Cisco WS-2960-24LC-S | Software Guide - Page 518
EXEC command. The queues use WTD to support distinct drop percentages for different traffic classes. Each how WTD works, see the "Weighted Tail Drop" section on page 28-12. Shaped or Shared Mode SRR services each queue-set in shared or Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 519
use the auto-QoS feature to simplify the deployment of existing QoS features. Auto-QoS makes disabled. The switch then offers best-effort service to each packet, regardless of the packet Cisco IP Phones and to devices running the Cisco SoftPhone Catalyst 2960 Switch Software Configuration Guide 28-19 - Cisco WS-2960-24LC-S | Software Guide - Page 520
5, 6, 7 Queue Weight (Bandwidth) 81 percent feature. The switch uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP Phone. When a Cisco IP Phone is detected, the ingress classification on the port is set to 28-20 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 521
-map classification before the switch enables the trust boundary feature. • When you enter the auto qos voip cisco-softphone interface configuration command on a port at the edge qos srr-queue output cos-map queue 4 threshold 3 0 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-21 - Cisco WS-2960-24LC-S | Software Guide - Page 522
Chapter 28 Configuring QoS Table 28-5 Generated Auto-QoS Configuration (continued) Description Automatically Generated Command The switch automatically maps DSCP values to an ingress )# mls qos srr-queue input buffers 67 33 28-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 523
28-5 Generated Auto-QoS Configuration (continued) Description Automatically Generated Command The switch automatically configures Cisco SoftPhone feature is enabled. Switch(config-if)# service-policy input AutoQoS-Police-SoftPhone OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 524
QoS Configuration (continued) Description If you entered the auto qos voip cisco-phone command, the switch which auto-QoS with the Cisco Phone feature is enabled. Switch(config-if)# service-policy input AutoQoS-Police-CiscoPhone Effects Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 525
Cisco IP Phone, the port that is connected to a device running the Cisco SoftPhone feature, or the uplink port that is connected to another trusted switch or router in the interior of the network, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 526
packets are trusted only when the telephone is detected. • cisco-softphone-The port is connected to device running the Cisco SoftPhone feature. • trust-The uplink port is connected to a Switch(config-if)# auto qos voip trust 28-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 527
Cisco router To Internet Trunk link Trunk link Video server 172.20.10.16 End stations Identify this interface as connected to a trusted switch or router Identify this interface as connected to a trusted switch or router IP IP Cisco to IP phones IP Cisco IP phones 101234 Figure 28 - Cisco WS-2960-24LC-S | Software Guide - Page 528
interface interface-id Step 5 auto qos voip cisco-phone Step 6 Step 7 Step 8 exit interface interface-id Step 9 auto qos voip trust Step 10 end Step 11 show auto qos Step 12 copy -QoS configuration in the configuration file. 28-28 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 529
map or the policed-DSCP map) • Configuring Ingress Queue Characteristics, page 28-57 (optional) • Configuring Egress Queue Characteristics, page 28-62 (optional) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-29 - Cisco WS-2960-24LC-S | Software Guide - Page 530
. Table 28-6 Default Ingress Queue Configuration Feature Queue 1 Queue 2 Buffer allocation Bandwidth is the priority queue. SRR services the priority queue for its configured share before servicing the other queue. Table 28-7 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 531
and rate unlimited. Table 28-9 Default Egress Queue Configuration Feature Queue 1 Queue 2 Queue 3 Buffer allocation 25 percent SRR shaped weights 25 0 0 (absolute) 1 SRR shared weights 2 25 25 25 1. A shaped weight of zero Catalyst 2960 Switch Software Configuration Guide 28-31 - Cisco WS-2960-24LC-S | Software Guide - Page 532
Management (SDM) feature to the QoS template. SDM configures system resources to support the maximum number map requires multiple TCAM entries per ACL line. If an input service policy map contains a trust statement in an ACL, the access- Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 533
You configure QoS only on physical ports; there is no support for it at the VLAN or switch virtual interface level. • 3 Step 4 Step 5 Command configure terminal mls qos end show mls qos copy running-config startup-config Purpose Enter global Catalyst 2960 Switch Software Configuration Guide 28-33 - Cisco WS-2960-24LC-S | Software Guide - Page 534
topology. Figure 28-11 Port Trusted States within the QoS Domain Trusted interface Trunk Traffic classification performed here P3 P1 IP Trusted boundary 28-34 Catalyst 2960 Switch Software Configuration Guide 101236 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 535
Step 3 mls qos trust [cos | dscp | ip-precedence] Step 4 Step 5 Step 6 end show mls qos interface copy running-config startup-config Purpose Enter global configuration mode. Specify the port to DSCP Map" section on page 28-52. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-35 - Cisco WS-2960-24LC-S | Software Guide - Page 536
interface-id mls qos cos {default-cos | override} end show mls qos interface copy running-config startup-config Purpose the class of service (CoS) 3-bit field, which is the priority of the packet. For most Cisco IP Phone configurations, Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 537
) at the same time; they are mutually exclusive. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable the trusted boundary feature, use the no mls qos trust device interface configuration command. OL-8603-04 Catalyst 2960 Switch - Cisco WS-2960-24LC-S | Software Guide - Page 538
Mode The switch supports the DSCP transparency feature. It affects switch uses to generate a class of service (CoS) value that represents the priority of the DSCP field of the IP packet. end Return to privileged EXEC mode. show mls qos Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 539
trust dscp Step 5 mls qos dscp-mutation dscp-mutation-name Step 6 Step 7 Step 8 end show mls qos maps dscp-mutation copy running-config startup-config Purpose Enter global configuration mode. Modify in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-39 - Cisco WS-2960-24LC-S | Software Guide - Page 540
dscp Switch(config-if)# mls qos dscp-mutation gi0/2-mutation Switch(config-if)# end Configuring a QoS Policy Configuring a QoS policy typically requires classifying traffic into Traffic by Using Aggregate Policers, page 28-49 28-40 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 541
-number {deny | permit} source [source-wildcard] Step 3 Step 4 Step 5 end show access-lists copy running-config startup-config Purpose Enter global configuration mode. Create an 255 ! (Note: all other access implicitly denied) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-41 - Cisco WS-2960-24LC-S | Software Guide - Page 542
list-number {deny | permit} protocol source source-wildcard destination destination-wildcard end show access-lists copy running-config startup-config Purpose Enter global configuration mode. 102 permit pim any 224.0.0.2 dscp 32 28-42 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 543
implicit deny statement for everything if it did not find a match before reaching the end. end Return to privileged EXEC mode. show access-lists [access-list-number | access-list idp ! (Note: all other access implicitly denied) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-43 - Cisco WS-2960-24LC-S | Software Guide - Page 544
to use to match against a specific traffic flow to further classify it. it did not find a match before reaching the end. {permit | deny} {host src-MAC-addr supported, the match-all and match-any keywords function the same. 28-44 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 545
criterion is defined. Only one match criterion per class map is supported, and only one ACL per class map is supported. • For access-group acl-index-or-name, specify the number ip precedence 5 6 7 Switch(config-cmap)# end Switch# OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-45 - Cisco WS-2960-24LC-S | Software Guide - Page 546
in the traffic class; setting a specific DSCP or IP precedence value in the to set dscp in its configuration. • In Cisco IOS Release 12.2(25)SED or later, you can supported, the match-all and match-any keywords function the same. 28-46 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 547
63. • For ip precedence new-precedence, enter a new IP-precedence value to be assigned to the classified traffic. The range is 0 to 7. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-47 - Cisco WS-2960-24LC-S | Software Guide - Page 548
mode. Valid interfaces include physical ports. Step 11 service-policy input policy-map-name Specify the policy-map . Only one policy map per ingress port is supported. Step 12 end Return to privileged EXEC mode. Step 13 show policy Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 549
gigabitethernet0/1 Switch(config-if)# mls qos trust cos Switch(config-if)# service-policy input macpolicy1 • Beginning with Cisco IOS Release 12.2(40)SE, a policy-map and a port trust state can different policy maps or ports. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-49 - Cisco WS-2960-24LC-S | Software Guide - Page 550
By default, no aggregate policer is defined. For information on the number of policers supported, see the "Standard QoS Configuration Guidelines" section on page 28-32. • For aggregate . Valid interfaces include physical ports. 28-50 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 551
Step 9 service-policy input policy-map-name Step 10 Step 11 Step 12 end show mls qos aggregate-policer [aggregate-policer-name] copy running-config startup-config Purpose Specify the policy-map name, and apply it to an ingress port. Only one policy map per ingress port is supported. Return to - Cisco WS-2960-24LC-S | Software Guide - Page 552
2 Command configure terminal mls qos map cos-dscp dscp1...dscp8 Step 3 Step 4 Step 5 end show mls qos maps cos-dscp copy running-config startup-config Purpose Enter global configuration mode. dscp global configuration command. 28-52 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 553
CoS-to-DSCP map: Switch(config)# mls qos map cos-dscp 10 15 20 25 30 35 40 45 Switch(config)# end Switch# show mls qos maps cos-dscp Cos-dscp map: cos: 0 1 2 3 4 5 6 7 dscp: 10 mls qos ip-prec-dscp global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-53 - Cisco WS-2960-24LC-S | Software Guide - Page 554
-to-DSCP map: Switch(config)# mls qos map ip-prec-dscp 10 15 20 25 30 35 40 45 Switch(config)# end Switch# show mls qos maps ip-prec-dscp IpPrecedence-dscp map: ipprec: 0 1 2 3 4 5 6 7 dscp: 00 00 00 00 58 59 6 : 60 61 62 63 28-54 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 555
2 Step 3 Step 4 Step 5 Command configure terminal mls qos map dscp-cos dscp-list to cos end show mls qos maps dscp-to-cos copy running-config startup-config Purpose Enter global configuration mode. Modify configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-55 - Cisco WS-2960-24LC-S | Software Guide - Page 556
and to display the map: Switch(config)# mls qos map dscp-cos 0 8 16 24 32 40 48 50 to 0 Switch(config)# end Switch# show mls qos maps dscp-cos Dscp-cos map: d1 : d2 0 1 2 3 4 5 6 7 8 9 0 Valid interfaces include physical ports. 28-56 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 557
trust dscp Step 5 mls qos dscp-mutation dscp-mutation-name Step 6 Step 7 Step 8 end show mls qos maps dscp-mutation copy running-config startup-config Purpose Configure the ingress port as space is allocated between the queues? OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-57 - Cisco WS-2960-24LC-S | Software Guide - Page 558
id cos1...cos8 mls qos srr-queue input threshold queue-id threshold-percentage1 threshold-percentage2 end Purpose Enter global configuration mode. Map DSCP or CoS values to an ingress queue queue. Return to privileged EXEC mode. 28-58 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 559
2 Command configure terminal mls qos srr-queue input buffers percentage1 percentage2 Step 3 end Purpose Enter global configuration mode. Allocate the buffers between the ingress queues By . Return to privileged EXEC mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-59 - Cisco WS-2960-24LC-S | Software Guide - Page 560
bandwidth weight1 weight2 Step 3 Step 4 Step 5 end show mls qos interface queueing or show mls qos Separate each value with a space. SRR services the priority queue for its configured weight as specified by the bandwidth keyword in the Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 561
dropping frames). SRR services the priority queue for its configured weight as specified by -id bandwidth weight Step 3 Step 4 Step 5 end show mls qos weight to 0, for example, mls qos srr-queue input priority-queue queue-id bandwidth 0. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 562
enabled or the egress queues are serviced based on their SRR weights: • If the egress expedite queue is enabled, it overrides the SRR shaped and shared weights for queue 1. • If the maximum-threshold global configuration command. 28-62 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 563
id buffers allocation1 ... allocation4 global configuration command. The queues use WTD to support distinct drop percentages for different traffic classes. Note The egress queue default settings with the highest-priority traffic. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-63 - Cisco WS-2960-24LC-S | Software Guide - Page 564
interface interface-id queue-set qset-id end show mls qos interface [interface-id] in Step 2. The range is 1 to 2. • For queue-id, enter the specific queue in the queue-set on which the command is performed. The range is 1 to 28-64 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 565
by placing packets with particular DSCPs or costs of service into certain queues and adjusting the queue thresholds so cos-map queue queue-id threshold threshold-id cos1...cos8 end show mls qos maps copy running-config startup-config Purpose Catalyst 2960 Switch Software Configuration Guide 28-65 - Cisco WS-2960-24LC-S | Software Guide - Page 566
weight3 weight4 Step 4 Step 5 Step 6 end show mls qos interface interface-id queueing copy weight for queue 1 is 1/8, which is 12.5 percent: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth shape 8 0 0 0 28-66 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 567
configured weights. of the weights controls the assign the shared weights and to enable 6 end show weights to the egress queues. By default, all four weights the weights to to configure the weight ratio of the times the bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times - Cisco WS-2960-24LC-S | Software Guide - Page 568
Cisco IOS Release 12.1(19)EA1, Yyou can ensure that certain packets have priority over all others by queuing them in the egress expedite queue. SRR services this queue until it is empty before servicing configuration mode. 28-68 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 569
Information Step 3 Step 4 Step 5 Step 6 Command srr-queue bandwidth limit weight1 end show mls qos interface [interface-id] queueing copy running-config startup-config Purpose Specify Display QoS settings for the egress queues. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-69 - Cisco WS-2960-24LC-S | Software Guide - Page 570
EXEC command to display classification information for incoming traffic. The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored. Display the DSCP transparency setting. 28-70 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 571
stack environments (supporting both IPv4 and IPv6), you must configure a switch database management (SDM) template to a dual IPv4 and IPv6 template. See the "SDM Templates" section on page 29-6. Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS - Cisco WS-2960-24LC-S | Software Guide - Page 572
, go to the "Implementing Addressing and Basic Connectivity" section of "The Cisco IOS IPv6 Configuration Library" at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b. html 29-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 573
Connectivity" chapter, these sections apply to the Catalyst 2960 switch: • IPv6 Address Formats • IPv6 Address Output Display • Simplified IPv6 Packet Header Supported IPv6 Unicast Routing Features These sections describe the IPv6 protocol (RFC 2460) features supported by the switch: • 128-Bit Wide - Cisco WS-2960-24LC-S | Software Guide - Page 574
autoconfiguration using Dynamic Host Configuration Protocol (DHCP) v6. The switch supports stateless autoconfiguration to manage link, subnet, and site addressing changes, such as management of host and mobile IP addresses. 29-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 575
link-local address enables a node to communicate with other nodes on the link and global IPv6 addresses without the need for manual configuration or the help of a server stacks. The Cisco IOS software supports the dual IPv4 and IPv6 protocol stack Catalyst 2960 Switch Software Configuration Guide 29-5 - Cisco WS-2960-24LC-S | Software Guide - Page 576
switch SDM templates prioritize system resources to optimize support for certain features. You select the template that best suits the the dual stack template because this template results in less TCAM capacity for each resource. 29-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 577
support IPv4 and IPv6 environments: Note This release does not support IPv6 multicast routing or QoS. This release does support feature resources allocated by each new template. Table 29-1 Approximate Number of Feature Resources 8603-04 Catalyst 2960 Switch Software Configuration Guide 29-7 - Cisco WS-2960-24LC-S | Software Guide - Page 578
. Table 29-2 Default IPv6 Configuration Feature SDM template IPv6 addresses Default Setting -interval interval [bucketsize] Step 3 Step 4 Step 5 end show ipv6 interface [interface-id] copy running-config startup file. 29-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 579
is no requirement for routes to be calculated and communicated. The main disadvantage of using static routes is , as with a dynamic routing protocol, and must be manually reconfigured if the network topology changes. Static routes are useful Catalyst 2960 Switch Software Configuration Guide 29-9 - Cisco WS-2960-24LC-S | Software Guide - Page 580
the next hop (the link-local next hop must also be an adjacent router). Step 3 end • administrative distance-(Optional) An administrative distance. The range is 1 to 254; the default value . Return to privileged EXEC mode. 29-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 581
Static Routes for IPv6" chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b static routes. Display IPv6 traffic statistics. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-11 - Cisco WS-2960-24LC-S | Software Guide - Page 582
privileged EXEC command: Switch# show ipv6 static IPv6 Static routes Code: * - installed in RIB * ::/0 via nexthop 3FFE:C000:0:7::777, distance 1 This is an - Static, U - Per-user Static route L FF00::/8 [0/0] via Null0, receive 29-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 583
statistics: Rcvd: 0 input, 0 checksum errors, 0 length errors 0 no port, 0 dropped Sent: 26749 output TCP statistics: Rcvd: 0 input, 0 checksum errors Sent: 0 output, 0 retransmitted OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-13 - Cisco WS-2960-24LC-S | Software Guide - Page 584
Displaying IPv6 Chapter 29 Configuring IPv6 Host Functions 29-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 585
used in this chapter, see the command reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter includes these sections: • "Understanding MLD snooping IPv6 multicast control packets. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-1 - Cisco WS-2960-24LC-S | Software Guide - Page 586
MLD Messages MLDv1 supports three types of messages: • Listener Queries are the equivalent of IGMPv2 queries and are either General Queries or Multicast-Address-Specific Queries (MASQs). are ignored by MLD routers and switches. 30-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 587
database, and generates MLD group-specific and MLD group-and-source-specific queries in response to MLD Done messages. The switch also supports report suppression, report proxying, when MLD snooping is enabled on the switch. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-3 - Cisco WS-2960-24LC-S | Software Guide - Page 588
are flooded to the ingress VLAN. The switch also supports MLDv1 proxy reporting. When an MLDv1 MASQ is received, MLD Done Messages and Immediate-Leave When the Immediate-Leave feature is enabled and a host sends an MLDv1 Done message Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 589
shows the default MLD snooping configuration. Table 30-1 Default MLD Snooping Configuration Feature MLD snooping (Global) MLD snooping (per VLAN) IPv6 Multicast addresses IPv6 VLAN value is 0, the VLAN uses the global count. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-5 - Cisco WS-2960-24LC-S | Software Guide - Page 590
1005), it is not necessary to enable IPv6 MLD snooping on the VLAN on the Catalyst 6500 switch. • MLD snooping and IGMP snooping act independently of each other. You can enable both features at the same time on the switch. • The maximum number of multicast entries allowed on the switch is determined - Cisco WS-2960-24LC-S | Software Guide - Page 591
on the VLAN on the Catalyst 6500 switch. Step 1 Step 2 Step 3 Command configure terminal ipv6 mld snooping ipv6 mld snooping vlan vlan-id Step 4 end Step 5 copy running-config startup command for the specified VLAN number. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-7 - Cisco WS-2960-24LC-S | Software Guide - Page 592
member port. It can be a physical interface or a port channel (1 to 48). end Return to privileged EXEC mode. show ipv6 mld snooping multicast-address user or show ipv6 mld to multicast routers are supported only on switch ports. 30-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 593
a port channel. The port-channel range is 1 to 48. end Return to privileged EXEC mode. show ipv6 mld snooping mrouter [vlan on that port. You should only use the Immediate-Leave feature when there is a single receiver present on every port Catalyst 2960 Switch Software Configuration Guide 30-9 - Cisco WS-2960-24LC-S | Software Guide - Page 594
interval ipv6 mld snooping tcn query solicit ipv6 mld snooping tcn flood query count count end show ipv6 mld snooping querier [vlan vlan-id] copy running-config startup-config Purpose ) Save your entries in the configuration file. 30-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 595
Step 3 Step 4 Command configure terminal no ipv6 mld snooping listener-message-suppression end show ipv6 mld snooping Step 5 copy running-config startup-config Purpose Enter global of the privileged EXEC commands in Table 30-2. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-11 - Cisco WS-2960-24LC-S | Software Guide - Page 596
Display information on dynamically learned and manually configured multicast router interfaces. When you multicast-address [vlan Display all IPv6 multicast address information or specific IPv6 vlan-id] [count | dynamic | user] multicast Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 597
Tracking This chapter describes how to configure EtherChannels on Layer 2 ports on the Catalyst 2960 switch. EtherChannel provides fault-tolerant high-speed links between switches, routers, and Forwarding Methods, page 31-6 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-1 - Cisco WS-2960-24LC-S | Software Guide - Page 598
31-1 Typical EtherChannel Configuration Catalyst 8500 series switch Gigabit end of the channel to determine which ports should become active. Incompatible ports are suspended. Beginning with Cisco IOS active in the EtherChannel. The other end of the channel (on the other switch) must also be - Cisco WS-2960-24LC-S | Software Guide - Page 599
-2. • Use the interface port-channel port-channel-number global configuration command to manually create the port-channel logical interface. Then use the channel-group channel-group- to configure a Layer 2 EtherChannel as a trunk. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-3 - Cisco WS-2960-24LC-S | Software Guide - Page 600
Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by vendors to support command. Table 31-1 EtherChannel PAgP Modes Mode Description auto Places a port into a passive negotiating Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 601
Other Features The Dynamic Trunking Protocol (DTP) and the Cisco Discovery learns the identity of partners capable of supporting LACP and the capabilities of each port LACP Modes Mode active passive Description Places a port into an Catalyst 2960 Switch Software Configuration Guide 31-5 - Cisco WS-2960-24LC-S | Software Guide - Page 602
with Other Features The DTP and support PAgP or LACP. In the on mode, a usable EtherChannel exists only when the switches at both ends the on mode. This is a manual configuration, and ports on both ends of the EtherChannel must have the Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 603
In Figure 31-3, an EtherChannel from a witch that is aggregating data from four workstations communicates with a router. Because the router is a single-MAC-address device, source-based forwarding result in better load balancing. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-7 - Cisco WS-2960-24LC-S | Software Guide - Page 604
and Forwarding Methods Switch with source-based forwarding enabled EtherChannel Cisco router with destination-based forwarding enabled 101239 Configuring EtherChannels These affect only the port where you apply the configuration. 31-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 605
Table 31-3 Default EtherChannel Configuration Feature Channel groups Port-channel logical interface to avoid network loops and other problems. Follow these guidelines to avoid configuration problems: • Do not try to group. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-9 - Cisco WS-2960-24LC-S | Software Guide - Page 606
on all the trunks. Inconsistent trunk modes on EtherChannel ports can have unexpected results. - An EtherChannel supports the same allowed range of VLANs on all the ports in a trunking Layer 2 EtherChannel. If be in standby mode. 31-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 607
PAgP Modes" section on page 31-4 and the "LACP Modes" section on page 31-5. end Return to privileged EXEC mode. show running-config Verify your entries. copy running-config startup -group interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-11 - Cisco WS-2960-24LC-S | Software Guide - Page 608
Switch(config-if-range)# channel-group 5 mode desirable non-silent Switch(config-if-range)# end This example shows how to configure an EtherChannel. It assigns two ports as static-access ports entries in the configuration file. 31-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 609
same at both ends of the link. manually set support address learning by physical ports. When the link partner of the Catalyst 2960 switch is a physical learner (such as a Catalyst 1900 series switch), we recommend that you configure the Catalyst Catalyst 2960 Switch Software Configuration Guide 31-13 - Cisco WS-2960-24LC-S | Software Guide - Page 610
Balancing" section on page 31-12. The learning method must be configured the same at both ends of the link. Assign a priority so that the selected port is chosen for packet transmission. For all compatible ports from aggregating. 31-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 611
1 Step 2 Command configure terminal lacp system-priority priority Step 3 Step 4 Step 5 end show running-config or show lacp sys-id copy running-config startup-config Purpose Enter global (denoted with an H port-state flag). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-15 - Cisco WS-2960-24LC-S | Software Guide - Page 612
port-priority priority Step 4 Step 5 Step 6 end show running-config or show lacp [channel-group-number [channel-group-number] {counters | internal | neighbor} Description Displays EtherChannel information in a brief, detailed, and one Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 613
Link-State Tracking Link-state tracking, also known as trunk failover, is a feature that binds the link state of multiple interfaces. For example, link-state tracking are the upstream interfaces in link-state group 2. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-17 - Cisco WS-2960-24LC-S | Software Guide - Page 614
-down condition by removing the failed downstream port from the link-state group. To recover multiple downstream interfaces, disable the link-state group. 31-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 615
Configuration Guidelines, page 31-20 • Configuring Link-State Tracking, page 31-20 • Displaying Link-State Tracking Status, page 31-21 Server 4 141680 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-19 - Cisco WS-2960-24LC-S | Software Guide - Page 616
group. Link-State Tracking Configuration Guidelines Follow these guidelines to avoid configuration problems: • An interface that is defined as an upstream interface cannot also link state group 1 downstream Switch(config-if)# end 31-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 617
display information about all link-state groups. Enter the group number to display information specific to the group. Enter the detail keyword to display detailed information about the group. command reference for this release. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-21 - Cisco WS-2960-24LC-S | Software Guide - Page 618
Configuring Link-State Tracking Chapter 31 Configuring EtherChannels and Link-State Tracking 31-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 619
and solve problems. Additional troubleshooting information, such as LED descriptions, is provided in the hardware installation guide. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS Commands Master - Cisco WS-2960-24LC-S | Software Guide - Page 620
FX/c2960-lanbase-mz.122-25.FX.bin Connect your PC with terminal-emulation software supporting the Xmodem Protocol to the switch console port. Set the line speed on the emulation software to 9600 baud. Unplug the switch power cord. Press the Mode button and at the same time, reconnect the power cord - Cisco WS-2960-24LC-S | Software Guide - Page 621
Boot the newly downloaded Cisco IOS image. switch:boot flash power-on and by entering a new password. These recovery procedures require that you have physical access to the switch. Note On these switches, a system administrator can disable some of the functionality of this feature by allowing an end - Cisco WS-2960-24LC-S | Software Guide - Page 622
a Lost or Forgotten Password Chapter 32 Troubleshooting Several lines of information about the software appear with instructions, informing you if the password recovery drwx 192 11 -rwx 5825 18 -rwx 720 Mar 01 1993 22:30:48 c2960-lanbase-mz.122-25.FX Mar 01 1993 22:31:59 config.text Mar 01 - Cisco WS-2960-24LC-S | Software Guide - Page 623
Chapter 32 Troubleshooting Recovering from a Lost or Forgotten Password switch: rename flash:config.text flash:config.text.old Step spaces but ignores leading spaces. Return to privileged EXEC mode: Switch (config)# exit Switch# OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-5 - Cisco WS-2960-24LC-S | Software Guide - Page 624
Recovering from a Lost or Forgotten Password Chapter 32 Troubleshooting Step 13 Write the running configuration to the startup configuration file: files: Switch: load_helper Display the contents of flash memory: switch: dir flash: 32-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 625
Troubleshooting Recovering from a Command Switch Failure The switch file system appears: Directory of flash: 13 drwx 192 Mar 01 1993 22:30:48 c2960-lanbase Getting Started with Cisco Network Assistant, available on Cisco.com. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-7 - Cisco WS-2960-24LC-S | Software Guide - Page 626
Chapter 32 Troubleshooting Note HSRP is the preferred method for supplying redundancy to a cluster. If you have not configured a standby command switch, and your command switch loses power or fails in some other way, management contact with the member switches is lost, and you must install a new - Cisco WS-2960-24LC-S | Software Guide - Page 627
Chapter 32 Troubleshooting Recovering from a Command Switch Failure Step 9 Use the setup program to configure the switch IP information. This , select Add to Cluster to display a list of candidate switches to add to the cluster. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-9 - Cisco WS-2960-24LC-S | Software Guide - Page 628
Switch Failure Chapter 32 Troubleshooting Replacing a Failed Command Switch with Another Switch To replace a failed command using the console port, see the switch hardware installation guide. At the switch prompt, enter privileged EXEC Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 629
on both ends of the connection. Note If a remote device does not autonegotiate, configure the duplex settings on the two ports to match. The speed parameter can adjust itself even if the connected port does not autonegotiate. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-11 - Cisco WS-2960-24LC-S | Software Guide - Page 630
switch supports SFP modules and does not support GBIC guide for this release. If you are using a non-Cisco SFP module, remove the SFP module from the switch, and replace it with a Cisco module. After inserting a Cisco SFP and the current for an SFP module on a specific interface and the alarm status. - Cisco WS-2960-24LC-S | Software Guide - Page 631
IP or by supplying the hostname or network address. Note Though other protocol keywords are available with the ping command, they are not supported in this release . U C I Description Each exclamation point means receipt of a reply. Each period means the network server timed out while waiting for - Cisco WS-2960-24LC-S | Software Guide - Page 632
Troubleshooting Table 32-1 Character ? & Ping Output Display Characters (continued) Description Unknown packet type. Packet lifetime exceeded. To end support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time usage guidelines: • Cisco Discovery Protocol (CDP) - Cisco WS-2960-24LC-S | Software Guide - Page 633
Chapter 32 Troubleshooting Using IP Traceroute for example, multiple CDP neighbors are detected on a port), the Layer 2 traceroute feature is not supported. When more than one CDP neighbor is detected on a port, the Layer . OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-15 - Cisco WS-2960-24LC-S | Software Guide - Page 634
Troubleshooting the Time To Live (TTL) field in the IP header to cause routers and servers to generate specific return messages with the traceroute privileged EXEC command, they are not supported in this release. This example shows how to Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 635
, page 32-18 Understanding TDR You can use the Time Domain Reflector (TDR) feature to diagnose and resolve cabling problems. When running TDR, a local device sends a signal through a cable and compares the reflected signal to the initial signal. TDR is supported only on 10/100 and 10/100/1000 copper - Cisco WS-2960-24LC-S | Software Guide - Page 636
in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging - Cisco WS-2960-24LC-S | Software Guide - Page 637
Troubleshooting particular period that debugging is enabled. Depending on the feature you are debugging, you can use commands such as virtually all cases, it is best to use more specific debug commands. The no debug all privileged EXEC command Catalyst 2960 Switch Software Configuration Guide 32-19 - Cisco WS-2960-24LC-S | Software Guide - Page 638
support personnel, who have access to detailed information about the switch application-specific integrated circuits (ASICs). However, packet forwarding information can also be helpful in troubleshooting -Hit A-Data 01FFE 03000000 32-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 639
the crashinfo Files The crashinfo files save information that helps Cisco technical support representatives to debug problems that caused the Cisco IOS image to fail (crash). The switch writes the crash information to the console at the time of the failure. The switch creates two types of crashinfo - Cisco WS-2960-24LC-S | Software Guide - Page 640
the highest sequence number at the end of its filename) by entering the show tech-support privileged EXEC command. You also can provide this information to the Cisco technical support representative by manually accessing the file and using Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 641
-ERR-DISABLE-MIB • CISCO-FLASH-MIB (Flash memory on all switches is modeled as removable flash memory.) • CISCO-FTP-CLIENT-MIB • CISCO-IGMP-FILTER-MIB • CISCO-IMAGE-MIB • CISCO IP-STAT-MIB • CISCO-LAG-MIB • CISCO-MAC-NOTIFICATION-MIB OL-8603-04 Catalyst 2960 Switch Software Configuration Guide A-1 - Cisco WS-2960-24LC-S | Software Guide - Page 642
• OLD-CISCO-TS-MIB • RFC1213-MIB (Functionality is as per the agent capabilities specified in the CISCO-RFC1213-CAPABILITY.my.) • RMON-MIB • RMON2-MIB • SNMP-FRAMEWORK-MIB • SNMP-MPD-MIB • SNMP-NOTIFICATION-MIB • SNMP-TARGET-MIB • SNMPv2-MIB Catalyst 2960 Switch Software Configuration Guide A-2 OL - Cisco WS-2960-24LC-S | Software Guide - Page 643
supported MIBs for the Catalyst 2960 switch: ftp://ftp.cisco.com/pub/mibs/supportlists/cat2960/cat2960-supportlist.htmlYou can access other information about MIBs and Cisco products on the Cisco web site: http://www.cisco MIB file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide A-3 - Cisco WS-2960-24LC-S | Software Guide - Page 644
Using FTP to Access the MIB Files Appendix A Supported MIBs Catalyst 2960 Switch Software Configuration Guide A-4 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 645
N D I X Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Catalyst 2960 switch flash file system, how page B-5 • Displaying the Contents of a File, page B-7 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-1 - Cisco WS-2960-24LC-S | Software Guide - Page 646
B Working with the Cisco IOS File System, Configuration Files ymodem: Table B-1 Field Size(b) Free(b) Type Flags Prefixes show file systems Field Descriptions Value Amount of memory in the file system in bytes. Amount of free memory Catalyst 2960 Switch Software Configuration Guide B-2 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 647
B Working with the Cisco IOS File System, Configuration Files Description Display a list of files on a file system. Display more information about each of the files on a file system. Display information about a specific directory. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-3 - Cisco WS-2960-24LC-S | Software Guide - Page 648
Appendix B Working with the Cisco IOS File System, Configuration Files, /force and /recursive keywords for deleting old software images that were installed by using the archive download-sw command but are no longer needed. flash:. Catalyst 2960 Switch Software Configuration Guide B-4 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 649
Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Some invalid combinations of source and destination exist. Specifically old software images that were installed by using the archive download- Catalyst 2960 Switch Software Configuration Guide B-5 - Cisco WS-2960-24LC-S | Software Guide - Page 650
with the Cisco IOS File the tar file to create. These options are supported: • For the local flash file system, the c2960-lanbase-mz.122-25.FX.tar info (219 bytes) c2960-lanbase-mz.122-25.FX/ (directory) c2960-lanbase-mz.122-25.FX/html/ (directory) Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 651
file on a TFTP server: Switch# more tftp://serverA/hampton/savedconfig ! ! Saved configuration on server ! version 11.3 service timestamps log datetime localtime service linenumber service udp-small-servers service pt-vty-logging OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-7 - Cisco WS-2960-24LC-S | Software Guide - Page 652
entered to customize the function of the Cisco IOS software. A way to create a on and use the TCP/IP stack, which is connection-oriented. These Configuration Information, page B-19 • Replacing and Rolling Back Configurations, page Catalyst 2960 Switch Software Configuration Guide B-8 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 653
Appendix B Working with the Cisco IOS File System, Configuration Files, used. However, some commands in the existing configuration might not be replaced or negated. In this case, the resulting configuration file is UNIX workstation). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-9 - Cisco WS-2960-24LC-S | Software Guide - Page 654
Appendix B Working with the Cisco IOS File System, Configuration Files, must restart the inetd daemon after modifying the /etc/inetd.conf and /etc/services files. To restart the daemon, either stop the inetd process and restart it, B-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 655
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Downloading the Configuration File -confg on host 172.16.2.155? [confirm] y # Writing tokyo-confg!!! [OK] OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-11 - Cisco WS-2960-24LC-S | Software Guide - Page 656
server. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: • The username specified in the copy command if . The new username is stored in B-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 657
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files NVRAM. If config)# ip ftp username netadmin1 Switch(config)# ip ftp password mypass Switch(config)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-13 - Cisco WS-2960-24LC-S | Software Guide - Page 658
with Configuration Files Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images ip ftp password mypass Switch(config)# end Switch# copy nvram:startup-config ftp: Remote host[]? 172.16.101.101 B-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 659
server from or to which you will be copying files must support RCP. The RCP copy commands rely on the rsh server ( copy a configuration file from the switch to a server, the Cisco IOS software sends the first valid username in this list: • The Catalyst 2960 Switch Software Configuration Guide B-15 - Cisco WS-2960-24LC-S | Software Guide - Page 660
Appendix B Working with the Cisco IOS File System, Configuration Files, and Step 6 Command configure terminal ip rcmd remote-username username end copy rcp:[[[//[username@]location]/directory]/filename] system:running-config or # B-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 661
Working with the Cisco IOS File System, Configuration Switch# configure terminal Switch(config)# ip rcmd remote-username netadmin1 Switch(config)# end Switch# copy rcp: nvram:startup-config Address of remote host [255.255. terminal OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-17 - Cisco WS-2960-24LC-S | Software Guide - Page 662
remote-username netadmin2 Switch(config)# end Switch# copy nvram:startup-config rcp: Remote host[]? 172.16.101.101 Name of configuration file to write [switch2-confg]? Write file switch2-confg on host 172.16.101.101?[confirm] ![OK] B-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 663
Release 12.2. Caution You cannot restore a file after it has been deleted. Replacing and Rolling Back Configurations The configuration replacement and rollback feature replaces the running configuration with any saved Cisco IOS configuration file. You can use the rollback function to roll back to - Cisco WS-2960-24LC-S | Software Guide - Page 664
replacement and rollback feature Cisco IOS configuration archive, in which the configuration files are stored and available for use with the configure replace replace target specific set of changes that were applied, the configuration rollback capability reverts to a specific configure replace target- - Cisco WS-2960-24LC-S | Software Guide - Page 665
comply with the format of files generated by Cisco IOS devices. Configuring the Configuration Archive Using the configure replace command with the configuration archive and with the for the files in the configuration archive. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-21 - Cisco WS-2960-24LC-S | Software Guide - Page 666
Files Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Command Step 5 time-period minutes Step 6 Step 7 Step 8 end show running-config copy running-config startup-config Purpose (Optional) Set the time increment for automatically saving an archive - Cisco WS-2960-24LC-S | Software Guide - Page 667
replace the current image with the new one or keep the current image in flash memory after a download. Beginning with Cisco IOS release 12.2(35)SE, you can use the archive download-sw /allow-feature-upgrade privileged EXEC command to allow installation use the TCP/IP stack, which is connection- - Cisco WS-2960-24LC-S | Software Guide - Page 668
File System, Configuration Files, and Software Images Note For a list of software images and the supported upgrade paths, see the release notes. Image Location on the Switch The Cisco IOS image is stored as a .bin file in a directory that shows the version number. A subdirectory contains the files - Cisco WS-2960-24LC-S | Software Guide - Page 669
Description Specifies the Cisco IOS image version string suffix Specifies the directory where the Cisco IOS image and the HTML subdirectory are installed Specifies the name of the Cisco IOS image within the tar file Specifies the Cisco IOS -04 Catalyst 2960 Switch Software Configuration Guide B-25 - Cisco WS-2960-24LC-S | Software Guide - Page 670
Working with the Cisco IOS File System, the inetd daemon after modifying the /etc/inetd.conf and /etc/services files. To restart the daemon, either stop the inetd process and replace the current image or keep the current image. B-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 671
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images the existing files are not removed. If there is not enough space to install the new image and keep the running image, the download process stops, and an error message is - Cisco WS-2960-24LC-S | Software Guide - Page 672
with the Cisco IOS File System, Configuration Files, and Software Images The algorithm installs the downloaded the upload feature only if the web management pages associated with the embedded device manager have been installed with the Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 673
server. When you copy an image file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: • The username specified in the archive download-sw server by using the ping command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-29 - Cisco WS-2960-24LC-S | Software Guide - Page 674
Appendix B Working with the Cisco IOS File System, Configuration Files 4 Step 5 Step 6 ip ftp username username ip ftp password password end Purpose Verify that the FTP server is properly configured by referring to the EXEC mode. B-30 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 675
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Step the existing files are not removed. If there is not enough space to install the new image and keep the running image, the download process stops, and an error message is - Cisco WS-2960-24LC-S | Software Guide - Page 676
Cisco IOS File System, Configuration Files, and Software Images The algorithm installs feature only if the web management pages associated with the embedded device manager have been installed the default password. end Return to privileged Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 677
server from or to which you will be copying files must support RCP. The RCP copy commands rely on the rsh server ( an image from the switch to a server by using RCP, the Cisco IOS software sends the first valid username in this list: • The Catalyst 2960 Switch Software Configuration Guide B-33 - Cisco WS-2960-24LC-S | Software Guide - Page 678
Images Appendix B Working with the Cisco IOS File System, Configuration Files, and RCP, do these tasks: • Ensure that the workstation acting as the RCP server supports the remote shell (rsh). • Ensure that the switch has a route to B-34 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 679
Cisco IOS RCP You can download a new image file and replace or keep the current image. Beginning in privileged EXEC Command configure terminal ip rcmd remote-username username end archive download-sw /overwrite /reload rcp:[[[//[username@] Catalyst 2960 Switch Software Configuration Guide B-35 - Cisco WS-2960-24LC-S | Software Guide - Page 680
Appendix B Working with the Cisco IOS File System, Configuration Files, and string, and the BOOT environment variable is updated to point to the newly installed image. If you kept the old software during the download process (you 36 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 681
Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Uploading an Image File By Using RCP You can upload an image from the switch to an RCP server. You can later download this image to the same switch or to another switch of the same type. The upload feature - Cisco WS-2960-24LC-S | Software Guide - Page 682
Working with Software Images Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images B-38 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 683
reasons: • The Catalyst 2950 switch runs Cisco IOS 12.1EA software, and the Catalyst 2960 switch runs Cisco IOS 12.2SE software. • The switch families have different hardware. If you use a Catalyst 2950 switch command, it might not be supported on the Catalyst 2960 switch. The Catalyst 2960 switch - Cisco WS-2960-24LC-S | Software Guide - Page 684
1-1440 When Cisco IOS 12.2E was restructured, these commands were intentionally removed and are not supported in Cisco IOS 12.2SE. The Catalyst 2960 switch ^ %Invalid input detected at '^' marker. A Catalyst 2950 switch DHCP snooping feature limits the number of DHCP packets per second that an - Cisco WS-2960-24LC-S | Software Guide - Page 685
Catalyst 2950 and 2960 Switch Configuration Incompatibilities (continued) Feature Catalyst 2950 Switch Command and Explanation Result on the Catalyst 2960 Switch IEEE 802.1x In Cisco IOS 12.1EA, the Catalyst The Catalyst 2950 switch Catalyst Catalyst On the Catalyst 2950 switch, the Catalyst 2960 - Cisco WS-2960-24LC-S | Software Guide - Page 686
2960 switch. We recommend that you enable automatic QoS (auto-QoS) on the Catalyst 2950 switch by using the auto qos voip {cisco-phone | cisco-softphone | trust} interface configuration command. The Catalyst 2960 switch accepts the auto qos command and generates QoS commands that are appropriate - Cisco WS-2960-24LC-S | Software Guide - Page 687
appears: Switch(config-if)# spanning-tree stack-port ^ %Invalid input detected at '^' marker. Feature Behavior Incompatibilities Some features behave differently on the Catalyst 2950 and Catalyst 2960 switches, and some features are not supported on the Catalyst 2960 switch: • Access control lists - Cisco WS-2960-24LC-S | Software Guide - Page 688
2960 switch uses different port hardware than the Catalyst 2950 switch, and more QoS features are offered on the Catalyst 2960 switch. For example, the Catalyst 2950 switch supports WRR scheduling, whereas the Catalyst 2960 switch supports SRR scheduling. Also, you must enable QoS globally on - Cisco WS-2960-24LC-S | Software Guide - Page 689
A P P E N D I X Unsupported Commands in Cisco IOS Release 12.2(40)SE This appendix lists some of the command-line interface (CLI) commands that appear when you enter the question mark (?) at the Catalyst 2960 switch prompt but are not supported in this release, either because they are not tested or - Cisco WS-2960-24LC-S | Software Guide - Page 690
D Unsupported Commands in Cisco IOS Release 12.2(40)SE expression] ] | repository [url location] Parameters are not supported for this command: event manager run [policy name] |< -redirection main debug platform configuration Catalyst 2960 Switch Software Configuration Guide D-2 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 691
Appendix D Unsupported Commands in Cisco IOS Release 12.2(40)SE |IGMP Snooping Commands |IGMP Snooping Commands show mac-address-table show mac-address-table address show mac-address-table aging-time show mac-address-table count show mac-address-table dynamic show mac-address-table interface - Cisco WS-2960-24LC-S | Software Guide - Page 692
unicast flood l2protocol-tunnel global drop-threshold service compress-config stack-mac persistent timer Network Address Translation (NAT) Commands Unsupported Privileged EXEC Commands show ip nat statistics show ip nat translations Catalyst 2960 Switch Software Configuration Guide D-4 OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 693
feature default line aaa nas port extended radius-server attribute nas-port radius-server configure radius-server extended-portnames SNMP Unsupported Global Configuration Commands snmp-server enable informs snmp-server ifindex persist OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 694
Cisco IOS Release 12.2(40)SE Spanning Tree Unsupported Global Configuration Command spanning-tree pathcost method {long | short} Unsupported Interface Configuration Command spanning-tree stack replaced by the vtp global configuration command. Catalyst 2960 Switch Software Configuration Guide D-6 - Cisco WS-2960-24LC-S | Software Guide - Page 695
map 28-32 QoS 28-7, 28-41 standard IP, configuring for QoS classification 28-41 support for 1-8 OL-8603-04 active traffic monitoring, IP SLAs 27-1 address aliasing 18-2 addresses policers 28-49 aggregate policing 1-9 aging, accelerating 15-8 Catalyst 2960 Switch Software Configuration Guide IN-1 - Cisco WS-2960-24LC-S | Software Guide - Page 696
802.1x 9-7 autoconfiguration 3-3 IN-2 Catalyst 2960 Switch Software Configuration Guide automatic discovery considerations beyond a noncandidate VLAN See voice VLAN availability, features 1-6 B BackboneFast described 17-5 disabling 17-14 enabling 17-13 support for 1-6 banners configuring login 6- - Cisco WS-2960-24LC-S | Software Guide - Page 697
3-1 manually 3-13 specific image support for 1-4 transmission timer and holdtime, setting 20-2 updates 20-2 CGMP as IGMP snooping learning method 18-8 joining multicast group 18-3 CipherSuites 8-39 Cisco 7960 IP Phone 14-1 Cisco Discovery Protocol See CDP Cisco IOS File System See IFS Catalyst - Cisco WS-2960-24LC-S | Software Guide - Page 698
Cisco IOS IP Service Level Agreements (SLAs) responder 1-3 Cisco IOS IP SLAs 27-1 Cisco service See CoS clearing interfaces 10-19 CLI abbreviating commands 2-4 command modes 2-1 configuration logging 2-5 described 1-4 editing features IN-4 Catalyst 2960 Switch Software Configuration Guide clock See - Cisco WS-2960-24LC-S | Software Guide - Page 699
clusters 5-13 overview 26-4 SNMP 5-13 compatibility, feature 19-11 config.text 3-12 configurable leave timer, IGMP 18-5 configuration, initial defaults 1-10 Express Setup 1-2 See also getting started guide and hardware installation guide configuration changes, logging 25-10 configuration conflicts - Cisco WS-2960-24LC-S | Software Guide - Page 700
logging 2-5 configuration replacement B-19 configuration remote 8-33 connectivity problems 32-12, 32- 28-18 IN-6 Catalyst 2960 Switch Software Configuration Guide CoS-to-DSCP SFPs 1-17 D daylight saving time 6-13 debugging enabling all system diagnostics 32-19 enabling for a specific feature - Cisco WS-2960-24LC-S | Software Guide - Page 701
default gateway 3-10 deleting VLANs 12-9 denial-of-service attack 19-1 description command 10-16 designing your network, examples 1-12 support for 1-4 documentation, related xxx document conventions xxx domain names DNS 6-15 VTP 13-8 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 702
stacks IPv4 and IPv6 29-6 SDM templates supporting 29-6 dual-purpose uplinks defined 10-4 LEDs 10-4 link selection 10-4 setting the type 10-10 IN-8 Catalyst 2960 Switch Software Configuration Guide troubleshooting 12-29 types of connections 12-26 Dynamic Trunking Protocol See DTP E editing features - Cisco WS-2960-24LC-S | Software Guide - Page 703
9-1 F fa0 interface 1-5 features, incompatible 19-11 fiber-optic, detecting unidirectional links 22-1 files basic crashinfo description 32-21 location 32-21 copying B-5 crashinfo, description 32-21 deleting B-5 displaying the contents of B-8 Catalyst 2960 Switch Software Configuration Guide IN-9 - Cisco WS-2960-24LC-S | Software Guide - Page 704
Index files (continued) extended crashinfo description 32-22 location 32-22 tar creating B-6 displaying the contents overview B-12 preparing the server B-13 uploading B-14 IN-10 Catalyst 2960 Switch Software Configuration Guide FTP (continued) image files deleting old image B-32 downloading B-30 - Cisco WS-2960-24LC-S | Software Guide - Page 705
server 8-38 I ICMP IPv6 29-4 time-exceeded messages 32-16 traceroute and 32-16 support for 1-3 IGMP groups configuring filtering 18-27 setting the maximum number 18-26 IGMP Immediate Leave configuration guidelines 18-11 described 18-5 enabling 18-10 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 706
1-10 Express Setup 1-2 See also getting started guide and hardware installation guide interface number 10-5 range macros 10-7 interface command 10-5 interface configuration mode 2-3 IN-12 Catalyst 2960 Switch Software Configuration Guide interfaces auto-MDIX, configuring 10-15 configuration - Cisco WS-2960-24LC-S | Software Guide - Page 707
manually Service Level Agreements See IP SLAs IP service time 27-4 SNMP support 27-2 supported metrics 27-2 IP traceroute executing 32-16 overview 32-15 OL-8603-04 Index IPv4 and IPv6 differences 29-2 dual protocol stacks supported features 29 Catalyst 2960 Switch Software Configuration Guide IN-13 - Cisco WS-2960-24LC-S | Software Guide - Page 708
switch See hardware installation guide lightweight directory supported TLVs 21-2 switch stack considerations 21-2 transmission timer and holdtime, setting 21-4 LLDP-MED configuring procedures 21-3 TLVs 21-6 monitoring and maintaining 21-7 IN-14 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 709
links 22-1 CDP 20-4 features 1-10 IGMP filters 18-28 snooping 18-15, 30-11 interfaces 10-18 IP SLAs operations 27-7 IPv6 29-11 multicast router interfaces 18-16, 30-12 MVR 18-23 network traffic for analysis with probe 23-2 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide IN-15 - Cisco WS-2960-24LC-S | Software Guide - Page 710
protection 19-18 SFP status 10- Catalyst 2960 Switch Software Configuration Guide MSTP (continued) CST defined 16-3 operations between regions 16-4 default configuration 16-14 default optional feature naming change 16-7 terminology 16-5 instances supported 15-9 interface state, blocking to forwarding - Cisco WS-2960-24LC-S | Software Guide - Page 711
16-2 hop-count mechanism 16-5 IST 16-3 supported spanning-tree instances 16-2 optional features supported 1-6 overview 16-2 Port Fast described 17-2 enabling Configuration Guide 9-39, 9-40 Network Assistant benefits 1-1 described 1-3 downloading image files 1-2 guide mode 1-2 Catalyst 2960 - Cisco WS-2960-24LC-S | Software Guide - Page 712
note, described xxx NSM 4-3 IN-18 Catalyst 2960 Switch Software Configuration Guide NTP associations authenticating 6-4 defined 6-2 enabling disabling NTP services per interface 6-10 source IP address, configuring 6-10 stratum 6-2 support for 1-4 synchronizing devices 6-5 time services 6-2 - Cisco WS-2960-24LC-S | Software Guide - Page 713
5-9 performance, network design 1-13 performance features 1-2 persistent self-signed certificate 8-38 snooping method 18-8 ping character output description 32-13 executing 32-13 overview authentication bypass 9-33 manual re-authentication of to-client retransmission time 9-27 default configuration - Cisco WS-2960-24LC-S | Software Guide - Page 714
Software Configuration Guide port-based authentication (continued) voice VLAN described 9-14 PVID 9-14 VVID 9-14 wake-on-LAN, described 9-15 port blocking 1-3, 19-7 port-channel See EtherChannel port description TLV 21-2 Port Fast described 17-2 enabling 17-10 mode, spanning tree 12-25 support for - Cisco WS-2960-24LC-S | Software Guide - Page 715
with other features 19-10 port-shutdown response, VMPS 12-24 port VLAN ID TLV 21-2 power management TLV described 15-9 IEEE 802.1Q trunking interoperability 15-10 instances supported 15-9 Q QoS and MQC commands 28-1 auto-QoS categorizing Catalyst 2960 Switch Software Configuration Guide IN-21 - Cisco WS-2960-24LC-S | Software Guide - Page 716
weights for SRR 28-67 described 28-4 displaying the threshold map 28-65 flowchart 28-16 mapping DSCP or CoS values 28-65 scheduling, described 28-4 setting WTD thresholds 28-62 WTD, described 28-18 enabling globally 28-33 IN-22 Catalyst 2960 Switch Software Configuration Guide shared weights for - Cisco WS-2960-24LC-S | Software Guide - Page 717
28-18 support for 1-9 trust states bordering another domain 28-38 described 28-5 trusted device 28-36 within the domain 28-34 quality of service See QoS queries, IGMP 18-4 query solicitation, IGMP 18-12 OL-8603-04 Index R RADIUS attributes vendor-proprietary 8-31 vendor-specific 8-29 configuring - Cisco WS-2960-24LC-S | Software Guide - Page 718
software 3-16 Remote Authentication Dial-In User Service See RADIUS Remote Copy Protocol See RCP Remote Catalyst 2960 Switch Software Configuration Guide responder, IP SLAs described 27-3 enabling 27-6 response time groups supported 24-2 overview 24-1 statistics collecting group Ethernet 24-5 - Cisco WS-2960-24LC-S | Software Guide - Page 719
features 23-8 monitored ports 23-5 monitoring ports 23-6 overview 1-10, 23-1 received traffic 23-4 sessions creating 23-16 defined 23-3 limiting source traffic to specific -9 See also MSTP running configuration replacing B-19, B-20 rolling back Catalyst 2960 Switch Software Configuration Guide IN-25 - Cisco WS-2960-24LC-S | Software Guide - Page 720
See SSL security, port 19-8 security features 1-7 sequence numbers in log messages 25-8 server mode, VTP 13-3 service-provider network, MSTP and RSTP 16-1 set-request operation 26-5 setup program failed command switch replacement 32-10 replacing failed command switch 32-8 severity levels, defining - Cisco WS-2960-24LC-S | Software Guide - Page 721
See STP SPAN traffic 23-4 SRR configuring shaped weights on egress queues 28-66 shared weights on egress queues 28-67 shared weights on ingress queues 28-60 described 28-13 shaped mode 28-13 shared mode 28-13 support for 1-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide IN-27 - Cisco WS-2960-24LC-S | Software Guide - Page 722
HSRP startup configuration booting manually 3-13 specific image 3-14 clearing MAC addressing 1-7 IN-28 Catalyst 2960 Switch Software Configuration Guide static routes configuring for IPv6 described 19-1 disabling 19-5 displaying 19-18 support for 1-3 thresholds 19-1 STP accelerating root port - Cisco WS-2960-24LC-S | Software Guide - Page 723
-14 features supported 1-6 supported 15-9 redundant connectivity 15-8 root guard described 17-8 enabling 17-15 root port, defined 15-3 root switch configuring 15-14 effects of extended system ID 15-4, 15-14 election 15-3 unexpected behavior 15-14 Catalyst 2960 Switch Software Configuration Guide - Cisco WS-2960-24LC-S | Software Guide - Page 724
TLV 21-2 system clock configuring daylight saving time 6-13 manually 6-11 summer time 6-13 time zones 6-12 displaying the time and date 6-12 overview 6-1 See also NTP IN-30 Catalyst 2960 Switch Software Configuration Guide system description TLV 21-2 system message logging default configuration - Cisco WS-2960-24LC-S | Software Guide - Page 725
server 8-13 in clusters 5-14 limiting the services to the user 8-16 operation of 8-12 overview 8-10 support for 1-8 tracking services accessed by user 8-17 tar files creating B-6 IP traceroute traffic blocking flooded 19-7 traffic policing 1-9 Catalyst 2960 Switch Software Configuration Guide IN-31 - Cisco WS-2960-24LC-S | Software Guide - Page 726
Guide trusted boundary for QoS 28-36 trusted port states between QoS domains 28-38 classification options 28-5 ensuring port security for IP phones 28-36 support for 1-9 within a QoS domain 28-34 trustpoints, CA 8-38 twisted-pair Ethernet, detecting unidirectional links 22-1 type of service - Cisco WS-2960-24LC-S | Software Guide - Page 727
(TLV) support 13-4 upgrading a Catalyst 2950 switch configuration compatibility issues C-1 differences in configuration commands C-1 feature behavior incompatibilities Policy Server See VMPS VLAN membership confirming 12-27 modes 12-3 Catalyst 2960 Switch Software Configuration Guide IN-33 - Cisco WS-2960-24LC-S | Software Guide - Page 728
-13 extended-range 12-1, 12-11 features 1-7 illustrated 12-2 limiting source traffic IEEE 802.1Q trunks 15-10 supported 12-2 Token Ring 12-5 description 12-23 dynamic port membership described 12-24 reconfirming 12-27 troubleshooting Catalyst 2960 Switch Software Configuration Guide OL-8603-04 - Cisco WS-2960-24LC-S | Software Guide - Page 729
13-4 W web authentication configuring 9-38 to 9-40 described 1-7, 9-17 fallback for IEEE 802.1x 9-39 weighted tail drop See WTD wizards 1-2 WTD described 28-12 setting thresholds egress queue-sets 28-62 ingress queues 28-58 support for 1-9 Catalyst 2960 Switch Software Configuration Guide IN-35 - Cisco WS-2960-24LC-S | Software Guide - Page 730
Index X Xmodem protocol 32-2 IN-36 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
-
625
-
626
-
627
-
628
-
629
-
630
-
631
-
632
-
633
-
634
-
635
-
636
-
637
-
638
-
639
-
640
-
641
-
642
-
643
-
644
-
645
-
646
-
647
-
648
-
649
-
650
-
651
-
652
-
653
-
654
-
655
-
656
-
657
-
658
-
659
-
660
-
661
-
662
-
663
-
664
-
665
-
666
-
667
-
668
-
669
-
670
-
671
-
672
-
673
-
674
-
675
-
676
-
677
-
678
-
679
-
680
-
681
-
682
-
683
-
684
-
685
-
686
-
687
-
688
-
689
-
690
-
691
-
692
-
693
-
694
-
695
-
696
-
697
-
698
-
699
-
700
-
701
-
702
-
703
-
704
-
705
-
706
-
707
-
708
-
709
-
710
-
711
-
712
-
713
-
714
-
715
-
716
-
717
-
718
-
719
-
720
-
721
-
722
-
723
-
724
-
725
-
726
-
727
-
728
-
729
-
730
 |
 |
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Catalyst 2960 Switch
Software Configuration Guide
Cisco IOS Release 12.2(40)SE
Revised September 2007
Text Part Number: OL-8603-04