Cisco WS-C2960-24LC-S Software Guide

Cisco WS-C2960-24LC-S Manual

Get Cisco WS-C2960-24LC-S PDF manuals and user guides View all Cisco WS-C2960-24LC-S manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco WS-C2960-24LC-S manual content summary:

  • Cisco WS-C2960-24LC-S | Software Guide - Page 1
    Catalyst 2960 Switch Software Configuration Guide Cisco IOS Release 12.2(40)SE Revised September 2007 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 2
    , and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Catalyst 2960 Switch Software Configuration Guide © 2006-2007 Cisco Systems, Inc. All rights reserved.
  • Cisco WS-C2960-24LC-S | Software Guide - Page 3
    Support, and Security Guidelines xxxii Overview 1-1 Features 1-1 Ease-of-Deployment and Ease-of-Use Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability 2-4 Understanding CLI Error Messages 2-5 Using Configuration Logging 2-5 Catalyst 2960 Switch Software Configuration Guide iii
  • Cisco WS-C2960-24LC-S | Software Guide - Page 4
    Configuration 3-12 Booting Manually 3-13 Booting a Specific Software Image 3-14 Controlling Environment Variables 3-14 Scheduling a Reload of the Software Image 3-16 Configuring a Scheduled Reload 3-16 Displaying Scheduled Reload Information 3-17 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 5
    Management VLANs 5-7 Discovery of Newly Installed Switches 5-8 HSRP and Standby Cluster Command Switches 5-9 Virtual IP Addresses 5-10 Other Considerations for Cluster Standby Groups 5-10 Automatic Recovery of Cluster Configuration 5-11 IP Addresses 5-12 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960-24LC-S | Software Guide - Page 6
    the DNS Configuration 6-17 Creating a Banner 6-17 Default Banner Configuration 6-17 Configuring a Message-of-the-Day Login Banner 6-18 Configuring a Login Banner 6-19 Managing the MAC Address Table 6-19 Building the Address Table 6-20 Catalyst 2960 Switch Software Configuration Guide vi OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 7
    12 Default TACACS+ Configuration 8-13 Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13 Configuring TACACS+ Login Authentication 8-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16 Catalyst 2960 Switch Software Configuration Guide vii
  • Cisco WS-C2960-24LC-S | Software Guide - Page 8
    CA Trustpoint 8-40 Configuring the Secure HTTP Server 8-41 Configuring the Secure HTTP Client 8-43 Displaying Secure HTTP Server and Client Status 8-43 Configuring the Switch for Secure Copy Protocol 8-43 Information About Secure Copy 8-44 Catalyst 2960 Switch Software Configuration Guide viii OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 9
    Switch-to-Client Retransmission Time 9-27 Setting the Switch-to-Client Frame-Retransmission Number 9-28 Setting the Re-Authentication Number 9-28 Configuring IEEE 802.1x Accounting 9-29 Configuring a Guest VLAN 9-30 Configuring a Restricted VLAN 9-31 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 10
    10-18 Monitoring Interface Status 10-18 Clearing and Resetting Interfaces and Counters 10-19 Shutting Down and Restarting the Interface 10-19 11 C H A P T E R Configuring Smartports Macros 11-1 Understanding Smartports Macros 11-1 Catalyst 2960 Switch Software Configuration Guide x OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 11
    with Other Features 12-16 Configuring a Trunk Port 12-17 Defining the Allowed VLANs on a Trunk 12-18 Changing the Pruning-Eligible List 12-19 Configuring the Native VLAN for Untagged Traffic 12-19 Configuring Trunk Ports for Load Sharing 12-20 Catalyst 2960 Switch Software Configuration Guide xi
  • Cisco WS-C2960-24LC-S | Software Guide - Page 12
    13-8 Passwords 13-8 VTP Version 13-8 Configuration Requirements 13-9 Configuring a VTP Server 13-9 Configuring a VTP Client 13-11 Disabling VTP (VTP Transparent Mode) 13-12 Enabling VTP Version 2 13-13 Enabling VTP Pruning 13-14 Catalyst 2960 Switch Software Configuration Guide xii OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 13
    15-10 STP and IEEE 802.1Q Trunks 15-10 Configuring Spanning-Tree Features 15-10 Default Spanning-Tree Configuration 15-11 Spanning-Tree Configuration Guidelines 15-12 Changing the Spanning-Tree Mode. 15-13 Disabling Spanning Tree 15-14 Catalyst 2960 Switch Software Configuration Guide xiii
  • Cisco WS-C2960-24LC-S | Software Guide - Page 14
    16-13 Topology Changes 16-13 Configuring MSTP Features 16-14 Default MSTP Configuration 16-14 MSTP Configuration Guidelines 16-15 Specifying the MST Region Configuration and Enabling MSTP 16-16 Configuring the Root Switch 16-17 Catalyst 2960 Switch Software Configuration Guide xiv OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 15
    BackboneFast 17-13 Enabling EtherChannel Guard 17-14 Enabling Root Guard 17-15 Enabling Loop Guard 17-15 Displaying the Spanning-Tree Status 17-16 Configuring IGMP Snooping and MVR 18-1 Understanding IGMP Snooping 18-1 IGMP Versions 18-2 Catalyst 2960 Switch Software Configuration Guide xv
  • Cisco WS-C2960-24LC-S | Software Guide - Page 16
    18-26 Configuring the IGMP Throttling Action 18-27 Displaying IGMP Filtering and Throttling Configuration 18-28 19 C H A P T E R Configuring Port-Based Traffic Control 19-1 Configuring Storm Control 19-1 Understanding Storm Control 19-1 Catalyst 2960 Switch Software Configuration Guide xvi OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 17
    LLDP-MED 21-2 Configuring LLDP and LLDP-MED 21-3 Default LLDP Configuration 21-3 Configuring LLDP Characteristics 21-4 Disabling and Enabling LLDP Globally 21-5 Disabling and Enabling LLDP on an Interface 21-5 Configuring LLDP-MED TLVs 21-6 Catalyst 2960 Switch Software Configuration Guide xvii
  • Cisco WS-C2960-24LC-S | Software Guide - Page 18
    23-13 Specifying VLANs to Filter 23-14 Configuring RSPAN 23-15 RSPAN Configuration Guidelines 23-16 Configuring a VLAN as an RSPAN VLAN 23-16 Creating an RSPAN Source Session 23-17 Creating an RSPAN Destination Session 23-19 xviii Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 19
    Facility 25-12 Displaying the Logging Configuration 25-13 Configuring SNMP 26-1 Understanding SNMP 26-1 SNMP Versions 26-2 SNMP Manager Functions 26-3 SNMP Agent Functions 26-4 SNMP Community Strings 26-4 Using SNMP to Access MIB Variables 26-4 Catalyst 2960 Switch Software Configuration Guide xix
  • Cisco WS-C2960-24LC-S | Software Guide - Page 20
    Policing on Physical Ports 28-9 Mapping Tables 28-11 Queueing and Scheduling Overview 28-12 Weighted Tail Drop 28-12 SRR Shaping and Sharing 28-13 Queueing and Scheduling on Ingress Queues 28-14 Queueing and Scheduling on Egress Queues 28-16 Catalyst 2960 Switch Software Configuration Guide xx OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 21
    28-56 Configuring Ingress Queue Characteristics 28-57 Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds 28-58 Allocating Buffer Space Between the Ingress Queues 28-59 Allocating Bandwidth Between the Ingress Queues 28-60 Catalyst 2960 Switch Software Configuration Guide xxi
  • Cisco WS-C2960-24LC-S | Software Guide - Page 22
    30-3 Multicast Client Aging Robustness 30-3 Multicast Router Discovery 30-3 MLD Reports 30-4 MLD Done Messages and Immediate-Leave 30-4 Topology Change Notification Processing 30-5 Catalyst 2960 Switch Software Configuration Guide xxii OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 23
    -State Tracking 31-17 Configuring Link-State Tracking 31-19 Default Link-State Tracking Configuration 31-20 Link-State Tracking Configuration Guidelines 31-20 Configuring Link-State Tracking 31-20 Displaying Link-State Tracking Status 31-21 Catalyst 2960 Switch Software Configuration Guide xxiii
  • Cisco WS-C2960-24LC-S | Software Guide - Page 24
    -19 Using the show platform forward Command 32-20 Using the crashinfo Files 32-21 Basic crashinfo Files 32-21 Extended crashinfo Files 32-22 Supported MIBs A-1 MIB List A-1 Using FTP to Access the MIB Files A-3 xxiv Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 25
    and Rolling Back Configurations B-19 Understanding Configuration Replacement and Rollback B-19 Configuration Guidelines B-21 Configuring the Configuration Archive B-21 Performing a Configuration Replacement or Rollback Operation B-22 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide xxv
  • Cisco WS-C2960-24LC-S | Software Guide - Page 26
    Image File By Using RCP B-37 B-38 Recommendations for Upgrading a Catalyst 2950 Switch to a Catalyst 2960 Switch C-1 Configuration Compatibility Issues C-1 Feature Behavior Incompatibilities C-5 Unsupported Commands in Cisco IOS Release 12.2(40)SE D-1 Access Control Lists D-1 Unsupported Privileged
  • Cisco WS-C2960-24LC-S | Software Guide - Page 27
    Interface Configuration Command D-6 VLAN D-6 Unsupported Global Configuration Command D-6 Unsupported vlan-config Command D-6 Unsupported User EXEC Commands D-6 VTP D-6 Unsupported Privileged EXEC Commands D-6 Contents OL-8603-04 Catalyst 2960 Switch Software Configuration Guide xxvii
  • Cisco WS-C2960-24LC-S | Software Guide - Page 28
    Contents xxviii Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 29
    and terminology of Ethernet and local area networking. Purpose This guide provides the information that you need to configure Cisco IOS software features on your switch. The Catalyst 2960 software provides enterprise-class intelligent services such as access control lists (ACLs) and quality of
  • Cisco WS-C2960-24LC-S | Software Guide - Page 30
    the "System Requirements" section in the release notes (not orderable but available on Cisco.com). • For Network Assistant requirements, see the Getting Started with Cisco Network Assistant (not orderable but available on Cisco.com). Catalyst 2960 Switch Software Configuration Guide xxx OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 31
    on Cisco.com) • Catalyst 2960 Switch Software Configuration Guide (not orderable but available on Cisco.com) • Catalyst 2960 Switch Command Reference (not orderable but available on Cisco.com) • Device manager online help (available on the switch) • Catalyst 2960 Switch Hardware Installation Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 32
    aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html xxxii Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 33
    the cryptographic version of the software) • QoS and CoS Features, page 1-9 • Monitoring Features, page 1-10 Ease-of-Deployment and Ease-of-Use Features The switch ships with these features to make the deployment and the use easier: OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 34
    that are not directly connected to the command switch. Performance Features The switch ships with these performance features: • Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing bandwidth Catalyst 2960 Switch Software Configuration Guide 1-2 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 35
    the software image. You use it to configure and to monitor a single switch. For information about launching the device manager, see the getting started guide. For more information about the device manager, see the switch online help. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 36
    the endpoint device • Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external source • Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses Catalyst 2960 Switch Software Configuration Guide 1-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 37
    copying switch configuration or switch image files (requires the cryptographic version of the software) • Configuration replacement and rollback to replace the running configuration on a switch with any saved Cisco IOS configuration file OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 38
    spanning-tree instances supported - Per-VLAN ports from becoming designated ports because of a failure that leads to a unidirectional link • Flex Link Layer 2 interfaces to back up one another as an alternative to STP for basic link redundancy Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 39
    ensuring security • Protected port option for restricting the forwarding of traffic to designated ports on the same switch • Port security option for limiting and identifying MAC addresses of the stations allowed to access the port OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 40
    AAA) services • Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption, and message integrity and HTTP client authentication to allow secure HTTP communications (requires the cryptographic version of the software) Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960-24LC-S | Software Guide - Page 41
    but limited to using a share of port bandwidth. Shared egress queues are also guaranteed a configured share of bandwidth, but can use more than the guarantee if other queues become empty and do not use their share of the bandwidth. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 42
    (TDR) to diagnose and resolve cabling problems on 10/100 and 10/100/1000 copper Ethernet ports • SFP module diagnostic management interface to monitor physical or operational status of an SFP module Default Settings After Initial Switch Configuration The switch is designed for plug-and-play
  • Cisco WS-C2960-24LC-S | Software Guide - Page 43
    is enabled. For more information, see Chapter 22, "Configuring DHCP Features and IP Source Guard." • IGMP snooping is enabled. No IGMP filters are applied. For more information, see Chapter 18, "Configuring IGMP Snooping and MVR." OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 44
    compete for network bandwidth, it takes longer to send and receive data. When you configure your network, consider the bandwidth required by your network users and the relative priority of the network applications that they use. 1-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 45
    and BackboneFast for traffic-load balancing on the uplink ports and availability to provide always on so that the uplink port with a lower relative port cost is selected to carry the VLAN mission-critical applications traffic. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 46
    . Using SFP modules also provides flexibility in media and distance options through fiber-optic connections. Figure 1-1 High-Performance Workgroup (Gigabit-to-the-Desktop) Catalyst 3750 switches Access-layer Catalyst switches 89373 1-14 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 47
    redundant Gigabit EtherChannels. Using dual SFP module uplinks from the switches provides redundant uplinks to the network core. Using SFP modules provides flexibility in media and distance options through fiber-optic connections. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 48
    telephony and IP networks, and the IP network supports both voice and data. The routers also provide firewall services, Network Address Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access. 1-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 49
    -optic cable. The CWDM OADM modules on the receiving end separate (or demultiplex) the different wavelengths. For more information about the CWDM SFP modules and CWDM OADM modules, see the Cisco CWDM GBIC and CWDM SFP Installation Note. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 50
    multilayer switches Where to Go Next Before configuring the switch, review these sections for startup information: • Chapter 2, "Using the Command-Line Interface" • Chapter 3, "Assigning the Switch IP Address and Default Gateway" 95750 1-18 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 51
    stored and used when the switch reboots. To access the various configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and line configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 2-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 52
    VLANs (VLAN IDs greater than 1005) and save configurations in the switch startup configuration file. To exit to privileged EXEC mode, enter exit. Use this mode to configure VLAN parameters for VLANs 1 to 1005 in the VLAN database. Catalyst 2960 Switch Software Configuration Guide 2-2 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 53
    description of the help system in any command mode. Obtain a list of commands that begin with a particular character string. For example: Switch# di? dir disable disconnect Complete a partial command name. For example: Switch# sh conf Switch# show configuration OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960-24LC-S | Software Guide - Page 54
    default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Catalyst 2960 Switch Software Configuration Guide 2-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 55
    , see the Configuration Change Notification and Logging feature module at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1e81. html Note Only CLI or HTTP changes are logged. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 2-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 56
    of commands that appear is controlled by the setting of the terminal history global configuration command and the history line configuration command. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. Catalyst 2960 Switch Software Configuration Guide 2-6 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 57
    line to make changes or corrections. Keystroke1 Purpose Press Ctrl-B, or press the Move the cursor back one character. left arrow key. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 2-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 58
    Esc L. Change the word at the cursor to lowercase. Press Esc U. Capitalize letters from the cursor to the end of the word. Designate a particular keystroke as Press Ctrl-V or Esc Q. an executable command, perhaps as a shortcut. Catalyst 2960 Switch Software Configuration Guide 2-8 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 59
    as VT100s. In this example, the access-list global configuration command entry extends beyond one line. When the cursor first reaches the end of the line, the line is shifted ten spaces to through Keystrokes" section on page 2-7. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 2-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 60
    on page 8-33. The switch supports up to five simultaneous secure SSH sessions. After you connect through the console port, through a Telnet session or through an SSH session, the user EXEC prompt appears on the management station. 2-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 61
    ) for the Catalyst 2960 switch by using a variety of automatic and manual methods. It also describes how to modify the switch startup configuration. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS IP
  • Cisco WS-C2960-24LC-S | Software Guide - Page 62
    the dynamically assigned IP address and reads the configuration file. If you are an experienced user familiar with the switch configuration steps, manually configure the switch. Otherwise, use the setup program described previously. Catalyst 2960 Switch Software Configuration Guide 3-2 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 63
    • Manually Assigning IP Information, page 3-10 Default Switch Information Table 3-1 shows the default switch information. Table 3-1 Default Switch Information Feature replaces the BOOTP client functionality on your switch. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 64
    the client has had a chance to formally request the address. If the switch accepts replies from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to obtain the switch configuration file. Catalyst 2960 Switch Software Configuration Guide 3-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 65
    switch is not configured. If the router IP address or the TFTP server name are not found, the switch might send broadcast, instead of unicast, TFTP requests. Unavailability of other lease options does not affect autoconfiguration. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 66
    an interface to the destination host. If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command. Catalyst 2960 Switch Software Configuration Guide 3-6 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 67
    from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg file.) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 68
    255.255.0 10.0.0.10 10.0.0.2 tftpserver or 10.0.0.3 Switch C 00e0.9f1e.2003 10.0.0.23 255.255.255.0 10.0.0.10 10.0.0.2 tftpserver or 10.0.0.3 Switch D 00e0.9f1e.2004 10.0.0.24 255.255.255.0 10.0.0.10 10.0.0.2 tftpserver or 10.0.0.3 Catalyst 2960 Switch Software Configuration Guide 3-8 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 69
    (switcha). • It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg from the TFTP server. Switches B through D retrieve their configuration files and IP addresses in the same way. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 70
    # show running-config Building configuration... Current configuration: 1363 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch A ! 3-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 71
    Manually, page 3-13 • Booting a Specific Software Image, page 3-14 • Controlling Environment Variables, page 3-14 See also Appendix B, "Working with the Cisco IOS File System, Configuration Files, and Software Images," for information about switch configuration files. OL-8603-04 Catalyst 2960
  • Cisco WS-C2960-24LC-S | Software Guide - Page 72
    sensitive. Return to privileged EXEC mode. Verify your entries. The boot config-file global configuration command changes the setting of the CONFIG_FILE environment variable. (Optional) Save your entries in the configuration file. 3-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 73
    ) and the name of the bootable image. Filenames and directory names are case sensitive. (Optional) Save your entries in the configuration file. To disable manual booting, use the no boot manual global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 74
    a null string. A variable that is set to a null string (for example, " ") is a variable with a value. Many environment variables are predefined and have default values. 3-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 75
    read and write a nonvolatile copy of the system configuration. Specifies the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration. This command changes the CONFIG_FILE environment variable. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 76
    reload. This example shows how to reload the software on the switch on the current day at 7:30 p.m: Switch# reload at 19:30 Reload scheduled for 19:30:00 UTC Wed Jun 5 1996 (in 2 hours and 25 minutes) Proceed with reload? [confirm] 3-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 77
    on the switch, use the show reload privileged EXEC command. It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 78
    Scheduling a Reload of the Software Image Chapter 3 Assigning the Switch IP Address and Default Gateway 3-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 79
    , the Configuration Engine supports an embedded Directory Service. In this mode, no external directory or other data store is required. In server mode, the Configuration Engine supports the use of a user-defined external directory. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 4-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 80
    publish events to show the success or failure of the syntax check. The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server. Catalyst 2960 Switch Software Configuration Guide 4-2 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 81
    the switch must match the ConfigID for the corresponding switch definition on the Configuration Engine. The ConfigID is fixed at startup time and cannot be changed until the device restarts, even if the switch hostname is reconfigured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 82
    Engine, see the Configuration Engine setup and configuration guide at this URL on cisco.com: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_ guide_book09186a00803b59db.html Catalyst 2960 Switch Software Configuration Guide 4-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 83
    file by using DHCP-based autoconfiguration. Figure 4-2 Initial Configuration Overview Configuration Engine V WAN TFTP server DHCP server Distribution layer DHCP relay agent default gateway Access layer switches 141328 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 4-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 84
    . At the setup prompt, do nothing: The switch begins the initial configuration as described in the "Initial Configuration" section on page 4-5. When the full configuration file is loaded on your switch, you need to do nothing else. Catalyst 2960 Switch Software Configuration Guide 4-6 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 85
    Configuration Engine, see the Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux at this URL: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_ guide_book09186a00803b59db.html OL-8603-04 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960-24LC-S | Software Guide - Page 86
    Command configure terminal cns event {ip-address | hostname} [port-number] [backup] [init-retry retry-count] [keepalive seconds retry-count] [source ip-address] end retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Catalyst 2960 Switch Software Configuration Guide 4-8 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 87
    & generates the command ip route 0.0.0.0 0.0.0.0 FastEthernet0/1. Return to global configuration mode. Enter the hostname for the switch. Establish a static route to the Configuration Engine whose IP address is network-number. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 4-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 88
    syntax-check to check the syntax when this parameter is entered. Note Though visible in the command-line help string, the encrypt keyword is not supported. end Return to privileged EXEC mode. 4-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 89
    in the configuration file. To disable the Cisco IOS agent, use the no cns config partial {ip-address | hostname} global configuration command. To cancel a partial configuration, use the cns config cancel privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 4-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 90
    . Displays statistics about the Cisco IOS agent. Displays the status of the CNS event agent connections. Displays statistics about the CNS event agent. Displays a list of event agent subjects that are subscribed to by applications. 4-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 91
    switches that are managed as a single entity. The switches in the cluster use the switch clustering technology so that you can configure and troubleshoot a group of different Catalyst desktop switch platforms through a single IP address. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 92
    switch Member or command switch Member or command switch Member or command switch Member or command switch Member or command switch Member or command switch Member or command switch Member or command switch Member switch only Member switch only Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 93
    " section on page 5-13). To join a cluster, a candidate switch must meet these requirements: • It is running cluster-capable software. • It has CDP version 2 enabled. • It is not a command or cluster member switch of another cluster. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 94
    Do not disable CDP on the cluster command switch, on cluster members, or on any cluster-capable switches that you might want a cluster command switch to discover. For more information about CDP, see Chapter 20, "Configuring CDP." Catalyst 2960 Switch Software Configuration Guide 5-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 95
    edge of the cluster. In Figure 5-1, the cluster command switch has ports assigned to VLANs 16 and 62. The CDP hop count is three. The cluster command switch discovers switches 11, 12, 13, and 14 because they are 14 Device 15 101321 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 96
    switch through their management VLAN. For information about discovery through management VLANs, see the "Discovery Through Different Management VLANs" section on page 5-7. For more information about VLANs, see Chapter 12, "Configuring VLANs." Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 97
    in management VLAN 4) because they are not connected through a common VLAN (meaning VLANs 62 and 9) with the cluster command switch • Switch 9 because automatic discovery does not extend beyond a noncandidate device, which is switch 7 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 98
    VLANs 9 and 16. When new cluster-capable switches join the cluster: • One cluster-capable switch and its access port are assigned to VLAN 9. • The other cluster-capable switch and its access port are assigned to management VLAN 16. Catalyst 2960 Switch Software Configuration Guide 5-8 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 99
    hello time interval. The default HSRP standby hold time interval is 10 seconds. The default HSRP standby hello time interval is 3 seconds. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 100
    command switch is a Catalyst 2960 switch, the standby cluster command switches must also be Catalyst 2960 switches. Refer to the switch configuration guide of other cluster-capable switches for their requirements on standby cluster command switches. If your switch cluster has a Catalyst 2960 switch
  • Cisco WS-C2960-24LC-S | Software Guide - Page 101
    information (but not device-configuration information) to the standby cluster command switch. This ensures that the standby cluster command switch can take over the cluster immediately after the active cluster command switch fails. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 102
    assign a host name to either a cluster command switch or an eligible cluster member. However, a hostname assigned to the cluster command switch can help to identify the switch cluster. The default hostname for the switch is Switch. 5-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 103
    about SNMP and community strings, see Chapter 26, "Configuring SNMP." For SNMP considerations specific to the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides specific to those switches. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 104
    accesses the management console (a menu-driven interface) if the cluster command switch is at privilege level 15. If the cluster command switch is at privilege level 1 to 14, you are prompted for the password to access the menu console. 5-14 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 105
    , as shown in Figure 5-7. If a cluster member switch has its own IP address and community strings, the cluster member switch can send traps directly to the management station, without going through the cluster command switch. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 106
    about SNMP and community strings, see Chapter 26, "Configuring SNMP." Figure 5-7 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Trap Trap 33020 Trap Member 1 Member 2 Member 3 5-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 107
    Clock The heart of the time service is the system clock. This clock runs from the moment the system starts up and keeps track of the date and time. The system clock can then be set from these sources: • NTP • Manual configuration OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 108
    . Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet. Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 109
    synchronize themselves when an external NTP source is not available. The switch also has no hardware support for a calendar. As a result, the ntp update-calendar and the ntp master global configuration commands are not available. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 110
    timekeeping) with other devices for security purposes: Step 1 Step 2 Command configure terminal ntp authenticate Purpose Enter global configuration mode. Enable the NTP authentication feature, which is disabled by default. Catalyst 2960 Switch Software Configuration Guide 6-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 111
    this switch can either synchronize to the other device or allow the other device to synchronize to it), or it can be a server association (meaning that only this switch synchronizes to the other device, and not the other way around). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 112
    can be configured to use IP broadcast messages instead. This alternative reduces configuration complexity because each device can simply be configured to send or receive broadcast messages. However, the information flow is one-way only. Catalyst 2960 Switch Software Configuration Guide 6-6 OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 113
    interface to receive NTP broadcast packets, and enter interface configuration mode. Enable the interface to receive NTP broadcast packets. By default, no interfaces receive NTP broadcast packets. Return to global configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 114
    allow the switch to synchronize to the remote device. • peer-Allows time requests and NTP control queries and allows the switch to synchronize to the remote device. For access-list-number, enter a standard IP access list number from 1 to 99. Catalyst 2960 Switch Software Configuration Guide 6-8 OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 115
    access list 42: Switch# configure terminal Switch(config)# ntp access-group peer 99 Switch(config)# ntp access-group serve-only 42 Switch(config)# access-list 99 permit 172.20.130.5 Switch(config)# access list 42 permit 172.20.130.6 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 116
    destinations. If a source address is to be used for a specific association, use the source keyword in the ntp peer or ntp server global configuration command as described in the "Configuring NTP Associations" section on page 6-5. 6-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 117
    in the month. • For month, specify the month by name. • For year, specify the year (no abbreviation). This example shows how to manually set the system clock to 1:32 p.m. on July 23, 2001: Switch# clock set 13:32:00 23 July 2001 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 118
    to manually configure the time zone: Step 1 Step 2 Command configure terminal clock timezone zone hours-offset [minutes-offset] Step 3 Step 4 Step 5 end show to UTC, use the no clock timezone global configuration command. 6-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 119
    shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 120
    the Cisco.com page, select Documentation > Cisco IOS Software > 12.2 Mainline > Command References and see the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols. 6-14 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 121
    Command configure terminal hostname name end show running-config copy running-config startup-config Purpose Enter global configuration mode. Manually configure a system name. The default setting is switch. The and enable the DNS. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 122
    switch to use the DNS: Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal ip domain-name name ip name-server server-address1 [server-address2 ... server-address6] ip domain-lookup end Purpose Enter global configuration 6-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 123
    information: • Default Banner Configuration, page 6-17 • Configuring a Message-of-the-Day Login Banner, page 6-18 • Configuring a Login Banner, page 6-19 Default Banner Configuration The MOTD and login banners are not configured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 124
    key. The delimiting character signifies the beginning and end of the banner text. Characters after the ending delimiter are discarded. For message, enter a For access, contact technical support. User Access Verification Password: 6-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 125
    associated VLAN ID, and port number associated with the address and the type (static or dynamic). Note For complete syntax and usage information for the commands used in this section, see the command reference for this release. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 126
    to port 1 in VLAN 1 and ports 9, 10, and 1 in VLAN 5. Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. 6-20 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 127
    IDs are 1 to 4094. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default value, use the no mac address-table aging-time global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 128
    informs to the host. • Specify the SNMP version to support. Version 1, the default, is not available with informs. switch to send MAC address traps to the NMS. mac address-table notification Enable the MAC address notification feature. 6-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 129
    /2 Switch(config-if)# snmp trap mac-notification added You can verify the previous commands by entering the show mac address-table notification interface and the show mac address-table notification privileged EXEC commands. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 130
    table. When a packet is received in VLAN 4 with this MAC address as its destination address, the packet is forwarded to the specified port: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 6-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 131
    privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable unicast MAC address filtering, use the no mac address-table static mac-addr vlan vlan-id global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-25
  • Cisco WS-C2960-24LC-S | Software Guide - Page 132
    ARP entries added manually to the table do not age and must be manually removed. Note For CLI procedures, see the Cisco IOS Release 12.2 documentation from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline. 6-26 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 133
    supported in each template. Table 7-1 Approximate Number of Feature Resources Allowed by Each Template Resource Unicast MAC addresses IPv4 IGMP groups IPv4 unicast routes Default QoS Dual 8 K 8 K 8 K 256 256 256 0 0 0 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 134
    the configuration to take effect. Setting the SDM Template Beginning in privileged EXEC mode, follow these steps to use the SDM template to maximize feature usage: Command Step 1 configure terminal Purpose Enter global configuration mode. Catalyst 2960 Switch Software Configuration Guide 7-2 OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 135
    to display the active template. Use the show sdm prefer [default | dual-ipv4-and-ipv6 default | qos] privileged EXEC command to display the resource numbers supported by the specified template. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 7-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 136
    .Displaying the SDM Templates Chapter 7 Configuring SDM Templates Catalyst 2960 Switch Software Configuration Guide 7-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 137
    privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. For more information, see the "Configuring Username and Password Pairs" section on page 8-6. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 138
    ). The password is not encrypted in the configuration file. No password is defined. The default is level 15 (privileged EXEC level). The password is encrypted before it is written to the configuration file. No password is defined. Catalyst 2960 Switch Software Configuration Guide 8-2 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 139
    use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 140
    3 service password-encryption Step 4 Step 5 end copy running-config startup-config Purpose Enter global configuration mode configuration command. To disable password encryption, use the no service password-encryption global configuration command. Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 141
    Disabling password recovery will not work if you have set the switch to boot up manually by using the boot manual global configuration command. This command produces the boot loader prompt (switch:) after the switch is power cycled. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 142
    or ports and authenticate each user before that user can access the switch. If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Catalyst 2960 Switch Software Configuration Guide 8-6 OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 143
    of users. These sections contain this configuration information: • Setting the Privilege Level for a Command, page 8-8 • Changing the Default Privilege Level for Lines, page 8-9 • Logging into and Exiting a Privilege Level, page 8-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 144
    set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands: Switch(config)# privilege exec level 14 configure Switch(config)# enable password level 14 SecretPswd14 Catalyst 2960 Switch Software Configuration Guide 8-8 OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 145
    a line: Step 1 Step 2 Step 3 Command configure terminal line vty line privilege level level Step 4 Step 5 Step 6 end show running-config or show privilege copy running-config privilege level. For level, the range is 0 to 15. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 146
    service. Your switch can be a network access server along with other Cisco routers and access servers. A network access server provides connections to a single user, to a network or subnetwork, and to interconnected networks as shown in Figure 8-1. 8-10 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960-24LC-S | Software Guide - Page 147
    switch and the TACACS+ daemon, and it ensures confidentiality because all protocol exchanges between the switch and the TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 148
    services • Connection parameters, including the host or client IP address, access list, and user timeouts Configuring TACACS+ This section describes how to configure your switch to support TACACS method listed to authenticate, to 8-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 149
    . • (Optional) For key string, specify the encryption key for encrypting and decrypting all traffic between the switch and the TACACS+ daemon. You must configure the same key on the TACACS+ daemon for encryption to be successful. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 150
    methods are attempted. Beginning in privileged EXEC mode, follow these steps to configure login authentication: Step 1 Step 2 Command configure terminal aaa new-model Purpose Enter global configuration mode. Enable AAA. 8-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 151
    automatically applied to all ports. • For list configuration command. To either disable TACACS+ authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 152
    ). Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. 8-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 153
    Mainline > Command References. These sections contain this configuration information: • Understanding RADIUS, page 8-18 • RADIUS Operation, page 8-19 • Configuring RADIUS, page 8-19 • Displaying the RADIUS Configuration, page 8-31 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 154
    authentication. RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model. 8-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 155
    EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts Configuring RADIUS This section describes how to configure your switch to support RADIUS. the initial method fails. The OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 156
    accounting services, the %RADIUS-4-RADIUS_DEAD message appears, and then the switch tries the second host entry configured on the same device for accounting services. (The RADIUS host entries are tried in the order that they are configured.) 8-20 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 157
    for All RADIUS Servers" section on page 8-29. You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the "Defining AAA Server Groups" section on page 8-25. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 158
    one RADIUS server to be used for authentication and another to be used for accounting: Switch(config)# radius-server host 172.29.36.49 auth-port 1612 key rad1 Switch(config)# radius-server host 172.20.36.50 acct-port 1618 key rad2 8-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 159
    . Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Step 1 Step 2 Command configure terminal aaa new-model Purpose Enter global configuration mode. Enable AAA. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-23
  • Cisco WS-C2960-24LC-S | Software Guide - Page 160
    to be used in default situations. The default method list is automatically applied to all ports. • For list-name, specify a character string to name the list you are entries. (Optional) Save your entries in the configuration file. 8-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 161
    a defined group server. You can either identify the server by its IP address or identify multiple host instances or entries by using the optional auth-port and acct-port keywords. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-25
  • Cisco WS-C2960-24LC-S | Software Guide - Page 162
    in the AAA server group. Each server in the group must be previously defined in Step 2. Return to privileged EXEC mode. Verify your entries. 8-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 163
    authentication was not performed by using RADIUS. Note Authorization is bypassed for authenticated users who log in through the CLI even if authorization has been configured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-27
  • Cisco WS-C2960-24LC-S | Software Guide - Page 164
    the end. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable accounting, use the no aaa accounting {network | exec} {start-stop} method1... global configuration command. 8-28 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 165
    TACACS+ authorization can then be used for RADIUS. For example, this AV pair activates Cisco's multiple named ip address pools feature during IP authorization (during PPP IPCP address assignment): cisco-avpair= "ip:addr-pool=first" OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-29
  • Cisco WS-C2960-24LC-S | Software Guide - Page 166
    about vendor-specific attribute 26, see the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. 8-30 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 167
    : Switch(config)# radius-server host 172.20.30.15 nonstandard Switch(config)# radius-server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration, use the show running-config privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-31
  • Cisco WS-C2960-24LC-S | Software Guide - Page 168
    ) Save your entries in the configuration file. To disable AAA, use the no aaa new-model global configuration command. To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. 8-32 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 169
    a switch running the SSH server. The SSH server works with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH server supported in this release and with non-Cisco SSH servers. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 170
    Setting Up the Switch to Run SSH" section on page 8-35. • When generating the RSA key pair, the message No host name specified might appear. If it does, you must configure a hostname by using the hostname global configuration command. 8-34 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 171
    on the switch. (Optional) Save your entries in the configuration file. To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. After the RSA key pair is deleted, the SSH server is automatically disabled. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 172
    the SSH server connections on the switch. (Optional) Save your entries in the configuration file. To return to the default SSH control parameters, use the no ip ssh {timeout | authentication-retries} global configuration command. 8-36 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 173
    SSL 3.0" feature description for Cisco IOS Release 12.2(15)T at this URL: http://www.cisco.com/en/US/ layer encryption. HTTP over SSL is abbreviated as HTTPS; the URL of a secure connection begins with https:// instead of http://. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 174
    config Building configuration... crypto pki trustpoint TP-self-signed-3080755072 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3080755072 revocation-check none rsakeypair TP-self-signed-3080755072 ! ! 8-38 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 175
    digest algorithm combinations) is used for both key generation and authentication on SSL connections. This usage is independent of whether or not a CA trustpoint is configured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-39
  • Cisco WS-C2960-24LC-S | Software Guide - Page 176
    You can use this command to regenerate the keys, if needed. Specify a local configuration name for the CA trustpoint and enter CA trustpoint configuration mode. Specify the URL to which the switch should send certificate requests. 8-40 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 177
    if it has been disabled. The HTTPS server is enabled by default. (Optional) Specify the port number to be used for the HTTPS server. The default port number is 443. Valid options are 443 or any number in the range 1025 to 65535. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-41
  • Cisco WS-C2960-24LC-S | Software Guide - Page 178
    seconds (3 minutes). • life-the maximum time period from switch. If you configure a port other than the default port, you must also specify the port number after the URL. For example: https://209.165.129:1026 or https://host.domain.com:1026 8-42 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 179
    provides a secure and authenticated method for copying switch configurations or switch image files. SCP relies on Secure Shell (SSH), an application and a protocol that provides a secure replacement for the Berkeley r-tools. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-43
  • Cisco WS-C2960-24LC-S | Software Guide - Page 180
    how to configure and verify SCP, see the "Secure Copy Protocol" chapter of the Cisco IOS New Features, Cisco IOS Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087b18 .html 8-44 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 181
    port-based authentication: • Device Roles, page 9-2 • Authentication Process, page 9-3 • Authentication Initiation and Message Exchange, page 9-5 • Ports in Authorized and Unauthorized States, page 9-7 • IEEE 802.1x Host Mode, page 9-7 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 182
    as the proxy, the authentication service is transparent to the client. In this release, the RADIUS security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server. It is available Catalyst 2960 Switch Software Configuration Guide 9-2 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 183
    by putting the port in the critical-authentication state in the RADIUS-configured or the user-specified access VLAN. Note Inaccessible authentication bypass is also referred to as critical authentication or the AAA fail policy. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 184
    MAC address identity is invalid. Assign the port to a restricted VLAN. Assign the port to a VLAN. Assign the port to Assign the port to a VLAN. a guest VLAN.1 Done 27]) specifies the time after which re-authentication occurs. Catalyst 2960 Switch Software Configuration Guide 9-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 185
    The specific exchange of EAP frames depends on the authentication method being used. Figure 9-3 shows a message exchange initiated by the client when the client uses the One-Time-Password (OTP) authentication method with a RADIUS server. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 186
    Access-Accept Port Authorized EAPOL-Logoff 101228 Port Unauthorized Switch Authentication server (RADIUS) EAPOL Request/Identity EAPOL Request/Identity EAPOL Request/Identity Ethernet packet RADIUS Access/Request RADIUS Access/Accept 141681 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 187
    client by sending an EAPOL frame when the port link state changes to the up state. If a client leaves or is replaced with another client, the switch changes the port link state to down, and the port returns to the unauthorized state. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 188
    is configured for IEEE 802.1x accounting. Three types of RADIUS accounting packets are sent by a switch: • START-sent when a new user session starts • INTERIM-sent during an existing session for updates • STOP-sent when a session terminates Catalyst 2960 Switch Software Configuration Guide 9-8 OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 189
    the switch port. The RADIUS server database maintains the username-to-VLAN mappings, assigning the VLAN based on the username of the client connected to the switch port. You can use this feature to limit network access for certain users. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 190
    network keyword to allow interface configuration from the RADIUS server. • Enable IEEE 802.1x authentication. (The VLAN assignment feature is automatically enabled when you configure IEEE 802.1x authentication on an access port). 9-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 191
    , the switch waits for an Ethernet packet from the client. The switch sends the authentication server a RADIUS-access/request frame with a username and password based on the MAC address. If authorization succeeds, the switch grants the OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 192
    . Other port security features such as dynamic ARP Inspection, DHCP snooping, and IP source guard can be configured independently on a restricted VLAN. For more information, see the "Configuring a Restricted VLAN" section on page 9-31. 9-12 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 193
    clients to the guest VLAN if one is configured. - If all the RADIUS servers are not available and if a client is connected to a critical port and was previously assigned to a guest VLAN, the switch keeps the port in the guest VLAN. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 194
    single-host or multiple-hosts mode. (You also must configure port security on the port by using the switchport port-security interface configuration command.) When you enable port security and IEEE 802.1x authentication on a port, 9-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 195
    802.1x ports, including magic packets. While the port is unauthorized, the switch continues to block ingress traffic other than EAPOL packets. The host can receive packets but cannot send packets to other devices in the network. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 196
    out, the switch uses the MAC authentication bypass feature to initiate re-authorization. For more information about these AV pairs, see RFC 3580, "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines." 9-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 197
    a web browser to authenticate a client that does not support IEEE 802.1x functionality. This feature can authenticate up to eight users on the same shared port and apply the appropriate policies for each end host on a shared port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 198
    Communication, page 9-24 (required) • Configuring the Host Mode, page 9-25 (optional) • Configuring Periodic Re-Authentication, page 9-25 (optional) • Manually Re-Authenticating a Client Connected to a Port, page 9-26 (optional) 9-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 199
    that the switch restarts the authentication process before the port changes to the unauthorized state). 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 200
    the VLAN to which an IEEE 802.1x port is assigned to shut down, disabled, or removed, the port becomes unauthorized. For example, the port is unauthorized after the access VLAN to which a port is assigned shuts down or is removed. 9-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 201
    port in single-host mode and multihosts mode. - If the client is running Windows XP and the port to which the client is connected is in the critical-authentication state, Windows XP might report that the interface is not authenticated. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 202
    -related service requests. This is the IEEE 802.1x AAA process: Step 1 Step 2 Step 3 A user connects to a port on the switch. Authentication is performed. VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration. 9-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 203
    port. For feature interaction information, see the "IEEE 802.1x Authentication Configuration Guidelines" section on page 9-20. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 204
    a per-server basis, use the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands. For more information, see the "Configuring Settings for All RADIUS Servers" section on page 8-29. 9-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 205
    hosts: Switch(config)# interface gigabitethernet/0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x host-mode multi-host Switch(config-if)# end Configuring Periodic Re of seconds between attempts is 3600. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-25
  • Cisco WS-C2960-24LC-S | Software Guide - Page 206
    manually re-authenticate the client connected to a port: Switch# dot1x re-authenticate interface gigabitethernet0/1 Changing the Quiet Period When the switch cannot authenticate the client, the switch smaller than the default. 9-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 207
    is 5. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default retransmission time, use the no dot1x timeout tx-period interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-27
  • Cisco WS-C2960-24LC-S | Software Guide - Page 208
    the port changes to the unauthorized state. Note You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. 9-28 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960-24LC-S | Software Guide - Page 209
    on your switch. This procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the port to be configured, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-29
  • Cisco WS-C2960-24LC-S | Software Guide - Page 210
    range is 1 to 4094. You can configure any active VLAN except an RSPAN VLAN or a voice VLAN as an IEEE 802.1x guest VLAN. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 9-30 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 211
    configuration command. The port returns to the unauthorized state. This example shows how to enable VLAN 2 as an IEEE 802.1x restricted VLAN: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# dot1x auth-fail vlan 2 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 212
    -fail max-attempts interface configuration command. This example shows how to set 2 as the number of authentication attempts allowed before the port moves to the restricted VLAN: Switch(config-if)# dot1x auth-fail max-attempts 2 9-32 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 213
    . The switch dynamically determines the default tries parameter that is 10 to 100. (Optional) Set the number of minutes that a RADIUS server is not sent requests. The range is from 0 to 1440 minutes (24 hours). The default is 0 minutes. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 214
    (a port can be re-initialized every second). Specify the port to be configured, and enter interface configuration mode. For the supported port types, see the "IEEE 802.1x Authentication Configuration Guidelines" section on page 9-20. 9-34 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 215
    . The port cannot receive packets from or send packets to the host. By default, the port is bidirectional. • in-Sets the port as unidirectional. The port can send packets to the host but cannot receive packets from the host. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-35
  • Cisco WS-C2960-24LC-S | Software Guide - Page 216
    in the configuration file. To disable MAC authentication bypass, use the no dot1x mac-auth-bypass interface configuration command. This example shows how to enable MAC authentication bypass: Switch(config-if)# dot1x mac-auth-bypass 9-36 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 217
    shows how to configure NAC Layer 2 IEEE 802.1x validation: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# dot1x reauthentication Switch(config-if)# dot1x timeout reauth-period server OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-37
  • Cisco WS-C2960-24LC-S | Software Guide - Page 218
    group radius Switch(config)# radius-server host 1.1.1.2 key key1 Switch(config)# radius-server attribute 8 include-in-access-req Switch(config)# radius-server vsa send authentication Switch(config)# ip device tracking Switch(config) end 9-38 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 219
    with the profile, and specify that a client connecting by web authentication uses this rule. Return to privileged EXEC mode. Specify the port to be configured, and enter interface configuration mode. Set the port to access mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-39
  • Cisco WS-C2960-24LC-S | Software Guide - Page 220
    . Specify the port to be configured, and enter interface configuration mode. Disable IEEE 802.1x authentication on the port. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 9-40 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 221
    administrative and operational status for a specific port, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, see the command reference for this release. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-41
  • Cisco WS-C2960-24LC-S | Software Guide - Page 222
    Displaying IEEE 802.1x Statistics and Status Chapter 9 Configuring IEEE 802.1x Port-Based Authentication 9-42 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 223
    characteristics. These sections describe the interface types: • Port-Based VLANs, page 10-2 • Switch Ports, page 10-2 • EtherChannel Port Groups, page 10-3 • Dual-Purpose Uplink Ports, page 10-4 • Connecting Interfaces, page 10-4 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 224
    VLAN tagging. Traffic arriving on an access port is assumed to belong to the VLAN assigned to the port. If an access port receives a tagged packet (IEEE 802.1Q tagged), the packet is dropped, and the source address is not learned. 10-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 225
    Configuring Interface Characteristics Understanding Interface Types Trunk Ports Two types of access ports are supported: • Static access ports are manually Catalyst 6500 series switch; the Catalyst 2960 switch cannot be a VMPS server. You can also configure an access port with an attached Cisco
  • Cisco WS-C2960-24LC-S | Software Guide - Page 226
    with Layer 2 Switches Cisco router Switch Host A Host B VLAN 20 VLAN 30 Using Interface Configuration Mode The switch supports these interface types: • Physical ports-switch ports • VLANs-switch virtual interfaces • Port channels-EtherChannel interfaces 10-4 Catalyst 2960 Switch Software
  • Cisco WS-C2960-24LC-S | Software Guide - Page 227
    also configure a range of interfaces by using the interface range or interface range macro global configuration commands. Interfaces configured in a range must be the same type and must be configured with the same feature options. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10
  • Cisco WS-C2960-24LC-S | Software Guide - Page 228
    vlan-ID, where the VLAN ID is 1 to 4094 Note Although the command-line interface shows options to set multiple VLANs, these options are not supported. - fastethernet module/{first port} - {last port}, where the module is always 0 10-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 229
    range of interfaces for configuration. Before you can use the macro keyword in the interface range macro global configuration command string, you must use the define interface-range global configuration command to define the macro. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 230
    as interface-ranges. • All interfaces defined as in a range must be the same type (all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs), but you can combine multiple interface types in a macro. 10-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 231
    the port, see Chapter 19, "Configuring Port-Based Traffic Control." Table 10-1 Default Layer 2 Ethernet Interface Configuration Feature Allowed VLAN range Default VLAN (for access ports) Default Setting VLANs 1 to 4094. VLAN 1. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10
  • Cisco WS-C2960-24LC-S | Software Guide - Page 232
    through a crossover cable. This is regardless of whether auto-MIDX is enabled on the switch port. Keepalive messages Disabled on SFP module ports; enabled on all other ports. Setting the Type of a Dual-Purpose Uplink Port Some Catalyst 2960 switches support dual-purpose uplink ports. For more
  • Cisco WS-C2960-24LC-S | Software Guide - Page 233
    If the link goes down, the switch disables the RJ-45 side and selects the SFP module interface. • When the 100BASE-x SFP module is removed, the switch again dynamically selects the type (auto-select) and re-enables the RJ-45 side. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 234
    can take up to 30 seconds to check for loops. The port LED is amber while STP reconfigures. Caution Changing the interface speed and duplex mode configuration might shut down and re-enable the interface during the reconfiguration. 10-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 235
    speed 10 Switch(config-if)# duplex half This example shows how to set the interface speed to 100 Mb/s on a 10/100/1000 Mb/s port: Switch# configure terminal Switch(config)# interface gigabitethernet0/2 Switch(config-if)# speed 100 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 236
    to be configured, and enter interface configuration mode. Configure the flow control mode for the port. Return to privileged EXEC mode. Verify the interface flow control settings. (Optional) Save your entries in the configuration file. 10-14 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 237
    of the auto-MDIX feature on the interface. interface-id phy copy running-config startup-config (Optional) Save your entries in the configuration file. To disable auto-MDIX, use the no mdix auto interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 238
    operating at 10 or 100 Mb/s by using the system mtu global configuration command. You can increase the MTU size to support jumbo frames on all Gigabit Ethernet interfaces by using the system mtu jumbo global configuration command. 10-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 239
    mtu 1800 Switch(config)# exit Switch# reload This example shows the response when you try to set Gigabit Ethernet interfaces to an out-of-range number: Switch(config)# system mtu jumbo 25000 ^ % Invalid input detected at '^' marker. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10
  • Cisco WS-C2960-24LC-S | Software Guide - Page 240
    an SFP module. Display the running configuration in RAM for the interface. Display the hardware configuration, software version, the names and sources of configuration files, and the boot images. Display the operational state of the auto-MDIX feature on the interface. 10-18 Catalyst 2960 Switch
  • Cisco WS-C2960-24LC-S | Software Guide - Page 241
    shutdown interface configuration command to restart the interface. To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface is shown as administratively down in the display. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 242
    Monitoring and Maintaining the Interfaces Chapter 10 Configuring Interface Characteristics 10-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 243
    PVST+, loop guard, and dynamic port error recovery for link state failures. Use this interface configuration macro for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 11-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 244
    running on your switch. Cisco also provides a collection of pretested, Cisco-recommended baseline configuration templates for Catalyst switches. The online reference guide templates provide the CLI commands that you can use to create Smartports macros based on the usage of the port. You can use
  • Cisco WS-C2960-24LC-S | Software Guide - Page 245
    required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 11-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 246
    you do not use the exit or end commands or change the command mode by using interface interface-id in a Switch(config)# macro name test switchport access vlan $VLANID switchport port-security maximum $MAX #macro keywords $VLANID $MAX @ 11-4 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 247
    configuration on a switch only by entering the no version of each command that is in the macro. You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 248
    keyword values, the commands are invalid and are not applied. (Optional) Enter interface configuration mode, and specify the interface on which to apply the macro. (Optional) Clear all configuration from the specified interface. 11-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 249
    inactivity # Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable Switch# Switch# configure terminal Switch(config)# gigabitethernet0/4 Switch(config-if)# macro apply cisco-desktop $AVID 25 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 11-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 250
    parser macro description [interface interface-id] Purpose Displays all configured macros. Displays a specific macro. Displays the configured macro names. Displays the macro description for all interfaces or for a specified interface. 11-8 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 251
    15, "Configuring STP." Note Before you create VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain global VLAN configuration for your network. For more information on VTP, see Chapter 13, "Configuring VTP." OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12
  • Cisco WS-C2960-24LC-S | Software Guide - Page 252
    Guidelines" section on page 12-5 for more information about the number of spanning-tree instances and the number of VLANs. The switch supports only IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports. 12-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 253
    Table 12-4 on page 12-15. When a port belongs to a VLAN, the switch learns and manages the addresses associated with the port on a per-VLAN basis. For more information, see the "Managing the MAC Address Table" section on page 6-19. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 254
    to another Note This section does not provide configuration details for most of these parameters. For complete information on the commands and parameters that control VLAN configuration, see the command reference for this release. 12-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 255
    be managed from one of the supported switches. Switches running VTP Version 2 advertise information about these Token Ring VLANs: • Token Ring TrBRF VLANs • Token Ring TrCRF VLANs For more information on configuring Token Ring VLANs, see the Catalyst 5000 Series Software Configuration Guide. Normal
  • Cisco WS-C2960-24LC-S | Software Guide - Page 256
    file. You can enter the copy running-config startup-config privileged EXEC command to save the configuration in the startup configuration file. To display the VLAN configuration, enter the show vlan privileged EXEC command. 12-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 257
    are not locally supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global advertisements to other switches. Table 12-2 state active active, suspend Remote SPAN disabled enabled, disabled OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 258
    example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end 12-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 259
    a VLAN from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch. You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 260
    2 access port). switchport access vlan vlan-id Assign the port to a VLAN. Valid VLAN IDs are 1 to 4094. end Return to privileged EXEC mode. show running-config interface interface-id Verify the VLAN membership mode of the interface. 12-10 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 261
    12-2 on page 12-7 for the default configuration for Ethernet VLANs. You can change only the MTU size and the remote SPAN configuration state on extended-range VLANs; all other characteristics must remain at the default state. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 262
    mode, follow these steps to create an extended-range VLAN: Step 1 Step 2 Command configure terminal vtp mode transparent Purpose Enter global configuration mode. Configure the switch for VTP transparent mode, disabling VTP. 12-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 263
    Command show show current [vlan-id] Command Mode VLAN database configuration VLAN database configuration Purpose Display status of VLANs in the VLAN database. Display status of all or the specified VLAN in the VLAN database. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 264
    . • To enable trunking to a device that does not support DTP, use the switchport mode trunk and switchport nonegotiate interface configuration commands to cause the interface to become a trunk but to not generate DTP frames. 12-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 265
    trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the before you disable spanning tree. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 266
    STP Port Fast setting. - trunk status: if one port in a port group ceases to be a trunk, all ports cease to be trunks. • We recommend that you configure no more than 24 trunk ports in PVST mode and no more than 40 trunk ports in MST mode. 12-16 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 267
    is configured to support IEEE 802.1Q trunking. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet0/2 Switch(config-if)# switchport mode dynamic desirable Switch(config-if)# end OL-8603-04 Catalyst 2960 Switch Software
  • Cisco WS-C2960-24LC-S | Software Guide - Page 268
    end Return to privileged EXEC mode. show interfaces interface-id switchport Verify your entries in the Trunking VLANs Enabled field of the display. copy running-config startup-config (Optional) Save your entries in the configuration file. 12-18 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 269
    pruned contains VLANs 2 to 1001. end Return to privileged EXEC mode. switch forwards untagged traffic in the native VLAN configured for the port. The native VLAN is VLAN 1 by default. Note The native VLAN can be assigned any VLAN ID. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 270
    connecting supported switches. In this example, the switches are configured as follows: • VLANs 8 through 10 are assigned a port priority of 16 on Trunk 1. • VLANs 3 through 6 retain the default port priority of 128 on Trunk 1. 12-20 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 271
    to the trunk ports configured on Switch A. When the trunk links come up, VTP passes the VTP and VLAN information to Switch B. Verify that Switch B has learned the VLAN configuration. Enter global configuration mode on Switch A. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 272
    gigabitethernet0/1 Step 3 switchport mode trunk Purpose Enter global configuration mode on Switch A. Define the interface to be configured as a trunk, and enter interface configuration mode. Configure the port as a trunk port. 12-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 273
    25 • "Configuring the VMPS Client" section on page 12-25 • "Monitoring the VMPS" section on page 12-28 • "Troubleshooting Dynamic-Access Port VLAN Membership" section on page 12-29 • "VMPS Configuration Example" section on page 12-29 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12
  • Cisco WS-C2960-24LC-S | Software Guide - Page 274
    down on a dynamic-access port, the port returns to an isolated state and does not belong to a VLAN. Any hosts that come online through the port are checked again through the VQP with the VMPS before the port is assigned to a VLAN. 12-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 275
    be the same. • The VLAN configured on the VMPS server should not be a voice VLAN. Configuring the VMPS Client You configure dynamic VLANs by using the VMPS (server). The switch can be a VMPS client; it cannot be a VMPS server. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-25
  • Cisco WS-C2960-24LC-S | Software Guide - Page 276
    station, and enter interface configuration mode. Set the port to access mode. Configure the port as eligible for dynamic VLAN membership. The dynamic-access port must be connected to an end station. Return to privileged EXEC mode. 12-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 277
    reconfirmation status in the Reconfirm Interval field of the display. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no vmps reconfirm global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-27
  • Cisco WS-C2960-24LC-S | Software Guide - Page 278
    Step 2 Step 3 Step 4 Step 5 Command configure terminal vmps retry count end show vmps copy running-config startup-config Purpose Enter global configuration mode. Change the retry count. The retry range or SNMP equivalent. 12-28 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 279
    Catalyst 6500 series Switch C and Switch J are secondary VMPS servers. • End stations are connected to the clients, Switch B and Switch I. • The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 280
    End station 2 Switch H Dynamic-access port Catalyst 6500 series Secondary VMPS Server 3 172.20.26.157 Client switch I 172.20.26.158 Trunk port 172.20.26.159 Switch J 101363t Ethernet segment (Trunk link) TFTP server Router 172.20.22.7 12-30 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 281
    VLAN in a suspended state. VTP only learns about normal-range VLANs (VLAN IDs 1 to 1005). Extended-range VLANs (VLAN IDs greater than 1005) are not supported by VTP or stored in the VTP VLAN database. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 282
    this mode are saved in the switch running configuration and can be saved to the switch startup configuration file. For domain name and password configuration guidelines, see the "VTP Configuration Guidelines" section on page 13-8. 13-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 283
    on trunk ports, see the "Configuring VLAN Trunks" section on page 12-14. VTP advertisements distribute this global domain information: • VTP domain name • VTP configuration revision number • Update identity and update timestamp OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 284
    list can be pruned. By default, VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported with VTP Version 1 and Version 2. 13-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 285
    pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 286
    -2 shows the default VTP configuration. Table 13-2 Default VTP Configuration Feature VTP domain name VTP mode VTP version VTP password VTP pruning Default Setting Null. Server. Version 1 (Version 2 is disabled). None. Disabled. 13-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 287
    name and the mode (transparent) are saved in the switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 288
    must run the same VTP version. • A VTP Version 2-capable switch can operate in the same VTP domain as a switch running VTP Version 1 if Version 2 is disabled on the Version 2-capable switch (Version 2 is disabled by default). 13-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 289
    VTP domain does not function properly if you do not assign the same password to each switch in the domain. Return to privileged EXEC mode. Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 290
    the domain name eng_group and the password mypassword: Switch# vlan database Switch(vlan)# vtp server Switch(vlan)# vtp domain eng_group Switch(vlan)# vtp password mypassword Switch(vlan)# exit APPLY completed. Exiting.... Switch# 13-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 291
    VTP server mode or the no vtp password VLAN database configuration command to return the switch to a no-password state. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 292
    VLAN database configuration command to return the switch to VTP server mode. If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You receive an error message, and the configuration is not allowed. 13-12 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 293
    database privileged EXEC command to enter VLAN database configuration mode and by entering the vtp v2-mode VLAN database configuration command. To disable VTP Version 2, use the no vtp v2-mode VLAN database configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 294
    of the switch with the highest VTP configuration revision number. If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain. 13-14 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 295
    mode transparent global configuration command or the vtp transparent VLAN database configuration command to disable VTP on the switch, and then change its VLAN information without affecting the other switches in the VTP domain. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 296
    VTP activity. Table 13-3 VTP Monitoring Commands Command show vtp status show vtp counters Purpose Display the VTP switch configuration information. Display counters about VTP messages that have been sent and received. 13-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 297
    to these devices: • Port 1 connects to the switch or other voice-over-IP (VoIP) device. • Port 2 is an internal 10/100 interface that carries the IP Phone traffic. • Port 3 (access port) connects to a PC or other device. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 14-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 298
    • In untrusted mode, all traffic in IEEE 802.1Q or IEEE 802.1p frames received through the access port on the Cisco IP Phone receive a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default. 14-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 299
    . • If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the same IP subnet. These conditions indicate that they are in the same VLAN: - They both use IEEE 802.1p or untagged frames. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 14-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 300
    to the phone to configure the way in which the phone sends voice traffic. The phone can carry voice traffic in IEEE 802.1Q frames for a specified voice VLAN with a Layer 2 CoS value. It can use IEEE 802.1p priority tagging to give 14-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 301
    /1 Switch(config-if)# mls qos trust cos Switch(config-if)# switchport voice vlan dot1p Switch(config-if)# end To return the port to its default setting, use the no switchport voice vlan interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 14
  • Cisco WS-C2960-24LC-S | Software Guide - Page 302
    if)# end To return the port to its default setting, use the no switchport priority extend interface configuration command. Displaying Voice VLAN To display voice VLAN configuration for an interface, use the show interfaces interface-id switchport privileged EXEC command. 14-6 Catalyst 2960 Switch
  • Cisco WS-C2960-24LC-S | Software Guide - Page 303
    and Redundant Connectivity, page 15-8 • Spanning-Tree Address Management, page 15-8 • Accelerated Aging to Retain Connectivity, page 15-8 • Spanning-Tree Modes and Protocols, page 15-9 • Supported Spanning-Tree Instances, page 15-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 304
    messages (to ensure the connection is up) only on interfaces that do not have small form-factor pluggable (SFP) modules. You can use the [no] keepalive interface configuration command to change the default for an interface. 15-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 305
    port through which the designated switch is attached to the LAN is called the designated port. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 306
    in frame forwarding. • Forwarding-The interface forwards frames. • Disabled-The interface is not participating in spanning tree because of a shutdown port, no link on the port, or no spanning-tree instance running on the port. 15-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 307
    the switch learns end-station location information for the forwarding database. 4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where both learning and frame forwarding are enabled. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 308
    Discards frames switched from another interface for forwarding • Does not learn addresses • Receives BPDUs Learning State A Layer 2 interface in • Forwards frames switched from another interface • Learns addresses • Receives BPDUs 15-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 309
    over the Gigabit Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port becomes the new root port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 310
    speed link is always disabled. If the speeds are the same, the port priority and port ID are added together, and spanning tree disables the link with the lowest global configuration command) when the spanning tree reconfigures. 15-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 311
    port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network. The PVST+ provides Layer -Tree Configuration Guidelines" section on page 15-12. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 312
    -Tree Features These sections contain this configuration information: • Default Spanning-Tree Configuration, page 15-11 • Spanning-Tree Configuration Guidelines, page 15-12 • Changing the Spanning-Tree Mode., page 15-13 (required) 15-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 313
    Mb/s: 19. 10 Mb/s: 100. Hello time: 2 seconds. Forward-delay time: 15 seconds. Maximum-aging time: 20 seconds. Transmit hold count: 6 BPDUs OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 314
    , see the "Optional Spanning-Tree Configuration Guidelines" section on page 17-10. Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP. 15-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 315
    in the configuration file. To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 316
    with the extended system ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. 15-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 317
    default is 2. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 318
    the same priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. 15-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 319
    -id] port-priority interface configuration command. For information on how to configure load sharing on trunk ports by using spanning-tree port priorities, see the "Configuring Trunk Ports for Load Sharing" section on page 12-20. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 320
    , or a series of VLANs separated by a comma. The range is 1 to 4094. • For cost, the range is ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. 15-18 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 321
    rejected. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 322
    hold count Description Controls how often the switch broadcasts hello messages to other switches. Controls configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. 15-20 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 323
    , a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 324
    configure terminal spanning-tree transmit hold-count value Step 3 Step 4 Step 5 end show spanning-tree detail copy running-config startup-config Purpose Enter global configuration mode. Configure reference for this release. 15-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 325
    16 C H A P T E R This chapter describes how to configure the Cisco implementation of the IEEE 802.1s Multiple STP (MSTP) on the Catalyst 2960 switch. Note The multiple spanning-tree (MST) implementation in Cisco IOS Release 12.2(25)SED is based on the IEEE 802.1s standard. The MST implementations
  • Cisco WS-C2960-24LC-S | Software Guide - Page 326
    of MST regions in a network, but each region can support up to 65 spanning-tree instances. Instances can be identified by any number in the range from 0 to 4094. You can assign a VLAN to only one spanning-tree instance at a time. 16-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 327
    As switches receive superior IST information, they leave their old subregions and join the new subregion that contains the true CIST regional root. Thus all subregions shrink, except for the one that contains the true CIST regional root. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 328
    add their spanning-tree information into the BPDUs to interact with neighboring switches and compute the final spanning-tree topology. Because of this, the spanning-tree parameters related to BPDU transmission (for example, 16-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 329
    in that region. The hop count achieves the same result as the message-age information (triggers a reconfiguration). The root switch of the instance always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 330
    .1s Implementation The Cisco implementation of the IEEE MST standard includes features required to meet the standard, as well as some of the desirable prestandard functionality that is not yet incorporated into the published standard. 16-6 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 331
    . Figure 16-2 Standard and Prestandard Switch Interoperation Segment X MST Region Switch A Switch B 92721 Segment Y Note We recommend that you minimize the interaction between standard and prestandard MST implementations. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 332
    Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops. When a designated port the IEEE 802.1D spanning tree). 16-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 333
    Is Port Included in the Active Topology? No No Yes Yes No To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16
  • Cisco WS-C2960-24LC-S | Software Guide - Page 334
    to-point connection; a half-duplex port is considered to have a shared connection. You can override the default setting that is controlled by the duplex setting by using the spanning-tree link-type interface configuration command. 16-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 335
    RSTP forces it to synchronize with new root information. In general, when the RSTP forces a port to synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 336
    Table 16-3 RSTP BPDU Flags Bit 0 1 2-3: 00 01 10 11 4 5 6 7 Function Topology change (TC) Proposal Port role: Unknown Alternate port Root port Designated port Learning Forwarding Agreement Topology change acknowledgement (TCA) 16-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 337
    port connected to an IEEE 802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support IEEE 802.1D switches. The RSTP BPDUs never have the TCA bit set. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 338
    shows the default MSTP configuration. Table 16-4 Default MSTP Configuration Feature Spanning-tree mode Switch priority (configurable on a per-CIST port basis) Default Setting PVST+ (Rapid PVST+ and MSTP are disabled). 32768. 16-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 339
    must have a better path to the root contained within the MST cloud than a path through the PVST+ or rapid-PVST+ cloud. You might have to manually configure the switches in the clouds. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 340
    MST instance 1. To specify a VLAN series, use a comma; for example, instance 1 vlan 10, 20, 30 maps VLANs 10, 20, and 30 to MST instance 1. Specify the configuration name. The name string has a maximum PVST+ at the same time. 16-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 341
    switch with the extended system ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 342
    to become the root switch for the specified instance if the primary root switch fails. This is assuming that the other network switches use the default switch priority of 32768 and therefore are unlikely to become the root switch. 16-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 343
    a hyphen, or a series of instances separated by a comma. The range is 0 to 4094. • (Optional) For diameter net-diameter, specify the maximum number of switches between any two end stations. The range is blocks the other interfaces. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 344
    selected first and higher cost values that you want selected last. If all interfaces have the same cost value, the MSTP puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. 16-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 345
    range of instances separated by a hyphen, or a series of instances separated by a comma. The range is 0 to 4094. • For cost, the range is 1 to 200000000; the default global configuration commands to modify the switch priority. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 346
    is 2. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst hello-time global configuration command. 16-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 347
    is 20. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst max-age global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-23
  • Cisco WS-C2960-24LC-S | Software Guide - Page 348
    to-point. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. 16-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 349
    the clear spanning-tree detected-protocols privileged EXEC command. To restart the protocol migration process on a specific interface, use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-25
  • Cisco WS-C2960-24LC-S | Software Guide - Page 350
    the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. 16-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 351
    Optional Spanning-Tree Features These sections contain this conceptual information: • Understanding Port Fast, page 17-2 • Understanding BPDU Guard, page 17-2 • Understanding Guard, page 17-8 • Understanding Loop Guard, page 17-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 352
    violation occurred. To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. 17-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 353
    into backbone switches, distribution switches, and access switches. Figure 17-2 shows a complex network where distribution switches and access switches each have at least one redundant link that spanning tree blocks to prevent loops. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 354
    with no link failures. Switch A, the root switch, is connected directly to Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. 17-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 355
    switch has lost its connection to the root switch). Under spanning-tree rules, the switch ignores inferior BPDUs for the configured maximum aging time specified by the spanning-tree vlan vlan-id max-age global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 356
    root-switch election takes approximately 30 seconds, twice the Forward Delay time if the default Forward Delay time of 15 seconds is set. Figure 17-6 shows how BackboneFast reconfigures the topology to account for the failure of link L1. 17-6 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 357
    device, EtherChannel guard places the switch interfaces in the error-disabled state, and displays an error message. You can enable this feature by using the spanning-tree etherchannel guard misconfig global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 358
    -tree root without root guard enabled Desired root switch Enable the root-guard feature on these interfaces to prevent switches in the customer network from becoming the root switch or being in the path to the root. 101232 17-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 359
    guard Root guard Loop guard Default Setting Globally disabled (unless they are individually configured per interface). Globally disabled. Globally disabled. Globally enabled. Disabled on all interfaces. Disabled on all interfaces. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 360
    workstation or server before you enable Port Fast on a trunk port. By default, Port Fast is disabled on all interfaces. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 17-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 361
    Specify the interface connected to an end station, and enter interface configuration mode. Enable the Port Fast feature. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 362
    default global configuration command. You can override the setting of the no spanning-tree portfast bpdufilter default global configuration command by using the spanning-tree bpdufilter enable interface configuration command. 17-12 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 363
    -tree reconfiguration sooner. Note If you use BackboneFast, you must enable it on all switches in the network. BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party switches. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 364
    privileged EXEC command to verify the EtherChannel configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. 17-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 365
    loop guard. This procedure is optional. Step 1 Step 2 Command show spanning-tree active or show spanning-tree mst configure terminal Purpose Verify which interfaces are alternate or root ports. Enter global configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 366
    Spanning-Tree Status Chapter 17 Configuring Optional Spanning-Tree Features Command Step 3 spanning-tree loopguard default Step 4 Step 5 Step 6 end show running-config copy running- see the command reference for this release. 17-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 367
    the LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 368
    can forward the IGMPv3 report to the multicast router. Note The switch supports IGMPv3 snooping based only on the destination multicast MAC address. It does not support snooping based on the source MAC address or on proxy reports. 18-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 369
    Figure 18-1. Figure 18-1 Initial IGMP Join Message Router A CPU PFC 0 1 IGMP report 224.1.2.3 VLAN 45750 Forwarding table 2 3 4 5 Host 1 Host 2 Host 3 Host 4 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 370
    Router A 1 CPU PFC 0 VLAN 45751 Forwarding table 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Table 18-2 Updated IGMP Snooping Forwarding Table Destination Address 224.1.2.3 Type of Packet IGMP Ports 1, 2, 5 18-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 371
    . The timer can be set either globally or on a per-VLAN basis. The VLAN configuration of the leave time overrides the global configuration. For configuration steps, see the "Configuring the IGMP Leave Timer" section on page 18-11. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 372
    IGMP Snooping Configuration Table 18-3 shows the default IGMP snooping configuration. Table 18-3 Default IGMP Snooping Configuration Feature IGMP snooping Multicast routers Default Setting Enabled globally and per VLAN None configured 18-6 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 373
    vlan vlan-id Purpose Enter global configuration mode. Enable IGMP snooping on the VLAN interface.The VLAN ID range is 1 to 1001 and 1006 to 4094. Note IGMP snooping must be globally enabled before you can enable VLAN snooping. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 374
    for reducing control traffic. • pim-dvmrp-Snoop on IGMP queries and PIM-DVMRP packets. This is the default. Return to privileged EXEC mode. Verify the configuration. (Optional) Save your entries in the configuration file. 18-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 375
    global configuration command. This example shows how to enable a static connection to a multicast router: Switch# configure terminal Switch(config)# ip igmp snooping vlan 200 mrouter interface gigabitethernet0/2 Switch(config)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18
  • Cisco WS-C2960-24LC-S | Software Guide - Page 376
    : Step 1 Step 2 Step 3 Command configure terminal ip igmp snooping vlan vlan-id immediate-leave end Purpose Enter global configuration mode. Enable IGMP Immediate Leave on the VLAN interface. Return to privileged EXEC mode. 18-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 377
    last-member-query-interval global configuration command. To remove the configured IGMP leave-time setting from the specified VLAN, use the no ip igmp snooping vlan vlan-id last-member-query-interval global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 378
    expedite the process of recovering from the flood mode during the TCN event. Leaves are always sent if the switch is the spanning-tree root regardless of this configuration command. By default, query solicitation is disabled. 18-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 379
    Return to privileged EXEC mode. Verify the TCN settings. (Optional) Save your entries in the configuration file. To re-enable multicast flooding on an interface, use the ip igmp snooping tcn flood interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 380
    Select the IGMP version number that the querier feature uses. Select 1 or 2. Step 8 end Return to privileged EXEC mode. Step 9 show ip igmp snooping vlan vlan-id (Optional (Optional) Save your entries in the configuration file. 18-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 381
    Information You can display IGMP snooping information for dynamically learned and statically configured router ports and VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for IGMP snooping. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 382
    address and receiving port for the most-recently configuration and operational state of the IGMP snooping querier in the VLAN. For more information about the keywords and options in these commands, see the command reference for this release. 18-16 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 383
    bandwidth on MVR data port links, which occurs when the switch runs in compatible mode. Only Layer 2 ports take part in MVR. You must configure ports as MVR receiver ports. Only one MVR multicast VLAN per switch is supported. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 384
    Multicast data Switch A RP1 RP2 RP3 RP4 RP5 RP6 RP7 Customer premises Hub IGMP join Set-top box TV data Set-top box PC 101364 TV RP = Receiver Port SP = Source Port TV Note: All source ports belong to the multicast VLAN. 18-18 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 385
    MVR configuration. Table 18-5 Default MVR Configuration Feature MVR Multicast addresses Query response time Multicast VLAN Mode Default Setting Disabled globally and per interface None configured 0.5 second VLAN 1 Compatible OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18
  • Cisco WS-C2960-24LC-S | Software Guide - Page 386
    multicast data sent to this address is sent to all source ports on the switch and all receiver ports that have elected to receive data on that multicast address. Each multicast address would correspond to one television channel. 18-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 387
    : Step 1 Step 2 Step 3 Command configure terminal mvr interface interface-id Purpose Enter global configuration mode. Enable MVR on the switch. Specify the Layer 2 port to configure, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 388
    receiver Switch(config-if)# mvr vlan 22 group 228.1.23.4 Switch(config-if)# mvr immediate Switch(config)# end Switch# show mvr interface Port Type Status Immediate Leave ---- ---- ------- Gi0/2 RECEIVER ACTIVE/DOWN ENABLED 18-22 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 389
    groups to which a user on a switch port can belong. You can control the distribution of multicast services, such as IP/TV, based on some type of subscription or service plan. You might also want to forward the multicast traffic. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-23
  • Cisco WS-C2960-24LC-S | Software Guide - Page 390
    to be used for filtering IGMP join requests from a port. When you are in IGMP profile configuration mode, you can create the profile by using these igmp-profile configuration mode. • no: Negates a command or returns to its defaults. 18-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-
  • Cisco WS-C2960-24LC-S | Software Guide - Page 391
    IGMP profiles only to Layer 2 access ports. You cannot apply profiles to ports that belong to an EtherChannel port group. You can apply a profile to multiple interfaces, but each interface can have only one profile applied to it. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-25
  • Cisco WS-C2960-24LC-S | Software Guide - Page 392
    that the interface can join. The range is 0 to 4294967294. The default is to have no maximum set. Return to privileged EXEC mode. Verify the configuration. (Optional) Save your entries in the configuration file. 18-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 393
    of IGMP groups that a port can join. Switch(config)# interface gigabitethernet0/2 Switch(config-if)# ip igmp max-groups 25 Switch(config-if)# end Configuring the IGMP Throttling Action After which the IGMP report was received. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-27
  • Cisco WS-C2960-24LC-S | Software Guide - Page 394
    the configuration of the specified interface or the configuration of all interfaces on the switch, including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. 18-28 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 395
    Control This chapter describes how to configure the port-based traffic control features on the Catalyst 2960 switch. Note For complete syntax and usage . Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm
  • Cisco WS-C2960-24LC-S | Software Guide - Page 396
    traffic except control traffic, such as bridge protocol data unit (BDPU) and Cisco Discovery Protocol (CDP) frames, are blocked. The graph in Figure 19-1 shows broadcast, multicast, or unicast traffic on that port is blocked. 19-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 397
    to storm control and threshold levels: Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the interface to be configured, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 398
    to filter out the traffic and not to send traps. • Select the shutdown keyword to error-disable the port during a storm. • Select the trap keyword to generate an SNMP trap when a storm is detected. Return to privileged EXEC mode. 19-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 399
    nonprotected port proceeds as usual. These sections contain this configuration information: • Default Protected Port Configuration, page 19-6 • Protected Port Configuration Guidelines, page 19-6 • Configuring a Protected Port, page 19-6 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 400
    interface configuration command. This example shows how to configure a port as a protected port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport protected Switch(config-if)# end 19-6 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 401
    unicast and multicast flooding on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport block multicast Switch(config-if)# switchport block unicast Switch(config-if)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 402
    or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them. 19-8 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 403
    no shut down interface configuration commands. This is the default mode. • shutdown vlan-Use to set the security violation mode per-VLAN. In this mode, the VLAN is error disabled instead of the entire port when a violation occurs OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 404
    for Switched Port Analyzer (SPAN). • A secure port cannot belong to a Fast EtherChannel or a Gigabit EtherChannel port group. Note Voice VLAN is only supported on access ports and not on trunk ports, even though the configuration is allowed. 19-10 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 405
    mode. Specify the interface to be configured, and enter interface configuration mode. Set the interface switchport mode as access or trunk; an interface in the default mode (dynamic auto) cannot be configured as a secure port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 406
    a voice VLAN. Note The voice keyword is available only if a voice VLAN is configured on a port and if that port is not the access VLAN. If an interface is configured for voice VLAN, configure a maximum of two secure MAC addresses. 19-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 407
    occurs, and the port LED turns off. configuration command. You can manually re-enable it by entering the shutdown and no shutdown interface configuration commands or by using the clear errdisable interface vlan privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 408
    11 Step 12 Step 13 end show port-security copy running-config startup- configured on a port and if that port is not the access VLAN. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 19-14 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 409
    on VLAN 3 on a port: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 410
    these steps to configure port security aging: Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the interface to be configured, and enter interface configuration mode. 19-16 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 411
    displays (among other characteristics) the interface traffic suppression and control configuration. The show storm-control and show port-security privileged EXEC commands display those storm control and port security settings. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 412
    on all switch interfaces or on a specified interface with aging information for each address. show port-security interface interface-id vlan Displays the number of secure MAC addresses configured per VLAN on the specified interface. 19-18 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 413
    how to configure Cisco Discovery Protocol (CDP) on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the "System Management Commands" section in the Cisco IOS Configuration Fundamentals
  • Cisco WS-C2960-24LC-S | Software Guide - Page 414
    configure terminal cdp timer seconds Step 3 cdp holdtime seconds Step 4 cdp advertise-v2 Step 5 end Purpose Enter global configuration Configure CDP to send Version-2 advertisements. This is the default state. Return to privileged EXEC mode. 20-2 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 415
    Enter global configuration mode. Enable CDP after disabling it. Return to privileged EXEC mode. This example shows how to enable CDP if it has been disabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 20-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 416
    clear cdp table show cdp Description Reset the traffic counters to zero. Delete the CDP table of information about neighbors. Display global information, such as frequency of transmissions and the holdtime for packets being sent. 20-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 417
    , and port ID. You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. Display CDP counters, including the number of packets sent and received and checksum errors. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 20-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 418
    Monitoring and Maintaining CDP Chapter 20 Configuring CDP 20-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 419
    -MED This chapter describes how to configure the Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (LLDP-MED) on the Catalyst 2960 switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. Note For complete syntax and usage information
  • Cisco WS-C2960-24LC-S | Software Guide - Page 420
    Enables advanced power management between LLDP-MED endpoint and network connectivity devices. Allows switches and phones to convey power information, such as how the device is powered, power priority, and how much power the device needs. 21-2 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 421
    and LLDP-MED Configuring LLDP and LLDP-MED • Inventory management TLV Allows an endpoint to send detailed inventory information about itself to the switch, including information hardware Enabled to send and receive all TLVs. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 21-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 422
    terminal Switch(config)# lldp holdtime 120 Switch(config)# lldp reinit 2 Switch(config)# lldp timer 30 Switch(config)# end For additional LLDP show commands, see the "Monitoring and Maintaining LLDP and LLDP-MED" section on page 21-7. 21-4 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 423
    Purpose Enter global configuration mode. Specify the interface on which you are disabling LLDP, and enter interface configuration mode. No LLDP packets are sent on the interface. No LLDP packets are received on the interface. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 21-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 424
    Table 21-2 LLDP-MED TLVs LLDP-MED TLV inventory-management location network-policy power-management Description LLDP-MED inventory management TLV LLDP-MED location TLV LLDP-MED network policy TLV LLDP-MED power management TLV 21-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 425
    Switch# configure terminal Switch(config)# interface GigabitEthernet0/1 Switch(config-if)# lldp med-tlv-select inventory management Switch(config-if)# end name show lldp interface [interface-id] Description Reset the traffic counters to zero. Catalyst 2960 Switch Software Configuration Guide 21-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 426
    neighbors of a specific interface or expand the display to provide more detailed information. Display LLDP counters, including the number of packets sent and received, number of packets discarded, and number of unrecognized TLVs. 21-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 427
    Layer 2 protocol that enables devices connected through fiber-optic or twisted-pair Ethernet cables to monitor the physical configuration of the cables and detect when a unidirectional link exists. All connected devices must support OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 22-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 428
    problems exists: • On fiber-optic or twisted-pair links, one of the ports cannot send or receive traffic. • On fiber-optic or twisted-pair links, one of the ports is down while the other is up. • One of the fiber strands in the cable 22-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 429
    Switch B on the same port. If UDLD is in aggressive mode, it detects the problem and disables the port. If UDLD is in normal mode, the logical link is considered undetermined, and UDLD does not disable the interface. Switch B 98648 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 430
    aggressive), make sure that the same mode is configured on both sides of the link. Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP. 22-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 431
    normal mode or to disable UDLD on a port: Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the port to be enabled for UDLD, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 22-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 432
    display the UDLD status for the specified port or for all ports, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the command output, see the command reference for this release. 22-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 433
    network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 434
    carrying the RSPAN VLAN to a destination session monitoring the RSPAN VLAN. Each RSPAN source switch must have either ports or VLANs as RSPAN sources. The destination is always a physical port, as shown on Switch C in the figure. 23-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 435
    RSPAN VLAN. To configure an RSPAN destination session on another device, you associate the destination port with the RSPAN VLAN. The destination session collects all RSPAN VLAN traffic and sends it out the RSPAN destination port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 436
    ; the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), ingress QoS policing, and egress QoS policing. 23-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 437
    configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco port as it participates in the port channel. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 438
    session or RSPAN destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports or VLANs and sends the SPAN packets to the user, usually a network analyzer. 23-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 439
    VLAN traffic only flows on trunk ports. • RSPAN VLANs must be configured in VLAN configuration mode by using the remote-span VLAN configuration mode command. • STP can run on RSPAN VLAN trunks but not on SPAN destination ports. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 440
    of monitored ports. • Multicast traffic can be monitored. For egress and ingress port monitoring, only a single unedited packet is sent to the SPAN destination port. It does not reflect the number of times the multicast packet is sent. 23-8 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 441
    this configuration information: • SPAN Configuration Guidelines, page 23-10 • Creating a Local SPAN Session, page 23-10 • Creating a Local SPAN Session and Configuring Incoming Traffic, page 23-13 • Specifying VLANs to Filter, page 23-14 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 442
    mode. Remove any existing SPAN configuration for the session. For session_number, the range is 1 to 66. Specify all to remove all SPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. 23-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 443
    single session can include multiple sources (ports or VLANs), defined in a series of commands, but you cannot combine source ports and source VLANs in one session. command multiple times to configure multiple destination ports. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 444
    (config)# no monitor session 2 Switch(config)# monitor session 2 source vlan 1 - 3 rx Switch(config)# monitor session 2 destination interface gigabitethernet0/2 Switch(config)# monitor session 2 source vlan 10 Switch(config)# end 23-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 445
    VLAN. end Return to privileged EXEC mode. show monitor [session session_number] Verify the configuration. show running-config copy running-config startup-config (Optional) Save the configuration in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 446
    For vlan-id, the range is 1 to 4094. (Optional) Use a comma (,) to specify a series of VLANs, or use a hyphen (-) to specify a range of VLANs. Enter a space before and after the comma; enter a space before and after the hyphen. 23-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 447
    port. The destination interface must be a physical port; it cannot be an EtherChannel, and it cannot be a VLAN. (Optional) [, | -] Specify a series and Configuring Incoming Traffic, page 23-20 • Specifying VLANs to Filter, page 23-21 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-
  • Cisco WS-C2960-24LC-S | Software Guide - Page 448
    VLAN on both source and destination switches and any intermediate switches. Use VTP pruning to get an efficient flow of RSPAN traffic, or manually delete the RSPAN VLAN from all trunks that do not need to carry the RSPAN traffic. 23-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 449
    mode. Remove any existing RSPAN configuration for the session. For session_number, the range is 1 to 66. Specify all to remove all RSPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 450
    /1 tx Switch(config)# monitor session 1 source interface gigabitethernet0/2 rx Switch(config)# monitor session 1 source interface port-channel 2 Switch(config)# monitor session 1 destination remote vlan 901 Switch(config)# end 23-18 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 451
    session, use the no monitor session session_number destination interface interface-id global configuration command. To remove the RSPAN VLAN from the session, use the no monitor session session_number source remote vlan vlan-id. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 452
    is not supported for RSPAN. The original VLAN ID is overwritten by the RSPAN VLAN ID, and all packets appear on the destination port as untagged. (Optional) [, | -] Specify a series or range the specified VLAN as the default VLAN. 23-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 453
    For vlan-id, the range is 1 to 4094. (Optional) Use a comma (,) to specify a series of VLANs or use a hyphen (-) to specify a range of VLANs. Enter a space before and after the comma; enter a space before and after the hyphen. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 454
    end Displaying SPAN and RSPAN Status To display the current SPAN or RSPAN configuration, use the show monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured SPAN or RSPAN sessions. 23-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 455
    network monitoring data. You can use the RMON feature with the Simple Network Management Protocol (SNMP) agent in the switch to monitor all the traffic flowing among switches on all connected LAN segments as shown in Figure 24-1. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 24-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 456
    , page 24-3 • Configuring RMON Alarms and Events, page 24-3 (required) • Collecting Group History Statistics on an Interface, page 24-5 (optional) • Collecting Group Ethernet Statistics on an Interface, page 24-5 (optional) 24-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 457
    events are configured. Configuring RMON Alarms and Events You can configure your switch for RMON by using the command-line interface (CLI) or an SNMP-compatible network management station. We string, specify the owner of the alarm. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 24-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 458
    owns the row that is created in the event table by this command. This example also generates an SNMP trap when the event is triggered. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones 24-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 459
    . This procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the interface on which to collect statistics, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 24-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 460
    , see the "System Management Commands" section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. 24-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 461
    and each of the destinations. You can time-stamp log messages or set the syslog source address to enhance real-time debugging and management. For information on possible messages, see the system message guide for this release. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 462
    sign depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. 25-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 463
    Console severity Logging file configuration Logging buffer size Logging history size Default Setting Enabled. Debugging (and numerically lower levels; see Table 25-3 on page 25-9). No filename specified. 4096 bytes. 1 message. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 464
    . Step 1 Step 2 Step 3 Step 4 Step 5 Command configure terminal no logging console end show running-config or show logging copy running-config startup-config Purpose been disabled, use the logging on global configuration command. 25-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 465
    are set locally and do not remain in effect after the session has ended. You must perform this step for each session to see the debugging messages. Verify your entries. (Optional) Save your entries in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 466
    your current connection. For example, to change the setting for vty line 2, enter: line vty 2 When you enter this command, the mode changes to line configuration. 25-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 467
    global configuration command. This example shows part of a logging display with the service timestamps log datetime global configuration command enabled: *Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 468
    Step 4 Step 5 Command configure terminal service sequence-numbers end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enable sequence numbers. levels (see Table 25-3 on page 25-9). 25-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 469
    Configuring System Message Logging Configuring System Message Logging Command Step 4 logging trap level Step 5 Step 6 Step 7 end 3 4 5 6 7 Description System unstable Immediate action needed switch functionality is not affected. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 470
    the size of the configuration log from 1 to 1000 entries (the default is 100). You can clear the log at any time by entering the no logging enable command followed by the logging enable command to disable and reenable logging. 25-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 471
    the commands, see the Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T at this URL: http://www.cisco.com/en/US/products/ 16 temi@vty5 | switchport mode trunk 47 16 temi@vty5 | exit OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 472
    debug /usr/adm/logs/cisco.log The local7 keyword configuration mode. Log messages to a UNIX syslog server host by entering its IP address. To build a list of syslog servers that receive logging messages, enter this command more than once. 25-12 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 473
    For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 474
    Displaying the Logging Configuration Chapter 25 Configuring System Message Logging 25-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 475
    describes how to configure the Simple Network Management Protocol (SNMP) on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS Configuration Fundamentals Command Reference
  • Cisco WS-C2960-24LC-S | Software Guide - Page 476
    level and the security model determine which security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. 26-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 477
    . 1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 478
    network for specific information. The results of a poll can be displayed as a graph and analyzed to troubleshoot internetworking problems, increase network performance, verify the configuration of devices, monitor traffic loads, and more. 26-4 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 479
    . Note SNMPv1 does not support informs. Traps are unreliable because manager receive every notification, use inform requests. If traffic on the network or memory in the switch is a concern and notification is not required, use traps. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 480
    SNMP Groups and Users, page 26-10 • Configuring SNMP Notifications, page 26-12 • Setting the Agent Contact and Location Information, page 26-15 • Limiting TFTP Servers Used Through SNMP, page 26-16 • SNMP Examples, page 26-17 26-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 481
    SNMP database before you can send proxy requests or informs to it. • If a local user is not associated with a remote host, the switch does not send informs for the auth (authNoPriv) and the priv (authPriv) authentication levels. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 482
    of all MIB objects accessible to the given community • Read and write or read-only permission for the MIB objects accessible to the community 26-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 483
    end show running-config copy running-config startup-config Purpose Enter global configuration mode. Configure the SNMP managers that are specific community string, use the no snmp-server community string global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 484
    • If you select remote, specify the ip-address of the device that contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. The default is 162. 26-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 485
    (not to exceed 64 characters) that is the name of the view in which you enter data and configure the contents of the agent. • (Optional) Enter notify notifyview with a string (not to exceed 64 is the name of the access list. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 486
    port manager to receive them. Table 26-5 Switch Notification Types Notification Type Keyword bridge cluster config Description Generates STP bridge MIB traps. Generates a trap when the cluster configuration changes. Generates a trap for SNMP configuration changes. 26-12 Catalyst 2960 Switch
  • Cisco WS-C2960-24LC-S | Software Guide - Page 487
    SNMP VLAN membership changes. Generates SNMP VLAN created traps. Generates SNMP VLAN deleted traps. Generates a trap for VLAN Trunking Protocol (VTP) changes. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 488
    to the host. • (Optional) Specify the SNMP version (1, 2c, or 3). SNMPv1 does not support informs. • (Optional) For Version 3, select authentication level auth, noauth, or priv. Note The is specified, all notifications are sent. 26-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 489
    the configuration file: Step 1 Step 2 Command configure terminal snmp-server contact text Purpose Enter global configuration mode. Set the system contact string. For example: snmp-server contact Dial System Operator at beeper 21555. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 490
    Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Limit TFTP servers used for configuration file copies through SNMP ) Save your entries in the configuration file. 26-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 491
    snmp-server user authuser authgroup v3 auth md5 mypassword Switch(config)# snmp-server host 192.180.1.27 informs version 3 auth authuser config Switch(config)# snmp-server enable traps Switch(config)# snmp-server inform retries 0 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 492
    SNMP information. For information about the fields in the displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Table 26-6 Commands for Displaying SNMP user name in the SNMP users table. 26-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 493
    services, and assist with network troubleshooting. The Catalyst 2960 switch supports only IP SLAs responder functionality and must be configured with another device that supports full IP SLAs functionality. For more information about IP SLAs, see the Cisco IOS IP SLAs Configuration Guide, Release
  • Cisco WS-C2960-24LC-S | Software Guide - Page 494
    port numbers, a type of service (ToS) byte (including Differentiated Services Code Point [DSCP] and IP Prefix bits), Virtual Private Network (VPN) routing/forwarding instance (VRF), and URL web address. Because Cisco IP SLAs is Layer 2 transport independent, you can configure end-to-end operations
  • Cisco WS-C2960-24LC-S | Software Guide - Page 495
    responder uses the Cisco IOS IP SLAs Control Protocol to provide a mechanism through which it can be notified on which port it should listen and respond. Only a Cisco IOS device can be a source for a destination IP SLAs Responder. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 27-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 496
    can be a Cisco IOS Layer 2, responder-configurable switch, such as a Catalyst 2960 or Cisco ME 2400 switch. The responder does not need to support full IP SLAs functionality. Figure 27-1 shows where the Cisco IOS IP SLAs responder fits in the IP network. The responder listens on a specific port for
  • Cisco WS-C2960-24LC-S | Software Guide - Page 497
    For detailed descriptions and configuration procedures, see the Cisco IOS IP SLAs Configuration Guide, Release 12.4T at this URL: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_book09186a0080707055 .html OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 27-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 498
    SLAs responder is available only on Cisco IOS software-based devices, including some Layer 2 switches that do not support full IP SLAs functionality, such as the Catalyst 2960 or the Cisco ME 2400 switch. Beginning in privileged EXEC mode, follow these steps to configure the IP SLAs responder on the
  • Cisco WS-C2960-24LC-S | Software Guide - Page 499
    SLAs operations configuration. Table 27-1 Monitoring IP SLAs Operations Command show ip sla authentication show ip sla responder Purpose Display IP SLAs authentication information. Display information about the IP SLAs responder. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 27
  • Cisco WS-C2960-24LC-S | Software Guide - Page 500
    Monitoring IP SLAs Operations Chapter 27 Configuring Cisco IOS IP SLAs Operations 27-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 501
    importance, and use congestion-management and congestion-avoidance techniques to provide preferential treatment. Implementing QoS in your network makes network performance more predictable and bandwidth utilization more effective. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 502
    value. QoS supports the use of either value because DSCP values are backward-compatible with IP precedence values. IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Note IPv6 QoS is not supported in this release. 28-2 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 503
    can construct an end-to-end QoS solution. service as the packets move through the switch, make the packets comply with the configured switch also needs to ensure that traffic sent from it meets a specific traffic profile (shape). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 504
    Scheduling services the four egress queues based on their configured SRR shared or shaped weights. One of the queues (queue 1) can be the expedited queue, which is serviced until empty before the other queues are serviced. Basic QoS Model 28-4 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 505
    on the maps described in this section, see the "Mapping Tables" section on page 28-11. For configuration information on port trust states, see the "Configuring Classification Using Port Trust States" section on page 28-34. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 506
    in No profile by querying the policer. Yes Pass through Check out-of-profile action configured for this policer. Mark Drop Drop packet. Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done 86835 28-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 507
    , the switch enters the policy-map configuration mode. In this mode, you specify the actions to take on a specific traffic class by using the class, trust, or set policy-map configuration and policy-map class configuration commands. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28
  • Cisco WS-C2960-24LC-S | Software Guide - Page 508
    information, see the "Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps" section on page 28-46 and the "Classifying, Policing, and Marking Traffic by Using Aggregate Policers" section on page 28-49. 28-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 509
    . You configure how fast (the average rate) that the tokens are removed from the bucket by using the rate-bps option of the police policy-map class configuration command or the mls qos aggregate-policer global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28
  • Cisco WS-C2960-24LC-S | Software Guide - Page 510
    Physical Ports Start Get the clasification result for the packet. Is a policer configured No for configured for this policer. Mark Drop Drop packet. Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done 86835 28-10 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 511
    -mutation map is the only map you apply to a specific port. All other maps apply to the entire switch. For configuration information, see the "Configuring DSCP Maps" section on page 28-51. For information section on page 28-16. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 512
    values 4 and 5 and is subjected to the 60-percent threshold. If this frame is added to the queue, the threshold will be exceeded, so the switch drops it. 28-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 513
    "Allocating Bandwidth Between the Ingress Queues" section on page 28-60, the "Configuring SRR Shaped Weights on Egress Queues" section on page 28-66, and the "Configuring SRR Shared Weights on Egress Queues" section on page 28-67. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 514
    using the mls qos srr-queue input priority-queue global configuration command. The expedite queue has guaranteed bandwidth. 1. The switch uses two nonconfigurable queues for traffic that is essential for proper network operation. 28-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 515
    "Weighted servicing the queue more frequently, and by adjusting queue thresholds so that packets with lower priorities are dropped. For configuration information, see the "Configuring Ingress Queue Characteristics" section on page 28-57. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 516
    1) can be the egress expedite queue. These queues are assigned to a queue-set. All traffic exiting the switch flows through one of these four queues and is subjected to a threshold based on the QoS label assigned to the packet. 28-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 517
    over-limit, the switch drops the frame. Figure 28-9 Egress Queue Buffer Allocation Common pool Port 1 queue 1 Port 1 queue 2 Port 1 queue 3 Port 1 queue 4 Port 2 queue 1 Port 2 queue 2 queue queue-id {cos1...cos8 | threshold OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 518
    services each queue-set in shared or shaped mode. You map a port to a queue-set by using the queue-set qset-id interface configuration command. You assign shared or shaped weights to the port for queueing and scheduling decisions. 28-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 519
    Auto-QoS Configuration, page 28-20 • Effects of Auto-QoS on the Configuration, page 28-24 • Auto-QoS Configuration Guidelines, page 28-25 • Enabling Auto-QoS for VoIP, page 28-25 • Auto-QoS Configuration Example, page 28-27 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 520
    the switch enables the trusted boundary feature. The switch uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP Phone. When a Cisco IP Phone is detected, the ingress classification on the port is set to 28-20 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 521
    threshold 3 3 6 7 Switch(config)# mls qos srr-queue output cos-map queue 3 threshold 3 2 4 Switch(config)# mls qos srr-queue output cos-map queue 4 threshold 2 1 Switch(config)# mls qos srr-queue output cos-map queue 4 threshold 3 0 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28
  • Cisco WS-C2960-24LC-S | Software Guide - Page 522
    -queue 2 Switch(config)# mls qos srr-queue input bandwidth 90 10 Switch(config)# mls qos srr-queue input threshold 1 8 16 Switch(config)# mls qos srr-queue input threshold 2 34 66 Switch(config)# mls qos srr-queue input buffers 67 33 28-22 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 523
    the switch automatically applies the policy map called AutoQoS-Police-SoftPhone to an ingress interface on which auto-QoS with the Cisco SoftPhone feature is enabled. Switch(config-if)# service-policy input AutoQoS-Police-SoftPhone OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28
  • Cisco WS-C2960-24LC-S | Software Guide - Page 524
    user-entered configuration that was overridden can be retrieved by reloading the switch without saving the current configuration to memory. If the generated commands fail to be applied, the previous running configuration is restored. 28-24 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 525
    Cisco IP Phone, the port that is connected to a device running the Cisco SoftPhone feature, or the uplink port that is connected to another trusted switch or router in the interior of the network, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 526
    how to enable auto-QoS and to trust the QoS labels received in incoming packets when the switch or router connected to a port is a trusted device: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# auto qos voip trust 28-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 527
    to IP phones IP Cisco IP phones 101234 Figure 28-10 shows a network in which the VoIP traffic is prioritized over all other traffic. Auto-QoS is enabled on the switches in the wiring closets at the edge of the QoS domain. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-27
  • Cisco WS-C2960-24LC-S | Software Guide - Page 528
    that might be affected by auto-QoS, see the "Displaying Auto-QoS Information" section on page 26-12. Save the auto qos voip interface configuration commands and the generated auto-QoS configuration in the configuration file. 28-28 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 529
    28-51 (optional, unless you need to use the DSCP-to-DSCP-mutation map or the policed-DSCP map) • Configuring Ingress Queue Characteristics, page 28-57 (optional) • Configuring Egress Queue Characteristics, page 28-62 (optional) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-29
  • Cisco WS-C2960-24LC-S | Software Guide - Page 530
    policing. No policy maps are configured. The default port trust state on all ports is untrusted. The default ingress is the priority queue. SRR services the priority queue for its configured share before servicing the other queue. Table Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 531
    ports are mapped to queue-set 1. The port bandwidth limit is set to 100 percent and rate unlimited. Table 28-9 Default Egress Queue Configuration shaped weights 25 0 0 (absolute) 1 SRR shared weights 2 25 25 25 1. A shaped weight of Catalyst 2960 Switch Software Configuration Guide 28-31
  • Cisco WS-C2960-24LC-S | Software Guide - Page 532
    reserve policers per port; there is no guarantee that a port will be assigned to any policer. • Only one policer is applied to a packet on an ingress port. Only the average rate and committed burst parameters are configurable. 28-32 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 533
    QoS guidelines: • You configure QoS only on physical ports; there is no support for it at the VLAN or switch virtual interface level. • in the configuration file. To disable QoS, use the no mls qos global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-33
  • Cisco WS-C2960-24LC-S | Software Guide - Page 534
    within the QoS domain. Figure 28-11 shows a sample network topology. Figure 28-11 Port Trusted States within the QoS Domain Trusted interface Trunk Traffic classification performed here P3 P1 IP Trusted boundary 28-34 Catalyst 2960 Switch Software Configuration Guide 101236 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 535
    to change the default CoS value, see the "Configuring the CoS Value for an Interface" section on page 28-36. For information on how to configure the CoS-to-DSCP map, see the "Configuring the CoS-to-DSCP Map" section on page 28-52. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-35
  • Cisco WS-C2960-24LC-S | Software Guide - Page 536
    to the switch should be trusted to ensure that voice traffic is properly prioritized over other types of traffic in the network. By using the mls qos trust cos interface configuration command, you configure the switch port to which 28-36 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 537
    exclusive. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable the trusted boundary feature, use the no mls qos trust device interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-37
  • Cisco WS-C2960-24LC-S | Software Guide - Page 538
    trusted value and avoids the classification stage of QoS. If the two domains use different DSCP values, you can configure the DSCP-to-DSCP-mutation map to translate a set of DSCP values to match the definition in the other domain. 28-38 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 539
    the mutation map name created in Step 2. You can configure multiple DSCP-to-DSCP-mutation maps on an ingress port. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-39
  • Cisco WS-C2960-24LC-S | Software Guide - Page 540
    Traffic by Using Class Maps, page 28-44 • Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps, page 28-46 • Classifying, Policing, and Marking Traffic by Using Aggregate Policers, page 28-49 28-40 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 541
    rejected. Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 128.88.0.0 0.0.255.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 ! (Note: all other access implicitly denied) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-41
  • Cisco WS-C2960-24LC-S | Software Guide - Page 542
    a match before reaching the end. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To delete an to 32: Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32 28-42 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 543
    access-list extended maclist1 Switch(config-ext-macl)# permit 0001.0000.0001 0.0.0 0002.0000.0001 0.0.0 Switch(config-ext-macl)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp ! (Note: all other access implicitly denied) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-43
  • Cisco WS-C2960-24LC-S | Software Guide - Page 544
    configuration command. For more information, see the "Classifying, Policing, and Marking Traffic on Physical Ports or a Layer 2 MAC end of the access list contains supported, the match-all and match-any keywords function the same. 28-44 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 545
    one match criterion per class map is supported, and only one ACL per class map is supported. • For access-group acl-index-or Switch(config)# class-map class3 Switch(config-cmap)# match ip precedence 5 6 7 Switch(config-cmap)# end Switch# OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 546
    neither the match-all or match-any keyword is specified, the default is match-all. Note Because only one match command per class map is supported, the match-all and match-any keywords function the same. 28-46 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 547
    keywords have these meanings: • cos-QoS derives the DSCP value by using the received or default port CoS value and the CoS-to-DSCP map. • dscp-QoS derives the DSCP value by using the the classified traffic. The range is 0 to 7. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-47
  • Cisco WS-C2960-24LC-S | Software Guide - Page 548
    on the policed-DSCP map) and sent: Switch(config)# access-list 1 permit 10.1.0.0 0.0.255.255 Switch(config)# class-map ipclass1 Switch(config-cmap)# match access-group 1 Switch(config-cmap)# exit Switch(config)# policy-map flow1t 28-48 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 549
    a policer that is shared by multiple traffic classes within the same policy map. However, you cannot use the aggregate policer across different policy maps or ports. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-49
  • Cisco WS-C2960-24LC-S | Software Guide - Page 550
    the number of policers supported, see the "Standard QoS Configuration Guidelines" section on configuration mode. Specify the port to attach to the policy map, and enter interface configuration mode. Valid interfaces include physical ports. 28-50 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 551
    Configuring the CoS-to-DSCP Map, page 28-52 (optional) • Configuring the IP-Precedence-to-DSCP Map, page 28-53 (optional) • Configuring the Policed-DSCP Map, page 28-54 (optional, unless the null settings in the map are not appropriate) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 552
    are applied to all ports. Configuring the CoS-to-DSCP configure terminal mls qos map cos-dscp dscp1...dscp8 Step 3 Step 4 Step 5 end configuration file. To return to the default map, use the no mls qos cos-dscp global configuration command. 28-52 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 553
    . The DSCP range is 0 to 63. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default map, use the no mls qos ip-prec-dscp global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-53
  • Cisco WS-C2960-24LC-S | Software Guide - Page 554
    15 20 25 30 35 40 45 Switch(config)# end Switch# show mls qos maps ip-prec-dscp IpPrecedence-dscp map: ipprec: 0 1 2 3 4 5 6 7 dscp: 10 15 20 25 30 35 40 45 Configuring the Policed-DSCP Map You use the 00 00 58 59 6 : 60 61 62 63 28-54 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 555
    2 Step 3 Step 4 Step 5 Command configure terminal mls qos map dscp-cos dscp-list to cos end show mls qos maps dscp-to-cos copy configuration file. To return to the default map, use the no mls qos dscp-cos global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 556
    spaces. Then enter the to keyword. • For out-dscp, enter a single DSCP value. The DSCP range is 0 to 63. Specify the port to which to attach the map, and enter interface configuration mode. Valid interfaces include physical ports. 28-56 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 557
    6 Step 7 Step 8 end show mls qos maps dscp-mutation copy running-config startup-config Purpose Configure the ingress port as a DSCP-trusted port. By default, the port is not trusted. Apply space is allocated between the queues? OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-57
  • Cisco WS-C2960-24LC-S | Software Guide - Page 558
    ...cos8 mls qos srr-queue input threshold queue-id threshold-percentage1 threshold-percentage2 end Purpose Enter global configuration mode. Map DSCP or CoS values to an ingress queue and to a queue. Return to privileged EXEC mode. 28-58 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 559
    . Step 1 Step 2 Command configure terminal mls qos srr-queue input buffers percentage1 percentage2 Step 3 end Purpose Enter global configuration mode. Allocate the buffers between the traffic. Return to privileged EXEC mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-59
  • Cisco WS-C2960-24LC-S | Software Guide - Page 560
    value with a space. SRR services the priority queue for its configured weight as specified by the bandwidth configuration file. To return to the default setting, use the no mls qos srr-queue input bandwidth global configuration command. 28-60 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 561
    frames). SRR services the priority queue for its configured weight as specified configuration command. To disable priority queueing, set the bandwidth weight to 0, for example, mls qos srr-queue input priority-queue queue-id bandwidth 0. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 562
    , and configure the maximum memory allocation for a queue-set by using the mls qos queue-set output qset-id threshold queue-id drop-threshold1 drop-threshold2 reserved-threshold maximum-threshold global configuration command. 28-62 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 563
    ... allocation4 global configuration command. The queues use WTD to support distinct drop percentages is 1 to 2. Each port belongs to a queue-set, which defines all the characteristics of the four egress queues per port. • For allocation1 ... Catalyst 2960 Switch Software Configuration Guide 28-63
  • Cisco WS-C2960-24LC-S | Software Guide - Page 564
    packets are dropped: Switch(config)# mls qos queue-set output 2 buffers 40 20 20 20 Switch(config)# mls qos queue-set output 2 threshold 2 40 60 100 200 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# queue-set 2 28-64 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 565
    Configuring QoS Configuring Standard QoS Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID You can prioritize traffic by placing packets with particular DSCPs or costs of service global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-65
  • Cisco WS-C2960-24LC-S | Software Guide - Page 566
    2, 3, and 4 are set to 0, these queues operate in shared mode. The bandwidth weight for queue 1 is 1/8, which is 12.5 percent: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth shape 8 0 0 0 28-66 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 567
    queue 4 has four times the bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times the bandwidth of queue 3. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth share 1 2 3 4 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-67
  • Cisco WS-C2960-24LC-S | Software Guide - Page 568
    on an egress port. This procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the port to be rate limited, and enter interface configuration mode. 28-68 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 569
    end show mls qos interface [interface-id] queueing copy running-config startup-config Purpose Specify the percentage of the port speed to which the port should be limited. The range is 10 to 90. By default, the port egress queues. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-69
  • Cisco WS-C2960-24LC-S | Software Guide - Page 570
    EXEC command to display classification information for incoming traffic. The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored. Display the DSCP transparency setting. 28-70 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 571
    on the Catalyst 2960 switch. For information about configuring IPv6 Multicast Listener Discovery (MLD) snooping, see Chapter 30, "Configuring IPv6 MLD Snooping." To enable dual stack environments (supporting both IPv4 and IPv6), you must configure a switch database management (SDM) template
  • Cisco WS-C2960-24LC-S | Software Guide - Page 572
    , go to the "Implementing Addressing and Basic Connectivity" section of "The Cisco IOS IPv6 Configuration Library" at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b. html 29-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 573
    and eventually to the Internet service provider. These addresses are defined support up to three addresses in hardware (one aggregatable global unicast address, one link-local unicast address, and zero or more privacy addresses). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 574
    to determine the link-layer address of another node on Configuration Protocol (DHCP) v6. The switch supports stateless autoconfiguration to manage link, subnet, and site addressing changes, such as management of host and mobile IP addresses. 29-4 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 575
    Cisco Discovery Protocol (CDP) support for IPv6 addresses For more information about managing these applications with Cisco IOS, see the "Managing Cisco IOS Applications over IPv6" section in the Cisco IOS IPv6 Configuration . OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 576
    supported. • In dual IPv4 and IPv6 environments, the switch applies IPv4 QoS and ACLs in hardware. Note If you do not plan to use IPv6, do not use the dual stack template because this template results in less TCAM capacity for each resource. 29-6 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 577
    0 0 0 Configuring IPv6 These sections contain this IPv6 forwarding configuration information: • Default IPv6 Configuration, page 29-8 • Configuring IPv6 ICMP Rate Limiting, page 29-8 • Configuring Static Routes for IPv6, page 29-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 578
    sent, one token is removed from the bucket. If a series of error messages is generated, error messages can be sent configure terminal ipv6 icmp error-interval interval [bucketsize] Step 3 Step 4 Step 5 end configuration file. 29-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 579
    static routes are not automatically updated, as with a dynamic routing protocol, and must be manually reconfigured if the network topology changes. Static routes are useful for smaller networks with only route is used in its place. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 580
    be an adjacent router). Step 3 end • administrative distance-(Optional) An administrative configure a floating static route, use an administrative distance greater than that of the dynamic routing protocol. Return to privileged EXEC mode. 29-10 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 581
    for IPv6" chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel switch. Display the IPv6 route table entries. Display IPv6 static routes. Display IPv6 traffic statistics. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29
  • Cisco WS-C2960-24LC-S | Software Guide - Page 582
    output from the show ipv6 route privileged EXEC command: Switch# show ipv6 route IPv6 Routing Table - Default - 1 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route L FF00::/8 [0/0] via Null0, receive 29-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 583
    84 neighbor solicit, 84 neighbor advert UDP statistics: Rcvd: 0 input, 0 checksum errors, 0 length errors 0 no port, 0 dropped Sent: 26749 output TCP statistics: Rcvd: 0 input, 0 checksum errors Sent: 0 output, 0 retransmitted OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 584
    Displaying IPv6 Chapter 29 Configuring IPv6 Host Functions 29-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 585
    With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 586
    messages, identified in IPv6 packets by a preceding Next Header value of 58. The switch supports two versions of MLD snooping: • MLDv1 snooping detects MLDv1 control packets and sets are ignored by MLD routers and switches. 30-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 587
    of 5 minutes; the multicast router is deleted from the router port list if no control packet is received on the port for 5 minutes. • IPv6 multicast router discovery only takes place when MLD snooping is enabled on the switch. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 588
    query-interval global configuration command. If the deleted port is the last member of the multicast address, the multicast address is also deleted, and the switch sends the address leave information to all detected multicast routers. 30-4 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 589
    page 30-6 • Configuring a Static Multicast Group, page 30-8 • Configuring a Multicast Router Port, page 30-8 • Enabling MLD Immediate Leave, page 30-9 • Configuring MLD Snooping Queries, value is 0, the VLAN uses the global count. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 590
    enable MLD snooping on the switch: Step 1 Step 2 Step 3 Command configure terminal ipv6 mld snooping end Purpose Enter global configuration mode. Globally enable MLD snooping on the switch. Return to privileged EXEC mode. 30-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 591
    to privileged EXEC mode. (Optional) Save your entries in the configuration file. To disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan-id global configuration command for the specified VLAN number. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 592
    router port (add a static connection to a multicast router), use the ipv6 mld snooping vlan mrouter global configuration command on the switch. Note Static connections to multicast routers are supported only on switch ports. 30-8 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 593
    vlan vlan-id immediate-leave global configuration command. This example shows how to enable MLD Immediate Leave on VLAN 130: Switch# configure terminal Switch(config)# ipv6 mld snooping vlan 130 immediate-leave Switch(config)# exit OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 594
    sent. The range is from 1 to 10; the default is 2. Return to privileged EXEC mode. (Optional) Verify that the MLD snooping querier information for the switch or for the VLAN. (Optional) Save your entries in the configuration file. 30-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 595
    configured router ports and VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for MLD snooping. To display MLD snooping information, use one or more of the privileged EXEC commands in Table 30-2. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 596
    and incoming port for the configured group information for the switch or for a VLAN. show ipv6 mld snooping multicast-address vlan Display MLD snooping for the specified VLAN and IPv6 multicast vlan-id [ipv6-multicast-address] address. 30-12 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 597
    EtherChannels and Link-State Tracking This chapter describes how to configure EtherChannels on Layer 2 ports on the Catalyst 2960 switch. EtherChannel provides fault-tolerant high-speed links between switches, routers, and servers. You can use it to increase the bandwidth between the wiring
  • Cisco WS-C2960-24LC-S | Software Guide - Page 598
    , no negotiations take place. The switch forces all compatible ports to become active in the EtherChannel. The other end of the channel (on the other switch) must also be configured in the on mode; otherwise, packet loss can occur. 31-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 599
    the configuration. To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31
  • Cisco WS-C2960-24LC-S | Software Guide - Page 600
    a physical port connected to a silent partner prevents that switch port from ever becoming operational. However, the silent setting allows PAgP to operate, to attach the port to a channel group, and to use the port for transmission. 31-4 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 601
    form an EtherChannel with another port that is in the active or passive mode. • A port in the passive mode cannot form an EtherChannel with another port that is also in the passive mode because neither port starts LACP negotiation. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 602
    forwarding is better suited on a particular switch. With source-and-destination MAC-address forwarding, packets sent from host A to host B, host A to host C, and host C to host B could all use different ports in the channel. 31-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 603
    A to IP address C, and from IP address C to IP address B could all use different ports in the channel. Different load-balancing methods have different advantages, and the choice of a particular load- in better load balancing. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 604
    changes applied to the port-channel interface apply to all the physical ports assigned to the port-channel interface, and configuration changes applied to the physical port affect only the port where you apply the configuration. 31-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 605
    ports in the group: - Allowed-VLAN list - Spanning-tree path cost for each VLAN - Spanning-tree port priority for each VLAN - Spanning-tree Port Fast setting • Do not configure a port to be a member of more than one EtherChannel group. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 606
    up to eight ports of the same type and speed for the same group. For a LACP EtherChannel, you can configure up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. 31-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 607
    -config Verify your entries. copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a port from the EtherChannel group, use the no channel-group interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 608
    is based on the source-MAC address of the incoming packet. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 31-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 609
    interoperability with devices that only support address learning by physical ports. When the link partner of the Catalyst 2960 switch is a physical learner (such as a Catalyst 1900 series switch), we recommend that you configure the Catalyst 2960 switch as a physical-port learner by using the pagp
  • Cisco WS-C2960-24LC-S | Software Guide - Page 610
    method must be configured the same at both ends of the link. Assign a priority so that the selected port is chosen for ports should be put in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating. 31-14 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 611
    hot-standby ports that have lower port numbers become active in the channel first. You can use the show etherchannel summary privileged EXEC command to see which ports are in the hot-standby mode (denoted with an H port-state flag). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31
  • Cisco WS-C2960-24LC-S | Software Guide - Page 612
    information, the internal LACP configuration, and neighbor information. You can clear PAgP channel-group information and traffic counters by using the clear pagp {channel-group-number counters | counters} privileged EXEC command. 31-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 613
    4. Port 3 and port 4 are the downstream interfaces in link-state group 2. - Port 5 and port 6 are connected to distribution switch 2 through link-state group 2. Port 5 and port 6 are the upstream interfaces in link-state group 2. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31
  • Cisco WS-C2960-24LC-S | Software Guide - Page 614
    the upstream ports can become unavailable or lose connectivity because the distribution switch or router fails, the cables are port from the link-state group. To recover multiple downstream interfaces, disable the link-state group. 31-18 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 615
    ports: • Default Link-State Tracking Configuration, page 31-20 • Link-State Tracking Configuration Guidelines, page 31-20 • Configuring Link-State Tracking, page 31-20 • Displaying Link-State Tracking Status, page 31-21 Server 4 141680 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 616
    1 downstream Switch(config-if)# interface gigabitethernet0/3 Switch(config-if)# link state group 1 downstream Switch(config-if)# interface gigabitethernet0/5 Switch(config-if)# link state group 1 downstream Switch(config-if)# end 31-20 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 617
    about the group. This is an example of output from the show link state group 1 command: Switch> show link state group 1 Link State Group: 1 Status: Enabled, Down This is an example of see the command reference for this release. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 618
    Configuring Link-State Tracking Chapter 31 Configuring EtherChannels and Link-State Tracking 31-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 619
    problems related to the Cisco IOS software on the Catalyst 2960 switch. Depending on the nature of the problem, you can use the command-line interface (CLI), the device manager, or Network Assistant to identify and solve problems. Additional troubleshooting information, such as LED descriptions
  • Cisco WS-C2960-24LC-S | Software Guide - Page 620
    system. The following commands will initialize the flash file system, and finish loading the operating system software# flash_init load_helper boot Initialize the flash file system: switch: flash_init 32-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 621
    the switch and, within 15 seconds, press the Mode button while the System LED is still flashing green. Continue pressing the Mode button until the System LED turns briefly amber and then solid green; then release the Mode button. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 622
    30:48 c2960-lanbase-mz.122-25.FX Mar 01 1993 22:31:59 config.text Mar 01 1993 02:21:30 vlan.dat 16128000 bytes total (10003456 bytes free) Rename the configuration file to config.text.old. This file contains the password definition. 32-4 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 623
    be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, and allows spaces but ignores leading spaces. Return to privileged EXEC mode: Switch (config)# exit Switch# OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 624
    recovery and lose the existing configuration: Would you like to reset the system back to the default configuration (y/n)? Y Load any helper files: Switch: load_helper Display the contents of flash memory: switch: dir flash: 32-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 625
    configure a redundant command switch group by using the Hot Standby Router Protocol (HSRP). For more information, see Chapter 5, "Clustering Switches." Also see the Getting Started with Cisco Network Assistant, available on Cisco.com. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 626
    . Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Remove the member switch from the cluster. Switch(config)# no cluster commander-address Return to privileged EXEC mode. Switch(config)# end Switch# 32-8 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 627
    , enter N, press Return, and begin again at Step 9. Start your browser, and enter the IP address of the new command switch. From the Cluster menu, select Add to Cluster to display a list of candidate switches to add to the cluster. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 628
    leading spaces. When prompted for the enable secret and enable passwords, enter the passwords of the failed command switch again. When prompted, make sure to enable the switch as the cluster command switch, and press Return. 32-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 629
    on both ends of the connection. Note If a remote device does not autonegotiate, configure the duplex settings on the two ports to match. The speed parameter can adjust itself even if the connected port does not autonegotiate. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 630
    an SFP module. For more information, see the show interfaces transceiver command in the command reference for this release. Using Ping These sections contain this information: • Understanding Ping, page 32-13 • Executing Ping, page 32-13 32-12 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 631
    Chapter 32 Troubleshooting Using Ping Understanding Ping The switch supports IP ping, which you can use to test connectivity to remote hosts. PDU was received. A congestion experienced packet was received. User interrupted test. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 632
    enter the traceroute mac or the traceroute mac ip privileged EXEC command on a switch that is not in the physical path from the source device to the destination device. All switches in the path must be reachable from this switch. 32-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 633
    to identify the path that packets take through the network on a hop-by-hop basis. The command output displays all network layer (Layer 3) devices, such as routers, that the traffic passes through on the way to the destination. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 634
    datagram reaches its destination, traceroute sets the UDP destination port number in the datagram to a very large value that supported in this release. This example shows how to perform a traceroute to an IP host: Switch# Switch# 32-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 635
    to the initial signal. TDR is supported only on 10/100 and 10/100/1000 copper Ethernet ports. It is not supported on SFP module ports. TDR can detect these cabling problems: • Open, broken, or cut at which the wire is open. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 636
    to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support Switched Port Analyzer (SPAN): Switch# debug span-session The switch continues to generate output until you enter the no form of the command. 32-18 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 637
    terminal connection to monitor debug output instead of connecting to the console port. Possible destinations include the console, virtual terminals, internal buffer, and UNIX , see Chapter 25, "Configuring System Message Logging." OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 638
    table results and port maps used to support personnel, who have access to detailed information about the switch application-specific integrated circuits (ASICs). However, packet forwarding information can also be helpful in troubleshooting Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 639
    recent failure. Version numbers are used instead of a timestamp because the switches do not include a real-time clock. You cannot change the name of the file that the system will use when it creates the file. However, after the OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 640
    switch failure. You provide this information to the Cisco technical support representative by manually accessing configure the switch to not create the extended creashinfo file by using the no exception crashinfo global configuration command. 32-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 641
    -ERR-DISABLE-MIB • CISCO-FLASH-MIB (Flash memory on all switches is modeled as removable flash memory.) • CISCO-FTP-CLIENT-MIB • CISCO-IGMP-FILTER-MIB • CISCO-IMAGE-MIB • CISCO IP-STAT-MIB • CISCO-LAG-MIB • CISCO-MAC-NOTIFICATION-MIB OL-8603-04 Catalyst 2960 Switch Software Configuration Guide A-1
  • Cisco WS-C2960-24LC-S | Software Guide - Page 642
    • OLD-CISCO-TS-MIB • RFC1213-MIB (Functionality is as per the agent capabilities specified in the CISCO-RFC1213-CAPABILITY.my.) • RMON-MIB • RMON2-MIB • SNMP-FRAMEWORK-MIB • SNMP-MPD-MIB • SNMP-NOTIFICATION-MIB • SNMP-TARGET-MIB • SNMPv2-MIB Catalyst 2960 Switch Software Configuration Guide A-2 OL
  • Cisco WS-C2960-24LC-S | Software Guide - Page 643
    supported MIBs for the Catalyst 2960 switch: ftp://ftp.cisco.com/pub/mibs/supportlists/cat2960/cat2960-supportlist.htmlYou can access other information about MIBs and Cisco products on the Cisco web site: http://www.cisco MIB file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide A-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 644
    Using FTP to Access the MIB Files Appendix A Supported MIBs Catalyst 2960 Switch Software Configuration Guide A-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 645
    X Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Catalyst 2960 switch flash file system, how to copy configuration files, and how to archive (upload and download) software images to a standalone switch. Note For complete
  • Cisco WS-C2960-24LC-S | Software Guide - Page 646
    file systems Field Descriptions Value Amount of configuration. tftp:-TFTP network server. xmodem:-Obtain the file from a network machine by using the Xmodem protocol. ymodem:-Obtain the file from a network machine by using the Ymodem protocol. Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 647
    Working with the Cisco IOS File System, Configuration Files, and Software ] show file systems show file information file-url show file descriptors Description Display a list of files on a file system. Display more directory. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 648
    with the Flash File System Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Creating and Removing Directories Beginning ]/directory]/filename Local writable file systems include flash:. Catalyst 2960 Switch Software Configuration Guide B-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 649
    command, we recommend using the archive download-sw and archive upload-sw privileged EXEC commands to download and upload software image files. . OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 650
    . These options are supported: • For the switch tar file that is in flash memory: Switch# archive tar /table flash:c2960-lanbase-mz.122-25.FX.tar info (219 bytes) c2960-lanbase-mz.122-25.FX/ (directory) c2960-lanbase-mz.122-25.FX/html/ (directory) Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 651
    file on a TFTP server: Switch# more tftp://serverA/hampton/savedconfig ! ! Saved configuration on server ! version 11.3 service timestamps log datetime localtime service linenumber service udp-small-servers service pt-vty-logging OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 652
    configuration. Configuration files can contain some or all of the commands needed to configure one or more switches. For example, you might want to download the same configuration file to several switches that have the same hardware configuration. Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 653
    file with the desired commands, and save it in a new file. Copy the configuration file to the appropriate server location. For example, copy the file to the TFTP directory on the workstation (usually /tftpboot on a UNIX workstation). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 654
    Cisco IOS File System, Configuration Files, and Software Images Step 5 Make sure the permissions on the file are set to world-read. Copying Configuration Files By Using TFTP You can configure the switch by using configuration /services Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 655
    shows how to upload a configuration file from a switch to a TFTP server: Switch# copy system:running-config tftp://172.16.2.155/tokyo-confg Write file tokyo-confg on host 172.16.2.155? [confirm] y # Writing tokyo-confg!!! [OK] OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-11
  • Cisco WS-C2960-24LC-S | Software Guide - Page 656
    request to a server. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in configuration command during all copy operations. The new username is stored in B-12 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 657
    on the remote server with an IP address of 172.16.101.101 to the switch startup configuration. Switch# configure terminal Switch(config)# ip ftp username netadmin1 Switch(config)# ip ftp password mypass Switch(config)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 658
    by using FTP to copy the file: Switch# configure terminal Switch(config)# ip ftp username netadmin2 Switch(config)# ip ftp password mypass Switch(config)# end Switch# copy nvram:startup-config ftp: Remote host[]? 172.16.101.101 B-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 659
    server that supports the remote shell (rsh). (Most UNIX systems support rsh.) Because you copy a configuration file from the switch to a server, the Cisco IOS software configuration command to be used during all copy operations. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 660
    on the switch: Switch# copy rcp://[email protected]/host1-confg system:running-config Configure using host1-confg from 172.16.101.101? [confirm] Connected to 172.16.101.101 Loading 1112 byte file host1-confg:![OK] Switch# B-16 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960-24LC-S | Software Guide - Page 661
    -confg Write file switch-confg on host 172.16.101.101?[confirm] Building configuration...[OK] Connected to 172.16.101.101 Switch# This example shows how to store a startup configuration file on a server: Switch# configure terminal OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-17
  • Cisco WS-C2960-24LC-S | Software Guide - Page 662
    remote-username netadmin2 Switch(config)# end Switch# copy nvram:startup-config rcp: Remote host[]? 172.16.101.101 Name of configuration file to write [switch2-confg]? Write file switch2-confg on host 172.16.101.101?[confirm] ![OK] B-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 663
    and Rollback To use the configuration replacement and rollback feature, you should understand these concepts: • Archiving a Configuration, page B-20 • Replacing a Configuration, page B-20 • Rolling Back a Configuration, page B-20 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 664
    the changes by using the configure replace target-url command. You can specify any saved configuration file as the rollback configuration. You are not limited to a fixed number of rollbacks, as is the case in some rollback models. B-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 665
    . Valid values are from 1 to 14. The default is 10. Note Before using this command, you must first enter the path archive configuration command to specify the location and filename prefix for the files in the configuration archive. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 666
    before you can use the time seconds command line option. nolock-Disable the locking of the running configuration file that prevents other users from changing the running configuration during a configuration replacement operation. B-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 667
    on the Switch, page B-24 • tar File Format of Images on a Server or Cisco.com, page B-24 • Copying Image Files By Using TFTP, page B-25 • Copying Image Files By Using FTP, page B-28 • Copying Image Files By Using RCP, page B-33 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-23
  • Cisco WS-C2960-24LC-S | Software Guide - Page 668
    image_feature: LAYER_2|MIN_DRAM_MEG=64 image_family:C2960 stacking_number:1.11 board_ids:0x00000034 0x00000042 0x00000037 0x00000041 0x0000003c info_end: Note Disregard the stacking_number field. It does not apply to the switch. B-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 669
    image with the new one or keep the current image after a download. You upload a switch image file to a server for backup purposes; this uploaded image can be used for future downloads to the same or another switch of the same type. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-25
  • Cisco WS-C2960-24LC-S | Software Guide - Page 670
    B Working with the Cisco IOS File System, Configuration Files, and Software must restart the inetd daemon after modifying the /etc/inetd.conf and /etc/services files. To restart the daemon, either stop the inetd process and restart it, 26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 671
    B Working with the Cisco IOS File System, Configuration Files, and Software Images B-26. Log into the switch through the console port or a Telnet session. Download the image file from the TFTP server to the switch, and overwrite the current 04 Catalyst 2960 Switch Software Configuration Guide B-27
  • Cisco WS-C2960-24LC-S | Software Guide - Page 672
    Cisco IOS image, and the web management switch to an FTP server. You download a switch image file from a server to upgrade the switch software. You can overwrite the current image with the new one or keep the current image after a download. B-28 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 673
    the switch has a route to the FTP server. The switch and the FTP server must be in the same subnetwork if you do not have a router to route traffic between subnets. Check connectivity to the FTP server by using the ping command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-29
  • Cisco WS-C2960-24LC-S | Software Guide - Page 674
    default remote username or password (see Steps 4, 5, and 6). (Optional) Change the default remote username. (Optional) Change the default password. Return to privileged EXEC mode. B-30 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 675
    enough space to install the new image and keep the running image, the download process stops, and an error message is displayed. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-31
  • Cisco WS-C2960-24LC-S | Software Guide - Page 676
    this image to the same switch or to another switch of the same type. Use the upload feature only if the web management pages associated with the embedded device manager have been installed with the image to be stored on the server. B-32 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 677
    archive download-sw or archive upload-sw privileged EXEC command if a username is specified. • The username set by the ip rcmd remote-username username global configuration command if the command is entered. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-33
  • Cisco WS-C2960-24LC-S | Software Guide - Page 678
    an image to the RCP to the server, it must be properly configured to accept the RCP write request from the user on the switch. For UNIX systems, you must add an entry to the .rhosts file for the remote user on the RCP server. B-34 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 679
    4 Step 5 Step 6 Command configure terminal ip rcmd remote-username username end archive download-sw /overwrite /reload B-33. Log into the switch through the console port or a Telnet session. Enter global configuration mode. This step is required Catalyst 2960 Switch Software Configuration Guide B-35
  • Cisco WS-C2960-24LC-S | Software Guide - Page 680
    files in the directory and the directory are removed. Caution For the download and upload algorithms to operate properly, do not rename image names. B-36 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 681
    , the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the tar file format. Caution For the download and upload algorithms to operate properly, do not rename image names. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-37
  • Cisco WS-C2960-24LC-S | Software Guide - Page 682
    Working with Software Images Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images B-38 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 683
    The configuration commands between the two switch platforms differ for these reasons: • The Catalyst 2950 switch runs Cisco IOS 12.1EA software, and the Catalyst 2960 switch runs Cisco IOS 12.2SE software. • The switch families have different hardware. If you use a Catalyst 2950 switch command
  • Cisco WS-C2960-24LC-S | Software Guide - Page 684
    are not supported in Cisco IOS 12.2SE. The Catalyst 2960 switch rejects these commands, and this message appears: Switch(config)# aaa processes 10 ^ %Invalid input detected at '^' marker. The Catalyst 2950 switch supports only one management VLAN. You can use this global configuration command to
  • Cisco WS-C2960-24LC-S | Software Guide - Page 685
    Upgrading a Catalyst 2950 Switch to a Catalyst 2960 Switch Configuration Compatibility Issues Table C-1 Catalyst 2950 and 2960 Switch Configuration Incompatibilities (continued) Feature Catalyst 2950 Switch Command and Explanation Result on the Catalyst 2960 Switch IEEE 802.1x In Cisco IOS
  • Cisco WS-C2960-24LC-S | Software Guide - Page 686
    configuration compatibility between the Catalyst 2950 switch and the Catalyst 2960 switch. We recommend that you enable automatic QoS (auto-QoS) on the Catalyst 2950 switch by using the auto qos voip {cisco-phone | cisco-softphone | trust} interface configuration command. The Catalyst 2960 switch
  • Cisco WS-C2960-24LC-S | Software Guide - Page 687
    spanning-tree stack-port 1. IGMP = Internet Group Management Protocol 2. QoS = quality of service 3. RSPAN = Remote Switched Port Analyzer 4. GBIC = Gigabit Interface Converter Result on the Catalyst 2960 Switch Because of advanced hardware in the Catalyst 2960 switch, you do not need to configure
  • Cisco WS-C2960-24LC-S | Software Guide - Page 688
    more information, see Chapter 28, "Configuring QoS." • RSPAN The Catalyst 2950 switch uses an extra port, called the reflector port, for its RSPAN implementation. This is not necessary in the Catalyst 2960 switch RSPAN implementation. The Catalyst 2960 switch also supports VLANs as SPAN sources and
  • Cisco WS-C2960-24LC-S | Software Guide - Page 689
    Global Configuration Commands access-list rate-limit acl-index {precedence | mask prec-mask} access-list dynamic extended Unsupported Route-Map Configuration Commands match ip address prefix-list prefix-list-name [prefix-list-name...] OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 690
    supported for this command: event manager run [policy name] ||... | Unsupported Global Configuration Commands no event manager directory user repository [url location ] event manager platform configuration Catalyst 2960 Switch Software Configuration Guide D-2 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 691
    Appendix D Unsupported Commands in Cisco IOS Release 12.2(40)SE |IGMP Snooping Commands |IGMP Snooping Commands Unsupported Global Configuration Commands ip igmp snooping tcn Interface Commands Unsupported mac-address-table static OL-8603-04 Catalyst 2960 Switch Software Configuration Guide D-3
  • Cisco WS-C2960-24LC-S | Software Guide - Page 692
    unicast flood l2protocol-tunnel global drop-threshold service compress-config stack-mac persistent timer Network Address Translation (NAT) Commands Unsupported Privileged EXEC Commands show ip nat statistics show ip nat translations Catalyst 2960 Switch Software Configuration Guide D-4 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 693
    default line aaa nas port extended radius-server attribute nas-port radius-server configure radius-server extended-portnames SNMP Unsupported Global Configuration Commands snmp-server enable informs snmp-server ifindex persist OL-8603-04 Catalyst 2960 Switch Software Configuration Guide D-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 694
    show vlan private-vlan VTP Unsupported Privileged EXEC Commands vtp {password password | pruning | version number} Note This command has been replaced by the vtp global configuration command. Catalyst 2960 Switch Software Configuration Guide D-6 OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 695
    -41 standard IP, configuring for QoS classification 28-41 support for 1-8 OL-8603 6-26 multicast, STP address management 15-8 static adding and removing ports See EtherChannel aggregate policers 28-49 aggregate policing 1-9 aging, accelerating 15-8 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 696
    + 8-11, 8-16 authorized ports with IEEE 802.1x 9-7 autoconfiguration 3-3 IN-2 Catalyst 2960 Switch Software Configuration Guide automatic discovery considerations beyond a noncandidate device 5-7 brand new switches 5-8 connectivity 5-4 different VLANs 5-6 management VLANs 5-7 non-CDP-capable
  • Cisco WS-C2960-24LC-S | Software Guide - Page 697
    -1 support for 1-4 transmission timer and holdtime, setting 20-2 updates 20-2 CGMP as IGMP snooping learning method 18-8 joining multicast group 18-3 CipherSuites 8-39 Cisco 7960 IP Phone 14-1 Cisco Discovery Protocol See CDP Cisco IOS File System See IFS Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960-24LC-S | Software Guide - Page 698
    help 2-3 history changing the buffer size 2-6 described 2-6 disabling 2-7 recalling commands 2-6 managing clusters 5-14 no and default forms of commands 2-4 client mode, VTP 13-3 IN-4 Catalyst 2960 Switch Software Configuration Guide clock See system clock cluster requirements xxxi clusters
  • Cisco WS-C2960-24LC-S | Software Guide - Page 699
    using TFTP B-11 guidelines for creating and using B-9 guidelines for replacing and rolling back B-21 invalid combinations when copying B-5 limiting TFTP server access 26-16 Catalyst 2960 Switch Software Configuration Guide IN-5
  • Cisco WS-C2960-24LC-S | Software Guide - Page 700
    map for QoS 28-18 IN-6 Catalyst 2960 Switch Software Configuration Guide CoS-to-DSCP map for QoS 28-52 counters, clearing interface 10-19 crashinfo file 32-21 critical authentication, IEEE 802.1x 9-33 cryptographic software image SSH 8-33 SSL 8-37 CWDM SFPs 1-17 D daylight saving time 6-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 701
    -based autoconfiguration 3-6 default configuration 6-16 displaying the configuration 6-17 in IPv6 29-4 overview 6-15 setting up 6-16 support for 1-4 documentation, related xxx document conventions xxx domain names DNS 6-15 VTP 13-8 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide IN-7
  • Cisco WS-C2960-24LC-S | Software Guide - Page 702
    29-1, 29-6 dual protocol stacks IPv4 and IPv6 29-6 SDM templates supporting 29-6 dual-purpose uplinks defined 10-4 LEDs 10-4 link selection 10-4 setting the type 10-10 IN-8 Catalyst 2960 Switch Software Configuration Guide dynamic access ports characteristics 12-3 configuring 12-26 defined 10
  • Cisco WS-C2960-24LC-S | Software Guide - Page 703
    9-1 F fa0 interface 1-5 features, incompatible 19-11 fiber-optic, detecting unidirectional links 22-1 files basic crashinfo description 32-21 location 32-21 copying B-5 crashinfo, description 32-21 deleting B-5 displaying the contents of B-8 Catalyst 2960 Switch Software Configuration Guide IN-9
  • Cisco WS-C2960-24LC-S | Software Guide - Page 704
    -delay time MSTP 16-23 STP 15-21 FTP accessing MIB files A-3 configuration files downloading B-13 overview B-12 preparing the server B-13 uploading B-14 IN-10 Catalyst 2960 Switch Software Configuration Guide FTP (continued) image files deleting old image B-32 downloading B-30 preparing the
  • Cisco WS-C2960-24LC-S | Software Guide - Page 705
    ports 10-3 configuration configuration 18-24 described 18-23 monitoring 18-28 support for 1-3 IGMP groups configuring filtering 18-27 setting the maximum number 18-26 IGMP Immediate Leave configuration guidelines 18-11 described 18-5 enabling 18-10 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 706
    mode 2-3 IN-12 Catalyst 2960 Switch Software Configuration Guide interfaces auto-MDIX, configuring 10-15 configuration guidelines duplex and speed 10-12 configuring procedure 10-5 counters, clearing 10-19 default configuration 10-9 described 10-16 descriptive name, adding 10-16 displaying
  • Cisco WS-C2960-24LC-S | Software Guide - Page 707
    with CoS 28-2 Layer 2 interfaces, default configuration 10-9 Layer 2 traceroute and ARP 32-15 and CDP 32-14 broadcast traffic 32-14 described 32-14 IP addresses and subnets 32-15 MAC addresses and VLANs 32-15 multicast traffic 32-15 Catalyst 2960 Switch Software Configuration Guide IN-13
  • Cisco WS-C2960-24LC-S | Software Guide - Page 708
    maintaining 21-7 overview 21-1 supported TLVs 21-2 switch stack considerations 21-2 transmission timer and holdtime, setting 21-4 LLDP-MED configuring procedures 21-3 TLVs 21-6 monitoring and maintaining 21-7 IN-14 Catalyst 2960 Switch Software Configuration Guide LLDP-MED (continued) overview
  • Cisco WS-C2960-24LC-S | Software Guide - Page 709
    manageability features 1-4 management access in-band browser session 1-5 CLI session 1-5 device manager 1-5 SNMP 1-5 out-of-band console port connection 1-5 management address TLV 21-2 management for analysis with probe 23-2 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide IN-15
  • Cisco WS-C2960-24LC-S | Software Guide - Page 710
    23 maximum hop count 16-24 MST region 16-16 neighbor type 16-25 path cost 16-20 port priority 16-19 root switch 16-17 secondary root switch 16-18 switch priority 16-21 IN-16 Catalyst 2960 Switch Software Configuration Guide MSTP (continued) CST defined 16-3 operations between regions 16-4 default
  • Cisco WS-C2960-24LC-S | Software Guide - Page 711
    configuring 12-19 default 12-19 neighbor discovery, IPv6 29-4 Network Admission Control See NAC Network Admission Control Software Configuration Guide 9-39, 9-40 Network Assistant benefits 1-1 described 1-3 downloading image files 1-2 guide mode 1-2 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 712
    -18 Catalyst 2960 Switch Software Configuration Guide NTP associations authenticating 6-4 defined 6-2 enabling broadcast messages 6-6 peer 6-5 server 6-5 default configuration 6-4 displaying the configuration 6-11 overview 6-2 restricting access creating an access group 6-8 disabling NTP services
  • Cisco WS-C2960-24LC-S | Software Guide - Page 713
    number 9-28 switch-to-client retransmission time 9-27 default configuration 9-19 described 9-1 device roles 9-2 displaying statistics 9-41 EAPOL-start frame 9-5 EAP-request/identity frame 9-5 EAP-response/identity frame 9-5 encapsulation 9-3 Catalyst 2960 Switch Software Configuration Guide IN-19
  • Cisco WS-C2960-24LC-S | Software Guide - Page 714
    described 9-9 IN-20 Catalyst 2960 Switch Software Configuration Guide port-based authentication (continued) voice VLAN described 9-14 PVID 9-14 VVID 9-14 wake-on-LAN, described 9-15 port blocking 1-3, 19-7 port-channel See EtherChannel port description TLV 21-2 Port Fast described 17-2 enabling
  • Cisco WS-C2960-24LC-S | Software Guide - Page 715
    traffic 28-5 options for non-IP traffic 28-5 policy maps, described 28-7 trust DSCP, described 28-5 trusted CoS, described 28-5 trust IP precedence, described 28-5 Catalyst 2960 Switch Software Configuration Guide IN-21
  • Cisco WS-C2960-24LC-S | Software Guide - Page 716
    configuring shared weights for SRR 28-67 described 28-4 displaying the threshold map 28-65 flowchart 28-16 mapping DSCP or CoS values 28-65 scheduling, described 28-4 setting WTD thresholds 28-62 WTD, described 28-18 enabling globally 28-33 IN-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 717
    -6 rapid convergence 16-10 rapid per-VLAN spanning-tree plus See rapid PVST+ rapid PVST+ described 15-9 IEEE 802.1Q trunking interoperability 15-10 instances supported 15-9 Rapid Spanning Tree Protocol See RSTP rcommand command 5-14 Catalyst 2960 Switch Software Configuration Guide IN-23
  • Cisco WS-C2960-24LC-S | Software Guide - Page 718
    path cost 12-22 port priority 12-20 redundant links and UplinkFast 17-13 reloading software 3-16 Remote Authentication Dial-In User Service See xxxi device manager xxx Network Assistant xxx resetting a UDLD-shutdown interface 22-6 IN-24 Catalyst 2960 Switch Software Configuration Guide responder,
  • Cisco WS-C2960-24LC-S | Software Guide - Page 719
    7-1 secure HTTP client configuring 8-43 displaying 8-43 secure HTTP server configuring 8-41 displaying 8-43 secure MAC addresses deleting 19-15 maximum number of 19-9 types of 19-8 secure ports, configuring 19-8 secure remote connections 8-33 Catalyst 2960 Switch Software Configuration Guide IN-25
  • Cisco WS-C2960-24LC-S | Software Guide - Page 720
    Simple Network Management Protocol See SNMP Smartports macros applying Cisco-default macros 11-6 applying global parameter values 11-5, 11-6 applying macros 11-5 applying parameter values 11-5, 11-7 configuration guidelines 11-2 IN-26 Catalyst 2960 Switch Software Configuration Guide Smartports
  • Cisco WS-C2960-24LC-S | Software Guide - Page 721
    See STP SPAN traffic 23-4 SRR configuring shaped weights on egress queues 28-66 shared weights on egress queues 28-67 shared weights on ingress queues 28-60 described 28-13 shaped mode 28-13 shared mode 28-13 support for 1-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide IN-27
  • Cisco WS-C2960-24LC-S | Software Guide - Page 722
    3-12 stateless autoconfiguration 29-4 static access ports assigning to VLAN 12-10 defined 10-3, 12-3 static addresses See addresses static MAC addressing 1-7 IN-28 Catalyst 2960 Switch Software Configuration Guide static routes configuring for IPv6 29-9 static VLAN membership 12-2 statistics
  • Cisco WS-C2960-24LC-S | Software Guide - Page 723
    17-8 protocols supported 15-9 redundant connectivity 15-8 root guard described 17-8 enabling 17-15 root port, defined 15-3 root switch configuring 15-14 effects of extended system ID 15-4, 15-14 election 15-3 unexpected behavior 15-14 Catalyst 2960 Switch Software Configuration Guide IN-29
  • Cisco WS-C2960-24LC-S | Software Guide - Page 724
    system capabilities TLV 21-2 system clock configuring daylight saving time 6-13 manually 6-11 summer time 6-13 time zones 6-12 displaying the time and date 6-12 overview 6-1 See also NTP IN-30 Catalyst 2960 Switch Software Configuration Guide system description TLV 21-2 system message logging
  • Cisco WS-C2960-24LC-S | Software Guide - Page 725
    32-15 MAC addresses and VLANs 32-15 multicast traffic 32-15 multiple devices on a port 32-15 unicast traffic 32-14 usage guidelines 32-14 traceroute command 32-16 See also IP traceroute traffic blocking flooded 19-7 traffic policing 1-9 Catalyst 2960 Switch Software Configuration Guide IN-31
  • Cisco WS-C2960-24LC-S | Software Guide - Page 726
    12-19 to non-DTP device 12-14 IN-32 Catalyst 2960 Switch Software Configuration Guide trusted boundary for QoS 28-36 trusted port states between QoS domains 28-38 classification options 28-5 ensuring port security for IP phones 28-36 support for 1-9 within a QoS domain 28-34 trustpoints, CA 8-38
  • Cisco WS-C2960-24LC-S | Software Guide - Page 727
    17-13 enabling 17-13 support for 1-6 uploading configuration files preparing B-10, B-13 configuration command 12-6 VLAN ID, discovering 6-26 VLAN management domain 13-2 VLAN Management Policy Server See VMPS VLAN membership confirming 12-27 modes 12-3 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960-24LC-S | Software Guide - Page 728
    1p priority tagged frames 14-5 802.1Q frames 14-4 connecting to an IP phone 14-4 default configuration 14-3 described 14-1 displaying 14-6 IP phone data traffic, described 14-2 IP phone voice traffic, described 14-2 VQP 1-7, 12-23 IN-34 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960-24LC-S | Software Guide - Page 729
    13-4 W web authentication configuring 9-38 to 9-40 described 1-7, 9-17 fallback for IEEE 802.1x 9-39 weighted tail drop See WTD wizards 1-2 WTD described 28-12 setting thresholds egress queue-sets 28-62 ingress queues 28-58 support for 1-9 Catalyst 2960 Switch Software Configuration Guide IN-35
  • Cisco WS-C2960-24LC-S | Software Guide - Page 730
    Index X Xmodem protocol 32-2 IN-36 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
  • 493
  • 494
  • 495
  • 496
  • 497
  • 498
  • 499
  • 500
  • 501
  • 502
  • 503
  • 504
  • 505
  • 506
  • 507
  • 508
  • 509
  • 510
  • 511
  • 512
  • 513
  • 514
  • 515
  • 516
  • 517
  • 518
  • 519
  • 520
  • 521
  • 522
  • 523
  • 524
  • 525
  • 526
  • 527
  • 528
  • 529
  • 530
  • 531
  • 532
  • 533
  • 534
  • 535
  • 536
  • 537
  • 538
  • 539
  • 540
  • 541
  • 542
  • 543
  • 544
  • 545
  • 546
  • 547
  • 548
  • 549
  • 550
  • 551
  • 552
  • 553
  • 554
  • 555
  • 556
  • 557
  • 558
  • 559
  • 560
  • 561
  • 562
  • 563
  • 564
  • 565
  • 566
  • 567
  • 568
  • 569
  • 570
  • 571
  • 572
  • 573
  • 574
  • 575
  • 576
  • 577
  • 578
  • 579
  • 580
  • 581
  • 582
  • 583
  • 584
  • 585
  • 586
  • 587
  • 588
  • 589
  • 590
  • 591
  • 592
  • 593
  • 594
  • 595
  • 596
  • 597
  • 598
  • 599
  • 600
  • 601
  • 602
  • 603
  • 604
  • 605
  • 606
  • 607
  • 608
  • 609
  • 610
  • 611
  • 612
  • 613
  • 614
  • 615
  • 616
  • 617
  • 618
  • 619
  • 620
  • 621
  • 622
  • 623
  • 624
  • 625
  • 626
  • 627
  • 628
  • 629
  • 630
  • 631
  • 632
  • 633
  • 634
  • 635
  • 636
  • 637
  • 638
  • 639
  • 640
  • 641
  • 642
  • 643
  • 644
  • 645
  • 646
  • 647
  • 648
  • 649
  • 650
  • 651
  • 652
  • 653
  • 654
  • 655
  • 656
  • 657
  • 658
  • 659
  • 660
  • 661
  • 662
  • 663
  • 664
  • 665
  • 666
  • 667
  • 668
  • 669
  • 670
  • 671
  • 672
  • 673
  • 674
  • 675
  • 676
  • 677
  • 678
  • 679
  • 680
  • 681
  • 682
  • 683
  • 684
  • 685
  • 686
  • 687
  • 688
  • 689
  • 690
  • 691
  • 692
  • 693
  • 694
  • 695
  • 696
  • 697
  • 698
  • 699
  • 700
  • 701
  • 702
  • 703
  • 704
  • 705
  • 706
  • 707
  • 708
  • 709
  • 710
  • 711
  • 712
  • 713
  • 714
  • 715
  • 716
  • 717
  • 718
  • 719
  • 720
  • 721
  • 722
  • 723
  • 724
  • 725
  • 726
  • 727
  • 728
  • 729
  • 730
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Catalyst 2960 Switch
Software Configuration Guide
Cisco IOS Release 12.2(40)SE
Revised September 2007
Text Part Number: OL-8603-04