Cisco 2950 24 Configuration Guide
Cisco 2950 24 - Catalyst Switch Manual
 |
UPC - 746320454498
View all Cisco 2950 24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Cisco 2950 24 manual content summary:
- Cisco 2950 24 | Configuration Guide - Page 1
Catalyst 2950 Desktop Switch Software Configuration Guide Cisco IOS Release 12.1(6)EA2b March, 2002 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC- - Cisco 2950 24 | Configuration Guide - Page 2
document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0110R) Catalyst 2950 Desktop Switch Software Configuration Guide Copyright © 2002, Cisco Systems, Inc. All rights reserved. - Cisco 2950 24 | Configuration Guide - Page 3
Medium-Sized Network Configuration 1-10 Collapsed Backbone and Switch Cluster Configuration 1-12 Large Campus Configuration 1-13 Getting Started with CMS 2-1 Features 2-2 Front Panel View 2-4 Cluster Tree 2-5 Front-Panel Images 2-6 Redundant Power System LED 2-7 Catalyst 2950 Desktop Switch Software - Cisco 2950 24 | Configuration Guide - Page 4
10 Topology Icons 2-12 Device and Link Labels 2-13 Colors in the Topology View 2-14 Topology Display Options 2-14 Menus and Toolbar 2-15 Menu Bar 2-15 Toolbar 2-20 Front Panel View Popup Menus 2-21 Device Popup Menu 2-21 Port Catalyst 2950 Desktop Switch Software Configuration Guide iv 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 5
SNMP to Access MIB Variables 4-5 Default Settings 4-6 Clustering Switches 5-1 Understanding Switch Clusters 5-2 Command Switch Characteristics 5-2 Standby Command Switch Characteristics 5-3 Candidate and Member Switches Characteristics 5-3 Catalyst 2950 Desktop Switch Software Configuration Guide v - Cisco 2950 24 | Configuration Guide - Page 6
5-11 Automatic Recovery of Cluster Configuration 5-11 Considerations for Cluster Standby Groups 5-12 IP Addresses 5-13 Host Names 5-14 Passwords 5-14 SNMP Community Strings 5-14 TACACS+ 5-15 Access Modes in CMS 5-15 Management VLAN 5-15 LRE Profiles 5-16 Availability of Switch-Specific Features in - Cisco 2950 24 | Configuration Guide - Page 7
6-23 Controlling Switch Access with RADIUS 6-24 Understanding RADIUS 6-24 RADIUS Operation 6-25 Configuring RADIUS 6-26 Default RADIUS Configuration 6-26 Identifying the RADIUS Server Host 6-27 Configuring RADIUS Login Authentication 6-29 Catalyst 2950 Desktop Switch Software Configuration Guide vii - Cisco 2950 24 | Configuration Guide - Page 8
VLAN Through a Telnet Connection 8-4 Assigning VLAN Port Membership Modes 8-4 VLAN Membership Combinations 8-6 Assigning Static-Access Ports to a VLAN 8-7 Using VTP 8-7 The VTP Domain 8-7 VTP Modes and Mode Transitions 8-7 Catalyst 2950 Desktop Switch Software Configuration Guide viii 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 9
the Native VLAN for Untagged Traffic 8-24 Load Sharing Using STP 8-24 Load Sharing Using STP Port Priorities 8-25 Configuring STP Port Priorities and Load Sharing 8-25 Load Sharing Using STP Path Cost 8-27 How the VMPS Works 8-28 Catalyst 2950 Desktop Switch Software Configuration Guide ix - Cisco 2950 24 | Configuration Guide - Page 10
Advanced STP Features 9-9 Understanding Port Fast 9-10 Understanding BPDU Guard 9-10 Understanding UplinkFast 9-11 Understanding Cross-Stack UplinkFast 9-12 How CSUF Works 9-13 Events that Cause Fast Convergence 9-14 Catalyst 2950 Desktop Switch Software Configuration Guide x 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 11
10-4 Enabling Storm Control 10-4 Disabling Storm Control 10-5 Configuring Protected Ports 10-5 Enabling Port Security 10-6 Defining the Maximum Secure Address Count 10-7 Enabling Port Security 10-7 Disabling Port Security 10-8 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 12
11-3 Setting the Snooping Method 11-4 Joining a Multicast Group 11-4 Statically Configuring a Host to Join a Group 11-5 CLI: Statically Configuring a Interface to Join a Group 11-6 Catalyst 2950 Desktop Switch Software Configuration Guide xii 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 13
11-10 Configuring MVR Interfaces 11-12 Displaying MVR 11-14 Configuring Network Security with ACLs 12-1 Understanding ACLs 12-1 ACLs 12-2 Handling Fragmented and Unfragmented Traffic 12-3 Understanding Access Control Parameters 12-4 Guidelines for Configuring ACLs on the Catalyst 2950 Switches 12 - Cisco 2950 24 | Configuration Guide - Page 14
Replacing a Failed Command Switch with a Cluster Member 14-6 Replacing a Failed Command Switch with Another Switch 14-7 Recovering from a Failed Command Switch Without HSRP 14-8 Recovering from a Lost or Forgotten Password 14-9 Catalyst 2950 Desktop Switch Software Configuration Guide xiv 78-11380 - Cisco 2950 24 | Configuration Guide - Page 15
Traceback Reports B-3 Error Messages and Recovery Procedures B-3 Chassis Message B-3 CMP Messages B-3 Environment Messages B-4 GigaStack Messages B-4 Link Message B-5 RTD Messages B-5 Storm Control Messages B-6 Contents 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide xv - Cisco 2950 24 | Configuration Guide - Page 16
Contents Catalyst 2950 Desktop Switch Software Configuration Guide xvi 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 17
service (QoS) features. The enhanced software image supports these switches: • Catalyst 2950C-24 • Catalyst 2950G-12-EI • Catalyst 2950G-24-EI • Catalyst 2950G-24-EI-DC • Catalyst 2950G-48-EI • Catalyst 2950T-24 The standard software image supports these switches: • Catalyst 2950-12 • Catalyst 2950 - Cisco 2950 24 | Configuration Guide - Page 18
commands that have been specifically created or changed for the Catalyst 2950 switches, refer to the Catalyst 2950 Desktop Switch Command Reference. Note This guide does not repeat the concepts and CLI procedures provided in the standard Cisco IOS Release 12.1 documentation. For information about - Cisco 2950 24 | Configuration Guide - Page 19
passwords or tabs, are in angle brackets (< >). Notes, cautions, and tips use these conventions and symbols: Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 20
. • Catalyst 2950 Desktop Switch Software Configuration Guide, (order number DOC-7811380=) • Catalyst 2950 Desktop Switch Command Reference, (order number DOC-7811381=) • Catalyst 2950 Desktop Switch Hardware Installation Guide (order number DOC-7811157=) • Catalyst GigaStack Gigabit Interface - Cisco 2950 24 | Configuration Guide - Page 21
tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide xxi - Cisco 2950 24 | Configuration Guide - Page 22
Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register: http://www.cisco.com/register/ xxii Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 23
of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration - Cisco 2950 24 | Configuration Guide - Page 24
Obtaining Technical Assistance Preface xxiv Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 25
topics about the Catalyst 2950 switch software: • Features • Management options • Examples of the Catalyst 2950 switches in different network topologies Features The Catalyst 2950 software supports the switches listed in the Release Notes for the Catalyst 2950 Cisco IOS Release 12.1(6)EA2b. Table - Cisco 2950 24 | Configuration Guide - Page 26
the release notes for the CMS, cluster hardware, software, and browser requirements. Performance • Autosensing of speed on the 10/100 ports and autonegotiation of duplex mode on all switch ports for optimizing bandwidth • IEEE 802.3x flow control on Gigabit ports operating in full-duplex mode • Fast - Cisco 2950 24 | Configuration Guide - Page 27
switch console port to a directly-attached terminal or to a remote terminal through a serial connection and a modem Note For additional descriptions of the management interfaces, see the "Management Options" section on page 1-6. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 28
Table 8-1 on page 8-2). VLAN Support • Catalyst 2950 switches support 250 port-based VLANs for assigning users to VLANs associated with appropriate network resources, traffic patterns, and bandwidth. Note The Catalyst 2950-12 and Catalyst 2950-24 switches support only 64 port-based VLANs. • IEEE 802 - Cisco 2950 24 | Configuration Guide - Page 29
on the switch port for allocating the amount of the port bandwidth to a specific traffic flow1 • Policing traffic flows to restrict specific applications or traffic flows to metered, predefined rates1 • Up to 60 policers on ingress Gigabit-capable Ethernet ports1 Up to six policers on ingress 10/100 - Cisco 2950 24 | Configuration Guide - Page 30
only on a switch running the enhanced software image. Management Options The Catalyst 2950 switches are designed for plug-and-play operation: you only need to assign basic IP information to the switch and connect it to the other devices in your network. If you have specific network needs, you can - Cisco 2950 24 | Configuration Guide - Page 31
users from any PC on your network. By using switch clusters and CMS, you can: • Manage and monitor interconnected Catalyst switches (refer to the release notes for a list of supported switches), regardless of their geographic proximity and interconnection media, including Ethernet, Fast Ethernet - Cisco 2950 24 | Configuration Guide - Page 32
and routers to which network users require equal access-directly to the Fast Ethernet or Gigabit Ethernet switch ports so that they have their own Fast Ethernet or Gigabit Ethernet segment. • Use the Fast EtherChannel or Gigabit EtherChannel feature between the switch and its connected servers - Cisco 2950 24 | Configuration Guide - Page 33
these networks: • Cost-effective wiring closet-A cost-effective way to connect many users to the wiring closet is to connect up to nine Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches through GigaStack GBIC connections. When you use a stack of Catalyst 2950-48 switches - Cisco 2950 24 | Configuration Guide - Page 34
divides the network into smaller segments (or workgroups) and reduces the amount of traffic that travels over a network backbone, thereby increasing the bandwidth available to each user and improving server response time. 1-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380 - Cisco 2950 24 | Configuration Guide - Page 35
Fast Ethernet switch port provides multiple, simultaneous access to the Internet through one line. Figure 1-2 Small to Medium-Sized Network Configuration Cisco 2600 router Catalyst 2900 XL, Catalyst 2950, Catalyst 3550, and Catalyst 3500 XL GigaStack cluster 100 Mbps (200 Mbps full duplex) Gigabit - Cisco 2950 24 | Configuration Guide - Page 36
from their PCs. Using Cisco IP Phones, Cisco CallManager software, and Cisco SoftPhone software integrates telephony and IP networks, and the IP network supports both voice and data. Each 10/100 inline-power port on the Catalyst 3524-PWR XL switches provides -48 VDC power to the Cisco IP Phone. The - Cisco 2950 24 | Configuration Guide - Page 37
• Cisco Access gateway (such as Cisco Access Digital Trunk Gateway or Cisco Access Analog Trunk Gateway) that connects the IP network to the Public Switched Telephone Network (PSTN) or to users in an IP telephony network. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 1-13 - Cisco 2950 24 | Configuration Guide - Page 38
network or PSTN Cisco CallManager Cisco 7200 Cisco access or 7500 router gateway Servers Catalyst 6500 switch Catalyst 2950, 2900 XL, 3500 XL, and 3550 GigaStack cluster 1 Gbps (2 Gbps full duplex) Catalyst 3524-PWR XL GigaStack cluster Workstations running Cisco SoftPhone software IP - Cisco 2950 24 | Configuration Guide - Page 39
online help. Note This chapter describes the CMS interface of the Catalyst 2950 switches. Refer to the appropriate switch documentation for descriptions of the web-based management software used on other Catalyst switches. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-1 - Cisco 2950 24 | Configuration Guide - Page 40
minimal information from you to configure some complex features - Comprehensive online help that provides high-level concepts and procedures for performing tasks from the window Catalyst 2950 Desktop Switch Software Configuration Guide 2-2 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 41
displays the legend of icons and color codes. Click Guide or Expert interaction mode to change how some configuration options will be presented to you. 65717 Front Panel view of the cluster. Topology view of the cluster. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-3 - Cisco 2950 24 | Configuration Guide - Page 42
Panel View from a Command Switch cluster1 10.1.1.2 65718 Cluster tree. Right-click a member switch image to display the device pop-up menu, and select an option to view or change system-related settings. Catalyst 2950 Desktop Switch Software Configuration Guide 2-4 Right-click the command - Cisco 2950 24 | Configuration Guide - Page 43
normally. The internal fan of the switch is not operating, or the switch is receiving power from an RPS. Switch is not powered up, has lost power, or the command switch is unable to communicate with the member switch. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-5 - Cisco 2950 24 | Configuration Guide - Page 44
Select All Ports from the port popup menu. Figure 2-5 Port Icons The following sections provide complete descriptions of the LED images. Similar descriptions of these LEDs are provided in the switch hardware installation guide. Catalyst 2950 Desktop Switch Software Configuration Guide 2-6 78 - Cisco 2950 24 | Configuration Guide - Page 45
Power System (RPS) LED shows the RPS status (Table 2-2). Certain switches in the switch cluster use a specific RPS model: • Cisco RPS 300 (model PWR300-AC-RPS-N1)-Catalyst 2900 LRE XL, Catalyst 2950, Catalyst 3524-PWR XL, and Catalyst 3550 switches • Cisco RPS 600 (model PWR600-AC-RPS)-Catalyst 2950 - Cisco 2950 24 | Configuration Guide - Page 46
in full-duplex mode. Port is operating at 10 Mbps or no link. Port is operating at 100 Mbps (10/100 ports), 155 Mbps (ATM ports), or 1000 Mbps (fixed Gigabit port). Port is operating at 1000 Mbps (10/100/1000 ports). Catalyst 2950 Desktop Switch Software Configuration Guide 2-8 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 47
8-4. Note This feature is not supported on the Catalyst 1900 and Catalyst 2820 switches. Table 2-5 VLAN Membership Modes Mode Static access Dynamic access 802.1Q trunk Negotiate trunk Color Light green Pink Peach White 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-9 - Cisco 2950 24 | Configuration Guide - Page 48
switch cluster and network neighborhood of the specific command or member switch that you access. To display a different switch cluster, you need to access the command switch or member switch icons to any area in the view. 2-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 49
Cluster View cluster1 Neighboring cluster connected to cluster1. Devices connected to cluster1 that are not eligible to join the cluster. 65722 65723 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-11 - Cisco 2950 24 | Configuration Guide - Page 50
connected to Long-Reach Ethernet (LRE) switches • Devices that are not eligible to join the cluster, such as Cisco IP phones, Cisco access points, and Cisco Discovery Protocol (CDP)- click the links that you want to select. 2-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 51
link speeds except on the LRE links, which display the administratively assigned speed settings. You can change the label settings from the Topology Options window, which is displayed by selecting View > Topology Options. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-13 - Cisco 2950 24 | Configuration Guide - Page 52
Yellow1 Red1 The device is operating. The internal fan of the switch is not operating, or the switch is receiving power from an RPS. The device is not operating. 1. Available only displayed with the device and link icons 2-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 53
exceptions: - If the command switch is a Layer 3 switch, such as a Catalyst 3550 switch, the menu bar displays the features of all Layer 3 and Layer 2 switches in the cluster. - If the command switch is a Layer 2 switch, such as a Catalyst 2950 or Catalyst 3500 XL switch, the menu bar displays the - Cisco 2950 24 | Configuration Guide - Page 54
12.0(5)WC2 or earlier - Catalyst 3550 member switches running Cisco IOS Release 12.1(6)EA1 or earlier For more information about this limitation, refer to the Catalyst 2950 release notes. • These switches do not support CMS access modes: - Catalyst 1900 and Catalyst 2820 - Catalyst 2900 XL switches - Cisco 2950 24 | Configuration Guide - Page 55
are attached to LAN ports in a point-to-point infrastructure. • Video Wizard1-Optimize multiple video servers for transmitting video traffic.6 • Priority Data Wizard1-Provide a higher priority to specific applications.6 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-17 - Cisco 2950 24 | Configuration Guide - Page 56
the Catalyst 2950 switches when they are in a cluster where the command switch is a Catalyst 2950 switch running Cisco IOS Release 12.1(6)EA2 or later. For more information about system messages, see Appendix B, "System Messages." 2-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950 24 | Configuration Guide - Page 57
with CMS Menus and Toolbar Table 2-10 Menu Bar (continued) Menu-Bar switch that is not a cluster member. 5. Available only from a cluster management session. 6. Available only from a switch running the enhanced software image. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 58
11 Toolbar Buttons Toolbar Option Keyboard Shortcut Task Print Preferences1 Save Configuration2 Software Upgrade2 Port Settings1 VLAN1 Ctrl-P Ctrl-R Ctrl-S Ctrl-U - - Print a only from a cluster-management session. 2-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 59
are not available in read-only mode. 2. Available on switches that support the Port Security feature. 3. Available only when there is an active link on the port (that is, the port LED is green when in port status mode). 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-21 - Cisco 2950 24 | Configuration Guide - Page 60
icon and right-click, the Multilink Content window appears (Figure 2-10). Click the link icon in this window, and right-click to display the link popup menu specific for that link. Figure 2-10 Multilink Decomposer Window 2-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 61
and port on either end of the link and the state of the link. 1. Not available in read-only mode. For more information about the read-only and read-write access modes, see the "Access Modes in CMS" section on page 2-31. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-23 - Cisco 2950 24 | Configuration Guide - Page 62
device could not join the cluster. Properties Display information about the device and port on either end of the link and the state of the link. 1. Available from a cluster member switch but not from the command switch. 2-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 63
select another configuration option. Expert Mode Expert mode is for users who prefer to display all the parameter fields of a feature in a single CMS window. Information about the parameter fields are provided from Help. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-25 - Cisco 2950 24 | Configuration Guide - Page 64
switch. Similar to the guide mode, wizards provide a step-by-step approach for completing a specific configuration task. Unlike guide switch is down. If you move your mouse over a table column heading, a popup displays the full heading. 2-26 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 65
features. • Dialog-specific help, available from send your comments to Cisco. We appreciate and value Back and Forward to redisplay previously displayed pages. Click Feedback to send us your comments about the online help. 65283 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 66
to select the specific switch from the Host Name Catalyst 1900 and Catalyst 2820 switches even though they are part of the cluster. Similarly, the Host Name list on the LRE Profiles window only lists the LRE switches in the cluster. 2-28 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 67
, for showing which cells in a table are editable, and for displaying further information from Cisco.com (Figure 2-13). Figure 2-13 Window Icons Buttons These are the most common buttons that or table and click Modify. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 2-29 - Cisco 2950 24 | Configuration Guide - Page 68
and password when prompted. Click Web Console. If you access CMS from a standalone or member switch, Device Manager appears. If you access CMS from a command switch, you can display the Front Panel and Topology views. 2-30 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380 - Cisco 2950 24 | Configuration Guide - Page 69
earlier - Catalyst 3550 member switches running Cisco IOS Release 12.1(6)EA1 or earlier For more information about this limitation, refer to the Catalyst 2950 release notes. • These switches do not support read-only mode on CMS: - Catalyst 1900 and Catalyst 2820 - Catalyst 2900 XL switches with 4-MB - Cisco 2950 24 | Configuration Guide - Page 70
To save all configuration changes to Flash memory, you must select Administration > Save Configuration. Note Catalyst 1900 and Catalyst 2820 switches automatically save configuration changes to Flash memory as they occur. 2-32 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 71
supported in this release. For CMS procedures and window descriptions, refer to the online help. Refer to the release notes for: • CMS software requirements • Procedures for browser configuration • Procedures for accessing CMS 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 72
Where to Go Next Chapter 2 Getting Started with CMS 2-34 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 73
Command Modes The Cisco IOS user interface is divided user EXEC commands are not saved when the switch reboots. To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password switch. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 3-1 - Cisco 2950 24 | Configuration Guide - Page 74
Ethernet interfaces. To return to privileged EXEC mode, press Ctrl-Z or enter end. To exit to global configuration mode, enter exit. Use this mode to configure parameters for the terminal line. To return to privileged EXEC mode, press Ctrl-Z or enter end. Catalyst 2950 Desktop Switch Software - Cisco 2950 24 | Configuration Guide - Page 75
must keep this packet Abbreviating Commands You only have to enter enough characters for the switch to recognize the command as unique. This example shows how to enter the show configuration command: Switch# show conf 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 3-3 - Cisco 2950 24 | Configuration Guide - Page 76
not enter enough characters Re-enter the command followed by a question mark (?) for your switch to recognize the with a space between the command and the question command. mark. The enter with the command are displayed. Catalyst 2950 Desktop Switch Software Configuration Guide 3-4 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 77
is automatically enabled. To disable the feature during the current terminal session, enter the terminal no history user EXEC command. To disable command history for the line, enter the no history line configuration command. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 3-5 - Cisco 2950 24 | Configuration Guide - Page 78
user EXEC mode: Switch> terminal editing To reconfigure a specific Press Esc B. Move the cursor back one word. Press Esc F. switch provides a buffer with the last ten items that you deleted.) Recall the most recent entry in the buffer. Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 79
screen. Redisplay the current command line Press Ctrl-L or Ctrl-R. if the switch suddenly sends a message to your screen. Redisplay the current command line. scroll back and check the syntax at the beginning of the command. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 3-7 - Cisco 2950 24 | Configuration Guide - Page 80
protocol appears: Switch# show interface | include protocol Vlan1 is up, line protocol is up Vlan10 is up, line protocol is down GigabitEthernet0/1 is up, line protocol is down GigabitEthernet0/2 is up, line protocol is up Catalyst 2950 Desktop Switch Software Configuration Guide 3-8 78-11380 - Cisco 2950 24 | Configuration Guide - Page 81
the CLI by clicking Monitor the router- HTML access to the command line interface from the Cisco Systems Access page. For information about the Cisco Systems Access page, see the "Accessing CMS" section in the release notes. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 3-9 - Cisco 2950 24 | Configuration Guide - Page 82
the IOS documentation set available from the Cisco.com home page at Service and Support > Technical Documents. On the Cisco Product Documentation home page, select Release 12.1 from the Cisco IOS Software drop-down list. 3-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 83
the IOS documentation set available from the Cisco.com home page at Service and Support > Technical Documents. On the Cisco Product Documentation home page, select Release 12.1 from the Cisco IOS Software drop-down list. Basic IP Connectivity to the Switch The switch uses IP address information to - Cisco 2950 24 | Configuration Guide - Page 84
IP information and a Telnet password to the switch or the command switch, as described in the release notes. Information about accessing the CLI through a Telnet session is in the "Accessing the CLI" section on page 3-9. Catalyst 2950 Desktop Switch Software Configuration Guide 4-2 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 85
in the release notes for information about accessing CMS: • System requirements • Running the setup program, which includes assigning a privilege-level 15 password for accessing CMS • Installing the required Java plug-in 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 4-3 - Cisco 2950 24 | Configuration Guide - Page 86
such platforms as HP OpenView or SunNet Manager. CiscoWorks2000 and CiscoView 5.0 are network-management applications that you can use to configure, monitor, and troubleshoot Catalyst 2950 switches. The switch supports a comprehensive set of Management Information Base (MIB) extensions and MIB II - Cisco 2950 24 | Configuration Guide - Page 87
network for specific information. The results of a poll can be displayed as a graph and analyzed to troubleshoot internetworking problems, to increase network performance, to verify the configuration of devices, to monitor traffic loads, and more. 78-11380-03 Catalyst 2950 Desktop Switch Software - Cisco 2950 24 | Configuration Guide - Page 88
" section on page 4-1 and the release notes. If you have specific network needs, you can configure the switch through its various management interfaces. Table 4-2 lists the key software features, their defaults, their page numbers in this guide, and where you can configure them from the command-line - Cisco 2950 24 | Configuration Guide - Page 89
set for Cisco IOS Release 12.1 on Cisco.com. HTTP Port 80 "HTTP Access to CMS" section on page 4-3. Administration > HTTP Port Management VLAN VLAN 1 "Management VLANs" section on page 8-3. VLAN > Management VLAN 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 4-7 - Cisco 2950 24 | Configuration Guide - Page 90
VLAN Port Membership Modes" VLAN > VLAN section on page 8-4. VMPS Configuration - "How the VMPS Works" section on page 8-28. VLAN > VMPS VTP Management VTP server "Configuring VTP" section on page 8-12. mode VLAN > VLAN Catalyst 2950 Desktop Switch Software Configuration Guide 4-8 78 - Cisco 2950 24 | Configuration Guide - Page 91
the EtherChannel" section on Port > EtherChannels page 10-8. "Guidelines for Configuring ACLs on the Device > ACLs Catalyst 2950 Switches" section on page 12-5. "Creating Standard and Extended IP ACLs" section on page 12-7. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 4-9 - Cisco 2950 24 | Configuration Guide - Page 92
IOS Release 12.1 on Cisco.com. "Enabling Port Security" section on page 10-6. Port > Port Security "Configuring TACACS+" section on - page 6-20. "Configuring Protected Ports" section on page 10-5. Port > Protected Port 4-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380 - Cisco 2950 24 | Configuration Guide - Page 93
Available only from a Device Manager session on a command-capable switch that is not a cluster member. 2. Available only from a cluster management session. 3. Available only on a switch running the enhanced software image. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 4-11 - Cisco 2950 24 | Configuration Guide - Page 94
Default Settings Chapter 4 General Switch Administration 4-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 95
capable Catalyst switches, but it does not provide complete descriptions of the cluster features for these other switches. For complete cluster information for a specific Catalyst platform, refer to the software configuration guide for that switch. 78-11380-03 Catalyst 2950 Desktop Switch Software - Cisco 2950 24 | Configuration Guide - Page 96
clustering, including which ones can be command switches and which ones can only be member switches, and the required software versions. Command Switch Characteristics A Catalyst 2950 command switch must meet these requirements: • It is running Cisco IOS Release 12.0(5.2)WC(1) or later. • It has an - Cisco 2950 24 | Configuration Guide - Page 97
Catalyst 2950 switches running Cisco IOS Release 12.1(6)EA2 or later. • When the Catalyst 2950 command switch is running Cisco IOS Release 12.0(5)WC2 or earlier, the standby command switches can be these switches also running Cisco IOS Release 12.0(5)WC2 or earlier: Catalyst 2900 XL, Catalyst 2950 - Cisco 2950 24 | Configuration Guide - Page 98
Passwords, page 5-14 • SNMP Community Strings, page 5-14 • TACACS+, page 5-15 • Access Modes in CMS, page 5-15 • Management VLAN, page 5-15 • LRE Profiles, page 5-16 • Availability of Switch-Specific Features in Switch Clusters, page 5-16 Refer to the release notes for the list of Catalyst switches - Cisco 2950 24 | Configuration Guide - Page 99
CDP Hops Command switch Management VLAN 16 Member switch 8 Member switch 9 Switch 11 candidate switch Edge of cluster Management VLAN 16 Member switch 10 Switch 12 Switch 13 Candidate switches Switch 14 Switch 15 65281 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 5-5 - Cisco 2950 24 | Configuration Guide - Page 100
through Non-CDP-Capable and Noncluster-Capable Devices Command switch Third-party hub (non-CDP-capable) Catalyst 3500 XL candidate switch Catalyst 5000 switch (noncluster-capable) Catalyst 2950 candidate switch 65290 Catalyst 2950 Desktop Switch Software Configuration Guide 5-6 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 101
Catalyst 2820, Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL switches Switch 4 (management VLAN 9) Switch 7 (management VLAN 4) VLAN 9 Switch 9 (management VLAN 9) Switch 8 (management VLAN 9) VLAN 4 Switch 10 (management VLAN 4) 65277 78-11380-03 Catalyst 2950 Desktop Switch Software - Cisco 2950 24 | Configuration Guide - Page 102
2820, Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL switches Switch 4 (management VLAN 16) Switch 7 (management VLAN 4) VLAN 62 Switch 9 (management VLAN 62) Switch 8 (management VLAN 9) VLAN 4 Switch 10 (management VLAN 4) 54983 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 103
2950 command switch VLAN 16 Catalyst 2950 switch (Management AP VLAN 16) VLAN 16 New (out-of-box) Catalyst 3550 Si switch VLAN 16 Catalyst 3500 XL switch AP (Management VLAN 16) VLAN 16 New (out-of-box) Catalyst 2950 switch 65581 78-11380-03 Catalyst 2950 Desktop Switch Software - Cisco 2950 24 | Configuration Guide - Page 104
detail about standby command switches: • "Virtual IP Addresses" section on page 5-11 • "Automatic Recovery of Cluster Configuration" section on page 5-11 • "Considerations for Cluster Standby Groups" section on page 5-12 5-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 105
of the latest cluster configuration from the active command switch, including members that were added while it was down. The active command switch sends a copy of the cluster configuration to the cluster standby group. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 5-11 - Cisco 2950 24 | Configuration Guide - Page 106
be Catalyst 2950 switches running Cisco IOS Release 12.1(6)EA2 or later. When the Catalyst 2950 command switch is running Cisco IOS Release 12.0(5)WC2 or earlier, the standby command switches can be these switches also running Cisco IOS Release 12.0(5)WC2 or earlier: Catalyst 2900 XL, Catalyst 2950 - Cisco 2950 24 | Configuration Guide - Page 107
(Internet Explorer), as described in the release notes. For more information about IP addresses, see the "Changing IP Information" section on page 6-1. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 5-13 - Cisco 2950 24 | Configuration Guide - Page 108
strings, see the "Configuring SNMP" section on page 6-12. For SNMP considerations specific to the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides specific for those switches. 5-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 109
earlier - Catalyst 3550 member switches running Cisco IOS Release 12.1(6)EA1 or earlier For more information about this limitation, refer to the Catalyst 2950 release notes. • The following switches do not support CMS access modes: - Catalyst 1900 and Catalyst 2820 - Catalyst 2900 XL switches with - Cisco 2950 24 | Configuration Guide - Page 110
different private profiles. For more information about the Catalyst 2900 LRE XL switches and LRE technology, refer to the Catalyst 2900 XL and Catalyst 3500 XL documentation for Cisco IOS Release 12.0(5)WC2. Availability of Switch-Specific Features in Switch Clusters The menu bar on the command - Cisco 2950 24 | Configuration Guide - Page 111
(Figure 5-7). Instead of using CMS to enable a command switch, you can use the cluster enable global configuration command. Figure 5-7 Create Cluster Window C3550-12T Enter up to 31 characters to name the cluster. 56520 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 5-17 - Cisco 2950 24 | Configuration Guide - Page 112
states which candidates were not added and why. When a candidate switch joins a cluster, it inherits the command-switch password. For more information about setting passwords, see the "Passwords" section on page 5-14. 5-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 113
the Topology View to Add Member Switches 78-11380-03 Thin line means a connection to a candidate switch. Right-click a candidate switch to display the pop-up menu, and select Add to Cluster to add the switch to the cluster. 65725 Catalyst 2950 Desktop Switch Software Configuration Guide 5-19 - Cisco 2950 24 | Configuration Guide - Page 114
hello time interval. The default HSRP standby hold time interval is 10 seconds. For more information about the standby hold time and hello time intervals, refer to the Cisco IOS Release 12.1 documentation set on Cisco.com. 5-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 115
-1 3550-150 (cisco WS-C3550-12T, SC, ... Active command switch. Standby command switch. Must be a valid IP address in the same subnet as the active command switch. Once entered, this information cannot be changed. 65726 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 5-21 - Cisco 2950 24 | Configuration Guide - Page 116
the "Recovery Procedures" section on page 14-5. For more information about creating and managing clusters, refer to the online help. For information about the cluster commands, refer to the switch command reference. 65727 5-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380 - Cisco 2950 24 | Configuration Guide - Page 117
Catalyst 2820 CLI is available only on switches running Enterprise Edition Software. For more information about the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides for those switches. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 118
community strings, see the "Configuring SNMP" section on page 6-12. Figure 5-12 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Trap Trap Trap 33020 Member 1 Member 2 Member 3 5-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 119
enabled the DHCP feature, the switch assumes you are using an external server for IP address allocation. While this feature is enabled, any values you manually enter (from the CMS or from the ip address command) are ignored. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-1 - Cisco 2950 24 | Configuration Guide - Page 120
devices. With DHCP-based autoconfiguration, your switch (DHCP client) can be automatically configured during bootup with IP address information and a configuration file that it receives during DHCP-based autoconfiguration. Catalyst 2950 Desktop Switch Software Configuration Guide 6-2 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 121
in it, and the service config global configuration command is included. This command enables the auto-loading of a configuration file from a network server. Figure 6-1 shows the to the client in a DHCPOFFER unicast message. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-3 - Cisco 2950 24 | Configuration Guide - Page 122
, the switch is not configured. If the DNS server IP address, router IP address, or TFTP server name are not found, the switch might broadcast TFTP requests. Unavailability of other lease options does not affect autoconfiguration. Catalyst 2950 Desktop Switch Software Configuration Guide 6-4 78 - Cisco 2950 24 | Configuration Guide - Page 123
refer to the Cisco IOS Release 12.1 documentation on Cisco.com for additional cisco.com. A specific device in this domain, the File Transfer Protocol (FTP) system for example, is identified as ftp.cisco network devices. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-5 - Cisco 2950 24 | Configuration Guide - Page 124
: On interface 10.0.0.2: router(config-if)# ip helper-address 20.0.0.2 router(config-if)# ip helper-address 20.0.0.3 router(config-if)# ip helper-address 20.0.0.4 On interface 20.0.0.1 router(config-if)# ip helper-address 10.0.0.1 Catalyst 2950 Desktop Switch Software Configuration Guide 6-6 78 - Cisco 2950 24 | Configuration Guide - Page 125
obtains its host name. If the host name is not found in the file, the switch uses the host name in the DHCP reply. If the host name is not specified in the DHCP reply, the switch uses the default "Switch" as its host name. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-7 - Cisco 2950 24 | Configuration Guide - Page 126
.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 DHCP server DNS server TFTP server (maritsu) Table 6-1 shows the configuration of the reserved leases on the DHCP server. 47571 Catalyst 2950 Desktop Switch Software Configuration Guide 6-8 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 127
the network-confg file from the base directory of the TFTP server. • It adds the contents of the network-confg file to its host table. • It reads its host table by indexing its IP address 10.0.0.21 to its host name (switch1). 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 128
a level, set a password, and give the password only to users who need to have access password must be an enable secret password. For information about managing passwords in switch clusters, see the "Passwords" section on page 5-14. 6-10 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 129
a Lost or Forgotten Password" section on page 14-9. For CLI procedures, refer to the Cisco IOS Release 12.1 documentation on Cisco.com for additional information and CLI procedures. Setting the System Date and Time You can change the date and a 24-hour clock time setting on the switch. If you are - Cisco 2950 24 | Configuration Guide - Page 130
By default, no trap manager is defined, and no traps are issued. Table 6-2 describes the Catalyst 2950 switch traps. You can enable any or all of these traps and configure a trap manager on these switches to receive them. 6-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 131
switch, set global CDP parameters, and display information about neighboring Cisco devices. CDP enables the Cluster Management Suite (CMS) to display a graphical view of the network. For example, the switch on page 5-4. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-13 - Cisco 2950 24 | Configuration Guide - Page 132
(over Ethernet, for example), the software first must determine the 48-bit MAC or the local data link address of that device. The process of determining the local data link address from an IP address is called address resolution. 6-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950 24 | Configuration Guide - Page 133
is unknown in another until it is learned or statically associated with a port in the other VLAN. An address can be secure in one VLAN and dynamic in another. An address can be static in one VLAN and dynamic in another. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-15 - Cisco 2950 24 | Configuration Guide - Page 134
from 10 to port or port channel. (Optional) Enter the vlan vlan-id to delete all dynamic MAC addresses for the specified VLAN. Valid IDs are from 1 to 1005; do not enter leading zeroes. Return to privileged EXEC mode. Verify your entry. 6-16 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 135
-size 100 Switch(config)# interface fastethernet0/4 Switch(config-if)# snmp trap mac-notification added You can verify the previous commands by entering the show mac-address-table notification privileged EXEC command. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-17 - Cisco 2950 24 | Configuration Guide - Page 136
static address has these characteristics: • It is manually entered in the address table and must be manually removed. • It can be a unicast or multicast address. • It does not age and is retained when the switch restarts. 6-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 137
to forward to all ports in the port group to eliminate lost packets. • For destination-based port groups, configure the address to forward to only one port in the port group to avoid the transmission of duplicate packets. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-19 - Cisco 2950 24 | Configuration Guide - Page 138
the router and the daemon. • Number of attempts that a user can make when entering a command that is being authenticated by TACACS+. Beginning in privileged EXEC mode, follow these steps to configure the TACACS+ server. 6-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 139
the password password line configuration command. • local-Uses the local username database for authentication. You must enter username information in the database. Use the username password global configuration command. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-21 - Cisco 2950 24 | Configuration Guide - Page 140
mode. aaa authorization network tacacs+ Configure the switch for user TACACS+ authorization for all network-related service requests, including SLIP, accounting for each Cisco IOS privilege level and for network services. 6-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 141
service requests, including SLIP, PPP NCPs, and ARA protocols. Configure user AAA authorization to determine if the user is allowed to run a privileged EXEC shell. Enter the local database. Repeat this command for each user. Verify your entries. 78-11380-03 Catalyst 2950 Desktop Switch Software - Cisco 2950 24 | Configuration Guide - Page 142
access. RADIUS clients run on supported Cisco routers and switches (including Catalyst 3550 multilayer switches and Catalyst 2950 switches) and send authentication requests to a central RADIUS server, which contains all user authentication and network service access information.The RADIUS host is - Cisco 2950 24 | Configuration Guide - Page 143
to a non-Cisco device if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model. Figure 6-5 Typical AAA Network Configuration R1 RADIUS server R2 RADIUS server Remote PC Catalyst 2950 switch T1 TACACS+ server - Cisco 2950 24 | Configuration Guide - Page 144
and AAA are disabled by default. To prevent a lapse in security, you cannot configure RADIUS through a network management application. When enabled, RADIUS can authenticate users accessing the switch through the CLI. 6-26 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 145
Servers" section on page 6-35. You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the "Defining AAA Server Groups" section on page 6-31. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-27 - Cisco 2950 24 | Configuration Guide - Page 146
each UDP port number is different. The switch software searches for hosts in the order in which you specify them. Set the timeout, retransmit, and encryption key values to use with the specific Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 147
the default ports for both authentication and accounting: Switch(config)# must be applied to a specific interface before any of the user access-the authentication process stops, and no other authentication methods are attempted. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 148
. You must enter username information in the database. Use the username password global configuration command. • radius-Use RADIUS authentication. You must configure the {default | list-name} line configuration command. 6-30 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 149
of the IP address and UDP port number), allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. If you configure two different the optional auth-port and acct-port keywords. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-31 - Cisco 2950 24 | Configuration Guide - Page 150
2 Command configure terminal radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number] [timeout seconds] [retransmit retries] [key string] Step 3 aaa 2. Return to privileged EXEC mode. 6-32 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 151
by using RADIUS. • Use the local database if authentication was not performed by using RADIUS. Note Authorization is bypassed for authenticated users who log in through the CLI even if authorization has been configured. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-33 - Cisco 2950 24 | Configuration Guide - Page 152
switch for user RADIUS authorization for all network-related service requests. Configure the switch for user RADIUS authorization to determine if the user {network | exec} {start-stop} method1... global configuration command. 6-34 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950 24 | Configuration Guide - Page 153
AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and * for optional attributes. This allows the full set of features available for TACACS+ authorization to also be used for RADIUS. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-35 - Cisco 2950 24 | Configuration Guide - Page 154
For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, refer to the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide for Release 12.1. Configuring the Switch for Vendor-Proprietary RADIUS Server Communication Although an IETF draft - Cisco 2950 24 | Configuration Guide - Page 155
Switch(config)# radius-server host 172.20.30.15 nonstandard Switch(config)# radius-server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration, use the show running-config privileged EXEC command. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 156
Controlling Switch Access with RADIUS Chapter 6 Configuring the System 6-38 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 157
This section includes this conceptual information: • Device Roles, page 7-2 • Authentication Initiation and Message Exchange, page 7-3 • Ports in Authorized and Unauthorized States, page 7-4 • Supported Topologies, page 7-5 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 7-1 - Cisco 2950 24 | Configuration Guide - Page 158
port-based authentication, the devices in the network have specific roles as shown in Figure 7-1. Figure 7-1 802.1X Device Roles Catalyst 2950 (switch) Authentication server (RADIUS) 65233 Workstation (client) • Client-the device (workstation) that requests access to the LAN and switch services - Cisco 2950 24 | Configuration Guide - Page 159
The specific exchange of EAP frames depends on the authentication method being used. Figure 7-2 shows a message exchange initiated by the client using the One-Time-Password (OTP) authentication method with a RADIUS server. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 7-3 - Cisco 2950 24 | Configuration Guide - Page 160
setting. • force-unauthorized-causes the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the interface. Catalyst 2950 Desktop Switch Software Configuration Guide 7-4 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 161
the clients attached to it, and the wireless access point acts as a client to the switch. Figure 7-3 Wireless LAN Example Access point Catalyst 2950 switch Authentication server (RADIUS) 65230 Wireless client 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 7-5 - Cisco 2950 24 | Configuration Guide - Page 162
state following a failed authentication exchange with the client). 30 seconds (number of seconds that the switch should wait for a response to an EAP request/identity frame from the client before retransmitting the request). Catalyst 2950 Desktop Switch Software Configuration Guide 7-6 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 163
Port Analyzer (SPAN) destination port-You can enable 802.1X on a port that is a SPAN destination port; however, 802.1X is disabled until the port is removed as a SPAN destination. You can enable 802.1X on a SPAN source port. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 164
authenticate a user. The software uses the first method listed to authenticate users; if that method fails to respond, the software selects dot1x port-control force-authorized or the no dot1x port-control interface configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 7-8 - Cisco 2950 24 | Configuration Guide - Page 165
RADIUS servers, re-enter this command. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 7-9 - Cisco 2950 24 | Configuration Guide - Page 166
see the "Controlling Switch Access with RADIUS" section on page 6-24. You also need ports. To manually re-authenticate the client connected to a specific port, see the "Manually Re-Authenticating a Client Connected to a Port 10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 167
on page 7-10. This example shows how to manually re-authenticate the client connected to Fast Ethernet port 0/1: Switch# dot1x re set the quiet time on the switch to 30 seconds: Switch(config)# dot1x timeout quiet-period 30 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 7-11 - Cisco 2950 24 | Configuration Guide - Page 168
shows how to set 60 seconds as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request: Switch(config)# dot1x timeout tx-period 60 7-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 169
multiple hosts are indirectly attached. Allow multiple hosts (clients) on an 802.1X-authorized port. Make sure that the dot1x port-control interface configuration command set is set to auto for the specified interface. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 7-13 - Cisco 2950 24 | Configuration Guide - Page 170
for a specific interface, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. 7-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950 24 | Configuration Guide - Page 171
Information Base (MIB) information and can support its own implementation of the Spanning Tree Protocol (STP). For information about managing VLAN STP instances, see the "Supported STP Instances" section on page 9-2. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 8-1 - Cisco 2950 24 | Configuration Guide - Page 172
-24 64 Catalyst 2950C-24 250 Catalyst 2950G-12-EI 250 Catalyst 2950G-24-EI 250 Catalyst 2950G-48-EI 250 Catalyst 2950G-24-EI-DC 250 Catalyst 2950T-24 250 The Catalyst 2950 switches support IEEE 802.1Q trunking methods for transmitting VLAN traffic over 100BASE-T and Gigabit Ethernet ports - Cisco 2950 24 | Configuration Guide - Page 173
to a switch port assigned to the same VLAN as the new management VLAN. • Connectivity through the network must exist from the network management station to all switches involved in the management VLAN change. • Switches running a IOS software version that is earlier than Cisco IOS 12.0(5)XP cannot - Cisco 2950 24 | Configuration Guide - Page 174
You configure a port to belong to a VLAN by assigning a membership mode that determines the kind of traffic the port carries and the number of VLANs it can belong to. Table 8-2 lists the membership modes and characteristics. Catalyst 2950 Desktop Switch Software Configuration Guide 8-4 78-11380 - Cisco 2950 24 | Configuration Guide - Page 175
port can belong to one VLAN and is manually assigned. By default, all ports are static-access ports Catalyst 5000 series switch but never a Catalyst 2950, Catalyst 2900 XL, or Catalyst 3500 XL switch. When a port belongs to a VLAN, the switch learns and manages the addresses associated with the port - Cisco 2950 24 | Configuration Guide - Page 176
The switch automatically transitions to VTP transparent mode (VTP is disabled). No VTP configuration is required. Recommended "Configuring VTP Server Mode" section on page 8-12 Adding for untagged traffic on the trunk port. Catalyst 2950 Desktop Switch Software Configuration Guide 8-6 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 177
switch. For domain name and password configuration guidelines, see the "Domain Names" section on page 8-10. VTP Modes and Mode Transitions You can configure a supported switch to be in one of the VTP modes listed in Table 8-4. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 178
10 provides tips and caveats for configuring VTP. VTP Advertisements Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port to a reserved multicast address. Neighboring switches Catalyst 2950 Desktop Switch Software Configuration Guide 8-8 78-11380- - Cisco 2950 24 | Configuration Guide - Page 179
network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links shown (port 5 on Switch 2 and port 4 on Switch 4). 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 180
share the same password. Switches without a password or with the wrong password reject VTP advertisements. Caution The domain does not function properly if you do not assign the same password to each switch in the domain. 8-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 181
network with VTP capability, the new switch learns the domain name only after the applicable password has been configured on the switch. Upgrading from Previous Software Releases When you upgrade from a software version that supports VLANs but does not support VTP, such as Cisco IOS Release 12 - Cisco 2950 24 | Configuration Guide - Page 182
on how to use this command, refer to the Catalyst 2950 Desktop Switch Command Reference. Note The Cisco IOS end and Ctrl-Z commands are not supported in VLAN database mode. After you configure VTP, you must configure a trunk port so that the switch can send and receive VTP advertisements. For more - Cisco 2950 24 | Configuration Guide - Page 183
the switch for VTP transparent mode. The default setting is VTP server. This step disables VTP on the switch. Return to privileged EXEC mode. Verify the VTP configuration. In the display, check the VTP Operating Mode field. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 184
version 2 unless every switch in the VTP domain supports version 2. Note In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly. display, check the VTP V2 Mode field. 8-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 185
• VLAN type (Ethernet, Fiber Distributed Data Interface [FDDI], FDDI network entity title [NET], TRBRF or TRCRF, Token Ring, Token Ring-Net) • VLAN state (active or suspended) • Maximum transmission unit (MTU) for the VLAN 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 8-15 - Cisco 2950 24 | Configuration Guide - Page 186
VLANs in your network: • A maximum of 250 VLANs can be active on supported switches. If VTP reports that there are 254 active VLANs, 4 of the active VLANs (1002 to 1005) are reserved for Token Ring and FDDI. Note The Catalyst 2950-12 and Catalyst 2950-24 switches support only 64 port-based VLANs - Cisco 2950 24 | Configuration Guide - Page 187
to support a number of parameters that are not discussed in detail in this section. For complete information on the commands and parameters that control VLAN configuration, refer to the Catalyst 2950 Desktop Switch Command Reference. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration - Cisco 2950 24 | Configuration Guide - Page 188
Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005. Caution When you delete a VLAN, any ports assigned to that VLAN become inactive. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN. 8-18 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 189
mode for this port. Assign the port to the VLAN. Return to privileged EXEC mode. Verify the VLAN configuration. In the display, check the Operation Mode, Access Mode VLAN, and the Priority for Untagged Frames fields. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 8-19 - Cisco 2950 24 | Configuration Guide - Page 190
a network of switches that are connected by 802.1Q trunks. Figure 8-3 Catalyst 2950, 2900 XL, and 3500 XL Switches in a 802.1Q Trunking Environment Catalyst 5000 series switch 802.1Q trunk Catalyst 2900 XL switch 802.1Q trunk Catalyst 3500 XL switch VLAN1 VLAN3 802.1Q trunk Catalyst 2950 switch - Cisco 2950 24 | Configuration Guide - Page 191
all ports in the group: • Allowed-VLAN list • STP path cost for each VLAN • STP port priority for each VLAN • STP Port Fast setting • Trunk status: if one port in a port group ceases to be a trunk, all port cease to be trunks. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 192
. Enter the interface configuration mode and the port is configured as a trunk. Set the port to static-access mode. Return to privileged EXEC. Verify your entries. In the display, check the Negotiation of Trunking field. 8-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 193
list on a trunk port: Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Enter interface configuration mode, and select the trunk port for which VLANs can be pruned. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 8-23 - Cisco 2950 24 | Configuration Guide - Page 194
trunk port. Valid IDs are from 1 switches. To avoid loops, STP normally blocks all but one parallel link between switches. With load sharing, you divide the traffic between the links according to which VLAN the traffic belongs. 8-24 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 195
vtp domain domain-name Step 3 vtp server Purpose On Switch 1, enter VLAN configuration mode. Configure a VTP administrative domain. The domain name can be from 1 to 32 characters. Configure Switch 1 as the VTP server. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 8-25 - Cisco 2950 24 | Configuration Guide - Page 196
port priority of 10 for VLAN 5. port priority 10 Step 25 spanning-tree vlan 6 Assign the port priority of 10 for VLAN 6. port priority 10 Step 26 exit Return to privileged EXEC mode. Step 27 show running-config Verify your entries. 8-26 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 197
mode, and define fastethernet 0/1 as the interface to set the STP cost. Set the spanning-tree path cost to 30 for VLAN 2. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 8-27 - Cisco 2950 24 | Configuration Guide - Page 198
use an explicit entry in the configuration table to deny access to specific MAC addresses for security reasons. If you enter the none keyword for the VLAN name, the VMPS sends an access-denied or port-shutdown response. 8-28 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 199
server must use the Catalyst 2950 convention for naming ports. For example, fastethernet 0/5 is fixed-port number 5. If the switch is a cluster member, the command switch adds the name of the switch before the Fa. For example, es3%Fa 0/2 refers to fixed 10/100 port 2 on member switch 3. These naming - Cisco 2950 24 | Configuration Guide - Page 200
vmps-port-policies vlan-group Engineering port-group WiringCloset1 vmps-port-policies vlan-name Green device 192.168.1.1 port Fa0/9 vmps-port-policies vlan-name Purple device 192.168.2.2 port Fa0/10 port-group "Executive Row" 8-30 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380 - Cisco 2950 24 | Configuration Guide - Page 201
address of the Catalyst 5000 switch or the other device acting as the VMPS to configure the Catalyst 2950 switch as a client. If the VMPS is being defined for a cluster of switches, enter the address on the command switch. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 8-31 - Cisco 2950 24 | Configuration Guide - Page 202
. In the display, check the Operational Mode field. Configure the switch port that is connected to the VMPS server as a trunk. For more information, see the "Trunks Interacting with Other Features" section on page 8-21. 8-32 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 203
steps to confirm the dynamic port VLAN membership assignments that the switch has received from the VMPS 10; the default is 3. Return to privileged EXEC mode. Verify your entry. In the display, check the Server Retry Count field. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 204
the VMPS client are separate switches. • The Catalyst 5000 series Switch 1 is the primary VMPS server. • The Catalyst 5000 series Switch 3 and Switch 10 are secondary VMPS servers. • The end stations are connected to these clients: - Catalyst 2950 Switch 2 - Catalyst 3500 XL Switch 9 • The database - Cisco 2950 24 | Configuration Guide - Page 205
2 Switch 8 Dynamic-access port Switch 9 Secondary VMPS Server 3 Switch 10 172.20.26.157 Client 172.20.26.158 Trunk port 172.20.26.159 30769 Ethernet segment (Trunk link) How the VMPS Works TFTP server Router 172.20.22.7 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 206
How the VMPS Works Chapter 8 Configuring VLANs 8-36 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 207
STP features work. It includes this information: • Supported STP Instances, page 9-2 • STP Overview, page 9-2 • Election of the Root Switch, page 9-3 • Bridge Protocol Data Units, page STP Features" section on page 9-20. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-1 - Cisco 2950 24 | Configuration Guide - Page 208
calculates the best loop-free path throughout a switched network. Switches send and receive STP frames at regular intervals. The switches do not forward these frames, but use the frames to construct a loop-free path. Catalyst 2950 Desktop Switch Software Configuration Guide 9-2 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 209
BPDU contains this information: • The unique bridge ID of the switch that the transmitting switch identifies as the root switch • The STP path cost to the root • The bridge ID of the transmitting switch • Message age 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-3 - Cisco 2950 24 | Configuration Guide - Page 210
the ideal root switch. By increasing the priority (lowering the numerical value) of the ideal switch so that it becomes the root switch, you force an STP recalculation to form a new topology with the ideal switch as the root. Catalyst 2950 Desktop Switch Software Configuration Guide 9-4 78-11380 - Cisco 2950 24 | Configuration Guide - Page 211
the root port. For example, assume that one port on Switch B is a Gigabit Ethernet link and that another port on Switch B (a 10/100 link) is the root port. Network traffic might be more efficient over the Gigabit Ethernet link. By changing the STP port priority on the Gigabit Ethernet interface to - Cisco 2950 24 | Configuration Guide - Page 212
When you power up the switch, STP is enabled by default, and every interface in the switch, VLAN, or network goes through the port • Discards frames switched from another interface for forwarding • Does not learn addresses • Receives BPDUs Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 213
state is nonoperational. A disabled interface performs as follows: • Discards frames received on the port • Discards frames switched from another interface for forwarding • Does not learn addresses • Does not receive BPDUs 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-7 - Cisco 2950 24 | Configuration Guide - Page 214
-speed and the other is low-speed, the low-speed link is always disabled. If the speeds of the two links are the same, the port priority and port ID are added together, and STP disables the link with the lowest value. Catalyst 2950 Desktop Switch Software Configuration Guide 9-8 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 215
• Understanding Cross-Stack UplinkFast, page 9-12 • Understanding BackboneFast, page 9-17 • Understanding Root Guard, page 9-19 For configuration information, see the "Configuring Advanced STP Features" section on page 9-30. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-9 - Cisco 2950 24 | Configuration Guide - Page 216
provides a secure response to invalid configurations because you must manually put the interface back in service. Note When enabled on the switch, STP applies the BPDU guard feature to all Port Fast-enabled interfaces. 9-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 217
with no link failures. Switch A, the root switch, is connected directly to Switch B over link L1 and to Switch C over link L2. The interface on Switch C that is connected directly to Switch B is in a blocking state. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-11 - Cisco 2950 24 | Configuration Guide - Page 218
, the normal STP transition occurs, completing in 30 to 40 seconds. For more information, see the "Events that Cause Fast Convergence" section on page 9-14. 9-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 219
100 or 1000 Mbps Link C (Alternate redundant link) 100 or 1000 Mbps Stack-root port Alternate stackroot port Alternate stackroot port Switch A Stack port Switch B Stack port Switch C Stack port port to stack members. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-13 - Cisco 2950 24 | Configuration Guide - Page 220
failed, is powered on. • A new switch, which might become the stack root, is added to the stack. • A switch other than the stack root is powered off or failed. • A link fails between stack ports on the multidrop backbone. 9-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 221
on Catalyst 3550 switches, all Catalyst 3500 XL switches, Catalyst 2950 switches with GBIC module slots, and on modular Catalyst 2900 XL switches. • Up to nine stack switches can be connected through their stack ports to the multidrop backbone. Only one stack port per switch is supported. • Each - Cisco 2950 24 | Configuration Guide - Page 222
-48 SYSTEM RPS STATUS UTIL DUPLX SPEED MODE 12 1X 34 2X 56 78 9 10 9 10 9 10 9 10 11X1X 12 34 21X2X 56 78 9 10 9 10 9 10 9 10 12 11X1X 34 21X2X 56 Catalyst 2950 78 9 10 9 10 9 10 9 10 1 1 2 1 65276 9-16 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 223
to the listening state without waiting for the maximum aging time for the port to expire. BackboneFast then transitions the interface on Switch C to the forwarding state, providing a path from Switch B to Switch A. This 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-17 - Cisco 2950 24 | Configuration Guide - Page 224
learns that Switch B is the designated bridge to Switch A, the root switch. Figure 9-12 Adding a Switch in a Shared-Medium Topology Switch A (Root) Switch C Blocked port Switch B (Designated bridge) Added switch 44965 9-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380 - Cisco 2950 24 | Configuration Guide - Page 225
STP root without root guard enabled Desired root switch Enable the root-guard feature on these interfaces to prevent switches in the customer network from becoming the root switch or being in the path to the root. 43578 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-19 - Cisco 2950 24 | Configuration Guide - Page 226
128. interfaces configured as trunk ports) Spanning-tree VLAN port cost (configurable on a per-VLAN basis-used on 1000 Mbps: 4. interfaces configured as trunk ports) 100 Mbps: 19. 10 Mbps: 100. Hello time 2 seconds. 9-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 227
can drastically reduce network performance. Beginning in switch priority and the switch MAC address, is associated with each instance. For each VLAN, the switch with the lowest bridge ID becomes the root switch for that VLAN. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 228
to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree vlan vlan-id root global configuration command. 9-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 229
by the root switch. The range is 1 to 10 seconds; the default is 2 seconds for STP. Use the same network diameter and hello- switch to its default setting, use the no spanning-tree vlan vlan-id root global configuration command. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 230
Cisco IOS uses the port priority value when the interface is configured as an access port and uses VLAN port priority values when the interface is configured as a trunk port vlan-id port-priority interface configuration command. 9-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380- - Cisco 2950 24 | Configuration Guide - Page 231
command only displays information for ports that are in a link-up operative state and are configured for DTP. Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-25 - Cisco 2950 24 | Configuration Guide - Page 232
privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree vlan vlan-id priority global configuration command. 9-26 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 233
10 seconds; the default is 2 seconds. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch is the number of seconds a port waits before changing from its STP Catalyst 2950 Desktop Switch Software Configuration Guide 9-27 - Cisco 2950 24 | Configuration Guide - Page 234
entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree vlan vlan-id max-age for Option 2 Acceptable for Option 3 1 1 1 6 10 6 4 7 4 9-28 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 235
STP Figure 9-14 Gigabit Ethernet Clusters Configuring Basic STP Features Catalyst 3550 series switch Cisco 7000 Catalyst 2950 router switches Catalyst 2950 switches Catalyst 2950 switches Catalyst 3550 or 6000 series backbone Catalyst 6000 switch Layer 3 backbone Cisco 7000 router 60999 - Cisco 2950 24 | Configuration Guide - Page 236
interfaces. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable the Port Fast feature, use the no spanning-tree portfast interface configuration command. 9-30 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 237
feature provides a secure response to invalid configurations because you must manually put the interface back in service. To disable BPDU guard, use the no spanning-tree portfast bpduguard global configuration command. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 9-31 - Cisco 2950 24 | Configuration Guide - Page 238
default setting. This change reduces the chance that the switch will become the root port. When UplinkFast is disabled, the switch priorities of all VLANs and path costs of all interfaces spanning-tree uplinkfast command. 9-32 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 239
a Fast Ethernet or a copper-based Gigabit Ethernet port, you port interface configuration command. To disable UplinkFast on the switch and all of its VLANs, use the no spanning-tree uplinkfast global configuration command. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 240
switches in the network. BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party switches interfaces (in the blocked state) replace the root port in the case of a failure. However, if Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 241
-to-GigaStack point-to-point connections operate in full-duplex mode. • If STP is enabled, the switch can take up to 30 seconds to check for loops when a port is reconfigured. The port LED is amber while STP reconfigures. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10-1 - Cisco 2950 24 | Configuration Guide - Page 242
only at 1000 Mbps. • 100BASE-FX ports operate only at 100 Mbps in full-duplex. Note The Catalyst 2950C-24 does not support the speed and duplex interface configuration commands in IOS Release 12.1(6)EA2. Enter the duplex parameter for the port. • The 10/100/1000 ports operate in either half- or full - Cisco 2950 24 | Configuration Guide - Page 243
pause frames; the port can receive pause frames. • receive off and send on: The port sends pause frames if the remote device supports flow control but port. Note The send keyword is not available for 10/100 Mbps ports. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10 - Cisco 2950 24 | Configuration Guide - Page 244
on a port. Forwarding these packets can cause the network to slow down or to time out. Storm control is configured for the switch as a whole but operates on a per-port basis. filtering) when traffic drops below this level. 10-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 245
When both SPAN source and SPAN destination ports are protected ports, traffic is forwarded from the SPAN source to the SPAN destination. Therefore, do not configure both SPAN source and SPAN destination as protected ports. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10-5 - Cisco 2950 24 | Configuration Guide - Page 246
of addresses in the secure address table for this port. Secure ports have at least one address. Number of addresses that the secure address table for the port can contain. Number of unauthorized addresses seen on the port. 10-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 247
the port secure addresses reach the allowed limit on the port, all packets with unknown addresses are dropped. end Return to privileged EXEC mode. show port security [interface Verify the entry. interface-id | address] 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10-7 - Cisco 2950 24 | Configuration Guide - Page 248
all must be configured as Layer 2 interfaces. Note The network device to which your switch is connected can impose its own limits on the number of interfaces in the EtherChannel. For Catalyst 2950 switches, the number of EtherChannels is limited to six with eight ports per EtherChannel. If a link - Cisco 2950 24 | Configuration Guide - Page 249
Switch Ports Figure 10-1 Typical EtherChannel Configuration Catalyst 8500, 6000, 5500, or 4000 series switch Understanding the EtherChannel Gigabit EtherChannel Catalyst 3550-12T switch 1000BASE-X 1000BASE-X Catalyst 2950-T switch 10/100 Switched links Catalyst 2950-T switch 10/100 Switched - Cisco 2950 24 | Configuration Guide - Page 250
SYST RPS STAT UTIL DUPLX SPEED MODE 1 1X 23 45 67 8 9 10 11 12 11X 2X 12X 13X 13 14 15 16 17 18 19 20 21 22 23 24 23X 14X 24X 10/100 ports Physical ports 1 Catalyst 2950 SERIES 2 GBIC module slots After you configure an EtherChannel, configuration changes applied to the - Cisco 2950 24 | Configuration Guide - Page 251
and, for Layer 2 EtherChannels on (manual configuration). All ports configured ports and directs transmissions based on that learning. A device is an aggregate-port learner if it learns addresses by aggregate (logical) ports. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10 - Cisco 2950 24 | Configuration Guide - Page 252
a single MAC address, using the destination-MAC address always chooses the same link in the channel; using source addresses might result in better load balancing. 10-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 253
. Aggregate-port learning on all interfaces. 128 on all interfaces. (Changing this value on Catalyst 2950 switches has no effect.) Load distribution on the switch is based on the source-MAC address of the incoming packet. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10-13 - Cisco 2950 24 | Configuration Guide - Page 254
the Ethernet interfaces with the channel-group interface configuration command, which creates the port-channel logical interface. Note Layer 2 interfaces must be connected and functioning for IOS to create port-channel interfaces. 10-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950 24 | Configuration Guide - Page 255
information on compatible PAgP modes for the switch and its partner, see the "PAgP Modes" section on page 10-10. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10-15 - Cisco 2950 24 | Configuration Guide - Page 256
configuration command is set to on, set the load-distribution method based on the source-MAC address by using the port-channel load-balance src-mac global configuration command. end Return to privileged EXEC mode. 10-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 257
if it learns addresses by aggregate ports. For compatibility with Catalyst 1900 series switches, configure the Catalyst 2950 switches for souce-MAC load distribution. The Catalyst 2950 supports address learning only on aggregate ports even though the physical-port keyword is provided in the command - Cisco 2950 24 | Configuration Guide - Page 258
3 10 2 1 Network analyzer 43580 Only traffic that enters or leaves source ports can be monitored by using SPAN. This release supports only local SPAN, which means the source and destination interfaces must be on the same switch. 10-18 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 259
is modified. You can monitor a range of egress ports in a SPAN session. On packets that are modified because of QoS, the modified packet might not have the same DSCP (IP packet) or CoS (non-IP packet) as the SPAN source. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10-19 - Cisco 2950 24 | Configuration Guide - Page 260
tree while the SPAN session is active. • When it is an active destination port, it does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP). • No address learning occurs on the destination port. 10-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 261
. • Multicast traffic can be monitored. For egress and ingress port monitoring, only a single unedited packet is sent to the SPAN destination port. It does not reflect the number of times the multicast packet is sent. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10-21 - Cisco 2950 24 | Configuration Guide - Page 262
of a destination port, the change is not effective until SPAN is disabled. - If you disable all source ports or the destination port, the SPAN function stops until both a source and destination port are enabled. 10-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 263
gigabitethernet0/1 Switch(config)# monitor session 1 destination interface gigabitethernet0/2 Switch(config)# end Switch# show monitor session 1 Session 1 --------- Source Ports: RX Only: None TX Only: None 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10-23 - Cisco 2950 24 | Configuration Guide - Page 264
None Destination Ports:Gi0/2 This example shows how to disable received traffic monitoring on port 1, which was configured for bidirectional monitoring: Switch(config)# no monitor session 1 source interface gigabitethernet0/1 rx 10-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78 - Cisco 2950 24 | Configuration Guide - Page 265
an example of output for the show monitor privileged EXEC command for session 1: Switch# show monitor session 1 Session 2 --------- Source Ports: RX Only: Gi0/1 TX Only: None Both: None Destination Ports:Gi0/2 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 10-25 - Cisco 2950 24 | Configuration Guide - Page 266
Configuring SPAN Chapter 10 Configuring the Switch Ports 10-26 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 267
usage information for the commands used in this chapter, refer to the Catalyst 2950 Desktop Switch Command Reference for this release and the Cisco IOS Release Network Protocols Command Reference, Part 1, for Release 12.1. This chapter consists of these sections: • Understanding and Configuring IGMP - Cisco 2950 24 | Configuration Guide - Page 268
and MVR Layer 2 multicast user-defined and IGMP snooping-learned settings. Catalyst 2950 switches support a maximum of 255 IP multicast groups and support both IGMP version 1 and IGMP version 2. If a port spanning-tree, a port Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 269
, and use the no ip igmp snooping vlan vlan-id immediate-leave global configuration command. For CLI procedures, refer to the Cisco IOS Release 12.1 documentation on Cisco.com for additional information and CLI procedures. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 11-3 - Cisco 2950 24 | Configuration Guide - Page 270
11-1 that includes the port numbers of Host 1 and the router. Figure 11-1 Initial IGMP Join Message Router A 1 IGMP Report 224.1.2.3 CPU Catalyst 2950 switch 0 47933 CAM Table 2 3 4 5 Host 1 Host 2 Host 3 Host 4 11-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 271
.0203 Type of Packet !IGMP Ports 1, 2, 5 Statically Configuring a Host to Join a Group Ports normally join multicast groups through the IGMP report message, but you can also statically configure a host on an interface. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 11-5 - Cisco 2950 24 | Configuration Guide - Page 272
are interested in traffic for the specific multicast group. If, after a number of queries, the router processor receives no reports from a VLAN, it removes the group for the VLAN from its multicast forwarding table. 11-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 273
IOS Release 12.1 documentation on Cisco.com for additional information and CLI procedures. Understanding Multicast VLAN Registration Multicast VLAN Registration (MVR) is designed for applications using wide-scale deployment of multicast traffic across an Ethernet ring-based service provider network - Cisco 2950 24 | Configuration Guide - Page 274
message is received, the receiver port is removed from multicast group membership, which speeds up leave latency. Only enable the Immediate Leave feature on receiver ports to which a single receiver device is connected. 11-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 275
reports are sent to the same MAC addresses as the multicast data. The S1 CPU must capture all IGMP join and leave messages from receiver ports and forward them to the multicast VLAN of the source (uplink) port. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 11-9 - Cisco 2950 24 | Configuration Guide - Page 276
Follow these guidelines when configuring MVR: • Receiver ports cannot be trunk ports. Receiver ports on a switch can be in different VLANs, but should not belong Enter global configuration mode. Enable MVR on the switch. 11-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 277
source ports. The default is compatible mode. end Exit configuration mode. show mvr show mvr members Verify the configuration. copy running-config startup-config (Optional) Save your entries in the configuration file. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 11 - Cisco 2950 24 | Configuration Guide - Page 278
mode, this command applies only to receiver ports. In dynamic mode, it applies to receiver ports and source ports. Receiver ports can also dynamically join multicast groups by using IGMP join and leave messages. 11-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 279
configuration file. This example shows how to configure Gigabit Ethernet port 0/1 as a receiver port, statically configure the port to receive multicast traffic sent to the multicast ACTIVE 239.255.0.9 DYNAMIC ACTIVE 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 11-13 - Cisco 2950 24 | Configuration Guide - Page 280
DISABLED This example shows the results of the show mvr interface privileged EXEC command for a specified interface: Switch# show mvr interface gigabitethernet0/2 Type: RECEIVER Status: ACTIVE Immediate Leave: DISABLED 11-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 281
.255.0.8 INACTIVE 239.255.0.9 INACTIVE 239.255.0.10 INACTIVE Members ------Gi0/1(d), Gi0/5(s) None None None None None None None None None 239.255.0.255 INACTIVE 239.255.1.0 INACTIVE None None 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 11-15 - Cisco 2950 24 | Configuration Guide - Page 282
Understanding Multicast VLAN Registration Chapter 11 Configuring IGMP Snooping and MVR 11-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 283
in this chapter, refer to the Catalyst 2950 Desktop Switch Command Reference for this release and the "Configuring IP Services" section of Cisco IOS IP and IP Routing Configuration Guide and the Command Reference for IOS Release 12.1. You can configure network security by using ACLs by either using - Cisco 2950 24 | Configuration Guide - Page 284
of a network, but to prevent another host from accessing the same part. In Figure 12-1, ACLs applied at the switch input allow Host A to access the Human Resources network, but prevent Host B from accessing the same network. 12-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380 - Cisco 2950 24 | Configuration Guide - Page 285
the first and second ACEs in the examples, the eq keyword after the destination address means to test for the TCP-destination-port well-known numbers equaling Simple Mail Transfer Protocol (SMTP) and Telnet, respectively. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 12-3 - Cisco 2950 24 | Configuration Guide - Page 286
to define a flow. • Layer 4 fields: - TCP (You can specify a TCP source, destination port number, or both at the same time.) - UDP (You can specify a UDP source, destination port number, or both at the same time.) 12-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 287
host 20.1.1.1 with a destination TCP port number of 23. Both the ACEs use the same mask; therefore, a Catalyst 2950 switch supports this ACL. • Only four user-defined masks can be defined for the entire system. These can be used for either security or quality of service (QoS) but cannot be shared - Cisco 2950 24 | Configuration Guide - Page 288
IP Services" chapter in the Cisco IP and IP Routing Configuration Guide for IOS Release 12.1. For detailed information about the commands, refer to Cisco IOS IP and IP Routing Command Reference for IOS Release 12.1. For a list of IOS features not supported on the Catalyst 2950 switch, see - Cisco 2950 24 | Configuration Guide - Page 289
list AppleTalk access list 48-bit MAC address access list IPX standard access list IPX extended access list IPX SAP access list Extended 48-bit MAC address access list Supported Yes Yes No No No No No No No No No No 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 12-7 - Cisco 2950 24 | Configuration Guide - Page 290
supported numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP ACL can be 100 are matched. The source is the source address of the network or host from which the packet is being sent: • 12-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 291
destination address Fragments TCP or UDP Layer 4 Parameters Source port operator Source port Destination port operator Destination port TCP flag TCP UDP - - - - X X X X - - X X X X X X X X X X - - 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 12-9 - Cisco 2950 24 | Configuration Guide - Page 292
to each protocol, refer to the Cisco IP and IP Routing Command Reference for IOS Release 12.1. Note The Catalyst 2950 switch does not support dynamic or reflexive access lists. It also does not support filtering based on the minimize-monetary-cost type of service (TOS) bit. When creating ACEs in - Cisco 2950 24 | Configuration Guide - Page 293
the network or host number to which the packet is sent. Define a destination or source port. supported on Catalyst 2950 switches. Verify the access list configuration. (Optional) Save your entries in the configuration file. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 12 - Cisco 2950 24 | Configuration Guide - Page 294
network 171.69.198.0 to any host in network 172.20.52.0 and permit any others. (The eq keyword after the destination address means to test for the TCP destination port number equaling Telnet.) Switch the supported 100 12-7. 12-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 295
0.0.0.0 255.255.255.255. Return to privileged EXEC mode. Show the access list configuration. (Optional) Save your entries in the configuration file. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 12-13 - Cisco 2950 24 | Configuration Guide - Page 296
address access list specification, 0.0.0.0 is Switch(config)# ip access-list extended telnetting Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out Switch(config-ext-nacl)# deny tcp host 171.69.2.88 any eq telnet 12-14 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 297
. The interface must be a Layer 2 or Layer 3 interface or a management interface VLAN ID. ip access-group {access-list-number | Control access to the specified interface. name} {in} end Return to privileged EXEC mode. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 12-15 - Cisco 2950 24 | Configuration Guide - Page 298
10 permit 12.12.12.12 Standard IP access list 12 deny 1.3.3.2 Standard IP access list 32 permit 172.20.20.20 Standard IP access list 34 permit 10.24.35.56 permit 23.45.56.34 Extended IP access list 120 Extended MAC access list mac1 12-16 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 299
of Gigabit Ethernet interface 0/1: Switch# show running-config interface gigabitethernet0/1 Building configuration... Current configuration :112 bytes ! interface GigabitEthernet0/1 ip access-group 11 in snmp trap link-status no cdp enable end! 78-11380-03 Catalyst 2950 Desktop Switch Software - Cisco 2950 24 | Configuration Guide - Page 300
ACLs, refer to the Security Configuration Guide and the "IP Services" chapter of the Cisco IOS IP and IP Routing Configuration Guide for IOS Release 12.1. Figure 12-2 shows a small networked office with a stack of Catalyst 2950 switches that are connected to a Cisco router. A host is connected to - Cisco 2950 24 | Configuration Guide - Page 301
Gigabit Ethernet port 0/1, which is configured as a Layer 2 port, with the Marketing_group ACL applied to incoming traffic. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group marketing_group in ... 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 302
ACL: Step 1 Step 2 Command configure terminal mac access-list extended name Purpose Enter global configuration mode. Define an extended MAC access list by using a name. 12-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 303
Layer 2 interface. Control access to the specified interface. Display the MAC ACLs applied to the interface. Return to privileged EXEC mode. Display the ACL configuration. (Optional) Save your entries in the configuration file. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 304
you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied to the interface and permits all packets. Remember this behavior if you use undefined ACLs as a means of network security. 12-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 305
can provide preferential treatment to certain types of traffic. Without QoS, the switch offers best-effort service to each packet, regardless of the packet contents or size. It transmits the with CMS" section on page 2-1. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13-1 - Cisco 2950 24 | Configuration Guide - Page 306
in 802.1Q frames except for traffic in the native VLAN. Other frame types cannot carry Layer 2 CoS values. Layer 2 CoS values range from 0 for low priority to 7 for high priority. • Prioritization bits in Layer 3 packets 13-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 307
QoS Understanding QoS Layer 3 IP packets can carry a Differentiated Services Code Point (DSCP) value. The supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. Figure 13-1 QoS Classification Layers in Frames and Packets Encapsulated Packet Layer 2 header IP header - Cisco 2950 24 | Configuration Guide - Page 308
packet. • Scheduling services the four egress support exists for classifying packets at the VLAN or the switched virtual interface level. You specify which fields in the frame or packet that you want to use to classify incoming traffic. 13-4 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 309
a specific DSCP value in the traffic class or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile. Before a policy map can be effective, you must attach it to an interface. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13 - Cisco 2950 24 | Configuration Guide - Page 310
DSCP configurations is meaningless for non-IP traffic. If you configure a port with this option and non-IP traffic is received, the switch assigns the default port CoS value and classifies traffic based on the CoS value. 13-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 311
the ingress interfaces: - 60 policers are supported on ingress Gigabit-capable Ethernet ports. - 6 policers are supported on ingress 10/100 Ethernet ports. - Granularity for the average burst rate is 1 Mbps for 10/100 ports and 8 Mbps for Gigabit Ethernet ports. • On an interface configured for QoS - Cisco 2950 24 | Configuration Guide - Page 312
queue are forwarded. The Catalyst 2950 switches (802.1P user priority) have four priority queues. The frames are forwarded to appropriate queues based on priority-to-queue mapping that you defined. CoS and WRR The Catalyst 2950 switches support four CoS queues for each egress port. For each queue - Cisco 2950 24 | Configuration Guide - Page 313
QoS configuration. Table 13-2 Default QoS Configuration The default port CoS value is 0. The default port trust state is untrusted.1 No policy maps are configured.1 No policers are configured.1 No policers are configured.1 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13-9 - Cisco 2950 24 | Configuration Guide - Page 314
are not supported and cannot be attached to an interface by using the service-policy port trust states: • Configuring the Trust State on Ports within the QoS Domain, page 13-11 • Configuring the CoS Value for an Interface, page 13-13 13-10 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 315
-3 shows a sample network topology. Figure 13-3 Port Trusted States within the QoS Domain Trusted interface Catalyst 2950 wiring closet Trunk Catalyst 3550-12T switch Classification of traffic performed here 65275 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13-11 - Cisco 2950 24 | Configuration Guide - Page 316
interfaces. Configure the port trust state. By default, the port is not trusted. Use the cos keyword setting if your network is composed of Ethernet LANs, Catalyst 2950 switches, and has no Map" section on page 13-21. 13-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 317
policies to interfaces. For background information, see the "Classification" section on page 13-4 and the "Policing and Marking" section on page 13-6. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13-13 - Cisco 2950 24 | Configuration Guide - Page 318
of the network addresses. Any host with a source address that does not match the ACL statements is rejected. Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 13-14 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380 - Cisco 2950 24 | Configuration Guide - Page 319
) Save your entries in the configuration file. To delete an ACL, use the no access-list access-list-number global configuration command. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13-15 - Cisco 2950 24 | Configuration Guide - Page 320
port number 25: Switch protocol). Note Deny statements are not supported for QoS ACLS. See the create a Layer 2 Switch(config)# mac access-list extended maclist1 Switch(config-ext-macl)# permit host 0001.0000.0001 host 0002.0000.0001 13-16 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 321
criterion is supported. Only one match criterion per class map is supported, and only one ACL per class map is supported. For access-group acl-index | name acl-name, specify the number or name of the ACL created in Step 3. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13 - Cisco 2950 24 | Configuration Guide - Page 322
exist for each type of traffic received through an interface. You can attach only one policy map per interface in the input direction. 13-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 323
extended ACL for IP traffic or a Layer 2 MAC ACL for non-IP port] {destination destination-wildcard | host destination | any} [operator port supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13 - Cisco 2950 24 | Configuration Guide - Page 324
100 Mbps for 10/100 Ethernet ports and 8 Mbps to 1000 Mbps for the Gigabit-capable Ethernet ports. For burst-byte, specify the normal burst size in bytes. The values supported on the 10/100 ports of 10 and transmitted. 13-20 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 325
10 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# service-policy input flow1t This example shows how to create a Layer -03 Catalyst 2950 Desktop Switch Software Configuration Guide 13-21 - Cisco 2950 24 | Configuration Guide - Page 326
Catalyst 2950 switches support these DSCP values: 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, 10 16, 18 24, 26 32, 34 40, 46 48 56 1 2 3 4 5 6 7 If these values are not appropriate for your network, you need to modify them. 13-22 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 327
and standard software images support this feature. This section describes how to configure CoS priorities and weighted round-robin (WRR): • CLI: Configuring CoS Priority Queues, page 13-24 • Configuring WRR, page 13-24 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13-23 - Cisco 2950 24 | Configuration Guide - Page 328
the CoS priority queues. To disable the WRR scheduler and enable the strict priority scheduler, use the no wrr-queue bandwidth global configuration command. 13-24 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 329
network and planned changes to your network, as shown in Figure 13-4. It contains this information: • QoS Configuration for the Common Wiring Closet, page 13-26 • QoS Configuration for the Intelligent Wiring Closet, page 13-27 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 330
Example Network Cisco router To Internet Gigabit Ethernet 0/1 Existing wiring closet Catalyst 2900 and 3500 XL switches Trunk link Gigabit Ethernet 0/5 Catalyst 3550-12G switch Gigabit Ethernet 0/2 Trunk link Gigabit Ethernet 0/2 Intelligent wiring closet Catalyst 2950 switches Video - Cisco 2950 24 | Configuration Guide - Page 331
police 5000000 8192 exceed-action drop Step 10 Step 11 Step 12 exit exit interface gigabitethernet0/1 Step 13 Step 14 Step 15 service-policy input videopolicy exit interface gigabitethernet0/2 and 7 select queue 4. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 13-27 - Cisco 2950 24 | Configuration Guide - Page 332
20 copy running-config startup-config Purpose Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 13-28 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 333
software • Recovering from a lost or forgotten password For additional troubleshooting information, refer to the switch hardware installation guide. Avoiding Configuration Conflicts Certain combinations of port features conflict with one another. For example, if you define a port as the network port - Cisco 2950 24 | Configuration Guide - Page 334
. To connect to a remote Gigabit Ethernet device that does not autonegotiate, disable autonegotiation on the local device, and set the duplex and flow control parameters to be compatible with the remote device. 14-2 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 335
problem. • CMS requires a Java plug-in order to function correctly. For instructions on downloading and installing the plug-ins, refer to the Release Notes for the Catalyst 2950 Cisco IOS Release 12 Show Java Console. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 14-3 - Cisco 2950 24 | Configuration Guide - Page 336
save your changes: switch# copy running-config startup-config Building configuration... It might take a minute or two to save the configuration to Flash memory. After it has been saved, this message appears: [OK] switch# 14-4 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 337
page 5-10 and the "Creating a Cluster Standby Group" section on page 5-20. For a list of command-capable Catalyst desktop switches, refer to the Release Notes for the Catalyst 2950 Switch on Cisco.com. If you have not configured a standby command switch, and your command switch loses power or fails - Cisco 2950 24 | Configuration Guide - Page 338
Step 10 Enter Y at the first prompt. The prompts in the setup program vary depending on the member switch that you selected to be the command switch: Continue with configuration dialog? [yes/no]: y or Configuring global parameters: 14-6 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 339
Chapter 14 Troubleshooting Recovery Procedures Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 If this prompt -c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 14-7 - Cisco 2950 24 | Configuration Guide - Page 340
. If the command switch fails and there is no standby command switch, you can use the command-switch password to recover. For more information, see the "Recovering from a Command Switch Failure" section on page 14-5. 14-8 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 341
.text.old. This file contains the password definition. switch: rename flash:config.text flash:config.text.old Step 10 Boot the system: switch: boot You are prompted to start the setup program. Enter N at the prompt: 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 14-9 - Cisco 2950 24 | Configuration Guide - Page 342
Step 1 Step 2 Step 3 Connect a PC with terminal-emulation software supporting the XMODEM Protocol to the switch console port. Set the line speed on the emulation software to 9600 baud. Disconnect the switch power cord. 14-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 343
. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that - Cisco 2950 24 | Configuration Guide - Page 344
produces less overhead. Logging messages to a syslog server produces even less, and logging to an internal buffer produces the least overhead of any method. 14-12 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 345
network 12-4. These error messages are applicable only if you have installed the enhanced software image on your switch same user-defined Layer 4 system-defined ACEs or Layer 3 system-defined ACEs. %Error:Service-Policy is not supported Catalyst 2950 Desktop Switch Software Configuration Guide A-1 - Cisco 2950 24 | Configuration Guide - Page 346
hardware does not have sufficient resources to support the user policies. %Error:Invalid mask This error message means that the user-defined mask is not entered correctly in the hardware. Remove the mask, and re-enter it. Catalyst 2950 Desktop Switch Software Configuration Guide A-2 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 347
message that gives the reasons for the ACE being invalid. %Error:Invalid sequence - IP protocol ACE not In an ACL, a Layer 4 (TCP/UDP) ACE cannot precede a Layer 3 (IP allowed after TCP/UDP protocol ACE protocol) ACE. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide A-3 - Cisco 2950 24 | Configuration Guide - Page 348
can be applied only to Layer 2 physical interfaces or have sufficient resources to support the user policies. %Error:Mask/ . %Error:Egress port invalid This error message means that an invalid egress port was detected by Catalyst 2950 Desktop Switch Software Configuration Guide A-4 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 349
CMP ENVIRONMENT GIGASTACK LINK LRE_LINK MODULE PORT SECURITY RTD STORM CONTROL Facility Chassis Cluster Membership Protocol Environment GigaStack GBIC Link LRE Link Module Port Security Runtime Diagnostic Storm Control 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide B-1 - Cisco 2950 24 | Configuration Guide - Page 350
message sometimes contains detailed information about the event, including terminal port numbers, network addresses, or addresses that correspond to locations in the system SLOT followed by a number. (For example, SLOT5.) Catalyst 2950 Desktop Switch Software Configuration Guide B-2 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 351
: Received member configuration from member [dec] Explanation This message means that the command switch received a member configuration: [dec] is the member number. Recommended Action No action is required. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide B-3 - Cisco 2950 24 | Configuration Guide - Page 352
Error Messages and Recovery Procedures Appendix B System Messages Error Message CMP-5-REMOVE The Device is removed from the this GigaStack GBIC is disabled to break the loop. Recommended Action No action is required. Catalyst 2950 Desktop Switch Software Configuration Guide B-4 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 353
to that port. Note that the show cdp neighbors command is useful in determining the next switch. Repeat this procedure until the port is found that is receiving what it is transmitting, and remove that port from the network. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide B-5 - Cisco 2950 24 | Configuration Guide - Page 354
Recovery that the Ethernet transceiver port that has been configured to be shut down if a storm event is detected. Recommended Action When the source of the packet storm has been fixed, re-enable the port by using port-configuration commands. Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 355
HTTP access 4-3 member switches 8-19 MIBs files 4-5 objects 4-4 variables 4-5 Telnet access 4-2 access levels, CMS 2-31 access lists See ACLs access ports in switch clusters 5-9 accounting in TACACS+ 6-20 accounting with RADIUS 6-34 Catalyst 2950 Desktop Switch Software Configuration Guide IN-1 - Cisco 2950 24 | Configuration Guide - Page 356
IP creating 12-8 matching criteria 12-7 unsupported features 12-6 IN-2 Catalyst 2950 Desktop Switch Software Configuration Guide ACP system-defined mask 12-4 understanding 12-4 user-defined mask 12-4 adding secure addresses 6-18 static addresses 6-18 VLAN to database 8-18 address count, secure 10 - Cisco 2950 24 | Configuration Guide - Page 357
candidates changing management VLAN for 8-3 candidate switch adding 5-18 automatic discovery 5-4 defined 5-3 HC 5-20 passwords 5-18 requirements 5-3 standby group 5-20 See also command switch, cluster standby group, and member switch Catalyst 2950 Desktop Switch Software Configuration Guide IN-3 - Cisco 2950 24 | Configuration Guide - Page 358
5-1 IN-4 Catalyst 2950 Desktop Switch Software Configuration Guide clusters, switch (continued) LRE profile considerations 5-16 management VLAN, changing 8-3 managing through CLI 5-23 managing through SNMP 5-24 planning considerations automatic discovery 5-4 automatic recovery 5-10 CLI 5-23 - Cisco 2950 24 | Configuration Guide - Page 359
switch failure 5-10 redundant 5-10, 5-20 replacing with another switch 14-7 with cluster member 14-6 requirements 5-2 standby (SC) 5-10, 5-20 See also candidate switch, clusters, and cluster standby group see also candidates, member switches Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 360
redundant Gigabit backbone 1-9 large campus 1-13 small to medium-sized network 1-10 configuration files, DHCP 6-7 configuring 802.1p class of service 8-24 AAA 6-23 aging time 6-16 broadcast messages 6-12 broadcast storm control 10-4 IN-6 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 361
6-3 Differentiated Services architecture, QoS 13-2 Differentiated Services Code Point 13-3 dir flash command 14-4 disabling broadcast storm control 10-5 port security 10-8 SNMP 6-12 trunking on a port 8-22 trunk port 8-22 VTP 8-13 Catalyst 2950 Desktop Switch Software Configuration Guide IN-7 - Cisco 2950 24 | Configuration Guide - Page 362
IN-8 Catalyst 2950 Desktop Switch Software Configuration Guide dynamic port VLAN membership (continued) reconfirming 8-33 troubleshooting 8-34 port scheduling 13-8 enable password see passwords enabling broadcast storm control 10-4 DNS 6-5 NTP authentication 6-11 port security 10-6, 10-7 SNMP 6-12 - Cisco 2950 24 | Configuration Guide - Page 363
2-4 pop-up menus 2-21 port icons 2-6 port LEDs 2-8 RPS LED 2-7 switch images 2-6 FTP, accessing MIB files 4-5 G GBICs 1000BASE-LX/LH module 1-9 1000BASE-SX module 1-9 1000BASE-ZX module 1-9 GigaStack 1-9 get-next-request operation 4-6 Catalyst 2950 Desktop Switch Software Configuration Guide IN-9 - Cisco 2950 24 | Configuration Guide - Page 364
5-14 to address mappings 6-5 hosts, limit on dynamic ports 8-34 HP OpenView 1-6, 1-7 IN-10 Catalyst 2950 Desktop Switch Software Configuration Guide HSRP automatic cluster recovery 5-11 cluster standby group considerations 5-12 See also clusters, cluster standby group, and standby command - Cisco 2950 24 | Configuration Guide - Page 365
, configuring 6-21 login authentication with RADIUS 6-29 login authentication with TACACS+ 7-8 LRE ports profiles switch clusters 5-16 M MAC addresses adding secure 6-18 aging time 6-16 allocation for STP 9-8 discovering 6-15 Catalyst 2950 Desktop Switch Software Configuration Guide IN-11 - Cisco 2950 24 | Configuration Guide - Page 366
, VLAN port 2-9, 8-5 member switch adding 5-18 automatic discovery 5-4 defined 5-2 managing 5-23 passwords 5-13 requirements 5-3 See also candidate switch, clusters, cluster standby group, and command switch IN-12 Catalyst 2950 Desktop Switch Software Configuration Guide member switches accessing - Cisco 2950 24 | Configuration Guide - Page 367
cost, STP 9-25 PC (passive command switch) 5-10, 5-20 per-VLAN Spanning Tree (PVST) 9-2 per-VLAN Spanning Tree+ (PVST+) 9-8 planning considerations, switch clusters LRE profiles 5-16 management VLAN 5-15 switch-specific features 5-16 Catalyst 2950 Desktop Switch Software Configuration Guide IN-13 - Cisco 2950 24 | Configuration Guide - Page 368
menu, Front Panel view 2-21 port priority, STP 9-24 IN-14 Catalyst 2950 Desktop Switch Software Configuration Guide ports 802.1Q trunk 2-9 802.1X 7-8 configuration guidelines 10-1 configuring protected 10-5 trunk 8-22 dynamic configuring 8-32 see also dynamic port VLAN membership dynamic access - Cisco 2950 24 | Configuration Guide - Page 369
2-31 command switch 5-23 mapping on member switches 5-23 setting 6-10 specifying 6-10 protected ports 1-2, 10-5 pruning eligible list 8-23 enabling on a port 8-23 enabling on the switch 8-15 overview 13-6 number of 13-7 types of 13-6 Catalyst 2950 Desktop Switch Software Configuration Guide IN-15 - Cisco 2950 24 | Configuration Guide - Page 370
network environments 6-24 tracking services accessed by user 6-34 rcommand command 5-23 read-only access mode 2-31 IN-16 Catalyst 2950 Desktop Switch Software Configuration Guide read-write access mode 2-31 reconfirmation interval, changing 8-33 recovery procedures 14-5 redundancy EtherChannel 10 - Cisco 2950 24 | Configuration Guide - Page 371
with other features 10-21 monitored ports 10-20 monitoring ports 10-20 overview 10-18 ports, restrictions 14-2 received traffic 10-19 sessions creating 10-23 defined 10-19 removing destination (monitoring) ports 10-24 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide IN-17 - Cisco 2950 24 | Configuration Guide - Page 372
failures 9-17 displaying status 9-29 interface state, blocking to forwarding 9-10 interface states blocking 9-6 disabled 9-7 forwarding 9-6, 9-7 learning 9-7 listening 9-7 overview 9-5 limitations with 802.1Q trunks 9-8 IN-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 - Cisco 2950 24 | Configuration Guide - Page 373
considerations LRE profiles 5-16 management VLAN 5-15 switch-specific features 5-16 Switch Manager 2-2, 2-33 See also Device Manager Switch Port Analyzer see SPAN switchport command 8-22 switch ports, configuring 10-1 switch priority, STP 9-26 switch software releases 4-2 78-11380-03 switch-to - Cisco 2950 24 | Configuration Guide - Page 374
forwarding, and protected ports 10-5 fragmented 12-3 reducing flooded 10-4 unfragmented 12-3 traffic policing 1-5 IN-20 Catalyst 2950 Desktop Switch Software Configuration Guide transparent mode, VTP 8-8, 8-13 trap managers adding 6-12 configuring 6-12 traps 4-6, 6-13 troubleshooting 14-1 with - Cisco 2950 24 | Configuration Guide - Page 375
, configuring 8-24 number supported 8-2 overview 8-1 static-access ports 8-7, 8-18, 8-19 STP and 802.1Q trunks 9-8 supported VLANs 8-2 Token port membership configuring 8-32 example 8-34 overview 8-29 reconfirming 8-33 troubleshooting 8-34 Catalyst 2950 Desktop Switch Software Configuration Guide - Cisco 2950 24 | Configuration Guide - Page 376
VQP 8-28 VTP advertisements 8-8 configuration guidelines 8-10 configuring 8-12 consistency checks 8-9 database 8-15, 8-17 support 8-9 transparent mode, configuring 8-13 traps 6-13 using 8-7 version, determining 8-11 version 1 8-9 IN-22 Catalyst 2950 Desktop Switch Software Configuration Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
 |
 |
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Catalyst 2950 Desktop Switch Software
Configuration Guide
Cisco IOS Release 12.1(6)EA2b
March, 2002
Customer Order Number: DOC-7811380=
Text Part Number: 78-11380-03