Cisco WS-C2960S-24TD-L Software Guide

Cisco WS-C2960S-24TD-L Manual

Get Cisco WS-C2960S-24TD-L PDF manuals and user guides View all Cisco WS-C2960S-24TD-L manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco WS-C2960S-24TD-L manual content summary:

  • Cisco WS-C2960S-24TD-L | Software Guide - Page 1
    Catalyst 2960 Switch Software Configuration Guide Cisco IOS Release 12.2(40)SE Revised September 2007 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 2
    , and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Catalyst 2960 Switch Software Configuration Guide © 2006-2007 Cisco Systems, Inc. All rights reserved.
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 3
    Publications xxx Obtaining Documentation, Obtaining Support, and Security Guidelines xxxii Overview 10 Default Settings After Initial Switch Configuration 1-10 Network Configuration Examples 1-12 Design Concepts for Using the Switch 1-12 Small to Medium-Sized Network Using Catalyst 2960 Switches
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 4
    3-12 Booting Manually 3-13 Booting a Specific Software Image 3-14 Controlling Environment Variables 3-14 Scheduling a Reload of the Software Image 3-16 Configuring a Scheduled Reload 3-16 Displaying Scheduled Reload Information 3-17 Catalyst 2960 Switch Software Configuration Guide iv OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 5
    VLANs 5-7 Discovery of Newly Installed Switches 5-8 HSRP and Standby Cluster Command Switches 5-9 Virtual IP Addresses 5-10 Other Considerations for Cluster Standby Groups 5-10 Automatic Recovery of Cluster Configuration 5-11 IP Addresses 5-12 Catalyst 2960 Switch Software Configuration Guide v
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 6
    the DNS Configuration 6-17 Creating a Banner 6-17 Default Banner Configuration 6-17 Configuring a Message-of-the-Day Login Banner 6-18 Configuring a Login Banner 6-19 Managing the MAC Address Table 6-19 Building the Address Table 6-20 Catalyst 2960 Switch Software Configuration Guide vi OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 7
    12 Default TACACS+ Configuration 8-13 Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13 Configuring TACACS+ Login Authentication 8-14 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16 Catalyst 2960 Switch Software Configuration Guide vii
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 8
    8-40 Configuring the Secure HTTP Server 8-41 Configuring the Secure HTTP Client 8-43 Displaying Secure HTTP Server and Client Status 8-43 Configuring the Switch for Secure Copy Protocol 8-43 Information About Secure Copy 8-44 Catalyst 2960 Switch Software Configuration Guide viii OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 9
    Switch-to-Client Retransmission Time 9-27 Setting the Switch-to-Client Frame-Retransmission Number 9-28 Setting the Re-Authentication Number 9-28 Configuring IEEE 802.1x Accounting 9-29 Configuring a Guest VLAN 9-30 Configuring a Restricted VLAN 9-31 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 10
    Interfaces 10-18 Monitoring Interface Status 10-18 Clearing and Resetting Interfaces and Counters 10-19 Shutting Down and Restarting the Interface 10-19 11 C H A P T E R Configuring Smartports Macros 11-1 Understanding Smartports Macros 11-1 Catalyst 2960 Switch Software Configuration Guide x OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 11
    with Other Features 12-16 Configuring a Trunk Port 12-17 Defining the Allowed VLANs on a Trunk 12-18 Changing the Pruning-Eligible List 12-19 Configuring the Native VLAN for Untagged Traffic 12-19 Configuring Trunk Ports for Load Sharing 12-20 Catalyst 2960 Switch Software Configuration Guide xi
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 12
    Names 13-8 Passwords 13-8 VTP Version 13-8 Configuration Requirements 13-9 Configuring a VTP Server 13-9 Configuring a VTP Client 13-11 Disabling VTP (VTP Transparent Mode) 13-12 Enabling VTP Version 2 13-13 Enabling VTP Pruning 13-14 Catalyst 2960 Switch Software Configuration Guide xii OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 13
    15-10 STP and IEEE 802.1Q Trunks 15-10 Configuring Spanning-Tree Features 15-10 Default Spanning-Tree Configuration 15-11 Spanning-Tree Configuration Guidelines 15-12 Changing the Spanning-Tree Mode. 15-13 Disabling Spanning Tree 15-14 Catalyst 2960 Switch Software Configuration Guide xiii
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 14
    16-13 Topology Changes 16-13 Configuring MSTP Features 16-14 Default MSTP Configuration 16-14 MSTP Configuration Guidelines 16-15 Specifying the MST Region Configuration and Enabling MSTP 16-16 Configuring the Root Switch 16-17 Catalyst 2960 Switch Software Configuration Guide xiv OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 15
    Spanning-Tree Features 17-9 Default Optional Spanning-Tree Configuration 17-9 Optional Spanning-Tree Configuration Guidelines 17-10 Enabling Port Fast 17-10 Enabling BPDU Guard 17-11 MVR 18-1 Understanding IGMP Snooping 18-1 IGMP Versions 18-2 Catalyst 2960 Switch Software Configuration Guide xv
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 16
    and Throttling 18-23 Default IGMP Filtering and Throttling Configuration 18-24 Configuring IGMP Profiles 18-24 Applying IGMP Profiles Configuring Port-Based Traffic Control 19-1 Configuring Storm Control 19-1 Understanding Storm Control 19-1 Catalyst 2960 Switch Software Configuration Guide xvi
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 17
    LLDP-MED 21-2 Configuring LLDP and LLDP-MED 21-3 Default LLDP Configuration 21-3 Configuring LLDP Characteristics 21-4 Disabling and Enabling LLDP Globally 21-5 Disabling and Enabling LLDP on an Interface 21-5 Configuring LLDP-MED TLVs 21-6 Catalyst 2960 Switch Software Configuration Guide xvii
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 18
    23-16 Configuring a VLAN as an RSPAN VLAN 23-16 Creating an RSPAN Source Session 23-17 Creating an RSPAN Destination Session 23-19 xviii Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 19
    24-1 Understanding RMON 24-1 Configuring RMON 24-2 Default RMON Configuration 24-3 Configuring RMON Alarms and Events 24-3 Collecting Group History Statistics on an Interface 24 25-10 Enabling the Configuration-Change Logger 25-10 Configuring UNIX Catalyst 2960 Switch Software Configuration Guide xix
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 20
    Policing on Physical Ports 28-9 Mapping Tables 28-11 Queueing and Scheduling Overview 28-12 Weighted Tail Drop 28-12 SRR Shaping and Sharing 28-13 Queueing and Scheduling on Ingress Queues 28-14 Queueing and Scheduling on Egress Queues 28-16 Catalyst 2960 Switch Software Configuration Guide xx OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 21
    28-20 Effects of Auto-QoS on the Configuration 28-24 Auto-QoS Configuration Guidelines 28-25 Enabling Auto-QoS for 28-44 Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps 28-46 Classifying, Policing, and Catalyst 2960 Switch Software Configuration Guide xxi
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 22
    30-3 Multicast Client Aging Robustness 30-3 Multicast Router Discovery 30-3 MLD Reports 30-4 MLD Done Messages and Immediate-Leave 30-4 Topology Change Notification Processing 30-5 Catalyst 2960 Switch Software Configuration Guide xxii OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 23
    -State Tracking 31-17 Configuring Link-State Tracking 31-19 Default Link-State Tracking Configuration 31-20 Link-State Tracking Configuration Guidelines 31-20 Configuring Link-State Tracking 31-20 Displaying Link-State Tracking Status 31-21 Catalyst 2960 Switch Software Configuration Guide xxiii
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 24
    -19 Using the show platform forward Command 32-20 Using the crashinfo Files 32-21 Basic crashinfo Files 32-21 Extended crashinfo Files 32-22 Supported MIBs A-1 MIB List A-1 Using FTP to Access the MIB Files A-3 xxiv Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 25
    and Rolling Back Configurations B-19 Understanding Configuration Replacement and Rollback B-19 Configuration Guidelines B-21 Configuring the Configuration Archive B-21 Performing a Configuration Replacement or Rollback Operation B-22 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide xxv
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 26
    B-33 Downloading an Image File By Using RCP B-35 Uploading an Image File By Using RCP B-37 B-38 Recommendations for Upgrading a Catalyst 2950 Switch to a Catalyst 2960 Switch C-1 Configuration Compatibility Issues C-1 Feature Behavior Incompatibilities C-5 Unsupported Commands in Cisco IOS Release
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 27
    Interface Configuration Command D-6 VLAN D-6 Unsupported Global Configuration Command D-6 Unsupported vlan-config Command D-6 Unsupported User EXEC Commands D-6 VTP D-6 Unsupported Privileged EXEC Commands D-6 Contents OL-8603-04 Catalyst 2960 Switch Software Configuration Guide xxvii
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 28
    Contents xxviii Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 29
    and terminology of Ethernet and local area networking. Purpose This guide provides the information that you need to configure Cisco IOS software features on your switch. The Catalyst 2960 software provides enterprise-class intelligent services such as access control lists (ACLs) and quality of
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 30
    Nonprinting characters, such as passwords or tabs, are in contained in this manual. Caution Means reader Cisco.com). • For Network Assistant requirements, see the Getting Started with Cisco Network Assistant (not orderable but available on Cisco.com). Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 31
    on Cisco.com) • Catalyst 2960 Switch Command Reference (not orderable but available on Cisco.com) • Device manager online help (available on the switch) • Catalyst 2960 Switch Hardware Installation Guide (not orderable but available on Cisco.com) • Catalyst 2960 Switch Getting Started Guide (order
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 32
    aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html xxxii Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 33
    Overview 1 C H A P T E R This chapter provides these topics about the Catalyst 2960 switch software: • Features, page 1-1 • Default Settings After Initial Switch Configuration, page 1-10 • Network Configuration Examples, page 1-12 • Where to Go Next, page 1-18 In this document, IP refers to IP
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 34
    that are not directly connected to the command switch. Performance Features The switch ships with these performance features: • Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing bandwidth Catalyst 2960 Switch Software Configuration Guide 1-2 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 35
    for configuring the leave latency for the network • Switch Database Management (SDM) templates for allocating system resources to maximize support for user-selected features • Cisco IOS IP Service Level Agreements (SLAs), a part of Cisco IOS software that uses active traffic monitoring for measuring
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 36
    the endpoint device • Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external source • Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses Catalyst 2960 Switch Software Configuration Guide 1-4 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 37
    copying switch configuration or switch image files (requires the cryptographic version of the software) • Configuration replacement and rollback to replace the running configuration on a switch with any saved Cisco IOS configuration file OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 38
    spanning-tree instances supported - Per-VLAN ports from becoming designated ports because of a failure that leads to a unidirectional link • Flex Link Layer 2 interfaces to back up one another as an alternative to STP for basic link redundancy Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 39
    ensuring security • Protected port option for restricting the forwarding of traffic to designated ports on the same switch • Port security option for limiting and identifying MAC addresses of the stations allowed to access the port OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 40
    AAA) services • Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption, and message integrity and HTTP client authentication to allow secure HTTP communications (requires the cryptographic version of the software) Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 41
    but limited to using a share of port bandwidth. Shared egress queues are also guaranteed a configured share of bandwidth, but can use more than the guarantee if other queues become empty and do not use their share of the bandwidth. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 42
    (TDR) to diagnose and resolve cabling problems on 10/100 and 10/100/1000 copper Ethernet ports • SFP module diagnostic management interface to monitor physical or operational status of an SFP module Default Settings After Initial Switch Configuration The switch is designed for plug-and-play
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 43
    IEEE 802.1x Port-Based Authentication." • Port parameters - Interface speed and duplex mode is autonegotiate. For more information, see Chapter 10, "Configuring Interface Characteristics , "Configuring IGMP Snooping and MVR." OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 44
    Chapter 18, "Configuring IGMP Snooping and MVR." • Port-based traffic - Broadcast, multicast, and unicast storm control • RMON is disabled. For more information, see Chapter 24, "Configuring RMON." • Syslog messages are enabled and appear Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 45
    and BackboneFast for traffic-load balancing on the uplink ports and availability to provide always on so that the uplink port with a lower relative port cost is selected to carry the VLAN mission-critical applications traffic. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 46
    . Using SFP modules also provides flexibility in media and distance options through fiber-optic connections. Figure 1-1 High-Performance Workgroup (Gigabit-to-the-Desktop) Catalyst 3750 switches Access-layer Catalyst switches 89373 1-14 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 47
    redundant Gigabit EtherChannels. Using dual SFP module uplinks from the switches provides redundant uplinks to the network core. Using SFP modules provides flexibility in media and distance options through fiber-optic connections. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 48
    telephony and IP networks, and the IP network supports both voice and data. The routers also provide firewall services, Network Address Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access. 1-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 49
    cable. The CWDM OADM modules on the receiving end separate (or demultiplex) the different wavelengths. For more information about the CWDM SFP modules and CWDM OADM modules, see the Cisco CWDM GBIC and CWDM SFP Installation Note. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 1-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 50
    modules Catalyst 4500 multilayer switches Where to Go Next Before configuring the switch, review these sections for startup information: • Chapter 2, "Using the Command-Line Interface" • Chapter 3, "Assigning the Switch IP Address and Default Gateway" 95750 1-18 Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 51
    the Cisco IOS command-line interface (CLI) and how to use it to configure your Catalyst 2960 switch. It contains these sections: • Understanding Command Modes, page 2-1 • Understanding the Help System, page 2-3 • Understanding Abbreviated Commands, page 2-4 • Understanding no and default Forms
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 52
    VLANs (VLAN IDs greater than 1005) and save configurations in the switch startup configuration file. To exit to privileged EXEC mode, enter exit. Use this mode to configure VLAN parameters for VLANs 1 to 1005 in the VLAN database. Catalyst 2960 Switch Software Configuration Guide 2-2 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 53
    any command mode. Obtain a list of commands that begin with a particular character string. For example: Switch# di? dir disable disconnect Complete a partial command name. For example: Switch# sh conf Switch# show configuration OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 2-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 54
    are disabled by default, so the default form is the same as the no form. However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 55
    Cisco IOS Release 12.2(25)SED, you can log and view changes to the switch module at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1e81. html Note Only CLI or HTTP changes are logged. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 56
    Command History Feature, page 2-7 (optional) Changing the Command History Buffer Size By default, the switch records ten command lines in its history buffer. You can alter this number for on ANSI-compatible terminals such as VT100s. Catalyst 2960 Switch Software Configuration Guide 2-6 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 57
    mode is automatically enabled, you can disable it, re-enable it, or configure a specific line to have enhanced editing. These procedures are optional. To globally disable enhanced editing the cursor back one character. left arrow key. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 2-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 58
    Y. Recall the next buffer entry. The buffer contains only the last 10 items that you have deleted or cut. If you press Esc Y end of the word. Designate a particular keystroke as Press Ctrl-V or Esc Q. an executable command, perhaps as a shortcut. Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 59
    access-list global configuration command entry extends beyond one line. When the cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar through Keystrokes" section on page 2-7. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 2-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 60
    on page 8-33. The switch supports up to five simultaneous secure SSH sessions. After you connect through the console port, through a Telnet session or through an SSH session, the user EXEC prompt appears on the management station. 2-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 61
    ) for the Catalyst 2960 switch by using a variety of automatic and manual methods. It also describes how to modify the switch startup configuration. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS IP
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 62
    the dynamically assigned IP address and reads the configuration file. If you are an experienced user familiar with the switch configuration steps, manually configure the switch. Otherwise, use the setup program described previously. Catalyst 2960 Switch Software Configuration Guide 3-2 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 63
    connected LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP address in the received packet. DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 64
    the client has had a chance to formally request the address. If the switch accepts replies from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to obtain the switch configuration file. Catalyst 2960 Switch Software Configuration Guide 3-4 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 65
    switch is not configured. If the router IP address or the TFTP server name are not found, the switch might send broadcast, instead of unicast, TFTP requests. Unavailability of other lease options does not affect autoconfiguration. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 66
    filename, the switch attempts to download the specified configuration Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command. Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 67
    address from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg file.) OL-8603-04 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 68
    10.0.0.22 255.255.255.0 10.0.0.10 10.0.0.2 tftpserver or 10.0.0.3 Switch C 00e0.9f1e.2003 10.0.0.23 255.255.255.0 10.0.0.10 10.0.0.2 tftpserver or 10.0.0.3 Switch D 00e0.9f1e.2004 10.0.0.24 255.255.255.0 10.0.0.10 10.0.0.2 tftpserver or 10.0.0.3 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 69
    (switcha). • It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg from the TFTP server. Switches B through D retrieve their configuration files and IP addresses in the same way. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 70
    # show running-config Building configuration... Current configuration: 1363 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch A ! 3-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 71
    Specific Software Image, page 3-14 • Controlling Environment Variables, page 3-14 See also Appendix B, "Working with the Cisco IOS File System, Configuration Files, and Software Images," for information about switch configuration files. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 72
    automatically download a configuration file to your switch by using the DHCP-based autoconfiguration feature. For more information, see the "Understanding DHCP-Based Autoconfiguration" section on page 3-3. Specifying the Filename to Read and Write the System Configuration By default, the Cisco IOS
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 73
    terminal boot manual end show boot Step 5 copy running-config startup-config Purpose Enter global configuration mode. Enable the switch to manually boot up disable manual booting, use the no boot manual global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 74
    the value is a null string. A variable that is set to a null string (for example, " ") is a variable with a value. Many environment variables are predefined and have default values. 3-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 75
    manually boot up the switch from the boot loader mode. Enables manually booting up the switch Cisco IOS uses to read and write a nonvolatile copy of the system configuration. This command changes the CONFIG_FILE environment variable. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 76
    at the specified time (using a 24-hour clock). If you specify the month switch on the current day at 7:30 p.m: Switch# reload at 19:30 Reload scheduled for 19:30:00 UTC Wed Jun 5 1996 (in 2 hours and 25 minutes) Proceed with reload? [confirm] 3-16 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 77
    on the switch, use the show reload privileged EXEC command. It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 78
    Scheduling a Reload of the Software Image Chapter 3 Assigning the Switch IP Address and Default Gateway 3-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 79
    , the Configuration Engine supports an embedded Directory Service. In this mode, no external directory or other data store is required. In server mode, the Configuration Engine supports the use of a user-defined external directory. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 4-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 80
    protocol (LDAP) URLs that reference the device-specific configuration information stored in a directory. The Cisco IOS agent can perform a syntax check on received of a synchronization event from the configuration server. Catalyst 2960 Switch Software Configuration Guide 4-2 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 81
    the switch must match the ConfigID for the corresponding switch definition on the Configuration Engine. The ConfigID is fixed at startup time and cannot be changed until the device restarts, even if the switch hostname is reconfigured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 82
    Engine, see the Configuration Engine setup and configuration guide at this URL on cisco.com: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_ guide_book09186a00803b59db.html Catalyst 2960 Switch Software Configuration Guide 4-4 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 83
    default) and downloads the bootstrap configuration file from the TFTP server. Upon successful download of the bootstrap configuration file, the switch loads the file in its running configuration. The Cisco IOS default gateway Access layer switches 141328 OL-8603-04 Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 84
    to change the configuration or install a custom configuration, see these sections for instructions: • Enabling the CNS Event Agent, page 4-8 • Enabling the Cisco IOS CNS Agent, page 4-9 Enabling Automated CNS Configuration To enable automated CNS configuration of the switch, you must first complete
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 85
    Configuration Engine, see the Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux at this URL: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_ guide_book09186a00803b59db.html OL-8603-04 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 86
    [port-number] [backup] [init-retry retry-count] [keepalive seconds retry-count] [source ip-address] end show 10.180.1.27, set 120 seconds as the keepalive interval, and set 10 as the retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 87
    & generates the command ip route 0.0.0.0 0.0.0.0 FastEthernet0/1. Return to global configuration mode. Enter the hostname for the switch. Establish a static route to the Configuration Engine whose IP address is network-number. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 4-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 88
    syntax-check to check the syntax when this parameter is entered. Note Though visible in the command-line help string, the encrypt keyword is not supported. end Return to privileged EXEC mode. 4-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 89
    in the configuration file. To disable the Cisco IOS agent, use the no cns config partial {ip-address | hostname} global configuration command. To cancel a partial configuration, use the cns config cancel privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 4-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 90
    . Displays statistics about the Cisco IOS agent. Displays the status of the CNS event agent connections. Displays statistics about the CNS event agent. Displays a list of event agent subjects that are subscribed to by applications. 4-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 91
    on Catalyst 2960 switch clusters. It also includes guidelines and limitations for clusters mixed with other cluster-capable Catalyst switches, but it does not provide complete descriptions of the cluster features for these other switches. For complete cluster information for a specific Catalyst
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 92
    and Cluster Capability Switch Catalyst 3750 Catalyst 3560 Catalyst 3550 Catalyst 2970 Catalyst 2960 Catalyst 2955 Catalyst 2950 Catalyst 2950 LRE Catalyst 2940 Catalyst 3500 XL Catalyst 2900 XL (8-MB switches) Catalyst 2900 XL (4-MB switches) Catalyst 1900 and 2820 Cisco IOS Release 12.1(11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 93
    page 5-12 and "Passwords" section on page 5-13). To join a cluster, a candidate switch must meet these requirements: • It is running cluster-capable software. • It has CDP version 2 enabled. • It is not a command or cluster member switch of another cluster. OL-8603-04 Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 94
    Do not disable CDP on the cluster command switch, on cluster members, or on any cluster-capable switches that you might want a cluster command switch to discover. For more information about CDP, see Chapter 20, "Configuring CDP." Catalyst 2960 Switch Software Configuration Guide 5-4 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 95
    Installed Switches, page 5-8 Discovery Through CDP Hops By using CDP, a cluster command switch can discover switches up to seven CDP hops away (the default device 10 Device 12 Device 13 Candidate devices Device 14 Device 15 101321 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 96
    switch. The cluster command switch in Figure 5-3 has ports assigned to VLANs 9, 16, and 62 and therefore discovers the switches in those VLANs. It does not discover the switch in VLAN 50. It also does not discover the switch VLANs." Catalyst 2960 Switch Software Configuration Guide 5-6 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 97
    default management VLAN is VLAN 1. Note If the switch cluster has a Catalyst 3750 switch or switch stack, that switch or switch stack must be the cluster command switch. The cluster command switch and standby command switch in Figure 5-4 (assuming they are Catalyst 2960 Catalyst 2970, Catalyst 3550
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 98
    VLANs 9 and 16. When new cluster-capable switches join the cluster: • One cluster-capable switch and its access port are assigned to VLAN 9. • The other cluster-capable switch and its access port are assigned to management VLAN 16. Catalyst 2960 Switch Software Configuration Guide 5-8 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 99
    page 5-11. Note The HSRP standby hold time interval should be greater than or equal to three times the hello time interval. The default HSRP standby hold time interval is 10 seconds. The default HSRP standby hello time interval is 3 seconds. OL-8603-04 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 100
    command switches. If your switch cluster has a Catalyst 2960 switch, it should be the cluster command switch. • Only one cluster standby group can be assigned to a cluster. You can have more than one router-redundancy standby group. 5-10 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 101
    information (but not device-configuration information) to the standby cluster command switch. This ensures that the standby cluster command switch can take over the cluster immediately after the active cluster command switch fails. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 102
    assign a host name to either a cluster command switch or an eligible cluster member. However, a hostname assigned to the cluster command switch can help to identify the switch cluster. The default hostname for the switch is Switch. 5-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 103
    about SNMP and community strings, see Chapter 26, "Configuring SNMP." For SNMP considerations specific to the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides specific to those switches. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 5-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 104
    switch. The Cisco IOS commands then operate as usual. For instructions on configuring the switch for a Telnet session, see the "Disabling Password Recovery" section on page 8-5. Catalyst 1900 and Catalyst 2820 CLI Considerations If your switch cluster has Catalyst 1900 and Catalyst 2820 switches
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 105
    Enterprise Edition Software. For more information about the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides for those switches. Using SNMP to Manage Switch Clusters When you first power on the switch, SNMP is enabled if you enter the IP information
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 106
    about SNMP and community strings, see Chapter 26, "Configuring SNMP." Figure 5-7 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Trap Trap 33020 Trap Member 1 Member 2 Member 3 5-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 107
    Clock The heart of the time service is the system clock. This clock runs from the moment the system starts up and keeps track of the date and time. The system clock can then be set from these sources: • NTP • Manual configuration OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 108
    . Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet. Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 109
    synchronize themselves when an external NTP source is not available. The switch also has no hardware support for a calendar. As a result, the ntp update-calendar and the ntp master global configuration commands are not available. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 110
    devices for security purposes: Step 1 Step 2 Command configure terminal ntp authenticate Purpose Enter global configuration mode. Enable the NTP authentication feature, which is disabled by default. Catalyst 2960 Switch Software Configuration Guide 6-4 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 111
    this switch can either synchronize to the other device or allow the other device to synchronize to it), or it can be a server association (meaning that only this switch synchronizes to the other device, and not the other way around). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 112
    This keyword reduces switching back and forth between peers and servers. end Return to privileged NTP Version 2: Switch(config)# ntp server 172.16.22.44 version 2 Configuring NTP Broadcast Service The communications between devices Catalyst 2960 Switch Software Configuration Guide 6-6 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 113
    is synchronizing its clock to this switch. end Return to privileged EXEC mode. show port to send NTP Version 2 packets: Switch(config)# interface gigabitethernet0/1 Switch default, no interfaces receive NTP broadcast packets. Return to global configuration mode. OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 114
    allow the switch to synchronize to the remote device. • peer-Allows time requests and NTP control queries and allows the switch to synchronize to the remote device. For access-list-number, enter a standard IP access list number from 1 to 99. Catalyst 2960 Switch Software Configuration Guide 6-8 OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 115
    switch NTP services, Switch# configure terminal Switch(config)# ntp access-group peer 99 Switch(config)# ntp access-group serve-only 42 Switch(config)# access-list 99 permit 172.20.130.5 Switch(config)# access list 42 permit 172.20.130.6 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 116
    destinations. If a source address is to be used for a specific association, use the source keyword in the ntp peer or ntp server global configuration command as described in the "Configuring NTP Associations" section on page 6-5. 6-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 117
    in the month. • For month, specify the month by name. • For year, specify the year (no abbreviation). This example shows how to manually set the system clock to 1:32 p.m. on July 23, 2001: Switch# clock set 13:32:00 23 July 2001 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 118
    in privileged EXEC mode, follow these steps to manually configure the time zone: Step 1 Step 2 Command end show running-config copy running-config startup-config Purpose Enter global configuration mode. Set the time zone. The switch Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 119
    shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 120
    the Cisco.com page, select Documentation > Cisco IOS Software > 12.2 Mainline > Command References and see the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols. 6-14 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 121
    com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com. To keep track of domain names, network, and enable the DNS. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 122
    , you can dynamically assign device names that uniquely identify your devices by using the global Internet naming scheme (DNS). Return to privileged EXEC mode. 6-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 123
    information: • Default Banner Configuration, page 6-17 • Configuring a Message-of-the-Day Login Banner, page 6-18 • Configuring a Login Banner, page 6-19 Default Banner Configuration The MOTD and login banners are not configured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 124
    configure terminal banner motd c message c Step 3 Step 4 Step 5 end show running-config copy running-config startup-config Purpose Enter global configuration mode , contact technical support. User Access Verification Password: 6-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 125
    associated VLAN ID, and port number associated with the address and the type (static or dynamic). Note For complete syntax and usage information for the commands used in this section, see the command reference for this release. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 126
    to port 1 in VLAN 1 and ports 9, 10, and 1 in VLAN 5. Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. 6-20 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 127
    IDs are 1 to 4094. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default value, use the no mac address-table aging-time global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-21
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 128
    notification-type, use the mac-notification keyword. snmp-server enable traps mac-notification Enable the switch to send MAC address traps to the NMS. mac address-table notification Enable the MAC address notification feature. 6-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 129
    /2 Switch(config-if)# snmp trap mac-notification added You can verify the previous commands by entering the show mac address-table notification interface and the show mac address-table notification privileged EXEC commands. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 130
    vlan vlan-id interface interface-id Step 3 Step 4 Step 5 end show mac address-table static copy running-config startup-config Purpose port: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 6-24 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 131
    filtering is enabled, the switch drops packets with specific source or destination MAC addresses. This feature is disabled by default and only supports unicast static addresses. Follow vlan vlan-id global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-25
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 132
    ARP entries added manually to the table do not age and must be manually removed. Note For CLI procedures, see the Cisco IOS Release 12.2 documentation from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline. 6-26 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 133
    supported in each template. Table 7-1 Approximate Number of Feature Resources Allowed by Each Template Resource Unicast MAC addresses IPv4 IGMP groups IPv4 unicast routes Default QoS Dual 8 K 8 K 8 K 256 256 256 0 0 0 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 134
    in privileged EXEC mode, follow these steps to use the SDM template to maximize feature usage: Command Step 1 configure terminal Purpose Enter global configuration mode. Catalyst 2960 Switch Software Configuration Guide 7-2 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 135
    prefer privileged EXEC command with no parameters to display the active template. Use the show sdm prefer [default | dual-ipv4-and-ipv6 default | qos] privileged EXEC command to display the resource numbers supported by the specified template. OL-8603-04 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 136
    .Displaying the SDM Templates Chapter 7 Configuring SDM Templates Catalyst 2960 Switch Software Configuration Guide 7-4 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 137
    privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. For more information, see the "Configuring Username and Password Pairs" section on page 8-6. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 138
    level). The password is not encrypted in the configuration file. No password is defined. The default is level 15 (privileged EXEC level). The password is encrypted before it is written to the configuration file. No password is defined. Catalyst 2960 Switch Software Configuration Guide 8-2 OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 139
    a static enable password: Step 1 Step 2 Command configure terminal enable password password Step 3 Step 4 Step 5 end show running-config copy over the enable password command; the two commands cannot be in effect simultaneously. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 140
    passwords. To remove a password and level, use the no enable password [level level] or no enable secret [level level] global configuration command. To disable password encryption, use the no service password-encryption global configuration command. Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 141
    Disabling password recovery will not work if you have set the switch to boot up manually by using the boot manual global configuration command. This command produces the boot loader prompt (switch:) after the switch is power cycled. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 142
    or ports and authenticate each user before that user can access the switch. If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Catalyst 2960 Switch Software Configuration Guide 8-6 OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 143
    username authentication for a specific user, use the no username name global configuration command. To disable password checking and allow connections without a password, use the no login line configuration command. Configuring Multiple Privilege Levels By default, the Cisco IOS software has two
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 144
    mode level level command enable password level level password end show running-config or show password users must enter to use level 14 commands: Switch(config)# privilege exec level 14 configure Switch(config)# enable password level 14 SecretPswd14 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 145
    default privilege level for a line: Step 1 Step 2 Step 3 Command configure terminal line vty line privilege level level Step 4 Step 5 Step 6 end users know the password to a higher privilege level, they can use that password to enable the Catalyst 2960 Switch Software Configuration Guide 8-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 146
    management service. Your switch can be a network access server along with other Cisco routers and access servers. A network access server provides connections to a single user, to a network or subnetwork, and to interconnected networks as shown in Figure 8-1. 8-10 Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 147
    switch and the TACACS+ daemon, and it ensures confidentiality because all protocol exchanges between the switch and the TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 148
    services • Connection parameters, including the host or client IP address, access list, and user timeouts Configuring TACACS+ This section describes how to configure your switch to support TACACS method listed to authenticate, to 8-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 149
    and use them for a particular service. The server group is used -server host hostname [port integer] [timeout integer switch and the TACACS+ daemon. You must configure the same key on the TACACS+ daemon for encryption to be successful. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 150
    various ports. The method list defines the types of authentication to be performed and the sequence in which they are performed; it must be applied to a specific port before Purpose Enter global configuration mode. Enable AAA. 8-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 151
    username information in the database by using the username name password global configuration command. • none-Do not use any authentication default value, use the no login authentication {default | list-name} line configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 152
    Cisco IOS Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 153
    > Cisco IOS Software > 12.2 Mainline > Command References. These sections contain this configuration information: • Understanding RADIUS, page 8-18 • RADIUS Operation, page 8-19 • Configuring RADIUS, page 8-19 • Displaying the RADIUS Configuration, page 8-31 OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 154
    authentication. RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model. 8-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 155
    EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts Configuring RADIUS This section describes how to configure your switch to support RADIUS. the initial method fails. The OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 156
    accounting services, the %RADIUS-4-RADIUS_DEAD message appears, and then the switch tries the second host entry configured on the same device for accounting services. (The RADIUS host entries are tried in the order that they are configured.) 8-20 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 157
    for All RADIUS Servers" section on page 8-29. You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the "Defining AAA Server Groups" section on page 8-25. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-21
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 158
    spaces are ignored, but spaces within and at the end of the key are used. If you use spaces in Switch(config)# radius-server host 172.29.36.49 auth-port 1612 key rad1 Switch(config)# radius-server host 172.20.36.50 acct-port 1618 key rad2 8-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 159
    to various ports. The method list defines the types of authentication to be performed and the sequence in which they are performed; it must be applied to a specific port before any Enter global configuration mode. Enable AAA. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-23
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 160
    default keyword followed by the methods that are to be used in default situations. The default method list is automatically applied to all ports in the database by using the username password global configuration command. - none-Do not 24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 161
    a defined group server. You can either identify the server by its IP address or identify multiple host instances or entries by using the optional auth-port and acct-port keywords. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-25
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 162
    but spaces within and at the end of the key are used. port number is different. The switch software searches for hosts in the order in which you specify them. Set the timeout, retransmit, and encryption key values to use with the specific Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 163
    by using RADIUS. Note Authorization is bypassed for authenticated users who log in through the CLI even if authorization has been configured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-27
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 164
    the end. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable accounting, use the no aaa accounting {network | exec} {start-stop} method1... global configuration command. 8-28 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 165
    TACACS+ authorization can then be used for RADIUS. For example, this AV pair activates Cisco's multiple named ip address pools feature during IP authorization (during PPP IPCP address assignment): cisco-avpair= "ip:addr-pool=first" OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-29
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 166
    about vendor-specific attribute 26, see the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. 8-30 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 167
    : Switch(config)# radius-server host 172.20.30.15 nonstandard Switch(config)# radius-server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration, use the show running-config privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-31
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 168
    -related service requests. username name [privilege level] Enter the local database, and establish a username-based authentication {password encryption-type password} system {network | exec} method1 global configuration command. 8-32 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 169
    a switch running the SSH server. The SSH server works with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH server supported in this release and with non-Cisco SSH servers. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 170
    Setting Up the Switch to Run SSH" section on page 8-35. • When generating the RSA key pair, the message No host name specified might appear. If it does, you must configure a hostname by using the hostname global configuration command. 8-34 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 171
    on the switch. (Optional) Save your entries in the configuration file. To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. After the RSA key pair is deleted, the SSH server is automatically disabled. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 172
    5 Step 6 Step 7 end show ip ssh or show ssh switch. (Optional) Save your entries in the configuration file. To return to the default SSH control parameters, use the no ip ssh {timeout | authentication-retries} global configuration command. 8-36 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 173
    installed on your switch. You must obtain authorization to use this feature and to download the cryptographic software files from Cisco 3.0" feature description for Cisco IOS Release 12.2(15)T at this URL: http://www.cisco.com/en/US/products/ Catalyst 2960 Switch Software Configuration Guide 8-37
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 174
    devices. These services provide centralized security key and certificate management for the participating devices. Specific CA servers are IOS-Self-Signed-Certificate-3080755072 revocation-check none rsakeypair TP-self-signed-3080755072 ! ! 8-38 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 175
    used for both key generation and authentication on SSL connections. This usage is independent of whether or not a CA trustpoint is configured. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-39
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 176
    regenerate the keys, if needed. Specify a local configuration name for the CA trustpoint and enter CA trustpoint configuration mode. Specify the URL to which the switch should send certificate requests. 8-40 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 177
    if it has been disabled. The HTTPS server is enabled by default. (Optional) Specify the port number to be used for the HTTPS server. The default port number is 443. Valid options are 443 or any number in the range 1025 to 65535. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-41
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 178
    URL is the IP address or hostname of the server switch. If you configure a port other than the default port, you must also specify the port number after the URL. For example: https://209.165.129:1026 or https://host.domain.com:1026 8-42 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 179
    -cbc-sha]} end show ip http support. This is the default specification switch configurations or switch image files. SCP relies on Secure Shell (SSH), an application and a protocol that provides a secure replacement for the Berkeley r-tools. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 180
    enter the password into the copy command. You must enter the password when prompted Cisco IOS New Features, Cisco IOS Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087b18 .html 8-44 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 181
    port-based authentication: • Device Roles, page 9-2 • Authentication Process, page 9-3 • Authentication Initiation and Message Exchange, page 9-5 • Ports in Authorized and Unauthorized States, page 9-7 • IEEE 802.1x Host Mode, page 9-7 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 182
    as the proxy, the authentication service is transparent to the client. In this release, the RADIUS security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server. It is available Catalyst 2960 Switch Software Configuration Guide 9-2 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 183
    , Catalyst 3560, Catalyst 3550, Catalyst 2970, Catalyst 2960, Catalyst 2955, Catalyst 2950, Catalyst 2940 switches, or a wireless access point. These devices must be running software that supports the RADIUS client and IEEE 802.1x authentication. Authentication Process When IEEE 802.1x port-based
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 184
    . Assign the port to a restricted VLAN. Assign the port to a VLAN. Assign the port to Assign the port to a VLAN You can configure the re-authentication timer to use a switch-specific value or to be based on values from the RADIUS Catalyst 2960 Switch Software Configuration Guide 9-4 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 185
    The specific exchange of EAP frames depends on the authentication method being used. Figure 9-3 shows a message exchange initiated by the client when the client uses the One-Time-Password (OTP) authentication method with a RADIUS server. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 186
    Access-Accept Port Authorized EAPOL-Logoff 101228 Port Unauthorized Switch Authentication server (RADIUS) EAPOL Request/Identity EAPOL Request/Identity EAPOL Request/Identity Ethernet packet RADIUS Access/Request RADIUS Access/Accept 141681 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 187
    client by sending an EAPOL frame when the port link state changes to the up state. If a client leaves or is replaced with another client, the switch changes the port link state to down, and the port returns to the unauthorized state. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 188
    1x-enabled port. Figure 9-5 on page 9-8 shows IEEE 802.1x port-based authentication in a wireless LAN. In switch: • START-sent when a new user session starts • INTERIM-sent during an existing session for updates • STOP-sent when a session terminates Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 189
    the switch port. The RADIUS server database maintains the username-to-VLAN mappings, assigning the VLAN based on the username of the client connected to the switch port. You can use this feature to limit network access for certain users. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 190
    a voice device is authorized and is using a downloaded voice VLAN, the removal of the voice VLAN configuration feature is not supported on trunk ports, dynamic ports, or with dynamic-access port assignment through a port). 9-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 191
    , the switch waits for an Ethernet packet from the client. The switch sends the authentication server a RADIUS-access/request frame with a username and password based on the MAC address. If authorization succeeds, the switch grants the OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 192
    . Other port security features such as dynamic ARP Inspection, DHCP snooping, and IP source guard can be configured independently on a restricted VLAN. For more information, see the "Configuring a Restricted VLAN" section on page 9-31. 9-12 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 193
    clients to the guest VLAN if one is configured. - If all the RADIUS servers are not available and if a client is connected to a critical port and was previously assigned to a guest VLAN, the switch keeps the port in the guest VLAN. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 194
    single-host or multiple-hosts mode. (You also must configure port security on the port by using the switchport port-security interface configuration command.) When you enable port security and IEEE 802.1x authentication on a port, 9-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 195
    802.1x ports, including magic packets. While the port is unauthorized, the switch continues to block ingress traffic other than EAPOL packets. The host can receive packets but cannot send packets to other devices in the network. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 196
    out, the switch uses the MAC authentication bypass feature to initiate re-authorization. For more information about these AV pairs, see RFC 3580, "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines." 9-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 197
    a web browser to authenticate a client that does not support IEEE 802.1x functionality. This feature can authenticate up to eight users on the same shared port and apply the appropriate policies for each end host on a shared port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 198
    Communication, page 9-24 (required) • Configuring the Host Mode, page 9-25 (optional) • Configuring Periodic Re-Authentication, page 9-25 (optional) • Manually Re-Authenticating a Client Connected to a Port, page 9-26 (optional) 9-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 199
    that the switch restarts the authentication process before the port changes to the unauthorized state). 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 200
    the VLAN to which an IEEE 802.1x port is assigned to shut down, disabled, or removed, the port becomes unauthorized. For example, the port is unauthorized after the access VLAN to which a port is assigned shuts down or is removed. 9-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 201
    is supported on IEEE 802.1x port in single-host mode and multihosts mode. - If the client is running Windows XP and the port to which the client is connected is in the critical-authentication state, Windows XP might report that the interface is not authenticated. OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 202
    -related service requests. This is the IEEE 802.1x AAA process: Step 1 Step 2 Step 3 A user connects to a port on the switch. Authentication is performed. VLAN assignment is enabled, as appropriate, based on the RADIUS server configuration. 9-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 203
    port. For feature interaction information, see the "IEEE 802.1x Authentication Configuration Guidelines" section on page 9-20. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 204
    -server retransmit, and the radius-server key global configuration commands. For more information, see the "Configuring Settings for All RADIUS Servers" section on page 8-29. 9-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 205
    use vendor-specific attributes (VSAs). interface interface-id Specify the port to Switch(config)# interface gigabitethernet/0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x host-mode multi-host Switch(config-if)# end Catalyst 2960 Switch Software Configuration Guide 9-25
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 206
    command controls the idle period. A failed authentication of the client might occur because the client provided an invalid password. You can provide a faster response time to the user by entering a number smaller than the default. 9-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 207
    default is 5. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default retransmission time, use the no dot1x timeout tx-period interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 208
    the port changes to the unauthorized state. Note You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. 9-28 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 209
    on your switch. This procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the port to be configured, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-29
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 210
    end show dot1x interface interface-id copy running-config startup-config Purpose Enter global configuration mode. Specify the port to be configured, and enter interface configuration mode. For the supported port configuration file. 9-30 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 211
    password. The switch supports port returns to the unauthorized state. This example shows how to enable VLAN 2 as an IEEE 802.1x restricted VLAN: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# dot1x auth-fail vlan 2 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 212
    -fail max-attempts interface configuration command. This example shows how to set 2 as the number of authentication attempts allowed before the port moves to the restricted VLAN: Switch(config-if)# dot1x auth-fail max-attempts 2 9-32 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 213
    the port as a critical port and switch dynamically determines the default tries parameter that is 10 to 100. (Optional) Set the number of minutes that a RADIUS server is not sent requests. The range is from 0 to 1440 minutes (24 hours). The default is 0 minutes. OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 214
    default is 1000 milliseconds (a port can be re-initialized every second). Specify the port to be configured, and enter interface configuration mode. For the supported port types, see the "IEEE 802.1x Authentication Configuration Guidelines" section on page 9-20. 9-34 Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 215
    -Sets the port as bidirectional. The port cannot receive packets from or send packets to the host. By default, the port is bidirectional. • in-Sets the port as unidirectional. The port can send packets to the host but cannot receive packets from the host. OL-8603-04 Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 216
    file. To disable MAC authentication bypass, use the no dot1x mac-auth-bypass interface configuration command. This example shows how to enable MAC authentication bypass: Switch(config-if)# dot1x mac-auth-bypass 9-36 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 217
    shows how to configure NAC Layer 2 IEEE 802.1x validation: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# dot1x reauthentication Switch(config-if)# dot1x timeout reauth-period server OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-37
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 218
    group radius Switch(config)# radius-server host 1.1.1.2 key key1 Switch(config)# radius-server attribute 8 include-in-access-req Switch(config)# radius-server vsa send authentication Switch(config)# ip device tracking Switch(config) end 9-38 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 219
    end Guide on Cisco.com. Specify the port to be configured, and enter interface configuration mode. Set the port to access mode. Specify the default port to be configured, and enter interface configuration mode. Set the port to access mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 220
    . Specify the port to be configured, and enter interface configuration mode. Disable IEEE 802.1x authentication on the port. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 9-40 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 221
    interface-id dot1x default end show dot1x interface specific port, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, see the command reference for this release. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 222
    Displaying IEEE 802.1x Statistics and Status Chapter 9 Configuring IEEE 802.1x Port-Based Authentication 9-42 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 223
    characteristics. These sections describe the interface types: • Port-Based VLANs, page 10-2 • Switch Ports, page 10-2 • EtherChannel Port Groups, page 10-3 • Dual-Purpose Uplink Ports, page 10-4 • Connecting Interfaces, page 10-4 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 224
    VLAN tagging. Traffic arriving on an access port is assumed to belong to the VLAN assigned to the port. If an access port receives a tagged packet (IEEE 802.1Q tagged), the packet is dropped, and the source address is not learned. 10-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 225
    configuration command to dynamically create the port-channel logical interface. This command binds the physical and logical ports together. For more information, see Chapter 31, "Configuring EtherChannels and Link-State Tracking." OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 226
    Mode Chapter 10 Configuring Interface Characteristics Dual-Purpose Uplink Ports Some Catalyst 2960 switches support dual-purpose uplink ports. Each uplink port is considered as a single interface with dual front ends-an RJ-45 connector and an small form-factor pluggable (SFP) module connector. The
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 227
    or gi) for 10/100/1000 Mb/s Ethernet ports, or small form-factor pluggable (SFP) module Gigabit Ethernet interfaces. • Module number-The module or slot number on the switch (always 0 on the Catalyst 2960 switch). • Port number-The interface number on the switch. The port numbers always begin at
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 228
    configure terminal interface range {port-range | macro macro_name} Step 3 Step 4 Step 5 Step 6 end show interfaces [interface-id] are not supported. - fastethernet module/{first port} - {last port}, where the module is always 0 10-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 229
    module/{first port} - {last port}, where the module is always 0 - port-channel port-channel-number - port-channel-number, where the port-channel-number is 1 to 6 Note When you use the interface range command with port the macro. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 230
    as interface-ranges. • All interfaces defined as in a range must be the same type (all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs), but you can combine multiple interface types in a macro. 10-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 231
    the port, see Chapter 19, "Configuring Port-Based Traffic Control." Table 10-1 Default Layer 2 Ethernet Interface Configuration Feature Allowed VLAN range Default VLAN (for access ports) Default Setting VLANs 1 to 4094. VLAN 1. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 232
    on the switch port. Keepalive messages Disabled on SFP module ports; enabled on all other ports. Setting the Type of a Dual-Purpose Uplink Port Some Catalyst 2960 switches support dual-purpose uplink ports. For more information, see the "Dual-Purpose Uplink Ports" section on page 10-4. Beginning
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 233
    If the link goes down, the switch disables the RJ-45 side and selects the SFP module interface. • When the 100BASE-x SFP module is removed, the switch again dynamically selects the type (auto-select) and re-enables the RJ-45 side. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 234
    can take up to 30 seconds to check for loops. The port LED is amber while STP reconfigures. Caution Changing the interface speed and duplex mode configuration might shut down and re-enable the interface during the reconfiguration. 10-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 235
    speed 10 Switch(config-if)# duplex half This example shows how to set the interface speed to 100 Mb/s on a 10/100/1000 Mb/s port: Switch# configure terminal Switch(config)# interface gigabitethernet0/2 Switch(config-if)# speed 100 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 236
    configured, and enter interface configuration mode. Configure the flow control mode for the port. Return to privileged EXEC mode. Verify the interface flow control settings. (Optional) Save your entries in the configuration file. 10-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 237
    supported on all 10/100 and 10/100/1000-Mb/s interfaces. It is not supported on 1000BASE-SX or -LX SFP module interfaces. Table 10-2 shows the link states that result from auto-MDIX settings and correct and incorrect cabling. Table 10 8603-04 Catalyst 2960 Switch Software Configuration Guide 10-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 238
    operating at 10 or 100 Mb/s by using the system mtu global configuration command. You can increase the MTU size to support jumbo frames on all Gigabit Ethernet interfaces by using the system mtu jumbo global configuration command. 10-16 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 239
    1800 Switch(config)# exit Switch# reload This example shows the response when you try to set Gigabit Ethernet interfaces to an out-of-range number: Switch(config)# system mtu jumbo 25000 ^ % Invalid input detected at '^' marker. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 240
    an SFP module. Display the running configuration in RAM for the interface. Display the hardware configuration, software version, the names and sources of configuration files, and the boot images. Display the operational state of the auto-MDIX feature on the interface. 10-18 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 241
    arguments that clear only a specific interface type from a specific interface number. Note The clear configured. interface-id} | {port-channel port-channel-number} shutdown Shut down an interface. end Return to privileged EXEC mode. 04 Catalyst 2960 Switch Software Configuration Guide 10-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 242
    Monitoring and Maintaining the Interfaces Chapter 10 Configuring Interface Characteristics 10-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 243
    PVST+, loop guard, and dynamic port error recovery for link state failures. Use this interface configuration macro for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 11-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 244
    by using interface interface-id. This could cause commands that follow exit, end, or interface interface-id to execute in a different command mode. • When creating a macro, all CLI commands should be in the same configuration mode. 11-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 245
    the Cisco-default macro with the required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro. OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 246
    with one command per line. Use the @ character to end the macro. Use the # character at the beginning of Switch(config)# macro name test switchport access vlan $VLANID switchport port-security maximum $MAX #macro keywords $VLANID $MAX @ 11-4 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 247
    Step 10 end show switch only by entering the no version of each command that is in the macro. You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 248
    interface-id Step 6 default interface interface-id Purpose Display the Cisco-default Smartports macros embedded in the switch software. Display the specific macro that you want Clear all configuration from the specified interface. 11-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 249
    inactivity # Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable Switch# Switch# configure terminal Switch(config)# gigabitethernet0/4 Switch(config-if)# macro apply cisco-desktop $AVID 25 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 11-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 250
    macro description [interface interface-id] Purpose Displays all configured macros. Displays a specific macro. Displays the configured macro names. Displays the macro description for all interfaces or for a specified interface. 11-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 251
    VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment. Any switch port can belong to a VLAN, and on VTP, see Chapter 13, "Configuring VTP." OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 252
    Guidelines" section on page 12-5 for more information about the number of spanning-tree instances and the number of VLANs. The switch supports only IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports. 12-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 253
    . The VMPS can be a Catalyst 5000 or Catalyst 6500 series switch, for example, but never a Catalyst 2960 switch. The Catalyst 2960 switch is a VMPS client. You can have dynamic-access ports and trunk ports on the same switch, but you must connect the dynamic-access port to an end station or hub and
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 254
    inconsistency in the VLAN database if you attempt to manually delete the vlan.dat file. If you want to modify interface configuration mode to define the port membership mode and to add and remove ports from VLANs. The results of these Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 255
    Default Ethernet VLAN Configuration, page 12-7 • Creating or Modifying an Ethernet VLAN, page 12-8 • Deleting a VLAN, page 12-9 • Assigning Static-Access Ports to a VLAN, page 12-10 Token Ring VLANs Although the switch does not support Token Ring connections, a remote device such as a Catalyst 5000
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 256
    on the trunk ports of switches that have used up their allocation of spanning-tree instances. If the number of VLANs on the switch exceeds the number of supported spanning-tree instances enter the show vlan privileged EXEC command. 12-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 257
    supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global advertisements to other switches. Table 12-2 Ethernet VLAN Defaults and Ranges Parameter Default SPAN disabled enabled, disabled OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 258
    example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end 12-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 259
    support -id end last- switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch. You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 260
    2 access port). switchport access vlan vlan-id Assign the port to a VLAN. Valid VLAN IDs are 1 to 4094. end Return to privileged EXEC mode. show running-config interface interface-id Verify the VLAN membership mode of the interface. 12-10 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 261
    12-2 on page 12-7 for the default configuration for Ethernet VLANs. You can change only the MTU size and the remote SPAN configuration state on extended-range VLANs; all other characteristics must remain at the default state. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 262
    Although the switch supports a total of 255 (normal-range and extended-range) VLANs, the number of configured features affects the use of the switch hardware. If mode. Configure the switch for VTP transparent mode, disabling VTP. 12-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 263
    configuration Purpose Display status of VLANs in the VLAN database. Display status of all or the specified VLAN in the VLAN database. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 264
    . • To enable trunking to a device that does not support DTP, use the switchport mode trunk and switchport nonegotiate interface configuration commands to cause the interface to become a trunk but to not generate DTP frames. 12-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 265
    Function Puts the interface (access port) into permanent nontrunking mode Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch Catalyst 2960 Switch Software Configuration Guide 12-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 266
    STP Port Fast setting. - trunk status: if one port in a port group ceases to be a trunk, all ports cease to be trunks. • We recommend that you configure no more than 24 trunk ports in PVST mode and no more than 40 trunk ports in MST mode. 12-16 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 267
    2 access port or to default support IEEE 802.1Q trunking. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet0/2 Switch(config-if)# switchport mode dynamic desirable Switch(config-if)# end OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 268
    , use the switchport trunk allowed vlan remove vlan-list interface configuration command to remove specific VLANs from the allowed list. Note VLAN 1 is the default VLAN on all trunk ports in all Cisco switches, and it has previously been a requirement that VLAN 1 always be enabled on every trunk
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 269
    can receive both tagged and untagged traffic. By default, the switch forwards untagged traffic in the native VLAN configured for the port. The native VLAN is VLAN 1 by default. Note The native VLAN can be assigned any VLAN ID. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 270
    Step 6 end show supported switches. In this example, the switches are configured as follows: • VLANs 8 through 10 are assigned a port priority of 16 on Trunk 1. • VLANs 3 through 6 retain the default port priority of 128 on Trunk 1. 12-20 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 271
    trunk Step 10 end Step ports configured on Switch A. When the trunk links come up, VTP passes the VTP and VLAN information to Switch B. Verify that Switch B has learned the VLAN configuration. Enter global configuration mode on Switch A. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 272
    8-10 port-priority 16 exit interface gigabitethernet0/2 spanning-tree vlan 3-6 port-priority 16 end show Switch A. Define the interface to be configured as a trunk, and enter interface configuration mode. Configure the port as a trunk port. 12-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 273
    • "Configuring the VMPS Client" section on page 12-25 • "Monitoring the VMPS" section on page 12-28 • "Troubleshooting Dynamic-Access Port VLAN Membership" section on page 12-29 • "VMPS Configuration Example" section on page 12-29 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-23
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 274
    down on a dynamic-access port, the port returns to an isolated state and does not belong to a VLAN. Any hosts that come online through the port are checked again through the VQP with the VMPS before the port is assigned to a VLAN. 12-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 275
    VLAN configured on the VMPS server should not be a voice VLAN. Configuring the VMPS Client You configure dynamic VLANs by using the VMPS (server). The switch can be a VMPS client; it cannot be a VMPS server. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-25
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 276
    the end station, and enter interface configuration mode. Set the port to access mode. Configure the port as eligible for dynamic VLAN membership. The dynamic-access port must be connected to an end station. Return to privileged EXEC mode. 12-26 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 277
    follow these steps to confirm the dynamic-access port VLAN membership assignments that the switch has received from the VMPS: Step 1 return the switch to its default setting, use the no vmps reconfirm global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 12-
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 278
    terminal vmps retry count end show vmps copy running-config startup-config Purpose Enter global configuration mode. Change the retry count. The retry range is 1 to 10; the default is 3. Return to Assistant or SNMP equivalent. 12-28 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 279
    Catalyst 6500 series Switch C and Switch J are secondary VMPS servers. • End stations are connected to the clients, Switch B and Switch I. • The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 280
    End station 2 Switch H Dynamic-access port Catalyst 6500 series Secondary VMPS Server 3 172.20.26.157 Client switch I 172.20.26.158 Trunk port 172.20.26.159 Switch J 101363t Ethernet segment (Trunk link) TFTP server Router 172.20.22.7 12-30 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 281
    inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. Before you greater than 1005) are not supported by VTP or stored in the VTP VLAN database. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 282
    this mode are saved in the switch running configuration and can be saved to the switch startup configuration file. For domain name and password configuration guidelines, see the "VTP Configuration Guidelines" section on page 13-8. 13-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 283
    supported switch ports, see the "Configuring VLAN Trunks" section on page 12-14. VTP advertisements distribute this global domain information: • VTP domain name • VTP configuration revision number • Update identity and update timestamp OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 284
    configuration information specific to default, VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported with VTP Version 1 and Version 2. 13-4 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 285
    for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 286
    -2 shows the default VTP configuration. Table 13-2 Default VTP Configuration Feature VTP domain name VTP mode VTP version VTP password VTP pruning Default Setting Null. Server. Version 1 (Version 2 is disabled). None. Disabled. 13-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 287
    command to set the VTP password, the version, the VTP switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 288
    must run the same VTP version. • A VTP Version 2-capable switch can operate in the same VTP domain as a switch running VTP Version 1 if Version 2 is disabled on the Version 2-capable switch (Version 2 is disabled by default). 13-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 289
    VTP domain does not function properly if you do not assign the same password to each switch in the domain. Return to privileged EXEC mode. Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 290
    the domain name eng_group and the password mypassword: Switch# vlan database Switch(vlan)# vtp server Switch(vlan)# vtp domain eng_group Switch(vlan)# vtp password mypassword Switch(vlan)# exit APPLY completed. Exiting.... Switch# 13-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 291
    VTP server mode or the no vtp password VLAN database configuration command to return the switch to a no-password state. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 292
    configuration command to return the switch to VTP server mode. If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You receive an error message, and the configuration is not allowed. 13-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 293
    on switches in the same VTP domain. Every switch in the VTP domain must use the same VTP version. Do not enable VTP Version 2 unless every switch in the VTP domain supports Version VLAN database configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 13-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 294
    supported with switch with the highest VTP configuration revision number. If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain. 13-14 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 295
    domain-name end Step 9 show vtp status Purpose Check the VTP configuration revision number. If the number is 0, add the switch to the switch, and then change its VLAN information without affecting the other switches in the VTP domain. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 296
    display statistics about the advertisements sent and received by the switch. Table 13-3 shows the privileged EXEC commands for monitoring switch configuration information. Display counters about VTP messages that have been sent and received. 13-16 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 297
    to these devices: • Port 1 connects to the switch or other voice-over-IP (VoIP) device. • Port 2 is an internal 10/100 interface that carries the IP Phone traffic. • Port 3 (access port) connects to a PC or other device. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 14-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 298
    • In untrusted mode, all traffic in IEEE 802.1Q or IEEE 802.1p frames received through the access port on the Cisco IP Phone receive a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default. 14-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 299
    . • If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the same IP subnet. These conditions indicate that they are in the same VLAN: - They both use IEEE 802.1p or untagged frames. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 14-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 300
    Configuring a Port Connected to a Cisco 7960 IP Phone Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco IP Phone can use IEEE 802.1p priority tagging to give 14-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 301
    /Z. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# mls qos trust cos Switch(config-if)# switchport voice vlan dot1p Switch(config-if)# end To return the port to its default setting, use the no switchport voice vlan interface configuration command. OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 302
    if)# end To return the port to its default setting, use the no switchport priority extend interface configuration command. Displaying Voice VLAN To display voice VLAN configuration for an interface, use the show interfaces interface-id switchport privileged EXEC command. 14-6 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 303
    port-based VLANs on the Catalyst 2960 switch. The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco , page 15-10 • Displaying the Supported Spanning-Tree Instances, page 15-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 304
    messages (to ensure the connection is up) only on interfaces that do not have small form-factor pluggable (SFP) modules. You can use the [no] keepalive interface configuration command to change the default for an interface. 15-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 305
    port through which the designated switch is attached to the LAN is called the designated port. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 306
    in frame forwarding. • Forwarding-The interface forwards frames. • Disabled-The interface is not participating in spanning tree because of a shutdown port, no link on the port, or no spanning-tree instance running on the port. 15-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 307
    the switch learns end-station location information for the forwarding database. 4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where both learning and frame forwarding are enabled. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 308
    from the learning state. An interface in the forwarding state performs these functions: • Receives and forwards frames received on the interface • Forwards frames switched from another interface • Learns addresses • Receives BPDUs 15-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 309
    over the Gigabit Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port becomes the new root port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 310
    , the low-speed link is always disabled. If the speeds are the same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value. Figure command) when the spanning tree reconfigures. 15-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 311
    1D standard and Cisco proprietary extensions. It is the default spanning-tree mode used on all Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that " section on page 15-12. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 312
    -Tree Features These sections contain this configuration information: • Default Spanning-Tree Configuration, page 15-11 • Spanning-Tree Configuration Guidelines, page 15-12 • Changing the Spanning-Tree Mode., page 15-13 (required) 15-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 313
    disabled.) 32768. 128. 1000 Mb/s: 4. 100 Mb/s: 19. 10 Mb/s: 100. 128. 1000 Mb/s: 4. 100 Mb/s: 19. 10 Mb/s: 100. Hello time: 2 seconds. Forward-delay time: 15 seconds. Maximum-aging time: 20 seconds. Transmit hold count: 6 BPDUs OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 314
    , see the "Optional Spanning-Tree Configuration Guidelines" section on page 17-10. Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP. 15-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 315
    the configuration file. To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 316
    tree vlan vlan-id end show spanning-tree support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. 15-14 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 317
    switch. The range is 1 to 10; the default is 2. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 318
    end stations. The range is 2 to 7. • (Optional) For hello-time seconds, specify the interval in seconds between the generation of configuration messages by the root switch. The range is 1 to 10; the default the other interfaces. 15-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 319
    -id] port-priority interface configuration command. For information on how to configure load sharing on trunk ports by using spanning-tree port priorities, see the "Configuring Trunk Ports for Load Sharing" section on page 12-20. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 320
    id cost cost Step 5 Step 6 Step 7 end show spanning-tree interface interface-id or show ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. 15-18 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 321
    rejected. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 15-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 322
    Step 5 end show spanning- 10; the default is 2. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. 15-20 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 323
    end default is 20. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 324
    configure terminal spanning-tree transmit hold-count value Step 3 Step 4 Step 5 end show spanning-tree detail copy running-config startup-config Purpose Enter global configuration mode. the command reference for this release. 15-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 325
    Catalyst 2960 switch. Note The multiple spanning-tree (MST) implementation in Cisco IOS Release 12.2(25)SED is based on the IEEE 802.1s standard. The MST implementations in earlier Cisco IOS 1D forwarding delay and quickly transitions root ports and designated ports to the forwarding state. Both MSTP
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 326
    Hop Count, page 16-5 • Boundary Ports, page 16-6 • IEEE 802.1s support up to 65 spanning-tree instances. Instances can be identified by any number in the range from 0 to 4094. You can assign a VLAN to only one spanning-tree instance at a time. 16-2 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 327
    As switches receive superior IST information, they leave their old subregions and join the new subregion that contains the true CIST regional root. Thus all subregions shrink, except for the one that contains the true CIST regional root. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 328
    add their spanning-tree information into the BPDUs to interact with neighboring switches and compute the final spanning-tree topology. Because of this, the spanning-tree parameters related to BPDU transmission (for example, 16-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 329
    root path cost Cisco Prestandard IST master IST master path cost Root path cost Instance root Root path cost Cisco Standard CIST switch of the instance always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 330
    .1s Implementation The Cisco implementation of the IEEE MST standard includes features required to meet the standard, as well as some of the desirable prestandard functionality that is not yet incorporated into the published standard. 16-6 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 331
    . Figure 16-2 Standard and Prestandard Switch Interoperation Segment X MST Region Switch A Switch B 92721 Segment Y Note We recommend that you minimize the interaction between standard and prestandard MST implementations. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 332
    MST standard, but it is included in this Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect to 50 seconds with the default settings in the IEEE 802.1D spanning tree). 16-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 333
    Is Port Included in the Active Topology? No No Yes Yes No To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 334
    to-point connection; a half-duplex port is considered to have a shared connection. You can override the default setting that is controlled by the duplex setting by using the spanning-tree link-type interface configuration command. 16-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 335
    RSTP forces it to synchronize with new root information. In general, when the RSTP forces a port to synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 336
    Table 16-3 RSTP BPDU Flags Bit 0 1 2-3: 00 01 10 11 4 5 6 7 Function Topology change (TC) Proposal Port role: Unknown Alternate port Root port Designated port Learning Forwarding Agreement Topology change acknowledgement (TCA) 16-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 337
    port connected to an IEEE 802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support IEEE 802.1D switches. The RSTP BPDUs never have the TCA bit set. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 338
    16-4 shows the default MSTP configuration. Table 16-4 Default MSTP Configuration Feature Spanning-tree mode Switch priority (configurable on a per-CIST port basis) Default Setting PVST+ (Rapid PVST+ and MSTP are disabled). 32768. 16-14 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 339
    must have a better path to the root contained within the MST cloud than a path through the PVST+ or rapid-PVST+ cloud. You might have to manually configure the switches in the clouds. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 340
    and restarted in the new mode. You cannot run both MSTP and PVST+ or both MSTP and rapid PVST+ at the same time. 16-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 341
    switch with the extended system ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 342
    to become the root switch for the specified instance if the primary root switch fails. This is assuming that the other network switches use the default switch priority of 32768 and therefore are unlikely to become the root switch. 16-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 343
    same priority value, the MSTP puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 344
    Step 6 Command configure terminal interface interface-id spanning-tree mst instance-id port-priority priority end show spanning-tree mst interface interface-id or show spanning-tree mst instance-id blocks the other interfaces. 16-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 345
    is 1 to 200000000; the default value is derived from the media speed of the interface. end Return to privileged EXEC mode privileged EXEC command displays information only for ports that are in a link-up operative switch priority. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-21
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 346
    range is 1 to 10; the default is 2. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst hello-time global configuration command. 16-22 Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 347
    default is 20. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst max-age global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 348
    -tree mst max-hops hop-count Step 3 Step 4 Step 5 end show spanning-tree mst copy running-config startup-config Purpose Enter global port to its default setting, use the no spanning-tree link-type interface configuration command. 16-24 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 349
    the clear spanning-tree detected-protocols privileged EXEC command. To restart the protocol migration process on a specific interface, use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 16-25
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 350
    the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. 16-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 351
    Optional Spanning-Tree Features These sections contain this conceptual information: • Understanding Port Fast, page 17-2 • Understanding BPDU Guard, page 17-2 • Understanding Guard, page 17-8 • Understanding Loop Guard, page 17-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 352
    violation occurred. To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. 17-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 353
    into backbone switches, distribution switches, and access switches. Figure 17-2 shows a complex network where distribution switches and access switches each have at least one redundant link that spanning tree blocks to prevent loops. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 354
    with no link failures. Switch A, the root switch, is connected directly to Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. 17-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 355
    switch has lost its connection to the root switch). Under spanning-tree rules, the switch ignores inferior BPDUs for the configured maximum aging time specified by the spanning-tree vlan vlan-id max-age global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 356
    from Switch B to Switch A. The root-switch election takes approximately 30 seconds, twice the Forward Delay time if the default Forward Delay time of 15 seconds is set. Figure 17-6 shows how BackboneFast reconfigures the topology to account for the failure of link L1. 17-6 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 357
    device, EtherChannel guard places the switch interfaces in the error-disabled state, and displays an error message. You can enable this feature by using the spanning-tree etherchannel guard misconfig global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 358
    Service-provider network Potential spanning-tree root without root guard enabled Desired root switch Enable the root-guard feature on these interfaces to prevent switches in the customer network from becoming the root switch or being in the path to the root. 101232 17-8 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 359
    guard Root guard Loop guard Default Setting Globally disabled (unless they are individually configured per interface). Globally disabled. Globally disabled. Globally enabled. Disabled on all interfaces. Disabled on all interfaces. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 360
    trunk ports. Step 4 Step 5 Step 6 end show Port Fast on a trunk port. By default, Port Fast is disabled on all interfaces. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 17-10 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 361
    Specify the interface connected to an end station, and enter interface configuration mode. Enable the Port Fast feature. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 362
    bpdufilter default global configuration command. You can override the setting of the no spanning-tree portfast bpdufilter default global configuration command by using the spanning-tree bpdufilter enable interface configuration command. 17-12 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 363
    more slowly after a loss of connectivity. end Return to privileged EXEC mode. show spanning- switches in the network. BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party switches. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 364
    4 Step 5 Command configure terminal spanning-tree etherchannel guard misconfig end show spanning-tree summary copy running-config startup-config Purpose Enter commands on the port-channel interfaces that were misconfigured. 17-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 365
    UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if . By default, root guard is disabled on all interfaces. end Return to ports. Enter global configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 17-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 366
    Step 3 spanning-tree loopguard default Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enable loop guard. By default, loop guard is disabled , see the command reference for this release. 17-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 367
    the LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 368
    can forward the IGMPv3 report to the multicast router. Note The switch supports IGMPv3 snooping based only on the destination multicast MAC address. It does not support snooping based on the source MAC address or on proxy reports. 18-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 369
    Figure 18-1. Figure 18-1 Initial IGMP Join Message Router A CPU PFC 0 1 IGMP report 224.1.2.3 VLAN 45750 Forwarding table 2 3 4 5 Host 1 Host 2 Host 3 Host 4 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 370
    Router A 1 CPU PFC 0 VLAN 45751 Forwarding table 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Table 18-2 Updated IGMP Snooping Forwarding Table Destination Address 224.1.2.3 Type of Packet IGMP Ports 1, 2, 5 18-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 371
    the leave time overrides the global configuration. For configuration steps, see the "Configuring the IGMP Leave Timer" section on page 18-11. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 372
    Configuration Table 18-3 shows the default IGMP snooping configuration. Table 18-3 Default IGMP Snooping Configuration Feature IGMP snooping Multicast routers Default Setting Enabled globally and per VLAN None configured 18-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 373
    to globally enable IGMP snooping on the switch: Step 1 Step 2 Step 3 Step 4 Command configure terminal ip igmp snooping end copy running-config startup-config Purpose Enter global enabled before you can enable VLAN snooping. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 374
    is useful for reducing control traffic. • pim-dvmrp-Snoop on IGMP queries and PIM-DVMRP packets. This is the default. Return to privileged EXEC mode. Verify the configuration. (Optional) Save your entries in the configuration file. 18-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 375
    a physical interface or a port channel. The port-channel range is 1 to 6. end Return to privileged EXEC mode. Switch# configure terminal Switch(config)# ip igmp snooping vlan 200 mrouter interface gigabitethernet0/2 Switch(config)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 376
    : Step 1 Step 2 Step 3 Command configure terminal ip igmp snooping vlan vlan-id immediate-leave end Purpose Enter global configuration mode. Enable IGMP Immediate Leave on the VLAN interface. Return to privileged EXEC mode. 18-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 377
    global setting. • The default leave time is 1000 milliseconds. • The IGMP configurable leave time is only supported on hosts running IGMP -query-interval time Step 4 Step 5 Step 6 end show ip igmp snooping copy running-config startup-config Catalyst 2960 Switch Software Configuration Guide 18-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 378
    port that was blocked but is now forwarding, and when a port 4 Step 5 end show ip igmp 1 to 10. By default, the flooding switch is the spanning-tree root regardless of this configuration command. By default, query solicitation is disabled. 18-12 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 379
    tcn query solicit Step 3 Step 4 Step 5 end show ip igmp snooping copy running-config startup-config switch receives a TCN, multicast traffic is flooded to all the ports until 2 general queries are received. If the switch has many ports Catalyst 2960 Switch Software Configuration Guide 18-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 380
    address on the switch. • The IGMP snooping querier supports IGMP Versions 1 uses. Select 1 or 2. Step 8 end Return to privileged EXEC mode. Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file. 18-14 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 381
    to 10.0.0.64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.0.0.64 Switch(config)# end This ports and VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for IGMP snooping. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 382
    for a multicast VLAN or about a specific parameter for the VLAN: • vlan-id manually configured multicast router interfaces. Note When you enable IGMP snooping, the switch the IP address and receiving port for the most-recently received Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 383
    bandwidth on MVR data port links, which occurs when the switch runs in compatible mode. Only Layer 2 ports take part in MVR. You must configure ports as MVR receiver ports. Only one MVR multicast VLAN per switch is supported. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 384
    Multicast data Switch A RP1 RP2 RP3 RP4 RP5 RP6 RP7 Customer premises Hub IGMP join Set-top box TV data Set-top box PC 101364 TV RP = Receiver Port SP = Source Port TV Note: All source ports belong to the multicast VLAN. 18-18 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 385
    default MVR configuration. Table 18-5 Default MVR Configuration Feature MVR Multicast addresses Query response time Multicast VLAN Mode Default Setting Disabled globally and per interface None configured 0.5 second VLAN 1 Compatible OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 386
    multicast data sent to this address is sent to all source ports on the switch and all receiver ports that have elected to receive data on that multicast address. Each multicast address would correspond to one television channel. 18-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 387
    of operation: • dynamic-Allows dynamic MVR membership on source ports. • compatible-Is compatible with Catalyst 3500 XL and Catalyst 2900 XL switches and does not support IGMP dynamic joins on source ports. The default is compatible mode. end Return to privileged EXEC mode. show mvr or show
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 388
    receiver Switch(config-if)# mvr vlan 22 group 228.1.23.4 Switch(config-if)# mvr immediate Switch(config)# end Switch# show mvr interface Port Type Status Immediate Leave ---- ---- ------- Gi0/2 RECEIVER ACTIVE/DOWN ENABLED 18-22 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 389
    vlan vlan-id]] When a specific interface is entered, displays this information: installations, you might want to control the set of multicast groups to which a user on a switch port can belong. You can control the distribution of multicast services Catalyst 2960 Switch Software Configuration Guide 18-23
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 390
    you can create the profile by using these commands: • deny: Specifies that matching addresses are denied; this is the default. • exit: Exits from igmp-profile configuration mode. • no: Negates a command or returns to its defaults. 18-24 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 391
    end address. The default is for the switch ports. You cannot apply profiles to ports that belong to an EtherChannel port group. You can apply a profile to multiple interfaces, but each interface can have only one profile applied to it. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 392
    of IGMP groups that the interface can join. The range is 0 to 4294967294. The default is to have no maximum set. Return to privileged EXEC mode. Verify the configuration. (Optional) Save your entries in the configuration file. 18-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 393
    and the maximum number of entries is in the forwarding table, specify the action that the interface takes: • deny-Drop the report. • replace-Replace the existing group with the new group for which the IGMP report was received. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 18-27
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 394
    MVR Step 4 Step 5 Step 6 Command end show running-config interface interface-id copy running switch, including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. 18-28 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 395
    describes how to configure the port-based traffic control features on the Catalyst 2960 switch. Note For complete syntax and Default Storm Control Configuration, page 19-3 • Configuring Storm Control and Threshold Levels, page 19-3 Understanding Storm Control Storm control prevents traffic on a LAN
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 396
    traffic except control traffic, such as bridge protocol data unit (BDPU) and Cisco Discovery Protocol (CDP) frames, are blocked. The graph in Figure 19-1 shows broadcast, multicast, or unicast traffic on that port is blocked. 19-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 397
    default, unicast, broadcast, and multicast storm control are disabled on the switch interfaces; that is, the suppression level is 100 percent. Configuring Storm Control and Threshold Levels You configure storm control on a port is supported on Catalyst 2960 Switch Software Configuration Guide 19-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 398
    to filter out the traffic and not to send traps. • Select the shutdown keyword to error-disable the port during a storm. • Select the trap keyword to generate an SNMP trap when a storm is detected. Return to privileged EXEC mode. 19-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 399
    protected port and a nonprotected port proceeds as usual. These sections contain this configuration information: • Default Protected Port Configuration, page 19-6 • Protected Port Configuration Guidelines, page 19-6 • Configuring a Protected Port, page 19-6 OL-8603-04 Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 400
    interface configuration command. This example shows how to configure a port as a protected port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport protected Switch(config-if)# end 19-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 401
    unicast and multicast flooding on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport block multicast Switch(config-if)# switchport block unicast Switch(config-if)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 402
    or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them. 19-8 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 403
    no shut down interface configuration commands. This is the default mode. • shutdown vlan-Use to set the security violation mode per-VLAN. In this mode, the VLAN is error disabled instead of the entire port when a violation occurs OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 404
    for Switched Port Analyzer (SPAN). • A secure port cannot belong to a Fast EtherChannel or a Gigabit EtherChannel port group. Note Voice VLAN is only supported on access ports and not on trunk ports, even though the configuration is allowed. 19-10 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 405
    secure addresses on the port to two. When the port is connected to a Cisco IP phone, the IP phone requires one MAC address. The Cisco IP phone address is in the default mode (dynamic auto) cannot be configured as a secure port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 406
    a voice VLAN. Note The voice keyword is available only if a voice VLAN is configured on a port and if that port is not the access VLAN. If an interface is configured for voice VLAN, configure a maximum of two secure MAC addresses. 19-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 407
    entire port when a violation occurs. Note When a secure port is in manually re-enable it by entering the shutdown and no shutdown interface configuration commands or by using the clear errdisable interface vlan privileged EXEC command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 408
    . Step 11 Step 12 Step 13 end show port-security copy running-config startup-config ( port and if that port is not the access VLAN. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 19-14 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 409
    on VLAN 3 on a port: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 410
    steps to configure port security aging: Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the interface to be configured, and enter interface configuration mode. 19-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 411
    displays (among other characteristics) the interface traffic suppression and control configuration. The show storm-control and show port-security privileged EXEC commands display those storm control and port security settings. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 412
    on all switch interfaces or on a specified interface with aging information for each address. show port-security interface interface-id vlan Displays the number of secure MAC addresses configured per VLAN on the specified interface. 19-18 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 413
    . The switch uses CDP to find cluster candidates and maintain information about cluster members and other devices up to three cluster-enabled devices away from the command switch by default. The switch supports CDP Version 2. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 20-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 414
    Step 4 cdp advertise-v2 Step 5 end Purpose Enter global configuration mode. ( 10 to 255 seconds; the default is 180 seconds. (Optional) Configure CDP to send Version-2 advertisements. This is the default state. Return to privileged EXEC mode. 20-2 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 415
    see Chapter 5, "Clustering Switches" and see Getting Started with Cisco Network Assistant, available on Cisco.com. Beginning in privileged has been disabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 20-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 416
    zero. Delete the CDP table of information about neighbors. Display global information, such as frequency of transmissions and the holdtime for packets being sent. 20-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 417
    , and port ID. You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. Display CDP counters, including the number of packets sent and received and checksum errors. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 20-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 418
    Monitoring and Maintaining CDP Chapter 20 Configuring CDP 20-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 419
    and learn about other Cisco devices connected to the network. To support non-Cisco devices and to allow for interoperability between other devices, the switch supports the IEEE 802.1AB layer protocols to learn about each other. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 21-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 420
    Enables advanced power management between LLDP-MED endpoint and network connectivity devices. Allows switches and phones to convey power information, such as how the device is powered, power priority, and how much power the device needs. 21-2 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 421
    LLDP global state LLDP holdtime (before discarding) LLDP timer (packet update frequency) LLDP reinitialization delay LLDP tlv-select Default Setting Enabled 120 seconds 30 seconds 2 seconds Enabled to send and receive all TLVs. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 21-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 422
    terminal Switch(config)# lldp holdtime 120 Switch(config)# lldp reinit 2 Switch(config)# lldp timer 30 Switch(config)# end For additional LLDP show commands, see the "Monitoring and Maintaining LLDP and LLDP-MED" section on page 21-7. 21-4 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 423
    to globally enable LLDP. Switch# configure terminal Switch(config)# lldp run Switch(config)# end Disabling and Enabling LLDP on an Interface LLDP is enabled by default on all supported interfaces to send and to receive LLDP information. Note If the interface is configured as a tunnel port, LLDP is
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 424
    5 Step 6 lldp transmit lldp receive end copy running-config startup-config Purpose Enter global power-management Description LLDP-MED inventory management TLV LLDP-MED location TLV LLDP-MED network policy TLV LLDP-MED power management TLV 21-6 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 425
    Step 4 Step 5 no lldp med-tlv-select tlv end copy running-config startup-config Purpose Enter global configuration mode LLDP to initialize on an interface. Display information about a specific neighbor. You can enter an asterisk (*) to display Catalyst 2960 Switch Software Configuration Guide 21-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 426
    neighbors of a specific interface or expand the display to provide more detailed information. Display LLDP counters, including the number of packets sent and received, number of packets discarded, and number of unrecognized TLVs. 21-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 427
    port and alerts you. Unidirectional links can cause a variety of problems, including spanning-tree topology loops. Modes of Operation UDLD supports two modes of operation: normal (the default) not received by the local device. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 22-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 428
    -to-live) expires. If the switch receives a new hello message before an older cache entry ages, the switch replaces the older entry with the new one. Whenever a port is disabled and UDLD is running, to receive an echo in reply. 22-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 429
    ends Switch B on the same port. If UDLD is in aggressive mode, it detects the problem and disables the port. If UDLD is in normal mode, the logical link is considered undetermined, and UDLD does not disable the interface. Switch B 98648 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 430
    the same mode is configured on both sides of the link. Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP. 22-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 431
    normal mode or to disable UDLD on a port: Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the port to be enabled for UDLD, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 22-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 432
    display the UDLD status for the specified port or for all ports, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the command output, see the command reference for this release. 22-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 433
    network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 434
    carrying the RSPAN VLAN to a destination session monitoring the RSPAN VLAN. Each RSPAN source switch must have either ports or VLANs as RSPAN sources. The destination is always a physical port, as shown on Switch C in the figure. 23-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 435
    RSPAN VLAN. To configure an RSPAN destination session on another device, you associate the destination port with the RSPAN VLAN. The destination session collects all RSPAN VLAN traffic and sends it out the RSPAN destination port. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 436
    ; the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), ingress QoS policing, and egress QoS policing. 23-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 437
    ports or VLANs for traffic in one or both directions. The switch supports any number of source ports (up to the maximum number of available ports on the switch) on a physical port as it participates in the port channel. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 438
    session or RSPAN destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports or VLANs and sends the SPAN packets to the user, usually a network analyzer. 23-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 439
    VLAN traffic only flows on trunk ports. • RSPAN VLANs must be configured in VLAN configuration mode by using the remote-span VLAN configuration mode command. • STP can run on RSPAN VLAN trunks but not on SPAN destination ports. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 440
    of monitored ports. • Multicast traffic can be monitored. For egress and ingress port monitoring, only a single unedited packet is sent to the SPAN destination port. It does not reflect the number of times the multicast packet is sent. 23-8 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 441
    information: • SPAN Configuration Guidelines, page 23-10 • Creating a Local SPAN Session, page 23-10 • Creating a Local SPAN Session and Configuring Incoming Traffic, page 23-13 • Specifying VLANs to Filter, page 23-14 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 442
    port to be a source or destination port, but the SPAN function does not start until the destination port and at least one source port or source VLAN are enabled. • You can limit SPAN traffic to specific all remote SPAN sessions. 23-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 443
    interface encapsulation method. If not selected, the default is to send packets in native form (untagged). Note You can use monitor session session_number destination command multiple times to configure multiple destination ports. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 444
    10. Switch(config)# no monitor session 2 Switch(config)# monitor session 2 source vlan 1 - 3 rx Switch(config)# monitor session 2 destination interface gigabitethernet0/2 Switch(config)# monitor session 2 source vlan 10 Switch(config)# end 23-12 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 445
    as the default VLAN. end Return to privileged EXEC mode. show monitor [session session_number] Verify the configuration. show running-config copy running-config startup-config (Optional) Save the configuration in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 446
    the source port to monitor. The interface specified must already be configured as a trunk port. monitor session session_number filter vlan Limit the SPAN source traffic to specific VLANs. enter a space before and after the hyphen. 23-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 447
    , page 23-19 • Creating an RSPAN Destination Session and Configuring Incoming Traffic, page 23-20 • Specifying VLANs to Filter, page 23-21 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 448
    VLAN on both source and destination switches and any intermediate switches. Use VTP pruning to get an efficient flow of RSPAN traffic, or manually delete the RSPAN VLAN from all trunks that do not need to carry the RSPAN traffic. 23-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 449
    Step 1 Step 2 Command configure terminal vlan vlan-id Step 3 Step 4 Step 5 remote-span end copy running-config startup-config Purpose Enter global configuration mode. Enter a VLAN ID to create a VLAN all remote SPAN sessions. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 450
    /1 tx Switch(config)# monitor session 1 source interface gigabitethernet0/2 rx Switch(config)# monitor session 1 source interface port-channel 2 Switch(config)# monitor session 1 destination remote vlan 901 Switch(config)# end 23-18 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 451
    end Step 9 show monitor [session session_number] show running-config Step 10 source RSPAN VLAN and the destination port. For interface-id, specify the destination string, encapsulation replicate is not supported for RSPAN. The original VLAN Catalyst 2960 Switch Software Configuration Guide 23-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 452
    packets with IEEE 802.1Q encapsulation with the specified VLAN as the default VLAN. • untagged vlan vlan-id or vlan vlan-id-Forward incoming packets with untagged encapsulation type with the specified VLAN as the default VLAN. 23-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 453
    the source port to monitor. The interface specified must already be configured as a trunk port. monitor session session_number filter vlan Limit the SPAN source traffic to specific VLANs. vlan a space before and after the hyphen. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 23-21
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 454
    end Displaying SPAN and RSPAN Status To display the current SPAN or RSPAN configuration, use the show monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured SPAN or RSPAN sessions. 23-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 455
    network monitoring data. You can use the RMON feature with the Simple Network Management Protocol (SNMP) agent in the switch to monitor all the traffic flowing among switches on all connected LAN segments as shown in Figure 24-1. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 24-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 456
    , page 24-3 • Configuring RMON Alarms and Events, page 24-3 (required) • Collecting Group History Statistics on an Interface, page 24-5 (optional) • Collecting Group Ethernet Statistics on an Interface, page 24-5 (optional) 24-2 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 457
    number to trigger when the rising or falling threshold exceeds its limit. • (Optional) For owner string, specify the owner of the alarm. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 24-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 458
    string used for this trap. end Return to privileged EXEC mode. The following example configures RMON alarm number 10 by using the rmon alarm command. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones 24-4 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 459
    number] [interval seconds] [owner ownername] Step 4 Step 5 Step 6 Step 7 end show running-config show rmon history copy running-config startup-config Purpose Enter global configuration , and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 24-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 460
    , see the "System Management Commands" section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. 24-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 461
    message logging on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 462
    the switch through Telnet or through the console port. service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. 25-2 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 463
    service of supported facilities, switch system message: 00:00:46: %LINK-3-UPDOWN: Interface Port Default Setting Enabled. Debugging (and numerically lower levels; see Table 25-3 on page 25-9). No filename specified. 4096 bytes. 1 message. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 464
    Step 2 Step 3 Step 4 Step 5 Command configure terminal no logging console end show running-config or show logging copy running-config startup-config Purpose Enter global use the logging on global configuration command. 25-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 465
    enabled, you can send messages to specific locations in addition to the console ended. You must perform this step for each session to see the debugging messages. Verify your entries. (Optional) Save your entries in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 466
    privileged EXEC command output with solicited device output and prompts for a specific console port line or virtual terminal line. You can identify the types of messages enter this command, the mode changes to line configuration. 25-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 467
    is 0 to 2147483647. The default is 20. end Return to privileged EXEC mode. show service timestamps log datetime global configuration command enabled: *Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 468
    with the service timestamps log uptime global configuration command enabled: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, default, the terminal receives debugging messages and numerically lower levels (see Table 25-3 on page 25-9). 25-8 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 469
    Step 7 end show running-config or show logging copy running-config startup-config Purpose Limit messages logged to the syslog servers. By default, syslog This message is only for information; switch functionality is not affected. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 470
    The default is to store one message. The range is 0 to 500 messages. end default is 100). You can clear the log at any time by entering the no logging enable command followed by the logging enable command to disable and reenable logging. 25-10 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 471
    14 temi@vty4 | exit 45 16 temi@vty5 |interface FastEthernet5/0/1 46 16 temi@vty5 | switchport mode trunk 47 16 temi@vty5 | exit OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 472
    Add a line such as the following to the file /etc/syslog.conf: local7.debug /usr/adm/logs/cisco.log The local7 keyword specifies the logging facility to be used; see Table 25-4 on page 25-13 for , enter this command more than once. 25-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 473
    For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 25-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 474
    Displaying the Logging Configuration Chapter 25 Configuring System Message Logging 25-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 475
    the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS Functions, page 26-3 • SNMP Agent Functions, page 26-4 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 476
    supports these SNMP versions: • SNMPv1-The Simple Network Management Protocol, a Full Internet Standard, defined in RFC 1157. • SNMPv2C replaces an IP address access control list and password. SNMPv2C includes a bulk retrieval mechanism and Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 477
    managers, you can configure the software to support communications using SNMPv1, SNMPv2C, or SNMPv3. set-request sent by an NMS. set-request Stores a value in a specific variable. trap An unsolicited message sent by an SNMP agent to an SNMP Catalyst 2960 Switch Software Configuration Guide 26-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 478
    port or module specific information. The results of a poll can be displayed as a graph and analyzed to troubleshoot internetworking problems, increase network performance, verify the configuration of devices, monitor traffic loads, and more. 26-4 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 479
    to send SNMP notifications as traps or informs. Note SNMPv1 does not support informs. Traps are unreliable because the receiver does not send an acknowledgment the switch is a concern and notification is not required, use traps. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 480
    SNMP Groups and Users, page 26-10 • Configuring SNMP Notifications, page 26-12 • Setting the Agent Contact and Location Information, page 26-15 • Limiting TFTP Servers Used Through SNMP, page 26-16 • SNMP Examples, page 26-17 26-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 481
    all users associated with that group. See the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 for information switch does not send informs for the auth (authNoPriv) and the priv (authPriv) authentication levels. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 482
    Command configure terminal no snmp-server end show running-config copy running-config on the device. No specific Cisco IOS command exists to enable SNMP acts like a password to permit access to the agent on the switch. Optionally, you Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 483
    ] Step 4 Step 5 Step 6 end show running-config copy running-config startup string that acts like a password and permits access to the SNMP specific community string, use the no snmp-server community string global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 484
    ip-address [udp-port port-number] engineid-string} Configure a name for either the local or remote copy of SNMP. • The engineid-string is a 24-character ID string Protocol (UDP) port on the remote device. The default is 162. 26-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 485
    called privacy). Note The priv keyword is available only when the cryptographic software image is installed. • (Optional) Enter read readview with a string (not to exceed 64 characters) that that is the name of the access list. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 486
    26-5 Switch Notification Types Notification Type Keyword bridge cluster config Description Generates STP bridge MIB traps. Generates a trap when the cluster configuration changes. Generates a trap for SNMP configuration changes. 26-12 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 487
    of these traps: Cisco specific, errors, link- default. Generates a trap for SNMP VLAN membership changes. Generates SNMP VLAN created traps. Generates SNMP VLAN deleted traps. Generates a trap for VLAN Trunking Protocol (VTP) changes. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 488
    the password-like community string sent with the notification operation. When version 3 is specified, enter the SNMPv3 username. • (Optional) For notification-type, use the keywords listed in Table 26-5 on page 26-12. If no type is specified, all notifications are sent. 26-14 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 489
    port security trap rate: Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 snmp-server trap-source interface-id snmp-server queue-length length snmp-server trap-timeout seconds end configuration command. To disable a specific trap type, use the no Catalyst 2960 Switch Software Configuration Guide 26-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 490
    -number {deny | permit} source [source-wildcard] Step 4 Step 5 Step 6 end show running-config copy running-config startup-config Purpose Enter global configuration mode. Limit TFTP ) Save your entries in the configuration file. 26-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 491
    snmp-server user authuser authgroup v3 auth md5 mypassword Switch(config)# snmp-server host 192.180.1.27 informs version 3 auth authuser config Switch(config)# snmp-server enable traps Switch(config)# snmp-server inform retries 0 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 26-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 492
    display SNMP information. For information about the fields in the displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Table 26-6 Commands for Displaying SNMP user name in the SNMP users table. 26-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 493
    services, and assist with network troubleshooting. The Catalyst 2960 switch supports only IP SLAs responder functionality and must be configured with another device that supports full IP SLAs functionality. For more information about IP SLAs, see the Cisco IOS IP SLAs Configuration Guide, Release
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 494
    measurement that immediately identifies problems and saves troubleshooting time. • Multiprotocol Label Switching (MPLS) performance monitoring and network verification (if the switch supports MPLS) This section includes this information about IP SLAs functionality: • Using Cisco IOS IP SLAs to
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 495
    responder uses the Cisco IOS IP SLAs Control Protocol to provide a mechanism through which it can be notified on which port it should listen and respond. Only a Cisco IOS device can be a source for a destination IP SLAs Responder. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 27-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 496
    can be a Cisco IOS Layer 2, responder-configurable switch, such as a Catalyst 2960 or Cisco ME 2400 switch. The responder does not need to support full IP SLAs functionality. Figure 27-1 shows where the Cisco IOS IP SLAs responder fits in the IP network. The responder listens on a specific port for
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 497
    details are included in the Cisco IOS IP SLAs Configuration Guide. It includes only the procedure for configuring the responder, ad the Catalyst 2960 switch includes only responder support. For details about configuring other operations, see he Cisco IOS IP SLAs Configuration Guide at this URL: http
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 498
    IP SLAs Responder The IP SLAs responder is available only on Cisco IOS software-based devices, including some Layer 2 switches that do not support full IP SLAs functionality, such as the Catalyst 2960 or the Cisco ME 2400 switch. Beginning in privileged EXEC mode, follow these steps to configure the
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 499
    Chapter 27 Configuring Cisco IOS IP SLAs Operations Monitoring IP SLAs Operations Monitoring IP SLAs Operations Use the User EXEC or Display IP SLAs authentication information. Display information about the IP SLAs responder. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 27-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 500
    Monitoring IP SLAs Operations Chapter 27 Configuring Cisco IOS IP SLAs Operations 27-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 501
    (auto-QoS) commands or by using standard QoS commands on the Catalyst 2960 switch. With QoS, you can provide preferential treatment to certain types of traffic at the expense of others. Without QoS, the switch offers best-effort service to each packet, regardless of the packet contents or size. It
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 502
    ports Services Code Point (DSCP) value. QoS supports the use of either value because DSCP values are backward-compatible with IP precedence values. IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Note IPv6 QoS is not supported in this release. 28-2 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 503
    ) Encapsulated frame 1... (24.5 KB) 3 bits used can construct an end-to-end QoS solution. service as the packets move through the switch switch also needs to ensure that traffic sent from it meets a specific traffic profile (shape). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 504
    Scheduling services the four egress queues based on their configured SRR shared or shaped weights. One of the queues (queue 1) can be the expedited queue, which is serviced until empty before the other queues are serviced. Basic QoS Model 28-4 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 505
    on the maps described in this section, see the "Mapping Tables" section on page 28-11. For configuration information on port trust states, see the "Configuring Classification Using Port Trust States" section on page 28-34. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 506
    -profile action configured for this policer. Mark Drop Drop packet. Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done 86835 28-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 507
    , the switch enters the policy-map configuration mode. In this mode, you specify the actions to take on a specific traffic class by using the class, trust, or set policy-map configuration and policy-map class configuration commands. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 508
    you attach it to a port by using the service-policy interface configuration command. For Ports by Using Policy Maps" section on page 28-46 and the "Classifying, Policing, and Marking Traffic by Using Aggregate Policers" section on page 28-49. 28-8 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 509
    Chapter 28 Configuring QoS Understanding QoS Policing on Physical Ports In policy maps on physical ports, you can create these types of policers: • Individual-QoS applies mls qos aggregate-policer global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 510
    shows the policing and marking process. Figure 28-4 Policing and Marking Flowchart on Physical Ports Start Get the clasification result for the packet. Is a policer configured No for . Generate a new QoS label. Done 86835 28-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 511
    default policed-DSCP map are null maps; they map an incoming DSCP value to the same DSCP value. The DSCP-to-DSCP-mutation map is the only map you apply to a specific port. All other maps apply to the entire switch on page 28-16. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 512
    The switch has queues at specific switch fabric. Because multiple ingress ports can simultaneously send packets to an egress port and cause congestion, outbound queues are located after the internal ring. Weighted switch drops it. 28-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 513
    "Allocating Bandwidth Between the Ingress Queues" section on page 28-60, the "Configuring SRR Shaped Weights on Egress Queues" section on page 28-66, and the "Configuring SRR Shared Weights on Egress Queues" section on page 28-67. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 514
    using the mls qos srr-queue input priority-queue global configuration command. The expedite queue has guaranteed bandwidth. 1. The switch uses two nonconfigurable queues for traffic that is essential for proper network operation. 28-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 515
    "Weighted servicing the queue more frequently, and by adjusting queue thresholds so that packets with lower priorities are dropped. For configuration information, see the "Configuring Ingress Queue Characteristics" section on page 28-57. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 516
    1) can be the egress expedite queue. These queues are assigned to a queue-set. All traffic exiting the switch flows through one of these four queues and is subjected to a threshold based on the QoS label assigned to the packet. 28-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 517
    switch drops the frame. Figure 28-9 Egress Queue Buffer Allocation Common pool Port 1 queue 1 Port 1 queue 2 Port 1 queue 3 Port 1 queue 4 Port 2 queue 1 Port queue 1 and 10 percent to queues switch to a queue and to a threshold. Specifically Catalyst 2960 Switch Software Configuration Guide 28-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 518
    EXEC command. The queues use WTD to support distinct drop percentages for different traffic classes. Weighted Tail Drop" section on page 28-12. Shaped or Shared Mode SRR services each queue-set in shared or shaped mode. You map a port Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 519
    Auto-QoS Configuration, page 28-20 • Effects of Auto-QoS on the Configuration, page 28-24 • Auto-QoS Configuration Guidelines, page 28-25 • Enabling Auto-QoS for VoIP, page 28-25 • Auto-QoS Configuration Example, page 28-27 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 520
    the switch enables the trusted boundary feature. The switch uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP Phone. When a Cisco IP Phone is detected, the ingress classification on the port is set to 28-20 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 521
    threshold 3 3 6 7 Switch(config)# mls qos srr-queue output cos-map queue 3 threshold 3 2 4 Switch(config)# mls qos srr-queue output cos-map queue 4 threshold 2 1 Switch(config)# mls qos srr-queue output cos-map queue 4 threshold 3 0 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 522
    -queue 2 Switch(config)# mls qos srr-queue input bandwidth 90 10 Switch(config)# mls qos srr-queue input threshold 1 8 16 Switch(config)# mls qos srr-queue input threshold 2 34 66 Switch(config)# mls qos srr-queue input buffers 67 33 28-22 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 523
    the switch automatically applies the policy map called AutoQoS-Police-SoftPhone to an ingress interface on which auto-QoS with the Cisco SoftPhone feature is enabled. Switch(config-if)# service-policy input AutoQoS-Police-SoftPhone OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 524
    with the Cisco Phone feature is enabled. Switch(config-if)# service-policy input AutoQoS switch without saving the current configuration to memory. If the generated commands fail to be applied, the previous running configuration is restored. 28-24 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 525
    Cisco IP Phone, the port that is connected to a device running the Cisco SoftPhone feature, or the uplink port that is connected to another trusted switch or router in the interior of the network, and enter interface configuration mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 526
    how to enable auto-QoS and to trust the QoS labels received in incoming packets when the switch or router connected to a port is a trusted device: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# auto qos voip trust 28-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 527
    to IP phones IP Cisco IP phones 101234 Figure 28-10 shows a network in which the VoIP traffic is prioritized over all other traffic. Auto-QoS is enabled on the switches in the wiring closets at the edge of the QoS domain. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-27
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 528
    ports as are connected to the Cisco IP Phone. Specify the switch port identified as connected to a trusted switch or router, and enter interface configuration mode. See Figure 28-10. Enable auto-QoS on the port, and specify that the port Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 529
    , page 28-32 • Enabling QoS Globally, page 28-33 (required) • Configuring Classification Using Port Trust States, page 28-34 (required • Configuring a QoS Policy, page 28-40 (required Queue Characteristics, page 28-62 (optional) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-29
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 530
    ID-Threshold ID 1-1 2-1 1-1 Table 28-8 shows the default DSCP input queue threshold map when QoS is enabled. Table 28-8 Default DSCP Input Queue Threshold Map DSCP Value 0-39 40-47 48-63 Queue ID-Threshold ID 1-1 2-1 1-1 28-30 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 531
    1-1 4-1 Table 28-11 shows the default DSCP output queue threshold map when QoS is enabled. Table 28-11 Default DSCP Output Queue Threshold Map DSCP Value 0-15 16-31 32-39 40-47 48-63 Queue ID-Threshold ID 2-1 3-1 4-1 1-1 4-1 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-31
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 532
    are supported. input service policy port; there is no guarantee that a port will be assigned to any policer. • Only one policer is applied to a packet on an ingress port. Only the average rate and committed burst parameters are configurable. 28-32 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 533
    physical ports; there is no support for it at the VLAN or switch end show mls qos copy running-config startup-config Purpose Enter global configuration mode. Enable QoS globally. QoS runs with the default settings described in the "Default Catalyst 2960 Switch Software Configuration Guide 28-33
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 534
    within the QoS domain. Figure 28-11 shows a sample network topology. Figure 28-11 Port Trusted States within the QoS Domain Trusted interface Trunk Traffic classification performed here P3 P1 IP Trusted boundary 28-34 Catalyst 2960 Switch Software Configuration Guide 101236 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 535
    to change the default CoS value, see the "Configuring the CoS Value for an Interface" section on page 28-36. For information on how to configure the CoS-to-DSCP map, see the "Configuring the CoS-to-DSCP Map" section on page 28-52. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-35
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 536
    to the switch should be trusted to ensure that voice traffic is properly prioritized over other types of traffic in the network. By using the mls qos trust cos interface configuration command, you configure the switch port to which 28-36 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 537
    . Configure the switch port to trust the CoS value in traffic received from the Cisco IP Phone. or Configure the routed port to trust the DSCP value in traffic received from the Cisco IP Phone. By default, the port is not Step 6 Step 7 Step 8 Step 9 mls qos trust device cisco-phone end show mls
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 538
    default, DSCP transparency is disabled. The switch modifies the DSCP field in an incoming packet, and the DSCP field in the outgoing packet is based on the quality of service (QoS) configuration, including the port other domain. 28-38 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 539
    dscp-mutation dscp-mutation-name Step 6 Step 7 Step 8 end show mls qos maps dscp-mutation copy running-config startup- port. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 540
    Traffic by Using Class Maps, page 28-44 • Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps, page 28-46 • Classifying, Policing, and Marking Traffic by Using Aggregate Policers, page 28-49 28-40 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 541
    rejected. Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 128.88.0.0 0.0.255.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 ! (Note: all other access implicitly denied) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-41
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 542
    host 10.1.1.2 precedence 5 This example shows how to create an ACL that permits PIM traffic from any source to a destination group address of 224.0.0.2 with a DSCP set to 32: Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32 28-42 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 543
    reaching the end. end Return to Switch(config-ext-macl)# permit 0001.0000.0001 0.0.0 0002.0000.0001 0.0.0 Switch(config-ext-macl)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp ! (Note: all other access implicitly denied) OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 544
    a specific traffic Traffic on Physical Ports by Using Policy default, the end of the access default is match-all. Note Because only one match command per class map is supported, the match-all and match-any keywords function the same. 28-44 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 545
    10, 11, and 12. Switch(config)# class-map class2 Switch(config-cmap)# match ip dscp 10 11 12 Switch(config-cmap)# end Switch Switch(config)# class-map class3 Switch(config-cmap)# match ip precedence 5 6 7 Switch(config-cmap)# end Switch# OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 546
    the switch configuration. • Beginning with Cisco IOS Release 12.2(40)SE, a policy-map and a port default is match-all. Note Because only one match command per class map is supported, the match-all and match-any keywords function the same. 28-46 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 547
    CoS value; for non-IP packets that are untagged, QoS derives the DSCP value by using the default port CoS value. In either case, the DSCP value is derived from the CoS-to-DSCP map. to the classified traffic. The range is 0 to 7. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-47
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 548
    on the policed-DSCP map) and sent: Switch(config)# access-list 1 permit 10.1.0.0 0.0.255.255 Switch(config)# class-map ipclass1 Switch(config-cmap)# match access-group 1 Switch(config-cmap)# exit Switch(config)# policy-map flow1t 28-48 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 549
    a policer that is shared by multiple traffic classes within the same policy map. However, you cannot use the aggregate policer across different policy maps or ports. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-49
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 550
    policy map. By default, no aggregate policer is defined. For information on the number of policers supported, see the "Standard port to attach to the policy map, and enter interface configuration mode. Valid interfaces include physical ports. 28-50 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 551
    Step 9 service-policy input policy-map-name Step 10 Step 11 Step 12 end show mls qos aggregate-policer [aggregate-policer-name] copy running-config startup-config Purpose Specify the policy-map name, and apply it to an ingress port. Only one policy map per ingress port is supported. Return to
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 552
    to all ports. Configuring default CoS-to-DSCP map. Table 28-12 Default CoS-to-DSCP Map CoS Value 0 1 2 3 4 5 6 7 DSCP Value 0 8 16 24 4 Step 5 end show mls qos default map, use the no mls qos cos-dscp global configuration command. 28-52 Catalyst 2960 Switch Software Configuration Guide OL-
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 553
    DSCP range is 0 to 63. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To return to the default map, use the no mls qos ip-prec-dscp global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-53
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 554
    2 : 20 21 22 23 24 25 26 27 28 29 3 : 30 31 32 33 34 35 36 37 38 39 4 : 40 41 42 43 44 45 46 47 48 49 5 : 00 00 00 00 00 00 00 00 58 59 6 : 60 61 62 63 28-54 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 555
    default DSCP-to-CoS map. Table 28-14 Default DSCP-to-CoS Map DSCP Value 0-7 8-15 16-23 24 qos map dscp-cos dscp-list to cos end show mls qos maps dscp-to-cos default map, use the no mls qos dscp-cos global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-55
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 556
    spaces. Then enter the to keyword. • For out-dscp, enter a single DSCP value. The DSCP range is 0 to 63. Specify the port to which to attach the map, and enter interface configuration mode. Valid interfaces include physical ports. 28-56 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 557
    Switch(config-if)# end Switch# show mls qos maps dscp-mutation mutation1 Dscp-dscp mutation map: mutation1: d1 : d2 0 1 2 3 4 5 6 7 8 9 0 : 00 00 00 00 00 00 00 00 10 10 1 : 10 10 10 10 14 15 16 17 18 19 2 : 20 20 20 23 24 queues? OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-57
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 558
    id threshold-percentage1 threshold-percentage2 end Purpose Enter global configuration mode. Map DSCP or CoS values to an ingress queue and to a threshold ID. By default, DSCP values 0-39 and queue. Return to privileged EXEC mode. 28-58 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 559
    Step 3 end Purpose Enter global configuration mode. Allocate the buffers between the ingress queues By default 90 percent of the buffers are allocated to queue 1, and 10 percent of bursty traffic. Return to privileged EXEC mode. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-59
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 560
    end weight global configuration command. Then, SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights default setting, use the no mls qos srr-queue input bandwidth global configuration command. 28-60 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 561
    , use the no mls qos srr-queue input priority-queue queue-id global configuration command. To disable priority queueing, set the bandwidth weight to 0, for example, mls qos srr-queue input priority-queue queue-id bandwidth 0. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-61
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 562
    Switch(config)# mls qos srr-queue input priority-queue 1 bandwidth 10 Switch egress queues per port), and how much serviced based on their SRR weights: • If the egress expedite queue is enabled, it overrides the SRR shaped and shared weights Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 563
    to support distinct drop percentages for different traffic classes. Note The egress queue default 1 to 2. Each port belongs to a queue-set, which defines all the characteristics of the four egress queues per port. • For allocation1 ... Catalyst 2960 Switch Software Configuration Guide 28-63
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 564
    end port). By default specific queue Switch(config)# mls qos queue-set output 2 buffers 40 20 20 20 Switch(config)# mls qos queue-set output 2 threshold 2 40 60 100 200 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# queue-set 2 28-64 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 565
    service into certain queues end show default DSCP output queue threshold map or the default CoS output queue threshold map, use the no mls qos srr-queue output dscp-map or the no mls qos srr-queue output cos-map global configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 566
    2, 3, and 4 are set to 0, these queues operate in shared mode. The bandwidth weight for queue 1 is 1/8, which is 12.5 percent: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth shape 8 0 0 0 28-66 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 567
    queue 4 has four times the bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times the bandwidth of queue 3. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth share 1 2 3 4 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-67
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 568
    on an egress port. This procedure is optional. Step 1 Step 2 Command configure terminal interface interface-id Purpose Enter global configuration mode. Specify the port to be rate limited, and enter interface configuration mode. 28-68 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 569
    end show mls qos interface [interface-id] queueing copy running-config startup-config Purpose Specify the percentage of the port speed to which the port should be limited. The range is 10 to 90. By default, the port egress queues. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 28-69
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 570
    EXEC command to display classification information for incoming traffic. The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored. Display the DSCP transparency setting. 28-70 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 571
    Version 6 (IPv6) is the network-layer Internet Protocol intended to replace Version 4 (IPv4) in the TCP/IP suite of protocols. This chapter describes how to configure IPv6host functions on the Catalyst 2960 switch. For information about configuring IPv6 Multicast Listener Discovery (MLD) snooping
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 572
    , go to the "Implementing Addressing and Basic Connectivity" section of "The Cisco IOS IPv6 Configuration Library" at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b. html 29-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 573
    /products_feature_guide09186a00807fcf4b. html Each IPv6 host interface can support up to three addresses in hardware (one aggregatable global unicast address, one link-local unicast address, and zero or more privacy addresses). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 574
    autoconfiguration using Dynamic Host Configuration Protocol (DHCP) v6. The switch supports stateless autoconfiguration to manage link, subnet, and site addressing changes, such as management of host and mobile IP addresses. 29-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 575
    an interface and the link-local prefix FE80::/10. A link-local address enables a node global IPv6 addresses without the need for manual configuration or the help of a server IPv6 protocol stacks. The Cisco IOS software supports the dual IPv4 and Catalyst 2960 Switch Software Configuration Guide 29-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 576
    supported. • In dual IPv4 and IPv6 environments, the switch applies IPv4 QoS and ACLs in hardware. Note If you do not plan to use IPv6, do not use the dual stack template because this template results in less TCAM capacity for each resource. 29-6 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 577
    0 0 0 Configuring IPv6 These sections contain this IPv6 forwarding configuration information: • Default IPv6 Configuration, page 29-8 • Configuring IPv6 ICMP Rate Limiting, page 29-8 • Configuring Static Routes for IPv6, page 29-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 578
    10. Beginning in privileged EXEC mode, follow these steps to change the ICMP rate-limiting parameters: Step 1 Step 2 Command configure terminal ipv6 icmp error-interval interval [bucketsize] Step 3 Step 4 Step 5 end file. 29-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 579
    static routes are not automatically updated, as with a dynamic routing protocol, and must be manually reconfigured if the network topology changes. Static routes are useful for smaller networks with only route is used in its place. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 580
    also be an adjacent router). Step 3 end • administrative distance-(Optional) An administrative distance. The range is 1 to 254; the default value is 1, which gives static routes precedence . Return to privileged EXEC mode. 29-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 581
    for IPv6" chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel switch. Display the IPv6 route table entries. Display IPv6 static routes. Display IPv6 traffic statistics. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 582
    : Switch# show ipv6 static IPv6 Static routes Code: * - installed in Switch# show ipv6 route IPv6 Routing Table - Default - 1 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route L FF00::/8 [0/0] via Null0, receive 29-12 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 583
    84 neighbor solicit, 84 neighbor advert UDP statistics: Rcvd: 0 input, 0 checksum errors, 0 length errors 0 no port, 0 dropped Sent: 26749 output TCP statistics: Rcvd: 0 input, 0 checksum errors Sent: 0 output, 0 retransmitted OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 29-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 584
    Displaying IPv6 Chapter 29 Configuring IPv6 Host Functions 29-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 585
    With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 586
    Messages MLDv1 supports three types of messages: • Listener Queries are the equivalent of IGMPv2 queries and are either General Queries or Multicast-Address-Specific Queries (MASQs addresses are ignored by MLD routers and switches. 30-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 587
    port aging is based on a default timer of 5 minutes; the multicast router is deleted from the router port list if no control packet is received on the port for 5 minutes. • IPv6 multicast router discovery only takes place when MLD snooping is enabled on the switch. OL-8603-04 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 588
    -interval global configuration command. If the deleted port is the last member of the multicast address, the multicast address is also deleted, and the switch sends the address leave information to all detected multicast routers. 30-4 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 589
    Router Port, page 30-8 • Enabling MLD Immediate Leave, page 30-9 • Configuring MLD Snooping Queries, page 30-10 • Disabling MLD Listener Message Suppression, page 30-11 Default MLD VLAN value is 0, the VLAN uses the global count. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 30-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 590
    enable MLD snooping on the switch: Step 1 Step 2 Step 3 Command configure terminal ipv6 mld snooping end Purpose Enter global configuration mode. Globally enable MLD snooping on the switch. Return to privileged EXEC mode. 30-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 591
    the Catalyst 2960 switch to receive queries on the VLAN. For normal-range VLANs (1 to 1005), it is not necessary to enable IPv6 MLD snooping on the VLAN on the Catalyst 6500 switch. Step 1 Step 2 Step 3 Command configure terminal ipv6 mld snooping ipv6 mld snooping vlan vlan-id Step 4 end Step
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 592
    router port (add a static connection to a multicast router), use the ipv6 mld snooping vlan mrouter global configuration command on the switch. Note Static connections to multicast routers are supported only on switch ports. 30-8 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 593
    can be a physical interface or a port channel. The port-channel range is 1 to 48. end Return to privileged EXEC mode. show ipv6 Switch# configure terminal Switch(config)# ipv6 mld snooping vlan 130 immediate-leave Switch(config)# exit OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 594
    sent. The range is from 1 to 10; the default is 2. Return to privileged EXEC mode. (Optional) Verify that the MLD snooping querier information for the switch or for the VLAN. (Optional) Save your entries in the configuration file. 30-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 595
    suppression end show ports and VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for MLD snooping. To display MLD snooping information, use one or more of the privileged EXEC commands in Table 30-2. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 596
    the IPv6 address and incoming port for the most-recently received switch or for a VLAN. show ipv6 mld snooping multicast-address vlan Display MLD snooping for the specified VLAN and IPv6 multicast vlan-id [ipv6-multicast-address] address. 30-12 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 597
    Overview, page 31-2 • Port-Channel Interfaces, page 31-3 • Port Aggregation Protocol, page 31-4 • Link Aggregation Control Protocol, page 31-5 • EtherChannel On Mode, page 31-6 • Load Balancing and Forwarding Methods, page 31-6 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 598
    , no negotiations take place. The switch forces all compatible ports to become active in the EtherChannel. The other end of the channel (on the other switch) must also be configured in the on mode; otherwise, packet loss can occur. 31-2 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 599
    configuration. To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 600
    a physical port connected to a silent partner prevents that switch port from ever becoming operational. However, the silent setting allows PAgP to operate, to attach the port to a channel group, and to use the port for transmission. 31-4 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 601
    form an EtherChannel with another port that is in the active or passive mode. • A port in the passive mode cannot form an EtherChannel with another port that is also in the passive mode because neither port starts LACP negotiation. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 602
    forwarding is better suited on a particular switch. With source-and-destination MAC-address forwarding, packets sent from host A to host B, host A to host C, and host C to host B could all use different ports in the channel. 31-6 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 603
    A to IP address C, and from IP address C to IP address B could all use different ports in the channel. Different load-balancing methods have different advantages, and the choice of a particular load- in better load balancing. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 604
    changes applied to the port-channel interface apply to all the physical ports assigned to the port-channel interface, and configuration changes applied to the physical port affect only the port where you apply the configuration. 31-8 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 605
    ports in the group: - Allowed-VLAN list - Spanning-tree path cost for each VLAN - Spanning-tree port priority for each VLAN - Spanning-tree Port Fast setting • Do not configure a port to be a member of more than one EtherChannel group. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 606
    up to eight ports of the same type and speed for the same group. For a LACP EtherChannel, you can configure up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. 31-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 607
    for the switch and its partner, see the "PAgP Modes" section on page 31-4 and the "LACP Modes" section on page 31-5. end Return to privileged port from the EtherChannel group, use the no channel-group interface configuration command. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 608
    source-MAC address of the incoming packet. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. 31-12 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 609
    interoperability with devices that only support address learning by physical ports. When the link partner of the Catalyst 2960 switch is a physical learner (such as a Catalyst 1900 series switch), we recommend that you configure the Catalyst 2960 switch as a physical-port learner by using the pagp
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 610
    number In priority comparisons, numerically lower values have higher priority. The priority decides which ports should be put in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating. 31-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 611
    hot-standby ports that have lower port numbers become active in the channel first. You can use the show etherchannel summary privileged EXEC command to see which ports are in the hot-standby mode (denoted with an H port-state flag). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 612
    2 Command configure terminal interface interface-id Step 3 lacp port-priority priority Step 4 Step 5 Step 6 end show running-config or show lacp [channel-group-number] group-number counters | counters} privileged EXEC command. 31-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 613
    4. Port 3 and port 4 are the downstream interfaces in link-state group 2. - Port 5 and port 6 are connected to distribution switch 2 through link-state group 2. Port 5 and port 6 are the upstream interfaces in link-state group 2. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 614
    to the secondary interface. You can recover a downstream interface link-down condition by removing the failed downstream port from the link-state group. To recover multiple downstream interfaces, disable the link-state group. 31-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 615
    ports: • Default Link-State Tracking Configuration, page 31-20 • Link-State Tracking Configuration Guidelines, page 31-20 • Configuring Link-State Tracking, page 31-20 • Displaying Link-State Tracking Status, page 31-21 Server 4 141680 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 616
    1 downstream Switch(config-if)# interface gigabitethernet0/3 Switch(config-if)# link state group 1 downstream Switch(config-if)# interface gigabitethernet0/5 Switch(config-if)# link state group 1 downstream Switch(config-if)# end 31-20 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 617
    display information about all link-state groups. Enter the group number to display information specific to the group. Enter the detail keyword to display detailed information about the group. command reference for this release. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 31-21
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 618
    Configuring Link-State Tracking Chapter 31 Configuring EtherChannels and Link-State Tracking 31-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 619
    and solve problems. Additional troubleshooting information, such as LED descriptions, is provided in the hardware installation guide. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the Cisco IOS Commands Master
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 620
    2928176 Apr 21 12:01 c2960-lanbase-mz.122-25.FX/c2960-lanbase-mz.122-25.FX.bin Connect your PC with terminal-emulation software supporting the Xmodem Protocol to the switch console port. Set the line speed on the emulation software to 9600 baud. Unplug the switch power cord. Press the Mode button
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 621
    . Recovering from a Lost or Forgotten Password The default configuration for the switch allows an end user with physical access to the switch to recover from a lost password by interrupting the boot process during power-on and by entering a new password. These recovery procedures require that you
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 622
    30:48 c2960-lanbase-mz.122-25.FX Mar 01 1993 22:31:59 config.text Mar 01 1993 02:21:30 vlan.dat 16128000 bytes total (10003456 bytes free) Rename the configuration file to config.text.old. This file contains the password definition. 32-4 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 623
    password Step 12 The secret password can be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, and allows spaces but ignores leading spaces. Return to privileged EXEC mode: Switch (config)# exit Switch# OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 624
    with password recovery and lose the existing configuration: Would you like to reset the system back to the default configuration (y/n)? Y Load any helper files: Switch: load_helper Display the contents of flash memory: switch: dir flash: 32-6 Catalyst 2960 Switch Software Configuration Guide OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 625
    a redundant command switch group by using the Hot Standby Router Protocol (HSRP). For more information, see Chapter 5, "Clustering Switches." Also see the Getting Started with Cisco Network Assistant, available on Cisco.com. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 626
    the console port, see the switch hardware installation guide. At the switch prompt, enter privileged EXEC mode: Switch> enable Switch# Enter the password of the failed command switch. Enter global configuration mode. Switch# configure terminal Enter configuration commands, one per line. End with
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 627
    , enter N, press Return, and begin again at Step 9. Start your browser, and enter the IP address of the new command switch. From the Cluster menu, select Add to Cluster to display a list of candidate switches to add to the cluster. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 628
    leading spaces. When prompted for the enable secret and enable passwords, enter the passwords of the failed command switch again. When prompted, make sure to enable the switch as the cluster command switch, and press Return. 32-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 629
    on both ends of the connection. Note If a remote device does not autonegotiate, configure the duplex settings on the two ports to match. The speed parameter can adjust itself even if the connected port does not autonegotiate. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 630
    system message guide for this release. If you are using a non-Cisco SFP module, remove the SFP module from the switch, and replace it with a Cisco module. After inserting a Cisco SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 631
    network server timed out while waiting for a reply. A destination unreachable error PDU was received. A congestion experienced packet was received. User interrupted test. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 632
    enter the traceroute mac or the traceroute mac ip privileged EXEC command on a switch that is not in the physical path from the source device to the destination device. All switches in the path must be reachable from this switch. 32-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 633
    to one port through hubs (for example, multiple CDP neighbors are detected on a port), the Layer 2 traceroute feature is not supported. When more than one CDP neighbor is detected on a port, the on the way to the destination. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 32-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 634
    , traceroute sets the UDP destination port number in the datagram to a supported in this release. This example shows how to perform a traceroute to an IP host: Switch# traceroute ip 171.9.15.10 10 132 msec 128 msec 128 msec Switch# 32-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 635
    . Port unreachable. To end a trace in progress, enter the escape sequence (Ctrl-^ X by default). supported only on 10/100 and 10/100/1000 copper Ethernet ports. It is not supported on SFP module ports. TDR can detect these cabling problems Catalyst 2960 Switch Software Configuration Guide 32-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 636
    to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support Switched Port Analyzer (SPAN): Switch# debug span-session The switch continues to generate output until you enter the no form of the command. 32-18 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 637
    diminish switch performance or even render it unusable. In virtually all cases, it is best to use more specific debug this default, you can use a virtual terminal connection to monitor debug output instead of connecting to the console port. Catalyst 2960 Switch Software Configuration Guide 32-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 638
    0005 0001.0001.0001 0002.0002.0002 Packet 10 Lookup Key-Used OutptACL 50_0D020202_0D010101-00_40000014_000A0000 Packet dropped due to failed DEJA_VU Check on Gi0/2 Index-Hit A-Data 01FFE 03000000 32-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 639
    01FFE 03000000 Port Gi0/2 Vlan SrcMac DstMac Cos Dscpv 0005 0001.0001.0001 0009.43A8.0145 Using the crashinfo Files The crashinfo files save information that helps Cisco technical support representatives to debug problems that caused the Cisco IOS image to fail (crash). The switch writes the
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 640
    of the switch failure. You provide this information to the Cisco technical support representative by manually accessing the switch to not create the extended creashinfo file by using the no exception crashinfo global configuration command. 32-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 641
    -ERR-DISABLE-MIB • CISCO-FLASH-MIB (Flash memory on all switches is modeled as removable flash memory.) • CISCO-FTP-CLIENT-MIB • CISCO-IGMP-FILTER-MIB • CISCO-IMAGE-MIB • CISCO IP-STAT-MIB • CISCO-LAG-MIB • CISCO-MAC-NOTIFICATION-MIB OL-8603-04 Catalyst 2960 Switch Software Configuration Guide A-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 642
    • OLD-CISCO-TS-MIB • RFC1213-MIB (Functionality is as per the agent capabilities specified in the CISCO-RFC1213-CAPABILITY.my.) • RMON-MIB • RMON2-MIB • SNMP-FRAMEWORK-MIB • SNMP-MPD-MIB • SNMP-NOTIFICATION-MIB • SNMP-TARGET-MIB • SNMPv2-MIB Catalyst 2960 Switch Software Configuration Guide A-2 OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 643
    also use this URL for a list of supported MIBs for the Catalyst 2960 switch: ftp://ftp.cisco.com/pub/mibs/supportlists/cat2960/cat2960-supportlist.htmlYou can access other information about MIBs and Cisco products on the Cisco web site: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 644
    Using FTP to Access the MIB Files Appendix A Supported MIBs Catalyst 2960 Switch Software Configuration Guide A-4 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 645
    X Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Catalyst 2960 switch flash file system, how to copy configuration files, and how to archive (upload and download) software images to a standalone switch. Note For complete
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 646
    Cisco IOS File System, Configuration Files, and Software Images Displaying Available File Systems To display the available file systems on your switch (for example, the system) or a download interface, such as brimux. unknown-The file Catalyst 2960 Switch Software Configuration Guide B-2 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 647
    Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Setting the Default File System You can specify the file system or directory that the system uses as the default about a specific file. Display Catalyst 2960 Switch Software Configuration Guide B-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 648
    Cisco IOS that were installed by using the archive download-sw password]@location]/directory]/filename • RCP-rcp:[[//username@location]/directory]/filename • TFTP-tftp:[[//location]/directory]/filename Local writable file systems include flash:. Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 649
    Instead of using the copy privileged EXEC command or the archive tar privileged EXEC command, we recommend using the archive download-sw and archive upload-sw privileged EXEC commands to download and upload software image files. . OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-5
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 650
    display the contents of a switch tar file that is in flash memory: Switch# archive tar /table flash:c2960-lanbase-mz.122-25.FX.tar info (219 bytes) c2960-lanbase-mz.122-25.FX/ (directory) c2960-lanbase-mz.122-25.FX/html/ (directory) Catalyst 2960 Switch Software Configuration Guide B-6 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 651
    file on a TFTP server: Switch# more tftp://serverA/hampton/savedconfig ! ! Saved configuration on server ! version 11.3 service timestamps log datetime localtime service linenumber service udp-small-servers service pt-vty-logging OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 652
    Configuration files can contain some or all of the commands needed to configure one or more switches. For example, you might want to download the same configuration file to several switches that have the same hardware configuration. Catalyst 2960 Switch Software Configuration Guide B-8 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 653
    to the appropriate server location. For example, copy the file to the TFTP directory on the workstation (usually /tftpboot on a UNIX workstation). OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-9
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 654
    had to create one) on the server, ensure that the permissions on the file are set correctly. Permissions on the file should be world-write. B-10 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 655
    shows how to upload a configuration file from a switch to a TFTP server: Switch# copy system:running-config tftp://172.16.2.155/tokyo-confg Write file tokyo-confg on host 172.16.2.155? [confirm] y # Writing tokyo-confg!!! [OK] OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-11
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 656
    password on each FTP request to a server. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS the one that you want to use for the FTP download. You can enter the show users privileged EXEC command to Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 657
    on the remote server with an IP address of 172.16.101.101 to the switch startup configuration. Switch# configure terminal Switch(config)# ip ftp username netadmin1 Switch(config)# ip ftp password mypass Switch(config)# end OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-13
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 658
    by using FTP to copy the file: Switch# configure terminal Switch(config)# ip ftp username netadmin2 Switch(config)# ip ftp password mypass Switch(config)# end Switch# copy nvram:startup-config ftp: Remote host[]? 172.16.101.101 B-14 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 659
    with each RCP request to a server. When you copy a configuration file from the switch to a server, the Cisco IOS software sends the first valid username in this list: • The username specified in the during all copy operations. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 660
    on the switch: Switch# copy rcp://[email protected]/host1-confg system:running-config Configure using host1-confg from 172.16.101.101? [confirm] Connected to 172.16.101.101 Loading 1112 byte file host1-confg:![OK] Switch# B-16 Catalyst 2960 Switch Software Configuration Guide OL-8603
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 661
    -confg Write file switch-confg on host 172.16.101.101?[confirm] Building configuration...[OK] Connected to 172.16.101.101 Switch# This example shows how to store a startup configuration file on a server: Switch# configure terminal OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 662
    remote-username netadmin2 Switch(config)# end Switch# copy nvram:startup-config rcp: Remote host[]? 172.16.101.101 Name of configuration file to write [switch2-confg]? Write file switch2-confg on host 172.16.101.101?[confirm] ![OK] B-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 663
    and Rollback To use the configuration replacement and rollback feature, you should understand these concepts: • Archiving a Configuration, page B-20 • Replacing a Configuration, page B-20 • Rolling Back a Configuration, page B-20 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 664
    the changes by using the configure replace target-url command. You can specify any saved configuration file as the rollback configuration. You are not limited to a fixed number of rollbacks, as is the case in some rollback models. B-20 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 665
    . Valid values are from 1 to 14. The default is 10. Note Before using this command, you must first enter the path archive configuration command to specify the location and filename prefix for the files in the configuration archive. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-21
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 666
    with the Cisco IOS File System, Configuration Files, and Software Images Command Step 5 time-period minutes Step 6 Step 7 Step 8 end show running- changing the running configuration during a configuration replacement operation. B-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 667
    on the Switch, page B-24 • tar File Format of Images on a Server or Cisco.com, page B-24 • Copying Image Files By Using TFTP, page B-25 • Copying Image Files By Using FTP, page B-28 • Copying Image Files By Using RCP, page B-33 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-23
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 668
    with Cisco IOS release 12.2(35)SE, the archive download-sw C2960 stacking_number:1.11 board_ids:0x00000034 0x00000042 0x00000037 0x00000041 0x0000003c info_end: Note Disregard the stacking_number field. It does not apply to the switch. B-24 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 669
    image with the new one or keep the current image after a download. You upload a switch image file to a server for backup purposes; this uploaded image can be used for future downloads to the same or another switch of the same type. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-25
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 670
    that the permissions on the file are set correctly. Permissions on the file should be world-write. Downloading an Image File By Using TFTP You can download a new image file and replace the current image or keep the current image. B-26 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 671
    option. If you specify the /leave-old-sw, the existing files are not removed. If there is not enough space to install the new image and keep the running image, the download process stops, and an error message is displayed. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-27
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 672
    or upload the image from the switch to an FTP server. You download a switch image file from a server to upgrade the switch software. You can overwrite the current image with the new one or keep the current image after a download. B-28 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 673
    client to send a remote username and password on each FTP request to a server. When you copy an image file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: • The username specified in the archive download-sw or archive upload-sw privileged
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 674
    . This step is required only if you override the default remote username or password (see Steps 4, 5, and 6). (Optional) Change the default remote username. (Optional) Change the default password. Return to privileged EXEC mode. B-30 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 675
    option. If you specify the /leave-old-sw, the existing files are not removed. If there is not enough space to install the new image and keep the running image, the download process stops, and an error message is displayed. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-31
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 676
    "Preparing to Download or Upload a Configuration File By Using FTP" section on page B-12. Log into the switch through the console port or a Telnet session. configure terminal Enter global configuration mode. This step is required only if you override the default remote username or password (see
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 677
    specified in the archive download-sw or archive upload-sw privileged EXEC command if a username is specified. • The username set by the ip rcmd remote-username username global configuration command if the command is entered. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-33
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 678
    an image to the RCP to the server, it must be properly configured to accept the RCP write request from the user on the switch. For UNIX systems, you must add an entry to the .rhosts file for the remote user on the RCP server. B-34 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 679
    page B-33. • For @location, specify the IP address of the RCP server. • For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-35
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 680
    file-url, enter the directory name of the old software image. All the files in the directory and the directory are removed. Caution For the download and upload algorithms to operate properly, do not rename image names. B-36 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 681
    , the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the tar file format. Caution For the download and upload algorithms to operate properly, do not rename image names. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide B-37
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 682
    Working with Software Images Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images B-38 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 683
    : • The Catalyst 2950 switch runs Cisco IOS 12.1EA software, and the Catalyst 2960 switch runs Cisco IOS 12.2SE software. • The switch families have different hardware. If you use a Catalyst 2950 switch command, it might not be supported on the Catalyst 2960 switch. The Catalyst 2960 switch software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 684
    processes 1-64 aaa route download 1-1440 When Cisco IOS 12.2E was restructured, these commands were intentionally removed and are not supported in Cisco IOS 12.2SE. The Catalyst 2960 switch rejects these commands, and this message appears: Switch(config)# aaa processes 10 ^ %Invalid input detected
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 685
    2950 Switch to a Catalyst 2960 Switch Configuration Compatibility Issues Table C-1 Catalyst 2950 and 2960 Switch Configuration Incompatibilities (continued) Feature Catalyst 2950 Switch Command and Explanation Result on the Catalyst 2960 Switch IEEE 802.1x In Cisco IOS 12.1EA, the Catalyst
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 686
    Result on the Catalyst 2960 Switch There is limited QoS configuration compatibility between the Catalyst 2950 switch and the Catalyst 2960 switch. We recommend that you enable automatic QoS (auto-QoS) on the Catalyst 2950 switch by using the auto qos voip {cisco-phone | cisco-softphone | trust
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 687
    2. QoS = quality of service 3. RSPAN = Remote Switched Port Analyzer 4. GBIC = Gigabit Interface Converter Result on the Catalyst 2960 Switch Because of advanced hardware in the Catalyst 2960 switch, you do not need to configure a reflector port. The Catalyst 2960 switch accepts the monitor session
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 688
    the Catalyst 2960 switch supports SRR scheduling. Also, you must enable QoS globally on the Catalyst 2960 switch, whereas QoS is enabled by default on the Catalyst 2950 switch. For more information, see Chapter 28, "Configuring QoS." • RSPAN The Catalyst 2950 switch uses an extra port, called
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 689
    in Cisco IOS Release 12.2(40)SE This appendix lists some of the command-line interface (CLI) commands that appear when you enter the question mark (?) at the Catalyst 2960 switch prompt but are not supported in this release, either because they are not tested or because of Catalyst 2960 switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 690
    D Unsupported Commands in Cisco IOS Release 12.2(40)SE expression] ] | repository [url location] Parameters are not supported for this command: event manager run [policy name] |< -redirection main debug platform configuration Catalyst 2960 Switch Software Configuration Guide D-2 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 691
    Appendix D Unsupported Commands in Cisco IOS Release 12.2(40)SE |IGMP Snooping Commands |IGMP Snooping Commands Unsupported Global Configuration Commands multicast show mac-address-table notification show mac-address-table static OL-8603-04 Catalyst 2960 Switch Software Configuration Guide D-3
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 692
    Appendix D Unsupported Commands in Cisco IOS Release 12.2(40)SE show service compress-config stack-mac persistent timer Network Address Translation (NAT) Commands Unsupported Privileged EXEC Commands show ip nat statistics show ip nat translations Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 693
    feature default line aaa nas port extended radius-server attribute nas-port radius-server configure radius-server extended-portnames SNMP Unsupported Global Configuration Commands snmp-server enable informs snmp-server ifindex persist OL-8603-04 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 694
    running-config vlan show vlan ifindex show vlan private-vlan VTP Unsupported Privileged EXEC Commands vtp {password password | pruning | version number} Note This command has been replaced by the vtp global configuration command. Catalyst 2960 Switch Software Configuration Guide D-6 OL-8603-04
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 695
    6-26 Address Resolution Protocol See ARP advertisements CDP 20-1 LLDP 21-2 VTP 12-16, 13-3 aggregatable global unicast addresses 29-3 aggregated ports See EtherChannel aggregate policers 28-49 aggregate policing 1-9 aging, accelerating 15-8 Catalyst 2960 Switch Software Configuration Guide IN-1
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 696
    8-27 with TACACS+ 8-11, 8-16 authorized ports with IEEE 802.1x 9-7 autoconfiguration 3-3 IN-2 Catalyst 2960 Switch Software Configuration Guide automatic discovery considerations beyond a noncandidate device 5-7 brand new switches 5-8 connectivity 5-4 different VLANs 5-6 management VLANs 5-7 non
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 697
    -4 overview 20-1 support for 1-4 transmission timer and holdtime, setting 20-2 updates 20-2 CGMP as IGMP snooping learning method 18-8 joining multicast group 18-3 CipherSuites 8-39 Cisco 7960 IP Phone 14-1 Cisco Discovery Protocol See CDP Cisco IOS File System See IFS Catalyst 2960 Switch Software
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 698
    filtering command output 2-10 getting help 2-3 history changing the buffer size 2-6 described 2-6 disabling 2-7 recalling commands 2-6 managing clusters 5-14 no and default forms of commands 2-4 client mode, VTP 13-3 IN-4 Catalyst 2960 Switch Software Configuration Guide clock See system clock
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 699
    downloading automatically 3-12 preparing B-10, B-13, B-16 reasons for B-8 using FTP B-13 using RCP B-17 using TFTP B-11 guidelines for creating and using B-9 guidelines for replacing and rolling back B-21 invalid combinations when copying B-5 limiting TFTP server access 26-16 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 700
    threshold map for QoS 28-15 CoS output queue threshold map for QoS 28-18 IN-6 Catalyst 2960 Switch Software Configuration Guide CoS-to-DSCP map for QoS 28-52 counters, clearing interface 10-19 crashinfo file 32-21 critical authentication, IEEE 802.1x 9-33 cryptographic software image SSH 8-33
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 701
    -based autoconfiguration 3-6 default configuration 6-16 displaying the configuration 6-17 in IPv6 29-4 overview 6-15 setting up 6-16 support for 1-4 documentation, related xxx document conventions xxx domain names DNS 6-15 VTP 13-8 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide IN-7
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 702
    IPv6 29-6 SDM templates supporting 29-6 dual-purpose uplinks defined 10-4 LEDs 10-4 link selection 10-4 setting the type 10-10 IN-8 Catalyst 2960 Switch Software Configuration Guide dynamic access ports characteristics 12-3 configuring 12-26 defined 10-3 dynamic addresses See addresses dynamic
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 703
    LAN 9-1 F fa0 interface 1-5 features, incompatible 19-11 fiber-optic, detecting unidirectional links 22-1 files basic crashinfo description 32-21 location 32-21 copying B-5 crashinfo, description 32-21 deleting B-5 displaying the contents of B-8 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 704
    format B-24 file downloading B-13 overview B-12 preparing the server B-13 uploading B-14 IN-10 Catalyst 2960 Switch Software Configuration Guide FTP (continued) image files deleting old image B-32 downloading 10 host names, in clusters 5-12 hosts, limit on dynamic ports 12-29 HP OpenView 1-4 OL
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 705
    ports 10-3 24 default configuration 18-24 described 18-23 monitoring 18-28 support for 1-3 IGMP groups configuring filtering 18-27 setting the maximum number 18-26 IGMP Immediate Leave configuration guidelines 18-11 described 18-5 enabling 18-10 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 706
    9-13 initial configuration defaults 1-10 Express Setup 1-2 See also getting started guide and hardware installation guide interface number 10-5 range macros 10-7 interface command 10-5 interface configuration mode 2-3 IN-12 Catalyst 2960 Switch Software Configuration Guide interfaces auto-MDIX
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 707
    5-10 standby command switch 5-10, 5-12 See also IP information ip igmp profile command 18-24 IP information assigned manually 3-10 through DHCP-based autoconfiguration 3-3 default configuration 3-3 IP phones and QoS 14-1 automatic classification and queueing 28-19 configuring 14-4 ensuring port
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 708
    port 32-15 unicast traffic 32-14 usage guidelines 32-14 Layer 3 packets, classification methods 28-2 LDAP 4-2 LEDs, switch See hardware installation guide maintaining 21-7 IN-14 Catalyst 2960 Switch Software Configuration Guide LLDP-MED (continued) overview 21-1, 21-2 supported TLVs 21-2 LLDP
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 709
    links 22-1 CDP 20-4 features 1-10 IGMP filters 18-28 snooping 18-15, 30-11 interfaces 10-18 IP SLAs operations 27-7 IPv6 29-11 multicast router interfaces 18-16, 30-12 MVR 18-23 network traffic for analysis with probe 23-2 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide IN-15
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 710
    aging time 16-23 maximum hop count 16-24 MST region 16-16 neighbor type 16-25 path cost 16-20 port priority 16-19 root switch 16-17 secondary root switch 16-18 switch priority 16-21 IN-16 Catalyst 2960 Switch Software Configuration Guide MSTP (continued) CST defined 16-3 operations between
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 711
    12-19 default 12-19 neighbor discovery, IPv6 29-4 Network Admission Control See NAC Network Admission Control Software Configuration Guide 9-39, 9-40 Network Assistant benefits 1-1 described 1-3 downloading image files 1-2 guide mode 1-2 Catalyst 2960 Switch Software Configuration Guide IN-17
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 712
    -18 Catalyst 2960 Switch Software Configuration Guide NTP associations authenticating 6-4 defined 6-2 enabling broadcast messages 6-6 peer 6-5 server 6-5 default configuration 6-4 displaying the configuration 6-11 overview 6-2 restricting access creating an access group 6-8 disabling NTP services
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 713
    number 9-28 switch-to-client retransmission time 9-27 default configuration 9-19 described 9-1 device roles 9-2 displaying statistics 9-41 EAPOL-start frame 9-5 EAP-request/identity frame 9-5 EAP-response/identity frame 9-5 encapsulation 9-3 Catalyst 2960 Switch Software Configuration Guide IN-19
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 714
    9-10 configuration tasks 9-10 described 9-9 IN-20 Catalyst 2960 Switch Software Configuration Guide port-based authentication (continued) voice VLAN described 9-14 PVID 9-14 VVID 9-14 wake-on-LAN, described 9-15 port blocking 1-3, 19-7 port-channel See EtherChannel port description TLV 21-2 Port
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 715
    traffic 28-5 options for non-IP traffic 28-5 policy maps, described 28-7 trust DSCP, described 28-5 trusted CoS, described 28-5 trust IP precedence, described 28-5 Catalyst 2960 Switch Software Configuration Guide IN-21
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 716
    -19 default port CoS weights for SRR 28-67 described 28-4 displaying the threshold map 28-65 flowchart 28-16 mapping DSCP or CoS values 28-65 scheduling, described 28-4 setting WTD thresholds 28-62 WTD, described 28-18 enabling globally 28-33 IN-22 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 717
    interfaces 10-6 rapid convergence 16-10 rapid per-VLAN spanning-tree plus See rapid PVST+ rapid PVST+ described 15-9 IEEE 802.1Q trunking interoperability 15-10 instances supported 15-9 Rapid Spanning Tree Protocol See RSTP rcommand command 5-14 Catalyst 2960 Switch Software Configuration Guide IN
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 718
    IN-24 Catalyst 2960 Switch Software Configuration Guide responder, IP SLAs described 27-3 enabling 27-6 response time, measuring with IP SLAs 27-4 restricted VLAN configuring 9-31 described 9-12 using with IEEE 802.1x 9-12 restricting access NTP services 6-8 overview 8-1 passwords and privilege
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 719
    configuring 8-43 displaying 8-43 secure HTTP server configuring 8-41 displaying 8-43 secure MAC addresses deleting 19-15 maximum number of 19-9 types of 19-8 secure ports, configuring 19-8 secure remote connections 8-33 Catalyst 2960 Switch Software Configuration Guide IN-25
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 720
    10-19 Simple Network Management Protocol See SNMP Smartports macros applying Cisco-default macros 11-6 applying global parameter values 11-5, 11-6 applying macros 11-5 applying parameter values 11-5, 11-7 configuration guidelines 11-2 IN-26 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 721
    See STP SPAN traffic 23-4 SRR configuring shaped weights on egress queues 28-66 shared weights on egress queues 28-67 shared weights on ingress queues 28-60 described 28-13 shaped mode 28-13 shared mode 28-13 support for 1-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide IN-27
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 722
    downloading 3-12 specifying the filename 3-12 default boot configuration 3-12 stateless autoconfiguration 29-4 static access ports assigning to VLAN 12-10 defined 10-3, 12-3 static addresses See addresses static MAC addressing 1-7 IN-28 Catalyst 2960 Switch Software Configuration Guide
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 723
    17-8 protocols supported 15-9 redundant connectivity 15-8 root guard described 17-8 enabling 17-15 root port, defined 15-3 root switch configuring 15-14 effects of extended system ID 15-4, 15-14 election 15-3 unexpected behavior 15-14 Catalyst 2960 Switch Software Configuration Guide IN-29
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 724
    system capabilities TLV 21-2 system clock configuring daylight saving time 6-13 manually 6-11 summer time 6-13 time zones 6-12 displaying the time and date 6-12 overview 6-1 See also NTP IN-30 Catalyst 2960 Switch Software Configuration Guide system description TLV 21-2 system message logging
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 725
    32-15 MAC addresses and VLANs 32-15 multicast traffic 32-15 multiple devices on a port 32-15 unicast traffic 32-14 usage guidelines 32-14 traceroute command 32-16 See also IP traceroute traffic blocking flooded 19-7 traffic policing 1-9 Catalyst 2960 Switch Software Configuration Guide IN-31
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 726
    12-19 to non-DTP device 12-14 IN-32 Catalyst 2960 Switch Software Configuration Guide trusted boundary for QoS 28-36 trusted port states between QoS domains 28-38 classification options 28-5 ensuring port security for IP phones 28-36 support for 1-9 within a QoS domain 28-34 trustpoints, CA 8-38
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 727
    notes upgrading software images See downloading UplinkFast described 17-3 disabling 17-13 enabling 17-13 support for 1-6 uploading configuration files preparing B-10, B-13, B-16 reasons See VMPS VLAN membership confirming 12-27 modes 12-3 Catalyst 2960 Switch Software Configuration Guide IN-33
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 728
    ports for voice traffic in 802.1p priority tagged frames 14-5 802.1Q frames 14-4 connecting to an IP phone 14-4 default configuration 14-3 described 14-1 displaying 14-6 IP phone data traffic, described 14-2 IP phone voice traffic, described 14-2 VQP 1-7, 12-23 IN-34 Catalyst 2960 Switch
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 729
    13-4 W web authentication configuring 9-38 to 9-40 described 1-7, 9-17 fallback for IEEE 802.1x 9-39 weighted tail drop See WTD wizards 1-2 WTD described 28-12 setting thresholds egress queue-sets 28-62 ingress queues 28-58 support for 1-9 Catalyst 2960 Switch Software Configuration Guide IN-35
  • Cisco WS-C2960S-24TD-L | Software Guide - Page 730
    Index X Xmodem protocol 32-2 IN-36 Catalyst 2960 Switch Software Configuration Guide OL-8603-04
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
  • 493
  • 494
  • 495
  • 496
  • 497
  • 498
  • 499
  • 500
  • 501
  • 502
  • 503
  • 504
  • 505
  • 506
  • 507
  • 508
  • 509
  • 510
  • 511
  • 512
  • 513
  • 514
  • 515
  • 516
  • 517
  • 518
  • 519
  • 520
  • 521
  • 522
  • 523
  • 524
  • 525
  • 526
  • 527
  • 528
  • 529
  • 530
  • 531
  • 532
  • 533
  • 534
  • 535
  • 536
  • 537
  • 538
  • 539
  • 540
  • 541
  • 542
  • 543
  • 544
  • 545
  • 546
  • 547
  • 548
  • 549
  • 550
  • 551
  • 552
  • 553
  • 554
  • 555
  • 556
  • 557
  • 558
  • 559
  • 560
  • 561
  • 562
  • 563
  • 564
  • 565
  • 566
  • 567
  • 568
  • 569
  • 570
  • 571
  • 572
  • 573
  • 574
  • 575
  • 576
  • 577
  • 578
  • 579
  • 580
  • 581
  • 582
  • 583
  • 584
  • 585
  • 586
  • 587
  • 588
  • 589
  • 590
  • 591
  • 592
  • 593
  • 594
  • 595
  • 596
  • 597
  • 598
  • 599
  • 600
  • 601
  • 602
  • 603
  • 604
  • 605
  • 606
  • 607
  • 608
  • 609
  • 610
  • 611
  • 612
  • 613
  • 614
  • 615
  • 616
  • 617
  • 618
  • 619
  • 620
  • 621
  • 622
  • 623
  • 624
  • 625
  • 626
  • 627
  • 628
  • 629
  • 630
  • 631
  • 632
  • 633
  • 634
  • 635
  • 636
  • 637
  • 638
  • 639
  • 640
  • 641
  • 642
  • 643
  • 644
  • 645
  • 646
  • 647
  • 648
  • 649
  • 650
  • 651
  • 652
  • 653
  • 654
  • 655
  • 656
  • 657
  • 658
  • 659
  • 660
  • 661
  • 662
  • 663
  • 664
  • 665
  • 666
  • 667
  • 668
  • 669
  • 670
  • 671
  • 672
  • 673
  • 674
  • 675
  • 676
  • 677
  • 678
  • 679
  • 680
  • 681
  • 682
  • 683
  • 684
  • 685
  • 686
  • 687
  • 688
  • 689
  • 690
  • 691
  • 692
  • 693
  • 694
  • 695
  • 696
  • 697
  • 698
  • 699
  • 700
  • 701
  • 702
  • 703
  • 704
  • 705
  • 706
  • 707
  • 708
  • 709
  • 710
  • 711
  • 712
  • 713
  • 714
  • 715
  • 716
  • 717
  • 718
  • 719
  • 720
  • 721
  • 722
  • 723
  • 724
  • 725
  • 726
  • 727
  • 728
  • 729
  • 730
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Catalyst 2960 Switch
Software Configuration Guide
Cisco IOS Release 12.2(40)SE
Revised September 2007
Text Part Number: OL-8603-04