Documentation Feedback xxviii Obtaining Technical Assistance xxviii Cisco.com xxviii Technical Assistance Center xxviii Cisco TAC Web Site xxix Cisco TAC Escalation Center xxix Getting Started P A R T Product Overview C H A P T E R Catalyst 4000 Family Switches...
Page 4
Contents Abbreviating a Command Completing a Partial Command Scrolling Down a Line or a Screen Using Command Aliases Specifying Modules, Ports, and VLANs Specifying MAC Addresses Specifying IP Addresses, Host Names, and IP Aliases ROM Monitor Command-Line Interface Catalyst 4003 Bootup Display Example Configuring the Switch IP Address and Default Gateway C H A P T E R Understanding the Switch Management Interfaces...
Page 5
Contents Setting the Port Duplex Mode Configuring a Timeout Period for Ports in errdisable State Checking Connectivity Configuring Gigabit Ethernet Switching C H A P T E R Understanding How Gigabit Ethernet Works Understanding How Gigabit Ethernet Flow Control Works Flow-Control Overview Sending and Receiving Pause Frames Using Flow-Control Keywords...
Page 6
Contents Displaying EtherChannel Traffic Statistics 6-10 Displaying EtherChannel PAgP Statistics 6-11 EtherChannel Configuration Examples 6-11 Four-Port Fast EtherChannel Configuration Example 6-11 Two-Port Gigabit EtherChannel Configuration Example 6-13 Spanning Tree P A R T Configuring Spanning Tree C H A P T E R How Spanning Tree Protocols Work How a Topology Is Created How a Switch or Port Becomes the Root Switch or Root Port...
Page 7
Contents Configuring MISTP Bridge ID Priority 7-21 Configuring MISTP Port Cost 7-22 Configuring MISTP Port Priority 7-22 Configuring MISTP Port Instance Cost 7-23 Configuring MISTP Port Instance Priority 7-23 Enabling a MISTP Instance 7-24 Mapping VLANs to a MISTP Instance 7-25 Determining MISTP Instance—VLAN Mapping Conflicts 7-25...
Page 8
Contents Enabling UplinkFast Disabling UplinkFast 8-10 Understanding How BackboneFast Works 8-11 Configuring BackboneFast 8-13 Enabling BackboneFast 8-13 Displaying BackboneFast Statistics 8-14 Disabling BackboneFast 8-14 Understanding How Loop Guard Works 8-15 Configuring Loop Guard 8-17 Enabling Loop Guard 8-17 Disabling Loop Guard 8-17 Configuring VLANs and VLAN Trunks P A R T...
Page 9
Contents Creating or Modifying an Ethernet VLAN 10-4 Assigning Switch Ports to a VLAN 10-4 Mapping 802.1Q VLANs to ISL VLANs 10-5 Clearing 802.1Q-to-ISL VLAN Mappings 10-6 Deleting a VLAN 10-7 Configuring Private VLANs 10-7 Understanding How Private VLANs Work 10-7 Private VLAN Configuration Guidelines 10-9...
Page 10
Contents Configuring VMPS and Dynamic Port VLAN Membership 12-3 Creating the VMPS Database 12-3 Configuring VMPS 12-4 Configuring Dynamic Ports on VMPS Clients 12-5 Configuring Static VLAN Port Membership 12-6 Troubleshooting VMPS and Dynamic Port VLAN Membership 12-6 Troubleshooting VMPS 12-6 Troubleshooting Dynamic Port VLAN Membership 12-7...
Page 11
Contents Directing and Filtering Traffic P A R T Configuring QoS 14-1 C H A P T E R Understanding How QoS Works 14-1 Overview of QoS 14-1 QoS Terminology 14-2 Understanding Classification and Marking at the Ingress Port 14-3 Understanding Scheduling 14-3 Software Requirements...
Page 13
Contents Adding IP Addresses to the IP Permit List 17-2 Enabling IP Permit List 17-3 Disabling the IP Permit List 17-4 Clearing an IP Permit List Entry 17-4 Configuring Protocol Filtering 18-1 C H A P T E R Understanding How Protocol Filtering Works 18-1 Default Protocol Filtering Configuration 18-2...
Page 14
Contents Setting the CDP Global Enable State 20-2 Setting the CDP Enable State on a Port 20-3 Setting the CDP Message Interval 20-4 Setting the CDP Holdtime 20-4 Displaying CDP Neighbor Information 20-4 Using Switch TopN Reports 21-1 C H A P T E R Understanding How Switch TopN Reports Works 21-1 Overview of Switch TopN Reports...
Page 15
Contents Dispatcher 23-8 Message Processing Subsystem 23-8 Security Subsystem 23-9 Access Control Subsystem 23-9 Applications 23-9 Configuring SNMPv3 from an NMS 23-10 Configuring SNMPv3 from the CLI 23-10 Using CiscoWorks2000 23-13 Configuring RMON 24-1 C H A P T E R Understanding How RMON Works 24-1 Enabling RMON...
Page 16
Contents Configuring a Single RSPAN Session 25-14 Modifying an Active RSPAN Session 25-14 Adding RSPAN Source Ports in Intermediate Switches 25-15 Administering the Switch P A R T Administering the Switch 26-1 C H A P T E R Setting the System Name and System Prompt 26-1 Configuring a Static System Name and Prompt 26-2...
Page 17
Contents Understanding How RADIUS Authentication Works 27-4 Understanding How Kerberos Authentication Works 27-4 Using Kerberized Login Procedure 27-6 Using a Non-Kerberized Login Procedure 27-6 Understanding How 802.1x Authentication Works 27-7 Traffic Control 27-9 Authentication Server 27-9 802.1x Parameters Configurable on the Switch 27-9 Configuring Authentication 27-9...
Page 18
Contents Clearing the RADIUS Key 27-28 Disabling RADIUS Authentication 27-29 Configuring Kerberos Authentication 27-30 Enabling Kerberos 27-31 Defining the Kerberos Local-Realm 27-31 Specifying a Kerberos Server 27-32 Mapping a Kerberos Realm to a Host Name or DNS Domain 27-33 Copying SRVTAB Files 27-33 Deleting an SRVTAB Entry 27-34...
Page 19
Contents Configuring Authorization 27-51 Authorization Default Configuration 27-51 TACACS+ Authorization Configuration Guidelines 27-51 Configuring TACACS+ Authorization 27-51 Enabling TACACS+ Authorization 27-52 Disabling TACACS+ Authorization 27-53 Authorization Example 27-54 Understanding How Accounting Works 27-55 Accounting Overview 27-56 Accounting Events 27-56 Specifying When to Create Accounting Records 27-57 Specifying RADIUS Servers 27-57...
Page 20
Contents Setting and Clearing the CONFIG_FILE Environment Variable 28-8 Setting the Variable 28-8 Clearing the Variable Settings 28-8 Displaying the Switch Boot Configuration 28-9 Working with System Software Images 29-1 C H A P T E R Software Image Naming Conventions 29-1 Downloading System Software Images to the Switch Using TFTP 29-1...
Page 21
Contents Working with Configuration Files 31-1 C H A P T E R Guidelines for Creating and Using Configuration Files 31-1 Creating a Configuration File 31-2 Configuring the Switch Using a File in Flash Memory 31-2 Copying Configuration Files Using TFTP 31-3 Downloading Configuration Files from a TFTP Server 31-3...
Page 22
Contents Displaying the Logging Configuration 33-8 Displaying System Messages 33-9 Configuring DNS 34-1 C H A P T E R Understanding How DNS Works 34-1 DNS Default Configuration 34-1 Configuring DNS 34-2 Setting Up and Enabling DNS 34-2 Clearing a DNS Server 34-3 Clearing the DNS Domain Name 34-3...
Page 23
Preface This preface describes the intended audience for this manual, how it is organized, the document conventions, and how to obtain additional documentaion and technical support. Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Catalyst enterprise LAN switches.
Page 24
Chapter 14 Configuring QoS Describes how to configure quality of service (QoS). Chapter 15 Configuring Multicast Services Describes how to configure Cisco Group Management Protocol (CGMP), Internet Group Management Protocol (IGMP) snooping, and GARP Multicast Registration Protocol (GMRP) on the switch.
Preface Related Documentation Chapter Title Description Chapter 24 Configuring RMON Describes how to configure Remote Monitoring (RMON) on the switch. Chapter 25 Configuring SPAN and RSPAN Describes how to configure the Switch Port Analyzer (SPAN) on the switch. Part 7—Administering the Switch Chapter 26 Administering the Switch Describes how to set the system name, create a login...
Page 26
Preface Conventions Conventions Throughout this publication, these conventions are used when referring to switch platforms: • Catalyst enterprise LAN switches—Refers to the Catalyst 4000 family, Catalyst 2948G, and Catalyst 2980G switches. • Catalyst 4000 family switches—Refers to the Catalyst 4003, Catalyst 4006, and Catalyst 4912G switches.
Obtaining Documentation These sections explain how to obtain documentation from Cisco Systems. World Wide Web You can access the most current Cisco documentation on the World Wide Web at this URL: http://www.cisco.com Translated documentation is available at this URL: http://www.cisco.com/public/countries_languages.shtml...
Order Cisco learning materials and merchandise • Register for online skill assessment, training, and certification programs If you want to obtain customized information and service, you can self-register on Cisco.com. To access Cisco.com, go to this URL: http://www.cisco.com Technical Assistance Center The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance with a Cisco product, technology, or solution.
Page 29
Cisco TAC Web Site You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to this URL: http://www.cisco.com/tac...
C H A P T E R Product Overview The Catalyst enterprise LAN switches facilitate the migration from traditional shared-hub LANs to large-scale, fully integrated internetworks. These switches provide switched connections to individual workstations, servers, LAN segments, backbones, or other switches, using a variety of media. This chapter consists of these sections: Catalyst 4000 Family Switches, page 1-1 •...
Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches. For descriptions of the commands used to configure the Route Switch Module (RSM) and Route Switch Feature Card (RSFC), refer to the Cisco IOS software command reference publications. This chapter consists of these sections: •...
“Catalyst 4003 Bootup Display Example” section on page 2-9). If the switch is already booted, press Enter to see this display: Cisco Systems, Inc. Console Enter password: After you successfully connect to the switch through the console port, you can enter normal-mode commands to monitor the switch or enter privileged mode to change the configuration.
Trying 172.16.10.10... Connected to Catalyst_1. Escape character is '^]'. Cisco Systems Console Enter password: After you successfully connect to the switch using Telnet, you can enter normal-mode commands to monitor the switch or enter privileged mode to change the configuration. For more information, see the “Switch CLI Command Modes”...
Step 3 To disconnect from the switch CLI, enter the exit command. Console> exit Session Disconnected... Cisco Systems Console Fri Aug 27 1999, 16:14:41 Enter password: Many commands (for example, commands that modify the configuration) can be entered only in privileged mode.
Chapter 2 Using the Command-Line Interface Command-Line Editing To use the partial-keyword-lookup function, enter ? to display a list of commands that begin with a specific set of characters. Do not insert a space between the last letter of the variable and the question mark (?).
Chapter 2 Using the Command-Line Interface Abbreviating a Command Table 2-2 History Substitution Commands Command Function Repeating recent commands: Repeat the most recent command. !-nn Repeat the nnth most recent command. Repeat command n. !aaa Repeat the command beginning with string aaa. !?aaa Repeat the command containing the string aaa.
Chapter 2 Using the Command-Line Interface Scrolling Down a Line or a Screen Scrolling Down a Line or a Screen When the output of a command fills more than one terminal screen, a --- --- prompt is displayed at More the bottom of the screen.
Chapter 2 Using the Command-Line Interface Specifying MAC Addresses With many commands, you can enter lists of ports. To specify a range of ports, use a comma-separated list (do not insert spaces) to specify individual ports or a hyphen (-) between the port numbers to specify a range of ports.
Chapter 2 Using the Command-Line Interface ROM Monitor Command-Line Interface ROM Monitor Command-Line Interface The ROM monitor is a ROM-based program that executes when the switch is powered on, reset, or when a fatal exception occurs. The system enters ROM monitor mode if the nonvolatile RAM (NVRAM) configuration is corrupted, if the switch does not find a valid system image or if the configuration register is set to enter ROM monitor mode.
Page 46
IP address for Catalyst not configured BOOTP/DHCP will commence after the ports are online Ports are coming online ... Cisco Systems, Inc. Console Enter password: 1999 Aug 12 14:34:05 %SYS-5-MOD_OK:Module 1 is online 1999 Aug 12 14:34:08 %SYS-5-MOD_OK:Module 3 is online...
The in-band (sc0) management interface is connected to the switching fabric and participates in all of the functions of a normal switch port, such as spanning tree, Cisco Discovery Protocol (CDP), and VLAN membership. The out-of-band management interfaces (me1 and sl0) are not connected to the switching fabric and do not participate in any of these functions.
Chapter 3 Configuring the Switch IP Address and Default Gateway Understanding Automatic IP Configuration When you configure the IP address, subnet mask, and broadcast address (and, on the sc0 interface, VLAN membership) of the sc0 or me1 interface, you can access the switch through Telnet or SNMP. When you configure the SLIP (sl0) interface, you can open a point-to-point connection to the switch through the console port from a workstation.
Chapter 3 Configuring the Switch IP Address and Default Gateway Understanding Automatic IP Configuration Note If the CONFIG_FILE environment variable is set, all configuration files are processed before the switch determines whether to broadcast DHCP and RARP requests. For more information about the CONFIG_FILE environment variable, see Chapter 28, “Modifying the Switch Boot Configuration.”...
Chapter 3 Configuring the Switch IP Address and Default Gateway Preparing to Configure the IP Address and Default Gateway Table 3-1 Supported DHCP Options (continued) Code Option IP address lease time Option overload Client-identifier TFTP server name If a BOOTP response is received from a BOOTP server, the switch sets the in-band (sc0) interface IP address to the address specified in the BOOTP response.
Chapter 3 Configuring the Switch IP Address and Default Gateway Default IP Address and Default Gateway Configuration – Out-of-band management Ethernet (me1) interface Configure this interface when assigning an IP address and subnet mask to the out-of-band management Ethernet interface on the switch. –...
Chapter 3 Configuring the Switch IP Address and Default Gateway Setting the Management Ethernet (me1) Interface IP Address This example shows how to assign an IP address, specify the number of subnet bits, and specify the VLAN assignment for the in-band (sc0) interface: Console>...
Chapter 3 Configuring the Switch IP Address and Default Gateway Configuring Default Gateways Configuring Default Gateways The supervisor engine sends IP packets destined for other IP subnets to the default gateway (typically a router interface in the same network or subnet as the switch IP address). The switch does not use the IP routing table to forward traffic from connected devices, only IP traffic generated by the switch itself (for example, Telnet, TFTP, and ping).
Chapter 3 Configuring the Switch IP Address and Default Gateway Configuring the SLIP (sl0) Interface on the Console Port ------------- -------- ----------- enabled enabled enabled The primary gateway: 10.1.1.1 Destination Gateway RouteMask Flags Interface --------------- --------------- ---------- ----- -------- --------- default 10.1.1.1 default...
Page 55
This example shows how to configure SLIP on the console port and verify the configuration: sparc20% telnet 172.20.52.38 Trying 172.20.52.38 ... Connected to 172.20.52.38. Escape character is '^]'. Cisco Systems, Inc. Console Enter password: Console> enable Enter password: Console> (enable) set interface sl0 10.1.1.1 10.1.1.2 Interface sl0 slip and destination address set.
Chapter 3 Configuring the Switch IP Address and Default Gateway Using DHCP or RARP to Obtain an IP Address Configuration Using DHCP or RARP to Obtain an IP Address Configuration For complete information on how the switch uses DHCP or RARP to obtain its IP configuration, see the Note “Understanding Automatic IP Configuration”...
Chapter 3 Configuring the Switch IP Address and Default Gateway Renewing and Releasing a DHCP-Assigned IP Address Console> (enable) show interface sl0: flags=51<UP,POINTOPOINT,RUNNING> slip 0.0.0.0 dest 0.0.0.0 sc0: flags=63<UP,BROADCAST,RUNNING> vlan 1 inet 172.20.25.244 netmask 255.255.255.0 broadcast 172.20.25.255 dhcp server: 172.20.25.254 Console>...
Page 58
Chapter 3 Configuring the Switch IP Address and Default Gateway Renewing and Releasing a DHCP-Assigned IP Address Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 3-12 78-12647-02...
C H A P T E R Configuring Ethernet and Fast Ethernet Switching This chapter describes how to configure Ethernet and Fast Ethernet switching on the Catalyst enterprise LAN switches. The configuration tasks in this chapter apply to Ethernet and Fast Ethernet switch ports on switching modules and fixed-configuration switches, as well as to supervisor engine Fast Ethernet uplink ports.
Chapter 4 Configuring Ethernet and Fast Ethernet Switching Default Ethernet and Fast Ethernet Configuration The Catalyst enterprise LAN switches solve congestion problems caused by high-bandwidth devices and a large number of users by assigning each device (for example, a server) to its own 10-, 100-, or 1000-Mbps segment.
Chapter 4 Configuring Ethernet and Fast Ethernet Switching Configuring Ethernet and Fast Ethernet Ports Table 4-1 Ethernet and Fast Ethernet Default Configuration (continued) Feature Default Value Port priority Normal Duplex mode Autonegotiate speed and duplex for 10/100-Mbps Fast • Ethernet ports Autonegotiate duplex for 100-Mbps Fast Ethernet ports •...
Chapter 4 Configuring Ethernet and Fast Ethernet Switching Configuring Ethernet and Fast Ethernet Ports Console> (enable) set port name 1/2 Server Link Port 1/2 name set. Console> (enable) show port 1 Port Name Status Vlan Level Duplex Speed Type ----- ------------------ ---------- ---------- ------ ------ ----- ------------ Router Connection connected trunk...
Chapter 4 Configuring Ethernet and Fast Ethernet Switching Configuring Ethernet and Fast Ethernet Ports Note If the port speed is set to auto on a 10/100-Mbps Fast Ethernet port, both speed and duplex are autonegotiated. To set the port speed for a 10/100-Mbps port, perform this task in privileged mode: Task Command Step 1...
Chapter 4 Configuring Ethernet and Fast Ethernet Switching Configuring Ethernet and Fast Ethernet Ports Configuring a Timeout Period for Ports in errdisable State A port is in errdisable state if it is enabled in NVRAM, but disabled at runtime by any process. For example, if UniDirectional Link Detection (UDLD) detects a unidirectional link, the port shuts down at runtime.
Chapter 4 Configuring Ethernet and Fast Ethernet Switching Configuring Ethernet and Fast Ethernet Ports Checking Connectivity Note For more detailed information on checking connectivity, see Chapter 19, “Checking Port Status and Connectivity.” Use the ping and traceroute commands to test connectivity out Ethernet or Fast Ethernet ports. To check connectivity out a port, perform this task in privileged mode: Task Command...
Page 68
Chapter 4 Configuring Ethernet and Fast Ethernet Switching Configuring Ethernet and Fast Ethernet Ports Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 78-12647-02...
C H A P T E R Configuring Gigabit Ethernet Switching This chapter describes how to configure Gigabit Ethernet switching on the Catalyst enterprise LAN switches. The configuration tasks in this chapter apply to Gigabit Ethernet switching modules, fixed-configuration switches, and uplink ports on the supervisor engine. For complete syntax and usage information for the commands used in this chapter, refer to the Command Note Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 5 Configuring Gigabit Ethernet Switching Understanding How Gigabit Ethernet Works Sending and Receiving Pause Frames All Catalyst Gigabit Ethernet ports can receive and process pause frames from other devices. However, not all Catalyst Gigabit Ethernet ports can transmit pause frames to other devices. Table 5-1 identifies the Catalyst Gigabit Ethernet switches, modules, and ports that can transmit pause frames to other devices.
With Gigabit Ethernet ports, port negotiation is used to exchange flow-control parameters, remote fault information, and duplex information (even though Cisco Gigabit Ethernet ports only support full-duplex mode). With Gigabit Ethernet ports, you configure port negotiation using the set port negotiation command.
Chapter 5 Configuring Gigabit Ethernet Switching Understanding How Gigabit Ethernet Works Oversubscribed Gigabit Ethernet Overview The Catalyst 4000 family Gigabit Ethernet modules provide a network-backbone connection for multiple servers or high-end workstations. The following modules are supported: WS-X4412-2GB-T • This 1000BASE-T 14-port module provides 2 dedicated uplink module ports (GBIC) and 12 oversubscribed ports (possible blocking).
Chapter 5 Configuring Gigabit Ethernet Switching Understanding How Gigabit Ethernet Works Oversubscribed Gigabit Ethernet Example Figure 5-1 shows an example of how the 18-port server switching module (WS-X4418-GB) can connect multiple network servers and high-end workstations to the Gigabit Ethernet network backbone. These configurations are shown: •...
Chapter 5 Configuring Gigabit Ethernet Switching Default Gigabit Ethernet Configuration Default Gigabit Ethernet Configuration Table 5-7 shows the Gigabit Ethernet default configuration. Table 5-7 Gigabit Ethernet Default Configuration Feature Default Value Port enable state All ports are enabled Port name None Port priority Normal...
Chapter 5 Configuring Gigabit Ethernet Switching Configuring Gigabit Ethernet Setting the Port Name You can assign names to the ports on Gigabit Ethernet modules to facilitate switch administration. To assign a name to a port, perform this task in privileged mode: Task Command Step 1...
Chapter 5 Configuring Gigabit Ethernet Switching Configuring Gigabit Ethernet ----- ---------------- enabled Console> (enable) To disable port negotiation on a 1000BASE-X Gigabit Ethernet port, perform this task in privileged mode: Task Command Step 1 Disable Gigabit Ethernet port negotiation. set port negotiation mod_num/port_num disable Step 2 Verify the port negotiation configuration.
Page 78
Chapter 5 Configuring Gigabit Ethernet Switching Configuring Gigabit Ethernet This example shows how to ping a remote host and how to trace the hop-by-hop path of packets through the network using traceroute: Console> (enable) ping somehost somehost is alive Console> (enable) traceroute somehost traceroute to somehost.company.com (10.1.2.3), 30 hops max, 40 byte packets 1 engineering-1.company.com (173.31.192.206) 2 ms 1 ms 1 ms 2 engineering-2.company.com (173.31.196.204) 2 ms 3 ms 2 ms...
C H A P T E R Configuring Fast EtherChannel and Gigabit EtherChannel This chapter describes how to configure Fast EtherChannel and Gigabit EtherChannel port bundles on the Catalyst enterprise LAN switches. The configuration tasks in this chapter apply to Fast Ethernet and Gigabit Ethernet switch ports on switching modules and fixed-configuration switches, as well as to supervisor engine Fast Ethernet and Gigabit Ethernet uplink ports.
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel Understanding How EtherChannel Works EtherChannel Overview Fast EtherChannel and Gigabit EtherChannel port bundles allow you to group multiple Fast or Gigabit Ethernet ports into a single logical transmission path between the switch and a router, host, or another switch.
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel Understanding How EtherChannel Works There are four user-configurable channel modes: on, off, auto, and desirable. PAgP packets are exchanged only between ports in auto and desirable mode. Ports configured in on or off mode do not exchange PAgP packets.
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel Default EtherChannel Configuration Default EtherChannel Configuration Table 6-2 shows the Fast EtherChannel and Gigabit EtherChannel default configuration. Table 6-2 Fast EtherChannel and Gigabit EtherChannel Default Configuration Feature Default Value Fast EtherChannel auto silent mode on all Fast Ethernet ports Gigabit EtherChannel auto silent mode on all Fast Ethernet ports Frame-distribution method...
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel Configuring EtherChannel • If you disable a port in a channel, the system considers the port as a link failure and the port’s traffic is transferred to one or more of the remaining ports in the channel. •...
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel Configuring EtherChannel Port Device-ID Port-ID Platform ----- ------------------------------- ------------------------- ---------------- 069003103(5500) WS-C4000 069003103(5500) WS-C4000 ----- ------------------------------- ------------------------- ---------------- Console> (enable) Defining an EtherChannel Administrative Group You can define an EtherChannel administrative group manually to identify groups of ports that are allowed to form an EtherChannel bundle together.
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel Configuring EtherChannel Setting the EtherChannel Spanning Tree Port Cost To set the spanning tree port cost for an EtherChannel, perform this task in privileged mode: Task Command Step 1 Determine the EtherChannel ID of the show channel group admin_group EtherChannel for which you want to set the port cost.
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel Configuring EtherChannel This example shows how to set the EtherChannel VLAN cost for channel ID 768: Console> (enable) show channel group 20 Admin Port Status Channel Channel group Mode ----- ----- ---------- --------- -------- 1/1 notconnect on 1/2 connected Admin Port...
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel Configuring EtherChannel Displaying EtherChannel Configuration Information To display EtherChannel configuration information, perform one of these tasks in privileged mode: Task Command Display EtherChannel configuration information show port channel [mod_num[/port_num]] info by port. [spantree | trunk | protocol | gmrp | gvrp | qos] Display EtherChannel configuration information show channel group [admin_group] info...
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel EtherChannel Configuration Examples Displaying EtherChannel PAgP Statistics To display EtherChannel PAgP statistics, perform one of these tasks in privileged mode: Task Command Display EtherChannel PAgP statistics by port. show port channel [mod_num[/port_num]] statistics Display EtherChannel PAgP statistics by show channel group [admin_group] statistics...
Page 90
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel EtherChannel Configuration Examples Figure 6-1 Fast EtherChannel Port Bundle Example Switch A Switch B Fast EtherChannel port bundle Step 1 Make sure that all ports on Switch A and Switch B have the same port configuration, including VLAN membership, speed, and duplex.
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel EtherChannel Configuration Examples %PAGP-5-PORTFROMSTP:Port 1/4 left bridge port 1/4 %PAGP-5-PORTFROMSTP:Port 1/2 left bridge port 1/2 %PAGP-5-PORTFROMSTP:Port 1/3 left bridge port 1/3 %PAGP-5-PORTFROMSTP:Port 1/4 left bridge port 1/4 %PAGP-5-PORTTOSTP:Port 1/1 joined bridge port 1/1-4 %PAGP-5-PORTTOSTP:Port 1/2 joined bridge port 1/1-4 %PAGP-5-PORTTOSTP:Port 1/3 joined bridge port 1/1-4 %PAGP-5-PORTTOSTP:Port 1/4 joined bridge port 1/1-4...
Page 92
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel EtherChannel Configuration Examples Figure 6-2 Gigabit EtherChannel Port Bundle Example Switch A Switch B Gigabit EtherChannel port bundle Step 1 Make sure that all ports on Switch A and Switch B have the same port configuration, such as VLAN membership.
Page 93
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel EtherChannel Configuration Examples Step 4 After the EtherChannel bundle is negotiated, enter the show port channel command to verify the configuration. If you configure only the ports on one side of the link on, the show port channel command will show that the ports are channeling, but no traffic will pass over the EtherChannel.
Page 94
Chapter 6 Configuring Fast EtherChannel and Gigabit EtherChannel EtherChannel Configuration Examples Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 6-16 78-12647-02...
Page 97
Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches. How Spanning Tree Protocols Work This section describes the specific functions that are common to all spanning tree protocols. Cisco’s proprietary spanning tree protocols, PVST+ and MISTP, are based on the IEEE 802.1D STP. (See the “Understanding PVST+ and MISTP Modes”...
Chapter 7 Configuring Spanning Tree How Spanning Tree Protocols Work The Spanning Tree Protocol (STP) uses a distributed algorithm that selects one bridge of a redundantly connected network as the root of a spanning tree connected active topology. STP assigns roles to each port depending on what the port’s function is in the active topology.
Chapter 7 Configuring Spanning Tree How Spanning Tree Protocols Work How a Switch or Port Becomes the Root Switch or Root Port If all switches in a network are enabled with default settings, the switch with the lowest MAC address becomes the root switch.
Page 100
Chapter 7 Configuring Spanning Tree How Spanning Tree Protocols Work A BPDU exchange results in the following: • One switch is elected as the root switch. • The shortest distance to the root switch is calculated for each switch. • A designated switch is selected: the switch that is closest to the root switch through which frames will be forwarded to the root.
Chapter 7 Configuring Spanning Tree How Spanning Tree Protocols Work Calculating the Port Cost Using the Long Method 802.1t assigns 32-bit (long) default port cost values to each port using a formula that is based on the bandwidth of the port. You can also manually assign port costs between 1–200,000,000. The formula for obtaining default 32-bit port costs is to divide the bandwidth of the port by 200,000,000.
Chapter 7 Configuring Spanning Tree How Spanning Tree Protocols Work • Blocking • Listening • Learning • Forwarding Disabled • A port moves through these states: From initialization to blocking • From blocking to either listening or disabled • • From listening to either listening or disabled •...
Chapter 7 Configuring Spanning Tree How Spanning Tree Protocols Work Blocking State A port in the blocking state, such as port 2 in Figure 7-3, does not participate in frame forwarding. After initialization a BPDU is sent to each port in the switch. A switch initially assumes it is the root until it exchanges BPDUs with other switches.
Chapter 7 Configuring Spanning Tree How Spanning Tree Protocols Work Listening State The listening state is the first transitional state a port enters after the blocking state. The port enters this state when the spanning tree determines that the port should participate in frame forwarding. Learning is disabled in the listening state.
Chapter 7 Configuring Spanning Tree How Spanning Tree Protocols Work Learning State A port in the learning state prepares to participate in frame forwarding. The port enters the learning state from the listening state. Figure 7-5 shows a port in the learning state. Figure 7-5 Port 2 in Learning State All segment...
Chapter 7 Configuring Spanning Tree How Spanning Tree Protocols Work Forwarding State A port in the forwarding state forwards frames, as shown in Figure 7-6. The port enters the forwarding state from the learning state. Figure 7-6 Port 2 in Forwarding State All segment Forwarding frames...
Chapter 7 Configuring Spanning Tree Understanding PVST+ and MISTP Modes Figure 7-7 Port 2 in Disabled State All segment Forwarding frames Port 1 Network Station management addresses BPDUs and data frames Filtering System Frame database module forwarding Network management frames Data frames Port 2...
Chapter 7 Configuring Spanning Tree Understanding PVST+ and MISTP Modes If your network currently uses PVST+ and you plan to use MISTP on any switch, you must first enable Caution MISTP-PVST+ on the switch and configure a MISTP instance to avoid causing loops in the network. PVST+ Mode PVST+ is the default Spanning Tree Protocol used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs on Catalyst 4000 family switches.
Chapter 7 Configuring Spanning Tree Bridge Identifiers MISTP-PVST+ conforms to the limits of PVST+; for example, you can only configure the amount of VLAN ports on your MISTP-PVST+ switches that you configure on your PVST+ switches. Bridge Identifiers This section explains how MAC addresses are used in PVST+ and MISTP as unique bridge identifiers: MAC Address Allocation, page 7-12 •...
Chapter 7 Configuring Spanning Tree Using PVST+ • Configuring PVST+ Port VLAN Priority, page 7-17 • Disabling the PVST+ Mode on a VLAN, page 7-18 Default PVST+ Configuration Table 7-1 shows the default PVST+ configuration. Table 7-3 PVST+ Default Configuration Feature Default Value VLAN 1...
Page 111
Chapter 7 Configuring Spanning Tree Using PVST+ To configure the spanning tree bridge priority for a VLAN, perform this task in privileged mode: Task Command Step 1 Set the bridge ID priority for a VLAN. set spantree priority bridge_ID_priority [vlan] Step 2 Verify the bridge ID priority.
Chapter 7 Configuring Spanning Tree Using PVST+ Configuring PVST+ Port Cost You can configure the port cost of switch ports. Ports with lower port costs are more likely to be chosen to forward frames. Assign lower numbers to ports attached to faster media (such as full duplex) and higher numbers to ports attached to slower media.The possible range of cost is 1 to 65535.
Chapter 7 Configuring Spanning Tree Using PVST+ not-connected 32 disabled 0 not-connected 32 disabled 0 not-connected 32 disabled 0 not-connected 32 disabled 0 forwarding 16 disabled 0 not-connected 32 disabled 0 Configuring PVST+ Default Port Cost Mode If any switch in your network is using a port speed of 10 Gb or over and the network is using PVST+ spanning tree mode, all switches in the network must have the same path cost defaults.
Chapter 7 Configuring Spanning Tree Using PVST+ To configure the port VLAN cost for a port, perform this task in privileged mode: Task Command Configure the port VLAN cost for a set spantree portvlancost {mod/port} [cost cost] VLAN on a switch port. [vlan_list] This example shows how to change the port VLAN cost on a port: Console>...
Chapter 7 Configuring Spanning Tree Using MISTP-PVST+ or MISTP Disabling the PVST+ Mode on a VLAN When the switch is in PVST+ mode, you can disable spanning-tree on individual VLANs or all VLANs. When you disable spanning tree on a VLAN, the switch does not participate in spanning-tree and any BPDUs received in that VLAN are flooded on all ports.
Chapter 7 Configuring Spanning Tree Using MISTP-PVST+ or MISTP When all switches in the network are configured in MISTP-PVST+, you can then enable MISTP on all of the switches. These sections describe how to configure PVST+ on Ethernet VLANs: • Default MISTP Configuration, page 7-19 •...
Page 117
Chapter 7 Configuring Spanning Tree Using MISTP-PVST+ or MISTP If you are working from a Telnet connection to your switch, the first time you enable MISTP-PVST+ or Caution MISTP mode, you must do so from the switch console; do not use a Telnet connection through the data port or you will lose the connection to the switch.
Chapter 7 Configuring Spanning Tree Using MISTP-PVST+ or MISTP 00-50-3e-78-70-00 - 00-50-3e-78-70-00 - 00-50-3e-78-70-00 - Configuring a MISTP Instance This section describes how to configure MISTP instances: • Configuring MISTP Bridge ID Priority, page 7-21 • Configuring MISTP Port Cost, page 7-22 •...
Chapter 7 Configuring Spanning Tree Using MISTP-PVST+ or MISTP Configuring MISTP Port Cost You can configure the port cost of switch ports. Ports with lower port costs are more likely to be chosen to forward frames. Assign lower numbers to ports attached to faster media (such as full duplex) and higher numbers to ports attached to slower media.The possible range is 1 to 65535.
Chapter 7 Configuring Spanning Tree Using MISTP-PVST+ or MISTP This example shows how to configure the port priority and verify the configuration: Console> (enable) set spantree portpri 2/12 40 Bridge port 2/12 port priority set to 40. Console> (enable) show spantree mistp-instance 1 Instance 1 Spanning tree mode MISTP-PVST+...
Chapter 7 Configuring Spanning Tree Using MISTP-PVST+ or MISTP To configure the port instance priority for a port, perform this task in privileged mode: Task Command Configure the port instance priority on a MISTP set spantree portinstancepri {mod/port} instance. priority [instances] This example shows how to change the port instance priority on a port and verify the configuration: Console>...
Chapter 7 Configuring Spanning Tree Using MISTP-PVST+ or MISTP Mapping VLANs to a MISTP Instance When you are using MISTP-PVST+ or MISTP on a switch, you must map at least one VLAN to a MISTP instance in order for MISTP-PVST+ or MISTP to be active. Note Chapter 10, “Configuring VLANs”...
Chapter 7 Configuring Spanning Tree Using MISTP-PVST+ or MISTP This command prints a list of the MISTP instances associated with the VLAN, the MAC addresses of the root switches that are sending the BPDUs containing the VLAN mapping information, and the timers associated with the mapping of a VLAN to a MISTP instance.
Chapter 7 Configuring Spanning Tree Configuring a Root Switch To disable a MISTP instance, perform this task in privileged mode: Task Command Disable a MISTP instance. set spantree disable mistp-instance instance [all] This example shows how to disable a MISTP instance: Console>...
Chapter 7 Configuring Spanning Tree Configuring a Root Switch To configure a switch as the primary root switch for an instance, perform this task in privileged mode: Task Command Configure a switch as the primary root switch for set spantree root mistp-instance instance [dia an instance.
Chapter 7 Configuring Spanning Tree Configuring a Root Switch Instances 2-4 bridge hello time set to 2 seconds. Instances 2-4 bridge forward delay set to 9 seconds. Switch is now the root switch for active Instances 1-6. Console> (enable) Configuring a Root Switch to Improve Convergence You can configure the root switch to speed up STP convergence time.
Chapter 7 Configuring Spanning Tree Configuring Spanning Tree Timers Task Command Step 4 Verify the configuration. show spantree [mod/port] mistp-instance [instances] [active] Step 5 Configure the maximum aging time for a set spantree maxage agingtime [vlans] mistp-instance VLAN or MISTP instance. instances Step 6 Verify the configuration.
Chapter 7 Configuring Spanning Tree Configuring Spanning Tree Timers Exercise care using these commands. For most situations, we recommend that you use the set spantree Caution root and set spantree root secondary commands to modify the spanning tree performance parameters. Table 7-3 describes the switch variables that affect spanning tree performance.
Chapter 7 Configuring Spanning Tree Configuring Spanning Tree Timers To configure the spanning tree forward delay time for a VLAN, perform this task in privileged mode: Task Command Step 1 Configure the forward delay time for a VLAN or set spantree fwddelay delay [vlan] MISTP instance.
Chapter 7 Configuring Spanning Tree Understanding How BPDU Skewing Works Understanding How BPDU Skewing Works BPDU skewing is the difference between when the BPDUs are expected to be received and the time BPDUs are actually received. Skewing occurs when the following occurs: •...
Page 131
Chapter 7 Configuring Spanning Tree Configuring Spanning Tree BPDU Skewing To configure the BPDU skewing statistics gathering for a VLAN, perform this task in privileged mode: Task Command Step 1 Configure BPDU skewing. set spantree bpdu-skewing [enable | disable] Step 2 Verify the configuration.
Page 132
Chapter 7 Configuring Spanning Tree Configuring Spanning Tree BPDU Skewing Portfast bpdu-filter disabled for bridge. Uplinkfast disabled for bridge. Backbonefast disabled for bridge. Summary of connected spanning tree ports by vlan VLAN Blocking Listening Learning Forwarding STP Active ----- -------- --------- -------- ---------- ---------- Blocking Listening Learning Forwarding STP Active ----- -------- --------- -------- ---------- ---------- Total...
C H A P T E R Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard This chapter describes how to configure the PortFast, UplinkFast, and BackboneFast, and loop guard spanning tree enhancements on the Catalyst enterprise LAN switches. Note For information on configuring spanning tree, see Chapter 7, “Configuring Spanning Tree.”...
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Configuring PortFast PortFast should be used only when connecting a single end station to a switch port. If you enable PortFast Caution on a port connected to another networking device, such as a switch, you can create network loops. When the switch powers up, or when a device is connected to a port, the port normally enters the spanning tree listening state.
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Understanding How PortFast BPDU Guard Works blocking enabled 1003 not-connected enabled 1005 not-connected enabled Console> (enable) Disabling Spanning Tree PortFast To disable PortFast on a switch port, perform this task in privileged mode: Task Command Step 1...
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Configuring PortFast BPDU Guard Enabling PortFast BPDU Guard Note PortFast is configured on an individual port and the PortFast BPDU guard option is enabled globally. When PortFast is disabled on a port, PortFast BPDU guard becomes inactive. To enable PortFast BPDU guard on a nontrunking switch port, perform this task in privileged mode: Task Command...
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Understanding How PortFast BPDU Filtering Works Understanding How PortFast BPDU Filtering Works BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Understanding How UplinkFast Works Understanding How UplinkFast Works UplinkFast provides fast convergence in the network access layer after a spanning tree topology change using uplink groups. An uplink group is a set of ports (per VLAN), only one of which is forwarding at any given time.
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Configuring UplinkFast As soon as the switch transitions the alternate port to the forwarding state, the switch begins transmitting dummy multicast frames on that port, one for each entry in the local EARL table (except those entries associated with the failed root port).
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Configuring UplinkFast This example shows how to enable UplinkFast with a station-update rate of 40 packets per 100 milliseconds and how to verify that UplinkFast is enabled: Console> (enable) set spantree uplinkfast enable rate 40 VLANs 1-1005 bridge priority set to 49152.
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Understanding How BackboneFast Works To disable UplinkFast on a switch, perform this task in privileged mode: Task Command Step 1 (Optional) Disable UplinkFast processing on the clear spantree uplinkfast switch and restore the default bridge priority, port cost, and port-VLAN cost values.
Page 144
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Understanding How BackboneFast Works Figure 8-3 shows an example BackboneFast network topology. Switch A, the root switch, connects directly to Switch B over link L1 and to Switch C over link L2. The port on Switch C that connects directly to Switch B over link L3 is in the blocking state.
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Configuring BackboneFast Figure 8-5 Adding a Switch in a Shared-Medium Topology Switch A (Root) Switch B Switch C (Designated Bridge) Blocked port Added switch Configuring BackboneFast These sections describe how to configure the BackboneFast feature: Enabling BackboneFast, page 8-13 •...
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Configuring BackboneFast Displaying BackboneFast Statistics To display BackboneFast statistics, perform this task in privileged mode: Task Command Display BackboneFast statistics. show spantree summary This example shows how to display BackboneFast statistics: Console>...
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Understanding How Loop Guard Works Understanding How Loop Guard Works Unidirectional link failures may cause a root port or alternate port to become designated as root if BPDUs are absent. Some software failures may introduce temporary loops in the network. The loop guard feature checks if a root port or an alternate root port receives BPDUs.
Page 148
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Understanding How Loop Guard Works Loop guard interacts with other features as follows: • Loop guard does not affect the functionality of UplinkFast or BackboneFast. • Do not enable loop guard on ports that are connected to a shared link. We recommend that you enable loop guard on root ports and alternate root ports on access Note switches.
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Configuring Loop Guard Configuring Loop Guard These sections describe how to configure BackboneFast: • Enabling Loop Guard, page 8-17 Disabling Loop Guard, page 8-17 • Enabling Loop Guard Use the set spantree guard command to enable or disable the spanning tree loop guard feature on a per-port basis.
Page 150
Chapter 8 Configuring Spanning Tree PortFast, UplinkFast, and BackboneFast, and Loop Guard Configuring Loop Guard Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 8-18 78-12647-02...
C H A P T E R Configuring VTP This chapter describes how to configure the VLAN Trunking Protocol (VTP) on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 9 Configuring VTP Understanding How VTP Works VTP Domain A VTP domain (also called a VLAN management domain) is made up of one or more interconnected switches that share the same VTP domain name. A switch can be configured to be in one and only one VTP domain.
Chapter 9 Configuring VTP Understanding How VTP Works • VLAN configuration, including maximum transmission unit (MTU) size for each VLAN • Frame format VTP Version 2 If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. VTP version 2 supports the following features not supported in version 1: •...
Page 156
Chapter 9 Configuring VTP Understanding How VTP Works Figure 9-1 Flooding Traffic without VTP Pruning Switch 4 Port 2 Switch 5 Switch 2 VLAN Port 1 Switch 6 Switch 3 Switch 1 Figure 9-2 shows the same switched network with VTP pruning enabled. The broadcast traffic from Switch 1 is not forwarded to Switches 3, 5, and 6 because traffic for the Red VLAN has been pruned on the links indicated (port 5 on Switch 2 and port 4 on Switch 4).
Chapter 9 Configuring VTP Configuring VTP • Disabling VTP Pruning, page 9-10 • Monitoring VTP, page 9-10 Configuring a VTP Server When a switch is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network. To configure the switch as a VTP server, perform this task in privileged mode: Task Command...
Chapter 9 Configuring VTP Configuring VTP This example shows how to configure the switch as a VTP client and verify the configuration: Console> (enable) set vtp domain Lab_Network VTP domain Lab_Network modified Console> (enable) set vtp mode client VTP domain Lab_Network modified Console>...
Chapter 9 Configuring VTP Configuring VTP VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. Every Caution switch in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every switch in the VTP domain supports version 2.
Chapter 9 Configuring VTP Configuring VTP Configuring VTP Pruning To configure VTP pruning, perform this task in privileged mode: Task Command Step 1 Enable VTP pruning in the management domain. set vtp pruning enable Step 2 (Optional) Make specific VLANs pruning clear vtp pruning vlan_range ineligible on the device.
Chapter 9 Configuring VTP Configuring VTP Port Vlans allowed and active in management domain -------- --------------------------------------------------------------------- Port Vlans in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------- Console> (enable) Disabling VTP Pruning To disable VTP pruning, perform this task in privileged mode: Task Command Step 1...
C H A P T E R Configuring VLANs This chapter describes how to configure virtual LANs (VLANs) on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Page 164
Figure 10-1 VLANs as Logically Defined Networks Engineering Marketing Accounting VLAN VLAN VLAN Catalyst 4000 Cisco router Floor 3 Catalyst 4000 Fast Ethernet Floor 2 Catalyst 4000 Floor 1 VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN.
Chapter 10 Configuring VLANs Configuring VLANs Creating or Modifying an Ethernet VLAN To create a new Ethernet VLAN, perform this task in privileged mode: Task Command Step 1 Create a new Ethernet VLAN. set vlan vlan_num [name name] [said said] [mtu mtu] [translation vlan_num] Step 2 Verify the VLAN configuration.
The valid range of user-configurable ISL VLANs is 1–1000. The valid range of VLANs specified in the IEEE 802.1Q standard is 0–4095. In a network environment with non-Cisco devices connected to Cisco switches through 802.1Q trunks, you must map 802.1Q VLAN numbers greater than 1000 to ISL VLAN numbers.
Chapter 10 Configuring VLANs Configuring VLANs These restrictions apply when mapping 802.1Q VLANs to ISL VLANs: • You can configure up to seven 802.1Q-to-ISL VLAN mappings on the switch. • You must map 802.1Q VLANs to Ethernet-type ISL VLANs. • Do not enter the native VLAN of any 802.1Q trunk in the mapping table.
Chapter 10 Configuring VLANs Configuring Private VLANs This example shows how to clear all 802.1Q-to-ISL VLAN mappings: Console> (enable) clear vlan mapping dot1q all All vlan mapping entries deleted Console> (enable) Deleting a VLAN When you delete a VLAN in VTP server mode, the VLAN is removed from all switches in the VTP domain.
Page 170
Chapter 10 Configuring VLANs Configuring Private VLANs There are three types of private VLAN ports: promiscuous, isolated, and community. • A promiscuous port communicates with all other private VLAN ports and is the port you use to communicate with routers, LocalDirector, the CSS11000, backup servers, and administrative workstations.
Chapter 10 Configuring VLANs Configuring Private VLANs Private VLAN Configuration Guidelines Follow these guidelines to configure private VLANs: • Designate one VLAN as the primary VLAN. • Designate one VLAN as an isolated VLAN. If you want to use private VLAN communities, you need to designate a community VLAN for each community.
Chapter 10 Configuring VLANs Configuring Private VLANs • In networks with some switches using MAC address reduction, and others not using MAC address reduction, STP parameters do not necessarily propagate to ensure that the spanning tree topologies match. You should manually double check the STP configuration to ensure that the primary, isolated, and community VLANs spanning tree topologies match.
Page 173
Chapter 10 Configuring VLANs Configuring Private VLANs Note You can bind isolated or community VLAN(s) to the primary VLAN without associating the isolated or community ports to the private VLAN: use the set pvlan primary_vlan_num {isolated_vlan_num | community_vlan_num} command. Note You can change the isolated or community ports associated to the private VLAN without changing the the isolated or community VLANs binding: use the set pvlan primary_vlan_num {isolated_vlan_num | community_vlan_num} mod/port command.
Page 174
Chapter 10 Configuring VLANs Configuring Private VLANs This example shows how to bind VLAN 902 to primary VLAN 7 and assign ports 4/4 through 4/6 as the community port: Console> (enable) set pvlan 7 902 4/4-6 Successfully set the following ports to Private Vlan 7,902:4/4-6 Console>...
Chapter 10 Configuring VLANs Configuring Private VLANs ------- --------- -------------- ------------ isolated community 4/4-6 community 4/7-9 Console> (enable) show pvlan mapping Port Primary Secondary ----- -------- ---------- 901-903 Console> (enable) show port Port Name Status Vlan Duplex Speed Type ----- ------------------ ---------- ---------- ------ ----- ------------ ...truncated output...
Chapter 10 Configuring VLANs Configuring Private VLANs This example shows how to delete primary VLAN 7: Console> (enable) clear vlan 7 This command will de-activate all ports on vlan 7 Do you want to continue(y/n) [n]?y Vlan 7 deleted Console> (enable) Deleting an Isolated or Community VLAN If you delete an isolated or community VLAN, the binding with the primary VLAN is broken, any isolated or community ports associated to the VLAN become inactive, and any related mappings on the...
C H A P T E R Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports This chapter describes how to configure Fast Ethernet and Gigabit Ethernet virtual LAN (VLAN) trunks on the Catalyst enterprise LAN switches. Note For complete information on configuring VLANs, see Chapter 10, “Configuring VLANs.”...
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Understanding How VLAN Trunks Work The Catalyst 4000, 2948G, and 2980G switches support IEEE 802.1Q—802.1Q trunking encalsulation. You can configure a trunk on a single Fast or Gigabit Ethernet port or on a Fast or Gigabit EtherChannel bundle.
To avoid this problem, ensure that trunking is turned off on ports connected to non-switch devices if you do not intend to trunk across those links. When manually enabling trunking on a link to a Cisco router, use the nonegotiate keyword to cause the port to become a trunk but not generate DTP frames.
BPDUs on each VLAN allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved IEEE 802.1d spanning-tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved Cisco Shared Spanning Tree (SSTP) multicast MAC address (01-00-0c-cc-cc-cd).
Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Default Trunk Configuration • Make sure that the native VLAN is the same on ALL of the 802.1Q trunks connecting the Cisco switches to the non-Cisco 802.1Q cloud. • If you are connecting multiple Cisco switches to a non-Cisco 802.1Q cloud, all of the connections MUST be through 802.1Q trunks.
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Configuring a Trunk Link To configure an 802.1Q trunk, perform this task in privileged mode: Task Command Step 1 Configure an 802.1Q trunk. set trunk mod_num/port_num [on | desirable | auto | nonegotiate] dot1q Step 2 Verify the trunking configuration.
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations This example shows how to define the allowed VLANs list for trunk port 1/1 to allow VLANs 1–100, VLAN 250, and VLANs 500–1005, and how to verify the allowed VLAN list for the trunk: Console>...
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations Note For examples of configuring trunk links between switches and routers, refer to the Layer 3 Switching Software Configuration Guide—Catalyst 5000 Family, 4000 Family, 2926G Series, 2926 Series, 2948G, and 2980G Switches publication.
Page 185
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations No ports trunking. Switch_A> (enable) Switch_B> (enable) show port channel No ports channelling Switch_B> (enable) show trunk No ports trunking. Switch_B> (enable) Configure the ports on Switch A to negotiate a Gigabit EtherChannel bundle with the neighboring Step 3 switch.
Page 186
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations connected auto channel WS-C4003 JAB023806(Sw connected auto channel WS-C4003 JAB023806(Sw ----- ---------- --------- ----------- ------------------------- ---------- Switch_B> (enable) Configure one of the ports in the EtherChannel bundle to negotiate an 802.1Q trunk. The configuration Step 5 is applied to all of the ports in the bundle.
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations -------- --------------------------------------------------------------------- 1-5,10,20,50,152,200,300,400,500,521-524,570,850,917,999 1-5,10,20,50,152,200,300,400,500,521-524,570,850,917,999 1-5,10,20,50,152,200,300,400,500,521-524,570,850,917,999 1-5,10,20,50,152,200,300,400,500,521-524,570,850,917,999 Port Vlans in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------- Switch_A> (enable) Switch_B> (enable) show trunk Port Mode Encapsulation...
Page 188
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations Figure 11-2 Parallel Trunk Configuration Before Configuring VLAN-Traffic Load Sharing Trunk 2 VLANs 10, 20, and 30: port-VLAN priority 32 (blocking) VLANs 40, 50, and 60: port-VLAN priority 1 (forwarding) Catalyst 4000 Catalyst 4000 Switch 1...
Page 189
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations -------------------------------- ------------ ----------- ----------- ---------- BigCorp server Vlan-count Max-vlan-storage Config Revision Notifications ---------- ---------------- --------------- ------------- 1023 disabled Last Updater V2 Mode Pruning PruneEligible on Vlans --------------- -------- -------- ------------------------- 172.20.52.10 disabled enabled...
Page 190
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations Port Vlans in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------- 1-2,10,20,30,40,50,60,99-105 1/2Switch_1> (enable) When the trunk links come up, VTP passes the VTP and VLAN configuration to Switch 2. Verify that Step 6 Switch 2 has learned the VLAN configuration by entering the show vlan command on Switch 2: Switch_2>...
Page 191
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations In this example, VLANs 10, 20, and 30 (Group 1) are forwarded over Trunk 1, and VLANs 40, 50, and 60 (Group 2) are forwarded over Trunk 2. Step 9 On Switch 1, enter the set spantree portvlanpri command to change the port-VLAN priority for the Group 1 VLANs on Trunk 1 (port 1/1) to an integer value lower than the default of 32:...
Page 192
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations Port 1/2 vlans 1005 using portpri 4. Switch_2> (enable) set spantree portvlanpri 1/2 1 50 Port 1/2 vlans 1-39,41-49,51-1004 using portpri 32. Port 1/2 vlans 40,50 using portpri 1. Port 1/2 vlans 1005 using portpri 4.
Page 193
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations Figure 11-3 Parallel Trunk Configuration After Configuring VLAN Traffic Load-Sharing Trunk 2 VLANs 10, 20, 30, 40, 50, and 60: port-VLAN priority 32 (blocking) Catalyst 4000 Catalyst 4000 Switch 1...
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations 802.1Q Nonegotiate Trunk Configuration Example This example configuration shows how to configure an 802.1Q Fast Ethernet trunk between two Catalyst 4000 family switches with 802.1Q-capable hardware. (Use the show port capabilities command to see if your hardware is 802.1Q-capable.) In this example, an 802.1Q trunk is configured between port 1/1 on Switch 1 and port 4/1 on Switch 2.
Page 195
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations Step 2 Display the problem on Switch 2 by entering the the show spantree and show spantree statistics commands. The configuration mismatch exists until the port on Switch 2 is properly configured. Switch 2>...
Page 196
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Example VLAN Trunk Configurations Figure 11-6 802.1Q Trunking: Final Network Configuration Port 1/1 Port 4/1 Trunk Type: 802.1Q Trunk Type: 802.1Q Trunk Mode: nonegotiate Trunk Mode: nonegotiate 4000 4000 Switch 1 802.1Q Trunk...
When you disable VLAN 1 on a trunk interface, no user traffic is transmitted or received across that trunk interface, but the supervisor engine will continue to transmit and receive packets from control protocols such as Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PAgP), Dynamic Trunking Protocol (DTP), and so forth.
Page 198
Chapter 11 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports Disabling VLAN 1 on a Trunk Link When a trunk port with VLAN 1 disabled becomes a nontrunk port, it is added to the native VLAN. If the native VLAN is VLAN 1, the port is enabled and added to VLAN 1. To disable VLAN 1 on a trunk interface, perform this task in privileged mode: Task Command...
C H A P T E R Configuring Dynamic Port VLAN Membership with VMPS This chapter describes how to configure dynamic port virtual LAN (VLAN) membership using the VLAN Management Policy Server (VMPS) on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS VMPS and Dynamic Port Hardware and Software Requirements If the assigned VLAN is restricted to a group of ports, VMPS verifies the requesting port against this group. If the VLAN is allowed on the port, the VLAN name is returned to the client. If the VLAN is not allowed on the port and VMPS is not in secure mode, the host receives an “access denied”...
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS Dynamic Port VLAN Membership and VMPS Configuration Guidelines Table 12-1 Default VMPS Client and Dynamic Port Configuration (continued) Feature Default Configuration VMPS server retry count 3 attempts Dynamic ports No dynamic ports configured Dynamic Port VLAN Membership and VMPS Configuration Guidelines These guidelines and restrictions apply to dynamic port VLAN membership:...
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS Configuring VMPS and Dynamic Port VLAN Membership Note For an example ASCII text VMPS database configuration file, see the “VMPS Database Configuration File Example” section on page 12-7. Follow these guidelines for creating the VMPS database file: •...
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS Configuring VMPS and Dynamic Port VLAN Membership To configure VMPS, perform this task in privileged mode: Task Command Step 1 Specify the download method. set vmps downloadmethod rcp | tftp [username] Step 2 Configure the IP address of the TFTP or rcp server set vmps downloadserver ip_addr [filename]...
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS Troubleshooting VMPS and Dynamic Port VLAN Membership Configuring Static VLAN Port Membership To return a port to static VLAN port membership, perform this task in privileged mode: Task Command Step 1 Configure static port VLAN membership set port membership mod_num/port_num static assignment to a port.
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS Dynamic Port VLAN Membership with VMPS Configuration Examples Troubleshooting Dynamic Port VLAN Membership A dynamic port might shut down under these circumstances: • VMPS is in secure mode and it is illegal for the host to connect to the port. The port shuts down to prevent the host from connecting to the network.
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS Dynamic Port VLAN Membership with VMPS Configuration Examples !vmps-port-group <group-name> ! device <device-id> { port <port-name> | all-ports } vmps-port-group WiringCloset1 device 198.92.30.32 port 3/2 device 172.20.26.141 port 2/8 vmps-port-group “Executive Row” device 198.4.254.222 port 1/2 device 198.4.254.222 port 1/3 device 198.4.254.223 all-ports...
Page 207
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS Dynamic Port VLAN Membership with VMPS Configuration Examples Figure 12-1 Dynamic Port VLAN Membership Configuration TFTP server Primary VMPS Router Server 1 Switch 1 172.20.22.7 172.20.26.150 Client Switch 2 End station 1 172.20.26.151 Secondary VMPS Server 2...
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS Dynamic Port VLAN Membership with Auxiliary VLANs To configure VMPS and dynamic ports, follow these steps: Configure the VMPS server addresses on each VMPS client: Step 1 Configure the primary VMPS server IP address: Console>...
Configuring Dynamic Port VLAN Membership with VMPS Dynamic Port VLAN Membership with Auxiliary VLANs Note For detailed information on auxiliary VLANs and Cisco voice-over-IP networks, refer to the "Configuring a Voice-over-IP Network" chapter in the Catalyst 6000 Family Software Configuration Guide.
Page 210
Chapter 12 Configuring Dynamic Port VLAN Membership with VMPS Dynamic Port VLAN Membership with Auxiliary VLANs This example shows that the auxiliary VLAN ID specified cannot be the same as the native VLAN ID: Console> (enable) set port auxiliaryvlan 5/10 223 Auxiliary vlan cannot be set to 223 as PVID=223.
C H A P T E R Configuring GVRP This chapter describes how to configure the GARP VLAN Registration Protocol (GVRP) on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 13 Configuring GVRP Default GVRP Configuration Default GVRP Configuration Table 13-1 shows the default GVRP configuration. Table 13-1 GVRP Default Configuration Feature Default Value GVRP global enable state Disabled GVRP per-trunk enable state Disabled on all ports GVRP dynamic creation of VLANs Disabled GVRP registration mode normal, with VLAN 1 set to fixed, for all ports...
Chapter 13 Configuring GVRP Configuring GVRP Enabling GVRP Globally You must enable GVRP globally before any GVRP processing occurs on the switch. Enabling GVRP globally enables GVRP to perform VLAN pruning on 802.1Q trunk links. Pruning occurs only on GVRP-enabled trunks. For information on setting the per-trunk port GVRP enable state, see the “Enabling GVRP on Individual 802.1Q Trunk Ports”...
Chapter 13 Configuring GVRP Configuring GVRP To enable GVRP on individual 802.1Q-capable ports, perform this task in privileged mode: Task Command Step 1 Enable GVRP on an individual 802.1Q-capable set port gvrp enable mod_num/port_num port. Step 2 Verify the configuration. show gvrp configuration This example shows how to enable GVRP on 802.1Q-capable port 1/1: Console>...
Chapter 13 Configuring GVRP Configuring GVRP Configuring GVRP Registration These sections describe how to configure GVRP registration modes on switch ports: • Setting GVRP Normal Registration, page 13-5 • Setting GVRP Fixed Registration, page 13-5 • Setting GVRP Forbidden Registration, page 13-5 Setting GVRP Normal Registration Configuring an 802.1Q trunk port in normal registration mode allows dynamic creation (if dynamic VLAN creation is enabled), registration, and deregistration of VLANs on the trunk port.
Chapter 13 Configuring GVRP Configuring GVRP To configure GVRP forbidden registration on an 802.1Q trunk port, perform this task in privileged mode: Task Command Step 1 Configure forbidden registration on an 802.1Q set gvrp registration forbidden trunk port. mod_num/port_num Step 2 Verify the configuration.
Chapter 13 Configuring GVRP Configuring GVRP Note Modifying the GARP timer values affects the behavior of all GARP applications running on the switch, not just GVRP. (For example, GMRP uses the same timers.) You can modify the default GARP timer values on the switch. When setting the timer values, the value for leave must be greater than three times the join value (leave >= join * 3).
C H A P T E R Configuring QoS This chapter describes how to configure quality of service (QoS) on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 14 Configuring QoS Understanding How QoS Works QoS implements scheduling on supported egress ports with transmit queue drop thresholds and multiple transmit queues that use the 802.1p CoS values to give preference to higher-priority traffic. Figure 14-1 shows how QoS affects the traffic flow. Figure 14-1 Traffic Flow Through the Switch with QoS Enabled—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches Apply...
Chapter 14 Configuring QoS Understanding How QoS Works • Marking is the application of QoS labels to traffic. • Scheduling is the assignment of traffic to a queue. QoS assigns traffic based on CoS values. • Congestion avoidance is the process by which QoS reserves ingress and egress port capacity for traffic with high-priority CoS values.
Chapter 14 Configuring QoS Software Requirements Software Requirements QoS requires supervisor engine software release 5.2 or later releases. Use the show port capabilities command to determine the specific QoS support for a module. QoS Default Configuration Table 14-1 shows the QoS default configuration. Table 14-1 QoS Default Configuration Feature Default Value...
Chapter 14 Configuring QoS Configuring QoS Enabling QoS Globally To enable QoS globally on the switch, perform this task in privileged mode: Task Command Enable QoS on the switch. set qos enable This example shows how to enable QoS: Console> (enable) set qos enable QoS is enabled.
Chapter 14 Configuring QoS Configuring QoS Mapping CoS Values to Transmit Queues and Drop Thresholds Use the set qos map command to associate CoS values to transmit queue drop thresholds. The port_type is hardware-dependent. Use the show port capabilities command to determine the port_type for your hardware.
Chapter 14 Configuring QoS Configuring QoS Displaying QoS Information To display QoS information, perform this task: Task Command Display QoS information. show qos info [runtime | config] This example shows how to display the current QoS configuration information for the switch: Console>...
Page 230
Chapter 14 Configuring QoS Configuring QoS This example shows how to disable QoS: Console> (enable) set qos disable QoS is disabled. Console> (enable) Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 14-8 78-12647-02...
C H A P T E R Configuring Multicast Services This chapter describes how to configure multicast services, including Cisco Group Management Protocol (CGMP), Internet Group Management Protocol (IGMP) snooping, and GARP Multicast Registration Protocol (GMRP) on the Catalyst enterprise LAN switches.
Configuring Multicast Services Understanding How Multicasting Works CGMP and IGMP software components run on both the Cisco router and the switch. A CGMP/IGMP-capable IP multicast router sees all IGMP packets and can inform the switch when specific hosts join or leave IP multicast groups.
Layer 3 protocol (such as IP, IPX, and so forth). GMRP software components run on both the switch and on the host (Cisco is not a source for GMRP host software). On the host, GMRP is typically used with IGMP: the host GMRP software generates Layer 2 GMRP versions of the host’s Layer 3 IGMP control packets.
Chapter 15 Configuring Multicast Services Configuring CGMP This example shows how to enable CGMP and verify the configuration: Console> (enable) set cgmp enable CGMP support for IP multicast enabled. Console> (enable) show cgmp statistics 1 CGMP enabled CGMP statistics for vlan 1: valid rx pkts received 211915 invalid rx pkts received...
Chapter 15 Configuring Multicast Services Configuring CGMP Displaying Multicast Router Information When you enable CGMP, the switch automatically learns to which ports a multicast router is connected. To display dynamically learned multicast router information, perform one of these tasks in privileged mode: Task Command...
Chapter 15 Configuring Multicast Services Configuring CGMP Displaying Multicast Group Information To display information about multicast groups, perform one of these tasks in privileged mode: Task Command Display information about multicast groups. show multicast group [mac_addr] [vlan_id] Display only information about multicast groups show multicast group cgmp [mac_addr] learned dynamically through CGMP.
Chapter 15 Configuring Multicast Services Configuring GMRP Port GMRP Status Registration ForwardAll -------------------------------------------- ----------- ------------ ---------- 1/1-2,3/1,6/1-48 Enabled Normal Disabled Console> (enable) Enabling GMRP on Individual Switch Ports You can change the per-port GMRP configuration regardless of whether GMRP is enabled globally. Note However, GMRP will not function on any ports until you enable it globally.
Chapter 15 Configuring Multicast Services Configuring GMRP This example shows how to disable GMRP on ports 6/10–14 and verify the configuration: Console> (enable) set port gmrp disable 6/10-14 GMRP disabled on ports 6/10-14. Console> (enable) show gmrp configuration Global GMRP Configuration: GMRP Feature is currently enabled on this switch.
Chapter 15 Configuring Multicast Services Configuring GMRP Configuring GMRP Registration These sections describe how to configure GMRP registration modes on switch ports: • Setting Normal Registration Mode, page 15-12 • Setting Fixed Registration Mode, page 15-12 • Setting Forbidden Registration Mode, page 15-13 Setting Normal Registration Mode Configuring a port in normal registration mode allows dynamic GMRP multicast registration and deregistration on the port.
Chapter 15 Configuring Multicast Services Configuring GMRP When setting the timer values, the value for leave must be equal to or greater than three times the join value (leave >= join * 3). The value for leaveall must be greater than the value for leave (leaveall > leave).
Chapter 15 Configuring Multicast Services Configuring Multicast Router Ports and Group Entries Configuring Multicast Router Ports and Group Entries These sections describe how to manually specify multicast router ports and configure multicast group entries: • Specifying Multicast Router Ports, page 15-16 •...
Chapter 15 Configuring Multicast Services Configuring Multicast Router Ports and Group Entries This example shows how to define multicast groups manually and verify the configuration (the asterisks indicate the entry was manually configured): Console> (enable) set cam static 01-00-11-22-33-44 2/6-12 Static multicast entry added to CAM table.
Page 248
Chapter 15 Configuring Multicast Services Configuring Multicast Router Ports and Group Entries Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 15-18 78-12647-02...
C H A P T E R Configuring Port Security This chapter describes how to configure port security on the Catalyst enterprise LAN switches. For complete syntax and usage information for the commands used in this chapter, refer to the Command Note Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 16 Configuring Port Security Understanding How Port Security Works Allocation of the maximum number of MAC addresses for each port depends on your network configuration. The following combinations are examples of valid allocations: • 1025 (1 + 1024) addresses on 1 port and 1 address each on the rest of the ports. •...
Chapter 16 Configuring Port Security Port Security Configuration Guidelines Restricting Traffic Based on the Host MAC Address You can filter traffic based on a host MAC address, so that packets tagged with a specific source MAC address are discarded. When you specify a MAC address filter with the set cam filter command, incoming traffic from that host MAC address is dropped, and packets addressed to that host are not forwarded.
Chapter 16 Configuring Port Security Configuring Port Security Enabling Port Security Port security is either autoconfigured or enabled manually by specifying a MAC address. If a MAC address is not specified, the source address from the incoming traffic is autoconfigured and secured, up to the maximum number of MAC addresses allowed.
Chapter 16 Configuring Port Security Configuring Port Security Specifying the Maximum Number of Secure MAC Addresses You can specify the number of MAC addresses to secure on a port. By default, at least one MAC address per port can be secured. In addition to this default, a global resource of up to 1024 MAC addresses is available to be shared by the ports.
Chapter 16 Configuring Port Security Configuring Port Security Clearing MAC Addresses Enter the clear port security command to clear MAC addresses from a list of secure addresses on a port. Note If the clear command is executed on a MAC address that is in use, that MAC address may be learned and made secure again.
Chapter 16 Configuring Port Security Configuring Port Security Note If you restrict the number of secure MAC addresses on a port to one and additional hosts attempt to connect to that port, port security blocks these additional hosts from being connected to that port as well as to any other port in the same VLAN for the duration of the VLAN aging time.
Chapter 16 Configuring Port Security Configuring Port Security 3/24 1 00-e0-4f-ac-b4-00 Console> (enable) Restricting Traffic Based on Host MAC Address To restrict incoming or outgoing traffic for a specific MAC address, perform this task in privileged mode: Task Command Step 1 Discard traffic destined to or originating from a set cam static | permanent filter unicast_mac specific MAC address.
Page 257
Chapter 16 Configuring Port Security Configuring Port Security Task Command Step 1 Display the configuration. show port security [statistics] mod_num/ port_num Step 2 Display the port security statistics. show port security statistics [system] [mod_num/port_num] This example shows how to display port security configuration information and statistics: Console>...
Page 258
Chapter 16 Configuring Port Security Configuring Port Security Total ports: 48 Total MAC address(es): 48 Total global address space used (out of 1024): 0 Status: installed Console> (enable) Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 16-10 78-12647-02...
C H A P T E R Configuring the IP Permit List This chapter describes how to configure the IP permit list on the Catalyst enterprise LAN switches. For complete syntax and usage information for the commands used in this chapter, refer to the Command Note Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 17 Configuring the IP Permit List IP Permit List Default Configuration You can specify the same IP address in more than one entry in the permit list if the masks are different. The mask is applied to the address before it is stored in NVRAM, so that entries that have the same effect (but different addresses) are not stored.
Chapter 17 Configuring the IP Permit List Configuring the IP Permit List Console> (enable) set ip permit 172.20.52.3 all 172.20.52.3 added to IP permit list. Console> (enable) set ip permit 172.20.52.31 255.255.255.224 ssh 172.20.52.31 with mask 255.255.255.224 added to Ssh permit list. Console>...
Chapter 17 Configuring the IP Permit List Configuring the IP Permit List Ssh permit list enabled. Snmp permit list enabled. Permit List Mask Access-Type ---------------- ---------------- ------------- 172.16.0.0 255.255.0.0 telnet 172.20.0.0 255.255.0.0 snmp 172.20.52.0 255.255.255.224 172.20.52.3 telnet ssh snmp Denied IP Address Last Accessed Time Type ----------------- ------------------ ------ Denied IP Address Last Accessed Time Type...
Page 263
Chapter 17 Configuring the IP Permit List Configuring the IP Permit List Disable the IP permit list before clearing IP permit entries or host addresses. This action prevents your Caution connection from being dropped by the switch you are configuring in case you clear your current IP address.
Page 264
Chapter 17 Configuring the IP Permit List Configuring the IP Permit List Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 17-6 78-12647-02...
Flood traffic for each protocol group is forwarded out a port only if that port belongs to the appropriate protocol group. Layer 2 protocols, such as Spanning Tree Protocol (STP) and Cisco Discovery Protocol (CDP), are not affected by protocol filtering. Dynamic VLAN ports and ports that have port security enabled are members of all protocol groups.
Chapter 18 Configuring Protocol Filtering Default Protocol Filtering Configuration For example, if a host that supports both IP and Internetwork Packet Exchange (IPX) is connected to a switch port configured as auto for IPX, and the host is transmitting only IP traffic, the port to which the host is connected will not forward any IPX flood traffic to the host.
Chapter 18 Configuring Protocol Filtering Configuring Protocol Filtering Configuring Protocol Filtering To configure protocol filtering on Ethernet, Fast Ethernet, and Gigabit Ethernet ports, perform this task in privileged mode: Task Command Step 1 Enable protocol filtering on the switch. set protocolfilter enable Step 2 Set the protocol membership of the desired ports.
C H A P T E R Checking Port Status and Connectivity This chapter describes how to check switch port status and connectivity on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 19 Checking Port Status and Connectivity Checking Port Status This example shows how to check module status on a Catalyst 2948G switch: Console> (enable) show module Mod Slot Ports Module-Type Model Status --- ---- ----- ------------------------- ------------------- -------- Switching Supervisor WS-X2948 10/100/1000 Ethernet WS-X2948G...
Chapter 19 Checking Port Status and Connectivity Checking Port Capabilities Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left ----- -------- ----------------- -------- ----------------- ------------------ Port Status Channel Admin Ch Mode Group Id ----- ---------- -------------------- ----- ----- inactive auto silent Port Align-Err FCS-Err Xmit-Err Rcv-Err...
Chapter 19 Checking Port Status and Connectivity Using Telnet Security Membership static,dynamic Fast start QOS scheduling rx-(none),tx-(2q1t) CoS rewrite ToS rewrite Rewrite UDLD Inline power AuxiliaryVlan 1..1000,untagged,none SPAN source,destination This example shows you how to display the port capabilities for port 5 on module 3: Console>...
Chapter 19 Checking Port Status and Connectivity Changing the Login Timer This example shows how to Telnet from the switch to the remote host labsparc: Console> (enable) telnet labsparc Trying 172.16.10.3... Connected to labsparc. Escape character is '^]'. UNIX(r) System V Release 4.0 (labsparc) login: Changing the Login Timer The login timer is the number of minutes after which an idle session is disconnected.
Chapter 19 Checking Port Status and Connectivity Monitoring User Sessions Note If you are using Kerberos to authenticate to the switch, you will not be able to use the secure shell encryption feature. To enable SSH on the switch, perform this task in privileged mode: Task Command Create the RSA host key.
Chapter 19 Checking Port Status and Connectivity Using Ping This example shows how to display information about user sessions using the noalias keyword to display the IP addresses of connected hosts: Console> (enable) show users noalias Session User Location -------- ---------------- ------------------------- console telnet 10.10.10.12...
Chapter 19 Checking Port Status and Connectivity Using Ping These default values apply to the ping-s command: Table 19-1 Ping Default Values Ping Ping-s Number of 0=continuous Packets ping Packet Size Wait Time Source Host IP – Address Address Ping will return one of the following responses: •...
Chapter 19 Checking Port Status and Connectivity Using Layer 2 Traceroute 808 bytes from 12.20.2.3: icmp_seq=5. time=2 ms 808 bytes from 12.20.2.3: icmp_seq=6. time=2 ms 808 bytes from 12.20.2.3: icmp_seq=7. time=2 ms 808 bytes from 12.20.2.3: icmp_seq=8. time=2 ms 808 bytes from 12.20.2.3: icmp_seq=9. time=3 ms ----17.20.2.3 PING Statistics---- 10 packets transmitted, 10 packets received, 0% packet loss round-trip (ms)
Chapter 19 Checking Port Status and Connectivity Using IP Traceroute • The maximum number of hops an l2trace query will try is 10; this includes hops involved in source tracing. • The Layer 2 Traceroute utility does not work with Token Ring VLANs, or when multiple devices are attached to one port via hubs, or when multiple neighbors are on a port.
Chapter 19 Checking Port Status and Connectivity Using IP Traceroute drops the datagram and sends back an Internet Control Message Protocol (ICMP) time-exceeded message to the sender. The traceroute facility determines the address of the first hop by examining the source address field of the ICMP time-exceeded message.
CDP is a media- and protocol-independent protocol that runs on all Cisco-manufactured equipment including routers, bridges, access and communication servers, and switches. Using CDP, you can view information about all the Cisco devices directly attached to the switch. In addition, CDP detects native VLAN and port duplex mismatches.
Chapter 20 Configuring CDP Configuring CDP Table 20-1 CDP Default Configuration Feature Default Value CDP global enable state Enabled CDP port enable state Enabled on all ports CDP message interval 60 seconds CDP holdtime 180 seconds Configuring CDP These sections describe how to configure CDP: •...
Chapter 20 Configuring CDP Configuring CDP Setting the CDP Enable State on a Port You can enable or disable CDP on a per-port basis. You must enable CDP globally before the switch will transmit CDP messages on any ports. To change the CDP enable state on a per-port basis, perform this task in privileged mode: Task Command Step 1...
: 100 Hold Time : 225 Console> (enable) Displaying CDP Neighbor Information To display information about directly connected Cisco devices, enter the show cdp neighbors command. Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 20-4 78-12647-02...
Page 287
To display the device capability codes for the connected device, enter the capabilities keyword. To display the device capability codes for the connected device, enter the detail keyword. • To display information about directly connected Cisco devices, perform this task in privileged mode: Task Command View information about CDP neighbors.
C H A P T E R Using Switch TopN Reports This chapter describes how to use the Switch TopN Reports utility on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 21 Using Switch TopN Reports Understanding How Switch TopN Reports Works When the Switch TopN Reports utility starts, it gathers data from the appropriate hardware counters, and then goes into sleep mode for a user-specified period. When the sleep time ends, the utility gathers the current data from the same hardware counters, compares the current data from the earlier data, and stores the difference.
Chapter 21 Using Switch TopN Reports Running and Viewing Switch TopN Reports Running and Viewing Switch TopN Reports To start a Switch TopN Report in the background and view the results, perform this task in privileged mode: Task Command Step 1 Start the Switch TopN Reports utility in the show top [N] [metric] [interval interval] background.
Page 293
Chapter 21 Using Switch TopN Reports Running and Viewing Switch TopN Reports This example shows how to remove a specific Switch TopN report and how to remove all stored reports: Console> (enable) clear top 4 Console> (enable) 06/16/1998,17:36:45:MGMT-5:TopN report 4 killed by Console//. Console>...
Page 294
Chapter 21 Using Switch TopN Reports Running and Viewing Switch TopN Reports Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 21-6 78-12647-02...
C H A P T E R Configuring UDLD This chapter describes how to configure the UniDirectional Link Detection (UDLD) protocol on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 22 Configuring UDLD UDLD Software and Hardware Requirements The switch periodically transmits UDLD messages (packets) to neighbor devices on ports with UDLD enabled. If the messages are echoed back to the sender within a specific time frame and they are lacking a specific acknowledgment (echo), the link is flagged as unidirectional and the port is shut down.
Chapter 22 Configuring UDLD Default UDLD Configuration Default UDLD Configuration Table 22-1 shows the default UDLD configuration. Table 22-1 UDLD Default Configuration Feature Default Value UDLD global enable state Globally disabled UDLD per-port enable state Enabled on all Ethernet, Fast Ethernet, and •...
Chapter 22 Configuring UDLD Configuring UDLD Enabling UDLD on Individual Ports To enable UDLD on individual ports, perform this task in privileged mode: Task Command Step 1 Enable UDLD on a specific port. set udld enable mod_num/port_num Step 2 Verify the configuration. show udld port [mod_num[/port_num]] This example shows how to enable UDLD on port 4/1 and verify the configuration: Console>...
Software release 5.4(3) and later releases have UDLD aggressive mode. UDLD aggressive mode is disabled by default and its use is recommended only for point-to-point links between Cisco switches running software release 5.4(3) or later releases. With aggressive mode enabled, when a port on a bidirectional link stops receiving UDLD packets, UDLD tries to reestablish the connection with the neighbor.
Chapter 22 Configuring UDLD Configuring UDLD This example shows how to enable UDLD aggressive mode on the switch: Console> (enable) set udld aggressive-mode enable 4/1 Aggressive UDLD enabled on port 4/1. Console> (enable) This example shows how to verify that UDLD aggressive mode is enabled on the switch: Console>...
Page 301
Chapter 22 Configuring UDLD Configuring UDLD Table 22-2 show udld Command Output Fields Field Description UDLD Status of whether UDLD is enabled or disabled. Message Interval Message interval in seconds. Port Module and port numbers. Admin Status Status of whether administration status is enabled or disabled. Aggressive Mode Status of whether aggressive mode is enabled or disabled.
C H A P T E R Configuring SNMP This chapter describes how to configure Simple Network Management Protocol (SNMP) on Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Page 304
HMAC MD5 or SHA algorithms and encrypts the packet using the CBC-DES (DES-56) algorithm. security model—The security strategy used by the SNMP agent. Currently, Cisco IOS supports three security models: SNMPv1, SNMPv2c, and SNMPv3.
Chapter 23 Configuring SNMP Understanding How SNMP Works Understanding How SNMP Works SNMP is an application-layer protocol that facilitates the exchange of management information between network devices. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. There are three versions of SNMP: •...
Chapter 23 Configuring SNMP Understanding How SNMPv1 and SNMPv2c Work • A group determines the list of notifications its users can receive. • A group also defines the security model and security level for its users. SNMP ifindex Persistence Feature The SNMP ifIndex persistence feature is always enabled.
RMON in the supervisor engine module software (see Chapter 24, “Configuring RMON”) RMON and RMON2 on an external SwitchProbe device • For information about MIBs, see http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml. Note SNMPv1 and SNMPv2c Default Configuration Table 23-2 describes the SNMP default configuration.
Chapter 23 Configuring SNMP Configuring SNMPv1 and SNMPv2c from the CLI Configuring SNMPv1 and SNMPv2c from the CLI This section provides basic SNMPv1 and SNMPv2c configuration information. For detailed information Note on the SNMP commands supported by the Catalyst enterprise LAN switches, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 23 Configuring SNMP Understanding SNMPv3 read-write-all Root Trap-Rec-Address Trap-Rec-Community ---------------------------------------- -------------------- 172.16.10.10 read-write 172.16.10.20 read-write-all Console> (enable) Note To disable access for an SNMP community, set the community string for that community to the null string (do not enter a value for the community string). Understanding SNMPv3 SNMPv3 cpntains all the functionality of SNMPv1 and SNMPv2, but SNMPv3 has significant enhancements to adminstration and security.
Chapter 23 Configuring SNMP Understanding SNMPv3 Figure 23-1 SNMP Entity for Traditional SNMP Agents Other SNMP Entity SNMP Engine Dispatcher Message Processing Security Access Control Subsystem Subsystem Subsystem Transport Mapping v1MP User-based View-based security access control model model v2c MP Message Dispatcher Other Other...
Chapter 23 Configuring SNMP Understanding SNMPv3 Security Subsystem The Security Subsystem authenticates and encrypts messages. Each outgoing message is passed to the Security Subsystem from the Message Processing Subsystem. Depending on the services required, the Security Subsystem may encrypt the enclosed PDU and some fields in the message header. In addition, the Security Subsystem may generate an authentication code and insert it into the message header.
Chapter 23 Configuring SNMP Configuring SNMPv3 from an NMS Configuring SNMPv3 from an NMS To configure SNMP from an Network Management System (NMS), refer to your NMS documentation (also see the “Using CiscoWorks2000” section on page 23-13). The switch supports up to 20 trap receivers through the RMON2 trap destination table. Configure the RMON2 trap destination table from the NMS.
Page 313
Chapter 23 Configuring SNMP Configuring SNMPv3 from the CLI Task Command Step 9 Configure the community table for set snmp community {access_type} [community_string] the system default part, which (access_type = read-only | read-write | read-write-all) maps community strings of previous versions of SNMP to SNMPv3.
Page 314
Chapter 23 Configuring SNMP Configuring SNMPv3 from the CLI Console> (enable) set snmp user guestuser2 authentication sha guestuser2password Snmp user was set to guestuser2 authProt sha authPasswd guestuser2password privProt no-priv with engineid 00:00:00:09:00:10:7b:f2:82:00:00:00 nonvolatile. These examples show how to set guestuser1 and guestuser2 as members of the groups guestgroup and mygroup: Console>...
Using CiscoWorks2000 CiscoWorks2000 is a family of web-based and management platform-independent products for managing Cisco enterprise networks and devices. CiscoWorks2000 includes Resource Manager Essentials and CWSI Campus, which allow you to deploy, configure, monitor, manage, and troubleshoot a switched internetwork. For more information, see the following publications: •...
C H A P T E R Configuring RMON This chapter describes how to configure RMON on the Catalyst enterprise LAN switches. For complete syntax and usage information for the commands used in this chapter, refer to the Command Note Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 24 Configuring RMON Enabling RMON Enabling RMON RMON is disabled by default. Note To enable RMON, perform this task in privileged mode: Task Command Step 1 Enable RMON on the switch. set snmp rmon enable Step 2 Verify that RMON is enabled. show snmp This example shows how to enable RMON on the switch and how to verify that RMON is enabled: Console>...
Page 319
Chapter 24 Configuring RMON Supported RMON and RMON2 MIB Objects Table 24-1 Supervisor Engine RMON and RMON2 Support Module Object Identifier (OID) Definition Source Supervisor ...mib-2(1).rmon(16).statistics(1).etherStatsTable(1) Counters for packets, RFC 1757 Engine octets, broadcasts, errors, etc. Supervisor ...mib-2(1).rmon(16).history(2).historyControlTable(1) Periodically samples and RFC 1757 Engine ...mib-2(1).rmon(16).history(2).etherHistoryTable(2)
C H A P T E R Configuring SPAN and RSPAN This chapter describes how to configure the Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 4000 family switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 25 Configuring SPAN and RSPAN Understanding How SPAN and RSPAN Work Destination Port A destination port (also called a monitor port) is a switch port where SPAN sends packets for analysis. After a port becomes an active destination port, it does not forward any traffic except that required for the SPAN session.
Chapter 25 Configuring SPAN and RSPAN Understanding How SPAN and RSPAN Work Reflector Port The reflector port is the mechanism you use to copy packets onto an RSPAN VLAN. The reflector port forwards only the traffic from the RSPAN source session with which it is affiliated. Any device connected to a port set as a reflector port loses connectivity until the RSPAN source session is disabled.
Chapter 25 Configuring SPAN and RSPAN SPAN and RSPAN Session Limits Trunk VLAN Filtering In software release 6.3(1) and later releases, you can use the filter option to select a set of VLANs in a trunk used in a SPAN session. Trunk VLAN filtering is the analysis of network traffic on a selected set of VLANs on trunk source ports.
Chapter 25 Configuring SPAN and RSPAN SPAN Configuration Guidelines Figure 25-1 Example SPAN Configuration Port 5 traffic mirrored on Port 10 1 2 3 4 5 6 7 8 9 10 11 12 E6 E7 SwitchProbe For SPAN configuration, the source ports and the destination port must be on the same switch. SPAN does not affect the switching of network traffic on source ports;...
Chapter 25 Configuring SPAN and RSPAN Configuring SPAN Configuring SPAN To configure SPAN, perform this task in privileged mode: Task Command Step 1 Configure a SPAN source and a SPAN destination set span {src_mod/src_ports | src_vlan} port. dest_mod/dest_port [rx | tx | both] [filter vlan] [inpkts {enable | disable}] [learning {enable | disable}] [create] Step 2...
Page 327
Chapter 25 Configuring SPAN and RSPAN Configuring SPAN This example shows how to set VLAN 522 as the SPAN source and port 2/12 as the SPAN destination. Only transmit traffic is monitored. Normal incoming packets on the SPAN destination port are allowed. Console>...
For destination or intermediate switches—Any Catalyst 4000 family or Catalyst 6000 family switch • supervisor engine You cannot place any third-party or other Cisco switches in the end-to-end path for RSPAN traffic. Understanding How RSPAN Work See the “Understanding How SPAN and RSPAN Work” section on page 25-1...
Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN RSPAN has all the features of SPAN (see the “ Understanding How SPAN Works” section on page 25-4), plus support for source ports and destination ports distributed across multiple switches, allowing remote monitoring of multiple switches across your network.
Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN • For RSPAN, trunking is required if you have a source switch with all source ports in one VLAN (VLAN 2, for example) and it is connected to the destination switch through an uplink port that is also in the same VLAN.
Page 331
Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN To configure RSPAN VLANs, perform this task in privileged mode: Task Command Step 1 Configure RSPAN VLANs. set vlan vlan_num [rspan] Step 2 Verify the RSPAN VLAN configuration. show vlan This example shows how to set VLAN 500 as an RSPAN VLAN: Console>...
Page 332
Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN Reflector : Port 2/34 Rspan Vlan : 500 Admin Source : Port 2/3 Oper Source : Port 2/3 Direction : transmit/receive Incoming Packets: - Learning Filter : 50,850 Status : active Console> (enable) 2001 May 02 13:25:59 %SYS-5-SPAN_CFGSTATECHG:remote span sourc e session active for remote span vlan 500 To configure RSPAN source VLANs, perform this task in privileged mode: Task...
Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN Rspan Vlan : 500 Admin Source Oper Source Direction Incoming Packets: disabled Learning : enabled Filter Status : active Console> (enable) Disabling RSPAN Sessions When disabling an RSPAN session, you must disable all source and destination sessions on all participating switches.
Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN RSPAN Configuration Examples The following sections have several examples on how to configure RSPAN. Configuring a Single RSPAN Session This example shows how to configure a single RSPAN session. Figure 25-3 shows an RSPAN configuration;...
Chapter 25 Configuring SPAN and RSPAN Configuring RSPAN Table 25-2 Making Modifications to an Active RSPAN Session Switch Action RSPAN CLI Commands A (source) Disable the RSPAN session. set rspan disable source 901 B (source) Remove source port 3/2 from RSPAN session. set rspan source 3/1, 3/3 901 reflector 3/4 B (source) Add source port 3/2 to RSPAN session.
C H A P T E R Administering the Switch This chapter describes how to perform various administrative tasks on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 26 Administering the Switch Setting the System Name and System Prompt If you have not configured a system prompt, the first 20 characters of the system name are used as the system prompt (a greater-than symbol [>] is appended). The prompt is updated whenever the system name changes, unless you have manually configured the prompt using the set prompt command.
Chapter 26 Administering the Switch Setting the System Contact and Location This example shows how to set the system prompt the switch: Console> (enable) set prompt Catalyst4012> Catalyst4012> (enable) Clearing the System Name To clear the system name, perform this task in privileged mode: Task Command Clear the system name.
Chapter 26 Administering the Switch Setting the System Clock System Name System Location System Contact ------------------------ ------------------------ ------------------------ --- Sunnyvale CA sysadmin@corp.com Console> (enable) Setting the System Clock You can configure the switch to obtain the time and date using the Network Time Protocol (NTP). For Note information on configuring NTP, see Chapter 35, “Configuring NTP.”...
Chapter 26 Administering the Switch Defining and Using Command Aliases Unauthorized access prohibited. Contact sysadmin@corp.com for access. MOTD banner set Console> (enable) Clearing the Login Banner To clear the login banner, perform this task in privileged mode: Task Command Clear the message of the day. set banner motd cc This example shows how to clear the login banner: Console>...
Page 344
Chapter 26 Administering the Switch Defining and Using Command Aliases --- ---- ----- ------------------------- ------------------- --- -------- 1000BaseX Ethernet WS-X4306 Mod Module-Name Serial-Num --- ------------------- -------------------- JAB024000YY Mod MAC-Address(es) --- -------------------------------------- ------ ---------- ----------------- 00-10-7b-f6-b2-1a to 00-10-7b-f6-b2-1f 0.2 Console> (enable) sp3 Port Name Status...
Chapter 26 Administering the Switch Defining and Using IP Aliases Defining and Using IP Aliases You can use the set ip alias command to define aliases for IP addresses. IP aliases can make it easier to refer to other network devices when you use ping, telnet, and other commands, even when (DNS) is not enabled.
Page 346
Chapter 26 Administering the Switch Configuring Permanent and Static ARP Entries To configure a static or permanent ARP entry, perform this task in privileged mode: Task Command Step 1 Configure a static or permanent ARP entry. set arp [dynamic | permanent | static] {ip_addr hw_addr} Step 2 (Optional) Specify the ARP aging time.
Chapter 26 Administering the Switch Scheduling a System Reset 172.16.16.0 172.20.52.127 0xfffff000 default 172.20.52.121 172.20.52.120 172.20.52.124 0xfffffff8 default default 0xff000000 Console> (enable) Scheduling a System Reset These sections describe how to schedule a system reset: Scheduling a Reset at a Specific Time, page 26-10 •...
Chapter 26 Administering the Switch Power Management Reset scheduled for 23:00:00, Sat Aug 18 2001 (in 0 day 8 hours 39 minutes). Console> (enable) This example shows how to schedule a reset with a minimum of downtime: Console> (enable) reset mindown at 23:00 08/18 Software upgrade to 6.3(1) Reset scheduled at 23:00:00, Sat Aug 18 2001.
Chapter 26 Administering the Switch Power Management In systems with redundant power supplies, both power supplies must be of the same wattage. The Catalyst 4000 family switches allow you to mix AC-input and DC-input power supplies in the same chassis. For detailed information on supported power supply configurations for each chassis, refer to the Catalyst 4000 Family Installation Guide.
Page 351
Chapter 26 Administering the Switch Power Management has been inserted and Insufficient power supplies operating. Additionally, if a chassis that has been operating in 1+1 redundancy mode with a valid module configuration is powered down, and you insert a module or change the module configuration inappropriately and power on the switch again, the module(s) in the chassis (at boot up) that require more power than is available, are placed into reset mode.
Chapter 26 Administering the Switch Power Management This configuration requires 445W and cannot be used in 1+1 redundancy mode. Remember, when considering the 1+1 redundancy mode, you must carefully plan the configuration of the module power usage of your chassis. An incorrect configuration will momentary disrupt your system during the evaluation cycle.
Chapter 26 Administering the Switch Generating System Status Reports for Tech Support Generating System Status Reports for Tech Support Using a single command, you can generate a report that contains status information about your switch. This command is a combination of several show system status commands (Refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches for these commands.) You can upload the report to a TFTP server and send it to the Technical Assistance Center (TAC).
C H A P T E R Configuring Switch Access Using AAA This chapter describes how to configure authentication, authorization, and accounting (AAA) to monitor and control access to the command-line interface (CLI) on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 27 Configuring Switch Access Using AAA Understanding How Authentication Works Authentication Overview You can configure any combination of these authentication methods to control access to the switch: • Login authentication • Local authentication • TACACS+ authentication RADIUS authentication • Kerberos authentication •...
Chapter 27 Configuring Switch Access Using AAA Understanding How Authentication Works Understanding How TACACS+ Authentication Works TACACS+ is an enhanced version of TACACS, a User Datagram Protocol (UDP)-based access-control protocol specified by RFC 1492. TACACS+ controls access to network devices by exchanging Network Access Server (NAS) information between a network device and a centralized database to determine the identity of a user or device.
Chapter 27 Configuring Switch Access Using AAA Understanding How Authentication Works Understanding How RADIUS Authentication Works RADIUS is a client-server authentication and authorization access protocol used by the NAS to authenticate users attempting to connect to a network device. The NAS functions as a client, passing user information to one or more RADIUS servers.
Page 359
Chapter 27 Configuring Switch Access Using AAA Understanding How Authentication Works Table 27-1 Kerberos Terminology Term Definition Kerberized Applications and services that have been modified to support the Kerberos credential infrastructure. Kerberos credential General term referring to authentication tickets, such as ticket granting tickets and service credentials.
Chapter 27 Configuring Switch Access Using AAA Understanding How Authentication Works Using Kerberized Login Procedure You can use a Kerberized Telnet session if you are logging in through the in-band management port. After the Telnet client and services have been Kerberized, the following process takes place when a user attempts to Telnet to the switch: The Telnet client asks the user for the username and issues a request for a TGT to the KDC on the Kerberos server.
Chapter 27 Configuring Switch Access Using AAA Understanding How Authentication Works Note A non-Kerberized login can be performed through a modem or terminal server through the in-band management port. Telnet does not support non-Kerberized login. If a non-Kerberized login is launched, the following process takes place: The switch prompts you for a username and password.
Page 362
Chapter 27 Configuring Switch Access Using AAA Understanding How Authentication Works Table 27-2 defines the terms used in 802.1x. Table 27-2 802.1x Terminology Term Definition Authenticator PAE (Referred to as the “authenticator”) entity at one end of a point-to-point LAN segment that enforces supplicant authentication. The authenticator is independent of the actual authentication method and functions only as a pass-through for the authentication exchange.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Traffic Control You can restrict traffic in both directions or just incoming traffic. Authentication Server The frames exchanged between the authenticator and the authentication server are dependent on the authentication mechanism, so they are not defined by the 802.1x standard. You can use other protocols, but we recommend RADIUS for authentication, particularly when the authentication server is located remotely, because RADIUS has extensions that support encapsulation of EAP frames built into it.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Table 27-3 Default Authentication Configuration (continued) Feature Default Value 802.1x number of frames retransmitted from backend authenticator to supplicant 802.1x automatic supplicant reauthentication time 3600 seconds 802.1x automatic authenticator reauthentication of supplicant Disabled Authentication Configuration Guidelines These guidelines apply when configuring authentication on the switch:...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Configuring Login Authentication These sections describe how to configure login authentication on the switch: • Setting Authentication Login Attempts on the Switch, page 27-12 • Setting Authentication Login Attempts for Privileged Mode, page 27-13 Setting Authentication Login Attempts on the Switch To set up login authentication on the switch, perform this task in privileged mode: Task...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Setting Authentication Login Attempts for Privileged Mode To set up login authentication for privileged mode, perform this task in privileged mode: Task Command Step 1 Enable login attempt for privileged mode. Use the set authentication enable attempt {count} console or telnet keywords if you want to enable [console | telnet]...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Enabling Local Authentication Local login and enable authentication are enabled for both console and Telnet connections by default. Note You do not need to perform these tasks unless you want to modify the default configuration or you have disabled local authentication.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication To set the login password for local authentication, perform this task in privileged mode: Task Command Set the login password for access. Enter your old set password password (press Return on a switch with no password configured), enter your new password, and reenter your new password.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication To disable local authentication on the switch, perform this task in privileged mode: Task Command Step 1 Disable local login authentication. Use the set authentication login local disable [all | console or telnet keywords to disable local console | http | telnet] authentication only for console or Telnet connection attempts.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Step 6 Enter the set password or set enablepass command, as appropriate. Step 7 When prompted for your old password, press Return. Step 8 Enter and confirm your new password. Configuring TACACS+ Authentication These sections describe how to configure TACACS+ authentication on the switch.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication tacacs enabled(primary) enabled(primary) radius disabled disabled local enabled enabled Enable Authentication: Console Session Telnet Session ---------------------- ----------------- ---------------- tacacs enabled(primary) enabled(primary) radius disabled disabled local enabled enabled Console> (enable) Specifying the TACACS+ Key If you configure a TACACS+ key on the client, make sure you configure an identical key on the Note TACACS+ server.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication This example shows how to set the server timeout interval and verify the configuration: Console> (enable) set tacacs timeout 30 Tacacs timeout set to 30 seconds. Console> (enable) show tacacs Tacacs key: Secret_TACACS_key Tacacs login attempts: 3 Tacacs timeout: 30 seconds Tacacs direct request: disabled...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication This example shows how to enable TACACS+ directed request and verify the configuration: Console> (enable) set tacacs directedrequest enable Tacacs direct request has been enabled. Console> (enable) show tacacs Tacacs key: Secret_TACACS_key Tacacs login attempts: 5 Tacacs timeout: 30 seconds Tacacs direct request: enabled...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Clearing the TACACS+ Key To clear the TACACS+ key, perform this task in privileged mode: Task Command Step 1 Clear the TACACS+ key. clear tacacs key Step 2 Verify the TACACS+ configuration. show tacacs This example shows how to clear the TACACS+ key: Console>...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Enabling RADIUS Authentication Specify at least one RADIUS server before enabling RADIUS authentication on the switch. For Note information on specifying a RADIUS server, see the “Specifying RADIUS Servers” section on page 27-23.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication tacacs disabled disabled radius enabled(primary) enabled(primary) local enabled enabled Console> (enable) Specifying the RADIUS Key The RADIUS key is used to encrypt and authenticate all communication between the RADIUS client and server. You must configure the same key on the client and the RADIUS server. The length of the key is limited to 65 characters.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Setting the RADIUS Timeout Interval You can specify the timeout interval between retransmissions to the RADIUS server. The default timeout is 5 seconds. To specify the RADIUS timeout interval, perform this task in privileged mode: Task Command Step 1...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication This example shows how to specify the RADIUS retransmit count as 4 and how to verify the configuration: Console> (enable) set radius retransmit 4 Radius retransmit count set to 4. Console> (enable) show radius Login Authentication: Console Session Telnet Session...
Step 1 will use. In the following example, a database called CISCO.EDU is created: /usr/local/sbin/kdb5_util create -r CISCO.EDU -s Add the switch to the database. The following example adds a switch called Cat4012 to the CISCO.EDU Step 2 database: ank host/Cat4012.cisco.edu@CISCO.EDU Add the user name.
This example shows how to define a local-realm and how to verify the configuration: Console> (enable) set kerberos local-realm CISCO.COM Kerberos local realm for this switch set to CISCO.COM. Console> (enable) show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM,...
{dns-domain | host} entry. kerberos-realm This example shows how to map a Kerberos realm, called cisco.com, to a DNS domain and how to clear the entry: Console> (enable) set kerberos realm CISCO CISCO.COM Kerberos DnsDomain-Realm entry set to CISCO - CISCO.COM Console>...
This example shows how to retrieve a SRVTAB file from the KDC, enter a SRVTAB directly into the switch, and verify the configuration: Console> (enable) set kerberos srvtab remote 187.20.32.10 /users/jdoe/krb5/ninerskeytab Console> (enable) Console> (enable) set kerberos srvtab entry host/niners.cisco.com@CISCO.COM 0 932423923 1 1 8 03;;5>00>50;0=0=0 Kerberos SRVTAB entry set to Principal:host/niners.cisco.com@CISCO.COM...
Kerberos Pre Authentication Method set to None Kerberos config key: Kerberos SRVTAB Entries Srvtab Entry 1:host/aspen-niners.cisco.edu@CISCO.EDU 0 933974942 1 1 8 00?91:107:423=:;9 Console> (enable) This example shows how to configure the switch so that Kerberos clients are mandatory for users to authenticate to other network services: Console>...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Disabling Credentials Forwarding To clear the credentials forwarding configuration, perform this task in privileged mode: Task Command Clear the credentials forwarding configuration. clear kerberos credentials forward This example shows how to clear the credentials forwarding configuration and verify the change: Console>...
Kerberos Credentials Forwarding Disabled Kerberos Pre Authentication Method set to Encrypted Unix Time Stamp Kerberos config key:abcd Kerberos SRVTAB Entries Srvtab Entry 1:host/aspen-niners.cisco.edu@CISCO.EDU 0 933974942 1 1 8 12151><88?=>>3>11 Console> (enable) To clear the DES key, perform this task in privileged mode: Task Command Clear a DES key from the switch.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication To clear all Kerberos credentials, perform this task in privileged mode: Task Command Clear all credentials. clear kerberos creds This example shows how to clear all credentials from the switch: Console> (enable) clear kerberos creds Console>...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication To globally enable 802.1x authentication, perform this task in privileged mode: Task Command Globally enable 802.1x. set dot1x system-auth-control enable This example shows how to globally enable 802.1x authentication: Console> (enable) set dot1x system-auth-control enable dot1x system-auth-control enabled.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication This example shows how to enable 802.1x authentication on port 1 in module 4, initialize 802.1x authentication on the same port, and verify the configuration: Console> (enable) set port dot1x 4/1 port-control auto Port 4/1 dot1x port-control is set to auto.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Manually Reauthenticating the Supplicant You can manually reauthenticate the supplicant connected to a specific port at any time. When you want to configure automatic 802.1x supplicant reauthentication, see the “Setting and Enabling Automatic Reauthentication of the Supplicant”...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Setting the Quiet Period When the authenticator cannot authenticate the supplicant, it remains idle for set a period of time, and then tries again. The idle time is determined by the quiet-period value. (The default is 60 seconds.) You may set the value from 0 to 65535 seconds.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication This example shows how to set the back-end authenticator-to-supplicant retransmission time for the EAP-request frame to 15 seconds: Console> (enable) set dot1x supp-timeout 15 dot1x supp-timeout set to 15 seconds. Setting the Back-End Authenticator-to-Authentication-Server Retransmission Time for Transport Layer Packets The authentication server notifies the back-end authenticator each time it receives a transport layer packet.
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Resetting the 802.1x Configuration Parameters to the Default Values You can reset the 802.1x configuration parameters to the default values with a single command, which also globally disables 802.1x. To reset the 802.1x configuration parameters to the default values, perform this task in privileged mode: Task Command Step 1...
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Using the show Commands You can use these show commands to access information about 802.1x authentication and its configuration: show port dot1x help • show port dot1x • show port dot1x statistics •...
Chapter 27 Configuring Switch Access Using AAA Authentication Example This example shows how to display the statistics for the different types of EAP frames transmitted and received by the authenticator on port 1 on module 4: Console> (enable) show port dot1x statistics 4/1 Port Tx_Req/Id Tx_Req Tx_Total Rx_Start Rx_Logoff Rx_Resp/Id Rx_Resp -----...
Page 402
Chapter 27 Configuring Switch Access Using AAA Authentication Example Figure 27-3 TACACS+ Example Network Topology TACACS+ server 172.20.52.10 Switch Console port connection Terminal Workstation A This example shows how to configure the switch so that TACACS+ authentication is enabled for Telnet connections and local authentication is enabled for console connections.
Chapter 27 Configuring Switch Access Using AAA Understanding How Authorization Works TACACS+ Command Authorization You can require authorization for all commands or for configuration (enable mode) commands only. Configuration commands include the following: • copy • clear • commit • configure •...
Chapter 27 Configuring Switch Access Using AAA Configuring Authorization Enabling TACACS+ Authorization To enable TACACS+ authorization on the switch, perform this task in privileged mode: Task Command Step 1 Enable authorization for normal login mode. Use set authorization exec enable {option} the console or telnet keywords if you want to {fallbackoption} [console | telnet | both] enable authorization only for console port or...
Chapter 27 Configuring Switch Access Using AAA Authorization Example This example shows how to disable TACACS+ command authorization for both console and Telnet connections and how to verify the configuration: Console> (enable) set authorization commands disable both Successfully disabled commands authorization. Console>...
Chapter 27 Configuring Switch Access Using AAA Understanding How Accounting Works Figure 27-4 TACACS+ Example Network Topology TACACS+ server 172.20.52.10 Switch Console port connection Terminal Workstation A In this example, TACACS+ authorization is enabled for enable mode access to the switch for both Telnet and console connections, authorizing configuration commands: Console>...
Chapter 27 Configuring Switch Access Using AAA Understanding How Accounting Works • Updating the Server, page 27-58 • Suppressing Accounting, page 27-58 Accounting Overview You can configure these accounting methods to monitor access to the switch: TACACS+ accounting • RADIUS accounting •...
Chapter 27 Configuring Switch Access Using AAA Understanding How Accounting Works Specifying When to Create Accounting Records You can configure the switch to gather accounting information and create records. When Accounting is configured (using the set accounting command), the switch can generate two types of records: •...
Chapter 27 Configuring Switch Access Using AAA Configuring Accounting local enabled(primary) enabled(primary) Radius Deadtime: 0 minutes Radius Key: Radius Retransmit: Radius Timeout: 5 seconds Radius-Server Status Auth-port ----------------------------- ------- ------------ 172.20.52.3 primary 1812 Console> (enable) Updating the Server You can configure the switch to send accounting information to the TACACS+ server. There are two options: •...
Chapter 27 Configuring Switch Access Using AAA Configuring Accounting Table 27-5 Accounting Default Configuration Feature Default Value Accounting Disabled Accounting events (exec, system, commands, and connect) Disabled Accounting records Stop-only Accounting Configuration Guidelines These guidelines apply when configuring accounting on the switch: Configure RADIUS and TACACS+ servers before enabling accounting.
Page 414
Chapter 27 Configuring Switch Access Using AAA Configuring Accounting Task Command Step 6 Configure accounting to be updated as new set accounting update {new-info | {periodic information is available. [interval]}} Step 7 Verify the accounting configuration. show accounting This example shows how to enable stop-only TACACS+ accounting events: Console>...
Chapter 27 Configuring Switch Access Using AAA Configuring Accounting Disabling Accounting To disable accounting on the switch, perform this task in privileged mode: Task Command Step 1 Disable accounting for connection events. set accounting connect disable Step 2 Disable accounting for EXEC mode. set accounting exec disable Step 3 Disable accounting for system events.
Chapter 27 Configuring Switch Access Using AAA Accounting Example ----- ----- ------ Exec Connect Command System Console> (enable) Accounting Example Figure 27-5 shows a simple network topology using TACACS+. When Workstation A initiates an accountable event on the switch, the switch gathers event information and forwards the information to the server at the conclusion of the event.
Page 417
Chapter 27 Configuring Switch Access Using AAA Accounting Example Accounting information: ----------------------- Active Accounted actions on tty0, User (null) Priv 0 Active Accounted actions on tty288091924, User (null) Priv 0 Overall Accounting Traffic: Starts Stops Active ----- ----- ------ Exec Connect Command System...
Page 418
Chapter 27 Configuring Switch Access Using AAA Accounting Example Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 27-64 78-12647-02...
C H A P T E R Modifying the Switch Boot Configuration This chapter describes how to modify the switch boot configuration, including the BOOT environment variable and the configuration register on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 28 Modifying the Switch Boot Configuration Understanding How the Switch Boot Configuration Works Two user-configurable parameters determine how the switch boots: the configuration register and the BOOT environment variable. The configuration register is described in the “Understanding the Configuration Register” section on page 28-2.
Chapter 28 Modifying the Switch Boot Configuration Understanding How the Switch Boot Configuration Works The other bits in the configuration register function as follows when set: • Bit 5 (0x0020): Enables CONFIG_FILE recurrence. • Bit 6 (0x0040): Causes system software to clear NVRAM contents. •...
Chapter 28 Modifying the Switch Boot Configuration Default Switch Boot Configuration When the switch boots up, if any of the files specified in the CONFIG_FILE environment variable are valid configuration files, the configuration in NVRAM is erased and the system uses the specified configuration file to configure the switch.
Chapter 28 Modifying the Switch Boot Configuration Setting the Configuration Register The following boot methods are supported: • ROM monitor—Use the rommon keyword to keep the switch in ROM-monitor mode at startup. • Bootflash—Use the bootflash keyword to cause the switch to boot from the first image stored in the onboard Flash.
Chapter 28 Modifying the Switch Boot Configuration Setting the Configuration Register To set the switch to retain the current CONFIG_FILE environment variable indefinitely, perform this task in privileged mode: Task Command Set the switch to retain the current CONFIG_FILE set boot config-register auto-config environment variable indefinitely.
Chapter 28 Modifying the Switch Boot Configuration Setting the BOOT Environment Variable Setting the BOOT Environment Variable These sections describe how to modify the BOOT environment variable: • Setting the BOOT Environment Variable, page 28-7 Clearing the BOOT Environment Variable Settings, page 28-7 •...
Chapter 28 Modifying the Switch Boot Configuration Setting and Clearing the CONFIG_FILE Environment Variable Setting and Clearing the CONFIG_FILE Environment Variable These sections describe how to set and clear the CONFIG_FILE environment variable: For more information about using configuration files, see Chapter 31, “Working with Configuration Note Files.”...
Chapter 28 Modifying the Switch Boot Configuration Displaying the Switch Boot Configuration Displaying the Switch Boot Configuration To display the current configuration register, BOOT environment variable, and CONFIG_FILE environment variable settings, perform this task in privileged mode: Task Command Display the current configuration register, BOOT show boot [mod_num] environment variable, and CONFIG_FILE environment variable settings.
Page 428
Chapter 28 Modifying the Switch Boot Configuration Displaying the Switch Boot Configuration Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 28-10 78-12647-02...
C H A P T E R Working with System Software Images This chapter describes how to work with system software image files on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 29 Working with System Software Images Downloading System Software Images to the Switch Using TFTP • Downloading Supervisor Engine Images Using TFTP, page 29-2 • Example TFTP Download Procedures, page 29-3 Understanding How TFTP Software Image Downloads Work You can download system software images to the switch using the Trivial File Transfer Protocol (TFTP). TFTP allows you to download system image files over the network from a TFTP server.
Chapter 29 Working with System Software Images Downloading System Software Images to the Switch Using TFTP Note The Catalyst 4000 family, 2948G, and 2980G switches have only one Flash device (bootflash). The switch downloads the image file from the TFTP server, and the image is copied to the bootflash. The switch remains operational while the image downloads.
Page 432
Chapter 29 Working with System Software Images Downloading System Software Images to the Switch Using TFTP Copyright (c) 1994-1997 by cisco Systems, Inc. Presto processor with 32768 Kbytes of main memory Autoboot executing command: "boot bootflash:cat4000.6-1-1.bin" CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCC Uncompressing file:...
Chapter 29 Working with System Software Images Uploading System Software Images to a TFTP Server Uploading System Software Images to a TFTP Server These sections describe how to upload system software images from a switch to a TFTP server: • Preparing to Upload an Image to a TFTP Server, page 29-5 Uploading Software Images to a TFTP Server, page 29-5 •...
Chapter 29 Working with System Software Images Downloading System Software Images to the Switch Using rcp Downloading System Software Images to the Switch Using rcp These sections describe how to download system software images to the switch supervisor engine and to intelligent modules using rcp: •...
Do you want to continue (y/n) [n]? y Console> (enable) 07/21/2000,13:51:39:SYS-5:System reset from Console// System Bootstrap, Version 3.1(2) Copyright (c) 1994-1997 by cisco Systems, Inc. Presto processor with 32768 Kbytes of main memory Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4...
Page 436
EARL RAM Test ....Passed EARL Serial Prom Test ..Passed Level2 Cache ....Present Level2 Cache test....Passed Boot image: bootflash:cat4000.6-1-1.bin Cisco Systems Console Enter password: 07/21/2000,13:52:51:SYS-5:Module 1 is online 07/21/2000,13:53:11:SYS-5:Module 4 is online 07/21/2000,13:53:11:SYS-5:Module 5 is online 07/21/2000,13:53:14:PAGP-5:Port 1/1 joined bridge port 1/1.
Chapter 29 Working with System Software Images Uploading System Software Images to an rcp Server Uploading System Software Images to an rcp Server These sections describe how to upload system software images from a switch to an rcp server: • Preparing to Upload an Image to an rcp Server, page 29-9 Uploading Software Images to an rcp Server, page 29-9 •...
Page 438
Chapter 29 Working with System Software Images Uploading System Software Images to an rcp Server Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 29-10 78-12647-02...
C H A P T E R Using the Flash File System This chapter describes how to use the Flash file system on the Catalyst enterprise LAN switches. The Flash file system provides a number of useful commands to help you manage system image and configuration files.
Chapter 30 Using the Flash File System Using the Flash File System To set the default Flash device, perform this task: Task Command Step 1 Set the default Flash device for the system. cd [[m/][bootflash:]] Step 2 Verify the default Flash device for the system. pwd [mod_num] This example shows how to change the default Flash device to bootflash: and verify the default device: Console>...
Chapter 30 Using the Flash File System Using the Flash File System System configuration file set to: nvram The nvram file will be used for configuration during the next bootup. Console> (enable) show config mode System configuration mode set to text. System configuration file set to nvram.
Chapter 30 Using the Flash File System Using the Flash File System This example shows how to list the files on the default Flash device: Console> (enable) dir -#- -length- -----date/time------ name 3846376 Jun 14 2000 14:13:10 cat4000-k4.6-1-0-104-ORL.bin 3761580 Jun 14 2000 14:16:05 cat4000.6-1-0-104-ORL.bin 3795052 bytes available (7608212 bytes used) Console>...
Page 443
Chapter 30 Using the Flash File System Using the Flash File System To copy a file, perform one of these tasks in privileged mode: Task Command Copy a Flash file to a TFTP server, Flash memory, copy file-id {tftp | rcp | flash | file-id | config} or to the running configuration.
Chapter 30 Using the Flash File System Using the Flash File System Upload configuration to bootflash:4012_config.cfg 9942096 bytes available on device bootflash, proceed (y/n) [n]? y ...... Configuration has been copied successfully. Console> (enable) This example shows how to upload a configuration file on bootflash to a TFTP server: Console>...
Chapter 30 Using the Flash File System Using the Flash File System This example shows how to permanently remove all deleted files from a Flash device: Console> (enable) squeeze bootflash: All deleted files will be removed, proceed (y/n) [n]? y Squeeze operation may take a while, proceed (y/n) [n]? y Erasing squeeze log Console>...
Page 446
Chapter 30 Using the Flash File System Using the Flash File System Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 30-8 78-12647-02...
C H A P T E R Working with Configuration Files This chapter describes how to work with switch configuration files on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 31 Working with Configuration Files Creating a Configuration File If passwords already exist, you cannot enter the set password and set enablepass commands because the password verification will fail. If you enter passwords in the configuration file, the switch mistakenly attempts to execute the passwords as commands as it executes the file. Some commands must be followed by a blank line in the configuration file.
Chapter 31 Working with Configuration Files Copying Configuration Files Using TFTP To configure switch using a configuration file stored on a Flash device in the Flash file system, follow these steps: Log into the switch through the console port or a Telnet session. Step 1 Locate the configuration file using the cd and dir commands (for more information, see Chapter 30,...
Page 450
Chapter 31 Working with Configuration Files Copying Configuration Files Using TFTP Preparing to Download a Configuration File Using TFTP Before you begin downloading a configuration file using TFTP, do the following: Ensure that the workstation acting as the TFTP server is configured properly. •...
Chapter 31 Working with Configuration Files Copying Configuration Files Using TFTP Uploading Configuration Files to a TFTP Server These sections describe how to upload the running configuration or a configuration file stored on a Flash device to a TFTP server: •...
Chapter 31 Working with Configuration Files Copying Configuration Files Using rcp Copying Configuration Files Using rcp Remote copy protocol (rcp) provides another method of downloading, uploading, and copying configuration files between remote hosts and the switch. rcp uses Transmission Control Protocol (TCP), which is a connection-oriented protocol;...
Chapter 31 Working with Configuration Files Copying Configuration Files Using rcp This example shows how to configure a switch using a configuration file downloaded from an rcp server: Console> (enable) copy rcp config IP address or name of remote host []? 172.20.52.3 Name of file to copy from []? dns-config.cfg Configure using rcp:dns-config.cfg (y/n) [n]? y Finished network download.
Chapter 31 Working with Configuration Files Clearing the Configuration This example shows how to upload the running configuration on a switch, to an rcp server for storage: Console> (enable) copy config rcp IP address or name of remote host []? 172.20.52.3 Name of file to copy to []? cat4000_config.cfg Upload configuration to rcp:cat4000_config.cfg, (y/n) [n]? y ..
Page 455
Chapter 31 Working with Configuration Files Clearing the Configuration This example shows how to clear the configuration on a specific module: Console> (enable) clear config 2 This command will clear module 2 configuration. Do you want to continue (y/n) [n]? y ......
Page 456
Chapter 31 Working with Configuration Files Clearing the Configuration Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 31-10 78-12647-02...
C H A P T E R Configuring Switch Acceleration This chapter describes the Backplane Channel module and the switch acceleration feature supported on the Catalyst 4000 family supervisor engine. This chapter consists of these sections: • Understanding Switch Acceleration, page 32-1 Configuring Switch Acceleration, page 32-3 •...
Chapter 32 Configuring Switch Acceleration Understanding Switch Acceleration Switch Acceleration Configuration Modes Switch acceleration is supported in different configuration modes. The Supervisor Engine II supports a mesh configuration with no uplink connections. With the Backplane Channel module installed, two additional modes are supported. Figure 32-1 shows the possible configurations.
Chapter 32 Configuring Switch Acceleration Configuring Switch Acceleration Configuring Switch Acceleration By default, switch acceleration is disabled on the Supervisor Engine II. Before you enable switch acceleration, you need to disable the two front-panel Gigabit Ethernet uplink ports on Supervisor Engine II. To enable switch acceleration, perform this task in privileged mode: Task Command...
Chapter 32 Configuring Switch Acceleration Backplane Channel Module The Backplane Channel module provides the following benefits in the default configuration mode: • Full-mesh connection between all three switch engines • Multilink load balancing between SE1 and SE2 and between SE2 and SE3 •...
C H A P T E R Configuring System Message Logging This chapter describes how to configure system message logging on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Page 462
Chapter 33 Configuring System Message Logging Understanding How System Message Logging Works Table 33-1 System Message Log Facilities Facility Name Definition Cisco Discovery Protocol Dynamic Trunking Protocol drip Dual Ring Protocol dvlan Dynamic VLAN earl Enhanced Address Recognition Logic fddi...
Chapter 33 Configuring System Message Logging Default System Message Logging Configuration Default System Message Logging Configuration Table 33-4 describes the default system message logging configuration. Table 33-4 Default System Message Logging Configuration Configuration Parameter Default Setting System message logging to the console Enabled System message logging to Telnet sessions Enabled...
Chapter 33 Configuring System Message Logging Configuring System Message Logging When you disable or enable logging to console sessions, the enable state is applied to all future console sessions. For example, if you disable logging to the console, disconnect from the console port, and later reconnect, logging is still disabled for the console.
Chapter 33 Configuring System Message Logging Configuring System Message Logging To change the system message logging severity level setting for a logging facility, perform this task in privileged mode: Task Command Step 1 Set the severity level for logging facilities. set logging level {all | facility} severity [default] Step 2 Verify the system message logging configuration.
Chapter 33 Configuring System Message Logging Configuring System Message Logging Configuring the syslog Daemon on a UNIX syslog Server Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on a UNIX server. Log in as root, and perform these steps: Add a line such as the following to the file /etc/syslog.conf: Step 1 myfile.log...
Chapter 33 Configuring System Message Logging Configuring System Message Logging This example shows how to specify a syslog server, set the facility and severity levels, and enable logging to the server: Console> (enable) set logging server 10.10.10.100 10.10.10.100 added to System logging server table. Console>...
Chapter 33 Configuring System Message Logging Configuring System Message Logging This example shows how to display the current system message logging configuration: Console> (enable) show logging Logging buffer size: timestamp option: disabled Logging history size: Logging console: enabled Logging server: enabled {syslog.bigcorp.com} server facility:...
Page 470
Chapter 33 Configuring System Message Logging Configuring System Message Logging To display the messages in the switch logging buffer, perform one of these tasks: Task Command Display the first number_of_messages messages show logging buffer [number_of_messages] in the buffer. Display the last number_of_messages messages in show logging buffer -[number_of_messages] the buffer.
C H A P T E R Configuring DNS This chapter describes how to configure the Domain Name System (DNS) on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Chapter 34 Configuring DNS Configuring DNS Configuring DNS The following sections describe how to configure DNS: • Setting Up and Enabling DNS, page 34-2 Clearing a DNS Server, page 34-3 • Clearing the DNS Domain Name, page 34-3 • Disabling DNS, page 34-3 •...
Chapter 34 Configuring DNS Configuring DNS Clearing a DNS Server To clear DNS servers from the DNS server table, perform this task in privileged mode: Task Command Step 1 Remove one or all of the DNS servers from the clear ip dns server [ip_addr | all] table.
Page 474
Chapter 34 Configuring DNS Configuring DNS Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 34-4 78-12647-02...
C H A P T E R Configuring NTP This chapter describes how to configure the Network Time Protocol (NTP) on the Catalyst enterprise LAN switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that you obtain the time service for your network from the public NTP servers available on the IP Internet.
Chapter 35 Configuring NTP Configuring NTP Configuring NTP in Broadcast-Client Mode Configure the switch in NTP broadcast-client mode if an NTP broadcast server, such as a router, regularly broadcasts time-of-day information on the network. To compensate for any server-to-client packet latency, you can specify an NTP broadcast delay (a time adjustment factor for the receiving of broadcast packets by the switch).
Chapter 35 Configuring NTP Configuring NTP This example shows how to configure the NTP server address, enable NTP client mode on the switch, and verify the configuration: Console> (enable) set ntp server 172.20.52.65 NTP server 172.20.52.65 added. Console> (enable) set ntp client enable NTP Client mode enabled Console>...
Chapter 35 Configuring NTP Configuring NTP This example shows how to configure the NTP server address, enable NTP client and authentication modes on the switch, and verify the configuration: Console> (enable) set ntp server 172.20.52.65 key 879 NTP server 172.20.52.65 with key 879 added. Console>...
Page 480
Chapter 35 Configuring NTP Configuring NTP To enable the daylight saving time clock adjustment following the U.S. rules, perform this task in privileged mode: Task Command Step 1 Enable the daylight saving time clock adjustment. set summertime enable [zone_name] set summertime recurring Step 2 Verify the configuration.
Chapter 35 Configuring NTP Configuring NTP Offset: 1440 minutes (1 day) Recurring: no Console> (enable) Disabling the Daylight Saving Time Adjustment To disable the daylight saving time clock adjustment, perform this task in privileged mode: Task Command Step 1 Disable the daylight saving time clock set summertime disable [zone_name] adjustment.
Chapter 35 Configuring NTP Configuring NTP Disabling NTP To disable NTP broadcast-client mode on the switch, perform this task in privileged mode: Task Command Step 1 Disable NTP broadcast-client mode. set ntp broadcastclient disable Step 2 Verify the NTP configuration. show ntp [noalias] This example shows how to disable NTP client mode on the switch: Console>...
A P P E N D I X Acronyms This appendix defines the acronyms used in this publication. ATM adaptation layer access control entry add-drop multiplexer Authority and Format Identifier active monitor present automated packet recognition/translation APaRT Address Resolution Protocol ATM switch processor Asynchronous Transfer Mode Bridge Protocol Data Unit...
Appendix A Acronyms content-addressable memory column address strobe constant bit rate Copper Data Distributed Interface CDDI Cisco Discovery Protocol Cisco Group Management Protocol CGMP command-line interface Common Open Policy Service COPS class of service Cyclic Redundancy Check Concentrator Relay Function...
Page 487
Appendix A Acronyms Enhanced Address Recognition Logic EARL European Computer Manufacturers Association ECMA electrically erasable programmable read-only memory EEPROM Electronic Industries Association emulated local area network ELAN end-system identifier frame check sequence FDDI Fiber Distributed Data Interface full duplex Fast Simple Server Redundancy Protocol FSSRP foil twisted-pair General Attribute Registration Protocol...
Page 488
Appendix A Acronyms International Code Designator Internet Control Message Protocol ICMP Initial Domain Part Internet Group Management Protocol IGMP Integrated Local Management Interface ILMI initial microprogram load IMPL Internet Protocol interprocessor communication Internetwork Packet Exchange Inter-Switch Link International Organization of Standardization Key Distribution Center local area network LAN Emulation...
Page 489
Appendix A Acronyms LAN emulation server logical link control Media Access Control Manufacturing Automation Protocol maximum burst size Master Communication Processor Management Information Base media-independent interface multilayer switching Multilayer Switching Protocol MLSP multilayer switching-route processor MLS-RP multi-mode Maintenance Operation Protocol message-of-the-day MOTD Multiprotocol over ATM client...
Page 490
Appendix A Acronyms NetFlow Feature Card NFFC Enhanced NetFlow Feature Card NFFC II Netflow LAN Switching NFLS Next Hop Client Next Hop Resolution Protocol NHRP Next Hop Server Network Management Processor Network-Network Interface network service access point NSAP Network Time Protocol nonvolatile ram NVRAM operation, administration, and maintenance...
Page 491
Appendix A Acronyms physical layer convergence procedure PLCP physical layer interface module PLIM Point-to-Point Protocol permanent virtual circuit (or permanent virtual connection in ATM terminology) quality of service Remote Authentication Dial-In User Service RADIUS row address strobe RAS-to-CAS delay Remote Copy Protocol Router Group Management Protocol RGMP routing information field...
Page 492
Appendix A Acronyms Serial Control Protocol sustainable cell rate Session Description Protocol search engine Serial Line Internet Protocol SLIP single-mode standby monitor present station management System Network Architecture Subnetwork Access Protocol SNAP Simple Network Management Protocol SNMP Switched Port Analyzer SPAN source-route bridging source-route transparent bridging...
Page 493
Appendix A Acronyms type of service Token Ring Bridge Relay Function TrBRF Token Ring Concentrator Relay Function TrCRF token rotation timer time to live teletype universal asynchronous receiver/transmitter UART unspecified bit rate Unidirectional Link Detection Protocol UDLD User Datagram Protocol User-Network Interface Coordinated Universal Time Variable Bit Rate...
Page 494
Appendix A Acronyms VLAN Query Protocol VLAN Trunk Protocol Weighted Random Early Detect WRED Weighted Round Robin Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 A-10 78-12647-02...
I N D E X aliases Numerics See command aliases; IP aliases 10/100 port speed, setting aliases, command 802.1Q example 11-8, 11-18 configuring entries 26-7 mapping VLANs to ISL 10-5 attempts, limiting telnet 27-12 overview 11-1 audience xxiii restrictions 11-4 authentication supported switches (table) 11-4...
Page 496
26-9 MAC addresses Cisco Discovery Protocol 7-12 PVST+ See CDP 7-14 bridge protocol data units Cisco Group Management Protocol See BPDUs See CGMP CiscoWorks2000 23-13 classification frames 14-3 Classless InterDomain Routing Catalyst 2948G switches, overview (table)
Page 497
Index designating VLANs establishing connections help monitoring user sessions 19-7 history substitution SLIP and operating system message logging settings 33-5 clock, setting 26-4 conventions, document xxvi command aliases creating configuring default switch values 26-5 14-5 using drop thresholds command line interface mapping 14-6 See CLI...
Page 498
CoS mapping 14-6 default configuration transmit queue 14-3 displaying PAgP statistics 6-11 displaying statistics 6-10 non-Cisco devices and 11-3 EtherChannel IDs overview 11-2 example configuration 11-8 duplex mode frame distribution Fast Ethernet hardware support Dynamic Host Configuration Protocol...
Page 499
Index See protocol filtering forward delay timer 7-30 setting port duplex frame classification setting port name overview 14-3 setting port priority frame distribution, EtherChannel setting port speed examples, general conventions xxvi GARP Multicast Registration Protocol See GMRP Fast EtherChannel GARP timers example 6-11 setting...
Page 500
Index software requirements images 15-9 viewing statistics 15-14 See software images; system images GVRP in-band (sc0) interface clearing statistics See sc0 interface 13-8 configuring registration 13-5 inferior BPDUs, BackboneFast and 8-11 disabling interfaces 13-8 enabling me1 (out-of-band management) 13-3 3-4, 3-6 registration 13-5 sc0 (in-band)
Page 501
Index overview 15-1 router ports and 15-16 Layer 2 traceroute See also multicast groups; multicast routers utility 19-10 IP permit list leave processing, CGMP adding addresses 17-2 disabling 15-8 clearing entries 17-4 enabling 15-5 default configuration 17-2 limiting telnet attempts 27-12 disabling 17-4...
Page 502
Index configuring Ethernet 4-1, 18-1 configuring Fast Ethernet 4-1, 6-1, 18-1 MAC addresses configuring Gigabit Ethernet allocating 7-12 configuring supervisor engine blocking 16-1 designating on command-line bridge identifiers 7-12 Ethernet designating configuring port security and 16-1 Gigabit Ethernet management interfaces configuring overview modules, switch fabric accelerator...
Page 503
Index NFFC/NFFC II passwords IGMP snooping and 15-4 recovering lost 27-16 protocol filtering and setting enable 18-1 27-15 permit lists SPAN, configuring 25-1 See IP permit lists normal mode, switch CLI ping executing 19-9 clearing time zone 35-7 overview 19-8 configuring broadcast-client mode 35-3 testing connectivity...
Page 504
Index port security prompt clearing MAC addresses 16-5 configuring 26-2 configuration guidelines overview 16-3 26-1 configuring protocol filtering 16-1 to 16-9 specifying age time 16-5 configuring 18-3 specifying secure MAC addresses default configuration 16-4 18-2 specifying security violation action overview 16-6 18-1 specifying shutdown time...
Page 505
Index Quality of Service Remote Copy Protocol See QoS See rcp Remote Monitoring See RMON Remote Switched Port Analyzer See RSPAN RADIUS report, system status 26-16 configuration guidelines 27-59 Reverse Address Resolution Protocol overview 27-56, 27-58 See RARP RADIUS accounting RMON accounting events 27-56...
Page 506
Index running configuration software images downloading via rcp 31-6 downloading using rcp 29-6 downloading using TFTP 29-2 supervisor engine, description uploading to rcp server 29-9 uploading to TFTP server 29-5 sc0 interface SPAN assigning IP address configuration guidelines 25-5 configuring configuring 25-6 DHCP and...
Page 507
Index Switched Port Analyzer BPDUs and See SPAN forward delay timer switch management interfaces 7-31 hello time See me1 interface; sc0 interface; sl0 interface 7-31 MAC address allocation 7-12 switch TopN reports maximum age timer background option 7-31 21-2 overview foreground execution 21-2, 21-3 PortFast, configuring...