Download Print this page

Cisco Catalyst 2950 Software Configuration Manual

Cisco Catalyst 2950 Software Configuration Manual

Hide thumbs Also See for Catalyst 2950:

Configuration manual (710 pages)

,

Command reference manual (686 pages)

,

Software configuration manual (544 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Manual

Catalyst 2950 and Catalyst 2955 Switch

Software Configuration Guide

Cisco IOS Release 12.1(22)EA5

July 2005

Corporate Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

Customer Order Number: DOC-7811380=

Text Part Number: 78-11380-12

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the Catalyst 2950 and is the answer not in the manual?

Questions and answers

Summary of Contents for Cisco Catalyst 2950

Page 1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide Cisco IOS Release 12.1(22)EA5 July 2005 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7811380=...
Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the...
Page 3 Manageability Redundancy VLAN Support Security Quality of Service and Class of Service Monitoring LRE Features (available only on Catalyst 2950 LRE switches) Management Options Management Interface Options Advantages of Using Network Assistant and Clustering Switches 1-10 Network Configuration Examples 1-11...
Page 4: Table Of Contents
Configuring Catalyst 2955 Switch Alarms Default Catalyst 2955 Switch Alarm Configuration Configuring the Power Supply Alarm Setting the Power Mode Setting the Power Supply Alarm Options Configuring the Switch Temperature Alarms Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 5 Booting Manually 4-13 Booting a Specific Software Image 4-13 Controlling Environment Variables 4-14 Scheduling a Reload of the Software Image 4-16 Configuring a Scheduled Reload 4-16 Displaying Scheduled Reload Information 4-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 6 Using SNMP to Manage Switch Clusters Administering the Switch C H A P T E R Managing the System Time and Date Understanding the System Clock Understanding Network Time Protocol Configuring NTP Default NTP Configuration Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 7 C H A P T E R Preventing Unauthorized Access to Your Switch Protecting Access to Privileged EXEC Commands Default Password and Privilege Level Configuration Setting or Changing a Static Enable Password Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 8 Configuring the Switch for Local Authentication and Authorization 8-32 Configuring the Switch for Secure Shell 8-33 Understanding SSH 8-33 SSH Servers, Integrated Clients, and Supported Versions 8-33 Limitations 8-34 Configuring SSH 8-34 Configuration Guidelines 8-34 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide viii 78-11380-12...
Page 9 Configuring a Guest VLAN 9-21 Resetting the IEEE 802.1x Configuration to the Default Values 9-22 Configuring IEEE 802.1x Authentication 9-23 Configuring IEEE 802.1x Accounting 9-24 Displaying IEEE 802.1x Statistics and Status 9-25 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 10 Configuring Smartports Macros 11-2 Default Smartports Macro Configuration 11-2 Smartports Macro Configuration Guidelines 11-3 Creating Smartports Macros 11-4 Applying Smartports Macros 11-5 Applying Cisco-Default Smartports Macros 11-6 Displaying Smartports Macros 11-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 11 Guidelines for Using LRE Profiles 12-10 CPE Ethernet Link Guidelines 12-11 Guidelines for Configuring Cisco 575 LRE CPEs and 576 LRE 997 CPEs 12-11 Guidelines for Configuring Cisco 585 LRE CPEs 12-12 Assigning a Global Profile to All LRE Ports...
Page 12 Configuring the Forwarding-Delay Time for a VLAN 13-22 Configuring the Maximum-Aging Time for a VLAN 13-22 Configuring Spanning Tree for Use in a Cascaded Stack 13-23 Displaying the Spanning-Tree Status 13-24 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 13 Configuring Optional Spanning-Tree Features 15-1 C H A P T E R Understanding Optional Spanning-Tree Features 15-1 Understanding Port Fast 15-2 Understanding BPDU Guard 15-2 Understanding BPDU Filtering 15-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xiii 78-11380-12...
Page 14 VLAN Configuration in VLAN Configuration Mode 16-6 Saving VLAN Configuration 16-7 Default Ethernet VLAN Configuration 16-7 Creating or Modifying an Ethernet VLAN 16-8 Deleting a VLAN 16-10 Assigning Static-Access Ports to a VLAN 16-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 15 Troubleshooting Dynamic Port VLAN Membership 16-30 VMPS Configuration Example 16-31 Configuring VTP 17-1 C H A P T E R Understanding VTP 17-1 The VTP Domain 17-2 VTP Modes 17-3 VTP Advertisements 17-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 16 Default Voice VLAN Configuration 18-2 Voice VLAN Configuration Guidelines 18-3 Configuring a Port to Connect to a Cisco 7960 IP Phone 18-3 Configuring Ports to Carry Voice Traffic in IEEE 802.1Q Frames 18-4 Configuring Ports to Carry Voice Traffic in IEEE 802.1p Priority-Tagged Frames...
Page 17 Using MVR in a Multicast Television Application 20-17 Configuring MVR 20-19 Default MVR Configuration 20-19 MVR Configuration Guidelines and Limitations 20-19 Configuring MVR Global Parameters 20-20 Configuring MVR Interfaces 20-21 Displaying MVR Information 20-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xvii 78-11380-12...
Page 18 Default UDLD Configuration 22-4 Configuration Guidelines 22-4 Enabling UDLD Globally 22-5 Enabling UDLD on an Interface 22-6 Resetting an Interface Shut Down by UDLD 22-6 Displaying UDLD Status 22-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xviii 78-11380-12...
Page 19 Removing Ports from an RSPAN Session 24-16 Displaying SPAN and RSPAN Status 24-17 Configuring RMON 25-1 C H A P T E R Understanding RMON 25-1 Configuring RMON 25-2 Default RMON Configuration 25-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 20 Configuring Community Strings 27-8 Configuring SNMP Groups and Users 27-9 Configuring SNMP Notifications 27-11 Setting the Agent Contact and Location Information 27-14 Limiting TFTP Servers Used Through SNMP 27-14 SNMP Examples 27-15 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 21 Basic QoS Model 29-4 Classification 29-5 Classification Based on QoS ACLs 29-5 Classification Based on Class Maps and Policy Maps 29-6 Policing and Marking 29-7 Mapping Tables 29-8 Queueing and Scheduling 29-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 22 QoS Configuration for the Existing Wiring Closet 29-40 QoS Configuration for the Intelligent Wiring Closet 29-41 Configuring EtherChannels 30-1 C H A P T E R Understanding EtherChannels 30-1 Understanding Port-Channel Interfaces 30-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xxii 78-11380-12...
Page 23 Using Recovery Procedures 31-1 Recovering from a Software Failure 31-2 Recovering from Lost or Forgotten Passwords on Non-LRE Catalyst 2950 Switches 31-2 Recovering from Lost or Forgotten Passwords on Catalyst 2950 LRE Switches 31-4 Password Recovery with Password Recovery Enabled...
Page 24 A P P E N D I X MIB List Using FTP to Access the MIB Files Working with the Cisco IOS File System, Configuration Files, and Software Images A P P E N D I X Working with the Flash File System...
Page 25 Working with Software Images B-19 Image Location on the Switch B-20 tar File Format of Images on a Server or Cisco.com B-20 Copying Image Files By Using TFTP B-21 Preparing to Download or Upload an Image File By Using TFTP...
Page 26 Contents Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xxvi 78-11380-12...
Page 27 This guide provides the information you need to configure software features on your switch. The Catalyst 2950 switch is supported by either the standard software image (SI) or the enhanced software image (EI). The Catalyst 2955 and Catalyst 2950 Long-Reach Ethernet (LRE) switches are supported only by the EI.
Page 28 This guide does not repeat the concepts and CLI procedures provided in the standard Cisco IOS Release 12.1 documentation. For information about the standard Cisco IOS Release 12.1 commands, see the Cisco IOS documentation set available from the Cisco.com home page at Service and Support >...
Page 29: Related Publications
These documents provide complete information about the switch and are available from this Cisco.com site: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/index.htm You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the “Obtaining Documentation” section on page Boilerplate Release Notes for the Catalyst 2950 and Catalyst 2955 Switches (not orderable but available on •...
Page 30: Product Documentation Dvd
Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available.
Page 31: Documentation Feedback
• Register to receive security information from Cisco. A current list of security advisories and notices for Cisco products is available at this URL: http://www.cisco.com/go/psirt If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL: http://www.cisco.com/en/US/products/products_psirt_rss_feed.html...
Page 32: Obtaining Technical Assistance
Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts &...
Page 33: Submitting A Service Request
Cisco engineer. The TAC Service Request Tool is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
Page 34 Preface Obtaining Additional Publications and Information Cisco Press publishes a wide range of general networking, training and certification titles. Both new • and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL: http://www.ciscopress.com...
Page 35 C H A P T E R Overview This chapter provides these topics about the Catalyst 2950 and Catalyst 2955 switch software: Features, page 1-1 • Management Options, page 1-9 • • Network Configuration Examples, page 1-11 Where to Go Next, page 1-24 •...
Page 36 Catalyst 2955T-12 1. SI = standard software image 2. EI = enhanced software image Certain Cisco Long-Reach Ethernet (LRE) customer premises equipment (CPE) devices are not supported by certain Catalyst 2950 LRE switches. In Table 1-2, Yes means that the CPE is supported by the switch;...
Page 37 – Note For the Network Assistant software requirements, and for more information about clustering, see the Getting Started with Cisco Network Assistant, available on Cisco.com. For clustering requirements, including supported Cisco IOS releases, see the release notes for this release.
Page 38 Unicast MAC address filtering to drop packets with specific source or destination MAC addresses • (available only with the EI) Cisco Discovery Protocol (CDP) versions 1 and 2 for network topology discovery and mapping • between the switch and other Cisco devices on the network Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external •...
Page 39 Spanning-Tree plus (rapid-PVST+), based on the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) for rapid convergence of the spanning tree by immediately transitioning root and designated ports to the forwarding state Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 40: Vlan Support
(IEEE 802.1Q) to be used • Voice VLAN for creating subnets for voice traffic from Cisco IP Phones • VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to be disabled on any individual VLAN trunk link.
Page 41 Support for IEEE 802.1p CoS scheduling for classification and preferential treatment of – high-priority voice traffic Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and – ensure port security. If the IP phone is not detected, disable the trusted setting on the port and prevent misuse of a high-priority queue.)
Page 42 Switch LRE ports and the Ethernet ports on remote LRE customer premises equipment (CPE) – devices, such as the Cisco 575 LRE CPE or the Cisco 585 LRE CPE – CPE Ethernet ports and remote Ethernet devices, such as a PC •...
Page 43: Management Options
You use it to can configure and to monitor a single switch through a web browser. For more information about the device manager, see the switch online help. Network Assistant—Network Assistant is a GUI that can be downloaded from Cisco.com. You use •...
Page 44 Using Network Assistant and switch clusters can simplify and minimize your configuration and monitoring tasks. You can use Cisco switch clustering technology to manage up to 16 interconnected and supported Catalyst switches through one IP address as if they were a single entity. This can conserve IP addresses if you have a limited number of them.
Page 45: Network Configuration Examples
Use a wizard that prompts you to provide the minimum required information to configure complex • features such as QoS priorities for video traffic, priority levels for data applications, and security. For more information about Network Assistant and clustering, see the Getting Started with Cisco Network Assistant, available on Cisco.com. Network Configuration Examples...
Page 46: Design Concepts For Using The Switch
802.1p or 802.1Q. A growing demand for using existing Use the Catalyst 2900 LRE XL or Catalyst 2950 LRE switches to • infrastructure to transport data and voice from provide up to 15 Mb of IP connectivity over existing infrastructure a home or office to the Internet or an intranet at (existing telephone lines).
Page 47 Cost-effective wiring closet—A cost-effective way to connect many users to the wiring closet is to • connect up to nine Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches through GigaStack GBIC connections. When you use a stack of Catalyst 2950G-48 switches, you can connect up to 432 users.
Page 48 Catalyst 3550-12T or Catalyst 3550-12T or Catalyst 3550-12G switch Catalyst 3550-12G switch 1-Gbps HSRP Redundant Gigabit Backbone Catalyst 2900 XL, Catalyst 2950, Catalyst 2955, Catalyst 3500 XL, and Catalyst 3550 cluster Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-14 78-11380-12...
Page 49: Small To Medium-Sized Network Configuration
It is required if numerous segments require access to the servers. The Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches in this network are connected through a GigaStack GBIC on each switch to form a 1-Gbps network backbone.
Page 50: Collapsed Backbone And Switch Cluster Configuration
Each 10/100 inline-power port on the Catalyst 3550-24PWR switches provides –48 VDC power to the Cisco IP Phone. The IP phone can receive redundant power when it is also connected to an AC power source. IP phones not connected to the Catalyst 3550-24PWR switches receive power from an AC power source.
Page 51: Hotel Network Configuration
200 rooms. This network includes a PBX switchboard, a router, and high-speed servers. Connected to the telephone line in each hotel room is an LRE CPE device, such as a Cisco LRE CPE device. The LRE CPE device provides: •...
Page 52 Cisco LRE 48 POTS Splitter. The splitter routes data (high-frequency) and voice (low-frequency) traffic from the telephone line to a Catalyst 2950 LRE switch and digital private branch exchange (PBX). The PBX routes voice traffic to the PSTN.
Page 53 LRE CPE Floor 3 Patch panel Cisco Catalyst 2950ST-8 LRE and LRE 48 2950ST-24 LRE switches POTS splitters Servers PSTN Catalyst 2950 or Cisco 2600 router Catalyst 3550 switch Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-19 78-11380-12...
Page 54: Service-Provider Central-Office Configuration
The Catalyst 2950ST-24 LRE 997 switches have DC-input power supply and are compliant with the VDSL 997 band plan. The Catalyst 2950 LRE switches are located in a central office and are connected to the Cisco 576 LRE 997 CPE devices located in different buildings. The switches also connect to a Cisco 7500 router.
Page 55: Large Campus Configuration
Server farm that includes a call-processing server running Cisco CallManager software. Cisco CallManager controls call processing, routing, and IP phone features and configuration. Cisco Access gateway (such as Cisco Access Digital Trunk Gateway or Cisco Access Analog Trunk • Gateway) that connects the IP network to the Public Switched Telephone Network (PSTN) or to users in an IP telephony network.
Page 56: Multidwelling Network Using Catalyst 2950 Switches
These switches are connected through 1000BASE-X GBIC ports. The resident switches can be Catalyst 2950 switches, providing customers with high-speed connections to the MAN. Catalyst 2900 LRE XL or 2950 LRE Layer 2-only switches also can be used as residential switches for customers requiring connectivity through existing telephone lines.
Page 57 Overview Network Configuration Examples All ports on the residential Catalyst 2950 and 2955 switches (and Catalyst LRE switches if they are included) are configured as 802.1Q trunks with protected port and STP root guard features enabled. The protected port feature provides security and isolation between ports on the switch, ensuring that subscribers cannot view packets destined for other subscribers.
Page 58: Long-Distance, High-Bandwidth Transport Configuration
The CWDM OADM modules on the receiving end separate (or demultiplex) the different wavelengths. For more information about the CWDM GBIC modules and CWDM OADM modules, see the Cisco CWDM GBIC and CWDM SFP Installation Note. Figure 1-8...
Page 59: Cisco Ios Command Modes
C H A P T E R Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) that you can use to configure your Catalyst 2950 and Catalyst 2955 switches. It contains these sections: Cisco IOS Command Modes, page 2-1 •...
Page 60 To exit to privileged Use this mode to configure Switch(vlan)# EXEC mode, enter EXEC mode, enter VLAN parameters for the vlan database exit. VLANs 1 to 1005 in the command. VLAN database. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 61: Getting Help
Complete a partial command name. For example: Switch# sh conf<tab> Switch# show configuration List all commands available for a particular command mode. For example: Switch> ? Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 62: Abbreviating Commands
However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 63: Understanding Cli Messages
Beginning in line configuration mode, enter this command to configure the number of command lines the switch records for all sessions on a particular line: Switch(config-line)# history size number-of-lines The range is from 0 to 256. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 64: Recalling Commands
Although enhanced editing mode is automatically enabled, you can disable it. To re-enable the enhanced editing mode for the current terminal session, enter this command in privileged EXEC mode: Switch# terminal editing Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 65: Editing Commands Through Keystrokes
Press Esc U. Capitalize letters from the cursor to the end of the word. Designate a particular keystroke as Press Ctrl-V or Esc Q. an executable command, perhaps as a shortcut. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 66: Editing Command Lines That Wrap
The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than that, use the terminal width privileged EXEC command to set the width of your terminal. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 67: Searching And Filtering Output Of Show And More Commands
8-33. The switch supports up to five simultaneous secure SSH sessions. After you connect through the console port, or through a Telnet session, or through an SSH session, the user EXEC prompt appears on the management station. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 68 Chapter 2 Using the Command-Line Interface Accessing the CLI Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 2-10 78-11380-12...
Page 69: Understanding Catalyst 2955 Switch Alarms
Configuring Catalyst 2955 Switch Alarms This section describes how to configure the different alarms for the Catalyst 2955 switch. The alarms described in this chapter are not available on the Catalyst 2950 switch. Note For complete syntax and usage information for the commands used in this chapter, see the switch command reference for this release.
Page 70: Global Status Monitoring Alarms
The FCS hysteresis threshold is applied to all ports on the Catalyst 2955 switch. The allowable range is from 1 to 10 percent. The default value is 10 percent. See the “Configuring the FCS Bit Error Rate Alarm” section on page 3-7 for more information. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 71: Port Status Monitoring Alarms
You can associate any alarm condition with either alarm relay or both relays. Each fault condition is assigned a severity level based on the Cisco IOS System Error Message Severity Level.
Page 72: Default Catalyst 2955 Switch Alarm Configuration
Disabled on all interfaces. Port not Forwarding Alarm Disabled on all interfaces. Port is not Operating Alarm Enabled on all interfaces. FCS Bit Error Rate Alarm Disabled on all interfaces. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 73: Configuring The Power Supply Alarm
Configure sending power supply alarm traps to a syslog server. Step 5 Return to privileged EXEC mode. Step 6 show alarm settings Verify the configuration. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 74: Configuring The Switch Temperature Alarms
Use the no alarm facility temperature secondary threshold global configuration command to disable the secondary temperature threshold alarm. This example disables the secondary temperature alarm. Switch(config) # no alarm facility temperature secondary 45 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 75: Associating The Temperature Alarms To A Relay
This section describes how to configure the FCS bit error rate alarm on your switch: • Setting the FCS Error Threshold, page 3-8 Setting the FCS Error Hysteresis Threshold, page 3-8 • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 76 For percentage, the range is 1 to 10. The default value is 10 percent. Step 3 Return to privileged EXEC mode. Step 4 show running config Verify the configuration. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 77: Configuring Alarm Profiles
Verify the configuration. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. To delete an alarm profile, use the no alarm profile name global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 78: Attaching An Alarm Profile To A Specific Port
To detach an alarm profile from a specific port, use the no alarm-profile name interface configuration command. This example attaches an alarm profile named fastE to a port. Switch(config)# interface fastethernet 0/2 Switch(config-if)# alarm profile fastE Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 3-10 78-11380-12...
Page 79: Enabling Snmp Traps
{all | power | temperature} Displays the status of environmental facilities on the Catalyst 2955 switch. show alarm status [critical | info | major | Displays generated alarms in the switch. minor] Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 3-11 78-11380-12...
Page 80 Chapter 3 Configuring Catalyst 2955 Switch Alarms Displaying Catalyst 2955 Switch Alarms Status Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 3-12 78-11380-12...
Page 81: Chapter 4 Assigning The Switch Ip Address And Default Gateway
This chapter describes how to create the initial switch configuration (for example, assign the switch IP address and default gateway information) for the Catalyst 2950 or Catalyst 2955 switch by using a variety of automatic and manual methods. It also describes how to modify the switch startup configuration only on the Catalyst 2950 Long-Reach Ethernet (LRE) switches.
Page 82: Assigning Switch Information
The Catalyst 2955 switches do not support Express Setup. Non-LRE Catalyst 2950 switches running a release prior to Cisco IOS Release 12.1(14)EA1 and Catalyst 2950 LRE switches running a release prior to Cisco IOS Release 12.1(19)EA1 do not support Express Setup.
Page 83: Default Switch Information
The DHCP server feature is only available on Catalyst 2955 switches. Note During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at startup with IP address information and a configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 84: Dhcp Client Request Process
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 85: Configuring Dhcp-Based Autoconfiguration
Example Configuration, page 4-9 • If your DHCP server is a Cisco device, or if you are configuring the switch as a DHCP server, see the “IP Addressing and Services” section in the Cisco IOS IP and IP Routing Configuration Guide for Cisco IOS Release 12.1 for additional information about configuring DHCP.
Page 86: Configuring The Dns
The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the configuration files for the switch. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 87: Configuring The Relay Device
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command.
Page 88: Obtaining Configuration Files
The switch broadcasts TFTP server requests if the TFTP server is not obtained from the DHCP replies, Note if all attempts to read the configuration file through unicast transmissions fail, or if the TFTP server name cannot be resolved to an IP address. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 89: Example Configuration
IP address. The base directory also contains a configuration file for each switch (switcha-confg, switchb-confg, and so forth) as shown in this display: prompt> cd /tftpserver/work/ prompt> ls network-confg switcha-confg Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 90: Manually Assigning Ip Information
When your switch is configured to route with IP, it does not need Note to have a default gateway set. Step 6 Return to privileged EXEC mode. Step 7 show interfaces vlan vlan-id Verify the configured IP address. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-10 78-11380-12...
Page 91: Checking And Saving The Running Configuration
Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software Images.” Modifying the Startup Configuration This section describes how to modify the switch startup configuration only on a Catalyst 2950 LRE switch. It contains this configuration information: Default Boot Configuration, page 4-12 •...
Page 92: Default Boot Configuration
Specifying the Filename to Read and Write the System Configuration By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename that will be loaded during the next boot cycle.
Page 93: Booting Manually
However, you can specify a specific image to boot. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-13 78-11380-12...
Page 94: Controlling Environment Variables
A variable that is set to a null string (for example, “ ”) is a variable with a value. Many environment variables are predefined and have default values. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-14...
Page 95 Cisco IOS configuration file can be stored as an environment variable. You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. It is not necessary to alter the setting of the environment variables.
Page 96: Scheduling A Reload Of The Software Image
(if the specified time is later than the current time) or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-16...
Page 97: Displaying Scheduled Reload Information
EXEC command. It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-17 78-11380-12...
Page 98 Chapter 4 Assigning the Switch IP Address and Default Gateway Scheduling a Reload of the Software Image Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-18 78-11380-12...
Page 99: Chapter 5 Configuring Ie2100 Cns Agents
This chapter describes how to configure the Intelligence Engine 2100 (IE2100) Series Cisco Networking Services (CNS) embedded agents on your Catalyst 2950 or Catalyst 2955 switch. To use the feature described in this chapter, you must have the enhanced software image (EI) installed on your switch.
Page 100: Cns Configuration Service
The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 101: Cns Event Service
ID or group ID, and event. Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate events by using any desired naming convention.
Page 102: Deviceid
Configuration Registrar. The origin of the deviceID is defined by the Cisco IOS host name of the switch. However, the deviceID variable and its usage reside within the event gateway, which is adjacent to the switch.
Page 103: Understanding Cns Embedded Agents
DHCP-based autoconfiguration. Figure 5-2 Initial Configuration Overview TFTP server IE2100 Configuration Registrar DHCP server DHCP relay agent Distribution layer default gateway Access layer switches Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 104: Incremental (Partial) Configuration
NVRAM for use at the next reboot. Configuring CNS Embedded Agents The CNS agents embedded in the switch Cisco IOS software allow the switch to be connected and automatically configured as described in the “Enabling Automated CNS Configuration” section on page 5-6.
Page 105 For more information about running the setup program and creating templates on the Configuration Note Registrar, see the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 106: Enabling The Cns Event Agent
This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set 120 seconds as the keepalive interval, and set 10 as the retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 107: Enabling The Cns Configuration Agent
0.0.0.0 0.0.0.0 & command ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 Step 4 exit Return to global configuration mode. Step 5 hostname name Enter the host name for the switch. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 108 ID, enter hostname (the default) to select the switch host name as the unique ID, or enter an arbitrary text string for string string as the unique ID. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 5-10 78-11380-12...
Page 109 Switch(config-cns-conn-if)# config-cli no keepalive Switch(config-cns-conn-if)# config-cli no shutdown Switch(config-cns-conn-if)# exit Switch(config)# hostname RemoteSwitch RemoteSwitch(config)# ip route 10.1.1.1 255.255.255.255 11.11.11.1 RemoteSwitch(config)# cns id Ethernet 0 ipaddress RemoteSwitch(config)# cns config initial 10.1.1.1 no-persist Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 5-11 78-11380-12...
Page 110: Enabling A Partial Configuration
Displays the status of the CNS event agent connections. show cns event stats Displays statistics about the CNS event agent. show cns event subject Displays a list of event agent subjects that are subscribed to by applications. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 5-12 78-11380-12...
Page 111: Understanding Switch Clusters
(CLI), or SNMP. Configuring switch clusters is more easily done from Network Assistant than through the CLI or SNMP. For complete procedures about using Network Assistant to configure switch clusters, see Getting Started with Cisco Network Assistant, available on Cisco.com. For the CLI cluster commands, see the switch command reference.
Page 112: Cluster Command Switch Characteristics
VLAN and to the member switches through a common VLAN. If a non-LRE Catalyst 2950 command switch is running Cisco IOS Release 12.1(9)EA1 or later, it • is connected to the standby command switches through the management VLAN and to the member switches through a common VLAN.
Page 113: Candidate Switch And Member Switch Characteristics
• or later, it is connected to the command switch through at least one common VLAN. If a non-LRE Catalyst 2950 member or candidate switch is running a release earlier than Cisco IOS • Release 12.1(9)EA1, it is connected to the command switch through the command-switch management VLAN.
Page 114: Using The Cli To Manage Switch Clusters
SNMP was not enabled, you can enable it as described in the “Configuring SNMP” section on page 27-6. On Catalyst 1900 and Catalyst 2820 switches, SNMP is enabled by default. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 115 For more information about SNMP and community strings, see Chapter 27, “Configuring SNMP.” Figure 6-1 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Member 1 Member 2 Member 3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 116 Chapter 6 Clustering Switches Using SNMP to Manage Switch Clusters Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 117: Managing The System Time And Date
You can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Configuration Fundamentals Command Reference for Cisco IOS, Release 12.1.
Page 118: Understanding Network Time Protocol
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 119: Configuring Ntp
Switch F Workstations If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as though it is synchronized through NTP, when in fact it has determined the time by using other means. Other devices then synchronize to that device through NTP.
Page 120: Default Ntp Configuration
The switch does not synchronize to a device unless both have one of these authentication keys, and the key number is specified by the ntp trusted-key key-number command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 121: Configuring Ntp Associations
(meaning that only this switch synchronizes to the other device, and not the other way around). Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 122: Configuring Ntp Broadcast Service
However, in a LAN environment, NTP can be configured to use IP broadcast messages instead. This alternative reduces configuration complexity because each device can simply be configured to send or receive broadcast messages. However, the information flow is one-way only. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 123 Step 3 ntp broadcast client Enable the interface to receive NTP broadcast packets. By default, no interfaces receive NTP broadcast packets. Step 4 exit Return to global configuration mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 124: Configuring Ntp Access Restrictions
NTP control queries and allows the • switch to synchronize to the remote device. For access-list-number, enter a standard IP access list number from 1 to 99. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 125 99. However, the switch restricts access to allow only time requests from access list 42: Switch# configure terminal Switch(config)# ntp access-group peer 99 Switch(config)# ntp access-group serve-only 42 Switch(config)# access-list 99 permit 172.20.130.5 Switch(config)# access list 42 permit 172.20.130.6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 126: Configuring The Source Ip Address For Ntp Packets
“Configuring NTP Associations” section on page 7-5. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-10 78-11380-12...
Page 127: Displaying The Ntp Configuration
• show ntp status • For detailed information about the fields in these displays, see the Cisco IOS Configuration Fundamentals Command Reference for Cisco IOS, Release 12.1. Configuring Time and Date Manually If no other source of time is available, you can manually configure the time and date after the system is restarted.
Page 128: Displaying The Time And Date Configuration
Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and .5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-12 78-11380-12...
Page 129: Configuring Summer Time (Daylight Saving Time)
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-13 78-11380-12...
Page 130: Configuring A System Name And Prompt
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference for Cisco IOS Release 12.1 and the Cisco IOS IP and IP Routing Command Reference for Cisco IOS Release 12.1.
Page 131: Default System Name And Prompt Configuration
Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
Page 132: Default Dns Configuration
Internet naming scheme (DNS). Step 5 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-16 78-11380-12...
Page 133: Displaying The Dns Configuration
The login banner also displays on all connected terminals. It appears after the MOTD banner and before the login prompts. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Configuration Fundamentals Command Reference for Cisco IOS, Release 12.1.
Page 134: Configuring A Message-Of-The-Day Login Banner
Unix> telnet 172.2.5.4 Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-18 78-11380-12...
Page 135: Configuring A Login Banner
The address table lists the destination MAC address, the associated VLAN ID, and port number associated with the address. For complete syntax and usage information for the commands used in this section, see the command Note reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-19 78-11380-12...
Page 136: Building The Address Table
VLAN. Addresses that are statically entered in one VLAN must be configured as static addresses in all other VLANs or remain unlearned in the other VLANs. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-20 78-11380-12...
Page 137: Default Mac Address Table Configuration
(clear mac address-table dynamic interface interface-id), or remove all addresses on a specified VLAN (clear mac address-table dynamic vlan vlan-id). Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-21 78-11380-12...
Page 138: Configuring Mac Address Notification Traps
Step 3 snmp-server enable traps mac-notification Enable the switch to send MAC address traps to the NMS. Step 4 mac address-table notification Enable the MAC address notification feature. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-22 78-11380-12...
Page 139 Switch(config)# interface fastethernet0/4 Switch(config-if)# snmp trap mac-notification added You can verify the previous commands by entering the show mac address-table notification interface and the show mac address-table notification privileged EXEC commands. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-23 78-11380-12...
Page 140: Adding And Removing Static Address Entries
(Optional) Save your entries in the configuration file. To remove static entries from the address table, use the no mac address-table static mac-addr vlan vlan-id [interface interface-id] global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-24 78-11380-12...
Page 141: Configuring Unicast Mac Address Filtering
For vlan-id, specify the VLAN for which the packet with the specified MAC address is received. Valid VLAN IDs are 1 to 4094. Step 3 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 7-25 78-11380-12...
Page 142: Displaying Address Table Entries
(represented by the arpa keyword) is enabled on the IP interface. ARP entries added manually to the table do not age and must be manually removed. For CLI procedures, see the Cisco IOS Release 12.1 documentation on Cisco.com. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide...
Page 143: Chapter 8 Configuring Switch-Based Authentication
C H A P T E R Configuring Switch-Based Authentication This chapter describes how to configure switch-based authentication on the Catalyst 2950 or Catalyst 2955 switch. This chapter consists of these sections: Preventing Unauthorized Access to Your Switch, page 8-1 •...
Page 144: Protecting Access To Privileged Exec Commands
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Security Command Reference for Cisco IOS Release 12.1.
Page 145: Setting Or Changing A Static Enable Password
This example shows how to change the enable password to l1u2c3k4y5. The password is not encrypted and provides access to level 15 (traditional privileged EXEC mode access): Switch(config)# enable password l1u2c3k4y5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 146: Protecting Enable And Enable Secret Passwords With Encryption
Encryption prevents the password from being readable in the configuration file. Step 4 Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 147: Disabling Password Recovery
Switch(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8 Disabling Password Recovery By default, any end user with physical access to the Catalyst 2950 Long-Reach Ethernet (LRE) switch can recover from a lost password by interrupting the boot process while the switch is powering on and then by entering a new password.
Page 148: Setting A Telnet Password For A Terminal Line
For password, specify a string from 1 to 25 alphanumeric characters. The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. Step 6 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 149: Configuring Username And Password Pairs
Step 2. Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 150: Configuring Multiple Privilege Levels
The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. Step 4 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 151: Changing The Default Privilege Level For Lines
You might specify a high level or privilege level for your console line to restrict line usage. To return to the default line privilege level, use the no privilege level line configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 152: Logging Into And Exiting A Privilege Level
TACACS+ is facilitated through authentication, authorization, accounting (AAA) and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference for Cisco IOS Release 12.1.
Page 153 TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-11 78-11380-12...
Page 154: Tacacs+ Operation
This process continues until there is successful communication with a listed method or the method list is exhausted. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-12 78-11380-12...
Page 155: Default Tacacs+ Configuration
TACACS+ daemon. You must configure the same key on the TACACS+ daemon for encryption to be successful. Step 3 aaa new-model Enable AAA. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-13 78-11380-12...
Page 156: Configuring Tacacs+ Login Authentication
If authentication fails at any point in this cycle—meaning that the security server or local username database responds by denying the user access—the authentication process stops, and no other authentication methods are attempted. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-14 78-11380-12...
Page 157 Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-15 78-11380-12...
Page 158: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services
Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-16 78-11380-12...
Page 159: Starting Tacacs+ Accounting
RADIUS is facilitated through AAA and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference for Cisco IOS Release 12.1.
Page 160: Understanding Radius
Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. • RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. Networks using a variety of services. RADIUS generally binds a user to one service model.
Page 161: Radius Operation
RADIUS authorization, if it is enabled. The additional data included with the ACCEPT or REJECT packets includes these items: Telnet, SSH, rlogin, or privileged EXEC services • • Connection parameters, including the host or client IP address, access list, and user timeouts Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-19 78-11380-12...
Page 162: Configuring Radius
Identifying the RADIUS Server Host Switch-to-RADIUS-server communication involves several components: • Host name or IP address Authentication destination port • Accounting destination port • Key string • Timeout period • Retransmission value • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-20 78-11380-12...
Page 163 You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 8-25. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-21 78-11380-12...
Page 164 Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-22 78-11380-12...
Page 165: Configuring Radius Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-23 78-11380-12...
Page 166 Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-24 78-11380-12...
Page 167: Defining Aaa Server Groups
You use the server group server configuration command to associate a particular server with a defined group server. You can either identify the server by its IP address or identify multiple host instances or entries by using the optional auth-port and acct-port keywords. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-25 78-11380-12...
Page 168 Repeat this step for each RADIUS server in the AAA server group. Each server in the group must be previously defined in Step 2. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-26 78-11380-12...
Page 169: Configuring Radius Authorization For User Privileged Access And Network Services
Use the local database if authentication was not performed by using RADIUS. • Authorization is bypassed for authenticated users who log in through the CLI even if authorization has Note been configured. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-27 78-11380-12...
Page 170: Starting Radius Accounting
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
Page 171: Configuring Settings For All Radius Servers
1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes.
Page 172: Configuring The Switch For Vendor-Proprietary Radius Server Communication
Chapter 8 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS For example, this AV pair activates Cisco’s multiple named ip address pools feature during IP authorization (during PPP’s IPCP address assignment): cisco-avpair= ”ip:addr-pool=first“ This example shows how to provide a user logging in from a switch with immediate access to privileged EXEC commands: cisco-avpair= ”shell:priv-lvl=15“...
Page 173: Displaying The Radius Configuration
Switch(config)# radius-server host 172.20.30.15 nonstandard Switch(config)# radius-server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration, use the show running-config privileged EXEC command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-31 78-11380-12...
Page 174: Configuring The Switch For Local Authentication And Authorization
(Optional) Save your entries in the configuration file. To disable AAA, use the no aaa new-model global configuration command. To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-32 78-11380-12...
Page 175: Configuring The Switch For Secure Shell
You can use an SSH client to connect to a switch running the SSH server. The SSH server works with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH server supported in this release and with non-Cisco SSH servers.
Page 176: Limitations
IP domain name by using the ip domain-name global configuration command. When configuring the local authentication and authorization authentication method, make sure that • AAA is disabled on the console. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-34 78-11380-12...
Page 177: Cryptographic Software Image Guidelines
Setting Up the Switch to Run SSH Follow these steps to set up your switch to run SSH: Download the cryptographic software image from Cisco.com. This step is required. For more information, see the release notes for this release. Configure a host name and IP domain name for the switch. Follow this procedure only if you are configuring the switch as an SSH server.
Page 178: Configuring The Ssh Server
(Optional) Save your entries in the configuration file. To return to the default SSH control parameters, use the no ip ssh {timeout | authentication-retries} global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-36 78-11380-12...
Page 179: Displaying The Ssh Configuration And Status
Shows the status of the SSH server. For more information about these commands, see the “Secure Shell Commands” section in the “Other Security Features” chapter of the Cisco IOS Security Command Reference, Cisco IOS Release 12.2, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fothercr/ srfssh.htm.
Page 180 Chapter 8 Configuring Switch-Based Authentication Configuring the Switch for Secure Copy Protocol Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-38 78-11380-12...
Page 181 Configuring IEEE 802.1x Port-Based Authentication This chapter describes how to configure IEEE 802.1x port-based authentication on the Catalyst 2950 or Catalyst 2955 switch to prevent unauthorized devices (clients) from gaining access to the network. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the “RADIUS Commands”...
Page 182: Understanding Ieee 802.1X Port-Based Authentication
Authentication Protocol (EAP) extensions is the only supported authentication server. It is available in Cisco Secure Access Control Server Version 3.0 or later. RADIUS operates in a client/server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
Page 183: Authentication Initiation And Message Exchange
The specific exchange of EAP frames depends on the authentication method being used. Figure 9-2 shows a message exchange initiated by the client using the One-Time-Password (OTP) authentication method with a RADIUS server. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 184: Ports In Authorized And Unauthorized States
• the client to authenticate. The switch cannot provide authentication services to the client through the interface. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 185: Ieee 802.1X Accounting
RADIUS accounting packets are sent by a switch: START–sent when a new user session starts • • INTERIM–sent during an existing session for updates • STOP–sent when a session terminates Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 186: Ieee 802.1X Host Mode
You can view the AV pairs that are being sent by the switch by entering the debug radius accounting priveliged EXEC command. For more information about this command, see the Cisco IOS Debug Com- mand Reference, Release 12.2 at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122sup/122debug...
Page 187: Using Ieee 802.1X With Port Security
Port security and a voice VLAN can be configured simultaneously on an IEEE 802.1x port that is • in either single-host or multiple-hosts mode. Port security applies to both the voice VLAN identifier (VVID) and the port VLAN identifier (PVID). Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 188: Using Ieee 802.1X With Voice Vlan Ports
CDP message from the IP phone. Cisco IP phones do not relay CDP messages from other devices. As a result, if several Cisco IP phones are connected in series, the switch recognizes only the one directly connected to it. When IEEE 802.1x is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away.
Page 189: Using Ieee 802.1X With Guest Vlan
EAPOL request/identity frame or when EAPOL packets are not sent by the client. Before Cisco IOS Release 12.1(22)EA2, the switch did not maintain the EAPOL packet history and allowed clients that failed authentication access to the guest VLAN, regardless of whether EAPOL packets had been detected on the interface.
Page 190: Using Ieee 802.1X With Wake-On-Lan
When you configure a port as a bidirectional port by using the dot1x control-direction both interface configuration command, the port is access-controlled in both directions. In this state, the switch port does not receive or send packets. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-10 78-11380-12...
Page 191: Configuring Ieee 802.1X Authentication
Per-interface IEEE 802.1x enable state Disabled (force-authorized). The port sends and receives normal traffic without IEEE 802.1x-based authentication of the client. Periodic re-authentication Disabled. Number of seconds between 3600 seconds. re-authentication attempts Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-11 78-11380-12...
Page 192: Ieee 802.1X Configuration Guidelines
EtherChannel ports—Do not configure a port that is an active or a not-yet-active member of an – EtherChannel as an IEEE 802.1x port. If you try to enable IEEE 802.1x on an EtherChannel port, an error message appears, and IEEE 802.1x is not enabled. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-12 78-11380-12...
Page 193: Upgrading From A Previous Software Release
Some global configuration commands became interface configuration commands, and new commands were added. If you have IEEE 802.1x configured on the switch and you upgrade to Cisco IOS Release 12.1(14)EA1 or later, the configuration file will not contain the new commands, and IEEE 802.1x will not operate.
Page 194: Enabling Ieee 802.1X Authentication
An enabled status means the port-control value is set either to auto or to force-unauthorized. Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-14 78-11380-12...
Page 195: Configuring The Switch-To-Radius-Server Communication
This key must match the encryption used on the RADIUS daemon. If you want to use multiple RADIUS servers, re-enter this command. Step 3 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-15 78-11380-12...
Page 196: Configuring Ieee 802.1X Authentication Using A Radius Server
RADIUS server documentation. Configuring IEEE 802.1x Authentication Using a RADIUS Server In Cisco IOS Release 12.2(25)SEC, you can also configure IEEE 802.1x authentication with a RADIUS server. Catalyst 2950 LRE switches do not support NAC Layer 2 IEEE 802.1x authentication.
Page 197: Enabling Periodic Re-Authentication
• Session-Timeout RADIUS attribute (Attribute[27]). You can use this keyword when the switch uses NAC Layer 2 IEEE 802.1x. The server keyword is not supported on Catalyst 2950 LRE Note switches. This command affects the behavior of the switch only if periodic re-authentication is enabled.
Page 198: Manually Re-Authenticating A Client Connected To A Port
Step 4 Return to privileged EXEC mode. Step 5 show dot1x interface interface-id Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-18 78-11380-12...
Page 199: Changing The Switch-To-Client Retransmission Time
You should change the default value of this command only to adjust for unusual circumstances such as Note unreliable links or specific behavioral problems with certain clients and authentication servers. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-19 78-11380-12...
Page 200: Configuring The Host Mode
To disable multiple hosts on the port, use the no dot1x host-mode multi-host interface configuration command. This example shows how to enable a port to allow multiple hosts: Switch(config)# interface fastethernet0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x host-mode multi-host Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-20 78-11380-12...
Page 201: Configuring A Guest Vlan
When enabled, the switch does not maintain the EAPOL packet history and allows clients that fail authentication access to the guest VLAN, regardless of whether EAPOL packets had been detected on the interface. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-21 78-11380-12...
Page 202: Resetting The Ieee 802.1X Configuration To The Default Values
Step 4 Return to privileged EXEC mode. Step 5 show dot1x interface interface-id Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-22 78-11380-12...
Page 203: Configuring Ieee 802.1X Authentication
The client is automatically • authenticated by the switch without using the information supplied by the client. Step 4 dot1x system-auth-control Enable IEEE 802.1x authentication globally on the switch. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-23 78-11380-12...
Page 204: Configuring Ieee 802.1X Accounting
To turn on these functions, enable logging of “Update/Watchdog packets from this AAA client” in your RADIUS server Network Configuration tab. Next, enable “CVS RADIUS Accounting” in your RADIUS server System Configuration tab. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-24 78-11380-12...
Page 205: Displaying Ieee 802.1X Statistics And Status
To display the IEEE 802.1x administrative and operational status for the switch, use the show dot1x all privileged EXEC command. To display the IEEE 802.1x administrative and operational status for a specific interface, use the show dot1x interface interface-id privileged EXEC command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-25 78-11380-12...
Page 206 Chapter 9 Configuring IEEE 802.1x Port-Based Authentication Displaying IEEE 802.1x Statistics and Status For detailed information about the fields in these displays, see the command reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-26 78-11380-12...
Page 207: Chapter 10 Configuring Interface Characteristics
C H A P T E R Configuring Interface Characteristics This chapter describes the types of interfaces on a Catalyst 2950 or Catalyst 2955and how to configure them. The chapter has these sections: Understanding Interface Types, page 10-1 • Using the Interface Command, page 10-4 •...
Page 208: Access Ports
VMPS. You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. From more information about voice VLAN ports, see Chapter 15, “Configuring Voice VLAN.”...
Page 209: Port-Based Vlans
Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), the Port Aggregation Protocol (PAgP), and Link Aggregation Control Protocol (LACP) which operate only on physical ports.
Page 210: Connecting Interfaces
If there is more than one interface type (for example, 10/100 ports and Gigabit Ethernet ports), the port number restarts with the second interface type: gigabitethernet0/1, gigabitethernet0/2. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-4 78-11380-12...
Page 211: Procedures For Configuring Interfaces
You can identify physical interfaces by physically checking the interface location on the switch. You can also use the Cisco IOS show privileged EXEC commands to display information about a specific interface or all the interfaces on the switch. The remainder of this chapter primarily provides physical interface configuration procedures.
Page 212: Configuring A Range Of Interfaces
(the show running-config privileged EXEC command output shows the configured VLAN interfaces). VLAN interfaces that do not appear by using the show running-config command cannot be used with the interface range command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-6 78-11380-12...
Page 213: Configuring And Using Interface-Range Macros
Return to privileged EXEC mode. Step 5 show running-config | include define Show the defined interface-range macro configuration. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-7 78-11380-12...
Page 214 This example shows how to delete the interface-range macro enet_list and to verify that it has been deleted. Switch# configure terminal Switch(config)# no define interface-range enet_list Switch# show run | include define Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-8 78-11380-12...
Page 215: Configuring Ethernet Interfaces
Aggregation Control Protocol (LACP) EtherChannels.” Port blocking—unknown multicast and Disabled (not blocked). See the “Configuring Port Blocking” unknown unicast traffic (Catalyst 2950 section on page 21-5. LRE switches only) Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-9 78-11380-12...
Page 216: Configuring Interface Speed And Duplex Mode
You can configure duplex mode on any Fast Ethernet interfaces that are not set to autonegotiate. You can configure duplex mode on the 10/100/1000 ports on the Catalyst 2950 LRE, Catalyst 2950T-24, Catalyst 2950T-48-SI, and Catalyst 2955T-24 switches but cannot configure duplex mode on these...
Page 217: Configuration Guidelines
10 or 100 Mbps. • 10/100/1000 ports on the Catalyst 2950 LRE or the Catalyst 2955T-12 switch can operate at 10 or 100 Mbps in either half- or full-duplex mode. The ports can operate at 1000 Mbps only in full-duplex mode.
Page 218: Setting The Interface Speed And Duplex Parameters On A Non-Lre Switch Port
Use the no speed and no duplex interface configuration commands to return the interface to the default speed and duplex settings (autonegotiate). To return all interface settings to the defaults, use the default interface interface-id interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-12 78-11380-12...
Page 219: Setting The Interface Speed And Duplex Parameters On An Lre Switch Port
Upon receipt of a pause frame, the remote device stops sending any data packets, which prevents any loss of data packets during the congestion period. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-13...
Page 220 Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable flow control, use the flowcontrol receive off and flowcontrol send off interface configuration commands. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-14 78-11380-12...
Page 221: Adding A Description For An Interface
The loopback detection works when the interfaces are configured to autonegotiate. For complete syntax and usage information for the down-when-looped interface command, see the Cisco IOS Interface Command Reference, Release 12.1. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-15 78-11380-12...
Page 222: Monitoring And Maintaining The Interfaces
(You can display the full list of show commands by using the show ? command at the privileged EXEC prompt.) These commands are fully described in the Cisco IOS Interface Command Reference for Cisco IOS Release 12.1. Table 10-2...
Page 223: Clearing And Resetting Interfaces And Counters
Shutting down an interface disables all functions on the specified interface and marks the interface as unavailable on all monitoring command displays. This information is communicated to other network servers through all dynamic routing protocols. The interface is not mentioned in any routing updates. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-17 78-11380-12...
Page 224 *Sep 30 08:36:00: %LINK-3-UPDOWN: Interface FastEthernet0/5, changed state to up To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface appears as administratively down in the show interfaces command output. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-18 78-11380-12...
Page 225: Chapter 11 Configuring Smartports Macros
C H A P T E R Configuring Smartports Macros This chapter describes how to configure and apply Smartports macros on the Catalyst 2950 switch. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release.
Page 226: Configuring Smartports Macros
Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
Page 227: Smartports Macro Configuration Guidelines
Cisco-default macro with the required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro.
Page 228: Creating Smartports Macros
MAC addresses and also includes two help string keywords by using # macro keywords: Switch(config)# macro name test switchport access vlan $VLANID switchport port-security maximum $MAX #macro keywords $VLANID $MAX Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 11-4 78-11380-12...
Page 229: Applying Smartports Macros
You can delete a global macro-applied configuration on a switch only by entering the no version of each command that is in the macro. You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 11-5 78-11380-12...
Page 230: Applying Cisco-Default Smartports Macros
Enter global configuration mode. Step 4 macro global {apply | trace} Append the Cisco-default macro with the required values by using the macro-name [parameter {value}] parameter value keywords and apply the macro to the switch. [parameter {value}] [parameter...
Page 231 You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. This example shows how to display the cisco-desktop macro, how to apply the macro, and to set the access VLAN ID to 25 on an interface:...
Page 232: Displaying Smartports Macros
Displays a specific macro. show parser macro brief Displays the configured macro names. show parser macro description [interface Displays the macro description for all interfaces or for a specified interface-id] interface. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 11-8 78-11380-12...
Page 233: Configuring Lre
• Ports on the Catalyst 2950 LRE Switches The Catalyst 2950 LRE switches use LRE technology to transfer data, voice, and video traffic over categorized and noncategorized unshielded twisted-pair cable (Category 1, 2, and 3 structured and unstructured cable such as existing telephone lines).
Page 234: Lre Links And Lre Profiles
LRE link—This is the connection between the switch LRE port and the RJ-11 wall port on an LRE • CPE device such as the Cisco 575 LRE CPE or the Cisco 585 LRE CPE. This connection can be through categorized or noncategorized unshielded twisted-pair cable and can extend to distances of up to 5000 feet (1524 meters).
Page 235 LRE link can affect the actual LRE link performance. Contact Cisco Systems for information about limitations and optimization of LRE link performance. The downstream and upstream rates in the table are slightly less than the gross data rates shown by the show controllers lre profile names privileged EXEC command output.
Page 236 3.125 Your data rates will always be less than the gross data rate listed in tables. A small percentage of the link rate is used by the Catalyst 2950 LRE switch for supervisory functions with the CPE device connected remotely.
Page 237: Lre Sequences
LRE-3 LRE-5 LRE-10-3 LRE-15-1 LRE-10-3 LRE-10-1 LRE-2 LRE-4 LRE-10-1 LRE-10-1 LRE-5 LRE-8 LRE-15-3 LRE-15-1 LRE-7 LRE-10-3 LRE-10-1 LRE-5 LRE-3 LRE-4 LRE-4 LRE-2 LRE-3 LRE-4-1 LRE-4-1 LRE-2 LRE-3 LRE-4-1 LRE-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-5 78-11380-12...
Page 238: Cpe Ethernet Links
From the CLI, you can configure and monitor the Ethernet link on a Cisco 575 LRE CPE and the Note Cisco 585 LRE CPE. You can configure and monitor the Ethernet link on a Cisco 576 LRE 997 CPE only from the CLI. For information about the switch LEDs, see the Catalyst 2950 Desktop Switch Hardware Installation Guide.
Page 239: Lre Link Monitor
30 seconds. This feature is enabled by default. CPE toggle cannot be disabled on a Cisco 575 LRE or Cisco 576 LRE 997 CPE link but can be disabled on a Cisco 585 LRE CPE. For more information, see the “Configuring CPE Toggle”...
Page 240: Lre Message Logging Process
Configuring LRE Ports LRE Message Logging Process The Catalyst 2950 LRE switch software monitors switch conditions on a per-port basis and sends the debugging messages to an LRE message logging process that is different than the system message logging process described in Chapter 26, “Configuring System Message Logging.”...
Page 241: Default Lre Configuration
This protection might be provided by fuses or overvoltage protectors that comply with local regulations for outside wiring protection. Consult an expert in local telecommunications regulations for the details of this protection. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-9 78-11380-12...
Page 242: Guidelines For Using Lre Profiles
300-ohm termination. Microfilters improve voice call quality when voice and data equipment are using the same telephone line. They also prevent nonfiltered telephone rings and nonfiltered telephone transitions (such as on-hook to off-hook) from interrupting the LRE connection. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-10 78-11380-12...
Page 243: Cpe Ethernet Link Guidelines
LRE ports. For information about this command, see the switch command reference. CPE Ethernet Link Guidelines Follow these guidelines when configuring CPE Ethernet links: Guidelines for Configuring Cisco 575 LRE CPEs and 576 LRE 997 CPEs, page 12-11 • Guidelines for Configuring Cisco 585 LRE CPEs, page 12-12 •...
Page 244: Guidelines For Configuring Cisco 585 Lre Cpes
Cisco 575 LRE CPE or the 576 LRE 997 CPE Ethernet port. You cannot disable CPE toggle on a link from a Cisco 575 LRE or Cisco 576 LRE CPE to a remote device (such as a PC).
Page 245: Assigning A Profile To A Specific Lre Port
Step 3 Return to privileged EXEC mode. Step 4 show controllers lre status sequence Verify the change. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-13 78-11380-12...
Page 246: Assigning A Sequence To A Specific Lre Port
The rate-selection algorithm begins with the first profile in the sequence and successively tries the next profiles (in descending order) until a link is established with the CPE device. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-14...
Page 247: Precedence
LRE port rather than having to go through a profile sequence. Beginning in privileged EXEC mode, follow these steps to lock a profile in an LRE port that has rate selection enabled: Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-15 78-11380-12...
Page 248: Link Qualification And Snr Margins
Amplitude Gross Data Modulation Theoretical Medium Noise High Noise Profile Rate (QAM) Minimum SNR Low Noise SNR LRE-4-1 4.17 LRE-7 8.333 LRE-8 9.375 LRE-5 6.25 LRE-10 12.5 LRE-15 16.667 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-16 78-11380-12...
Page 249 9.375 LRE-5 6.25 LRE-10 12.5 LRE-15 18.75 LRE-10-5 6.25 LRE-10-3 3.125 LRE-10-1 1.56 LRE-15-5 6.250 LRE-15-3 3.125 LRE-15-1 1.563 LRE-998-15-4 4.688 LRE-997-10-4 4.688 LRE-2 2.08 LRE-3 3.13 LRE-4 4.17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-17 78-11380-12...
Page 250 SNR value at link time is 27 dB, the link is advertised as down, and the next profile in the sequence is attempted. If you configure a margin of 0 (the default value), the software does not check for the SNR value when the link is established. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-18 78-11380-12...
Page 251: Configuring Lre Link Persistence
For example, the dynamic MAC addresses are removed from the MAC address table. You can use the link persistence feature to configure a delay duration on the Catalyst 2950 LRE switch of up to 20 seconds before link failure is reported.
Page 252: Configuring Lre Link Monitor
Interleave delay is applicable only when the non-LL profiles are used. Existing LL profiles are • supported. Interleave block size values of 0, 1, 2, 8, or 16 are supported. • Different ports with the same profile can have different interleave settings. • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-20 78-11380-12...
Page 253: Configuring Upstream Power Back-Off
Use the show controllers lre cpe version privileged EXEC command to display the binary version on all CPE device interfaces. Changing the noise model while the switch is functioning in a network can disrupt the network Caution operation. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-21 78-11380-12...
Page 254: Configuring Cpe Toggle
Configuring CPE Toggle The CPE toggle feature is enabled by default. It cannot be disabled on a link from a Cisco 575 LRE or Cisco 576 LRE 997 CPE to a remote Ethernet device (such as PC). You can disable CPE toggle on a Cisco 585 LRE CPE link. Then the CPE Ethernet link does not transition to the up state when the LRE link comes up.
Page 255: Configuring Syslog Export
(Optional) Save your entries in the configuration file. To turn off the logging of events, use the no logging lre {event | extended | normal} interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-23 78-11380-12...
Page 256: Upgrading Lre Switch Firmware
Upgrading LRE Switch Firmware Upgrading LRE Switch Firmware The Catalyst 2950 LRE switch can store and properly apply LRE binaries in case there are updates required to the firmware on the switch local LRE controllers or connected CPE devices. Other desirable upgrade-related features include: •...
Page 257: Performing An Lre Upgrade
You can use the upgrade controller configuration command to override the system default selection of an LRE binary that will be applied on either end of a particular LRE link. Controller configurations take precedence over global upgrade configurations. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-25 78-11380-12...
Page 258: Lre Upgrade Details
<output truncated> controller LongReachEthernet 0 controller LongReachEthernet 1 controller LongReachEthernet 2 controller LongReachEthernet 3 controller LongReachEthernet 4 controller LongReachEthernet 5 controller LongReachEthernet 6 !<output truncated> Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-26 78-11380-12...
Page 259: Lre Upgrade Example
Display the LRE link statistics and profile information on an LRE switch port. For detailed information about the fields in the command outputs, see the command reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-27 78-11380-12...
Page 260 Chapter 12 Configuring LRE Displaying LRE Status Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-28 78-11380-12...
Page 261: Configuring Stp
This chapter describes how to configure the Spanning Tree Protocol (STP) on port-based VLANs on your Catalyst 2950 or Catalyst 2955 switch. The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard.
Page 262: Stp Overview
The unique bridge ID (switch priority and MAC address) associated with each VLAN on each switch • The spanning-tree path cost to the root switch • • The port identifier (port priority and MAC address) associated with each Layer 2 interface Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-2 78-11380-12...
Page 263: Bridge Id, Switch Priority, And Extended System Id
VLANs configured on it. Each VLAN on the switch has a unique 8-byte bridge ID; the two most-significant bytes are used for the switch priority, and the remaining six bytes are derived from the switch MAC address. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-3 78-11380-12...
Page 264: Spanning-Tree Interface States
Configuring STP Understanding Spanning-Tree Features In Cisco IOS Release 12.1(9)EA1 and later, Catalyst 2950 and Catalyst 2955 switches support the IEEE 802.1t spanning-tree extensions. Some of the bits previously used for the switch priority are now used as the VLAN identifier. The result is that fewer MAC addresses are reserved for the switch, and a larger range of VLAN IDs can be supported, all while maintaining the uniqueness of the bridge ID.
Page 265 When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where both learning and frame forwarding are enabled. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-5 78-11380-12...
Page 266: Blocking State
An interface in the forwarding state performs as follows: Receives and forwards frames received on the port • Forwards frames switched from another port • Learns addresses • • Receives BPDUs Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-6 78-11380-12...
Page 267: Disabled State
Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet interface to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet interface becomes the new root port. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-7 78-11380-12...
Page 268: Spanning Tree And Redundant Connectivity
The accelerated aging is the same as the forward-delay parameter value (spanning-tree vlan vlan-id forward-time seconds global configuration command) when the spanning tree reconfigures. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-8 78-11380-12...
Page 269: Spanning-Tree Modes And Protocols
Spanning-Tree Modes and Protocols The switch supports these spanning-tree modes and protocols: PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary extensions. It is the default spanning-tree mode used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs.
Page 270: Spanning-Tree Interoperability And Backward Compatibility
VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+.
Page 271: Configuring Spanning-Tree Features
Spanning-tree VLAN port cost (configurable on a per-VLAN basis) 1000 Mbps: 4. 100 Mbps: 19. 10 Mbps: 100. Spanning-tree timers Hello time: 2 seconds. Forward-delay time: 15 seconds. Maximum-aging time: 20 seconds. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-11 78-11380-12...
Page 272: Spanning-Tree Configuration Guidelines
“Spanning-Tree Interoperability and Backward Compatibility” section on page 13-10. For configuration guidelines about UplinkFast, BackboneFast, and cross-stack UplinkFast, see the “Optional Spanning-Tree Configuration Guidelines” section on page 15-14. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-12 78-11380-12...
Page 273: Changing The Spanning-Tree Mode
To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-13...
Page 274: Disabling Spanning Tree
4-bit switch priority value as shown in Table 13-1 on page 13-4.) The spanning-tree vlan vlan-id root global configuration command fails if the value necessary to be the Note root switch is less than 1. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-14 78-11380-12...
Page 275 Before Cisco IOS Release 12.1(9)EA1, entering the spanning-tree vlan vlan-id root global configuration command on a Catalyst 2950 switch (no extended system ID) caused it to set its own switch priority for the specified VLAN to 8192 if this value caused this switch to become the root for the specified VLAN.
Page 276: Configuring A Secondary Root Switch
Configuring a Secondary Root Switch When you configure a Catalyst 2950 or Catalyst 2955 switch that supports the extended system ID as the secondary root, the switch priority is modified from the default value (32768) to 28672. The switch is then likely to become the root switch for the specified VLAN if the primary root switch fails.
Page 277: Configuring The Port Priority
Enter global configuration mode. Step 2 interface interface-id Specify an interface to configure, and enter interface configuration mode. Valid interfaces include physical interfaces and port-channel logical interfaces (port-channel port-channel-number). Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-17 78-11380-12...
Page 278: Configuring The Path Cost
If all interfaces have the same cost value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-18 78-11380-12...
Page 279 To return the interface to its default setting, use the no spanning-tree [vlan vlan-id] cost interface configuration command. For information on how to configure load sharing on trunk ports by using spanning-tree path costs, see the “Load Sharing Using STP” section on page 16-21. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-19 78-11380-12...
Page 280: Configuring The Switch Priority Of A Vlan
Determines how long each of the listening and learning states last before the interface begins forwarding. Maximum-age timer Determines the amount of time the switch stores protocol information received on an interface. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-20 78-11380-12...
Page 281: Configuring The Hello Time
(Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-21 78-11380-12...
Page 282: Configuring The Forwarding-Delay Time For A Vlan
(Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-22 78-11380-12...
Page 283: Configuring Spanning Tree For Use In A Cascaded Stack
Layer 2 backbone a Layer 3 backbone To return to the default setting, use the no spanning-tree transmit hold-count value global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-23 78-11380-12...
Page 284: Displaying The Spanning-Tree Status
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 13-24 78-11380-12...
Page 285: Chapter 14 Configuring Mstp
C H A P T E R Configuring MSTP This chapter describes how to configure the Cisco implementation of the IEEE 802.1s Multiple STP (MSTP) on your Catalyst 2950 or Catalyst 2955 switch. The multiple spanning-tree (MST) implementation is a prestandard implementation. It is based on the Note draft version of the IEEE standard.
Page 286: Understanding Mstp
16spanning-tree instances. Instances can be identified by any number in the range from 0 to15You can assign a VLAN to only one spanning-tree instance at a time. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-2 78-11380-12...
Page 287: Ist, Cist, And Cst
For correct operation, all switches in the MST region must agree on the same IST master. Therefore, any two switches in the region only synchronize their port roles for an MST instance if they converge to a common IST master. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-3 78-11380-12...
Page 288: Operations Between Mst Regions
MSTP switches use version 3 RSTP BPDUs or IEEE 802.1D STP BPDUs to communicate with legacy IEEE 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-4 78-11380-12...
Page 289: Hop Count
BPDU, an MSTP BPDU (version 3) associated with a different region, or an RSTP BPDU (version 2). Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-5...
Page 290: Understanding Rstp
A port with the root or a designated port role is included in the active topology. A port with the alternate or backup port role is excluded from the active topology. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-6...
Page 291: Rapid Convergence
Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. Rapid Convergence The RSTP provides for rapid recovery of connectivity following the failure of a switch, a switch port, or a LAN.
Page 292: Synchronization Of Port Roles
When the switches connected by a point-to-point link are in agreement about their port roles, the RSTP immediately transitions the port states to forwarding. The sequence of events is shown in Figure 14-3. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-8 78-11380-12...
Page 293: Bridge Protocol Data Unit Format And Processing
The sending switch sets the agreement flag in the RSTP BPDU to accept the previous proposal. The port role in the agreement message is always set to the root port. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-9...
Page 294: Processing Superior Bpdu Information
IEEE 802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support IEEE 802.1D switches. The RSTP BPDUs never have the TCA bit set. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-10 78-11380-12...
Page 295: Configuring Mstp Features
Configuring the Maximum-Hop Count, page 14-21 (optional) • Specifying the Link Type to Ensure Rapid Transitions, page 14-22 (optional) • • Restarting the Protocol Migration Process, page 14-22 (optional) Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-11 78-11380-12...
Page 296: Default Mstp Configuration
When you enable MST by using the spanning-tree mode mst global configuration command, RSTP • is automatically enabled. Per-VLAN RSTP is not supported in software releases earlier than Cisco IOS Release 12.1(13)EA1. For two or more switches to be in the same MST region, they must have the same VLAN-to-instance •...
Page 297: Specifying The Mst Region Configuration And Enabling Mstp
Specify the configuration revision number. The range is 0 to 65535. Step 6 show pending Verify your configuration by displaying the pending configuration. Step 7 exit Apply all changes, and return to global configuration mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-13 78-11380-12...
Page 298: Configuring The Root Switch
ID support, the switch sets its own priority for the specified instance to 24576 if this value will cause this switch to become the root for the specified spanning-tree instance. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-14...
Page 299 4-bit switch priority value as shown in Table 13-1 on page 13-4.) Catalyst 2950 switches running software earlier than Cisco IOS Release 12.1(9)EA1 do not support the Note extended system ID. Catalyst 2950 switches running software earlier than Cisco IOS Release 12.1(9)EA1 do not support the MSTP.
Page 300: Configuring A Secondary Root Switch
Configuring a Secondary Root Switch When you configure a Catalyst 2950 or Catalyst 2955 switch that supports the extended system ID as the secondary root, the spanning-tree switch priority is modified from the default value (32768) to 28672. The switch is then likely to become the root switch for the specified instance if the primary root switch fails.
Page 301: Configuring The Port Priority
Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id port-priority interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-17 78-11380-12...
Page 302: Configuring The Path Cost
Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id cost interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-18 78-11380-12...
Page 303: Configuring The Switch Priority
Exercise care when using this command. For most situations, we recommend that you use the spanning-tree mst instance-id root primary and the spanning-tree mst instance-id root secondary global configuration commands to modify the hello time. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-19 78-11380-12...
Page 304: Configuring The Forwarding-Delay Time
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst forward-time global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-20 78-11380-12...
Page 305: Configuring The Maximum-Aging Time
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst max-hops global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-21 78-11380-12...
Page 306: Specifying The Link Type To Ensure Rapid Transitions
EXEC command. To restart the protocol migration process on a specific interface, use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-22 78-11380-12...
Page 307: Displaying The Mst Configuration And Status
4094. The valid port-channel range is 1 to 6. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-23 78-11380-12...
Page 308 Chapter 14 Configuring MSTP Displaying the MST Configuration and Status Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-24 78-11380-12...
Page 309: Understanding Optional Spanning-Tree Features
C H A P T E R Configuring Optional Spanning-Tree Features This chapter describes how to configure optional spanning-tree features on your Catalyst 2950 or Catalyst 2955 switch. You can configure all of these features when your switch is running the per-VLAN spanning-tree plus (PVST+).
Page 310: Understanding Port Fast
The BPDU guard feature provides a secure response to invalid configurations because you must manually put the port back in service. Use the BPDU guard feature in a service-provider network to prevent an access port from participating in the spanning tree. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-2 78-11380-12...
Page 311: Understanding Bpdu Filtering
Switches in hierarchical networks can be grouped into backbone switches, distribution switches, and access switches. Figure 15-2 shows a complex network where distribution switches and access switches each have at least one redundant link that spanning tree blocks to prevent loops. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-3 78-11380-12...
Page 312 Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-4...
Page 313: Understanding Cross-Stack Uplinkfast
CSUF might not provide a fast transition all the time; in these cases, the normal spanning-tree transition occurs, completing in 30 to 40 seconds. For more information, see the “Events that Cause Fast Convergence” section on page 15-7. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-5 78-11380-12...
Page 314: How Csuf Works
“Events that Cause Fast Convergence” section on page 15-7), the Fast Uplink Transition Protocol uses the neighbor list to send fast-transition requests on the stack port to stack members. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-6 78-11380-12...
Page 315: Events That Cause Fast Convergence
A new switch, which might become the stack root, is added to the stack. • A switch other than the stack root is powered off or failed. • A link fails between stack ports on the multidrop backbone. • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-7 78-11380-12...
Page 316: Limitations
Each stack switch can be connected to the spanning-tree backbone through one uplink. • If the stack consists of a mixture of Catalyst 3550, Catalyst 3500 XL, Catalyst 2950, and • Catalyst 2900 XL switches, up to 64 VLANs with spanning tree enabled are supported. If the stack consists of only Catalyst 3550 switches, up to 128 VLANs with spanning tree enabled are supported.
Page 317: Understanding Backbonefast
When a switch receives an inferior BPDU, it means that a link to which the switch is not directly connected (an indirect link) has failed (that is, the designated bridge has lost its connection Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-9...
Page 318 Switch A. This switchover takes approximately 30 seconds, twice the Forward Delay time if the default Forward Delay time of 15 seconds is set. Figure 15-8 shows how BackboneFast reconfigures the topology to account for the failure of link L1. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-10 78-11380-12...
Page 319 Switch A, the root switch. Figure 15-9 Adding a Switch in a Shared-Medium Topology Switch A (Root) Switch B Switch C (Designated bridge) Blocked port Added switch Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-11 78-11380-12...
Page 320: Understanding Etherchannel Guard
MST instance. You can enable this feature by using the spanning-tree guard root interface configuration command. Misuse of the root-guard feature can cause a loss of connectivity. Caution Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-12 78-11380-12...
Page 321: Understanding Loop Guard
Enabling BPDU Guard, page 15-15 (optional) • Enabling BPDU Filtering, page 15-16 (optional) • • Enabling UplinkFast for Use with Redundant Links, page 15-17 (optional) • Enabling Cross-Stack UplinkFast, page 15-18 (optional) Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-13 78-11380-12...
Page 322: Default Optional Spanning-Tree Configuration
VLAN, the Port Fast feature is not automatically disabled. For more information, see Chapter 18, “Configuring Voice VLAN.” You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-14 78-11380-12...
Page 323: Enabling Bpdu Guard
Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop Caution could cause a data packet loop and disrupt switch and network operation. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-15 78-11380-12...
Page 324: Enabling Bpdu Filtering
Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning-tree loops. You can enable the BPDU filtering feature if your switch is running PVST+, rapid PVST+, or MSTP. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-16 78-11380-12...
Page 325: Enabling Uplinkfast For Use With Redundant Links
VLAN. You can enable the UplinkFast feature for rapid PVST+ or for the MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-17 78-11380-12...
Page 326: Enabling Cross-Stack Uplinkfast
“Connecting the Stack Ports” section on page 15-8. You can enable the CSUF feature for rapid PVST+ or for the MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-18 78-11380-12...
Page 327: Enabling Backbonefast
Token Ring VLANs. This feature is supported for use with third-party switches. You can enable the BackboneFast feature for rapid PVST+ or for the MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-19 78-11380-12...
Page 328: Enabling Etherchannel Guard
EXEC command to verify the EtherChannel configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-20 78-11380-12...
Page 329: Enabling Root Guard
You cannot enable both loop guard and root guard at the same time. Note You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-21 78-11380-12...
Page 330: Displaying The Spanning-Tree Status
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 15-22 78-11380-12...
Page 331: Chapter 16 Configuring Vlans
C H A P T E R Configuring VLANs This chapter describes how to configure normal-range VLANs on your Catalyst 2950 or Catalyst 2955 switch. It includes information about VLAN modes and the VLAN Membership Policy Server (VMPS). For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release.
Page 332: Supported Vlans
VLAN membership. Supported VLANs Catalyst 2950 switches that run the standard software image (SI) support 64 VLANs; Catalyst 2950 and Catalyst 2955 switches that run the enhanced software image (EI) 250 VLANs. For the list of switches that support each image, see the release notes.
Page 333: Vlan Port Membership Modes
Dynamic Access Ports on VMPS Clients” section on page 16-28. Voice VLAN A voice VLAN port is an access port attached to a Cisco VTP is not required; it has no affect on IP Phone, configured to use one VLAN for voice traffic voice VLAN.
Page 334: Configuring Normal-Range Vlans
This section does not provide configuration details for most of these parameters. For complete information on the commands and parameters that control VLAN configuration, see the command reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-4 78-11380-12...
Page 335: Token Ring Vlans
VLAN anywhere in the VTP domain creates a VLAN on that switch that is not running spanning tree. If you have the default allowed list on the trunk ports of that switch (which Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-5...
Page 336: Vlan Configuration Mode Options
VLAN database. VTP messages are sent to other switches in the VTP domain, and the privileged EXEC mode prompt appears. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-6 78-11380-12...
Page 337: Saving Vlan Configuration
• use the VLAN database information. If the switch is running Cisco IOS Release 12.1(9)EA1 or later and you use an older startup • configuration file to boot up the switch, the configuration file does not contain VTP or VLAN information, and the switch uses the VLAN database configurations.
Page 338: Creating Or Modifying An Ethernet Vlan
The available VLAN ID range for this command is 1 to 4094. Note For information about adding VLAN IDs greater than 1005 (extended-range VLANs), see the “Configuring Extended-Range VLANs” section on page 16-11. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-8 78-11380-12...
Page 339 (Optional) If the switch is in VTP transparent mode, the VLAN configuration is saved in the running configuration file as well as in the VLAN database. This saves the configuration in the switch startup configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-9 78-11380-12...
Page 340: Deleting A Vlan
To delete a VLAN in VLAN database configuration mode, use the vlan database privileged EXEC command to enter VLAN database configuration mode and the no vlan vlan-id VLAN configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-10 78-11380-12...
Page 341: Assigning Static-Access Ports To A Vlan
Enter the vlan vlan-id global configuration command to access config-vlan mode and to configure extended-range VLANs. The VLAN database configuration mode (that you access by entering the vlan database privileged EXEC command) does not support the extended range. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-11 78-11380-12...
Page 342: Default Vlan Configuration
IEEE 802.1S Multiple STP (MSTP) on your switch to map multiple VLANs to a single STP instance. For more information about MSTP, see Chapter 14, “Configuring MSTP.” Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-12 78-11380-12...
Page 343: Creating An Extended-Range Vlan
VLAN in the switch startup configuration file: Switch(config)# vtp mode transparent Switch(config)# vlan 2000 Switch(config-vlan)# end Switch# copy running-config startup config Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-13 78-11380-12...
Page 344: Displaying Vlans
VLANs across an entire network. The switch supports IEEE 802.1Q, the industry-standard trunking encapsulation. Figure 16-2 shows a network of switches that are connected by IEEE 802.1Q trunks. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-14 78-11380-12...
Page 345 Manually configure trunk mode on the GigaStack port by using the switchport mode trunk interface configuration command on both GBIC interfaces to cause the interfaces to become trunks. – Use the no shutdown interface configuration command to bring up the GigaStack port. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-15 78-11380-12...
Page 346: Ieee 802.1Q Configuration Considerations
VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch.
Page 347: Default Layer 2 Ethernet Interface Vlan Configuration
If you try to enable IEEE 802.1X on a trunk port, an error message appears, and IEEE 802.1X is not • enabled. If you try to change the mode of an IEEE 802.1X-enabled port to trunk, the port mode is not changed. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-17 78-11380-12...
Page 348: Configuring A Trunk Port
IEEE 802.1Q trunking. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface fastethernet0/4 Switch(config-if)# switchport mode dynamic desirable Switch(config-if)# end Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-18 78-11380-12...
Page 349: Defining The Allowed Vlans On A Trunk
VLAN 1 from the allowed list. This is known as VLAN 1 minimization. VLAN 1 minimization disables VLAN 1 (the default VLAN on all Cisco switch trunk ports) on an individual VLAN trunk link. As a result, no user traffic, including spanning-tree advertisements, is sent or received on VLAN 1.
Page 350: Changing The Pruning-Eligible List
The native VLAN can be assigned any VLAN ID; it is not dependent on the management VLAN. For information about IEEE 802.1Q configuration issues, see the “IEEE 802.1Q Configuration Considerations” section on page 16-16. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-20 78-11380-12...
Page 351: Load Sharing Using Stp
VLANs 3 through 6 are assigned a port priority of 16 on Trunk 2. VLANs 8 through 10 retain the default port priority of 128 on Trunk 2. • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-21 78-11380-12...
Page 352 Step 15 configure terminal Enter global configuration mode on Switch A. Step 16 interface fastethernet 0/1 Enter interface configuration mode, and define the interface to set the STP port priority. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-22 78-11380-12...
Page 353: Load Sharing Using Stp Path Cost
VLANs 2 – 4 (path cost 30) VLANs 8 – 10 (path cost 30) VLANs 8 – 10 (path cost 19) VLANs 2 – 4 (path cost 19) Switch B Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-23 78-11380-12...
Page 354: Configuring Vmps
“Configuring the VMPS Client” section on page 16-27 • “Monitoring the VMPS” section on page 16-30 • • “Troubleshooting Dynamic Port VLAN Membership” section on page 16-30 • “VMPS Configuration Example” section on page 16-31 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-24 78-11380-12...
Page 355: Understanding Vmps
If the link goes down on a dynamic port, the port returns to an isolated state and does not belong to a VLAN. Any hosts that come online through the port are checked again through the VQP with the VMPS before the port is assigned to a VLAN. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-25 78-11380-12...
Page 356: Vmps Database Configuration File
(VQP) port, an error message appears, and IEEE 802.1X is not enabled. If you try to change an IEEE 802.1X-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not changed. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-26 78-11380-12...
Page 357: Configuring The Vmps Client
The switch port that is connected to the VMPS server cannot be a dynamic access port. It can be either Note a static access port or a trunk port. See the “Configuring an Ethernet Interface as a Trunk Port” section on page 16-17. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-27 78-11380-12...
Page 358: Configuring Dynamic Access Ports On Vmps Clients
VMPS: Command Purpose Step 1 vmps reconfirm Reconfirm dynamic port VLAN membership. Step 2 show vmps Verify the dynamic VLAN reconfirmation status. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-28 78-11380-12...
Page 359: Changing The Reconfirmation Interval
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no vmps retry global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-29 78-11380-12...
Page 360: Monitoring The Vmps
More than 20 active hosts reside on a dynamic port. • To re-enable a disabled dynamic port, enter the no shutdown interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-30 78-11380-12...
Page 361: Vmps Configuration Example
172.20.26.155 Switch F 172.20.26.156 Switch G 172.20.26.157 Switch H Client switch I Dynamic-access port 172.20.26.158 station 2 Trunk port 172.20.26.159 Catalyst 6500 series Secondary VMPS Switch J Server 3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-31 78-11380-12...
Page 362 Chapter 16 Configuring VLANs Configuring VMPS Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 16-32 78-11380-12...
Page 363: Configuring Vtp
This chapter describes how to use the VLAN Trunking Protocol (VTP) and the VLAN database for managing VLANs on your Catalyst 2950 or Catalyst 2955 switch. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release.
Page 364: The Vtp Domain
For domain name and password configuration guidelines, see the “VTP Configuration Guidelines” section on page 17-8. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-2 78-11380-12...
Page 365: Vtp Modes
Otherwise, the switch cannot receive any VTP advertisements. For more information on trunk ports, see “Configuring VLAN Trunks” section on page 16-14. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-3 78-11380-12...
Page 366: Vtp Version 2
Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. VTP pruning is disabled by default. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-4 78-11380-12...
Page 367 Optimized Flooded Traffic with VTP Pruning Switch D Port 2 Flooded traffic Port is pruned. Switch B VLAN Switch E Flooded traffic Port is pruned. Port 1 Switch F Switch C Switch A Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-5 78-11380-12...
Page 368: Configuring Vtp
Table 17-2 Default VTP Configuration Feature Default Setting VTP domain name Null. VTP mode Server. VTP version 2 enable state Version 2 is disabled. VTP password None. VTP pruning Disabled. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-6 78-11380-12...
Page 369: Vtp Configuration Options
If VTP mode is transparent, the domain name and the mode (transparent) are saved in the switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-7 78-11380-12...
Page 370: Vtp Configuration Guidelines
If you want the switch to propagate VLAN configuration information to other switches and to learn the VLANs enabled on the network, you must configure the switch with the correct domain name and domain password and change the VTP mode to VTP server. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-8 78-11380-12...
Page 371: Vtp Version
Note If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You receive an error message, and the configuration is not allowed. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-9 78-11380-12...
Page 372 This example shows how to use global configuration mode to configure the switch as a VTP server with the domain name eng_group and the password mypassword: Switch# config terminal Switch(config)# vtp mode server Switch(config)# vtp domain eng_group Switch(config)# vtp password mypassword Switch(config)# end Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-10 78-11380-12...
Page 373: Configuring A Vtp Client
If all switches are operating in VTP client mode, do not configure a VTP domain name. If you do, it is Caution impossible to make changes to the VLAN configuration of that domain. Therefore, make sure you configure at least one switch as a VTP server. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-11 78-11380-12...
Page 374: Disabling Vtp (Vtp Transparent Mode)
VTP transparent mode. Otherwise, you lose the extended-range VLAN configuration if the switch resets and boots up in VTP server mode (the default). Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-12 78-11380-12...
Page 375: Enabling Vtp Version 2
For Token Ring and Token Ring-Net media, VTP version 2 must be disabled. For more information on VTP version configuration guidelines, see the “VTP Version” section on page 17-9. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-13 78-11380-12...
Page 376: Enabling Vtp Pruning
Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible on trunk ports. Extended-range VLANs cannot be pruned. To change the pruning-eligible VLANs, see the “Changing the Pruning-Eligible List” section on page 16-20. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-14 78-11380-12...
Page 377: Adding A Vtp Client Switch To A Vtp Domain
You can use the vtp mode transparent global configuration command or the vtp transparent VLAN Note configuration command to disable VTP on the switch, and then change its VLAN information without affecting the other switches in the VTP domain. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-15 78-11380-12...
Page 378: Monitoring Vtp
Table 17-3 VTP Monitoring Commands Command Purpose show vtp status Display the VTP switch configuration information. show vtp counters Display counters about VTP messages that have been sent and received. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 17-16 78-11380-12...
Page 379: Chapter 18 Configuring Voice Vlan
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. The switch can connect to a Cisco 7960 IP Phone and carry IP voice traffic. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1p class of service (CoS).
Page 380: Configuring Voice Vlan
The IP Phone overrides the priority of all incoming traffic (tagged and untagged) and sets the CoS value to 0. Note In software releases earlier than Cisco IOS Release 12.1(13)EA1, the CoS value is trusted for all IEEE 802.1p or IEEE 802.1Q tagged traffic, and the IP Phone does not override the priority of the incoming traffic.
Page 381: Voice Vlan Configuration Guidelines
Configuring a Port to Connect to a Cisco 7960 IP Phone Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco 7960 IP Phone can carry mixed traffic.
Page 382 Step 3 switchport voice vlan vlan-id Instruct the Cisco IP Phone to forward all voice traffic through the specified VLAN. By default, the Cisco IP Phone forwards the voice traffic with an IEEE 802.1Q priority of 5. Valid VLAN IDs are from 1 to 4094.
Page 383 Overriding the CoS Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco 7960 IP Phone port. The PC can generate packets with an assigned CoS value. You can configure the switch to override the priority of frames arriving on the IP phone port from connected devices.
Page 384: Configuring The Ip Phone To Trust The Cos Priority Of Incoming Data Frames
Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco 7960 IP Phone port. The PC can generate packets with an assigned CoS value. You can configure the switch to trust the priority of frames arriving on the IP phone port from connected devices.
Page 385: Understanding Dhcp Features
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release, and see the “IP Addressing and Services” section in the Cisco IOS IP and IP Routing Command Reference, Release 12.1.
Page 386: Dhcp Server
DHCP snooping is enabled, the switch compares the source MAC address and the DHCP client hardware address. If addresses match (the default), the switch forwards the packet. If the addresses do not match, the switch drops the packet. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 19-2 78-11380-12...
Page 387: Option-82 Data Insertion
DHCP snooping bindings for connected devices and cannot build a complete DHCP snooping binding database. When option-82 information is inserted by an edge switch in software releases earlier than Cisco IOS Release 12.1(22)EA3, you cannot configure DHCP snooping on an aggregation switch because the DHCP snooping bindings database will not be properly populated.
Page 388 Length of the suboption type – Circuit ID type – Length of the circuit ID type – Remote ID suboption fields • Suboption type – Length of the suboption type – Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 19-4 78-11380-12...
Page 389: Configuring Dhcp Features
• Default DHCP Configuration, page 19-6 • DHCP Snooping Configuration Guidelines, page 19-6 Configuring the DHCP Server, page 19-7 • Enabling DHCP Snooping and Option 82, page 19-7 • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 19-5 78-11380-12...
Page 390: Default Dhcp Configuration
If a switch port is connected to a DHCP server, configure a port as trusted by entering the ip dhcp • snooping trust interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 19-6 78-11380-12...
Page 391: Configuring The Dhcp Server
Configuring the DHCP Server The Catalyst 2955 switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational.
Page 392: Displaying Dhcp Information
Displays only the dynamically configured bindings in the DHCP snooping binding database. 1. If DHCP snooping is enabled and an interface changes to the down state, the switch does not delete the manually configured bindings. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 19-8 78-11380-12...
Page 393 This chapter describes how to configure Internet Group Management Protocol (IGMP) snooping on your Catalyst 2950 or Catalyst 2955 switch, including an application of local IGMP snooping, Multicast VLAN Registration (MVR). It also includes procedures for controlling multicast group membership by using IGMP filtering and procedures for configuring the IGMP throttling action.
Page 394: Understanding Igmp Snooping
For example, if IGMP snooping is enabled on an IGMPv2 switch and the switch receives an IGMPv3 report from a host, the switch can forward the IGMPv3 report to the multicast router. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-2 78-11380-12...
Page 395: Joining A Multicast Group
An IGMPv3 switch can receive messages from and forward messages to a device running the Source Specific Multicast (SSM) feature. For more information, see the “Configuring IP Multicast Layer 3 Switching” chapter in the Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, Cisco IOS Release 12.1(12c)EW at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_12/config/mcastmls.htm...
Page 396 CPU. Any unknown multicast traffic is flooded to the VLAN and sent to the CPU until it becomes known. Figure 20-2 Second Host Joining a Multicast Group Router A VLAN Forwarding table Host 1 Host 2 Host 3 Host 4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-4 78-11380-12...
Page 397: Leaving A Multicast Group
IGMP Configurable-Leave Timer In Cisco IOS Release 12.1(22)EA2 and earlier, the IGMP snooping leave time was fixed at 5 seconds. If membership reports were not received by the switch before the query response time of the query expired, a port was removed from the multicast group membership.
Page 398: Igmp Leave Timer Guidelines
The IGMP snooping querier does not generate an IGMP general query if it cannot find an available IP address on the switch. The IGMP snooping querier supports IGMP Versions 1 and 2. • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-6 78-11380-12...
Page 399: Source-Only Networks
Configuring a Multicast Router Port, page 20-10 • Configuring a Host Statically to Join a Group, page 20-10 • • Enabling IGMP Immediate-Leave Processing, page 20-11 • Configuring the IGMP Leave Timer, page 20-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-7 78-11380-12...
Page 400: Default Igmp Snooping Configuration
(Optional) Save your entries in the configuration file. To globally disable IGMP snooping on all VLAN interfaces, use the no ip igmp snooping global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-8 78-11380-12...
Page 401: Setting The Snooping Method
Snooping on IGMP queries, Protocol Independent Multicast (PIM) packets, and Distance Vector • Multicast Routing Protocol (DVMRP) packets Listening to Cisco Group Management Protocol (CGMP) packets from other routers • Statically connecting to a multicast router port with the ip igmp snooping mrouter global •...
Page 402: Configuring A Multicast Router Port
Statically configure a Layer 2 port as a member of a multicast mac-address interface interface-id group: • vlan-id is the multicast group VLAN ID. mac-address is the group MAC address. • interface-id is the member port. • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-10 78-11380-12...
Page 403: Enabling Igmp Immediate-Leave Processing
To disable IGMP Immediate-Leave on a VLAN, use the no ip igmp snooping vlan vlan-id immediate-leave global configuration command. This example shows how to enable IGMP immediate-leave processing on VLAN 130: Switch# configure terminal Switch(config)# ip igmp snooping vlan 130 immediate-leave Switch(config)# end Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-11 78-11380-12...
Page 404: Configuring The Igmp Leave Timer
Verify that IGMP report suppression is disabled. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To re-enable IGMP report suppression, use the ip igmp snooping report-suppression global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-12 78-11380-12...
Page 405: Disabling Ip Multicast-Source-Only Learning
This example shows how to disable IP multicast-source-only learning and PIM v2 multicast router discovery: Switch# configure terminal Switch(config)# no ip igmp snooping source-only-learning Switch(config)# no ip igmp snooping mrouter learn pim v2 Switch(config)# end Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-13 78-11380-12...
Page 406: Configuring The Aging Time
Step 7 ip igmp snooping querier version version (Optional) Select the IGMP version number that the querier feature uses. Select 1 or 2. Step 8 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-14 78-11380-12...
Page 407: Displaying Igmp Snooping Information
Display information about the IGMP multicast groups, the compatibility mode, and the ports that are associated with each group. (Optional) Enter vlan vlan-id to display information for a single VLAN. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-15 78-11380-12...
Page 408: Understanding Multicast Vlan Registration
CPU, but multicast data packets are not sent to the CPU. Dynamic mode allows the multicast router to run normally because the switch sends the IGMP join Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-16...
Page 409: Using Mvr In A Multicast Television Application
VLAN for MVR multicast control and data traffic. IGMP reports for MVR groups are sent out source ports in the multicast VLAN. When in MVR compatible mode, MVR on the Catalyst 2950 or Catalyst 2955 switch interoperates •...
Page 410 IGMP reports are sent to the same MAC addresses as the multicast data. The Switch A CPU must capture all IGMP join and leave messages from receiver ports and forward them to the multicast VLAN of the source (uplink) port. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-18 78-11380-12...
Page 411: Configuring Mvr
224.0.0.xxx). MVR does not support IGMPv3 messages. • For complete syntax and usage information for the commands used in this section, see the command Note reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-19 78-11380-12...
Page 412: Configuring Mvr Global Parameters
This example shows how to enable MVR, configure the MVR group address, set the query time to 1 second (10 tenths), specify the MVR multicast VLAN as VLAN 22, set the MVR mode as dynamic, and verify the results: Switch(config)# mvr Switch(config)# mvr group 228.1.23.4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-20 78-11380-12...
Page 413: Configuring Mvr Interfaces
This command applies to only receiver ports and should only be enabled on receiver ports to which a single receiver device is connected. Step 7 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-21 78-11380-12...
Page 414: Displaying Mvr Information
VLAN ID range is 1 to 4094. show mvr members [ip-address] Displays all receiver and source ports that are members of any IP multicast group or the specified IP multicast group IP address. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-22 78-11380-12...
Page 415: Configuring Igmp Filtering And Throttling
Default IGMP Filtering Configuration Feature Default Setting IGMP filters None applied IGMP Maximum number of IGMP groups No maximum set IGMP profiles None defined IGMP profile action Deny the range addresses Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-23 78-11380-12...
Page 416: Configuring Igmp Profiles
To delete a profile, use the no ip igmp profile profile number global configuration command. To delete an IP multicast address or range of IP multicast addresses, use the no range ip multicast address IGMP profile configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-24 78-11380-12...
Page 417: Applying Igmp Profiles
Switch# show running-config interface fastethernet0/2 Building configuration... Current configuration : 123 bytes interface fastethernet0/2 no ip address shutdown snmp trap link-status ip igmp max-groups 25 ip igmp filter 4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-25 78-11380-12...
Page 418: Setting The Maximum Number Of Igmp Groups
EtherChannel port group. When the maximum group limitation is set to the default (no maximum), entering the ip igmp • max-groups action {deny | replace} command has no effect. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-26 78-11380-12...
Page 419 IGMP group to the forwarding table when the maximum number of entries is in the table. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip igmp max-groups action replace Switch(config-if)# end Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-27 78-11380-12...
Page 420: Displaying Igmp Filtering And Throttling Configuration
(if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 20-28 78-11380-12...
Page 421: Configuring Storm Control
C H A P T E R Configuring Port-Based Traffic Control This chapter describes how to configure the port-based traffic control features on your Catalyst 2950 or Catalyst 2955 switch. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release.
Page 422: Default Storm Control Configuration
In general, the higher the level, the less effective the protection against broadcast storms. When a non-LRE Catalyst 2950 switch running Cisco IOS Release 12.1(14)EA1 or later uses traffic rates as the threshold values, the rising and falling thresholds are in packets per second. The rising threshold is the rate at which multicast, broadcast, and unicast traffic is received before forwarding is blocked.
Page 423: C H A P T E R 21 Configuring Port-Based Traffic Control
The storm control action occurs when traffic reaches this level. This option is supported only on non-LRE Catalyst 2950 switches running Cisco IOS Release 12.1(14)EA1 or later. (Optional) For pps-low, specify the falling threshold level in •...
Page 424: Configuring Protected Ports
Both LRE interface ports and CPE device ports can be configured as protected ports. When you use a Cisco 575 LRE CPE or a Cisco 576 LRE 997 CPE device, the cpe protected interface configuration command is not available.
Page 425: Configuring Port Blocking
Note configure it. The port blocking feature is only supported on these switches: • Catalyst 2950 Long-Reach Ethernet (LRE) switches running Cisco IOS Release 12.1(14)EA1 or later • Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, 2950G-48-EI, and 2955 switches running Cisco IOS Release 12.1(19)EA1 or later Blocking Flooded Traffic on an Interface The interface can be a physical interface or an EtherChannel group.
Page 426: Resuming Normal Forwarding On A Port
Dynamic secure MAC addresses—These are dynamically learned, stored only in the address table, • and removed when the switch restarts. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-6 78-11380-12...
Page 427: Security Violations
This is the default mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-7 78-11380-12...
Page 428: Default Port Security Configuration
VLAN. When the port is connected to a Cisco IP phone, the IP phone requires up to two MAC addresses. The address of the IP phone is learned on the voice VLAN, and it might or might not be learned on the access VLAN.
Page 429: Enabling And Configuring Port Security
The protect and restrict options cannot be simultaneously enabled on an interface. • Table 21-3 summarizes port security compatibility with other features configured on a port. Table 21-3 Port Security Compatibility with Other Catalyst 2950 and 2955 Features Type of Port Compatible with Port Security port Trunk port...
Page 430 To return the violation mode to the default condition (shutdown mode), use the no switchport port-security violation {protect | restrict} interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-10 78-11380-12...
Page 431: Enabling And Configuring Port Security Aging
MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the aging of statically configured secure addresses on a per-port basis. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-11...
Page 432 Switch(config-if)# switchport port-security aging time 2 Switch(config-if)# switchport port-security aging type inactivity Switch(config-if)# switchport port-security aging static You can verify the previous commands by entering the show port-security interface interface-id privileged EXEC command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-12 78-11380-12...
Page 433: Displaying Port-Based Traffic Control Settings
[interface interface-id] address Displays all secure MAC addresses configured on all switch interfaces or on a specified interface with aging information for each address. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-13 78-11380-12...
Page 434 Chapter 21 Configuring Port-Based Traffic Control Displaying Port-Based Traffic Control Settings Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-14 78-11380-12...
Page 435: Chapter 22 Configuring Udld
When you enable both autonegotiation and UDLD, the Layer 1 and Layer 2 detections work together to prevent physical and logical unidirectional connections and the malfunctioning of other protocols. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-1 78-11380-12...
Page 436: Methods To Detect Unidirectional Links
UDLD sends at least one message to inform the neighbors to flush the part of their caches affected by the status change. The message is intended to keep the caches synchronized. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-2 78-11380-12...
Page 437 If UDLD is in normal mode, the logical link is considered undetermined, and UDLD does not disable the interface. Switch B Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-3 78-11380-12...
Page 438: Configuring Udld
A UDLD-capable interface also cannot detect a unidirectional link if it is connected to a • UDLD-incapable port of another switch. When configuring the mode (normal or aggressive), make sure that the same mode is configured on • both sides of the link. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-4 78-11380-12...
Page 439: Enabling Udld Globally
To disable UDLD globally, use the no udld enable global configuration command to disable normal mode UDLD on all fiber-optic ports. Use the no udld aggressive global configuration command to disable aggressive mode UDLD on all fiber-optic ports. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-5 78-11380-12...
Page 440: Enabling Udld On An Interface
Reset all interfaces shut down by UDLD. Step 2 show udld Verify your entries. Step 3 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-6 78-11380-12...
Page 441: Displaying Udld Status
To display the UDLD status for the specified interface or for all interfaces, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the display, see the command reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-7 78-11380-12...
Page 442 Chapter 22 Configuring UDLD Displaying UDLD Status Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-8 78-11380-12...
Page 443: Chapter 23 Configuring Cdp
• Understanding CDP CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.
Page 444: Default Cdp Configuration
The range is 10 to 255 seconds; the default is 180 seconds. Step 4 cdp advertise-v2 (Optional) Configure CDP to send Version-2 advertisements. This is the default state. Step 5 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 23-2 78-11380-12...
Page 445: Disabling And Enabling Cdp
Enable CDP after disabling it. Step 3 Return to privileged EXEC mode. This example shows how to enable CDP if it has been disabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 23-3 78-11380-12...
Page 446: Disabling And Enabling Cdp On An Interface
(Optional) Save your entries in the configuration file. This example shows how to enable CDP on an interface when it has been disabled. Switch# configure terminal Switch(config)# interface fastethernet0/1 Switch(config-if)# cdp enable Switch(config-if)# end Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 23-4 78-11380-12...
Page 447: Monitoring And Maintaining Cdp
You can limit the display to neighbors on a specific type or number of interface or expand the display to provide more detailed information. show cdp traffic Display CDP counters, including the number of packets sent and received and checksum errors. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 23-5 78-11380-12...
Page 448 Chapter 23 Configuring CDP Monitoring and Maintaining CDP Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 23-6 78-11380-12...
Page 449: Chapter 24 Configuring Span And Rspan
24-1, all traffic on port 4 (the source port) is mirrored to port 8 (the destination port). A network analyzer on port 8 receives all network traffic from port 4 without being physically attached to port 4. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-1 78-11380-12...
Page 450 You can use the SPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) Sensor Appliance to a destination port, the IDS device can send TCP Reset packets to close down the TCP session of a suspected attacker.
Page 451: Span And Rspan Concepts And Terminology
SPAN destination would also drop the packet. If the source port is oversubscribed, the destination ports will have different dropping behavior. Both—In a SPAN session, you can monitor a series or range of ports for both received and sent • packets. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-3 78-11380-12...
Page 452: Source Port
• It does not participate in spanning tree while the SPAN session is active. When it is a destination port, it does not participate in any of the Layer 2 protocols— Cisco • Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), Port Aggregation Protocol (PagP), and Link Aggregation Control Protocol (LACP).
Page 453: Reflector Port
Rx monitor and the a2 Rx and Tx monitor to destination port d1. If a packet enters the switch through a1 and is switched to a2, both incoming and outgoing packets are sent to destination port d1. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-5...
Page 454: Span And Rspan Interaction With Other Features
SPAN or RSPAN session is disabled. On a source port, SPAN does not affect the STP status. STP can be active on trunk ports carrying an RSPAN VLAN. Cisco Discovery Protocol (CDP)—A SPAN destination port does not participate in CDP while the •...
Page 455: Span And Rspan Session Limits
You can have only one destination port per SPAN session. You cannot have two SPAN sessions using • the same destination port. An EtherChannel port can be a SPAN source port; it cannot be a SPAN destination port. • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-7 78-11380-12...
Page 456: Creating A Span Session And Specifying Ports To Monitor
(Optional) Specify the direction of traffic to monitor. If you do not specify a traffic direction, the source interface sends both sent and received traffic. both—Monitor both received and sent traffic. • rx—Monitor received traffic. • • tx—Monitor sent traffic. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-8 78-11380-12...
Page 457: Creating A Span Session And Enabling Ingress Traffic
Clear any existing SPAN configuration for the session. local | remote} For session_number, specify 1. Specify all to remove all SPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-9 78-11380-12...
Page 458 Switch(config)# monitor session 1 destination interface fastethernet0/5 encapsulation dot1q ingress vlan 5 This example shows how to disable ingress traffic forwarding on the destination port. Switch(config)# monitor session 1 destination interface fastethernet0/5 encapsulation dot1q Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-10 78-11380-12...
Page 459: Removing Ports From A Span Session
Switch(config)# no monitor session 1 source interface fastethernet0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-11 78-11380-12...
Page 460: Configuring Rspan
RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols. • In a network consisting of only Catalyst 2950 or Catalyst 2955 switches, you must use a unique • RSPAN VLAN session on each source switch. If more than one source switch uses the same RSPAN VLAN, the switches are limited to act only as source switches to ensure the delivery of all monitored traffic to the destination switch.
Page 461: Configuring A Vlan As An Rspan Vlan
To remove the remote SPAN characteristic from a VLAN and convert it back to a normal VLAN, use the no remote-span VLAN configuration command. This example shows how to create RSPAN VLAN 901. Switch(config)# vlan 901 Switch(config-vlan)# remote span Switch(config-vlan)# end Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-13 78-11380-12...
Page 462: Creating An Rspan Source Session
Step 5 Return to privileged EXEC mode. Step 6 show monitor [session session_number] Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-14 78-11380-12...
Page 463: Creating An Rspan Destination Session
This example shows how to configure VLAN 901 as the source remote VLAN and port 5 as the destination interface: Switch(config)# monitor session 1 source remote vlan 901 Switch(config)# monitor session 1 destination interface fastethernet0/5 Switch(config)# end Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-15 78-11380-12...
Page 464: Removing Ports From An Rspan Session
Switch(config)# no monitor session 1 source interface fastEthernet0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-16 78-11380-12...
Page 465: Displaying Span And Rspan Status
Source RSPAN VLAN : None Destination Ports : Fa0/5 Encapsulation: DOT1Q Ingress: Enabled, default VLAN = 5 Reflector Port : None Filter VLANs : None Dest RSPAN VLAN : None Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-17 78-11380-12...
Page 466 Chapter 24 Configuring SPAN and RSPAN Displaying SPAN and RSPAN Status Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 24-18 78-11380-12...
Page 467: Chapter 25 Configuring Rmon
RMON provides you with comprehensive network-fault diagnosis, planning, and performance-tuning information. Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Configuration Fundamentals Command Reference for Cisco IOS Release 12.1. This chapter consists of these sections: Understanding RMON, page 25-1 •...
Page 468: Configuring Rmon
This section describes how to configure RMON on your switch. It contains this configuration information: Default RMON Configuration, page 25-3 • Configuring RMON Alarms and Events, page 25-3 • Configuring RMON Collection on an Interface, page 25-5 • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 25-2 78-11380-12...
Page 469: Default Rmon Configuration
(Optional) For event-number, specify the event number to trigger when the rising or falling threshold exceeds its limit. (Optional) For owner string, specify the owner • of the alarm. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 25-3 78-11380-12...
Page 470 This example also generates an SNMP trap when the event is triggered. Switch(config)# rmon event 1 log trap eventtrap description “High ifOutErrors” owner jjones Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 25-4 78-11380-12...
Page 471: Configuring Rmon Collection On An Interface
Display the contents of the switch history table. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable history collection, use the no rmon collection history index interface configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 25-5 78-11380-12...
Page 472: Displaying Rmon Status
Displays the RMON history table. show rmon statistics Displays the RMON statistics table. For information about the fields in these displays, see the Cisco IOS Configuration Fundamentals Command Reference for Cisco IOS Release 12.1. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide...
Page 473: Chapter 26 Configuring System Message Logging
C H A P T E R Configuring System Message Logging This chapter describes how to configure system message logging on your Catalyst 2950 or Catalyst 2955 switch. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note Configuration Fundamentals Command Reference, Release 12.1.
Page 474: Configuring System Message Logging
Table 26-4 on page 26-12. severity Single-digit code from 0 to 7 that is the severity of the message. For a description of the severity levels, see Table 26-3 on page 26-9. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-2 78-11380-12...
Page 475: Default System Message Logging Configuration
Disabled. Syslog server IP address None configured. Server facility Local7 (see Table 26-4 on page 26-12). Server severity Informational (and numerically lower levels; see Table 26-3 on page 26-9). Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-3 78-11380-12...
Page 476: Disabling And Enabling Message Logging
EXEC command to view the free processor memory on the switch; however, this value is the maximum available, and the buffer size should not be set to this amount. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-4 78-11380-12...
Page 477 To disable logging to the console, use the no logging console global configuration command. To disable logging to a file, use the no logging file [severity-level-number | type] global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-5...
Page 478: Synchronizing Log Messages
(Optional) For limit number-of-buffers, specify the number of • buffers to be queued for the terminal after which new messages are dropped. The default is 20. Step 4 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-6 78-11380-12...
Page 479: Enabling And Disabling Timestamps On Log Messages
1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) This example shows part of a logging display with the service timestamps log uptime global configuration command enabled: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-7 78-11380-12...
Page 480: Enabling And Disabling Sequence Numbers In Log Messages
Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. show logging Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-8 78-11380-12...
Page 481: Limiting Syslog Messages Sent To The History Table And To Snmp
By default, one message of the level warning and numerically lower levels (see Table 26-3 on page 26-9) are stored in the history table even if syslog traps are not enabled. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-9 78-11380-12...
Page 482: Configuring Unix Syslog Servers
Configuring UNIX Syslog Servers The next sections describe how to configure the UNIX server syslog daemon and how to define the UNIX system logging facility. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-10 78-11380-12...
Page 483: Logging Messages To A Unix Syslog Daemon
Step 3 logging trap level Limit messages logged to the syslog servers. Be default, syslog servers receive informational messages and lower. See Table 26-3 on page 26-9 for level keywords. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 26-11 78-11380-12...
Page 484: Displaying The Logging Configuration
Displaying the Logging Configuration To display the logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.1.
Page 485: Understanding Snmp
For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. This chapter consists of these sections: Understanding SNMP, page 27-1 •...
Page 486: Snmp Versions
A combination of the security level and the security model determine which security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-2 78-11380-12...
Page 487: Snmp Manager Functions
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-3 78-11380-12...
Page 488: Snmp Agent Functions
For more information, see Chapter 6, “Clustering Switches” and see the Getting Started with Cisco Network Assistant, available on Cisco.com. Using SNMP to Access MIB Variables An example of an NMS is the CiscoWorks network management software. CiscoWorks 2000 software uses the switch MIB variables to set device variables and to poll devices on the network for specific information.
Page 489: Snmp Notifications
SNMP manager receive every notification, use inform requests. If traffic on the network or memory in the switch is a concern and notification is not required, use traps. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-5...
Page 490: Default Snmp Configuration
An SNMP group is a table that maps SNMP users to SNMP views. An SNMP user is a member of an SNMP group. An SNMP host is the recipient of an SNMP trap operation. An SNMP engine ID is a name for the local or remote SNMP engine. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-6 78-11380-12...
Page 491: Disabling The Snmp Agent
The no snmp-server global configuration command disables all running versions (Version 1, Version 2C, and Version 3) on the device. No specific Cisco IOS command exists to enable SNMP. The first snmp-server global configuration command that you enter enables all versions of SNMP.
Page 492: Configuring Community Strings
Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-8 78-11380-12...
Page 493: Configuring Snmp Groups And Users
If you select remote, specify the ip-address of the device that contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. The default is 162. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-9 78-11380-12...
Page 494 64 characters) that is the name of the view in which you specify a notify, inform, or trap. (Optional) Enter access access-list with a string (not to exceed • 64 characters) that is the name of the access list. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-10 78-11380-12...
Page 495: Configuring Snmp Notifications
By default, no trap manager is defined, and no traps are sent. Switches running this Cisco IOS release can have an unlimited number of trap managers. Many commands use the word traps in the command syntax. Unless there is an option in the command Note to select either traps or informs, the keyword traps refers to either traps, informs, or both.
Page 496 [access access-list] | v3 [encrypted] configuring the engine ID for the remote host. Otherwise, you [access access-list] [auth {md5 | sha} receive an error message, and the command is not executed. auth-password]} Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-12 78-11380-12...
Page 497 To enable a host to receive an inform, you must configure an snmp-server host informs command for the host and globally enable informs by using the snmp-server enable traps command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-13...
Page 498: Setting The Agent Contact And Location Information
Limit TFTP servers used for configuration file copies through access-list-number SNMP to the servers in the access list. For access-list-number, enter an IP standard access list numbered from 1 to 99 and 1300 to 1999. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 27-14 78-11380-12...
Page 499: Snmp Examples
This example shows how to allow read-only access for all objects to members of access list 4 that use the comaccess community string. No other SNMP managers have access to any objects. SNMP Authentication Failure traps are sent by SNMPv2C to the host cisco.com using the community string public.
Page 500: Displaying Snmp Status
Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
Page 501: Chapter 28 Configuring Network Security With Acls
C H A P T E R Configuring Network Security with ACLs This chapter describes how to configure network security on a Catalyst 2950 or Catalyst 2955 switch by using access control lists (ACLs), which are also referred to in commands and tables as access lists.
Page 502: Understanding Acls
The switch examines access lists associated with features configured on a given interface. As packets enter the switch on an interface, ACLs associated with all inbound features configured on that interface are examined. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-2 78-11380-12...
Page 503: Handling Fragmented And Unfragmented Traffic
Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch (config)# access-list 102 deny tcp any host 10.1.1.2 eq telnet Switch (config)# access-list 102 deny tcp any any Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-3 78-11380-12...
Page 504: Understanding Access Control Parameters
There are no restrictions on the IP subnet to be specified.) You can use any combination or all of these fields simultaneously to define a flow. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-4 78-11380-12...
Page 505 All other combinations of system-defined and user-defined masks are allowed in security ACLs. The switch ACL configuration is consistent with other Cisco Catalyst switches. However, there are significant restrictions for configuring ACLs on the switches. Only four user-defined masks can be defined for the entire system. These can be used for either security or quality of service (QoS) but cannot be shared by QoS and security.
Page 506: Guidelines For Applying Acls To Physical Interfaces
“Creating MAC Access Groups” section on page 28-18 • Configuring ACLs on a Layer 2 interface is the same as configuring ACLs on Cisco routers. The process is briefly described here. For more detailed information about configuring router ACLs, see the “Configuring IP Services”...
Page 507: Unsupported Features
Configuring ACLs Release 12.1. For detailed information about the commands, see the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1. For a list of Cisco IOS features not supported on the switch, see the “Unsupported Features” section on page 28-7.
Page 508: Acl Numbers
For information about creating ACLs to apply to a management interface, see the “Configuring IP Note Services” section of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1 and the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1. You can these apply these ACLs only to a management interface.
Page 509 Switch (config)# access-list 2 deny host 171.69.198.102 Switch (config)# access-list 2 permit any Switch(config)# end Switch# show access-lists Standard IP access list 2 deny 171.69.198.102 permit any Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-9 78-11380-12...
Page 510: Creating A Numbered Extended Acl
1. X in a protocol column means support for the filtering parameter. 2. No support for type of service (ToS) minimize monetary cost bit. For more details about the specific keywords relative to each protocol, see the Cisco IP and IP Routing Command Reference, Cisco IOS Release 12.1.
Page 511 For information about creating ACLs to apply to management interfaces, see the “Configuring IP Note Services” section of Cisco IOS IP and IP Routing Configuration Guide, Release 12.1 and the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1. You can apply ACLs only to a management interface or the CPU, such as SNMP, Telnet, or web traffic.
Page 512 After creating an ACL, you must apply it to a line or interface, as described in the “Applying ACLs to Terminal Lines or Physical Interfaces” section on page 28-18. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-12 78-11380-12...
Page 513: Creating Named Standard And Extended Acls
{name | Define an extended IP access list by using a name, and enter access-list-number} access-list configuration mode. The name can be a number from 100 to 199. Note Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-13 78-11380-12...
Page 514: Applying Time Ranges To Acls
You have more control over permitting or denying a user access to resources, such as an application • (identified by an IP address mask pair and a port number). Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-14 78-11380-12...
Page 515 Switch(config-time-range)# absolute start 00:00 24 Dec 2000 end 23:50 25 Dec 2000 Switch(config-time-range)# end Switch# show time-range time-range entry: christmas_2000 (inactive) absolute start 00:00 24 December 2000 end 23:50 25 December 2000 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-15 78-11380-12...
Page 516: Including Comments About Entries In Acls
In this example, the workstation belonging to Jones is allowed access, and the workstation belonging to Smith is not allowed access: Switch(config)# access-list 1 remark Permit only Jones workstation through Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-16 78-11380-12...
Page 517: Creating Named Mac Extended Acls
ACEs from named MAC extended ACLs. This example shows how to create and display an access list named mac1, denying only EtherType DECnet Phase IV traffic, but permitting all other types of traffic. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-17 78-11380-12...
Page 518: Creating Mac Access Groups
Applying ACLs to Terminal Lines or Physical Interfaces Before applying an ACL to a physical interface, see the “Guidelines for Applying ACLs to Physical Note Interfaces” section on page 28-6. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-18 78-11380-12...
Page 519: Applying Acls To A Terminal Line
You can apply ACLs to any management interface. For information on creating ACLs on management interfaces, see the “Configuring IP Services” section of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1 and the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1.
Page 520: Applying Acls To A Physical Interface
This section consists of these topics: Displaying ACLs, page 28-20 • Displaying Access Groups, page 28-22 • Displaying ACLs You can display existing ACLs by using show commands. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-20 78-11380-12...
Page 521 12.12.12.12 Standard IP access list 12 deny 1.3.3.2 Standard IP access list 32 permit 172.20.20.20 Standard IP access list 34 permit 10.24.35.56 permit 23.45.56.34 Extended IP access list 120 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-21 78-11380-12...
Page 522: Displaying Access Groups
This example shows how to display the ACL configuration of Gigabit Ethernet interface 0/1: Switch# show running-config interface gigabitethernet0/1 Building configuration... Current configuration :112 bytes interface GigabitEthernet0/1 ip access-group 11 in snmp trap link-status no cdp enable end! Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-22 78-11380-12...
Page 523: Examples For Compiling Acls
Examples for Compiling ACLs For detailed information about compiling ACLs, see the Security Configuration Guide and the “IP Services” chapter of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1. Figure 28-2 shows a small networked office with a number of switches that are connected to a Cisco router.
Page 524: Numbered Acl Examples
Switch(config-ext-nacl)# permit ip any any The ACLs are applied to permit a port with the Marketing_group ACL applied to incoming traffic. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group marketing_group in Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-24 78-11380-12...
Page 525: Commented Ip Acl Entry Examples
In this example of a named ACL, the Jones subnet is not allowed to use outbound Telnet: Switch(config)# ip access-list extended telnetting Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out Switch(config-ext-nacl)# deny tcp 171.69.0.0 0.0.255.255 any eq telnet Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-25 78-11380-12...
Page 526 Chapter 28 Configuring Network Security with ACLs Examples for Compiling ACLs Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 28-26 78-11380-12...
Page 527: Chapter 29 Configuring Qos
QoS commands. With QoS, you can give preferential treatment to certain types of traffic at the expense of others. Without QoS, the Catalyst 2950 or Catalyst 2955 switch offers best-effort service to each packet, regardless of the packet contents or size. It sends the packets without any assurance of reliability, delay bounds, or throughput.
Page 528: Understanding Qos
VLAN. Other frame types cannot carry Layer 2 CoS values. Layer 2 CoS values range from 0 for low priority to 7 for high priority. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-2 78-11380-12...
Page 529 Implementing QoS in your network can be a simple or complex task and depends on the QoS features offered by your internetworking devices, the traffic types and patterns in your network, and the granularity of control that you need over incoming and outgoing traffic. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-3 78-11380-12...
Page 530: Basic Qos Model
The DSCP and CoS are marked or changed accordingly. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-4 78-11380-12...
Page 531: Classification
• processing occurs on the packet. If multiple ACLs are configured on an interface, the packet matches the first ACL with a permit • action, and QoS processing begins. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-5 78-11380-12...
Page 532: Classification Based On Class Maps And Policy Maps
The policy map can also contain commands that define the policer, the bandwidth limitations of the traffic, and the action to take if the limits are exceeded. For more information, see the “Policing and Marking” section on page 29-7. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-6 78-11380-12...
Page 533: Policing And Marking
QoS, traffic in all VLANs received through the interface is classified, policed, and marked according to the policy map attached to the interface. Note You cannot configure policers on the egress interfaces. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-7 78-11380-12...
Page 534: Mapping Tables
How Class of Service Works Before you set up IEEE 802.1p CoS on a Catalyst 2950 or Catalyst 2955 switch that operates with the Catalyst 6000 family of switches, see the Catalyst 6000 documentation. There are differences in the IEEE 802.1p implementation that you should understand to ensure compatibility.
Page 535: Port Scheduling
WRR scheduling. You can enable the egress expedite queue and assign WRR weights to the other queues by using the wrr-queue bandwidth weight1 weight2 weight3 0 global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-9 78-11380-12...
Page 536: Configuring Auto-Qos
The switch uses the resulting classification to choose the appropriate egress queue. You use auto-QoS commands to identify ports connected to Cisco IP Phones and to devices running the Cisco SoftPhone application. You also use the commands to identify ports that receive trusted traffic through an uplink.
Page 537 When you enter the auto qos voip cisco-phone interface configuration command on a port at the • edge of a network that is connected to a Cisco IP Phone, the switch enables the trusted boundary feature. The switch uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP Phone.
Page 538: Effects Of Auto-Qos On The Configuration
Any user-entered configuration that was overridden can be retrieved by reloading the switch without saving the current configuration to memory. If the generated commands fail to be applied, the previous running configuration is restored. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-12 78-11380-12...
Page 539: Configuration Guidelines
The generated auto-QoS configuration was changed and support for the Cisco SoftPhone feature was added. If auto-QoS is configured on the switch, if your switch is running a release earlier than Cisco IOS Release 12.2(20)EA2, and if you upgrade to Cisco IOS Release 12.2(20)EA2 or later, the configuration file will not contain the new configuration, and auto-QoS will not operate.
Page 540: Enabling Auto-Qos For Voip
Step 2 interface interface-id Specify the interface that is connected to a Cisco IP Phone, and enter interface configuration mode. You also can specify the uplink interface that is connected to another trusted witch or router in the interior of the network.
Page 541: Displaying Auto-Qos Information
Displaying Auto-QoS Information This example shows how to enable auto-QoS and to trust the QoS labels in incoming packets when the device connected to the interface is detected as a Cisco IP Phone: Switch(config)# interface fastethernet0/1 Switch(config-if)# auto qos voip cisco-phone...
Page 542 The intelligent wiring closets in Figure 29-3 are composed of Catalyst 2950 switches running the EI and Catalyst 3550 switches. The object of this example is to prioritize the VoIP traffic over all other traffic. To do so, enable auto-QoS on the switches at the edge of the QoS domains in the wiring closets.
Page 543 Return to global configuration mode. Step 7 Repeat Steps 4 to 6 for as many ports as are connected to the Cisco IP Phone. Step 8 interface interface-id Specify the switch port identified as connected to a trusted switch or router, and enter interface configuration mode.
Page 544: Configuring Standard Qos
The default scheduling method for the egress queues is strict priority. • For default CoS and WRR values, see the “Configuring the Egress Queues” section on page 29-37. • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-18 78-11380-12...
Page 545: Configuration Guidelines
Chapter 29 Configuring QoS Configuring Standard QoS In software releases earlier than Cisco IOS Release 12.1(11)EA1, the switch uses the CoS value of Note incoming packets without modifying the DSCP value. You can configure this by enabling pass-through mode on the port. For more information, see the “Enabling Pass-Through Mode”...
Page 546: Configuring Classification Using Port Trust States
QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every switch within the QoS domain. Figure 29-4 shows a sample network topology. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-20 78-11380-12...
Page 547 Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be trusted, and enter interface configuration mode. Valid interfaces include physical interfaces. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-21 78-11380-12...
Page 548: Configuring The Cos Value For An Interface
Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be trusted, and enter interface configuration mode. Valid interfaces include physical interfaces. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-22 78-11380-12...
Page 549: Configuring Trusted Boundary
CoS setting). By contrast, trusted boundary uses CDP to detect the presence of a Cisco IP Phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue.
Page 550 When you enter the no mls qos trust interface configuration command, trusted boundary is not disabled. If this command is entered and the port is connected to a Cisco IP Phone, the port does not trust the classification of traffic that it receives. To disable trusted boundary, use the no mls qos trust device...
Page 551: Enabling Pass-Through Mode
Cisco IOS Release 12.1(11)EA1. In Cisco IOS Release 12.1(11)EA1 or later, the switch assigns a CoS value of 0 to all incoming packets without modifying the packets. The switch offers best-effort service to each packet regardless of the packet contents or size and sends it from a single egress queue.
Page 552: Configuring A Qos Policy
• Classifying Traffic by Using ACLs, page 29-27 • Classifying Traffic by Using Class Maps, page 29-30 Classifying, Policing, and Marking Traffic by Using Policy Maps, page 29-31 • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-26 78-11380-12...
Page 553 Any host with a source address that does not match the ACL statements is rejected. Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-27 78-11380-12...
Page 554 (?) to see a list of available values. The time-range keyword is optional. For information about this keyword, see the “Applying Time Ranges to ACLs” section on page 28-14. Step 3 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-28 78-11380-12...
Page 555 For more information about creating MAC extended ACLs, see the “Creating Named MAC Extended ACLs” section on page 28-17. To delete an ACL, use the no mac access-list extended name global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-29 78-11380-12...
Page 556 Step 3 class-map class-map-name Create a class map, and enter class-map configuration mode. By default, no class maps are defined. For class-map-name, specify the name of the class map. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-30 78-11380-12...
Page 557: Classifying, Policing, And Marking Traffic By Using Policy Maps
A separate policy-map class can exist for each type of traffic received through an interface. • You can attach only one policy map per interface in the input direction. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-31 78-11380-12...
Page 558 In a policy map, the class named class-default is not supported. Note The switch does not filter traffic based on the policy map defined by the class class-default policy-map configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-32 78-11380-12...
Page 559 For details about configuring policy maps and security ACLs on the same interface, see Table 29-5 on page 29-20. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-33 78-11380-12...
Page 560: Configuring Cos Maps
This section describes how to configure the CoS maps: Configuring the CoS-to-DSCP Map, page 29-35 • Configuring the DSCP-to-CoS Map, page 29-36 • All the maps are globally defined. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-34 78-11380-12...
Page 561: Configuring The Cos-To-Dscp Map
Switch(config)# mls qos map cos-dscp 8 8 8 8 24 32 56 56 Switch(config)# end Switch# show mls qos maps cos-dscp Cos-dscp map: cos: -------------------------------- dscp: 8 24 32 56 56 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-35 78-11380-12...
Page 562: Configuring The Dscp-To-Cos Map
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default map, use the no mls qos map dscp-cos global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-36 78-11380-12...
Page 563: Configuring The Egress Queues
Display the mapping of the CoS priority queues. To disable the new CoS settings and return to default settings, use the no wrr-queue cos-map global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-37 78-11380-12...
Page 564: Configuring Wrr Priority
29-38. Enabling the Expedite Queue and Configuring WRR Priority In Cisco IOS Release 12.1(12c)EA1 or later, beginning in privileged EXEC mode, follow these steps to enable the expedite queue (queue 4) and assign WRR priority to the remaining queues: Command...
Page 565: Displaying Standard Qos Information
Figure 29-5. It contains this information: QoS Configuration for the Existing Wiring Closet, page 29-40 • QoS Configuration for the Intelligent Wiring Closet, page 29-41 • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-39 78-11380-12...
Page 566: Qos Configuration For The Existing Wiring Closet
Catalyst 2900 XL and 3500 XL switches, for example. These switches are running Cisco IOS Release 12.0(5)XP or later, which supports the QoS-based IEEE 802.1p CoS values. QoS classifies frames by assigning priority-indexed CoS values to them and gives preference to higher-priority traffic.
Page 567: Qos Configuration For The Intelligent Wiring Closet
QoS Configuration for the Intelligent Wiring Closet Figure 29-5 shows an intelligent wiring closet with Catalyst 2950 switches, for example. One of the switches is connected to a video server, which has an IP address of 172.20.10.16. The object of this example is to prioritize the video traffic over all other traffic. To do so, a DSCP of 46 is assigned to the video traffic.
Page 568 Verify your entries. show policy-map videopolicy show mls qos maps [cos-dscp | dscp-cos] Step 19 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 29-42 78-11380-12...
Page 569: Chapter 30 Configuring Etherchannels
C H A P T E R Configuring EtherChannels This chapter describes how to configure EtherChannel on the Layer 2 interfaces of a Catalyst 2950 or Catalyst 2955 switch. This chapter consists of these sections: Understanding EtherChannels, page 30-1 •...
Page 570: Understanding Port-Channel Interfaces
The network device to which your switch is connected can impose its own limits on the number of Note interfaces in the EtherChannel. For Catalyst 2950 and Catalyst 2955 switches, the number of EtherChannels is limited to six with eight ports per EtherChannel.
Page 571: Understanding The Port Aggregation Protocol And Link Aggregation Protocol
EtherChannels by exchanging packets between Ethernet interfaces. PAgP is a Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by licensed vendors to support PAgP. LACP is defined in IEEE 802.3ad and allows Cisco switches to manage Ethernet channels between switches that conform to the IEEE 802.3ad protocol.
Page 572: Pagp And Lacp Modes
If your switch is connected to a partner that is PAgP-capable, you can configure the switch interface for nonsilent operation by using the non-silent keyword. If you do not specify non-silent with the auto or desirable mode, silent mode is assumed. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-4 78-11380-12...
Page 573: Physical Learners And Aggregate-Port Learners
Load distribution based on the source-MAC address of the packet • Load distribution based on the destination-MAC address of the packet • The switch supports up to eight ports in a PAgP group. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-5 78-11380-12...
Page 574: Pagp And Lacp Interaction With Other Features
Understanding EtherChannels PAgP and LACP Interaction with Other Features The Dynamic Trunking Protocol (DTP) and Cisco Discovery Protocol (CDP) send and receive packets over the physical interfaces in the EtherChannel. Trunk ports send and receive PAgP and LACP protocol data units (PDUs) on the lowest numbered VLAN.
Page 575: Configuring Etherchannels
After you configure an EtherChannel, configuration changes applied to the port-channel interface apply Note to all the physical interfaces assigned to the port-channel interface, and configuration changes applied to the physical interface affect only the interface where you apply the configuration. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-7 78-11380-12...
Page 576: Default Etherchannel Configuration
If EtherChannels are configured on switch interfaces, remove the EtherChannel configuration from the interfaces before globally enabling IEEE 802.1x on a switch by using the dot1x system-auth-control global configuration command. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-8 78-11380-12...
Page 577: Configuring Layer 2 Etherchannels
Setting different spanning-tree path costs does not, by itself, make interfaces incompatible for the formation of an EtherChannel. • Configure only PAgP-type EtherChannels on Catalyst 2950 Long-Reach Ethernet (LRE) switch ports. Configuring Layer 2 EtherChannels You configure Layer 2 EtherChannels by configuring the Ethernet interfaces with the channel-group interface configuration command, which creates the port-channel logical interface.
Page 578 30-4. Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-10 78-11380-12...
Page 579: Configuring Etherchannel Load Balancing
• set to on, set the load-distribution method based on the source-MAC address by using the port-channel load-balance src-mac global configuration command. Step 3 Return to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-11 78-11380-12...
Page 580: Configuring The Pagp Learn Method And Priority
If the link partner to the Catalyst 2950 or Catalyst 2955 switch is a physical learner that has the channel-group interface configuration command set to on, set the load-distribution method based on the source-MAC address by using the port-channel load-balance src-mac global configuration command.
Page 581: Configuring Hot Standby Ports
The lacp system-priority command is global. You cannot set a system priority for each Note LACP-configured channel separately. We recommend using this command only when there are a combination of LACP-configured EtherChannels that are in both active and standby modes. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-13 78-11380-12...
Page 582: Displaying Etherchannel, Pagp, And Lacp Status
2. You can clear LACP channel-group information and traffic filters by using the clear lacp {channel-group-number counters] | counters} privileged EXEC command. For detailed information about the fields in the command outputs, see the command reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 30-14 78-11380-12...
Page 583: Chapter 31 Troubleshooting
This chapter describes how to identify and resolve Catalyst 2950 and Catalyst 2955 software problems related to the Cisco IOS software. Depending on the nature of the problem, you can use the command-line interface (CLI), the device manager, or Network Assistant to identify and solve problems.
Page 584: Recovering From A Software Failure
Recovering from Lost or Forgotten Passwords on Non-LRE Catalyst 2950 Switches Follow these steps if you have forgotten or lost the switch password on a non-LRE Catalyst 2950 switch: Connect a terminal or PC with terminal emulation software to the console port. For more information, Step 1 see the switch hardware installation guide.
Page 585 Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can use the following normal commands to change the password. Enter global configuration mode: Step 14 switch# configure terminal Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-3 78-11380-12...
Page 586: Recovering From Lost Or Forgotten Passwords On Catalyst 2950 Lre Switches
The new password is now included in the startup configuration. Recovering from Lost or Forgotten Passwords on Catalyst 2950 LRE Switches An end user with physical access to the switch can recover from a lost password by interrupting the boot process during power-on and by entering a new password.
Page 587: Password Recovery With Password Recovery Enabled
Continue with the configuration dialog? [yes/no]: N At the switch prompt, enter privileged EXEC mode: Step 7 Switch> enable Rename the configuration file to its original name: Step 8 Switch# rename flash: config.text.old flash: config.text Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-5 78-11380-12...
Page 588: Procedure With Password Recovery Disabled
Returning the switch to the default configuration results in the loss of all existing configurations. We recommend that you contact your system administrator to verify if there are backup switch and VLAN configuration files. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-6 78-11380-12...
Page 589 Return to privileged EXEC mode: Switch (config)# exit Switch# Write the running configuration to the startup configuration file: Step 9 Switch# copy running-config startup-config The new password is now in the startup configuration. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-7 78-11380-12...
Page 590: Recovering From Lost Or Forgotten Passwords On Catalyst 2955 Switches
On a PC running Windows 2000, Ctrl-Break is the break key. Cisco TAC has tabulated break keys for most common operating systems and an alternative break key sequence for those terminal emulators that do not support the break keys. See http://www.cisco.com/warp/public/701/61.html#how-to for that list.
Page 591 Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can use these normal commands to change the password. Enter global configuration mode: Step 14 switch# configure terminal Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-9 78-11380-12...
Page 592: Recovering From A Command Switch Failure
Hot Standby Router Protocol (HSRP). For more information, see Chapter 6, “Clustering Switches” and the Getting Started with Cisco Network Assistant, available on Cisco.com. HSRP is the preferred method for supplying redundancy to a cluster.
Page 593 When prompted for the Telnet (virtual terminal) password, recall that it can be from 1 to 25 alphanumeric characters, is case sensitive, allows spaces, but ignores leading spaces. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-11 78-11380-12...
Page 594: Replacing A Failed Command Switch With Another Switch
Would you like to enter basic management setup? [yes/no]: Step 7 Enter Y at the first prompt. The prompts in the setup program vary depending on the switch you selected to be the command switch: Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-12 78-11380-12...
Page 595: Recovering From Lost Member Connectivity
Catalyst 3500 XL, Catalyst 2900 XL, Catalyst 2820, and Catalyst 1900 member switches must connect to the command switch through a port that belongs to the same management VLAN. A member switch (Catalyst 3550, Catalyst 3500 XL, Catalyst 2950, Catalyst 2940, •...
Page 596: Preventing Autonegotiation Mismatches
ID, the security code, or CRC is invalid, the switch places the interface in an error-disabled state. If you are using a non-Cisco CWDM GBIC or SFP module, remove the GBIC or SFP module from the Note switch, and replace it with a Cisco module.
Page 597: Using Ping
Sending 5, 100-byte ICMP Echoes to 172.20.52.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms Switch# Table 31-1 describes the possible ping character output. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-15 78-11380-12...
Page 598: Using Layer 2 Traceroute
These are the Layer 2 traceroute usage guidelines: • Cisco Discovery Protocol (CDP) must be enabled on all the devices in the network. For Layer 2 traceroute to functional properly, do not disable CDP. If any devices in the physical path are transparent to CDP, the switch cannot identify the path through these devices.
Page 599: Displaying The Physical Path
[interface interface-id] {source-mac-address} [interface interface-id] • {destination-mac-address} [vlan vlan-id] [detail] traceroute mac ip {source-ip-address | source-hostname} {destination-ip-address | • destination-hostname} [detail] For more information, see the command reference for this release. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-17 78-11380-12...
Page 600: Diagnosing Lre Connection Problems
Diagnosing LRE Connection Problems Table 31-2 lists problems that you might encounter when configuring and monitoring the LRE ports on the Catalyst 2950 LRE switches. For more information about LRE connections, see the “Environmental Guidelines for LRE Links” section on page 12-9.
Page 601: Using Debug Commands
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Page 602: Enabling Debugging On A Specific Feature
Possible destinations include the console, virtual terminals, internal buffer, and UNIX hosts running a syslog server. The syslog format is compatible with 4.3 Berkeley Standard Distribution (BSD) UNIX and its derivatives. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 31-20 78-11380-12...
Page 603: Using The Debug Auto Qos Command
Step 3 interface interface-id Specify the interface that is connected to a Cisco IP Phone, and enter interface configuration mode. You also can specify the uplink interface that is connected to another switch or router in the interior of the network.
Page 604: Using The Show Controllers Commands
Switch(config-if)# auto qos voip cisco-phone Using the show controllers Commands You can display the statistics, configuration, and other information about the Catalyst 2950 LRE switch, the connected CPE devices, and the LRE link. Use the privileged EXEC commands in Table 31-3...
Page 605: Appendix
CISCO-ENTITY-VENDORTYPE-OID-MIB • • CISCO_ENVMON_MIB CISCO-FLASH-MIB • CISCO-FTP-CLIENT-MIB • CISCO-IETF-VDSL-LINE-MIB (Catalyst 2950 Long-Reach Ethernet [LRE] only) • CISCO-IGMP-FILTER-MIB • CISCO-IMAGE-MIB • CISCO-LRE-CPR-MIB (Catalyst 2950 LRE only) • CISCO-MAC-NOTIFICATION-MIB • CISCO-MEMORY-POOL-MIB • Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 606: Appendix A Supported Mib
OLD-CISCO-IP-MIB • OLD-CISCO-MEMORY-MIB • OLD-CISCO-SYSTEM-MIB • OLD-CISCO-TCP-MIB • • OLD-CISCO-TS-MIB • RFC1213-MIB • RFC1398-MIB RMON-MIB (RFC 1757) • RS-232-MIB • SNMPv2-MIB • SNMPv2-SMI • SNMPv2-TC • TCP-MIB • • UDP-MIB Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 607: Using Ftp To Access The Mib Files
Appendix A Supported MIBs Using FTP to Access the MIB Files The IF-MIB and the CISCO-IETF-VDSL-LINE-MIB are supported as read-only MIBs for the Fast Note Ethernet interfaces on the CPE devices. Using FTP to Access the MIB Files You can get each MIB file by using this procedure: Make sure that your FTP client is in passive mode.
Page 608: Using Ftp To Access The Mib Files
Appendix A Supported MIBs Using FTP to Access the MIB Files Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-12...
Page 609: Appendix
Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Catalyst 2950 or 2955 flash file system, how to copy configuration files, and how to archive (upload and download) software images.
Page 610: Displaying Available File Systems
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying Available File Systems To display the available file systems on your switch, use the show file systems privileged EXEC...
Page 611: Setting The Default File System
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Table B-1 show file systems Field Descriptions (continued) Field Value Flags Permission for file system. ro—read-only. rw—read/write. wo—write-only. Prefixes Alias for file system.
Page 612: Changing Directories And Displaying The Working Directory
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System To display information about files on a file system, use one of the privileged EXEC commands in Table B-2: Table B-2...
Page 613: Copying Files
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Use the /recursive keyword to delete the named directory and all subdirectories and the files contained in it. Use the /force keyword to suppress the prompting that confirms a deletion of each file in the directory.
Page 614: Creating, Displaying, And Extracting Tar Files
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Use the /recursive keyword for deleting a directory and all subdirectories and the files contained in it. Use the /force keyword to suppress the prompting that confirms a deletion of each file in the directory.
Page 615: Displaying The Contents Of A Tar File
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying the Contents of a tar File To display the contents of a tar file on the screen, use this privileged EXEC command: archive tar /table source-url For source-url, specify the source URL alias for the local or network file system.
Page 616: Displaying The Contents Of A File
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files This example shows how to extract the contents of a tar file located on the TFTP server at 172.20.10.30. This command extracts just the new-configs directory into the root directory on the local flash file system.
Page 617: Guidelines For Creating And Using Configuration Files
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files This section includes this information: Guidelines for Creating and Using Configuration Files, page B-9 • • Configuration File Types and Location, page B-10 •...
Page 618: Configuration File Types And Location
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Configuration File Types and Location Startup configuration files are used during system startup to configure the software. Running configuration files contain the current configuration of the software. The two configuration files can be different.
Page 619: Downloading The Configuration File By Using Tftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Make sure that the /etc/services file contains this line: tftp 69/udp You must restart the inetd daemon after modifying the /etc/inetd.conf and /etc/services files.
Page 620: Uploading The Configuration File By Using Tftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Uploading the Configuration File By Using TFTP To upload a configuration file from a switch to a TFTP server for storage, follow these steps:...
Page 621: Preparing To Download Or Upload A Configuration File By Using Ftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files If the server has a directory structure, the configuration file is written to or copied from the directory associated with the username on the server. For example, if the configuration file is in the home directory of a user on the server, specify that user's name as the remote username.
Page 622: Uploading A Configuration File By Using Ftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Command Purpose Step 6 Return to privileged EXEC mode. Step 7 copy Using FTP, copy the configuration file from a network server...
Page 623: Copying Configuration Files By Using Rcp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Command Purpose Step 4 ip ftp username username (Optional) Change the default remote username. Step 5 ip ftp password password (Optional) Change the default password.
Page 624: Preparing To Download Or Upload A Configuration File By Using Rcp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files The remote username associated with the current TTY (terminal) process. For example, if the user • is connected to the router through Telnet and was authenticated through the username command, the switch software sends the Telnet username as the remote username.
Page 625 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Downloading a Configuration File By Using RCP Beginning in privileged EXEC mode, follow these steps to download a configuration file by using RCP:...
Page 626 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Uploading a Configuration File By Using RCP Beginning in privileged EXEC mode, follow these steps to upload a configuration file by using RCP:...
Page 627: Clearing Configuration Information
Depending on the setting of the file prompt global configuration command, you might be prompted for confirmation before you delete a file. By default, the switch prompts for confirmation on destructive file operations. For more information about the file prompt command, see the Cisco IOS Command Reference for Release 12.1.
Page 628: Image Location On The Switch
File Format of Images on a Server or Cisco.com Software images located on a server or downloaded from Cisco.com are provided in a tar file format, which contains these files: info file •...
Page 629: Copying Image Files By Using Tftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images This example shows the information in the info and info.ver files: version_suffix: i6k2l2q4-121-19.EA1 version_directory: c2950lre-i6k2l2q4-mz.121-19.16.EA1 image_name: c2950lre-i6k2l2q4-mz.121-19.16.EA1.bin ios_image_file_size: 3214848 total_image_file_size: 4719616 image_feature: LAYER_2|MIN_DRAM_MEG=32...
Page 630 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Preparing to Download or Upload an Image File By Using TFTP Before you begin downloading or uploading an image file by using TFTP, do these tasks: Ensure that the workstation acting as the TFTP server is properly configured.
Page 631 /overwrite option. The Catalyst 2950 LRE switch supports only one complete set of Cisco IOS, HTML, LRE binary files, and one Cisco IOS binary file on the flash device. You cannot have two complete image sets on the flash device.
Page 632: Copying Image Files By Using Ftp
The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, the HTML files, LRE binary files, and info.ver. After these files are uploaded, the upload algorithm creates the tar file format.
Page 633 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Preparing to Download or Upload an Image File By Using FTP You can copy images files to or from an FTP server.
Page 634 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Downloading an Image File By Using FTP You can download a new image file and overwrite the current image or keep the current image.
Page 635: Uploading An Image File By Using Ftp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 8 archive download-sw /leave-old-sw /reload Download the image file from the FTP server to the switch, ftp:[[//username[:password]@location]/directory] and keep the current image.
Page 636: Copying Image Files By Using Rcp
The archive upload-sw command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, the HTML files, and info.ver. After these files are uploaded, the upload algorithm creates the tar file format.
Page 637: Preparing To Download Or Upload An Image File By Using Rcp
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images This section includes this information: Preparing to Download or Upload an Image File By Using RCP, page B-29 • • Downloading an Image File By Using RCP, page B-30 •...
Page 638 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images When you upload an image to the RCP to the server, it must be properly configured to accept the • RCP write request from the user on the switch. For UNIX systems, you must add an entry to the .rhosts file for the remote user on the RCP server.
Page 639 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 6 archive download-sw /overwrite /reload Download the image file from the RCP server to the switch, rcp:[[[//[username@]location]/directory]/image-na and overwrite the current image.
Page 640 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images The algorithm installs the downloaded image onto the system board flash device (flash:). The image is placed in a new directory named with the software version string, and the BOOT environment variable is updated to point to the newly installed image.
Page 641 The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, the HTML files, and info.ver. After these files are uploaded, the upload algorithm creates the tar file format.
Page 642 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-34 78-11380-12...
Page 643: I N D E X
28-9, 28-12, 28-14 with RADIUS 8-28 implicit masks 28-9 with TACACS+ 8-11, 8-17 management interfaces, applying to 28-19 ACEs matching criteria 28-2, 28-7 defined 28-2 named 28-13 Ethernet 28-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-1 78-11380-12...
Page 644 AAA 13-8 8-32 static NTP associations adding and removing RADIUS 7-24 defined 7-19 defined 8-18 address resolution 7-26 8-21 Address Resolution Protocol login 8-23 See ARP table ADSL Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-2 78-11380-12...
Page 645 3-1 to 3-11 blocking packets 21-5 configuring the FCS bit error rate alarm booting setting the FCS error hysteresis threshold boot loader, function of setting the FCS error threshold boot process Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-3 78-11380-12...
Page 646 23-3 described monitoring 23-5 disabling overview 23-1 recalling commands transmission timer and holdtime, setting 23-2 managing clusters updates 23-2 no and default forms of commands Cisco 575-LRE CPE Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-4 78-11380-12...
Page 647 27-4 overview specifying the filename 27-4 4-12 config.text 4-12 system contact and location information 27-14 configurable leave timer, IGMP types and location 20-5 B-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-5 78-11380-12...
Page 648 10-17 redirecting error message output 31-20 using commands 31-19 described default commands Ethernet link guidelines 12-11 default configuration Ethernet links auto-QoS 29-10 connecting to LRE ports 12-6 banners 7-17 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-6 78-11380-12...
Page 649 ID suboption 16-26 19-5 voice VLAN 18-2 DHCP server 19-7 DHCP snooping 17-6 default gateway accepting untrusted packets form edge switch 4-10 19-3, 19-7 deleting VLANs binding database 16-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-7 78-11380-12...
Page 650 16-30 7-15 types of connections 16-28 VMPS database configuration file 17-8 16-26 Domain Name System Dynamic Trunking Protocol See DNS See DTP downloading configuration files preparing B-10, B-13, B-16 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-8 78-11380-12...
Page 651 30-6 Fast Uplink Transition Protocol 15-6 learn method and priority configuration 30-12 features, Cisco IOS modes 30-4 fiber-optic, detecting unidirectional links 22-1 overview 30-3 files Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-9 78-11380-12...
Page 652 B-13 MSTP 14-19 overview B-12 13-21 preparing the server B-13 help, for the command line uploading B-14 history image files changing the buffer size deleting old image B-27 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-10 78-11380-12...
Page 653 VLAN for untagged traffic 16-20 monitoring 20-15 IEEE 802.1s querier See MSTP configuring 20-14 IEEE 802.1w guidelines and restrictions 20-6 See RSTP VLAN configuration 20-9 IEEE 802.1x See port-based authentication IGMP Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-11 78-11380-12...
Page 654 10-7 and QoS 18-1 interleave delay, LRE automatic classification and queueing 12-20 29-10 Intrusion Detection System configuring 18-3 See IDS trusted boundary for QoS 29-23 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-12 78-11380-12...
Page 655 CPE Ethernet links line configuration mode Cisco 575 LRE CPE considerations 12-11 link Cisco 585 LRE CPE considerations 12-12 qualification of 12-16 described 12-2, 12-6 12-16 duplex mode 12-11 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-13 78-11380-12...
Page 656 MAC addresses described 29-5 aging time 7-21 matching, ACLs 28-7 and VLAN association 7-20 maximum aging time building the address table 7-20 MSTP 14-21 default configuration 7-21 13-22 discovering 7-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-14 78-11380-12...
Page 657 24-1 enabling the mode 14-13 port protection 21-13 EtherChannel guard speed and duplex mode 10-12 described 15-12 traffic flowing among switches 25-1 enabling 15-20 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-15 78-11380-12...
Page 658 IGMP snooping 20-7 design concepts Immediate Leave 20-5 cost-effective wiring closet 1-13 joining 20-3 high-performance workgroup 1-13 leaving 20-5 network performance 1-12 static joins 20-10 network services 1-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-16 78-11380-12...
Page 659 See PVST+ disabling NTP services per interface 7-10 physical ports 10-1 source IP address, configuring 7-10 PIM-DVMRP, as snooping method 20-9 stratum synchronizing devices Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-17 78-11380-12...
Page 660 9-18 port blocking 21-5 periodic re-authentication 9-17 port-channel quiet period 9-18 See EtherChannel RADIUS server 9-16 RADIUS server parameters on the switch 9-15 switch-to-client frame-retransmission number 9-19 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-18 78-11380-12...
Page 661 21-7 12-12 violations 21-7 rate selection 12-14 with other features See also LRE ports and CPE 21-8 port-shutdown response, VMPS protected ports 16-25 1-4, 21-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-19 78-11380-12...
Page 662 29-11 displaying statistics 29-39 basic model 29-4 egress port scheduling 29-9 classification enabling expedite queue 29-38 class maps, described 29-6 defined 29-4 in frames and packets 29-3 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-20 78-11380-12...
Page 663 12-16 instances supported 13-9 quality of service rapid-PVST+ 16-2 See QoS Rapid Spanning Tree Protocol queries, IGMP 20-4 See RSTP rate selection definition of 12-14 sequences 12-5 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-21 78-11380-12...
Page 664 20-6 24-17 disabling 20-12 24-2 resetting a UDLD-shutdown interface 22-6 interaction with other features 24-6 restricting access monitored ports 24-4 NTP services monitoring ports 24-4 overview overview 1-8, 24-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-22 78-11380-12...
Page 665 4-11 interface description in 10-15 shutdown command on interfaces 10-17 signal to noise ratio 12-16 Simple Network Management Protocol scheduled reloads 4-16 See SNMP secure ports, configuring 21-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-23 78-11380-12...
Page 666 24-4 MIBs monitoring ports 24-4 location of overview 1-8, 24-1 supported ports, restrictions 21-9 notifications received traffic 27-5 24-3 overview session limits 27-1, 27-4 24-7 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-24 78-11380-12...
Page 667 10-2, 16-3 13-12, 15-14 static addresses configuring See addresses forward-delay time 13-22 static VLAN membership hello time 16-2 13-21 in cascaded stack 13-23 maximum aging time 13-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-25 78-11380-12...
Page 668 7-13 overview 13-4 SunNet Manager 1-10 interoperability and compatibility among modes switch clustering technology 13-10 limitations with IEEE 802.1Q trunks See clusters, switch 13-10 load sharing switched ports 10-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-26 78-11380-12...
Page 669 26-6 accessing the CLI timestamps, enabling and disabling 26-7 setting a password UNIX syslog servers Terminal Access Controller Access Control System Plus configuring the daemon 26-11 See TACACS+ Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-27 78-11380-12...
Page 670 16-19 unicast traffic 31-16 trusted boundary 29-23 usage guidelines twisted-pair Ethernet, detecting unidirectional links 31-16 22-1 traffic type-of-service blocking flooded 21-5 See TOS fragmented 28-3 unfragmented 28-3 traffic policing Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-28 78-11380-12...
Page 671 12-25 and startup configuration file 16-7 example 12-27 and VTP 17-1 global configuration 12-25 VLAN configuration saved in 16-7 LRE switch firmware upgrade 12-24 VLANs saved in 16-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-29 78-11380-12...
Page 672 13-10 adding a client to a domain 17-15 supported advertisements 16-2 16-17, 17-3 Token Ring and extended-range VLANs 16-5 17-1 trunks, VLAN 1 minimization and normal-range VLANs 16-19 17-1 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-30 78-11380-12...
Page 673 17-3, 17-12 monitoring 17-16 passwords 17-8 pruning disabling 17-14 enabling 17-14 examples 17-5 overview 17-4 pruning-eligible list, changing 16-20 server mode, configuring 17-9 statistics 17-16 Token Ring support 17-4 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-31 78-11380-12...
Page 674 Index Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide IN-32 78-11380-12...

This manual is also suitable for:

Catalyst 2955