Page 1
Catalyst 2950 Desktop Switch Software Configuration Guide Cisco IOS Release 12.1(9)EA1 April 2002 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7811380=...
Page 2
FastTrack, the iQ Logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.;...
Page 3
Large Campus Configuration 1-13 Multidwelling Network Using Catalyst 2950 Switches 1-14 Long-Distance, High-Bandwidth Transport Configuration 1-16 Using the Command-Line Interface C H A P T E R IOS Command Modes Getting Help Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Colors in the Topology View 3-13 Topology Display Options 3-13 Menus and Toolbar 3-14 Menu Bar 3-14 Toolbar 3-20 Front Panel View Popup Menus 3-21 Device Popup Menu 3-21 Port Popup Menu 3-21 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 5
Configuring the DHCP Server Configuring the TFTP Server Configuring the DNS Configuring the Relay Device Obtaining Configuration Files Example Configuration Manually Assigning IP Information 4-10 Checking and Saving the Running Configuration 4-11 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 6
Discovery through Different Management VLANs 6-10 Discovery of Newly Installed Switches 6-12 HSRP and Standby Command Switches 6-14 Virtual IP Addresses 6-15 Other Considerations for Cluster Standby Groups 6-15 Automatic Recovery of Cluster Configuration 6-17 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 7
7-12 Identifying the TACACS+ Server Host and Setting the Authentication Key 7-12 Configuring TACACS+ Login Authentication 7-13 Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 7-15 Starting TACACS+ Accounting 7-16 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 8
Configuring Summer Time (Daylight Saving Time) 7-45 Configuring a System Name and Prompt 7-47 Default System Name and Prompt Configuration 7-47 Configuring a System Name 7-47 Configuring a System Prompt 7-48 Catalyst 2950 Desktop Switch Software Configuration Guide viii 78-11380-04...
Page 9
Enabling Periodic Re-Authentication 8-10 Manually Re-Authenticating a Client Connected to a Port 8-11 Changing the Quiet Period 8-11 Changing the Switch-to-Client Retransmission Time 8-12 Setting the Switch-to-Client Frame-Retransmission Number 8-13 Enabling Multiple Hosts 8-13 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 10
Supported Spanning-Tree Instances 10-2 Bridge Protocol Data Units 10-2 Election of the Root Switch 10-3 Bridge ID, Switch Priority, and Extended System ID 10-4 Spanning-Tree Timers 10-4 Creating the Spanning-Tree Topology 10-5 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 11
11-6 Processing Inferior BPDU Information 11-6 Topology Changes 11-6 Understanding MSTP 11-7 Multiple Spanning-Tree Regions 11-7 IST, CIST, and CST 11-8 Operations Within an MST Region 11-8 Operations Between MST Regions 11-9 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 13
Default Layer 2 Ethernet Interface VLAN Configuration 13-21 Configuring an Ethernet Interface as a Trunk Port 13-21 Interaction with Other Features 13-21 Configuring a Trunk Port 13-22 Defining the Allowed VLANs on a Trunk 13-23 Catalyst 2950 Desktop Switch Software Configuration Guide xiii 78-11380-04...
Page 14
VTP Configuration in Privileged EXEC and Global Configuration Modes 14-7 VTP Configuration in VLAN Configuration Mode 14-7 VTP Configuration Guidelines 14-8 Domain Names 14-8 Passwords 14-8 Upgrading from Previous Software Releases 14-8 VTP Version 14-9 Configuration Requirements 14-9 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 15
Default Voice VLAN Configuration 15-2 Configuration Guidelines 15-3 Configuring a Port to Connect to a Cisco 7960 IP Phone 15-3 Configuring Ports to Carry Voice Traffic in 802.1Q Frames 15-4 Configuring Ports to Carry Voice Traffic in 802.1P Priority Tagged Frames...
Page 16
Understanding CDP 19-1 Configuring CDP 19-2 Default CDP Configuration 19-2 Configuring the CDP Characteristics 19-2 Disabling and Enabling CDP 19-3 Disabling and Enabling CDP on an Interface 19-4 Monitoring and Maintaining CDP 19-5 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 17
C H A P T E R Understanding SNMP 22-1 SNMP Versions 22-2 SNMP Manager Functions 22-2 SNMP Agent Functions 22-3 SNMP Community Strings 22-3 Using SNMP to Access MIB Variables 22-3 Catalyst 2950 Desktop Switch Software Configuration Guide xvii 78-11380-04...
Page 18
Understanding ACLs 23-1 ACLs 23-2 Handling Fragmented and Unfragmented Traffic 23-3 Understanding Access Control Parameters 23-4 Guidelines for Configuring ACLs on the Catalyst 2950 Switches 23-5 Configuring ACLs 23-6 Unsupported Features 23-6 Creating Standard and Extended IP ACLs 23-7 ACL Numbers...
Page 19
Physical Learners and Aggregate-Port Learners 25-4 PAgP Interaction with Other Features 25-5 Understanding Load Balancing and Forwarding Methods 25-5 Default EtherChannel Configuration 25-6 EtherChannel Configuration Guidelines 25-7 Configuring EtherChannels 25-7 Configuring EtherChannel Load Balancing 25-9 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 20
Enabling All-System Diagnostics 26-12 Redirecting Debug and Error Message Output 26-13 Supported MIBs A P P E N D I X MIB List Using FTP to Access the MIB Files N D E X Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 21
The Catalyst 2950 switch is supported by either the standard software image (SI) or the enhanced software image (EI). The enhanced software image provides a richer set of features, including access control lists (ACLs), enhanced quality of service (QoS) features, the Secure Shell Protocol, extended-range VLANs, IEEE 802.1W Rapid Spanning Tree Protocol (STP), and the IEEE 802.1S Multiple STP.
Page 22
This guide does not describe system messages you might encounter or how to install your switch. For more information, refer to the Catalyst 2950 Desktop Switch System Message Guide for this release and to the Catalyst 2950 Desktop Switch Hardware Installation Guide.
Page 23
MAC addresses; and how to set the aging time for all secure addresses. Chapter 19, “Configuring CDP,” describes how to configure Cisco Discovery Protocol (CDP) on your switch. Chapter 20, “Configuring SPAN,”...
Page 24
Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. Means the following will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information. Catalyst 2950 Desktop Switch Software Configuration Guide xxiv 78-11380-04...
The following sections explain how to obtain documentation from Cisco Systems. World Wide Web You can access the most current Cisco documentation on the World Wide Web at the following URL: http://www.cisco.com Translated documentation is available at the following URL: http://www.cisco.com/public/countries_languages.shtml...
America, by calling 800 553-NETS (6387). Documentation Feedback If you are reading Cisco product documentation on the World Wide Web, you can send us your comments by completing the online survey. When you display the document listing for this platform, click Give Us Your Feedback.
Page 27
Cisco TAC Website The Cisco TAC website allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC website, go to the following URL: http://www.cisco.com/tac...
Page 28
TAC Case Open tool at the following URL: http://www.cisco.com/tac/caseopen If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC website.
Page 29
• Examples of the Catalyst 2950 switches in different network topologies Features The Catalyst 2950 software supports the switches listed in the Release Notes for the Catalyst 2950 Cisco IOS Release 12.1(9)EA1. Table 1-1 describes the features supported in this release.
Page 30
• Support for mini-jumbo frames. The Catalyst 2950 switches running Cisco IOS Release12.1(6)EA2 or later support frame sizes 1500 to 1530 bytes Per-port broadcast storm control for preventing faulty end stations from degrading overall system performance with •...
Page 31
Address Resolution Protocol (ARP) for identifying a switch through its IP address and its corresponding MAC address • Cisco Discovery Protocol (CDP) versions 1 and 2 for network topology discovery and mapping between the switch and • other Cisco devices on the network Network Time Protocol (NTP) for providing a consistent timestamp to all switches from an external source •...
Page 32
Note The switch supports up to 64 spanning-tree instances. VLAN Support Catalyst 2950 switches support 250 port-based VLANs for assigning users to VLANs associated with appropriate • network resources, traffic patterns, and bandwidth The Catalyst 2950-12 and Catalyst 2950-24 switches support only 64 port-based VLANs.
Page 33
Out-of-profile markdown for packets that exceed bandwidth utilization limits • Egress Policing and Scheduling of Egress Queues Four egress queues on all switch ports. Support for strict priority and weighted round-robin (WRR) CoS policies • Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
1. This feature is available only on a switch running the enhanced software image. Management Options The Catalyst 2950 switches are designed for plug-and-play operation: you only need to assign basic IP information to the switch and connect it to the other devices in your network. If you have specific network needs, you can configure and monitor the switch—on an individual basis or as part of a switch...
Using CMS and switch clusters can simplify and minimize your configuration and monitoring tasks. You can use Cisco switch clustering technology to manage up to 16 interconnected and supported Catalyst switches through one IP address as if they were a single entity. This can conserve IP addresses if you have a limited number of them.
Use VLAN trunks, cross-stack UplinkFast, and BackboneFast for • traffic-load balancing on the uplink ports so that the uplink port with a lower relative port cost is selected to carry the VLAN traffic. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 37
Cost-effective wiring closet—A cost-effective way to connect many users to the wiring closet is to • connect up to nine Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches through GigaStack GBIC connections. When you use a stack of Catalyst 2950G-48 switches, you can connect up to 432 users.
Page 38
This divides the network into smaller segments (or workgroups) and reduces the amount of traffic that travels over a network backbone, thereby increasing the bandwidth available to each user and improving server response time. Catalyst 2950 Desktop Switch Software Configuration Guide 1-10 78-11380-04...
Page 39
It is required if numerous segments require access to the servers. The Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches in this network are connected through a GigaStack GBIC on each switch to form a 1-Gbps network backbone.
Each 10/100 inline-power port on the Catalyst 3524-PWR XL switches provides –48 VDC power to the Cisco IP Phone. The IP phone can receive redundant power when it also is connected to an AC power source. IP phones not connected to the Catalyst 3524-PWR XL switches receive power from an AC power source.
CallManager controls call processing, routing, and IP phone features and configuration. • Cisco Access gateway (such as Cisco Access Digital Trunk Gateway or Cisco Access Analog Trunk Gateway) that connects the IP network to the Public Switched Telephone Network (PSTN) or to users in an IP telephony network.
Catalyst 3550 multilayer switches as aggregation switches in the mini-point-of-presence (POP) location. These switches are connected through 1000BASE-X GBIC ports. The resident switches can be Catalyst 2950 switches, providing customers with high-speed connections to the MAN. Catalyst 2912-LRE or 2924-LRE XL Layer 2-only switches also can be used as residential switches for customers requiring connectivity through existing phone lines.
Page 43
Overview Network Configuration Examples All ports on the residential Catalyst 2950 switches (and Catalyst 2912-LRE XL or 2924-LRE XL switches if they are included) are configured as 802.1Q trunks with protected port and STP root guard features enabled. The protected port feature provides security and isolation between ports on the switch, ensuring that subscribers cannot view packets destined for other subscribers.
Page 44
A common wavelength for long-distance transmissions is 1550 nm. Up to eight CWDM GBIC modules, with any combination of wavelengths, can connect to a Cisco CWDM Passive Optical System. It combines (or multiplexes) the different CWDM wavelengths, allowing them to travel simultaneously on the same fiber-optic cable.
Accessing the CLI, page 2-9 IOS Command Modes The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode.
Page 46
To return to console command. privileged EXEC mode, press Ctrl-Z or enter end. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Length of time (in sec) that receiver must keep this packet Abbreviating Commands You only have to enter enough characters for the switch to recognize the command as unique. This example shows how to enter the show configuration command: Switch# show conf Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
‘^’ marker. incorrectly. The caret (^) marks the commands that are available in this command mode. point of the error. The possible keywords that you can enter with the command appear. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
The command history feature is automatically enabled. To disable the feature during the current terminal session, enter the terminal no history user EXEC command. To disable command history for the line, enter the no history line configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Recall commands from the buffer and Press Ctrl-Y. Recall the most recent entry in the buffer. paste them in the command line. (The switch provides a buffer with the last ten items that you deleted.) Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
You cannot see the first ten characters of the line, but you can scroll back and check the syntax at the beginning of the command. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Switch# show interfaces | include protocol Vlan1 is up, line protocol is up Vlan10 is up, line protocol is down GigabitEthernet0/1 is up, line protocol is down GigabitEthernet0/2 is up, line protocol is up Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
You can also access the CLI by clicking Monitor the router- HTML access to the command line interface from the Cisco Systems Access page. For information about the Cisco Systems Access page, see the “Accessing CMS” section in the release notes.
Access page. You can access the CLI by clicking Web Console - HTML access to the command line interface from a cached copy of the Cisco Systems Access page. To prevent unauthorized access to CMS and the CLI, exit your browser to end the browser session.
Page 55
For procedures for using CMS, refer to the online help. • This chapter describes CMS on the Catalyst 2950 switches. Refer to the appropriate switch Note documentation for descriptions of the web-based management software used on other Catalyst switches.
Wizards that require minimal information from you to configure some complex features – Comprehensive online help that provides high-level concepts and procedures for performing – tasks from the window Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 57
Front Panel view of Topology view of the cluster. the cluster. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
The color port LEDs. switch and option to view or change of the port LED reflects connected RPS. port-related settings. port or link status. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
The internal fan of the switch is not operating, or the switch is receiving power from an RPS. Switch is not powered up, has lost power, or the command switch is unable to communicate with the member switch. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Press the Ctrl key, and click the ports that you want to select. • Right-click a port, and select Select All Ports from the port popup menu. • Figure 3-5 Port Icons Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Port is operating at 10 Mbps (10/100 ports) or no link (10/100/1000 ports and GBIC module ports). Green Port is operating at 100 Mbps (10/100 ports) or 1000 Mbps (GBIC module ports). Blinking green Port is operating at 1000 Mbps (10/100/1000 ports). Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
• Press the Ctrl key, and click the device icons that you want to select. After selecting the icons, drag the icons to any area in the view. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 64
Figure 3-7 Collapse Cluster View Neighboring cluster connected to cluster1. cluster1 Devices connected to cluster1 that are not eligible to join the cluster. Catalyst 2950 Desktop Switch Software Configuration Guide 3-10 78-11380-04...
• Customer premises equipment (CPE) devices that are connected to Long-Reach Ethernet (LRE) switches Devices that are not eligible to join the cluster, such as Cisco IP phones, Cisco access points, and • Cisco Discovery Protocol (CDP)-capable hubs and routers Devices that are identified as unknown devices, such as some Cisco devices and third-party devices •...
The displayed link speeds are the actual link speeds except on the LRE links, which display the administratively assigned speed settings. You can change the label settings from the Topology Options window, which is displayed by selecting View > Topology Options. Catalyst 2950 Desktop Switch Software Configuration Guide 3-12 78-11380-04...
Topology Options window. To display this window, select View > Topology Options. From this window, you can select: Device icons to be displayed in the Topology view • Labels to be displayed with the device and link icons • Catalyst 2950 Desktop Switch Software Configuration Guide 3-13 78-11380-04...
Layer 3 and Layer 2 switches in the cluster. – If the command switch is a Layer 2 switch, such as a Catalyst 2950 or Catalyst 3500 XL switch, the menu bar displays the features of all Layer 2 switches in the cluster. The menu bar does not display Layer 3 features even if the cluster has Catalyst 3550 Layer 3 member switches.
Page 69
If your switch cluster has a Catalyst 3550 switch, that switch should be the command switch. – If your switch cluster has Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL switches, the – Catalyst 2950 should be the command switch.
Page 70
Create a Hot Standby Router Protocol (HSRP) standby group to provide command-switch redundancy. Hop Count Enter the number of hops away that a command switch looks for members and for candidate switches. Catalyst 2950 Desktop Switch Software Configuration Guide 3-16 78-11380-04...
Page 71
Configure a port to prevent it from receiving bridged traffic from another port on the same switch. Flooding Control Block the normal flooding of unicast and multicast packets, and enable the switch to block packet storms. Catalyst 2950 Desktop Switch Software Configuration Guide 3-17 78-11380-04...
Page 72
Display the most recent system messages (IOS messages and switch-specific messages) sent by the switch software. This option is available on the Catalyst 2950 or Catalyst 3550 switches. It is not available from the Catalyst 2900 XL and Catalyst 3500 XL switches. You can display the system...
Page 73
4. Available only from a Device Manager session on a command-capable switch that is not a cluster member. 5. Available only from a cluster management session. 6. Available only from a switch running the enhanced software image. Catalyst 2950 Desktop Switch Software Configuration Guide 3-19 78-11380-04...
2. Not available in read-only mode. For more information about the read-only and read-write access modes, see the “Access Modes in CMS” section on page 3-30. 3. Available only from a cluster-management session. Catalyst 2950 Desktop Switch Software Configuration Guide 3-20 78-11380-04...
2. Available on switches that support the Port Security feature. 3. Available only when there is an active link on the port (that is, the port LED is green when in port status mode). Catalyst 2950 Desktop Switch Software Configuration Guide 3-21...
If multiple links are configured between two devices, when you click the link icon and right-click, the Multilink Content window appears (Figure 3-10). Click the link icon in this window, and right-click to display the link popup menu specific for that link. Figure 3-10 Multilink Decomposer Window Catalyst 2950 Desktop Switch Software Configuration Guide 3-22 78-11380-04...
Catalyst 3500 XL switches running Release 12.0(5)WC2 and later. It is also available on Catalyst 2950 switches running Release 12.1(6)EA2 and later and on Catalyst 3550 switch running Release 12.1(8)EA1 or later. It is not available on the Catalyst 1900 and Catalyst 2820 switches.
Page 78
Device Manager Access the web management interface of the device. Note This option is available on Cisco access points, but not on Cisco IP phones, hubs, routers and on unknown devices such as some Cisco devices and third-party devices. Disqualification Code Display the reason why the device could not join the cluster.
Wizards are not available for all features. A menu-bar option that has wizard means that selecting that option launches the wizard for that feature. Catalyst 2950 Desktop Switch Software Configuration Guide 3-25 78-11380-04...
• You can send us feedback about the information provided in the online help. Click Feedback to display an online form. After completing the form, click Submit to send your comments to Cisco. We appreciate and value your comments. Figure 3-11 Help Contents and Index Glossary of terms used in the online help.
Catalyst 1900 and Catalyst 2820 switches even though they are part of the cluster. Similarly, the Host Name list on the LRE Profiles window only lists the LRE switches in the cluster. Catalyst 2950 Desktop Switch Software Configuration Guide 3-27 78-11380-04...
Icons Used in Windows Some window have icons for sorting information in tables, for showing which cells in a table are editable, and for displaying further information from Cisco.com (Figure 3-13).
You can access the CLI by clicking Monitor the router - HTML access to the command line interface from a cached copy of the Cisco Systems Access page. To prevent unauthorized access to CMS and the CLI, exit your browser to end the browser session.
Catalyst 2950 member switches running Release 12.0(5)WC2 or earlier – Catalyst 3550 member switches running Release 12.1(6)EA1 or earlier For more information about this limitation, refer to the Catalyst 2950 release notes. • These switches do not support read-only mode on CMS: Catalyst 1900 and Catalyst 2820 –...
To save all configuration changes to Flash memory, you must select Administration > Save Configuration. Catalyst 1900 and Catalyst 2820 switches automatically save configuration changes to Flash memory as Note they occur. Catalyst 2950 Desktop Switch Software Configuration Guide 3-31 78-11380-04...
Chapter 7, “Administering the Switch” The rest of this guide provides information about and CLI procedures for the software features supported in this release. For CMS procedures and window descriptions, refer to the online help. Catalyst 2950 Desktop Switch Software Configuration Guide 3-32 78-11380-04...
For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release. This chapter consists of these sections: Understanding the Boot Process, page 4-1 •...
For more information about the setup program, refer to the release notes on Cisco.com. Use a DHCP server for centralized control and automatic assignment of IP information once the server is configured.
DHCP server when the configuration file is not present on the switch. Figure 4-1 shows the sequence of messages that are exchanged between the DHCP client and the DHCP server. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 90
If the switch accepts replies from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to obtain the switch configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
“Configuring the Relay Device” section on page 4-6. If your DHCP server is a Cisco device, refer to the “IP Addressing and Services” section in the Cisco IOS IP and IP Routing Configuration Guide for Release 12.1. Configuring the TFTP Server Based on the DHCP server configuration, the switch attempts to download one or more configuration files from the TFTP server.
TFTP packets. You must configure this relay device to forward received broadcast packets on an interface to the destination host. If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure a helper addresses by using the ip helper-address interface configuration command.
DHCP server TFTP server DNS server For CLI procedures, refer to the Cisco IOS Release 12.1 documentation on Cisco.com for additional information and CLI procedures. Obtaining Configuration Files Depending on the availability of the IP address and the configuration filename in the DHCP reserved lease, the switch obtains its configuration information in these ways: •...
Switch 4 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 DHCP server DNS server TFTP server (maritsu) Table 4-2 shows the configuration of the reserved leases on the DHCP server. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 95
If no configuration filename is given in the DHCP server reply, Switch 1 reads the network-confg file from the base directory of the TFTP server. It adds the contents of the network-confg file to its host table. • Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
For information on setting the switch system name, protecting access to privileged EXEC commands, and setting time and calendar services, see Chapter 7, “Administering the Switch.” Catalyst 2950 Desktop Switch Software Configuration Guide 4-10 78-11380-04...
350 no ip address spanning-tree portfast trunk interface FastEthernet0/9 switchport mode access no ip address shutdown interface FastEthernet0/10 switchport trunk native vlan 2 no ip address speed 100 Catalyst 2950 Desktop Switch Software Configuration Guide 4-11 78-11380-04...
Page 98
To display information stored in the NVRAM section of Flash memory, use the show startup-config or more startup-config privileged EXEC command. Catalyst 2950 Desktop Switch Software Configuration Guide 4-12 78-11380-04...
Note For complete syntax and usage information for the commands used in this section, refer to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual, and select Cisco IOS Software Release 12.2 > New Feature Documentation > 12.2(2)T on Cisco.com.
The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
ID or group ID, and event. Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate events by using any desired naming convention.
Configuration Registrar. The origin of the deviceID is defined by the Cisco IOS host name of the switch. However, the deviceID variable and its usage reside within the event gateway, which is adjacent to the switch.
Prerequisites for Enabling Automatic Configuration Device Required Configuration Access switch Factory default (no configuration file) Distribution switch • IP helper address • Enable DHCP relay agent • IP routing (if used as default gateway) Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 105
For more information about running the setup program and creating templates on the Configuration Note Registrar, refer to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Step 4 show cns event connections Verify information about the event agent. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
1 to 30 seconds. The default is 10 seconds. • (Optional) For retries num, enter the number of ping retries. The range is 1 to 30. The default is 5. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 108
ID, enter hostname (the default) to select the switch host name as the unique ID, or enter an arbitrary text string for string string as the unique ID. Catalyst 2950 Desktop Switch Software Configuration Guide 5-10 78-11380-04...
Displays statistics about the CNS configuration agent. show cns event connections Displays the status of the CNS event agent connections. Catalyst 2950 Desktop Switch Software Configuration Guide 5-12 78-11380-04...
Page 111
Displaying CNS Configuration (continued) Command Purpose show cns event stats Displays statistics about the CNS event agent. show cns event subject Displays a list of event agent subjects that are subscribed to by applications. Catalyst 2950 Desktop Switch Software Configuration Guide 5-13 78-11380-04...
Java plug-in configurations. Note This chapter focuses on Catalyst 2950 switch clusters. It also includes guidelines and limitations for clusters mixed with other cluster-capable Catalyst switches, but it does not provide complete descriptions of the cluster features for these other switches. For complete cluster information for a specific Catalyst platform, refer to the software configuration guide for that switch.
It is not a command or member switch of another cluster. • If the Catalyst 2950 command switch is running Release 12.1(9)EA1 or later, it is connected to the • standby command switches and member switches through a common VLAN.
It is not a command or member switch of another cluster. • If the Catalyst 2950 member or candidate switch is running Release 12.1(9)EA1 or later, it is • connected to the command switch through at least one common VLAN.
Java plug-in configurations. Automatic Discovery of Cluster Candidates and Members The command switch uses Cisco Discovery Protocol (CDP) to discover member switches, candidate switches, neighboring switch clusters, and edge devices in star or cascaded topologies.
Figure 6-3 shows that the command switch discovers the Catalyst 3500 XL switch, which is connected to a third-party hub. However, the command switch does not discover the Catalyst 2950 switch that is connected to a Catalyst 5000 switch. Refer to the release notes for the Catalyst switches that can be part of a switch cluster.
Planning a Switch Cluster Discovery through the Same Management VLAN A Catalyst 2900 XL command switch, a Catalyst 2950 command switch running a release earlier than Release 12.1(9)EA1, or a Catalyst 3500 XL command switch must connect to all cluster members through its management VLAN.
All other member switches must be connected to the command switch through their management VLAN. In contrast, a Catalyst 2900 XL command switch, a Catalyst 2950 command switch running a release earlier than Release 12.1(9)EA1, or a Catalyst 3500 XL command switch must connect to all cluster members through its management VLAN.
Figure 6-7 belongs to management VLAN 16. When the new Catalyst 2900 LRE XL and Catalyst 2950 switches join the cluster, their management VLAN and access ports change from VLAN 1 to VLAN 16. The command switch (running Release 12.1(9)EA1 or later) in Figure 6-8 belongs to VLANs 9 and 16.
Note • Catalyst 3550 switches. When the command switch is a Catalyst 2950 switch running Release 12.1(9)EA1 or later, all • standby command switches must be Catalyst 2950 switches running Release 12.1(9)EA1 or later. When the command switch is a Catalyst 2950 switch running Release 12.1(6)EA2 or later, all •...
When the command switch is a Catalyst 3550 switch, all standby command switches must be – Catalyst 3550 switches. When the command switch is a Catalyst 2950 switch running Release 12.1(9)EA1 or later, all – standby command switches must be Catalyst 2950 switches running Release 12.1(9)EA1 or later.
Page 128
VLAN. Each standby-group member must also be redundantly connected to each other through the management VLAN. Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL member switches must be connected to the cluster standby group through their management VLANs.
Automatic discovery has these limitations: This limitation applies only to clusters that have Catalyst 2950 and Catalyst 3550 command and • standby command switches: If the active command switch and standby command switch become disabled at the same time, the passive command switch with the highest priority becomes the active command switch.
SNMP and community strings, see Chapter 22, “Configuring SNMP.” For SNMP considerations specific to the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides specific to those switches. Catalyst 2950 Desktop Switch Software Configuration Guide 6-18 78-11380-04...
Catalyst 2950 member switches running Release 12.0(5)WC2 or earlier – Catalyst 3550 member switches running Release 12.1(6)EA1 or earlier – For more information about this limitation, refer to the Catalyst 2950 release notes. • These switches do not support read-only mode on CMS: –...
VLAN. Note • If the command switch is a Catalyst 2950 running Release 12.1(9)EA1 or later, candidate, member, and standby command switches can belong to different management VLANs. However, they must connect to the command switch through their management VLAN.
Refer to the release notes for the list of Catalyst switches eligible for switch clustering, including which ones can be command switches and which ones can only be member switches, and for the required software versions and browser and Java plug-in configurations. Catalyst 2950 Desktop Switch Software Configuration Guide 6-21 78-11380-04...
If your switch cluster has a Catalyst 3550 switch, that switch should be the command switch. – If your switch cluster has Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL switches, the Catalyst 2950 should be the command switch.
When a candidate switch joins a cluster, it inherits the command-switch password. For more information about setting passwords, see the “Passwords” section on page 6-18. For additional authentication considerations in switch clusters, see the “TACACS+ and RADIUS” section on page 6-19. Catalyst 2950 Desktop Switch Software Configuration Guide 6-23 78-11380-04...
Page 136
Figure 6-12 Using the Topology View to Add Member Switches Thin line means a Right-click a candidate connection to a switch to display the candidate switch. pop-up menu, and select Add to Cluster to add the switch to the cluster. Catalyst 2950 Desktop Switch Software Configuration Guide 6-24 78-11380-04...
Note • Catalyst 3550 switches. When the command switch is a Catalyst 2950 switch running Release 12.1(9)EA1 or later, all • standby command switches must be Catalyst 2950 switches running Release 12.1(9)EA1 or later. When the command switch is a Catalyst 2950 switch running Release 12.1(6)EA2 or later, all •...
Page 138
NMS-3550-12T-149 (cisco WS-C3550-1 3550-150 (cisco WS-C3550-12T, SC, ... Standby command switch. Must be a valid IP address in the same subnet as the active command switch. Once entered, this information cannot be changed. Catalyst 2950 Desktop Switch Software Configuration Guide 6-26 78-11380-04...
“Using Recovery Procedures” section on page 26-5. For more information about creating and managing clusters, refer to the online help. For information about the cluster commands, refer to the switch command reference. Catalyst 2950 Desktop Switch Software Configuration Guide 6-27 78-11380-04...
The Catalyst 1900 and Catalyst 2820 CLI is available only on switches running Enterprise Edition Software. For more information about the Catalyst 1900 and Catalyst 2820 switches, refer to the installation and configuration guides for those switches. Catalyst 2950 Desktop Switch Software Configuration Guide 6-28 78-11380-04...
For more information about SNMP and community strings, see Chapter 22, “Configuring SNMP.” Figure 6-15 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Member 1 Member 2 Member 3 Catalyst 2950 Desktop Switch Software Configuration Guide 6-29 78-11380-04...
Password protection restricts access to a network or network device. Privilege levels define what commands users can enter after they have logged into a network device. For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Note Security Command Reference for Release 12.1.
(Optional) Save your entries in the configuration file. The enable password is not encrypted and can be read in the switch configuration file. To remove the password, use the no enable password global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
By default, no password is defined. • (Optional) For encryption-type, only type 5, a Cisco proprietary encryption algorithm, is available. If you specify an encryption type, you must provide an encrypted password—an encrypted password you copy...
For password, specify a string from 1 to 25 alphanumeric characters. The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
For password, specify a string from 1 to 25 alphanumeric characters. The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. Step 4 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
You might specify a high level or privilege level for your console line to restrict line usage. To return to the default line privilege level, use the no privilege level line configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
TACACS+ is facilitated through authentication, authorization, accounting (AAA) and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Note Security Command Reference for Release 12.1.
Page 152
The goal of TACACS+ is to provide a method for managing multiple network access points from a single management service. Your switch can be a network access server along with other Cisco routers and access servers. A network access server provides connections to a single user, to a network or...
Telnet, Secure Shell (SSH), rlogin, or privileged EXEC services – Connection parameters, including the host or client IP address, access list, and user timeouts – Catalyst 2950 Desktop Switch Software Configuration Guide 7-11 78-11380-04...
You can group servers to select a subset of the configured server hosts and use them for a particular service. The server group is used with a global server-host list and contains the list of IP addresses of the selected server hosts. Catalyst 2950 Desktop Switch Software Configuration Guide 7-12 78-11380-04...
The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined. A defined method list overrides the default method list. Catalyst 2950 Desktop Switch Software Configuration Guide 7-13 78-11380-04...
Page 156
For list-name, specify the list created with the aaa authentication login command. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 7-14 78-11380-04...
Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 7-15 78-11380-04...
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable TACACS+ accounting for each Cisco IOS privilege level and for network services:...
(AAA) and can be enabled only through AAA commands. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Security Command Reference for Release 12.1. This section contains this configuration information: •...
• Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. Networks using a variety of services. RADIUS generally binds a user to one service model.
RADIUS and AAA are disabled by default. To prevent a lapse in security, you cannot configure RADIUS through a network management application. When enabled, RADIUS can authenticate users accessing the switch through the CLI. Catalyst 2950 Desktop Switch Software Configuration Guide 7-19 78-11380-04...
7-28. You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 7-24. Catalyst 2950 Desktop Switch Software Configuration Guide 7-20 78-11380-04...
Page 163
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the specified RADIUS server, use the no radius-server host {hostname | ip-address} global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 7-21 78-11380-04...
If authentication fails at any point in this cycle—meaning that the security server or local username database responds by denying the user access—the authentication process stops, and no other authentication methods are attempted. Catalyst 2950 Desktop Switch Software Configuration Guide 7-22 78-11380-04...
Page 165
{default | list-name} method1 [method2...] global configuration command. To either disable RADIUS authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 7-23 78-11380-04...
You use the server group server configuration command to associate a particular server with a defined group server. You can either identify the server by its IP address or identify multiple host instances or entries by using the optional auth-port and acct-port keywords. Catalyst 2950 Desktop Switch Software Configuration Guide 7-24 78-11380-04...
Page 167
Repeat this step for each RADIUS server in the AAA server group. Each server in the group must be previously defined in Step 2. Step 6 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 7-25 78-11380-04...
Use the local database if authentication was not performed by using RADIUS. Note Authorization is bypassed for authenticated users who log in through the CLI even if authorization has been configured. Catalyst 2950 Desktop Switch Software Configuration Guide 7-26 78-11380-04...
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and * for optional attributes.
Chapter 7 Administering the Switch Controlling Switch Access with RADIUS For example, this AV pair activates Cisco’s multiple named ip address pools feature during IP authorization (during PPP’s IPCP address assignment): cisco-avpair= ”ip:addr-pool=first“ This example shows how to provide a user logging in from a switch with immediate access to privileged EXEC commands: cisco-avpair= ”shell:priv-lvl=15“...
(Optional) Save your entries in the configuration file. To disable AAA, use the no aaa new-model global configuration command. To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 7-31 78-11380-04...
“Configuring the Switch for Local Authentication and Authorization” section on page 7-31) For more information about SSH, refer to the “Configuring Secure Shell” section in the Cisco IOS Security Configuration Guide for Release 12.2. Note The SSH feature in this software release does not support IP Security (IPSec).
You can manage the system time and date on your switch using automatic, such as the Network Time Protocol (NTP), or manual configuration methods. For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Note Configuration Fundamentals Command Reference for Release 12.1.
Page 176
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Workstations Configuring NTP The Catalyst 2950 switches do not have a hardware-supported clock, and they cannot function as an NTP master clock to which peers synchronize themselves when an external NTP source is not available. These switches also have no hardware support for a calendar. As a result, the ntp update-calendar and the ntp master global configuration commands are not available.
By default, no trusted keys are defined. For key-number, specify the key defined in Step 3. This command provides protection against accidentally synchronizing the switch to a device that is not trusted. Catalyst 2950 Desktop Switch Software Configuration Guide 7-36 78-11380-04...
(Optional) Enter the prefer keyword to make this peer or server the • preferred one that provides synchronization. This keyword reduces switching back and forth between peers and servers. Catalyst 2950 Desktop Switch Software Configuration Guide 7-37 78-11380-04...
(Optional) For destination-address, specify the IP address of the peer that is synchronizing its clock to this switch. Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Catalyst 2950 Desktop Switch Software Configuration Guide 7-38 78-11380-04...
You can control NTP access on two levels as described in these sections: • Creating an Access Group and Assigning a Basic IP Access List, page 7-40 • Disabling NTP Services on a Specific Interface, page 7-41 Catalyst 2950 Desktop Switch Software Configuration Guide 7-39 78-11380-04...
Page 182
NTP control queries from a device whose address passes the access list criteria. Catalyst 2950 Desktop Switch Software Configuration Guide 7-40 78-11380-04...
Step 2 ntp source type number Specify the interface type and number from which the IP source address is taken. By default, the source address is determined by the outgoing interface. Catalyst 2950 Desktop Switch Software Configuration Guide 7-41 78-11380-04...
• show ntp status • For detailed information about the fields in these displays, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. Configuring Time and Date Manually If no other source of time is available, you can manually configure the current time and date after the system is restarted.
The symbol that precedes the show clock display has this meaning: • *—Time is not authoritative. • (blank)—Time is authoritative. .—Time is authoritative, but NTP is not synchronized. • Catalyst 2950 Desktop Switch Software Configuration Guide 7-43 78-11380-04...
Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and .5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 7-44 78-11380-04...
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Catalyst 2950 Desktop Switch Software Configuration Guide 7-45 78-11380-04...
Page 188
This example shows how to set summer time to start on October 12, 2000, at 02:00, and end on April 26, 2001, at 02:00: Switch(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 Catalyst 2950 Desktop Switch Software Configuration Guide 7-46 78-11380-04...
Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP and IP Routing Command Reference for Release 12.1.
Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
(.), a period followed by the default domain name is appended to the hostname before the DNS query is made to map the name to an IP address. The default Catalyst 2950 Desktop Switch Software Configuration Guide 7-49...
The login banner also displays on all connected terminals. It is displayed after the MOTD banner and before the login prompts. For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Note Configuration Fundamentals Command Reference for Release 12.1.
Page 193
Unix> telnet 172.2.5.4 Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Catalyst 2950 Desktop Switch Software Configuration Guide 7-51 78-11380-04...
The address table lists the destination MAC address, the associated VLAN ID, and port number associated with the address. For complete syntax and usage information for the commands used in this section, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release. Catalyst 2950 Desktop Switch Software Configuration Guide 7-52 78-11380-04...
VLAN. Addresses that are statically entered in one VLAN must be configured as static addresses in all other VLANs or remain unlearned in the other VLANs. Catalyst 2950 Desktop Switch Software Configuration Guide 7-53 78-11380-04...
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default value, use the no mac-address-table aging-time global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 7-54 78-11380-04...
For notification-type, use the mac-notification • keyword. Catalyst 2950 Desktop Switch Software Configuration Guide 7-55 78-11380-04...
Page 198
Switch(config)# mac-address-table notification history-size 100 Switch(config)# interface fastethernet0/4 Switch(config-if)# snmp trap mac-notification added You can verify the previous commands by entering the show mac-address-table notification interface and the show mac-address-table notification privileged EXEC commands. Catalyst 2950 Desktop Switch Software Configuration Guide 7-56 78-11380-04...
This example shows how to add the static address c2f3.220a.12f4 to the MAC address table. When a packet is received in VLAN 4 with this MAC address as its destination address, the packets is forwarded to the specified interface: Switch(config)# mac-address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 Catalyst 2950 Desktop Switch Software Configuration Guide 7-57 78-11380-04...
(represented by the arpa keyword) is enabled on the IP interface. ARP entries added manually to the table do not age and must be manually removed. For CLI procedures, refer to the Cisco IOS Release 12.1 documentation on Cisco.com. Catalyst 2950 Desktop Switch Software Configuration Guide...
Page 202
Chapter 7 Administering the Switch Managing the ARP Table Catalyst 2950 Desktop Switch Software Configuration Guide 7-60 78-11380-04...
Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. This chapter consists of these sections: • Understanding 802.1X Port-Based Authentication, page 8-1 Configuring 802.1X Authentication, page 8-6...
In this release, the Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server version 3.0. RADIUS operates in a client/server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
Configuring 802.1X Port-Based Authentication Understanding 802.1X Port-Based Authentication The devices that can act as intermediaries include the Catalyst 3550 multilayer switch, Catalyst 2950 switch, or a wireless access point. These devices must be running software that supports the RADIUS client and 802.1X.
802.1X-based authentication of the client. This is the default setting. force-unauthorized—causes the port to remain in the unauthorized state, ignoring all attempts by • the client to authenticate. The switch cannot provide authentication services to the client through the interface. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Retransmission time 30 seconds (number of seconds that the switch should wait for a response to an EAP request/identity frame from the client before retransmitting the request). Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Switch Port Analyzer (SPAN) destination port—You can enable 802.1X on a port that is a SPAN destination port; however, 802.1X is disabled until the port is removed as a SPAN destination. You can enable 802.1X on a SPAN source port. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
{default | list-name} method1 [method2...] global configuration command. To disable 802.1X authentication, use the dot1x port-control force-authorized or the no dot1x port-control interface configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
If you want to use multiple RADIUS servers, re-enter this command. Step 3 Return to privileged EXEC mode. Step 4 show running-config Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
To disable periodic re-authentication, use the no dot1x re-authentication global configuration command. To return to the default number of seconds between re-authentication attempts, use the no dot1x timeout re-authperiod global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 8-10 78-11380-04...
To return to the default quiet time, use the no dot1x timeout quiet-period global configuration command. This example shows how to set the quiet time on the switch to 30 seconds: Switch(config)# dot1x timeout quiet-period 30 Catalyst 2950 Desktop Switch Software Configuration Guide 8-11 78-11380-04...
This example shows how to set 60 seconds as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request: Switch(config)# dot1x timeout tx-period 60 Catalyst 2950 Desktop Switch Software Configuration Guide 8-12 78-11380-04...
Step 3 dot1x multiple-hosts Allow multiple hosts (clients) on an 802.1X-authorized port. Make sure that the dot1x port-control interface configuration command set is set to auto for the specified interface. Catalyst 2950 Desktop Switch Software Configuration Guide 8-13 78-11380-04...
EXEC command. To display the 802.1X administrative and operational status for a specific interface, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, refer to the Catalyst 2950 Desktop Switch Command Reference for this release.
For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release and the online Cisco IOS Interface Command Reference for Release 12.1. Understanding Interface Types This section describes the different types of interfaces supported by the switch with references to chapters that contain more detailed information about configuring these interface types.
VLAN membership of the port is discovered. In the Catalyst 2950 switch, dynamic access ports are assigned to a VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be a Catalyst 6000 series switch; the Catalyst 2950 switch does not support the function of a VMPS. Trunk Ports A trunk port carries the traffic of multiple VLANs and by default is a member of all VLANs in the VLAN database.
Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.
Cisco router Switch Host A Host B VLAN 20 VLAN 30 Using the Interface Command The Catalyst 2950 switch supports these interface types: Physical ports—switch ports • VLANs—Interfaces • Port-channels—EtherChannel of interfaces • You can also configure a range of interfaces (see the “Configuring a Range of Interfaces”...
Type—Fast Ethernet (fastethernet or fa) for 10/100 Ethernet or Gigabit Ethernet (gigabitethernet or • Slot—The slot number on the switch. On the Catalyst 2950 switch, the slot number is 0. • Port number—The interface number on the switch. The port numbers always begin at 1, starting at the left when facing the front of the switch, for example, gigabitethernet 0/1, gigabitethernet 0/2.
Page 222
Keepalive set (10 sec) Auto-duplex, Auto-speed input flow-control is off, output flow-control is off ARP type:ARPA, ARP Timeout 04:00:00 Last input never, output 2d00h, output hang never Last clearing of "show interface" counters never Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
When using the interface range global configuration command, note these guidelines: • Valid entries for port-range: – vlan vlan-ID - vlan-ID – fastethernet slot/{first port} - {last port}, where slot is 0 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
Page 224
If you exit interface range configuration mode while the commands are being executed, some commands might not be executed on all interfaces in the range. Wait until the command prompt reappears before exiting interface range configuration mode. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
All interfaces in a range must be the same type; that is, all Fast Ethernet ports, all Gigabit Ethernet • ports, all EtherChannel ports, or all VLANs, but you can combine multiple interface types in a macro. Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-04...
• Configuring the Port Speed and Duplex Mode, page 9-11 • Adding a Description for an Interface, page 9-15 • Configuring IEEE 802.3X Flow Control on Gigabit Ethernet Ports, page 9-14 Catalyst 2950 Desktop Switch Software Configuration Guide 9-10 78-11380-04...
Setting Speed and Duplex Parameters, page 9-12 • Caution If you reconfigure the port through which you are managing the switch, a Spanning Tree Protocol (STP) reconfiguration could cause a temporary loss of connectivity. Catalyst 2950 Desktop Switch Software Configuration Guide 9-11 78-11380-04...
100BASE-FX ports operate only at 100 Mbps in full-duplex • mode. Note The Catalyst 2950C-24 does not support the speed and duplex interface configuration commands in Release 12.1(6)EA2 or later. Step 5 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 9-12 78-11380-04...
For details on the command settings and the resulting flow control resolution on local and remote ports, Note refer to the flowcontrol interface configuration command in the Catalyst 2950 Desktop Switch Command Reference for this release. Catalyst 2950 Desktop Switch Software Configuration Guide...
Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface fastethernet0/4 Switch(config-if)# description Connects to Marketing Switch(config-if)# end Switch# show interfaces fastethernet0/4 description Interface Status Protocol Description Fa0/4 down Connects to Marketing Catalyst 2950 Desktop Switch Software Configuration Guide 9-15 78-11380-04...
(You can display the full list of show commands by using the show ? command at the privileged EXEC prompt.) These commands are fully described in the Cisco IOS Interface Command Reference for Release 12.1. Table 9-2...
Note The clear counters privileged EXEC command does not clear counters retrieved by using Simple Network Management Protocol (SNMP), but only those seen with the show interfaces privileged EXEC command. Catalyst 2950 Desktop Switch Software Configuration Guide 9-18 78-11380-04...
To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface is shown as administratively down in the show interfaces command display as with Fast Ethernet interface 0/5 in this example. Catalyst 2950 Desktop Switch Software Configuration Guide 9-19 78-11380-04...
Page 236
Hardware is Gigabit Ethernet, address is 0002.4b29.4403 (bia 0002.4b29.4403) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed <output truncated> Catalyst 2950 Desktop Switch Software Configuration Guide 9-20 78-11380-04...
Chapter 12, “Configuring Optional Spanning-Tree Features.” For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release. This chapter consists of these sections: Understanding Spanning-Tree Features, page 10-1 •...
The spanning-tree path cost to the root • The bridge ID of the sending switch • Message age • The identifier of the sending interface • • Values for the hello, forward delay, and max-age protocol timers Catalyst 2950 Desktop Switch Software Configuration Guide 10-2 78-11380-04...
Spanning tree uses this information to elect the root switch and root port for the switched network and the root port and designated port for each switched segment. Catalyst 2950 Desktop Switch Software Configuration Guide 10-3 78-11380-04...
MAC address. In Release 12.1(9)EA1 and later, Catalyst 2950 switches support the 802.1T spanning-tree extensions, and some of the bits previously used for the switch priority are now used as the VLAN identifier. The result is that fewer MAC addresses are reserved for the switch, and a larger range of VLAN IDs can be supported, all while maintaining the uniqueness of the bridge ID.
Forwarding—The interface forwards frames. Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on • the port, or no spanning-tree instance running on the port. Catalyst 2950 Desktop Switch Software Configuration Guide 10-5 78-11380-04...
Page 242
In the learning state, the interface continues to block frame forwarding as the switch learns end-station location information for the forwarding database. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where both learning and frame forwarding are enabled. Catalyst 2950 Desktop Switch Software Configuration Guide 10-6 78-11380-04...
An interface in the forwarding state performs as follows: Receives and forwards frames received on the port • Forwards frames switched from another port • Learns addresses • • Receives BPDUs Catalyst 2950 Desktop Switch Software Configuration Guide 10-7 78-11380-04...
However, in a network of Cisco switches connected through 802.1Q trunks, the switches maintain one spanning-tree instance for each VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch uses per-VLAN spanning tree+ (PVST+) to provide spanning-tree interoperability. It combines the spanning-tree instance of the 802.1Q VLAN of the trunk with the spanning-tree instance of the...
VLAN where you want it to run. Use the no spanning-tree vlan vlan-id global configuration command to disable STP on a specific VLAN, and use the spanning-tree vlan vlan-id global configuration command to enable STP on the desired VLAN. Catalyst 2950 Desktop Switch Software Configuration Guide 10-10 78-11380-04...
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To re-enable STP, use the spanning-tree vlan vlan-id global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 10-11 78-11380-04...
Before 12.1(9)EA1, entering the spanning-tree vlan vlan-id root global configuration command on a Catalyst 2950 switch (no extended system ID) caused it to set its own switch priority for the specified VLAN to 8192 if this value caused this switch to become the root for the specified VLAN. If any root switch for the specified VLAN has a switch priority lower than 8192, the switch sets its own priority for the specified VLAN to 1 less than the lowest switch priority.
Configuring a Secondary Root Switch When you configure a Catalyst 2950 switch that supports the extended system ID as the secondary root, the switch priority is modified from the default value (32768) to 28672. The switch is then likely to become the root switch for the specified VLAN if the primary root switch fails.
Cisco IOS uses the port priority value when the interface is configured as an access port and uses VLAN port priority values when the interface is configured as a trunk port.
Spanning tree uses the cost value when the interface is configured as an access port and uses VLAN port cost values when the interface is configured as a trunk port. Catalyst 2950 Desktop Switch Software Configuration Guide 10-15 78-11380-04...
Page 252
To return the interface to its default setting, use the no spanning-tree [vlan vlan-id] cost interface configuration command. For information on how to configure load sharing on trunk ports using spanning-tree path costs, see the “Load Sharing Using STP” section on page 13-26. Catalyst 2950 Desktop Switch Software Configuration Guide 10-16 78-11380-04...
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree vlan vlan-id priority global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 10-17 78-11380-04...
1 to 1005 when the standard software image is installed. Do not enter leading zeros. • For seconds, the range is 4 to 30; the default is 15. Step 3 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 10-18 78-11380-04...
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 10-19 78-11380-04...
Displays a summary of port states or displays the total lines of the STP state section. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. Catalyst 2950 Desktop Switch Software Configuration Guide 10-21...
C H A P T E R Configuring RSTP and MSTP This chapter describes how to configure the Cisco implementation of the IEEE 802.1W Rapid Spanning Tree Protocol (RSTP) and the IEEE 802.1S Multiple STP (MSTP) on your switch. To use the features described in this chapter, you must have the enhanced software image installed on your switch.
RSTP port states. Table 11-1 Port State Comparison Is Port Included in the Operational Status STP Port State RSTP Port State Active Topology? Enabled Blocking Discarding Enabled Listening Discarding Enabled Learning Learning Catalyst 2950 Desktop Switch Software Configuration Guide 11-2 78-11380-04...
Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide documents the port state as blocking instead of discarding. Designated ports start in the listening state. Rapid Convergence The RSTP provides for rapid recovery of connectivity following the failure of switch, a switch port, or a LAN.
When the switches connected by a point-to-point link are in agreement about their port roles, the RSTP immediately transitions the port states to forwarding. The sequence of events is shown in Figure 11-2. Catalyst 2950 Desktop Switch Software Configuration Guide 11-4 78-11380-04...
LAN. The port role in the proposal message is always set to the designated port. The sending switch sets the agreement flag in the RSTP BPDU to accept the previous proposal. The port role in the agreement message is always set to the root port. Catalyst 2950 Desktop Switch Software Configuration Guide 11-5 78-11380-04...
802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support 802.1D switches. The RSTP BPDUs never have the TCA bit set. Catalyst 2950 Desktop Switch Software Configuration Guide 11-6 78-11380-04...
RSTP BPDUs. There is no limit to the number of MST regions in a network, but each region can support up to 16 spanning-tree instances. You can assign a VLAN to only one spanning-tree instance at a time. Catalyst 2950 Desktop Switch Software Configuration Guide 11-7 78-11380-04...
For correct operation, all switches in the MST region must agree on the same IST master. Therefore, any two switches in the region synchronize their port roles for an MST instance only if they converge to a common IST master. Catalyst 2950 Desktop Switch Software Configuration Guide 11-8 78-11380-04...
VLAN cost, port VLAN priority) can be configured on both the CST instance and the MST instance. MSTP switches use version 3 RSTP BPDUs or 802.1D STP BPDUs to communicate with legacy 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. Catalyst 2950 Desktop Switch Software Configuration Guide 11-9 78-11380-04...
BPDU, an MST BPDU (version 3) associated with a different region, or an RST BPDU (version 2). Catalyst 2950 Desktop Switch Software Configuration Guide 11-10...
Partitioning the network into a large number of regions is not recommended. However, if this situation is unavoidable, we recommend that you partition the switched LAN into smaller LANs interconnected by routers or non-Layer 2 devices. Catalyst 2950 Desktop Switch Software Configuration Guide 11-12 78-11380-04...
To return to the default MST region configuration, use the no spanning-tree mst configuration global configuration command. To return to the default VLAN-to-instance map, use the no instance instance-id [vlan vlan-range] MST configuration command. To return to the default name, use the no name MST Catalyst 2950 Desktop Switch Software Configuration Guide 11-13 78-11380-04...
Note Catalyst 2950 switches running software earlier than Release 12.1(9)EA1 do not support the extended system ID. Catalyst 2950 switches running software earlier than Release 12.1(9)EA1 do not support the MSTP. If your network consists of switches that both do and do not support the extended system ID, it is unlikely Note that the switch with the extended system ID support will become the root switch.
Page 273
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst instance-id root global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 11-15 78-11380-04...
Configuring RSTP and MSTP Features Configuring a Secondary Root Switch When you configure a Catalyst 2950 switch that supports the extended system ID as the secondary root, the spanning-tree switch priority is modified from the default value (32768) to 28672. The switch is then likely to become the root switch for the specified instance if the primary root switch fails.
Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id port-priority interface configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 11-17 78-11380-04...
Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id cost interface configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 11-18 78-11380-04...
Exercise care when using this command. For most situations, we recommend that you use the Note spanning-tree mst instance-id root primary and the spanning-tree mst instance-id root secondary global configuration commands to modify the hello time. Catalyst 2950 Desktop Switch Software Configuration Guide 11-19 78-11380-04...
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst forward-time global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 11-20 78-11380-04...
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst max-hops global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 11-21 78-11380-04...
EXEC command. Use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command to restart the protocol migration process on a specific interface. Catalyst 2950 Desktop Switch Software Configuration Guide 11-22 78-11380-04...
1 to 4094; the valid port-channel range is 1 to 6. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. Catalyst 2950 Desktop Switch Software Configuration Guide...
Page 282
Chapter 11 Configuring RSTP and MSTP Displaying the MST Configuration and Status Catalyst 2950 Desktop Switch Software Configuration Guide 11-24 78-11380-04...
Chapter 11, “Configuring RSTP and MSTP.” Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. This chapter consists of these sections: • Understanding Optional Spanning-Tree Features, page 12-1 Configuring Optional Spanning-Tree Features, page 12-13 •...
The MSTP is available only if you have the enhanced software image installed on your switch. Figure 12-1 Port Fast-Enabled Ports Catalyst 3550 series switch Catalyst 2950-T or 2950G switch Catalyst 2950 Server switch Port Port Fast-enabled port Fast-enabled ports Workstations Workstations Catalyst 2950 Desktop Switch Software Configuration Guide 12-2 78-11380-04...
If your switch is running PVST or MSTP, you can enable the BPDU filtering feature for the entire switch or for an interface. The MSTP is available only if you have the enhanced software image installed on your switch. Catalyst 2950 Desktop Switch Software Configuration Guide 12-3 78-11380-04...
Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. Catalyst 2950 Desktop Switch Software Configuration Guide 12-4...
CSUF might not provide a fast transition all the time; in these cases, the normal spanning-tree transition occurs, completing in 30 to 40 seconds. For more information, see the “Events that Cause Fast Convergence” section on page 12-7. Catalyst 2950 Desktop Switch Software Configuration Guide 12-5 78-11380-04...
CSUF implements the Stack Membership Discovery Protocol and the Fast Uplink Transition Protocol. Using the Stack Membership Discovery Protocol, all stack switches build a neighbor list of stack members through the receipt of discovery hello packets. When certain link loss or spanning-tree events Catalyst 2950 Desktop Switch Software Configuration Guide 12-6 78-11380-04...
A new switch, which might become the stack root, is added to the stack. • A switch other than the stack root is powered off or failed. • A link fails between stack ports on the multidrop backbone. Catalyst 2950 Desktop Switch Software Configuration Guide 12-7 78-11380-04...
Each stack switch can be connected to the spanning-tree backbone through one uplink. • If the stack consists of a mixture of Catalyst 3550, Catalyst 3500 XL, Catalyst 2950, and • Catalyst 2900 XL switches, up to 64 VLANs with spanning tree enabled are supported. If the stack consists of only Catalyst 3550 switches, up to 128 VLANs with spanning tree enabled are supported.
BackboneFast then transitions the Layer 2 interface on Switch C to the forwarding state, providing a path from Switch B to Switch A. This Catalyst 2950 Desktop Switch Software Configuration Guide 12-10...
Page 293
BPDUs, and the new switch learns that Switch B is the designated bridge to Switch A, the root switch. Figure 12-9 Adding a Switch in a Shared-Medium Topology Switch A (Root) Switch B Switch C (Designated bridge) Blocked port Added switch Catalyst 2950 Desktop Switch Software Configuration Guide 12-11 78-11380-04...
Desired root switch Enable the root-guard feature on these interfaces to prevent switches in the customer network from becoming the root switch or being in the path to the root. Catalyst 2950 Desktop Switch Software Configuration Guide 12-12 78-11380-04...
Make sure that there are no loops in the network between the trunk port and the workstation or server before you enable Port Fast on a trunk port. By default, Port Fast is disabled on all ports. Catalyst 2950 Desktop Switch Software Configuration Guide 12-14 78-11380-04...
Enter interface configuration mode, and specify the interface connected to an end station. Step 4 spanning-tree portfast Enable the Port Fast feature. Step 5 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 12-15 78-11380-04...
Enable the Port Fast feature. Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 12-16 78-11380-04...
To return the update packet rate to the default setting, use the no spanning-tree uplinkfast max-update-rate global configuration command. To disable UplinkFast, use the no spanning-tree uplinkfast command. Catalyst 2950 Desktop Switch Software Configuration Guide 12-17 78-11380-04...
To disable CSUF on an interface, use the no spanning-tree stack-port interface configuration command. To disable UplinkFast on the switch and all its VLANs, use the no spanning-tree uplinkfast global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 12-18 78-11380-04...
Enter interface configuration mode, and specify an interface to configure. Step 3 spanning-tree guard root Enable root guard on the interface. By default, root guard is disabled on all interfaces. Step 4 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 12-19 78-11380-04...
To globally disable loop guard, use the no spanning-tree loopguard default global configuration command. You can override the setting of the no spanning-tree loopguard default global configuration command by using the spanning-tree guard loop interface configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 12-20 78-11380-04...
Displays a summary of port states or displays the total lines of the spanning-tree state section. For information about other keywords for the show spanning-tree privileged EXEC command, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. Catalyst 2950 Desktop Switch Software Configuration Guide 12-21...
Page 304
Chapter 12 Configuring Optional Spanning-Tree Features Displaying the Spanning-Tree Status Catalyst 2950 Desktop Switch Software Configuration Guide 12-22 78-11380-04...
VLAN Membership Policy Server (VMPS). Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. The chapter includes these sections: • Understanding VLANs, page 13-1 Configuring Normal-Range VLANs, page 13-6 •...
When you assign switch interfaces to VLANs by using this method, it is known as interface-based, or static, VLAN membership. Supported VLANs Table 13-1 lists the number of supported VLANs on Catalyst 2950 switches. Table 13-1 Maximum Number of Supported VLANs Number of Switch Model...
VLAN change. • On switches running a IOS software version that is earlier than Cisco IOS 12.0(5)XP, you cannot change the management VLAN. Switches running Cisco IOS 12.0(5)XP should be upgraded to the current software release as described in the release notes.
VLAN for new switches when they are connected to the cluster. In this way, the new switch can exchange Cisco Discovery Protocol (CDP) messages with the command switch and be proposed as a cluster candidate.
When a port belongs to a VLAN, the switch learns and manages the addresses associated with the port on a per-VLAN basis. For more information, see the “Managing the MAC Address Table” section on page 7-52. Catalyst 2950 Desktop Switch Software Configuration Guide 13-5 78-11380-04...
Caution If you want to modify the VLAN configuration, use the commands described in these sections and in the Catalyst 2950 Desktop Switch Command Reference for this release. To change the VTP configuration, Chapter 14, “Configuring VTP.” You use the interface configuration mode to define the port membership mode and to add and remove ports from VLANs.
Assigning Static-Access Ports to a VLAN, page 13-13 Token Ring VLANs Although the Catalyst 2950 switches do not support Token Ring connections, a remote device such as a Catalyst 5000 series switch with Token Ring connections could be managed from one of the supported switches.
Catalyst 2950 Desktop Switch Command Reference for this release. When you have finished the configuration, you must exit config-vlan mode for the configuration to take effect. To display the VLAN configuration, enter the show vlan privileged EXEC command.
VLAN and VTP configurations in the startup configuration file, so the switch uses the VLAN database configuration. Caution If the startup configuration file contains extended-range VLAN configuration, this information will be lost when the system boots up. Catalyst 2950 Desktop Switch Software Configuration Guide 13-9 78-11380-04...
VLAN IDs greater than 1006, but they are not added to the VLAN database. See the “Configuring Extended-Range VLANs” section on page 13-14. For the list of default parameters that are assigned when you add a VLAN, see the “Configuring Normal-Range VLANs” section on page 13-6. Catalyst 2950 Desktop Switch Software Configuration Guide 13-10 78-11380-04...
Page 315
VLAN. For example, VLAN0004 is a default VLAN name for VLAN 4. Step 3 vlan vlan-id mtu mtu-size (Optional) To modify a VLAN, identify the VLAN and change a characteristic, such as the MTU size. Catalyst 2950 Desktop Switch Software Configuration Guide 13-11 78-11380-04...
To delete a VLAN by using VLAN configuration mode, use the vlan database privileged EXEC command to enter VLAN configuration mode and the no vlan vlan-id VLAN configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 13-12 78-11380-04...
Switch(config-if)# end Switch# These examples show how to verify the configuration: Switch# show running-config interface fastethernet0/1 Building configuration... Current configuration : 74 bytes interface FastEthernet0/12 switchport access vlan 2 switchport mode access Catalyst 2950 Desktop Switch Software Configuration Guide 13-13 78-11380-04...
Table 13-3 on page 13-10 for the default configuration for Ethernet VLANs. You can change only the MTU size on extended-range VLANs; all other characteristics must remain at the default state. Catalyst 2950 Desktop Switch Software Configuration Guide 13-14 78-11380-04...
MTU size is the only parameter you can change. Refer to the description of the vlan global configuration command in the Catalyst 2950 Desktop Switch Command Reference for defaults of all parameters. If you enter an extended-range VLAN ID when the switch is not in VTP transparent mode, an error message is generated when you exit from config-vlan mode, and the extended-range VLAN is not created.
(accessed by entering the vlan database privileged EXEC command). For a list of the VLAN IDs on the switch, use the show running-config vlan privileged EXEC command, optionally entering a VLAN ID range. Table 13-4 lists the commands for monitoring VLANs. Catalyst 2950 Desktop Switch Software Configuration Guide 13-16 78-11380-04...
Page 321
For more details about the show command options and explanations of output fields, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. This is an example of output from the show vlan privileged EXEC command, showing all VLANs:...
Fast Ethernet and Gigabit Ethernet trunks carry the traffic of multiple VLANs over a single link, and you can extend the VLANs across an entire network. Catalyst 2950 Desktop Switch Software Configuration Guide 13-18...
Page 323
Chapter 13 Configuring VLANs Configuring VLAN Trunks Figure 13-2 shows a network of switches that are connected by 802.1Q trunks. Figure 13-2 Catalyst 2950, 2900 XL, and 3500 XL Switches in a 802.1Q Trunking Environment Catalyst 6000 series switch 802.1Q 802.1Q 802.1Q...
VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco 802.1Q switch.
STP port priority for each VLAN – STP Port Fast setting – trunk status: if one port in a port group ceases to be a trunk, all ports cease to be trunks. Catalyst 2950 Desktop Switch Software Configuration Guide 13-21 78-11380-04...
To reset all trunking characteristics of a trunking interface to the defaults, use the no switchport trunk interface configuration command. To disable trunking, use the switchport mode access interface configuration commands to configure the port as a static-access port. Catalyst 2950 Desktop Switch Software Configuration Guide 13-22 78-11380-04...
VLAN. When VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk port, the trunk port does not become a member of the new VLAN. Catalyst 2950 Desktop Switch Software Configuration Guide 13-23...
| none | remove} vlan-list For explanations about using the add, except, none, and remove keywords, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. The vlan-list parameter is either a single VLAN number from 1 to 4094 or a range of VLANs described by two VLAN numbers, the lower one first, separated by a hyphen.
14-4). [,vlan[,vlan[,,,]] For explanations about using the add, except, none, and remove keywords, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to designate a range of IDs. Valid IDs are from 2 to 1001.
6. If the active trunk fails, the trunk with the lower priority takes over and carries the traffic for all of the VLANs. No duplication of traffic occurs over any trunk port. Catalyst 2950 Desktop Switch Software Configuration Guide 13-26...
Page 331
Step 18 spanning-tree vlan 9 port-priority 10 Assign the port priority of 10 for VLAN 9. Step 19 spanning-tree vlan 10 port-priority 10 Assign the port priority of 10 for VLAN 10. Catalyst 2950 Desktop Switch Software Configuration Guide 13-27 78-11380-04...
Enter global configuration mode on Switch 1. Step 2 interface fastethernet 0/1 Enter interface configuration mode, and define Fast Ethernet port 0/1 as the interface to be configured as a trunk. Catalyst 2950 Desktop Switch Software Configuration Guide 13-28 78-11380-04...
Page 333
In the display, verify that the path costs are set correctly for interfaces Fast Ethernet 0/1 and 0/2. Step 18 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 13-29 78-11380-04...
Configuring VMPS Configuring VMPS The Catalyst 2950 switch cannot be a VMPS server but can act as a client to the VMPS and communicate with it through the VLAN Query Protocol (VQP). VMPS dynamically assigns dynamic access port VLAN membership.
TFTP server that functions as a VMPS server. The file contains VMPS information, such as the domain name, the fallback VLAN name, and the MAC-address-to-VLAN mapping. The Catalyst 2950 switch cannot act as the VMPS, but you can use a Catalyst 5000 or Catalyst 6000 series switch as the VMPS.
VQP does not support extended-range VLANs (VLAN IDs higher than 1006). Extended-range • VLANs cannot be configured by VMPS. The VLAN configured on the VMPS server should not be a voice VLAN. • Catalyst 2950 Desktop Switch Software Configuration Guide 13-33 78-11380-04...
Enter global configuration mode. Step 2 interface interface-id Enter interface configuration mode and the switch port that is connected to the end station. Step 3 switchport mode access Set the port to access mode. Catalyst 2950 Desktop Switch Software Configuration Guide 13-34 78-11380-04...
Interval field of the display. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no vmps reconfirm global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 13-35 78-11380-04...
The result of the most recent reconfirmation attempt. A reconfirmation attempt can occur automatically when the reconfirmation interval expired, or you can force it by entering the vmps reconfirm privileged EXEC command or its CMS or SNMP equivalent. Catalyst 2950 Desktop Switch Software Configuration Guide 13-36 78-11380-04...
The end stations are connected to these clients: – Catalyst 2950 Switch 2 – Catalyst 3500 XL Switch 9 The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. • Catalyst 2950 Desktop Switch Software Configuration Guide 13-37 78-11380-04...
This chapter describes how to use the VLAN Trunking Protocol (VTP) and the VLAN database for managing VLANs. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release. The chapter includes these sections: • Understanding VTP, page 14-1 •...
For domain name and password configuration guidelines, see the “VTP Configuration Guidelines” section on page 14-8. Catalyst 2950 Desktop Switch Software Configuration Guide 14-2 78-11380-04...
Otherwise, the switch cannot receive any VTP advertisements. For more information on trunk ports, see “Configuring VLAN Trunks” section on page 13-18. VTP advertisements distribute this global domain information: • VTP domain name • VTP configuration revision number • Update identity and update timestamp Catalyst 2950 Desktop Switch Software Configuration Guide 14-3 78-11380-04...
Switch 4 are assigned to the Red VLAN. If a broadcast is sent from the host connected to Switch 1, Switch 1 floods the broadcast and every switch in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN. Catalyst 2950 Desktop Switch Software Configuration Guide 14-4 78-11380-04...
Page 347
VLANs that are pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible. Catalyst 2950 Desktop Switch Software Configuration Guide 14-5 78-11380-04...
VTP file name, the interface providing updated VTP information, the domain name, and the mode. For more information about available keywords, refer to the command descriptions in the Catalyst 2950 Desktop Switch Command Reference for this release. The VTP information is saved in the VLAN database.
Release 12.0(5.1)WC, to a version that does support VTP, ports that belong to a VLAN retain their VLAN membership, and VTP enters transparent mode. The domain name becomes UPGRADE, and VTP does not propagate the VLAN configuration to other switches. Catalyst 2950 Desktop Switch Software Configuration Guide 14-8 78-11380-04...
For more information about the command, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. If you are configuring extended-range VLANs on the switch, the switch must be in VTP transparent mode.
Page 352
Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. Step 7 copy running-config (Optional) Save the VTP mode in the startup configuration file. startup-config Catalyst 2950 Desktop Switch Software Configuration Guide 14-10 78-11380-04...
Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. Step 7 copy running-config startup-config (Optional) Save the VTP mode in the startup configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 14-11 78-11380-04...
To return the switch to VTP server mode, use the no vtp mode global configuration command. If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You Note receive an error message, and the configuration is not allowed. Catalyst 2950 Desktop Switch Software Configuration Guide 14-12 78-11380-04...
You can also enable VTP version 2 by using the vlan database privileged EXEC command to enter VLAN configuration mode and entering the vtp v2-mode VLAN configuration command. To disable VTP version 2, use the no vtp v2-mode VLAN configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 14-13 78-11380-04...
Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible on trunk ports. Reserved VLANs and extended-range VLANs cannot be pruned. To change the pruning-eligible VLANs, see the “Changing the Pruning-Eligible List” section on page 13-24. Catalyst 2950 Desktop Switch Software Configuration Guide 14-14 78-11380-04...
You can use the vtp mode transparent global configuration command or the vtp transparent VLAN Note configuration command to disable VTP on the switch, and then change its VLAN information without affecting the other switches in the VTP domain. Catalyst 2950 Desktop Switch Software Configuration Guide 14-15 78-11380-04...
Number of config revision errors Number of config digest errors Number of V1 summary errors VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Catalyst 2950 Desktop Switch Software Configuration Guide 14-16 78-11380-04...
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. The switch can connect to a Cisco 7960 IP Phone and carry IP voice traffic. Because the sound quality of an IP phone call can deteriorate if the data is unevenly transmitted, the switch supports quality of service ( QoS) based on IEEE 802.1P class of service (CoS).
Default Voice VLAN Configuration, page 15-2 • Configuration Guidelines, page 15-3 • Configuring a Port to Connect to a Cisco 7960 IP Phone, page 15-3 • Default Voice VLAN Configuration The voice VLAN feature is disabled by default. When the voice VLAN feature is enabled, untagged traffic is sent according to the default CoS priority of the port.
Configuring a Port to Connect to a Cisco 7960 IP Phone Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco 7960 IP Phone can carry mixed traffic.
Instruct the switch port to use 802.1P priority tagging for voice traffic and to use the default native VLAN to carry all traffic. By default, the Cisco IP phone forwards the voice traffic with an 802.1P priority of 5.
Overriding the CoS Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco 7960 IP Phone port. The PC can generate packets with an assigned CoS value. You can configure the switch to override the priority of frames arriving on the IP phone port from connected devices.
To display voice VLAN for an interface, use the show interfaces interface-id switchport privileged EXEC command. For detailed information about the fields in the display, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. Catalyst 2950 Desktop Switch Software Configuration Guide...
Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2950 Desktop Switch Command Reference for this release and the Cisco IOS Release Network Protocols Command Reference, Part 1, for Release 12.1.
IGMP snooping. Multicast group membership lists can consist of both user-defined and IGMP snooping-learned settings. Catalyst 2950 switches support a maximum of 255 IP multicast groups and support both IGMP version 1 and IGMP version 2. If a port spanning-tree, a port group, or a VLAN ID change occurs, the IGMP snooping-learned multicast groups from this port on the VLAN are deleted.
Page 367
If another host (for example, Host 4) sends an IGMP join message for the same group (Figure 16-2), the CPU receives that message and adds the port number of Host 4 to the multicast forwarding table as shown in Table 16-2. Catalyst 2950 Desktop Switch Software Configuration Guide 16-3 78-11380-04...
The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message. Immediate-Leave processing ensures optimal bandwidth management for all hosts on a switched network, even when multiple multicast groups are in use simultaneously. Catalyst 2950 Desktop Switch Software Configuration Guide 16-4 78-11380-04...
VLANs, but it can be enabled and disabled on a per-VLAN basis. Global IGMP snooping overrides the VLAN IGMP snooping. If global snooping is disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or disable VLAN snooping. Catalyst 2950 Desktop Switch Software Configuration Guide 16-5 78-11380-04...
Snooping on Protocol Independent Multicast (PIM) packets and Distance Vector Multicast Routing • Protocol (DVMRP) packets • Listening to Cisco Group Management Protocol (CGMP) self-join packets from other routers Statically connecting to a multicast router port with the ip igmp snooping mrouter global • configuration command You can configure the switch to either snoop on PIM/DVMRP packets or to listen to CGMP self-join packets.
Configuring a Multicast Router Port To add a multicast router port (add a static connection to a multicast router), use the ip igmp snooping vlan mrouter global configuration command on the switch. Catalyst 2950 Desktop Switch Software Configuration Guide 16-7 78-11380-04...
• vlan-id is the multicast group VLAN ID. • mac-address is the group MAC address. • interface-id is the member port. Step 3 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 16-8 78-11380-04...
Verify that Immediate Leave is enabled on the VLAN. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable Immediate-Leave processing, use the no ip igmp snooping vlan vlan-id immediate-leave global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 16-9 78-11380-04...
• igmp-snooping—Displays only entries learned through IGMP • snooping. count—Displays only the total number of entries for the selected • criteria, not the actual entries. Catalyst 2950 Desktop Switch Software Configuration Guide 16-10 78-11380-04...
VLAN from the source. This forwarding behavior selectively allows traffic to cross between different VLANs. The Catalyst 2950 switch has dynamic and compatible modes of MVR operation: • When operating in MVR dynamic mode, the switch performs standard IGMP snooping. IGMP information packets are sent to the switch CPU, but multicast data packets are not sent to the CPU.
Page 376
RP1 RP2 RP3 RP4 RP5 RP6 RP7 Customer premises IGMP join Set-top box Set-top box data RP = Receiver Port Note: All source ports belong to SP = Source Port the multicast VLAN. Catalyst 2950 Desktop Switch Software Configuration Guide 16-12 78-11380-04...
IP multicast addresses (in the range 224.0.0.xx). Note For complete syntax and usage information for the commands used in this section, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. Default MVR Configuration Table 16-5 shows the default MVR configuration.
Catalyst 2900 XL and Catalyst 3500 XL switches and does not support IGMP dynamic joins on source ports. The default is compatible mode. Step 7 Exit configuration mode. Catalyst 2950 Desktop Switch Software Configuration Guide 16-14 78-11380-04...
It does not receive data unless it becomes a member of the multicast group, either statically or by using IGMP leave and join messages. Receiver ports cannot belong to the multicast VLAN. Catalyst 2950 Desktop Switch Software Configuration Guide 16-15 78-11380-04...
Page 380
Switch# show mvr interface gigabitethernet0/6 members 239.255.0.0 DYNAMIC ACTIVE 239.255.0.1 DYNAMIC ACTIVE 239.255.0.2 DYNAMIC ACTIVE 239.255.0.3 DYNAMIC ACTIVE 239.255.0.4 DYNAMIC ACTIVE 239.255.0.5 DYNAMIC ACTIVE 239.255.0.6 DYNAMIC ACTIVE 239.255.0.7 DYNAMIC ACTIVE 239.255.0.8 DYNAMIC ACTIVE 239.255.0.9 DYNAMIC ACTIVE Catalyst 2950 Desktop Switch Software Configuration Guide 16-16 78-11380-04...
Displays MVR status and values for the switch—whether MVR is enabled or disabled, the multicast VLAN, the number of multicast groups (always 256 for the Catalyst 2950 switch), the query response time, and the MVR mode. show mvr interface [interface-id] Displays all MVR interfaces and their MVR configurations.
IP multicast traffic. The filtering feature operates in the same manner whether CGMP or MVR is used to forward the multicast traffic. You can also set the maximum number of IGMP groups that an interface can join. Catalyst 2950 Desktop Switch Software Configuration Guide 16-18 78-11380-04...
IP multicast address. You can use the range command multiple times to enter multiple addresses or ranges of addresses. Step 5 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 16-19 78-11380-04...
This example shows how to apply IGMP profile 4 to an interface and verify the configuration. Switch # configure terminal Switch(config)# interface fastethernet0/12 Switch(config-if)# ip igmp filter 4 Switch(config-if)# end Switch# show running-config interface fastethernet0/12 Catalyst 2950 Desktop Switch Software Configuration Guide 16-20 78-11380-04...
Switch(config-if)# end Switch# show running-config interface fastethernet0/12 Building configuration... Current configuration : 123 bytes interface FastEthernet0/12 no ip address shutdown snmp trap link-status ip igmp max-groups 25 ip igmp filter 4 Catalyst 2950 Desktop Switch Software Configuration Guide 16-21 78-11380-04...
This chapter describes how to configure the port-based traffic control features on your switch. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release. This chapter consists of these sections: Configuring Storm Control, page 17-1 •...
Layer 3 device such as a router. To meet this requirement, you can configure Catalyst 2950 ports as protected ports (also referred to as private VLAN edge ports). Protected ports do not forward any traffic to protected ports on the same switch.
If you enable port security on a voice VLAN port and if there is a PC connected to the IP phone, you should set the maximum allowed secure addresses on the port to more than 1. Catalyst 2950 Desktop Switch Software Configuration Guide 17-4...
Step 2 interface interface-id Enter interface configuration mode for the port that you want to unsecure. Step 3 no switchport port-security Disable port security. Step 4 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 17-5 78-11380-04...
Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port. You can enable or disable aging of statically configured secure addresses on a per port basis. Catalyst 2950 Desktop Switch Software Configuration Guide 17-6 78-11380-04...
The show interfaces counters privileged EXEC commands display the count of discarded packets. The show storm control and show port-security privileged EXEC commands display those features. Catalyst 2950 Desktop Switch Software Configuration Guide 17-7 78-11380-04...
Page 394
Voice VLAN:none (Inactive) Appliance trust:none This is an example of output from the show interfaces counters broadcast privileged EXEC command: Switch# show interfaces counters broadcast Port BcastSuppDiscards Fa0/1 Fa0/2 Fa0/3 Fa0/4 Catalyst 2950 Desktop Switch Software Configuration Guide 17-8 78-11380-04...
Page 395
Port status :SecureUp Violation mode :Shutdown Maximum MAC Addresses :11 Total MAC Addresses :11 Configured MAC Addresses :3 Aging time :20 mins Aging type :Inactivity SecureStatic address aging :Enabled Security Violation count :0 Catalyst 2950 Desktop Switch Software Configuration Guide 17-9 78-11380-04...
Page 396
Switch# show storm-control fastethernet0/4 multicast Interface Filter State Trap State Upper Lower Current Traps Sent --------- ------------- ------------- ------- ------- ------- ---------- Fa0/4 inactive inactive 100.00% 100.00% 0.00% Catalyst 2950 Desktop Switch Software Configuration Guide 17-10 78-11380-04...
This chapter describes how to configure the UniDirectional Link Detection (UDLD) protocol on your switch. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release. This chapter consists of these sections: • Understanding UDLD, page 18-1 •...
Page 398
Switch A on this port. However, Switch A does not receive traffic from Switch B on the same port. UDLD detects the problem and disables the port. Switch B Catalyst 2950 Desktop Switch Software Configuration Guide 18-2 78-11380-04...
The no shutdown interface configuration command restarts the disabled interface. • The no udld enable global configuration command re-enables UDLD globally. • The udld disable interface configuration command re-enables UDLD on the specified interface. Catalyst 2950 Desktop Switch Software Configuration Guide 18-4 78-11380-04...
Chapter 18 Configuring UDLD Displaying UDLD Status Displaying UDLD Status To display the UDLD status for the specified interface or for all interfaces, use the show udld [interface-id] privileged EXEC command. Catalyst 2950 Desktop Switch Software Configuration Guide 18-5 78-11380-04...
• Understanding CDP CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.
The range is from 10 to 255 seconds; the default is 180 seconds. Step 4 cdp advertise-v2 (Optional) Configure CDP to send version-2 advertisements. This is the default state. Step 5 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 19-2 78-11380-04...
Beginning in privileged EXEC mode, follow these steps to enable CDP when it has been disabled: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 cdp run Enable CDP after disabling it. Step 3 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 19-3 78-11380-04...
(Optional) Save your entries in the configuration file. This example shows how to enable CDP on an interface when it has been disabled. Switch# configure terminal Switch(config)# interface fastethernet0/5 Switch(config-if)# cdp enable Switch(config-if)# end Catalyst 2950 Desktop Switch Software Configuration Guide 19-4 78-11380-04...
This chapter describes how to configure Switch Port Analyzer (SPAN) on your switch. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release. This chapter consists of these sections: Understanding SPAN, page 20-1 •...
SPAN session. You can monitor a series or range of ingress ports in a SPAN session. At the destination port, the packets are seen with the 802.1Q tag, but packets from the switch CPU to the destination port are without the 802.1Q tag. Catalyst 2950 Desktop Switch Software Configuration Guide 20-2 78-11380-04...
The destination port has these characteristics: It must reside on the same switch as the source port. • It can be any Ethernet physical port. • It cannot be a source port. • Catalyst 2950 Desktop Switch Software Configuration Guide 20-3 78-11380-04...
Make sure there are no potential loops in the network topology when you enable incoming traffic for a destination port. • Cisco Discovery Protocol (CDP)—A SPAN destination port does not participate in CDP while the SPAN session is active. After the SPAN session is disabled, the port again participates in CDP. •...
A SPAN destination port never participates in any VLAN spanning tree. SPAN does include BPDUs in the monitored traffic, so any spanning-tree BPDUs received on the SPAN destination port for a SPAN session were copied from the SPAN source ports. Catalyst 2950 Desktop Switch Software Configuration Guide 20-5 78-11380-04...
This example shows how to set up a SPAN session, session 1, for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is cleared, and then bidirectional traffic is mirrored from source port 1 to destination port 2. Catalyst 2950 Desktop Switch Software Configuration Guide 20-6 78-11380-04...
(Optional) Save your entries in the configuration file. To remove a destination port from the SPAN session, use the no monitor session session_number destination interface interface-id global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 20-7 78-11380-04...
This is an example of output for the show monitor privileged EXEC command for session 1: Switch# show monitor session 1 Session 2 --------- Source Ports: RX Only: Gi0/1 TX Only: None Both: None Destination Ports:Gi0/2 Catalyst 2950 Desktop Switch Software Configuration Guide 20-8 78-11380-04...
Configuring System Message Logging This chapter describes how to configure system message logging on your switch. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Configuration Fundamentals Command Reference for Release 12.1.
Table 21-4 on page 21-12. severity Single-digit code from 0 to 7 that is the severity of the message. For a description of the severity levels, see Table 21-3 on page 21-9. Catalyst 2950 Desktop Switch Software Configuration Guide 21-2 78-11380-04...
Logging server Disabled. Syslog server IP address None configured. Server facility Local7 (see Table 21-4 on page 21-12). Server severity Informational (and numerically lower levels; see Table 21-3 on page 21-9). Catalyst 2950 Desktop Switch Software Configuration Guide 21-3 78-11380-04...
Use the show memory privileged EXEC command to view the free processor memory on the switch; however, this value is the maximum available, and the buffer size should not be set to this amount. Catalyst 2950 Desktop Switch Software Configuration Guide 21-4 78-11380-04...
Page 423
To disable logging to the console, use the no logging console global configuration command. To disable logging to a file, use the no logging file [severity-level-number | type] global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 21-5 78-11380-04...
(Optional) For limit number-of-buffers, specify the number of • buffers to be queued for the terminal after which new messages are dropped. The default is 20. Step 4 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 21-6 78-11380-04...
1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) This example shows part of a logging display with the service timestamps log uptime global configuration command enabled: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up Catalyst 2950 Desktop Switch Software Configuration Guide 21-7 78-11380-04...
(see Table 21-3 on page 21-9). For complete syslog server configuration steps, see the “Configuring UNIX Syslog Servers” section on page 21-10. Step 5 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 21-8 78-11380-04...
Page 427
Error messages about software or hardware malfunctions, displayed at levels warnings through emergencies. These types of messages mean that the functionality of the switch is affected. For information on how to recover from these malfunctions, refer to the Catalyst 2950 Desktop Switch System Message Guide.
Configuring UNIX Syslog Servers The next sections describe how to configure the UNIX server syslog daemon and define the UNIX system logging facility. Catalyst 2950 Desktop Switch Software Configuration Guide 21-10 78-11380-04...
To display the current logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1.
For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release and to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1. This chapter consists of these sections: •...
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2. Catalyst 2950 Desktop Switch Software Configuration Guide 22-2 78-11380-04...
(up or down), MAC address tracking, and so forth. The SNMP agent also responds to MIB-related queries sent by the SNMP manager in get-request, get-next-request, and set-request format. Catalyst 2950 Desktop Switch Software Configuration Guide 22-3 78-11380-04...
MIB objects. By default, the community string permits read-only access to all objects. (Optional) For access-list-number, enter an IP standard access • list numbered from 1 to 99 and 1300 to 1999. Catalyst 2950 Desktop Switch Software Configuration Guide 22-5 78-11380-04...
Page 436
This example shows how to assign the string comaccess to SNMP, to allow read-only access, and to specify that IP access list 4 can use the community string to gain access to the switch SNMP agent: Switch(config)# snmp-server community comaccess ro 4 Catalyst 2950 Desktop Switch Software Configuration Guide 22-6 78-11380-04...
Table 22-3 Switch Notification Types Notification Type Description c2900 Generates a trap for Catalyst 2950-specific notifications. cluster Generates a trap when the cluster configuration changes. config Generates a trap for SNMP configuration changes.
Page 438
To remove the specified host from receiving traps, use the no snmp-server host host global configuration command. To disable a specific trap type, use the no snmp-server enable traps notification-types global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 22-8 78-11380-04...
Place ones in the bit positions that you want to ignore. Recall that the access list is always terminated by an implicit deny statement for everything. Catalyst 2950 Desktop Switch Software Configuration Guide 22-9 78-11380-04...
Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
Chapter 3, “Getting Started with CMS.” You can also use the security wizard to filter inbound traffic on the Catalyst 2950 switches. Filtering can be based on network addresses or TCP/UDP applications. You can choose whether to drop or forward packets that meet the filtering criteria.
In Figure 23-1, ACLs applied at the switch input allow Host A to access the Human Resources network, but prevent Host B from accessing the same network. Catalyst 2950 Desktop Switch Software Configuration Guide 23-2 78-11380-04...
In the first and second ACEs in the examples, the eq keyword after the destination address means to test Note for the TCP-destination-port well-known numbers equaling Simple Mail Transfer Protocol (SMTP) and Telnet, respectively. Catalyst 2950 Desktop Switch Software Configuration Guide 23-3 78-11380-04...
ACEs were checking different hosts. Understanding Access Control Parameters Before configuring ACLs on the Catalyst 2950 switches, you must have a thorough understanding of the Access Control Parameters (ACPs). ACPs are referred to as masks in the switch CLI commands, output, and CMS.
ACLs. The Catalyst 2950 switch ACL configuration is consistent with other Cisco Catalyst switches. However, there are significant restrictions as well as differences for ACL configurations on the Catalyst 2950 switches.
Cisco routers. The process is briefly described here. For more detailed information on configuring router ACLs, refer to the “Configuring IP Services” chapter in the Cisco IP and IP Routing Configuration Guide for IOS Release 12.1. For detailed information about the commands, refer to Cisco IOS IP and IP Routing Command Reference for IOS Release 12.1.
Table 23-2 lists the access list number and corresponding type and shows whether or not they are supported by the switch. The Catalyst 2950 switch supports IP standard and IP extended access lists, numbers 1 to 199 and 1300 to 2699.
0.0.0.0. (Optional) The source-wildcard applies wildcard bits to the source. (See first bullet item.) Note The log option is not supported on Catalyst 2950 switches. Step 3 Return to privileged EXEC mode. Step 4 show access-lists [number | name] Show the access list configuration.
– – IP source address IP destination address Fragments – – TCP or UDP Layer 4 Parameters Source port operator Source port Destination port operator Destination port TCP flag – – Catalyst 2950 Desktop Switch Software Configuration Guide 23-9 78-11380-04...
Page 450
1. X in a protocol column means support for the filtering parameter. 2. No support for type of service (TOS) minimize monetary cost bit. For more details on the specific keywords relative to each protocol, refer to the Cisco IP and IP Routing Command Reference for IOS Release 12.1.
Page 451
The keyword host, followed by the 32-bit quantity in dotted-decimal • format, as an abbreviation for a single host with source and source-wildcard of source 0.0.0.0. Only the ip, tcp, and udp protocols are supported on Catalyst 2950 Note switches. Step 3 show access-lists [number | name] Verify the access list configuration.
A standard ACL and an extended ACL cannot have the same name. Numbered ACLs are also available, as described in the “Creating Standard and Extended IP ACLs” • section on page 23-7. Catalyst 2950 Desktop Switch Software Configuration Guide 23-12 78-11380-04...
Page 453
• any represents a source and source wildcard of 0.0.0.0 255.255.255.255. Note The log option is not supported on Catalyst 2950 switches. Step 4 Return to privileged EXEC mode. Step 5 show access-lists [number | name] Show the access list configuration.
In this example, the Jones subnet is not allowed to use outbound Telnet: Switch(config)# ip access-list extended telnetting Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out Switch(config-ext-nacl)# deny tcp host 171.69.2.88 any eq telnet Catalyst 2950 Desktop Switch Software Configuration Guide 23-14 78-11380-04...
The interface must be a Layer 2 or management interface or a management interface VLAN ID. Step 3 ip access-group {access-list-number | Control access to the specified interface. name} {in} Step 4 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 23-15 78-11380-04...
Standard IP access list 12 deny 1.3.3.2 Standard IP access list 32 permit 172.20.20.20 Standard IP access list 34 permit 10.24.35.56 permit 23.45.56.34 Extended IP access list 120 Extended MAC access list mac1 Catalyst 2950 Desktop Switch Software Configuration Guide 23-16 78-11380-04...
This example shows how to display the ACL configuration of Gigabit Ethernet interface 0/1: Switch# show running-config interface gigabitethernet0/1 Building configuration... Current configuration :112 bytes interface GigabitEthernet0/1 ip access-group 11 in snmp trap link-status no cdp enable end! Catalyst 2950 Desktop Switch Software Configuration Guide 23-17 78-11380-04...
Services” chapter of the Cisco IOS IP and IP Routing Configuration Guide for IOS Release 12.1. Figure 23-2 shows a small networked office with a stack of Catalyst 2950 switches that are connected to a Cisco router. A host is connected to the network through the Internet using a WAN link.
Page 459
The ACLs are applied to permit Gigabit Ethernet port 0/1, which is configured as a Layer 2 port, with the Marketing_group ACL applied to incoming traffic. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group marketing_group in Catalyst 2950 Desktop Switch Software Configuration Guide 23-19 78-11380-04...
Note For more information about the supported non-IP protocols in the mac access-list extended command, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. Matching on any SNAP-encapsulated packet with a nonzero Organizational Unique Identifier (OUI) is Note not supported.
Display the MAC ACLs applied to the interface. Step 5 Return to privileged EXEC mode. Step 6 show mac-access group Display the ACL configuration. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 23-21 78-11380-04...
Page 462
When you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied to the interface and permits all packets. Remember this behavior if you use undefined ACLs as a means of network security. Catalyst 2950 Desktop Switch Software Configuration Guide 23-22 78-11380-04...
Page 463
For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 2950 Desktop Switch Command Reference for this release. QoS can be configured either by using the Cluster Management Suite (CMS) or through the command-line interface (CLI).
QoS Configuration Examples, page 24-25 Understanding QoS This section describes how QoS is implemented on the Catalyst 2950 switch. If you have the standard software image installed on your switch, some concepts and features in this section might not apply.
The result of this determination is passed to the marker. For more information, see the “Policing and Marking” section on page 24-6. Catalyst 2950 Desktop Switch Software Configuration Guide 24-3 78-11380-04...
Classification occurs only on a physical interface basis. No support exists for classifying packets at the VLAN or the switched virtual interface level. You specify which fields in the frame or packet that you want to use to classify incoming traffic. Catalyst 2950 Desktop Switch Software Configuration Guide 24-4 78-11380-04...
• action, and QoS processing begins. • Configuration of a deny action is not supported in QoS ACLs on a Catalyst 2950 switch. • System-defined masks are allowed in class maps with these restrictions: A combination of system-defined and user-defined masks cannot be used in the multiple class –...
The trust DSCP configuration is meaningless for non-IP traffic. If you configure a port with this option and non-IP traffic is received, the switch assigns the default port CoS value and classifies traffic based on the CoS value. Catalyst 2950 Desktop Switch Software Configuration Guide 24-6 78-11380-04...
Mapping Tables This feature is available only if your switch is running the enhanced software image. Note The Catalyst 2950 switches support these types of marking to apply to the switch: CoS value to the DSCP value • DSCP value to CoS value •...
How Class of Service Works Before you set up 802.1P CoS on a Catalyst 2950 that operates with the Catalyst 6000 family of switches, refer to the Catalyst 6000 documentation. There are differences in the 802.1P implementation, and they should be understood to ensure compatibility.
Table 24-2 Default QoS Configuration The default port CoS value is 0. The default port trust state is untrusted. No policy maps are configured. No policers are configured. No policers are configured. Catalyst 2950 Desktop Switch Software Configuration Guide 24-9 78-11380-04...
This section describes how to classify incoming traffic by using port trust states: • Configuring the Trust State on Ports within the QoS Domain, page 24-11 • Configuring the CoS Value for an Interface, page 24-13 Catalyst 2950 Desktop Switch Software Configuration Guide 24-10 78-11380-04...
Page 473
Figure 24-3 shows a sample network topology. Figure 24-3 Port Trusted States within the QoS Domain Catalyst 3550-12T switch Trusted interface Catalyst 2950 Trunk wiring closet Classification of traffic performed here Catalyst 2950 Desktop Switch Software Configuration Guide 24-11 78-11380-04...
Page 474
By default, the port is not trusted. Use the cos keyword setting if your network is composed of Ethernet LANs or Catalyst 2950 switches and has no more than two types of traffic. Use the dscp keyword if your network is not composed of only Ethernet LANs and if you are familiar with sophisticated QoS features and implementations.
Configuring a QoS policy typically requires classifying traffic into classes, configuring policies applied to those traffic classes, and attaching policies to interfaces. For background information, see the “Classification” section on page 24-4 and the “Policing and Marking” section on page 24-6. Catalyst 2950 Desktop Switch Software Configuration Guide 24-13 78-11380-04...
Any host with a source address that does not match the ACL statements is rejected. Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 Catalyst 2950 Desktop Switch Software Configuration Guide 24-14 78-11380-04...
Page 477
Step 4 show access-lists Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To delete an ACL, use the no access-list access-list-number global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 24-15 78-11380-04...
Page 478
This example shows how to create a Layer 2 MAC ACL with a permit statement. The statement allows traffic from the host with MAC address 0001.0000.0001 to the host with MAC address 0002.0000.0001. Switch(config)# mac access-list extended maclist1 Switch(config-ext-macl)# permit host 0001.0000.0001 host 0002.0000.0001 Catalyst 2950 Desktop Switch Software Configuration Guide 24-16 78-11380-04...
Page 479
Only one match criterion per class map is supported, and only one ACL per class map is supported. For access-group acl-index | name acl-name, specify the number or name of the ACL created in Step 3. Step 5 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 24-17 78-11380-04...
A policy map can contain multiple class statements, each with different match criteria and policers. • A separate policy-map class can exist for each type of traffic received through an interface. • You can attach only one policy map per interface in the input direction. Catalyst 2950 Desktop Switch Software Configuration Guide 24-18 78-11380-04...
Page 481
In a policy map, the class named class-default is not supported. Note The switch does not filter traffic based on the policy map defined by the class class-default policy-map configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 24-19 78-11380-04...
Page 482
DSCP value in the incoming packet is trusted. If the matched traffic exceeds an average traffic rate of 48000 bps and a normal burst size of 8000 bytes, its DSCP is marked down to a value of 10 and transmitted. Catalyst 2950 Desktop Switch Software Configuration Guide 24-20 78-11380-04...
You use the CoS-to-DSCP map to map CoS values in incoming packets to a DSCP value that QoS uses internally to represent the priority of the traffic. Table 24-3 shows the default CoS-to-DSCP map. Catalyst 2950 Desktop Switch Software Configuration Guide 24-21 78-11380-04...
You use the DSCP-to-CoS map to map DSCP values in incoming packets to a CoS value, which is used to select one of the four egress queues. The Catalyst 2950 switches support these DSCP values: 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and Table 24-4 shows the default DSCP-to-CoS map.
This feature is supported by both the enhanced and standard software images. This section describes how to configure CoS priorities and weighted round-robin (WRR): • CLI: Configuring CoS Priority Queues, page 24-24 • Configuring WRR, page 24-24 Catalyst 2950 Desktop Switch Software Configuration Guide 24-23 78-11380-04...
Display the WRR bandwidth allocation for the CoS priority queues. To disable the WRR scheduler and enable the strict priority scheduler, use the no wrr-queue bandwidth global configuration command. Catalyst 2950 Desktop Switch Software Configuration Guide 24-24 78-11380-04...
Figure 24-4. It contains this information: QoS Configuration for the Common Wiring Closet, page 24-26 • QoS Configuration for the Intelligent Wiring Closet, page 24-27 • Catalyst 2950 Desktop Switch Software Configuration Guide 24-25 78-11380-04...
XL switches, you can override this priority with the default value by using the switchport priority default override interface configuration command. For Catalyst 2950 and Catalyst 2900 XL switches and other 3500 XL models that do not have the override feature, the Catalyst 3550-12T switch at the distribution layer can override the 802.1P CoS value by using the mls qos cos override interface...
The intelligent wiring closet in Figure 24-4 is composed of Catalyst 2950 switches. One of the switches is connected to a video server, which has an IP address of 172.20.10.16. The object of this example is to prioritize the video traffic over all other traffic. To do so, a DSCP of 46 is assigned to the video traffic.
Page 490
Step 19 show class-map videoclass Verify your entries. show policy-map videopolicy show mls qos maps [cos-dscp | dscp-cos] Step 20 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 24-28 78-11380-04...
Note The network device to which your switch is connected can impose its own limits on the number of interfaces in the EtherChannel. For Catalyst 2950 switches, the number of EtherChannels is limited to six with eight ports per EtherChannel.
EtherChannel by using the channel-group interface configuration command as shown in Figure 25-2. Each EtherChannel has a logical port-channel interface numbered from 1 to 6. Catalyst 2950 Desktop Switch Software Configuration Guide 25-2 78-11380-04...
Switch interfaces exchange PAgP packets only with partner interfaces configured in the auto or desirable modes; interfaces configured in the on mode do not exchange PAgP packets. Catalyst 2950 Desktop Switch Software Configuration Guide 25-3 78-11380-04...
Network devices are classified as PAgP physical learners or aggregate-port learners. A device is a physical learner if it learns addresses by physical ports and directs transmissions based on that learning. A device is an aggregate-port learner if it learns addresses by aggregate (logical) ports. Catalyst 2950 Desktop Switch Software Configuration Guide 25-4 78-11380-04...
EtherChannel. With aggregate-port learning, it is not important on which physical port the packet arrives. The Catalyst 2950 switch uses source-MAC address distribution for a channel if it is connected to a physical learner even if the user configures destination-MAC address distribution.
128 on all interfaces. (Changing this value on Catalyst 2950 switches has no effect.) Load balancing Load distribution on the switch is based on the source-MAC address of the incoming packet. Catalyst 2950 Desktop Switch Software Configuration Guide 25-6 78-11380-04...
You configure Layer 2 EtherChannels by configuring the Ethernet interfaces with the channel-group interface configuration command, which creates the port-channel logical interface. Note Layer 2 interfaces must be connected and functioning for IOS to create port-channel interfaces. Catalyst 2950 Desktop Switch Software Configuration Guide 25-7 78-11380-04...
Page 498
“PAgP Modes” section on page 25-3. Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2950 Desktop Switch Software Configuration Guide 25-8 78-11380-04...
If the channel-group interface configuration command is set to on, set the load-distribution method based on the source-MAC address by using the port-channel load-balance src-mac global configuration command. Step 3 Return to privileged EXEC mode. Catalyst 2950 Desktop Switch Software Configuration Guide 25-9 78-11380-04...
MAC address, regardless of the configured load distribution method. If the link partner to the Catalyst 2950 switch is a physical learner that has the channel-group interface configuration command set to on, set the load-distribution method based on the source MAC address by using the port-channel load-balance src-mac global configuration command.
Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 2950 Desktop Switch Command Reference for this release and the Cisco IOS Command Summary for Release 12.1. This chapter consists of these sections: Avoiding Configuration Conflicts, page 26-1 •...
GBIC Security and Identification Cisco-approved GBIC modules have a serial EEPROM that contains the module serial number, the vendor name and ID, a unique security code, and a cyclic redundancy check (CRC). When a GBIC module is inserted in the switch, the switch software reads the EEPROM to check the serial number, vendor name, and vendor ID, and recomputes the security code and CRC.
Chapter 26 Troubleshooting Troubleshooting CMS Sessions If you are using a non-Cisco approved GBIC module, remove the GBIC module from the switch, and Note replace with a Cisco-approved module. After inserting a Cisco-approved GBIC, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state.
Member switches connected to the command switch through a secure port can lose connectivity if • the port is disabled due to a security violation. Secure ports are described in the “Configuring Port Security” section on page 17-3. Catalyst 2950 Desktop Switch Software Configuration Guide 26-5 78-11380-04...
“Creating a Cluster Standby Group” section on page 6-25. For a list of command-capable Catalyst switches, refer to the Release Notes for the Catalyst 2950 Switch on Cisco.com. If you have not configured a standby command switch, and your command switch loses power or fails in some other way, management contact with the member switches is lost, and a new command switch must be installed.
Page 507
Start your browser, and enter the IP address of the new command switch. Step 17 Step 18 From the Cluster menu, select Add to Cluster to display a list of candidate switches to add to the cluster. Catalyst 2950 Desktop Switch Software Configuration Guide 26-7 78-11380-04...
When prompted for the enable secret and enable passwords, enter the passwords of the failed command switch again. Step 9 When prompted, enable the switch as the cluster command switch, and press Return. Catalyst 2950 Desktop Switch Software Configuration Guide 26-8 78-11380-04...
The system has been interrupted prior to initializing the flash file system. These commands will initialize the flash file system, and finish loading the operating system software: flash_init load_helper boot Initialize the Flash file system: Step 5 switch: flash_init Catalyst 2950 Desktop Switch Software Configuration Guide 26-9 78-11380-04...
Page 510
The configuration file is now reloaded, and you can use the following normal commands to change the password. Step 14 Enter global configuration mode: switch# config terminal Step 15 Change the password: switch(config)# enable secret <password> switch(config)# enable password <password> Catalyst 2950 Desktop Switch Software Configuration Guide 26-10 78-11380-04...
This section explains how you use debug commands to diagnose and resolve internetworking problems: Enabling Debugging on a Specific Feature, page 26-12 • Enabling All-System Diagnostics, page 26-12 • Redirecting Debug and Error Message Output, page 26-13 • Catalyst 2950 Desktop Switch Software Configuration Guide 26-11 78-11380-04...
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Logging messages to a syslog server produces even less, and logging to an internal buffer produces the least overhead of any method. Catalyst 2950 Desktop Switch Software Configuration Guide 26-13 78-11380-04...
/pub/mibs/v1 and the /pub/mibs/v2. ftp> Step 5 Use the get MIB_filename command to obtain a copy of the MIB file. You can also access information about MIBs on the Cisco web site: Note http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Catalyst 2950 Desktop Switch Software Configuration Guide...
802.3Z flow control 9-14 23-2 Layer 3 parameters 23-9 Layer 4 parameters 23-9 ACLs abbreviating commands ACEs 23-2 AC (command switch) 6-14, 6-25 applying to an interface access-class command 23-15 23-15 Catalyst 2950 Desktop Switch Software Configuration Guide IN-1 78-11380-04...
Page 518
STP 10-9, 10-18 secure addresses MAC address table 7-58 7-54 address maximum count, secure 17-4 for MSTP 11-21 resolution for STP 7-59 10-19 security violations allowed-VLAN list 17-4 13-23 Catalyst 2950 Desktop Switch Software Configuration Guide IN-2 78-11380-04...
Page 519
See also CDP support for automatic recovery, clusters 6-14 broadcast storm control See also HSRP disabling 17-2 autonegotiation enabling 17-1 connecting to devices without 9-12 broadcast traffic and protected ports 17-3 mismatches 26-2 Catalyst 2950 Desktop Switch Software Configuration Guide IN-3 78-11380-04...
Page 520
VTP 14-3 change notification, CMS 3-31 clock Cisco Access Analog Trunk Gateway 1-13 See system clock Cisco CallManager software 1-12, 1-13 Cluster Management Suite Cisco Discovery Protocol See CMS See CDP Catalyst 2950 Desktop Switch Software Configuration Guide IN-4 78-11380-04...
Page 532
6-18, 6-23 port-channel in CMS 3-29 See EtherChannel overview Port Fast recovery of 26-9 described 12-2 setting enabling 12-14 enable mode, spanning tree 13-33 enable secret support for Telnet Catalyst 2950 Desktop Switch Software Configuration Guide IN-16 78-11380-04...
Page 533
6-28 security overview 7-2, 7-7 described setting a command with 17-3 disabling 17-5 protected ports 1-2, 17-3 enabling 17-5 speed, setting and checking 9-12 static-access 3-9, 13-5, 13-13 Catalyst 2950 Desktop Switch Software Configuration Guide IN-17 78-11380-04...
Page 534
24-18 displaying 24-25 displaying 24-25 configuration examples queueing, defined 24-4 common wiring closet 24-26 scheduling intelligent wiring closet 24-27 defined 24-4 configuration guidelines 24-10 support for trust states 24-6 understanding 24-2 Catalyst 2950 Desktop Switch Software Configuration Guide IN-18 78-11380-04...
Page 539
7-47 switch ports, configuring manual configuration 25-1 7-47 switch priority See also DNS MSTP 11-19 system prompt default setting 10-17 7-47 switch-to-client frame retransmission number manual configuration 8-13 7-48 Catalyst 2950 Desktop Switch Software Configuration Guide IN-23 78-11380-04...
Page 540
26-1 See NTP and system clock CWDM GBIC security and identification 26-2 timestamps in log messages 21-7 detecting time zones 7-44 unidirectional links 18-1 with CiscoWorks 22-3 with debug commands 26-11 Catalyst 2950 Desktop Switch Software Configuration Guide IN-24 78-11380-04...
Page 541
17-3 13-8 UniDirectional Link Detection protocol VLAN ID, discovering 7-59 See UDLD VLAN management domain 14-2 VLAN Management Policy Server See VMPS Catalyst 2950 Desktop Switch Software Configuration Guide IN-25 78-11380-04...