Page 1 Catalyst 2360 Switch Software Configuration Guide Cisco IOS 12.2(53)EY June 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-19808-01...
Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/web/siteassets/legal/trademark.html.
Page 3: Table Of Contents
Understanding no and default Forms of Commands Understanding CLI Error Messages Using Configuration Logging Using Command History Changing the Command History Buffer Size Recalling Commands Disabling the Command History Feature Using Editing Features Enabling and Disabling Editing Features Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 4 Scheduling a Reload of the Software Image 3-17 Configuring a Scheduled Reload 3-17 Displaying Scheduled Reload Information 3-18 Clustering Switches C H A P T E R Understanding Switch Clusters Cluster Command Switch Characteristics Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 5 Displaying the Time and Date Configuration Configuring the Time Zone 5-10 Configuring Summer Time (Daylight Saving Time) 5-11 Configuring a System Name and Prompt 5-12 Default System Name and Prompt Configuration 5-13 Configuring a System Name 5-13 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 6 Setting the Privilege Level for a Command Changing the Default Privilege Level for Lines Logging into and Exiting a Privilege Level Controlling Switch Access with TACACS+ 7-10 Understanding TACACS+ 7-10 TACACS+ Operation 7-11 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 7 Understanding Secure HTTP Servers and Clients 7-37 Certificate Authority Trustpoints 7-37 CipherSuites 7-38 Configuring Secure HTTP Servers and Clients 7-39 Default SSL Configuration 7-39 SSL Configuration Guidelines 7-39 Configuring a CA Trustpoint 7-39 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 8 Default Ethernet Interface Configuration 8-16 Configuring Interface Speed and Duplex Mode 8-17 Speed and Duplex Configuration Guidelines 8-17 Setting the Interface Speed and Duplex Parameters 8-18 Configuring IEEE 802.3x Flow Control 8-19 Catalyst 2360 Switch Software Configuration Guide viii OL-19808-01...
Page 9 9-16 Configuring an Ethernet Interface as a Trunk Port 9-16 Interaction with Other Features 9-17 Configuring a Trunk Port 9-17 Defining the Allowed VLANs on a Trunk 9-18 Changing the Pruning-Eligible List 9-19 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 10 Understanding Spanning-Tree Features 11-1 STP Overview 11-2 Spanning-Tree Topology and BPDUs 11-3 Bridge ID, Switch Priority, and Extended System ID 11-4 Spanning-Tree Interface States 11-4 Blocking State 11-5 Listening State 11-6 Learning State 11-6 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 11 Operations Within an MST Region 12-3 Operations Between MST Regions 12-4 IEEE 802.1s Terminology 12-5 Hop Count 12-5 Boundary Ports 12-6 IEEE 802.1s Implementation 12-6 Port Role Naming Change 12-7 Interoperation Between Legacy and Standard Switches 12-7 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 12 Understanding Port Fast 13-2 Understanding BPDU Guard 13-2 Understanding BPDU Filtering 13-3 Understanding UplinkFast 13-3 Understanding BackboneFast 13-5 Understanding EtherChannel Guard 13-7 Understanding Root Guard 13-8 Understanding Loop Guard 13-9 Configuring Optional Spanning-Tree Features 13-9 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 13 Configuring the DHCP Server 14-3 Configuring the DHCP Relay Agent 14-3 Specifying the Packet Forwarding Address 14-3 Enabling the Cisco IOS DHCP Server Database 14-4 Configuring IGMP Snooping 15-1 C H A P T E R Understanding IGMP Snooping 15-1...
Page 14 Configuring MLD Snooping Queries 16-10 Disabling MLD Listener Message Suppression 16-11 Displaying MLD Snooping Information 16-11 Configuring CDP 17-1 C H A P T E R Understanding CDP 17-1 Configuring CDP 17-2 Default CDP Configuration 17-2 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 15 C H A P T E R Understanding SPAN 20-1 Local SPAN 20-2 SPAN Concepts and Terminology 20-2 SPAN Sessions 20-2 Monitored Traffic 20-3 Source Ports 20-3 Source VLANs 20-4 VLAN Filtering 20-4 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 16 Limiting Syslog Messages Sent to the History Table and to SNMP 22-10 Enabling the Configuration-Change Logger 22-10 Configuring UNIX Syslog Servers 22-12 Logging Messages to a UNIX Syslog Daemon 22-12 Configuring the UNIX System Logging Facility 22-12 Displaying the Logging Configuration 22-13 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 17 Applying an IPv4 ACL to a Terminal Line 24-12 Applying an IPv4 ACL to a Management VLAN 24-13 IPv4 ACL Configuration Examples 24-14 Numbered ACLs 24-14 Extended ACLs 24-14 Named ACL 24-15 Catalyst 2360 Switch Software Configuration Guide xvii OL-19808-01...
Page 18 26-7 LACP Interaction with Other Features 26-7 EtherChannel On Mode 26-7 Load-Balancing and Forwarding Methods 26-8 Configuring EtherChannels 26-9 Default EtherChannel Configuration 26-10 EtherChannel Configuration Guidelines 26-10 Configuring Layer 2 EtherChannels 26-11 Catalyst 2360 Switch Software Configuration Guide xviii OL-19808-01...
Page 19 Recovering from a Software Failure 28-2 Recovering from a Lost or Forgotten Password 28-3 Procedure with Password Recovery Enabled 28-4 Procedure with Password Recovery Disabled 28-6 Recovering from a Command Switch Failure 28-8 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 20 Understanding Online Diagnostics 29-1 Configuring Online Diagnostics 29-2 Scheduling Online Diagnostics 29-2 Configuring Health-Monitoring Diagnostics 29-3 Running Online Diagnostic Tests 29-5 Starting Online Diagnostic Tests 29-5 Displaying Online Diagnostic Tests and Test Results 29-6 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 21 Configuring the Configuration Archive B-21 Performing a Configuration Replacement or Rollback Operation B-22 Working with Software Images B-23 Image Location on the Switch B-24 File Format of Images on a Server or Cisco.com B-24 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 22 Embedded Event Manager Commands Unsupported Privileged EXEC Commands Unsupported Global Configuration Commands Unsupported Commands in Applet Configuration Mode Fallback Bridging Unsupported Global Configuration Commands IGMP Snooping Commands Unsupported Global Configuration Commands Inline Power Commands Catalyst 2360 Switch Software Configuration Guide xxii OL-19808-01...
Page 23 Unsupported Interface Configuration Commands Unsupported Policy-Map Configuration Command RADIUS Commands Unsupported Global Configuration Commands SNMP Commands Unsupported Global Configuration Commands Spanning Tree Commands Unsupported Global Configuration Command Stacking-Related Commands Unsupported Privileged EXEC Commands Catalyst 2360 Switch Software Configuration Guide xxiii OL-19808-01...
Page 24 Unsupported User EXEC Commands C-10 Unsupported Privileged EXEC Command C-10 Unsupported Global Configuration Command C-10 Unsupported VLAN Configuration Commands C-10 VTP Commands C-10 Unsupported Privileged EXEC Command C-10 N D E X Catalyst 2360 Switch Software Configuration Guide xxiv OL-19808-01...
Page 25 Preface Purpose The Catalyst 2360 ships with a universal image that includes cryptographic and LAN Lite functionality. Enter the show license privileged EXEC command, and see the active image: Switch# show license Index 1 Feature: lanlite Period left: 0 minute...
Page 26: Related Publications
Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. Related Publications These documents provide complete information about the switch and are available from Cisco.com: http://www.cisco.com/en/US/products/ps10920/tsd_products_support_series_home.html Before installing, configuring, or upgrading the switch, see these documents: Note For initial configuration information, see the “Using Express Setup”...
Page 27: Obtaining Documentation And Submitting A Service Request
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 28 Preface Catalyst 2360 Switch Software Configuration Guide xxviii OL-19808-01...
Page 29: Deployment Features
An embedded device manager GUI for configuring and monitoring a single switch through a web • browser. For information about starting the device manager, see the getting started guide. For information about the device manager, see the switch online help. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 30: Performance Features
IGMP leave timer for configuring the network leave latency • Configurable small-frame arrival threshold to prevent storm control when small frames (64 bytes or • less) arrive on an interface at a specified rate (the threshold) Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 31: Management Options
Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external source Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses • Configuration logging to log and to view changes to the switch configuration •...
Page 32: Availability And Redundancy Features
• switch configuration or switch image files (requires the cryptographic software image) The HTTP client in Cisco IOS sends requests to both IPv4 and IPv6 HTTP servers, and the HTTP • server in Cisco IOS services HTTP requests from both IPv4 and IPv6 HTTP clients IPv6 supports stateless autoconfiguration to manage link, subnet, and site addressing changes, such •...
Page 33: Vlan Features
MAC authentication bypass to authorize clients based on the client MAC address • • TACACS+ to manage network security through a TACACS server RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users • through AAA services Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 34: Qos And Cos Features
Chapter 3, “Assigning the Switch IP Address and Default Gateway,” Chapter 14, “Configuring DHCP Features.” Default domain name is not configured. For information, see Chapter 3, “Assigning the Switch IP • Address and Default Gateway.” Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 35 Switch cluster is disabled. For information, see Chapter 4, “Clustering Switches,” and the Getting • Started with Cisco Network Assistant, available on Cisco.com. No passwords are defined. For information, see Chapter 5, “Administering the Switch.” • System name and prompt is Switch. For information, see Chapter 5, “Administering the Switch.”...
Page 36: Where To Go Next
No EtherChannels are configured. For information, see Chapter 26, “Configuring EtherChannels • and Link-State Tracking.” Where to Go Next Chapter 2, “Using the Command-Line Interface” • Chapter 3, “Assigning the Switch IP Address and Default Gateway” • Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 37: Understanding Command Modes
C H A P T E R Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your Catalyst2360 switch. It contains these sections: Understanding Command Modes, page 2-1 •...
Page 38: C H A P T E R 2 Using The Command-Line Interface
While in privileged To exit to privileged Use this mode to configure Switch(vlan)# EXEC mode, enter EXEC mode, enter VLAN parameters for VLANs the vlan database exit. 1 to 1005 in the VLAN command. database. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 39: Understanding The Help System
Obtain a list of commands that begin with a particular character string. For example: Switch# di? dir disable disconnect abbreviated-command-entry<Tab> Complete a partial command name. For example: Switch# sh conf<tab> Switch# show configuration Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 40: Understanding Abbreviated Commands
However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 41: Understanding Cli Error Messages
You can choose to have the notifications sent to the syslog. For more information, see the “Configuration Change Notification and Logging” section of the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4 at this URL: http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080454f...
Page 42: Using Command History
The number of commands that appear is controlled by the setting of the terminal history global configuration command and the history line configuration command. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 43: Disabling The Command History Feature
To re-enable the enhanced editing mode for the current terminal session, enter this command in privileged EXEC mode: Switch# terminal editing To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration mode: Switch(config-line)# editing Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 44: Editing Commands Through Keystrokes
Change the word at the cursor to lowercase. Press Esc U. Capitalize letters from the cursor to the end of the word. Designate a particular keystroke as Press Ctrl-V or Esc Q. an executable command, perhaps as a shortcut. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 45: Editing Command Lines That Wrap
The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than that, use the terminal width privileged EXEC command to set the width of your terminal. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 46: Searching And Filtering Output Of Show And More Commands
Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management • station. The switch must have network connectivity with the Telnet or SSH client, and the switch must have an enable secret password configured. Catalyst 2360 Switch Software Configuration Guide 2-10 OL-19808-01...
Page 47 7-32. The switch supports up to five simultaneous secure SSH sessions. After you connect through the console port, through the Ethernet management port, through a Telnet session or through an SSH session, the user EXEC prompt appears on the management station. Catalyst 2360 Switch Software Configuration Guide 2-11 OL-19808-01...
Page 48 Chapter 2 Using the Command-Line Interface Accessing the CLI Catalyst 2360 Switch Software Configuration Guide 2-12 OL-19808-01...
Page 49: Understanding The Boot Process
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2. This chapter consists of these sections: Understanding the Boot Process, page 3-1 •...
Page 50: Assigning Switch Information
IP address and reads the configuration file. If you are an experienced user familiar with the switch configuration steps, manually configure the switch. Otherwise, use the setup program described previously. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 51: Default Switch Information
DHCP server when the configuration file is not present on the switch. If the configuration file is present and the configuration includes the ip address dhcp interface configuration command on specific routed interfaces, the DHCP client is invoked and requests the IP address information for those interfaces. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 52: Understanding Dhcp-Based Autoconfiguration And Image Update
This helps ensure that each new switch added to a network receives the same image and configuration. There are two types of DHCP image upgrades: DHCP autoconfiguration and DHCP auto-image update. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 53: Dhcp Autoconfiguration
NVRAM unless you enter the write memory or copy running-configuration startup-configuration privileged EXEC command. Note that if the downloaded configuration is saved to the startup configuration, the feature is not triggered during subsequent system restarts. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 54: Configuring Dhcp-Based Autoconfiguration
Example Configuration, page 3-9 • If your DHCP server is a Cisco device, see the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 for additional information about configuring DHCP.
Page 55: Configuring The Dns
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command.
Page 56: Obtaining Configuration Files
DHCP reply. If the hostname is not specified in the DHCP reply, the switch uses the default Switch as its hostname. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 57: Example Configuration
10.0.0.2 10.0.0.2 10.0.0.2 TFTP server name tftpserver or tftpserver or tftpserver or tftpserver or 10.0.0.3 10.0.0.3 10.0.0.3 10.0.0.3 Boot filename (configuration file) switcha-confg switchb-confg switchc-confg switchd-confg (optional) Hostname (optional) switcha switchb switchc switchd Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 58: Manually Assigning Ip Information
Enter global configuration mode. Step 2 interface vlan vlan-id Enter interface configuration mode, and enter the VLAN to which the IP information is assigned. The range is 1 to 4094. Catalyst 2360 Switch Software Configuration Guide 3-10 OL-19808-01...
Page 59: Checking And Saving The Running Configuration
5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0 <output truncated> interface gigabitethernet6/0/1 no switchport ip address 172.20.137.50 255.255.255.0 interface gigabitethernet6/0/2 mvr type source <output truncated> Catalyst 2360 Switch Software Configuration Guide 3-11 OL-19808-01...
Page 60: Modifying The Startup Configuration
EXEC command. For more information about alternative locations from which to copy the configuration file, see Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software Images.” Modifying the Startup Configuration...
Page 61: Default Boot Configuration
Specifying the Filename to Read and Write the System Configuration By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot cycle.
Page 62: Booting Manually
In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory. However, you can specify a specific image to boot up. Catalyst 2360 Switch Software Configuration Guide 3-14 OL-19808-01...
Page 63: Controlling Environment Variables
Cisco IOS configuration file can be stored as an environment variable. You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment variables.
Page 64 BOOT filesystem:/file-url ... boot system {filesystem:/file-url ...|} A semicolon-separated list of executable files Specifies the Cisco IOS image to load during the to try to load and execute when automatically next boot cycle. This command changes the booting. If the BOOT environment variable is setting of the BOOT environment variable.
Page 65: Scheduling A Reload Of The Software Image
Protocol (NTP), the hardware calendar, or manually). The time is relative to the configured time zone on the switch. To schedule reloads across several switches to occur simultaneously, the time on each switch must be synchronized with NTP. Catalyst 2360 Switch Software Configuration Guide 3-17 OL-19808-01...
Page 66: Displaying Scheduled Reload Information
EXEC command. It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). Catalyst 2360 Switch Software Configuration Guide 3-18 OL-19808-01...
Page 67: Chapter 4 Clustering Switches
C H A P T E R Clustering Switches This chapter provides the concepts and procedures to create and manage Catalyst 2360 switch clusters. You can create and manage switch clusters by using the command-line interface (CLI), or SNMP. For complete procedures, see the online help.
Page 68: Understanding Switch Clusters
Member or command switch Catalyst 2360 12.2(46)EY or later Member or command switch Catalyst 3500 XL 12.0(5.1)XU or later Member or command switch Catalyst 2900 XL (8-MB switches) 12.0(5.1)XU or later Member or command switch Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 69: Cluster Command Switch Characteristics
Table 4-1. • It has an IP address. • It has Cisco Discovery Protocol (CDP) Version 2 enabled (the default). • It is not a command or cluster member switch of another cluster. • • It is connected to the standby cluster command switches through the management VLAN and to the cluster member switches through a common VLAN.
Page 70: Planning A Switch Cluster
For complete information about these switches in a switch-cluster environment, see the software configuration guide for that specific switch. This requirement does not apply if you have a Catalyst 2360, Catalyst 2960, Catalyst 2970, Catalyst 3550, Catalyst 3560, Catalyst 3560-E, Catalyst 3750, or Catalyst 3750-E cluster command switch.
Page 71: Discovery Through Cdp Hops
The cluster command switch discovers switches 11, 12, 13, and 14 because they are within three hops from the edge of the cluster. It does not discover switch 15 because it is four hops from the edge of the cluster. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 72: Discovery Through Non-Cdp-Capable And Noncluster-Capable Devices
Device 15 Discovery Through Non-CDP-Capable and Noncluster-Capable Devices If a cluster command switch is connected to a non-CDP-capable third-party hub (such as a non-Cisco hub), it can discover cluster-enabled devices connected to that third-party hub. However, if the cluster command switch is connected to a noncluster-capable Cisco device, it cannot discover a cluster-enabled device connected beyond the noncluster-capable Cisco device.
Page 73: Discovery Through Different Vlans
VLAN 16 in the first column because the cluster command switch has no VLAN connectivity to it. Layer 2 cluster member switches, such as the Catalyst 2360 switch, must be connected to the cluster command switch through their management VLAN. For information about discovery through management VLANs, see the “Discovery Through Different Management VLANs”...
Page 74: Discovery Through Routed Ports
VLAN 4. If the routed port path between the cluster command switch and cluster member switch 7 is lost, connectivity with cluster member switch 7 is maintained because of the redundant path through VLAN 9. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 75: Discovery Of Newly Installed Switches
The other cluster-capable switch and its access port are assigned to management VLAN 16. Figure 4-6 Discovery of Newly Installed Switches Command device VLAN 9 VLAN 16 Device A Device B VLAN 9 VLAN 16 New (out-of-box) New (out-of-box) candidate device candidate device Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 76: Ip Addresses
We recommend that you do not change the member-switch password after it joins a cluster. For more information about passwords, see the “Preventing Unauthorized Access to Your Switch” section on page 7-1. Catalyst 2360 Switch Software Configuration Guide 4-10 OL-19808-01...
Page 77: Snmp Community Strings
Telnet session (through a console or Telnet connection) and to access the cluster member switch CLI. The command mode changes, and the Cisco IOS commands operate as usual. Enter the exit privileged EXEC command on the cluster member switch to return to the command-switch CLI.
Page 78: Catalyst 1900 And Catalyst 2820 Cli Considerations
The Telnet session accesses the member-switch CLI at the same privilege level as on the cluster command switch. The Cisco IOS commands then operate as usual. For instructions on configuring the switch for a Telnet session, see the “Disabling Password Recovery”...
Page 79 For more information about SNMP and community strings, see Chapter 23, “Configuring SNMP.” Figure 4-7 SNMP Management for a Cluster SNMP Manager Command switch Trap 1, Trap 2, Trap 3 Member 1 Member 2 Member 3 Catalyst 2360 Switch Software Configuration Guide 4-13 OL-19808-01...
Page 80 Chapter 4 Clustering Switches Using SNMP to Manage Switch Clusters Catalyst 2360 Switch Software Configuration Guide 4-14 OL-19808-01...
Page 81: Administering The Switch
You can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Configuration Fundamentals Command Reference, Release 12.2.
Page 82: Understanding Network Time Protocol
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 83: Configuring Ntp
Switch F Workstations If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices then synchronize to that device through NTP.
Page 84: Default Ntp Configuration
NTP that provide for accurate timekeeping) with other devices for security purposes: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ntp authenticate Enable the NTP authentication feature, which is disabled by default. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 85: Configuring Ntp Associations
An NTP association can be a peer association (this switch can either synchronize to the other device or allow the other device to synchronize to it), or it can be a server association (meaning that only this switch synchronizes to the other device, and not the other way around). Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 86 This example shows how to configure the switch to synchronize its system clock with the clock of the peer at IP address 172.16.22.44 using NTP Version 2: Switch(config)# ntp server 172.16.22.44 version 2 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 87: Configuring Ntp Access Restrictions
NTP control queries, but does not allow the switch to synchronize itself to a device whose address passes the access list criteria. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 88: Configuring The Source Ip Address For Ntp Packets
You can use two privileged EXEC commands to display NTP information: • show ntp associations [detail] show ntp status • For detailed information about the fields in these displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 89: Configuring Time And Date Manually
The symbol that precedes the show clock display has this meaning: *—Time is not authoritative. • • (blank)—Time is authoritative. • .—Time is authoritative, but NTP is not synchronized. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 90: Configuring The Time Zone
Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and.5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. Catalyst 2360 Switch Software Configuration Guide 5-10 OL-19808-01...
Page 91: Configuring Summer Time (Daylight Saving Time)
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Catalyst 2360 Switch Software Configuration Guide 5-11 OL-19808-01...
Page 92: Configuring A System Name And Prompt
A greater-than symbol [>] is appended. The prompt is updated whenever the system name changes. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
Page 93: Default System Name And Prompt Configuration
Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
Page 94: Default Dns Configuration
Internet naming scheme (DNS). Step 5 Return to privileged EXEC mode. Catalyst 2360 Switch Software Configuration Guide 5-14 OL-19808-01...
Page 95: Displaying The Dns Configuration
If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.
Page 96: Configuring A Message-Of-The-Day Login Banner
This example shows the banner that appears from the previous configuration: Unix> telnet 172.2.5.4 Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Catalyst 2360 Switch Software Configuration Guide 5-16 OL-19808-01...
Page 97: Configuring A Login Banner
The address table lists the destination MAC address, the associated VLAN ID, and port number associated with the address and the type (static or dynamic). For complete syntax and usage information for the commands used in this section, see the command Note reference for this release. Catalyst 2360 Switch Software Configuration Guide 5-17 OL-19808-01...
Page 98: Building The Address Table
VLAN. Default MAC Address Table Configuration Table 5-3 shows the default MAC address table configuration. Table 5-3 Default MAC Address Table Configuration Feature Default Setting Aging time 300 seconds Catalyst 2360 Switch Software Configuration Guide 5-18 OL-19808-01...
Page 99: Changing The Address Aging Time
VLAN (clear mac address-table dynamic vlan vlan-id). To verify that dynamic entries have been removed, use the show mac address-table dynamic privileged EXEC command. Catalyst 2360 Switch Software Configuration Guide 5-19 OL-19808-01...
Page 100: Adding And Removing Static Address Entries
This example shows how to add the static address c2f3.220a.12f4 to the MAC address table. When a packet is received in VLAN 4 with this MAC address as its destination address, the packet is forwarded to the specified port: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 Catalyst 2360 Switch Software Configuration Guide 5-20 OL-19808-01...
Page 101: Configuring Unicast Mac Address Filtering
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable unicast MAC address filtering, use the no mac address-table static mac-addr vlan vlan-id global configuration command. Catalyst 2360 Switch Software Configuration Guide 5-21 OL-19808-01...
Page 102: Displaying Address Table Entries
(represented by the arpa keyword) is enabled on the IP interface. ARP entries added manually to the table do not age and must be manually removed. For CLI procedures, see the Cisco IOS Release 12.2 documentation on Cisco.com. Catalyst 2360 Switch Software Configuration Guide...
Page 103: Chapter 6 Using The Sdm Default Template
IPv4 IGMP groups: 0.25K number of IPv6 multicast groups: 0.25K number of IPv4/MAC qos aces: 0.375k number of IPv4/MAC security aces: 0.375k number of IPv6 policy based routing aces: Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 104 Chapter 6 Using the SDM Default Template Displaying the SDM Templates number of IPv6 qos aces: number of IPv6 security aces: 0.125k Switch# Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 105 Chapter 6 Using the SDM Default Template Displaying the SDM Templates Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 106 Chapter 6 Using the SDM Default Template Displaying the SDM Templates Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 107: Preventing Unauthorized Access To Your Switch
C H A P T E R Configuring Switch-Based Authentication This chapter describes how to configure switch-based authentication on the Catalyst 2360 switch. This chapter consists of these sections: Preventing Unauthorized Access to Your Switch, page 7-1 • • Protecting Access to Privileged EXEC Commands, page 7-2 Controlling Switch Access with TACACS+, page 7-10 •...
Page 108: Protecting Access To Privileged Exec Commands
Password protection restricts access to a network or network device. Privilege levels define what commands users can enter after they have logged into a network device. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.
Page 109: Setting Or Changing A Static Enable Password
We recommend that you use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 110 The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces. By default, no password is defined. (Optional) For encryption-type, only type 5, a Cisco • proprietary encryption algorithm, is available. If you specify an encryption type, you must provide an encrypted password—an encrypted password that you...
Page 111: Disabling Password Recovery
Disable password recovery. This setting is saved in an area of the flash memory that is accessible by the boot loader and the Cisco IOS image, but it is not part of the file system and is not accessible by any user.
Page 112: Setting A Telnet Password For A Terminal Line
If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 113: Configuring Multiple Privilege Levels
Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC and privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
Page 114: Setting The Privilege Level For A Command
This example shows how to set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands: Switch(config)# privilege exec level 14 configure Switch(config)# enable password level 14 SecretPswd14 Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 115: Changing The Default Privilege Level For Lines
Log in to a specified privilege level. For level, the range is 0 to 15. Step 2 disable level Exit to a specified privilege level. For level, the range is 0 to 15. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 116: Controlling Switch Access With Tacacs
(AAA) and can be enabled only through AAA commands. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Security Command Reference, Release 12.2. These sections contain this configuration information: •...
Page 117: Tacacs+ Operation
TACACS+ daemon and define the method lists for TACACS+ authentication. You can optionally define method lists for TACACS+ authorization and accounting. A method list defines the sequence and methods to be used to authenticate, to authorize, or to keep accounts Catalyst 2360 Switch Software Configuration Guide 7-11 OL-19808-01...
Page 118: Default Tacacs+ Configuration
You can group servers to select a subset of the configured server hosts and use them for a particular service. The server group is used with a global server-host list and contains the list of IP addresses of the selected server hosts. Catalyst 2360 Switch Software Configuration Guide 7-12 OL-19808-01...
Page 119: Configuring Tacacs+ Login Authentication
You can designate one or more security protocols to be used for authentication, thus ensuring a backup system for authentication in case the initial method fails. The software uses the first method listed to Catalyst 2360 Switch Software Configuration Guide 7-13...
Page 120 • Step 4 line [console | tty | vty] line-number Enter line configuration mode, and configure the lines to which you want [ending-line-number] to apply the authentication list. Catalyst 2360 Switch Software Configuration Guide 7-14 OL-19808-01...
Page 121: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
Page 122: Starting Tacacs+ Accounting
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable TACACS+ accounting for each Cisco IOS privilege level and for network services:...
Page 123: Controlling Switch Access With Radius
RADIUS is facilitated through AAA and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.
Page 124: Radius Operation
RADIUS authorization, if it is enabled. The additional data included with the ACCEPT or REJECT packets includes these items: Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts • Catalyst 2360 Switch Software Configuration Guide 7-18 OL-19808-01...
Page 125: Configuring Radius
Identifying the RADIUS Server Host Switch-to-RADIUS-server communication involves several components: Hostname or IP address • Authentication destination port • Accounting destination port • Key string • Timeout period • Retransmission value • Catalyst 2360 Switch Software Configuration Guide 7-19 OL-19808-01...
Page 126 “Configuring Settings for All RADIUS Servers” section on page 7-28. You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 7-24. Catalyst 2360 Switch Software Configuration Guide 7-20 OL-19808-01...
Page 127 RADIUS host. Step 3 Return to privileged EXEC mode. Step 4 show running-config Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 7-21 OL-19808-01...
Page 128: Configuring Radius Login Authentication
Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Catalyst 2360 Switch Software Configuration Guide 7-22 OL-19808-01...
Page 129 For list-name, specify the list created with the aaa authentication • login command. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 7-23 OL-19808-01...
Page 130: Defining Aaa Server Groups
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
Page 131 Repeat this step for each RADIUS server in the AAA server group. Each server in the group must be previously defined in Step 2. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Catalyst 2360 Switch Software Configuration Guide 7-25 OL-19808-01...
Page 132: Configuring Radius Authorization For User Privileged Access And Network Services
EXEC access and network services: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa authorization network radius Configure the switch for user RADIUS authorization for all network-related service requests. Catalyst 2360 Switch Software Configuration Guide 7-26 OL-19808-01...
Page 133: Starting Radius Accounting
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
Page 134: Configuring Settings For All Radius Servers
1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes.
Page 135: Configuring The Switch For Vendor-Proprietary Radius Server Communication
Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the switch and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.
Page 136: Displaying The Radius Configuration
This example shows how to specify a vendor-proprietary RADIUS host and to use a secret key of rad124 between the switch and the server: Switch(config)# radius-server host 172.20.30.15 nonstandard Switch(config)# radius-server key rad124 Displaying the RADIUS Configuration To display the RADIUS configuration, use the show running-config privileged EXEC command. Catalyst 2360 Switch Software Configuration Guide 7-30 OL-19808-01...
Page 137: Configuring The Switch For Local Authentication And Authorization
(Optional) Save your entries in the configuration file. To disable AAA, use the no aaa new-model global configuration command. To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. Catalyst 2360 Switch Software Configuration Guide 7-31 OL-19808-01...
Page 138: Configuring The Switch For Secure Shell
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
Page 139: Ssh Servers, Integrated Clients, And Supported Versions
You can use an SSH client to connect to a switch running the SSH server. The SSH server works with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH server supported in this release and with non-Cisco SSH servers.
Page 140: Configuration Guidelines
Setting Up the Switch to Run SSH Follow these steps to set up your switch to run SSH: Download the cryptographic software image from Cisco.com. This step is required. For more information, see the release notes for this release. Configure a hostname and IP domain name for the switch. Follow this procedure only if you are configuring the switch as an SSH server.
Page 141: Configuring The Ssh Server
For line_number and ending_line_number, specify a pair of lines. The range is 0 to 15. Specify that the switch prevent non-SSH Telnet connections. This • limits the router to only SSH connections. Step 5 Return to privileged EXEC mode. Catalyst 2360 Switch Software Configuration Guide 7-35 OL-19808-01...
Page 142: Displaying The Ssh Configuration And Status
Displaying Secure HTTP Server and Client Status, page 7-43 For configuration examples and complete syntax and usage information for the commands used in this section, see the “HTTPS - HTTP Server and Client with SSL 3.0” feature description for Cisco IOS Release 12.2(15)T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008015a4c6.
Page 143: Understanding Secure Http Servers And Clients
(pages) back to the HTTP secure server, which, in turn, responds to the original request. The primary role of the HTTP secure client (the web browser) is to respond to Cisco IOS application requests for HTTPS User Agent services, perform HTTPS User Agent services for the application, and pass the response back to the application.
Page 144: Ciphersuites
For additional information on Certificate Authorities, see the “Configuring Certification Authority Interoperability” chapter in the Cisco IOS Security Configuration Guide, Release 12.2. CipherSuites A CipherSuite specifies the encryption algorithm and the digest algorithm to use on a SSL connection.
Page 145: Configuring Secure Http Servers And Clients
Specify the IP domain name of the switch (required only if you have not previously configured an IP domain name). The domain name is required for security keys and certificates. Catalyst 2360 Switch Software Configuration Guide 7-39 OL-19808-01...
Page 146: Configuring The Secure Http Server
HTTP server feature is supported in the software. You should see one of these lines in the output: HTTP secure server capability: Present HTTP secure server capability: Not present Step 2 configure terminal Enter global configuration mode. Catalyst 2360 Switch Software Configuration Guide 7-40 OL-19808-01...
Page 147 Use the no ip http secure-client-auth global configuration command to remove the requirement for client authentication. Catalyst 2360 Switch Software Configuration Guide 7-41 OL-19808-01...
Page 148: Configuring The Secure Http Client
(Optional) Save your entries in the configuration file. Use the no ip http client secure-trustpoint name to remove a client trustpoint configuration. Use the no ip http client secure-ciphersuite to remove a previously configured CipherSuite specification for the client. Catalyst 2360 Switch Software Configuration Guide 7-42 OL-19808-01...
Page 149: Displaying Secure Http Server And Client Status
A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System (IFS) to and from a switch by using the copy command. An authorized administrator can also do this from a workstation.
Page 150 Chapter 7 Configuring Switch-Based Authentication Configuring the Switch for Secure Copy Protocol Catalyst 2360 Switch Software Configuration Guide 7-44 OL-19808-01...
Page 151: Understanding Interface Types
Monitoring and Maintaining the Interfaces, page 8-24 • For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the online Cisco IOS Interface Command Reference, Release 12.2. Understanding Interface Types •...
Page 152: Switch Ports
A trunk port supports simultaneous tagged and untagged traffic. The port is assigned a default port VLAN ID (PVID), and all untagged traffic travels on the port default PVID. All untagged traffic Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 153: Ethernet Management Port
The line state of an SVI with multiple ports on a VLAN is in the up state under these conditions: The VLAN exists and is active in the VLAN database. • The VLAN interface exists and is not administratively down. • Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 154: Etherchannel Port Groups
Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.
Page 155: Connecting Interfaces
RJ-45 console is immediately disabled, and then input from the USB console is enabled. Removing the USB connection immediately reenables input from the RJ-45 console connection. An LED on the switch shows which console connection is in use. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 156: Console Port Change Logs
Switch(config)# line console 0 Switch(config-line)# media-type rj45 This configuration immediately terminates the active USB console. A log shows that this termination has occurred. This sample log shows that the console on switch 1 reverted to RJ-45. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 157: Configuring The Usb Inactivity Timeout
At this point, the only way to reactivate the USB console is to disconnect and reconnect the cable. When the USB cable on the switch has been disconnected and reconnected, a log similar to this appears: *Mar 1 00:48:28.640: %USB_CONSOLE-6-MEDIA_USB: Console media-type is USB. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 158: Usb Type A Port
The USB Type A port provides access to external Cisco USB flash devices, also known as thumb drives or USB keys. The switch supports Cisco 64 MB, 256 MB, 512 MB, and 1 GB flash drives. You can use standard Cisco IOS command- line interface (CLI) commands to read, write, erase, and copy to or from the flash device.
Page 159: Using Interface Configuration Mode
On a switch with 10/100/1000 ports and Cisco TwinGig Converter Modules in the 10-Gigabit Ethernet module slots, the port numbers restart with the 10-Gigabit Ethernet ports: tengigabitethernet0/1.
Page 160: Procedures For Configuring Interfaces
Configuring Interface Characteristics Using Interface Configuration Mode On a switch with 10/100/1000 ports and Cisco dual SFP X2 converter modules in the 10-Gigabit Ethernet module slots, the SFP module ports are numbered consecutively following the 10/100/1000 ports. For example, if the switch has 48 10/100/1000 ports, the SFP module ports are gigabitethernet0/48 through tengigabitethernet0/4.
Page 161: Configuring A Range Of Interfaces
- port-channel-number, where the port-channel-number is 1 to 48 When you use the interface range command with port channels, the first and last Note port-channel number must be active port channels. Catalyst 2360 Switch Software Configuration Guide 8-11 OL-19808-01...
Page 162: Configuring And Using Interface Range Macros
Select the interface range to be configured with the values saved in the interface-range macro called macro_name. You can now use the normal configuration commands to apply the configuration to all interfaces in the defined macro. Catalyst 2360 Switch Software Configuration Guide 8-12 OL-19808-01...
Page 163 Switch(config)# define interface-range macro1 gigabitethernet0/1 - 2, gigabitethernet1/0/5 - 7, tengigabitethernet0/1 -2 Switch(config)# end This example shows how to enter interface-range configuration mode for the interface-range macro enet_list: Switch# configure terminal Switch(config)# interface range macro enet_list Switch(config-if-range)# Catalyst 2360 Switch Software Configuration Guide 8-13 OL-19808-01...
Page 164: Using The Ethernet Management Port
Supported Features on the Ethernet Management Port Express Setup • Network Assistant • Telnet with passwords • TFTP • Secure Shell (SSH) • Catalyst 2360 Switch Software Configuration Guide 8-14 OL-19808-01...
Page 165: Configuring The Ethernet Management Port
Enables ARP to associate a MAC address with the specified IP address when this command is entered with the ip_address parameter. mgmt_clr Clears the statistics for the Ethernet management port. mgmt_init Starts the Ethernet management port. Catalyst 2360 Switch Software Configuration Guide 8-15 OL-19808-01...
Page 166: Configuring Ethernet Interfaces
Loads and boots an executable image from the TFTP server and enters the command-line interface. For more details, see the command reference for this release. copy tftp:/source-file-url Copies a Cisco IOS image from the TFTP server to the specified filesystem:/destination-file- location. For more details, see the command reference for this release.
Page 167: Configuring Interface Speed And Duplex Mode
When STP is enabled and a port is reconfigured, the switch can take up to 30 seconds to check for • loops. The port LED is amber while STP reconfigures. Changing the interface speed and duplex mode configuration might shut down and re-enable the Caution interface during the reconfiguration. Catalyst 2360 Switch Software Configuration Guide 8-17 OL-19808-01...
Page 168: Setting The Interface Speed And Duplex Parameters
This example shows how to set the interface speed to 100 Mb/s and the duplex mode to half on a 10/100/1000 Mb/s port: Switch# configure terminal Switch(config)# interface gigabitethernet0/3 Switch(config-if)# speed 10 Switch(config-if)# duplex half Catalyst 2360 Switch Software Configuration Guide 8-18 OL-19808-01...
Page 169: Configuring Ieee 802.3X Flow Control
To disable flow control, use the flowcontrol receive off interface configuration command. This example shows how to turn on flow control on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# flowcontrol receive on Catalyst 2360 Switch Software Configuration Guide 8-19 OL-19808-01...
Page 170: Configuring Auto-Mdix On An Interface
(Optional) Save your entries in the configuration file. To disable auto-MDIX, use the no mdix auto interface configuration command. This example shows how to enable auto-MDIX on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# speed auto Catalyst 2360 Switch Software Configuration Guide 8-20 OL-19808-01...
Page 171: Adding A Description For An Interface
At least one port in the VLAN should be up and not excluded to keep the SVI state up. You can use this command to exclude the monitoring port status when determining the status of the SVI. Catalyst 2360 Switch Software Configuration Guide 8-21...
Page 172: Configuring The System Mtu
NVRAM and becomes effective when the switch reloads. • The MTU settings you enter with the system mtu jumbo command are not saved in the switch Cisco IOS configuration file, even if you enter the copy running-config startup-config privileged EXEC command.
Page 173: Configuring Small-Frame Arrival Rate
Beginning in privileged EXEC mode, follow these steps to configure the threshold level for each interface: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 errdisable detect cause small-frame Enable the small-frame rate-arrival feature on the switch. Catalyst 2360 Switch Software Configuration Guide 8-23 OL-19808-01...
Page 174: Monitoring And Maintaining The Interfaces
(You can display the full list of show commands by using the show ? command at the privileged EXEC prompt.) These commands are fully described in the Cisco IOS Interface Command Reference, Release 12.2. Catalyst 2360 Switch Software Configuration Guide...
Page 175: Clearing And Resetting Interfaces And Counters
EXEC command. The clear counters command clears all current interface counters from the interface unless you specify optional arguments that clear only a specific interface type from a specific interface number. Catalyst 2360 Switch Software Configuration Guide 8-25 OL-19808-01...
Page 176: Shutting Down And Restarting The Interface
Use the no shutdown interface configuration command to restart the interface. To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface is shown as administratively down in the display. Catalyst 2360 Switch Software Configuration Guide 8-26 OL-19808-01...
Page 177: Chapter 9 Configuring Vlans
Before you create VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain Note global VLAN configuration for your network. For more information on VTP, see Chapter 10, “Configuring VTP.” Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 178: Supported Vlans
VLAN Configuration Guidelines” section on page 9-5 for more information about the number of spanning-tree instances and the number of VLANs. The switch supports the IEEE 802.1Q trunking method for sending VLAN traffic over Ethernet ports. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 179: Vlan Port Membership Modes
Configurations for VLAN IDs 1 to 1005 are written to the file vlan.dat (VLAN database), and you can display them by entering the show vlan privileged EXEC command. The vlan.dat file is stored in flash memory. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 180 Saving VLAN Configuration, page 9-6 • Default Ethernet VLAN Configuration, page 9-7 • Creating or Modifying an Ethernet VLAN, page 9-8 • Deleting a VLAN, page 9-9 • Assigning Static-Access Ports to a VLAN, page 9-10 • Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 181: Token Ring Vlans
IEEE 802.1s Multiple STP (MSTP) on your switch to map multiple VLANs to a single spanning-tree instance. For more information about MSTP, see Chapter 12, “Configuring MSTP.” Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 182: Vlan Configuration Mode Options
VTP mode is transparent, they are also saved in the switch running configuration file. You can enter the copy running-config startup-config privileged EXEC command to save the configuration in the startup configuration file. To display the VLAN configuration, enter the show vlan privileged EXEC command. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 183: Default Ethernet Vlan Configuration
1 to 4294967294 VLAN ID) MTU size 1500 1500 to 18190 Translational bridge 1 0 to 1005 Translational bridge 2 0 to 1005 VLAN state active active, suspend Remote SPAN disabled enabled, disabled Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 184: Creating Or Modifying An Ethernet Vlan
This example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 185: Deleting A Vlan
VTP transparent mode, the VLAN is deleted only on that specific switch. You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005. Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 186: Assigning Static-Access Ports To A Vlan
Assign the port to a VLAN. Valid VLAN IDs are 1 to 4094. Step 5 Return to privileged EXEC mode. Step 6 show running-config interface interface-id Verify the VLAN membership mode of the interface. Catalyst 2360 Switch Software Configuration Guide 9-10 OL-19808-01...
Page 187: Configuring Extended-Range Vlans
Ethernet VLANs. You can change only the MTU size and the remote SPAN configuration state on extended-range VLANs; all other characteristics must remain at the default state. Catalyst 2360 Switch Software Configuration Guide 9-11 OL-19808-01...
Page 188: Extended-Range Vlan Configuration Guidelines
EXEC command. Before you create an extended-range VLAN, you can verify that the VLAN ID is not used internally by Note entering the show vlan internal usage privileged EXEC command. Catalyst 2360 Switch Software Configuration Guide 9-12 OL-19808-01...
Page 189 This example shows how to create a new extended-range VLAN with all default characteristics, enter config-vlan mode, and save the new VLAN in the switch startup configuration file: Switch(config)# vtp mode transparent Switch(config)# vlan 2000 Switch(config-vlan)# end Switch# copy running-config startup config Catalyst 2360 Switch Software Configuration Guide 9-13 OL-19808-01...
Page 190: Displaying Vlans
Ethernet trunk interfaces support different trunking modes (see Table 9-4). You can set an interface as trunking or nontrunking or to negotiate trunking with the neighboring interface. To autonegotiate trunking, the interfaces must be in the same VTP domain. Catalyst 2360 Switch Software Configuration Guide 9-14 OL-19808-01...
Page 191: Ieee 802.1Q Configuration Considerations
VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch.
Page 192: Default Layer 2 Ethernet Interface Vlan Configuration
If the neighboring interface supports trunking and is configured to allow trunking, the link is a Layer 2 trunk or, if the interface is in Layer 3 mode, it becomes a Layer 2 trunk when you enter the switchport interface configuration command. The Catalyst 2360 switch supports only IEEE 802.1q trunking.
Page 193: Interaction With Other Features
Administrative Mode and the Administrative Trunking Encapsulation fields of the display. Step 8 show interfaces interface-id trunk Display the trunk configuration of the interface. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 9-17 OL-19808-01...
Page 194: Defining The Allowed Vlans On A Trunk
VLANs from the allowed list. VLAN 1 is the default VLAN on all trunk ports in all Cisco switches, and it has previously been a Note requirement that VLAN 1 always be enabled on every trunk link. You can use the VLAN 1 minimization feature to disable VLAN 1 on any individual VLAN trunk link so that no user traffic (including spanning-tree advertisements) is sent or received on VLAN 1.
Page 195: Changing The Pruning-Eligible List
Extended-range VLANs (VLAN IDs 1006 to 4094) cannot be pruned. VLANs that are pruning-ineligible receive flooded traffic. The default list of VLANs allowed to be pruned contains VLANs 2 to 1001. Step 4 Return to privileged EXEC mode. Catalyst 2360 Switch Software Configuration Guide 9-19 OL-19808-01...
Page 196: Configuring The Native Vlan For Untagged Traffic
Load sharing divides the bandwidth supplied by parallel trunks connecting switches. To avoid loops, STP normally blocks all but one parallel link between switches. Using load sharing, you divide the traffic between the links according to which VLAN the traffic belongs. Catalyst 2360 Switch Software Configuration Guide 9-20 OL-19808-01...
Page 197: Load Sharing Using Stp Port Priorities
Return to privileged EXEC mode. Step 5 show vtp status Verify the VTP configuration on both Switch A and Switch B. In the display, check the VTP Operating Mode and the VTP Domain Name fields. Catalyst 2360 Switch Software Configuration Guide 9-21 OL-19808-01...
Page 198: Load Sharing Using Stp Path Cost
Define the interface to be configured as a trunk, and enter interface configuration mode. Step 9 switchport mode trunk Configure the port as a trunk port. The Catalyst 2360 switch supports only IEEE 802.1q Note trunking. Step 10 Return to privileged EXEC mode.
Page 199 Verify your entries. In the display, verify that the path costs are set correctly for both trunk interfaces. Step 16 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 9-23 OL-19808-01...
Page 200 Chapter 9 Configuring VLANs Configuring VLAN Trunks Catalyst 2360 Switch Software Configuration Guide 9-24 OL-19808-01...
Page 201: Chapter 10 Configuring Vtp
Configuring VTP This chapter describes how to use the VLAN Trunking Protocol (VTP) and the VLAN database for managing VLANs with the Catalyst 2360 switch. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release.
Page 202: The Vtp Domain
For domain name and password configuration guidelines, see the “VTP Configuration Guidelines” section on page 10-8. Catalyst 2360 Switch Software Configuration Guide 10-2 OL-19808-01...
Page 203: Vtp Modes
Otherwise, the switch cannot receive any VTP advertisements. For more information on trunk ports, see “Configuring VLAN Trunks” section on page 9-14. VTP advertisements distribute this global domain information: VTP domain name • VTP configuration revision number • Update identity and update timestamp • Catalyst 2360 Switch Software Configuration Guide 10-3 OL-19808-01...
Page 204: Vtp Version 2
Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported with VTP Version 1 and Version 2. Catalyst 2360 Switch Software Configuration Guide 10-4 OL-19808-01...
Page 205 Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). Catalyst 2360 Switch Software Configuration Guide 10-5 OL-19808-01...
Page 206: Default Vtp Configuration
VTP configuration. Table 10-2 Default VTP Configuration Feature Default Setting VTP domain name Null. VTP mode Server. VTP version Version 1 (Version 2 is disabled). VTP password None. VTP pruning Disabled. Catalyst 2360 Switch Software Configuration Guide 10-6 OL-19808-01...
Page 207: Vtp Configuration Options
If VTP mode is transparent, the domain name and the mode (transparent) are saved in the switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. Catalyst 2360 Switch Software Configuration Guide 10-7 OL-19808-01...
Page 208: Vtp Configuration Guidelines
A VTP Version 2-capable switch can operate in the same VTP domain as a switch running VTP • Version 1 if Version 2 is disabled on the Version 2-capable switch (Version 2 is disabled by default). Catalyst 2360 Switch Software Configuration Guide 10-8 OL-19808-01...
Page 209: Configuration Requirements
Step 5 Return to privileged EXEC mode. Step 6 show vtp status Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. Catalyst 2360 Switch Software Configuration Guide 10-9 OL-19808-01...
Page 210 This example shows how to use VLAN database configuration mode to configure the switch as a VTP server with the domain name eng_group and the password mypassword: Switch# vlan database Switch(vlan)# vtp server Switch(vlan)# vtp domain eng_group Switch(vlan)# vtp password mypassword Switch(vlan)# exit APPLY completed. Exiting..Switch# Catalyst 2360 Switch Software Configuration Guide 10-10 OL-19808-01...
Page 211: Configuring A Vtp Client
VLAN database configuration command to return the switch to a no-password state. When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. Catalyst 2360 Switch Software Configuration Guide 10-11 OL-19808-01...
Page 212: Disabling Vtp (Vtp Transparent Mode)
VLAN database configuration command to return the switch to VTP server mode. If extended-range VLANs are configured on the switch, you cannot change VTP mode to server. You receive an error message, and the configuration is not allowed. Catalyst 2360 Switch Software Configuration Guide 10-12 OL-19808-01...
Page 213: Enabling Vtp Version 2
You can also enable VTP Version 2 by using the vlan database privileged EXEC command to enter Note VLAN database configuration mode and by entering the vtp v2-mode VLAN database configuration command. To disable VTP Version 2, use the no vtp v2-mode VLAN database configuration command. Catalyst 2360 Switch Software Configuration Guide 10-13 OL-19808-01...
Page 214: Enabling Vtp Pruning
If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain. Catalyst 2360 Switch Software Configuration Guide 10-14...
Page 215 You can use the vtp mode transparent global configuration command or the vtp transparent VLAN Note database configuration command to disable VTP on the switch, and then change its VLAN information without affecting the other switches in the VTP domain. Catalyst 2360 Switch Software Configuration Guide 10-15 OL-19808-01...
Page 216: Monitoring Vtp
EXEC commands for monitoring VTP activity. Table 10-3 VTP Monitoring Commands Command Purpose show vtp status Display the VTP switch configuration information. show vtp counters Display counters about VTP messages that have been sent and received. Catalyst 2360 Switch Software Configuration Guide 10-16 OL-19808-01...
Page 217: Configuring Stp
This chapter describes how to configure the Spanning Tree Protocol (STP) on port-based VLANs on the Catalyst 2360 switch. The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard.
Page 218: Understanding Spanning-Tree Features
By default, the switch sends keepalive messages (to ensure the connection is up) only on interfaces that Note do not have small form-factor pluggable (SFP) modules. You can change the default for an interface by entering the [no] keepalive interface configuration command with no keywords. Catalyst 2360 Switch Software Configuration Guide 11-2 OL-19808-01...
Page 219: Spanning-Tree Topology And Bpdus
LAN is called the designated port. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. Catalyst 2360 Switch Software Configuration Guide 11-3 OL-19808-01...
Page 220: Bridge Id, Switch Priority, And Extended System Id
Forwarding—The interface forwards frames. • Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on • the port, or no spanning-tree instance running on the port. Catalyst 2360 Switch Software Configuration Guide 11-4 OL-19808-01...
Page 221: Blocking State
BPDU is sent to each switch interface. A switch initially functions as the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is the root or root switch. If Catalyst 2360 Switch Software Configuration Guide 11-5...
Page 222: Listening State
An interface in the forwarding state performs these functions: Receives and forwards frames received on the interface • Forwards frames switched from another interface • Learns addresses • Receives BPDUs • Catalyst 2360 Switch Software Configuration Guide 11-6 OL-19808-01...
Page 223: Disabled State
Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port becomes the new root port. Catalyst 2360 Switch Software Configuration Guide 11-7...
Page 224: Spanning Tree And Redundant Connectivity
The accelerated aging is the same as the forward-delay parameter value (spanning-tree vlan vlan-id forward-time seconds global configuration command) when the spanning tree reconfigures. Catalyst 2360 Switch Software Configuration Guide 11-8 OL-19808-01...
Page 225: Spanning-Tree Modes And Protocols
Spanning-Tree Modes and Protocols The switch supports these spanning-tree modes and protocols: PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary • extensions. It is the default spanning-tree mode used on all Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network.
Page 226: Spanning-Tree Interoperability And Backward Compatibility
VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+.
Page 227: Default Spanning-Tree Configuration
PVST+ on only 64 VLANs on the switch. The remaining VLANs operate with spanning tree disabled. However, you can map multiple VLANs to the same spanning-tree instances by using MSTP. For more information, see Chapter 12, “Configuring MSTP.” Catalyst 2360 Switch Software Configuration Guide 11-11 OL-19808-01...
Page 228 “Optional Spanning-Tree Configuration Guidelines” section on page 13-10. Loop guard works only on point-to-point links. We recommend that each end of the link has a directly Caution connected device that is running STP. Catalyst 2360 Switch Software Configuration Guide 11-12 OL-19808-01...
Page 229: Changing The Spanning-Tree Mode
(Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Catalyst 2360 Switch Software Configuration Guide 11-13 OL-19808-01...
Page 230: Disabling Spanning Tree
ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Catalyst 2360 Switch Software Configuration Guide 11-14 OL-19808-01...
Page 231 Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. Catalyst 2360 Switch Software Configuration Guide 11-15 OL-19808-01...
Page 232: Configuring A Secondary Root Switch
(higher numerical values) that you want selected last. If all interfaces have the same priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Catalyst 2360 Switch Software Configuration Guide 11-16 OL-19808-01...
Page 233 To return to the default setting, use the no spanning-tree [vlan vlan-id] port-priority interface configuration command. For information on how to configure load sharing on trunk ports by using spanning-tree port priorities, see the “Configuring Trunk Ports for Load Sharing” section on page 9-20. Catalyst 2360 Switch Software Configuration Guide 11-17 OL-19808-01...
Page 234: Configuring Path Cost
The show spanning-tree interface interface-id privileged EXEC command displays information only for ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. Catalyst 2360 Switch Software Configuration Guide 11-18 OL-19808-01...
Page 235: Configuring The Switch Priority Of A Vlan
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command. Catalyst 2360 Switch Software Configuration Guide 11-19 OL-19808-01...
Page 236: Configuring Spanning-Tree Timers
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. Catalyst 2360 Switch Software Configuration Guide 11-20 OL-19808-01...
Page 237: Configuring The Forwarding-Delay Time For A Vlan
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. Catalyst 2360 Switch Software Configuration Guide 11-21 OL-19808-01...
Page 238: Configuring The Transmit Hold-Count
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Catalyst 2360 Switch Software Configuration Guide 11-22 OL-19808-01...
Page 239: Chapter 12 Configuring Mstp
C H A P T E R Configuring MSTP This chapter describes how to configure the Cisco implementation of the IEEE 802.1s Multiple STP (MSTP) on the Catalyst 2360 switch. The multiple spanning-tree (MST) implementation is based on the IEEE 802.1s standard.
Page 240: Understanding Mstp
65 spanning-tree instances. Instances can be identified by any number in the range from 0 to 4094. You can assign a VLAN to only one spanning-tree instance at a time. Catalyst 2360 Switch Software Configuration Guide 12-2 OL-19808-01...
Page 241: Ist, Cist, And Cst
IST information, they leave their old subregions and join the new subregion that contains the true CIST regional root. Thus all subregions shrink, except for the one that contains the true CIST regional root. Catalyst 2360 Switch Software Configuration Guide 12-3 OL-19808-01...
Page 242: Operations Between Mst Regions
CST instance but affect all MST instances. Parameters related to the spanning-tree topology (for example, switch priority, port VLAN cost, and port VLAN priority) can be configured on both the CST instance and the MST instance. Catalyst 2360 Switch Software Configuration Guide 12-4 OL-19808-01...
Page 243: Ieee 802.1S Terminology
IEEE 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. IEEE 802.1s Terminology Some MST naming conventions used in Cisco’s prestandard implementation have been changed to identify some internal or regional parameters. These parameters are significant only within an MST region, as opposed to external parameters that are relevant to the whole network.
Page 244: Boundary Ports
The primary change from the Cisco prestandard implementation is that a designated port is not defined as boundary, unless it is running in an STP-compatible mode.
Page 245: Port Role Naming Change
The boundary role is no longer in the final MST standard, but this boundary concept is maintained in Cisco’s implementation. However, an MST instance port at a boundary of the region might not follow the state of the corresponding CIST port. Two cases exist now: The boundary port is the root port of the CIST regional root—When the CIST instance port is...
Page 246: Detecting Unidirectional Link Failure
Detecting Unidirectional Link Failure This feature is not yet present in the IEEE MST standard, but it is included in this Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops.
Page 247: Port Roles And The Active Topology
Learning Enabled Forwarding Forwarding Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. Catalyst 2360 Switch Software Configuration Guide 12-9 OL-19808-01...
Page 248: Rapid Convergence
You can override the default setting that is controlled by the duplex setting by using the spanning-tree link-type interface configuration command. Catalyst 2360 Switch Software Configuration Guide 12-10 OL-19808-01...
Page 249: Synchronization Of Port Roles
When the switches connected by a point-to-point link are in agreement about their port roles, the RSTP immediately transitions the port states to forwarding. The sequence of events is shown in Figure 12-5. Catalyst 2360 Switch Software Configuration Guide 12-11 OL-19808-01...
Page 250: Bridge Protocol Data Unit Format And Processing
LAN. The port role in the proposal message is always set to the designated port. The sending switch sets the agreement flag in the RSTP BPDU to accept the previous proposal. The port role in the agreement message is always set to the root port. Catalyst 2360 Switch Software Configuration Guide 12-12 OL-19808-01...
Page 251: Processing Superior Bpdu Information
(excluding the port on which it is received). The switch starts the TC-while timer for all such ports and flushes the information learned on them. Catalyst 2360 Switch Software Configuration Guide 12-13 OL-19808-01...
Page 252: Configuring Mstp Features
Default MSTP Configuration Feature Default Setting Spanning-tree mode PVST+ (Rapid PVST+ and MSTP are disabled). Switch priority (configurable on a per-CIST port basis) 32768. Spanning-tree port priority (configurable on a per-CIST port basis) 128. Catalyst 2360 Switch Software Configuration Guide 12-14 OL-19808-01...
Page 253: Mstp Configuration Guidelines
When you enable MST by using the spanning-tree mode mst global configuration command, RSTP is automatically enabled. For two or more Catalyst 2360 switches to be in the same MST region, they must have the same • VLAN-to-instance map, the same configuration revision number, and the same name.
Page 254: Specifying The Mst Region Configuration And Enabling Mstp
You cannot run both MSTP and PVST+ or both MSTP and rapid PVST+ at the same time. Step 9 Return to privileged EXEC mode. Step 10 show running-config Verify your entries. Step 11 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 12-16 OL-19808-01...
Page 255: Configuring The Root Switch
(that is, the maximum number of switch hops between any two end stations in the Layer 2 network). When you specify the network diameter, the switch automatically sets an optimal hello time, Catalyst 2360 Switch Software Configuration Guide 12-17...
Page 256: Configuring A Secondary Root Switch
You can execute this command on more than one switch to configure multiple backup root switches. Use the same network diameter and hello-time values that you used when you configured the primary root switch with the spanning-tree mst instance-id root primary global configuration command. Catalyst 2360 Switch Software Configuration Guide 12-18 OL-19808-01...
Page 257: Configuring Port Priority
Enter global configuration mode. Step 2 interface interface-id Specify an interface to configure, and enter interface configuration mode. Valid interfaces include physical ports and port-channel logical interfaces. The port-channel range is 1 to 48. Catalyst 2360 Switch Software Configuration Guide 12-19 OL-19808-01...
Page 258: Configuring Path Cost
Enter global configuration mode. Step 2 interface interface-id Specify an interface to configure, and enter interface configuration mode. Valid interfaces include physical ports and port-channel logical interfaces. The port-channel range is 1 to 48. Catalyst 2360 Switch Software Configuration Guide 12-20 OL-19808-01...
Page 259: Configuring The Switch Priority
Exercise care when using this command. For most situations, we recommend that you use the spanning-tree mst instance-id root primary and the spanning-tree mst instance-id root secondary global configuration commands to modify the switch priority. Catalyst 2360 Switch Software Configuration Guide 12-21 OL-19808-01...
Page 260: Configuring The Hello Time
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst hello-time global configuration command. Catalyst 2360 Switch Software Configuration Guide 12-22 OL-19808-01...
Page 261: Configuring The Forwarding-Delay Time
Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst max-age global configuration command. Catalyst 2360 Switch Software Configuration Guide 12-23 OL-19808-01...
Page 262: Configuring The Maximum-Hop Count
Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Catalyst 2360 Switch Software Configuration Guide 12-24 OL-19808-01...
Page 263: Designating The Neighbor Type
To restart the protocol migration process (force the renegotiation with neighboring switches) on the switch, use the clear spanning-tree detected-protocols privileged EXEC command. To restart the protocol migration process on a specific interface, use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. Catalyst 2360 Switch Software Configuration Guide 12-25 OL-19808-01...
Page 264: Displaying The Mst Configuration And Status
Displays MST information for the specified instance. show spanning-tree mst interface interface-id Displays MST information for the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Catalyst 2360 Switch Software Configuration Guide 12-26 OL-19808-01...
Page 265: Understanding Optional Spanning-Tree Features
C H A P T E R Configuring Optional Spanning-Tree Features This chapter describes how to configure optional spanning-tree features on the Catalyst 2360 switch. You can configure all of these features when your switch is running the per-VLAN spanning-tree plus (PVST+).
Page 266: Understanding Port Fast
To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. Catalyst 2360 Switch Software Configuration Guide 13-2 OL-19808-01...
Page 267: Understanding Bpdu Filtering
Switches in hierarchical networks can be grouped into backbone switches, distribution switches, and access switches. Figure 13-2 shows a complex network where distribution switches and access switches each have at least one redundant link that spanning tree blocks to prevent loops. Catalyst 2360 Switch Software Configuration Guide 13-3 OL-19808-01...
Page 268 Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. Catalyst 2360 Switch Software Configuration Guide 13-4...
Page 269: Understanding Backbonefast
(an indirect link) has failed (that is, the designated switch has lost its connection to the root switch). Under spanning-tree rules, the switch ignores inferior BPDUs for the configured maximum aging time specified by the spanning-tree vlan vlan-id max-age global configuration command. Catalyst 2360 Switch Software Configuration Guide 13-5 OL-19808-01...
Page 270 Switch B to Switch A. The root-switch election takes approximately 30 seconds, twice the Forward Delay time if the default Forward Delay time of 15 seconds is set. Figure 13-6 shows how BackboneFast reconfigures the topology to account for the failure of link L1. Catalyst 2360 Switch Software Configuration Guide 13-6 OL-19808-01...
Page 271: Understanding Etherchannel Guard
If the switch detects a misconfiguration on the other device, EtherChannel guard places the switch interfaces in the error-disabled state, and displays an error message. You can enable this feature by using the spanning-tree etherchannel guard misconfig global configuration command. Catalyst 2360 Switch Software Configuration Guide 13-7 OL-19808-01...
Page 272: Understanding Root Guard
Desired root switch Enable the root-guard feature on these interfaces to prevent switches in the customer network from becoming the root switch or being in the path to the root. Catalyst 2360 Switch Software Configuration Guide 13-8 OL-19808-01...
Page 273: Understanding Loop Guard
Port Fast, BPDU filtering, BPDU guard Globally disabled (unless they are individually configured per interface). UplinkFast Globally disabled. BackboneFast Globally disabled. EtherChannel guard Globally enabled. Root guard Disabled on all interfaces. Loop guard Disabled on all interfaces. Catalyst 2360 Switch Software Configuration Guide 13-9 OL-19808-01...
Page 274: Optional Spanning-Tree Configuration Guidelines
By default, Port Fast is disabled on all interfaces. Step 4 Return to privileged EXEC mode. Step 5 show spanning-tree interface interface-id Verify your entries. portfast Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 13-10 OL-19808-01...
Page 275: Enabling Bpdu Guard
Enable the Port Fast feature. Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 13-11 OL-19808-01...
Page 276: Enabling Bpdu Filtering
To disable BPDU filtering, use the no spanning-tree portfast bpdufilter default global configuration command. You can override the setting of the no spanning-tree portfast bpdufilter default global configuration command by using the spanning-tree bpdufilter enable interface configuration command. Catalyst 2360 Switch Software Configuration Guide 13-12 OL-19808-01...
Page 277: Enabling Uplinkfast For Use With Redundant Links
If you use BackboneFast, you must enable it on all switches in the network. BackboneFast is not Note supported on Token Ring VLANs. This feature is supported for use with third-party switches. Catalyst 2360 Switch Software Configuration Guide 13-13 OL-19808-01...
Page 278: Enabling Etherchannel Guard
EXEC command to verify the EtherChannel configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. Catalyst 2360 Switch Software Configuration Guide 13-14 OL-19808-01...
Page 279: Enabling Root Guard
Beginning in privileged EXEC mode, follow these steps to enable loop guard. This procedure is optional. Command Purpose Step 1 show spanning-tree active Verify which interfaces are alternate or root ports. show spanning-tree mst Step 2 configure terminal Enter global configuration mode. Catalyst 2360 Switch Software Configuration Guide 13-15 OL-19808-01...
Page 280: Displaying The Spanning-Tree Status
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Catalyst 2360 Switch Software Configuration Guide 13-16 OL-19808-01...
Page 281: Chapter 14 Configuring Dhcp Features
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release, and see the “DHCP Commands” section in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
Page 282: Dhcp Server
An address binding is a mapping between an IP address and a MAC address of a host in the Cisco IOS DHCP server database. You can manually assign the client IP address, or the DHCP server can allocate an IP address from a DHCP address pool.
Page 283: Configuring The Dhcp Server
2. The switch relays DHCP packets only if the IP address of the DHCP server is configured on the SVI of the DHCP client. Configuring the DHCP Server The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational.
Page 284: Enabling The Cisco Ios Dhcp Server Database
Enabling the Cisco IOS DHCP Server Database For procedures to enable and configure the Cisco IOS DHCP server database, see the “DHCP Configuration Task List” section in the “Configuring DHCP” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Page 285: Chapter 15 Configuring Igmp Snooping
For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the “IP Multicast Routing Commands” section in the Cisco IOS IP Command Reference, Volume 3 of 3:Multicast, Release 12.2.
Page 286: Igmp Versions
BISS constrains the flooding of multicast traffic when your network includes IGMPv3 hosts. It constrains traffic to approximately the same set of ports as the IGMP snooping feature on IGMPv2 or IGMPv1 hosts. Catalyst 2360 Switch Software Configuration Guide 15-2 OL-19808-01...
Page 287: Joining A Multicast Group
The host associated with that interface receives multicast traffic for that multicast group. See Figure 15-1. Figure 15-1 Initial IGMP Join Message Router A IGMP report 224.1.2.3 VLAN Forwarding table Host 1 Host 2 Host 3 Host 4 Catalyst 2360 Switch Software Configuration Guide 15-3 OL-19808-01...
Page 288 Second Host Joining a Multicast Group Router A VLAN Forwarding table Host 1 Host 2 Host 3 Host 4 Table 15-2 Updated IGMP Snooping Forwarding Table Destination Address Type of Packet Ports 224.1.2.3 IGMP 1, 2, 5 Catalyst 2360 Switch Software Configuration Guide 15-4 OL-19808-01...
Page 289: Leaving A Multicast Group
“Configuring the IGMP Leave Timer” section on page 15-10. IGMP Report Suppression IGMP report suppression is supported only when the multicast query has IGMPv1 and IGMPv2 reports. Note This feature is not supported when the query includes IGMPv3 reports. Catalyst 2360 Switch Software Configuration Guide 15-5 OL-19808-01...
Page 290: Default Igmp Snooping Configuration
IGMP snooping Enabled globally and per VLAN Multicast routers None configured Multicast router learning (snooping) method PIM-DVMRP IGMP snooping Immediate Leave Disabled Static groups None configured flood query count TCN query solicitation Disabled Catalyst 2360 Switch Software Configuration Guide 15-6 OL-19808-01...
Page 291: Enabling Or Disabling Igmp Snooping
(Optional) Save your entries in the configuration file. To disable IGMP snooping on a VLAN interface, use the no ip igmp snooping vlan vlan-id global configuration command for the specified VLAN number. Catalyst 2360 Switch Software Configuration Guide 15-7 OL-19808-01...
Page 292: Setting The Snooping Method
• Snooping on IGMP queries, Protocol-Independent Multicast (PIM) packets, and Distance Vector Multicast Routing Protocol (DVMRP) packets Listening to Cisco Group Management Protocol (CGMP) packets from other routers • • Statically connecting to a multicast router port with the ip igmp snooping mrouter global...
Page 293: Configuring A Multicast Router Port
• 1001 and 1006 to 4094. ip-address is the group IP address. • interface-id is the member port. It can be a physical • interface or a port channel (1 to 48). Catalyst 2360 Switch Software Configuration Guide 15-9 OL-19808-01...
Page 294: Enabling Igmp Immediate Leave
You can configure the leave time globally or on a per-VLAN basis. • Configuring the leave time on a VLAN overrides the global setting. • The default leave time is 1000 milliseconds. • Catalyst 2360 Switch Software Configuration Guide 15-10 OL-19808-01...
Page 295: Configuring Tcn-Related Commands
1 general query. If you set the count to 7, the flooding until 7 general queries are received. Groups are relearned based on the general queries received during the TCN event. Catalyst 2360 Switch Software Configuration Guide 15-11 OL-19808-01...
Page 296: Recovering From Flood Mode
If the switch has many ports with attached hosts that are subscribed to different multicast groups, this flooding might exceed the capacity of the link and cause packet loss. You can use the ip igmp snooping tcn flood interface configuration command to control this behavior. Catalyst 2360 Switch Software Configuration Guide 15-12 OL-19808-01...
Page 297: Configuring The Igmp Snooping Querier
Beginning in privileged EXEC mode, follow these steps to enable the IGMP snooping querier feature in a VLAN: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ip igmp snooping querier Enable the IGMP snooping querier. Catalyst 2360 Switch Software Configuration Guide 15-13 OL-19808-01...
Page 298 Switch(config)# ip igmp snooping querier timeout expiry 60 Switch(config)# end This example shows how to set the IGMP snooping querier feature to Version 2: Switch# configure terminal Switch(config)# no ip igmp snooping querier version 2 Switch(config)# end Catalyst 2360 Switch Software Configuration Guide 15-14 OL-19808-01...
Page 299: Disabling Igmp Report Suppression
• command options instead of the actual entries. dynamic—Display entries learned through IGMP snooping. • user—Display only the user-configured multicast entries. • Catalyst 2360 Switch Software Configuration Guide 15-15 OL-19808-01...
Page 300: Configuring Igmp Filtering And Throttling
If the filtering action permits access to the multicast group, the IGMP report from the port is forwarded for normal processing. You can also set the maximum number of IGMP groups that a Layer 2 interface can join. Catalyst 2360 Switch Software Configuration Guide 15-16 OL-19808-01...
Page 301: Default Igmp Filtering And Throttling Configuration
When the maximum number of groups is in forwarding table, the default IGMP throttling action is to deny the IGMP report. For configuration guidelines, see the “Configuring the IGMP Throttling Action” section on page 15-20. Catalyst 2360 Switch Software Configuration Guide 15-17 OL-19808-01...
Page 302: Configuring Igmp Profiles
To delete a profile, use the no ip igmp profile profile number global configuration command. To delete an IP multicast address or range of IP multicast addresses, use the no range ip multicast address IGMP profile configuration command. Catalyst 2360 Switch Software Configuration Guide 15-18 OL-19808-01...
Page 303: Applying Igmp Profiles
You can set the maximum number of IGMP groups that a Layer 2 interface can join by using the ip igmp max-groups interface configuration command. Use the no form of this command to set the maximum back to the default, which is no limit. Catalyst 2360 Switch Software Configuration Guide 15-19 OL-19808-01...
Page 304: Configuring The Igmp Throttling Action
After these entries are aged out and the maximum number of entries is in the forwarding table, the switch drops the next IGMP report received on the interface. Catalyst 2360 Switch Software Configuration Guide 15-20 OL-19808-01...
Page 305: Displaying Igmp Filtering And Throttling Configuration
Displays the configuration of the specified interface or the configuration of all interfaces interface-id] on the switch, including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. Catalyst 2360 Switch Software Configuration Guide 15-21 OL-19808-01...
Page 306 Chapter 15 Configuring IGMP Snooping Displaying IGMP Filtering and Throttling Configuration Catalyst 2360 Switch Software Configuration Guide 15-22 OL-19808-01...
Page 307: Chapter 16 Configuring Ipv6 Mld Snooping
You can use Multicast Listener Discovery (MLD) snooping to enable efficient distribution of IP Version 6 (IPv6) multicast data to clients and routers in a switched network on the Catalyst 2360 switch. For information about IPv6 on the switch, see Chapter 27, “Configuring IPv6 Unicast...
Page 308 Multicast Client Aging Robustness, page 16-3 • Multicast Router Discovery, page 16-4 • MLD Reports, page 16-4 • • MLD Done Messages and Immediate-Leave, page 16-4 Topology Change Notification Processing, page 16-5 • Catalyst 2360 Switch Software Configuration Guide 16-2 OL-19808-01...
Page 309: Mld Messages
1006 to 4094), IPv6 MLD snooping must be enabled on the extended VLAN on the Catalyst 6500 switch in order for the Catalyst 2360 switch to receive queries on the VLAN. For normal-range VLANs (1 to 1005), it is not necessary to enable IPv6 MLD snooping on the VLAN on the Catalyst 6500 switch.
Page 310: Multicast Router Discovery
MASQs. A port is removed from membership to an address when there are no MLDv1 reports to the address on the port for the configured number of queries. Catalyst 2360 Switch Software Configuration Guide 16-4 OL-19808-01...
Page 311: Topology Change Notification Processing
Default MLD Snooping Configuration Feature Default Setting MLD snooping (Global) Disabled. MLD snooping (per VLAN) Enabled. MLD snooping must be globally enabled for VLAN MLD snooping to take place. IPv6 Multicast addresses None configured. Catalyst 2360 Switch Software Configuration Guide 16-5 OL-19808-01...
Page 312: Mld Snooping Configuration Guidelines
1006 to 4094), IPv6 MLD snooping must be enabled on the extended VLAN on the Catalyst 6500 switch in order for the Catalyst 2360 switch to receive queries on the VLAN. For normal-range VLANs (1 to 1005), it is not necessary to enable IPv6 MLD snooping on the VLAN on the Catalyst 6500 switch.
Page 313 1006 to 4094), IPv6 MLD snooping must be enabled on the extended VLAN on the Catalyst 6500 switch in order for the Catalyst 2360 switch to receive queries on the VLAN. For normal-range VLANs (1 to 1005), it is not necessary to enable IPv6 MLD snooping on the VLAN on the Catalyst 6500 switch.
Page 314: Configuring A Static Multicast Group
(add a static connection to a multicast router), use the ipv6 mld snooping vlan mrouter global configuration command on the switch. Static connections to multicast routers are supported only on switch ports. Note Catalyst 2360 Switch Software Configuration Guide 16-8 OL-19808-01...
Page 315: Enabling Mld Immediate Leave
To disable MLD Immediate Leave on a VLAN, use the no ipv6 mld snooping vlan vlan-id immediate-leave global configuration command. This example shows how to enable MLD Immediate Leave on VLAN 130: Switch# configure terminal Switch(config)# ipv6 mld snooping vlan 130 immediate-leave Switch(config)# exit Catalyst 2360 Switch Software Configuration Guide 16-9 OL-19808-01...
Page 316: Configuring Mld Snooping Queries
[vlan (Optional) Verify that the MLD snooping querier information for the vlan-id] switch or for the VLAN. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 16-10 OL-19808-01...
Page 317: Disabling Mld Listener Message Suppression
VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for MLD snooping. To display MLD snooping information, use one or more of the privileged EXEC commands in Table 16-2. Catalyst 2360 Switch Software Configuration Guide 16-11 OL-19808-01...
Page 318: Table
Enter user to display MLD snooping user-configured group • information for the switch or for a VLAN. show ipv6 mld snooping multicast-address vlan Display MLD snooping for the specified VLAN and IPv6 multicast vlan-id [ipv6-multicast-address] address. Catalyst 2360 Switch Software Configuration Guide 16-12 OL-19808-01...
Page 319: Chapter 17 Configuring Cdp
• Understanding CDP CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.
Page 320: Configuring Cdp
The range is 10 to 255 seconds; the default is 180 seconds. Step 4 cdp advertise-v2 (Optional) Configure CDP to send Version-2 advertisements. This is the default state. Step 5 Return to privileged EXEC mode. Catalyst 2360 Switch Software Configuration Guide 17-2 OL-19808-01...
Page 321: Disabling And Enabling Cdp
17-5. Disabling and Enabling CDP CDP is enabled by default. Switch clusters and other Cisco devices regularly exchange CDP messages. Disabling CDP can interrupt cluster discovery and device connectivity. For more information, see Chapter 4, “Clustering Switches” and see Getting Started with Cisco Network Assistant, available on Cisco.com.
Page 322: Disabling And Enabling Cdp On An Interface
(Optional) Save your entries in the configuration file. This example shows how to enable CDP on a port when it has been disabled. Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# cdp enable Switch(config-if)# end Catalyst 2360 Switch Software Configuration Guide 17-4 OL-19808-01...
Page 323: Monitoring And Maintaining Cdp
You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. show cdp traffic Display CDP counters, including the number of packets sent and received and checksum errors. Catalyst 2360 Switch Software Configuration Guide 17-5 OL-19808-01...
Page 324 Chapter 17 Configuring CDP Monitoring and Maintaining CDP Catalyst 2360 Switch Software Configuration Guide 17-6 OL-19808-01...
Page 325: Chapter 18 Configuring Lldp And Lldp-Med
Understanding LLDP-MED, page 18-2 Understanding LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.
Page 326: Understanding Lldp-Med
• Allows an endpoint to transmit detailed inventory information about itself to the switch, including information hardware revision, firmware version, software version, serial number, manufacturer name, model name, and asset ID TLV. Catalyst 2360 Switch Software Configuration Guide 18-2 OL-19808-01...
Page 327: Configuring Lldp And Lldp-Med
LLDP reinitialization delay 2 seconds LLDP tlv-select Disabled to send and receive all TLVs. LLDP interface state Disabled LLDP receive Disabled LLDP transmit Disabled LLDP med-tlv-select Disabled to send all LLDP-MED TLVs Catalyst 2360 Switch Software Configuration Guide 18-3 OL-19808-01...
Page 328: Configuring Lldp Characteristics
Switch# configure terminal Switch(config)# lldp holdtime 120 Switch(config)# lldp reinit 2 Switch(config)# lldp timer 30 Switch(config)# end For additional LLDP show commands, see the “Monitoring and Maintaining LLDP and LLDP-MED” section on page 18-7. Catalyst 2360 Switch Software Configuration Guide 18-4 OL-19808-01...
Page 329: Disabling And Enabling Lldp Globally
Step 4 no lldp receive No LLDP packets are received on the interface. Step 5 Return to privileged EXEC mode. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 18-5 OL-19808-01...
Page 330: Configuring Lldp-Med Tlvs
TLVs: Table 18-2 LLDP-MED TLVs LLDP-MED TLV Description inventory-management LLDP-MED inventory management TLV location LLDP-MED location TLV network-policy LLDP-MED network policy TLV power-management LLDP-MED power management TLV Catalyst 2360 Switch Software Configuration Guide 18-6 OL-19808-01...
Page 331: Monitoring And Maintaining Lldp And Lldp-Med
[interface-id] Display information about interfaces where LLDP is enabled. You can limit the display to the interface about which you want information. Catalyst 2360 Switch Software Configuration Guide 18-7 OL-19808-01...
Page 332 You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. show lldp traffic Display LLDP counters, including the number of packets sent and received, number of packets discarded, and number of unrecognized TLVs. Catalyst 2360 Switch Software Configuration Guide 18-8 OL-19808-01...
Page 333: Chapter 19 Configuring Udld
A unidirectional link occurs whenever traffic sent by a local device is received by its neighbor but traffic from the neighbor is not received by the local device. Catalyst 2360 Switch Software Configuration Guide 19-1 OL-19808-01...
Page 334: Methods To Detect Unidirectional Links
Because this behavior is the same on all UDLD neighbors, the sender of the echoes expects to receive an echo in reply. Catalyst 2360 Switch Software Configuration Guide 19-2 OL-19808-01...
Page 335: Configuring Udld
Resetting an Interface Disabled by UDLD, page 19-5 Default UDLD Configuration Table 19-1 Default UDLD Configuration Feature Default Setting UDLD global enable state Globally disabled UDLD per-port enable state for fiber-optic media Disabled on all Ethernet fiber-optic ports Catalyst 2360 Switch Software Configuration Guide 19-3 OL-19808-01...
Page 336: Configuration Guidelines
Note interface configuration command to enable UDLD on other port types. For more information, see the “Enabling UDLD on an Interface” section on page 19-5. Step 3 Return to privileged EXEC mode. Catalyst 2360 Switch Software Configuration Guide 19-4 OL-19808-01...
Page 337: Enabling Udld On An Interface
Verify your entries. You can also bring up the port by using these commands: The shutdown interface configuration command followed by the no shutdown interface • configuration command restarts the disabled port. Catalyst 2360 Switch Software Configuration Guide 19-5 OL-19808-01...
Page 338: Displaying Udld Status
To display the UDLD status for the specified port or for all ports, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the command output, see the command reference for this release. Catalyst 2360 Switch Software Configuration Guide 19-6 OL-19808-01...
Page 339: Understanding Span
You can use the SPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.
Page 340: Local Span
A SPAN session does not interfere with the normal operation of the switch. However, an • oversubscribed SPAN destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can result in dropped or lost packets. Catalyst 2360 Switch Software Configuration Guide 20-2 OL-19808-01...
Page 341: Monitored Traffic
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).
Page 342: Source Vlans
SPAN traffic coming from other port types is not affected by VLAN filtering; that is, all VLANs are • allowed on other ports. VLAN filtering affects only traffic forwarded to the destination SPAN port and does not affect the • switching of normal traffic. Catalyst 2360 Switch Software Configuration Guide 20-4 OL-19808-01...
Page 343: Destination Port
STP status. CDP—A SPAN destination port does not participate in CDP while the SPAN session is active. After • the SPAN session is disabled, the port again participates in CDP. • Catalyst 2360 Switch Software Configuration Guide 20-5 OL-19808-01...
Page 344: Configuring Span
Both received and sent traffic (both). Encapsulation type (destination port) Native form (untagged packets). Ingress forwarding (destination port) Disabled VLAN filtering On a trunk interface used as a source port, all VLANs are monitored. Catalyst 2360 Switch Software Configuration Guide 20-6 OL-19808-01...
Page 345: Configuring Local Span
| remote} For session_number, the range is 1 to 66. Specify all to remove all SPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Catalyst 2360 Switch Software Configuration Guide 20-7 OL-19808-01...
Page 346 If not selected, the default is to send packets in native form (untagged). You can use monitor session session_number destination Note command multiple times to configure multiple destination ports. Step 5 Return to privileged EXEC mode. Catalyst 2360 Switch Software Configuration Guide 20-8 OL-19808-01...
Page 347 VLAN 10. Switch(config)# no monitor session 1 Switch(config)# monitor session 1 source vlan 1 - 3 rx Switch(config)# monitor session 1 destination interface gigabitethernet0/2 Switch(config)# monitor session 1 source vlan 10 Switch(config)# end Catalyst 2360 Switch Software Configuration Guide 20-9 OL-19808-01...
Page 348: Creating A Local Span Session And Configuring Incoming Traffic
VLANs and the destination ports, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). For details about the keywords not related to incoming traffic, see the “Creating a Local SPAN Session”...
Page 349: Specifying Vlans To Filter
(Optional) Enter encapsulation replicate to specify that the destination interface replicates the source interface encapsulation method. If not selected, the default is to send packets in native form (untagged). Catalyst 2360 Switch Software Configuration Guide 20-11 OL-19808-01...
Page 350: Displaying Span Status
Switch(config)# end Displaying SPAN Status To display the current SPAN configuration, use the show monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured sessions. Catalyst 2360 Switch Software Configuration Guide 20-12 OL-19808-01...
Page 351: Chapter 21 Configuring Rmon
C H A P T E R Configuring RMON This chapter describes how to configure Remote Network Monitoring (RMON) on the Catalyst 2360 switch. RMON is a standard monitoring specification that defines a set of statistics and functions that can be exchanged between RMON-compliant console systems and network probes.
Page 352: Configuring Rmon
• Configuring RMON Alarms and Events, page 21-3 (required) • Collecting Group History Statistics on an Interface, page 21-5 (optional) • Collecting Group Ethernet Statistics on an Interface, page 21-5 (optional) • Catalyst 2360 Switch Software Configuration Guide 21-2 OL-19808-01...
Page 353: Default Rmon Configuration
-2147483648 to 2147483647. • (Optional) For event-number, specify the event number to trigger when the rising or falling threshold exceeds its limit. (Optional) For owner string, specify the owner • of the alarm. Catalyst 2360 Switch Software Configuration Guide 21-3 OL-19808-01...
Page 354 This example also generates an SNMP trap when the event is triggered. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones Catalyst 2360 Switch Software Configuration Guide 21-4 OL-19808-01...
Page 355: Collecting Group History Statistics On An Interface
This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface on which to collect statistics, and enter interface configuration mode. Catalyst 2360 Switch Software Configuration Guide 21-5 OL-19808-01...
Page 356: Displaying Rmon Status
Displays the RMON statistics table. For information about the fields in these displays, see the “System Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Catalyst 2360 Switch Software Configuration Guide 21-6 OL-19808-01...
Page 357: Chapter 22 Configuring System Message Logging
Configuring System Message Logging This chapter describes how to configure system message logging on the Catalyst 2360 switch. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note Configuration Fundamentals Command Reference, Release 12.2.
Page 358: Configuring System Message Logging
The part of the message preceding the percent sign depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. Catalyst 2360 Switch Software Configuration Guide 22-2 OL-19808-01...
Page 359: Default System Message Logging Configuration
System message logging to the console Enabled. Console severity Debugging (and numerically lower levels; see Table 22-3 on page 22-9). Logging file configuration No filename specified. Logging buffer size 4096 bytes. Logging history size 1 message. Catalyst 2360 Switch Software Configuration Guide 22-3 OL-19808-01...
Page 360: Disabling Message Logging
When this command is enabled, messages appear only after you press Return. For more information, see the “Synchronizing Log Messages” section on page 22-6. To re-enable message logging after it has been disabled, use the logging on global configuration command. Catalyst 2360 Switch Software Configuration Guide 22-4 OL-19808-01...
Page 361: Setting The Message Display Destination Device
You must perform this step for each session to see the debugging messages. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 22-5 OL-19808-01...
Page 362: Synchronizing Log Messages
Or you can change the setting of the single vty line being used for your current connection. For example, to change the setting for vty line 2, enter: line vty 2 When you enter this command, the mode changes to line configuration. Catalyst 2360 Switch Software Configuration Guide 22-6 OL-19808-01...
Page 363: Enabling And Disabling Time Stamps On Log Messages
To disable time stamps for both debug and log messages, use the no service timestamps global configuration command. This example shows part of a logging display with the service timestamps log datetime global configuration command enabled: *Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) (Switch-2) Catalyst 2360 Switch Software Configuration Guide 22-7 OL-19808-01...
Page 364: Enabling And Disabling Sequence Numbers In Log Messages
Table 22-3 on page 22-9). Step 3 logging monitor level Limit messages logged to the terminal lines. By default, the terminal receives debugging messages and numerically lower levels (see Table 22-3 on page 22-9). Catalyst 2360 Switch Software Configuration Guide 22-8 OL-19808-01...
Page 365 Technical Assistance Center. Interface up or down transitions and system restart messages, displayed at the notifications level. • This message is only for information; switch functionality is not affected. Catalyst 2360 Switch Software Configuration Guide 22-9 OL-19808-01...
Page 366: Limiting Syslog Messages Sent To The History Table And To Snmp
You can enable a configuration logger to keep track of configuration changes made with the command-line interface (CLI). When you enter the logging enable configuration-change logger configuration command, the log records the session, the user, and the command that was entered to Catalyst 2360 Switch Software Configuration Guide 22-10 OL-19808-01...
Page 367 [end-number] | statistics} [provisioning] privileged EXEC command to display the complete configuration log or the log for specified parameters. The default is that configuration logging is disabled. For information about the commands, see the Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter0918 6a00801a8086.html#wp1114989...
Page 368: Configuring Unix Syslog Servers
Log messages to a UNIX syslog server host by entering its IP address. To build a list of syslog servers that receive logging messages, enter this command more than once. Catalyst 2360 Switch Software Configuration Guide 22-12 OL-19808-01...
Page 369: Displaying The Logging Configuration
Displaying the Logging Configuration To display the logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2.
Page 370 Chapter 22 Configuring System Message Logging Displaying the Logging Configuration Catalyst 2360 Switch Software Configuration Guide 22-14 OL-19808-01...
Page 371: Understanding Snmp
2360 switch. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. This chapter consists of these sections: Understanding SNMP, page 23-1 •...
Page 372: Snmp Versions
A combination of the security level and the security model determine which security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. Catalyst 2360 Switch Software Configuration Guide 23-2 OL-19808-01...
Page 373: Snmp Manager Functions
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. Catalyst 2360 Switch Software Configuration Guide 23-3 OL-19808-01...
Page 374: Snmp Agent Functions
(@esN, where N is the switch number) to the first configured RW and RO community strings on the command switch and propagates them to the member switches. For more information, Chapter 4, “Clustering Switches” and see Getting Started with Cisco Network Assistant, available on Cisco.com. Using SNMP to Access MIB Variables An example of an NMS is the CiscoWorks network management software.
Page 375: Snmp Notifications
SNMP manager receive every notification, use inform requests. If traffic on the network or memory in the switch is a concern and notification is not required, use traps. Catalyst 2360 Switch Software Configuration Guide 23-5 OL-19808-01...
Page 376: Snmp Ifindex Mib Object Values
Configuring SNMP Groups and Users, page 23-10 • Configuring SNMP Notifications, page 23-12 • Setting the Agent Contact and Location Information, page 23-15 • Limiting TFTP Servers Used Through SNMP, page 23-15 • SNMP Examples, page 23-16 • Catalyst 2360 Switch Software Configuration Guide 23-6 OL-19808-01...
Page 377: Default Snmp Configuration
Modifying the group's notify view affects all users associated with that group. See the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 for information about when you should configure notify views.
Page 378: Disabling The Snmp Agent
The no snmp-server global configuration command disables all running versions (Version 1, Version 2C, and Version 3) on the device. No specific Cisco IOS command exists to enable SNMP. The first snmp-server global configuration command that you enter enables all versions of SNMP.
Page 379 (Optional) Save your entries in the configuration file. To disable access for an SNMP community, set the community string for that community to the null Note string (do not enter a value for the community string). Catalyst 2360 Switch Software Configuration Guide 23-9 OL-19808-01...
Page 380: Configuring Snmp Groups And Users
If you select remote, specify the ip-address of the device that • contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. The default is 162. Catalyst 2360 Switch Software Configuration Guide 23-10 OL-19808-01...
Page 381 64 characters) that is the name of the view in which you specify a notify, inform, or trap. • (Optional) Enter access access-list with a string (not to exceed 64 characters) that is the name of the access list. Catalyst 2360 Switch Software Configuration Guide 23-11 OL-19808-01...
Page 382: Configuring Snmp Notifications
A trap manager is a management station that receives and processes traps. Traps are system alerts that the switch generates when certain events occur. By default, no trap manager is defined, and no traps are sent. Switches running this Cisco IOS release can have an unlimited number of trap managers. Note Many commands use the word traps in the command syntax.
Page 383 Though visible in the command-line help strings, the cpu [threshold], fru-ctrl, insertion, and removal keywords are not supported on the Catalyst 2360 switch. To enable the sending of SNMP inform notifications, use the snmp-server enable traps global configuration command combined with the snmp-server host host-addr informs global configuration command.
Page 384 1 to 1000; the default is 10. Step 9 snmp-server trap-timeout seconds (Optional) Define how often to resend trap messages. The range is 1 to 1000; the default is 30 seconds. Step 10 Return to privileged EXEC mode. Catalyst 2360 Switch Software Configuration Guide 23-14 OL-19808-01...
Page 385: Setting The Agent Contact And Location Information
Limit TFTP servers used for configuration file copies through access-list-number SNMP to the servers in the access list. For access-list-number, enter an IP standard access list numbered from 1 to 99 and 1300 to 1999. Catalyst 2360 Switch Software Configuration Guide 23-15 OL-19808-01...
Page 386: Snmp Examples
Switch(config)# snmp-server host cisco.com version 2c public This example shows how to send Entity MIB traps to the host cisco.com. The community string is restricted. The first line enables the switch to send Entity MIB traps in addition to any traps previously enabled.
Page 387: Displaying Snmp Status
Displaying SNMP Status Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
Page 388 Chapter 23 Configuring SNMP Displaying SNMP Status Catalyst 2360 Switch Software Configuration Guide 23-18 OL-19808-01...
Page 389: Chapter 24 Managing Network Security With Acls
“Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
Page 390: Handling Fragmented And Unfragmented Traffic
ACE because that ACE does not check any Layer 4 information and because Layer 3 information in all fragments shows that they are being sent to host 10.1.1.3, and the earlier permit ACEs were checking different hosts. Catalyst 2360 Switch Software Configuration Guide 24-2 OL-19808-01...
Page 391: Configuring Ipv4 Acls
Configuring IPv4 ACLs Configuring IPv4 ACLs Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and routers. The process is briefly described here. For more detailed information on configuring ACLs, see the “Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Page 392: Access List Numbers
IP ACL can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete individual entries from a named list. Catalyst 2360 Switch Software Configuration Guide 24-4 OL-19808-01...
Page 393: Creating A Numbered Standard Acl
Switch (config)# access-list 2 deny host 171.69.198.102 Switch (config)# access-list 2 permit any Switch(config)# end Switch# show access-lists Standard IP access list 2 10 deny 171.69.198.102 20 permit any Catalyst 2360 Switch Software Configuration Guide 24-5 OL-19808-01...
Page 394: Creating A Numbered Extended Acl
For more details on the specific keywords for each protocol, see these command references: • Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 •...
Page 395 After an ACL is created, any additions (possibly entered from the terminal) are placed at the end of the list. You cannot selectively add or remove access list entries from a numbered access list. Catalyst 2360 Switch Software Configuration Guide 24-7...
Page 396: Resequencing Aces In An Acl
Enter global configuration mode. Step 2 ip access-list standard name Define a standard IPv4 access list using a name, and enter access-list configuration mode. The name can be a number from 1 to 99. Catalyst 2360 Switch Software Configuration Guide 24-8 OL-19808-01...
Page 397 For standard ACLs, if you omit the mask from an associated IP host address access list specification, 0.0.0.0 is assumed to be the mask. Catalyst 2360 Switch Software Configuration Guide 24-9 OL-19808-01...
Page 398: Using Time Ranges With Acls
Assign a meaningful name (for example, workhours) to the time range to be created, and enter time-range configuration mode. The name cannot contain a space or quotation mark and must begin with a letter. Catalyst 2360 Switch Software Configuration Guide 24-10 OL-19808-01...
Page 399 Switch(config-ext-nacl)# deny tcp any any time-range new_year_day_2006 Switch(config-ext-nacl)# exit Switch(config)# ip access-list extended may_access Switch(config-ext-nacl)# permit tcp any any time-range workhours Switch(config-ext-nacl)# end Switch# show ip access-lists Extended IP access list lpip_default 10 permit ip any any Catalyst 2360 Switch Software Configuration Guide 24-11 OL-19808-01...
Page 400: Including Comments In Acls
ACLs to lines. You must set identical restrictions on all the virtual terminal lines because a user can attempt to connect to any of them. For procedures for applying ACLs to interfaces, see the “Applying an IPv4 ACL to a Management VLAN” section on page 24-13. Catalyst 2360 Switch Software Configuration Guide 24-12 OL-19808-01...
Page 401: Applying An Ipv4 Acl To A Management Vlan
Control access to the specified interface. name} in Step 4 Return to privileged EXEC mode. Step 5 show running-config Display the access list configuration. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 24-13 OL-19808-01...
Page 402: Ipv4 Acl Configuration Examples
This section provides examples of configuring and applying IPv4 ACLs. For detailed information about compiling ACLs, see the Cisco IOS Security Configuration Guide, Release 12.2 and to the Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Page 403: Named Acl
Switch(config)# access-list 100 remark Do not allow Winter to browse the web Switch(config)# access-list 100 deny host 171.69.3.85 any eq www Switch(config)# access-list 100 remark Do not allow Smith to browse the web Switch(config)# access-list 100 deny host 171.69.3.13 any eq www Catalyst 2360 Switch Software Configuration Guide 24-15 OL-19808-01...
Page 404: Displaying Ipv4 Acl Configuration
[interface interface-id] Displays the contents of the configuration file for the switch or the specified interface, including all configured MAC and IP access lists and which access groups are applied to an interface. Catalyst 2360 Switch Software Configuration Guide 24-16 OL-19808-01...
Page 405: Chapter 25 Configuring Qos
When you configure the QoS feature, you can select specific network traffic, prioritize it according to its relative importance, and use congestion-management and congestion-avoidance techniques to provide preferential treatment. Implementing QoS in your network makes network performance more predictable and bandwidth utilization more effective. Catalyst 2360 Switch Software Configuration Guide 25-1 OL-19808-01...
Page 406: Basic Qos Model
For non-IP and IP traffic, you can configure the ports as trusted. Classification is performed on ingress packets by using the packet CoS value. The default CoS value is 0 which means best-effort traffic. The default port trust state is untrusted. Catalyst 2360 Switch Software Configuration Guide 25-2 OL-19808-01...
Page 407: Configuring Qos
CoS output queue threshold map when QoS is enabled. Table 25-2 Default CoS Output Queue Threshold Map CoS Value Queue ID–Threshold ID 0, 1 2–1 2, 3 3–1 4–1 1–1 6, 7 4–1 Catalyst 2360 Switch Software Configuration Guide 25-3 OL-19808-01...
Page 408: Standard Qos Configuration Guidelines
Configuring the Trust State on Ports within the QoS Domain, page 25-5 • • Configuring the CoS Value for an Interface, page 25-6 • Configuring a Trusted Boundary to Ensure Port Security, page 25-7 Catalyst 2360 Switch Software Configuration Guide 25-4 OL-19808-01...
Page 409 Configure the port trust state. cos—Classifies an ingress packet by using the packet CoS value. • For an untagged packet, the port default CoS value is used. The default port CoS value is 0. Catalyst 2360 Switch Software Configuration Guide 25-5 OL-19808-01...
Page 410 Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no mls qos cos {default-cos | override} interface configuration command. Catalyst 2360 Switch Software Configuration Guide 25-6 OL-19808-01...
Page 411 Verify your entries. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable the trusted boundary feature, use the no mls qos trust device interface configuration command. Catalyst 2360 Switch Software Configuration Guide 25-7 OL-19808-01...
Page 412: Configuring The Egress Expedite Queue
Display QoS information at the port level, including the buffer | statistics] allocation, the queueing strategy, and the ingress and egress statistics. show mls qos queue-set [qset-id] Display QoS settings for the egress queues. Catalyst 2360 Switch Software Configuration Guide 25-8 OL-19808-01...
Page 413: Understanding Etherchannels
This chapter describes how to configure EtherChannels on Layer 2 and Layer 3 ports on the Catalyst 2360 switch. EtherChannel provides fault-tolerant high-speed links between switches, routers, and servers. You can use it to increase the bandwidth between the wiring closets and the data center, and you can deploy it anywhere in the network where bottlenecks are likely to occur.
Page 414: Etherchannel Overview
EtherChannel. The other end of the channel (on the other switch) must also be configured in the on mode; otherwise, packet loss can occur. Catalyst 2360 Switch Software Configuration Guide 26-2 OL-19808-01...
Page 415 EtherChannel are blocked from returning on any other link of the EtherChannel. Figure 26-2 Single-Switch EtherChannel Switch stack Switch 1 Channel group 1 StackWise Plus port connections Switch A Channel Switch 2 group 2 Switch 3 Catalyst 2360 Switch Software Configuration Guide 26-3 OL-19808-01...
Page 416: Port-Channel Interfaces
To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. Catalyst 2360 Switch Software Configuration Guide 26-4 OL-19808-01...
Page 417: Port Aggregation Protocol
Understanding EtherChannels Port Aggregation Protocol The Port Aggregation Protocol (PAgP) is a Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by vendors to support PAgP. PAgP facilitates the automatic creation of EtherChannels by exchanging PAgP packets between Ethernet ports. You can use PAgP only in single-switch EtherChannel configurations.
Page 418: Pagp Interaction With Virtual Switches And Dual-Active Detection
Link Aggregation Control Protocol The LACP is defined in IEEE 802.3ad and enables Cisco switches to manage Ethernet channels between switches that conform to the IEEE 802.3ad protocol. LACP facilitates the automatic creation of EtherChannels by exchanging LACP packets between Ethernet ports.
Page 419: Lacp Modes
Ports that are configured in the on mode in the same channel group must have compatible port characteristics, such as speed and duplex. Ports that are not compatible are suspended, even though they are configured in the on mode. Catalyst 2360 Switch Software Configuration Guide 26-7 OL-19808-01...
Page 420: Load-Balancing And Forwarding Methods
In Figure 26-4, an EtherChannel of four workstations communicates with a router. Because the router is a single-MAC-address device, source-based Catalyst 2360 Switch Software Configuration Guide 26-8 OL-19808-01...
Page 421: Configuring Etherchannels
Configuring Layer 2 EtherChannels, page 26-11 (required) • Configuring EtherChannel Load-Balancing, page 26-13 (optional) • Configuring the PAgP Learn Method and Priority, page 26-14 (optional) • • Configuring LACP Hot-Standby Ports, page 26-15 (optional) Catalyst 2360 Switch Software Configuration Guide 26-9 OL-19808-01...
Page 422: Default Etherchannel Configuration
Enable all ports in an EtherChannel. A port in an EtherChannel that is disabled by using the • shutdown interface configuration command is treated as a link failure, and its traffic is transferred to one of the remaining ports in the EtherChannel. Catalyst 2360 Switch Software Configuration Guide 26-10 OL-19808-01...
Page 423: Configuring Layer 2 Etherchannels
For a LACP EtherChannel, you can configure up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. Catalyst 2360 Switch Software Configuration Guide 26-11 OL-19808-01...
Page 424 Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a port from the EtherChannel group, use the no channel-group interface configuration command. Catalyst 2360 Switch Software Configuration Guide 26-12 OL-19808-01...
Page 425: Configuring Etherchannel Load-Balancing
Step 3 Return to privileged EXEC mode. Step 4 show etherchannel load-balance Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 26-13 OL-19808-01...
Page 426: Configuring The Pagp Learn Method And Priority
This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port for transmission, and enter interface configuration mode. Catalyst 2360 Switch Software Configuration Guide 26-14 OL-19808-01...
Page 427: Configuring Lacp Hot-Standby Ports
LACP, the software assigns a unique priority made up of these elements (in priority order): LACP system priority • System ID (the switch MAC address) • LACP port priority • Port number • Catalyst 2360 Switch Software Configuration Guide 26-15 OL-19808-01...
Page 428: Configuring The Lacp System Priority
The hot-standby ports that have lower port numbers become active in the channel first. You can use the show etherchannel summary privileged EXEC command to see which ports are in the hot-standby mode (denoted with an H port-state flag). Catalyst 2360 Switch Software Configuration Guide 26-16 OL-19808-01...
Page 429: Displaying Etherchannel, Pagp, And Lacp Status
PAgP configuration, and neighbor information. show pagp [channel-group-number] dual-active Displays the dual-active detection status. show lacp [channel-group-number] {counters | Displays LACP information such as traffic information, the internal | neighbor} internal LACP configuration, and neighbor information. Catalyst 2360 Switch Software Configuration Guide 26-17 OL-19808-01...
Page 430: Understanding Link-State Tracking
Interfaces connected to servers are referred to as downstream interfaces, and interfaces connected to distribution switches and network devices are referred to as upstream interfaces. Catalyst 2360 Switch Software Configuration Guide 26-18 OL-19808-01...
Page 431 1. Port 5 and port 6 are connected to distribution switch 1 through link-state group 1. Port 5 and – port 6 are the upstream interfaces in link-state group 1. Catalyst 2360 Switch Software Configuration Guide 26-19 OL-19808-01...
Page 432 You can recover a downstream interface link-down condition by removing the failed downstream port from the link-state group. To recover from multiple downstream interfaces, disable the link-state group. Catalyst 2360 Switch Software Configuration Guide 26-20 OL-19808-01...
Page 433: Configuring Link-State Tracking
1 to 2. The default is 1. Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 26-21 OL-19808-01...
Page 434: Displaying Link-State Tracking Status
Upstream Interfaces : Gi0/15(Dwn) Gi0/16(Dwn) Gi0/17(Dwn) Downstream Interfaces : Gi0/11(Dis) Gi0/12(Dis) Gi0/13(Dis) Gi0/14(Dis) (Up):Interface up (Dwn):Interface Down (Dis):Interface disabled For detailed information about the fields in the display, see the command reference for this release. Catalyst 2360 Switch Software Configuration Guide 26-22 OL-19808-01...
Page 435: Chapter 27 Configuring Ipv6 Unicast Hosts
For information about configuring IPv6 Multicast Listener Discovery (MLD) snooping, see Chapter 16, “Configuring IPv6 MLD Snooping.” For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note documentation referenced in the procedures This chapter consists of these sections: “Understanding IPv6”...
Page 436: Ipv6 Addresses
For more information about IPv4 and IPv6 protocol stacks, see the “Implementing IPv6 Addressing • and Basic Connectivity” chapter of Cisco IOS IPv6 Configuration Library on Cisco.com., page 27-5 Support on the switch includes expanded address capability, header format simplification, improved support of extensions and options, and hardware parsing of the extension header.
Page 437: 128-Bit Wide Unicast Addresses
For more information, see the section about IPv6 unicast addresses in the “Implementing IPv6 Addressing and Basic Connectivity” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com. DNS for IPv6 IPv6 supports Domain Name System (DNS) record types in the DNS name-to-address and address-to-name lookup processes.
Page 438: Ipv6 Stateless Autoconfiguration And Duplicate Address Detection
Verifies SNMP Manager feature works with IPv6 transport • For information on SNMP over IPv6, including configuration procedures, see the “Managing Cisco IOS Applications over IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com. For information about syslog over IPv6, including configuration procedures, see the “Implementing IPv6 Addressing and Basic Connectivity”...
Page 439: Http(S) Over Ipv6
Basic network connectivity (ping) must exist between the client and the server hosts before HTTP connections can be made. For more information, see the “Managing Cisco IOS Applications over IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com.
Page 440: Configuring Ipv6 Addressing And Enabling Ipv6 Host
For more information about configuring IPv6, see the “Implementing Addressing and Basic Connectivity for IPv6” chapter in the Cisco IOS IPv6 Configuration Library on Cisco.com. Beginning in privileged EXEC mode, follow these steps to assign an IPv6 address to an interface and...
Page 441: Configuring Default Router Preference
Specify a DRP for the router on the switch interface. medium | low} Step 4 Return to privileged EXEC mode. Step 5 show ipv6 interface Verify the configuration. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Catalyst 2360 Switch Software Configuration Guide 27-7 OL-19808-01...
Page 442: Configuring Ipv6 Icmp Rate Limiting
20 tokens. Switch(config)#ipv6 icmp error-interval 50 20 Displaying IPv6 For complete syntax and usage information on these commands, see the Cisco IOS command reference publications. Table 27-2 shows the privileged EXEC commands for monitoring IPv6 on the switch.
Page 443 Display the configuration values for HTTP client connections to HTTP servers. show ip http client history Display a list of the last 20 requests made by the HTTP client to the server. Catalyst 2360 Switch Software Configuration Guide 27-9 OL-19808-01...
Page 444 Chapter 27 Configuring IPv6 Unicast Hosts Displaying IPv6 Catalyst 2360 Switch Software Configuration Guide 27-10 OL-19808-01...
Page 445: Chapter 28 Troubleshooting
C H A P T E R Troubleshooting This chapter describes how to identify and resolve software problems related to the Cisco IOS software. Depending on the nature of the problem, you can use one of these tools: command-line interface (CLI) •...
Page 446: Recovering From A Software Failure
From your PC, download the software image tar file (image_filename.tar) from Cisco.com. Step 1 The Cisco IOS image is stored as a bin file in a directory in the tar file. For information about locating the software image files on Cisco.com, see the release notes.
Page 447: Recovering From A Lost Or Forgotten Password
Copy the software image from the TFTP server to the switch: Step 9 switch: copy tftp:// ip_address / filesystem :/ source-file-url flash: image_filename.bin Boot up the newly downloaded Cisco IOS image. Step 10 switch: boot flash: image_filename.bin Use the archive download-sw privileged EXEC command to download the software image to the Step 11 switch.
Page 448: Procedure With Password Recovery Enabled
The system has been interrupted prior to initializing the flash file system. The following commands will initialize the flash file system, and finish loading the operating system software: flash_init load_helper boot Step 1 Initialize the flash file system: switch: flash_init Catalyst 2360 Switch Software Configuration Guide 28-4 OL-19808-01...
Page 449 The secret password can be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, and allows spaces but ignores leading spaces. Return to privileged EXEC mode: Step 12 Switch (config)# exit Switch# Catalyst 2360 Switch Software Configuration Guide 28-5 OL-19808-01...
Page 450: Procedure With Password Recovery Disabled
Would you like to reset the system back to the default configuration (y/n)? Y Load any helper files: Step 2 Switch: load_helper Display the contents of flash memory: Step 3 switch: dir usbflash0: Catalyst 2360 Switch Software Configuration Guide 28-6 OL-19808-01...
Page 451 VLAN ID of the shutdown interface. With the switch in interface configuration mode, enter the no shutdown command. Step 10 You must now reconfigure the switch. If the system administrator has the backup switch and VLAN configuration files available, you should use those. Catalyst 2360 Switch Software Configuration Guide 28-7 OL-19808-01...
Page 452: Recovering From A Command Switch Failure
Enter configuration commands, one per line. End with CNTL/Z. Remove the member switch from the cluster. Step 7 Switch(config)# no cluster commander-address Return to privileged EXEC mode. Step 8 Switch(config)# end Switch# Catalyst 2360 Switch Software Configuration Guide 28-8 OL-19808-01...
Page 453 Start your browser, and enter the IP address of the new command switch. Step 17 From the Cluster menu, select Add to Cluster to display a list of candidate switches to add to the cluster. Step 18 Catalyst 2360 Switch Software Configuration Guide 28-9 OL-19808-01...
Page 454: Replacing A Failed Command Switch With Another Switch
When prompted for the Telnet (virtual terminal) password, recall that it can be from 1 to 25 alphanumeric characters, is case sensitive, allows spaces, but ignores leading spaces. Step 8 When prompted for the enable secret and enable passwords, enter the passwords of the failed command switch again. Catalyst 2360 Switch Software Configuration Guide 28-10 OL-19808-01...
Page 455: Recovering From Lost Cluster Member Connectivity
A member switch (Catalyst 3750-E, Catalyst 3750, Catalyst 3560-E, Catalyst 3560, Catalyst 3550, • Catalyst 3500 XL, Catalyst 2970, Catalyst 2960, CGESM, Catalyst 2950, Catalyst 2360 , Catalyst 2900 XL, Catalyst 2820, and Catalyst 1900 switch) cannot connect to the command switch through a port that is defined as a network port.
Page 456: Sfp Module Security And Identification
If you are using a non-Cisco SFP module, remove the SFP module from the switch, and replace it with a Cisco module. After inserting a Cisco SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state.
Page 457: Using Ping
Switch# ping 172.20.52.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 172.20.52.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms Switch# Catalyst 2360 Switch Software Configuration Guide 28-13 OL-19808-01...
Page 458: Using Layer 2 Traceroute
Usage Guidelines These are the Layer 2 traceroute usage guidelines: Cisco Discovery Protocol (CDP) must be enabled on all the devices in the network. For Layer 2 • traceroute to function properly, do not disable CDP. For a list of switches that support Layer 2 traceroute, see the “Usage Guidelines”...
Page 459: Displaying The Physical Path
[detail] For more information, see the command reference for this release. Using IP Traceroute These sections contain this information: • Understanding IP Traceroute, page 28-16 • Executing IP Traceroute, page 28-16 Catalyst 2360 Switch Software Configuration Guide 28-15 OL-19808-01...
Page 460: Understanding Ip Traceroute
This example shows how to perform a traceroute to an IP host: Switch# traceroute ip 171.9.15.10 Type escape sequence to abort. Tracing the route to 171.69.115.10 1 172.2.52.1 0 msec 0 msec 4 msec Catalyst 2360 Switch Software Configuration Guide 28-16 OL-19808-01...
Page 461: Using Debug Commands
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Page 462: Enabling Debugging On A Specific Feature
Ethernet management port. Possible destinations include the console, virtual terminals, internal buffer, and UNIX hosts running a syslog server. The syslog format is compatible with 4.3 Berkeley Standard Distribution (BSD) UNIX and its derivatives. Catalyst 2360 Switch Software Configuration Guide 28-18 OL-19808-01...
Page 463: Using The Show Platform Forward Command
Packet 1 Lookup Key-Used Index-Hit A-Data Port Vlan SrcMac DstMac Dscpv Gi0/1 0005 0001.0001.0001 0002.0002.0002 ------------------------------------------ Packet 2 Lookup Key-Used Index-Hit A-Data Port Vlan SrcMac DstMac Dscpv Gi0/2 0005 0001.0001.0001 0002.0002.0002 ------------------------------------------ Catalyst 2360 Switch Software Configuration Guide 28-19 OL-19808-01...
Page 464 16.1.10.5 Global Port Number:24, Asic Number:5 Src Real Vlan Id:5, Mapped Vlan Id:5 Ingress: Lookup Key-Used Index-Hit A-Data L3Local 00_00000000_00000000-90_00001400_10010A05 010F0 01880290 L3Scndr 12_10010A05_0A010505-00_40000014_000A0000 01D28 30090001_00000000 Lookup Used:Secondary Station Descriptor:F0070007, DestIndex:F007, RewriteIndex:0007 Catalyst 2360 Switch Software Configuration Guide 28-20 OL-19808-01...
Page 465: Using The Crashinfo Files
• Basic crashinfo Files The information in the basic file includes the Cisco IOS image name and version that failed, a list of the processor registers, and a trace. You can provide this information to the Cisco technical support representative by using the show tech-support privileged EXEC command.
Page 466: Using On-Board Failure Logging
You should manually set the system clock or configure it by using Network Time Protocol (NTP). When the switch is running, you can retrieve the OBFL data by using the show logging onboard privileged EXEC commands. If the switch fails, contact your Cisco technical support representative to find out how to retrieve the data.
Page 467: Configuring Obfl
Display the system voltages of a standalone switch or the specified stack [switch-number]] voltage members. For more command options for the show logging onboard command and for examples of OBFL data, see the command reference for this release. Catalyst 2360 Switch Software Configuration Guide 28-23 OL-19808-01...
Page 468 Chapter 28 Troubleshooting Using On-Board Failure Logging Catalyst 2360 Switch Software Configuration Guide 28-24 OL-19808-01...
Page 469: Chapter 29 Configuring Online Diagnostics
C H A P T E R Configuring Online Diagnostics This chapter describes how to configure the online diagnostics on the Catalyst 2360 switch. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release.
Page 470: Configuring Online Diagnostics
This example shows how to schedule diagnostic testing for a specific day and time on the switch: Switch(config)# diagnostic schedule test TestPortAsicCam on december 3 2006 22:25 For more examples, see the “Examples” section of the diagnostic schedule command in the command reference for this release. Catalyst 2360 Switch Software Configuration Guide 29-2 OL-19808-01...
Page 471: Configuring Health-Monitoring Diagnostics
• diagnostic content command output. all—All of the diagnostic tests. • The range for the failure threshold count is 0 to 99. Catalyst 2360 Switch Software Configuration Guide 29-3 OL-19808-01...
Page 472 | test-id-range | all} failure count count global configuration command. This example shows how to configure a health-monitoring test: Switch(config)# diagnostic monitor threshold switch 3 test 1 failure count 50 Switch(config)# diagnostic monitor interval switch 3 test TestPortAsicRingLoopback Catalyst 2360 Switch Software Configuration Guide 29-4 OL-19808-01...
Page 473: Running Online Diagnostic Tests
This example shows how to start a diagnostic test by using the test name: Switch# diagnostic start switch 2 test TestInlinePwrCtlr This example shows how to start all of the basic diagnostic tests: Switch# diagnostic start switch 1 test all Catalyst 2360 Switch Software Configuration Guide 29-5 OL-19808-01...
Page 474: Displaying Online Diagnostic Tests And Test Results
Display the POST results. (The output is the same as the show post command output.) For examples of the show diagnostic command output, see the “Examples” section of the show diagnostic command in the command reference for this release. Catalyst 2360 Switch Software Configuration Guide 29-6 OL-19808-01...
Page 475: Supported Mibs
CISCO-CDP-MIB • CISCO-CLUSTER-MIB • CISCO-CONFIG-COPY-MIB • • CISCO-CONFIG-MAN-MIB • CISCO-ENTITY-FRU-CONTROL-MIB • CISCO-ENVMON-MIB CISCO-ERR-DISABLE-MIB • CISCO-FLASH-MIB (Flash memory on all switches is modeled as removable flash memory.) • CISCO-FTP-CLIENT-MIB • CISCO-IGMP-FILTER-MIB • CISCO-IMAGE-MIB • CISCO IP-STAT-MIB • CISCO-LAG-MIB • CISCO-MAC-NOTIFICATION-MIB •...
Page 476 IF-MIB (In and out counters for VLANs are not supported.) • • IF-MIB • INET-ADDRESS-MIB • OLD-CISCO-CHASSIS-MIB OLD-CISCO-FLASH-MIB • OLD-CISCO-INTERFACES-MIB • OLD-CISCO-IP-MIB • OLD-CISCO-SYS-MIB • OLD-CISCO-TCP-MIB • OLD-CISCO-TS-MIB • RFC1213-MIB • RMON-MIB • RMON2-MIB • SNMP-FRAMEWORK-MIB • • SNMP-MPD-MIB • SNMP-NOTIFICATION-MIB Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 477: Using Ftp To Access The Mib Files
• TCP-MIB • UDP-MIB • You can access other information about MIBs and Cisco products on the Cisco web site: Note http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Using FTP to Access the MIB Files You can get each MIB file by using this procedure: Make sure that your FTP client is in passive mode.
Page 478 Using FTP to Access the MIB Files F i n a l R e v i e w — C i s c o C o n f i d e n t i a l Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 479: Working With The Flash File System
Working with the Cisco IOS File System, Configuration Files, and Software Images This appendix describes how to manipulate the Catalyst 2360 switch flash file system, how to copy configuration files, and how to archive (upload and download) software images to the switch.
Page 480: Displaying Available File Systems
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying Available File Systems To display the available file systems on your switch, use the show file systems privileged EXEC command as shown in this example.
Page 481: Setting The Default File System
Display a list of open file descriptors. File descriptors are the internal representations of open files. You can use this command to see if another user has a file open. To display information about the driver text object in the CISCO-MEMORY-POOL-MIB, use the show memory privileged EXEC command:...
Page 482: Changing Directories And Displaying The Working Directory
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Changing Directories and Displaying the Working Directory Beginning in privileged EXEC mode, follow these steps to change directories and to display the working directory.
Page 483: Copying Files
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Copying Files To copy a file from a source to a destination, use the copy source-url destination-url privileged EXEC command. For the source and destination URLs, you can use running-config and startup-config keyword shortcuts.
Page 484: Creating, Displaying, And Extracting Files
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Creating, Displaying, and Extracting Files You can create a file and write files into it, list the files in a file, and extract the files from a file as described in the next sections.
Page 485 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Command Purpose Step 3 archive /xtract source-url Extract a file into a directory on the flash file system. flash:/file-url [dir/file...] For source-url, specify the source URL alias for the local file system.
Page 486: Working With Configuration Files
This section describes how to create, load, and maintain configuration files. Configuration files contain commands entered to customize the function of the Cisco IOS software. A way to create a basic configuration file is to use the setup program or to enter the setup privileged EXEC command.
Page 487: Guidelines For Creating And Using Configuration Files
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Guidelines for Creating and Using Configuration Files Creating configuration files can aid in your switch configuration. Configuration files can contain some or all of the commands needed to configure one or more switches. For example, you might want to download the same configuration file to several switches that have the same hardware configuration.
Page 488: Creating A Configuration File By Using A Text Editor
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Creating a Configuration File By Using a Text Editor When creating a configuration file, you must list commands logically so that the system can respond appropriately.
Page 489 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files • Ensure that the configuration file to be downloaded is in the correct directory on the TFTP server (usually /tftpboot on a UNIX workstation).
Page 490: Copying Configuration Files By Using Ftp
The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: The username specified in the copy command if a username is specified.
Page 491: Preparing To Download Or Upload A Configuration File By Using Ftp
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files These sections contain this configuration information: Preparing to Download or Upload a Configuration File By Using FTP, page B-13 • Downloading a Configuration File By Using FTP, page B-13 •...
Page 492 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Command Purpose Step 6 Return to privileged EXEC mode. Step 7 copy Using FTP, copy the configuration file from a network ftp:[[[//[username[:password]@]location]/directory]...
Page 493: Copying Configuration Files By Using Rcp
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Command Purpose Step 3 configure terminal Enter global configuration mode. This step is required only if you override the default remote username or password (see Steps 4, 5, and 6).
Page 494: Preparing To Download Or Upload A Configuration File By Using Rcp
The RCP requires a client to send a remote username with each RCP request to a server. When you copy a configuration file from the switch to a server, the Cisco IOS software sends the first valid username in this list: •...
Page 495 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Downloading a Configuration File By Using RCP Beginning in privileged EXEC mode, follow these steps to download a configuration file by using RCP:...
Page 496 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Uploading a Configuration File By Using RCP Beginning in privileged EXEC mode, follow these steps to upload a configuration file by using RCP:...
Page 497: Clearing Configuration Information
Replacing and Rolling Back Configurations The configuration replacement and rollback feature replaces the running configuration with any saved Cisco IOS configuration file. You can use the rollback function to roll back to a previous configuration. These sections contain this information: Understanding Configuration Replacement and Rollback, page B-19 •...
Page 498 EXEC command displays information for all the configuration files saved in the configuration archive. The Cisco IOS configuration archive, in which the configuration files are stored and available for use with the configure replace command, is in any of these file systems: FTP, HTTP, RCP, TFTP.
Page 499: Configuring The Configuration Archive
• replacement configuration file for the running configuration. The replacement file must be a complete configuration generated by a Cisco IOS device (for example, a configuration generated by the copy running-config destination-url command). If you generate the replacement configuration file externally, it must comply with the format of files Note generated by Cisco IOS devices.
Page 500: Performing A Configuration Replacement Or Rollback Operation
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Command Purpose Step 5 time-period minutes (Optional) Set the time increment for automatically saving an archive file of the running configuration in the configuration archive.
Page 501: Working With Software Images
If you do not have access to a TFTP server, you can download a software image file directly to your PC or workstation by using a web browser (HTTP) and then by using the device manager or Cisco Network Assistant to upgrade your switch. For information about upgrading your switch by using a TFTP server or a web browser (HTTP), see the release notes.
Page 502: Image Location On The Switch
Image Location on the Switch The Cisco IOS image is stored as a .bin file in a directory that shows the version number. A subdirectory contains the files needed for web management. The image is stored on the system board flash memory (flash:).
Page 503: Copying Image Files By Using Tftp
Field Description total_image_file_size Specifies the size of all the images (the Cisco IOS image and the web management files) in the file, which is an approximate measure of the flash memory needed. image_feature Describes the core functionality of the image...
Page 504: Downloading An Image File By Using Tftp
Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images • Ensure that the switch has a route to the TFTP server. The switch and the TFTP server must be in the same subnetwork if you do not have a router to route traffic between subnets. Check connectivity to the TFTP server by using the ping command.
Page 505 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 3 archive download-sw (Optional) Download the image files from the TFTP server to the /allow-feature-upgrade [/directory] switch, and overwrite the current image.
Page 506: Uploading An Image File By Using Tftp
The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the file format.
Page 507: Copying Image Files By Using Ftp
The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy an image file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: The username specified in the archive download-sw or archive upload-sw privileged EXEC •...
Page 508 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images If the server has a directory structure, the image file is written to or copied from the directory associated with the username on the server. For example, if the image file resides in the home directory of a user on the server, specify that user's name as the remote username.
Page 509 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 7 archive download-sw /allow-feature-upgrade (Optional) Download the image files from the FTP server to [/directory] /overwrite /reload the switch, and overwrite the current image.
Page 510 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images If the flash device has sufficient space to hold two images and you want to overwrite one of these images Note with the same version, you must specify the /overwrite option.
Page 511: Copying Image Files By Using Rcp
The archive upload-sw command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the file format.
Page 512 RCP requires a client to send a remote username on each RCP request to a server. When you copy an image from the switch to a server by using RCP, the Cisco IOS software sends the first valid username in this list: The username specified in the archive download-sw or archive upload-sw privileged EXEC •...
Page 513 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images If the switch IP address translates to Switch1.company.com, the .rhosts file for User0 on the RCP server should contain this line: Switch1.company.com Switch1 For more information, see the documentation for your RCP server.
Page 514 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 6 archive download-sw /allow-feature-upgrade Download the images file from the RCP server to the switch [/directory] /overwrite /reload and overwrite the current image.
Page 515 Chapter B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images The download algorithm verifies that the image is appropriate for the switch model and that enough DRAM is present, or it aborts the process and reports an error. If you specify the /overwrite option, the download algorithm removes the existing image on the flash device whether or not it is the same as the new one, downloads the new image, and then reloads the software.
Page 516 The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the file format.
Page 517: Appendix
[access-list-number | name] [dynamic-name] [source] [destination] [timeout minutes] clear access-template [access-list-number | name] [dynamic-name] [source] [destination]. show access-lists rate-limit [destination] show accounting show ip accounting [checkpoint] [output-packets | access violations] show ip cache [prefix-mask] [type number] Catalyst 2360 Switch Software Configuration Guide OL-19808-01...
Page 518: Unsupported Global Configuration Commands
Appendix C Unsupported Commands in Cisco IOS Release 12.2(53)EY Archive Commands Unsupported Global Configuration Commands access-list rate-limit acl-index {precedence | mask prec-mask} access-list dynamic extended Unsupported Route-Map Configuration Commands match ip address prefix-list prefix-list-name [prefix-list-name...] Archive Commands Unsupported Privileged EXEC Commands...
Page 519: Boot Loader Commands
Appendix C Unsupported Commands in Cisco IOS Release 12.2(53)EY Boot Loader Commands Boot Loader Commands Unsupported Global Configuration Commands boot buffersize boot enable-break Unsupported User EXEC Commands verify Cluster Commands Unsupported Global Configuration Commands cluster standby-group Embedded Event Manager Commands...
Page 520: Fallback Bridging
Appendix C Unsupported Commands in Cisco IOS Release 12.2(53)EY Fallback Bridging Fallback Bridging Unsupported Global Configuration Commands fallback profile IGMP Snooping Commands Unsupported Global Configuration Commands ip igmp snooping tcn Inline Power Commands Unsupported User EXEC Commands show controllers power inline...
Page 521: Unsupported Bgp Router Configuration Commands
Appendix C Unsupported Commands in Cisco IOS Release 12.2(53)EY Interface Commands ip verify ip unnumbered type number All ip security commands transmit-interface type number Unsupported BGP Router Configuration Commands address-family vpnv4 default-information originate neighbor advertise-map neighbor allowas-in neighbor default-originate neighbor description...
Page 522: Mac Address Commands
Appendix C Unsupported Commands in Cisco IOS Release 12.2(53)EY MAC Address Commands MAC Address Commands Unsupported User EXEC Commands show mac access-group Unsupported Privileged EXEC Commands show mac-address-table show mac-address-table address show mac-address-table aging-time show mac-address-table count show mac-address-table dynamic...
Page 523: Miscellaneous Commands
Appendix C Unsupported Commands in Cisco IOS Release 12.2(53)EY Miscellaneous Commands Miscellaneous Commands Unsupported User EXEC Commands verify Unsupported Privileged EXEC Commands file verify auto show cable-diagnostics prbs test cable-diagnostics prbs Unsupported Global Configuration Commands errdisable recovery cause unicast flood...
Page 524: Port Security Commands
Appendix C Unsupported Commands in Cisco IOS Release 12.2(53)EY Port Security Commands Port Security Commands Unsupported Privileged EXEC Commands clear port-security debug port-security show platform port-security show port-security Power Supply Commands Unsupported User EXEC Commands power supply QoS Commands Unsupported Global Configuration Command...
Page 525: Radius Commands
Appendix C Unsupported Commands in Cisco IOS Release 12.2(53)EY RADIUS Commands RADIUS Commands Unsupported Global Configuration Commands aaa accounting dot1x aaa nas port extended aaa authentication feature default enable aaa authentication feature default line radius-server attribute nas-port radius-server configure radius-server extended-portnames...
Page 526: Vlan Commands
Appendix C Unsupported Commands in Cisco IOS Release 12.2(53)EY VLAN Commands VLAN Commands Unsupported User EXEC Commands show running-config vlan show vlan ifindex Unsupported Privileged EXEC Command show vlan access-map vlan database Unsupported Global Configuration Command vlan internal allocation policy {ascending | descending}...
Page 527 24-1 24-10 ACLs unsupported features ACEs 24-1 IPv4 24-3 applying address aliasing 15-2 time ranges to addresses 24-10 to an interface displaying the MAC address table 24-13 5-22 comments in dynamic 24-12 Catalyst 2360 Switch Software Configuration Guide IN-1 OL-19808-01...
Page 528 8-20 alarms, RMON 21-3 described 8-20 allowed-VLAN list autonegotiation 9-18 duplex mode defined interface configuration guidelines 1-3, 5-22 8-17 table mismatches 28-11 address resolution autosensing, port speed 5-22 managing autostate exclude 5-22 Catalyst 2360 Switch Software Configuration Guide IN-2 OL-19808-01...
Page 529 17-3 BPDU monitoring 17-5 error-disabled state 13-2 overview 17-1 filtering 13-3 support for RSTP format 12-12 transmission timer and holdtime, setting 17-2 BPDU filtering updates 17-2 described 13-3 CGMP disabling 13-12 Catalyst 2360 Switch Software Configuration Guide IN-3 OL-19808-01...
Page 530 4-11 command switch no and default forms of commands configuration conflicts 28-11 client mode, VTP 10-3 Catalyst 2360 Switch Software Configuration Guide IN-4 OL-19808-01...
Page 531 8-25 preparing B-10, B-13, B-16 crashinfo file 28-21 reasons for cross-stack EtherChannel using FTP B-13 configuring using RCP B-17 on Layer 2 interfaces 26-11 using TFTP B-11 described 26-3 Catalyst 2360 Switch Software Configuration Guide IN-5 OL-19808-01...
Page 532 14-3 server 14-3 optional spanning-tree configuration 13-9 DHCP-based autoconfiguration password and privilege level client request message exchange RADIUS 7-19 configuring RMON 21-3 client side RSPAN 20-6 SNMP 23-7 relay device SPAN 20-6 Catalyst 2360 Switch Software Configuration Guide IN-6 OL-19808-01...
Page 533 9-15 and DHCP-based autoconfiguration Dynamic Host Configuration Protocol default configuration 5-14 See DHCP-based autoconfiguration displaying the configuration 5-15 Dynamic Trunking Protocol in IPv6 27-3 See DTP overview 5-13 setting up 5-14 Catalyst 2360 Switch Software Configuration Guide IN-7 OL-19808-01...
Page 534 8-14 hot-standby ports 26-15 unsupported features 8-15 interaction with other features 26-7 Ethernet VLANs modes 26-7 adding port priority 26-16 defaults and ranges system priority 26-16 modifying load balancing 26-8, 26-13 27-3 Catalyst 2360 Switch Software Configuration Guide IN-8 OL-19808-01...
Page 535 B-29 crashinfo, description 28-21 uploading B-32 deleting displaying the contents of extended crashinfo description 28-21 location 28-22 get-bulk-request operation 23-3 get-next-request operation 23-3, 23-5 creating get-request operation 23-3, 23-5 Catalyst 2360 Switch Software Configuration Guide IN-9 OL-19808-01...
Page 536 15-3 leave processing, enabling 15-10, 16-9 ICMP leaving multicast group 15-5 IPv6 27-3 queries 15-4 time-exceeded messages 28-16 report suppression traceroute and 28-16 described 15-6 unreachable messages 24-13 disabling 15-15, 16-11 Catalyst 2360 Switch Software Configuration Guide IN-10 OL-19808-01...
Page 537 VLAN configuration Internet Protocol version 6 15-7 IGMP throttling See IPv6 configuring Intrusion Detection System 15-20 default configuration 15-17 See IDS appliances described inventory management TLV 15-17 18-6 displaying action IP ACLs 15-21 Catalyst 2360 Switch Software Configuration Guide IN-11 OL-19808-01...
Page 538 IPv6 addresses to 27-6 autoconfiguration 27-4 LEDs, switch default configuration 27-5 See hardware installation guide default router preference (DRP) 27-3 line configuration mode defined 27-1 Link Aggregation Control Protocol forwarding 27-6 Catalyst 2360 Switch Software Configuration Guide IN-12 OL-19808-01...
Page 539 RADIUS 7-22 management options with TACACS+ 7-13 login banners 5-15 clustering log messages overview See system message logging management VLAN loop guard considerations in switch clusters Catalyst 2360 Switch Software Configuration Guide IN-13 OL-19808-01...
Page 540 12-4 interfaces 8-24 default configuration 12-14 IPv6 27-8 default optional feature configuration 13-9 multicast router interfaces 15-16, 16-12 displaying status 12-26 network traffic for analysis with probe 20-2 enabling the mode 12-16 Catalyst 2360 Switch Software Configuration Guide IN-14 OL-19808-01...
Page 541 17-1 optional features supported RMON 21-1 overview 12-2 SNMP 23-1 Port Fast network policy TLV 18-6 described 13-2 Network Time Protocol enabling 13-10 See NTP preventing root switch selection 13-8 no commands Catalyst 2360 Switch Software Configuration Guide IN-15 OL-19808-01...
Page 542 QoS See OBFL hierarchical on SVIs online diagnostics configuration guidelines 25-4 described 29-1 nonhierarchical on physical ports overview configuration guidelines 29-1 25-4 running tests Port Aggregation Protocol 29-5 Catalyst 2360 Switch Software Configuration Guide IN-16 OL-19808-01...
Page 543 25-5 in VTP domain 10-14 quality of service on a port 9-20 See QoS enabling queries, IGMP 15-4 in VTP domain 10-14 query solicitation, IGMP 15-12 on a port 9-19 examples 10-5 Catalyst 2360 Switch Software Configuration Guide IN-17 OL-19808-01...
Page 544 IEEE 802.1Q trunking interoperability 11-10 passwords and privilege levels instances supported 11-9 RADIUS 7-17 Rapid Spanning Tree Protocol TACACS+ 7-10 See RSTP rcommand command 4-11 1112, IP multicast and IGMP 15-2 1157, SNMPv1 23-2 Catalyst 2360 Switch Software Configuration Guide IN-18 OL-19808-01...
Page 545 20-5 received traffic 20-3 and SSH 7-43 session limits 20-7 configuring 7-43 sessions defined 20-2 described source ports 20-3 Secure Copy Protocol transmitted traffic 20-3 secure HTTP client VLAN-based 20-4 configuring 7-42 Catalyst 2360 Switch Software Configuration Guide IN-19 OL-19808-01...
Page 546 8-21 23-3 shutdown command on interfaces status, displaying 8-26 23-17 Simple Network Management Protocol system contact and location 23-15 See SNMP trap manager, configuring 23-13 small-frame arrival rate, configuring traps 8-23 Catalyst 2360 Switch Software Configuration Guide IN-20 OL-19808-01...
Page 547 11-9 monitored ports 20-3 standby command switch monitoring ports 20-5 configuring overview defined received traffic 20-3 requirements session limits 20-7 See also cluster standby group and HSRP sessions standby group, cluster Catalyst 2360 Switch Software Configuration Guide IN-21 OL-19808-01...
Page 548 IEEE 802.1D and multicast addresses 13-3 11-8 disabling IEEE 802.1t and VLAN identifier 13-12 11-4 enabling 13-12 inferior BPDU 11-3 BPDU guard instances supported 11-9 described interface state, blocking to forwarding 13-2 13-2 Catalyst 2360 Switch Software Configuration Guide IN-22 OL-19808-01...
Page 549 11-3 See system message logging root switch system clock configuring 11-14 configuring effects of extended system ID 11-4, 11-14 daylight saving time 5-11 election 11-3 manually unexpected behavior 11-14 summer time 5-11 Catalyst 2360 Switch Software Configuration Guide IN-23 OL-19808-01...
Page 550 B-28 TACACS+ downloading B-26 accounting, defined 7-11 preparing the server B-25 authentication, defined 7-10 uploading B-28 authorization, defined 7-10 limiting access by servers 23-15 configuring Catalyst 2360 Switch Software Configuration Guide IN-24 OL-19808-01...
Page 551 Ethernet, detecting unidirectional links 19-1 transparent mode, VTP 10-3, 10-12 trap-door mechanism traps configuring managers 23-12 UDLD defined 23-3 configuration guidelines 19-4 enabling 23-12 default configuration 19-3 notification types 23-12 disabling Catalyst 2360 Switch Software Configuration Guide IN-25 OL-19808-01...
Page 552 UplinkFast VLAN configuration mode 2-2, 9-6 described 13-3 VLAN database disabling 13-13 and startup configuration file enabling 13-13 and VTP 10-1 support for VLAN configuration saved in uploading VLANs saved in Catalyst 2360 Switch Software Configuration Guide IN-26 OL-19808-01...
Page 553 10-8 number supported domains 10-2 parameters modes port membership modes client 10-3, 10-11 static-access ports 9-10 server 10-3, 10-9 STP and IEEE 802.1Q trunks 11-10 transitions 10-3 supported transparent 10-3, 10-12 Catalyst 2360 Switch Software Configuration Guide IN-27 OL-19808-01...
Page 554 10-9 statistics 10-16 support for Token Ring support 10-4 transparent mode, configuring 10-12 using 10-1 version, guidelines 10-8 Version 1 10-4 Version 2 configuration guidelines 10-8 disabling 10-13 enabling 10-13 overview 10-4 Catalyst 2360 Switch Software Configuration Guide IN-28 OL-19808-01...

Cisco Catalyst 2360 Software Configuration Manual

Table of Contents

CHAPTER 1 Overview 1-1

CHAPTER 2 Using the Command-Line Interface

CHAPTER 3 Assigning the Switch IP Address and Default Gateway

Chapter 4 Clustering Switches

CHAPTER 5 Administering the Switch

Default Ntp Configuration

Building the Address Table

Chapter 6 Using the SDM Default Template

CHAPTER 7 Configuring Switch-Based Authentication

CHAPTER 8 Configuring Interface Characteristics

Configuring Ethernet Interfaces

Chapter 9 Configuring Vlans

Table of Contents

Default Layer 2 Ethernet Interface VLAN Configuration

Chapter 10 Configuring VTP

Configuring Vtp

CHAPTER 11 Configuring STP

Chapter 12 Configuring MSTP

Quick Links

Chapters

Related Manuals for Cisco Catalyst 2360

Summary of Contents for Cisco Catalyst 2360