Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7811380=
Text Part Number: 78-11380-05
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS M ANUAL ARE SUBJECT TO CHA NGE WITHOUT NO TICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSI BILITY FOR THEIR APPLICA TION OF ANY PRODUCT S.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORT H IN THE INFORMATION PACKET T HAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THE SE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAI M ALL WARRANTIE S, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NO NINFRINGEM ENT OR ARISING FROM A COURS E OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING ,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE S.
CCIP, the Cisco Arrow logo, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, Internet Quotient, iQ
Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks
of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are
service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS,
the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel,
EtherSwitch, Fast Step, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX,
Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other
countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0206R)
Management Interf ace Options1-6
Advantage s of Us in g CMS and Cluster ing Switches1-6
Network Configuration Examples1-7
Design Concepts for Using the Switch1-7
Small to Medium-Sized Network Configuration1-10
Collapsed Backbone and Switch Cluster Configuration1-12
Large Campus Configuration1-13
Multidwelling Network Using Catalyst 2950 Switches1-14
Long-Distance, High-Bandwidth Transport Configuration1-16
IOS Command Modes2-1
Getting Help2-3
Abbreviating Commands2-3
Using no and default Forms of Commands2-4
Understanding CLI Messages2-4
Using Command History2-5
Changing the Command Hi story Buffer Size2-5
Recalling Commands2-5
Disabling the Command History Feature2-6
Using Editing Features2-6
Enabling and Disa bling Editing Features2-6
Editing Commands through Keystrokes2-7
Editing Command Lines that Wrap2-8
Searching and Filtering Output of show and more Commands2-9
Accessing the CLI2-9
Accessing the CLI from a Browser2-10
CHAPTER
3Getting Started with CMS3-1
Features3-2
Front Panel View3-4
Cluster Tree3-5
Front-Panel Ima ges3-5
Redundant Power System LED3-6
Port Modes and LEDs3-7
VLAN Membership Modes3-8
Topology View3-9
Topology Icons3-11
Device and Link Labe ls3-12
Colors in the Topol ogy View3-12
Topology Display Options3-13
Menus and Toolbar3-14
Error Checkin g3-30
Saving Your Configuration3-30
Restoring Your Configuration3-31
CMS Preferences3-31
Using Different Versions of CMS3-31
Where to Go Next3-32
4Assigning the Switch IP Address and Default Gateway4-1
Understanding the Boot Process4-1
Assigning Switch Information4-2
Default Switch Information4-3
Understanding DHCP-Based Autoconfiguration4-3
DHCP Client Request Process4-4
Configuring the DHCP Server4-5
Configuring the TFTP Server4-5
Configuring the DNS4-6
Configuring the Relay Device4-6
Obtaining Configuration Files4-7
Example Con fi guration4-8
Understanding IE2100 Series Configuration Registrar Software5-1
CNS Configuration Service5-2
CNS Event Service5-3
NameSpace M a pper5-3
What You Should Know About ConfigID, DeviceID, and Host Name5-3
ConfigID5-3
DeviceID5-4
Host Name and DeviceID5-4
Using Host Name, DeviceID, and ConfigID5-4
Understanding CNS Embedded Agents5-5
Initial Configuration5-5
Incremental (P ar tial) Configurat ion5-6
Synchronized Configuration5-6
Configuring CNS Embe dded Agents5-6
Enabling Automate d CNS Configuration5-6
Enabling the CNS Event Agent5-8
Enabling the CNS Configuration Agent5-9
Enabling an Initial Configuration5-9
Enabling a Partial Configuration5-12
CHAPTER
vi
Displaying CNS Configuration5-12
6Clustering Switches6-1
Understanding Switch Clusters6-2
Command Switch Characteristics6-3
Standby Command Switch Characteristics6-3
Candidate Switch and Member Switch Characteristics6-4
Planning a Switch Cluster6-5
Automatic Discovery of Cluster Candidates and Members6-5
Discovery th ro ug h CD P H op s6-6
Discovery through Non-CDP-Capable and Noncluster-Capable Devices6-8
Discovery through the Same Management VLAN6-9
Discovery through Di fferent Management VLANs6-10
Discovery of Newly Installed Switches6-11
Virtual IP Addres s es6-14
Other Considerations for Cluster Standby Groups6-14
Automatic Recovery of Cluster Configuration6-16
IP Addresses6-16
Host Names6-17
Passwords6-17
SNMP Community Strings6-17
TACACS+ and RADIUS6-18
Access Modes in CMS6-18
Management VLAN6-19
LRE Profiles 6-19
Availability of Switch-Specific Features in Switch Clusters6-20
Creating a Switch Cluster6-20
Enabling a Command Switch6-20
Adding Member Switches6-21
Creating a Cluster Standby Group6-23
Verifying a Switch Cl uster6-25
Contents
CHAPTER
Using the CLI to Manage Switch Clusters6-26
Catalyst1900 and Catalyst2820 CLI Considerations6-26
Using SNMP to Manage Sw itch Clusters6-27
7Administering the Switch7-1
Preventing Unauthorized Access to Your Switch7-1
Protecting Access to Privileged EXEC Commands7-2
Default Password and Privilege Level Configuration7-2
Setting or Changing a Static Enable Password7-3
Protecting Enable and Enable Secret Passwords with Encryption7-4
Setting a Telnet Password for a Terminal Line7-5
Configuring User name and Password Pairs7-6
Configuring Multiple Privilege Lev e ls7-7
Default RADIUS Configu ration7-19
Identifying the RADIUS Server Host 7-19
Configuring RADI US Login Authentication7-22
Defining AAA Server Groups7-24
Configuring RADIUS Authorization for User Privileged Access and Network Services7-26
Starting RADIUS Accounting7-27
Configuring Set tings for All RADIUS Servers7-28
Configuring the Switch to Use Vendor-Specific RADIUS Attributes7-28
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication7-29
Displaying the RADIUS Configuration7-30
Configuring the Switch for Local Authenticat ion and Authorization7-31
Managing the System Time and Date7-32
Understanding the System Clock 7-32
Understanding Network Time Protocol7-32
Configuring NTP7-34
Default NTP Config uration7-35
Configuring NTP Authentication7-35
Configuring NTP Associations7-36
Configuring NTP Broadcast Service7-37
Configuring NTP Ac cess Restrictions7-38
Configuring the Source IP Address for NTP Packets7-40
Displaying the NTP C onfiguration7-41
Configuring Ti me and Date Manually7-41
Setting the System Clock7-42
Displaying the Time and Date Configuration7-42
Configuring the Time Zone 7-43
Configuring Summer Time (Daylight Saving Time)7-44
Default System Name and Prompt Configuration7-46
Configuring a System Name7-46
Configuring a System Prompt7-47
Understanding DNS7-47
Default DNS Configuration7-48
Setting Up DNS7-48
Displaying the DNS Configuration7-49
Creating a Banner7-49
Default Banner Con figuration7-49
Configuring a Message-of-the-Day Login Banner7-50
Configuring a Login Banner7-51
Managing the MAC Address Table7-52
Building the Address Table7-52
MAC Addresses and VLANs7-53
Default MAC Address Tab le Configuration7-53
Changing the Addres s Aging Time7-53
Removing Dynamic Address Entries7-54
Configuring MAC Address Notification Traps7-54
Adding and Removing Static Address Entries7-56
Adding and Removing Secure Addresses7-57
Displaying Addre ss Table Entries7-58
Setting the Interface Speed and Duplex Parameters9-11
Configuring IEEE 802.3X Flow Control on Gigabit Ethernet Ports9-12
Adding a Descripti on for an Interface9-13
CHAPTER
x
Monitoring and Maintaining the Interfaces9-14
Monitoring Interface and Controller Status9-14
Clearing and Reset ting Interfaces and Counte rs9-16
Shutting Down and Restarting the Interface9-17
10Configuring STP10-1
Understanding Spanning-Tree Features10-1
STP Overview10-2
Supported Spanning-Tree Instances10-2
Bridge Protocol Data Units10-2
Election of the Root Switch10-3
Bridge ID, Switch Priority, and Extended System ID10-4
Spanning-Tree Timers10-4
Creating the Spanning-Tree Topology10-5
Disabled State10-8
Spanning-Tree Add ress Management10-8
STP and IEEE 802.1Q Tr unks10-8
Spanning Tree and Redundant Connectivity10-8
Accelerated Aging to Retain Connectivity10-9
Configuring Spanning-Tree Features10-9
Default STP Confi guration10-10
STP Configuration Guidelines10-10
Disabling STP10-12
Configuring the Root Switch10-12
Configuring a Secondary Root Switch10-14
Configuring the Port Priority10-15
Configuring the Path Cost10-16
Configuring the Switch Priority of a VLAN10-18
Configuring the Hello Time10-19
Configuring the Forwarding-Delay Time for a VLAN10-19
Configuring th e Maximum-Aging Time for a VLAN10-20
Configuring STP for Use in a Cascaded Stack10-20
Contents
CHAPTER
78-11380-05
Displaying the Spanning-Tree Status10-21
11Configuring RSTP and MSTP11-1
Understanding RSTP11-2
Port Roles and the Active Topology11-2
Rapid Convergence11-3
Synchronization of Port Roles11-4
Bridge Protocol Data Unit Format and Processing11-5
Enabling Uplink Fast for Use with Redundant Links12-17
Enabling Cross-Stack UplinkFast12-18
Enabling BackboneFast12-19
Enabling Root Guard12-19
Enabling Loop Guard12-20
Displaying the Spanning-Tree Status12-21
Contents
CHAPTER
13Configuring VLANs13-1
Understanding VLANs13-1
Supported VLANs13-2
VLAN Port Membership Modes13-3
VLAN Configuration in VLAN Configuration Mode13-6
Saving VLAN Configuration13-7
Default Ethernet VLAN Configuration13-8
Creating or Modifying an Ethernet VLAN13-8
Deleting a VLAN13-10
Assigning Static-Access Ports to a VLAN13-11
802.1Q Configura tion Considerations13-16
Default Layer 2 Ethernet Inte rfa c e VL A N Co nf ig ur ation13-17
Configuring an Ethernet Interface as a Trunk Po rt13-17
Interaction with Other Features13-17
Configuring a Trunk Port13-18
Defining the Allo w e d V LA N s on a Tr un k13-19
Changing the Pruning-Eligible List13-20
Configuring the Native VLAN for Untagged Traffic13-20
Disabling VTP (VTP Transparent Mode)14-12
Enabling VTP Version 214-13
Enabling VTP Pruning14-14
Adding a VTP Client Switch to a VTP Domain14-15
Monitoring VTP14-16
Contents
CHAPTER
CHAPTER
15Configuring Voice VLAN15-1
Understanding Voice VLAN15-1
Configuring Voi ce VLAN15-2
Default Voice VLAN Configuration15-2
Voice VLAN Configuration Guidelines15-3
Configuring a Port to Connect to a Cisco7960 IP Phone15-3
Configuring Ports to Carry Voice Traffic in 802.1Q Frames15-4
Configuring Ports to Carry Voice Traffic in 802.1P Priority Tagged Frames15-4
Overriding the CoS Priority of Incoming Data Frames15-5
Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames15-6
Displaying Voic e VLAN15-6
16Configuring IGMP Snooping and MVR16-1
Understanding IGMP Snooping16-1
Joining a Multicast Group16-2
Leaving a Multicast Group16-4
Immediate-Leave Processing16-4
Configuring IGMP Snooping16-5
Default IGMP Snoo ping Configuration16-5
Enabling or Disabling IGMP Snooping16-5
Setting the Snoopi ng Method16-6
Configuring a Multicast Router Port16-7
Configuring a Host Statically to Join a Group16-8
Enabling IGMP Immedi ate-Leave Processing16-9
Configuring Protected Ports17-3
Configuring Port Security17-4
Understanding Po rt Security17-4
Secure MAC Addresses17-5
Security Viol at ions17-6
Default Port Security Configuration17-6
Port Security Configuration Guidelines17-7
Enabling and Configuring Port Security17-7
Enabling and Confi guring Port Security Aging17-10
Displaying Port -Based Traffic Control Settings17-12
18Configuring UDLD18-1
xvi
Understanding UDLD18-1
Configuring UDLD18-3
Default UDLD Configuration18-3
Enabling UDLD Globally18-4
Enabling UDLD on an Inter face18-4
Resetting an Interf ace Shut Down by UDLD18-5
SPAN Traffic20-5
SPAN and RSPAN Interaction with Other Features20-5
SPAN and RSPAN Session Limit s20-6
Default SPAN and RSPAN Configuration20-6
Configuring SPAN20-7
SPAN Configuration Guidelines20-7
Creating a SPAN Session and Specifying Ports to Monitor20-7
Removing Ports from a SPAN Se ss io n20-9
Configuring RSPAN20-10
RSPAN Configuration Guidelines20-10
Creating an RSPAN Session20-11
Creating an RSPAN Destination Session20-12
Removing Ports from an RSPAN Se s sion20-13
Default RMON Configuration21-3
Configuring RMON Alarms and Events21-3
Configuring RMON Col lection on an Interface21-5
Displaying RMON Status21-6
22Configuring System Message Logging22-1
Understanding System Message Logging22-1
Configuring System Message Logging22-2
System Log Message Format22-2
Default System Message Logging Configuration22-3
Disabling and Enabling Message Logging22-4
Setting the Message D isplay Destination Device22-4
Synchronizing Log Messages22-6
Enabling and Disabling Timestamps on Log Messages22-7
Enabling and Disabling Sequence Numbers in Log Messages22-8
Defining the Message Severity Level22-8
Limiting Syslog Messages Sent to the History Table and to SNMP22-10
Configuring UNIX Syslog Servers22-10
Logging Messages to a UNIX Syslog Daemon22-11
Configuring the UNIX System Logging Facility22-11
CHAPTER
xviii
Displaying the Lo gging Configuration22-12
23Configuring SNMP23-1
Understanding SNMP23-1
SNMP Versions23-2
SNMP Manager Functions23-3
SNMP Agent Fu nc ti on s23-3
SNMP Community Strings23-4
Using SNMP to Access MIB Variables 23-4
SNMP Notifications23-5
Configuring SNMP Groups and Users23-8
Configuring SNMP Notifications23-10
Setting the Agent Contact and Location Informat ion23-13
Limiting TFTP Servers Used Through SNMP23-13
SNMP Exampl es23-14
Displaying SNMP Status23-15
Contents
CHAPTER
24Configuring Network Security with ACLs24-1
Understanding ACLs24-2
Handling Fragmented and Unfragmented Traffic24-3
Understanding Access Control Parameters24-4
Guidelines for Applying ACLs to Physical Interfaces24-6
Configuring ACLs24-6
Unsupported Features24-7
Creating Standard and Extended IP ACLs24-7
ACL Numbers24-8
Creating a Numbered Standard ACL24-9
Creating a Numbered Extended ACL24-10
Creating Named Standard and Extended ACLs24-13
Applying Time Ranges to ACLs24-15
Including Comments About Entries in ACLs24-17
Creating Named MAC Extended ACLs24-18
Creating MAC Access Groups24-19
Applying ACLs to Ter m inal Lines or Physical Interfaces24-20
Applying AC Ls to a Te rm i nal Line24-20
Applying ACLs to a Physical Interface24-21
The Catalyst 2 950 Desktop Switch Software Configuration G uide i s for t he n etwor k mana ger
responsible for configuring the Catalyst 2950 switches, hereafter referred to as the switches. Before
using this guide, you should be familiar with the concepts and terminology of Ethernet and local area
networking.
Purpose
This guide provides inf orma tio n abo ut con figuring and trou bl eshoo ting a sw it ch o r switc h cluste rs. I t
includes descript ion s o f th e ma nage ment in terfa ce opt ions a nd th e fea ture s su ppo rte d by t he s wit ch
software. The switch is supported by either the standard software image (SI) or the enhanced software image
(EI). The EI provides a richer set of features, including access control lists (ACLs), enhanced quality of
service (QoS) features, extended-range VLANs, and Remote Switch Port Analy zer (RSPAN).
The EI supports these switches:
• Catalyst 2950C-24
• Catalyst 2950G-12-EI
• Catalyst 2950G-24-EI
• Catalyst 2950G-24-EI-DC
• Catalyst 2950G-48-EI
• Catalyst 2950T-24
The SI supports these switches:
• Catalyst 2950-12
• Catalyst 2950-24
• Catalyst 2950SX-24
Use this guide with other documents for information about these topics:
78-11380-05
• Requirements—This guide assumes that you have met the hardware and software requirements and
cluster compatibility requirements described in the release notes.
• Start-up information—This guide assumes that you have assigned switch IP info rmati on and
passwords by using the setup program descri bed in the rele ase notes .
• Cluster Management Sui te (CMS) i nformat ion—This guide provides an overview of the CMS
web-based, switch mana geme nt int erface. For inf orm ation a bout CMS r e quireme nts an d the
procedures for browser and plug-in configuration and accessing CMS, refer to the release notes. For
CMS field-level window descriptions and procedures, re fer to the CM S online hel p.
• Cluster configuration—This guide provides inform ation a bout planni ng for, creating, and
maintaining switch clusters. Because configuring switch clusters is most easily performed through
CMS, this guide does not provide the command-line interface (CLI) procedures. For the cluster
commands, refer to the comm and re ferenc e for th is releas e.
• CLI command information—This guide provides an overview for using the CLI. For complete
syntax and usage inform ation about the commands t hat have been specifically cr eate d or chang ed
for the switches, re fer to th e comm and ref erence for this re lease .
This guide does not descri be system message s you might enc ounter or how to install your switch. For
more inform ation, refer to the Catalyst 2950 Desktop Switch System Message Guide for this release and
to the Catalyst 2950 Desktop Sw itch Ha rdware Installation Guide .
NoteThis guide does not repe at the conc epts and CLI proce dures provided in the st andar d Cisco IOS
Release 12.1 docume ntation . For informa tion ab out the stan dard IO S Releas e 12.1 co mmands, re fer to
the IOS documen tation se t available fro m t he Ci sco.c om ho me p ag e at Service and Support > T echni cal Documents. On t he Cisco Produ ct Documentation hom e page, select Release 12.1 from the Ci sco
IOS Software drop-down list.
Organization
This guide is organized into these chapters:
Chapter 1, “Ove rv i ew,” lists the software features of this release and provides examples of how the
switch can be deployed in a network.
Chapter 2, “Using the Command-Line Interface,” describes how to access the command modes, use the
CLI, and describes CLI messa ges that you migh t receive. It also describes how to get help, abbr eviate
commands, use no and default forms of commands, use command history and editing features, and how
to search and filter the output of show and more commands.
Chapter 3, “Getting Started with CMS,” describes the CMS web-based , switch ma nagement interface.
For information about configuring your web browser and accessing CMS, refer to the release notes. For
field-level descriptions of all CMS wi ndows and pr oc edure s f or usi ng t h e CM S wi ndows, refer to the
online help.
Chapter 4, “Assigning the Switch IP Address and Default Gateway,” describes how to create the initial
switch configuration (for example, assign the switch IP address and default gateway information) by
using a variety of automatic and manua l metho ds.
Chapter 5, “Configuring IE2100 CNS Agents,” describes how to conf igure Cisco I ntelligence Engine 2 100
(IE2100) Series Cisco Networking Services (CNS) embedded agents on your switch. By using the
IE2100 Series Configuration Registrar network management application, you can automate initial
configurations and conf iguration upd ates by generatin g switch-specific con figuration changes, sending t hem
to the switch, executing the configuration change, and logging the results.
Chapter 6, “Clust ering Switches,” describes switch c luster s and the cons ider ation s for creat ing and
maintaining them. The online help provides the CMS procedures for configuring switch clusters.
Configuring switch cl usters is mo st e asily pe rfo rmed t hroug h C MS; th eref or e, CL I pr ocedu re s are not
provided. Cluster comman ds are de scribed in the Ca tal yst 295 0 De skto p S witch Comm an d Re ference.
Chapter 7, “Administering the Switch,” describes how to perform one-time operations to administer your
switch. It describes how to prevent unauthorized access to your switch th rough the use of pa sswords,
privilege levels, the Terminal Access Controller Access Control System Plus (TACACS+), and the
Remote Authenticati on Dial-In U ser Serv ice (RADIUS) . It als o describ es ho w to set the sy stem date and
time, set system name and pro mpt, crea te a login banne r, and how to manage the MAC address and
Address Resolution Protocol (ARP) tables.
Chapter 8, “Configuring 802.1X Port-Based Authentication,” d escri bes how to configu re 80 2.1X
port-based authenti ca tion to prevent unauthorized devices (clients) from gaining access to the network.
As LANs extend t o hote ls, air por ts , and c or por ate lob bi es , in sec ure environme nts cou l d b e cr ea te d.
Chapter 9, “Configuring Interface Characteristics,” defines the types of interfaces on the switch. It
describes the interface global configuration command and provides procedures for configuring physical
interfaces.
Chapter 10, “Configuring STP,” describes how to configure the Spanning Tree Protocol (STP) on your
switch.
Chapter 11, “Configuring RSTP and MSTP,” describes how to configure the Cisco implementation o f
the IEEE 802.1W Rapid STP (RSTP) and the IEEE 802.1S Multiple STP (MSTP) on your switch. RSTP
provides rapid convergence, and M STP en ab les VLA Ns t o be g rou pe d in to a sp an ning- tre e i nstan ce .
Chapter 12, “Configuring Optional Spanning-Tree Features,” describes how to configure optional
spanning-tree featur es that can be used when you r switc h is running the per-VLAN spann ing-tr ee
(PVST) or the MS TP.
Chapter 13, “Configuring VLANs,” describes how to create and maintain VLANs. It includes
information about t he V LAN data base , VLAN c onfiguration m ode s, ext ende d-r ange VLA Ns , V LAN
trunks, and the VLAN Membership Policy Server (VMPS).
Chapter 14, “Configuring VTP,” describes how to use the VLA N Trunking Pro toco l (VT P) VLA N
database for managin g V LANs. I t inc ludes V T P cha racteri stic s and c onfiguration .
Chapter 15, “Configuring Voice VLAN,” describes how to configure voice VLANs on the switch for a
connection to an IP phone.
Chapter 16, “Configuring IGMP Snooping and MV R,” describes how to configure Intern et Group
Management Protocol (IGMP) snooping. It also describes Multicast VLAN Registration (MVR), a local
IGMP snooping feature av ailable on the switch, and how to use IGMP fi ltering to control multicast group
membership.
Chapter 17, “Configuring Port-Based Traffic Control,” describes how to reduce traffic storms by setting
broadcast, multicast, and unicast storm-control threshold levels; how to protect ports from receiving
traffic from other ports on a switch; how to configure port security by using secure MAC addresses; and
how to set the aging time for all secure addresses.
Chapter 19, “Configuring CDP,” describes how to con figure C isco Di scovery Prot ocol (CD P) on you r
switch.
Chapter 20, “Configuring SPAN and RSPAN,” describes how to configure Switched Port Analyzer
(SPAN) and Remot e SPAN (RSPAN), which sel ect n e twork t r affic for analy si s by a ne twor k ana lyz er
such as a SwitchProbe device or other Remote Monitoring (RMON) probe.
Chapter 21, “Configuring RMON,” describes how to configure remote monitoring (RMON). The
RMON feature, which is used with the Simple Network Management Protocol (SNMP) agent in the
switch, means that you can monitor all the traffic flowing among switches on all connected LAN
segments.
Chapter 22, “Configuring System Message Logging,” describes how to configure syst em messa ge
logging. It describes the message format and how to change the message display destination device, limit
the type of message s sent , c onfigure t he U NIX ser ver sy slog daem on, and define t he U NIX syste m
logging facility and timestamp messages.
Chapter 23, “Configuring SNMP,” describes how to configure the Simp le Networ k Ma nage ment
Protocol (SNMP). It describes how to configure community strings, enable trap managers and traps, set
the agent contact and location information, and how to limit TFTP servers used through SNMP.
Chapter 24, “Configuring Network Security with ACLs,” describes how to configure network security
by using access control list s ( ACLs).
Chapter 25, “Configuring QoS,” describes how to configure quality of service (QoS) on your switch.
With this feature, you can provide pre ferent ial tre atmen t to certa in types t raffic.
Chapter 26, “Configur ing Ether Chann els,” describes how to bundle a set of individual ports into a single
logical link on the interfaces.
Chapter 27, “Troubleshooting,” describes how to identify and resolve software problems related to the
IOS software.
Appendix A, “Supported MIBs,” lists the supported MIBs for this release and how to use FTP to access
the MIB files.
Conventions
This guide uses these conventions to convey instructions and information:
Command descriptions use these conventions:
Interactive examples use these conventions:
Notes, cautions, and tips use these conventions and symbols:
NoteMeans reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
• Commands and keywords are in boldface text.
• Arguments for which you supply values are in italic.
You can order printed copies of documents with a D OC-xxxxxx= number from the Cisco.com sites and
from the telephone numbers listed in the “Obtaining Docu me nta tio n” se ction on p age x xvii.
• Release Notes for the Catalyst 2950 Switch (not orderable but is available on Cisco.com)
NoteSwitch requirements and procedures for initial configurations and software upgrades tend to change and
therefore appear only in the release note s . Before installing, configuring, or upgrading the switch, refer
to the release notes on Cisco.com for the latest information.
Related Publications
• Catalyst 2950 D esktop Sw itch Softw are Configuration Guide (ord er nu mbe r D OC -7811 380= )
• Catalyst 2950 D esktop Sw itch Comm and Refe rence (or der n um ber D OC -781 1381 =)
• Catalyst 2950 Desktop Switch System Message Guide (order num ber DOC-781 4233= )
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM
package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may
be more current than printed documentation. The CD-ROM package is available as a single unitor
through an annual subscription.
Ordering Documentation
You can order Cisco documen tation in th ese ways:
• Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from
the Networking Produ cts Market Pla ce:
http://www.cisco.com/cgi-bin/order/order_root.pl
• Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription
Store:
http://www.cisco.com/go/subscription
Preface
• Nonregistered Cisco.co m u ser s can o rd er docum en tati on th rou gh a l oc al ac count r epre sen tative by
calling Cisco Systems Corpo rate Headqu arter s (Califo rnia, U.S.A. ) at 408 526-7208 or, elsewhere
in North America, by calli ng 800 55 3-NE TS (6387).
Documentation Feedback
If you are reading Cisco product documentation on the World Wide W eb, you can send us your comments
by completing the online sur vey. When you display the docume nt listing for this pla tform, click Giv e Us
Your Feedback. After you display the survey, select the manual that you wish to comment on. Click
Submit to send your comments to the Cisc o document ation gro up.
You can e-mail your comm ents t o bug-doc@c isco.co m.
To submit you r co mme nts by ma il, u se th e r esponse ca rd behi nd the fro nt c over of your d oc um ent, o r
write to the following address:
Cisco Systems
Attn: Document Resour ce Connec tion
170 West Tasman Drive
San Jose, CA 95134- 988 3
We apprec iate yo ur comm en ts.
Obtaining Technical Assistanc e
xxviii
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can
obtain online documentation, troubleshooting tips, and sample configurations from online tools by using
the Cisco T ech nical Assistance Center (TA C) W eb Site. Cisco.com r egistered u sers hav e complete ac cess
to the technical support resources on the Cisco TAC Web Site.
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open
access to Cisco information,networking solutions, service s, pr ogram s, a nd resour ce s at any time , from
anywhere in the wor ld.
Cisco.com is a highly int egrated In ternet a pplicat ion and a powerful , easy- to-use t ool that provi des a
broad range of f eat ures an d s er vices to hel p you w it h th ese tasks:
• Streamline business processes and improve productivity
• Resolve technical issues with online support
• Download and te st so ft war e pa ck ag es
• Order Cisco learning m ateri als and me rcha ndise
• Register for online skill assessment, training, and certification programs
If you want to obtain customized information and service, you can self-register on Cisco.com. To access
Cisco.com, go to this URL:
http://www.cisco.com
Technical Assistance Center
The Cisco Technical Assistan ce Center ( TAC) is av ailab le to all c ustomers who need technica l assistan ce
with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC
Web S i te an d t h e C is co TAC Escalation Cen ter.
Cisco TAC inquiries are categorized accordi ng to the urgency of the issue :
• Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities,
product installation, or basi c product configuration.
• Priority level 3 (P3)—Your network performance is degraded. Ne twork functio nality i s noticeab ly
impaired, but most business operations continue.
• Priority level 2 (P2)—Your production network is severely degraded, affecting signi ficant aspect s
of business operations. No workar oun d is available.
• Priority leve l 1 (P1)—Your production network is down, and a critical impact to business operations
will occur if se rv ice is n ot r esto re d qui ck ly. No workaround i s available.
The Cisco TAC resource that you choose is ba sed on the prio rity of th e proble m and the co nditions of
service cont rac ts , w h en appl ic ab le .
Cisco TAC Website
You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time.
The site provides around-the-clock access to online tools, knowledge bases, and software. To access the
Cisco TAC Web Site, go to t his URL:
http://www.cisco.com/tac
78-11380-05
All customers, partners, and resellers who have a valid Cisco service contract have complete access to
the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a
Cisco.com login I D a nd passwor d. If yo u have a valid servi ce con tra ct but do no t have a login ID or
password, go to this URL to register:
If you are a Cisco.com registere d user, and you cannot resol ve your tech ni cal issues by using the Cisco
TAC Web Site, you can open a case onl ine by using the TAC Case Open too l at this URL :
http://www.cisco.com/tac/caseopen
If you have Internet access, we recommend that you open P3 and P4 cases through t he Cisco TAC
Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These
classifications are assigned when severe network degradation significantly impacts business operations.
When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer
automatically opens a case.
To obtain a d ir ect or y of t oll- free C isco TAC telephone numbers for yo ur co unt ry, go to this URL:
Before calling, please check with your network operationscenter to determine the le v el of Cisco suppor t
services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network
Supported Accounts (NSA). When you call the center, please have available your service agreement
number and your product se rial numbe r.
This chapter provides these topics about the Catalyst 2950 switch software:
• Features, page 1-1
• Management Options, page 1-5
• Network Configuration Examp les, page 1-7
• Where to Go Next, page 1-17
The Catalyst 2950 software supports the switches listed in the “Purpose” section on page xxiii and in the
release notes. This section describes the features supported in this release:
NoteSome features require that you have the enhanced software image (EI) installed on your switch. For a
list of the switches that support the EI, see the “Purpose” section on page xxiii, or refer to the release
notes for this release.
Ease of Use and Ease of Deployment
• Cluster Management Sui te (C MS) sof tware for si mplif y ing switc h and sw itch c luste r ma nag eme nt
through a web browser, such as Netscape Communicator or Microsoft Internet Explorer, from
anywhere in your intranet
• Switch clusterin g te ch nology u sed wi th CM S for
–
Unified configuration, monitoring, authentication, and software upgrade of multiple switches
(refer to the release notes for a list of eligible cluster members).
–
Automatic discovery of candidate switches and creation of clusters of up to 16 switches that can
be managed throug h a s in gle IP ad dre ss.
–
Extended discovery of cluster candidates that are not directly connected to the command switch.
• Hot Standby Router Prot ocol (H SRP) for c om mand- swi tch re du ndancy. The redundant c omm and
switches used f or HS RP m ust have comp atibl e so ft ware re le ases.
NoteSee the “Advantages of Using CMS and Clustering Switches” section on page 1- 6. Refer to the
release notes fo r th e CM S, clust er ha rdware , sof t ware, and br owser req ui reme nts.
• Autosensing of speed o n t he 10/100 and 10/100/1000 ports and autonegotiation of duplex mode on
the 10/100 ports f or optim izing ba nd width
• IEEE 802.3X fl ow control on G iga bit Eth erne t po rts o pe ratin g i n fu l l-dup lex mo de
• Fast EtherChannel and Gigabit EtherCh annel for enh anced fault toleranc e and for provid ing up
to 2 Gbps of bandwidth between switches, routers, and servers
• Support for frames larger t han 1500 bytes. The Catalys t 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-D C,
and 2950G-48-EI switches running Cisco IOS Release 12.1(6)EA2 or later support frame sizes from
1500 to 1530 bytes
• Per-port broadcast storm control for pr eventing faulty end stations fr om degradin g overall system
performance with broadcast storms
• Port Aggregation Protocol (PAgP) for automatic creation of Ether Chann el links
• Internet Group Manage ment Protoc ol (IGMP) snoo ping suppor t to limit floo ding of IP multi cast
traffic
• Multicast VLAN registration (MVR) to continuously send multicast streams in a multicast VLAN
while isolating the streams from subscriber VLANs for bandwidth and security reasons
• IGMP filtering for con trolling th e set of mu lticast grou ps to which hosts on a swit ch port ca n belong
• Protected port (private VLAN edge port) option for restricting the forwarding of traffic to designated
ports on the same switch
• Dynamic address l ear ning fo r en hance d secu ri ty
Manageability
• Cisco Intelligence E ngine 2 100 (IE 210 0) Ser ies Ci sco N etwork ing Ser vices (CN S) em bedd ed
agents for automating swit ch ma nage ment , con figurati on stor age a nd de livery(available only with
the EI)
• Dynamic Host Configuration Protocol (DHCP)-based autoconfiguration for automatically
configuring the switch duri ng startup wit h IP addre ss informa tion an d a configurati on file that it
receives during DHCP-base d au t oconfigur ati on
NoteDHCP replaces the Bootstrap Protocol (BOOTP) feature autoconfiguration to ensure retrieval of
configuration files by unicast TFTP messages. BOOTP is available in earlier software releases
for this switch.
• Address Resolution Protocol (ARP) for identifying a switch through its IP address and its
corresponding MAC addre ss
• Cisco Discovery Protocol (CDP ) version s 1 a nd 2 for net work to pology di scovery an d ma pping
between the switc h and o t her C is co devices on t he n etwor k
• Network Time Protocol (NTP) for providing a consistent timestamp to all switches from an external
source
• Directed unicast requests to a Trivial File Transfer Protocol (TFTP) server for obtaining software
upgrades from a TFTP se rver
• Default configuration storag e in Flash me mory to ens ure tha t the switc h can be conn ecte d to a
network and can forward traffic with minim al user int erventio n
1-2
• In-band management acc ess through a CMS web -based session
• Out-of-band management access through the switch console port to a directly-attached terminal or
to a remote te rm inal t hro ugh a se ria l c onn ect ion an d a mod em
NoteFor additional descriptions of the management interfaces, see the “Manage ment Opt ions”
section on page 1-5.
Redundancy
• HSRP for comman d-swi tc h red und an cy
• UniDirectional l ink det ect ion (UD LD) on al l E ther net po rts f or de tec ti ng an d disab l ing
unidirectional link s on fiber-optic int erfac es c a used by in cor rec t fiber-optic wir ing or po rt faul ts
• IEEE 802.1D Spanning Tree Protocol (ST P) for red undant back bone co nnectio ns and loo p-free
networks. STP has these features:
–
Per-VLAN Spanning Tree (PVST) for balancing load across VLANs
–
UplinkFast, cross-stack UplinkFast, and BackboneFast for fast convergence after a
spanning-tree top ology c han ge a nd fo r ac hieving loa d b alanc ing be twee n r edund an t uplin ks,
including Gigabit uplinks and cross-stac k Gigabit upl inks
• IEEE 802.1S Multi ple ST P ( MSTP) fo r grou ping V LANs in to a span ni ng-t ree i nsta nce, and
providing for multiple forwarding paths for data traffic and load balancing (available only with
the EI)
• IEEE 802.1W Rapid STP (RSTP) for rap id convergence of the spanning tree by immediatel y
transitioning root and desi gnate d ports to the fo rwarding state(available only with the EI)
• Optional spanni ng-tr ee fe atur e s available:
–
Port Fast for eliminating the forw arding delay by enablin g a port to immediately transition fro m
the blocking state to the fo rwarding state
–
BPDU guard for shutting down Port Fast-enabled ports tha t receive BPDUs
–
BPDU filtering for preventing a Por t Fas t-enab led po rt f rom se nd ing or rece iving BPDU s
–
Root guard for preventing sw itches outside the network core from becoming the spanning-tree
root
–
Loop guard for preventing alternate or root ports from becoming designat ed ports because of a
failure that leads to a unidirectional link
NoteThe switch supports up to 64 spanni ng-tre e inst ances .
78-11380-05
VLAN Support
• The switches support 250 po rt-base d VLAN s for assig ning users to VLA Ns associ ated with
appropriate network resourc es, tra ffic patterns, and ban dwidth
NoteThe Catalyst 2950-12, Catalyst 2950-24, and Catalyst 295 0SX-24 switch es support only 64
• The switch supports up t o 4094 VLA N IDs to all o w se rvice pro v ider netw orks t o suppor t the numb er of
VLANs allowed by the IEEE 802.1Q standard(available only with the EI)
• IEEE 802.1Q trunking protocol on all ports for network moves, adds, and changes; management and
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security user s an d n etwor k re sour ces
• VLAN Membership Policy Server (VMPS) fo r dynam ic VLAN mem bership
• VLAN Trunking Protocol (VTP) pruni ng for re duci ng net work tra ffic by restricting floode d tra ffic
to links destined for stations receiving the traffic
• Dynamic Trunking Protocol ( DTP ) fo r negotiat ing trun king on a link be twee n two d evices and fo r
negotiating the type of trunking encapsulation (802.1Q) to be used
• Voice VLAN for creating subne ts for voice traffic from Cisco IP Phone s
Security
• Bridge protocol d ata u nit (B PDU) guar d for shut ting dow n a Por t Fa st-co nfig ured por t w hen an
invalid configuration occurs
• Protected port option for restricting the forwarding of traffic to designated ports on the same switch
• Password-protected access (read-only and read-write access) to management interfaces (CMS and
CLI) for protec tio n ag ain st un au th oriz ed c on figurat ion ch an ges
• Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
• Port security aging to set the aging time for secure addresses on a port
• Multilevel security for a choice of security level, notification, and resulting actions
• MAC-based port-level security for res trict ing the use of a sw it ch po rt to a spec ific group of so ur ce
addresses and preventing switch access from unauthorized stations (available only with the EI)
• Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for
managing network securi ty thro ugh a TACACS server
• IEEE 802.1X port-based authentication t o prevent unauthorized devices from gai ning access to the
network
• Standard and extended IP access co ntrol lists (ACLs) for defining secur ity polici es (available only
with the EI)
Quality of Service and Class of Service
• Classification
–
IP Differentiated Services Code Point (IP DSCP) and class of service (CoS) marking priorities
on a per-port basis fo r p ro tec tin g th e perfo rm an ce o f missi on- cri tica l a ppli cati ons (only
available with the EI)
–
Flow-based packet classification (classification based on information in the MAC, IP, and
TCP/UDP headers) for high-performance quality of service at the network edge, allowing for
differentiated service levels for different types of network traffic and for prioritizing
mission-critical traffic in the network (only available in the EI)
–
Support for IEEE 80 2.1 P Co S sc hedul ing for cl assificatio n and pr efe rent ial treat ment of
high-priority voice traffic
–
Trusted boundary (detect the presenc e of a Cisco IP phone, trust th e CoS value received, and
ensure port security. If the IP phone is not detect ed, disab le the t rusted se tting on the port and
prevent misuse of a high-prio rit y q ueue .)
Traffic-policing policies on the switc h port fo r all ocati ng the a m ount of the port bandw idth to
a specific traffic flow
–
Policing traffic flows to restrict specific applications or traffic flows to metered, predefined
rates
–
Up to 60 policers on ingress Gigabit-c apable Eth ernet po rts
Up to six policers on ingress 10/100 ports
Granularity of 1 Mbps on 10/10 0 ports and 8 Mbps on 10/100/ 1000 ports
–
Out-of-profile markdown for packets that exceed bandwidth utilization limits
NotePolicing is available only in the EI.
• Egress Poli ci ng a nd S che du lin g of Egr ess Queu es—Four egress queues on all switch ports. Support
for strict prior ity a nd weig ht ed ro und -r obin (WR R) CoS polic ies
Monitoring
• Switch LEDs that provide visual port and switch status
• Switched Port A na lyz er (SPAN) and Remote SPAN (RSPAN) for tra ffic monitori ng on any po rt or
VLAN
NoteRSPAN is available only in the EI.
• Four groups (history, statistics, alarms, and events) of embedded remote monitoring (RMON) agents
for network monitoring and traffic analysis
• MAC address notification for tracking the MAC addresses that the switch has learne d or removed
• Syslog facility for logging system messages about authentication or authorization errors, resource
issues, and time-out events
Management Options
The switches are desig ned for plug-and-play operation: you only need to assign basic IP informat ion to
the switch and connect it t o the othe r devices in you r ne twork . If yo u have specific network needs , yo u
can config ur e a nd m oni tor the switch—on an individual basis or as part of a switch cluster—through its
various management interfaces.
This section discusses these topics:
• Management Interface Option s, page 1-6
• Advantages of Using CMS and Clustering Switches, page 1-6
You can configure and monitor ind ividual switches a nd switch clust ers by using these interface s:
• CMS—CMS is a grap hic al use r int erface tha t c an be laun ch ed from a nywhere in yo ur network
through a web browser suc h as N etsc ape Commu nica tor or M ic roso ft Int erne t E xplor er. CMS is
already installed on the switc h. U sing CM S, you c an c onfigure an d mon itor a st anda lon e switc h, a
specific cluster member, or an entire switch cluster. You can also display network topolo gies to
gather link information and display switch images to modify switch and port level settings.
For more information about CMS, see Chapter 3, “Getting Started with CMS.”
• CLI—The switch IOS CLI software is enh anced to suppo rt desktop- switchi ng feature s. You can
configure and monitor the switch and switch cluster members from the CLI. Y ou can access the CLI
either by connecting your management station directly to the switch console port or by using Telnet
from a remote management sta tion.
For more information about the CLI, see Chapter 2, “Using the Comm an d-Li ne I nter face. ”
• IE2100—Cisco Intelligence Engine 2100 Series Configuration Registrar is a network management
device that works with embedded CNS Agents in the switch software. You can automate initial
configurations and configurat ion up da tes by gene rati ng sw it ch-sp ec ific con figurat ion ch an ges ,
sending them to the switch, executing the configuration change, and logging the results.
For more informati on abou t IE21 00, se e Ch apter 5, “Configuring IE2100 CNS A gent s.”
Chapter 1 Overview
• SNMP—SNMP provides a means to monitor and control the switch and switch cluster members.
You can manage sw it ch c onfigura tio n set tings, p erfor ma nce, an d se cu rit y an d c oll ect st ati stics by
using SNMP managem ent ap pl icati ons such as Cisc oWorks2000 LAN Managemen t Suit e ( LMS)
and HP OpenView.
You can manage the switch from an SNMP-compatible management station that is running
platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive set of
MIB extensions and four RMON groups.
For more information about using SNMP, see the Chapter 23, “Configuring SNMP.”
Advantages of Using CMS and Cl uste ring Switc hes
Using CMS and switch clusters can simplify and minimize your configuration and monitoring tasks. Y ou
can use Cisco switch cluster ing techno logy to manage up to 16 i nterc onnect ed and suppo rted C atalyst
switches through one IP add ress as if they were a single entity. This can conserve IP addresses if you
have a limited number of them. CMS is the easiest int erface to use and makes switch and switch cluster
management accessible to author ized users fro m any PC on your network.
By using switch clusters a nd CMS, you c an:
• Manage and monitor interconnected Catalyst switches (refer to the release notes for a list of
supported switches), regardless of their geographic proximity and interconnection media, including
Ethernet, Fast Ether net , Fast Ethe rCh annel , Ci sco G igaStac k G igabit I nte rface Co nverter (GBIC),
Gigabit Ethernet, and Giga bit EtherCh annel co nnec tions.
• Accomplish multiple conf iguration tasks from a single CMS window without needing to remembe r
• Apply actions from CMS to multiple ports and multiple switches at the same time to avoid
re-entering the same co mmands for e ach individual por t or switch . Here are som e examples of
globally setting and mana ging multip le ports and sw itches:
–
Port configuration such a s spe ed an d d uplex set tin gs
–
Port and console port secur ity settin gs
–
NTP, STP, VLAN, and quality of service (QoS) configurations
–
Inventory and statistic reporti ng and li nk and sw it ch-l evel monitori ng and trou bles hoot ing
–
Group software u pgrade s
• Vi ew a topology of interconnected devices to identify existing switch clusters an d eli gible switc h es
that can join a cluster. You can also use the topo logy to qui ckly ident ify link i nform ation bet ween
switches.
• Monitor real-time status of a sw itch o r mul tip le swit ch es f rom t he LED s on the f ro nt-p anel images.
The system, redundant power system (RPS), and port LED colors on the images are similar to those
on the physical L EDs.
• Use an interactive mode that takes you step-by -step throu gh configurin g complex feat ures such as
VLANs, ACLs, and QoS.
• Use a wizard that prompts you to provide the minimum required inform ation to configure complex
features such as QoS priorities for video traffic, priority levels for data applications, and security.
For more information about CMS, see Chapter 3, “Getting Started with CMS.” For more information
about switch clusters, see Chapter 6, “Clustering Switches.”
Network Configuration Examples
This section provide s network co nfigurati on conc ept s and i ncl udes examples of usin g t he s wit ch t o
create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit
Ethernet connec tions.
Design Concepts for Using the Switch
As your network u sers c om pete for ne twork b an dwi dth, it t akes lon ge r to send a nd rec eive data. Whe n
you configure your net work, co nside r the ba nd wid th r eq uired by your n etwork u ser s a nd the re lative
priority of the network applications they use.
Table 1-1 desc ribes wh at can cause network pe rform ance to degrade and how you can configur e your
network to increase the bandwidt h available to your network users.
Too many users on a singl e network segment
and a growing number of users accessing the
Internet
• Increased power of new PCs,
workstations, and servers
• High demand f rom n etwor ked
applications (such as e-mail with large
attached files) and from
bandwidth-intensive applicatio ns ( such
as multimedia)
• Create smaller network segments so that fewer users share the
bandwidth, and use V L ANs and I P subne ts t o pla ce the ne twork
resources in the same logical network as the users who access those
resources most.
• Use full-duplex operation between the switch and its connected
workstatio n s.
• Connect global resources—such as servers and routers to which network
users require equal access—directly to the Fast Et herne t or G iga bit
Ethernet switch ports so that they have their own Fast Ethernet or Gigabit
Ethernet segmen t.
• Use the Fast EtherChannel or Gigabit EtherChannel feature between the
switch and its connected servers and routers.
Chapter 1 Overview
Bandwidth alone is not th e only conside ration w hen desig ning your ne twork. As your net work traffic
profiles evolve, consider providing network services that can support applications such as voice and data
integration and security.
Table 1-2 desc ribes some net work demands and how you can meet those de mand s.
Table 1-2Providing Networ k Service s
Network Deman dsSuggested Des ign Metho ds
High demand f or mul tim ed ia support
High demand for protecting mission-critical
applications
• Use IGMP and MVR to efficiently forward multicast traffic.
• Use VLANs and protecte d ports to provide sec urity and port isola tion.
• Use VLAN trunks, cross-stack UplinkFast, and BackboneFast for
traffic-load balancing on the uplink ports so that the uplink port with a
lower relative port cost is selected to carry the VLAN traffic.
An evolving demand for I P t el ephony
• Use QoS to prioritize applications such as IP telephony during
congestion and to help control bo th delay an d jitter w ithin the n etwork.
• Use switches that support at least two q ueues per por t to priorit ize vo ice
and data traffic as eithe r high- or low-prior ity, based on 802.1 P /Q.
A growing demand for us ing exi sti ng
infrastructure t o transpor t data and voice from
• Use the Catalyst 2900 LRE XL switches to provide up to 15 Mb of IP
connectivity over existing infrastructure (existing telephone lines).
a home or off ice to th e Internet or an intr anet at
higher speeds
1-8
Figure 1-1 shows configuration examples of using the Catalyst switches to create these networks:
• Cost-effective wiring closet—A cost-effective way to connect many users to the wiring closet is to
connect up to nine Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches
through GigaStack G BIC c on nect ions. W he n y ou use a stac k of Ca talyst 295 0G -48 sw it ches, y ou
can connect up to 432 users. To pr eserv e switch connecti vit y if on e switch in the stack fails, connec t
the bottom switch to the top switch to create a GigaStack loopback, and enable cross-stack
UplinkFast on the cross-st ack Gi gabit upli nks .
You can create backup pat hs by using Fast Et hernet , Gigab it, Fast EtherCha nnel, or Gigabit
EtherChannel links. Using Gigabit modules on t wo of the switches, you can have redundant uplink
connections to a Gi gabi t ba ck bone sw itch suc h as t he Ca tal yst 35 50-12G s witc h. If o ne of the
redundant connection s fails, the other ca n serve as a backup pat h. You can configure the stack
members and the Catalyst 3550-12G switch as a switch cluster to manage them through a single IP
address.
• High-performance workgroup—For users who require high-speed access to network resources, use
Gigabit modules to connec t the switches directly to a backbone switch in a star co nfiguration. Each
switch in this configuration provides users with a dedicated 1-Gbps connection to network resources
in the backbone. Compare this with the switches in a GigaStack configuration, where the 1-Gbps
connection is share d among th e swi tch es. With the high spe ed uplink t o the dist ribution se rver, the
user can efficiently obt ain and store d ata f rom ser vers. Us ing t hese Gi gabi t m odule s a lso pr ovides
flexibility in media and distance options:
–
1000BASE-T GBIC: copper c onnec ti ons of up t o 328 f eet ( 100 m ete rs)
–
1000BASE-SX GBIC: fiber conne ctio ns o f up t o 1 804 feet (550 met ers)
–
1000BASE-LX/LH GBIC: fibe r con ne cti ons of u p t o 32 ,808 feet (10 ki lom e ters)
–
1000BASE-ZX GBIC: fiber con ne ctions of u p to 32 8,0 84 feet (100 kil omet ers)
–
GigaStack GBIC mo dule for c reati ng a 1 -Gbps st ack configur ation of u p to nine supp orte d
switches. The GigaStack GBIC supports one full-duplex link (in a point-to-point configuration)
or up to nine half-duplex links (in a st ack configur ation ) to other Gi gabit Ethe rnet devices.
Using the required Cisco proprietary signaling and cabling, the GigaStack GBIC-to-GigaStack
GBIC connection ca nnot excee d 3 feet (1 me ter).
• Redundant Gigabit back bon e—Using HSRP, you can create backup paths between
Catalyst 3550-12T-L3 switches. To enhance network reliability and load balancing for different
VLANs and subnets, you can connect the Catalyst 2 950 switches, again in a star configuration, to
two backbone switches. If one of the backbone switches fails, the second backbone switch preserves
connectivity between the sw itches an d network re sources.
Figure 1-2 shows a configurat ion for a n etwor k th at ha s up t o 250 u ser s. Us ers i n this networ k requi re
e-mail, file-sharing, database, and Internet access.
You optimize network perfor manc e by placing worksta tions on th e same logica l segment as the servers
they access most often. This divides the network into smaller segments (or workgroups) and reduces the
amount of traffic that tr avels over a networ k back bon e, the reby i ncre asin g t he ba ndwi dth available to
each user and improving server response time.
A network backbone is a high-bandwi dth conne ction (suc h as Fast Ethern et or Gigabit Ethernet ) that
interconnects segments and network resources. It is re qu i re d i f nu me r ou s s eg me n ts re q ui re ac ce s s t o th e
servers. The Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches in this
network are connect ed through a GigaStack GBIC on each switch to form a 1-Gbps network backbone.
This GigaStack c an a lso be configur ed a s a switc h cl uste r, with pri mary and sec on dary c omm and
switches for redu ndant cl uste r ma na geme nt.
Workstations are connected directly to the 10/100 switch ports for their own 10- or 100-Mbps access to
network resources (such as web and mail servers). When a workstation is configured for full-duplex
operation, it receives up to 200 Mbps of dedicated ba ndwidth fr om the switch .
Servers are connected to the G BIC module ports on the sw itches, allowing 1-Gbp s throughput to users
when needed. When the switch and server ports are configured for full-duplex operation, the links
provide 2 Gbps of band w idth . For ne tworks tha t do n ot req uire G igab it perf orm an ce f ro m a ser ver,
connect the server to a Fast Ethernet or Fast EtherChannel switch port.
Connecting a router to a Fast Eth ernet swi tch port pro vides mu ltiple, s imultan eous acces s to the Intern et
through one l ine.
Figure 1-2Small to Medium-Sized Network Configuration
Collapsed Backbone and Switch Cluster Configuration
Figure 1-3 shows a con figurati on for a n etwork of ap pro xima te ly 50 0 employees. This ne twor k us es a
collapsed backbone an d switc h clusters. A collapse d back bone has hig h-ban dwidth upl inks from a ll
segments and subnetworks to a single device, such as a Gigabit switch, that serves as a single point for
monitoring and c ontro llin g th e network. You can use a Catalyst 3550-12T-L3 swit ch, as shown, or a
Catalyst 3508G XL switch to crea te a G igab it back bone . A C atal yst 3550-12T-L3 ba ckbo ne swi tch
provides the benefits of inter-VLAN routing and allows the router to focus on WAN access.
The workgroups are created by cl ustering all the Catalyst switches e xcept the Catalyst 4908G-L3 switch.
Using CMS and Cisco switc h cl uste ring techn ol ogy, you can group the switche s in to mul tiple clust ers,
as shown, or into a single cluster. You can manage a cluster through the IP address of its active and
standby command switche s, regardless of the geog raphic locati on of the cluster members.
This network uses VLANs t o segme nt the network logically int o well-defined broadcast groups and for
security management. Data a nd multimedia tr af fic a re conf igured on th e same VLAN. Voice traff ic from
the Cisco IP Phone s ar e co nfigured on se pa rate voice VL AN IDs (V VIDs ). You can have up to
four VVIDs per wiring closet. If data, multimedia, and v oice traff ic are assigned to the same VLAN, only
one VLAN can be configured pe r wiring cl oset. For any switch port connec ted to Cisco IP Phones,
802.1P/Q QoS gives forwarding priority to voice traffic over data traffic.
Grouping serve rs in a centralized location prov ides benef its such as security and easier mainte nance. The
Gigabit connections to a server farm provide the workgroups fu ll access to the network resources (such
as a call-processing server running Cisco CallManager software, a DHCP server, or an IP/TV multicast
server).
Chapter 1 Overview
Cisco IP Phones are connected—usin g sta nd ard s trai ght -thr oug h, t wiste d-p air cab le with RJ- 45
connectors—to the 10/100 inline-power ports on the Catalyst 3524-PWR XL switches and to the
10/100 ports on the Catalyst 2950 switches. These multiservice switch ports automatically detect if an
IP phone is connected . Cisc o Cal lMa nage r con tr ols c all pr oc essin g, r outi ng, a nd I P pho ne fe atu re s an d
configuration. Users with workstations running Cisco SoftPhone software can place, receive, and control
calls from their PCs. Using Cisco I P Phone s, Cisc o CallMan ager software, and Cisco SoftPho ne
software integrates tel ephony a nd IP ne tworks, a nd the IP n etwork supp orts both voice and d ata .
Each 10/100 inline-power port on the Catalyst 3524-PWR XL switches provides –48 VDC power to the
Cisco IP Phone. The IP pho ne can receive redundan t power when it also is conn ected to a n AC power
source. IP phones n ot c on necte d to the C atal yst 3524-PWR XL switc hes rec eive power from an AC
power source.
Figure 1-3Collapsed Backbone and Switch Cluster Configuration
Gigabit
servers
Cisco
CallManager
Catalyst 3550-12T or
Catalyst 3550-12G switch
Network Configuration Examples
(2 Gbps full duplex)
Catalyst 2950, 2900 XL,
3550, and 3500 XL
GigaStack cluster
Workstations running
Cisco SoftPhone software
1 Gbps
GigaStack cluster
Catalyst
2950,
2900 XL,
3550, and
3500 XL
Si
IPIPIP
Cisco IP Phones
Cisco 2600 router
200 Mbps
Fast EtherChannel
(400-Mbps full-duplex
Fast EtherChannel)
Catalyst
3524-PWR XL
GigaStack cluster
IP
IP
Cisco
IP Phones
60994
Large Campus Configuration
Figure 1-4 shows a confi gur atio n fo r a n etwork of more than 1000 users. Because it can ag gr e gate up to
130 Gigabit connections, a Catalyst 6500 multilayer switch is used as the backbone switch.
You can use the wo rkg roup co nfigurat ions shown in previous exa mple s to c reate workg rou ps with
Gigabit uplinks to the Catalyst 6500 switch. For example, you can use switch clusters that have a mix of
Catalyst 2950 switc hes .
The Catalyst 650 0 sw itc h p rovides the workgr oups w it h Giga bit acce ss to c ore r esour ce s:
• Cisco 7000 series router for access to the WAN and the Internet.
• Server farm that incl udes a cal l-pr ocessi ng se rver ru nnin g C isco Cal lMana ger soft ware. Ci sco
CallManager controls call proc essing, ro uting, and IP phone fea tures an d configurati on.
• Cisco Access gateway (such as Cisco Access Digital Trunk Gateway or Cisco Access Analog Trunk
Gateway) that connects the IP network to the Public Switched Telephone Network (PSTN) or to
users in an IP telephony network.
Multidwelling Network Using Catalyst 2950 Switches
A growing segment of residential and commercial customers are requiring high-speed access to Ethernet
metropolitan-area netwo rks (MANs). Figure 1-5 shows a co nfigur ation for a Gig abit Ethe rnet MAN ring
using Catalyst 3550 multilayer switches as aggregation switches in the mini-point-of-presence (POP)
location. These sw itch es ar e conn ec ted thr oug h 1000 BASE-X GBIC po rts.
The resident switches can be Catalyst 2950 switches, providing customers with high-speed connections
to the MAN. Catalyst 2912-LRE or 2924-LRE XL Layer 2-only switches also can be used as residential
switches for customers requiring connectivity through existing telephone lines. The Catalyst 2912-LRE
or 2924-LRE XL switches can then connect to another residential switch or to an aggregation switch.
For more information about the LRE switches, refer to the Catalyst 2900 Series XL Hardware Installa ti o n G u id e.
All ports on the residential Cata lyst 2950 switc hes (and Ca talyst 2912-L RE XL or 2924- LRE XL
switches if they are i nclu de d) ar e c onfigured as 802. 1Q tr unk s wi th p rote cte d port and STP ro ot g ua rd
features enabled. The protected port feature provides security and isolation between ports on the switch,
ensuring that subscriber s cannot view packets de stined for ot her subscr ibers. STP roo t guard prevents
unauthorized devices from be comi ng t h e STP roo t sw itch. Al l p orts have IGMP snoopi ng or CG MP
enabled for multicast traffic management. ACLs on the uplink ports to the aggregating Catalyst 3550
multilayer switches provide security and bandwidth management.
The aggregating switches and routers provide services such as those described in the previous examples,
“Small to Medium-Si zed Network Configuration” and “L arge Camp us Configuration.”
Figure 1-5Catalyst 2950 Switches in a MAN Configuration
Long-Distance, High-Bandwidth Transport Configuration
NoteTo use the fea ture de scr ibed in thi s se ctio n, yo u m ust have the E I i nstall ed on you r s witc h.
Figure 1-6 shows a configuration for transporting Gigabits of data from one location to an off-site
backup facility over a single fiber-optic cable. The Catalyst switches have Coarse Wave Division
Multiplexer (CWDM) fiber-optic GBIC modules installed. The CWDM GBIC modules can connect to
distances of up to 393,701 feet (74.5 miles or 120 kilometers). Depending on the CWDM GBIC module,
data is sent at wavelengths from 1470 to 1610 nanomet ers (nm ). The high er the wavelength, the farth er
the transmission can travel. A common wavelength for long-distanc e transmission s is 1550 nm.
Up to eight CW DM GB IC modul es , w ith any co mbi n ation of wavelengths, c an c onn ect to a Cisc o
CWDM Passive Optical System. It combines (or multiplexes) the different CWDM wavelengths,
allowing them to trav el simulta neously on the same fib er-opt ic cable. The Cisco CWDM Passi v e Optical
System on the receiving end separates (or demultiplexes) the different wavelengths.
Using CWDM technology with the switche s translates t o farther data tra nsmissio n and an increa sed
bandwidth capacity (up to 8 Gbp s) on a single fiber-optic cable.
Chapter 1 Overview
For more information about the CWDM GBIC modules and CWDM Passive Optical System, refer to the
CWDM Passive Optical System Installation Note.
Figure 1-6Long-Distance, High-Bandwidth Transport Configuration
This chapter d escri b es t he IO S co mman d-l ine int erfa ce (C LI) t hat you ca n u se to con figure your
switches. It contains these sections:
• IOS Command Modes, page 2-1
• Getting Help, page 2-3
• Abbreviating Commands, page 2- 3
• Using no and default Forms of Commands , page 2-4
• Understanding CLI Mess ages , pa ge 2-4
• Using Command History, page 2-5
• Using Editing Features, page 2-6
• Searching and Filtering Output of show and more Commands, page 2-9
• Accessing the CLI, page 2-9
IOS Command Modes
The Cisco IOS user interface is divided into many different modes. The commands available to you
depend on which mode you are curre ntl y in. En ter a ques tion ma rk (? ) at the system prom pt to ob tain a
list of commands available for each command mode.
When you start a sessio n on the swi tch, you b egin in us er mo de, o ften c alle d user EX EC m ode . Onl y a
limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC
commands are one -time comm ands, s uch as show commands, which show the current configuration
status, and cle ar commands, which clear counters or interfaces. The user EXEC commands are not saved
when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a
password to enter privileged EXE C m od e. Fr om this mode , you c an en ter any privileged E XEC
command or enter glob al co nfigurati on mode.
Using the configurat ion m odes ( gl ob al, i nte rface , and l ine ), y ou ca n ma ke ch ang es to the ru nning
configuration. If you save the configuration, these commands are stored and used when the switch
reboots. To access the various configuration modes, you must sta rt at glo bal c onfigura tion mo de . Fro m
global configuration mo de, you can enter inte rface con figuration mod e and line configurati on mode.
Table 2-1 describes the main command modes, ho w to access each on e, the prompt you s ee in that mode, and
how to exit the mode. The examples in the table use the host name Switch.
You can enter a question mark (?) at the system prom p t to di s play a lis t of co mm an d s a vailable for each
command mode. You can also obtain a list of associated keywords and arguments for any command, as
shown in Table 2-2.
Tabl e 2-2Hel p Sum mary
CommandPurpose
helpObtain a brief descript ion of the help syst em in any comman d mode.
abbreviated-command-en try?Obtain a list of commands that begin with a parti cular characte r string .
For example:
Switch# di?
dir disable disconnect
abbreviated-command-en try<Tab>Complete a partial command name.
For example:
Switch# sh conf<tab>
Switch# show configuration
?List all comma nds available for a part ic ular c omma nd mo de.
For example:
Switch> ?
command?List the associated keywords for a command.
For example:
Switch> show ?
command keyword ?List the associ ated a rguments for a keyword.
Getting Help
For example:
Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver must keep this packet
Abbreviating Commands
You have to enter only enou gh cha ra cters for the switc h to re cogn ize the comma nd as u niqu e. T his
example shows how to enter the show configuration privileged EXEC command:
Almost e ver y conf igu ration co mmand a lso ha s a no form. In ge neral , use the no form to disable a feature
or function or reverse th e a c tio n of a co mm an d. For exam pl e, t he no shutdown interface c onfigura tion
command reverses the shutdown of an interface. Use the command without the keyword no to re-enable
a disabled feature or to enable a feature t hat is di sabled by default .
Configuration commands can also have a default form. The default form of a command returns the
command setting to its default. Most commands are disabled by default, so the default form is the same
as the no form. However , some c ommands are enable d by def ault and ha ve v ariables set to certain def ault
values. In thes e case s, th e default command enables the command and sets variables to their default
values.
Understanding CLI Messages
Table 2-3 l ist s so me e rror me ssage s tha t y ou migh t e ncoun ter w hile using t he C LI to co nfigure you r
switch.
Chapter 2 Using the Command-Line Interfac e
Table 2-3Common CLI Error Messages
Error MessageMeaningHow to Get Help
% Ambiguous command:
"show con"
% Incomplete command.
% Invalid input detected
at ‘^’ marker.
You did not enter enough characters
for your switch to recognize the
command.
You did not enter all the keywords or
values required by this command.
You entered t h e comm an d
incorrectly. The caret (^) marks the
point of the error.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that y ou can en ter wi th the
command are displayed.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that y ou can en ter wi th the
command are displayed.
Enter a question mark (?) to display all the commands
that are available in this command mode.
The possible keywords that y ou can en ter wi th the
command are displayed.
The IOS provides a history or reco rd of comma nds that you have entered. Th is featu re is particu larly
useful for recalling long or complex commands or entries, including access lists. You can customize the
command history fea ture to suit y our n eeds as desc ribe d in the se se c tions:
• Changing the Command History Buffer Size, page 2-5
• Recalling Commands, page 2-5
• Disabling the Comm and Histo ry Feat ure, pa ge 2-6
Changing the Command History Buffer Size
By default, the switch records ten command lines in its history buffer. Beginning in privileged EXEC
mode, enter this command to change the number of command lines that the switch records during the
current terminal session:
Switch# terminal history [sizenumber-of-lines]
The range is from 0 to 256.
Using Command History
Beginning in line configur ati on mode , en ter thi s co mmand to c onfigure t he nu mb er of com ma nd l ine s
the switch records for all sessions on a particular line:
Switch(config-line)# history[sizenumber-of-lines]
The range is from 0 to 256.
Recalling Commands
To recall comm ands from t he history buffer, perform one of the actions liste d in Table 2-4:
Table 2-4Recalling Commands
1
Action
Press Ctrl-P or the up arrow key.Recall commands in t he hi stor y buffer, beginning with the most rec ent c omma nd.
Press Ctrl-N or the down arrow key.Return to more recent command s in the histo ry buffer after recalling comma nds
show historyWhile in privileged EXEC mode, list the last several commands that you just
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Result
Repeat the key sequence to recall successively older commands.
with Ctrl-P or the up arrow key. Repeat the key sequence to recall succ essively
more recent comm ands .
entered. The nu mb er of c om ma nds th at a re di spla yed i s de term ine d by the se ttin g
of the terminal history global configurati on com ma nd an d hi s tory line
configuration comm and.
The command history feature is automatically enabled.
To disable the feature during the current terminal session, enter the terminal no history privileged
EXEC command.
To disable command history for the line, enter the no history line configuration comman d.
Using Editing Features
This section describes th e editin g featur es that can he lp you manip ulate the command line. It con tains
these sections:
• Enabling and Disabling Editing Features, page 2-6
Although enhan ced ed iting m ode is au to mat ical ly e na ble d, you c a n disab le it.
To re-enable the enhanced editing mode for the current terminal session, enter this command in
privileged EXEC mode:
Switch# terminal editing
To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration
mode:
Switch(config-line)# editing
To globally disable enhanced editing mode, enter this command in line configuration mode:
Table 2-5 shows the keystrokes that you need to edit command lines.
Table 2-5Editing Commands through Keystrokes
Using Editing Features
CapabilityKeystroke
Move around the command line to
make changes or correc tions.
Press Ctrl-B, or pres s th e
left arrow key.
Press Ctrl-F, or press the
right arrow key.
Press Ctrl-A.Move the cursor to t he b eginn ing of the com ma nd lin e.
Press Ctrl-E.Move the cursor to the end of the command line.
Press Esc B.Move the cursor back one word.
Press Esc F.Move the cursor forward one word.
Press Ctrl-T.Transpose the character to the left of the cursor with the
Recall commands from th e buffer a nd
Press Ctrl-Y.Recall the most recent entry in the buffer.
paste them in the comman d line . The
switch provides a bu f fer with the last
ten items that you deleted.
Press Esc Y.Recall the next buffer entry.
Delete entries if you make a mistake
or change your mind .
Press the Delete or
Backspace key.
Press Ctrl-D.Delete the ch ar ac ter a t t he cu rsor.
Press Ctrl-K.Delete all characters from the cursor to the end of the
Press Ctrl-U or Ctrl-X.Delete all characters from the cursor to the beginning of
Press Ctrl-W.Delete the word to the left of the cursor.
Press Esc D.Delete from the cursor to the end of the word.
Capitalize or lowercase words or
Press Esc C.Capitalize at the cursor.
capitalize a set of letters.
Press Esc L.Change the word at the cursor to lowercase.
Press Esc U.Capitalize letters from the cursor to the end of the word.
Designate a part ic ula r keystroke as
Press Ctrl-V or Esc Q.
an executab le command, per haps as a
shortcut.
1
Purpose
Move the cursor back one char acter.
Move the cursor forward one character.
character located at the cursor.
The buffer contains only the last 10 items tha t you have
deleted or cut. If you press Esc Y more than ten times, you
cycle to the first buffer entry.
Table 2-5Editing Commands through Keystrokes (continued)
Chapter 2 Using the Command-Line Interfac e
CapabilityKeystroke
Scroll down a line or screen on
Press the Return key.Scroll down one line.
1
displays that are longer than the
terminal screen can display.
NoteThe More prompt is used for
any output that has mo re
lines than can b e di spla yed
on the terminal screen,
including show command
output. You can use the
Return and Space bar
keystrokes whenever you see
the More prompt .
Press the Space bar.Scroll down one scre en .
Redisplay the current command line
Press Ctrl-L or Ctrl-R.Redisplay the current command line.
if the switch sudde nly sends a
message to your screen.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Editing Command Lines that Wrap
Purpose
You can use a wra pa round f eat ure for com ma nds tha t extend b eyond a si ngle line o n the sc reen . W he n
the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the
first ten characters of the line, but you can scrol l back a nd check t he syntax a t the beginning of t he
command.
T o scroll back to the be ginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You
can also press Ctrl-A to immediately m ove to t he begi nn ing o f th e l ine .
NoteThe arrow keys function only on ANSI-co mpati ble termi nals such as VT100 s.
In this example, the access-list global configuration command entry extends beyond one line. When the
cursor first reaches the en d of the line, the line is shifted ten spaces to the left and redisplaye d. The dollar
sign ($) sho ws t hat th e line has been scrol led to the left. Each time th e curs or reaches the end of the line,
the line is again shifted ten spaces to the left.
After you complete the entry, press Ctrl-A to check the comple te synt ax before pressi ng the Return key
to execute t he co mm an d. Th e d o llar sig n ( $ ) ap pears at the end of the line to show that the line has been
scrolled to the right:
The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than
that, use the terminal width privileged EXEC co mman d to set the wi dth of y our t ermi n al.
Searching and Filtering Output of show and more Commands
Use line wrapping wit h the comm and hi story fea ture to rec all and modi fy previous comp lex comman d
entries. For info rmation a bout rec alling pr e vious command entries, see th e “Editing Commands through
Keystrokes” section on page 2-7.
Searching and Filtering Output of show and more Commands
You can search and filte r the output f or show and more commands. This is useful when you need to sort
through large amou nts o f outpu t or i f you want to exclu de ou tput th at y ou do no t ne ed t o see.
To use this functionality, enter a show or more command followed by the pipe character (|), one of the
keywords begin, include, or exclude, and an expression that you want to se arch f or or filter out:
command| {begin | include | exclude} regular-expression
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
are not displayed, but the lines tha t contain Output are displayed.
This example shows how to include in the output display only lines wher e the expression protocol
appears:
Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
GigabitEthernet0/1 is up, line protocol is down
GigabitEthernet0/2 is up, line protocol is up
Accessing the CLI
Before you can access the CLI, you need to connect a terminal or PC to the switch console port and
power on the switch as described in the hardware installation guide that shipped with your switch. Then,
to understand the b oot pro cess a nd the opt ions available for assigni ng IP inf ormat ion , see Chapter 4,
“Assigning the Switch IP Address and Default Gateway.”
If your switch is a lre ad y configure d, you ca n acc ess the C LI t hr ough a l o cal conso le co nne ctio n o r
through a remote Telnet session, but your switch must first be configured for th is type of acc ess. For
more information, see the “Setting a Telnet Password for a Terminal Line” section on page 7-5.
You can establish a connection with the switch in one of two ways:
• Connecting the swi tch cons ol e por t to a mana geme nt stat ion or dia l-up m odem. For in for ma tion
about connecting to the console port, refer to the switch hardware installation guide.
• Using any Telnet TC P/IP pack ag e fr om a rem ot e ma nage ment station. T he sw it ch m ust h ave
network connectivity with the Telnet client, and the switch must have an enable secret password
configured.
For information about configuring the switch for Telnet access, see the “Setting a Telnet Password
for a Terminal Line” section on page 7-5. The switch supports up to 16 simultaneous Telnet sessions.
Changes made by one Telnet user are reflected in all other Telnet sessions.
After you connect through th e co nsole port or th rough a Telnet session, the user E XEC pro mpt ap pear s
on the management station.
This procedure assume s you have met the software requir ements (in cludin g browser and Java plug-in
configurations) and have assigned IP information and a Telnet password to the switch or command
switch, as described in the release notes.
To access the CLI from a web browser, follow these steps:
Step 1Start one of the supported browsers.
Step 2In the URL field, enter the IP address of the command switch.
Step 3When the Cisco Systems Access page appears, click Telnet to start a Telnet session.
You can also access the CLI by clicking Monitor the router- HTML ac cess to the com mand l ine
interface from the Cisco Systems Access page. For information about the Cisco Systems Access page,
see the “Accessing CMS” section in the release notes.
Step 4Enter the switch password.
The user EXEC prompt appears on the management station.
Chapter 2 Using the Command-Line Interfac e
NoteCopies of the CMS pages that you display are saved in your browser memory cache until you exit the
browser session. A password is not re quired t o re displa y the se p ag es, inc lud ing th e Cisco Sy stem s
Access page. You can access the CLI by clicking Web Console - HTML access to the command line interface from a cached copy of the Cisco Systems Access page. To prevent unauthorized access to CMS
and the CLI, exit your browser to end the browser session.
CMS provides th ese fe atures (Figure 3-1) for managing sw itch cl usters and ind ividual swi tches fr om
Web browsers such as Ne tscape Communi cato r or Micros oft Intern et Ex plorer:
• Two views of your network that can be display ed at the same time:
–
The Front Panel view displays the front- panel i mage of a spec ific switch or t he front- panel
images of all switches in a cluster. From this view, you can select multiple ports or multiple
switches and configure them with the same settings.
When CMS is launched from a comma nd switch, the Front Panel view displays the front-panel
images of all switches in the cluster. When CMS is launched from a noncommand switch, the
Front Panel view displays only the front panel of the specific switch.
NoteCMS from a standalone switch or fr om a no ncom mand sw itch is re fer red t o a s Device
Manager (also referred to as Switch Manager). Device Manager is for configuring an
individual switch. When you select Device Manager for a specific switch in the cluster,
you launch a separate CMS session. The Device Manage r inter face can vary between
the Catalyst switch platforms.
–
The Topology view displays a network map that uses icons that represent switch clusters, cluster
members, cluster candidates, n eighbor ing de vic es that are not eligi ble to join a cluster, and link
types. From this vie w , you can se lect multiple switches and conf igure them to run with the same
settings. You can also display link information in the form of link reports and link graphs.
This view is available only whe n CMS i s la unche d from a com ma nd sw itch.
• Menus and toolbar t o ac cess c onfiguration and m anage ment opti on s:
–
The menu bar provides the compl ete list of op tions for mana ging a singl e switch and swit ch
clusters .
–
The toolbar provides buttons for co mmonly use d switch and cluste r configurati on option s and
information windows such as legends and online help.
–
The port popup menu, in the Front Panel view, provides options specific for configuring and
monitoring switch ports.
–
The device popup me nu, i n e ith er the Front Panel o r th e Topology views, provides switch and
cluster configuration and monitoring options.
–
The candidate, member, and link popup menus provide options for configuring and monitoring
devices and links in the Topology view.
The toolbar and popup menus provide quick ways to access frequ ently used menu-bar opt ions.
• Tools to simplify configuration tasks:
–
Interactive modes—guide mode and expert mode—that control the presentation of some
complex configuration option s
3-2
–
Wizards that require minimal information from you to configure some complex features
–
Comprehensive online hel p t ha t pr ovides h ig h-level co ncep ts and pr oced ure s f or perf orm ing
tasks from the window
When CMS is launched from a command swi tch, the Fron t Panel view displays the fr ont-p anel im ages
of all switches in the cluster (Figure 3-2). W he n C MS i s la unche d fro m a stan da lone o r n oncom mand
member switch, the Front Panel view displays only the front pane l of the speci fic switch (Figu re 3- 3).
Figure 3-2Front Panel View from a Command Switch
Chapter 3 Getting Started with CMS
cluster1
Cluster tree.
10.1.1.2
Right-click a member
switch image to display
the device pop-up
menu, and select an
option to view or change
system-related settings.
Right-click the
command switch
image to display the
cluster pop-up menu,
and select a cluster-
related option.
65718
3-4
Figure 3-3Front Panel View from a Standalone Switch
The cluster tree (Figure 3-2) appears in the left f rame of the Front Pan el vie w a nd sho ws the name o f the
cluster and a list of its members. The sequence of the cluster-tree icons (Figure 3-4) mirror the sequence
of the front-pan el image s. You can change the sequ ence b y selecti ng View > Arrange Front Panel . The
colors of the devices in the cluster tree show the status of the devices (Table 3-1).
If you want to configure switch or cluster settings on one or more switches, select the appropriate
front-panel ima ges.
• To select a fr ont-p anel im age, cl ick ei ther th e cluste r-tree icon or t he corre spon ding front-p an el
• To select multiple front-panel images, press the Ctrl key, and left-click the cluster-tree icons or the
If the cluster has many switches, you might need to scroll down the window to display the rest of the
front-panel image s. In stea d of scrol ling, you c an click a n icon in the cluste r tree , and CM S then scro lls
and displays the co rre spondi n g f ront -pane l i mage .
Figure 3-4Cluster-Tree Icons
Front Panel View
image. The front-panel image is then highlighted with a yellow outline.
front-panel images. To deselect an icon or image, press the Ctrl key, and le ft-click the icon or image.
Table 3-1Cluster Tree Icon Colors
ColorDevice S tat us
GreenSwitch is operating normally.
Y el lo wThe internal fan of the switch is not operating, or the switch is re cei ving po wer from an RPS.
RedSwitc h is not po wered up, has lost po wer, or the command switch is unable to communicate
Front-Panel Images
You can manage the switch fro m a remote sta tion by using the fron t-pane l images . The front -panel
images are updated b ased on t he ne twor k pol ling in terval tha t you se t f rom CMS > Preferences.
This section includes descriptions of the LED images. Similar descriptions of the switch LEDs are
provided in the switch hardware installation guide.
NoteThe Preferences window is available if your switch access level is read-only. For more information about
the read-only access mode, see the “Access Modes in CMS ” section on page 3-29.
Black (off)RPS is off or is not installed.
GreenRPS is connected and operational.
Blinking greenRPS is provid ing power to another sw itch in the st ack.
AmberRPS is connected but not functioning.
The RPS could be in standby mode. To put the RPS in Active mode, press the Standby/Active button on the
RPS, and the LED should turn gr een. If it does no t, one of thes e conditi ons could exist:
• One of the RPS power supplies could be down. Contact Cisco Systems.
• The RPS fan could have failed. Cont act C isco Systems.
Blinking amber Internal power supply of the swi tch is d own, and re dunda ncy is lo st. Th e sw itch is op erat ing on the R PS.
Port Modes and LEDs
The port modes ( Table 3-4) determine the ty pe of i nf orma tion d ispl ayed thr ough the port LE Ds. Whe n
you change port modes, the me anings of the port LED colors ( Table 3-5) a l so ch an ge.
NoteThe bandwidth utilization mode (UTIL LED) does not appear on the front-panel images. Select
Reports > Bandwidth Graphs to display the total bandwidth in use by the switch. Refer to the switch
hardware installation guide for information about using the UTIL LED.
To select or ch an ge a m ode , c lick t he M ode button u ntil the de sire d mo de L ED i s gree n.
Table 3-4Port Modes
Mode LEDDescription
STATLink status of the ports. De fault m od e.
DUPLXDuplex setting on the ports. The defaul t setting on the 10/100 ports is auto . The default setting
on the 10/100/1000 por ts is full.
SPEEDSpeed setting on the p orts. The d efault setti ng on t he 10/10 0 a nd 10 / 100/1 000 port s is au to.
GreenLink present.
AmberLink fault. Error frames can affect connectivity, and errors such as excessive
collisions, CRC errors, and alignment an d jabber errors are monitore d for a link-fault
indication.
Port is not forwardin g. Por t was di sabl ed by m an agem ent , by an a ddress viol at ion,
or by Spanning Tree Protocol (S TP).
NoteAfter a port is reconfigured, the port LED can remain amber for up to
30 seconds as STP checks the switch for possib le loops.
BrownNo link and port is administrat ively shut down.
DUPLXCyan (off)Port is operating in half-d uplex mode.
GreenPort is op erat ing i n full- dupl ex m od e.
SPEEDCyan (off)Port is operating at 10 Mbps (10/100 ports) or no link (10/100/1000 ports and GBIC
module ports).
GreenPort i s op erat ing at 10 0 Mbps (10/100 ports) o r 100 0 M bp s ( GBIC mo dule port s).
Blinking greenPort is op er ati ng a t 10 00 M bps (10 / 100/1 000 po rts).
VLAN Membership Modes
Ports in the Front Panel view are outlined by colors (Table 3-6) wh en y ou cl ick Highlight VLAN Port
Membership Modes on the Configure V LAN s tab on t he V LAN w indow
(VLAN > VLAN > Configure VLANs). The colors show the VLAN membership mode of each port.
The VLAN membe rship mode determ ines the kind of traffic the port carries and the number of VLANs
it can belong to. For m ore in forma ti on ab out th ese mod es, se e the “VLAN Port Membership Modes”
section on page 13-3 .
NoteThis feature is not supported on the Catalyst 1900 and Catalyst 2820 sw itches.
The Topology view displays how the devices within a switch cluster are connected and how the switch
cluster is con necte d to oth er cl uster s an d devices . Fr om t his vi ew, you can add and re move cluste r
members. This view provide s two levels of deta il of t h e ne twork topo l ogy:
• When you right-click a cluste r icon and selec t Expand Clust er, the Topology view displays the
switch cluster in detail. This view shows the command switch and member switches in a cluster. It
also shows candidate switches that can join the cluster. This view does not display the details of any
neighboring switch c luster s ( Figur e 3-6).
• When you right-click a command-switch icon and select Collapse Cluster, the cluster is collapsed
and represented by a single ico n. The vi ew shows how the cluster is connecte d to other clusters,
candidate switches, and devices that are not eligible to join the cluster (such as routers, access
points, IP phones, and so on) ( Fi gure 3-7).
NoteThe Topology vie w displays only the switch cluster and network neighborhood of the specific command
or member switch that you access. T o display a different switch cluster, you need to access the command
switch or member swit ch of th at clus ter.
Topology View
You can arrange the device icons i n this view. To move a device icon, click and drag the icon. To select
multiple device icons, you ca n eithe r:
• Press the left mouse button, drag the pointer over the group of device icons that you want to select,
and then releas e th e mouse button.
• Press the Ctrl key, and click the device icons that yo u want to se lect .
After selecting the icons, drag the icons to any area in the view.
The Topology view and the cluster tree use the same set of device icons to represent clusters, command
and standby command switches, and membe r switches ( Figure 3-8). The Topology view also uses
additional icons to r epre sen t t hes e ty pes of nei ghbori n g d evices:
• Customer premises equipment (CPE) devices that are connected to Long-Reach Ethernet (LRE)
• Devices that are not eligible to join the cluster, such as Cisco IP phones, Cisco access points, and
• Devices that are identified as unknown devices, su ch as some Cisco devices and third-party devices
TipNeighboring devices are only displayed if they are connected to cluster members. To display neighboring
devices in the To pology view, either add the switch to which they are connected to a cluster, or enable
that switch as a command switch.
Topology View
switches
Cisco Discovery Protocol (CDP)-capable hubs and rou ters
NoteThe System Switch Processor (SSP) card in the Cisco Integrated Communications System
(ICS) 7750 appears as a Layer 2 switch. SSP cards are not eligible to join switch clusters.
NoteCandidate switches are d istinguished b y the color of their de vice label. De vice labels and their color s are
described in the “Colors in the Topology View” section on page 3-12.
T o sel ect a de vice, cl ick the icon. The icon is t hen highlight ed. To select multiple de vic es, you can e ither:
• Press the left mouse button, drag the pointer over the group of icons that you want to select, and then
release the mouse button.
• Press the Ctrl key, and click the icons that you want to select.
Figure 3-8Topology-View Device Icons
78-11380-05
The Topology view also uses a set of link icon s ( Figure 3-9) to show the link type and status between
two devices. To select a link, click the li nk that you want to select . To select multiple lin ks, press the Ctrl
key, and click the links that you want to select.
The internal fan of the switch is not operating, or the switch is receiving power from an
RPS.
The device is not operating.
Table 3-9Multiple Link Icon Colors
Link ColorColor Meaning
Both greenAll links are active.
One green; one red At least one link is active, and at least one other link is do wn
Both redAll li nks are d own or bloc ked.
The color of a device label shows the cluster membership of the device (Table 3-10).
Table 3-10 Device Label Colors
Label
ColorColor Meaning
GreenA cluster member, either a member switch or the command switch
CyanA candidate switch that is eligible to join the cluster
Y ello wAn unknown device or a de vice that is not eligible to join the cluster
Topology Display Options
You can set the type of informa tion displa yed in the Topology view by changing the settings in the
Topology Optio ns w ind ow. To display this wi ndow, select View > Topology Options. From this
window, you can select:
• Device icons that you want di splay ed i n or filtere d fr om the Topology View window
or blocked.
78-11380-05
• Interface IDs and Actua l Sp ee d values th at yo u want displa ye d in the L ink wi ndow
• Host Names, IP addresses, and MAC address label s that you want disp layed in the No de window
The configuration and mo nit oring op tion s for c onfiguring sw it ches an d s witc h cl uste rs ar e available
from menus and a toolbar.
Menu Bar
The menu bar provides the compl ete list of op tions for mana ging a singl e switch an d switch clust er.
Options displayed from the me nu bar can vary:
NoteThe menu-bar options on a Catalyst 2950 switch change depending on whether the switch is running the
enhanced software image (EI) or the standard image (SI). The footnotes in Table 3-11 list the options
available if the switch is running the EI.
• Access modes affect the av ailability of fea tures from CMS. The footnotes in Table 3-11 describe the
availability of an option based on your access mode in CMS: read-only (access level 1–14) and
read-write (ac cess level 15). For m ore i n forma tio n ab out h ow access m od es affect CMS , see th e
“Access Modes in CMS” section on page 3-29.
Chapter 3 Getting Started with CMS
• The option for en ab lin g a co mma nd swit ch is only available f rom a C MS sessio n laun ched fr om a
command-capable switch.
• Cluster management tasks, such as upgrading the software of groups of switches, are available only
from a CMS session launched from a comm and switc h.
• If you launch CMS from a specific switch, the menu bar displays the features supported only by that
switch.
• If you launch CM S f rom a co mm and sw it ch, the menu b ar disp lays the f eature s supp orte d on t he
switches in the cluster, with these exceptions:
–
If the command switch is a Layer 3 switch, such as a Catalyst 3550 switch, the menu bar
displays the features of all Layer 3 and Layer 2 switches in the cluster.
–
If the command switch is a Layer 2 switch, such as a Catalyst 2950 or Catalys t 3500 XL switch,
the menu bar displays the features of all Layer 2 switches in the cluster. The menu bar does not
display Layer 3 featur es even if the cluster has Catalyst 3550 Layer 3 membe r switche s.
Note• We strongly recommend that the highest-end, command-capable switch in the cluster be the
command swit ch:
–
–
–
• Standby command switches must meet these requirements:
–
–
–
Menus and Toolbar
If your switch cluster has a Catalyst 3550 switch, that switch should be the command switch.
If your switch cluster has Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL switches, the
Catalyst 2950 sh ould be t he co mm an d swit ch.
If your switch cluster has Catalyst 1900, Catalyst 2820 , Catalyst 2900 XL, and
Catalyst 3500 XL switches, either the Catalyst 2900 XL or Catalyst 3500 XL should be the
command swit ch.
When the command switch is a Catalyst 3550 switch, all standby command switches must be
Catalyst 3550 switche s.
When the command switch is a Catalyst 2950 switch running Release 12.1(9)EA1 or later, all
standby command s witche s m ust b e Ca talyst 2950 switches ru nning Re le ase 12.1(9)EA1 or
later.
When the command switch is a Catalyst 2950 switch running Release 12.1(6)EA2 or later, all
standby command s witc hes m ust b e Catal yst 2950 switches runni ng Re le ase 1 2. 1(6 )EA2 or
later.
–
When the command switch is runni ng Rele ase 12.0(5)WC2 or earlier, the standby comman d
switches can be these swi tches: C ata lyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL
switches.
We strongly recommend that the command switch and standby command switches are of the same
switch platform and that both are running the same level of software (SI or EI). In the event of a
failover, the standby command switc h must support the same configu ratio n a nd serv ice s tha t a re
running on the com ma nd sw it ch.
–
If you have a Catalyst 35 50 co mman d sw itc h, the st andby c om mand switc hes sh oul d be
Catalyst 3550 switche s.
–
If you have a Catalyst 29 50 co mman d sw itc h, the st andby c om mand switc hes sh oul d be
Catalyst 2950 switche s.
–
If you have a Catalyst 2900 XL or Catalyst 3500 XL command sw itch, the stand by command
switches should be Catalyst 2 900 X L and Catalyst 3500 XL switches.
Refer to the release notes for the Catalyst switches that can be part of a switch cluster.
NoteUnless note d ot herw is e, Table 3-11 lists the menu-bar options available from a Catalyst 2950 command
switch when the cluster contains only Catalyst 2950 member switches. The menu bar of the command
switch displays all menu-bar options available from the cluster, including options from member switches
from other cluster-capable switch platforms.
Page SetupSet default docum en t pr in ter p rop er ties to be use d w hen pr int ing f ro m CMS.
Print PreviewView the way the CMS window or help file will appear when printed.
PrintPrint a CMS window or help file.
Guide Mode/Expe rt Mo de
Preferences
Administration
IP Addresses
SNMP
System Time
HTTP Port
2
2
2
2
2
Users and PasswordsConfigure usernames an d pas s words f or privilege levels 0 to 15 .
Console Baud Rate
MAC Addresses
2
ARP
2
Save Configuration
Restore Configuration
Software Upg rade
System Reload
1
1
Event NotificationCreate notification IDs that generate e-mail notifications when system events occur.
Cluster
Cluster Manager
Create Cluster
Delete Cluster
Add to Cluster
3
1 4
1 5
1 5
Remove from Cluster
Standby Command Switches
Hop Count
Device
Device Manager
Host Name
STP
2 5
5
1
2
1
Select which interac tion mod e t o u se w hen you selec t a con figuration o pti on.
Set CMS display properties, such as polling in tervals, the def ault views to open at startup,
and the color of a dm inist ratively shutdown ports.
Configure IP information for a switc h.
Enable and disabl e Simple Ne twork Man ag emen t Pro toc ol ( SNMP), en ter co mm unit y
strings, and configure end sta tions as trap ma nagers.
Configure the system time or con figure the Networ k Time Protocol (N TP) .
Configure the Hypertext Transfer Protocol (HTT P) port nu mber.
2
Change the baud rate for the switch console port.
Enter dynamic, secure, and static addresses in a switch address table. You can also define
the forwarding behavior of static addresse s.
Display the device Ad dress Res ol ution Proto col (A RP) t abl e, a nd configure the ARP
cache timeout setting.
1
Save the configuration for the cluster or swi tch to Flash memory.
Restore the configuration file to one or more switches in the cluster.
Upgrade the software for the cluster or a switch.
Reboot the switch with the latest installed software.
Launch a CMS session from the member switch.
Designate a comman d switch, a nd name a clust er.
Delete a cluster.
Add a candidat e t o a clust er.
1 5
Remove a member from the cl uster.
2 5
Create a Hot Stand by Route r Proto col (HSRP) sta ndby gr oup t o pr ovide
command-switch redun dancy.
Enter the num ber of hop s away t hat a c om mand swi tch look s f or memb er s a nd fo r
candidate switches.
Launch Device Manager for a specific switch.
Change the host name of a switch.
Display and configure STP parameters for a switch.
Port Settings
Port SearchSearch for a port through its de script ion.
Port Security
EtherChannels
2
SPAN
Protected Port
Flooding Control
VLAN
2
VLAN
(guide mode available1)
Management VLAN
2
VMPS
Voice VLAN
Reports
InventoryDisplay the device type, software version, IP addre ss, and other sw itch info rmat ion.
2
Enable and disable Intern et Group Manage ment Protoc ol (IGMP) snoo ping and IG MP
Immediate-Leave proc essing on the switch. Join or lea ve multicast grou ps, and configure
multicast routers.
Configure 802.1X authen ticat ion of devices as they are att ached to LAN ports in a
point-to-point infrastructure.
Create and maintain access control lists (ACLs), and attach ACLs to specific ports.
1 6
Filter certain traf fic, su ch as HTTP tr af fic, to certain ne tworks or de vic es. Restrict access
to servers, networks, or a ppli cat ion da ta from c ert ain net works o r d evices.
Display submenu options to enable and disable quality of service (QoS) and to conf igure
or modify these p aram eters :
• Trust settings
• Queues
• Maps
2 6
• Classes
• Policies
1
• Voice Wizard
• Video Wizard
• Data Wizard
2
1
2
Display and configure port para mete rs on a swi tch .
Enable port security on a port.
Group ports into logical units for high-speed links between switches.
2
2
2 6
(guide mode available1)
2 6
(guide mode available1)
1
—Configure a por t to sen d or rece ive voice traffic.
1
—Optimize m ul tipl e vi deo ser vers f or se nding v ideo tra ffic.
1
—Provide a higher priority to specific applications.
6
6
Enable Switched Port Analyzer (SPAN) port monitoring.
2
Configure a port to prevent it from receiving bridge d traffic from another port on the
same switch.
2
Block the normal floodi ng of unica st and multic ast packets, and enabl e the switch to
block packet storms.
Display VLAN me mber ship, a ssign po rts to V LAN s, a nd co nfigure 802.1 Q trun ks.
Display and configure t he V LA N Trunking Prot oco l (V TP ) for int ersw itch VLA N
membership.
2
Change the man agem e nt VLA N on the sw itch.
Configure the VLAN Membership Policy Server (VMPS).
2
Configure a port to use a v oice VLAN for voice traf fic, separating it fro m the VLANs for
data traffic.
Port StatisticsDisplay port statistics.
Bandwidth GraphsDisplay graphs that plot the t otal band width in use by the swit ch.
Link GraphsDisplay a graph showing th e bandw idt h bei ng use d f or t he se le cte d li nk .
Link ReportsDisplay the link report for two connected devices. If one device is an unknown device or
a candidate, only the cluster-member side of the link displays.
Resource Monitor
System MessagesDisplay the most recent system messages (IOS messages and switch-specific messages)
View
RefreshUpdate the views with the latest status.
Front PanelDisplay the Front Panel view.
Arrange Front Panel
Topology
5
Topology Options
Automatic Topology Layout
Save Topology Layout
Window
Help
OverviewObtain an overview of the CMS interface.
What’s NewObtain a des crip tio n of the new CMS f eat ures.
Help For Active WindowDi s play the help for the active open window. This is the same as clicking He lp from the
ContentsList all of the available online help topics.
LegendDisplay the legend that describe s the icons, lab els, and li nks.
AboutDisplay the CMS version number.
1. Not available in read-only mode. For more information about the read-only and read-write access modes, see the “Access Modes in CMS” section on
page 3-29.
2. Some options from this menu option are not available in read-only mode.
3. Available only from a Device Manager session on a cluster member.
4. Available only from a Device Manager session on a command-capable switch that is not a cluster member.
5. Available only from a cluster management session.
6. Available only from a switch running the EI.
6
Display masks for ACL and QoS po licy maps.
sent by the switch softwa re.
This option is available on the Catalyst 2950 or 3550 switches. It is not available from
the Catalyst 2900 XL and Catalyst 3500 XL switches. You can display the system
messages of the Catalyst 2900 XL and 3500 XL switches when they are in a cluster
where the comm an d swi tc h is a Cat alyst 2950 switch runn ing Relea se 12.1(6)EA2 or
later or a Catalyst 3550 switch running Re lease 12.1(8)EA1 or la ter. For more
information about system messages, refer to the switch system messa ge guide.
1 5
Rearrange the order in which switches appear in the Front Panel view.
Display the Topology view.
5
1 5
Select the informa tion to b e displa yed i n the Topology view.
5
Request CMS to rearrange th e topology la yout.
Save the presentation of the cluster icons that you arranged in the Topology view to Flash
memory.
List the open windows in your CMS session.
The toolbar buttons display commonl y-used swit ch and cluster configuration opti ons and info rmation
window s such as le gends an d online h elp. Ho ver the cu rsor o ver an i con to disp lay the feature. Table 3-12
describes the toolbar opti ons, fro m left to right on the toolba r.
Table 3-12 Toolbar Buttons
Keyboard
Toolbar Option
PrintCtrl-PPrint a CMS window or help file.
Preferences
Save Configuration
Software Upg ra de
Port Settings
VLAN
1
2
2
1
1
Inventory–Display the device type , the soft ware version, the IP add ress, and othe r
Refresh–Update the views with the latest status.
Front Panel–Display the Front Panel view.
Topology
Topology O ptions
3
3
Save Topology Layout
Legend–Display the legend that describes the icons, labels, and links.
Help For Active WindowF1 keyDisplay the help for the active open window. This is the same as clicking Help
1. Not available in read-only mode. For more information about the read-only and read-write access modes, see the “Access Mo de s in CMS” section
on page 3-29.
2. Some options from this menu option are not available in read-only mode.
3. Available only from a cluster-management session.
ShortcutTask
Ctrl-RSet CMS display properties, such as polling interv als, th e vie ws to open at CMS
startup, and the colo r of administ ratively shutdown ports.
Ctrl-SSave the configuration for the cluster or switch to Flash memory.
Ctrl-UUpgrade the software for the cluster or a switch.
–Display an d c onfigure port para met ers on a swi tc h.
–Display VLA N me m bership, assi gn port s to VL ANs, and c onfigure 80 2.1 Q
trunks.
information about a switch.
–Display the Topology view.
–Select the infor mat ion to b e di spla yed in t he Topology view.
2 3
–Save the presentation of the cluster icons that you arranged in the T opology view
These popup menus ar e available in the Fr ont Panel v iew.
Device Popup Menu
You can display al l swi tch and c luster configu ratio n wind ows from t he me nu ba r, or you ca n d isplay
commonly used configuration windows from the device popup menu (Table 3-13). T o display the device
popup menu, click the switc h icon from the cluste r tree or the front-pane l image its elf, and ri ght-cl ick.
Table 3-13 Device Popup Menu
Popup Menu Opt ionTask
Device Manager
Host Name
Delete Cluster
Remove from Cluster
Bandwidth Grap hsDisplay graphs that plo t t he t ota l b andw idt h in use.
PropertiesDisplay information about the device and port on either end o f the link and
1. Available from a cluster member switch but not from the command switch.
2. Not available in read-only mode. For more information about the read-only mode, see the “Access Modes in CMS” section
on page 3-29.
3. Available only from the command switch.
4. Available only from a cluster-management session.
1
2
2 3 4
2 4
Remove a member from the cluster.
Chapter 3 Getting Started with CMS
Launch Device Manager for the switch.
Change the name of the sw itch.
Delete a cluster.
the state of th e li n k.
Port Popup Menu
You can display all port configuration windows from the Port menu on the menu bar, or you can display
commonly used port configuration windows from the port popup menu (Table 3-14). To display the por t
popup menu, click a speci fic port image, an d right- click.
Table 3-14 Port Popup Menu
Popup Menu Opt ionTask
Port Settings
1
VLAN
1
Display and configure port setti ngs.
Define the VLAN mod e fo r a por t or po rts an d add po rts t o VLA Ns. Not
available for the Catalyst 1900 and Catalyst 2820 switches.
Port Security
Link Graphs
1 2
3
Enable port security on a port.
Display a graph showing the band width used by the selec ted link.
Select All PortsSelect all ports on the switch for global configuration.
1. Some options from this menu option are not available in read-only mode.
2. Available on switches that support the Port Security feature.
3. Available only when there is an active link on the port (that is, the port LED is green when in port status mode).
These popup menus ar e available in t he Topology view.
Link Popup Menu
You can display reports and graph s for a spec ific link displayed in the Topology view (Table 3-15). To
display the link pop up menu, cl ick the link i con, and righ t -clic k.
Table 3-15 Link Popup Menu
Popup Menu OptionTask
Link ReportDisplay the link report for two connected devices. If one device is an unknown
Link GraphDisplay a graph showing the current bandwidth used by the selected link. You
PropertiesDisplay information about the device and port on either end of the link and the
Menus and Toolbar
device or a candidate, o nly the c lust er m embe r side of the li nk di sp lays.
can change the graph polling interval by selecting CMS > Preferences.
state of the link.
The Link Repo rt a nd L ink G raph opt ion s a re n ot availabl e if a t b oth en ds o f th e l ink ar e
• Candidate switches
• Catalyst 1900 and Ca talyst 2820 switches
• Devices that are not eligible to join the cluster
If multiple lin ks are co nfigured bet wee n two devices, wh en you c li ck t he link i con an d right- cli ck, t he
Multilink Content window appears (Figure 3-10). Click the link icon in this window, and right-click to
display the link popup menu spe cific for that lin k.
Specific devices in the Topology view display a specific popup me nu:
• Cluster (Table 3-16)
• Command switch (Table 3-17)
• Member or st an dby co mm an d swi tch ( Table 3-18)
• Candidate switch with an IP address (Table 3-19)
• Candidate switch without an IP address (Table 3-20)
• Neighboring devices (Table 3-21)
NoteThe Device Manager optio n i n the se pop up m en us is available in r ead- only m od e o n Cat alyst 2900 XL
and Catalyst 3500 XL switches running Releas e 12 .0(5)WC2 a nd later. It is also available on
Catalyst 2950 swit ches ru nnin g R ele ase 12.1(6)EA2 and l ater an d on Ca talyst 3550 switch runn ing
Release 12.1(8)EA 1 or later. It is not available on the Catalyst 1900 and Catalyst 2820 switches.
To display a d evice p opup men u, c lick an ic on, a nd righ t-c lic k.
Chapter 3 Getting Started with CMS
Table 3-16 Device Popup Menu of a Cluster Icon
Popup Menu Opt ionTask
Expand clusterView a cluster-specific topology view.
PropertiesDisplay information about the device.
Table 3-17 Device Popup Menu of a Command-Switch Icon
Popup Menu OptionTask
Collapse cluste rView the neighborhood outside a specific cluster.
Host Name
1
Change the host name of a switch.
Bandwidth GraphsDisplay graphs that plot the total bandwidth in use by the switch.
PropertiesDisplay information about the device.
1. Not available in read-only mode. For more information about the read-only and read-write access modes, see the “Access
Modes in CMS” section on page 3-29.
Table 3-18 Device Popup Menu of a Member or Standby Command-Switch Icon
Popup Menu Opt ionTask
Remove from Cluster
Host Name
1
Device Manager
1
Remove a member from the cluster.
Change the host name of a switch.
2
Launch Device Manage r for a swi tch .
Bandwidth GraphsDisplay graphs that plot the tot al bandw idth in us e by the switch.
PropertiesDisplay information about the device.
1. Available only from a cluster-management session.
2. Available from a cluster member switch but not from the command switch.
Table 3-19 Device Popup Menu of a Candidate-Switch Icon (When the Candidate Switch Has an
Popup Menu OptionTask
Add to Cluster
Device Manager
PropertiesDisplay information about the device.
1. Not available in read-only mode. For more information about the read-only and read-write access modes, see the “Access
Modes in CMS” section on page 3-29.
2. Available from a cluster member switch but not from the command switch.
Table 3-20 Device Popup Menu of a Candidate-Switch Icon (When the Candidate Switch Does Not
Popup Menu Opt ionTask
Add to Cluster
PropertiesDisplay information about the device.
1. Not available in read-only mode. For more information about the read-only and read-write access modes, see the “Access
Modes in CMS” section on page 3-29.
IPAddress)
1
2
Have an IP Address)
1
Add a candidat e t o a cl uste r.
Launch Device Mana ge r fo r a sw itch .
Add a candid at e to a c lus ter.
Interaction Modes
Table 3-21 Device Popup Menu of a Neighboring-Device Icon
Popup Menu OptionTask
Device Manager
Disqualification CodeDisplay the reason why the device could not join the cluster.
PropertiesDisplay in for mat ion abo ut t he device.
1. Available from a cluster member switch but not from the command switch.
Interaction Modes
You can change the int era c tion m ode of CM S to ei the r gu id e or expe rt m ode. Gui de mod e step s yo u
through each feature option an d provides info rmation ab out the paramete r. Expert mode displays a
configuration window in wh ich you co nfigure the f eat ur e opt ion s.
1
Access the web managem ent inter face of the device.
NoteThis option is available on Cisco access points, but not on Cisco IP
phones, hubs, route rs and o n u nknown d evices such as so me Cisco
devices and third-party devices.
NoteGuide mode is not available if your switch acc ess level is read-only. For more information about the
Chapter 3 Getting Started with CMS
read-only access mode, see the “Access Modes in CMS” section on page 3-29.
Guide mode is for users who want a step-by-step approach for completing a specific configuration task.
This mode is not available for all featur es. A menu- bar option t hat has a person icon mea ns that guid e
mode is available for that option.
When you click Guide Mode and then select a menu- bar option that supports guide m ode, CMS displays
a specific parameter of the feature with information about the parameter field. To configure the feature,
you provide the information that CMS requests in each step until you click Finish in the last step.
Clicking Cance l a t a ny time c loses a nd en ds th e co nfigurati on ta sk wi thou t a pply in g any c ha nges.
If Expert Mode is selected and you want to use guide m ode, yo u must clic k Guide Mode before
selecting an option from the menu bar, tool bar, or popup menu. If you change the interaction mode after
selecting a configuration option, the mode change does not take effect until you select another
configuration optio n.
Expert Mode
Wizards
NoteWizards are not available if your switch access level is read-only. For more information about the
Expert mode is for users who prefer to display all the parameter fields of a feature in a single CMS
window. Information about the parameter fields is available by clicking the Help button.
read-only access mode, see the “Access Modes in CMS” section on page 3-29.
Wizards simplify some configuration tasks on the switch. Similar to the guide mode, wizards provide a
step-by-step approa ch f or co mp leti ng a spe cific c onfigura tio n ta sk. U nli ke gui de m od e, a w iz ard d oe s
not prompt you to provi de i nforma ti on for al l o f the fea ture opt ions. In stead, it prompt s y ou to provide
minimal information an d then uses the default set tings of the remainin g options to set up default
configurations.
Wizards are not available for all features. A menu-bar option that has wizard means that selecting that
option launches t h e wi za rd for t h at f e atur e.
CMS displays a popup m essage wh en you move your mouse over the se devices:
• A yellow device icon in the c luste r tre e or in Topology view—A popup displays a fault me ssage,
• A red device icon in the c luste r tr ee o r in Topology view—A popup displa ys a message tha t the
If you move your mouse over a table column heading , a popup displa ys the fu ll headin g.
Online Help
CMS provides comprehensive online help to assist you i n under standing an d performi ng configurat ion
and monitoring tasks from the CM S windows (Figure 3 -11 ).
• Feature help, available from the menu ba r by selecting Help > Contents, provides background
Tool Tips
such as that the RPS is faulty or that the switch is unavailable because you are in read-only mode.
switch is down.
information and co ncepts on the feat ures.
• Dialog-specific help, available from Help on the CMS windows, provides procedures for
performing tasks.
• Index of help topic s.
• Glossary of terms used in the online help.
You can send us feedback about the in f orma tion pr ovided in the online help. Click Feedback to display
an online form. After completin g the form, click Submit to se nd your comments to Cisco. We appreciate
and value your comments.
Figure 3-11 Help Contents and Index
78-11380-05
Glossary of terms used in the online help.
Legend of icons and color codes.
Feature help, such as concepts.
Information about the CMS interface.
CMS windows consistently present configuration information. Figure 3-12 shows the components of a
typical CMS window.
Figure 3-12 CMS Window Components
Chapter 3 Getting Started with CMS
Host Name List
74796
OK saves your changes and
closes the window.
Modify displays a secondary
window from which you can
change settings.
Click a row to select it. Press Shift,
and left-click another row to select
contiguous multiple rows. Press Ctrl,
and left-click rows to select noncontiguous rows.
Click a tab to display more
information.
Apply saves your changes and leaves
the window open.
Refresh refreshes the window to display
the latest information.
Cancel closes the window without saving
the changes.
Help displays help for the window and the
menu of Help topics.
Select a cluster member from the
Host Name list to display its settings.
To display or change the configuration of a cluster member, you need to select the specific switch from
the Host Name drop-down list. The list appears in the configuration window of each feature and lists
only the cluster members that support that feature. For example, the Host Name list on the VLAN
window does not includ e Catal yst 1900 and Catalys t 2820 switches even though they ar e pa rt o f the
cluster. Similarly, the Host Name list on the LRE Profiles window only lists the LRE switches in the
cluster.
Tabs, Lists, and Tables
Some CMS windows have tabs that present different sets of information. Tabs are arranged like folder
headings across the top of the window. Click the tab to display its information.
Listed information can often be changed by selecting an item from a list. To change the information,
select one or more items , and c lick Modify. Changing multiple items is limited to those ite ms that apply
to at least one of the selections.
Some CMS windows present information in a table format. You can edit the information in these tables.
NoteYou can resize t he wi dth of th e co lumn s to di spla y th e co lumn he adi ngs , o r you c an h over your c urso r
over the heading to d isp lay a po pup desc ript ion of the co lumn.
CMS Window Components
Icons Used in Win dows
Some window have icons for sorting information in tables, for showing which cells in a table are
editable, and for displaying further information from Cisco.com (Figure 3-13).
Figure 3-13 Window Icons
Buttons
These are the most common buttons that you use to change the information in a CMS window:
• OK—Save any changes and close the window . If you made no changes, the window closes. If CMS
detects errors in your entry, the window remains open. For more information about error detection,
see the “Er ror Ch ecki ng ” se ction on page 3 -30.
• Apply—Save any changes made in the window and leave the window open. If you made no changes,
the Apply button is disabl ed.
78-11380-05
• Refresh—Update the CMS window with the latest status of the device. Unsaved changes are lost.
• Cancel—Do not save any changes made in the window and clo se the window.
• Help—Display procedure s on perfor ming tasks fro m the window.
• Modify—Disp lay the sec ondar y w ind ow for ch angi ng info rm ati on on t he se le cte d it em or it ems .
You usually select an item from a list or table and click Modify.
• Y ou know the IP address and password of the command switch or a specific switch. This information
is either:
–
–
• You know your access privilege level to the switch.
• You hav e referr ed to the r elease no tes for sy stem re quiremen ts and ha v e follo wed th e proced ures for
installing the required Java plug-ins and configuring your browser.
CautionCopies of the CMS p ages you display are sa ved in your bro wser memory cache u ntil you exit the browser
session. A password is not required to redisplay these pages, including the Cisco Systems Access page.
You can access the CLI b y clicking Mo nitor the r outer - HTML ac cess to the command li ne interface
from a cached copy of the Cisco Systems Access page. To prevent unauthorized access to CMS and the
CLI, exit your browser to end the browser session.
Chapter 3 Getting Started with CMS
Assigned to the switch by following the setup program, as describ ed in the release notes.
Changed on the switch by following the information in the “Assigning Switch Information”
section on page 4-2 and “Preventing Unauthorize d Access to Your Switch” section on page 7-1.
Considerations f or a ssigni ng IP addr esses an d p asswords to a co mm an d s witc h and c luster
members are described in the “IP Addresses” section on page 6-16 and the “Passwords” section
on page 6-17.
NoteIf you have configured the Terminal Access Controlle r A ccess Co nt rol Syste m Plu s (TACACS+) or
Remote Authentication Dial-In User Service (RADIUS) feature on the switch, you can still access the
switch through CMS. For information about how inconsistent authentication configurations in switch
clusters can affect access through CMS, see the “TACACS+ and RADIUS” section on page 6-18.
To access CMS, follow these steps:
Step 1Enter the switch IP address and your privilege level in the browser Location field (Netscape
Communicator) or Addre ss field (Micr osoft Inter net Ex plorer ). For example:
http://10.1.126.45:184/level/14/
where 10.1.126.45 is the switch IP address, 184 is the HTTP port, and level/1 4 is the privilege level.
You do not need to enter the HT TP port if the sw itch is u sing HTTP po rt 80 (the default) or ente r the
privilege level if you have read-write access to the switch (privilege level is 15). For information about
the HTTP port, see the “HTTP Access to CMS” section on page 3-29. For information about privilege
levels, see the “Access Modes in CMS” section on page 3-29 .
Step 2When prompted for a username and password, enter only the switch enable password. CMS prompts you
a second time for a usernam e and password . Enter onl y the enabl e password agai n.
If you configure a loca l u ser na me a nd passwor d, m ake sure you en abl e i t by usin g t h e ip h tt p
authentication g lo bal configur ation c om mand. E nte r you r u ser na me a nd passwo rd when p rom pte d.
Step 3Click Web Console.
If you access CM S from a st anda lon e or me mb er sw itch , D evice Manag er a ppea rs. I f you a cce ss CMS
from a command switch, you ca n display the Fron t Panel and Topology views.
CMS provides two le v e ls of acce ss to the co nf igurat ion options: read-wr ite ac cess and read -only ac cess.
Privilege levels 0 to 15 are supported.
• Privilege level 15 provides you with read-write access to CMS.
• Privilege levels 1 to 14 provide you with read-only access to CMS. Any options in the CMS
windows, menu bar, toolbar, and popu p m enus t hat ch an ge t he switch or clust er co nfigurat ion a re
not shown in read-only mode.
• Privilege level 0 denies access to CMS.
If you do not include a privilege level when you access CMS, the switch verifies if you have
privilege-level 15. If you do not, you are denied ac cess to CMS. If you do have privilege-level 15, you
are granted read-write access. Therefore, you do not need to include the privilege level if it is 15.
Entering zero denies access to CMS. For more information about privilege levels, see the “Preventing
Unauthorized Access to Your Switch” section on page 7-1.
Note• If your cluster has these member switches run ning earlie r software re leases and if you have
read-only access to these memb er switches , some co nf iguration windo ws fo r those switch es dis play
incomplete information:
–
Catalyst 2900 X L o r C atal yst 3500 XL member swi tches ru nning Rel ease 12.0(5)WC2 or
earlier
Accessing CMS
–
Catalyst 2950 member sw itches runni ng Release 12.0(5)WC2 or earlier
–
Catalyst 3550 member sw itches run ning Releas e 12 .1(6)EA1 or ea rlier
For more information about this limitation, refer to the release notes.
• These switches do n ot su ppo rt r ead- only mo de on CM S:
–
Catalyst 1900 and Ca taly st 28 20
–
Catalyst 2900 XL switches with 4-MB CPU DRAM
In read-only mod e, th ese sw it ches a ppea r a s unavailable devices an d c anno t be c onfigure d from
CMS.
HTTP Access to CMS
CMS uses Hypertext Transfer Pro toc ol ( HTTP) , whi ch i s an i n- band for m of c omm unic atio n wi th the
switch through any one of its Ethern et port s and that allows switch ma nageme nt from a st andard w eb
browser. The default HTTP port is 80.
If you change the HTTP port, you mu st include the new port number w hen you enter the IP address in
the browser Location or Address field (for example, http://10.1.126.45:184 where 184 is the new HTTP
port number).
Do not disable o r otherw is e mi scon figure t he por t thro ugh w hic h your m an agem ent statio n i s
communicating w ith th e switc h. You might want to write down the p ort num ber to whi ch you are
connected. Change s to t he sw itch I P inf orm a tion sh oul d be d one w it h ca re.
For information about connecting to a switch port, refer to the switch hardware installation guide.
CMS provides notification cues to help you track and confirm the changes you make.
Change Notification
A green border around a field or t abl e cel l mea ns tha t you ma de a n unsaved chan ge to the field or tabl e
cell. Previous information in that field or table cell is displayed in the window status bar. When you save
the changes or if you cancel the change, the green border disappears.
Error Checking
A red border around a field mean s that you en tered invalid data in the field. An erro r messag e also
displays in the window status bar. When you enter valid data in the field, a green border replaces the red
border until you either save or cancel the change.
If there is an error in communica ting with the switc h or if you mak e an error wh ile performing an action,
a message notifies you about the erro r.
Chapter 3 Getting Started with CMS
Saving Your Configuration
NoteThe Save Configuration option is not available if your switch access level is read-only. For more
information about the read-onl y access mo de, see th e “Access Modes in CMS” section on pag e 3-29.
TipAs you make cluster configuration ch ange s (except for ch anges to th e Topology view and in the
Preferences wind o w), ma ke su re th at you per iodically sa v e the configuration from the comm and switc h.
The configuration is saved on the c omma nd a nd me mb er sw it ches.
The front-panel images and CMS windows always display the running configuration of the switch.
When you make a configu ratio n cha ng e t o a s wit ch o r switc h cluste r, the change be co mes pa r t of the
running configuration. Th e c hang e d oes not automatically become part of the configuration file, which
is the startup configuration used each time the switch restarts. If you do not save your changes, they are
lost when the switch restarts.
NoteCatalyst 1900 and Catalyst 2820 switches automatically save configuration changes to Flash memory as
they occur.
For CMS procedures for saving your swi tc h con figuratio n, re f er to th e on lin e he lp.
After you save a switch configuration, you can restore the configuration to one or more switches for these
reasons:
• You made an in corre c t c hange to th e c ur rent runn in g configura tion a nd want t o r elo ad a saved
configuration.
• You need to reload a switch after a switch failure or power failure.
• You want to copy the configurat ion of a switc h to oth er swit ches.
For CMS procedures for restoring a sw itch configurati on, refe r to the online help.
CMS Preferences
When you exit from CMS, your CMS preferences are saved to your PC in a file called .cms_properties.
You can copy this file to other PCs. The file is store d in a default configuration dir ectory, such as
C:\Documents and Settings\username. If you cannot locate the CMS preferences file, select
Start > Search > For Files or Folders..., and search for .cms_properties.
Restoring Your Configuration
NoteIn previous CMS versions, the preferen ces were saved in Flash memory whe n you exited from CM S.
Using Different Versions of CMS
When managing switch clusters through CMS, remember that clusters can have a mix of switch models
using diffe rent IOS releases and that CMS in earl ier IOS release s and on dif ferent switch p latforms mi ght
look and function differently from CMS in this IOS release.
When you select Device > Device Manager for a c lus ter mem be r, a new browser session is laun ch ed ,
and the CMS version for that switch is displayed.
Here are examples of how CMS can differ betwee n IOS relea ses and swit ch platf orms:
• On Catalyst switches run ning Re le ase 12.0(5)WC2 or earlier or Rele ase 12.1(6)EA1 or earlier, the
CMS versions in those software releases might appear similar but are not the same as this release.
For example, the Topology view in this release is not the same as the Topology view or Cluster View
in those earlier software releases.
• CMS on the Catalyst 1900 and Catalyst 2820 switches is referred to as Switch Manager. Cluster
management options are not available on these switches. This is the earliest version of CMS.
Refer to the documentation specific to the switch and its IOS release for descriptio ns of the CMS version
you are using.
Before configuring the switch, refer to these places for start-up information:
• Switch release notes on Cisco.com:
–
CMS software requ ir eme nts
–
Procedures for running t he setup progr am
–
Procedures for browser configuration
–
Procedures for acc essing CMS
• Chapter 4, “Assigning the Switch IP Addre ss and Default Gateway”
• Chapter 7, “Administering the Switch”
The rest of this guide provides information about and CLI procedures for the software features supported
in this release. For CMS procedures and window descriptions, refer to the online help.
Assigning the Switch IP Address and Default
Gateway
This chapter describes how to create the initial switch configuration (for example, assign the switch IP
address and default gateway informatio n) by using a variety of automa tic and ma nual meth ods.
NoteFor complete syntax an d usage info rmation for th e commands u sed in this chap ter , refer to the command
reference for thi s r ele ase.
This chapter consists of these sections:
• Understanding the Boot Process, pa ge 4-1
• Assigning Switch Infor mat ion, page 4-2
• Checking and Saving the Running Configuration , page 4-10
Understanding the Boot Process
Before you can assign switch information (IP address, subnet mask, default gateway, secret and Telnet
passwords, and so for th), you ne ed t o instal l a nd power on t he s wit ch a s descr ibed in the ha rdware
installation guide th at s hi pped w ith yo ur sw itch.
The normal boot pro cess i nvolves the operatio n of t he bo ot loa der sof tware, whi ch perfo rm s the se
activities:
• Performs low-le vel CPU initializa tion. It initializes th e CPU registers, which control where physical
memory is mapped, its quantity, its speed, and so forth.
• Performs power -on self-test (POST ) for the CPU subsystem. I t tests the CPU DRAM and the portion
of the Flash device that makes up the Flash file system.
• Initializes the Flash file system on the system board.
• Loads a default operating system software image into memory and boots the switch.
The boot loader provides a ccess to the Flash f ile system before th e operating system is lo aded. Normally,
the boot loader is used only to load, uncompress, and launch the operating system. After the boot loader
gives the operating system control of the CPU, the boot loader is not active until the next system reset
or power-on.
The boot loader also provides trap-door access into the system if the operating system has problems
serious enough that it cann ot be used. The trap-doo r mech anism provid es enoug h access t o the system
so that if it is necessary, you can format the Flash file system, reinstall the operating system software
image by using the XM OD EM Pr otoc ol, re c over from a lo st or forgotte n pa ssword, an d finall y res tart
the operating system. For more information, see the “Recovering from Corrup ted So ftware” section on
page 27-2 and the “Recovering from a Lost or Forgotten Password” section on page 27-2.
Before you can assign switch information, make sure you have connected a PC or terminal to the console
port, and configured the PC or ter minal-e mulat ion software baud rate an d chara cter format to match
those of the switch console port. For more information, refer to the hardware installation guide that
shipped with your switch.
Assigning Switch Information
You can assign IP information through the switch setup program, through a Dynamic Host Configuration
Protocol (DHCP) server, or manually.
Use the switch setup program if you are a new user and want to be prompted for specific IP information.
With this program, you can also configure a host name and an enable secr et password. It gives you the
option of assigning a Telnet password (to provide security during remote management) and configuring
your switch as a command o r member s witch of a cluster or as a st andalone switch. F or more i nformation
about the setu p prog ram, r efe r to t he r ele as e note s o n C is co. com.
Use a DHCP server for centralized control and automatic assignment of IP information once the server
is configured.
Chapter 4 Assigning the Switch IP Address and Default Gateway
NoteIf you are using DHCP, do not respond to any of the questions in the setup program until the sw itch
receives the dynamically-assigned IP address and reads the configuration file.
Use the manual met hod of con figura tio n if y ou are a n expe rie nced u ser fam il iar w ith the swi tc h
configuration steps; o ther wise, use th e setup p ro gra m de scri bed e arl ier.
This section conta ins th is c onfiguratio n i nfor ma tion:
• Default Switch Informatio n, page 4-3
• Understanding DHCP-Based A utoconfigurat ion, page 4-3
• Manually Assigning I P In forma ti on, p age 4-1 0
Chapter 4 Assigning the Switch IP Addres s and Default Gateway
Default Switch Information
Table 4-1 shows the default switch information.
Table 4-1Default Switch Information
FeatureDefault Setting
IP address and subnet ma skNo IP address or su bnet m ask a re d efined.
Default gatewayNo default gateway is defined.
Enable secret passwordNo password is defined.
Host nameThe factory-assigned default host name is Switch.
Telnet passwordNo password is defined.
Cluster command switch functionalityDisabled.
Cluster nameNo cluster name is d efined.
Understanding DHCP-Based Autoconfiguration
Assigning Switch Information
The DHCP provides configuration information to Internet hosts and internetworking devices. This
protocol consists of t wo comp onent s: on e f or d elivering co nfigurati on p aram ete rs fro m a DHC P ser ver
to a device and a mechanism for allocating network addresses to devices. DHCP is built on a
client-server model, in whic h designa ted DHCP servers allo cate net work address es and deliver
configuration param ete rs to d ynami cal ly co nfigured devices.
During DHCP-based autoconfigur ation, you r switch (DH CP client) is au tomatica lly configured at
startup with IP address info rmati on and a co nfiguration file.
With DHCP-based autoconfiguration, no DHCP client-sid e configurati on is needed on your switc h.
However , you need to configure the DHCP server for various lease options associated with IP addresses.
If you are using D HC P to rel ay t he c on figurati on file loca tio n o n the net work, you mig ht al so ne ed to
configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server.
The DHCP server can be on the same LAN or on a different LAN than the switch. If the DHCP server
is running on a di fferent LAN , yo u sh ould c onfigure a D HCP r ela y. A relay device forward s b roadc as t
traffic between two directly connect ed LAN s. A router does not fo rward broa dcast packet s, but it
forwards packets based on the destination IP address in the received packet.
DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.
When you boot your swi tch , t he D HCP c li ent is invoked and auto mat ical ly r eque sts configura tion
information from a DHCP server when the configuration file is not present on the switch.
Figure 4-1 shows the sequence of message s tha t are e xcha nged betw een the DHC P clien t and th e DHCP
server.
Figure 4-1DHCP Client and Server Message Exchange
Switch A
The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP
server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP
address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.
DHCPDISCOVER (broadcast)
DHCPOFFER (unicast)
DHCPREQUEST (broadcast)
DHCPACK (unicast)
Chapter 4 Assigning the Switch IP Address and Default Gateway
DHCP server
51807
In a DHCPREQUEST br oadc ast me ssage , the cli ent ret urns a fo rm al r eque st f or the offered
configuration information to the DHCP server. The formal request is broadcast so that all other DHCP
servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP
addresses that they offered to the client.
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK
unicast message to the client. With this message, the client an d server are boun d, and the c lient use s
configuration information received from the server. The amount of information the switch receives
depends on how you configure the DHCP server. For more information, see the “Configuring the DHCP
Server” section on page 4-5.
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a
configuration error e xi sts), the cli en t returns a DHCPDECL INE broa dcast messa ge to the DHCP server.
The DHCP server sends the client a DHCPN AK denial broadcast message, which mean s that the of fered
configuration parameters have not been assigned, that an error has occurred during the negotiation of the
parameters, or that the client has been slow in responding to the DHCPOFFER message (the DHCP
server assigned the par am eters t o an othe r cl ien t).
A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any of the
offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is
not a guarantee that the IP address is allocated to the client; however, the server usually reserves the
address until the client has had a chance to formally request the address. If the switch accepts replies
from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to
obtain the switch configurati on file.
Chapter 4 Assigning the Switch IP Addres s and Default Gateway
Configuring the DHCP Server
You should configure the DHCP server with reserved leases that are bound to each switch by the switch
hardware address.
If you want the switch to recei ve IP address information, yo u must configure th e DHCP server with these
lease options:
• IP address of the client (requi red)
• Subnet mask of the client (requ ired)
• DNS server IP address (optional)
• Router IP address (d efaul t gat eway addres s t o be us ed by t he sw itch ) ( requ ir ed)
If you want the switch to receive the configuration file from a TFTP server, you must configure the
DHCP server with these lease options:
• TFTP server name (requ i red)
• Boot filename (the n ame of the con figurat ion file tha t the c lien t ne e ds) (r ec omme nde d)
• Host name (optiona l)
Depending on the settings of the DHCP server, the switch can receive IP address information, the
configuration file, or bot h.
Assigning Switch Information
If you do not configure the DHCP server w ith the leas e option s describe d earli er, it replies to client
requests with only those parameters that are configured. If the IP address and subnet mask are not in the
reply , the s witch is no t config ured. If th e router IP address o r TFTP ser ver name are not f ound, the swi tch
might send broadcast, instead of unicast, TFTP requests. Unavailability of other lease options does not
affect autoconfiguration .
The DHCP server can be on the same LAN or on a different LAN than the switch. If the DHCP server
is running on a di fferen t LAN , yo u shoul d configur e a DH CP r ela y. For more informat ion , see th e
“Configuring the Relay Device” section on page 4-6. If your DHCP server is a Cisco device, refer to the
“IP Addressing and Services” section in the Cisco IO S IP and IP Routi ng Configuration Guide f or
Release 12.1.
Configuring the TFTP Server
Based on the DHCP server configuration, the switch attempts to download one or more configuration
files from the TFTP server. If you configured the DHCP server to respond to the switch with all the
options required for IP connectivity to the TFTP server, and if you configured the DHCP server with a
TFTP server name, address, and configuration filename, the switch attempts to download the specified
configuration file from the specified TFTP server.
If you did not specify the configuration filename, the TFTP server, or if the configuration file could not
be downloaded, the switch attempts to download a configuration file by using various combinations of
filenames and TFTP serv er addresses. Th e file s include the specif ied conf igurati on file name (if any ) and
these files: network-config, cisconet.cfg, hostname.config, or hostname.cfg, whe re host nam e is the
switch’s current hostname. The TFTP server addresses used include the specified TFTP server address
(if any) and the broadcast add ress (255.2 55.255 .255).
For the switch to successfully download a configuration fi le, the TFTP server must contain one or more
configuration files in its b ase dire cto ry. The files can includ e thes e files:
• The configuration file named in the DHCP reply (t he actual sw itch co nfiguration file).
• The network-confg or the c isconet .cfg file (known as the defaul t configuration files).
• The router-confg or the cisc ortr.cfg file (These files contain comm ands com mon to all switche s.
If you specify the T FT P se rver na me i n the DH CP s erver-leas e da taba se, you m ust a lso co nfigure the
TFTP server name-to-IP-address mapping in the DNS-server database.
If the TFTP serve r to be used is on a dif ferent LAN f rom the switch, or if it is to be accessed b y the switch
through the broadcast addr ess (whic h occurs if the DHCP server respon se does not co ntain all t he
required information described earlier), a relay must be configured to forward the TFTP packets to the
TFTP server. For more information, see the “Configuring the Rela y Device” section on page 4-6. The
preferred solution is to configure the DHCP server with all the required information.
Configuring the DNS
The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must
configure the TFTP ser ver n ame- to-I P addr e ss map on the D NS server. The TFTP server contai ns t he
configuration files for the switch.
Chapter 4 Assigning the Switch IP Address and Default Gateway
Normally, if the DHCP and TFTP servers are properly configured, these files are not accessed.)
You can configure the IP addresses of th e DNS servers in the lea se database of the DHCP server from
where the DHCP replies will retrie v e them. You can enter up to two DNS server I P addresses in the lea se
database.
The DNS server can be on the same or on a different LAN as the switch. If it is on a different LAN, the
switch must be able to access it through a router.
Configuring the Relay Device
You must configure a relay device when a switch sen ds broadca st packets that nee d to be responde d to
by a host on a different LAN. Examples of broadcast packets that the switch might send are DHCP , DNS,
and in some cas es, T FTP pa ckets. You must configure this relay device to f or ward r ece ived broadc ast
packets on an interface to the destination host.
If the relay device is a Ci sco ro ut er, enable I P rou ting (ip routing global configur ati on co mman d), an d
configure helper add resse s by using the ip helper-address interface configuration co mm an d.
For example, in Figure 4- 2, configure t he route r interfaces as follows:
On interface 1 0. 0.0 .2:
router(config-if)# ip helper-address 20.0.0.2
router(config-if)# ip helper-address 20.0.0.3
router(config-if)# ip helper-address 20.0.0.4
Chapter 4 Assigning the Switch IP Addres s and Default Gateway
Figure 4-2Relay Device Used in Autoconfiguration
Assigning Switch Information
Switch
(DHCP client)
10.0.0.1
20.0.0.220.0.0.3
DHCP serverTFTP serverDNS server
Obtaining Configuration Files
Depending on the availability of the IP address and the configuration filename in the DHCP reserved
lease, the switch obtains its configuration information in these ways:
• The IP address and the co n figuration filename i s res er ved for the switch and provi de d in t he DHCP
reply (one-file read method).
The switch rece ives its IP addres s, subn et mas k, TFTP server add res s, and th e configur ation
filename from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve
the named configuration file from t he ba se d irec tor y o f th e se rver, and upon rec eip t, com pl etes its
boot-up process.
Cisco router
(Relay)
10.0.0.2
20.0.0.1
20.0.0.4
49068
• The IP address and the configuration filename is reserved for the switch, but the TFTP server
address is not provided in the DHCP reply (one-file read method).
The switch receives its IP address, subn et mask, and the configuratio n filename from t he DHCP
server. The switch sends a broadcast message to a TFTP server to retrieve the named configuration
file from the base di rec tory of the s erver, and upon rec eipt, c ompl ete s its boot -up pro cess.
• Only the IP address is reserved for the switch and provided in the DHCP reply. The configuration
filename is not provided (two-file read method).
The switch receives its IP address, subnet mask, and the TFTP server address from the DHCP server.
The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg
default configur ation file. (If the netw ork-confg file cann ot be read, the switch reads the cisconet.cfg
file.)
The default configuration file contains th e host names-t o-IP-ad dress mappi ng for the switch. Th e
switch fills its host table with the informati on in the file and obtains its host name. If the host name
is not found in the file, the swi tc h us es t he h ost n ame in th e DHCP re ply. If the host na me i s n ot
specified in the DHCP reply, the switch uses the default Switch as its host name.
After obtaining its host name from the default config uration file or the DHCP reply, the switch reads
the configuration file that has the same name as its host name (hostname-confg or hostnam e.cfg,
depending on whether network-confg or cisconet.cfg was read earlier) from the TFTP server. If the
cisconet.cfg file is read, the filename of the host is truncated to eight characters.
If the switch ca nno t re ad t he ne twork- co nfg, ci scon et. cf g, or t he h ost name file, i t read s t he
router-confg file. If the switc h cannot rea d the rou ter-confg file, it re ads the ci scortr.cfg file.
NoteThe switch broadcasts TFTP server requests if the TFTP server is not obtained from the DHCP replies,
if all attempts to read the configuration file through unicast transmissions fail, or if the TFTP server
name cannot be r eso lved t o an I P a ddr ess.
Example Configuration
Figure 4-3 shows a sample network for retrieving IP information by using DHCP-based autoconfiguration.
Figure 4-3DHCP-Based Autoconfiguration Network Example
Chapter 4 Assigning the Switch IP Address and Default Gateway
Switch 1
00e0.9f1e.2001
Cisco router
10.0.0.10
DHCP serverDNS serverTFTP server
Switch 2
00e0.9f1e.2002
10.0.0.1
Switch 3
00e0.9f1e.2003
10.0.0.210.0.0.3
(maritsu)
Switch 4
00e0.9f1e.2004
49066
Table 4-2 shows the configuration of the reserved leases on the DHCP server.
(hardware address)
IP ad dres s10.0.0.2110.0.0.2210.0.0.2310.0.0.24
Subn e t mask255.255.255.0255.255.255.0255.255.255.0255.255.255.0
Router address10.0.0.101 0.0.0 .1010.0.0.1010.0.0.10
DNS server addre ss10.0.0.210.0.0.210.0.0.210.0.0.2
TFTP server namemaritsu or 10.0.0.3m aritsu or 10.0. 0.3maritsu or 10.0.0.3maritsu or 10.0.0.3
Boot filename
switch1-confgswitch2-confgswit ch3- co nfgswitch4-confg
(configuration file)
(optional)
Chapter 4 Assigning the Switch IP Addres s and Default Gateway
DNS Server Configuration
The DNS server maps th e TFT P server nam e mar i tsu to IP address 10.0.0.3 .
TFTP Server Configuration (on UNIX)
The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file
used in the two-file read method. This file contains the host name to be assigned to the switch based on
its IP address. The base director y also conta ins a configurat ion file for each switc h (switch1-confg, switch2-confg, and so forth) as shown in this display:
prompt> cd /tftpserver/work/
prompt> ls
network-confg
switch1-confg
switch2-confg
switch3-confg
switch4-confg
prompt> cat network-confg
ip host switch1 10.0.0.21
ip host switch2 10.0.0.22
ip host switch3 10.0.0.23
ip host switch4 10.0.0.24
Assigning Switch Information
DHCP Client Configuration
No configuration file is pres ent o n Sw itch 1 thr ough Sw itch 4.
Configuration Explanation
In Figure 4-3, Switch 1 reads its configuration file as follows:
• It obtains its I P add re ss 10 .0.0 .21 f rom th e D HC P ser ver.
• If no configuration filen ame is g iven in th e DHC P se rver re ply, Switch 1 read s t he n etwor k-co nfg
file from the base dire cto ry of t he T FT P se rver.
• It adds the contents of the network-confg file to its host table.
• It reads its host ta ble by indexing i ts I P a ddress 10 .0. 0.21 t o its host na me (swi tch1) .
• It reads the configu ratio n file that corresponds to its host name; for e x ampl e, it re ads switch1-confg
from the TFTP server.
Switches 2 through 4 r etr ieve their co nfiguration files and I P a ddresse s in the same way.
Beginning in privileged EXEC mode, follow these steps to manually assign IP information to multiple
switched virtual int erfa ces ( SV Is) or po rts:
CommandPurpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminalEnter global configuration mod e.
interface vlan vlan-idEnter interface configuration mode, and enter the VLAN to which th e IP
information is a ssigne d. T he ran ge is 1 t o 4094 w h en the enh an ced
software image is installe d and 1 to 1001 wh en the stand ard soft ware
image is installed; do not enter leading zeros.
ip address ip-address subnet-maskEnter the IP address and subnet ma sk.
exitReturn to global configur ation m ode.
ip default-gateway ip-addressEnt er th e IP a ddress of the n ext-hop ro uter int erfa ce t hat is di rec tly
connected to the switch where a default gateway is being configured. The
default gateway receives IP packets w ith un re solved d estina ti on IP
addresses from the switch.
Once the default ga teway is configure d, the switch has co nnectivity t o the
remote networks with which a host needs to communicate.
Chapter 4 Assigning the Switch IP Address and Default Gateway
NoteWhen your switch is config ured t o route with IP, it does not need
to have a default gateway set.
Step 6
Step 7
Step 8
endReturn to privileged EXEC mode.
show running-configVerify your e ntri es.
copy running-config startup-config(Optional) Save your entries in the configurati on file.
To remove the switch IP address, use the no ip address interface configuratio n comma nd. If yo u are
removing the address through a Telnet session, your connection to the switch will be lo st. To remove the
default gateway address, us e t he no ip default-gateway global configura tion comma nd.
For information on setting the switch system name, protecting access to privileged EXEC commands,
and setting time and cale ndar ser vices, see Chapter 7, “Administering the Switch. ”
Checking and Saving the Running Configuratio n
You can check the configurati on sett ings you enter ed or chang es you mad e by entering th is privileged
EXEC command:
Switch# show running-config
Building configuration...
Current configuration : 2081 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers