Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7816881=
Text Part Number: 78-16881-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn,
and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet
Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise,
the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX,
Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0502R)
Cisco Technical Support & Documentation Websitexxxii
Submitting a Service Requestxxxii
Definitions of Service Request Severityxxxiii
Obtaining Additional Publications and Informationxxxiii
1Overview1-1
Features1-1
Ease-of-Use and Ease-of-Deployment Features1-2
Performance Features1-3
Management Options1-3
Manageability Features1-4
Availability Features1-5
VLAN Features1-6
Security Features1-6
QoS and CoS Features1-7
Monitoring Features1-8
Default Settings After Initial Switch Configuration1-8
78-16881-01
Network Configuration Examples1-11
Design Concepts for Using the Switch1-11
Small to Medium-Sized Network Using Catalyst 2960 Switches1-14
Long-Distance, High-Bandwidth Transport Configuration1-15
Catalyst 2960 Switch Software Configuration Guide
iii
Contents
Where to Go Next1-16
CHAPTER
2Using the Command-Line Interface2-1
Understanding Command Modes2-1
Understanding the Help System2-3
Understanding Abbreviated Commands2-4
Understanding no and default Forms of Commands2-4
Understanding CLI Error Messages2-5
Using Command History2-5
Changing the Command History Buffer Size2-5
Recalling Commands2-6
Disabling the Command History Feature2-6
Using Editing Features2-6
Enabling and Disabling Editing Features2-7
Editing Commands through Keystrokes2-7
Editing Command Lines that Wrap2-8
Searching and Filtering Output of show and more Commands2-9
Accessing the CLI2-9
Accessing the CLI through a Console Connection or through Telnet2-10
CHAPTER
3Assigning the Switch IP Address and Default Gateway3-1
DHCP Server Configuration Guidelines3-5
Configuring the TFTP Server3-5
Configuring the DNS3-6
Configuring the Relay Device3-6
Obtaining Configuration Files3-7
Example Configuration3-8
Manually Assigning IP Information3-9
Checking and Saving the Running Configuration3-10
Modifying the Startup Configuration3-11
Default Boot Configuration3-12
Automatically Downloading a Configuration File3-12
iv
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Specifying the Filename to Read and Write the System Configuration3-12
Booting Manually3-13
Booting a Specific Software Image3-13
Controlling Environment Variables3-14
Scheduling a Reload of the Software Image3-15
Configuring a Scheduled Reload3-16
Displaying Scheduled Reload Information3-17
Contents
CHAPTER
4Configuring IE2100 CNS Agents4-1
Understanding IE2100 Series Configuration Registrar Software4-1
CNS Configuration Service4-2
CNS Event Service4-3
NameSpace Mapper4-3
What You Should Know About ConfigID, DeviceID, and Hostname4-3
ConfigID4-3
DeviceID4-4
Hostname and DeviceID4-4
Using Hostname, DeviceID, and ConfigID4-4
Enabling Automated CNS Configuration4-6
Enabling the CNS Event Agent4-8
Enabling the CNS Configuration Agent4-9
Enabling an Initial Configuration4-9
Enabling a Partial Configuration4-12
CHAPTER
78-16881-01
Displaying CNS Configuration4-13
5Clustering Switches5-1
Understanding Switch Clusters5-1
Clustering Overview5-1
Cluster Command Switch Characteristics5-2
Standby Cluster Command Switch Characteristics5-2
Candidate Switch and Cluster Member Switch Characteristics5-3
Using the CLI to Manage Switch Clusters5-3
Catalyst 1900 and Catalyst 2820 CLI Considerations5-4
Using SNMP to Manage Switch Clusters5-4
Catalyst 2960 Switch Software Configuration Guide
v
Contents
CHAPTER
6Administering the Switch6-1
Managing the System Time and Date6-1
Understanding the System Clock 6-2
Understanding Network Time Protocol6-2
Configuring NTP6-4
Default NTP Configuration6-4
Configuring NTP Authentication6-5
Configuring NTP Associations6-6
Configuring NTP Broadcast Service6-7
Configuring NTP Access Restrictions6-8
Configuring the Source IP Address for NTP Packets6-10
Displaying the NTP Configuration6-11
Configuring Time and Date Manually6-11
Setting the System Clock6-11
Displaying the Time and Date Configuration6-12
Configuring the Time Zone 6-12
Configuring Summer Time (Daylight Saving Time)6-13
Configuring a System Name and Prompt6-14
Default System Name and Prompt Configuration6-15
Configuring a System Name6-15
Understanding DNS6-15
Default DNS Configuration6-16
Setting Up DNS6-16
Displaying the DNS Configuration6-17
vi
Creating a Banner6-17
Default Banner Configuration6-17
Configuring a Message-of-the-Day Login Banner6-18
Configuring a Login Banner6-18
Managing the MAC Address Table6-19
Building the Address Table6-20
MAC Addresses and VLANs6-20
Default MAC Address Table Configuration6-20
Changing the Address Aging Time6-21
Removing Dynamic Address Entries6-21
Configuring MAC Address Notification Traps6-21
Adding and Removing Static Address Entries6-23
Configuring Unicast MAC Address Filtering6-24
Displaying Address Table Entries6-25
Default Password and Privilege Level Configuration8-2
Setting or Changing a Static Enable Password8-3
Protecting Enable and Enable Secret Passwords with Encryption8-3
Disabling Password Recovery8-5
Setting a Telnet Password for a Terminal Line8-6
Configuring Username and Password Pairs8-7
Configuring Multiple Privilege Levels8-8
Setting the Privilege Level for a Command8-8
Changing the Default Privilege Level for Lines8-9
Logging into and Exiting a Privilege Level8-10
Default TACACS+ Configuration8-13
Identifying the TACACS+ Server Host and Setting the Authentication Key8-13
Configuring TACACS+ Login Authentication8-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services8-16
Starting TACACS+ Accounting8-17
Default RADIUS Configuration8-20
Identifying the RADIUS Server Host 8-20
Configuring RADIUS Login Authentication8-23
Defining AAA Server Groups8-25
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
vii
Contents
Configuring RADIUS Authorization for User Privileged Access and Network Services8-27
Starting RADIUS Accounting8-28
Configuring Settings for All RADIUS Servers8-29
Configuring the Switch to Use Vendor-Specific RADIUS Attributes8-29
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication8-30
Displaying the RADIUS Configuration8-31
Configuring the Switch for Local Authentication and Authorization8-32
Configuring the Switch for Secure Shell8-33
Understanding SSH8-33
SSH Servers, Integrated Clients, and Supported Versions8-33
Limitations8-34
Configuring SSH8-34
Configuration Guidelines8-34
Setting Up the Switch to Run SSH8-35
Configuring the SSH Server8-36
Displaying the SSH Configuration and Status8-36
CHAPTER
Configuring the Switch for Secure Socket Layer HTTP8-37
Default SSL Configuration8-39
SSL Configuration Guidelines8-40
Configuring a CA Trustpoint8-40
Configuring the Secure HTTP Server8-41
Configuring the Secure HTTP Client8-42
Displaying Secure HTTP Server and Client Status8-43
Device Roles9-2
Authentication Initiation and Message Exchange9-3
Ports in Authorized and Unauthorized States9-4
IEEE 802.1x Accounting9-5
IEEE 802.1x Accounting Attribute-Value Pairs9-5
IEEE 802.1x Host Mode9-6
Using IEEE 802.1x with Port Security9-7
Using IEEE 802.1x with Voice VLAN Ports9-8
viii
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Using IEEE 802.1x with VLAN Assignment9-8
Using IEEE 802.1x with Guest VLAN9-10
Configuring IEEE 802.1x Authentication9-10
Default IEEE 802.1x Configuration9-11
IEEE 802.1x Configuration Guidelines9-12
Configuring IEEE 802.1x Authentication9-12
Configuring the Switch-to-RADIUS-Server Communication9-14
Configuring Periodic Re-Authentication9-15
Manually Re-Authenticating a Client Connected to a Port9-15
Changing the Quiet Period9-16
Changing the Switch-to-Client Retransmission Time9-16
Setting the Switch-to-Client Frame-Retransmission Number9-17
Setting the Re-Authentication Number9-17
Configuring the Host Mode9-18
Configuring a Guest VLAN9-19
Resetting the IEEE 802.1x Configuration to the Default Values9-20
Configuring IEEE 802.1x Accounting9-21
Contents
CHAPTER
Displaying IEEE 802.1x Statistics and Status9-22
10Configuring Interface Characteristics10-1
Understanding Interface Types10-1
Port-Based VLANs10-2
Switch Ports10-2
Access Ports10-2
Trunk Ports10-3
EtherChannel Port Groups10-3
Dual-Purpose Uplink Ports10-4
Connecting Interfaces10-4
Using Interface Configuration Mode10-4
Procedures for Configuring Interfaces10-5
Configuring a Range of Interfaces10-6
Configuring and Using Interface Range Macros10-7
Configuring Ethernet Interfaces10-9
Default Ethernet Interface Configuration10-9
Configuring Interface Speed and Duplex Mode10-10
Speed and Duplex Configuration Guidelines10-11
Setting the Type of a Dual-Purpose Uplink Port10-11
Setting the Interface Speed and Duplex Parameters10-13
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
ix
Contents
Configuring IEEE 802.3x Flow Control10-14
Configuring Auto-MDIX on an Interface10-15
Adding a Description for an Interface10-16
Configuring the System MTU10-16
Monitoring and Maintaining the Interfaces10-18
Monitoring Interface Status10-18
Clearing and Resetting Interfaces and Counters10-19
Shutting Down and Restarting the Interface10-19
VLAN Configuration in VLAN Database Configuration Mode12-6
Saving VLAN Configuration12-6
Default Ethernet VLAN Configuration12-7
Creating or Modifying an Ethernet VLAN12-8
Deleting a VLAN12-9
Assigning Static-Access Ports to a VLAN12-10
VTP Configuration in Global Configuration Mode13-7
VTP Configuration in VLAN Database Configuration Mode13-7
VTP Configuration Guidelines13-8
Domain Names13-8
Passwords13-8
VTP Version13-8
Configuration Requirements13-9
Configuring a VTP Server13-9
Configuring a VTP Client13-11
Disabling VTP (VTP Transparent Mode)13-12
Enabling VTP Version 213-13
Enabling VTP Pruning13-14
Adding a VTP Client Switch to a VTP Domain13-14
Monitoring VTP13-16
CHAPTER
CHAPTER
14Configuring Voice VLAN14-1
Understanding Voice VLAN14-1
Cisco IP Phone Voice Traffic14-2
Cisco IP Phone Data Traffic14-2
Configuring Voice VLAN14-3
Default Voice VLAN Configuration14-3
Voice VLAN Configuration Guidelines14-3
Configuring a Port Connected to a Cisco 7960 IP Phone14-4
Configuring IP Phone Voice Traffic14-5
Configuring the Priority of Incoming Data Frames14-6
Displaying Voice VLAN14-6
15Configuring STP15-1
Understanding Spanning-Tree Features15-1
STP Overview15-2
Spanning-Tree Topology and BPDUs15-3
Bridge ID, Switch Priority, and Extended System ID15-4
Spanning-Tree Interface States15-4
Blocking State15-6
Listening State15-6
Learning State15-6
Forwarding State15-6
Disabled State15-7
xii
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
How a Switch or Port Becomes the Root Switch or Root Port15-7
Spanning Tree and Redundant Connectivity15-8
Spanning-Tree Address Management15-8
Accelerated Aging to Retain Connectivity15-8
Spanning-Tree Modes and Protocols15-9
Supported Spanning-Tree Instances15-9
Spanning-Tree Interoperability and Backward Compatibility15-10
STP and IEEE 802.1Q Trunks15-10
Configuring Spanning-Tree Features15-10
Default Spanning-Tree Configuration15-11
Spanning-Tree Configuration Guidelines15-11
Changing the Spanning-Tree Mode.15-12
Disabling Spanning Tree15-13
Configuring the Root Switch15-14
Configuring a Secondary Root Switch15-15
Configuring Port Priority15-16
Configuring Path Cost15-17
Configuring the Switch Priority of a VLAN15-19
Configuring Spanning-Tree Timers15-19
Configuring the Hello Time15-20
Configuring the Forwarding-Delay Time for a VLAN15-21
Configuring the Maximum-Aging Time for a VLAN15-21
Contents
CHAPTER
Displaying the Spanning-Tree Status15-22
16Configuring MSTP16-1
Understanding MSTP16-2
Multiple Spanning-Tree Regions16-2
IST, CIST, and CST16-3
Operations Within an MST Region16-3
Operations Between MST Regions16-4
Hop Count16-5
Boundary Ports16-5
Interoperability with IEEE 802.1D STP16-5
Understanding RSTP16-6
Port Roles and the Active Topology16-6
Rapid Convergence16-7
Synchronization of Port Roles16-8
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
xiii
Contents
Bridge Protocol Data Unit Format and Processing16-9
Processing Superior BPDU Information16-10
Processing Inferior BPDU Information16-10
Topology Changes16-10
Configuring MSTP Features16-11
Default MSTP Configuration16-11
MSTP Configuration Guidelines16-12
Specifying the MST Region Configuration and Enabling MSTP16-13
Configuring the Root Switch16-14
Configuring a Secondary Root Switch16-15
Configuring Port Priority 16-16
Configuring Path Cost16-17
Configuring the Switch Priority16-18
Configuring the Hello Time16-19
Configuring the Forwarding-Delay Time16-20
Configuring the Maximum-Aging Time16-20
Configuring the Maximum-Hop Count16-21
Specifying the Link Type to Ensure Rapid Transitions16-21
Restarting the Protocol Migration Process16-22
Default DHCP Configuration19-7
DHCP Snooping Configuration Guidelines19-7
Configuring the DHCP Relay Agent 19-8
Enabling DHCP Snooping and Option 8219-9
Enabling the DHCP Snooping Binding Database Agent19-10
CHAPTER
78-16881-01
Displaying DHCP Snooping Information19-11
20Configuring IGMP Snooping and MVR20-1
Understanding IGMP Snooping20-1
IGMP Versions20-2
Joining a Multicast Group20-3
Leaving a Multicast Group20-4
Immediate Leave 20-5
IGMP Configurable-Leave Timer20-5
IGMP Report Suppression20-5
Catalyst 2960 Switch Software Configuration Guide
xv
Contents
Configuring IGMP Snooping20-6
Default IGMP Snooping Configuration20-6
Enabling or Disabling IGMP Snooping20-6
Setting the Snooping Method20-7
Configuring a Multicast Router Port20-8
Configuring a Host Statically to Join a Group20-9
Enabling IGMP Immediate Leave20-9
Configuring the IGMP Leave Timer20-10
Configuring TCN-Related Commands20-11
Controlling the Multicast Flooding Time After a TCN Event20-11
Recovering from Flood Mode20-12
Disabling Multicast Flooding During a TCN Event20-12
Configuring the IGMP Snooping Querier20-13
Disabling IGMP Report Suppression20-14
Displaying IGMP Snooping Information20-14
CHAPTER
Understanding Multicast VLAN Registration20-16
Using MVR in a Multicast Television Application20-16
Configuring MVR20-18
Default MVR Configuration20-18
MVR Configuration Guidelines and Limitations20-18
Configuring MVR Global Parameters20-19
Configuring MVR Interfaces20-20
Displaying MVR Information20-21
Configuring IGMP Filtering and Throttling20-22
Default IGMP Filtering and Throttling Configuration20-23
Configuring IGMP Profiles20-23
Applying IGMP Profiles20-24
Setting the Maximum Number of IGMP Groups20-25
Configuring the IGMP Throttling Action20-25
Displaying IGMP Filtering and Throttling Configuration20-27
21Configuring Port-Based Traffic Control21-1
Configuring Storm Control21-1
Understanding Storm Control21-1
Default Storm Control Configuration21-3
Configuring Storm Control and Threshold Levels21-3
xvi
Configuring Protected Ports21-5
Default Protected Port Configuration21-5
Protected Port Configuration Guidelines21-6
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Configuring a Protected Port21-6
Configuring Port Blocking21-6
Default Port Blocking Configuration21-6
Blocking Flooded Traffic on an Interface21-7
Configuring Port Security21-7
Understanding Port Security21-8
Secure MAC Addresses21-8
Security Violations21-9
Default Port Security Configuration21-10
Port Security Configuration Guidelines21-10
Enabling and Configuring Port Security21-11
Enabling and Configuring Port Security Aging21-15
Displaying Port-Based Traffic Control Settings21-16
Contents
CHAPTER
CHAPTER
22Configuring CDP22-1
Understanding CDP22-1
Configuring CDP22-2
Default CDP Configuration22-2
Configuring the CDP Characteristics22-2
Disabling and Enabling CDP22-3
Disabling and Enabling CDP on an Interface22-4
Monitoring and Maintaining CDP22-5
23Configuring SPAN and RSPAN23-1
Understanding SPAN and RSPAN23-1
Local SPAN23-2
Remote SPAN23-2
SPAN and RSPAN Concepts and Terminology23-3
SPAN Sessions23-3
Monitored Traffic23-4
Source Ports23-5
Source VLANs23-6
VLAN Filtering23-6
Destination Port23-6
RSPAN VLAN23-8
SPAN and RSPAN Interaction with Other Features23-8
78-16881-01
Configuring SPAN and RSPAN23-9
Default SPAN and RSPAN Configuration23-9
Configuring Local SPAN23-10
Catalyst 2960 Switch Software Configuration Guide
xvii
Contents
SPAN Configuration Guidelines23-10
Creating a Local SPAN Session23-10
Creating a Local SPAN Session and Configuring Incoming Traffic23-13
Specifying VLANs to Filter23-15
Configuring RSPAN23-16
RSPAN Configuration Guidelines23-16
Configuring a VLAN as an RSPAN VLAN23-17
Creating an RSPAN Source Session23-18
Creating an RSPAN Destination Session23-19
Creating an RSPAN Destination Session and Configuring Incoming Traffic23-20
Specifying VLANs to Filter23-22
Displaying SPAN and RSPAN Status23-23
CHAPTER
CHAPTER
24Configuring UDLD24-1
Understanding UDLD24-1
Modes of Operation24-1
Methods to Detect Unidirectional Links24-2
Configuring UDLD24-4
Default UDLD Configuration24-4
Configuration Guidelines24-4
Enabling UDLD Globally24-5
Enabling UDLD on an Interface24-5
Resetting an Interface Disabled by UDLD24-6
Displaying UDLD Status24-6
25Configuring RMON25-1
Understanding RMON25-1
Configuring RMON25-2
Default RMON Configuration25-3
Configuring RMON Alarms and Events25-3
Collecting Group History Statistics on an Interface25-5
Collecting Group Ethernet Statistics on an Interface25-6
CHAPTER
xviii
Displaying RMON Status25-6
26Configuring System Message Logging26-1
Understanding System Message Logging26-1
Configuring System Message Logging26-2
System Log Message Format26-2
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Default System Message Logging Configuration26-3
Disabling Message Logging26-3
Setting the Message Display Destination Device26-4
Synchronizing Log Messages26-5
Enabling and Disabling Time Stamps on Log Messages26-7
Enabling and Disabling Sequence Numbers in Log Messages26-7
Defining the Message Severity Level26-8
Limiting Syslog Messages Sent to the History Table and to SNMP26-9
Configuring UNIX Syslog Servers26-10
Logging Messages to a UNIX Syslog Daemon26-11
Configuring the UNIX System Logging Facility26-11
Displaying the Logging Configuration26-12
Contents
CHAPTER
27Configuring SNMP27-1
Understanding SNMP27-1
SNMP Versions27-2
SNMP Manager Functions27-3
SNMP Agent Functions27-4
SNMP Community Strings27-4
Using SNMP to Access MIB Variables 27-4
SNMP Notifications27-5
SNMP ifIndex MIB Object Values27-5
Configuring SNMP27-6
Default SNMP Configuration27-6
SNMP Configuration Guidelines27-7
Disabling the SNMP Agent27-8
Configuring Community Strings27-8
Configuring SNMP Groups and Users27-9
Configuring SNMP Notifications27-11
Setting the Agent Contact and Location Information27-14
Limiting TFTP Servers Used Through SNMP27-15
SNMP Examples27-15
CHAPTER
78-16881-01
Displaying SNMP Status27-16
28Configuring Network Security with ACLs28-1
Understanding ACLs28-1
Port ACLs28-2
Handling Fragmented and Unfragmented Traffic28-3
Catalyst 2960 Switch Software Configuration Guide
xix
Contents
Configuring IPv4 ACLs28-4
Creating Standard and Extended IPv4 ACLs28-5
Access List Numbers28-6
Creating a Numbered Standard ACL28-7
Creating a Numbered Extended ACL28-8
Resequencing ACEs in an ACL28-12
Creating Named Standard and Extended ACLs28-12
Using Time Ranges with ACLs28-14
Including Comments in ACLs28-15
Applying an IPv4 ACL to a Terminal Line28-16
Applying an IPv4 ACL to an Interface28-17
Hardware and Software Treatment of IP ACLs28-17
IPv4 ACL Configuration Examples28-18
Numbered ACLs28-18
Extended ACLs28-18
Named ACLs28-19
Time Range Applied to an IP ACL28-19
Commented IP ACL Entries28-19
CHAPTER
Creating Named MAC Extended ACLs28-20
Applying a MAC ACL to a Layer 2 Interface28-21
Displaying IPv4 ACL Configuration28-22
29Configuring QoS29-1
Understanding QoS29-1
Basic QoS Model29-3
Classification29-5
Classification Based on QoS ACLs29-7
Classification Based on Class Maps and Policy Maps29-7
Policing and Marking29-8
Policing on Physical Ports29-9
Mapping Tables29-10
Queueing and Scheduling Overview29-11
Weighted Tail Drop29-12
SRR Shaping and Sharing29-12
Queueing and Scheduling on Ingress Queues29-13
Queueing and Scheduling on Egress Queues29-15
Packet Modification29-18
xx
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Configuring Auto-QoS29-19
Generated Auto-QoS Configuration29-19
Effects of Auto-QoS on the Configuration29-24
Auto-QoS Configuration Guidelines29-24
Enabling Auto-QoS for VoIP29-25
Auto-QoS Configuration Example29-26
General QoS Guidelines29-32
Enabling QoS Globally29-32
Configuring Classification Using Port Trust States29-32
Configuring the Trust State on Ports within the QoS Domain29-33
Configuring the CoS Value for an Interface29-34
Configuring a Trusted Boundary to Ensure Port Security29-35
Enabling DSCP Transparency Mode29-36
Configuring the DSCP Trust State on a Port Bordering Another QoS Domain29-37
Configuring a QoS Policy29-39
Classifying Traffic by Using ACLs29-40
Classifying Traffic by Using Class Maps29-43
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps 29-45
Classifying, Policing, and Marking Traffic by Using Aggregate Policers29-48
Configuring DSCP Maps29-51
Configuring the CoS-to-DSCP Map29-51
Configuring the IP-Precedence-to-DSCP Map29-52
Configuring the Policed-DSCP Map29-53
Configuring the DSCP-to-CoS Map29-54
Configuring the DSCP-to-DSCP-Mutation Map29-55
Configuring Ingress Queue Characteristics29-57
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds29-57
Allocating Buffer Space Between the Ingress Queues29-59
Allocating Bandwidth Between the Ingress Queues29-60
Configuring the Ingress Priority Queue29-61
Contents
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
xxi
Contents
Configuring Egress Queue Characteristics29-62
Configuration Guidelines29-62
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set29-62
Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID29-64
Configuring SRR Shaped Weights on Egress Queues29-66
Configuring SRR Shared Weights on Egress Queues29-67
Configuring the Egress Expedite Queue29-68
Limiting the Bandwidth on an Egress Interface29-68
Displaying Standard QoS Information29-69
CHAPTER
30Configuring EtherChannels30-1
Understanding EtherChannels30-1
EtherChannel Overview30-2
Port-Channel Interfaces30-3
Port Aggregation Protocol30-4
PAgP Modes30-4
PAgP Interaction with Other Features30-5
Link Aggregation Control Protocol30-5
LACP Modes30-5
LACP Interaction with Other Features30-6
EtherChannel On Mode30-6
Load Balancing and Forwarding Methods30-6
Displaying EtherChannel, PAgP, and LACP Status30-16
31Troubleshooting31-1
Recovering from a Software Failure31-2
Recovering from a Lost or Forgotten Password31-3
Procedure with Password Recovery Enabled31-4
Procedure with Password Recovery Disabled31-6
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Recovering from a Command Switch Failure31-7
Replacing a Failed Command Switch with a Cluster Member31-8
Replacing a Failed Command Switch with Another Switch31-9
Recovering from Lost Cluster Member Connectivity31-11
Preventing Autonegotiation Mismatches31-11
SFP Module Security and Identification31-11
Monitoring SFP Module Status31-12
Using Ping31-12
Understanding Ping 31-12
Executing Ping31-13
Using Layer 2 Traceroute31-13
Understanding Layer 2 Traceroute31-14
Usage Guidelines31-14
Displaying the Physical Path31-15
Contents
APPENDIX
APPENDIX
Using IP Traceroute31-15
Understanding IP Traceroute 31-15
Executing IP Traceroute31-16
Using TDR31-17
Understanding TDR31-17
Running TDR and Displaying the Results31-17
Using Debug Commands31-18
Enabling Debugging on a Specific Feature31-18
Enabling All-System Diagnostics31-19
Redirecting Debug and Error Message Output31-19
Using the show platform forward Command31-19
Using the crashinfo File31-21
ASupported MIBsA-1
MIB ListA-1
Using FTP to Access the MIB FilesA-3
BWorking with the Cisco IOS File System, Configuration Files, and Software ImagesB-1
78-16881-01
Working with the Flash File SystemB-1
Displaying Available File SystemsB-2
Setting the Default File SystemB-3
Displaying Information about Files on a File SystemB-3
Changing Directories and Displaying the Working DirectoryB-3
Creating and Removing DirectoriesB-4
Catalyst 2960 Switch Software Configuration Guide
xxiii
Contents
Copying FilesB-4
Deleting FilesB-5
Creating, Displaying, and Extracting tar FilesB-5
Creating a tar FileB-6
Displaying the Contents of a tar FileB-6
Extracting a tar FileB-7
Displaying the Contents of a FileB-8
Working with Configuration FilesB-8
Guidelines for Creating and Using Configuration FilesB-9
Configuration File Types and LocationB-9
Creating a Configuration File By Using a Text EditorB-10
Copying Configuration Files By Using TFTPB-10
Preparing to Download or Upload a Configuration File By Using TFTPB-10
Downloading the Configuration File By Using TFTPB-11
Uploading the Configuration File By Using TFTPB-11
Copying Configuration Files By Using FTPB-12
Preparing to Download or Upload a Configuration File By Using FTPB-13
Downloading a Configuration File By Using FTPB-13
Uploading a Configuration File By Using FTPB-14
Copying Configuration Files By Using RCPB-15
Preparing to Download or Upload a Configuration File By Using RCPB-16
Downloading a Configuration File By Using RCPB-17
Uploading a Configuration File By Using RCPB-18
Clearing Configuration InformationB-18
Clearing the Startup Configuration FileB-19
Deleting a Stored Configuration FileB-19
xxiv
Working with Software ImagesB-19
Image Location on the SwitchB-20
tar File Format of Images on a Server or Cisco.comB-20
Copying Image Files By Using TFTPB-21
Preparing to Download or Upload an Image File By Using TFTPB-21
Downloading an Image File By Using TFTPB-22
Uploading an Image File By Using TFTPB-24
Copying Image Files By Using FTPB-24
Preparing to Download or Upload an Image File By Using FTPB-25
Downloading an Image File By Using FTPB-26
Uploading an Image File By Using FTPB-28
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Copying Image Files By Using RCPB-29
Preparing to Download or Upload an Image File By Using RCPB-29
Downloading an Image File By Using RCPB-31
Uploading an Image File By Using RCPB-32
Contents
APPENDIX
APPENDIX
CRecommendations for Upgrading a Catalyst 2950 Switch to a Catalyst 2960 SwitchC-1
Configuration Compatibility IssuesC-1
Feature Behavior IncompatibilitiesC-5
DUnsupported Commands in Cisco IOS Release 12.2(25)FXD-1
Access Control ListsD-1
Unsupported Privileged EXEC CommandsD-1
Unsupported Global Configuration CommandsD-1
Unsupported Privileged EXEC CommandsD-2
Unsupported Global Configuration CommandsD-3
78-16881-01
MiscellaneousD-3
Unsupported Privileged EXEC CommandsD-3
Unsupported Global Configuration CommandsD-3
Network Address Translation (NAT) CommandsD-3
Unsupported Privileged EXEC CommandsD-3
QoSD-3
Unsupported Global Configuration CommandsD-3
Unsupported Interface Configuration CommandsD-4
RADIUSD-4
Unsupported Global Configuration CommandsD-4
SNMPD-4
Unsupported Global Configuration CommandsD-4
Catalyst 2960 Switch Software Configuration Guide
xxv
I
NDEX
Contents
Spanning TreeD-4
Unsupported Global Configuration CommandD-4
Unsupported Interface Configuration CommandD-4
VLAND-4
Unsupported Global Configuration CommandsD-4
Unsupported vlan-config CommandD-5
Unsupported User EXEC CommandsD-5
VTPD-5
Unsupported Privileged EXEC CommandsD-5
xxvi
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Audience
Purpose
Preface
This guide is for the networking professional managing the Catalyst 2960 switch, hereafter referred to
as the switch. Before using this guide, you should have experience working with the Cisco IOS software
and be familiar with the concepts and terminology of Ethernet and local area networking.
This guide provides the information that you need to configure Cisco IOS software features on your
switch. The Catalyst 2960 software provides enterprise-class intelligent services such as access control
lists (ACLs) and quality of service (QoS) features.
This guide provides procedures for using the commands that have been created or changed for use with
the Catalyst 2960 switch. It does not provide detailed information about these commands. For detailed
information about these commands, see the Catalyst 2960 Switch Command Reference for this release.
For information about the standard Cisco IOS Release 12.2 commands, see the Cisco IOS documentation
set available from the Cisco.com home page at Technical Support & Documentation > Cisco IOS Software.
This guide does not provide detailed information on the graphical user interfaces (GUIs) for the
embedded device manager or for Cisco Network Assistant (hereafter referred to as Network Assistant)
that you can use to manage the switch. However, the concepts in this guide are applicable to the GUI
user. For information about the device manager, see the switch online help. For information about
Network Assistant, see Getting Started with Cisco Network Assistant, available on Cisco.com
This guide does not describe system messages you might encounter or how to install your switch. For
more information, see the Catalyst 2960 Switch System Message Guide for this release and to the
Catalyst 2960 Switch Hardware Installation Guide.
For documentation updates, see the release notes for this release.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
xxvii
Conventions
Conventions
This publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
Interactive examples use these conventions:
Notes, cautions, and timesavers use these conventions and symbols:
Preface
• Commands and keywords are in boldface text.
• Arguments for which you supply values are in italic.
• Square brackets ([ ]) mean optional elements.
• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
• Terminal sessions and system displays are in screen font.
• Information you enter is in boldface screen font.
• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).
NoteMeans reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
CautionMeans reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Related Publications
These documents provide complete information about the switch and are available from this Cisco.com
site:
NoteBefore installing, configuring, or upgrading the switch, see these documents:
• For initial configuration information, see the “Using Express Setup” chapter in the getting started
guide or the “Configuring the Switch with the CLI-Based Setup Program” appendix in the hardware
installation guide.
• For device manager requirements, see the “System Requirements” section in the release notes (not
orderable but available on Cisco.com).
xxviii
• For Network Assistant requirements, see the Getting Started with Cisco Network Assistant (not
orderable but available on Cisco.com).
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Preface
Obtaining Documentation
• For cluster requirements, see the Release Notes for Cisco Network Assistant (not orderable but
available on Cisco.com).
• For upgrading information, see the “Downloading Software” section in the release notes.
You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and
from the telephone numbers listed in the “Obtaining Documentation” section on page xxix.
• Release Notes for the Catalyst 2960 Switches (not orderable but available on Cisco.com)
• Catalyst 2960 Switch Software Configuration Guide (order number DOC-7816881=)
• Catalyst 2960 Switch Command Reference (order number DOC-7816882=)
• Catalyst 2960 Switch System Message Guide (order number DOC-7816883=)
• Device manager online help (available on the switch)
• Catalyst 2960 Switch Hardware Installation Guide (not orderable but available on Cisco.com)
• Catalyst 2960 Switch Getting Started Guide (order number DOC-7816879=)
• Regulatory Compliance and Safety Information for the Catalyst 2960 Switch (order number
DOC-7816880=)
• Getting Started with Cisco Network Assistant (not orderable but available on Cisco.com)
• Release Notes for Cisco Network Assistant (not orderable but available on Cisco.com)
• Cisco Small Form-Factor Pluggable Modules Installation Notes (order number DOC-7815160=)
• Cisco CWDM GBIC and CWDM SFP Installation Note (not orderable but available on Cisco.com)
• Cisco RPS 300 Redundant Power System Hardware Installation Guide (order number
DOC-7810372=)
• Cisco RPS 675 Redundant Power System Hardware Installation Guide (order number
DOC-7815201=)
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several
ways to obtain technical assistance and other technical resources. These sections explain how to obtain
technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
78-16881-01
http://www.cisco.com
You can access international Cisco websites at this URL:
Cisco documentation and additional literature are available in the Product Documentation DVD package,
which may have shipped with your product. The Product Documentation DVD is updated regularly and
may be more current than printed documentation.
The Product Documentation DVD is a comprehensive library of technical product documentation on
portable media. The DVD enables you to access multiple versions of hardware and software installation,
configuration, and command guides for Cisco products and to view technical documentation in HTML.
With the DVD, you have access to the same documentation that is found on the Cisco website without
being connected to the Internet. Certain products also have .pdf versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com
users (Cisco direct customers) can order a Product Documentation DVD (product number
DOC-DOCDVD=) from Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Preface
Beginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product
Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m.
(0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by
calling 011 408 519-5055. You can also order documentation by e-mail at
tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada,
or elsewhere at 011 408 519-5001.
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by completing the online feedback
form that appears with the technical documents on Cisco.com.
You can send comments about Cisco documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
xxx
We appreciate your comments.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Preface
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
• Report security vulnerabilities in Cisco products.
• Obtain assistance with security incidents that involve Cisco products.
• Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is available at this URL:
http://www.cisco.com/go/psirt
If you prefer to see advisories and notices as they are updated in real time, you can access a Product
Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
Cisco is committed to delivering secure products. We test our products internally before we release them,
and we strive to correct all vulnerabilities quickly. If you think that you might have identified a
vulnerability in a Cisco product, contact PSIRT:
• Emergencies—security-alert@cisco.com
An emergency is either a condition in which a system is under active attack or a condition for which
a severe and urgent security vulnerability should be reported. All other conditions are considered
nonemergencies.
• Nonemergencies — psirt@cisco.com
In an emergency, you can also reach PSIRT by telephone:
• 1 877 228-7302
• 1 408 525-6532
TipWe encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive
information that you send to Cisco. PSIRT can work from encrypted information that is compatible with
PGP versions 2.x through 8.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence
with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page
at this URL:
The link on this page has the current PGP key ID in use.
Catalyst 2960 Switch Software Configuration Guide
xxxi
Obtaining Technical Assistance
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco
Technical Support & Documentation website on Cisco.com features extensive online support resources.
In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC)
engineers provide telephone support. If you do not have a valid Cisco service contract, contact your
reseller.
Cisco Technical Support & Documentation Website
The Cisco Technical Support & Documentation website provides online documents and tools for
troubleshooting and resolving technical issues with Cisco products and technologies. The website is
available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user
ID and password. If you have a valid service contract but do not have a user ID or password, you can
register at this URL:
Preface
http://tools.cisco.com/RPF/register/register.do
NoteUse the Cisco Product Identification (CPI) tool to locate your product serial number before submitting
a web or phone request for service. You can access the CPI tool from the Cisco Technical Support &
Documentation website by clicking the Tools & Resources link under Documentation & Tools.Choose
Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco
Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by
product ID or model name; by tree view; or for certain products, by copying and pasting show command
output. Search results show an illustration of your product with the serial number label location
highlighted. Locate the serial number label on your product and record the information before placing a
service call.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3
and S4 service requests are those in which your network is minimally impaired or for which you require
product information.) After you describe your situation, the TAC Service Request Tool provides
recommended solutions. If your issue is not resolved using the recommended resources, your service
request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone.
(S1 or S2 service requests are those in which your production network is down or severely degraded.)
Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business
operations running smoothly.
xxxii
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Preface
To open a service request by telephone, use one of the following numbers:
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity
definitions.
Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You
and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your
business operation are negatively affected by inadequate performance of Cisco products. You and Cisco
will commit full-time resources during normal business hours to resolve the situation.
Obtaining Additional Publications and Information
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations
remain functional. You and Cisco will commit resources during normal business hours to restore service
to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or
configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.
• Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo
merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
• Cisco Press publishes a wide range of general networking, training and certification titles. Both new
and experienced users will benefit from these publications. For current Cisco Press titles and other
information, go to Cisco Press at this URL:
http://www.ciscopress.com
• Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and
networking investments. Each quarter, Packet delivers coverage of the latest industry trends,
technology breakthroughs, and Cisco products and solutions, as well as network deployment and
troubleshooting tips, configuration examples, customer case studies, certification and training
information, and links to scores of in-depth online resources. You can access Packet magazine at
this URL:
78-16881-01
http://www.cisco.com/packet
Catalyst 2960 Switch Software Configuration Guide
xxxiii
Obtaining Additional Publications and Information
• iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies
learn how they can use technology to increase revenue, streamline their business, and expand
services. The publication identifies the challenges facing these companies and the technologies to
help solve them, using real-world case studies and business strategies to help readers make sound
technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering
professionals involved in designing, developing, and operating public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
• Networking products offered by Cisco Systems, as well as customer support services, can be
obtained at this URL:
http://www.cisco.com/en/US/products/index.html
• Networking Professionals Connection is an interactive website for networking professionals to share
questions, suggestions, and information about networking products and technologies with Cisco
experts and other networking professionals. Join a discussion at this URL:
Preface
http://www.cisco.com/discuss/networking
• World-class networking training is available from Cisco. You can view current offerings at
this URL:
http://www.cisco.com/en/US/learning/index.html
xxxiv
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Features
CHAPTER
1
Overview
This chapter provides these topics about the Catalyst 2960 switch software:
• Features, page 1-1
• Default Settings After Initial Switch Configuration, page 1-8
• Network Configuration Examples, page 1-11
• Where to Go Next, page 1-16
In this document, IP refers to IP Version 4 (IPv4).
Some features described in this chapter are available only on the cryptographic (supports encryption)
version of the software. You must obtain authorization to use this feature and to download the
cryptographic version of the software from Cisco.com. For more information, see the release notes for
this release.
The switch has these features:
• Ease-of-Use and Ease-of-Deployment Features, page 1-2
• Performance Features, page 1-3
• Management Options, page 1-3
• Manageability Features, page 1-4 (includes a feature requiring the cryptographic version of the
software)
• Availability Features, page 1-5
• VLAN Features, page 1-6
• Security Features, page 1-6 (includes a feature requiring the cryptographic version of the software)
• QoS and CoS Features, page 1-7
• Monitoring Features, page 1-8
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
1-1
Features
Ease-of-Use and Ease-of-Deployment Features
• Express Setup for quickly configuring a switch for the first time with basic IP information, contact
information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP)
information through a browser-based program. For more information about Express Setup, see the
getting started guide.
• User-defined and Cisco-default Smartports macros for creating custom switch configurations for
simplified deployment across the network.
• An embedded device manager GUI for configuring and monitoring a single switch through a web
browser. For information about launching the device manager, see the getting started guide. For more
information about the device manager, see the switch online help.
• Cisco Network Assistant (hereafter referred to as Network Assistant) for
–
Managing communities, which are device groups like clusters, except that they can contain
routers and access points and can be made more secure.
–
Simplifying and minimizing switch and switch cluster management from anywhere in your
intranet.
–
Accomplishing multiple configuration tasks from a single graphical interface without needing
to remember command-line interface (CLI) commands to accomplish specific tasks.
Chapter 1 Overview
–
Interactive guide mode that guides you in configuring complex features such as VLANs, ACLs,
and quality of service (QoS).
–
Configuration wizards that prompt you to provide only the minimum required information to
configure complex features such as QoS priorities for video traffic, priority levels for data
applications, and security.
–
Downloading an image to a switch.
–
Applying actions to multiple ports and multiple switches at the same time, such as VLAN and
QoS settings, inventory and statistic reports, link- and switch-level monitoring and
troubleshooting, and multiple switch software upgrades.
–
Viewing a topology of interconnected devices to identify existing switch clusters and eligible
switches that can join a cluster and to identify link information between switches.
–
Monitoring real-time status of a switch or multiple switches from the LEDs on the front-panel
images. The system, redundant power system (RPS), and port LED colors on the images are
similar to those used on the physical LEDs.
• Switch clustering technology for
–
Unified configuration, monitoring, authentication, and software upgrade of multiple,
cluster-capable switches, regardless of their geographic proximity and interconnection media,
including Ethernet, Fast Ethernet, Fast EtherChannel, small form-factor pluggable (SFP)
modules, Gigabit Ethernet, and Gigabit EtherChannel connections. For a list of cluster-capable
switches, see the release notes.
–
Automatic discovery of candidate switches and creation of clusters of up to 16 switches that can
be managed through a single IP address.
1-2
–
Extended discovery of cluster candidates that are not directly connected to the command switch.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 1 Overview
Performance Features
• Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing
bandwidth
• Automatic-medium-dependent interface crossover (auto-MDIX) capability on 10/100 and
10/100/1000 Mbps interfaces and on 10/100/1000 BASE-TX SFP module interface that enables the
interface to automatically detect the required cable connection type (straight-through or crossover)
and to configure the connection appropriately
• Support for up to 9000 bytes for frames that are bridged in hardware and up to 2000 bytes for frames
that are bridged by software
• IEEE 802.3x flow control on all ports (the switch does not send pause frames)
• EtherChannel for enhanced fault tolerance and for providing up to 8 Gbps (Gigabit EtherChannel)
or 800 Mbps (Fast EtherChannel) full-duplex bandwidth among switches, routers, and servers
• Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic
creation of EtherChannel links
• Forwarding of Layer 2 packets at Gigabit line rate
Features
• Per-port storm control for preventing broadcast, multicast, and unicast storms
• Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast
traffic
• Internet Group Management Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3 for
efficiently forwarding multimedia and multicast traffic
• IGMP report suppression for sending only one IGMP report per multicast router query to the
multicast devices (supported only for IGMPv1 or IGMPv2 queries)
• IGMP snooping querier support to configure switch to generate periodic IGMP General Query
messages
• Multicast VLAN registration (MVR) to continuously send multicast streams in a multicast VLAN
while isolating the streams from subscriber VLANs for bandwidth and security reasons
• IGMP filtering for controlling the set of multicast groups to which hosts on a switch port can belong
• IGMP throttling for configuring the action when the maximum number of entries is in the IGMP
forwarding table
• IGMP configurable leave timer to configure the leave latency for the network.
• Switch Database Management (SDM) templates for allocating system resources to maximize
support for user-selected features
Management Options
78-16881-01
• An embedded device manager—The device manager is a GUI that is integrated in the software
image. You use it to configure and to monitor a single switch. For information about launching the
device manager, see the getting started guide. For more information about the device manager, see the
switch online help.
• Network Assistant—Network Assistant is a network management application that can be
downloaded from Cisco.com. You use it to manage a single switch, a cluster of switches, or a
community of devices. For more information about Network Assistant, see Getting Started with Cisco Network Assistant, available on Cisco.com.
Catalyst 2960 Switch Software Configuration Guide
1-3
Features
• CLI—The Cisco IOS software supports desktop- and multilayer-switching features. You can access
the CLI either by connecting your management station directly to the switch console port or by using
Telnet from a remote management station. For more information about the CLI, see Chapter 2,
“Using the Command-Line Interface.”
• SNMP—SNMP management applications such as CiscoWorks2000 LAN Management Suite (LMS)
and HP OpenView. You can manage from an SNMP-compatible management station that is running
platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive set of
MIB extensions and four remote monitoring (RMON) groups. For more information about using
SNMP, see Chapter 27, “Configuring SNMP.”
• IE2100—Cisco Intelligence Engine 2100 Series Configuration Registrar is a network management
device that works with embedded Cisco Networking Services (CNS) agents in the switch software.
You can automate initial configurations and configuration updates by generating switch-specific
configuration changes, sending them to the switch, executing the configuration change, and logging
the results.
For more information about IE2100, see Chapter 4, “Understanding CNS Embedded Agents.”
Manageability Features
Chapter 1 Overview
• Cisco IE2100 Series CNS embedded agents for automating switch management, configuration
storage, and delivery
• DHCP for automating configuration of switch information (such as IP address, default gateway,
hostname, and Domain Name System [DNS] and TFTP server names)
• DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address
requests, from DHCP clients
• DHCP server for automatic assignment of IP addresses and other DHCP options to IP hosts
• Directed unicast requests to a DNS server for identifying a switch through its IP address and its
corresponding hostname and to a TFTP server for administering software upgrades from a TFTP
server
• Address Resolution Protocol (ARP) for identifying a switch through its IP address and its
corresponding MAC address
• Unicast MAC address filtering to drop packets with specific source or destination MAC addresses
• Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology discovery and mapping
between the switch and other Cisco devices on the network
• Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external
source
• Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses
• Unique device identifier to provide product identification information through a show inventory
user EXEC command display
1-4
• In-band management access through the device manager over a Netscape Navigator or Microsoft
Internet Explorer browser session
• In-band management access for up to 16 simultaneous Telnet connections for multiple CLI-based
sessions over the network
• In-band management access for up to five simultaneous, encrypted Secure Shell (SSH) connections
for multiple CLI-based sessions over the network (requires the cryptographic version of the
software)
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 1 Overview
• In-band management access through SNMP Versions 1, 2c, and 3 get and set requests
• Out-of-band management access through the switch console port to a directly attached terminal or
to a remote terminal through a serial connection or a modem
NoteFor additional descriptions of the management interfaces, see the “Network Configuration Examples”
section on page 1-11.
Availability Features
• UniDirectional Link Detection (UDLD) and aggressive UDLD for detecting and disabling
unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults
• IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free
networks. STP has these features:
–
Up to 128 spanning-tree instances supported
–
Per-VLAN spanning-tree plus (PVST+) for balancing load across VLANs
Features
–
Rapid PVST+ for balancing load across VLANs and providing rapid convergence of
spanning-tree instances
–
UplinkFast and BackboneFast for fast convergence after a spanning-tree topology change and
for achieving load balancing between redundant uplinks, including Gigabit uplinks
• IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree
instance and for providing multiple forwarding paths for data traffic and load balancing and rapid
per-VLAN Spanning-Tree plus (rapid-PVST+) based on the IEEE 802.1w Rapid Spanning Tree
Protocol (RSTP) for rapid convergence of the spanning tree by immediately transitioning root and
designated ports to the forwarding state
• Optional spanning-tree features available in PVST+, rapid-PVST+, and MSTP mode:
–
Port Fast for eliminating the forwarding delay by enabling a port to immediately transition from
the blocking state to the forwarding state
–
BPDU guard for shutting down Port Fast-enabled ports that receive bridge protocol data units
(BPDUs)
–
BPDU filtering for preventing a Port Fast-enabled port from sending or receiving BPDUs
–
Root guard for preventing switches outside the network core from becoming the spanning-tree
root
–
Loop guard for preventing alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link
• Flex Link Layer 2 interfaces to back up one another as an alternative to STP for basic link
redundancy
78-16881-01
• RPS support through the Cisco RPS 300 and Cisco RPS 675 for enhancing power reliability
Catalyst 2960 Switch Software Configuration Guide
1-5
Features
VLAN Features
Chapter 1 Overview
• Support for up to 255 VLANs for assigning users to VLANs associated with appropriate network
resources, traffic patterns, and bandwidth
• Support for VLAN IDs in the 1 to 4094 range as allowed by the IEEE 802.1Q standard
• VLAN Query Protocol (VQP) for dynamic VLAN membership
• IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes;
management and control of broadcast and multicast traffic; and network security by establishing
VLAN groups for high-security users and network resources
• Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used
• VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting
flooded traffic to links destined for stations receiving the traffic
• Voice VLAN for creating subnets for voice traffic from Cisco IP Phones
• VLAN1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1
to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and receive control protocol frames.
Security Features
• Password-protected access (read-only and read-write access) to management interfaces (device
• Multilevel security for a choice of security level, notification, and resulting actions
• Static MAC addressing for ensuring security
• Protected port option for restricting the forwarding of traffic to designated ports on the same switch
• Port security option for limiting and identifying MAC addresses of the stations allowed to access
• Port security aging to set the aging time for secure addresses on a port
• BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs
• Standard and extended IP access control lists (ACLs) for defining inbound security policies on Layer
• Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
• Source and destination MAC-based ACLs for filtering non-IP traffic
• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
• IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
manager, Network Assistant, CLI) for protection against unauthorized configuration changes
the port
2 interfaces (port ACLs)
interfaces
access to the network. These features are supported:
–
VLAN assignment for restricting IEEE 802.1x-authenticated users to a specified VLAN
1-6
–
Port security for controlling access to IEEE 802.1x ports
–
Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized
or unauthorized state of the port
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 1 Overview
–
Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users
–
IEEE 802.1x accounting to track network usage
• TACACS+, a proprietary feature for managing network security through a TACACS server
• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through authentication, authorization, and accounting (AAA) services
• SecureSocket Layer (SSL) Version 3.0 support for the HTTP1.1 server authentication, encryption,
and message integrity, and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic version of the software)
QoS and CoS Features
• Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues
• Classification
–
IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS
marking priorities on a per-port basis for protecting the performance of mission-critical
applications
–
IP ToS/DSCP and IEEE 802.1p CoS marking based on flow-based packet classification
(classification based on information in the MAC, IP, and TCP/UDP headers) for
high-performance quality of service at the network edge, allowing for differentiated service
levels for different types of network traffic and for prioritizing mission-critical traffic in the
network
Features
–
Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port
bordering another QoS domain
–
Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value
received, and ensuring port security
• Policing
–
Traffic-policing policies on the switch port for managing how much of the port bandwidth
should be allocated to a specific traffic flow
–
Aggregate policing for policing traffic flows in aggregate to restrict specific applications or
traffic flows to metered, predefined rates
• Out-of-Profile
–
Out-of-profile markdown for packets that exceed bandwidth utilization limits
• Ingress queueing and scheduling
–
Two configurable ingress queues for user traffic (one queue can be the priority queue)
–
Weighted tail drop (WTD) as the congestion-avoidance mechanism for managing the queue
lengths and providing drop precedences for different traffic classifications
–
Shaped round robin (SRR) as the scheduling service for specifying the rate at which packets are
sent to the internal ring (sharing is the only supported mode on ingress queues)
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
1-7
Default Settings After Initial Switch Configuration
• Egress queues and scheduling
–
Four egress queues per port
–
WTD as the congestion-avoidance mechanism for managing the queue lengths and providing
drop precedences for different traffic classifications
–
SRR as the scheduling service for specifying the rate at which packets are dequeued to the
egress interface (shaping or sharing is supported on egress queues). Shaped egress queues are
guaranteed but limited to using a share of port bandwidth. Shared egress queues are also
guaranteed a configured share of bandwidth, but can use more than the guarantee if other queues
become empty and do not use their share of the bandwidth.
Monitoring Features
• Switch LEDs that provide port- and switch-level status
• MAC address notification traps and RADIUS accounting for tracking users on a network by storing
the MAC addresses that the switch has learned or removed
• Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) for traffic monitoring on any port or
VLAN
Chapter 1 Overview
• SPAN and RSPAN support of Intrusion Detection Systems (IDS) to monitor, repel, and report
network security violations
• Four groups (history, statistics, alarms, and events) of embedded RMON agents for network
monitoring and traffic analysis
• Syslog facility for logging system messages about authentication or authorization errors, resource
issues, and time-out events
• Layer 2 traceroute to identify the physical path that a packet takes from a source device to a
destination device
• Time Domain Reflector (TDR) to diagnose and resolve cabling problems on 10/100 and
10/100/1000 copper Ethernet ports
• SFP module diagnostic management interface to monitor physical or operational status of an SFP
module
Default Settings After Initial Switch Configuration
The switch is designed for plug-and-play operation, requiring only that you assign basic IP information
to the switch and connect it to the other devices in your network. If you have specific network needs,
you can change the interface-specific and system-wide settings.
NoteFor information about assigning an IP address by using the browser-based Express Setup program, see
the getting started guide. For information about assigning an IP address by using the CLI-based setup
program, see the hardware installation guide.
1-8
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 1 Overview
Default Settings After Initial Switch Configuration
If you do not configure the switch at all, the switch operates with these default settings:
• Default switch IP address, subnet mask, and default gateway is 0.0.0.0. For more information, see
Chapter 3, “Assigning the Switch IP Address and Default Gateway,” and Chapter 19, “Configuring
DHCP Features.”
• Default domain name is not configured. For more information, see Chapter 3, “Assigning the Switch
IP Address and Default Gateway.”
• DHCP client is enabled, the DHCP server is enabled (only if the device acting as a DHCP server is
configured and is enabled), and the DHCP relay agent is enabled (only if the device is acting as a
DHCP relay agent is configured and is enabled). For more information, see Chapter 3, “Assigning
the Switch IP Address and Default Gateway,” and Chapter 19, “Configuring DHCP Features.”
• Switch cluster is disabled. For more information about switch clusters, see Chapter 5, “Clustering
Switches,” and the Getting Started with Cisco Network Assistant, available on Cisco.com.
• No passwords are defined. For more information, see Chapter 6, “Administering the Switch.”
• System name and prompt is Switch. For more information, see Chapter 6, “Administering the
Switch.”
• NTP is enabled. For more information, see Chapter 6, “Administering the Switch.”
• DNS is enabled. For more information, see Chapter 6, “Administering the Switch.”
• TACACS+ is disabled. For more information, see Chapter 8, “Configuring Switch-Based
Authentication.”
• RADIUS is disabled. For more information, see Chapter 8, “Configuring Switch-Based
Authentication.”
• The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are both enabled. For more
information, see Chapter 8, “Configuring Switch-Based Authentication.”
• IEEE 802.1x is disabled. For more information, see Chapter 9, “Configuring IEEE 802.1x
Port-Based Authentication.”
• Port parameters
–
Interface speed and duplex mode is autonegotiate. For more information, see Chapter 10,
“Configuring Interface Characteristics.”
–
Auto-MDIX is enabled. For more information, see Chapter 10, “Configuring Interface
Characteristics.”
–
Flow control is off. For more information, see Chapter 10, “Configuring Interface
Characteristics.”
• No Smartports macros are defined. For more information, see Chapter 11, “Configuring Smartports
Macros.”
• VLANs
–
Default VLAN is VLAN 1. For more information, see Chapter 12, “Configuring VLANs.”
78-16881-01
–
VLAN trunking setting is dynamic auto (DTP). For more information, see Chapter 12,
“Configuring VLANs.”
–
Trunk encapsulation is negotiate. For more information, see Chapter 12, “Configuring
VLANs.”
–
VTP mode is server. For more information, see Chapter 13, “Configuring VTP.”
–
VTP version is Version 1. For more information, see Chapter 13, “Configuring VTP.”
–
Voice VLAN is disabled. For more information, see Chapter 14, “Configuring Voice VLAN.”
Catalyst 2960 Switch Software Configuration Guide
1-9
Default Settings After Initial Switch Configuration
• For STP, PVST+ is enabled on VLAN 1. For more information, see Chapter 15, “Configuring STP.”
• MSTP is disabled. For more information, see Chapter 16, “Configuring MSTP.”
• Optional spanning-tree features are disabled. For more information, see Chapter 17, “Configuring
Optional Spanning-Tree Features.”
• Flex Links are not configured. For more information, see Chapter 18, “Configuring Flex Links.”
• DHCP snooping is disabled. The DHCP snooping information option is enabled. For more
information, see Chapter 19, “Configuring DHCP Features.”
• IGMP snooping is enabled. No IGMP filters are applied. For more information, see Chapter 20,
“Configuring IGMP Snooping and MVR.”
• IGMP throttling setting is deny. For more information, see Chapter 20, “Configuring IGMP
Snooping and MVR.”
• The IGMP snooping querier feature is disabled. For more information, see Chapter 20, “Configuring
IGMP Snooping and MVR.”
• MVR is disabled. For more information, see Chapter 20, “Configuring IGMP Snooping and MVR.”
• Port-based traffic
–
Broadcast, multicast, and unicast storm control is disabled. For more information, see
No protected ports are defined. For more information, see Chapter 21, “Configuring Port-Based
Traffic Control.”
–
Unicast and multicast traffic flooding is not blocked. For more information, see Chapter 21,
“Configuring Port-Based Traffic Control.”
–
No secure ports are configured. For more information, see Chapter 21, “Configuring Port-Based
Traffic Control.”
• CDP is enabled. For more information, see Chapter 22, “Configuring CDP.”
• UDLD is disabled. For more information, see Chapter 24, “Configuring UDLD.”
• SPAN and RSPAN are disabled. For more information, see Chapter 23, “Configuring SPAN and
RSPAN.”
• RMON is disabled. For more information, see Chapter 25, “Configuring RMON.”
• Syslog messages are enabled and appear on the console. For more information, see Chapter 26,
“Configuring System Message Logging.”
• SNMP is enabled (Version 1). For more information, see Chapter 27, “Configuring SNMP.”
• No ACLs are configured. For more information, see Chapter 28, “Configuring Network Security
with ACLs.”
• QoS is disabled. For more information, see Chapter 29, “Configuring QoS.”
• No EtherChannels are configured. For more information, see Chapter 30, “Configuring
EtherChannels.”
1-10
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 1 Overview
Network Configuration Examples
This section provides network configuration concepts and includes examples of using the switch to
create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit
Ethernet connections.
• “Design Concepts for Using the Switch” section on page 1-11
• “Small to Medium-Sized Network Using Catalyst 2960 Switches” section on page 1-14
• “Long-Distance, High-Bandwidth Transport Configuration” section on page 1-15
Design Concepts for Using the Switch
As your network users compete for network bandwidth, it takes longer to send and receive data. When
you configure your network, consider the bandwidth required by your network users and the relative
priority of the network applications they use.
Table 1-1 describes what can cause network performance to degrade and how you can configure your
network to increase the bandwidth available to your network users.
Network Configuration Examples
Table 1-1Increasing Network Performance
Network DemandsSuggested Design Methods
Too many users on a single network
segment and a growing number of
users accessing the Internet
• Increased power of new PCs,
workstations, and servers
• High bandwidth demand from
networked applications (such as
e-mail with large attached files)
and from bandwidth-intensive
applications (such as
multimedia)
• Create smaller network segments so that fewer users share the bandwidth, and use
VLANs and IP subnets to place the network resources in the same logical network
as the users who access those resources most.
• Use full-duplex operation between the switch and its connected workstations.
• Connect global resources—such as servers and routers to which the network users
require equal access—directly to the high-speed switch ports so that they have
their own high-speed segment.
• Use the EtherChannel feature between the switch and its connected servers and
routers.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
1-11
Network Configuration Examples
Bandwidth alone is not the only consideration when designing your network. As your network traffic
profiles evolve, consider providing network services that can support applications for voice and data
integration, multimedia integration, application prioritization, and security. Table 1 - 2 describes some
network demands and how you can meet them.
Table 1-2Providing Network Services
Network DemandsSuggested Design Methods
Efficient bandwidth usage for
multimedia applications and
guaranteed bandwidth for critical
applications
High demand on network redundancy
and availability to provide always on
mission-critical applications
An evolving demand for IP telephony
• Use IGMP snooping to efficiently forward multimedia and multicast traffic.
• Use other QoS mechanisms such as packet classification, marking, scheduling,
and congestion avoidance to classify traffic with the appropriate priority level,
thereby providing maximum flexibility and support for mission-critical, unicast,
and multicast and multimedia applications.
• Use MVR to continuously send multicast streams in a multicast VLAN but to
isolate the streams from subscriber VLANs for bandwidth and security reasons.
• Use Hot Standby Router Protocol (HSRP) for cluster command switch
redundancy.
• Use VLAN trunks and BackboneFast for traffic-load balancing on the uplink ports
so that the uplink port with a lower relative port cost is selected to carry the VLAN
traffic.
• Use QoS to prioritize applications such as IP telephony during congestion and to
help control both delay and jitter within the network.
• Use switches that support at least two queues per port to prioritize voice and data
traffic as either high- or low-priority, based on IEEE 802.1p/Q. The switch
supports at least four queues per port.
Chapter 1 Overview
A growing demand for using existing
infrastructure to transport data and
voice from a home or office to the
Internet or an intranet at higher
speeds
• You can use the switches to create the following:
• Cost-effective Gigabit-to-the-desktop for high-performance workgroups (Figure 1-1)—For
high-speed access to network resources, you can use Catalyst 2960 switches in the access layer to
provide Gigabit Ethernet to the desktop. To prevent congestion, use QoS DSCP marking priorities
on these switches. For high-speed IP forwarding at the distribution layer, connect the switches in the
access layer to a Gigabit multilayer switch with routing capability, such as a Catalyst 3750 switch,
or to a router.
The first illustration is of an isolated high-performance workgroup, where the Catalyst 2960
switches are connected to Catalyst 3750 switches in the distribution layer. The second illustration is
of a high-performance workgroup in a branch office, where the Catalyst 2960 switches are
connected to a router in the distribution layer.
Each switch in this configuration provides users with a dedicated 1-Gbps connection to network
resources. Using SFP modules also provides flexibility in media and distance options through
fiber-optic connections.
• Use voice VLAN IDs (VVIDs) to provide separate VLANs for voice traffic.
Use the Catalyst Long-Reach Ethernet (LRE) switches to provide up to 15 Mb of IP
connectivity over existing infrastructure, such as existing telephone lines.
NoteLRE is the technology used in the Catalyst 2900 LRE XL and Catalyst 2950
LRE switches. See the documentation sets specific to these switches for LRE
information.
Server aggregation (Figure 1-2)—You can use the switches to interconnect groups of servers,
•
centralizing physical security and administration of your network. For high-speed IP forwarding at
the distribution layer, connect the switches in the access layer to multilayer switches with routing
capability. The Gigabit interconnections minimize latency in the data flow.
QoS and policing on the switches provide preferential treatment for certain data streams, if required.
They segment traffic streams into different paths for processing. Security features on the switch
ensure rapid handling of packets.
Fault tolerance from the server racks to the core is achieved through dual homing of servers
connected to the switches, which have redundant Gigabit EtherChannels.
Using dual SFP module uplinks from the switches provides redundant uplinks to the network core.
Using SFP modules provides flexibility in media and distance options through fiber-optic
connections.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
1-13
Network Configuration Examples
Figure 1-2Server Aggregation
Chapter 1 Overview
Campus
core
Catalyst
6500 switches
Catalyst 3750
StackWise
switch stacks
Access-layer
Catalyst
switches
Server racks
89376
Small to Medium-Sized Network Using Catalyst 2960 Switches
Figure 1-3 shows a configuration for a network of up to 500 employees. This network uses Catalyst 2960
switches with high-speed connections to two routers. For network reliability and load balancing, this
network has HSRP enabled on the routers. This ensures connectivity to the Internet, WAN, and
mission-critical network resources in case one of the routers fails. The switches are using EtherChannel
for load sharing.
The switches are connected to workstations, local servers, and IEEE 802.3af compliant and
noncompliant powered devices (such as Cisco IP Phones). The server farm includes a call-processing
server running Cisco CallManager software. Cisco CallManager controls call processing, routing, and
Cisco IP Phone features and configuration. The switches are interconnected through Gigabit interfaces.
This network uses VLANs to logically segment the network into well-defined broadcast groups and for
security management. Data and multimedia traffic are configured on the same VLAN. Voice traffic from
the Cisco IP Phones are configured on separate VVIDs. If data, multimedia, and voice traffic are
assigned to the same VLAN, only one VLAN can be configured per wiring closet.
When an end station in one VLAN needs to communicate with an end station in another VLAN, a router
routes the traffic to the destination VLAN. In this network, the routers are providing inter-VLAN
routing. VLAN access control lists (VLAN maps) on the switch provide intra-VLAN security and
prevent unauthorized users from accessing critical areas of the network.
In addition to inter-VLAN routing, the routers provide QoS mechanisms such as DSCP priorities to
prioritize the different types of network traffic and to deliver high-priority traffic. If congestion occurs,
QoS drops low-priority traffic to allow delivery of high-priority traffic.
For pre-standard and IEEE 802.3af-compliant powered devices connected to Catalyst PoE switches,
IEEE 802.1p/Q QoS gives voice traffic forwarding-priority over data traffic.
1-14
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 1 Overview
Network Configuration Examples
Catalyst PoE switch ports automatically detect any Cisco pre-standard and IEEE 802.3af-compliant
powered devices that are connected. Each PoE switch port provides 15.4 W of power per port. The
powered device, such as a Cisco IP Phone, can receive redundant power when it is also connected to an
AC power source. Powered devices not connected to Catalyst PoE switches must be connected to AC
power sources to receive power.
Cisco CallManager controls call processing, routing, and Cisco IP Phone features and configuration.
Users with workstations running Cisco SoftPhone software can place, receive, and control calls from
their PCs. Using Cisco IP Phones, Cisco CallManager software, and Cisco SoftPhone software integrates
telephony and IP networks, and the IP network supports both voice and data.
The routers also provide firewall services, Network Address Translation (NAT) services, voice-over-IP
(VoIP) gateway services, and WAN and Internet access.
Figure 1-3Catalyst 2960 Switches in a Collapsed Backbone Configuration
Internet
Cisco 2600 or
3700 routers
IPIP
Cisco IP
phones
Workstations
running
Cisco SoftPhone
software
Aironet wireless
access points
Long-Distance, High-Bandwidth Transport Configuration
Figure 1-4 shows a configuration for sending 8 Gigabits of data over a single fiber-optic cable. The
Catalyst 2960 switches have coarse wavelength-division multiplexing (CWDM) fiber-optic SFP
modules installed. Depending on the CWDM SFP module, data is sent at wavelengths from 1470 to
1610 nm. The higher the wavelength, the farther the transmission can travel. A common wavelength used
for long-distance transmissions is 1550 nm.
The CWDM SFP modules connect to CWDM optical add/drop multiplexer (OADM) modules over
distances of up to 393,701 feet (74.5 miles or 120 km). The CWDM OADM modules combine (or
multiplex) the different CWDM wavelengths, allowing them to travel simultaneously on the same
fiber-optic cable. The CWDM OADM modules on the receiving end separate (or demultiplex) the
different wavelengths.
Gigabit
servers
101388
78-16881-01
For more information about the CWDM SFP modules and CWDM OADM modules, see the Cisco
CWDM GBIC and CWDM SFP Installation Note.
Catalyst 2960 Switch Software Configuration Guide
1-15
Where to Go Next
Chapter 1 Overview
Figure 1-4Long-Distance, High-Bandwidth Transport Configuration
Access layer
Aggregation layer
8 Gbps
Catalyst switches
Where to Go Next
Before configuring the switch, review these sections for startup information:
• Chapter 2, “Using the Command-Line Interface”
• Chapter 3, “Assigning the Switch IP Address and Default Gateway”
Eight
1-Gbps
connections
CWDM
OADM
modules
CWDM
OADM
modules
Catalyst 4500
multilayer
switches
95750
1-16
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
CHAPTER
2
Using the Command-Line Interface
This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your
Catalyst 2960 switch. It contains these sections:
• Understanding Command Modes, page 2-1
• Understanding the Help System, page 2-3
• Understanding Abbreviated Commands, page 2-4
• Understanding no and default Forms of Commands, page 2-4
• Understanding CLI Error Messages, page 2-5
• Using Command History, page 2-5
• Using Editing Features, page 2-6
• Searching and Filtering Output of show and more Commands, page 2-9
• Accessing the CLI, page 2-9
Understanding Command Modes
The Cisco IOS user interface is divided into many different modes. The commands available to you
depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a
list of commands available for each command mode.
When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a
limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC
commands are one-time commands, such as show commands, which show the current configuration
status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved
when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a
password to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC
command or enter global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to the running
configuration. If you save the configuration, these commands are stored and used when the switch
reboots. To access the various configuration modes, you must start at global configuration mode. From
global configuration mode, you can enter interface configuration mode and line configuration mode.
Table 2-1 describes the main command modes, how to access each one, the prompt you see in that mode,
and how to exit the mode. The examples in the table use the hostname Switch.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
2-1
Chapter 2 Using the Command-Line Interface
Understanding Command Modes
Table 2-1Command Mode Summary
ModeAccess MethodPromptExit MethodAbout This Mode
User EXECBegin a session with
your switch.
Privileged EXECWhile in user EXEC
mode, enter the
enable command.
Global configurationWhile in privileged
EXEC mode, enter
the configure
command.
Config-vlanWhile in global
configuration mode,
enter the
vlan vlan-id
command.
VLAN configurationWhile in privileged
EXEC mode, enter
the vlan database
command.
Switch>
Switch#
Switch(config)#
Switch(config-vlan)#
Switch(vlan)#
Enter logout or
quit.
Enter disable to
exit.
To exit to privileged
EXEC mode, enter
exit or end, or press
Ctrl-Z.
To exit to global
configuration mode,
enter the exit
command.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
To exit to privileged
EXEC mode, enter
exit.
Use this mode to
• Change terminal settings.
• Perform basic tests.
• Display system
information.
Use this mode to verify
commands that you have
entered. Use a password to
protect access to this mode.
Use this mode to configure
parameters that apply to the
entire switch.
Use this mode to configure
VLAN parameters. When VTP
mode is transparent, you can
create extended-range VLANs
(VLAN IDs greater than 1005)
and save configurations in the
switch startup configuration
file.
Use this mode to configure
VLAN parameters for VLANs
1 to 1005 in the VLAN
database.
2-2
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 2 Using the Command-Line Interface
Understanding the Help System
Table 2-1Command Mode Summary (continued)
ModeAccess MethodPromptExit MethodAbout This Mode
Interface
configuration
While in global
configuration mode,
enter the interface
command (with a
specific interface).
Line configurationWhile in global
configuration mode,
specify a line with
the line vty or line console command.
Switch(config-if)#
Switch(config-line)#
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
Use this mode to configure
parameters for the Ethernet
ports.
For information about defining
interfaces, see the “Using
Interface Configuration Mode”
section on page 10-4.
To configure multiple
interfaces with the same
parameters, see the
“Configuring a Range of
Interfaces” section on
page 10-6.
Use this mode to configure
parameters for the terminal
line.
For more detailed information on the command modes, see the command reference guide for this release.
Understanding the Help System
You can enter a question mark (?) at the system prompt to display a list of commands available for each
command mode. You can also obtain a list of associated keywords and arguments for any command, as
shown in Table 2-2 .
Ta b l e 2 - 2H e l p Su m m ar y
CommandPurpose
helpObtain a brief description of the help system in any command mode.
abbreviated-command-entry?Obtain a list of commands that begin with a particular character string.
For example:
Switch# di?
dir disable disconnect
abbreviated-command-entry<Ta b>Complete a partial command name.
For example:
Switch# sh conf<tab>
Switch# show configuration
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
2-3
Chapter 2 Using the Command-Line Interface
Understanding Abbreviated Commands
Table 2-2Help Summary (continued)
CommandPurpose
?List all commands available for a particular command mode.
For example:
Switch> ?
command?List the associated keywords for a command.
For example:
Switch> show ?
command keyword?List the associated arguments for a keyword.
For example:
Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver must keep this packet
Understanding Abbreviated Commands
You need to enter only enough characters for the switch to recognize the command as unique.
This example shows how to enter the show configuration privileged EXEC command in an abbreviated
form:
Switch# show conf
Understanding no and default Forms of Commands
Almost every configuration command also has a no form. In general, use the no form to disable a feature
or function or reverse the action of a command. For example, the no shutdown interface configuration
command reverses the shutdown of an interface. Use the command without the keyword no to re-enable
a disabled feature or to enable a feature that is disabled by default.
Configuration commands can also have a default form. The default form of a command returns the
command setting to its default. Most commands are disabled by default, so the default form is the same
as the no form. However, some commands are enabled by default and have variables set to certain default
values. In these cases, the default command enables the command and sets variables to their default
values.
2-4
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 2 Using the Command-Line Interface
Understanding CLI Error Messages
Table 2-3 lists some error messages that you might encounter while using the CLI to configure your
switch.
Table 2-3Common CLI Error Messages
Error MessageMeaningHow to Get Help
% Ambiguous command:
"show con"
% Incomplete command.
% Invalid input detected
at ‘^’ marker.
You did not enter enough characters
for your switch to recognize the
command.
You did not enter all the keywords or
values required by this command.
You entered the command
incorrectly. The caret (^) marks the
point of the error.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that you can enter with the
command appear.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that you can enter with the
command appear.
Enter a question mark (?) to display all the commands
that are available in this command mode.
The possible keywords that you can enter with the
command appear.
Understanding CLI Error Messages
Using Command History
The software provides a history or record of commands that you have entered. The command history
feature is particularly useful for recalling long or complex commands or entries, including access lists.
You can customize this feature to suit your needs as described in these sections:
• Changing the Command History Buffer Size, page 2-5 (optional)
• Recalling Commands, page 2-6 (optional)
• Disabling the Command History Feature, page 2-6 (optional)
Changing the Command History Buffer Size
By default, the switch records ten command lines in its history buffer. You can alter this number for a
current terminal session or for all sessions on a particular line. These procedures are optional.
Beginning in privileged EXEC mode, enter this command to change the number of command lines that
the switch records during the current terminal session:
Switch# terminal history [size
The range is from 0 to 256.
number-of-lines
]
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
2-5
Chapter 2 Using the Command-Line Interface
Using Editing Features
Beginning in line configuration mode, enter this command to configure the number of command lines
the switch records for all sessions on a particular line:
Switch(config-line)# history[size
The range is from 0 to 256.
number-of-lines
]
Recalling Commands
To recall commands from the history buffer, perform one of the actions listed in Table 2 -4. These actions
are optional.
Table 2-4Recalling Commands
1
Action
Press Ctrl-P or the up arrow key.Recall commands in the history buffer, beginning with the most recent command.
Press Ctrl-N or the down arrow key.Return to more recent commands in the history buffer after recalling commands
show historyWhile in privileged EXEC mode, list the last several commands that you just
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Result
Repeat the key sequence to recall successively older commands.
with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively
more recent commands.
entered. The number of commands that appear is controlled by the setting of the
terminal history global configuration command and the history line configuration
command.
Disabling the Command History Feature
The command history feature is automatically enabled. You can disable it for the current terminal session
or for the command line. These procedures are optional.
To disable the feature during the current terminal session, enter the terminal no history privileged
EXEC command.
To disable command history for the line, enter the no history line configuration command.
Using Editing Features
This section describes the editing features that can help you manipulate the command line. It contains
these sections:
• Enabling and Disabling Editing Features, page 2-7 (optional)
• Editing Commands through Keystrokes, page 2-7 (optional)
• Editing Command Lines that Wrap, page 2-8 (optional)
2-6
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 2 Using the Command-Line Interface
Enabling and Disabling Editing Features
Although enhanced editing mode is automatically enabled, you can disable it, re-enable it, or configure
a specific line to have enhanced editing. These procedures are optional.
To globally disable enhanced editing mode, enter this command in line configuration mode:
Switch (config-line)# no editing
To re-enable the enhanced editing mode for the current terminal session, enter this command in
privileged EXEC mode:
Switch# terminal editing
To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration
mode:
Switch(config-line)# editing
Editing Commands through Keystrokes
Using Editing Features
Table 2-5 shows the keystrokes that you need to edit command lines. These keystrokes are optional.
Table 2-5Editing Commands through Keystrokes
CapabilityKeystroke
Move around the command line to
make changes or corrections.
Press Ctrl-B, or press the
left arrow key.
1
Press Ctrl-F, or press the
right arrow key.
Press Ctrl-A.Move the cursor to the beginning of the command line.
Press Ctrl-E.Move the cursor to the end of the command line.
Press Esc B.Move the cursor back one word.
Press Esc F.Move the cursor forward one word.
Press Ctrl-T.Transpose the character to the left of the cursor with the
Recall commands from the buffer
Press Ctrl-Y.Recall the most recent entry in the buffer.
and paste them in the command line.
The switch provides a buffer with the
last ten items that you deleted.
Press Esc Y.Recall the next buffer entry.
Delete entries if you make a mistake
or change your mind.
Press the Delete or
Backspace key.
Purpose
Move the cursor back one character.
Move the cursor forward one character.
character located at the cursor.
The buffer contains only the last 10 items that you have
deleted or cut. If you press Esc Y more than ten times, you
cycle to the first buffer entry.
Erase the character to the left of the cursor.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
2-7
Using Editing Features
Table 2-5Editing Commands through Keystrokes (continued)
Chapter 2 Using the Command-Line Interface
CapabilityKeystroke
1
Press Ctrl-D.Delete the character at the cursor.
Press Ctrl-K.Delete all characters from the cursor to the end of the
Press Ctrl-U or Ctrl-X.Delete all characters from the cursor to the beginning of
Press Ctrl-W.Delete the word to the left of the cursor.
Press Esc D.Delete from the cursor to the end of the word.
Capitalize or lowercase words or
Press Esc C.Capitalize at the cursor.
capitalize a set of letters.
Press Esc L.Change the word at the cursor to lowercase.
Press Esc U.Capitalize letters from the cursor to the end of the word.
Designate a particular keystroke as
Press Ctrl-V or Esc Q.
an executable command, perhaps as a
shortcut.
Scroll down a line or screen on
Press the Return key.Scroll down one line.
displays that are longer than the
terminal screen can display.
NoteThe More prompt is used for
any output that has more
lines than can be displayed
on the terminal screen,
including show command
output. You can use the
Return and Space bar
keystrokes whenever you see
the More prompt.
Press the Space bar.Scroll down one screen.
Redisplay the current command line
Press Ctrl-L or Ctrl-R.Redisplay the current command line.
if the switch suddenly sends a
message to your screen.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Purpose
command line.
the command line.
Editing Command Lines that Wrap
You can use a wraparound feature for commands that extend beyond a single line on the screen. When
the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the
first ten characters of the line, but you can scroll back and check the syntax at the beginning of the
command. The keystroke actions are optional.
To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You
can also press Ctrl-A to immediately move to the beginning of the line.
NoteThe arrow keys function only on ANSI-compatible terminals such as VT100s.
Catalyst 2960 Switch Software Configuration Guide
2-8
78-16881-01
Chapter 2 Using the Command-Line Interface
In this example, the access-list global configuration command entry extends beyond one line. When the
cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar
sign ($) shows that the line has been scrolled to the left. Each time the cursor reaches the end of the line,
the line is again shifted ten spaces to the left.
After you complete the entry, press Ctrl-A to check the complete syntax before pressing the Return key
to execute the command. The dollar sign ($) appears at the end of the line to show that the line has been
scrolled to the right:
The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than
that, use the terminal width privileged EXEC command to set the width of your terminal.
Use line wrapping with the command history feature to recall and modify previous complex command
entries. For information about recalling previous command entries, see the “Editing Commands through
Keystrokes” section on page 2-7.
Searching and Filtering Output of show and more Commands
Searching and Filtering Output of show and more Commands
You can search and filter the output for show and more commands. This is useful when you need to sort
through large amounts of output or if you want to exclude output that you do not need to see. Using these
commands is optional.
To use this functionality, enter a show or more command followed by the pipe character (|), one of the
keywords begin, include, or exclude, and an expression that you want to search for or filter out:
command| {begin | include | exclude} regular-expression
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
are not displayed, but the lines that contain Output appear.
This example shows how to include in the output display only lines where the expression protocol
appears:
Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
GigabitEthernet0/1 is up, line protocol is down
GigabitEthernet0/2 is up, line protocol is up
Accessing the CLI
You can access the CLI through a console connection, through Telnet, or by using the browser.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
2-9
Chapter 2 Using the Command-Line Interface
Accessing the CLI
Accessing the CLI through a Console Connection or through Telnet
Before you can access the CLI, you must connect a terminal or PC to the switch console port and power
on the switch as described in the hardware installation guide that shipped with your switch. Then, to
understand the boot process and the options available for assigning IP information, see Chapter 3,
“Assigning the Switch IP Address and Default Gateway.”
If your switch is already configured, you can access the CLI through a local console connection or
through a remote Telnet session, but your switch must first be configured for this type of access. For
more information, see the “Setting a Telnet Password for a Terminal Line” section on page 8-6.
You can use one of these methods to establish a connection with the switch:
• Connect the switch console port to a management station or dial-up modem. For information about
connecting to the console port, see the switch hardware installation guide.
• Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management
station. The switch must have network connectivity with the Telnet or SSH client, and the switch
must have an enable secret password configured.
For information about configuring the switch for Telnet access, see the “Setting a Telnet Password
for a Terminal Line” section on page 8-6. The switch supports up to 16 simultaneous Telnet sessions.
Changes made by one Telnet user are reflected in all other Telnet sessions.
For information about configuring the switch for SSH, see the “Configuring the Switch for Secure
Shell” section on page 8-33. The switch supports up to five simultaneous secure SSH sessions.
After you connect through the console port, through a Telnet session or through an SSH session, the
user EXEC prompt appears on the management station.
2-10
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
CHAPTER
3
Assigning the Switch IP Address and Default
Gateway
This chapter describes how to create the initial switch configuration (for example, assigning the
switch IP address and default gateway information) for the Catalyst 2960 switch by using a variety of
automatic and manual methods. It also describes how to modify the switch startup configuration.
NoteFor complete syntax and usage information for the commands used in this chapter, see the command
referencefor this release and to the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and
Services, Release 12.2.
This chapter consists of these sections:
• Understanding the Boot Process, page 3-1
• Assigning Switch Information, page 3-2
• Checking and Saving the Running Configuration, page 3-10
• Modifying the Startup Configuration, page 3-11
• Scheduling a Reload of the Software Image, page 3-15
Understanding the Boot Process
To start your switch, you need to follow the procedures in the hardware installation guide about installing
and powering on the switch, and setting up the initial configuration (IP address, subnet mask, default
gateway, secret and Telnet passwords, and so forth) of the switch.
The normal boot process involves the operation of the boot loader software, which performs these
activities:
• Performs low-level CPU initialization. It initializes the CPU registers, which control where physical
memory is mapped, its quantity, its speed, and so forth.
• Performs power-on self-test (POST) for the CPU subsystem. It tests the CPU DRAM and the portion
of the flash device that makes up the flash file system.
• Initializes the flash file system on the system board.
• Loads a default operating system software image into memory and boots the switch.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
3-1
Assigning Switch Information
The boot loader provides access to the flash file system before the operating system is loaded. Normally,
the boot loader is used only to load, uncompress, and launch the operating system. After the boot loader
gives the operating system control of the CPU, the boot loader is not active until the next system reset
or power-on.
The boot loader also provides trap-door access into the system if the operating system has problems
serious enough that it cannot be used. The trap-door mechanism provides enough access to the system
so that if it is necessary, you can format the flash file system, reinstall the operating system software
image by using the Xmodem Protocol, recover from a lost or forgotten password, and finally restart the
operating system. For more information, see the “Recovering from a Software Failure” section on
page 31-2 and the “Recovering from a Lost or Forgotten Password” section on page 31-3.
NoteYou can disable password recovery. For more information, see the “Disabling Password Recovery”
section on page 8-5.
Before you can assign switch information, make sure you have connected a PC or terminal to the console
port, and configured the PC or terminal-emulation software baud rate and character format to match
these of the switch console port:
• Baud rate default is 9600.
Chapter 3 Assigning the Switch IP Address and Default Gateway
• Data bits default is 8.
NoteIf the data bits option is set to 8, set the parity option to none.
• Stop bits default is 1.
• Parity settings default is none.
Assigning Switch Information
You can assign IP information through the switch setup program, through a DHCP server, or manually.
Use the switch setup program if you want to be prompted for specific IP information. With this program,
you can also configure a hostname and an enable secret password. It gives you the option of assigning a
Telnet password (to provide security during remote management) and configuring your switch as a
command or member switch of a cluster or as a standalone switch. For more information about the setup
program, see the hardware installation guide.
Use a DHCP server for centralized control and automatic assignment of IP information after the server
is configured.
NoteIf you are using DHCP, do not respond to any of the questions in the setup program until the switch
receives the dynamically assigned IP address and reads the configuration file.
3-2
If you are an experienced user familiar with the switch configuration steps, manually configure the
switch. Otherwise, use the setup program described previously.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 3 Assigning the Switch IP Address and Default Gateway
These sections contain this configuration information:
IP address and subnet maskNo IP address or subnet mask are defined.
Default gatewayNo default gateway is defined.
Enable secret passwordNo password is defined.
HostnameThe factory-assigned default hostname is Switch.
Telnet passwordNo password is defined.
Cluster command switch functionalityDisabled.
Cluster nameNo cluster name is defined.
Assigning Switch Information
Understanding DHCP-Based Autoconfiguration
DHCP provides configuration information to Internet hosts and internetworking devices. This protocol
consists of two components: one for delivering configuration parameters from a DHCP server to a device
and a mechanism for allocating network addresses to devices. DHCP is built on a client-server model,
in which designated DHCP servers allocate network addresses and deliver configuration parameters to
dynamically configured devices. The switch can act as both a DHCP client and a DHCP server.
During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at
startup with IP address information and a configuration file.
With DHCP-based autoconfiguration, no DHCP client-side configuration is needed on your switch.
However, you need to configure the DHCP server for various lease options associated with IP addresses.
If you are using DHCP to relay the configuration file location on the network, you might also need to
configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server.
The DHCP server for your switch can be on the same LAN or on a different LAN than the switch. If the
DHCP server is running on a different LAN, you should configure a DHCP relay device between your
switch and the DHCP server. A relay device forwards broadcast traffic between two directly connected
LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP
address in the received packet.
DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
3-3
Assigning Switch Information
DHCP Client Request Process
When you boot your switch, the DHCP client is invoked and requests configuration information from a
DHCP server when the configuration file is not present on the switch. If the configuration file is present
and the configuration includes the ip address dhcp interface configuration command on specific routed
interfaces, the DHCP client is invoked and requests the IP address information for those interfaces.
Figure 3-1 shows the sequence of messages that are exchanged between the DHCP client and the DHCP
server.
Figure 3-1DHCP Client and Server Message Exchange
Switch A
The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP
server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP
address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.
DHCPDISCOVER (broadcast)
DHCPOFFER (unicast)
DHCPREQUEST (broadcast)
DHCPACK (unicast)
Chapter 3 Assigning the Switch IP Address and Default Gateway
DHCP server
51807
In a DHCPREQUEST broadcast message, the client returns a formal request for the offered
configuration information to the DHCP server. The formal request is broadcast so that all other DHCP
servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP
addresses that they offered to the client.
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK
unicast message to the client. With this message, the client and server are bound, and the client uses
configuration information received from the server. The amount of information the switch receives
depends on how you configure the DHCP server. For more information, see the “Configuring the TFTP
Server” section on page 3-5.
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a
configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
The DHCP server sends the client a DHCPNAK denial broadcast message, which means that the offered
configuration parameters have not been assigned, that an error has occurred during the negotiation of the
parameters, or that the client has been slow in responding to the DHCPOFFER message (the DHCP
server assigned the parameters to another client).
A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any of the
offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is
not a guarantee that the IP address is allocated to the client; however, the server usually reserves the
address until the client has had a chance to formally request the address. If the switch accepts replies
from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to
obtain the switch configuration file.
3-4
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 3 Assigning the Switch IP Address and Default Gateway
Configuring DHCP-Based Autoconfiguration
These sections contain this configuration information:
• DHCP Server Configuration Guidelines, page 3-5
• Configuring the TFTP Server, page 3-5
• Configuring the DNS, page 3-6
• Configuring the Relay Device, page 3-6
• Obtaining Configuration Files, page 3-7
• Example Configuration, page 3-8
If your DHCP server is a Cisco device, see the “Configuring DHCP” section of the “IP Addressing and
Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 for additional information
about configuring DHCP.
DHCP Server Configuration Guidelines
Follow these guidelines if you are configuring a device as a DHCP server:
Assigning Switch Information
You should configure the DHCP server with reserved leases that are bound to each switch by the switch
hardware address.
If you want the switch to receive IP address information, you must configure the DHCP server with these
lease options:
• IP address of the client (required)
• Subnet mask of the client (required)
• DNS server IP address (optional)
• Router IP address (default gateway address to be used by the switch) (required)
If you want the switch to receive the configuration file from a TFTP server, you must configure the
DHCP server with these lease options:
• TFTP server name (required)
• Boot filename (the name of the configuration file that the client needs) (recommended)
• Hostname (optional)
Depending on the settings of the DHCP server, the switch can receive IP address information, the
configuration file, or both.
If you do not configure the DHCP server with the lease options described previously, it replies to client
requests with only those parameters that are configured. If the IP address and the subnet mask are not in
the reply, the switch is not configured. If the router IP address or the TFTP server name are not found,
the switch might send broadcast, instead of unicast, TFTP requests. Unavailability of other lease options
does not affect autoconfiguration.
Configuring the TFTP Server
Based on the DHCP server configuration, the switch attempts to download one or more configuration
files from the TFTP server. If you configured the DHCP server to respond to the switch with all the
options required for IP connectivity to the TFTP server, and if you configured the DHCP server with a
TFTP server name, address, and configuration filename, the switch attempts to download the specified
configuration file from the specified TFTP server.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
3-5
Assigning Switch Information
If you did not specify the configuration filename, the TFTP server, or if the configuration file could not
be downloaded, the switch attempts to download a configuration file by using various combinations of
filenames and TFTP server addresses. The files include the specified configuration filename (if any) and
these files: network-config, cisconet.cfg, hostname.config, or hostname.cfg, where hostname is the
switch’s current hostname. The TFTP server addresses used include the specified TFTP server address
(if any) and the broadcast address (255.255.255.255).
For the switch to successfully download a configuration file, the TFTP server must contain one or more
configuration files in its base directory. The files can include these files:
• The configuration file named in the DHCP reply (the actual switch configuration file).
• The network-confg or the cisconet.cfg file (known as the default configuration files).
• The router-confg or the ciscortr.cfg file (These files contain commands common to all switches.
If you specify the TFTP server name in the DHCP server-lease database, you must also configure the
TFTP server name-to-IP-address mapping in the DNS-server database.
If the TFTP server to be used is on a different LAN from the switch, or if it is to be accessed by the switch
through the broadcast address (which occurs if the DHCP server response does not contain all the
required information described previously), a relay must be configured to forward the TFTP packets to
the TFTP server. For more information, see the “Configuring the Relay Device” section on page 3-6. The
preferred solution is to configure the DHCP server with all the required information.
Chapter 3 Assigning the Switch IP Address and Default Gateway
Normally, if the DHCP and TFTP servers are properly configured, these files are not accessed.)
Configuring the DNS
The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must
configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the
configuration files for the switch.
You can configure the IP addresses of the DNS servers in the lease database of the DHCP server from
where the DHCP replies will retrieve them. You can enter up to two DNS server IP addresses in the lease
database.
The DNS server can be on the same or on a different LAN as the switch. If it is on a different LAN, the
switch must be able to access it through a router.
Configuring the Relay Device
You must configure a relay device, also referred to as a relay agent, when a switch sends broadcast
packets that require a response from a host on a different LAN. Examples of broadcast packets that the
switch might send are DHCP, DNS, and in some cases, TFTP packets. You must configure this relay
device to forward received broadcast packets on an interface to the destination host.
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and
configure helper addresses by using the ip helper-address interface configuration command.
For example, in Figure 3-2, configure the router interfaces as follows:
On interface 10.0.0.2:
router(config-if)# ip helper-address 20.0.0.2
router(config-if)# ip helper-address 20.0.0.3
router(config-if)# ip helper-address 20.0.0.4
3-6
On interface 20.0.0.1
router(config-if)# ip helper-address 10.0.0.1
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 3 Assigning the Switch IP Address and Default Gateway
Figure 3-2Relay Device Used in Autoconfiguration
Assigning Switch Information
Switch
(DHCP client)
10.0.0.1
20.0.0.220.0.0.3
DHCP serverTFTP serverDNS server
Obtaining Configuration Files
Depending on the availability of the IP address and the configuration filename in the DHCP reserved
lease, the switch obtains its configuration information in these ways:
• The IP address and the configuration filename is reserved for the switch and provided in the DHCP
reply (one-file read method).
The switch receives its IP address, subnet mask, TFTP server address, and the configuration
filename from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve
the named configuration file from the base directory of the server and upon receipt, it completes its
boot-up process.
Cisco router
(Relay)
10.0.0.2
20.0.0.1
20.0.0.4
49068
• The IP address and the configuration filename is reserved for the switch, but the TFTP server
address is not provided in the DHCP reply (one-file read method).
The switch receives its IP address, subnet mask, and the configuration filename from the DHCP
server. The switch sends a broadcast message to a TFTP server to retrieve the named configuration
file from the base directory of the server, and upon receipt, it completes its boot-up process.
• Only the IP address is reserved for the switch and provided in the DHCP reply. The configuration
filename is not provided (two-file read method).
The switch receives its IP address, subnet mask, and the TFTP server address from the DHCP server.
The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg
default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg
file.)
The default configuration file contains the hostnames-to-IP-address mapping for the switch. The
switch fills its host table with the information in the file and obtains its hostname. If the hostname
is not found in the file, the switch uses the hostname in the DHCP reply. If the hostname is not
specified in the DHCP reply, the switch uses the default Switch as its hostname.
After obtaining its hostname from the default configuration file or the DHCP reply, the switch reads
the configuration file that has the same name as its hostname (hostname-confg or hostname.cfg,
depending on whether network-confg or cisconet.cfg was read earlier) from the TFTP server. If the
cisconet.cfg file is read, the filename of the host is truncated to eight characters.
If the switch cannot read the network-confg, cisconet.cfg, or the hostname file, it reads the
router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
3-7
Assigning Switch Information
NoteThe switch broadcasts TFTP server requests if the TFTP server is not obtained from the DHCP replies,
if all attempts to read the configuration file through unicast transmissions fail, or if the TFTP server
name cannot be resolved to an IP address.
Example Configuration
Figure 3-3 shows a sample network for retrieving IP information by using DHCP-based autoconfiguration.
Figure 3-3DHCP-Based Autoconfiguration Network Example
Chapter 3 Assigning the Switch IP Address and Default Gateway
Switch 1
00e0.9f1e.2001
Cisco router
10.0.0.10
DHCP serverDNS serverTFTP server
Switch 2
00e0.9f1e.2002
10.0.0.1
Switch 3
00e0.9f1e.2003
10.0.0.210.0.0.3
(tftpserver)
Switch 4
00e0.9f1e.2004
111394
Table 3-2 shows the configuration of the reserved leases on the DHCP server.
The DNS server maps the TFTP server nametftpserver to IP address 10.0.0.3.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 3 Assigning the Switch IP Address and Default Gateway
TFTP Server Configuration (on UNIX)
The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file
used in the two-file read method. This file contains the hostname to be assigned to the switch based on
its IP address. The base directory also contains a configuration file for each switch (switcha-confg, switchb-confg, and so forth) as shown in this display:
prompt> cd /tftpserver/work/
prompt> ls
network-confg
switcha-confg
switchb-confg
switchc-confg
switchd-confg
prompt> cat network-confg
ip host switcha 10.0.0.21
ip host switchb 10.0.0.22
ip host switchc 10.0.0.23
ip host switchd 10.0.0.24
DHCP Client Configuration
No configuration file is present on Switch A through Switch D.
Assigning Switch Information
Configuration Explanation
In Figure 3-3, Switch A reads its configuration file as follows:
• It obtains its IP address 10.0.0.21 from the DHCP server.
• If no configuration filename is given in the DHCP server reply, Switch A reads the network-confg
file from the base directory of the TFTP server.
• It adds the contents of the network-confg file to its host table.
• It reads its host table by indexing its IP address 10.0.0.21 to its hostname (switcha).
• It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg
from the TFTP server.
Switches B through D retrieve their configuration files and IP addresses in the same way.
Manually Assigning IP Information
Beginning in privileged EXEC mode, follow these steps to manually assign IP information to multiple
switched virtual interfaces (SVIs):
CommandPurpose
Step 1
Step 2
Step 3
Step 4
configure terminalEnter global configuration mode.
interface vlan vlan-idEnter interface configuration mode, and enter the VLAN to which the IP
information is assigned. The range is 1 to 4094.
ip address ip-address subnet-maskEnter the IP address and subnet mask.
exitReturn to global configuration mode.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
3-9
Checking and Saving the Running Configuration
CommandPurpose
Step 5
Step 6
Step 7
Step 8
Step 9
ip default-gateway ip-addressEnter the IP address of the next-hop router interface that is directly
endReturn to privileged EXEC mode.
show interfaces vlan vlan-idVerify the configured IP address.
show ip redirectsVerify the configured default gateway.
copy running-config startup-config(Optional) Save your entries in the configuration file.
To remove the switch IP address, use the no ip address interface configuration command. If you are
removing the address through a Telnet session, your connection to the switch will be lost. To remove the
default gateway address, use the no ip default-gateway global configuration command.
Chapter 3 Assigning the Switch IP Address and Default Gateway
connected to the switch where a default gateway is being configured. The
default gateway receives IP packets with unresolved destination IP
addresses from the switch.
Once the default gateway is configured, the switch has connectivity to the
remote networks with which a host needs to communicate.
NoteWhen your switch is configured to route with IP, it does not need
to have a default gateway set.
For information on setting the switch system name, protecting access to privileged EXEC commands,
and setting time and calendar services, see Chapter 6, “Administering the Switch.”
Checking and Saving the Running Configuration
You can check the configuration settings you entered or changes you made by entering this privileged
EXEC command:
Switch# show running-config
Building configuration...
Current configuration: 1363 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch A
!
enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0
!
.
<output truncated>
.
interface gigabitethernet0/1
ip address 172.20.137.50 255.255.255.0
!
interface gigabitethernet0/2
mvr type source
3-10
<output truncated>
...!
interface VLAN1
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 3 Assigning the Switch IP Address and Default Gateway
ip address 172.20.137.50 255.255.255.0
no ip directed-broadcast
!
ip default-gateway 172.20.137.1 !
!
snmp-server community private RW
snmp-server community public RO
snmp-server community private@es0 RW
snmp-server community public@es0 RO
snmp-server chassis-id 0x12
!
end
To store the configuration or changes you have made to your startup configuration in flash memory, enter
this privileged EXEC command:
Switch# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
This command saves the configuration settings that you made. If you fail to do this, your configuration
will be lost the next time you reload the system. To display information stored in the NVRAM section
of flash memory, use the show startup-config or more startup-config privileged EXEC command.
Modifying the Startup Configuration
For more information about alternative locations from which to copy the configuration file, see
Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software Images.”
Modifying the Startup Configuration
These sections describe how to modify the switch startup configuration:
• Default Boot Configuration, page 3-12
• Automatically Downloading a Configuration File, page 3-12
• Booting Manually, page 3-13
• Booting a Specific Software Image, page 3-13
• Controlling Environment Variables, page 3-14
See also Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software
Images,” for information about switch configuration files.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
3-11
Chapter 3 Assigning the Switch IP Address and Default Gateway
Modifying the Startup Configuration
Default Boot Configuration
Table 3-3 shows the default boot configuration.
Table 3-3Default Boot Configuration
FeatureDefault Setting
Operating system software imageThe switch attempts to automatically boot the system using information in the BOOT
environment variable. If the variable is not set, the switch attempts to load and
execute the first executable image it can by performing a recursive, depth-first search
throughout the flash file system.
The Cisco IOS image is stored in a directory that has the same name as the image file
(excluding the .bin extension).
In a depth-first search of a directory, each encountered subdirectory is completely
searched before continuing the search in the original directory.
Configuration fileConfigured switches use the config.text file stored on the system board in flash
memory.
A new switch has no configuration file.
Automatically Downloading a Configuration File
You can automatically download a configuration file to your switch by using the DHCP-based
autoconfiguration feature. For more information, see the “Understanding DHCP-Based
Autoconfiguration” section on page 3-3.
Specifying the Filename to Read and Write the System Configuration
By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the
system configuration. However, you can specify a different filename, which will be loaded during the
next boot cycle.
Beginning in privileged EXEC mode, follow these steps to specify a different configuration filename:
CommandPurpose
Step 1
Step 2
configure terminalEnter global configuration mode.
boot config-file flash:/file-urlSpecify the configuration file to load during the next boot cycle.
For file-url, specify the path (directory) and the configuration
filename.
Step 3
Step 4
Step 5
3-12
Filenames and directory names are case sensitive.
endReturn to privileged EXEC mode.
show bootVerify your entries.
The boot config-file global configuration command changes the
setting of the CONFIG_FILE environment variable.
copy running-config startup-config(Optional) Save your entries in the configuration file.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 3 Assigning the Switch IP Address and Default Gateway
To return to the default setting, use the no boot config-file global configuration command.
Booting Manually
By default, the switch automatically boots; however, you can configure it to manually boot.
Beginning in privileged EXEC mode, follow these steps to configure the switch to manually boot during
the next boot cycle:
CommandPurpose
Step 1
Step 2
Step 3
Step 4
configure terminalEnter global configuration mode.
boot manualEnable the switch to manually boot during the next boot cycle.
endReturn to privileged EXEC mode.
show bootVerify your entries.
Modifying the Startup Configuration
The boot manual global command changes the setting of the
MANUAL_BOOT environment variable.
Step 5
copy running-config startup-config(Optional) Save your entries in the configuration file.
To disable manual booting, use the no boot manual global configuration command.
Booting a Specific Software Image
By default, the switch attempts to automatically boot the system using information in the BOOT
environment variable. If this variable is not set, the switch attempts to load and execute the first
executable image it can by performing a recursive, depth-first search throughout the flash file system. In
a depth-first search of a directory, each encountered subdirectory is completely searched before
continuing the search in the original directory. However, you can specify a specific image to boot.
Beginning in privileged EXEC mode, follow these steps to configure the switch to boot a specific image
during the next boot cycle:
The next time you reboot the system, the switch is in boot loader
mode, shown by the switch: prompt. To boot the system, use the
bootfilesystem:/file-url boot loader command.
• For filesystem:, use flash: for the system board flash device.
• For file-url, specify the path (directory) and the name of the
bootable image.
Filenames and directory names are case sensitive.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
3-13
Modifying the Startup Configuration
CommandPurpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminalEnter global configuration mode.
boot system filesystem:/file-urlConfigure the switch to boot a specific image in flash memory during the
endReturn to privileged EXEC mode.
show bootVerify your entries.
copy running-config startup-config(Optional) Save your entries in the configuration file.
Chapter 3 Assigning the Switch IP Address and Default Gateway
next boot cycle.
• For filesystem:, use flash: for the system board flash device.
• For file-url, specify the path (directory) and the name of the bootable
image.
Filenames and directory names are case sensitive.
The boot system global command changes the setting of the BOOT
environment variable.
During the next boot cycle, the switch attempts to automatically boot the
system using information in the BOOT environment variable.
To return to the default setting, use the no boot system global configuration command.
Controlling Environment Variables
With a normally operating switch, you enter the boot loader mode only through a switch console
connection configured for 9600 bps. Unplug the switch power cord, and press the switch Mode button
while reconnecting the power cord. You can release the Mode button a second or two after the LED
above port 1 turns off. Then the boot loader switch: prompt appears.
The switch boot loader software provides support for nonvolatile environment variables, which can be
used to control how the boot loader, or any other software running on the system, behaves. Boot loader
environment variables are similar to environment variables that can be set on UNIX or DOS systems.
Environment variables that have values are stored in flash memory outside of the flash file system.
Each line in these files contains an environment variable name and an equal sign followed by the value
of the variable. A variable has no value if it is not listed in this file; it has a value if it is listed in the file
even if the value is a null string. A variable that is set to a null string (for example, “ ”) is a variable with
a value. Many environment variables are predefined and have default values.
Environment variables store two kinds of data:
• Data that controls code, which does not read the Cisco IOS configuration file. For example, the name
of a boot loader helper file, which extends or patches the functionality of the boot loader can be
stored as an environment variable.
• Data that controls code, which is responsible for reading the Cisco IOS configuration file. For
example, the name of the Cisco IOS configuration file can be stored as an environment variable.
3-14
You can change the settings of the environment variables by accessing the boot loader or by using Cisco
IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment
variables.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 3 Assigning the Switch IP Address and Default Gateway
Scheduling a Reload of the Software Image
NoteFor complete syntax and usage information for the boot loader commands and environment variables,
see the command reference for this release.
Table 3-4 describes the function of the most common environment variables.
Table 3-4Environment Variables
VariableBoot Loader CommandCisco IOS Global Configuration Command
BOOTset BOOT filesystem:/file-url ...
boot system filesystem:/file-url ...
A semicolon-separated list of executable files to
try to load and execute when automatically
booting. If the BOOT environment variable is not
set, the system attempts to load and execute the
first executable image it can find by using a
recursive, depth-first search through the flash file
system. If the BOOT variable is set but the
specified images cannot be loaded, the system
attempts to boot the first bootable file that it can
find in the flash file system.
MANUAL_BOOTset MANUAL_BOOT yes
Decides whether the switch automatically or
manually boots.
Valid values are 1, yes, 0, and no. If it is set to no
or 0, the boot loader attempts to automatically
boot the system. If it is set to anything else, you
must manually boot the switch from the boot
loader mode.
CONFIG_FILEset CONFIG_FILEflash:/file-url
Changes the filename that Cisco IOS uses to read
and write a nonvolatile copy of the system
configuration.
Specifies the Cisco IOS image to load during the
next boot cycle. This command changes the
setting of the BOOT environment variable.
boot manual
Enables manually booting the switch during the
next boot cycle and changes the setting of the
MANUAL_BOOT environment variable.
The next time you reboot the system, the switch is
in boot loader mode. To boot the system, use the
bootflash:filesystem:/file-url boot loader
command, and specify the name of the bootable
image.
boot config-file flash:/file-url
Specifies the filename that Cisco IOS uses to read
and write a nonvolatile copy of the system
configuration. This command changes the
CONFIG_FILE environment variable.
Scheduling a Reload of the Software Image
You can schedule a reload of the software image to occur on the switch at a later time (for example, late
at night or during the weekend when the switch is used less), or you can synchronize a reload
network-wide (for example, to perform a software upgrade on all switches in the network).
NoteA scheduled reload must take place within approximately 24 days.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
3-15
Scheduling a Reload of the Software Image
Configuring a Scheduled Reload
To configure your switch to reload the software image at a later time, use one of these commands in
privileged EXEC mode:
• reload in [hh:]mm [text]
This command schedules a reload of the software to take affect in the specified minutes or hours and
minutes. The reload must take place within approximately 24 days. You can specify the reason for
the reload in a string up to 255 characters in length.
• reload at hh:mm [month day | day month] [text]
This command schedules a reload of the software to take place at the specified time (using a 24-hour
clock). If you specify the month and day, the reload is scheduled to take place at the specified time
and date. If you do not specify the month and day, the reload takes place at the specified time on the
current day (if the specified time is later than the current time) or on the next day (if the specified
time is earlier than the current time). Specifying 00:00 schedules the reload for midnight.
NoteUse the at keyword only if the switch system clock has been set (through Network Time
Protocol (NTP), the hardware calendar, or manually). The time is relative to the configured
time zone on the switch. To schedule reloads across several switches to occur
simultaneously, the time on each switch must be synchronized with NTP.
Chapter 3 Assigning the Switch IP Address and Default Gateway
The reload command halts the system. If the system is not set to manually boot, it reboots itself. Use the
reload command after you save the switch configuration information to the startup configuration (copy
running-config startup-config).
If your switch is configured for manual booting, do not reload it from a virtual terminal. This restriction
prevents the switch from entering the boot loader mode and thereby taking it from the remote user’s
control.
If you modify your configuration file, the switch prompts you to save the configuration before reloading.
During the save operation, the system requests whether you want to proceed with the save if the
CONFIG_FILE environment variable points to a startup configuration file that no longer exists. If you
proceed in this situation, the system enters setup mode upon reload.
This example shows how to reload the software on the switch on the current day at 7:30 p.m:
Switch# reload at 19:30
Reload scheduled for 19:30:00 UTC Wed Jun 5 1996 (in 2 hours and 25 minutes)
Proceed with reload? [confirm]
This example shows how to reload the software on the switch at a future time:
Switch# reload at 02:00 jun 20
Reload scheduled for 02:00:00 UTC Thu Jun 20 1996 (in 344 hours and 53 minutes)
Proceed with reload? [confirm]
To cancel a previously scheduled reload, use the reload cancel privileged EXEC command.
3-16
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 3 Assigning the Switch IP Address and Default Gateway
Displaying Scheduled Reload Information
To display information about a previously scheduled reload or to find out if a reload has been scheduled
on the switch, use the show reload privileged EXEC command.
It displays reload information including the time the reload is scheduled to occur and the reason for the
reload (if it was specified when the reload was scheduled).
Scheduling a Reload of the Software Image
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
3-17
Scheduling a Reload of the Software Image
Chapter 3 Assigning the Switch IP Address and Default Gateway
3-18
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
CHAPTER
4
Configuring IE2100 CNS Agents
This chapter describes how to configure the Intelligence Engine 2100 (IE2100) Series Cisco Networking
Services (CNS) embedded agents on your Catalyst 2960 switch.
NoteFor complete syntax and usage information for the commands used in this section, see the Cisco
Intelligence Engine 2100 Series Configuration Registrar Manual, and select Cisco IOS Software
Release 12.2 > New Feature Documentation > 12.2(2)T on Cisco.com.
This chapter consists of these sections:
• Understanding IE2100 Series Configuration Registrar Software, page 4-1
• Understanding CNS Embedded Agents, page 4-5
• Configuring CNS Embedded Agents, page 4-6
• Displaying CNS Configuration, page 4-13
Understanding IE2100 Series Configuration Registrar Software
The IE2100 Series Configuration Registrar is a network management device that acts as a configuration
service for automating the deployment and management of network devices and services
(see Figure 4-1). Each Configuration Registrar manages a group of Cisco IOS devices (switches and
routers) and the services that they deliver, storing their configurations and delivering them as needed.
The Configuration Registrar automates initial configurations and configuration updates by generating
device-specific configuration changes, sending them to the device, executing the configuration change,
and logging the results.
The Configuration Registrar supports standalone and server modes and has these CNS components:
• Configuration service (web server, file manager, and namespace mapping server)
• Event service (event gateway)
• Data service directory (data models and schema)
In standalone mode, the Configuration Registrar supports an embedded CNS Directory Service. In this
mode, no external directory or other data store is required. In server mode, the Configuration Registrar
supports the use of a user-defined external directory.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
4-1
Understanding IE2100 Series Configuration Registrar Software
These sections contain this conceptual information:
• CNS Configuration Service, page 4-2
• CNS Event Service, page 4-3
• What You Should Know About ConfigID, DeviceID, and Hostname, page 4-3
71444
CNS Configuration Service
The CNS Configuration Service is the core component of the Configuration Registrar. It consists of a
configuration server that works with CNS configuration agents located on the switch. The CNS
Configuration Service delivers device and service configurations to the switch for initial configuration
and mass reconfiguration by logical groups. Switches receive their initial configuration from the CNS
Configuration Service when they start up on the network for the first time.
The CNS Configuration Service uses the CNS Event Service to send and receive configuration change
events and to send success and failure notifications.
The configuration server is a web server that uses configuration templates and the device-specific
configuration information stored in the embedded (standalone mode) or remote (server mode) directory.
Configuration templates are text files containing static configuration information in the form of CLI
commands. In the templates, variables are specified using lightweight directory access protocol (LDAP)
URLs that reference the device-specific configuration information stored in a directory.
The configuration agent can perform a syntax check on received configuration files and publish events
to indicate the success or failure of the syntax check. The configuration agent can either apply
configurations immediately or delay the application until receipt of a synchronization event from the
configuration server.
4-2
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 4 Configuring IE2100 CNS Agents
CNS Event Service
The Configuration Registrar uses the CNS Event Service for receipt and generation of configuration
events. The CNS event agent resides on the switch and facilitates the communication between the switch
and the event gateway on the Configuration Registrar.
The CNS Event Service is a highly capable publish-and-subscribe communication method. The CNS
Event Service uses subject-based addressing to send messages to their destinations. Subject-based
addressing conventions define a simple, uniform namespace for messages and their destinations.
NameSpace Mapper
The Configuration Registrar includes the NameSpace Mapper (NSM) that provides a lookup service for
managing logical groups of devices based on application, device ID or group ID, and event.
Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS
software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate
events by using any desired naming convention. When you have populated your data store with your
subject names, NSM resolves your event subject-name strings to those known by IOS.
For a subscriber, when given a unique device ID and event, the namespace mapping service returns a set
of events to which to subscribe. Similarly, for a publisher, when given a unique group ID, device ID, and
event, the mapping service returns a set of events on which to publish.
Understanding IE2100 Series Configuration Registrar Software
What You Should Know About ConfigID, DeviceID, and Hostname
The Configuration Registrar assumes that a unique identifier is associated with each configured switch.
This unique identifier can take on multiple synonyms, where each synonym is unique within a particular
namespace. The event service uses namespace content for subject-based addressing of messages.
The Configuration Registrar intersects two namespaces, one for the event bus and the other for the
configuration server. Within the scope of the configuration server namespace, the term configID is the
unique identifier for a device. Within the scope of the event bus namespace, the term deviceID is the
CNS unique identifier for a device.
Because the Configuration Registrar uses both the event bus and the configuration server to provide
configurations to devices, you must define both configID and deviceID for each configured switch.
Within the scope of a single instance of the configuration server, no two configured switches can share
the same value for configID. Within the scope of a single instance of the event bus, no two configured
switches can share the same value for deviceID.
ConfigID
Each configured switch has a unique configID, which serves as the key into the Configuration Registrar
directory for the corresponding set of switch CLI attributes. The configID defined on the switch must
match the configID for the corresponding switch definition on the Configuration Registrar.
The configID is fixed at boot time and cannot be changed until reboot, even when the switch hostname
is reconfigured.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
4-3
Understanding IE2100 Series Configuration Registrar Software
DeviceID
Each configured switch participating on the event bus has a unique deviceID, which is analogous to the
switch source address so that the switch can be targeted as a specific destination on the bus. All switches
configured with the cns config partial global configuration command must access the event bus.
Therefore, the deviceID, as originated on the switch, must match the deviceID of the corresponding
switch definition in the Configuration Registrar.
The origin of the deviceID is defined by the Cisco IOS hostname of the switch. However, the deviceID
variable and its usage reside within the event gateway, which is adjacent to the switch.
The logical Cisco IOS termination point on the event bus is embedded in the event gateway, which in
turn functions as a proxy on behalf of the switch. The event gateway represents the switch and its
corresponding deviceID to the event bus.
The switch declares its hostname to the event gateway immediately after the successful connection to
the event gateway. The event gateway couples the deviceID value to the Cisco IOS hostname each time
this connection is established. The event gateway caches this deviceID value for the duration of its
connection to the switch.
Hostname and DeviceID
Chapter 4 Configuring IE2100 CNS Agents
The deviceID is fixed at the time of the connection to the event gateway and does not change even when
the switch hostname is reconfigured.
When changing the switch hostname on the switch, the only way to refresh the deviceID is to break the
connection between the switch and the event gateway. Enter the no cns event global configuration
command followed by the cns event global configuration command.
When the connection is re-established, the switch sends its modified hostname to the event gateway. The
event gateway redefines the deviceID to the new value.
CautionWhen using the Configuration Registrar user interface, you must first set the deviceID field to the
hostname value that the switch acquires after–not before–you use the cns config initial global
configuration command at the switch. Otherwise, subsequent cns config partial global configuration
command operations malfunction.
Using Hostname, DeviceID, and ConfigID
In standalone mode, when a hostname value is set for a switch, the configuration server uses the
hostname as the deviceID when an event is sent on hostname. If the hostname has not been set, the event
is sent on the cn=<value> of the device.
In server mode, the hostname is not used. In this mode, the unique deviceID attribute is always used for
sending an event on the bus. If this attribute is not set, you cannot update the switch.
These and other associated attributes (tag value pairs) are set when you run Setup on the Configuration
Registrar.
4-4
NoteFor more information about running the setup program on the Configuration Registrar, see the Cisco
Intelligence Engine 2100 Series Configuration Registrar Manual.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 4 Configuring IE2100 CNS Agents
Understanding CNS Embedded Agents
The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and
works with the CNS configuration agent. The CNS configuration agent feature supports the switch by
providing these features:
• Initial Configuration, page 4-5
• Incremental (Partial) Configuration, page 4-6
• Synchronized Configuration, page 4-6
Initial Configuration
When the switch first comes up, it attempts to get an IP address by broadcasting a DHCP request on the
network. Assuming there is no DHCP server on the subnet, the distribution switch acts as a DHCP relay
agent and forwards the request to the DHCP server. Upon receiving the request, the DHCP server assigns
an IP address to the new switch and includes the TFTP server IP address, the path to the bootstrap
configuration file, and the default gateway IP address in a unicast reply to the DHCP relay agent. The
DHCP relay agent forwards the reply to the switch.
Understanding CNS Embedded Agents
The switch automatically configures the assigned IP address on interface VLAN 1 (the default) and
downloads the bootstrap configuration file from the TFTP server. Upon successful download of the
bootstrap configuration file, the switch loads the file in its running configuration.
The embedded CNS agents initiate communication with the IE2100 Configuration Registrar by using the
appropriate configID and eventID. The Configuration Registrar maps the configID to a template and
downloads the full configuration file to the switch.
Figure 4-2 shows a sample network configuration for retrieving the initial bootstrap configuration file
After the network is running, new services can be added by using the CNS configuration agent.
Incremental (partial) configurations can be sent to the switch. The actual configuration can be sent as an
event payload by way of the event gateway (push operation) or as a signal event that triggers the switch
to initiate a pull operation.
The switch can check the syntax of the configuration before applying it. If the syntax is correct, the
switch applies the incremental configuration and publishes an event that signals success to the
configuration server. If the switch does not apply the incremental configuration, it publishes an event
showing an error status. When the switch has applied the incremental configuration, it can write it to
NVRAM or wait until signaled to do so.
Synchronized Configuration
When the switch receives a configuration, it can defer application of the configuration upon receipt of a
write-signal event. The write-signal event tells the switch not to save the updated configuration into its
NVRAM. The switch uses the updated configuration as its running configuration. This ensures that the
switch configuration is synchronized with other network activities before saving the configuration in
NVRAM for use at the next reboot.
Chapter 4 Configuring IE2100 CNS Agents
Configuring CNS Embedded Agents
The CNS agents embedded in the switch Cisco IOS software allow the switch to be connected and
automatically configured as described in the “Enabling Automated CNS Configuration” section on
page 4-6. If you want to change the configuration or install a custom configuration, see these sections
for instructions:
• Enabling the CNS Event Agent, page 4-8
• Enabling the CNS Configuration Agent, page 4-9
Enabling Automated CNS Configuration
To enable automated CNS configuration of the switch, you must first complete the prerequisites in
Table 4-1 . When you complete them, power on the switch. At the setup prompt, do nothing: The switch
begins the initial configuration as described in the “Initial Configuration” section on page 4-5. When the
full configuration file is loaded on your switch, you need to do nothing else.
4-6
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 4 Configuring IE2100 CNS Agents
Table 4-1Prerequisites for Enabling Automatic Configuration
DeviceRequired Configuration
Access switchFactory default (no configuration file)
Distribution switch
DHCP server
TFTP server
IE2100 Configuration RegistrarCreate one or more templates for each type of device, and map the
Configuring CNS Embedded Agents
• IP helper address
• Enable DHCP relay agent
• IP routing (if used as default gateway)
• IP address assignment
• TFTP server IP address
• Path to bootstrap configuration file on the TFTP server
• Default gateway IP address
• Create a bootstrap configuration file that includes the CNS
configuration commands that enable the switch to
communicate with the IE2100 Configuration Registrar.
• Configure the switch to use either the switch MAC address or
the serial number (instead of the default hostname) to generate
the configID and eventID.
• Configure the CNS event agent to push the configuration file
to the switch.
configID of the device to the template.
NoteFor more information about running the setup program and creating templates on the Configuration
Registrar, see the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
4-7
Configuring CNS Embedded Agents
Enabling the CNS Event Agent
NoteYou must enable the CNS event agent on the switch before you enable the CNS configuration agent.
Beginning in privileged EXEC mode, follow these steps to enable the CNS event agent on the switch:
CommandPurpose
Step 1
Step 2
configure terminalEnter global configuration mode.
Enable the event agent, and enter the gateway
parameters.
• For {ip-address | hostname}, enter either the
IP address or the hostname of the event gateway.
• (Optional) For port number, enter the port
number for the event gateway. The default port
number is 11011.
Step 3
Step 4
Step 5
Step 6
• (Optional) Enter backup to show that this is the
backup gateway. (If omitted, this is the primary
gateway.)
• (Optional) For init-retry retry-count, enter the
number of initial retries before switching to
backup. The default is 3.
• (Optional) For keepalive seconds, enter how
often the switch sends keepalive messages. For
retry-count, enter the number of unanswered
keepalive messages that the switch sends before
the connection is terminated. The default for
each is 0.
• (Optional) For source ip-address, enter the
source IP address of this device.
NoteThough visible in the command-line help
string, the encrypt and force-fmt1 keywords
are not supported.
endReturn to privileged EXEC mode.
show cns event connectionsVerify information about the event agent.
show running-configVerify your entries.
copy running-config startup-config(Optional) Save your entries in the configuration
file.
4-8
To disable the CNS event agent, use the no cns event {ip-address | hostname} global configuration
command.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 4 Configuring IE2100 CNS Agents
This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set
120 seconds as the keepalive interval, and set 10 as the retry count.
Enter the connect-interface-config submode, and
specify the interface for connecting to the
Configuration Registrar.
• Enter the interface-prefix for the connecting
interface. You must specify the interface type
but need not specify the interface number.
• (Optional) For ping-interval seconds, enter the
interval between successive ping attempts. The
range is 1 to 30 seconds. The default is 10
seconds.
• (Optional) For retries num, enter the number of
ping retries. The range is 1 to 30. The default
is 5.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
4-9
Configuring CNS Embedded Agents
CommandPurpose
Step 3
config-cli
or
line-cli
Step 4
Step 5
Step 6
Step 7
exitReturn to global configuration mode.
hostname nameEnter the hostname for the switch.
ip route network-numberEstablish a static route to the Configuration Registrar
cns id interface num {dns-reverse | ipaddress |
mac-address} [event]
or
cns id {hardware-serial | hostname | string string} [event]
Chapter 4 Configuring IE2100 CNS Agents
Enter config-cli to connect to the Configuration
Registrar through the interface defined in cns config connect-intf. Enter line-cli to connect to the
Registrar through modem dialup lines.
NoteThe config-cli interface configuration
command accepts the special directive
character & that acts as a placeholder for the
interface name. When the configuration is
applied, the & is replaced with the interface
name. For example, to connect through
FastEthernet0/0, the command
ip route 0.0.0.0 0.0.0.0 &
command
FastEthernet0/0
ip route 0.0.0.0 0.0.0.0
.
whose IP address is network-number.
Set the unique eventID or configID used by the
Configuration Registrar.
• For interface num, enter the type of
interface–for example, Ethernet, Group-Async,
Loopback, or Virtual-Template. This setting
specifies from which interface the IP or MAC
address should be retrieved to define the
unique ID.
• For {dns-reverse | ipaddress | mac-address}
enter dns-reverse to retrieve the hostname and
assign it as the unique ID, enter ipaddress to use
the IP address, or enter mac-address to use the
MAC address as the unique ID.
config-cli
generates the
4-10
• (Optional) Enter event to set the ID to be the
event-id value used to identify the switch.
• For {hardware-serial | hostname|
string string}, enter hardware-serial to set the
switch serial number as the unique ID, enter
hostname (the default) to select the switch
hostname as the unique ID, or enter an arbitrary
text string for string string as the unique ID.
Enable the configuration agent, and initiate an initial
configuration.
• For {ip-address | hostname}, enter the
IP address or the hostname of the configuration
server.
• (Optional) For port-number, enter the port
number of the configuration server. The default
port number is 80.
• (Optional) Enable event for configuration
success, failure, or warning messages when the
configuration is finished.
• (Optional) Enable no-persist to suppress the
automatic writing to NVRAM of the
configuration pulled as a result of entering the
cns config initial global configuration
command. If the no-persist keyword is not
entered, using the cns config initial command
causes the resultant configuration to be
automatically written to NVRAM.
Step 9
Step 10
Step 11
• (Optional) For page page, enter the web page of
the initial configuration. The default is
/Config/config/asp.
• (Optional) Enter source ip-address to use for
source IP address.
• (Optional) Enable syntax-check to check the
syntax when this parameter is entered.
NoteThough visible in the command-line help
string, the encrypt keyword is not supported.
endReturn to privileged EXEC mode.
show cns config connectionsVerify information about the configuration agent.
show running-configVerify your entries.
To disable the CNS configuration agent, use the no cns config initial {ip-address | hostname} global
configuration command.
This example shows how to configure an initial configuration on a remote switch. The switch hostname
is the unique ID. The CNS Configuration Registrar IP address is 172.28.129.22.
Switch(config)# cns config connect-intf serial ping-interval 1 retries 1
Switch(config-cns-conn-if)# config-cli ip address negotiated
Switch(config-cns-conn-if)# config-cli encapsulation ppp
Switch(config-cns-conn-if)# config-cli ip directed-broadcast
Switch(config-cns-conn-if)# config-cli no keepalive
Switch(config-cns-conn-if)# config-cli no shutdown
Switch(config-cns-conn-if)# exit
Switch(config)# hostname RemoteSwitch
RemoteSwitch(config)# ip route 10.1.1.1 255.255.255.255 11.11.11.1
RemoteSwitch(config)# cns id Ethernet 0 ipaddress
RemoteSwitch(config)# cns config initial 10.1.1.1 no-persist
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
4-11
Configuring CNS Embedded Agents
Enabling a Partial Configuration
Beginning in privileged EXEC mode, follow these steps to enable the CNS configuration agent and to
initiate a partial configuration on the switch:
CommandPurpose
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
configure terminalEnter global configuration mode.
copy running-config startup-config(Optional) Save your entries in the configuration
Chapter 4 Configuring IE2100 CNS Agents
Enable the configuration agent, and initiate a partial
configuration.
• For {ip-address | hostname}, enter the
IP address or the hostname of the configuration
server.
• (Optional) For port-number, enter the port
number of the configuration server. The default
port number is 80.
• (Optional) Enter source ip-address to use for the
source IP address.
NoteThough visible in the command-line help
string, the encrypt keyword is not supported.
Verify information about the configuration agent.
file.
4-12
To disable the CNS configuration agent, use the no cns config partial {ip-address | hostname} global
configuration command. To cancel a partial configuration, use the cns config cancel privileged EXEC
command.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 4 Configuring IE2100 CNS Agents
Displaying CNS Configuration
You can use the privileged EXEC commands in Ta ble 4- 2 to display CNS Configuration information.
Table 4-2Displaying CNS Configuration
CommandPurpose
show cns config connectionsDisplays the status of the CNS configuration agent connections.
show cns config outstandingDisplays information about incremental (partial) CNS
configurations that have started but are not yet completed.
show cns config statsDisplays statistics about the CNS configuration agent.
show cns event connectionsDisplays the status of the CNS event agent connections.
show cns event statsDisplays statistics about the CNS event agent.
show cns event subjectDisplays a list of event agent subjects that are subscribed to by
applications.
Displaying CNS Configuration
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
4-13
Displaying CNS Configuration
Chapter 4 Configuring IE2100 CNS Agents
4-14
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
CHAPTER
5
Clustering Switches
This chapter provides an overview of the concepts and of the procedures used to create and manage
Catalyst 2960 switch clusters.
You can create and manage switch clusters by using Network Assistant, the command-line interface
(CLI), or SNMP. Configuring switch clusters is more easily done from Network Assistant than through
the CLI or SNMP. For getting started procedures about using Network Assistant to configure switch
clusters, see Getting Started with Cisco Network Assistant, available on Cisco.com. For complete
procedures about managing switch clusters, see the switch online help. For the CLI cluster commands,
see the switch command reference.This chapter consists of these sections:
• Understanding Switch Clusters, page 5-1
• Using the CLI to Manage Switch Clusters, page 5-3
• Using SNMP to Manage Switch Clusters, page 5-4
NoteWe do not recommend using the ip http access-class global configuration command to limit access to
specific hosts or networks. Control access through the cluster command switch or by applying access
control lists (ACLs) on interfaces that are configured with an IP address. For more information on ACLs,
see Chapter 28, “Configuring Network Security with ACLs.”
• Candidate Switch and Cluster Member Switch Characteristics, page 5-3
Clustering Overview
A switch cluster is a set of up to 16 connected, cluster-capable Catalyst switches that are managed as a
single entity. The switches in the cluster use the switch clustering technology so that you can configure
and troubleshoot a group of different Catalyst desktop switch platforms through a single IP address.
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
5-1
Understanding Switch Clusters
Using switch clusters simplifies the management of multiple switches, regardless of their physical
location and platform families. Clustering also provides redundancy through standby cluster command
switches.
In a switch cluster, 1 switch must be the cluster command switch and up to 15 other switches can be
cluster member switches. The total number of switches in a cluster cannot exceed 16 switches. The
cluster command switch is the single point of access used to configure, manage, and monitor the cluster
member switches. Cluster members can belong to only one cluster at a time.
NoteIf you configure Secure Socket Layer (SSL) Version 3.0 for a secure (HTTPS) connection, the SSL
connection stops at the command switch. Cluster member switches must run nonsecure HTTP. For more
information about SSL, see the “Configuring the Switch for Secure Socket Layer HTTP” section on
page 8-37.
For more information about switch clustering, including cluster-planning considerations, see Getting Started with Cisco Network Assistant, available on Cisco.com. For a list of Catalyst switches eligible for
switch clustering, including which ones can be cluster command switches and which ones can only be
cluster member switches, and the required software versions, see the Release Notes for Cisco Network Assistant, available on Cisco.com.
Chapter 5 Clustering Switches
Cluster Command Switch Characteristics
A cluster command switch must meet these requirements:
• It is running Cisco IOS Release 12.2(25)FX or later.
• It has an IP address.
• It has Cisco Discovery Protocol (CDP) Version 2 enabled (the default).
• It is not a command or cluster member switch of another cluster.
• It is connected to the standby cluster command switches through the management VLAN and to the
cluster member switches through a common VLAN.
NoteIf your switch cluster has a Catalyst 2960 switch, it should be the cluster command switch unless the
cluster has a Catalyst 3750 switch or switch stack. If the switch cluster has a Catalyst 3750 switch or
switch stack, that switch or switch stack should be the cluster command switch.
Standby Cluster Command Switch Characteristics
A standby cluster command switch must meet these requirements:
• It is running Cisco IOS Release 12.2(25)FX or later.
• It has an IP address.
5-2
• It has CDP Version 2 enabled.
• It is connected to the command switch and to other standby command switches through its
management VLAN.
• It is connected to all other cluster member switches (except the cluster command and standby
command switches) through a common VLAN.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 5 Clustering Switches
Using the CLI to Manage Switch Clusters
• It is redundantly connected to the cluster so that connectivity to cluster member switches is
maintained.
• It is not a command or member switch of another cluster.
NoteStandby cluster command switches must be the same type of switches as the cluster command
switch. For example, if the cluster command switch is a Catalyst 2960 switch, the standby
cluster command switches must also be Catalyst 2960 switches. See the switch configuration
guides of other cluster-capable switches for their requirements on standby cluster command
switches.
Candidate Switch and Cluster Member Switch Characteristics
Candidate switches are cluster-capable switches that have not yet been added to a cluster. Cluster
member switches are switches that have actually been added to a switch cluster. Although not required,
a candidate or cluster member switch can have its own IP address and password.
To join a cluster, a candidate switch must meet these requirements:
• It is running cluster-capable software.
• It has CDP Version 2 enabled.
• It is not a command or cluster member switch of another cluster.
• If a cluster standby group exists, it is connected to every standby cluster command switch through
at least one common VLAN. The VLAN to each standby cluster command switch can be different.
• It is connected to the cluster command switch through at least one common VLAN.
candidate and cluster member switches must be connected through their management VLAN
to the cluster command switch and standby cluster command switches. For complete
information about these switches in a switch-cluster environment, see the software
configuration guide for that specific switch.
This requirement does not apply if you have a Catalyst 2970, 2960, 3550, 3560, or 3750
cluster command switch. Candidate and cluster member switches can connect through any
VLAN in common with the cluster command switch.
Using the CLI to Manage Switch Clusters
You can configure cluster member switches from the CLI by first logging into the cluster command
switch. Enter the rcommand user EXEC command and the cluster member switch number to start a
Telnet session (through a console or Telnet connection) and to access the cluster member switch CLI.
The command mode changes, and the Cisco IOS commands operate as usual. Enter the exit privileged
EXEC command on the cluster member switch to return to the command-switch CLI.
78-16881-01
This example shows how to log into member-switch 3 from the command-switch CLI:
switch# rcommand 3
Catalyst 2960 Switch Software Configuration Guide
5-3
Using SNMP to Manage Switch Clusters
If you do not know the member-switch number, enter the show cluster members privileged EXEC
command on the cluster command switch. For more information about the rcommand command and all
other cluster commands, see the switch command reference.
The Telnet session accesses the member-switch CLI at the same privilege level as on the cluster
command switch. The Cisco IOS commands then operate as usual. For instructions on configuring the
switch for a Telnet session, see the “Disabling Password Recovery” section on page 8-5.
Catalyst 1900 and Catalyst 2820 CLI Considerations
If your switch cluster has Catalyst 1900 and Catalyst 2820 switches running standard edition software,
the Telnet session accesses the management console (a menu-driven interface) if the cluster command
switch is at privilege level 15. If the cluster command switch is at privilege level 1 to 14, you are
prompted for the password to access the menu console.
NoteCatalyst 1900, 2900 XL (4 MB), and 2820 switches are not supported in Network Assistant. The
switches appear as unknown devices in the Network Assistant Front Panel and Topology views.
Chapter 5 Clustering Switches
Command-switch privilege levels map to the Catalyst 1900 and Catalyst 2820 cluster member switches
running standard and Enterprise Edition Software as follows:
• If the command-switch privilege level is 1 to 14, the cluster member switch is accessed at privilege
level 1.
• If the command-switch privilege level is 15, the cluster member switch is accessed at privilege
level 15.
NoteThe Catalyst 1900 and Catalyst 2820 CLI is available only on switches running Enterprise
Edition Software.
For more information about the Catalyst 1900 and Catalyst 2820 switches, see the installation and
configuration guides for those switches.
Using SNMP to Manage Switch Clusters
When you first power on the switch, SNMP is enabled if you enter the IP information by using the setup
program and accept its proposed configuration. If you did not use the setup program to enter the IP
information and SNMP was not enabled, you can enable it as described in the “Configuring SNMP”
section on page 27-6. On Catalyst 1900 and Catalyst 2820 switches, SNMP is enabled by default.
When you create a cluster, the cluster command switch manages the exchange of messages between
cluster member switches and an SNMP application. The cluster software on the cluster command switch
appends the cluster member switch number (@esN, where N is the switch number) to the first configured
read-write and read-only community strings on the cluster command switch and propagates them to the
cluster member switch. The cluster command switch uses this community string to control the
forwarding of gets, sets, and get-next messages between the SNMP management station and the cluster
member switches.
5-4
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Chapter 5 Clustering Switches
NoteWhen a cluster standby group is configured, the cluster command switch can change without your
knowledge. Use the first read-write and read-only community strings to communicate with the cluster
command switch if there is a cluster standby group configured for the cluster.
If the cluster member switch does not have an IP address, the cluster command switch redirects traps
from the cluster member switch to the management station, as shown in Figure 5-1. If a cluster member
switch has its own IP address and community strings, the cluster member switch can send traps directly
to the management station, without going through the cluster command switch.
If a cluster member switch has its own IP address and community strings, they can be used in addition
to the access provided by the cluster command switch. For more information about SNMP and
community strings, see Chapter 27, “Configuring SNMP.”
Figure 5-1SNMP Management for a Cluster
Using SNMP to Manage Switch Clusters
SNMP Manager
Member 1Member 2Member 3
Trap 1, Trap 2, Trap 3
Tr ap
Command switch
Tr ap
Tr ap
33020
78-16881-01
Catalyst 2960 Switch Software Configuration Guide
5-5
Using SNMP to Manage Switch Clusters
Chapter 5 Clustering Switches
5-6
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Administering the Switch
This chapter describes how to perform one-time operations to administer the Catalyst 2960 switch.
This chapter consists of these sections:
• Managing the System Time and Date, page 6-1
• Configuring a System Name and Prompt, page 6-14
• Creating a Banner, page 6-17
• Managing the MAC Address Table, page 6-19
• Managing the ARP Table, page 6-26
Managing the System Time and Date
You can manage the system time and date on your switch using automatic configuration, such as the
Network Time Protocol (NTP), or manual configuration methods.
CHAPTER
6
78-16881-01
NoteFor complete syntax and usage information for the commands used in this section, see the Cisco IOS
These sections contain this configuration information:
• Understanding the System Clock, page 6-2
• Understanding Network Time Protocol, page 6-2
• Configuring NTP, page 6-4
• Configuring Time and Date Manually, page 6-11
Catalyst 2960 Switch Software Configuration Guide
6-1
Managing the System Time and Date
Understanding the System Clock
The heart of the time service is the system clock. This clock runs from the moment the system starts up
and keeps track of the date and time.
The system clock can then be set from these sources:
• NTP
• Manual configuration
The system clock can provide time to these services:
• User show commands
• Logging and debugging messages
The system clock keeps track of time internally based on Universal Time Coordinated (UTC), also
known as Greenwich Mean Time (GMT). You can configure information about the local time zone and
summer time (daylight saving time) so that the time appears correctly for the local time zone.
The system clock keeps track of whether the time is authoritative or not (that is, whether it has been set
by a time source considered to be authoritative). If it is not authoritative, the time is available only for
display purposes and is not redistributed. For configuration information, see the “Configuring Time and
Date Manually” section on page 6-11.
Chapter 6 Administering the Switch
Understanding Network Time Protocol
The NTP is designed to time-synchronize a network of devices. NTP runs over User Datagram Protocol
(UDP), which runs over IP. NTP is documented in RFC 1305.
An NTP network usually gets its time from an authoritative time source, such as a radio clock or an
atomic clock attached to a time server. NTP then distributes this time across the network. NTP is
extremely efficient; no more than one packet per minute is necessary to synchronize two devices to
within a millisecond of one another.
NTP uses the concept of a stratum to describe how many NTP hops away a device is from an
authoritative time source. A stratum 1 time server has a radio or atomic clock directly attached, a
stratum 2 time server receives its time through NTP from a stratum 1 time server, and so on. A device
running NTP automatically chooses as its time source the device with the lowest stratum number with
which it communicates through NTP. This strategy effectively builds a self-organizing tree of NTP
speakers.
NTP avoids synchronizing to a device whose time might not be accurate by never synchronizing to a
device that is not synchronized. NTP also compares the time reported by several devices and does not
synchronize to a device whose time is significantly different than the others, even if its stratum is lower.
The communications between devices running NTP (known as associations) are usually statically
configured; each device is given the IP address of all devices with which it should form associations.
Accurate timekeeping is possible by exchanging NTP messages between each pair of devices with an
association. However, in a LAN environment, NTP can be configured to use IP broadcast messages
instead. This alternative reduces configuration complexity because each device can simply be
configured to send or receive broadcast messages. However, in that case, information flow is one-way
only.
6-2
The time kept on a device is a critical resource; you should use the security features of NTP to avoid the
accidental or malicious setting of an incorrect time. Two mechanisms are available: an access list-based
restriction scheme and an encrypted authentication mechanism.
Catalyst 2960 Switch Software Configuration Guide
78-16881-01
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.