Cisco Catalyst 2360 Software Configuration Manual

Download

Catalyst 2360 Switch Software Configuration Guide

Cisco IOS 12.2(53)EY June 2010

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-19808-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at

www.cisco.com/web/siteassets/legal/trademark.html. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not

imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Catalyst 2360 Switch Software Configuration Guide

IMPLIED, INCLUDING, WITHOUT

Preface xxv

Purpose xxv

Conventions xxv

Related Publications xxvi

Obtaining Documentation and Submitting a Service Request xxvii

CHAPTER

1 Overview 1-1

Features 1-1

Deployment Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability Features 1-3 Availability and Redundancy Features 1-4 VLAN Features 1-5 Security Features 1-5 QoS and CoS Features 1-6 Monitoring Features 1-6

Default Settings After Initial Switch Configuration 1-6

Where to Go Next 1-8

2 Using the Command-Line Interface 2-1

Understanding Command Modes 2-1

Understanding the Help System 2-3

Understanding Abbreviated Commands 2-4

OL-19808-01

Understanding no and default Forms of Commands 2-4

Understanding CLI Error Messages 2-5

Using Configuration Logging 2-5

Using Command History 2-6

Changing the Command History Buffer Size 2-6 Recalling Commands 2-6 Disabling the Command History Feature 2-7

Using Editing Features 2-7

Enabling and Disabling Editing Features 2-7

Catalyst 2360 Switch Software Configuration Guide

iii

Contents

Editing Commands through Keystrokes 2-8 Editing Command Lines that Wrap 2-9

Searching and Filtering Output of show and more Commands 2-10

Accessing the CLI 2-10

Accessing the CLI through a Console Connection or through Telnet 2-10

CHAPTER

3 Assigning the Switch IP Address and Default Gateway 3-1

Understanding the Boot Process 3-1

Assigning Switch Information 3-2

Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3

DHCP Client Request Process 3-3

Understanding DHCP-based Autoconfiguration and Image Update 3-4

DHCP Autoconfiguration 3-5 DHCP Auto-Image Update 3-5 Limitations and Restrictions 3-5

Configuring DHCP-Based Autoconfiguration 3-6

DHCP Server Configuration Guidelines 3-6 Configuring the TFTP Server 3-6 Configuring the DNS 3-7 Configuring the Relay Device 3-7 Obtaining Configuration Files 3-8 Example Configuration 3-9

Manually Assigning IP Information 3-10

CHAPTER

Checking and Saving the Running Configuration 3-11

Modifying the Startup Configuration 3-12

Default Boot Configuration 3-13 Automatically Downloading a Configuration File 3-13 Specifying the Filename to Read and Write the System Configuration 3-13 Booting Manually 3-14 Booting a Specific Software Image 3-14 Controlling Environment Variables 3-15

Scheduling a Reload of the Software Image 3-17

Configuring a Scheduled Reload 3-17 Displaying Scheduled Reload Information 3-18

4 Clustering Switches 4-1

Understanding Switch Clusters 4-2

Cluster Command Switch Characteristics 4-3

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Standby Cluster Command Switch Characteristics 4-3 Candidate Switch and Cluster Member Switch Characteristics 4-3

Planning a Switch Cluster 4-4

Automatic Discovery of Cluster Candidates and Members 4-4

Discovery Through CDP Hops 4-5 Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 4-6 Discovery Through Different VLANs 4-7 Discovery Through Different Management VLANs 4-7 Discovery Through Routed Ports 4-8

Discovery of Newly Installed Switches 4-9 IP Addresses 4-10 Hostnames 4-10 Passwords 4-10 SNMP Community Strings 4-11 TACACS+ and RADIUS 4-11 LRE Profiles 4-11

Contents

CHAPTER

Using the CLI to Manage Switch Clusters 4-11

Catalyst 1900 and Catalyst 2820 CLI Considerations 4-12

Using SNMP to Manage Switch Clusters 4-12

5 Administering the Switch 5-1

Managing the System Time and Date 5-1

Understanding the System Clock 5-1 Understanding Network Time Protocol 5-2 Configuring NTP 5-3

Default NTP Configuration 5-4

Configuring NTP Authentication 5-4

Configuring NTP Associations 5-5

Configuring NTP Access Restrictions 5-7

Configuring the Source IP Address for NTP Packets 5-8

Displaying the NTP Configuration 5-8 Configuring Time and Date Manually 5-9

Setting the System Clock 5-9

Displaying the Time and Date Configuration 5-9

Configuring the Time Zone 5-10

Configuring Summer Time (Daylight Saving Time) 5-11

OL-19808-01

Configuring a System Name and Prompt 5-12

Default System Name and Prompt Configuration 5-13 Configuring a System Name 5-13

Catalyst 2360 Switch Software Configuration Guide

Contents

Understanding DNS 5-13

Default DNS Configuration 5-14 Setting Up DNS 5-14 Displaying the DNS Configuration 5-15

Creating a Banner 5-15

Default Banner Configuration 5-15 Configuring a Message-of-the-Day Login Banner 5-16 Configuring a Login Banner 5-17

Managing the MAC Address Table 5-17

Building the Address Table 5-18 MAC Addresses and VLANs 5-18 Default MAC Address Table Configuration 5-18 Changing the Address Aging Time 5-19 Removing Dynamic Address Entries 5-19 Adding and Removing Static Address Entries 5-20 Configuring Unicast MAC Address Filtering 5-21 Displaying Address Table Entries 5-22

CHAPTER

Managing the ARP Table 5-22

6 Using the SDM Default Template 6-1

Default SDM Template 6-1

Displaying the SDM Templates 6-1

7 Configuring Switch-Based Authentication 7-1

Preventing Unauthorized Access to Your Switch 7-1

Protecting Access to Privileged EXEC Commands 7-2

Default Password and Privilege Level Configuration 7-2 Setting or Changing a Static Enable Password 7-3 Protecting Enable and Enable Secret Passwords with Encryption 7-3 Disabling Password Recovery 7-5 Setting a Telnet Password for a Terminal Line 7-6 Configuring Username and Password Pairs 7-6 Configuring Multiple Privilege Levels 7-7

Setting the Privilege Level for a Command 7-8 Changing the Default Privilege Level for Lines 7-9 Logging into and Exiting a Privilege Level 7-9

Controlling Switch Access with TACACS+ 7-10

Understanding TACACS+ 7-10 TACACS+ Operation 7-11

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Configuring TACACS+ 7-11

Default TACACS+ Configuration 7-12

Identifying the TACACS+ Server Host and Setting the Authentication Key 7-12

Configuring TACACS+ Login Authentication 7-13

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 7-15

Starting TACACS+ Accounting 7-16 Displaying the TACACS+ Configuration 7-16

Controlling Switch Access with RADIUS 7-17

Understanding RADIUS 7-17 RADIUS Operation 7-18 Configuring RADIUS 7-19

Default RADIUS Configuration 7-19

Identifying the RADIUS Server Host 7-19

Configuring RADIUS Login Authentication 7-22

Defining AAA Server Groups 7-24

Configuring RADIUS Authorization for User Privileged Access and Network Services 7-26

Starting RADIUS Accounting 7-27

Configuring Settings for All RADIUS Servers 7-28

Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-28

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-29 Displaying the RADIUS Configuration 7-30

Contents

Configuring the Switch for Local Authentication and Authorization 7-31

Configuring the Switch for Secure Shell 7-32

Understanding SSH 7-32

SSH Servers, Integrated Clients, and Supported Versions 7-33

Limitations 7-33 Configuring SSH 7-33

Configuration Guidelines 7-34

Setting Up the Switch to Run SSH 7-34

Configuring the SSH Server 7-35 Displaying the SSH Configuration and Status 7-36

Configuring the Switch for Secure Socket Layer HTTP 7-36

Understanding Secure HTTP Servers and Clients 7-37

Certificate Authority Trustpoints 7-37

CipherSuites 7-38 Configuring Secure HTTP Servers and Clients 7-39

Default SSL Configuration 7-39

SSL Configuration Guidelines 7-39

Configuring a CA Trustpoint 7-39

OL-19808-01

Catalyst 2360 Switch Software Configuration Guide

vii

Contents

Configuring the Secure HTTP Server 7-40 Configuring the Secure HTTP Client 7-42

Displaying Secure HTTP Server and Client Status 7-43

Configuring the Switch for Secure Copy Protocol 7-43

Information About Secure Copy 7-43

CHAPTER

8 Configuring Interface Characteristics 8-1

Understanding Interface Types 8-1

Port-Based VLANs 8-1 Switch Ports 8-2

Access Ports 8-2

Trunk Ports 8-2 Ethernet Management Port 8-3 Switch Virtual Interfaces 8-3

SVI Autostate Exclude 8-3 EtherChannel Port Groups 8-4 10-Gigabit Ethernet Interfaces 8-4 Connecting Interfaces 8-5

Using the Switch USB Ports 8-5

USB Mini-Type B Console Port 8-5

Console Port Change Logs 8-6

Configuring the Console Media Type 8-6

Configuring the USB Inactivity Timeout 8-7 USB Type A Port 8-8

viii

Using Interface Configuration Mode 8-9

Procedures for Configuring Interfaces 8-10 Configuring a Range of Interfaces 8-11 Configuring and Using Interface Range Macros 8-12

Using the Ethernet Management Port 8-14

Understanding the Ethernet Management Port 8-14 Supported Features on the Ethernet Management Port 8-14 Configuring the Ethernet Management Port 8-15 TFTP and the Ethernet Management Port 8-15

Configuring Ethernet Interfaces 8-16

Default Ethernet Interface Configuration 8-16 Configuring Interface Speed and Duplex Mode 8-17

Speed and Duplex Configuration Guidelines 8-17

Setting the Interface Speed and Duplex Parameters 8-18 Configuring IEEE 802.3x Flow Control 8-19

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Configuring Auto-MDIX on an Interface 8-20 Adding a Description for an Interface 8-21 Configuring SVI Autostate Exclude 8-21

Configuring the System MTU 8-22

Configuring Small-Frame Arrival Rate 8-23

Monitoring and Maintaining the Interfaces 8-24

Monitoring Interface Status 8-24 Clearing and Resetting Interfaces and Counters 8-25 Shutting Down and Restarting the Interface 8-26

Contents

CHAPTER

9 Configuring VLANs 9-1

Understanding VLANs 9-1

Supported VLANs 9-2 VLAN Port Membership Modes 9-3

Configuring Normal-Range VLANs 9-3

Token Ring VLANs 9-5 Normal-Range VLAN Configuration Guidelines 9-5 VLAN Configuration Mode Options 9-6

VLAN Configuration in config-vlan Mode 9-6

VLAN Configuration in VLAN Database Configuration Mode 9-6 Saving VLAN Configuration 9-6 Default Ethernet VLAN Configuration 9-7 Creating or Modifying an Ethernet VLAN 9-8 Deleting a VLAN 9-9 Assigning Static-Access Ports to a VLAN 9-10

Configuring Extended-Range VLANs 9-11

Default VLAN Configuration 9-11 Extended-Range VLAN Configuration Guidelines 9-12 Creating an Extended-Range VLAN 9-12

OL-19808-01

Displaying VLANs 9-14

Configuring VLAN Trunks 9-14

Trunking Overview 9-14

IEEE 802.1Q Configuration Considerations 9-15 Default Layer 2 Ethernet Interface VLAN Configuration 9-16 Configuring an Ethernet Interface as a Trunk Port 9-16

Interaction with Other Features 9-17

Configuring a Trunk Port 9-17

Defining the Allowed VLANs on a Trunk 9-18

Changing the Pruning-Eligible List 9-19

Catalyst 2360 Switch Software Configuration Guide

Contents

Configuring the Native VLAN for Untagged Traffic 9-20

Configuring Trunk Ports for Load Sharing 9-20

Load Sharing Using STP Port Priorities 9-21 Load Sharing Using STP Path Cost 9-22

CHAPTER

10 Configuring VTP 10-1

Understanding VTP 10-1

The VTP Domain 10-2 VTP Modes 10-3 VTP Advertisements 10-3 VTP Version 2 10-4 VTP Pruning 10-4

Configuring VTP 10-6

Default VTP Configuration 10-6 VTP Configuration Options 10-7

VTP Configuration in Global Configuration Mode 10-7 VTP Configuration in VLAN Database Configuration Mode 10-7

VTP Configuration Guidelines 10-8

Domain Names 10-8 Passwords 10-8 VTP Version 10-8

Configuration Requirements 10-9 Configuring a VTP Server 10-9 Configuring a VTP Client 10-11 Disabling VTP (VTP Transparent Mode) 10-12 Enabling VTP Version 2 10-13 Enabling VTP Pruning 10-14 Adding a VTP Client Switch to a VTP Domain 10-14

CHAPTER

Monitoring VTP 10-16

11 Configuring STP 11-1

Understanding Spanning-Tree Features 11-1

STP Overview 11-2 Spanning-Tree Topology and BPDUs 11-3 Bridge ID, Switch Priority, and Extended System ID 11-4 Spanning-Tree Interface States 11-4

Blocking State 11-5

Listening State 11-6

Learning State 11-6

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Forwarding State 11-6

Disabled State 11-7 How a Switch or Port Becomes the Root Switch or Root Port 11-7 Spanning Tree and Redundant Connectivity 11-8 Spanning-Tree Address Management 11-8 Accelerated Aging to Retain Connectivity 11-8 Spanning-Tree Modes and Protocols 11-9 Supported Spanning-Tree Instances 11-9 Spanning-Tree Interoperability and Backward Compatibility 11-10 STP and IEEE 802.1Q Trunks 11-10

Configuring Spanning-Tree Features 11-10

Default Spanning-Tree Configuration 11-11 Spanning-Tree Configuration Guidelines 11-11 Changing the Spanning-Tree Mode. 11-13 Disabling Spanning Tree 11-14 Configuring the Root Switch 11-14 Configuring a Secondary Root Switch 11-16 Configuring Port Priority 11-16 Configuring Path Cost 11-18 Configuring the Switch Priority of a VLAN 11-19 Configuring Spanning-Tree Timers 11-20

Configuring the Hello Time 11-20

Configuring the Forwarding-Delay Time for a VLAN 11-21

Configuring the Maximum-Aging Time for a VLAN 11-21

Configuring the Transmit Hold-Count 11-22

Contents

CHAPTER

OL-19808-01

Displaying the Spanning-Tree Status 11-22

12 Configuring MSTP 12-1

Understanding MSTP 12-2

Multiple Spanning-Tree Regions 12-2 IST, CIST, and CST 12-3

Operations Within an MST Region 12-3

Operations Between MST Regions 12-4

IEEE 802.1s Terminology 12-5 Hop Count 12-5 Boundary Ports 12-6 IEEE 802.1s Implementation 12-6

Port Role Naming Change 12-7

Interoperation Between Legacy and Standard Switches 12-7

Catalyst 2360 Switch Software Configuration Guide

Contents

Detecting Unidirectional Link Failure 12-8

Interoperability with IEEE 802.1D STP 12-8

Understanding RSTP 12-8

Port Roles and the Active Topology 12-9 Rapid Convergence 12-10 Synchronization of Port Roles 12-11 Bridge Protocol Data Unit Format and Processing 12-12

Processing Superior BPDU Information 12-13 Processing Inferior BPDU Information 12-13

Topology Changes 12-13

Configuring MSTP Features 12-14

Default MSTP Configuration 12-14 MSTP Configuration Guidelines 12-15 Specifying the MST Region Configuration and Enabling MSTP 12-16 Configuring the Root Switch 12-17 Configuring a Secondary Root Switch 12-18 Configuring Port Priority 12-19 Configuring Path Cost 12-20 Configuring the Switch Priority 12-21 Configuring the Hello Time 12-22 Configuring the Forwarding-Delay Time 12-23 Configuring the Maximum-Aging Time 12-23 Configuring the Maximum-Hop Count 12-24 Specifying the Link Type to Ensure Rapid Transitions 12-24 Designating the Neighbor Type 12-25 Restarting the Protocol Migration Process 12-25

CHAPTER

xii

Displaying the MST Configuration and Status 12-26

13 Configuring Optional Spanning-Tree Features 13-1

Understanding Optional Spanning-Tree Features 13-1

Understanding Port Fast 13-2 Understanding BPDU Guard 13-2 Understanding BPDU Filtering 13-3 Understanding UplinkFast 13-3 Understanding BackboneFast 13-5 Understanding EtherChannel Guard 13-7 Understanding Root Guard 13-8 Understanding Loop Guard 13-9

Configuring Optional Spanning-Tree Features 13-9

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Default Optional Spanning-Tree Configuration 13-9 Optional Spanning-Tree Configuration Guidelines 13-10 Enabling Port Fast 13-10 Enabling BPDU Guard 13-11 Enabling BPDU Filtering 13-12 Enabling UplinkFast for Use with Redundant Links 13-13 Enabling BackboneFast 13-13 Enabling EtherChannel Guard 13-14 Enabling Root Guard 13-15 Enabling Loop Guard 13-15

Displaying the Spanning-Tree Status 13-16

Contents

CHAPTER

14 Configuring DHCP Features 14-1

Understanding DHCP Features 14-1

DHCP Server 14-2 DHCP Relay Agent 14-2 Configuring DHCP Features 14-2 Default DHCP Configuration 14-2 Configuring the DHCP Server 14-3 Configuring the DHCP Relay Agent 14-3 Specifying the Packet Forwarding Address 14-3 Enabling the Cisco IOS DHCP Server Database 14-4

15 Configuring IGMP Snooping 15-1

Understanding IGMP Snooping 15-1

IGMP Versions 15-2 Joining a Multicast Group 15-3 Leaving a Multicast Group 15-5 Immediate Leave 15-5 IGMP Configurable-Leave Timer 15-5 IGMP Report Suppression 15-5

OL-19808-01

Configuring IGMP Snooping 15-6

Default IGMP Snooping Configuration 15-6 Enabling or Disabling IGMP Snooping 15-7 Setting the Snooping Method 15-8 Configuring a Multicast Router Port 15-9 Configuring a Host Statically to Join a Group 15-9 Enabling IGMP Immediate Leave 15-10 Configuring the IGMP Leave Timer 15-10

Catalyst 2360 Switch Software Configuration Guide

xiii

Contents

Configuring TCN-Related Commands 15-11

Controlling the Multicast Flooding Time After a TCN Event 15-11 Recovering from Flood Mode 15-12

Disabling Multicast Flooding During a TCN Event 15-12 Configuring the IGMP Snooping Querier 15-13 Disabling IGMP Report Suppression 15-15

Displaying IGMP Snooping Information 15-15

Configuring IGMP Filtering and Throttling 15-16

Default IGMP Filtering and Throttling Configuration 15-17 Configuring IGMP Profiles 15-18 Applying IGMP Profiles 15-19 Setting the Maximum Number of IGMP Groups 15-19 Configuring the IGMP Throttling Action 15-20

Displaying IGMP Filtering and Throttling Configuration 15-21

CHAPTER

16 Configuring IPv6 MLD Snooping 16-1

Understanding MLD Snooping 16-1

MLD Messages 16-3 MLD Queries 16-3 Multicast Client Aging Robustness 16-3 Multicast Router Discovery 16-4 MLD Reports 16-4 MLD Done Messages and Immediate-Leave 16-4 Topology Change Notification Processing 16-5

Configuring IPv6 MLD Snooping 16-5

Default MLD Snooping Configuration 16-5 MLD Snooping Configuration Guidelines 16-6 Enabling or Disabling MLD Snooping 16-6 Configuring a Static Multicast Group 16-8 Configuring a Multicast Router Port 16-8 Enabling MLD Immediate Leave 16-9 Configuring MLD Snooping Queries 16-10 Disabling MLD Listener Message Suppression 16-11

CHAPTER

xiv

Displaying MLD Snooping Information 16-11

17 Configuring CDP 17-1

Understanding CDP 17-1

Configuring CDP 17-2

Default CDP Configuration 17-2

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Configuring the CDP Characteristics 17-2 Disabling and Enabling CDP 17-3 Disabling and Enabling CDP on an Interface 17-4

Monitoring and Maintaining CDP 17-5

Contents

CHAPTER

18 Configuring LLDP and LLDP-MED 18-1

Understanding LLDP and LLDP-MED 18-1

Understanding LLDP 18-1 Understanding LLDP-MED 18-2

Configuring LLDP and LLDP-MED 18-3

Default LLDP Configuration 18-3 Configuring LLDP Characteristics 18-4 Disabling and Enabling LLDP Globally 18-5 Disabling and Enabling LLDP on an Interface 18-5 Configuring LLDP-MED TLVs 18-6

Monitoring and Maintaining LLDP and LLDP-MED 18-7

19 Configuring UDLD 19-1

Understanding UDLD 19-1

Modes of Operation 19-1 Methods to Detect Unidirectional Links 19-2

Configuring UDLD 19-3

Default UDLD Configuration 19-3 Configuration Guidelines 19-4 Enabling UDLD Globally 19-4 Enabling UDLD on an Interface 19-5 Resetting an Interface Disabled by UDLD 19-5

CHAPTER

OL-19808-01

Displaying UDLD Status 19-6

20 Configuring SPAN 20-1

Understanding SPAN 20-1

Local SPAN 20-2 SPAN Concepts and Terminology 20-2

SPAN Sessions 20-2 Monitored Traffic 20-3 Source Ports 20-3 Source VLANs 20-4 VLAN Filtering 20-4

Catalyst 2360 Switch Software Configuration Guide

Contents

Destination Port 20-5 SPAN Interaction with Other Features 20-5

Configuring SPAN 20-6

Default SPAN Configuration 20-6 Configuring Local SPAN 20-7

SPAN Configuration Guidelines 20-7

Creating a Local SPAN Session 20-7

Creating a Local SPAN Session and Configuring Incoming Traffic 20-10

Specifying VLANs to Filter 20-11

Displaying SPAN Status 20-12

CHAPTER

21 Configuring RMON 21-1

Understanding RMON 21-1

Configuring RMON 21-2

Default RMON Configuration 21-3 Configuring RMON Alarms and Events 21-3 Collecting Group History Statistics on an Interface 21-5 Collecting Group Ethernet Statistics on an Interface 21-5

Displaying RMON Status 21-6

22 Configuring System Message Logging 22-1

Understanding System Message Logging 22-1

Configuring System Message Logging 22-2

System Log Message Format 22-2 Default System Message Logging Configuration 22-3 Disabling Message Logging 22-4 Setting the Message Display Destination Device 22-5 Synchronizing Log Messages 22-6 Enabling and Disabling Time Stamps on Log Messages 22-7 Enabling and Disabling Sequence Numbers in Log Messages 22-8 Defining the Message Severity Level 22-8 Limiting Syslog Messages Sent to the History Table and to SNMP 22-10 Enabling the Configuration-Change Logger 22-10 Configuring UNIX Syslog Servers 22-12

Logging Messages to a UNIX Syslog Daemon 22-12

Configuring the UNIX System Logging Facility 22-12

xvi

Displaying the Logging Configuration 22-13

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Contents

CHAPTER

23 Configuring SNMP 23-1

Understanding SNMP 23-1

SNMP Versions 23-2 SNMP Manager Functions 23-3 SNMP Agent Functions 23-4 SNMP Community Strings 23-4 Using SNMP to Access MIB Variables 23-4 SNMP Notifications 23-5 SNMP ifIndex MIB Object Values 23-6

Configuring SNMP 23-6

Default SNMP Configuration 23-7 SNMP Configuration Guidelines 23-7 Disabling the SNMP Agent 23-8 Configuring Community Strings 23-8 Configuring SNMP Groups and Users 23-10 Configuring SNMP Notifications 23-12 Setting the Agent Contact and Location Information 23-15 Limiting TFTP Servers Used Through SNMP 23-15 SNMP Examples 23-16

CHAPTER

Displaying SNMP Status 23-17

24 Managing Network Security with ACLs 24-1

Understanding ACLs 24-1

Handling Fragmented and Unfragmented Traffic 24-2

Configuring IPv4 ACLs 24-3

Creating Standard and Extended IPv4 ACLs 24-3

Access List Numbers 24-4 Creating a Numbered Standard ACL 24-5 Creating a Numbered Extended ACL 24-6 Resequencing ACEs in an ACL 24-8 Creating Named Standard and Extended ACLs 24-8 Using Time Ranges with ACLs 24-10

Including Comments in ACLs 24-12 Applying an IPv4 ACL to a Terminal Line 24-12 Applying an IPv4 ACL to a Management VLAN 24-13 IPv4 ACL Configuration Examples 24-14

Numbered ACLs 24-14

Extended ACLs 24-14

Named ACL 24-15

OL-19808-01

Catalyst 2360 Switch Software Configuration Guide

xvii

Contents

Time Range Applied to an IP ACL 24-15 Commented IP ACL Entries 24-15

Displaying IPv4 ACL Configuration 24-16

CHAPTER

25 Configuring QoS 25-1

Understanding QoS 25-1

Basic QoS Model 25-2 Classification 25-2

Configuring QoS 25-3

Default QoS Configuration 25-3

Default Egress Queue Configuration 25-3

Standard QoS Configuration Guidelines 25-4

Applying QoS on Interfaces 25-4

General QoS Guidelines 25-4 Enabling QoS Globally 25-4 Configuring Classification Using Port Trust States 25-4

Configuring the Trust State on Ports within the QoS Domain 25-5

Configuring the CoS Value for an Interface 25-6

Configuring a Trusted Boundary to Ensure Port Security 25-7

Configuring the Egress Expedite Queue 25-8

Displaying QoS Information 25-8

CHAPTER

26 Configuring EtherChannels and Link-State Tracking 26-1

Understanding EtherChannels 26-1

EtherChannel Overview 26-2 Port-Channel Interfaces 26-4 Port Aggregation Protocol 26-5

PAgP Modes 26-5

PAgP Interaction with Virtual Switches and Dual-Active Detection 26-6

PAgP Interaction with Other Features 26-6 Link Aggregation Control Protocol 26-6

LACP Modes 26-7

LACP Interaction with Other Features 26-7 EtherChannel On Mode 26-7 Load-Balancing and Forwarding Methods 26-8

Configuring EtherChannels 26-9

Default EtherChannel Configuration 26-10 EtherChannel Configuration Guidelines 26-10 Configuring Layer 2 EtherChannels 26-11

xviii

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Configuring EtherChannel Load-Balancing 26-13 Configuring the PAgP Learn Method and Priority 26-14 Configuring LACP Hot-Standby Ports 26-15

Configuring the LACP System Priority 26-16 Configuring the LACP Port Priority 26-16

Displaying EtherChannel, PAgP, and LACP Status 26-17

Understanding Link-State Tracking 26-18

Configuring Link-State Tracking 26-21

Default Link-State Tracking Configuration 26-21 Link-State Tracking Configuration Guidelines 26-21 Configuring Link-State Tracking 26-21 Displaying Link-State Tracking Status 26-22

Contents

CHAPTER

27 Configuring IPv6 Unicast Hosts 27-1

Understanding IPv6 27-1

IPv6 Addresses 27-2 Supported IPv6 Host Features 27-2

128-Bit Wide Unicast Addresses 27-3 DNS for IPv6 27-3 ICMPv6 27-3 Default Router Preference 27-3 IPv6 Stateless Autoconfiguration and Duplicate Address Detection 27-4 IPv6 Applications 27-4 SNMP and Syslog Over IPv6 27-4 HTTP(s) Over IPv6 27-5

Configuring IPv6 27-5

Default IPv6 Configuration 27-5 Configuring IPv6 Addressing and Enabling IPv6 Host 27-6 Configuring Default Router Preference 27-7 Configuring IPv6 ICMP Rate Limiting 27-8

Displaying IPv6 27-8

CHAPTER

OL-19808-01

28 Troubleshooting 28-1

Recovering from a Software Failure 28-2

Recovering from a Lost or Forgotten Password 28-3

Procedure with Password Recovery Enabled 28-4 Procedure with Password Recovery Disabled 28-6

Recovering from a Command Switch Failure 28-8

Catalyst 2360 Switch Software Configuration Guide

xix

Contents

Replacing a Failed Command Switch with a Cluster Member 28-8 Replacing a Failed Command Switch with Another Switch 28-10

Recovering from Lost Cluster Member Connectivity 28-11

Preventing Autonegotiation Mismatches 28-11

SFP Module Security and Identification 28-12

Monitoring SFP Module Status 28-12

Monitoring Temperature 28-12

Using Ping 28-13

Understanding Ping 28-13 Executing Ping 28-13

Using Layer 2 Traceroute 28-14

Understanding Layer 2 Traceroute 28-14 Usage Guidelines 28-14 Displaying the Physical Path 28-15

CHAPTER

Using IP Traceroute 28-15

Understanding IP Traceroute 28-16 Executing IP Traceroute 28-16

Using Debug Commands 28-17

Enabling Debugging on a Specific Feature 28-18 Enabling All-System Diagnostics 28-18 Redirecting Debug and Error Message Output 28-18

Using the show platform forward Command 28-19

Using the crashinfo Files 28-21

Basic crashinfo Files 28-21 Extended crashinfo Files 28-21

Using On-Board Failure Logging 28-22

Understanding OBFL 28-22 Configuring OBFL 28-23 Displaying OBFL Information 28-23

29 Configuring Online Diagnostics 29-1

Understanding Online Diagnostics 29-1

Configuring Online Diagnostics 29-2

Scheduling Online Diagnostics 29-2 Configuring Health-Monitoring Diagnostics 29-3

Running Online Diagnostic Tests 29-5

Starting Online Diagnostic Tests 29-5 Displaying Online Diagnostic Tests and Test Results 29-6

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Contents

APPENDIX

A MIB List A-1

Using FTP to Access the MIB Files A-3

B Working with the Flash File System B-1

Displaying Available File Systems B-2 Setting the Default File System B-3 Displaying Information about Files on a File System B-3 Changing Directories and Displaying the Working Directory B-4 Creating and Removing Directories B-4 Copying Files B-5 Deleting Files B-5 Creating, Displaying, and Extracting Files B-6

Working with Configuration Files B-8

Guidelines for Creating and Using Configuration Files B-9 Configuration File Types and Location B-9 Creating a Configuration File By Using a Text Editor B-10 Copying Configuration Files By Using TFTP B-10

Preparing to Download or Upload a Configuration File By Using TFTP B-10 Downloading the Configuration File By Using TFTP B-11 Uploading the Configuration File By Using TFTP B-11

Copying Configuration Files By Using FTP B-12

Preparing to Download or Upload a Configuration File By Using FTP B-13 Downloading a Configuration File By Using FTP B-13 Uploading a Configuration File By Using FTP B-14

Copying Configuration Files By Using RCP B-15

Preparing to Download or Upload a Configuration File By Using RCP B-16 Downloading a Configuration File By Using RCP B-17 Uploading a Configuration File By Using RCP B-18

Clearing Configuration Information B-19

Clearing the Startup Configuration File B-19 Deleting a Stored Configuration File B-19

Replacing and Rolling Back Configurations B-19

Understanding Configuration Replacement and Rollback B-19 Configuration Guidelines B-21 Configuring the Configuration Archive B-21 Performing a Configuration Replacement or Rollback Operation B-22

OL-19808-01

Working with Software Images B-23

Image Location on the Switch B-24 File Format of Images on a Server or Cisco.com B-24

Catalyst 2360 Switch Software Configuration Guide

xxi

Contents

Copying Image Files By Using TFTP B-25

Preparing to Download or Upload an Image File By Using TFTP B-25

Downloading an Image File By Using TFTP B-26

Uploading an Image File By Using TFTP B-28 Copying Image Files By Using FTP B-29

Preparing to Download or Upload an Image File By Using FTP B-29

Downloading an Image File By Using FTP B-30

Uploading an Image File By Using FTP B-32 Copying Image Files By Using RCP B-33

Preparing to Download or Upload an Image File By Using RCP B-34

Downloading an Image File By Using RCP B-35

Uploading an Image File By Using RCP B-37

APPENDIX

C 802.1x Commands C-1

Unsupported Privileged EXEC Commands C-1

Access Control Lists Commands C-1

Unsupported Privileged EXEC Commands C-1 Unsupported Global Configuration Commands C-2 Unsupported Route-Map Configuration Commands C-2

Archive Commands C-2

Unsupported Privileged EXEC Commands C-2

ARP Commands C-2

Unsupported User EXEC Commands C-2 Unsupported Global Configuration Commands C-2 Unsupported ARP Access-List Configuration Commands C-2

Boot Loader Commands C-3

Unsupported Global Configuration Commands C-3 Unsupported User EXEC Commands C-3

Cluster Commands C-3

Unsupported Global Configuration Commands C-3

Embedded Event Manager Commands C-3

Unsupported Privileged EXEC Commands C-3 Unsupported Global Configuration Commands C-3 Unsupported Commands in Applet Configuration Mode C-3

xxii

Fallback Bridging C-4

Unsupported Global Configuration Commands C-4

IGMP Snooping Commands C-4

Unsupported Global Configuration Commands C-4

Inline Power Commands C-4

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Unsupported User EXEC Commands C-4 Unsupported Privileged EXEC Commands C-4

Interface Commands C-4

Unsupported Privileged EXEC Commands C-4 Unsupported Global Configuration Commands C-4 Unsupported Interface Configuration Commands C-4 Unsupported BGP Router Configuration Commands C-5 Unsupported VPN Configuration Commands C-5 Unsupported Route Map Commands C-5

MAC Address Commands C-6

Unsupported User EXEC Commands C-6 Unsupported Privileged EXEC Commands C-6 Unsupported Global Configuration Commands C-6 Unsupported Interface Configuration Commands C-6

Miscellaneous Commands C-7

Unsupported User EXEC Commands C-7 Unsupported Privileged EXEC Commands C-7 Unsupported Global Configuration Commands C-7

Contents

NetFlow Commands C-7

Unsupported Global Configuration Commands C-7

Network Address Translation (NAT) Commands C-7

Unsupported Privileged EXEC Commands C-7

Port Security Commands C-8

Unsupported Privileged EXEC Commands C-8

Power Supply Commands C-8

Unsupported User EXEC Commands C-8

QoS Commands C-8

Unsupported Global Configuration Command C-8 Unsupported Interface Configuration Commands C-8 Unsupported Policy-Map Configuration Command C-8

RADIUS Commands C-9

Unsupported Global Configuration Commands C-9

SNMP Commands C-9

Unsupported Global Configuration Commands C-9

Spanning Tree Commands C-9

Unsupported Global Configuration Command C-9

OL-19808-01

Stacking-Related Commands C-9

Unsupported Privileged EXEC Commands C-9

Catalyst 2360 Switch Software Configuration Guide

xxiii

NDEX

Contents

VLAN Commands C-10

Unsupported User EXEC Commands C-10 Unsupported Privileged EXEC Command C-10 Unsupported Global Configuration Command C-10 Unsupported VLAN Configuration Commands C-10

VTP Commands C-10

Unsupported Privileged EXEC Command C-10

xxiv

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Purpose

Preface

The Catalyst 2360 ships with a universal image that includes cryptographic and LAN Lite functionality.

Enter the show license privileged EXEC command, and see the active image:

Switch# show license Index 1 Feature: lanlite Period left: 0 minute 0 second

Switch#

This guide provides procedures for using the commands that have been created or changed for use with the Catalyst for this release. For information about the standard Cisco IOS Release 12.2 commands, see the Cisco.com home page at Products & Services > Technical Support & Documentation > See Documentation > Cisco IOS Software.

This guide does not provide detailed information on the GUIs for the embedded device manager that you can use to manage the switch. However, the concepts in this guide are applicable to the GUI user. For information about the device manager, see the switch online help.

This guide does not describe system messages you might encounter or how to install your switch. For more information, see the Catalyst 2360 System Message Guide and the Catalyst Installation Guide.

For documentation updates, see the release notes for this release.

Conventions

This publication uses these conventions to convey instructions and information:

Command descriptions use these conventions:

• Commands and keywords are in boldface text.

• Arguments for which you supply values are in italic.

• Square brackets ([ ]) mean optional elements.

2360 switches. For detailed information about these commands, see the command reference

2360 Switch Hardware

OL-19808-01

• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.

• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional

element.

Catalyst 2360 Switch Software Configuration Guide

xxv

Interactive examples use these conventions:

• Terminal sessions and system displays are in screen font.

• Information you enter is in boldface screen font.

• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Notes, cautions, and timesavers use these conventions and symbols:

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in

this manual.

Caution Means reader be careful. In this situation, you might do something that could result in equipment

damage or loss of data.

Related Publications

Preface

These documents provide complete information about the switch and are available from Cisco.com:

http://www.cisco.com/en/US/products/ps10920/tsd_products_support_series_home.html

Note Before installing, configuring, or upgrading the switch, see these documents:

• For initial configuration information, see the “Using Express Setup” section in the getting started

guide or the “Configuring the Switch with the CLI-Based Setup Program” appendix in the hardware installation guide.

• For device manager requirements, see the “System Requirements” section in the release notes.

• For upgrading information, see the “Downloading Software” section in the release notes.

For more information, see these documents on Cisco.com.

• Release Notes for the Catalyst 2360 Switches

• Catalyst 2360 Switch Software Configuration Guide

• Catalyst 2360 Switch Command Reference

• Catalyst 2360 Switch System Message Guide

• Catalyst 2360 Switch Hardware Installation Guide

• Getting Started Guide for the Catalyst 2360 Switch

xxvi

• Regulatory Compliance and Safety Information for the Catalyst 2360 Switches

• Installation Notes for the Power Supply Modules for the Catalyst 2360 Switch

• Installation Notes for the Fan Modules for the Catalyst 2360 Switch

• Product Documentation and Compliance for the Catalyst 2360 Switch

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

• Information about Cisco SFP, SFP+, and GBIC modules is available from this Cisco.com site:

http://www.cisco.com/en/US/products/hw/modules/ps5455/prod_installation_guides_list.html

SFP compatibility matrix documents are available from this Cisco.com site:

http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.ht ml

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s revised Cisco

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS

technical documentation, at:

New in Cisco Product Documentation, which also lists all new and

Ve rs i on 2.0.

Preface

xxvii

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Preface

xxviii

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

Features

CHA PTER

Overview

In this document, IP refers to IP Version 4 (IPv4).

• Features, page 1-1

• Default Settings After Initial Switch Configuration, page 1-6

• Where to Go Next, page 1-8

The switch supports the IP base feature set, which provides Layer 2+ features (enterprise-class intelligent services). These features include access control lists (ACLs), quality of service (QoS), and basic IPv6 management.

• Deployment Features, page 1-1

• Performance Features, page 1-2

• Management Options, page 1-3

• Manageability Features, page 1-3

• Availability and Redundancy Features, page 1-4

• VLAN Features, page 1-5

• Security Features, page 1-5

• QoS and CoS Features, page 1-6

• Monitoring Features, page 1-6

• Default Settings After Initial Switch Configuration, page 1-6

Deployment Features

• Express Setup for quickly configuring a switch for the first time with basic IP information, contact

information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP) information through a browser-based program. For information about Express Setup, see the getting started guide.

• An embedded device manager GUI for configuring and monitoring a single switch through a web

browser. For information about starting the device manager, see the getting started guide. For information about the device manager, see the switch online help.

OL-19808-01

Catalyst 2360 Switch Software Configuration Guide

1-1

Features

• Switch clustering technology for

–

Unified configuration, monitoring, authentication, and software upgrade of multiple, cluster-capable switches, regardless of their geographic proximity and interconnection media, including Ethernet, Fast Ethernet, Fast EtherChannel, Gigabit Ethernet, Gigabit EtherChannel, 10-Gigabit Ethernet, and 10-Gigabit EtherChannel connections. For a list of cluster-capable switches, see the release notes.

–

Automatic discovery of candidate switches and creation of clusters of up to 16 switches that can be managed through a single IP address.

–

Extended discovery of cluster candidates that are not directly connected to the command switch.

Performance Features

• Autosensing of port speed and autonegotiation of duplex mode on all switch ports to optimize

bandwidth

• Automatic medium-dependent interface crossover (auto-MDIX) capability on 10/100/1000-Mb/s

interfaces and on 10/100/1000 BASE-TX small form-format pluggable (SFP) module interfaces that enables the interface to automatically detect the required cable connection type (straight-through or crossover) and to configure the connection appropriately

Chapter 1 Overview

• SFP+ support for 10 Gigabit speeds

• Support for up to 9216 bytes [the maximum packet size or maximum transmission unit (MTU) size]

for frames that are bridged in hardware and software through Gigabit Ethernet ports and 10-Gigabit Ethernet ports

• 802.3x flow control on all ports (The switch does not send pause frames.)

• EtherChannel for enhanced fault tolerance and to provide up to 4 Gb/s (Gigabit EtherChannel) or

Gb/s (10-Gigabit EtherChannel) full-duplex bandwidth among switches, routers, and servers

• Port Aggregation Protocol (PAgP) for automatic creation of EtherChannel links

• Forwarding of Layer 2 packets at Gigabit line rate

• Internet Group Management Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3. For IGMP

devices, IGMP snooping for efficiently forwarding multimedia and multicast traffic

• IGMP snooping querier support for configuring switch to generate periodic IGMP general query

messages

• IGMP Helper to allow the switch to forward a host request to join a multicast stream to a specific

IP destination address

• IGMP throttling for configuring the action when the maximum number of entries is in the IGMP

forwarding table

• IGMP leave timer for configuring the network leave latency

• Configurable small-frame arrival threshold to prevent storm control when small frames (64 bytes or

less) arrive on an interface at a specified rate (the threshold)

1-2

Catalyst 2360 Switch Software Configuration Guide

OL-19808-01

+ 524 hidden pages

Cisco Catalyst 2360 Software Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

CONTENTS

Preface

Features

Overview

Deployment Features

Performance Features