Page 1
Catalyst 2360 Switch Software
Configuration Guide
Cisco IOS 12.2(53)EY
June 2010
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-19808-01
Page 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/web/siteassets/legal/trademark.html. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not
imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Catalyst 2360 Switch Software Configuration Guide
© 2010 Cisco Systems, Inc. All rights reserved.
IMPLIED, INCLUDING, WITHOUT
Page 3
CONTENTS
Preface xxv
Purpose xxv
Conventions xxv
Related Publications xxvi
Obtaining Documentation and Submitting a Service Request xxvii
CHAPTER
CHAPTER
1 Overview 1-1
Features 1-1
Deployment Features 1-1
Performance Features 1-2
Management Options 1-3
Manageability Features 1-3
Availability and Redundancy Features 1-4
VLAN Features 1-5
Security Features 1-5
QoS and CoS Features 1-6
Monitoring Features 1-6
Default Settings After Initial Switch Configuration 1-6
Where to Go Next 1-8
2 Using the Command-Line Interface 2-1
Understanding Command Modes 2-1
Understanding the Help System 2-3
Understanding Abbreviated Commands 2-4
OL-19808-01
Understanding no and default Forms of Commands 2-4
Understanding CLI Error Messages 2-5
Using Configuration Logging 2-5
Using Command History 2-6
Changing the Command History Buffer Size 2-6
Recalling Commands 2-6
Disabling the Command History Feature 2-7
Using Editing Features 2-7
Enabling and Disabling Editing Features 2-7
Catalyst 2360 Switch Software Configuration Guide
iii
Page 4
Contents
Editing Commands through Keystrokes 2-8
Editing Command Lines that Wrap 2-9
Searching and Filtering Output of show and more Commands 2-10
Accessing the CLI 2-10
Accessing the CLI through a Console Connection or through Telnet 2-10
CHAPTER
3 Assigning the Switch IP Address and Default Gateway 3-1
Understanding the Boot Process 3-1
Assigning Switch Information 3-2
Default Switch Information 3-3
Understanding DHCP-Based Autoconfiguration 3-3
DHCP Client Request Process 3-3
Understanding DHCP-based Autoconfiguration and Image Update 3-4
DHCP Autoconfiguration 3-5
DHCP Auto-Image Update 3-5
Limitations and Restrictions 3-5
Configuring DHCP-Based Autoconfiguration 3-6
DHCP Server Configuration Guidelines 3-6
Configuring the TFTP Server 3-6
Configuring the DNS 3-7
Configuring the Relay Device 3-7
Obtaining Configuration Files 3-8
Example Configuration 3-9
Manually Assigning IP Information 3-10
CHAPTER
iv
Checking and Saving the Running Configuration 3-11
Modifying the Startup Configuration 3-12
Default Boot Configuration 3-13
Automatically Downloading a Configuration File 3-13
Specifying the Filename to Read and Write the System Configuration 3-13
Booting Manually 3-14
Booting a Specific Software Image 3-14
Controlling Environment Variables 3-15
Scheduling a Reload of the Software Image 3-17
Configuring a Scheduled Reload 3-17
Displaying Scheduled Reload Information 3-18
4 Clustering Switches 4-1
Understanding Switch Clusters 4-2
Cluster Command Switch Characteristics 4-3
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 5
Standby Cluster Command Switch Characteristics 4-3
Candidate Switch and Cluster Member Switch Characteristics 4-3
Planning a Switch Cluster 4-4
Automatic Discovery of Cluster Candidates and Members 4-4
Discovery Through CDP Hops 4-5
Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 4-6
Discovery Through Different VLANs 4-7
Discovery Through Different Management VLANs 4-7
Discovery Through Routed Ports 4-8
Discovery of Newly Installed Switches 4-9
IP Addresses 4-10
Hostnames 4-10
Passwords 4-10
SNMP Community Strings 4-11
TACACS+ and RADIUS 4-11
LRE Profiles 4-11
Contents
CHAPTER
Using the CLI to Manage Switch Clusters 4-11
Catalyst 1900 and Catalyst 2820 CLI Considerations 4-12
Using SNMP to Manage Switch Clusters 4-12
5 Administering the Switch 5-1
Managing the System Time and Date 5-1
Understanding the System Clock 5-1
Understanding Network Time Protocol 5-2
Configuring NTP 5-3
Default NTP Configuration 5-4
Configuring NTP Authentication 5-4
Configuring NTP Associations 5-5
Configuring NTP Access Restrictions 5-7
Configuring the Source IP Address for NTP Packets 5-8
Displaying the NTP Configuration 5-8
Configuring Time and Date Manually 5-9
Setting the System Clock 5-9
Displaying the Time and Date Configuration 5-9
Configuring the Time Zone 5-10
Configuring Summer Time (Daylight Saving Time) 5-11
OL-19808-01
Configuring a System Name and Prompt 5-12
Default System Name and Prompt Configuration 5-13
Configuring a System Name 5-13
Catalyst 2360 Switch Software Configuration Guide
v
Page 6
Contents
Understanding DNS 5-13
Default DNS Configuration 5-14
Setting Up DNS 5-14
Displaying the DNS Configuration 5-15
Creating a Banner 5-15
Default Banner Configuration 5-15
Configuring a Message-of-the-Day Login Banner 5-16
Configuring a Login Banner 5-17
Managing the MAC Address Table 5-17
Building the Address Table 5-18
MAC Addresses and VLANs 5-18
Default MAC Address Table Configuration 5-18
Changing the Address Aging Time 5-19
Removing Dynamic Address Entries 5-19
Adding and Removing Static Address Entries 5-20
Configuring Unicast MAC Address Filtering 5-21
Displaying Address Table Entries 5-22
CHAPTER
CHAPTER
Managing the ARP Table 5-22
6 Using the SDM Default Template 6-1
Default SDM Template 6-1
Displaying the SDM Templates 6-1
7 Configuring Switch-Based Authentication 7-1
Preventing Unauthorized Access to Your Switch 7-1
Protecting Access to Privileged EXEC Commands 7-2
Default Password and Privilege Level Configuration 7-2
Setting or Changing a Static Enable Password 7-3
Protecting Enable and Enable Secret Passwords with Encryption 7-3
Disabling Password Recovery 7-5
Setting a Telnet Password for a Terminal Line 7-6
Configuring Username and Password Pairs 7-6
Configuring Multiple Privilege Levels 7-7
Setting the Privilege Level for a Command 7-8
Changing the Default Privilege Level for Lines 7-9
Logging into and Exiting a Privilege Level 7-9
vi
Controlling Switch Access with TACACS+ 7-10
Understanding TACACS+ 7-10
TACACS+ Operation 7-11
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 7
Configuring TACACS+ 7-11
Default TACACS+ Configuration 7-12
Identifying the TACACS+ Server Host and Setting the Authentication Key 7-12
Configuring TACACS+ Login Authentication 7-13
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 7-15
Starting TACACS+ Accounting 7-16
Displaying the TACACS+ Configuration 7-16
Controlling Switch Access with RADIUS 7-17
Understanding RADIUS 7-17
RADIUS Operation 7-18
Configuring RADIUS 7-19
Default RADIUS Configuration 7-19
Identifying the RADIUS Server Host 7-19
Configuring RADIUS Login Authentication 7-22
Defining AAA Server Groups 7-24
Configuring RADIUS Authorization for User Privileged Access and Network Services 7-26
Starting RADIUS Accounting 7-27
Configuring Settings for All RADIUS Servers 7-28
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-28
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-29
Displaying the RADIUS Configuration 7-30
Contents
Configuring the Switch for Local Authentication and Authorization 7-31
Configuring the Switch for Secure Shell 7-32
Understanding SSH 7-32
SSH Servers, Integrated Clients, and Supported Versions 7-33
Limitations 7-33
Configuring SSH 7-33
Configuration Guidelines 7-34
Setting Up the Switch to Run SSH 7-34
Configuring the SSH Server 7-35
Displaying the SSH Configuration and Status 7-36
Configuring the Switch for Secure Socket Layer HTTP 7-36
Understanding Secure HTTP Servers and Clients 7-37
Certificate Authority Trustpoints 7-37
CipherSuites 7-38
Configuring Secure HTTP Servers and Clients 7-39
Default SSL Configuration 7-39
SSL Configuration Guidelines 7-39
Configuring a CA Trustpoint 7-39
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
vii
Page 8
Contents
Configuring the Secure HTTP Server 7-40
Configuring the Secure HTTP Client 7-42
Displaying Secure HTTP Server and Client Status 7-43
Configuring the Switch for Secure Copy Protocol 7-43
Information About Secure Copy 7-43
CHAPTER
8 Configuring Interface Characteristics 8-1
Understanding Interface Types 8-1
Port-Based VLANs 8-1
Switch Ports 8-2
Access Ports 8-2
Trunk Ports 8-2
Ethernet Management Port 8-3
Switch Virtual Interfaces 8-3
SVI Autostate Exclude 8-3
EtherChannel Port Groups 8-4
10-Gigabit Ethernet Interfaces 8-4
Connecting Interfaces 8-5
Using the Switch USB Ports 8-5
USB Mini-Type B Console Port 8-5
Console Port Change Logs 8-6
Configuring the Console Media Type 8-6
Configuring the USB Inactivity Timeout 8-7
USB Type A Port 8-8
viii
Using Interface Configuration Mode 8-9
Procedures for Configuring Interfaces 8-10
Configuring a Range of Interfaces 8-11
Configuring and Using Interface Range Macros 8-12
Using the Ethernet Management Port 8-14
Understanding the Ethernet Management Port 8-14
Supported Features on the Ethernet Management Port 8-14
Configuring the Ethernet Management Port 8-15
TFTP and the Ethernet Management Port 8-15
Configuring Ethernet Interfaces 8-16
Default Ethernet Interface Configuration 8-16
Configuring Interface Speed and Duplex Mode 8-17
Speed and Duplex Configuration Guidelines 8-17
Setting the Interface Speed and Duplex Parameters 8-18
Configuring IEEE 802.3x Flow Control 8-19
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 9
Configuring Auto-MDIX on an Interface 8-20
Adding a Description for an Interface 8-21
Configuring SVI Autostate Exclude 8-21
Configuring the System MTU 8-22
Configuring Small-Frame Arrival Rate 8-23
Monitoring and Maintaining the Interfaces 8-24
Monitoring Interface Status 8-24
Clearing and Resetting Interfaces and Counters 8-25
Shutting Down and Restarting the Interface 8-26
Contents
CHAPTER
9 Configuring VLANs 9-1
Understanding VLANs 9-1
Supported VLANs 9-2
VLAN Port Membership Modes 9-3
Configuring Normal-Range VLANs 9-3
Token Ring VLANs 9-5
Normal-Range VLAN Configuration Guidelines 9-5
VLAN Configuration Mode Options 9-6
VLAN Configuration in config-vlan Mode 9-6
VLAN Configuration in VLAN Database Configuration Mode 9-6
Saving VLAN Configuration 9-6
Default Ethernet VLAN Configuration 9-7
Creating or Modifying an Ethernet VLAN 9-8
Deleting a VLAN 9-9
Assigning Static-Access Ports to a VLAN 9-10
Configuring Extended-Range VLANs 9-11
Default VLAN Configuration 9-11
Extended-Range VLAN Configuration Guidelines 9-12
Creating an Extended-Range VLAN 9-12
OL-19808-01
Displaying VLANs 9-14
Configuring VLAN Trunks 9-14
Trunking Overview 9-14
IEEE 802.1Q Configuration Considerations 9-15
Default Layer 2 Ethernet Interface VLAN Configuration 9-16
Configuring an Ethernet Interface as a Trunk Port 9-16
Interaction with Other Features 9-17
Configuring a Trunk Port 9-17
Defining the Allowed VLANs on a Trunk 9-18
Changing the Pruning-Eligible List 9-19
Catalyst 2360 Switch Software Configuration Guide
ix
Page 10
Contents
Configuring the Native VLAN for Untagged Traffic 9-20
Configuring Trunk Ports for Load Sharing 9-20
Load Sharing Using STP Port Priorities 9-21
Load Sharing Using STP Path Cost 9-22
CHAPTER
10 Configuring VTP 10-1
Understanding VTP 10-1
The VTP Domain 10-2
VTP Modes 10-3
VTP Advertisements 10-3
VTP Version 2 10-4
VTP Pruning 10-4
Configuring VTP 10-6
Default VTP Configuration 10-6
VTP Configuration Options 10-7
VTP Configuration in Global Configuration Mode 10-7
VTP Configuration in VLAN Database Configuration Mode 10-7
VTP Configuration Guidelines 10-8
Domain Names 10-8
Passwords 10-8
VTP Version 10-8
Configuration Requirements 10-9
Configuring a VTP Server 10-9
Configuring a VTP Client 10-11
Disabling VTP (VTP Transparent Mode) 10-12
Enabling VTP Version 2 10-13
Enabling VTP Pruning 10-14
Adding a VTP Client Switch to a VTP Domain 10-14
CHAPTER
x
Monitoring VTP 10-16
11 Configuring STP 11-1
Understanding Spanning-Tree Features 11-1
STP Overview 11-2
Spanning-Tree Topology and BPDUs 11-3
Bridge ID, Switch Priority, and Extended System ID 11-4
Spanning-Tree Interface States 11-4
Blocking State 11-5
Listening State 11-6
Learning State 11-6
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 11
Forwarding State 11-6
Disabled State 11-7
How a Switch or Port Becomes the Root Switch or Root Port 11-7
Spanning Tree and Redundant Connectivity 11-8
Spanning-Tree Address Management 11-8
Accelerated Aging to Retain Connectivity 11-8
Spanning-Tree Modes and Protocols 11-9
Supported Spanning-Tree Instances 11-9
Spanning-Tree Interoperability and Backward Compatibility 11-10
STP and IEEE 802.1Q Trunks 11-10
Configuring Spanning-Tree Features 11-10
Default Spanning-Tree Configuration 11-11
Spanning-Tree Configuration Guidelines 11-11
Changing the Spanning-Tree Mode. 11-13
Disabling Spanning Tree 11-14
Configuring the Root Switch 11-14
Configuring a Secondary Root Switch 11-16
Configuring Port Priority 11-16
Configuring Path Cost 11-18
Configuring the Switch Priority of a VLAN 11-19
Configuring Spanning-Tree Timers 11-20
Configuring the Hello Time 11-20
Configuring the Forwarding-Delay Time for a VLAN 11-21
Configuring the Maximum-Aging Time for a VLAN 11-21
Configuring the Transmit Hold-Count 11-22
Contents
CHAPTER
OL-19808-01
Displaying the Spanning-Tree Status 11-22
12 Configuring MSTP 12-1
Understanding MSTP 12-2
Multiple Spanning-Tree Regions 12-2
IST, CIST, and CST 12-3
Operations Within an MST Region 12-3
Operations Between MST Regions 12-4
IEEE 802.1s Terminology 12-5
Hop Count 12-5
Boundary Ports 12-6
IEEE 802.1s Implementation 12-6
Port Role Naming Change 12-7
Interoperation Between Legacy and Standard Switches 12-7
Catalyst 2360 Switch Software Configuration Guide
xi
Page 12
Contents
Detecting Unidirectional Link Failure 12-8
Interoperability with IEEE 802.1D STP 12-8
Understanding RSTP 12-8
Port Roles and the Active Topology 12-9
Rapid Convergence 12-10
Synchronization of Port Roles 12-11
Bridge Protocol Data Unit Format and Processing 12-12
Processing Superior BPDU Information 12-13
Processing Inferior BPDU Information 12-13
Topology Changes 12-13
Configuring MSTP Features 12-14
Default MSTP Configuration 12-14
MSTP Configuration Guidelines 12-15
Specifying the MST Region Configuration and Enabling MSTP 12-16
Configuring the Root Switch 12-17
Configuring a Secondary Root Switch 12-18
Configuring Port Priority 12-19
Configuring Path Cost 12-20
Configuring the Switch Priority 12-21
Configuring the Hello Time 12-22
Configuring the Forwarding-Delay Time 12-23
Configuring the Maximum-Aging Time 12-23
Configuring the Maximum-Hop Count 12-24
Specifying the Link Type to Ensure Rapid Transitions 12-24
Designating the Neighbor Type 12-25
Restarting the Protocol Migration Process 12-25
CHAPTER
xii
Displaying the MST Configuration and Status 12-26
13 Configuring Optional Spanning-Tree Features 13-1
Understanding Optional Spanning-Tree Features 13-1
Understanding Port Fast 13-2
Understanding BPDU Guard 13-2
Understanding BPDU Filtering 13-3
Understanding UplinkFast 13-3
Understanding BackboneFast 13-5
Understanding EtherChannel Guard 13-7
Understanding Root Guard 13-8
Understanding Loop Guard 13-9
Configuring Optional Spanning-Tree Features 13-9
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 13
Default Optional Spanning-Tree Configuration 13-9
Optional Spanning-Tree Configuration Guidelines 13-10
Enabling Port Fast 13-10
Enabling BPDU Guard 13-11
Enabling BPDU Filtering 13-12
Enabling UplinkFast for Use with Redundant Links 13-13
Enabling BackboneFast 13-13
Enabling EtherChannel Guard 13-14
Enabling Root Guard 13-15
Enabling Loop Guard 13-15
Displaying the Spanning-Tree Status 13-16
Contents
CHAPTER
CHAPTER
14 Configuring DHCP Features 14-1
Understanding DHCP Features 14-1
DHCP Server 14-2
DHCP Relay Agent 14-2
Configuring DHCP Features 14-2
Default DHCP Configuration 14-2
Configuring the DHCP Server 14-3
Configuring the DHCP Relay Agent 14-3
Specifying the Packet Forwarding Address 14-3
Enabling the Cisco IOS DHCP Server Database 14-4
15 Configuring IGMP Snooping 15-1
Understanding IGMP Snooping 15-1
IGMP Versions 15-2
Joining a Multicast Group 15-3
Leaving a Multicast Group 15-5
Immediate Leave 15-5
IGMP Configurable-Leave Timer 15-5
IGMP Report Suppression 15-5
OL-19808-01
Configuring IGMP Snooping 15-6
Default IGMP Snooping Configuration 15-6
Enabling or Disabling IGMP Snooping 15-7
Setting the Snooping Method 15-8
Configuring a Multicast Router Port 15-9
Configuring a Host Statically to Join a Group 15-9
Enabling IGMP Immediate Leave 15-10
Configuring the IGMP Leave Timer 15-10
Catalyst 2360 Switch Software Configuration Guide
xiii
Page 14
Contents
Configuring TCN-Related Commands 15-11
Controlling the Multicast Flooding Time After a TCN Event 15-11
Recovering from Flood Mode 15-12
Disabling Multicast Flooding During a TCN Event 15-12
Configuring the IGMP Snooping Querier 15-13
Disabling IGMP Report Suppression 15-15
Displaying IGMP Snooping Information 15-15
Configuring IGMP Filtering and Throttling 15-16
Default IGMP Filtering and Throttling Configuration 15-17
Configuring IGMP Profiles 15-18
Applying IGMP Profiles 15-19
Setting the Maximum Number of IGMP Groups 15-19
Configuring the IGMP Throttling Action 15-20
Displaying IGMP Filtering and Throttling Configuration 15-21
CHAPTER
16 Configuring IPv6 MLD Snooping 16-1
Understanding MLD Snooping 16-1
MLD Messages 16-3
MLD Queries 16-3
Multicast Client Aging Robustness 16-3
Multicast Router Discovery 16-4
MLD Reports 16-4
MLD Done Messages and Immediate-Leave 16-4
Topology Change Notification Processing 16-5
Configuring IPv6 MLD Snooping 16-5
Default MLD Snooping Configuration 16-5
MLD Snooping Configuration Guidelines 16-6
Enabling or Disabling MLD Snooping 16-6
Configuring a Static Multicast Group 16-8
Configuring a Multicast Router Port 16-8
Enabling MLD Immediate Leave 16-9
Configuring MLD Snooping Queries 16-10
Disabling MLD Listener Message Suppression 16-11
CHAPTER
xiv
Displaying MLD Snooping Information 16-11
17 Configuring CDP 17-1
Understanding CDP 17-1
Configuring CDP 17-2
Default CDP Configuration 17-2
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 15
Configuring the CDP Characteristics 17-2
Disabling and Enabling CDP 17-3
Disabling and Enabling CDP on an Interface 17-4
Monitoring and Maintaining CDP 17-5
Contents
CHAPTER
CHAPTER
18 Configuring LLDP and LLDP-MED 18-1
Understanding LLDP and LLDP-MED 18-1
Understanding LLDP 18-1
Understanding LLDP-MED 18-2
Configuring LLDP and LLDP-MED 18-3
Default LLDP Configuration 18-3
Configuring LLDP Characteristics 18-4
Disabling and Enabling LLDP Globally 18-5
Disabling and Enabling LLDP on an Interface 18-5
Configuring LLDP-MED TLVs 18-6
Monitoring and Maintaining LLDP and LLDP-MED 18-7
19 Configuring UDLD 19-1
Understanding UDLD 19-1
Modes of Operation 19-1
Methods to Detect Unidirectional Links 19-2
Configuring UDLD 19-3
Default UDLD Configuration 19-3
Configuration Guidelines 19-4
Enabling UDLD Globally 19-4
Enabling UDLD on an Interface 19-5
Resetting an Interface Disabled by UDLD 19-5
CHAPTER
OL-19808-01
Displaying UDLD Status 19-6
20 Configuring SPAN 20-1
Understanding SPAN 20-1
Local SPAN 20-2
SPAN Concepts and Terminology 20-2
SPAN Sessions 20-2
Monitored Traffic 20-3
Source Ports 20-3
Source VLANs 20-4
VLAN Filtering 20-4
Catalyst 2360 Switch Software Configuration Guide
xv
Page 16
Contents
Destination Port 20-5
SPAN Interaction with Other Features 20-5
Configuring SPAN 20-6
Default SPAN Configuration 20-6
Configuring Local SPAN 20-7
SPAN Configuration Guidelines 20-7
Creating a Local SPAN Session 20-7
Creating a Local SPAN Session and Configuring Incoming Traffic 20-10
Specifying VLANs to Filter 20-11
Displaying SPAN Status 20-12
CHAPTER
CHAPTER
21 Configuring RMON 21-1
Understanding RMON 21-1
Configuring RMON 21-2
Default RMON Configuration 21-3
Configuring RMON Alarms and Events 21-3
Collecting Group History Statistics on an Interface 21-5
Collecting Group Ethernet Statistics on an Interface 21-5
Displaying RMON Status 21-6
22 Configuring System Message Logging 22-1
Understanding System Message Logging 22-1
Configuring System Message Logging 22-2
System Log Message Format 22-2
Default System Message Logging Configuration 22-3
Disabling Message Logging 22-4
Setting the Message Display Destination Device 22-5
Synchronizing Log Messages 22-6
Enabling and Disabling Time Stamps on Log Messages 22-7
Enabling and Disabling Sequence Numbers in Log Messages 22-8
Defining the Message Severity Level 22-8
Limiting Syslog Messages Sent to the History Table and to SNMP 22-10
Enabling the Configuration-Change Logger 22-10
Configuring UNIX Syslog Servers 22-12
Logging Messages to a UNIX Syslog Daemon 22-12
Configuring the UNIX System Logging Facility 22-12
xvi
Displaying the Logging Configuration 22-13
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 17
Contents
CHAPTER
23 Configuring SNMP 23-1
Understanding SNMP 23-1
SNMP Versions 23-2
SNMP Manager Functions 23-3
SNMP Agent Functions 23-4
SNMP Community Strings 23-4
Using SNMP to Access MIB Variables 23-4
SNMP Notifications 23-5
SNMP ifIndex MIB Object Values 23-6
Configuring SNMP 23-6
Default SNMP Configuration 23-7
SNMP Configuration Guidelines 23-7
Disabling the SNMP Agent 23-8
Configuring Community Strings 23-8
Configuring SNMP Groups and Users 23-10
Configuring SNMP Notifications 23-12
Setting the Agent Contact and Location Information 23-15
Limiting TFTP Servers Used Through SNMP 23-15
SNMP Examples 23-16
CHAPTER
Displaying SNMP Status 23-17
24 Managing Network Security with ACLs 24-1
Understanding ACLs 24-1
Handling Fragmented and Unfragmented Traffic 24-2
Configuring IPv4 ACLs 24-3
Creating Standard and Extended IPv4 ACLs 24-3
Access List Numbers 24-4
Creating a Numbered Standard ACL 24-5
Creating a Numbered Extended ACL 24-6
Resequencing ACEs in an ACL 24-8
Creating Named Standard and Extended ACLs 24-8
Using Time Ranges with ACLs 24-10
Including Comments in ACLs 24-12
Applying an IPv4 ACL to a Terminal Line 24-12
Applying an IPv4 ACL to a Management VLAN 24-13
IPv4 ACL Configuration Examples 24-14
Numbered ACLs 24-14
Extended ACLs 24-14
Named ACL 24-15
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
xvii
Page 18
Contents
Time Range Applied to an IP ACL 24-15
Commented IP ACL Entries 24-15
Displaying IPv4 ACL Configuration 24-16
CHAPTER
25 Configuring QoS 25-1
Understanding QoS 25-1
Basic QoS Model 25-2
Classification 25-2
Configuring QoS 25-3
Default QoS Configuration 25-3
Default Egress Queue Configuration 25-3
Standard QoS Configuration Guidelines 25-4
Applying QoS on Interfaces 25-4
General QoS Guidelines 25-4
Enabling QoS Globally 25-4
Configuring Classification Using Port Trust States 25-4
Configuring the Trust State on Ports within the QoS Domain 25-5
Configuring the CoS Value for an Interface 25-6
Configuring a Trusted Boundary to Ensure Port Security 25-7
Configuring the Egress Expedite Queue 25-8
Displaying QoS Information 25-8
CHAPTER
26 Configuring EtherChannels and Link-State Tracking 26-1
Understanding EtherChannels 26-1
EtherChannel Overview 26-2
Port-Channel Interfaces 26-4
Port Aggregation Protocol 26-5
PAgP Modes 26-5
PAgP Interaction with Virtual Switches and Dual-Active Detection 26-6
PAgP Interaction with Other Features 26-6
Link Aggregation Control Protocol 26-6
LACP Modes 26-7
LACP Interaction with Other Features 26-7
EtherChannel On Mode 26-7
Load-Balancing and Forwarding Methods 26-8
Configuring EtherChannels 26-9
Default EtherChannel Configuration 26-10
EtherChannel Configuration Guidelines 26-10
Configuring Layer 2 EtherChannels 26-11
xviii
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 19
Configuring EtherChannel Load-Balancing 26-13
Configuring the PAgP Learn Method and Priority 26-14
Configuring LACP Hot-Standby Ports 26-15
Configuring the LACP System Priority 26-16
Configuring the LACP Port Priority 26-16
Displaying EtherChannel, PAgP, and LACP Status 26-17
Understanding Link-State Tracking 26-18
Configuring Link-State Tracking 26-21
Default Link-State Tracking Configuration 26-21
Link-State Tracking Configuration Guidelines 26-21
Configuring Link-State Tracking 26-21
Displaying Link-State Tracking Status 26-22
Contents
CHAPTER
27 Configuring IPv6 Unicast Hosts 27-1
Understanding IPv6 27-1
IPv6 Addresses 27-2
Supported IPv6 Host Features 27-2
128-Bit Wide Unicast Addresses 27-3
DNS for IPv6 27-3
ICMPv6 27-3
Default Router Preference 27-3
IPv6 Stateless Autoconfiguration and Duplicate Address Detection 27-4
IPv6 Applications 27-4
SNMP and Syslog Over IPv6 27-4
HTTP(s) Over IPv6 27-5
Configuring IPv6 27-5
Default IPv6 Configuration 27-5
Configuring IPv6 Addressing and Enabling IPv6 Host 27-6
Configuring Default Router Preference 27-7
Configuring IPv6 ICMP Rate Limiting 27-8
Displaying IPv6 27-8
CHAPTER
OL-19808-01
28 Troubleshooting 28-1
Recovering from a Software Failure 28-2
Recovering from a Lost or Forgotten Password 28-3
Procedure with Password Recovery Enabled 28-4
Procedure with Password Recovery Disabled 28-6
Recovering from a Command Switch Failure 28-8
Catalyst 2360 Switch Software Configuration Guide
xix
Page 20
Contents
Replacing a Failed Command Switch with a Cluster Member 28-8
Replacing a Failed Command Switch with Another Switch 28-10
Recovering from Lost Cluster Member Connectivity 28-11
Preventing Autonegotiation Mismatches 28-11
SFP Module Security and Identification 28-12
Monitoring SFP Module Status 28-12
Monitoring Temperature 28-12
Using Ping 28-13
Understanding Ping 28-13
Executing Ping 28-13
Using Layer 2 Traceroute 28-14
Understanding Layer 2 Traceroute 28-14
Usage Guidelines 28-14
Displaying the Physical Path 28-15
CHAPTER
Using IP Traceroute 28-15
Understanding IP Traceroute 28-16
Executing IP Traceroute 28-16
Using Debug Commands 28-17
Enabling Debugging on a Specific Feature 28-18
Enabling All-System Diagnostics 28-18
Redirecting Debug and Error Message Output 28-18
Using the show platform forward Command 28-19
Using the crashinfo Files 28-21
Basic crashinfo Files 28-21
Extended crashinfo Files 28-21
Using On-Board Failure Logging 28-22
Understanding OBFL 28-22
Configuring OBFL 28-23
Displaying OBFL Information 28-23
29 Configuring Online Diagnostics 29-1
Understanding Online Diagnostics 29-1
xx
Configuring Online Diagnostics 29-2
Scheduling Online Diagnostics 29-2
Configuring Health-Monitoring Diagnostics 29-3
Running Online Diagnostic Tests 29-5
Starting Online Diagnostic Tests 29-5
Displaying Online Diagnostic Tests and Test Results 29-6
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 21
Contents
APPENDIX
APPENDIX
A MIB List A-1
Using FTP to Access the MIB Files A-3
B Working with the Flash File System B-1
Displaying Available File Systems B-2
Setting the Default File System B-3
Displaying Information about Files on a File System B-3
Changing Directories and Displaying the Working Directory B-4
Creating and Removing Directories B-4
Copying Files B-5
Deleting Files B-5
Creating, Displaying, and Extracting Files B-6
Working with Configuration Files B-8
Guidelines for Creating and Using Configuration Files B-9
Configuration File Types and Location B-9
Creating a Configuration File By Using a Text Editor B-10
Copying Configuration Files By Using TFTP B-10
Preparing to Download or Upload a Configuration File By Using TFTP B-10
Downloading the Configuration File By Using TFTP B-11
Uploading the Configuration File By Using TFTP B-11
Copying Configuration Files By Using FTP B-12
Preparing to Download or Upload a Configuration File By Using FTP B-13
Downloading a Configuration File By Using FTP B-13
Uploading a Configuration File By Using FTP B-14
Copying Configuration Files By Using RCP B-15
Preparing to Download or Upload a Configuration File By Using RCP B-16
Downloading a Configuration File By Using RCP B-17
Uploading a Configuration File By Using RCP B-18
Clearing Configuration Information B-19
Clearing the Startup Configuration File B-19
Deleting a Stored Configuration File B-19
Replacing and Rolling Back Configurations B-19
Understanding Configuration Replacement and Rollback B-19
Configuration Guidelines B-21
Configuring the Configuration Archive B-21
Performing a Configuration Replacement or Rollback Operation B-22
OL-19808-01
Working with Software Images B-23
Image Location on the Switch B-24
File Format of Images on a Server or Cisco.com B-24
Catalyst 2360 Switch Software Configuration Guide
xxi
Page 22
Contents
Copying Image Files By Using TFTP B-25
Preparing to Download or Upload an Image File By Using TFTP B-25
Downloading an Image File By Using TFTP B-26
Uploading an Image File By Using TFTP B-28
Copying Image Files By Using FTP B-29
Preparing to Download or Upload an Image File By Using FTP B-29
Downloading an Image File By Using FTP B-30
Uploading an Image File By Using FTP B-32
Copying Image Files By Using RCP B-33
Preparing to Download or Upload an Image File By Using RCP B-34
Downloading an Image File By Using RCP B-35
Uploading an Image File By Using RCP B-37
APPENDIX
C 802.1x Commands C-1
Unsupported Privileged EXEC Commands C-1
Access Control Lists Commands C-1
Unsupported Privileged EXEC Commands C-1
Unsupported Global Configuration Commands C-2
Unsupported Route-Map Configuration Commands C-2
Archive Commands C-2
Unsupported Privileged EXEC Commands C-2
ARP Commands C-2
Unsupported User EXEC Commands C-2
Unsupported Global Configuration Commands C-2
Unsupported ARP Access-List Configuration Commands C-2
Boot Loader Commands C-3
Unsupported Global Configuration Commands C-3
Unsupported User EXEC Commands C-3
Cluster Commands C-3
Unsupported Global Configuration Commands C-3
Embedded Event Manager Commands C-3
Unsupported Privileged EXEC Commands C-3
Unsupported Global Configuration Commands C-3
Unsupported Commands in Applet Configuration Mode C-3
xxii
Fallback Bridging C-4
Unsupported Global Configuration Commands C-4
IGMP Snooping Commands C-4
Unsupported Global Configuration Commands C-4
Inline Power Commands C-4
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 23
Unsupported User EXEC Commands C-4
Unsupported Privileged EXEC Commands C-4
Interface Commands C-4
Unsupported Privileged EXEC Commands C-4
Unsupported Global Configuration Commands C-4
Unsupported Interface Configuration Commands C-4
Unsupported BGP Router Configuration Commands C-5
Unsupported VPN Configuration Commands C-5
Unsupported Route Map Commands C-5
MAC Address Commands C-6
Unsupported User EXEC Commands C-6
Unsupported Privileged EXEC Commands C-6
Unsupported Global Configuration Commands C-6
Unsupported Interface Configuration Commands C-6
Miscellaneous Commands C-7
Unsupported User EXEC Commands C-7
Unsupported Privileged EXEC Commands C-7
Unsupported Global Configuration Commands C-7
Contents
NetFlow Commands C-7
Unsupported Global Configuration Commands C-7
Network Address Translation (NAT) Commands C-7
Unsupported Privileged EXEC Commands C-7
Port Security Commands C-8
Unsupported Privileged EXEC Commands C-8
Power Supply Commands C-8
Unsupported User EXEC Commands C-8
QoS Commands C-8
Unsupported Global Configuration Command C-8
Unsupported Interface Configuration Commands C-8
Unsupported Policy-Map Configuration Command C-8
RADIUS Commands C-9
Unsupported Global Configuration Commands C-9
SNMP Commands C-9
Unsupported Global Configuration Commands C-9
Spanning Tree Commands C-9
Unsupported Global Configuration Command C-9
OL-19808-01
Stacking-Related Commands C-9
Unsupported Privileged EXEC Commands C-9
Catalyst 2360 Switch Software Configuration Guide
xxiii
Page 24
I
NDEX
Contents
VLAN Commands C-10
Unsupported User EXEC Commands C-10
Unsupported Privileged EXEC Command C-10
Unsupported Global Configuration Command C-10
Unsupported VLAN Configuration Commands C-10
VTP Commands C-10
Unsupported Privileged EXEC Command C-10
xxiv
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 25
Purpose
Preface
The Catalyst 2360 ships with a universal image that includes cryptographic and LAN Lite functionality.
Enter the show license privileged EXEC command, and see the active image:
Switch# show license
Index 1 Feature: lanlite
Period left: 0 minute 0 second
Switch#
This guide provides procedures for using the commands that have been created or changed for use with
the Catalyst
for this release. For information about the standard Cisco IOS Release 12.2 commands, see the
Cisco.com home page at Products & Services > Technical Support & Documentation > See
Documentation > Cisco IOS Software.
This guide does not provide detailed information on the GUIs for the embedded device manager that you
can use to manage the switch. However, the concepts in this guide are applicable to the GUI user. For
information about the device manager, see the switch online help.
This guide does not describe system messages you might encounter or how to install your switch. For
more information, see the Catalyst 2360 System Message Guide and the Catalyst
Installation Guide.
For documentation updates, see the release notes for this release.
Conventions
This publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
• Commands and keywords are in boldface text.
• Arguments for which you supply values are in italic.
• Square brackets ([ ]) mean optional elements.
2360 switches. For detailed information about these commands, see the command reference
2360 Switch Hardware
OL-19808-01
• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
Catalyst 2360 Switch Software Configuration Guide
xxv
Page 26
Interactive examples use these conventions:
• Terminal sessions and system displays are in screen font.
• Information you enter is in boldface screen font.
• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).
Notes, cautions, and timesavers use these conventions and symbols:
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Related Publications
Preface
These documents provide complete information about the switch and are available from Cisco.com:
http://www.cisco.com/en/US/products/ps10920/tsd_products_support_series_home.html
Note Before installing, configuring, or upgrading the switch, see these documents:
• For initial configuration information, see the “Using Express Setup” section in the getting started
guide or the “Configuring the Switch with the CLI-Based Setup Program” appendix in the hardware
installation guide.
• For device manager requirements, see the “System Requirements” section in the release notes.
• For upgrading information, see the “Downloading Software” section in the release notes.
For more information, see these documents on Cisco.com.
• Release Notes for the Catalyst 2360 Switches
• Catalyst 2360 Switch Software Configuration Guide
• Catalyst 2360 Switch Command Reference
• Catalyst 2360 Switch System Message Guide
• Catalyst 2360 Switch Hardware Installation Guide
• Getting Started Guide for the Catalyst 2360 Switch
xxvi
• Regulatory Compliance and Safety Information for the Catalyst 2360 Switches
• Installation Notes for the Power Supply Modules for the Catalyst 2360 Switch
• Installation Notes for the Fan Modules for the Catalyst 2360 Switch
• Product Documentation and Compliance for the Catalyst 2360 Switch
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 27
• Information about Cisco SFP, SFP+, and GBIC modules is available from this Cisco.com site:
http://www.cisco.com/en/US/products/hw/modules/ps5455/prod_installation_guides_list.html
SFP compatibility matrix documents are available from this Cisco.com site:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.ht
ml
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s
revised Cisco
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS
technical documentation, at:
New in Cisco Product Documentation, which also lists all new and
Ve rs i on 2.0.
Preface
xxvii
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 28
Preface
xxviii
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 29
Features
CHA PTER
1
Overview
In this document, IP refers to IP Version 4 (IPv4).
• Features, page 1-1
• Default Settings After Initial Switch Configuration, page 1-6
• Where to Go Next, page 1-8
The switch supports the IP base feature set, which provides Layer 2+ features (enterprise-class
intelligent services). These features include access control lists (ACLs), quality of service (QoS), and
basic IPv6 management.
• Deployment Features, page 1-1
• Performance Features, page 1-2
• Management Options, page 1-3
• Manageability Features, page 1-3
• Availability and Redundancy Features, page 1-4
• VLAN Features, page 1-5
• Security Features, page 1-5
• QoS and CoS Features, page 1-6
• Monitoring Features, page 1-6
• Default Settings After Initial Switch Configuration, page 1-6
Deployment Features
• Express Setup for quickly configuring a switch for the first time with basic IP information, contact
information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP)
information through a browser-based program. For information about Express Setup, see the getting
started guide.
• An embedded device manager GUI for configuring and monitoring a single switch through a web
browser. For information about starting the device manager, see the getting started guide. For
information about the device manager, see the switch online help.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
1-1
Page 30
Features
• Switch clustering technology for
–
Unified configuration, monitoring, authentication, and software upgrade of multiple,
cluster-capable switches, regardless of their geographic proximity and interconnection media,
including Ethernet, Fast Ethernet, Fast EtherChannel, Gigabit Ethernet, Gigabit EtherChannel,
10-Gigabit Ethernet, and 10-Gigabit EtherChannel connections. For a list of cluster-capable
switches, see the release notes.
–
Automatic discovery of candidate switches and creation of clusters of up to 16 switches that can
be managed through a single IP address.
–
Extended discovery of cluster candidates that are not directly connected to the command switch.
Performance Features
• Autosensing of port speed and autonegotiation of duplex mode on all switch ports to optimize
bandwidth
• Automatic medium-dependent interface crossover (auto-MDIX) capability on 10/100/1000-Mb/s
interfaces and on 10/100/1000 BASE-TX small form-format pluggable (SFP) module interfaces that
enables the interface to automatically detect the required cable connection type (straight-through or
crossover) and to configure the connection appropriately
Chapter 1 Overview
• SFP+ support for 10 Gigabit speeds
• Support for up to 9216 bytes [the maximum packet size or maximum transmission unit (MTU) size]
for frames that are bridged in hardware and software through Gigabit Ethernet ports and 10-Gigabit
Ethernet ports
• 802.3x flow control on all ports (The switch does not send pause frames.)
• EtherChannel for enhanced fault tolerance and to provide up to 4 Gb/s (Gigabit EtherChannel) or
40
Gb/s (10-Gigabit EtherChannel) full-duplex bandwidth among switches, routers, and servers
• Port Aggregation Protocol (PAgP) for automatic creation of EtherChannel links
• Forwarding of Layer 2 packets at Gigabit line rate
• Internet Group Management Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3. For IGMP
devices, IGMP snooping for efficiently forwarding multimedia and multicast traffic
• IGMP snooping querier support for configuring switch to generate periodic IGMP general query
messages
• IGMP Helper to allow the switch to forward a host request to join a multicast stream to a specific
IP destination address
• IGMP throttling for configuring the action when the maximum number of entries is in the IGMP
forwarding table
• IGMP leave timer for configuring the network leave latency
• Configurable small-frame arrival threshold to prevent storm control when small frames (64 bytes or
less) arrive on an interface at a specified rate (the threshold)
1-2
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 31
Chapter 1 Overview
Management Options
• An embedded device manager—The device manager is a GUI that is embedded in the software
image. You use it to configure and to monitor a single switch. For information about starting the
device manager, see the getting started guide. For information about the device manager, see the switch
online help.
• CLI—The Cisco IOS software supports desktop and multilayer switching features. You can access
the CLI by connecting your management station directly to the switch console port, by connecting
your PC directly to the Ethernet management port, or by using Telnet from a remote management
station or PC. For information about the CLI, see
• SNMP—SNMP management applications such as CiscoWorks LAN Management Suite (LMS) and
HP OpenView. You can manage from an SNMP-compatible management station or a PC that is
running platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive
set of MIB extensions and four remote monitoring (RMON) groups. For information about using
SNMP, see
Manageability Features
Features
Chapter 2, “Using the Command-Line Interface.”
Chapter 23, “Configuring SNMP.”
• CNS embedded agents for automating switch management, configuration storage, and delivery
• DHCP for automating configuration of switch information (such as IP address, default gateway,
hostname, and Domain Name System [DNS] and TFTP server names)
• DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address
requests, from DHCP clients
• DHCP server for automatic assignment of IP addresses and other DHCP options to IP hosts
• DHCP server port-based address allocation for the preassignment of an IP address to a switch port
• Directed unicast requests to a DNS server for identifying a switch through its IP address and its
corresponding hostname and to a TFTP server for administering software upgrades from a TFTP
server
• Address Resolution Protocol (ARP) for identifying a switch through its IP address and its
corresponding MAC address
• Unicast MAC address filtering to drop packets with specific source or destination MAC addresses
• Configurable MAC address scaling to disable MAC address learning on a VLAN to limit the size of
the MAC address table
• Disabling MAC address learning on a VLAN
• Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology discovery and mapping
between the switch and other Cisco devices on the network
• Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery (LLDP-MED) for
interoperability with third-party IP phones
OL-19808-01
• Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external
source
• Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses
• Configuration logging to log and to view changes to the switch configuration
• Configuration replacement and rollback to replace the running configuration on a switch with any
saved Cisco IOS configuration file
Catalyst 2360 Switch Software Configuration Guide
1-3
Page 32
Features
Chapter 1 Overview
• Unique device identifier to provide product identification information through a show inventory
user EXEC command display
• In-band management access through the device manager over a Netscape Navigator or Microsoft
Internet Explorer browser session
• In-band management access for up to 16 simultaneous Telnet connections for multiple CLI-based
sessions over the network
• In-band management access for up to five simultaneous, encrypted Secure Shell (SSH) connections
for multiple CLI-based sessions over the network (requires the cryptographic software image)
• In-band management access through SNMP Versions 1, 2c, and 3 get and set requests
• Out-of-band management access through the switch console port to a directly attached terminal or
to a remote terminal through a serial connection or a modem
• Out-of-band management access through the Ethernet management port to a PC
• Secure Copy Protocol (SCP) feature to provide a secure and authenticated method for copying
switch configuration or switch image files (requires the cryptographic software image)
• The HTTP client in Cisco IOS sends requests to both IPv4 and IPv6 HTTP servers, and the HTTP
server in Cisco IOS services HTTP requests from both IPv4 and IPv6 HTTP clients
• IPv6 supports stateless autoconfiguration to manage link, subnet, and site addressing changes, such
as management of host and mobile IP addresses.
• DHCP server port-based address allocation for the preassignment of an IP address to a switch port.
• Wired location service sends location and attachment tracking information for connected devices to
a Cisco Mobility Services Engine (MSE).
• CPU threshold trap monitors CPU use.
• Support for including a hostname in the option 12 field of DHCPDISCOVER packets. This provides
identical configuration files to be sent by using the DHCP protocol.
• DHCP Snooping enhancement to support the selection of a fixed string-based format for the
circuit-id sub-option of the Option 82 DHCP field.
• USB mini-Type B console port in addition to the RJ-45 console port. Console input is active on only
one port at a time.
• USB Type A port for external Cisco USB flash memory devices (thumb drives or USB keys). You
can use Cisco CLI commands to read, write, erase, copy, or boot from the flash memory.
Availability and Redundancy Features
• UniDirectional Link Detection (UDLD) and aggressive UDLD for detecting and disabling
unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults
• 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free networks.
STP has these features:
1-4
–
Up to 128 supported spanning-tree instances
–
Per-VLAN spanning-tree plus (PVST+) for load-balancing across VLANs
–
Rapid PVST+ for load-balancing across VLANs and for rapid convergence of spanning-tree
instances
–
UplinkFast and BackboneFast for fast convergence after a spanning-tree topology change and
to achieve load-balancing between redundant uplinks, including Gigabit uplinks
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 33
Chapter 1 Overview
VLAN Features
Features
• 802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree instance
and to provide multiple forwarding paths for data traffic and load-balancing and rapid per-VLAN
Spanning-Tree plus (rapid-PVST+)
• Optional spanning-tree features available in PVST+, rapid-PVST+, and MSTP mode:
–
Port Fast to eliminate the forwarding delay by enabling a port to immediately change from the
blocking state to the forwarding state
–
BPDU guard to shut down Port Fast-enabled ports that receive bridge protocol data units
(BPDUs)
–
BPDU filtering to prevent a Port Fast-enabled port from sending or receiving BPDUs
–
Root guard to prevent switches outside the network core from becoming the spanning-tree root
–
Loop guard to prevent alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link
• Support for up to 64 VLANs for assigning users to VLANs associated with resources, traffic
patterns, and bandwidth
• Support for VLAN IDs in the 1 to 4094 range
• 802.1Q trunking encapsulation on all ports for network moves, adds, and changes; management and
• Dynamic Trunking Protocol (DTP) to negotiate trunking on a link between two devices and to
• VLAN Trunking Protocol (VTP) and VTP pruning to reduce network traffic by restricting flooded
• VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
Security Features
• Password-protected access (read-only and read-write access) to management interfaces (device
• Multilevel security for a choice of security level, notification, and resulting actions
• Static MAC addressing to ensure security
• BPDU guard to shut down a Port Fast-configured port when an invalid configuration occurs
• Extended MAC access control lists to define security policies in the inbound direction on Layer 2
• MAC authentication bypass to authorize clients based on the client MAC address
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources
negotiate the type of trunking encapsulation (802.1Q) to be used
traffic to links for stations receiving the traffic
be disabled on any individual VLAN trunk link. When enabled, no user traffic is sent or received on
the trunk. The switch CPU contiinues to send and receive control protocol frames.
manager, and the CLI) to protect against unauthorized configuration changes
interfaces
OL-19808-01
• TACACS+ to manage network security through a TACACS server
• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through AAA services
Catalyst 2360 Switch Software Configuration Guide
1-5
Page 34
Default Settings After Initial Switch Configuration
• Kerberos security system to authenticate requests for network resources by using a trusted third
party (requires the cryptographic software image)
• Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,
and message integrity and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic software image)
QoS and CoS Features
• Classification
–
802.1p class of service marking priorities on a per-port basis to protect the performance of
mission-critical applications
• Egress queues and scheduling
–
Four egress queues per port
Monitoring Features
Chapter 1 Overview
• Switch LEDs provide port and switch status
• MAC address notification traps and RADIUS accounting to track users on a network, storing the
MAC addresses that the switch has learned or removed
• Switched Port Analyzer (SPAN) to traffic monitor on any port or VLAN
• SPAN support of Intrusion Detection Systems (IDS) to monitor, repel, and report network security
violations
• Four groups (history, statistics, alarms, and events) of embedded RMON agents for network
monitoring and traffic analysis
• Syslog facility for logging system messages about authentication or authorization errors, resource
issues, and time-out events
• Online diagnostics to test the hardware functionality of the supervisor engine, modules, and switch
while the switch is connected to a network
Default Settings After Initial Switch Configuration
You only need to assign basic IP information to the switch and connect it to other network devices.
Note To assign an IP address by using the browser-based Express Setup program, see the getting started guide.
To assign an IP address by using the CLI-based setup program, see the hardware installation guide.
1-6
If you do not configure the switch, the switch operates with these default settings:
• Default switch IP address, subnet mask, and default gateway is 0.0.0.0. For information, see
Chapter 3, “Assigning the Switch IP Address and Default Gateway,” and Chapter 14, “Configuring
DHCP Features.”
• Default domain name is not configured. For information, see Chapter 3, “Assigning the Switch IP
Address and Default Gateway.”
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 35
Chapter 1 Overview
Default Settings After Initial Switch Configuration
• DHCP client is enabled, the DHCP server is enabled (only if the device acting as a DHCP server is
configured and is enabled), and the DHCP relay agent is enabled (only if the device is acting as a
DHCP relay agent is configured and is enabled). For information, see
Switch IP Address and Default Gateway,” and Chapter 14, “Configuring DHCP Features.”
• Switch cluster is disabled. For information, see Chapter 4, “Clustering Switches,” and the Getting
Started with Cisco Network Assistant, available on Cisco.com.
• No passwords are defined. For information, see Chapter 5, “Administering the Switch.”
• System name and prompt is Switch. For information, see Chapter 5, “Administering the Switch.”
• NTP is enabled. For information, see Chapter 5, “Administering the Switch.”
• DNS is enabled. For information, see Chapter 5, “Administering the Switch.”
• TACACS+ is disabled. For information, see Chapter 7, “Configuring Switch-Based
Authentication.”
• RADIUS is disabled. For information, see Chapter 7, “Configuring Switch-Based Authentication.”
• The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are both enabled. For
information, see
• Port parameters
–
Operating mode is Layer 2 (switchport). For information, see Chapter 8, “Configuring Interface
Chapter 7, “Configuring Switch-Based Authentication.”
Characteristics.”
Chapter 3, “Assigning the
–
Interface speed and duplex mode is autonegotiate. For information, see Chapter 8, “Configuring
Interface Characteristics.”
–
Auto-MDIX is enabled. For information, see Chapter 8, “Configuring Interface
Characteristics.”
–
Flow control is off. For information, see Chapter 8, “Configuring Interface Characteristics.”
• VLANs
–
Default VLAN is VLAN 1. For information, see Chapter 9, “Configuring VLANs.”
–
VLAN trunking setting is dynamic auto (DTP). For information, see Chapter 9, “Configuring
VLANs.”
–
Trunk encapsulation is negotiate. For information, see Chapter 9, “Configuring VLANs.”
–
VTP mode is server. For information, see Chapter 10, “Configuring VTP.”
–
VTP version is Version 1. For information, see Chapter 10, “Configuring VTP.”
• STP, PVST+ is enabled on VLAN 1. For information, see Chapter 11, “Configuring STP.”
• MSTP is disabled. For information, see Chapter 12, “Configuring MSTP.”
• Optional spanning-tree features are disabled. For information, see Chapter 13, “Configuring
Optional Spanning-Tree Features.”
• IGMP snooping is enabled. No IGMP filters are applied. For information, see Chapter 15,
“Configuring IGMP Snooping.”
• IGMP throttling setting is deny. For information, see Chapter 15, “Configuring IGMP Snooping.”
• The IGMP snooping querier feature is disabled. For information, see Chapter 15, “Configuring
IGMP Snooping.”
OL-19808-01
• CDP is enabled. For information, see Chapter 17, “Configuring CDP.”
• UDLD is disabled. For information, see Chapter 19, “Configuring UDLD.”
Catalyst 2360 Switch Software Configuration Guide
1-7
Page 36
Where to Go Next
• SPAN are disabled. For information, see Chapter 20, “Configuring SPAN.”
• RMON is disabled. For information, see Chapter 21, “Configuring RMON.”
• Syslog messages are enabled and appear on the console. For information, see Chapter 22,
“Configuring System Message Logging.”
• SNMP is enabled (Version 1). For information, see Chapter 23, “Configuring SNMP.”
• QoS is disabled. For information, see Chapter 25, “Configuring QoS.”
• No EtherChannels are configured. For information, see Chapter 26, “Configuring EtherChannels
and Link-State Tracking.”
Where to Go Next
• Chapter 2, “Using the Command-Line Interface”
• Chapter 3, “Assigning the Switch IP Address and Default Gateway”
Chapter 1 Overview
1-8
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 37
CHA PTER
2
Using the Command-Line Interface
This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your
Catalyst2360 switch. It contains these sections:
• Understanding Command Modes, page 2-1
• Understanding the Help System, page 2-3
• Understanding Abbreviated Commands, page 2-4
• Understanding no and default Forms of Commands, page 2-4
• Understanding CLI Error Messages, page 2-5
• Using Configuration Logging, page 2-5
• Using Command History, page 2-6
• Using Editing Features, page 2-7
• Searching and Filtering Output of show and more Commands, page 2-10
• Accessing the CLI, page 2-10
Understanding Command Modes
The Cisco IOS user interface is divided into many different modes. The commands available to you
depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a
list of commands available for each command mode.
When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a
limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC
commands are one-time commands, such as show commands, which show the current configuration
status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved
when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a
password to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC
command or enter global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to the running
configuration. If you save the configuration, these commands are stored and used when the switch
reboots. To access the various configuration modes, you must start at global configuration mode. From
global configuration mode, you can enter interface configuration mode and line configuration mode.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
2-1
Page 38
Chapter 2 Using the Command-Line Interface
Understanding Command Modes
Table 2-1 describes the main command modes, how to access each one, the prompt you see in that mode,
and how to exit the mode. The examples in the table use the hostname Switch.
Ta b l e 2-1 Command Mode Summary
Mode Access Method Prompt Exit Method About This Mode
User EXEC Begin a session with
your switch.
Privileged EXEC While in user EXEC
mode, enter the
enable command.
Global configuration While in privileged
EXEC mode, enter
the configure
command.
Config-vlan While in global
configuration mode,
enter the
vlan
vlan-id
command.
VLAN configuration While in privileged
EXEC mode, enter
the vlan database
command.
Switch>
Switch#
Switch(config)#
Switch(config-vlan)#
Switch(vlan)#
Enter logout or
quit.
Enter disable to
exit.
To exit to privileged
EXEC mode, enter
exit or end, or press
Ctrl-Z.
To exit to global
configuration mode,
enter the exit
command.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
To exit to privileged
EXEC mode, enter
exit.
Use this mode to
• Change terminal settings.
• Perform basic tests.
• Display system
information.
Use this mode to verify
commands that you have
entered. Use a password to
protect access to this mode.
Use this mode to configure
parameters that apply to the
entire switch.
Use this mode to configure
VLAN parameters. When VTP
mode is transparent, you can
create extended-range VLANs
(VLAN IDs greater than 1005)
and save configurations in the
switch startup configuration
file.
Use this mode to configure
VLAN parameters for VLANs
1 to 1005 in the VLAN
database.
2-2
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 39
Chapter 2 Using the Command-Line Interface
Understanding the Help System
Table 2-1 Command Mode Summary (continued)
Mode Access Method Prompt Exit Method About This Mode
Interface
configuration
While in global
configuration mode,
enter the interface
command (with a
specific interface).
Line configuration While in global
configuration mode,
specify a line with
the line
vty or line
console command.
Switch(config-if)#
Switch(config-line)#
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
Use this mode to configure
parameters for the Ethernet
ports.
For information about defining
interfaces, see the
Interface Configuration Mode”
section on page 8-9.
To configure multiple
interfaces with the same
parameters, see the
“Configuring a Range of
Interfaces” section on
page 8-11.
Use this mode to configure
parameters for the terminal
line.
“Using
For more detailed information on the command modes, see the command reference guide for this release.
Understanding the Help System
You can enter a question mark (?) at the system prompt to display a list of commands available for each
command mode. You can also obtain a list of associated keywords and arguments for any command, as
shown in
Ta b l e 2-2 Help Summary
Command Purpose
help Obtain a brief description of the help system in any command mode.
abbreviated-command-entry? Obtain a list of commands that begin with a particular character string.
abbreviated-command-entry<Ta b> Complete a partial command name.
Table 2-2.
For example:
Switch# di?
dir disable disconnect
For example:
Switch# sh conf<tab>
Switch# show configuration
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
2-3
Page 40
Chapter 2 Using the Command-Line Interface
Understanding Abbreviated Commands
Table 2-2 Help Summary (continued)
Command Purpose
? List all commands available for a particular command mode.
For example:
Switch> ?
command ? List the associated keywords for a command.
For example:
Switch> show ?
command keyword ? List the associated arguments for a keyword.
For example:
Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver must keep this packet
Understanding Abbreviated Commands
You need to enter only enough characters for the switch to recognize the command as unique.
This example shows how to enter the show configuration privileged EXEC command in an abbreviated
form:
Switch# show conf
Understanding no and default Forms of Commands
Almost every configuration command also has a no form. In general, use the no form to disable a feature
or function or reverse the action of a command. For example, the no shutdown interface configuration
command reverses the shutdown of an interface. Use the command without the keyword no to re-enable
a disabled feature or to enable a feature that is disabled by default.
Configuration commands can also have a default form. The default form of a command returns the
command setting to its default. Most commands are disabled by default, so the default form is the same
as the no form. However, some commands are enabled by default and have variables set to certain default
values. In these cases, the default command enables the command and sets variables to their default
values.
2-4
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 41
Chapter 2 Using the Command-Line Interface
Understanding CLI Error Messages
Table 2-3 lists some error messages that you might encounter while using the CLI to configure your
switch.
Ta b l e 2-3 Common CLI Error Messages
Error Message Meaning How to Get Help
% Ambiguous command:
"show con"
% Incomplete command.
% Invalid input detected
at ‘^’ marker.
You did not enter enough characters
for your switch to recognize the
command.
You did not enter all the keywords or
values required by this command.
You entered the command
incorrectly. The caret (^) marks the
point of the error.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that you can enter with the
command appear.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that you can enter with the
command appear.
Enter a question mark (?) to display all the commands
that are available in this command mode.
The possible keywords that you can enter with the
command appear.
Understanding CLI Error Messages
Using Configuration Logging
You can log and view changes to the switch configuration. You can use the Configuration Change
Logging and Notification feature to track changes on a per-session and per-user basis. The logger tracks
each configuration command that is applied, the user who entered the command, the time that the
command was entered, and the parser return code for the command. This feature includes a mechanism
for asynchronous notification to registered applications whenever the configuration changes. You can
choose to have the notifications sent to the syslog.
For more information, see the “Configuration Change Notification and Logging” section of the Cisco
IOS Configuration Fundamentals Configuration Guide, Release 12.4 at this URL:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080454f
73.html
Note Only CLI or HTTP changes are logged.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
2-5
Page 42
Using Command History
Using Command History
The software provides a history or record of commands that you have entered. The command history
feature is particularly useful for recalling long or complex commands or entries, including access lists.
You can customize this feature to suit your needs as described in these sections:
• Changing the Command History Buffer Size, page 2-6 (optional)
• Recalling Commands, page 2-6 (optional)
• Disabling the Command History Feature, page 2-7 (optional)
Changing the Command History Buffer Size
By default, the switch records ten command lines in its history buffer. You can alter this number for a
current terminal session or for all sessions on a particular line. These procedures are optional.
Beginning in privileged EXEC mode, enter this command to change the number of command lines that
the switch records during the current terminal session:
Switch# terminal history [size
number-of-lines
Chapter 2 Using the Command-Line Interface
]
The range is from 0 to 256.
Beginning in line configuration mode, enter this command to configure the number of command lines
the switch records for all sessions on a particular line:
Switch(config-line)# history [size
The range is from 0 to 256.
number-of-lines
]
Recalling Commands
To recall commands from the history buffer, perform one of the actions listed in Table 2-4. These actions
are optional.
Ta b l e 2-4 Recalling Commands
1
Action
Press Ctrl-P or the up arrow key. Recall commands in the history buffer, beginning with the most recent command.
Press Ctrl-N or the down arrow key. Return to more recent commands in the history buffer after recalling commands
show history While in privileged EXEC mode, list the last several commands that you just
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Result
Repeat the key sequence to recall successively older commands.
with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively
more recent commands.
entered. The number of commands that appear is controlled by the setting of the
terminal history global configuration command and the history line configuration
command.
2-6
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 43
Chapter 2 Using the Command-Line Interface
Disabling the Command History Feature
The command history feature is automatically enabled. You can disable it for the current terminal
session or for the command line. These procedures are optional.
To disable the feature during the current terminal session, enter the terminal no history privileged
EXEC command.
To disable command history for the line, enter the no history line configuration command.
Using Editing Features
This section describes the editing features that can help you manipulate the command line. It contains
these sections:
• Enabling and Disabling Editing Features, page 2-7 (optional)
• Editing Commands through Keystrokes, page 2-8 (optional)
• Editing Command Lines that Wrap, page 2-9 (optional)
Using Editing Features
Enabling and Disabling Editing Features
Although enhanced editing mode is automatically enabled, you can disable it, re-enable it, or configure
a specific line to have enhanced editing. These procedures are optional.
To globally disable enhanced editing mode, enter this command in line configuration mode:
Switch (config-line)# no editing
To re-enable the enhanced editing mode for the current terminal session, enter this command in
privileged EXEC mode:
Switch# terminal editing
To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration
mode:
Switch(config-line)# editing
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
2-7
Page 44
Using Editing Features
Editing Commands through Keystrokes
Table 2-5 shows the keystrokes that you need to edit command lines. These keystrokes are optional.
Ta b l e 2-5 Editing Commands through Keystrokes
Chapter 2 Using the Command-Line Interface
Capability Keystroke
Move around the command line to
make changes or corrections.
Press Ctrl-B, or press the
left arrow key.
Press Ctrl-F, or press the
right arrow key.
Press Ctrl-A. Move the cursor to the beginning of the command line.
Press Ctrl-E. Move the cursor to the end of the command line.
Press Esc B. Move the cursor back one word.
Press Esc F. Move the cursor forward one word.
Press Ctrl-T. Transpose the character to the left of the cursor with the
Recall commands from the buffer and
Press Ctrl-Y. Recall the most recent entry in the buffer.
paste them in the command line. The
switch provides a buffer with the last
ten items that you deleted.
Press Esc Y. Recall the next buffer entry.
Delete entries if you make a mistake
or change your mind.
Press the Delete or
Backspace key.
Press Ctrl-D. Delete the character at the cursor.
Press Ctrl-K. Delete all characters from the cursor to the end of the
Press Ctrl-U or Ctrl-X. Delete all characters from the cursor to the beginning of
Press Ctrl-W. Delete the word to the left of the cursor.
Press Esc D. Delete from the cursor to the end of the word.
Capitalize or lowercase words or
Press Esc C. Capitalize at the cursor.
capitalize a set of letters.
Press Esc L. Change the word at the cursor to lowercase.
Press Esc U. Capitalize letters from the cursor to the end of the word.
Designate a particular keystroke as
Press Ctrl-V or Esc Q.
an executable command, perhaps as a
shortcut.
1
Purpose
Move the cursor back one character.
Move the cursor forward one character.
character located at the cursor.
The buffer contains only the last 10 items that you have
deleted or cut. If you press Esc Y more than ten times, you
cycle to the first buffer entry.
Erase the character to the left of the cursor.
command line.
the command line.
2-8
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 45
Chapter 2 Using the Command-Line Interface
Table 2-5 Editing Commands through Keystrokes (continued)
Using Editing Features
Capability Keystroke
Scroll down a line or screen on
Press the Return key. Scroll down one line.
1
displays that are longer than the
terminal screen can display.
Note The More prompt is used for
any output that has more
lines than can be displayed
on the terminal screen,
including show command
output. You can use the
Return and Space bar
keystrokes whenever you see
the More prompt.
Press the Space bar. Scroll down one screen.
Redisplay the current command line
Press Ctrl-L or Ctrl-R. Redisplay the current command line.
if the switch suddenly sends a
message to your screen.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Editing Command Lines that Wrap
Purpose
You can use a wraparound feature for commands that extend beyond a single line on the screen. When
the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the
first ten characters of the line, but you can scroll back and check the syntax at the beginning of the
command. The keystroke actions are optional.
To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You
can also press Ctrl-A to immediately move to the beginning of the line.
Note The arrow keys function only on ANSI-compatible terminals such as VT100s.
In this example, the access-list global configuration command entry extends beyond one line. When the
cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar
sign ($) shows that the line has been scrolled to the left. Each time the cursor reaches the end of the line,
the line is again shifted ten spaces to the left.
Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1
Switch(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25
Switch(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq
Switch(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45
After you complete the entry, press Ctrl-A to check the complete syntax before pressing the Return key
to execute the command. The dollar sign ($) appears at the end of the line to show that the line has been
scrolled to the right:
Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$
The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than
that, use the terminal width privileged EXEC command to set the width of your terminal.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
2-9
Page 46
Chapter 2 Using the Command-Line Interface
Searching and Filtering Output of show and more Commands
Use line wrapping with the command history feature to recall and modify previous complex command
entries. For information about recalling previous command entries, see the
Keystrokes” section on page 2-8.
“Editing Commands through
Searching and Filtering Output of show and more Commands
You can search and filter the output for show and more commands. This is useful when you need to sort
through large amounts of output or if you want to exclude output that you do not need to see. Using these
commands is optional.
To use this functionality, enter a show or more command followed by the pipe character (|), one of the
keywords begin, include, or exclude, and an expression that you want to search for or filter out:
command | {begin | include | exclude} regular-expression
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
are not displayed, but the lines that contain Output appear.
This example shows how to include in the output display only lines where the expression protocol
appears:
Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
GigabitEthernet0/1 is up, line protocol is down
GigabitEthernet0/2 is up, line protocol is up
Accessing the CLI
You can access the CLI through a console connection, through Telnet, or by using the browser.
Accessing the CLI through a Console Connection or through Telnet
Before you can access the CLI, you must connect a terminal or a PC to the switch console or connect a
PC to the Ethernet management port and then power on the switch, as described in the hardware
installation guide that shipped with your switch. Then, to understand the boot process and the options
available for assigning IP information, see
Gateway.”
If your switch is already configured, you can access the CLI through a local console connection or
through a remote Telnet session, but your switch must first be configured for this type of access. For
more information, see the
You can use one of these methods to establish a connection with the switch:
• Connect the switch console port to a management station or dial-up modem, or connect the Ethernet
management port to a PC. For information about connecting to the console or Ethernet management
port, see the switch hardware installation guide.
• Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management
station. The switch must have network connectivity with the Telnet or SSH client, and the switch
must have an enable secret password configured.
“Setting a Telnet Password for a Terminal Line” section on page 7-6.
Chapter 3, “Assigning the Switch IP Address and Default
2-10
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 47
Chapter 2 Using the Command-Line Interface
For information about configuring the switch for Telnet access, see the “Setting a Telnet Password
for a Terminal Line” section on page 7-6. The switch supports up to 16 simultaneous Telnet
sessions. Changes made by one Telnet user are reflected in all other Telnet sessions.
For information about configuring the switch for SSH, see the “Configuring the Switch for Secure
Shell” section on page 7-32. The switch supports up to five simultaneous secure SSH sessions.
After you connect through the console port, through the Ethernet management port, through a Telnet
session or through an SSH session, the user
Accessing the CLI
EXEC prompt appears on the management station.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
2-11
Page 48
Accessing the CLI
Chapter 2 Using the Command-Line Interface
2-12
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 49
CHA PTER
3
Assigning the Switch IP Address and Default Gateway
This chapter describes how to create the initial switch configuration (for example, assigning the IP
address and default gateway information) by using a variety of automatic and manual methods. It also
describes how to modify the switch startup configuration.
Note For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and
Services, Release 12.2.
This chapter consists of these sections:
• Understanding the Boot Process, page 3-1
• Assigning Switch Information, page 3-2
• Checking and Saving the Running Configuration, page 3-11
• Modifying the Startup Configuration, page 3-12
• Scheduling a Reload of the Software Image, page 3-17
Note Information in this chapter about configuring IP addresses and DHCP is specific to IP Version 4 (IPv4).
Understanding the Boot Process
To start your switch, you need to follow the procedures in the hardware installation guide for installing
and powering on the switch and setting up the initial switch configuration (IP address, subnet mask,
default gateway, secret and Telnet passwords, and so forth).
The normal boot process involves the operation of the boot loader software, which performs these
activities:
• Performs low-level CPU initialization. It initializes the CPU registers, which control where physical
memory is mapped, its quantity, its speed, and so forth.
• Performs power-on self-test (POST) for the CPU subsystem. It tests the CPU DRAM and the portion
of the flash device that makes up the flash file system.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
3-1
Page 50
Assigning Switch Information
• Initializes the flash file system on the system board.
• Loads a default operating system software image into memory and boots up the switch.
The boot loader provides access to the flash file system before the operating system is loaded. Normally,
the boot loader is used only to load, uncompress, and start the operating system. After the boot loader
gives the operating system control of the CPU, the boot loader is not active until the next system reset
or power-on.
The boot loader also provides trap-door access into the system if the operating system has problems
serious enough that it cannot be used. The trap-door mechanism provides enough access to the system
so that if it is necessary, you can format the flash file system, reinstall the operating system software
image by using the Xmodem Protocol, recover from a lost or forgotten password, and finally restart the
operating system. For more information, see the
page 28-2 and the “Recovering from a Lost or Forgotten Password” section on page 28-3.
Note You can disable password recovery. For more information, see the “Disabling Password Recovery”
section on page 7-5.
Before you can assign switch information, make sure you have connected a PC or terminal to the console
port or a PC to the Ethernet management port, and make sure you have configured the PC or
terminal-emulation software baud rate and character format to match these of the switch console port:
Chapter 3 Assigning the Switch IP Address and Default Gateway
“Recovering from a Software Failure” section on
• Baud rate default is 9600.
• Data bits default is 8.
Note If the data bits option is set to 8, set the parity option to none.
• Stop bits default is 1.
• Parity settings default is none.
Assigning Switch Information
You can assign IP information through the switch setup program, through a DHCP server, or manually.
Use the switch setup program if you want to be prompted for specific IP information. With this program,
you can also configure a hostname and an enable secret password. It gives you the option of assigning a
Telnet password (to provide security during remote management) and configuring your switch as a
command or member switch of a cluster or as a standalone switch. For more information about the setup
program, see the hardware installation guide.
Use a DHCP server for centralized control and automatic assignment of IP information after the server
is configured.
3-2
Note If you are using DHCP, do not respond to any of the questions in the setup program until the switch
receives the dynamically assigned IP address and reads the configuration file.
If you are an experienced user familiar with the switch configuration steps, manually configure the
switch. Otherwise, use the setup program described previously.
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 51
Chapter 3 Assigning the Switch IP Address and Default Gateway
These sections contain this configuration information:
• Default Switch Information, page 3-3
• Understanding DHCP-Based Autoconfiguration, page 3-3
• Manually Assigning IP Information, page 3-10
Default Switch Information
Table 3-1 shows the default switch information.
Ta b l e 3-1 Default Switch Information
Feature Default Setting
IP address and subnet mask No IP address or subnet mask are defined.
Default gateway No default gateway is defined.
Enable secret password No password is defined.
Hostname The factory-assigned default hostname is Switch.
Telnet password No password is defined.
Assigning Switch Information
Understanding DHCP-Based Autoconfiguration
DHCP provides configuration information to Internet hosts and internetworking devices. This protocol
consists of two components: one for delivering configuration parameters from a DHCP server to a device
and a mechanism for allocating network addresses to devices. DHCP is built on a client-server model,
in which designated DHCP servers allocate network addresses and deliver configuration parameters to
dynamically configured devices. The switch can act as both a DHCP client and a DHCP server.
During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at
startup with IP address information and a configuration file.
With DHCP-based autoconfiguration, no DHCP client-side configuration is needed on your switch.
However, you need to configure the DHCP server for various lease options associated with IP addresses.
If you are using DHCP to relay the configuration file location on the network, you might also need to
configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server.
The DHCP server for your switch can be on the same LAN or on a different LAN than the switch. If the
DHCP server is running on a different LAN, you should configure a DHCP relay device between your
switch and the DHCP server. A relay device forwards broadcast traffic between two directly connected
LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP
address in the received packet.
DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.
DHCP Client Request Process
OL-19808-01
When you boot up your switch, the DHCP client is invoked and requests configuration information from
a DHCP server when the configuration file is not present on the switch. If the configuration file is present
and the configuration includes the ip address dhcp interface configuration command on specific routed
interfaces, the DHCP client is invoked and requests the IP address information for those interfaces.
Catalyst 2360 Switch Software Configuration Guide
3-3
Page 52
Assigning Switch Information
Switch A
DHCPACK (unicast)
DHCPREQUEST (broadcast)
DHCPOFFER (unicast)
DHCPDISCOVER (broadcast)
DHCP server
51807
Figure 3-1 shows the sequence of messages that are exchanged between the DHCP client and the DHCP
server.
Figure 3-1 DHCP Client and Server Message Exchange
The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP
server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP
address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.
In a DHCPREQUEST broadcast message, the client returns a formal request for the offered
configuration information to the DHCP server. The formal request is broadcast so that all other DHCP
servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP
addresses that they offered to the client.
Chapter 3 Assigning the Switch IP Address and Default Gateway
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK
unicast message to the client. With this message, the client and server are bound, and the client uses
configuration information received from the server. The amount of information the switch receives
depends on how you configure the DHCP server. For more information, see the
“Configuring the TFTP
Server” section on page 3-6.
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a
configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
The DHCP server sends the client a DHCPNAK denial broadcast message, which means that the offered
configuration parameters have not been assigned, that an error has occurred during the negotiation of the
parameters, or that the client has been slow in responding to the DHCPOFFER message (the DHCP
server assigned the parameters to another client).
A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any of the
offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is
not a guarantee that the IP address is allocated to the client; however, the server usually reserves the
address until the client has had a chance to formally request the address. If the switch accepts replies
from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to
obtain the switch configuration file.
Understanding DHCP-based Autoconfiguration and Image Update
You can use the DHCP image upgrade features to configure a DHCP server to download both a new
image and a new configuration file to one or more switches in a network. This helps ensure that each
new switch added to a network receives the same image and configuration.
There are two types of DHCP image upgrades: DHCP autoconfiguration and DHCP auto-image update.
3-4
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 53
Chapter 3 Assigning the Switch IP Address and Default Gateway
DHCP Autoconfiguration
DHCP autoconfiguration downloads a configuration file to one or more switches in your network from
a DHCP server. The downloaded configuration file becomes the running configuration of the switch. It
does not over write the bootup configuration saved in the flash, until you reload the switch.
DHCP Auto-Image Update
You can use DHCP auto-image upgrade with DHCP autoconfiguration to download both a configuration
and a new image to one or more switches in your network. The switch (or switches) downloading the
new configuration and the new image can be blank (or only have a default factory configuration loaded).
If the new configuration is downloaded to a switch that already has a configuration, the downloaded
configuration is appended to the configuration file stored on the switch. (Any existing configuration is
not overwritten by the downloaded one.)
Note To enable a DHCP auto-image update on the switch, the TFTP server where the image and configuration
files are located must be configured with the correct option 67 (the configuration filename), option 66
(the DHCP server hostname) option 150 (the TFTP server address), and option 125 (description of the
file) settings.
For procedures to configure the switch as a DHCP server, see the “Configuring DHCP” section of the
“IP addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2.
Assigning Switch Information
After you install the switch in your network, the auto-image update feature starts. The downloaded
configuration file is saved in the running configuration of the switch, and the new image is downloaded
and installed on the switch. When you reboot the switch, the configuration is stored in the saved
configuration on the switch.
Limitations and Restrictions
These are the limitations:
• The DHCP-based autoconfiguration with a saved configuration process stops if there is not at least
one Layer 3 interface in an up state without an assigned IP address in the network.
• Unless you configure a timeout, the DHCP-based autoconfiguration with a saved configuration
feature tries indefinitely to download an IP address.
• The auto-install process stops if a configuration file cannot be downloaded or it the configuration
file is corrupted.
Note The configuration file that is downloaded from TFTP is merged with the existing configuration in the
running configuration but is not saved in the NVRAM unless you enter the write memory or
copy
running-configuration startup-configuration privileged EXEC command. Note that if the
downloaded configuration is saved to the startup configuration, the feature is not triggered during
subsequent system restarts.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
3-5
Page 54
Assigning Switch Information
Configuring DHCP-Based Autoconfiguration
These sections contain this configuration information:
• DHCP Server Configuration Guidelines, page 3-6
• Configuring the TFTP Server, page 3-6
• Configuring the DNS, page 3-7
• Configuring the Relay Device, page 3-7
• Obtaining Configuration Files, page 3-8
• Example Configuration, page 3-9
If your DHCP server is a Cisco device, see the “Configuring DHCP” section of the “IP Addressing and
Services” section of the Cisco IOS IP Configuration Guide, Release
about configuring DHCP.
DHCP Server Configuration Guidelines
Follow these guidelines if you are configuring a device as a DHCP server:
Chapter 3 Assigning the Switch IP Address and Default Gateway
12.2 for additional information
You should configure the DHCP server with reserved leases that are bound to each switch by the switch
hardware address.
If you want the switch to receive IP address information, you must configure the DHCP server with these
lease options:
• IP address of the client (required)
• Subnet mask of the client (required)
• DNS server IP address (optional)
• Router IP address (default gateway address to be used by the switch) (required)
If you want the switch to receive the configuration file from a TFTP server, you must configure the
DHCP server with these lease options:
• TFTP server name (required)
• Boot filename (the name of the configuration file that the client needs) (recommended)
• Hostname (optional)
Depending on the settings of the DHCP server, the switch can receive IP address information, the
configuration file, or both.
If you do not configure the DHCP server with the lease options described previously, it replies to client
requests with only those parameters that are configured. If the IP address and the subnet mask are not in
the reply, the switch is not configured. If the router IP address or the TFTP server name are not found,
the switch might send broadcast, instead of unicast, TFTP requests. Unavailability of other lease options
does not affect autoconfiguration.
Configuring the TFTP Server
Based on the DHCP server configuration, the switch attempts to download one or more configuration
files from the TFTP server. If you configured the DHCP server to respond to the switch with all the
options required for IP connectivity to the TFTP server, and if you configured the DHCP server with a
TFTP server name, address, and configuration filename, the switch attempts to download the specified
configuration file from the specified TFTP server.
Catalyst 2360 Switch Software Configuration Guide
3-6
OL-19808-01
Page 55
Chapter 3 Assigning the Switch IP Address and Default Gateway
If you did not specify the configuration filename, the TFTP server, or if the configuration file could not
be downloaded, the switch attempts to download a configuration file by using various combinations of
filenames and TFTP server addresses. The files include the specified configuration filename (if any) and
these files: network-config, cisconet.cfg, hostname.config, or hostname.cfg, where hostname is the
switch’s current hostname. The TFTP server addresses used include the specified TFTP server address
(if any) and the broadcast address (255.255.255.255).
For the switch to successfully download a configuration file, the TFTP server must contain one or more
configuration files in its base directory. The files can include these files:
• The configuration file named in the DHCP reply (the actual switch configuration file).
• The network-confg or the cisconet.cfg file (known as the default configuration files).
• The router-confg or the ciscortr.cfg file (These files contain commands common to all switches.
Normally, if the DHCP and TFTP servers are properly configured, these files are not accessed.)
If you specify the TFTP server name in the DHCP server-lease database, you must also configure the
TFTP server name-to-IP-address mapping in the DNS-server database.
If the TFTP server to be used is on a different LAN from the switch, or if it is to be accessed by the switch
through the broadcast address (which occurs if the DHCP server response does not contain all the
required information described previously), a relay must be configured to forward the TFTP packets to
the TFTP server. For more information, see the
The preferred solution is to configure the DHCP server with all the required information.
Assigning Switch Information
“Configuring the Relay Device” section on page 3-7.
Configuring the DNS
The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must
configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the
configuration files for the switch.
You can configure the IP addresses of the DNS servers in the lease database of the DHCP server from
where the DHCP replies will retrieve them. You can enter up to two DNS server IP addresses in the lease
database.
The DNS server can be on the same or on a different LAN as the switch. If it is on a different LAN, the
switch must be able to access it through a router.
Configuring the Relay Device
You must configure a relay device, also referred to as a relay agent, when a switch sends broadcast
packets that require a response from a host on a different LAN. Examples of broadcast packets that the
switch might send are DHCP, DNS, and in some cases, TFTP packets. You must configure this relay
device to forward received broadcast packets on an interface to the destination host.
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and
configure helper addresses by using the ip helper-address interface configuration command.
For example, in Figure 3-2, configure the router interfaces as follows:
On interface 10.0.0.2:
router(config-if)# ip helper-address 20.0.0.2
router(config-if)# ip helper-address 20.0.0.3
router(config-if)# ip helper-address 20.0.0.4
OL-19808-01
On interface 20.0.0.1
router(config-if)# ip helper-address 10.0.0.1
Catalyst 2360 Switch Software Configuration Guide
3-7
Page 56
Assigning Switch Information
Switch
(DHCP client)
Cisco router
(Relay)
49068
DHCP server TFTP server DNS server
20.0.0.2 20.0.0.3
20.0.0.1
10.0.0.2
10.0.0.1
20.0.0.4
Note If the switch is acting as the relay device, configure the interface as a routed port. For more information,
see the
section on page 8-21.
Figure 3-2 Relay Device Used in Autoconfiguration
Chapter 3 Assigning the Switch IP Address and Default Gateway
“Switch Virtual Interfaces” section on page 8-3 and the “Configuring SVI Autostate Exclude”
Obtaining Configuration Files
Depending on the availability of the IP address and the configuration filename in the DHCP reserved
lease, the switch obtains its configuration information in these ways:
• The IP address and the configuration filename is reserved for the switch and provided in the DHCP
reply (one-file read method).
The switch receives its IP address, subnet mask, TFTP server address, and the configuration
filename from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve
the named configuration file from the base directory of the server and upon receipt, it completes its
boot up process.
• The IP address and the configuration filename is reserved for the switch, but the TFTP server
address is not provided in the DHCP reply (one-file read method).
The switch receives its IP address, subnet mask, and the configuration filename from the DHCP
server. The switch sends a broadcast message to a TFTP server to retrieve the named configuration
file from the base directory of the server, and upon receipt, it completes its boot up process.
• Only the IP address is reserved for the switch and provided in the DHCP reply. The configuration
filename is not provided (two-file read method).
The switch receives its IP address, subnet mask, and the TFTP server address from the DHCP server.
The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg
default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg
file.)
The default configuration file contains the hostnames-to-IP-address mapping for the switch. The
switch fills its host table with the information in the file and obtains its hostname. If the hostname
is not found in the file, the switch uses the hostname in the DHCP reply. If the hostname is not
specified in the DHCP reply, the switch uses the default Switch as its hostname.
Catalyst 2360 Switch Software Configuration Guide
3-8
OL-19808-01
Page 57
Chapter 3 Assigning the Switch IP Address and Default Gateway
Switch 1
00e0.9f1e.2001
Cisco router
111394
Switch 2
00e0.9f1e.2002
Switch 3
00e0.9f1e.2003
DHCP server DNS server TFTP server
(tftpserver)
10.0.0.1
10.0.0.10
10.0.0.2 10.0.0.3
Switch 4
00e0.9f1e.2004
After obtaining its hostname from the default configuration file or the DHCP reply, the switch reads
the configuration file that has the same name as its hostname (hostname-confg or hostname.cfg,
depending on whether network-confg or cisconet.cfg was read earlier) from the TFTP server. If the
cisconet.cfg file is read, the filename of the host is truncated to eight characters.
If the switch cannot read the network-confg, cisconet.cfg, or the hostname file, it reads the
router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file.
Note The switch broadcasts TFTP server requests if the TFTP server is not obtained from the DHCP replies,
if all attempts to read the configuration file through unicast transmissions fail, or if the TFTP server
name cannot be resolved to an IP address.
Example Configuration
Figure 3-3 shows a sample network for retrieving IP information by using DHCP-based autoconfiguration.
Figure 3-3 DHCP-Based Autoconfiguration Network Example
Assigning Switch Information
Table 3-2 shows the configuration of the reserved leases on the DHCP server.
Ta b l e 3-2 DHCP Server Configuration
Switch A Switch B Switch C Switch D
Binding key (hardware address) 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004
IP address 10.0.0.21 10.0.0.22 10.0.0.23 10.0.0.24
Subnet mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Router address 10.0.0.10 10.0.0.10 10.0.0.10 10.0.0.10
DNS server address 10.0.0.2 10.0.0.2 10.0.0.2 10.0.0.2
TFTP server name tftpserver or
Boot filename (configuration file)
10.0.0.3
switcha-confg switchb-confg switchc-confg switchd-confg
tftpserver or
10.0.0.3
tftpserver or
10.0.0.3
tftpserver or
10.0.0.3
(optional)
Hostname (optional) switcha switchb switchc switchd
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
3-9
Page 58
Assigning Switch Information
DNS Server Configuration
The DNS server maps the TFTP server name tftpserver to IP address 10.0.0.3.
TFTP Server Configuration (on UNIX)
The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file
used in the two-file read method. This file contains the hostname to be assigned to the switch based on
its IP address. The base directory also contains a configuration file for each switch (switcha-confg,
switchb-confg, and so forth) as shown in this display:
prompt> cd /tftpserver/work/
prompt> ls
network-confg
switcha-confg
switchb-confg
switchc-confg
switchd-confg
prompt> cat network-confg
ip host switcha 10.0.0.21
ip host switchb 10.0.0.22
ip host switchc 10.0.0.23
ip host switchd 10.0.0.24
Chapter 3 Assigning the Switch IP Address and Default Gateway
DHCP Client Configuration
No configuration file is present on Switch A through Switch D.
Configuration Explanation
In Figure 3-3, Switch A reads its configuration file as follows:
• It obtains its IP address 10.0.0.21 from the DHCP server.
• If no configuration filename is given in the DHCP server reply, Switch A reads the network-confg
file from the base directory of the TFTP server.
• It adds the contents of the network-confg file to its host table.
• It reads its host table by indexing its IP address 10.0.0.21 to its hostname (switcha).
• It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg
from the TFTP server.
Switches B through D retrieve their configuration files and IP addresses in the same way.
Manually Assigning IP Information
Beginning in privileged EXEC mode, follow these steps to manually assign IP information to multiple
switched virtual interfaces (SVIs):
Note If the switch is running the IP services feature set, you can also manually assign IP information to a port
if you first put the port into Layer 3 mode by using the no switchport interface configuration command.
Step 1
Step 2
3-10
Command Purpose
configure terminal Enter global configuration mode.
interface vlan vlan-id Enter interface configuration mode, and enter the VLAN to which the IP
information is assigned. The range is 1 to 4094.
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 59
Chapter 3 Assigning the Switch IP Address and Default Gateway
Command Purpose
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
ip address ip-address subnet-mask Enter the IP address and subnet mask.
exit Return to global configuration mode.
ip default-gateway ip-address Enter the IP address of the next-hop router interface that is directly
end Return to privileged EXEC mode.
show interfaces vlan vlan-id Verify the configured IP address.
show ip redirects Verify the configured default gateway.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Checking and Saving the Running Configuration
connected to the switch where a default gateway is being configured. The
default gateway receives IP packets with unresolved destination IP
addresses from the switch.
Once the default gateway is configured, the switch has connectivity to the
remote networks with which a host needs to communicate.
Note When your switch is configured to route with IP, it does not need
to have a default gateway set.
To remove the switch IP address, use the no ip address interface configuration command. If you are
removing the address through a Telnet session, your connection to the switch will be lost. To remove the
default gateway address, use the no ip default-gateway global configuration command.
For information on setting the switch system name, protecting access to privileged EXEC commands,
and setting time and calendar services, see
Chapter 5, “Administering the Switch.”
Checking and Saving the Running Configuration
You can check the configuration settings you entered or changes you made by entering this privileged
EXEC command:
Switch# show running-config
Building configuration...
Current configuration: 1363 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0
!
.
<output truncated>
.
interface gigabitethernet6/0/1
no switchport
ip address 172.20.137.50 255.255.255.0
!
interface gigabitethernet6/0/2
mvr type source
OL-19808-01
<output truncated>
Catalyst 2360 Switch Software Configuration Guide
3-11
Page 60
Modifying the Startup Configuration
...!
interface VLAN1
ip address 172.20.137.50 255.255.255.0
no ip directed-broadcast
!
ip default-gateway 172.20.137.1 !
!
snmp-server community private RW
snmp-server community public RO
snmp-server community private@es0 RW
snmp-server community public@es0 RO
snmp-server chassis-id 0x12
!
end
To store the configuration or changes you have made to your startup configuration in flash memory, enter
this privileged EXEC command:
Switch# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
This command saves the configuration settings that you made. If you fail to do this, your configuration
will be lost the next time you reload the system. To display information stored in the NVRAM section
of flash memory, use the show startup-config or more startup-config privileged EXEC command.
Chapter 3 Assigning the Switch IP Address and Default Gateway
For more information about alternative locations from which to copy the configuration file, see
Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software Images.”
Modifying the Startup Configuration
These sections describe how to modify the switch startup configuration:
• Default Boot Configuration, page 3-13
• Automatically Downloading a Configuration File, page 3-13
• Booting Manually, page 3-14
• Booting a Specific Software Image, page 3-14
• Controlling Environment Variables, page 3-15
See also Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software
Images,” for information about switch configuration files.
3-12
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 61
Chapter 3 Assigning the Switch IP Address and Default Gateway
Modifying the Startup Configuration
Default Boot Configuration
Table 3-3 shows the default boot configuration.
Ta b l e 3-3 Default Boot Configuration
Feature Default Setting
Operating system software image The switch attempts to automatically boot up the system using information in the
BOOT environment variable. If the variable is not set, the switch attempts to load and
execute the first executable image it can by performing a recursive, depth-first search
throughout the flash file system.
The Cisco IOS image is stored in a directory that has the same name as the image file
(excluding the .bin extension).
In a depth-first search of a directory, each encountered subdirectory is completely
searched before continuing the search in the original directory.
Configuration file Configured switches use the config.text file stored on the system board in flash
memory.
A new switch has no configuration file.
Automatically Downloading a Configuration File
You can automatically download a configuration file to your switch by using the DHCP-based
autoconfiguration feature. For more information, see the
Autoconfiguration” section on page 3-3.
“Understanding DHCP-Based
Specifying the Filename to Read and Write the System Configuration
By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the
system configuration. However, you can specify a different filename, which will be loaded during the
next boot cycle.
Note This command only works properly from a standalone switch.
Beginning in privileged EXEC mode, follow these steps to specify a different configuration filename:
Command Purpose
Step 1
Step 2
configure terminal Enter global configuration mode.
boot config-file flash:/file-url Specify the configuration file to load during the next boot cycle.
Step 3
OL-19808-01
For file-url, specify the path (directory) and the configuration
filename.
Filenames and directory names are case sensitive.
end Return to privileged EXEC mode.
Catalyst 2360 Switch Software Configuration Guide
3-13
Page 62
Modifying the Startup Configuration
Command Purpose
Step 4
Step 5
show boot Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
To return to the default setting, use the no boot config-file global configuration command.
Booting Manually
By default, the switch automatically boots up; however, you can configure it to manually boot up.
Note This command only works properly from a standalone switch.
Beginning in privileged EXEC mode, follow these steps to configure the switch to manually boot up
during the next boot cycle:
Chapter 3 Assigning the Switch IP Address and Default Gateway
The boot config-file global configuration command changes the
setting of the CONFIG_FILE environment variable.
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
boot manual Enable the switch to manually boot up during the next boot cycle.
end Return to privileged EXEC mode.
show boot Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
To disable manual booting, use the no boot manual global configuration command.
Booting a Specific Software Image
The boot manual global command changes the setting of the
MANUAL_BOOT environment variable.
The next time you reboot the system, the switch is in boot loader
mode, shown by the switch: prompt. To boot up the system, use the
boot filesystem:/file-url boot loader command.
• For filesystem:, use flash: for the system board flash device.
• For file-url, specify the path (directory) and the name of the
bootable image.
Filenames and directory names are case sensitive.
3-14
By default, the switch attempts to automatically boot up the system using information in the BOOT
environment variable. If this variable is not set, the switch attempts to load and execute the first
executable image it can by performing a recursive, depth-first search throughout the flash file system. In
a depth-first search of a directory, each encountered subdirectory is completely searched before
continuing the search in the original directory. However, you can specify a specific image to boot up.
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 63
Chapter 3 Assigning the Switch IP Address and Default Gateway
Beginning in privileged EXEC mode, follow these steps to configure the switch to boot up a specific
image during the next boot cycle:
Command Purpose
Step 1
Step 2
Step 3
Step 4
configure terminal Enter global configuration mode.
boot system filesystem:/file-url Configure the switch to boot up a specific image in flash memory during
end Return to privileged EXEC mode.
show boot Verify your entries.
Modifying the Startup Configuration
the next boot cycle.
• For filesystem:, use flash: for the system board flash device.
• For file-url, specify the path (directory) and the name of the bootable
image.
Filenames and directory names are case sensitive.
The boot system global command changes the setting of the BOOT
environment variable.
During the next boot cycle, the switch attempts to automatically boot up the
system using information in the BOOT environment variable.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
To return to the default setting, use the no boot system global configuration command.
Controlling Environment Variables
With a normally operating switch, you enter the boot loader mode only through a switch console
connection configured for 9600 b/s. Unplug the switch power cord, and press the switch Mode button
while reconnecting the power cord. You can release the Mode button a second or two after the LED
above port 1 turns off. Then the boot loader switch: prompt appears.
The switch boot loader software provides support for nonvolatile environment variables, which can be
used to control how the boot loader, or any other software running on the system, behaves. Boot loader
environment variables are similar to environment variables that can be set on UNIX or DOS systems.
Environment variables that have values are stored in flash memory outside of the flash file system.
Each line in these files contains an environment variable name and an equal sign followed by the value
of the variable. A variable has no value if it is not listed in this file; it has a value if it is listed in the file
even if the value is a null string. A variable that is set to a null string (for example, “ ”) is a variable with
a value. Many environment variables are predefined and have default values.
Environment variables store two kinds of data:
• Data that controls code, which does not read the Cisco IOS configuration file. For example, the name
of a boot loader helper file, which extends or patches the functionality of the boot loader can be
stored as an environment variable.
OL-19808-01
• Data that controls code, which is responsible for reading the Cisco IOS configuration file. For
example, the name of the Cisco IOS configuration file can be stored as an environment variable.
You can change the settings of the environment variables by accessing the boot loader or by using Cisco
IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment
variables.
Catalyst 2360 Switch Software Configuration Guide
3-15
Page 64
Chapter 3 Assigning the Switch IP Address and Default Gateway
Modifying the Startup Configuration
Note For complete syntax and usage information for the boot loader commands and environment variables,
see the command reference for this release.
Table 3-4 describes the function of the most common environment variables.
Ta b l e 3-4 Environment Variables
Variable Boot Loader Command Cisco IOS Global Configuration Command
BOOT set BOOT filesystem:/file-url ...
boot system {filesystem:/file-url ...|}
A semicolon-separated list of executable files
to try to load and execute when automatically
booting. If the BOOT environment variable is
not set, the system attempts to load and execute
the first executable image it can find by using a
recursive, depth-first search through the flash
file system. If the BOOT variable is set but the
specified images cannot be loaded, the system
attempts to boot up the first bootable file that it
can find in the flash file system.
MANUAL_BOOT set MANUAL_BOOT yes
Decides whether the switch automatically or
manually boots.
Valid values are 1, yes, 0, and no. If it is set to
no or 0, the boot loader attempts to
automatically boot up the system. If it is set to
anything else, you must manually boot up the
switch from the boot loader mode.
CONFIG_FILE set CONFIG_FILE flash:/file-url
Changes the filename that Cisco IOS uses to
read and write a nonvolatile copy of the system
configuration.
Specifies the Cisco IOS image to load during the
next boot cycle. This command changes the
setting of the BOOT environment variable.
boot manual
Enables manually booting the switch during the
next boot cycle and changes the setting of the
MANUAL_BOOT environment variable.
The next time you reboot the system, the switch is
in boot loader mode. To boot up the system, use
the boot flash:filesystem:/file-url boot loader
command, and specify the name of the bootable
image.
boot config-file flash:/file-url
Specifies the filename that Cisco IOS uses to read
and write a nonvolatile copy of the system
configuration. This command changes the
CONFIG_FILE environment variable.
3-16
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 65
Chapter 3 Assigning the Switch IP Address and Default Gateway
When the switch is connected to a PC through the Ethernet management port, you can download or
upload a configuration file to the boot loader by using TFTP. Make sure the environment variables in
Table 3-5 are configured.
Ta b l e 3-5 Environment Variables for TFTP
Variable Description
MAC_ADDR Specifies the MAC address of the switch.
Note We recommend that you do not modify this variable.
However, if you modify this variable after the boot loader is up or the value
is different than the saved value, enter this command before using TFTP.
IP_ADDR Specifies the IP address and the subnet mask for the associated IP subnet of
the switch.
DEFAULT_ROUTER Specifies the IP address and subnet mask of the default gateway.
Scheduling a Reload of the Software Image
Scheduling a Reload of the Software Image
You can schedule a reload of the software image to occur on the switch at a later time (for example, late
at night or during the weekend when the switch is used less), or you can synchronize a reload
network-wide (for example, to perform a software upgrade on all switches in the network).
Note A scheduled reload must take place within approximately 24 days.
Configuring a Scheduled Reload
To configure your switch to reload the software image at a later time, use one of these commands in
privileged EXEC mode:
• reload in [hh:]mm [text]
This command schedules a reload of the software to take affect in the specified minutes or hours and
minutes. The reload must take place within approximately 24 days. You can specify the reason for
the reload in a string up to 255 characters in length.
• reload at hh:mm [month day | day month] [text]
This command schedules a reload of the software to take place at the specified time (using a 24-hour
clock). If you specify the month and day, the reload is scheduled to take place at the specified time
and date. If you do not specify the month and day, the reload takes place at the specified time on the
current day (if the specified time is later than the current time) or on the next day (if the specified
time is earlier than the current time). Specifying 00:00 schedules the reload for midnight.
OL-19808-01
Note Use the at keyword only if the switch system clock has been set (through Network Time
Protocol (NTP), the hardware calendar, or manually). The time is relative to the configured
time zone on the switch. To schedule reloads across several switches to occur
simultaneously, the time on each switch must be synchronized with NTP.
Catalyst 2360 Switch Software Configuration Guide
3-17
Page 66
Scheduling a Reload of the Software Image
The reload command halts the system. If the system is not set to manually bootup, it reboots itself. Use
the reload command after you save the switch configuration information to the startup configuration
(copy running-config startup-config).
If your switch is configured for manual booting, do not reload it from a virtual terminal. This restriction
prevents the switch from entering the boot loader mode and thereby taking it from the remote user’s
control.
If you modify your configuration file, the switch prompts you to save the configuration before reloading.
During the save operation, the system requests whether you want to proceed with the save if the
CONFIG_FILE environment variable points to a startup configuration file that no longer exists. If you
proceed in this situation, the system enters setup mode upon reload.
This example shows how to reload the software on the switch on the current day at 7:30 p.m:
Switch# reload at 19:30
Reload scheduled for 19:30:00 UTC Wed Jun 5 1996 (in 2 hours and 25 minutes)
Proceed with reload? [confirm]
This example shows how to reload the software on the switch at a future time:
Switch# reload at 02:00 jun 20
Reload scheduled for 02:00:00 UTC Thu Jun 20 1996 (in 344 hours and 53 minutes)
Proceed with reload? [confirm]
Chapter 3 Assigning the Switch IP Address and Default Gateway
To cancel a previously scheduled reload, use the reload cancel privileged EXEC command.
Displaying Scheduled Reload Information
To display information about a previously scheduled reload or to find out if a reload has been scheduled
on the switch, use the show reload privileged EXEC command.
It displays reload information including the time the reload is scheduled to occur and the reason for the
reload (if it was specified when the reload was scheduled).
3-18
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 67
CHAPTER
4
Clustering Switches
This chapter provides the concepts and procedures to create and manage Catalyst 2360 switch clusters.
You can create and manage switch clusters by using the command-line interface (CLI), or SNMP. For
complete procedures, see the online help. For the CLI cluster commands, see the switch command
reference.
This chapter focuses on switch clusters. It also includes guidelines and limitations for clusters mixed
with other cluster-capable Catalyst switches, but it does not provide complete descriptions of the cluster
features for these other switches. For complete cluster information for a specific Catalyst platform, see
the software configuration guide for that switch.
This chapter consists of these sections:
• Understanding Switch Clusters, page 4-2
• Planning a Switch Cluster, page 4-4
• Using the CLI to Manage Switch Clusters, page 4-11
• Using SNMP to Manage Switch Clusters, page 4-12
OL-19808-01
Note We do not recommend using the ip http access-class global configuration command to limit access to
specific hosts or networks. Access should be controlled through the cluster command switch or by
applying access control lists (ACLs) on interfaces. For more information on ACLs, see Chapter
“Configuring Network Security with ACLs.”
Catalyst 2360 Switch Software Configuration Guide
35,
4-1
Page 68
Understanding Switch Clusters
Understanding Switch Clusters
A switch cluster is a set of up to 16 connected, cluster-capable Catalyst switches that are managed as a
single entity. The switches in the cluster use the switch clustering technology so that you can configure
and troubleshoot a group of different Catalyst desktop switch platforms through a single IP address.
In a switch cluster, 1 switch must be the cluster command switch and up to 15 other switches can be
cluster member switches. The total number of switches in a cluster cannot exceed 16
cluster command switch is the single point of access used to configure, manage, and monitor the cluster
member switches. Cluster members can belong to only one cluster at a time.
The benefits of clustering switches include:
• Management of Catalyst switches regardless of their interconnection media and their physical
locations. The switches can be in the same location, or they can be distributed across a Layer
network.
Cluster members are connected to the cluster command switch according to the connectivity
guidelines described in the
page 4-4.
• Command-switch redundancy if a cluster command switch fails. One or more switches can be
designated as standby cluster command switches to avoid loss of contact with cluster members. A
cluster standby group is a group of standby cluster command switches.
“Automatic Discovery of Cluster Candidates and Members” section on
Chapter 4 Clustering Switches
switches. The
2
• Management of a variety of Catalyst switches through a single IP address. This conserves on IP
addresses, especially if you have a limited number of them. All communication with the switch
cluster is through the cluster command switch IP address.
Table 4-1 lists the Catalyst switches eligible for switch clustering, including which ones can be cluster
command switches and which ones can only be cluster member switches, and the required software
versions.
Ta b l e 4-1 Switch Software and Cluster Capability
Switch Cisco IOS Release Cluster Capability
Catalyst 3750-E 12.2(35)SE2 or later Member or command switch
Catalyst 3750 12.1(11)AX or later Member or command switch
Catalyst 3560-E 12.2(35)SE2 or later Member or command switch
Catalyst 3560 12.1(19)EA1b or later Member or command switch
Catalyst 3550 12.1(4)EA1 or later Member or command switch
Catalyst 2970 12.1(11)AX or later Member or command switch
Catalyst 2960 12.2(25)FX or later Member or command switch
Catalyst 2955 12.1(12c)EA1 or later Member or command switch
Catalyst 2950 12.0(5.2)WC(1) or later Member or command switch
Catalyst 2950 LRE 12.1(11)JY or later Member or command switch
Catalyst 2940 12.1(13)AY or later Member or command switch
Catalyst 2360 12.2(46)EY or later Member or command switch
Catalyst 3500 XL 12.0(5.1)XU or later Member or command switch
Catalyst 2900 XL (8-MB switches) 12.0(5.1)XU or later Member or command switch
4-2
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 69
Chapter 4 Clustering Switches
Table 4-1 Switch Software and Cluster Capability (continued)
Switch Cisco IOS Release Cluster Capability
Catalyst 2900 XL (4-MB switches) 11.2(8.5)SA6 (recommended) Member switch only
Catalyst 1900 and 2820 9.00(-A or -EN) or later Member switch only
Cluster Command Switch Characteristics
A cluster command switch must meet these requirements:
• It is running the Cisco IOS Release, as described in Ta b le 4-1.
• It has an IP address.
• It has Cisco Discovery Protocol (CDP) Version 2 enabled (the default).
• It is not a command or cluster member switch of another cluster.
• It is connected to the standby cluster command switches through the management VLAN and to the
cluster member switches through a common VLAN.
Understanding Switch Clusters
Standby Cluster Command Switch Characteristics
A standby cluster command switch must meet these requirements:
• It is running the Cisco IOS Release, as described in Ta b le 4-1.
• It has an IP address.
• It has CDP Version 2 enabled.
• It is connected to the command switch and to other standby command switches through its
management VLAN.
• It is connected to all other cluster member switches (except the cluster command and standby
command switches) through a common VLAN.
• It is redundantly connected to the cluster so that connectivity to cluster member switches is
maintained.
• It is not a command or member switch of another cluster.
Note Standby cluster command switches must be the same type of switches as the cluster command
switch. See the switch configuration guide of other cluster-capable switches for their
requirements on standby cluster command switches.
Candidate Switch and Cluster Member Switch Characteristics
OL-19808-01
Candidate switches are cluster-capable switches and switch stacks that have not yet been added to a
cluster. Cluster member switches are switches that have actually been added to a switch cluster.
Although not required, a candidate or cluster member switch can have its own IP address and password
(for related considerations, see the
page 4-10).
“IP Addresses” section on page 4-10 and “Passwords” section on
Catalyst 2360 Switch Software Configuration Guide
4-3
Page 70
Planning a Switch Cluster
Chapter 4 Clustering Switches
To join a cluster, a candidate switch must meet these requirements:
• It is running cluster-capable software.
• It has CDP Version 2 enabled.
• It is not a command or cluster member switch of another cluster.
• If a cluster standby group exists, it is connected to every standby cluster command switch through
at least one common VLAN. The VLAN to each standby cluster command switch can be different.
• It is connected to the cluster command switch through at least one common VLAN.
Note Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, Catalyst 2940, Catalyst 2950, and
Catalyst
management VLAN to the cluster command switch and standby cluster command switches.
For complete information about these switches in a switch-cluster environment, see the
software configuration guide for that specific switch.
This requirement does not apply if you have a Catalyst 2360, Catalyst 2960, Catalyst 2970,
Catalyst
command switch. Candidate and cluster member switches can connect through any VLAN
in common with the cluster command switch.
3500 XL candidate and cluster member switches must be connected through their
3550, Catalyst 3560, Catalyst 3560-E, Catalyst 3750, or Catalyst 3750-E cluster
Planning a Switch Cluster
Anticipating conflicts and compatibility issues is a high priority when you manage several switches
through a cluster. This section describes these guidelines, requirements, and caveats that you should
understand before you create the cluster:
• Automatic Discovery of Cluster Candidates and Members, page 4-4
• IP Addresses, page 4-10
• Hostnames, page 4-10
• Passwords, page 4-10
• SNMP Community Strings, page 4-11
• TACACS+ and RADIUS, page 4-11
• LRE Profiles, page 4-11
See the release notes for the list of Catalyst switches eligible for switch clustering, including which ones
can be cluster command switches and which ones can only be cluster member switches, and for the
required software versions and browser and Java plug-in configurations.
Automatic Discovery of Cluster Candidates and Members
The cluster command switch uses Cisco Discovery Protocol (CDP) to discover cluster member switches,
candidate switches, neighboring switch clusters, and edge devices across multiple VLANs and in star or
cascaded topologies.
4-4
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 71
Chapter 4 Clustering Switches
Note Do not disable CDP on the cluster command switch, on cluster members, or on any cluster-capable
switches that you might want a cluster command switch to discover. For more information about CDP,
see Chapter 17, “Configuring CDP.”
Following these connectivity guidelines ensures automatic discovery of the switch cluster, cluster
candidates, connected switch clusters, and neighboring edge devices:
• Discovery Through CDP Hops, page 4-5
• Discovery Through Non-CDP-Capable and Noncluster-Capable Devices, page 4-6
• Discovery Through Different VLANs, page 4-7
• Discovery Through Different Management VLANs, page 4-7
• Discovery Through Routed Ports, page 4-8
• Discovery of Newly Installed Switches, page 4-9
Discovery Through CDP Hops
Planning a Switch Cluster
By using CDP, a cluster command switch can discover switches up to seven CDP hops away (the default
is three
switches are connected to the cluster and to candidate switches. For example, cluster member switches
and
hops) from the edge of the cluster. The edge of the cluster is where the last cluster member
9
10 in Figure 4-1 are at the edge of the cluster.
In Figure 4-1, the cluster command switch has ports assigned to VLANs 16 and 62. The CDP hop count
is three. The cluster command switch discovers switches 11, 12, 13, and 14 because they are within three
hops from the edge of the cluster. It does not discover switch 15 because it is four hops from the edge
of the cluster.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
4-5
Page 72
Planning a Switch Cluster
Command device
Member
device 10
Member
device 8
Member
device 9
VLAN 62
Edge of
cluster
VLAN 16
101321
Device 11
candidate
device
Candidate
devices
Device 12
Device 13
Device 14
Device 15
Command device
Catalyst 5000 switch
(noncluster-capable)
Third-party hub
(non-CDP-capable)
Candidate device Candidate device
89377
Chapter 4 Clustering Switches
Figure 4-1 Discovery Through CDP Hops
Discovery Through Non-CDP-Capable and Noncluster-Capable Devices
If a cluster command switch is connected to a non-CDP-capable third-party hub (such as a non-Cisco
hub), it can discover cluster-enabled devices connected to that third-party hub. However, if the cluster
command switch is connected to a noncluster-capable Cisco device, it cannot discover a cluster-enabled
device connected beyond the noncluster-capable Cisco device.
Figure 4-2 shows that the cluster command switch discovers the switch that is connected to a third-party
hub. However, the cluster command switch does not discover the switch that is connected to a
Catalyst
Figure 4-2 Discovery Through Non-CDP-Capable and Noncluster-Capable Devices
Catalyst 2360 Switch Software Configuration Guide
4-6
5000 switch.
OL-19808-01
Page 73
Chapter 4 Clustering Switches
VLAN 62
VLAN 62
VLAN 16
VLAN trunk 9,16
Command device
VLAN 50
VLAN trunk 9,16
VLAN trunk 4,16
101322
Discovery Through Different VLANs
If the cluster command switch is a Layer 3 switch, such as a Catalyst 3750 or 3560 switch, the cluster
can have cluster member switches in different VLANs. As cluster member switches, they must be
connected through at least one VLAN in common with the cluster command switch. The cluster
command switch in
switches in those VLANs. It does not discover the switch in VLAN 50. It also does not discover the
switch in VLAN
to it.
Layer 2 cluster member switches, such as the Catalyst 2360 switch, must be connected to the cluster
command switch through their management VLAN. For information about discovery through
management VLANs, see the
For more information about VLANs, see Chapter 9, “Configuring VLANs.”
Figure 4-3 Discovery Through Different VLANs
Figure 4-3 has ports assigned to VLANs 9, 16, and 62 and therefore discovers the
16 in the first column because the cluster command switch has no VLAN connectivity
Planning a Switch Cluster
“Discovery Through Different Management VLANs” section on page 4-7.
Discovery Through Different Management VLANs
OL-19808-01
Cluster command switches can discover and manage cluster member switches in different VLANs and
different management VLANs. As cluster member switches, they must be connected through at least one
VLAN in common with the cluster command switch. They do not need to be connected to the cluster
command switch through their management VLAN. The default management VLAN is VLAN
Note If the switch cluster has a Catalyst 3750 switch or switch stack, that switch or switch stack must be the
cluster command switch.
Catalyst 2360 Switch Software Configuration Guide
1.
4-7
Page 74
Planning a Switch Cluster
101323
VLAN 62
VLAN trunk 4, 62
VLAN 62
VLAN 16
VLAN 9
VLAN 16
VLAN 9
Standby command
device
Command
device
VLAN 9
Device 7
(management
VLAN 4)
Device 9
(management
VLAN 62)
VLAN 4
Device 3
(management
VLAN 16)
Device 4
(management
VLAN 16)
Device 10
(management
VLAN 4)
Device 8
(management
VLAN 9)
Device 6
(management
VLAN 9)
Device 5
(management
VLAN 62)
Chapter 4 Clustering Switches
The cluster command switch and standby command switch in Figure 4-4 have ports assigned to
VLANs 9, 16, and 62. The management VLAN on the cluster command switch is VLAN 9. Each cluster
command switch discovers the switches in the different management VLANs except these:
• Switches 7 and 10 (switches in management VLAN 4) because they are not connected through a
common VLAN (meaning VLANs
• Switch 9 because automatic discovery does not extend beyond a noncandidate device, which is
switch 7
Figure 4-4 Discovery Through Different Management VLANs with a Layer 3 Cluster Command
Switch
62 and 9) with the cluster command switch
Discovery Through Routed Ports
4-8
If the cluster command switch has a routed port (RP) configured, it discovers only candidate and cluster
member switches in the same VLAN as the routed port. For more information about routed ports, see the
“Switch Virtual Interfaces” section on page 8-3.
The Layer 3 cluster command switch in Figure 4-5 can discover the switches in VLANs 9 and 62 but not
the switch in VLAN 4. If the routed port path between the cluster command switch and cluster member
switch
7 is lost, connectivity with cluster member switch 7 is maintained because of the redundant path
through VLAN
Catalyst 2360 Switch Software Configuration Guide
9.
OL-19808-01
Page 75
Chapter 4 Clustering Switches
101324
RP
RP
VLAN 62
VLAN
9
VLAN 62
VLAN 9
VLAN 4
VLAN 9
Command device
(management
VLAN 62)
Member
device 7
Command device
New (out-of-box)
candidate device
AP
Device A Device B
VLAN 9
VLAN 9
VLAN 16
VLAN 16
New (out-of-box)
candidate device
AP
101325
Figure 4-5 Discovery Through Routed Ports
Planning a Switch Cluster
Discovery of Newly Installed Switches
To join a cluster, the new, out-of-the-box switch must be connected to the cluster through one of its
access ports. An access port (AP) carries the traffic of and belongs to only one VLAN. By default, the
new switch and its access ports are assigned to VLAN
When the new switch joins a cluster, its default VLAN changes to the VLAN of the immediately
upstream neighbor. The new switch also configures its access port to belong to the VLAN of the
immediately upstream neighbor.
The cluster command switch in Figure 4-6 belongs to VLANs 9 and 16. When new cluster-capable
switches join the cluster:
• One cluster-capable switch and its access port are assigned to VLAN 9.
• The other cluster-capable switch and its access port are assigned to management VLAN 16.
Figure 4-6 Discovery of Newly Installed Switches
1.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
4-9
Page 76
Planning a Switch Cluster
IP Addresses
Chapter 4 Clustering Switches
You must assign IP information to a cluster command switch. You can assign more than one IP address
to the cluster command switch, and you can access the cluster through any of the command-switch IP
addresses. If you configure a cluster standby group, you must use the standby-group virtual IP address
to manage the cluster from the active cluster command switch. Using the virtual IP address ensures that
you retain connectivity to the cluster if the active cluster command switch fails and that a standby cluster
command switch becomes the active cluster command switch.
If the active cluster command switch fails and the standby cluster command switch takes over, you must
either use the standby-group virtual IP address or any of the IP addresses available on the new active
cluster command switch to access the cluster.
You can assign an IP address to a cluster-capable switch, but it is not necessary. A cluster member switch
is managed and communicates with other cluster member switches through the command-switch IP
address. If the cluster member switch leaves the cluster and it does not have its own IP address, you must
assign an IP address to manage it as a standalone switch.
For more information about IP addresses, see Chapter 3, “Assigning the Switch IP Address and Default
Gateway.”
Hostnames
Passwords
You do not need to assign a host name to either a cluster command switch or an eligible cluster member.
However, a hostname assigned to the cluster command switch can help to identify the switch cluster.
The default hostname for the switch is Switch.
If a switch joins a cluster and it does not have a hostname, the cluster command switch appends a unique
member number to its own hostname and assigns it sequentially as each switch joins the cluster. The
number means the order in which the switch was added to the cluster. For example, a cluster command
switch named eng-cluster could name the fifth cluster member eng-cluster-5.
If a switch has a hostname, it retains that name when it joins a cluster and when it leaves the cluster.
If a switch received its hostname from the cluster command switch, was removed from a cluster, was
then added to a new cluster, and kept the same member number (such as 5), the switch overwrites the
old hostname (such as eng-cluster-5) with the hostname of the cluster command switch in the new cluster
(such as mkg-cluster-5). If the switch member number changes in the new cluster (such as 3), the switch
retains the previous name (eng-cluster-5).
You do not need to assign passwords to an individual switch if it will be a cluster member. When a switch
joins a cluster, it inherits the command-switch password and retains it when it leaves the cluster. If no
command-switch password is configured, the cluster member switch inherits a null password. Cluster
member switches only inherit the command-switch password.
4-10
If you change the member-switch password to be different from the command-switch password and save
the change, the switch is not manageable by the cluster command switch until you change the
member-switch password to match the command-switch password. Rebooting the member switch does
not revert the password back to the command-switch password. We recommend that you do not change
the member-switch password after it joins a cluster.
For more information about passwords, see the “Preventing Unauthorized Access to Your Switch”
section on page 7-1.
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 77
Chapter 4 Clustering Switches
For password considerations specific to the Catalyst 1900 and Catalyst 2820 switches, see the
installation and configuration guides for those switches.
SNMP Community Strings
A cluster member switch inherits the command-switch first read-only (RO) and read-write (RW)
community strings with @esN appended to the community strings:
• command-switch-readonly-community-string@esN, where N is the member-switch number.
• command-switch-readwrite-community-string@esN, where N is the member-switch number.
If the cluster command switch has multiple read-only or read-write community strings, only the first
read-only and read-write strings are propagated to the cluster member switch.
The switches support an unlimited number of community strings and string lengths. For more
information about SNMP and community strings, see
For SNMP considerations specific to the Catalyst 1900 and Catalyst 2820 switches, see the installation
and configuration guides specific to those switches.
Using the CLI to Manage Switch Clusters
Chapter 23, “Configuring SNMP.”
TACACS+ and RADIUS
If Terminal Access Controller Access Control System Plus (TACACS+) is configured on a cluster
member, it must be configured on all cluster members. Similarly, if RADIUS is configured on a cluster
member, it must be configured on all cluster members. Further, the same switch cluster cannot have
some members configured with TACACS+ and other members configured with RADIUS.
For more information about TACACS+, see the “Controlling Switch Access with TACACS+” section
on page 7-10. For more information about RADIUS, see the “Controlling Switch Access with RADIUS”
section on page 7-17.
LRE Profiles
A configuration conflict occurs if a switch cluster has Long-Reach Ethernet (LRE) switches that use both
private and public profiles. If one LRE switch in a cluster is assigned a public profile, all LRE switches
in that cluster must have that same public profile. Before you add an LRE switch to a cluster, make sure
that you assign it the same public profile used by other LRE switches in the cluster.
A cluster can have a mix of LRE switches that use different private profiles.
Using the CLI to Manage Switch Clusters
You can configure cluster member switches from the CLI by first logging into the cluster command
switch. Enter the rcommand user EXEC command and the cluster member switch number to start a
Telnet session (through a console or Telnet connection) and to access the cluster member switch CLI.
The command mode changes, and the Cisco IOS commands operate as usual. Enter the exit privileged
EXEC command on the cluster member switch to return to the command-switch CLI.
OL-19808-01
This example shows how to log into member-switch 3 from the command-switch CLI:
switch# rcommand 3
Catalyst 2360 Switch Software Configuration Guide
4-11
Page 78
Using SNMP to Manage Switch Clusters
If you do not know the member-switch number, enter the show cluster members privileged EXEC
command on the cluster command switch. For more information about the rcommand command and all
other cluster commands, see the switch command reference.
The Telnet session accesses the member-switch CLI at the same privilege level as on the cluster
command switch. The Cisco IOS commands then operate as usual. For instructions on configuring the
switch for a Telnet session, see the
“Disabling Password Recovery” section on page 7-5.
Catalyst 1900 and Catalyst 2820 CLI Considerations
If your switch cluster has Catalyst 1900 and Catalyst 2820 switches running standard edition software,
the Telnet session accesses the management console (a menu-driven interface) if the cluster command
switch is at privilege level
prompted for the password to access the menu console.
Command-switch privilege levels map to the Catalyst 1900 and Catalyst 2820 cluster member switches
running standard and Enterprise Edition Software as follows:
• If the command-switch privilege level is 1 to 14, the cluster member switch is accessed at privilege
level 1.
• If the command-switch privilege level is 15, the cluster member switch is accessed at privilege
level
15.
15. If the cluster command switch is at privilege level 1 to 14, you are
Chapter 4 Clustering Switches
Note The Catalyst 1900 and Catalyst 2820 CLI is available only on switches running Enterprise
Edition Software.
For more information about the Catalyst 1900 and Catalyst 2820 switches, see the installation and
configuration guides for those switches.
Using SNMP to Manage Switch Clusters
When you first power on the switch, SNMP is enabled if you enter the IP information by using the setup
program and accept its proposed configuration. If you did not use the setup program to enter the IP
information and SNMP was not enabled, you can enable it as described in the
section on page 23-6. On Catalyst 1900 and Catalyst 2820 switches, SNMP is enabled by default.
When you create a cluster, the cluster command switch manages the exchange of messages between
cluster member switches and an SNMP application. The cluster software on the cluster command switch
appends the cluster member switch number (@esN, where N is the switch number) to the first configured
read-write and read-only community strings on the cluster command switch and propagates them to the
cluster member switch. The cluster command switch uses this community string to control the
forwarding of gets, sets, and get-next messages between the SNMP management station and the cluster
member switches.
Note When a cluster standby group is configured, the cluster command switch can change without your
knowledge. Use the first read-write and read-only community strings to communicate with the cluster
command switch if there is a cluster standby group configured for the cluster.
“Configuring SNMP”
4-12
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 79
Chapter 4 Clustering Switches
Tr ap
Tr ap
Tr ap
Command switch
Trap 1, Trap 2, Trap 3
Member 1 Member 2 Member 3
33020
SNMP Manager
If the cluster member switch does not have an IP address, the cluster command switch redirects traps
from the cluster member switch to the management station, as shown in
switch has its own IP address and community strings, the cluster member switch can send traps directly
to the management station, without going through the cluster command switch.
If a cluster member switch has its own IP address and community strings, they can be used in addition
to the access provided by the cluster command switch. For more information about SNMP and
community strings, see
Figure 4-7 SNMP Management for a Cluster
Using SNMP to Manage Switch Clusters
Figure 4-7. If a cluster member
Chapter 23, “Configuring SNMP.”
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
4-13
Page 80
Using SNMP to Manage Switch Clusters
Chapter 4 Clustering Switches
4-14
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 81
Administering the Switch
This chapter describes how to perform one-time operations to administer the Catalyst 2360 switch. This
chapter consists of these sections:
• Managing the System Time and Date, page 5-1
• Configuring a System Name and Prompt, page 5-12
• Creating a Banner, page 5-15
• Managing the MAC Address Table, page 5-17
• Managing the ARP Table, page 5-22
Managing the System Time and Date
You can manage the system time and date on your switch using automatic configuration, such as the
Network Time Protocol (NTP), or manual configuration methods.
CHA PTER
5
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Configuration Fundamentals Command Reference, Release 12.2.
These sections contain this configuration information:
• Understanding the System Clock, page 5-1
• Understanding Network Time Protocol, page 5-2
• Configuring NTP, page 5-3
• Configuring Time and Date Manually, page 5-9
Understanding the System Clock
The heart of the time service is the system clock. This clock runs from the moment the system starts up
and keeps track of the date and time.
The system clock can then be set from these sources:
• NTP
• Manual configuration
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
5-1
Page 82
Managing the System Time and Date
The system clock can provide time to these services:
• User show commands
• Logging and debugging messages
The system clock keeps track of time internally based on Universal Time Coordinated (UTC), also
known as Greenwich Mean Time (GMT). You can configure information about the local time zone and
summer time (daylight saving time) so that the time appears correctly for the local time zone.
The system clock keeps track of whether the time is authoritative or not (that is, whether it has been set
by a time source considered to be authoritative). If it is not authoritative, the time is available only for
display purposes and is not redistributed. For configuration information, see the
Date Manually” section on page 5-9.
Understanding Network Time Protocol
The NTP is designed to time-synchronize a network of devices. NTP runs over User Datagram Protocol
(UDP), which runs over IP. NTP is documented in RFC 1305.
An NTP network usually gets its time from an authoritative time source, such as a radio clock or an
atomic clock attached to a time server. NTP then distributes this time across the network. NTP is
extremely efficient; no more than one packet per minute is necessary to synchronize two devices to
within a millisecond of one another.
Chapter 5 Administering the Switch
“Configuring Time and
NTP uses the concept of a stratum to describe how many NTP hops away a device is from an
authoritative time source. A stratum 1 time server has a radio or atomic clock directly attached, a
stratum
2 time server receives its time through NTP from a stratum 1 time server, and so on. A device
running NTP automatically chooses as its time source the device with the lowest stratum number with
which it communicates through NTP. This strategy effectively builds a self-organizing tree of NTP
speakers.
NTP avoids synchronizing to a device whose time might not be accurate by never synchronizing to a
device that is not synchronized. NTP also compares the time reported by several devices and does not
synchronize to a device whose time is significantly different than the others, even if its stratum is lower.
The communications between devices running NTP (known as associations) are usually statically
configured; each device is given the IP address of all devices with which it should form associations.
Accurate timekeeping is possible by exchanging NTP messages between each pair of devices with an
association. However, in a LAN environment, NTP can be configured to use IP broadcast messages
instead. This alternative reduces configuration complexity because each device can simply be configured
to send or receive broadcast messages. However, in that case, information flow is one-way only.
The time kept on a device is a critical resource; you should use the security features of NTP to avoid the
accidental or malicious setting of an incorrect time. Two mechanisms are available: an access list-based
restriction scheme and an encrypted authentication mechanism.
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio
or atomic clock. We recommend that the time service for your network be derived from the public NTP
servers available on the IP Internet.
5-2
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 83
Chapter 5 Administering the Switch
Switch F
Switch A
Workstations
Workstations
Local
workgroup
servers
101349
Switch B
Switch E
Switch C Switch D
Figure 5-1 shows a typical network example using NTP. Switch A is the NTP master, with the Switch
B, C, and D configured in NTP server mode, in server association with Switch A. Switch E is configured
as an NTP peer to the upstream and downstream switches, Switch B and Switch F, respectively.
Figure 5-1 Typical NTP Network Configuration
Managing the System Time and Date
If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if
it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices
then synchronize to that device through NTP.
When multiple sources of time are available, NTP is always considered to be more authoritative. NTP
time overrides the time set by any other method.
Several manufacturers include NTP software for their host systems, and a publicly available version for
systems running UNIX and its various derivatives is also available. This software allows host systems to
be time-synchronized as well.
Configuring NTP
The switch does not have a hardware-supported clock and cannot function as an NTP master clock to
which peers synchronize themselves when an external NTP source is not available. The switch also has
no hardware support for a calendar. As a result, the ntp update-calendar and the ntp master global
configuration commands are not available.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
5-3
Page 84
Managing the System Time and Date
These sections contain this configuration information:
• Default NTP Configuration, page 5-4
• Configuring NTP Authentication, page 5-4
• Configuring NTP Associations, page 5-5
• Configuring NTP Access Restrictions, page 5-7
• Configuring the Source IP Address for NTP Packets, page 5-8
• Displaying the NTP Configuration, page 5-8
Default NTP Configuration
Table 5-1 shows the default NTP configuration.
Ta b l e 5-1 Default NTP Configuration
Feature Default Setting
NTP authentication Disabled. No authentication key is specified.
NTP peer or server associations None configured.
NTP broadcast service Disabled; no interface sends or receives NTP broadcast packets.
NTP access restrictions No access control is specified.
NTP packet source IP address The source address is set by the outgoing interface.
Chapter 5 Administering the Switch
NTP is enabled on all interfaces by default. All interfaces receive NTP packets.
Configuring NTP Authentication
This procedure must be coordinated with the administrator of the NTP server; the information you
configure in this procedure must be matched by the servers used by the switch to synchronize its time to
the NTP server.
Beginning in privileged EXEC mode, follow these steps to authenticate the associations (communications
between devices running NTP that provide for accurate timekeeping) with other devices for security
purposes:
Command Purpose
Step 1
Step 2
configure terminal Enter global configuration mode.
ntp authenticate Enable the NTP authentication feature, which is disabled by
default.
5-4
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 85
Chapter 5 Administering the Switch
Command Purpose
Step 3
Step 4
ntp authentication-key number md5 value Define the authentication keys. By default, none are defined.
ntp trusted-key key-number Specify one or more key numbers (defined in Step 3) that a peer
Managing the System Time and Date
• For number, specify a key number. The range is 1 to
4294967295.
• md5 specifies that message authentication support is provided
by using the message digest algorithm 5 (MD5).
• For value, enter an arbitrary string of up to eight characters for
the key.
The switch does not synchronize to a device unless both have one
of these authentication keys, and the key number is specified by the
ntp trusted-key key-number command.
NTP device must provide in its NTP packets for this switch to
synchronize to it.
By default, no trusted keys are defined.
For key-number, specify the key defined in Step 3.
Step 5
Step 6
Step 7
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
To disable NTP authentication, use the no ntp authenticate global configuration command. To remove
an authentication key, use the no ntp authentication-key number global configuration command. To
disable authentication of the identity of a device, use the no ntp trusted-key key-number global
configuration command.
This example shows how to configure the switch to synchronize only to devices providing authentication
key 42 in the device’s NTP packets:
Switch(config)# ntp authenticate
Switch(config)# ntp authentication-key 42 md5 aNiceKey
Switch(config)# ntp trusted-key 42
Configuring NTP Associations
An NTP association can be a peer association (this switch can either synchronize to the other device or
allow the other device to synchronize to it), or it can be a server association (meaning that only this
switch synchronizes to the other device, and not the other way around).
This command provides protection against accidentally
synchronizing the switch to a device that is not trusted.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
5-5
Page 86
Managing the System Time and Date
Beginning in privileged EXEC mode, follow these steps to form an NTP association with another device:
Command Purpose
Step 1
Step 2
configure terminal Enter global configuration mode.
ntp peer ip-address [version number]
[key keyid] [source interface] [prefer]
Chapter 5 Administering the Switch
Configure the switch system clock to synchronize a peer or to be
synchronized by a peer (peer association).
Step 3
Step 4
Step 5
or
ntp server ip-address [version number]
[key keyid] [source interface] [prefer]
or
Configure the switch system clock to be synchronized by a time server
(server association).
No peer or server associations are defined by default.
• For ip-address in a peer association, specify either the IP address of
the peer providing, or being provided, the clock synchronization. For
a server association, specify the IP address of the time server
providing the clock synchronization.
• (Optional) For number, specify the NTP version number. The range is
1 to 3. By default, Version 3 is selected.
• (Optional) For keyid, enter the authentication key defined with the
ntp authentication-key global configuration command.
• (Optional) For interface, specify the interface from which to pick the
IP source address. By default, the source IP address is taken from the
outgoing interface.
• (Optional) Enter the prefer keyword to make this peer or server the
preferred one that provides synchronization. This keyword reduces
switching back and forth between peers and servers.
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
5-6
You need to configure only one end of an association; the other device can automatically establish the
association. If you are using the default NTP version (Version 3) and NTP synchronization does not
occur, try using NTP Version 2. Many NTP servers on the Internet run Version 2.
To remove a peer or server association, use the no ntp peer ip-address or the no ntp server ip-address
global configuration command.
This example shows how to configure the switch to synchronize its system clock with the clock of the
peer at IP address 172.16.22.44 using NTP Version 2:
Switch(config)# ntp server 172.16.22.44 version 2
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 87
Chapter 5 Administering the Switch
Configuring NTP Access Restrictions
This section describes how to control NTP access.
Creating an Access Group and Assigning a Basic IP Access List
Beginning in privileged EXEC mode, follow these steps to control access to NTP services by using
access lists:
Command Purpose
Step 1
Step 2
configure terminal Enter global configuration mode.
ntp access-group {query-only |
serve-only | serve | peer}
access-list-number
Create an access group, and apply a basic IP access list.
The keywords have these meanings:
• query-only—Allows only NTP control queries.
• serve-only—Allows only time requests.
• serve—Allows time requests and NTP control queries, but does not
allow the switch to synchronize to the remote device.
Managing the System Time and Date
Step 3
Step 4
Step 5
Step 6
• peer—Allows time requests and NTP control queries and allows the
switch to synchronize to the remote device.
For access-list-number, enter a standard IP access list number from 1
to
99.
access-list access-list-number permit
source [source-wildcard]
Create the access list.
• For access-list-number, enter the number specified in Step 2.
• Enter the permit keyword to permit access if the conditions are
matched.
• For source, enter the IP address of the device that is permitted access
to the switch.
• (Optional) For source-wildcard, enter the wildcard bits to be applied
to the source.
Note When creating an access list, remember that, by default, the end
of the access list contains an implicit deny statement for
everything if it did not find a match before reaching the end.
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
The access group keywords are scanned in this order, from least restrictive to most restrictive:
OL-19808-01
1. peer—Allows time requests and NTP control queries and allows the switch to synchronize itself to
a device whose address passes the access list criteria.
2. serve—Allows time requests and NTP control queries, but does not allow the switch to synchronize
itself to a device whose address passes the access list criteria.
Catalyst 2360 Switch Software Configuration Guide
5-7
Page 88
Managing the System Time and Date
3. serve-only—Allows only time requests from a device whose address passes the access list criteria.
4. query-only—Allows only NTP control queries from a device whose address passes the access list
criteria.
If the source IP address matches the access lists for more than one access type, the first type is granted.
If no access groups are specified, all access types are granted to all devices. If any access groups are
specified, only the specified access types are granted.
To remove access control to the switch NTP services, use the no ntp access-group {query-only |
serve-only | serve | peer} global configuration command.
This example shows how to configure the switch to allow itself to synchronize to a peer from access
list
99. However, the switch restricts access to allow only time requests from access list 42:
Switch# configure terminal
Switch(config)# ntp access-group peer 99
Switch(config)# ntp access-group serve-only 42
Switch(config)# access-list 99 permit 172.20.130.5
Switch(config)# access list 42 permit 172.20.130.6
Configuring the Source IP Address for NTP Packets
Chapter 5 Administering the Switch
Step 1
Step 2
Step 3
Step 4
Step 5
When the switch sends an NTP packet, the source IP address is normally set to the address of the
interface through which the NTP packet is sent. Use the ntp source global configuration command when
you want to use a particular source IP address for all NTP packets. The address is taken from the
specified interface. This command is useful if the address on an interface cannot be used as the
destination for reply packets.
Beginning in privileged EXEC mode, follow these steps to configure a specific interface from which the
IP source address is to be taken:
Command Purpose
configure terminal Enter global configuration mode.
ntp source type number Specify the interface type and number from which the IP source address
is taken.
By default, the source address is set by the outgoing interface.
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
The specified interface is used for the source address for all packets sent to all destinations. If a source
address is to be used for a specific association, use the source keyword in the ntp peer or ntp server
global configuration command as described in the
“Configuring NTP Associations” section on page 5-5.
Displaying the NTP Configuration
You can use two privileged EXEC commands to display NTP information:
• show ntp associations [detail]
• show ntp status
For detailed information about the fields in these displays, see the Cisco IOS Configuration
Fundamentals Command Reference, Release 12.2.
Catalyst 2360 Switch Software Configuration Guide
5-8
OL-19808-01
Page 89
Chapter 5 Administering the Switch
Configuring Time and Date Manually
If no other source of time is available, you can manually configure the time and date after the system is
restarted. The time remains accurate until the next system restart. We recommend that you use manual
configuration only as a last resort. If you have an outside source to which the switch can synchronize,
you do not need to manually set the system clock.
These sections contain this configuration information:
• Setting the System Clock, page 5-9
• Displaying the Time and Date Configuration, page 5-9
• Configuring the Time Zone, page 5-10
• Configuring Summer Time (Daylight Saving Time), page 5-11
Setting the System Clock
If you have an outside source on the network that provides time services, such as an NTP server, you do
not need to manually set the system clock.
Beginning in privileged EXEC mode, follow these steps to set the system clock:
Managing the System Time and Date
Command Purpose
Step 1
clock set hh:mm:ss day month year
or
Manually set the system clock using one of these formats.
• For hh:mm:ss, specify the time in hours (24-hour format), minutes,
clock set hh:mm:ss month day year
• For day, specify the day by date in the month.
• For month, specify the month by name.
• For year, specify the year (no abbreviation).
This example shows how to manually set the system clock to 1:32 p.m. on July 23, 2001:
Switch# clock set 13:32:00 23 July 2001
Displaying the Time and Date Configuration
To display the time and date configuration, use the show clock [detail] privileged EXEC command.
The system clock keeps an authoritative flag that shows whether the time is authoritative (believed to be
accurate). If the system clock has been set by a timing source such as NTP, the flag is set. If the time is
not authoritative, it is used only for display purposes. Until the clock is authoritative and the
authoritative flag is set, the flag prevents peers from synchronizing to the clock when the peers’ time is
invalid.
The symbol that precedes the show clock display has this meaning:
• *—Time is not authoritative.
and seconds. The time specified is relative to the configured time
zone.
OL-19808-01
• (blank)—Time is authoritative.
• .—Time is authoritative, but NTP is not synchronized.
Catalyst 2360 Switch Software Configuration Guide
5-9
Page 90
Managing the System Time and Date
Configuring the Time Zone
Beginning in privileged EXEC mode, follow these steps to manually configure the time zone:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
clock timezone zone hours-offset
[minutes-offset]
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Chapter 5 Administering the Switch
Set the time zone.
The switch keeps internal time in universal time coordinated (UTC), so
this command is used only for display purposes and when the time is
manually set.
• For zone, enter the name of the time zone to be displayed when
standard time is in effect. The default is UTC.
• For hours-offset, enter the hours offset from UTC.
• (Optional) For minutes-offset, enter the minutes offset from UTC.
The minutes-offset variable in the clock timezone global configuration command is available for those
cases where a local time zone is a percentage of an hour different from UTC. For example, the time zone
for some sections of Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and.5 means 50
percent. In this case, the necessary command is clock timezone AST -3 30.
To set the time to UTC, use the no clock timezone global configuration command.
5-10
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 91
Chapter 5 Administering the Switch
Configuring Summer Time (Daylight Saving Time)
Beginning in privileged EXEC mode, follow these steps to configure summer time (daylight saving
time) in areas where it starts and ends on a particular day of the week each year:
Command Purpose
Step 1
Step 2
configure terminal Enter global configuration mode.
clock summer-time zone recurring
[week day month hh:mm week day month
hh:mm [offset]]
Configure summer time to start and end on the specified days every year.
Summer time is disabled by default. If you specify clock summer-time
zone recurring without parameters, the summer time rules default to the
United States rules.
• For zone, specify the name of the time zone (for example, PDT) to be
displayed when summer time is in effect.
• (Optional) For week, specify the week of the month (1 to 5 or last).
• (Optional) For day, specify the day of the week (Sunday, Monday...).
• (Optional) For month, specify the month (January, February...).
Managing the System Time and Date
Step 3
Step 4
Step 5
• (Optional) For hh:mm, specify the time (24-hour format) in hours and
minutes.
• (Optional) For offset, specify the number of minutes to add during
summer time. The default is 60.
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
The first part of the clock summer-time global configuration command specifies when summer time
begins, and the second part specifies when it ends. All times are relative to the local time zone. The start
time is relative to standard time. The end time is relative to summer time. If the starting month is after
the ending month, the system assumes that you are in the southern hemisphere.
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and
ends on the last Sunday in October at 02:00:
Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October
2:00
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
5-11
Page 92
Configuring a System Name and Prompt
Beginning in privileged EXEC mode, follow these steps if summer time in your area does not follow a
recurring pattern (configure the exact date and time of the next summer time events):
Command Purpose
Step 1
Step 2
configure terminal Enter global configuration mode.
clock summer-time zone date [month
date year hh:mm month date year hh:mm
[offset]]
or
clock summer-time zone date [date
month year hh:mm date month year
hh:mm [offset]]
Step 3
Step 4
Step 5
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Chapter 5 Administering the Switch
Configure summer time to start on the first date and end on the second
date.
Summer time is disabled by default.
• For zone, specify the name of the time zone (for example, PDT) to be
displayed when summer time is in effect.
• (Optional) For week, specify the week of the month (1 to 5 or last).
• (Optional) For day, specify the day of the week (Sunday, Monday...).
• (Optional) For month, specify the month (January, February...).
• (Optional) For hh:mm, specify the time (24-hour format) in hours and
minutes.
• (Optional) For offset, specify the number of minutes to add during
summer time. The default is 60.
The first part of the clock summer-time global configuration command specifies when summer time
begins, and the second part specifies when it ends. All times are relative to the local time zone. The start
time is relative to standard time. The end time is relative to summer time. If the starting month is after
the ending month, the system assumes that you are in the southern hemisphere.
To disable summer time, use the no clock summer-time global configuration command.
This example shows how to set summer time to start on October 12, 2000, at 02:00, and end on April 26,
2001, at 02:00:
Switch(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00
Configuring a System Name and Prompt
You configure the system name on the switch to identify it. By default, the system name and prompt are
Switch.
If you have not configured a system prompt, the first 20 characters of the system name are used as the
system prompt. A greater-than symbol [>] is appended. The prompt is updated whenever the system
name changes.
For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Configuration Fundamentals Command Reference, Release 12.2 and the Cisco IOS IP Command
Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
5-12
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 93
Chapter 5 Administering the Switch
These sections contain this configuration information:
• Default System Name and Prompt Configuration, page 5-13
• Configuring a System Name, page 5-13
• Understanding DNS, page 5-13
Default System Name and Prompt Configuration
The default switch system name and prompt is Switch.
Configuring a System Name
Beginning in privileged EXEC mode, follow these steps to manually configure a system name:
Command Purpose
Step 1
Step 2
configure terminal Enter global configuration mode.
hostname name Manually configure a system name.
The default setting is switch.
Configuring a System Name and Prompt
Step 3
Step 4
Step 5
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
When you set the system name, it is also used as the system prompt.
To return to the default hostname, use the no hostname global configuration command.
Understanding DNS
The DNS protocol controls the Domain Name System (DNS), a distributed database with which you can
map hostnames to IP addresses. When you configure DNS on your switch, you can substitute the
hostname for the IP address with all IP commands, such as ping, telnet, connect, and related Telnet
support operations.
IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain.
Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco
Systems is a commercial organization that IP identifies by a com domain name, so its domain name is
cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is
identified as ftp.cisco.com.
The name must follow the rules for ARPANET hostnames. They must start
with a letter, end with a letter or digit, and have as interior characters only
letters, digits, and hyphens. Names can be up to 63 characters.
OL-19808-01
To keep track of domain names, IP has defined the concept of a domain name server, which holds a cache
(or database) of names mapped to IP addresses. To map domain names to IP addresses, you must first
identify the hostnames, specify the name server that is present on your network, and enable the DNS.
Catalyst 2360 Switch Software Configuration Guide
5-13
Page 94
Configuring a System Name and Prompt
These sections contain this configuration information:
• Default DNS Configuration, page 5-14
• Setting Up DNS, page 5-14
• Displaying the DNS Configuration, page 5-15
Default DNS Configuration
Table 5-2 shows the default DNS configuration.
Ta b l e 5-2 Default DNS Configuration
Feature Default Setting
DNS enable state Enabled.
DNS default domain name None configured.
DNS servers No name server addresses are configured.
Chapter 5 Administering the Switch
Setting Up DNS
Command Purpose
Step 1
Step 2
Step 3
Step 4
configure terminal Enter global configuration mode.
ip domain-name name Define a default domain name that the software uses to complete unqualified
ip name-server server-address1
[server-address2 ...
server-address6]
ip domain-lookup (Optional) Enable DNS-based hostname-to-address translation on your switch.
Beginning in privileged EXEC mode, follow these steps to set up your switch to use the DNS:
hostnames (names without a dotted-decimal domain name).
Do not include the initial period that separates an unqualified name from the
domain name.
At boot time, no domain name is configured; however, if the switch
configuration comes from a BOOTP or Dynamic Host Configuration Protocol
(DHCP) server, then the default domain name might be set by the BOOTP or
DHCP server (if the servers were configured with this information).
Specify the address of one or more name servers to use for name and address
resolution.
You can specify up to six name servers. Separate each server address with a
space. The first server specified is the primary server. The switch sends DNS
queries to the primary server first. If that query fails, the backup servers are
queried.
This feature is enabled by default.
Step 5
5-14
If your network devices require connectivity with devices in networks for which
you do not control name assignment, you can dynamically assign device names
that uniquely identify your devices by using the global Internet naming scheme
(DNS).
end Return to privileged EXEC mode.
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 95
Chapter 5 Administering the Switch
Command Purpose
Step 6
Step 7
show running-config Verify your entries.
copy running-config
startup-config
If you use the switch IP address as its hostname, the IP address is used and no DNS query occurs. If you
configure a hostname that contains no periods (.), a period followed by the default domain name is
appended to the hostname before the DNS query is made to map the name to an IP address. The default
domain name is the value set by the ip domain-name global configuration command. If there is a
period
(.) in the hostname, the Cisco IOS software looks up the IP address without appending any default
domain name to the hostname.
To remove a domain name, use the no ip domain-name name global configuration command. To remove
a name server address, use the no ip name-server server-address global configuration command. To
disable DNS on the switch, use the no ip domain-lookup global configuration command.
Displaying the DNS Configuration
Creating a Banner
(Optional) Save your entries in the configuration file.
To display the DNS configuration information, use the show running-config privileged EXEC
command.
Creating a Banner
You can configure a message-of-the-day (MOTD) and a login banner. The MOTD banner displays on all
connected terminals at login and is useful for sending messages that affect all network users (such as
impending system shutdowns).
The login banner also displays on all connected terminals. It appears after the MOTD banner and before
the login prompts.
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Configuration Fundamentals Command Reference, Release 12.2.
These sections contain this configuration information:
• Default Banner Configuration, page 5-15
• Configuring a Message-of-the-Day Login Banner, page 5-16
• Configuring a Login Banner, page 5-17
Default Banner Configuration
The MOTD and login banners are not configured.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
5-15
Page 96
Creating a Banner
Configuring a Message-of-the-Day Login Banner
You can create a single or multiline message banner that appears on the screen when someone logs in to
the switch.
Beginning in privileged EXEC mode, follow these steps to configure a MOTD login banner:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
banner motd c message c Specify the message of the day.
For c, enter the delimiting character of your choice, for example, a
pound sign (#), and press the Return key. The delimiting character
signifies the beginning and end of the banner text. Characters after the
ending delimiter are discarded.
For message, enter a banner message up to 255 characters. You cannot
use the delimiting character in the message.
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Chapter 5 Administering the Switch
To delete the MOTD banner, use the no banner motd global configuration command.
This example shows how to configure a MOTD banner for the switch by using the pound sign (#) symbol
as the beginning and ending delimiter:
Switch(config)# banner motd #
This is a secure site. Only authorized users are allowed.
For access, contact technical support.
#
Switch(config)#
This example shows the banner that appears from the previous configuration:
Unix> telnet 172.2.5.4
Trying 172.2.5.4...
Connected to 172.2.5.4.
Escape character is '^]'.
This is a secure site. Only authorized users are allowed.
For access, contact technical support.
User Access Verification
Password:
5-16
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 97
Chapter 5 Administering the Switch
Configuring a Login Banner
You can configure a login banner to be displayed on all connected terminals. This banner appears after
the MOTD banner and before the login prompt.
Beginning in privileged EXEC mode, follow these steps to configure a login banner:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
banner login c message c Specify the login message.
end Return to privileged EXEC mode.
show running-config Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Managing the MAC Address Table
For c, enter the delimiting character of your choice, for example, a pound
sign (#), and press the Return key. The delimiting character signifies the
beginning and end of the banner text. Characters after the ending delimiter
are discarded.
For message, enter a login message up to 255 characters. You cannot use the
delimiting character in the message.
To delete the login banner, use the no banner login global configuration command.
This example shows how to configure a login banner for the switch by using the dollar sign ($) symbol
as the beginning and ending delimiter:
Switch(config)# banner login $
Access for authorized users only. Please enter your username and password.
$
Switch(config)#
Managing the MAC Address Table
The MAC address table contains address information that the switch uses to forward traffic between
ports. All MAC addresses in the address table are associated with one or more ports. The address table
includes these types of addresses:
• Dynamic address: a source MAC address that the switch learns and then ages when it is not in use.
• Static address: a manually entered unicast address that does not age and that is not lost when the
switch resets.
The address table lists the destination MAC address, the associated VLAN ID, and port number
associated with the address and the type (static or dynamic).
Note For complete syntax and usage information for the commands used in this section, see the command
reference for this release.
OL-19808-01
Catalyst 2360 Switch Software Configuration Guide
5-17
Page 98
Managing the MAC Address Table
These sections contain this configuration information:
• Building the Address Table, page 5-18
• MAC Addresses and VLANs, page 5-18
• Default MAC Address Table Configuration, page 5-18
• Changing the Address Aging Time, page 5-19
• Removing Dynamic Address Entries, page 5-19
• Adding and Removing Static Address Entries, page 5-20
• Configuring Unicast MAC Address Filtering, page 5-21
• Displaying Address Table Entries, page 5-22
Building the Address Table
With multiple MAC addresses supported on all ports, you can connect any port on the switch to
individual workstations, repeaters, switches, routers, or other network devices. The switch provides
dynamic addressing by learning the source address of packets it receives on each port and adding the
address and its associated port number to the address table. As stations are added or removed from the
network, the switch updates the address table, adding new dynamic addresses and aging out those that
are not in use.
Chapter 5 Administering the Switch
The aging interval is globally configured. However, the switch maintains an address table for each
VLAN, and STP can accelerate the aging interval on a per-VLAN basis.
The switch sends packets between any combination of ports, based on the destination address of the
received packet. Using the MAC address table, the switch forwards the packet only to the port associated
with the destination address. If the destination address is on the port that sent the packet, the packet is
filtered and not forwarded. The switch always uses the store-and-forward method: complete packets are
stored and checked for errors before transmission.
MAC Addresses and VLANs
All addresses are associated with a VLAN. An address can exist in more than one VLAN and have
different destinations in each. Unicast addresses, for example, could be forwarded to port 1 in VLAN
and ports 9, 10, and 1 in VLAN 5.
Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in
another until it is learned or statically associated with a port in the other VLAN.
Default MAC Address Table Configuration
Table 5-3 shows the default MAC address table configuration.
Ta b l e 5-3 Default MAC Address Table Configuration
1
5-18
Feature Default Setting
Aging time 300 seconds
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Page 99
Chapter 5 Administering the Switch
Table 5-3 Default MAC Address Table Configuration (continued)
Feature Default Setting
Dynamic addresses Automatically learned
Static addresses None configured
Changing the Address Aging Time
Dynamic addresses are source MAC addresses that the switch learns and then ages when they are not in
use. You can change the aging time setting for all VLANs or for a specified VLAN.
Setting too short an aging time can cause addresses to be prematurely removed from the table. Then
when the switch receives a packet for an unknown destination, it floods the packet to all ports in the same
VLAN as the receiving port. This unnecessary flooding can impact performance. Setting too long an
aging time can cause the address table to be filled with unused addresses, which prevents new addresses
from being learned. Flooding results, which can impact switch performance.
Beginning in privileged EXEC mode, follow these steps to configure the dynamic address table aging
time:
Managing the MAC Address Table
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
mac address-table aging-time [0 |
10-1000000] [vlan vlan-id]
end Return to privileged EXEC mode.
show mac address-table aging-time Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
To return to the default value, use the no mac address-table aging-time global configuration command.
Removing Dynamic Address Entries
To remove all dynamic entries, use the clear mac address-table dynamic command in privileged EXEC
mode. You can also remove a specific MAC address (clear mac address-table dynamic address
mac-address), remove all addresses on the specified physical port or port channel (clear mac
address-table dynamic interface interface-id), or remove all addresses on a specified VLAN (clear
mac address-table dynamic vlan vlan-id).
Set the length of time that a dynamic entry remains in the MAC
address table after the entry is used or updated.
The range is 10 to 1000000 seconds. The default is 300. You can also
enter 0, which disables aging. Static address entries are never aged
or removed from the table.
For vlan-id, valid IDs are 1 to 4094.
OL-19808-01
To verify that dynamic entries have been removed, use the show mac address-table dynamic privileged
EXEC command.
Catalyst 2360 Switch Software Configuration Guide
5-19
Page 100
Managing the MAC Address Table
Adding and Removing Static Address Entries
A static address has these characteristics:
• It is manually entered in the address table and must be manually removed.
• It can be a unicast or multicast address.
• It does not age and is retained when the switch restarts.
You can add and remove static addresses and define the forwarding behavior for them. The forwarding
behavior defines how a port that receives a packet forwards it to another port for transmission. Because
all ports are associated with at least one VLAN, the switch acquires the VLAN ID for the address from
the ports that you specify. You can specify a different list of destination ports for each source port.
A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded
to all ports and not learned.
You add a static address to the address table by specifying the destination MAC unicast address and the
VLAN from which it is received. Packets received with this destination address are forwarded to the
interface specified with the interface-id option.
Beginning in privileged EXEC mode, follow these steps to add a static address:
Chapter 5 Administering the Switch
Step 1
Step 2
Step 3
Step 4
Step 5
Command Purpose
configure terminal Enter global configuration mode.
mac address-table static mac-addr
vlan vlan-id interface interface-id
Add a static address to the MAC address table.
• For mac-addr, specify the destination MAC unicast address to add to
the address table. Packets with this destination address received in the
specified VLAN are forwarded to the specified interface.
• For vlan-id, specify the VLAN for which the packet with the
specified MAC address is received. Valid VLAN IDs are 1 to 4094.
• For interface-id, specify the interface to which the received packet is
forwarded. Valid interfaces include physical ports or port channels.
For static multicast addresses, you can enter multiple interface IDs.
For static unicast addresses, you can enter only one interface at a
time, but you can enter the command multiple times with the same
MAC address and VLAN ID.
end Return to privileged EXEC mode.
show mac address-table static Verify your entries.
copy running-config startup-config (Optional) Save your entries in the configuration file.
To remove static entries from the address table, use the no mac address-table static mac-addr vlan
vlan-id [interface interface-id] global configuration command.
This example shows how to add the static address c2f3.220a.12f4 to the MAC address table. When a
packet is received in VLAN 4 with this MAC address as its destination address, the packet is
to the specified port:
Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface
gigabitethernet0/1
forwarded
5-20
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Loading...