Cisco Catalyst 2928 Software Configuration Manual

Catalyst 2928 Switch Software Configuration Guide

Cisco IOS Release 12.2(55)EZ
November 2010

Americas Headquarters

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-23389-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at

www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership

relationship between Cisco and any other company. (1005R)

Catalyst 2928 Switch Software Configuration Guide

©2010 Cisco Systems, Inc. All rights reserved.

CONTENTS

Preface xxvii

Audience xxvii

Purpose xxvii

Conventions xxvii

Related Publications xxviii

Obtaining Documentation, Obtaining Support, and Security Guidelines xxix

CHAPTER

1 Overview 1-1

Features 1-1

Ease-of-Deployment and Ease-of-Use Features 1-1
Performance Features 1-2
Management Options 1-3
Manageability Features 1-4
Availability and Redundancy Features 1-5
VLAN Features 1-5
Security Features 1-6
QoS and CoS Features 1-7
Power over Ethernet Features (WS-C2928-24LT-C only) 1-7
Monitoring Features 1-8

Default Settings After Initial Switch Configuration 1-8

Network Configuration Examples 1-11

Design Concepts for Using the Switch 1-11
Small to Medium-Sized Network Using Catalyst 2928 Switches 1-14
Campus Network Using Catalyst 2928 Switches 1-15

Where to Go Next 1-16

CHAPTER

OL-23389-01

2 Using the Command-Line Interface 2-1

Understanding Command Modes 2-1

Understanding the Help System 2-3

Understanding Abbreviated Commands 2-3

Understanding no and default Forms of Commands 2-4

Understanding CLI Error Messages 2-4

Using Configuration Logging 2-4

Catalyst 2928 Switch Software Configuration Guide

iii

Contents

Using Command History 2-5

Changing the Command History Buffer Size 2-5
Recalling Commands 2-6
Disabling the Command History Feature 2-6

Using Editing Features 2-6

Enabling and Disabling Editing Features 2-6
Editing Commands through Keystrokes 2-7
Editing Command Lines that Wrap 2-8

Searching and Filtering Output of show and more Commands 2-9

Accessing the CLI 2-9

Accessing the CLI through a Console Connection or through Telnet 2-9

CHAPTER

3 Assigning the Switch IP Address and Default Gateway 3-1

Understanding the Boot Process 3-1

Assigning Switch Information 3-2

Default Switch Information 3-3
Understanding DHCP-Based Autoconfiguration 3-3

DHCP Client Request Process 3-4

Understanding DHCP-based Autoconfiguration and Image Update 3-4

DHCP Autoconfiguration 3-5
DHCP Auto-Image Update 3-5
Limitations and Restrictions 3-5

Configuring DHCP-Based Autoconfiguration 3-6

DHCP Server Configuration Guidelines 3-6
Configuring the TFTP Server 3-7
Configuring the DNS 3-7
Configuring the Relay Device 3-7
Obtaining Configuration Files 3-8
Example Configuration 3-9

Configuring the DHCP Auto Configuration and Image Update Features 3-11

Configuring DHCP Autoconfiguration (Only Configuration File) 3-11
Configuring DHCP Auto-Image Update (Configuration File and Image) 3-12
Configuring the Client 3-13

Manually Assigning IP Information 3-14

iv

Checking and Saving the Running Configuration 3-14

Modifying the Startup Configuration 3-15

Default Boot Configuration 3-16
Automatically Downloading a Configuration File 3-16
Specifying the Filename to Read and Write the System Configuration 3-16

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Booting Manually 3-17
Booting a Specific Software Image 3-18
Controlling Environment Variables 3-18

Scheduling a Reload of the Software Image 3-20

Configuring a Scheduled Reload 3-20
Displaying Scheduled Reload Information 3-21

Contents

CHAPTER

4 Configuring Cisco IOS CNS Agents 4-1

Understanding Cisco Configuration Engine Software 4-1

Configuration Service 4-2
Event Service 4-3

NameSpace Mapper 4-3

What You Should Know About the CNS IDs and Device Hostnames 4-3

ConfigID 4-3
DeviceID 4-4
Hostname and DeviceID 4-4
Using Hostname, DeviceID, and ConfigID 4-4

Understanding Cisco IOS Agents 4-5

Initial Configuration 4-5
Incremental (Partial) Configuration 4-6
Synchronized Configuration 4-6

Configuring Cisco IOS Agents 4-6

Enabling Automated CNS Configuration 4-6
Enabling the CNS Event Agent 4-7
Enabling the Cisco IOS CNS Agent 4-8

Enabling an Initial Configuration 4-9
Enabling a Partial Configuration 4-11

CHAPTER

OL-23389-01

Displaying CNS Configuration 4-12

5 Clustering Switches 5-1

Understanding Switch Clusters 5-1

Cluster Command Switch Characteristics 5-2
Standby Cluster Command Switch Characteristics 5-3
Candidate Switch and Cluster Member Switch Characteristics 5-3

Planning a Switch Cluster 5-4

Automatic Discovery of Cluster Candidates and Members 5-4

Discovery Through CDP Hops 5-4
Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 5-5
Discovery Through Different VLANs 5-6

Catalyst 2928 Switch Software Configuration Guide

v

Contents

Discovery Through Different Management VLANs 5-7
Discovery of Newly Installed Switches 5-8

HSRP and Standby Cluster Command Switches 5-9

Virtual IP Addresses 5-10
Other Considerations for Cluster Standby Groups 5-10

Automatic Recovery of Cluster Configuration 5-11
IP Addresses 5-12
Hostnames 5-12
Passwords 5-12
SNMP Community Strings 5-13
TACACS+ and RADIUS 5-13
LRE Profiles 5-13

Using the CLI to Manage Switch Clusters 5-13

Catalyst 1900 and Catalyst 2820 CLI Considerations 5-14

Using SNMP to Manage Switch Clusters 5-14

CHAPTER

CHAPTER

6 Configuring SDM Templates 6-1

Understanding the SDM Templates 6-1

Configuring the Switch SDM Template 6-2

Default SDM Template 6-2
SDM Template Configuration Guidelines 6-2

Displaying the SDM Templates 6-3

7 Administering the Switch 7-1

Managing the System Time and Date 7-1

Understanding the System Clock 7-1
Understanding Network Time Protocol 7-2
Configuring NTP 7-4

Default NTP Configuration 7-4

Configuring NTP Authentication 7-4

Configuring NTP Associations 7-5

Configuring NTP Broadcast Service 7-6

Configuring NTP Access Restrictions 7-8

Configuring the Source IP Address for NTP Packets 7-10

Displaying the NTP Configuration 7-11
Configuring Time and Date Manually 7-11

Setting the System Clock 7-11

Displaying the Time and Date Configuration 7-12

vi

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Configuring the Time Zone 7-12
Configuring Summer Time (Daylight Saving Time) 7-13

Configuring a System Name and Prompt 7-14

Default System Name and Prompt Configuration 7-15
Configuring a System Name 7-15
Understanding DNS 7-15

Default DNS Configuration 7-16
Setting Up DNS 7-16
Displaying the DNS Configuration 7-17

Creating a Banner 7-17

Default Banner Configuration 7-17
Configuring a Message-of-the-Day Login Banner 7-17
Configuring a Login Banner 7-18

Managing the MAC Address Table 7-19

Building the Address Table 7-20
MAC Addresses and VLANs 7-20
Default MAC Address Table Configuration 7-20
Changing the Address Aging Time 7-20
Removing Dynamic Address Entries 7-21
Configuring MAC Address Notification Traps 7-21
Adding and Removing Static Address Entries 7-23
Configuring Unicast MAC Address Filtering 7-24
Displaying Address Table Entries 7-26

Contents

CHAPTER

OL-23389-01

Managing the ARP Table 7-26

8 Configuring Switch-Based Authentication 8-1

Preventing Unauthorized Access to Your Switch 8-1

Protecting Access to Privileged EXEC Commands 8-2

Default Password and Privilege Level Configuration 8-2
Setting or Changing a Static Enable Password 8-3
Protecting Enable and Enable Secret Passwords with Encryption 8-3
Disabling Password Recovery 8-5
Setting a Telnet Password for a Terminal Line 8-6
Configuring Username and Password Pairs 8-6
Configuring Multiple Privilege Levels 8-7

Setting the Privilege Level for a Command 8-8
Changing the Default Privilege Level for Lines 8-9
Logging into and Exiting a Privilege Level 8-9

Catalyst 2928 Switch Software Configuration Guide

vii

Contents

Controlling Switch Access with TACACS+ 8-10

Understanding TACACS+ 8-10
TACACS+ Operation 8-12
Configuring TACACS+ 8-12

Default TACACS+ Configuration 8-13

Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13

Configuring TACACS+ Login Authentication 8-14

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16

Starting TACACS+ Accounting 8-17
Displaying the TACACS+ Configuration 8-17

Controlling Switch Access with RADIUS 8-17

Understanding RADIUS 8-18
RADIUS Operation 8-19
Configuring RADIUS 8-20

Default RADIUS Configuration 8-20

Identifying the RADIUS Server Host 8-20

Configuring RADIUS Login Authentication 8-23

Defining AAA Server Groups 8-25

Configuring RADIUS Authorization for User Privileged Access and Network Services 8-27

Starting RADIUS Accounting 8-28

Configuring Settings for All RADIUS Servers 8-29

Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-29

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-31
Displaying the RADIUS Configuration 8-31

viii

Configuring the Switch for Local Authentication and Authorization 8-32

Configuring the Switch for Secure Shell 8-33

Understanding SSH 8-33

SSH Servers, Integrated Clients, and Supported Versions 8-33

Limitations 8-34
Configuring SSH 8-34

Configuration Guidelines 8-34

Setting Up the Switch to Run SSH 8-35

Configuring the SSH Server 8-36
Displaying the SSH Configuration and Status 8-36

Configuring the Switch for Secure Socket Layer HTTP 8-37

Understanding Secure HTTP Servers and Clients 8-37

Certificate Authority Trustpoints 8-37

CipherSuites 8-39

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Configuring Secure HTTP Servers and Clients 8-39

Default SSL Configuration 8-39
SSL Configuration Guidelines 8-40
Configuring a CA Trustpoint 8-40
Configuring the Secure HTTP Server 8-41
Configuring the Secure HTTP Client 8-42

Displaying Secure HTTP Server and Client Status 8-43

Configuring the Switch for Secure Copy Protocol 8-43

Information About Secure Copy 8-44

Contents

CHAPTER

9 Configuring IEEE 802.1x Port-Based Authentication 9-1

Understanding IEEE 802.1x Port-Based Authentication 9-1

Device Roles 9-2
Authentication Process 9-3
Authentication Initiation and Message Exchange 9-5
Ports in Authorized and Unauthorized States 9-7
IEEE 802.1x Host Mode 9-7
IEEE 802.1x Accounting 9-8
IEEE 802.1x Accounting Attribute-Value Pairs 9-8
Using IEEE 802.1x Authentication with VLAN Assignment 9-9
Using IEEE 802.1x Authentication with Guest VLAN 9-11
Using IEEE 802.1x Authentication with Restricted VLAN 9-12
Using IEEE 802.1x Authentication with Voice VLAN Ports 9-13
Using IEEE 802.1x Authentication with Port Security 9-13
Using IEEE 802.1x Authentication with MAC Authentication Bypass 9-14

802.1x Authentication with Restricted VLAN 9-15
Common Session ID 9-16

Configuring IEEE 802.1x Authentication 9-17

Default IEEE 802.1x Authentication Configuration 9-17
IEEE 802.1x Authentication Configuration Guidelines 9-19

IEEE 802.1x Authentication 9-19
VLAN Assignment and Guest VLAN 9-20

MAC Authentication Bypass 9-20
Upgrading from a Previous Software Release 9-20
Configuring IEEE 802.1x Authentication 9-20
Configuring the Switch-to-RADIUS-Server Communication 9-22
Configuring the Host Mode 9-23
Configuring Periodic Re-Authentication 9-24
Manually Re-Authenticating a Client Connected to a Port 9-24

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

ix

Contents

Changing the Quiet Period 9-25
Changing the Switch-to-Client Retransmission Time 9-25
Setting the Switch-to-Client Frame-Retransmission Number 9-26
Setting the Re-Authentication Number 9-27
Configuring IEEE 802.1x Accounting 9-27
Configuring a Guest VLAN 9-28
Configuring a Restricted VLAN 9-29
Configuring MAC Authentication Bypass 9-31
Disabling IEEE 802.1x Authentication on the Port 9-31
Resetting the IEEE 802.1x Authentication Configuration to the Default Values 9-32

Displaying IEEE 802.1x Statistics and Status 9-32

CHAPTER

10 Configuring Web-Based Authentication 10-1

Understanding Web-Based Authentication 10-1

Device Roles 10-2
Host Detection 10-2
Session Creation 10-3
Authentication Process 10-3
Local Web Authentication Banner 10-4
Web Authentication Customizable Web Pages 10-6

Guidelines 10-6

Web-based Authentication Interactions with Other Features 10-7

Port Security 10-7
LAN Port IP 10-8
Gateway IP 10-8
ACLs 10-8
Context-Based Access Control 10-8

802.1x Authentication 10-8
EtherChannel 10-8

Configuring Web-Based Authentication 10-9

Default Web-Based Authentication Configuration 10-9
Web-Based Authentication Configuration Guidelines and Restrictions 10-9
Web-Based Authentication Configuration Task List 10-10
Configuring the Authentication Rule and Interfaces 10-10
Configuring AAA Authentication 10-11
Configuring Switch-to-RADIUS-Server Communication 10-11
Configuring the HTTP Server 10-13

Customizing the Authentication Proxy Web Pages 10-13
Specifying a Redirection URL for Successful Login 10-15

Catalyst 2928 Switch Software Configuration Guide

x

OL-23389-01

Configuring an AAA Fail Policy 10-15
Configuring the Web-Based Authentication Parameters 10-16
Configuring a Web Authentication Local Banner 10-16
Removing Web-Based Authentication Cache Entries 10-17

Displaying Web-Based Authentication Status 10-17

Contents

CHAPTER

CHAPTER

11 Configuring Portal-Based Authentication 11-1

Understanding Portal-Based Authentication 11-1

Configuring Portal-Based Authentication 11-2

Default Portal-Based Authentication Configuration 11-2
Enabling Portal-Based Authentication on the Switch 11-3
Enabling Portal-Based Authentication on an Interface 11-4
Configuring the Switch-to-RADIUS-Server Communication 11-4

Monitoring Portal-Based Authentication 11-6

12 Configuring Interface Characteristics 12-1

Understanding Interface Types 12-1

Port-Based VLANs 12-2
Switch Ports 12-2

Access Ports 12-2

Trunk Ports 12-3
Power over Ethernet (PoE) Ports (WS-C2928-24LT-C only) 12-4

Supported Protocols and Standards 12-4

Powered-Device Detection and Initial Power Allocation 12-5

Power Management Modes 12-5

Power Monitoring and Power Policing 12-6
Connecting Interfaces 12-9

OL-23389-01

Using Interface Configuration Mode 12-9

Procedures for Configuring Interfaces 12-10
Configuring a Range of Interfaces 12-10
Configuring and Using Interface Range Macros 12-12

Configuring Ethernet Interfaces 12-14

Default Ethernet Interface Configuration 12-14
Setting the Type of a Dual-Purpose Uplink Port 12-15
Configuring Interface Speed and Duplex Mode 12-17

Speed and Duplex Configuration Guidelines 12-17

Setting the Interface Speed and Duplex Parameters 12-18
Configuring IEEE 802.3x Flow Control 12-19
Configuring Auto-MDIX on an Interface 12-20

Catalyst 2928 Switch Software Configuration Guide

xi

Contents

Configuring a Power Management Mode on a PoE Port 12-21
Budgeting Power for Devices Connected to a PoE Port 12-22
Configuring Power Policing 12-24
Adding a Description for an Interface 12-25

Configuring the System MTU 12-26

Monitoring and Maintaining the Interfaces 12-27

Monitoring Interface Status 12-28
Clearing and Resetting Interfaces and Counters 12-28
Shutting Down and Restarting the Interface 12-29

CHAPTER

13 Configuring VLANs 13-1

Understanding VLANs 13-1

Supported VLANs 13-2
VLAN Port Membership Modes 13-3

Configuring Normal-Range VLANs 13-4

Token Ring VLANs 13-5
Normal-Range VLAN Configuration Guidelines 13-5
Saving VLAN Configuration 13-6
Default Ethernet VLAN Configuration 13-6
Creating or Modifying an Ethernet VLAN 13-7
Deleting a VLAN 13-8
Assigning Static-Access Ports to a VLAN 13-9

Configuring Extended-Range VLANs 13-10

Default VLAN Configuration 13-10
Extended-Range VLAN Configuration Guidelines 13-10
Creating an Extended-Range VLAN 13-11

Displaying VLANs 13-12

Configuring VLAN Trunks 13-12

Trunking Overview 13-12

IEEE 802.1Q Configuration Considerations 13-13
Default Layer 2 Ethernet Interface VLAN Configuration 13-14
Configuring an Ethernet Interface as a Trunk Port 13-14

Interaction with Other Features 13-14

Configuring a Trunk Port 13-15

Defining the Allowed VLANs on a Trunk 13-16

Changing the Pruning-Eligible List 13-17

Configuring the Native VLAN for Untagged Traffic 13-17

xii

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Configuring Trunk Ports for Load Sharing 13-18

Load Sharing Using STP Port Priorities 13-18
Load Sharing Using STP Path Cost 13-20

Configuring VMPS 13-21

Understanding VMPS 13-22

Dynamic-Access Port VLAN Membership 13-22
Default VMPS Client Configuration 13-23
VMPS Configuration Guidelines 13-23
Configuring the VMPS Client 13-24

Entering the IP Address of the VMPS 13-24

Configuring Dynamic-Access Ports on VMPS Clients 13-24

Reconfirming VLAN Memberships 13-25

Changing the Reconfirmation Interval 13-25

Changing the Retry Count 13-26
Monitoring the VMPS 13-26
Troubleshooting Dynamic-Access Port VLAN Membership 13-27
VMPS Configuration Example 13-27

Contents

CHAPTER

14 Configuring VTP 14-1

Understanding VTP 14-1

The VTP Domain 14-2
VTP Modes 14-3
VTP Advertisements 14-3
VTP Version 2 14-4
VTP Pruning 14-4

Configuring VTP 14-6

Default VTP Configuration 14-6
VTP Configuration Guidelines 14-7

Domain Names 14-7

Passwords 14-7

VTP Version 14-8

Configuration Requirements 14-8
Configuring a VTP Server 14-8
Configuring a VTP Client 14-9
Disabling VTP (VTP Transparent Mode) 14-10
Enabling VTP Version 2 14-11
Enabling VTP Pruning 14-12
Adding a VTP Client Switch to a VTP Domain 14-12

OL-23389-01

Monitoring VTP 14-14

Catalyst 2928 Switch Software Configuration Guide

xiii

Contents

CHAPTER

CHAPTER

15 Configuring Voice VLAN 15-1

Understanding Voice VLAN 15-1

Cisco IP Phone Voice Traffic 15-2
Cisco IP Phone Data Traffic 15-2

Configuring Voice VLAN 15-3

Default Voice VLAN Configuration 15-3
Voice VLAN Configuration Guidelines 15-3
Configuring a Port Connected to a Cisco 7960 IP Phone 15-4

Configuring Cisco IP Phone Voice Traffic 15-5

Displaying Voice VLAN 15-6

16 Configuring STP 16-1

Understanding Spanning-Tree Features 16-1

STP Overview 16-2
Spanning-Tree Topology and BPDUs 16-2
Bridge ID, Switch Priority, and Extended System ID 16-3
Spanning-Tree Interface States 16-4

Blocking State 16-5
Listening State 16-6
Learning State 16-6
Forwarding State 16-6

Disabled State 16-6
How a Switch or Port Becomes the Root Switch or Root Port 16-7
Spanning Tree and Redundant Connectivity 16-7
Spanning-Tree Address Management 16-8
Accelerated Aging to Retain Connectivity 16-8
Spanning-Tree Modes and Protocols 16-9
Supported Spanning-Tree Instances 16-9
Spanning-Tree Interoperability and Backward Compatibility 16-10
STP and IEEE 802.1Q Trunks 16-10

xiv

Configuring Spanning-Tree Features 16-10

Default Spanning-Tree Configuration 16-11
Spanning-Tree Configuration Guidelines 16-12
Changing the Spanning-Tree Mode. 16-13
Disabling Spanning Tree 16-14
Configuring the Root Switch 16-14
Configuring a Secondary Root Switch 16-16
Configuring Port Priority 16-16
Configuring Path Cost 16-18

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Configuring the Switch Priority of a VLAN 16-19
Configuring Spanning-Tree Timers 16-20

Configuring the Hello Time 16-20
Configuring the Forwarding-Delay Time for a VLAN 16-21
Configuring the Maximum-Aging Time for a VLAN 16-21
Configuring the Transmit Hold-Count 16-22

Displaying the Spanning-Tree Status 16-22

Contents

CHAPTER

17 Configuring MSTP 17-1

Understanding MSTP 17-2

Multiple Spanning-Tree Regions 17-2
IST, CIST, and CST 17-2

Operations Within an MST Region 17-3
Operations Between MST Regions 17-3

IEEE 802.1s Terminology 17-5
Hop Count 17-5
Boundary Ports 17-6
IEEE 802.1s Implementation 17-6

Port Role Naming Change 17-6

Interoperation Between Legacy and Standard Switches 17-7

Detecting Unidirectional Link Failure 17-7
Interoperability with IEEE 802.1D STP 17-8

Understanding RSTP 17-8

Port Roles and the Active Topology 17-9
Rapid Convergence 17-9
Synchronization of Port Roles 17-11
Bridge Protocol Data Unit Format and Processing 17-12

Processing Superior BPDU Information 17-12

Processing Inferior BPDU Information 17-13
Topology Changes 17-13

OL-23389-01

Configuring MSTP Features 17-13

Default MSTP Configuration 17-14
MSTP Configuration Guidelines 17-14
Specifying the MST Region Configuration and Enabling MSTP 17-15
Configuring the Root Switch 17-17
Configuring a Secondary Root Switch 17-18
Configuring Port Priority 17-19
Configuring Path Cost 17-20
Configuring the Switch Priority 17-21

Catalyst 2928 Switch Software Configuration Guide

xv

Contents

Configuring the Hello Time 17-22
Configuring the Forwarding-Delay Time 17-23
Configuring the Maximum-Aging Time 17-23
Configuring the Maximum-Hop Count 17-24
Specifying the Link Type to Ensure Rapid Transitions 17-24
Designating the Neighbor Type 17-25
Restarting the Protocol Migration Process 17-25

Displaying the MST Configuration and Status 17-26

CHAPTER

18 Configuring Optional Spanning-Tree Features 18-1

Understanding Optional Spanning-Tree Features 18-1

Understanding Port Fast 18-2
Understanding BPDU Guard 18-2
Understanding BPDU Filtering 18-3
Understanding UplinkFast 18-3
Understanding BackboneFast 18-5
Understanding EtherChannel Guard 18-7
Understanding Root Guard 18-8
Understanding Loop Guard 18-9

Configuring Optional Spanning-Tree Features 18-9

Default Optional Spanning-Tree Configuration 18-9
Optional Spanning-Tree Configuration Guidelines 18-10
Enabling Port Fast 18-10
Enabling BPDU Guard 18-11
Enabling BPDU Filtering 18-12
Enabling UplinkFast for Use with Redundant Links 18-13
Enabling BackboneFast 18-13
Enabling EtherChannel Guard 18-14
Enabling Root Guard 18-15
Enabling Loop Guard 18-15

CHAPTER

xvi

Displaying the Spanning-Tree Status 18-16

19 Configuring DHCP Features and IP Source Guard Features 19-1

Understanding DHCP Snooping 19-1

DHCP Server 19-2
DHCP Relay Agent 19-2
DHCP Snooping 19-2
Option-82 Data Insertion 19-4
DHCP Snooping Binding Database 19-7

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Configuring DHCP Snooping 19-8

Default DHCP Snooping Configuration 19-8
DHCP Snooping Configuration Guidelines 19-9
Configuring the DHCP Relay Agent 19-10
Enabling DHCP Snooping and Option 82 19-11
Enabling the DHCP Snooping Binding Database Agent 19-12

Displaying DHCP Snooping Information 19-13

Understanding IP Source Guard 19-13

Source IP Address Filtering 19-14
Source IP and MAC Address Filtering 19-14
IP Source Guard for Static Hosts 19-15

Configuring IP Source Guard 19-15

Default IP Source Guard Configuration 19-16
IP Source Guard Configuration Guidelines 19-16
Enabling IP Source Guard 19-16
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port 19-18

Contents

CHAPTER

Displaying IP Source Guard Information 19-21

Understanding DHCP Server Port-Based Address Allocation 19-21

Configuring DHCP Server Port-Based Address Allocation 19-22

Default Port-Based Address Allocation Configuration 19-22
Port-Based Address Allocation Configuration Guidelines 19-22
Enabling DHCP Server Port-Based Address Allocation 19-23

Displaying DHCP Server Port-Based Address Allocation 19-25

20 Configuring Dynamic ARP Inspection 20-1

Understanding Dynamic ARP Inspection 20-1

Interface Trust States and Network Security 20-3
Rate Limiting of ARP Packets 20-4
Relative Priority of ARP ACLs and DHCP Snooping Entries 20-4
Logging of Dropped Packets 20-4

Configuring Dynamic ARP Inspection 20-5

Default Dynamic ARP Inspection Configuration 20-5
Dynamic ARP Inspection Configuration Guidelines 20-6
Configuring Dynamic ARP Inspection in DHCP Environments 20-7
Configuring ARP ACLs for Non-DHCP Environments 20-8
Limiting the Rate of Incoming ARP Packets 20-10
Performing Validation Checks 20-11
Configuring the Log Buffer 20-12

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

xvii

Contents

Displaying Dynamic ARP Inspection Information 20-14

CHAPTER

21 Configuring IGMP Snooping 21-1

Understanding IGMP Snooping 21-1

IGMP Versions 21-2
Joining a Multicast Group 21-3
Leaving a Multicast Group 21-4
Immediate Leave 21-5
IGMP Configurable-Leave Timer 21-5
IGMP Report Suppression 21-5

Configuring IGMP Snooping 21-6

Default IGMP Snooping Configuration 21-6
Enabling or Disabling IGMP Snooping 21-6
Setting the Snooping Method 21-7
Configuring a Multicast Router Port 21-8
Configuring a Host Statically to Join a Group 21-9
Enabling IGMP Immediate Leave 21-9
Configuring the IGMP Leave Timer 21-10
Configuring TCN-Related Commands 21-11

Controlling the Multicast Flooding Time After a TCN Event 21-11
Recovering from Flood Mode 21-12

Disabling Multicast Flooding During a TCN Event 21-12
Configuring the IGMP Snooping Querier 21-13
Disabling IGMP Report Suppression 21-14

CHAPTER

xviii

Displaying IGMP Snooping Information 21-14

Configuring IGMP Filtering and Throttling 21-16

Default IGMP Filtering and Throttling Configuration 21-16
Configuring IGMP Profiles 21-17
Applying IGMP Profiles 21-18
Setting the Maximum Number of IGMP Groups 21-19
Configuring the IGMP Throttling Action 21-19

Displaying IGMP Filtering and Throttling Configuration 21-20

22 Configuring Port-Based Traffic Control 22-1

Configuring Storm Control 22-1

Understanding Storm Control 22-1
Default Storm Control Configuration 22-3
Configuring Storm Control and Threshold Levels 22-3
Configuring Small-Frame Arrival Rate 22-5

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Configuring Protected Ports 22-6

Default Protected Port Configuration 22-6
Protected Port Configuration Guidelines 22-6
Configuring a Protected Port 22-7

Configuring Port Blocking 22-7

Default Port Blocking Configuration 22-7
Blocking Flooded Traffic on an Interface 22-7

Configuring Port Security 22-8

Understanding Port Security 22-9

Secure MAC Addresses 22-9

Security Violations 22-10
Default Port Security Configuration 22-11
Port Security Configuration Guidelines 22-11
Enabling and Configuring Port Security 22-12
Enabling and Configuring Port Security Aging 22-17
Displaying Port-Based Traffic Control Settings 22-18

Contents

CHAPTER

CHAPTER

23 Configuring CDP 23-1

Understanding CDP 23-1

Configuring CDP 23-2

Default CDP Configuration 23-2
Configuring the CDP Characteristics 23-2
Disabling and Enabling CDP 23-3
Disabling and Enabling CDP on an Interface 23-4

Monitoring and Maintaining CDP 23-5

24 Configuring LLDP and LLDP-MED 24-1

Understanding LLDP and LLDP-MED 24-1

LLDP 24-1
LLDP-MED 24-2

Configuring LLDP and LLDP-MED 24-3

Default LLDP Configuration 24-3
Configuration Guidelines 24-3
Enabling LLDP 24-4
Configuring LLDP Characteristics 24-4
Configuring LLDP-MED TLVs 24-5
Configuring Network-Policy TLV 24-6

OL-23389-01

Monitoring and Maintaining LLDP and LLDP-MED 24-8

Catalyst 2928 Switch Software Configuration Guide

xix

Contents

CHAPTER

CHAPTER

25 Configuring UDLD 25-1

Understanding UDLD 25-1

Modes of Operation 25-1
Methods to Detect Unidirectional Links 25-2

Configuring UDLD 25-3

Default UDLD Configuration 25-4
Configuration Guidelines 25-4
Enabling UDLD Globally 25-5
Enabling UDLD on an Interface 25-5
Resetting an Interface Disabled by UDLD 25-6

Displaying UDLD Status 25-6

26 Configuring SPAN 26-1

Understanding SPAN 26-1

Local SPAN 26-2
SPAN Concepts and Terminology 26-2

SPAN Sessions 26-2
Monitored Traffic 26-3
Source Ports 26-4
Source VLANs 26-4
VLAN Filtering 26-5
Destination Port 26-5

SPAN Interaction with Other Features 26-6

CHAPTER

xx

Configuring SPAN 26-7

Default SPAN Configuration 26-7
Configuring Local SPAN 26-7

SPAN Configuration Guidelines 26-7
Creating a Local SPAN Session 26-8
Creating a Local SPAN Session and Configuring Incoming Traffic 26-11
Specifying VLANs to Filter 26-12

Displaying SPAN Status 26-13

27 Configuring RMON 27-1

Understanding RMON 27-1

Configuring RMON 27-2

Default RMON Configuration 27-3
Configuring RMON Alarms and Events 27-3

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Collecting Group History Statistics on an Interface 27-5
Collecting Group Ethernet Statistics on an Interface 27-5

Displaying RMON Status 27-6

Contents

CHAPTER

28 Configuring System Message Logging 28-1

Understanding System Message Logging 28-1

Configuring System Message Logging 28-2

System Log Message Format 28-2
Default System Message Logging Configuration 28-3
Disabling Message Logging 28-3
Setting the Message Display Destination Device 28-4
Synchronizing Log Messages 28-5
Enabling and Disabling Time Stamps on Log Messages 28-7
Enabling and Disabling Sequence Numbers in Log Messages 28-7
Defining the Message Severity Level 28-8
Limiting Syslog Messages Sent to the History Table and to SNMP 28-9
Enabling the Configuration-Change Logger 28-10
Configuring UNIX Syslog Servers 28-11

Logging Messages to a UNIX Syslog Daemon 28-11

Configuring the UNIX System Logging Facility 28-12

Displaying the Logging Configuration 28-13

CHAPTER

OL-23389-01

29 Configuring SNMP 29-1

Understanding SNMP 29-1

SNMP Versions 29-2
SNMP Manager Functions 29-3
SNMP Agent Functions 29-4
SNMP Community Strings 29-4
Using SNMP to Access MIB Variables 29-4
SNMP Notifications 29-5
SNMP ifIndex MIB Object Values 29-5

Configuring SNMP 29-6

Default SNMP Configuration 29-6
SNMP Configuration Guidelines 29-7
Disabling the SNMP Agent 29-7
Configuring Community Strings 29-8
Configuring SNMP Groups and Users 29-9
Configuring SNMP Notifications 29-11
Setting the Agent Contact and Location Information 29-15

Catalyst 2928 Switch Software Configuration Guide

xxi

Contents

Limiting TFTP Servers Used Through SNMP 29-15
SNMP Examples 29-16

Displaying SNMP Status 29-17

CHAPTER

30 Configuring Network Security with ACLs 30-1

Understanding ACLs 30-1

ACL Overview 30-2

Port ACLs 30-2

Handling Fragmented and Unfragmented Traffic 30-3

Configuring IPv4 ACLs 30-4

Creating Standard and Extended IPv4 ACLs 30-5

Access List Numbers 30-5
Creating a Numbered Standard ACL 30-6
Creating a Numbered Extended ACL 30-7
Resequencing ACEs in an ACL 30-12
Creating Named Standard and Extended ACLs 30-12
Using Time Ranges with ACLs 30-14

Including Comments in ACLs 30-15
Applying an IPv4 ACL to a Terminal Line 30-16
Applying an IPv4 ACL to a VLAN Interface 30-16
Hardware and Software Treatment of IP ACLs 30-17
Troubleshooting ACLs 30-18
IPv4 ACL Configuration Examples 30-18

Numbered ACLs 30-19

Extended ACLs 30-19

Named ACLs 30-19

Time Range Applied to an IP ACL 30-20

Commented IP ACL Entries 30-20

CHAPTER

xxii

Displaying IPv4 ACL Configuration 30-21

31 Configuring QoS 31-1

Understanding QoS 31-1

Basic QoS Model 31-3
Classification 31-3
Queueing Overview 31-4

Weighted Tail Drop 31-4

Queueing on Ingress Queues 31-4

Queueing on Egress Queues 31-5
Packet Modification 31-6

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Configuring Standard QoS 31-6

Default Standard QoS Configuration 31-7

Default Ingress Queue Configuration 31-7

Default Egress Queue Configuration 31-7
General QoS Guidelines 31-8
Enabling QoS Globally 31-9
Configuring Classification Using Port Trust States 31-9

Configuring the Trust State on Ports within the QoS Domain 31-9

Configuring the CoS Value for an Interface 31-11

Enabling DSCP Transparency Mode 31-11
Configuring Ingress Queue Characteristics 31-12

Mapping CoS Values to an Ingress Queue 31-12

Configuring the Ingress Priority Queue 31-13
Configuring Egress Queue Characteristics 31-14

Configuration Guidelines 31-15

Mapping CoS Values to an Egress Queue and to a Threshold ID 31-15

Configuring the Egress Expedite Queue 31-16

Contents

CHAPTER

Displaying Standard QoS Information 31-17

32 Configuring EtherChannels 32-1

Understanding EtherChannels 32-1

EtherChannel Overview 32-2
Port-Channel Interfaces 32-3
Port Aggregation Protocol 32-4

PAgP Modes 32-4

PAgP Interaction with Other Features 32-5
Link Aggregation Control Protocol 32-5

LACP Modes 32-5

LACP Interaction with Other Features 32-6
EtherChannel On Mode 32-6
Load Balancing and Forwarding Methods 32-6

Configuring EtherChannels 32-8

Default EtherChannel Configuration 32-9
EtherChannel Configuration Guidelines 32-9
Configuring Layer 2 EtherChannels 32-10
Configuring EtherChannel Load Balancing 32-12
Configuring the PAgP Learn Method and Priority 32-13

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

xxiii

Contents

Configuring LACP Hot-Standby Ports 32-14

Configuring the LACP System Priority 32-15
Configuring the LACP Port Priority 32-15

Displaying EtherChannel, PAgP, and LACP Status 32-16

CHAPTER

33 Troubleshooting 33-1

Recovering from a Software Failure 33-2

Recovering from a Lost or Forgotten Password 33-3

Procedure with Password Recovery Enabled 33-4
Procedure with Password Recovery Disabled 33-6

Recovering from a Command Switch Failure 33-7

Replacing a Failed Command Switch with a Cluster Member 33-8
Replacing a Failed Command Switch with Another Switch 33-9

Recovering from Lost Cluster Member Connectivity 33-11

Preventing Autonegotiation Mismatches 33-11

Troubleshooting Power over Ethernet Switch Ports 33-11

Disabled Port Caused by Power Loss 33-12
Disabled Port Caused by False Link Up 33-12

SFP Module Security and Identification 33-12

Monitoring SFP Module Status 33-13

Using Ping 33-13

Understanding Ping 33-13
Executing Ping 33-13

xxiv

Using Layer 2 Traceroute 33-14

Understanding Layer 2 Traceroute 33-14
Usage Guidelines 33-15
Displaying the Physical Path 33-15

Using IP Traceroute 33-16

Understanding IP Traceroute 33-16
Executing IP Traceroute 33-17

Using TDR 33-18

Understanding TDR 33-18
Running TDR and Displaying the Results 33-18

Using Debug Commands 33-18

Enabling Debugging on a Specific Feature 33-19
Enabling All-System Diagnostics 33-19
Redirecting Debug and Error Message Output 33-20

Using the show platform forward Command 33-20

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Using the crashinfo Files 33-22

Basic crashinfo Files 33-22
Extended crashinfo Files 33-22

Memory Consistency Check Routines 33-23

Displaying TCAM Memory Consistency Check Errors 33-23

Troubleshooting Tables 33-24

Troubleshooting CPU Utilization 33-24

Possible Symptoms of High CPU Utilization 33-24

Verifying the Problem and Cause 33-24
Troubleshooting Power over Ethernet (PoE) 33-25

Contents

APPENDIX

APPENDIX

A Supported MIBs A-1

MIB List A-1

Using FTP to Access the MIB Files A-3

B Working with the Cisco IOS File System, Configuration Files, and Software Images B-1

Working with the Flash File System B-1

Displaying Available File Systems B-2
Setting the Default File System B-3
Displaying Information about Files on a File System B-3
Changing Directories and Displaying the Working Directory B-3
Creating and Removing Directories B-4
Copying Files B-4
Deleting Files B-5
Creating, Displaying, and Extracting tar Files B-5

Creating a tar File B-6

Displaying the Contents of a tar File B-6

Extracting a tar File B-7
Displaying the Contents of a File B-7

OL-23389-01

Working with Configuration Files B-8

Guidelines for Creating and Using Configuration Files B-8
Configuration File Types and Location B-9
Creating a Configuration File By Using a Text Editor B-9
Copying Configuration Files By Using TFTP B-10

Preparing to Download or Upload a Configuration File By Using TFTP B-10

Downloading the Configuration File By Using TFTP B-11

Uploading the Configuration File By Using TFTP B-11

Catalyst 2928 Switch Software Configuration Guide

xxv

Contents

Copying Configuration Files By Using FTP B-12

Preparing to Download or Upload a Configuration File By Using FTP B-12
Downloading a Configuration File By Using FTP B-13
Uploading a Configuration File By Using FTP B-14

Copying Configuration Files By Using RCP B-15

Preparing to Download or Upload a Configuration File By Using RCP B-16
Downloading a Configuration File By Using RCP B-16
Uploading a Configuration File By Using RCP B-17

Clearing Configuration Information B-18

Clearing the Startup Configuration File B-18
Deleting a Stored Configuration File B-18

Working with Software Images B-19

Image Location on the Switch B-20
tar File Format of Images on a Server or Cisco.com B-20
Copying Image Files By Using TFTP B-21

Preparing to Download or Upload an Image File By Using TFTP B-21
Downloading an Image File By Using TFTP B-22
Uploading an Image File By Using TFTP B-24

Copying Image Files By Using FTP B-24

Preparing to Download or Upload an Image File By Using FTP B-25
Downloading an Image File By Using FTP B-26
Uploading an Image File By Using FTP B-27

Copying Image Files By Using RCP B-28

Preparing to Download or Upload an Image File By Using RCP B-29
Downloading an Image File By Using RCP B-30
Uploading an Image File By Using RCP B-32

APPENDIX

xxvi

C Unsupported Commands in Cisco IOS Release 12.2(55)EZ C-1

Access Control Lists C-1

Unsupported Privileged EXEC Commands C-1
Unsupported Global Configuration Commands C-1
Unsupported Route-Map Configuration Commands C-1

Boot Loader Commands C-2

Unsupported Global Configuration Commands C-2

Debug Commands C-2

Unsupported Privileged EXEC Commands C-2

IEEE 802.1x Commands C-2

Unsupported Privileged EXEC Command C-2
Unsupported Global Configuration Command C-2

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

IGMP Snooping Commands C-2

Unsupported Global Configuration Commands C-2

Interface Commands C-2

Unsupported Privileged EXEC Commands C-2
Unsupported Global Configuration Commands C-3
Unsupported Interface Configuration Commands C-3

MAC Address Commands C-3

Unsupported Privileged EXEC Commands C-3
Unsupported Global Configuration Commands C-3

Miscellaneous C-4

Unsupported Privileged EXEC Commands C-4
Unsupported Global Configuration Commands C-4

Network Address Translation (NAT) Commands C-4

Unsupported Privileged EXEC Commands C-4

Contents

QoS C-4

Unsupported Global Configuration Command C-4
Unsupported Interface Configuration Commands C-4
Unsupported Policy-Map Configuration Command C-4

RADIUS C-5

Unsupported Global Configuration Commands C-5

SNMP C-5

Unsupported Global Configuration Commands C-5

Spanning Tree C-5

Unsupported Global Configuration Command C-5
Unsupported Interface Configuration Command C-5

VLAN C-5

Unsupported Global Configuration Command C-5
Unsupported vlan-config Command C-6
Unsupported User EXEC Commands C-6

VTP C-6

Unsupported Privileged EXEC Commands C-6

I

NDEX

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

xxvii

Contents

xxviii

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Audience

Purpose

Preface

This guide is for the networking professional managing the Catalyst 2928 switch, hereafter referred to
as the switch. Before using this guide, you should have experience working with the Cisco IOS software
and be familiar with the concepts and terminology of Ethernet and local area networking.

This guide provides the information that you need to configure Cisco IOS software features on your
switch. The Catalyst 2928 software provides enterprise-class intelligent services.

This guide provides procedures for using the commands that have been created or changed for use with
the Catalyst 2928 switch. It does not provide detailed information about these commands. For detailed
information about these commands, see the Catalyst 2928 Switch Command Reference for this release.
For information about the standard Cisco IOS Release 12.2 commands, see the Cisco IOS documentation
set available from the Cisco.com home page at Technical Support & Documentation > Cisco IOS
Software.

This guide does not provide detailed information on the graphical user interfaces (GUIs) for the
embedded device manager that you can use to manage the switch. However, the concepts in this guide
are applicable to the GUI user. For information about the device manager, see the switch online help.
This guide does not describe system messages you might encounter or how to install your switch. For
more information, see the Catalyst 2928 Switch System Message Guide for this release and the Catalyst
2928 Switch Hardware Installation Guide.

For documentation updates, see the release notes for this release.

Conventions

This publication uses these conventions to convey instructions and information:

Command descriptions use these conventions:

• Commands and keywords are in boldface text.

• Arguments for which you supply values are in italic.

OL-23389-01

• Square brackets ([ ]) mean optional elements.

Catalyst 2928 Switch Software Configuration Guide

xxvii

Preface

• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.

• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional

element.

Interactive examples use these conventions:

• Terminal sessions and system displays are in screen font.

• Information you enter is in boldface screen font.

• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).

Notes, cautions, and timesavers use these conventions and symbols:

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in

this manual.

Caution Means reader be careful. In this situation, you might do something that could result in equipment

damage or loss of data.

Related Publications

These documents provide complete information about the switch and are available from this
Cisco.com site:

http://www.cisco.com/web/CN/products/products_netsol/switches/products/ca2928/index.html

• Release Notes for the Catalyst 2928 Switch

Note Before installing, configuring, or upgrading the switch, refer to the release notes on

Cisco.com for the latest information.

• Catalyst 2928 Switch Software Configuration Guide

• Catalyst 2928 Switch Command Reference

• Catalyst 2928 Switch System Message Guide

• Catalyst 2928 Switch Getting Started Guide

• Catalyst 2928 Switch Hardware Installation Guide

• Regulatory Compliance and Safety Information for the Catalyst 2928 Switch

• Cisco Small Form-Factor Pluggable Modules Installation Notes

xxviii

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Preface

Obtaining Documentation, Obtaining Support, and Security
Guidelines

For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

xxix

Preface

xxx

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Features

CHAP T ER

1

Overview

This chapter provides these topics about the Catalyst 2928 switch software:

• Features, page 1-1

• Default Settings After Initial Switch Configuration, page 1-8

• Network Configuration Examples, page 1-11

• Where to Go Next, page 1-16

In this document, IP refers to IP Version 4 (IPv4).

Some features described in this chapter are available only on the cryptographic (supports encryption)
version of the software. You must obtain authorization to use this feature and to download the
cryptographic version of the software from Cisco.com. For more information, see the release notes for
this release.

• Ease-of-Deployment and Ease-of-Use Features, page 1-1

• Performance Features, page 1-2

• Management Options, page 1-3

• Manageability Features, page 1-4 (includes a feature requiring the cryptographic version of the

software)

• Availability and Redundancy Features, page 1-5

• VLAN Features, page 1-5

• Security Features, page 1-6 (includes a feature requiring the cryptographic version of the software)

• QoS and CoS Features, page 1-7

• Monitoring Features, page 1-8

Ease-of-Deployment and Ease-of-Use Features

• Express Setup for quickly configuring a switch for the first time with basic IP information, contact

information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP)
information through a browser-based program. For more information about Express Setup, see the
getting started guide.

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

1-1

Features

Chapter 1 Overview

• User-defined and Cisco-default Smartports macros for creating custom switch configurations for

simplified deployment across the network.

• Auto Smartports

–

Cisco-default and user-defined macros for dynamic port configuration based on the device type
detected on the port.

–

Enhancements to add support for global macros, last-resort macros, event trigger control, access
points, EtherChannels, auto-QoS with Cisco Medianet, and IP phones.

• An embedded device manager GUI for configuring and monitoring a single switch through a web

browser. For information about launching the device manager, see the getting started guide. For more
information about the device manager, see the switch online help.

• Switch clustering technology for

–

Unified configuration, monitoring, authentication, and software upgrade of multiple,
cluster-capable switches, regardless of their geographic proximity and interconnection media,
including Ethernet, Fast Ethernet, Fast EtherChannel, small form-factor pluggable (SFP)
modules, Gigabit Ethernet, and Gigabit EtherChannel connections. For a list of cluster-capable
switches, see the release notes.

–

Automatic discovery of candidate switches and creation of clusters of up to 16 switches that can
be managed through a single IP address.

–

Extended discovery of cluster candidates that are not directly connected to the command switch.

• Smart Install to allow a single point of management (director) in a network. You can use Smart

Install to provide zero touch image and configuration upgrade of newly deployed switches and
image and configuration downloads for any client switches. For more information, see the Cisco

Smart Install Configuration Guide.

• Smart Install enhancements in Cisco IOS Release 12.2(55)SE supporting client backup files,

zero-touch replacement for clients with the same product-ID, automatic generation of the image list
file, configurable file repository, hostname changes, transparent connection of the director to client,
and USB storage for image and seed configuration.

Performance Features

• Autosensing of port speed and autonegotiation of duplex mode on all switch ports for optimizing

bandwidth

• Automatic-medium-dependent interface crossover (auto-MDIX) capability on 10/100 and

10/100/1000 Mb/s interfaces and on 10/100/1000 BASE-TX SFP module interfaces that enables the
interface to automatically detect the required cable connection type (straight-through or crossover)
and to configure the connection appropriately

• Support for up to 9000 bytes for frames that are bridged in hardware, and up to 2000 bytes for frames

that are bridged by software

• IEEE 802.3x flow control on all ports (the switch does not send pause frames)

• EtherChannel for enhanced fault tolerance and for providing up to 8 Gb/s (Gigabit EtherChannel)

or 800 Mb/s (Fast EtherChannel) full-duplex bandwidth among switches, routers, and servers

• Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic

creation of EtherChannel links

1-2

• Forwarding of Layer 2 packets at Gigabit line rate

• Per-port storm control for preventing broadcast, multicast, and unicast storms

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 1 Overview

Features

• Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast

traffic

• Internet Group Management Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3 for

efficiently forwarding multimedia and multicast traffic

• IGMP report suppression for sending only one IGMP report per multicast router query to the

multicast devices (supported only for IGMPv1 or IGMPv2 queries)

• IGMP snooping querier support to configure switch to generate periodic IGMP general query

messages

• IGMP filtering for controlling the set of multicast groups to which hosts on a switch port can belong

• IGMP throttling for configuring the action when the maximum number of entries is in the IGMP

forwarding table

• IGMP leave timer for configuring the leave latency for the network

• Switch Database Management (SDM) templates for allocating system resources to maximize

support for user-selected features

• Configurable small-frame arrival threshold to prevent storm control when small frames (64 bytes or

less) arrive on an interface at a specified rate (the threshold)

• Memory consistency check routines to detect and correct invalid ternary content addressable

memory (TCAM) table entries.

Management Options

• An embedded device manager—The device manager is a GUI that is integrated in the software

image. You use it to configure and to monitor a single switch. For information about launching the
device manager, see the getting started guide. For more information about the device manager, see the
switch online help.

• CLI—The Cisco IOS software supports desktop- and multilayer-switching features. You can access

the CLI either by connecting your management station directly to the switch console port or by using
Telnet from a remote management station. For more information about the CLI, see Chapter 2,

“Using the Command-Line Interface.”

• SNMP—SNMP management applications such as CiscoWorks2000 LAN Management Suite (LMS)

and HP OpenView. You can manage from an SNMP-compatible management station that is running
platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive set of
MIB extensions and four remote monitoring (RMON) groups. For more information about using
SNMP, see Chapter 29, “Configuring SNMP.”

• Cisco IOS Configuration Engine (previously known to as the Cisco IOS CNS

agent)-—Configuration service automates the deployment and management of network devices and
services. You can automate initial configurations and configuration updates by generating
switch-specific configuration changes, sending them to the switch, executing the configuration
change, and logging the results.

For more information about CNS, see Chapter 4, “Configuring Cisco IOS CNS Agents.”

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

1-3

Features

Manageability Features

• CNS embedded agents for automating switch management, configuration storage, and delivery

• DHCP for automating configuration of switch information (such as IP address, default gateway,

hostname, and Domain Name System [DNS] and TFTP server names)

• DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address

requests, from DHCP clients

• DHCP server for automatic assignment of IP addresses and other DHCP options to IP hosts

• DHCP-based autoconfiguration and image update to download a specified configuration a new

image to a large number of switches

• Directed unicast requests to a DNS server for identifying a switch through its IP address and its

corresponding hostname and to a TFTP server for administering software upgrades from a TFTP
server

• Address Resolution Protocol (ARP) for identifying a switch through its IP address and its

corresponding MAC address

• Unicast MAC address filtering to drop packets with specific source or destination MAC addresses

• Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology discovery and mapping

between the switch and other Cisco devices on the network

• Link Layer Discovery Protocol (LLDP) for interoperability with third-party IP phones

Chapter 1 Overview

• Support for the LLDP-MED location TLV that provides location information from the switch to the

endpoint device

• CDP and LLDP enhancements for exchanging location information with video end points for

dynamic location-based content distribution from servers

• Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external

source

• Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses

• Configuration logging to log and to view changes to the switch configuration

• Unique device identifier to provide product identification information through a show inventory

user EXEC command display

• In-band management access through the device manager over a Netscape Navigator or Microsoft

Internet Explorer browser session

• In-band management access for up to 16 simultaneous Telnet connections for multiple CLI-based

sessions over the network

• In-band management access for up to five simultaneous, encrypted Secure Shell (SSH) connections

for multiple CLI-based sessions over the network (requires the cryptographic version of the
software)

• In-band management access through SNMP Versions 1, 2c, and 3 get and set requests

• Out-of-band management access through the switch console port to a directly attached terminal or

to a remote terminal through a serial connection or a modem

1-4

• Secure Copy Protocol (SCP) feature to provide a secure and authenticated method for copying

switch configuration or switch image files (requires the cryptographic version of the software)

• DHCP Snooping enhancement to support the selection of a fixed string-based format for the

circuit-id sub-option of the Option 82 DHCP field

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 1 Overview

Availability and Redundancy Features

• UniDirectional Link Detection (UDLD) and aggressive UDLD for detecting and disabling

unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults

• IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free

networks. STP has these features:

–

Up to 64 spanning-tree instances supported

–

Per-VLAN spanning-tree plus (PVST+) for load balancing across VLANs

–

Rapid PVST+ for load balancing across VLANs and providing rapid convergence of
spanning-tree instances

–

UplinkFast and BackboneFast for fast convergence after a spanning-tree topology change and
for achieving load balancing between redundant uplinks, including Gigabit uplinks

• IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree

instance and for providing multiple forwarding paths for data traffic and load balancing and rapid
per-VLAN Spanning-Tree plus (rapid-PVST+) based on the IEEE 802.1w Rapid Spanning Tree
Protocol (RSTP) for rapid convergence of the spanning tree by immediately changing root and
designated ports to the forwarding state

Features

VLAN Features

• Optional spanning-tree features available in PVST+, rapid-PVST+, and MSTP mode:

–

Port Fast for eliminating the forwarding delay by enabling a port to immediately change from
the blocking state to the forwarding state

–

BPDU guard for shutting down Port Fast-enabled ports that receive bridge protocol data units
(BPDUs)

–

BPDU filtering for preventing a Port Fast-enabled port from sending or receiving BPDUs

–

Root guard for preventing switches outside the network core from becoming the spanning-tree
root

–

Loop guard for preventing alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link

• Support for up to 64 VLANs for assigning users to VLANs associated with appropriate network

resources, traffic patterns, and bandwidth

• Support for VLAN IDs in the 1 to 4094 range as allowed by the IEEE 802.1Q standard

• VLAN Query Protocol (VQP) for dynamic VLAN membership

• IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes;

management and control of broadcast and multicast traffic; and network security by establishing
VLAN groups for high-security users and network resources

• Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for

negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used

• VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting

flooded traffic to links destined for stations receiving the traffic

OL-23389-01

• Voice VLAN for creating subnets for voice traffic from Cisco IP Phones

Catalyst 2928 Switch Software Configuration Guide

1-5

Features

• VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1

• Port security on a PVLAN host to limit the number of MAC addresses learned on a port, or define

Security Features

• Password-protected access (read-only and read-write access) to management interfaces (device

• Multilevel security for a choice of security level, notification, and resulting actions

• Static MAC addressing for ensuring security

• Protected port option for restricting the forwarding of traffic to designated ports on the same switch

• Port security option for limiting and identifying MAC addresses of the stations allowed to access

• VLAN aware port security option to shut down the VLAN on the port when a violation occurs,

• Port security aging to set the aging time for secure addresses on a port

Chapter 1 Overview

to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and receive control protocol frames.

which MAC addresses may be learned on a port

manager, Network Assistant, and the CLI) for protection against unauthorized configuration
changes

the port

instead of shutting down the entire port

• BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs

• Standard and extended IP access control lists (ACLs) for defining inbound security policies on Layer

2 interfaces (port ACLs)

• Standard and extended IP access control lists (ACLs) for defining inbound security policies on

Layer 2 interfaces (port ACLs)

• IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining

access to the network. These features are supported:

–

VLAN assignment for restricting IEEE 802.1x-authenticated users to a specified VLAN

–

Port security for controlling access to IEEE 802.1x ports

–

Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized
or unauthorized state of the port

–

IP phone detection enhancement to detect and recognize a Cisco IP phone.

–

Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users

–

Restricted VLAN to provide limited services to users who are 802.1x compliant, but do not have
the credentials to authenticate via the standard 802.1x processes

–

IEEE 802.1x accounting to track network usage

• Web authentication to allow a supplicant (client) that does not support IEEE 802.1x functionality to

be authenticated using a web browser

• Local web authentication banner so that a custom banner or an image file can be displayed at a web

authentication login screen

• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers

1-6

• IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP

snooping database and IP source bindings

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 1 Overview

• Support for IP source guard on static hosts

• Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP

requests and responses to other ports in the same VLAN

• TACACS+, a proprietary feature for managing network security through a TACACS server

• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users

through authentication, authorization, and accounting (AAA) services

• Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,

and message integrity and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic version of the software)

• Voice aware IEEE 802.1x security

QoS and CoS Features

• Classification

–

IEEE 802.1p CoS marking priorities on a per-port basis for protecting the performance of
mission-critical applications

–

Trusted port states (CoS and IP precedence) within a QoS domain and with a port bordering
another QoS domain

Features

• Ingress queueing and scheduling

–

Two configurable ingress queues for user traffic (one queue can be the priority queue)

–

Weighted tail drop (WTD) as the congestion-avoidance mechanism for managing the queue
lengths and providing drop precedences for different traffic classifications

–

Thresholds and queue-lengths are predefined and fixed

–

Shaped round robin (SRR) as the scheduling service for specifying the rate at which packets are
sent to the internal ring

–

Ratios and buffers/thresholds are predefined and fixed

• Egress queues and scheduling

–

Four egress queues per port

–

WTD as the congestion-avoidance mechanism for managing the queue lengths and providing
drop precedences for different traffic classifications

–

Thresholds and queue-lengths are predefined and fixed

–

SRR as the scheduling service for specifying the rate at which packets are dequeued to the
egress interface

–

Ratios and buffers/thresholds are predefined and fixed

Power over Ethernet Features (WS-C2928-24LT-C only)

OL-23389-01

• Ability to provide power to connected Cisco pre-standard and IEEE 802.3af-compliant powered

devices from Power over Ethernet (PoE)-capable ports if the switch detects that there is no power
on the circuit.

• Support for CDP with power consumption. The powered device notifies the switch of the amount of

power it is consuming.

Catalyst 2928 Switch Software Configuration Guide

1-7

Default Settings After Initial Switch Configuration

• Support for Cisco intelligent power management. The powered device and the switch negotiate

through power-negotiation CDP messages for an agreed power-consumption level. The negotiation
allows a high-power Cisco powered device to operate at its highest power mode.

• Automatic detection and power budgeting; the switch maintains a power budget, monitors and tracks

requests for power, and grants power only when it is available.

• Ability to monitor the real-time power consumption. On a per-PoE port basis, the switch senses the

total power consumption, polices the power usage, and reports the power usage.

Monitoring Features

• Switch LEDs that provide port- and switch-level status

• MAC address notification traps and RADIUS accounting for tracking users on a network by storing

the MAC addresses that the switch has learned or removed

• Switched Port Analyzer (SPAN) for traffic monitoring on any port or VLAN

• SPAN support of Intrusion Detection Systems (IDS) to monitor, repel, and report network security

violations

• Four groups (history, statistics, alarms, and events) of embedded RMON agents for network

monitoring and traffic analysis

• Syslog facility for logging system messages about authentication or authorization errors, resource

issues, and time-out events

Chapter 1 Overview

• Layer 2 traceroute to identify the physical path that a packet takes from a source device to a

destination device

• Time Domain Reflector (TDR) to diagnose and resolve cabling problems on 10/100 and

10/100/1000 copper Ethernet ports

• SFP module diagnostic management interface to monitor physical or operational status of an SFP

module

Default Settings After Initial Switch Configuration

The switch is designed for plug-and-play operation, requiring only that you assign basic IP information
to the switch and connect it to the other devices in your network. If you have specific network needs,
you can change the interface-specific and system-wide settings.

Note For information about assigning an IP address by using the browser-based Express Setup program, see

the getting started guide. For information about assigning an IP address by using the CLI-based setup
program, see the hardware installation guide.

If you do not configure the switch at all, the switch operates with these default settings:

• Default switch IP address, subnet mask, and default gateway is 0.0.0.0. For more information, see

Chapter 3, “Assigning the Switch IP Address and Default Gateway.”

• Default domain name is not configured. For more information, see Chapter 3, “Assigning the Switch

IP Address and Default Gateway.”

1-8

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 1 Overview

Default Settings After Initial Switch Configuration

• DHCP client is enabled, the DHCP server is enabled (only if the device acting as a DHCP server is

configured and is enabled), and the DHCP relay agent is enabled (only if the device is acting as a
DHCP relay agent is configured and is enabled). For more information, see Chapter 3, “Assigning

the Switch IP Address and Default Gateway,” and Chapter 20, “Configuring DHCP Features and IP
Source Guard Features.”

• Switch cluster is disabled. For more information about switch clusters, see Chapter 5, “Clustering

Switches.”

• No passwords are defined. For more information, see Chapter 7, “Administering the Switch.”

• System name and prompt is Switch. For more information, see Chapter 7, “Administering the

Switch.”

• NTP is enabled. For more information, see Chapter 7, “Administering the Switch.”

• DNS is enabled. For more information, see Chapter 7, “Administering the Switch.”

• TACACS+ is disabled. For more information, see Chapter 8, “Configuring Switch-Based

Authentication.”

• RADIUS is disabled. For more information, see Chapter 8, “Configuring Switch-Based

Authentication.”

• The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are both enabled. For more

information, see Chapter 8, “Configuring Switch-Based Authentication.”

• IEEE 802.1x is disabled. For more information, see Chapter 9, “Configuring IEEE 802.1x

Port-Based Authentication.”

• Port parameters

–

Interface speed and duplex mode is autonegotiate. For more information, see Chapter 12,

“Configuring Interface Characteristics.”

–

Auto-MDIX is enabled. For more information, see Chapter 12, “Configuring Interface

Characteristics.”

–

Flow control is off. For more information, see

–

PoE is autonegotiate. For more information, see Chapter 12, “Configuring Interface

Characteristics.”

• No Smartports macros are defined. For more information, see the Auto Smartports Configuration

Guide.

• VLANs

–

Default VLAN is VLAN 1. For more information, see Chapter 13, “Configuring VLANs.”

–

VLAN trunking setting is dynamic auto (DTP). For more information, see Chapter 13,

“Configuring VLANs.”

–

Trunk encapsulation is negotiate. For more information, see Chapter 13, “Configuring VLANs.”

–

VTP mode is server. For more information, see Chapter 14, “Configuring VTP.”

–

VTP version is Version 1. For more information, see Chapter 14, “Configuring VTP.”

OL-23389-01

–

Voice VLAN is disabled. For more information, see Chapter 15, “Configuring Voice VLAN.”

• STP, PVST+ is enabled on VLAN 1. For more information, see Chapter 16, “Configuring STP.”

• MSTP is disabled. For more information, see Chapter 17, “Configuring MSTP.”

• Optional spanning-tree features are disabled. For more information, see Chapter 18, “Configuring

Optional Spanning-Tree Features.”

Catalyst 2928 Switch Software Configuration Guide

1-9

Default Settings After Initial Switch Configuration

• IGMP snooping is enabled. No IGMP filters are applied. For more information, see Chapter 21,

“Configuring IGMP Snooping.”

• IGMP throttling setting is deny. For more information, see Chapter 21, “Configuring IGMP

Snooping.”

• The IGMP snooping querier feature is disabled. For more information, see Chapter 21, “Configuring

IGMP Snooping.”

• Port-based traffic

–

Broadcast, multicast, and unicast storm control is disabled. For more information, see

Chapter 22, “Configuring Port-Based Traffic Control.”

–

No protected ports are defined. For more information, see Chapter 22, “Configuring Port-Based

Traffic Control.”

–

Unicast and multicast traffic flooding is not blocked. For more information, see Chapter 22,

“Configuring Port-Based Traffic Control.”

–

No secure ports are configured. For more information, see Chapter 22, “Configuring Port-Based

Traffic Control.”

• CDP is enabled. For more information, see Chapter 23, “Configuring CDP.”

• UDLD is disabled. For more information, see Chapter 25, “Configuring UDLD.”

• SPAN disabled. For more information, see Chapter 26, “Configuring SPAN.”

Chapter 1 Overview

• RMON is disabled. For more information, see Chapter 27, “Configuring RMON.”

• Syslog messages are enabled and appear on the console. For more information, see Chapter 28,

“Configuring System Message Logging.”

• SNMP is enabled (Version 1). For more information, see Chapter 29, “Configuring SNMP.”

• QoS is disabled. For more information, see Chapter 31, “Configuring QoS.”

• No EtherChannels are configured. For more information, see Chapter 32, “Configuring

EtherChannels.”

• DHCP snooping is disabled. The DHCP snooping information option is enabled. For more

information, see Chapter 20, “Configuring DHCP Features and IP Source Guard Features.”

• IP source guard is disabled. For more information, see Chapter 20, “Configuring DHCP Features

and IP Source Guard Features.”

• DHCP server port-based address allocation is disabled. For more information, see Chapter 20,

“Configuring DHCP Features and IP Source Guard Features.”

• Dynamic ARP inspection is disabled on all VLANs. For more information, see Chapter 21,

“Configuring Dynamic ARP Inspection.”

• No ACLs are configured. For more information, see Chapter 31, “Configuring Network Security

with ACLs.”

1-10

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 1 Overview

Network Configuration Examples

This section provides network configuration concepts and includes examples of using the switch to
create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit
Ethernet connections.

• “Design Concepts for Using the Switch” section on page 1-11

• “Small to Medium-Sized Network Using Catalyst 2928 Switches” section on page 1-14

Design Concepts for Using the Switch

IAs your network users compete for network bandwidth, it takes longer to send and receive data. When
you configure your network, consider the bandwidth required by your network users and the relative
priority of the network applications that they use.

Table 1-1 describes what can cause network performance to degrade and how you can configure your

network to increase the bandwidth available to your network users.

Table 1-1 Increasing Network Performance

Network Configuration Examples

Network Demands Suggested Design Methods

Too many users on a single network
segment and a growing number of
users accessing the Internet

• Increased power of new PCs,

workstations, and servers

• High bandwidth demand from

networked applications (such as
e-mail with large attached files)
and from bandwidth-intensive
applications (such as
multimedia)

• Create smaller network segments so that fewer users share the bandwidth, and use

VLANs and IP subnets to place the network resources in the same logical network
as the users who access those resources most.

• Use full-duplex operation between the switch and its connected workstations.

• Connect global resources—such as servers and routers to which the network users

require equal access—directly to the high-speed switch ports so that they have
their own high-speed segment.

• Use the EtherChannel feature between the switch and its connected servers and

routers.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

1-11

Network Configuration Examples

Bandwidth alone is not the only consideration when designing your network. As your network traffic
profiles evolve, consider providing network services that can support applications for voice and data
integration, multimedia integration, application prioritization, and security. Tabl e 1-2 describes some
network demands and how you can meet them.

Table 1-2 Providing Network Services

Network Demands Suggested Design Methods

Efficient bandwidth usage for
multimedia applications and
guaranteed bandwidth for critical
applications

High demand on network redundancy
and availability to provide always on
mission-critical applications

An evolving demand for IP telephony

• Use IGMP snooping to efficiently forward multimedia and multicast traffic.

• Use other QoS mechanisms such as packet classification, marking, scheduling,

and congestion avoidance to classify traffic with the appropriate priority level,
thereby providing maximum flexibility and support for mission-critical, unicast,
and multicast and multimedia applications.

• Use VLAN trunks and BackboneFast for traffic-load balancing on the uplink ports

so that the uplink port with a lower relative port cost is selected to carry the VLAN
traffic.

• Use QoS to prioritize applications such as IP telephony during congestion and to

help control both delay and jitter within the network.

• Use switches that support at least two queues per port to prioritize voice and data

traffic as either high- or low-priority, based on IEEE 802.1p/Q. The switch
supports at least four queues per port.

• Use voice VLAN IDs (VVIDs) to provide separate VLANs for voice traffic.

Chapter 1 Overview

You can use the switches to create the following:

• Cost-effective Gigabit-to-the-desktop for high-performance workgroups (Figure 1-1)—For

high-speed access to network resources, you can use the Cisco Catalyst 2928 switches in the access
layer to provide Gigabit Ethernet to the desktop. To prevent congestion, use QoS DSCP marking
priorities on these switches. For high-speed IP forwarding at the distribution layer, connect the
switches in the access layer to a Gigabit multilayer switch with routing capability, such as a
Catalyst 3750 switch, or to a router.

The first illustration is of an isolated high-performance workgroup, where the Catalyst 2928
switches are connected to Catalyst 3750 switches in the distribution layer. The second illustration is
of a high-performance workgroup in a branch office, where the Catalyst 2928 switches are
connected to a router in the distribution layer.

Each switch in this configuration provides users with a dedicated 1-Gb/s connection to network
resources. Using SFP modules also provides flexibility in media and distance options through
fiber-optic connections.

1-12

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 1 Overview

89373

Access-layer
Catalyst
switches

Catalyst 3750
switches

89376

Campus

core

Catalyst
6500 switches

Catalyst 3750
StackWise
switch stacks

Access-layer
Catalyst
switches

Server racks

Network Configuration Examples

Figure 1-1 High-Performance Workgroup (Gigabit-to-the-Desktop)

Server aggregation (Figure 1-2)—You can use the switches to interconnect groups of servers,

•

centralizing physical security and administration of your network. For high-speed IP forwarding at
the distribution layer, connect the switches in the access layer to multilayer switches with routing
capability. The Gigabit interconnections minimize latency in the data flow.

QoS and policing on the switches provide preferential treatment for certain data streams. They
segment traffic streams into different paths for processing. Security features on the switch ensure
rapid handling of packets.

Fault tolerance from the server racks to the core is achieved through dual homing of servers
connected to switches, which have redundant Gigabit EtherChannels.

Using dual SFP module uplinks from the switches provides redundant uplinks to the network core.
Using SFP modules provides flexibility in media and distance options through fiber-optic
connections.

Figure 1-2 Server Aggregation

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

1-13

Network Configuration Examples

Small to Medium-Sized Network Using Catalyst 2928 Switches

Figure 1-3 shows a configuration for a network of up to 500 employees. This network uses Catalyst 2928

switches with high-speed connections to two routers. This ensures connectivity to the Internet, WAN,
and mission-critical network resources in case one of the routers fails. The switches are using
EtherChannel for load sharing.

The switches are connected to workstations and local servers. The server farm includes a call-processing
server running Cisco CallManager software. Cisco CallManager controls call processing, routing, and
Cisco IP Phone features and configuration. The switches are interconnected through Gigabit interfaces.

This network uses VLANs to logically segment the network into well-defined broadcast groups and for
security management. Data and multimedia traffic are configured on the same VLAN. Voice traffic from
the Cisco IP Phones are configured on separate VVIDs. If data, multimedia, and voice traffic are
assigned to the same VLAN, only one VLAN can be configured per wiring closet.

When an end station in one VLAN needs to communicate with an end station in another VLAN, a router
routes the traffic to the destination VLAN. In this network, the routers are providing inter-VLAN
routing. VLAN access control lists (VLAN maps) on the switch provide intra-VLAN security and
prevent unauthorized users from accessing critical areas of the network.

In addition to inter-VLAN routing, the routers provide QoS mechanisms such as DSCP priorities to
prioritize the different types of network traffic and to deliver high-priority traffic. If congestion occurs,
QoS drops low-priority traffic to allow delivery of high-priority traffic.

Cisco CallManager controls call processing, routing, and Cisco IP Phone features and configuration.
Users with workstations running Cisco SoftPhone software can place, receive, and control calls from
their PCs. Using Cisco IP Phones, Cisco CallManager software, and Cisco SoftPhone software integrates
telephony and IP networks, and the IP network supports both voice and data.

The routers also provide firewall services, Network Address Translation (NAT) services, voice-over-IP
(VoIP) gateway services, and WAN and Internet access.

Chapter 1 Overview

1-14

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 1 Overview

Gigabit
servers

101388

Cisco 2600 or

3700 routers

Internet

Cisco IP

phones

Workstations

running

Cisco SoftPhone

software

Aironet wireless

access points

IP IP

Network Configuration Examples

Figure 1-3 Catalyst 2928 Switches in a Collapsed Backbone Configuration

Campus Network Using Catalyst 2928 Switches

Figure 1-4 shows a configuration for a network supporting multiple users with access control. This

network uses Catalyst 2928 switches with connections to a core layer switch and a wireless services
module. The switches connect workstations and wireless access points through the core layer to a
third-party system that provides authentication, authorization, and accounting services.

Using a combination of web authentication and DHCP authentication, the Catalyst 2928 switches and
the third-party system implement a stringed access control that binds a user name and password with IP
address, MAC address, VLAN ID, and port number.

Note You cannot use IP phones in this configuration with portal-based authentication.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

1-15

Where to Go Next

Third Party Device
Portal Server + RADIUS Server +
DHCP Server + Policy Server +
Accounting + Billing Information

Core
Layer
Switch

2928 2928 2928

2928

Wired Client Wired Client

Wireless Client

Wireless Client

Access Point

Access Point

279916

Cisco Wireless

Services Module

Chapter 1 Overview

Figure 1-4 Catalyst 2928 Switches in a Network Access Control Deployment

Where to Go Next

Before configuring the switch, review these sections for startup information:

• Chapter 2, “Using the Command-Line Interface”

• Chapter 3, “Assigning the Switch IP Address and Default Gateway”

Catalyst 2928 Switch Software Configuration Guide

1-16

OL-23389-01

CHAP T ER

2

Using the Command-Line Interface

This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your
Catalyst 2928 switch. It contains these sections:

• Understanding Command Modes, page 2-1

• Understanding the Help System, page 2-3

• Understanding Abbreviated Commands, page 2-3

• Understanding no and default Forms of Commands, page 2-4

• Understanding CLI Error Messages, page 2-4

• Using Configuration Logging, page 2-4

• Using Command History, page 2-5

• Using Editing Features, page 2-6

• Searching and Filtering Output of show and more Commands, page 2-9

• Accessing the CLI, page 2-9

Understanding Command Modes

The Cisco IOS user interface is divided into many different modes. The commands available to you
depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a
list of commands available for each command mode.

When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a
limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC
commands are one-time commands, such as show commands, which show the current configuration
status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved
when the switch reboots.

To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a
password to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC
command or enter global configuration mode.

Using the configuration modes (global, interface, and line), you can make changes to the running
configuration. If you save the configuration, these commands are stored and used when the switch
reboots. To access the various configuration modes, you must start at global configuration mode. From
global configuration mode, you can enter interface configuration mode and line configuration mode.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

2-1

Chapter 2 Using the Command-Line Interface

Understanding Command Modes

Table 2-1 describes the main command modes, how to access each one, the prompt you see in that mode,

and how to exit the mode. The examples in the table use the hostname Switch.

Table 2-1 Command Mode Summary

Mode Access Method Prompt Exit Method About This Mode

User EXEC Begin a session with

your switch.

Privileged EXEC While in user EXEC

mode, enter the
enable command.

Global configuration While in privileged

EXEC mode, enter
the configure
command.

VLAN configuration While in global

configuration mode,
enter the
vlan vlan-id
command.

Interface
configuration

While in global
configuration mode,
enter the interface
command (with a
specific interface).

Switch>

Switch#

Switch(config)#

Switch(config-vlan)#

Switch(config-if)#

Enter logout or
quit.

Enter disable to
exit.

To exit to privileged
EXEC mode, enter

exit or end, or press
Ctrl-Z.

To exit to global
configuration mode,
enter the exit
command.

To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.

To exit to global
configuration mode,
enter exit.

To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.

Use this mode to

• Change terminal settings.

• Perform basic tests.

• Display system

information.

Use this mode to verify
commands that you have
entered. Use a password to
protect access to this mode.

Use this mode to configure
parameters that apply to the
entire switch.

Use this mode to configure
VLAN parameters. When VTP
mode is transparent, you can
create extended-range VLANs
(VLAN IDs greater than 1005)
and save configurations in the
switch startup configuration
file.

Use this mode to configure
parameters for the Ethernet
ports.

For information about defining
interfaces, see the “Using

Interface Configuration Mode”
section on page 12-9.

Line configuration While in global

configuration mode,
specify a line with
the line vty or line
console command.

Catalyst 2928 Switch Software Configuration Guide

2-2

Switch(config-line)#

To exit to global
configuration mode,
enter exit.

To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.

To configure multiple
interfaces with the same
parameters, see the

“Configuring a Range of
Interfaces” section on
page 12-10.

Use this mode to configure
parameters for the terminal
line.

OL-23389-01

Chapter 2 Using the Command-Line Interface

Understanding the Help System

For more detailed information on the command modes, see the command reference guide for this release.

Understanding the Help System

You can enter a question mark (?) at the system prompt to display a list of commands available for each
command mode. You can also obtain a list of associated keywords and arguments for any command, as
shown in Table 2-2 .

Table 2-2 Help Summary

Command Purpose

help Obtain a brief description of the help system in any command mode.

abbreviated-command-entry? Obtain a list of commands that begin with a particular character string.

For example:

Switch# di?
dir disable disconnect

abbreviated-command-entry<Tab> Complete a partial command name.

For example:

Switch# sh conf<tab>
Switch# show configuration

? List all commands available for a particular command mode.

For example:

Switch> ?

command ? List the associated keywords for a command.

For example:

Switch> show ?

command keyword ? List the associated arguments for a keyword.

For example:

Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver must keep this packet

Understanding Abbreviated Commands

You need to enter only enough characters for the switch to recognize the command as unique.

This example shows how to enter the show configuration privileged EXEC command in an abbreviated
form:

Switch# show conf

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

2-3

Chapter 2 Using the Command-Line Interface

Understanding no and default Forms of Commands

Understanding no and default Forms of Commands

Almost every configuration command also has a no form. In general, use the no form to disable a feature
or function or reverse the action of a command. For example, the no shutdown interface configuration
command reverses the shutdown of an interface. Use the command without the keyword no to re-enable
a disabled feature or to enable a feature that is disabled by default.

Configuration commands can also have a default form. The default form of a command returns the
command setting to its default. Most commands are disabled by default, so the default form is the same
as the no form. However, some commands are enabled by default and have variables set to certain default
values. In these cases, the default command enables the command and sets variables to their default
values.

Understanding CLI Error Messages

Table 2-3 lists some error messages that you might encounter while using the CLI to configure your

switch.

Table 2-3 Common CLI Error Messages

Error Message Meaning How to Get Help

% Ambiguous command:
"show con"

% Incomplete command.

% Invalid input detected
at ‘^’ marker.

You did not enter enough characters
for your switch to recognize the
command.

You did not enter all the keywords or
values required by this command.

You entered the command
incorrectly. The caret (^) marks the
point of the error.

Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.

The possible keywords that you can enter with the
command appear.

Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.

The possible keywords that you can enter with the
command appear.

Enter a question mark (?) to display all the commands
that are available in this command mode.

The possible keywords that you can enter with the
command appear.

Using Configuration Logging

You can log and view changes to the switch configuration. You can use the Configuration Change
Logging and Notification feature to track changes on a per-session and per-user basis. The logger tracks
each configuration command that is applied, the user who entered the command, the time that the

2-4

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 2 Using the Command-Line Interface

command was entered, and the parser return code for the command. This feature includes a mechanism
for asynchronous notification to registered applications whenever the configuration changes. You can
choose to have the notifications sent to the syslog.

For more information, see the Configuration Change Notification and Logging feature module at this
URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1e81.
html

Note Only CLI or HTTP changes are logged.

Using Command History

The software provides a history or record of commands that you have entered. The command history
feature is particularly useful for recalling long or complex commands or entries, including access lists.
You can customize this feature to suit your needs as described in these sections:

• Changing the Command History Buffer Size, page 2-5 (optional)

Using Command History

• Recalling Commands, page 2-6 (optional)

• Disabling the Command History Feature, page 2-6 (optional)

Changing the Command History Buffer Size

By default, the switch records ten command lines in its history buffer. You can alter this number for a
current terminal session or for all sessions on a particular line. These procedures are optional.

Beginning in privileged EXEC mode, enter this command to change the number of command lines that
the switch records during the current terminal session:

Switch# terminal history [size number-of-lines]

The range is from 0 to 256.

Beginning in line configuration mode, enter this command to configure the number of command lines
the switch records for all sessions on a particular line:

Switch(config-line)# history [size number-of-lines]

The range is from 0 to 256.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

2-5

Chapter 2 Using the Command-Line Interface

Using Editing Features

Recalling Commands

To recall commands from the history buffer, perform one of the actions listed in Table 2-4. These actions
are optional.

Table 2-4 Recalling Commands

1

Action

Press Ctrl-P or the up arrow key. Recall commands in the history buffer, beginning with the most recent command.

Press Ctrl-N or the down arrow key. Return to more recent commands in the history buffer after recalling commands

show history While in privileged EXEC mode, list the last several commands that you just

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Result

Repeat the key sequence to recall successively older commands.

with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively
more recent commands.

entered. The number of commands that appear is controlled by the setting of the
terminal history global configuration command and the history line configuration
command.

Disabling the Command History Feature

The command history feature is automatically enabled. You can disable it for the current terminal session
or for the command line. These procedures are optional.

To disable the feature during the current terminal session, enter the terminal no history privileged
EXEC command.

To disable command history for the line, enter the no history line configuration command.

Using Editing Features

This section describes the editing features that can help you manipulate the command line. It contains
these sections:

• Enabling and Disabling Editing Features, page 2-6 (optional)

• Editing Commands through Keystrokes, page 2-7 (optional)

• Editing Command Lines that Wrap, page 2-8 (optional)

Enabling and Disabling Editing Features

Although enhanced editing mode is automatically enabled, you can disable it, re-enable it, or configure
a specific line to have enhanced editing. These procedures are optional.

To globally disable enhanced editing mode, enter this command in line configuration mode:

Switch (config-line)# no editing

2-6

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 2 Using the Command-Line Interface

To re-enable the enhanced editing mode for the current terminal session, enter this command in
privileged EXEC mode:

Switch# terminal editing

To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration
mode:

Switch(config-line)# editing

Editing Commands through Keystrokes

Table 2-5 shows the keystrokes that you need to edit command lines. These keystrokes are optional.

Table 2-5 Editing Commands through Keystrokes

Using Editing Features

Capability Keystroke

Move around the command line to
make changes or corrections.

Press Ctrl-B, or press the
left arrow key.

Press Ctrl-F, or press the
right arrow key.

Press Ctrl-A. Move the cursor to the beginning of the command line.

Press Ctrl-E. Move the cursor to the end of the command line.

Press Esc B. Move the cursor back one word.

Press Esc F. Move the cursor forward one word.

Press Ctrl-T. Transpose the character to the left of the cursor with the

Recall commands from the buffer and

Press Ctrl-Y. Recall the most recent entry in the buffer.
paste them in the command line. The
switch provides a buffer with the last
ten items that you deleted.

Press Esc Y. Recall the next buffer entry.

Delete entries if you make a mistake
or change your mind.

Press the Delete or

Backspace key.

Press Ctrl-D. Delete the character at the cursor.

Press Ctrl-K. Delete all characters from the cursor to the end of the

Press Ctrl-U or Ctrl-X. Delete all characters from the cursor to the beginning of

Press Ctrl-W. Delete the word to the left of the cursor.

Press Esc D. Delete from the cursor to the end of the word.

Capitalize or lowercase words or

Press Esc C. Capitalize at the cursor.
capitalize a set of letters.

1

Purpose

Move the cursor back one character.

Move the cursor forward one character.

character located at the cursor.

The buffer contains only the last 10 items that you have
deleted or cut. If you press Esc Y more than ten times, you
cycle to the first buffer entry.

Erase the character to the left of the cursor.

command line.

the command line.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

2-7

Using Editing Features

Table 2-5 Editing Commands through Keystrokes (continued)

Chapter 2 Using the Command-Line Interface

Capability Keystroke

1

Press Esc L. Change the word at the cursor to lowercase.

Press Esc U. Capitalize letters from the cursor to the end of the word.

Designate a particular keystroke as

Press Ctrl-V or Esc Q.
an executable command, perhaps as a
shortcut.

Scroll down a line or screen on

Press the Return key. Scroll down one line.
displays that are longer than the
terminal screen can display.

Note The More prompt is used for

any output that has more
lines than can be displayed
on the terminal screen,
including show command
output. You can use the
Return and Space bar
keystrokes whenever you see
the More prompt.

Press the Space bar. Scroll down one screen.

Redisplay the current command line

Press Ctrl-L or Ctrl-R. Redisplay the current command line.
if the switch suddenly sends a
message to your screen.

1. The arrow keys function only on ANSI-compatible terminals such as VT100s.

Purpose

Editing Command Lines that Wrap

You can use a wraparound feature for commands that extend beyond a single line on the screen. When
the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the
first ten characters of the line, but you can scroll back and check the syntax at the beginning of the
command. The keystroke actions are optional.

To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You
can also press Ctrl-A to immediately move to the beginning of the line.

The arrow keys function only on ANSI-compatible terminals such as VT100s.

In this example, the access-list global configuration command entry extends beyond one line. When the
cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar
sign ($) shows that the line has been scrolled to the left. Each time the cursor reaches the end of the line,
the line is again shifted ten spaces to the left.

Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1
Switch(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25
Switch(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq
Switch(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45

After you complete the entry, press Ctrl-A to check the complete syntax before pressing the Return key
to execute the command. The dollar sign ($) appears at the end of the line to show that the line has been
scrolled to the right:

Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$

2-8

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 2 Using the Command-Line Interface

Searching and Filtering Output of show and more Commands

The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than
that, use the terminal width privileged EXEC command to set the width of your terminal.

Use line wrapping with the command history feature to recall and modify previous complex command
entries. For information about recalling previous command entries, see the “Editing Commands through

Keystrokes” section on page 2-7.

Searching and Filtering Output of show and more Commands

You can search and filter the output for show and more commands. This is useful when you need to sort
through large amounts of output or if you want to exclude output that you do not need to see. Using these
commands is optional.

To use this functionality, enter a show or more command followed by the pipe character (|), one of the
keywords begin, include, or exclude, and an expression that you want to search for or filter out:

command | {begin | include | exclude} regular-expression

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
are not displayed, but the lines that contain Output appear.

This example shows how to include in the output display only lines where the expression protocol
appears:

Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
GigabitEthernet0/1 is up, line protocol is down
GigabitEthernet0/2 is up, line protocol is up

Accessing the CLI

You can access the CLI through a console connection, through Telnet, or by using the browser.

Accessing the CLI through a Console Connection or through Telnet

Before you can access the CLI, you must connect a terminal or PC to the switch console port and power
on the switch, as described in the getting started guide that shipped with your switch. Then, to understand
the boot process and the options available for assigning IP information, see Chapter 3, “Assigning the

Switch IP Address and Default Gateway.”

If your switch is already configured, you can access the CLI through a local console connection or
through a remote Telnet session, but your switch must first be configured for this type of access. For
more information, see the “Setting a Telnet Password for a Terminal Line” section on page 8-6.

OL-23389-01

You can use one of these methods to establish a connection with the switch:

• Connect the switch console port to a management station or dial-up modem. For information about

connecting to the console port, see the switch getting started guide or hardware installation guide.

• Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management

station. The switch must have network connectivity with the Telnet or SSH client, and the switch
must have an enable secret password configured.

Catalyst 2928 Switch Software Configuration Guide

2-9

Accessing the CLI

Chapter 2 Using the Command-Line Interface

For information about configuring the switch for Telnet access, see the “Setting a Telnet Password

for a Terminal Line” section on page 8-6. The switch supports up to 16 simultaneous Telnet sessions.

Changes made by one Telnet user are reflected in all other Telnet sessions.

For information about configuring the switch for SSH, see the “Configuring the Switch for Secure

Shell” section on page 8-33. The switch supports up to five simultaneous secure SSH sessions.

After you connect through the console port, through a Telnet session or through an SSH session, the
user EXEC prompt appears on the management station.

2-10

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

CHAP T ER

3

Assigning the Switch IP Address and Default Gateway

This chapter describes how to create the initial switch configuration (for example, assigning the IP
address and default gateway information) for the Catalyst 2928 switch by using a variety of automatic
and manual methods. It also describes how to modify the switch startup configuration.

Note For complete syntax and usage information for the commands used in this chapter, see the command

reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and
Services, Release 12.2.

This chapter consists of these sections:

• Understanding the Boot Process, page 3-1

• Assigning Switch Information, page 3-2

• Checking and Saving the Running Configuration, page 3-14

• Modifying the Startup Configuration, page 3-15

• Scheduling a Reload of the Software Image, page 3-20

Understanding the Boot Process

To start your switch, you need to follow the procedures in the Getting Started Guide or the hardware
installation guide for installing and powering on the switch and setting up the initial switch configuration
(IP address, subnet mask, default gateway, secret and Telnet passwords, and so forth).

The normal boot process involves the operation of the boot loader software, which performs these
activities:

• Performs low-level CPU initialization. It initializes the CPU registers, which control where physical

memory is mapped, its quantity, its speed, and so forth.

• Performs power-on self-test (POST) for the CPU subsystem. It tests the CPU DRAM and the portion

of the flash device that makes up the flash file system.

• Initializes the flash file system on the system board.

• Loads a default operating system software image into memory and boots up the switch.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

3-1

Assigning Switch Information

The boot loader provides access to the flash file system before the operating system is loaded. Normally,
the boot loader is used only to load, uncompress, and launch the operating system. After the boot loader
gives the operating system control of the CPU, the boot loader is not active until the next system reset
or power-on.

The boot loader also provides trap-door access into the system if the operating system has problems
serious enough that it cannot be used. The trap-door mechanism provides enough access to the system
so that if it is necessary, you can format the flash file system, reinstall the operating system software
image by using the Xmodem Protocol, recover from a lost or forgotten password, and finally restart the
operating system. For more information, see the “Recovering from a Software Failure” section on

page 33-2 and the “Recovering from a Lost or Forgotten Password” section on page 33-3.

Note You can disable password recovery. For more information, see the “Disabling Password Recovery”

section on page 8-5.

Before you can assign switch information, make sure you have connected a PC or terminal to the console
port, and configured the PC or terminal-emulation software baud rate and character format to match
these of the switch console port:

• Baud rate default is 9600.

Chapter 3 Assigning the Switch IP Address and Default Gateway

• Data bits default is 8.

Note If the data bits option is set to 8, set the parity option to none.

• Stop bits default is 1.

• Parity settings default is none.

Assigning Switch Information

You can assign IP information through the switch setup program, through a DHCP server, or manually.

Use the switch setup program if you want to be prompted for specific IP information. With this program,
you can also configure a hostname and an enable secret password. It gives you the option of assigning a
Telnet password (to provide security during remote management) and configuring your switch as a
command or member switch of a cluster or as a standalone switch. For more information about the setup
program, see the hardware installation guide.

Use a DHCP server for centralized control and automatic assignment of IP information after the server
is configured.

Note If you are using DHCP, do not respond to any of the questions in the setup program until the switch

receives the dynamically assigned IP address and reads the configuration file.

3-2

If you are an experienced user familiar with the switch configuration steps, manually configure the
switch. Otherwise, use the setup program described previously.

• Default Switch Information, page 3-3

• Understanding DHCP-Based Autoconfiguration, page 3-3

• Manually Assigning IP Information, page 3-14

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

Default Switch Information

Table 3-1 shows the default switch information.

Table 3-1 Default Switch Information

Feature Default Setting

IP address and subnet mask No IP address or subnet mask are defined.

Default gateway No default gateway is defined.

Enable secret password No password is defined.

Hostname The factory-assigned default hostname is Switch.

Telnet password No password is defined.

Cluster command switch functionality Disabled.

Cluster name No cluster name is defined.

Understanding DHCP-Based Autoconfiguration

Assigning Switch Information

DHCP provides configuration information to Internet hosts and internetworking devices. This protocol
consists of two components: one for delivering configuration parameters from a DHCP server to a device
and a mechanism for allocating network addresses to devices. DHCP is built on a client-server model,
in which designated DHCP servers allocate network addresses and deliver configuration parameters to
dynamically configured devices. The switch can act as both a DHCP client and a DHCP server.

During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at
startup with IP address information and a configuration file.

With DHCP-based autoconfiguration, no DHCP client-side configuration is needed on your switch.
However, you need to configure the DHCP server for various lease options associated with IP addresses.
If you are using DHCP to relay the configuration file location on the network, you might also need to
configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server.

The DHCP server for your switch can be on the same LAN or on a different LAN than the switch. If the
DHCP server is running on a different LAN, you should configure a DHCP relay device between your
switch and the DHCP server. A relay device forwards broadcast traffic between two directly connected
LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP
address in the received packet.

DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

3-3

Assigning Switch Information

Switch A

DHCPACK (unicast)

DHCPREQUEST (broadcast)

DHCPOFFER (unicast)

DHCPDISCOVER (broadcast)

DHCP server

DHCP Client Request Process

When you boot up your switch, the DHCP client is invoked and requests configuration information from
a DHCP server when the configuration file is not present on the switch. If the configuration file is present
and the configuration includes the ip address dhcp interface configuration command on specific routed
interfaces, the DHCP client is invoked and requests the IP address information for those interfaces.

Figure 3-1 shows the sequence of messages that are exchanged between the DHCP client and the DHCP

server.

Figure 3-1 DHCP Client and Server Message Exchange

The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP
server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP
address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.

Chapter 3 Assigning the Switch IP Address and Default Gateway

In a DHCPREQUEST broadcast message, the client returns a formal request for the offered
configuration information to the DHCP server. The formal request is broadcast so that all other DHCP
servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP
addresses that they offered to the client.

The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK
unicast message to the client. With this message, the client and server are bound, and the client uses
configuration information received from the server. The amount of information the switch receives
depends on how you configure the DHCP server. For more information, see the “Configuring the TFTP

Server” section on page 3-7.

If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a
configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.

The DHCP server sends the client a DHCPNAK denial broadcast message, which means that the offered
configuration parameters have not been assigned, that an error has occurred during the negotiation of the
parameters, or that the client has been slow in responding to the DHCPOFFER message (the DHCP
server assigned the parameters to another client).

A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any of the
offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is
not a guarantee that the IP address is allocated to the client; however, the server usually reserves the
address until the client has had a chance to formally request the address. If the switch accepts replies
from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to
obtain the switch configuration file.

Understanding DHCP-based Autoconfiguration and Image Update

You can use the DHCP image upgrade features to configure a DHCP server to download both a new
image and a new configuration file to one or more switches in a network. This helps ensure that each
new switch added to a network receives the same image and configuration.

3-4

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

There are two types of DHCP image upgrades: DHCP autoconfiguration and DHCP auto-image update.

DHCP Autoconfiguration

DHCP autoconfiguration downloads a configuration file to one or more switches in your network from
a DHCP server. The downloaded configuration file becomes the running configuration of the switch. It
does not over write the bootup configuration saved in the flash, until you reload the switch.

DHCP Auto-Image Update

You can use DHCP auto-image upgrade with DHCP autoconfiguration to download both a configuration
and a new image to one or more switches in your network. The switch (or switches) downloading the
new configuration and the new image can be blank (or only have a default factory configuration loaded).

If the new configuration is downloaded to a switch that already has a configuration, the downloaded
configuration is appended to the configuration file stored on the switch. (Any existing configuration is
not overwritten by the downloaded one.)

Assigning Switch Information

Note To enable a DHCP auto-image update on the switch, the TFTP server where the image and configuration

files are located must be configured with the correct option 67 (the configuration filename), option 66
(the DHCP server hostname) option 150 (the TFTP server address), and option 125 (description of the
file) settings.

For procedures to configure the switch as a DHCP server, see the “Configuring DHCP-Based

Autoconfiguration” section on page 3-6 and the “Configuring DHCP” section of the “IP addressing and

Services” section of the Cisco IOS IP Configuration Guide, Release 12.2.

After you install the switch in your network, the auto-image update feature starts. The downloaded
configuration file is saved in the running configuration of the switch, and the new image is downloaded
and installed on the switch. When you reboot the switch, the configuration is stored in the saved
configuration on the switch.

Limitations and Restrictions

• The DHCP-based autoconfiguration with a saved configuration process stops if there is not at least

one Layer 3 interface in an up state without an assigned IP address in the network.

• Unless you configure a timeout, the DHCP-based autoconfiguration with a saved configuration

feature tries indefinitely to download an IP address.

• The auto-install process stops if a configuration file cannot be downloaded or it the configuration

file is corrupted.

OL-23389-01

Note The configuration file that is downloaded from TFTP is merged with the existing configuration in the

running configuration but is not saved in the NVRAM unless you enter the write memory or
copy running-configuration startup-configuration privileged EXEC command. Note that if the

downloaded configuration is saved to the startup configuration, the feature is not triggered during
subsequent system restarts.

Catalyst 2928 Switch Software Configuration Guide

3-5

Assigning Switch Information

Configuring DHCP-Based Autoconfiguration

• DHCP Server Configuration Guidelines, page 3-6

• Configuring the TFTP Server, page 3-7

• Configuring the DNS, page 3-7

• Configuring the Relay Device, page 3-7

• Obtaining Configuration Files, page 3-8

• Example Configuration, page 3-9

If your DHCP server is a Cisco device, see the “Configuring DHCP” section of the “IP Addressing and
Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 for additional information
about configuring DHCP.

DHCP Server Configuration Guidelines

You should configure the DHCP server with reserved leases that are bound to each switch by the switch
hardware address.

If you want the switch to receive IP address information, you must configure the DHCP server with these
lease options:

• IP address of the client (required)

Chapter 3 Assigning the Switch IP Address and Default Gateway

• Subnet mask of the client (required)

• DNS server IP address (optional)

• Router IP address (default gateway address to be used by the switch) (required)

If you want the switch to receive the configuration file from a TFTP server, you must configure the
DHCP server with these lease options:

• TFTP server name (required)

• Boot filename (the name of the configuration file that the client needs) (recommended)

• Hostname (optional)

Depending on the settings of the DHCP server, the switch can receive IP address information, the
configuration file, or both.

If you do not configure the DHCP server with the lease options described previously, it replies to client
requests with only those parameters that are configured. If the IP address and the subnet mask are not in
the reply, the switch is not configured. If the router IP address or the TFTP server name are not found,
the switch might send broadcast, instead of unicast, TFTP requests. Unavailability of other lease options
does not affect autoconfiguration.

3-6

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

Configuring the TFTP Server

Based on the DHCP server configuration, the switch attempts to download one or more configuration
files from the TFTP server. If you configured the DHCP server to respond to the switch with all the
options required for IP connectivity to the TFTP server, and if you configured the DHCP server with a
TFTP server name, address, and configuration filename, the switch attempts to download the specified
configuration file from the specified TFTP server.

If you did not specify the configuration filename, the TFTP server, or if the configuration file could not
be downloaded, the switch attempts to download a configuration file by using various combinations of
filenames and TFTP server addresses. The files include the specified configuration filename (if any) and
these files: network-config, cisconet.cfg, hostname.config, or hostname.cfg, where hostname is the
switch’s current hostname. The TFTP server addresses used include the specified TFTP server address
(if any) and the broadcast address (255.255.255.255).

For the switch to successfully download a configuration file, the TFTP server must contain one or more
configuration files in its base directory. The files can include these files:

• The configuration file named in the DHCP reply (the actual switch configuration file).

• The network-confg or the cisconet.cfg file (known as the default configuration files).

• The router-confg or the ciscortr.cfg file (These files contain commands common to all switches.

Normally, if the DHCP and TFTP servers are properly configured, these files are not accessed.)

If you specify the TFTP server name in the DHCP server-lease database, you must also configure the
TFTP server name-to-IP-address mapping in the DNS-server database.

Assigning Switch Information

If the TFTP server to be used is on a different LAN from the switch, or if it is to be accessed by the switch
through the broadcast address (which occurs if the DHCP server response does not contain all the
required information described previously), a relay must be configured to forward the TFTP packets to
the TFTP server. For more information, see the “Configuring the Relay Device” section on page 3-7. The
preferred solution is to configure the DHCP server with all the required information.

Configuring the DNS

The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must
configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the
configuration files for the switch.

You can configure the IP addresses of the DNS servers in the lease database of the DHCP server from
where the DHCP replies will retrieve them. You can enter up to two DNS server IP addresses in the lease
database.

The DNS server can be on the same or on a different LAN as the switch. If it is on a different LAN, the
switch must be able to access it through a router.

Configuring the Relay Device

You must configure a relay device, also referred to as a relay agent, when a switch sends broadcast
packets that require a response from a host on a different LAN. Examples of broadcast packets that the
switch might send are DHCP, DNS, and in some cases, TFTP packets. You must configure this relay
device to forward received broadcast packets on an interface to the destination host.

OL-23389-01

If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and
configure helper addresses by using the ip helper-address interface configuration command.

Catalyst 2928 Switch Software Configuration Guide

3-7

Assigning Switch Information

Switch

(DHCP client)

Cisco router

(Relay)

49068

DHCP server TFTP server DNS server

20.0.0.2 20.0.0.3

20.0.0.1

10.0.0.2

10.0.0.1

20.0.0.4

For example, in Figure 3-2, configure the router interfaces as follows:

On interface 10.0.0.2:

router(config-if)# ip helper-address 20.0.0.2
router(config-if)# ip helper-address 20.0.0.3
router(config-if)# ip helper-address 20.0.0.4

On interface 20.0.0.1

router(config-if)# ip helper-address 10.0.0.1

Figure 3-2 Relay Device Used in Autoconfiguration

Chapter 3 Assigning the Switch IP Address and Default Gateway

Obtaining Configuration Files

Depending on the availability of the IP address and the configuration filename in the DHCP reserved
lease, the switch obtains its configuration information in these ways:

• The IP address and the configuration filename is reserved for the switch and provided in the DHCP

reply (one-file read method).

The switch receives its IP address, subnet mask, TFTP server address, and the configuration
filename from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve
the named configuration file from the base directory of the server and upon receipt, it completes its
boot-up process.

• The IP address and the configuration filename is reserved for the switch, but the TFTP server

address is not provided in the DHCP reply (one-file read method).

The switch receives its IP address, subnet mask, and the configuration filename from the DHCP
server. The switch sends a broadcast message to a TFTP server to retrieve the named configuration
file from the base directory of the server, and upon receipt, it completes its boot-up process.

• Only the IP address is reserved for the switch and provided in the DHCP reply. The configuration

filename is not provided (two-file read method).

The switch receives its IP address, subnet mask, and the TFTP server address from the DHCP server.
The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg
default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg
file.)

Catalyst 2928 Switch Software Configuration Guide

3-8

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

Switch 1

00e0.9f1e.2001

Cisco router

111394

Switch 2

00e0.9f1e.2002

Switch 3

00e0.9f1e.2003

DHCP server DNS server TFTP server

(tftpserver)

10.0.0.1

10.0.0.10

10.0.0.2 10.0.0.3

Switch 4

00e0.9f1e.2004

The default configuration file contains the hostnames-to-IP-address mapping for the switch. The
switch fills its host table with the information in the file and obtains its hostname. If the hostname
is not found in the file, the switch uses the hostname in the DHCP reply. If the hostname is not
specified in the DHCP reply, the switch uses the default Switch as its hostname.

After obtaining its hostname from the default configuration file or the DHCP reply, the switch reads
the configuration file that has the same name as its hostname (hostname-confg or hostname.cfg,
depending on whether network-confg or cisconet.cfg was read earlier) from the TFTP server. If the
cisconet.cfg file is read, the filename of the host is truncated to eight characters.

If the switch cannot read the network-confg, cisconet.cfg, or the hostname file, it reads the
router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file.

Note The switch broadcasts TFTP server requests if the TFTP server is not obtained from the DHCP replies,

if all attempts to read the configuration file through unicast transmissions fail, or if the TFTP server
name cannot be resolved to an IP address.

Example Configuration

Assigning Switch Information

Figure 3-3 shows a sample network for retrieving IP information by using DHCP-based

autoconfiguration.

Figure 3-3 DHCP-Based Autoconfiguration Network Example

Table 3-2 shows the configuration of the reserved leases on the DHCP server.

Table 3-2 DHCP Server Configuration

Switch A Switch B Switch C Switch D

Binding key (hardware address) 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004

IP address 10.0.0.21 10.0.0.22 10.0.0.23 10.0.0.24

Subnet mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0

Router address 10.0.0.10 10.0.0.10 10.0.0.10 10.0.0.10

DNS server address 10.0.0.2 10.0.0.2 10.0.0.2 10.0.0.2

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

3-9

Chapter 3 Assigning the Switch IP Address and Default Gateway

Assigning Switch Information

Table 3-2 DHCP Server Configuration (continued)

Switch A Switch B Switch C Switch D

TFTP server name tftpserver or

10.0.0.3

Boot filename (configuration file)

switcha-confg switchb-confg switchc-confg switchd-confg

(optional)

Hostname (optional) switcha switchb switchc switchd

DNS Server Configuration

The DNS server maps the TFTP server name tftpserver to IP address 10.0.0.3.

TFTP Server Configuration (on UNIX)

The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file
used in the two-file read method. This file contains the hostname to be assigned to the switch based on
its IP address. The base directory also contains a configuration file for each switch (switcha-confg,
switchb-confg, and so forth) as shown in this display:

prompt> cd /tftpserver/work/
prompt> ls
network-confg
switcha-confg
switchb-confg
switchc-confg
switchd-confg
prompt> cat network-confg
ip host switcha 10.0.0.21
ip host switchb 10.0.0.22
ip host switchc 10.0.0.23
ip host switchd 10.0.0.24

tftpserver or

10.0.0.3

tftpserver or

10.0.0.3

tftpserver or

10.0.0.3

DHCP Client Configuration

No configuration file is present on Switch A through Switch D.

Configuration Explanation

In Figure 3-3, Switch A reads its configuration file as follows:

• It obtains its IP address 10.0.0.21 from the DHCP server.

• If no configuration filename is given in the DHCP server reply, Switch A reads the network-confg

file from the base directory of the TFTP server.

• It adds the contents of the network-confg file to its host table.

• It reads its host table by indexing its IP address 10.0.0.21 to its hostname (switcha).

• It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg

from the TFTP server.

Switches B through D retrieve their configuration files and IP addresses in the same way.

3-10

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

Assigning Switch Information

Configuring the DHCP Auto Configuration and Image Update Features

Using DHCP to download a new image and a new configuration to a switch requires that you configure
at least two switches: One switch acts as a DHCP and TFTP server. The client switch is configured to
download either a new configuration file or a new configuration file and a new image file.

Configuring DHCP Autoconfiguration (Only Configuration File)

Beginning in privileged EXEC mode, follow these steps to configure DHCP autoconfiguration of the
TFTP and DHCP settings on a new switch to download a new configuration file.

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Step 10

Step 11

Step 12

Step 13

configure terminal Enter global configuration mode.

ip dhcp poolname Create a name for the DHCP Server address pool, and enter DHCP

pool configuration mode.

bootfile filename Specify the name of the configuration file that is used as a boot image.

network network-number mask
prefix-length

Specify the subnet network number and mask of the DHCP address
pool.

Note The prefix length specifies the number of bits that comprise

the address prefix. The prefix is an alternative way of
specifying the network mask of the client. The prefix length
must be preceded by a forward slash (/).

default-router address Specify the IP address of the default router for a DHCP client.

option 150 address Specify the IP address of the TFTP server.

exit Return to global configuration mode.

tftp-server flash:filename.text Specify the configuration file on the TFTP server.

interface interface-id Specify the address of the client that will receive the configuration

file.

no switchport Put the interface into Layer 3 mode.

ip address address mask Specify the IP address and mask for the interface.

end Return to privileged EXEC mode.

copy running-config startup-config (Optional) Save your entries in the configuration file.

OL-23389-01

This example shows how to configure a switch as a DHCP server so that it will download a configura­tion file:

Switch# configure terminal
Switch(config)# ip dhcp pool pool1
Switch(dhcp-config)# network 10.10.10.0 255.255.255.0
Switch(dhcp-config)# bootfile config-boot.text
Switch(dhcp-config)# default-router 10.10.10.1
Switch(dhcp-config)# option 150 10.10.10.1
Switch(dhcp-config)# exit
Switch(config)# tftp-server flash:config-boot.text
Switch(config)# interface gigabitethernet1/0/4
Switch(config-if)# no switchport
Switch(config-if)# ip address 10.10.10.1 255.255.255.0
Switch(config-if)# end

Catalyst 2928 Switch Software Configuration Guide

3-11

Chapter 3 Assigning the Switch IP Address and Default Gateway

Assigning Switch Information

Configuring DHCP Auto-Image Update (Configuration File and Image)

Beginning in privileged EXEC mode, follow these steps to configure DHCP autoconfiguration to
configure TFTP and DHCP settings on a new switch to download a new image and a new configuration
file.

Note Before following the steps in this table, you must create a text file (for example, autoinstall_dhcp) that

will be uploaded to the switch. In the text file, put the name of the image that you want to download (for
example, c2928-lanlitek9-mz.122-55.EZ.tar). This image must be a .tar and not a .bin file.

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Step 10

Step 11

Step 12

Step 13

Step 14

Step 15

Step 16

Step 17

Step 18

configure terminal Enter global configuration mode.

ip dhcp pool name Create a name for the DHCP server address pool and enter DHCP pool

configuration mode.

bootfile filename Specify the name of the file that is used as a boot image.

network network-number mask
prefix-length

Specify the subnet network number and mask of the DHCP address pool.

Note The prefix length specifies the number of bits that comprise the

address prefix. The prefix is an alternative way of specifying the
network mask of the client. The prefix length must be preceded
by a forward slash (/).

default-router address Specify the IP address of the default router for a DHCP client.

option 150 address Specify the IP address of the TFTP server.

option 125 hex Specify the path to the text file that describes the path to the image file.

copy tftp flash filename.txt Upload the text file to the switch.

copy tftp flash imagename.tar Upload the tarfile for the new image to the switch.

exit Return to global configuration mode.

tftp-server flash:config.text Specify the Cisco IOS configuration file on the TFTP server.

tftp-server flash:imagename.tar Specify the image name on the TFTP server.

tftp-server flash:filename.txt Specify the text file that contains the name of the image file to download

interface interface-id Specify the address of the client that will receive the configuration file.

no switchport Put the interface into Layer 3 mode.

ip address address mask Specify the IP address and mask for the interface.

end Return to privileged EXEC mode.

copy running-config startup-config (Optional) Save your entries in the configuration file.

3-12

This example shows how to configure a switch as a DHCP server so it downloads a configuration file:

Switch# config terminal
Switch(config)# ip dhcp pool pool1
Switch(dhcp-config)# network 10.10.10.0 255.255.255.0
Switch(dhcp-config)# bootfile config-boot.text
Switch(dhcp-config)# default-router 10.10.10.1
Switch(dhcp-config)# option 150 10.10.10.1
Switch(dhcp-config)# option 125 hex

0000.0009.0a05.08661.7574.6f69.6e73.7461.6c6c.5f64.686370

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

Switch(dhcp-config)# exit
Switch(config)# tftp-server flash:config-boot.text
Switch(config)# tftp-server flash:c2928-lanlitek9-mz.122-55.EZ.tar
Switch(config)# tftp-server flash:boot-config.text
Switch(config)# tftp-server flash: autoinstall_dhcp
Switch(config)# interface gigabitEthernet1/0/4
Switch(config-if)# no switchport
Switch(config-if)# ip address 10.10.10.1 255.255.255.0
Switch(config-if)# end

Configuring the Client

Beginning in privileged EXEC mode, follow these steps to configure a switch to download a
configuration file and new image from a DHCP server:

Command Purpose

Step 1

Step 2

Step 3

configure terminal Enter global configuration mode.

boot host dhcp Enable autoconfiguration with a saved configuration.

boot host retry timeout timeout-value (Optional) Set the amount of time the system tries to

Assigning Switch Information

download a configuration file.

Step 4

Step 5

Step 6

Note If you do not set a timeout the system will

indefinitely try to obtain an IP address from the
DHCP server.

banner config-save ^C warning-message ^C (Optional) Create warning messages to be displayed

when you try to save the configuration file to NVRAM.

end Return to privileged EXEC mode.

show boot Verify the configuration.

This example uses a Layer 3 SVI interface on VLAN 99 to enable DHCP-based autoconfiguration with
a saved configuration:

Switch# configure terminal
Switch(conf)# boot host dhcp
Switch(conf)# boot host retry timeout 300
Switch(conf)# banner config-save ^C Caution - Saving Configuration File to NVRAM May Cause

You to Nolonger Automatically Download Configuration Files at Reboot^C

Switch(config)# vlan 99
Switch(config-vlan)# interface vlan 99
Switch(config-if)# no shutdown
Switch(config-if)# end
Switch# show boot
BOOT path-list:
Config file: flash:/config.text
Private Config file: flash:/private-config.text
Enable Break: no
Manual Boot: no
HELPER path-list:
NVRAM/Config file
buffer size: 32768
Timeout for Config
Download: 300 seconds
Config Download
via DHCP: enabled (next boot: enabled)
Switch#

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

3-13

Checking and Saving the Running Configuration

Note You should only configure and enable the Layer 3 interface. Do not assign an IP address or DHCP-based

autoconfiguration with a saved configuration.

Manually Assigning IP Information

Beginning in privileged EXEC mode, follow these steps to manually assign IP information to multiple
switched virtual interfaces (SVIs):

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

configure terminal Enter global configuration mode.

interface vlan vlan-id Enter interface configuration mode, and enter the VLAN to which the IP

information is assigned. The VLAN range is 1 to 4094.

ip address ip-address subnet-mask Enter the IP address and subnet mask.

exit Return to global configuration mode.

ip default-gateway ip-address Enter the IP address of the next-hop router interface that is directly

connected to the switch where a default gateway is being configured. The
default gateway receives IP packets with unresolved destination IP
addresses from the switch.

Once the default gateway is configured, the switch has connectivity to the
remote networks with which a host needs to communicate.

Note When your switch is configured to route with IP, it does not need

end Return to privileged EXEC mode.

show interfaces vlan vlan-id Verify the configured IP address.

show ip redirects Verify the configured default gateway.

copy running-config startup-config (Optional) Save your entries in the configuration file.

Chapter 3 Assigning the Switch IP Address and Default Gateway

to have a default gateway set.

To remove the switch IP address, use the no ip address interface configuration command. If you are
removing the address through a Telnet session, your connection to the switch will be lost. To remove the
default gateway address, use the no ip default-gateway global configuration command.

For information on setting the switch system name, protecting access to privileged EXEC commands,
and setting time and calendar services, see Chapter 7, “Administering the Switch.”

Checking and Saving the Running Configuration

You can check the configuration settings that you entered or changes that you made by entering this
privileged EXEC command:

Switch# show running-config
Building configuration...

Current configuration: 1363 bytes
!
version 12.1

Catalyst 2928 Switch Software Configuration Guide

3-14

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch A
!
enable secret 5 $1$ej9.$DMUvAUnZOAmvmgqBEzIxE0
!
.
<output truncated>
.
interface gigabitethernet0/1
ip address 172.20.137.50 255.255.255.0
!
interface gigabitethernet0/2
mvr type source

<output truncated>

...!
interface VLAN1
ip address 172.20.137.50 255.255.255.0
no ip directed-broadcast
!
ip default-gateway 172.20.137.1 !
!
snmp-server community private RW
snmp-server community public RO
snmp-server community private@es0 RW
snmp-server community public@es0 RO
snmp-server chassis-id 0x12
!
end

Modifying the Startup Configuration

To store the configuration or changes you have made to your startup configuration in flash memory, enter
this privileged EXEC command:

Switch# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

This command saves the configuration settings that you made. If you fail to do this, your configuration
will be lost the next time you reload the system. To display information stored in the NVRAM section
of flash memory, use the show startup-config or more startup-config privileged EXEC command.

For more information about alternative locations from which to copy the configuration file, see

Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software Images.”

Modifying the Startup Configuration

• Default Boot Configuration, page 3-16

• Automatically Downloading a Configuration File, page 3-16

• Booting Manually, page 3-17

• Booting a Specific Software Image, page 3-18

• Controlling Environment Variables, page 3-18

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

3-15

Chapter 3 Assigning the Switch IP Address and Default Gateway

Modifying the Startup Configuration

See also Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software

Images,” for information about switch configuration files.

Default Boot Configuration

Table 3-3 shows the default boot-up configuration.

Table 3-3 Default Boot Configuration

Feature Default Setting

Operating system software image The switch attempts to automatically boot up the system using information in the

BOOT environment variable. If the variable is not set, the switch attempts to load and
execute the first executable image it can by performing a recursive, depth-first search
throughout the flash file system.

The Cisco IOS image is stored in a directory that has the same name as the image file
(excluding the .bin extension).

In a depth-first search of a directory, each encountered subdirectory is completely
searched before continuing the search in the original directory.

Configuration file Configured switches use the config.text file stored on the system board in flash

memory.

A new switch has no configuration file.

Automatically Downloading a Configuration File

You can automatically download a configuration file to your switch by using the DHCP-based
autoconfiguration feature. For more information, see the “Understanding DHCP-Based

Autoconfiguration” section on page 3-3.

Specifying the Filename to Read and Write the System Configuration

By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the
system configuration. However, you can specify a different filename, which will be loaded during the
next boot-up cycle.

Beginning in privileged EXEC mode, follow these steps to specify a different configuration filename:

Command Purpose

Step 1

Step 2

Step 3

configure terminal Enter global configuration mode.

boot config-file flash:/file-url Specify the configuration file to load during the next boot-up

cycle.

For file-url, specify the path (directory) and the configuration
filename.

Filenames and directory names are case sensitive.

end Return to privileged EXEC mode.

3-16

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

Command Purpose

Step 4

Step 5

show boot Verify your entries.

copy running-config startup-config (Optional) Save your entries in the configuration file.

To return to the default setting, use the no boot config-file global configuration command.

Booting Manually

By default, the switch automatically boots up; however, you can configure it to manually boot up.

Beginning in privileged EXEC mode, follow these steps to configure the switch to manually boot up
during the next boot cycle:

Command Purpose

Step 1

Step 2

Step 3

Step 4

configure terminal Enter global configuration mode.

boot manual Enable the switch to manually boot up during the next boot cycle.

end Return to privileged EXEC mode.

show boot Verify your entries.

Modifying the Startup Configuration

The boot config-file global configuration command changes the
setting of the CONFIG_FILE environment variable.

Step 5

The boot manual global command changes the setting of the
MANUAL_BOOT environment variable.

The next time you reboot the system, the switch is in boot loader
mode, shown by the switch: prompt. To boot up the system, use the
boot filesystem:/file-url boot loader command.

• For filesystem:, use flash: for the system board flash device.

• For file-url, specify the path (directory) and the name of the

bootable image.

Filenames and directory names are case sensitive.

copy running-config startup-config (Optional) Save your entries in the configuration file.

To disable manual booting, use the no boot manual global configuration command.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

3-17

Modifying the Startup Configuration

Booting a Specific Software Image

By default, the switch attempts to automatically boot up the system using information in the BOOT
environment variable. If this variable is not set, the switch attempts to load and execute the first
executable image it can by performing a recursive, depth-first search throughout the flash file system. In
a depth-first search of a directory, each encountered subdirectory is completely searched before
continuing the search in the original directory. However, you can specify a specific image to boot up.

Beginning in privileged EXEC mode, follow these steps to configure the switch to boot a specific image
during the next boot cycle:

Command Purpose

Step 1

Step 2

configure terminal Enter global configuration mode.

boot system filesystem:/file-url Configure the switch to boot a specific image in flash memory during the

next boot cycle.

• For filesystem:, use flash: for the system board flash device.

• For file-url, specify the path (directory) and the name of the bootable

Chapter 3 Assigning the Switch IP Address and Default Gateway

image.

Filenames and directory names are case sensitive.

Step 3

Step 4

Step 5

end Return to privileged EXEC mode.

show boot Verify your entries.

The boot system global command changes the setting of the BOOT
environment variable.

During the next boot cycle, the switch attempts to automatically boot up the
system using information in the BOOT environment variable.

copy running-config startup-config (Optional) Save your entries in the configuration file.

To return to the default setting, use the no boot system global configuration command.

Controlling Environment Variables

With a normally operating switch, you enter the boot loader mode only through a switch console
connection configured for 9600 b/s. Unplug the switch power cord, and press the switch Mode button
while reconnecting the power cord. You can release the Mode button a second or two after the LED
above port 1 turns off. Then the boot loader switch: prompt appears.

The switch boot loader software provides support for nonvolatile environment variables, which can be
used to control how the boot loader, or any other software running on the system, behaves. Boot loader
environment variables are similar to environment variables that can be set on UNIX or DOS systems.

Environment variables that have values are stored in flash memory outside of the flash file system.

3-18

Each line in these files contains an environment variable name and an equal sign followed by the value
of the variable. A variable has no value if it is not listed in this file; it has a value if it is listed in the file
even if the value is a null string. A variable that is set to a null string (for example, “ ”) is a variable with
a value. Many environment variables are predefined and have default values.

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

Modifying the Startup Configuration

Environment variables store two kinds of data:

• Data that controls code, which does not read the Cisco IOS configuration file. For example, the name

of a boot loader helper file, which extends or patches the functionality of the boot loader can be
stored as an environment variable.

• Data that controls code, which is responsible for reading the Cisco IOS configuration file. For

example, the name of the Cisco IOS configuration file can be stored as an environment variable.

You can change the settings of the environment variables by accessing the boot loader or by using Cisco
IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment
variables.

Note For complete syntax and usage information for the boot loader commands and environment variables,

see the command reference for this release.

Table 3-4 describes the function of the most common environment variables.

Table 3-4 Environment Variables

Variable Boot Loader Command Cisco IOS Global Configuration Command

BOOT set BOOT filesystem:/file-url ...

A semicolon-separated list of executable files to
try to load and execute when automatically
booting. If the BOOT environment variable is not
set, the system attempts to load and execute the
first executable image it can find by using a
recursive, depth-first search through the flash file
system. If the BOOT variable is set but the
specified images cannot be loaded, the system
attempts to boot the first bootable file that it can
find in the flash file system.

MANUAL_BOOT set MANUAL_BOOT yes

boot system filesystem:/file-url ...

Specifies the Cisco IOS image to load during the
next boot cycle. This command changes the
setting of the BOOT environment variable.

boot manual

Decides whether the switch automatically or
manually boots up.

Valid values are 1, yes, 0, and no. If it is set to no
or 0, the boot loader attempts to automatically
boot up the system. If it is set to anything else,
you must manually boot up the switch from the
boot loader mode.

CONFIG_FILE set CONFIG_FILE flash:/file-url

Changes the filename that Cisco IOS uses to read
and write a nonvolatile copy of the system
configuration.

OL-23389-01

Enables manually booting up the switch during
the next boot cycle and changes the setting of the
MANUAL_BOOT environment variable.

The next time you reboot the system, the switch is
in boot loader mode. To boot up the system, use
the boot flash:filesystem:/file-url boot loader
command, and specify the name of the bootable
image.

boot config-file flash:/file-url

Specifies the filename that Cisco IOS uses to read
and write a nonvolatile copy of the system
configuration. This command changes the
CONFIG_FILE environment variable.

Catalyst 2928 Switch Software Configuration Guide

3-19

Chapter 3 Assigning the Switch IP Address and Default Gateway

Scheduling a Reload of the Software Image

Scheduling a Reload of the Software Image

You can schedule a reload of the software image to occur on the switch at a later time (for example, late
at night or during the weekend when the switch is used less), or you can synchronize a reload
network-wide (for example, to perform a software upgrade on all switches in the network).

Note A scheduled reload must take place within approximately 24 days.

Configuring a Scheduled Reload

To configure your switch to reload the software image at a later time, use one of these commands in
privileged EXEC mode:

• reload in [hh:]mm [text]

This command schedules a reload of the software to take affect in the specified minutes or hours and
minutes. The reload must take place within approximately 24 days. You can specify the reason for
the reload in a string up to 255 characters in length.

• reload at hh:mm [month day | day month] [text]

This command schedules a reload of the software to take place at the specified time (using a 24-hour
clock). If you specify the month and day, the reload is scheduled to take place at the specified time
and date. If you do not specify the month and day, the reload takes place at the specified time on the
current day (if the specified time is later than the current time) or on the next day (if the specified
time is earlier than the current time). Specifying 00:00 schedules the reload for midnight.

Note Use the at keyword only if the switch system clock has been set (through Network Time

Protocol (NTP), the hardware calendar, or manually). The time is relative to the configured
time zone on the switch. To schedule reloads across several switches to occur
simultaneously, the time on each switch must be synchronized with NTP.

The reload command halts the system. If the system is not set to manually boot up, it reboots itself. Use
the reload command after you save the switch configuration information to the startup configuration
(copy running-config startup-config).

If your switch is configured for manual booting, do not reload it from a virtual terminal. This restriction
prevents the switch from entering the boot loader mode and thereby taking it from the remote user’s
control.

If you modify your configuration file, the switch prompts you to save the configuration before reloading.
During the save operation, the system requests whether you want to proceed with the save if the
CONFIG_FILE environment variable points to a startup configuration file that no longer exists. If you
proceed in this situation, the system enters setup mode upon reload.

3-20

This example shows how to reload the software on the switch on the current day at 7:30 p.m:

Switch# reload at 19:30
Reload scheduled for 19:30:00 UTC Wed Jun 5 1996 (in 2 hours and 25 minutes)
Proceed with reload? [confirm]

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 3 Assigning the Switch IP Address and Default Gateway

This example shows how to reload the software on the switch at a future time:

Switch# reload at 02:00 jun 20
Reload scheduled for 02:00:00 UTC Thu Jun 20 1996 (in 344 hours and 53 minutes)
Proceed with reload? [confirm]

To cancel a previously scheduled reload, use the reload cancel privileged EXEC command.

Displaying Scheduled Reload Information

To display information about a previously scheduled reload or to find out if a reload has been scheduled
on the switch, use the show reload privileged EXEC command.

It displays reload information including the time the reload is scheduled to occur and the reason for the
reload (if it was specified when the reload was scheduled).

Scheduling a Reload of the Software Image

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

3-21

Scheduling a Reload of the Software Image

Chapter 3 Assigning the Switch IP Address and Default Gateway

3-22

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

CHAP T ER

4

Configuring Cisco IOS CNS Agents

This chapter describes how to configure the Cisco IOS CNS agents on the Catalyst 2928 switch.

Note For complete configuration information for the Cisco Configuration Engine, see this URL on Cisco.com

http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/tsd_products_support_series_home.html

This chapter consists of these sections:

• Understanding Cisco Configuration Engine Software, page 4-1

• Understanding Cisco IOS Agents, page 4-5

• Configuring Cisco IOS Agents, page 4-6

• Displaying CNS Configuration, page 4-12

Understanding Cisco Configuration Engine Software

The Cisco Configuration Engine is network management software that acts as a configuration service
for automating the deployment and management of network devices and services (see Figure 4-1). Each
Configuration Engine manages a group of Cisco devices (switches and routers) and the services that they
deliver, storing their configurations and delivering them as needed. The Configuration Engine automates
initial configurations and configuration updates by generating device-specific configuration changes,
sending them to the device, executing the configuration change, and logging the results.

The Configuration Engine supports standalone and server modes and has these CNS components:

• Configuration service (web server, file manager, and namespace mapping server)

• Event service (event gateway)

• Data service directory (data models and schema)

In standalone mode, the Configuration Engine supports an embedded Directory Service. In this mode,
no external directory or other data store is required. In server mode, the Configuration Engine supports
the use of a user-defined external directory.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

4-1

Understanding Cisco Configuration Engine Software

Configuration

engine

Service provider network

Order entry

configuration management

Data service
directory

Configuration server

Event service

Web-based
user interface

141327

Figure 4-1 Configuration Engine Architectural Overview

Chapter 4 Configuring Cisco IOS CNS Agents

These sections contain this conceptual information:

• Configuration Service, page 4-2

• Event Service, page 4-3

• What You Should Know About the CNS IDs and Device Hostnames, page 4-3

Configuration Service

The Configuration Service is the core component of the Cisco Configuration Engine. It consists of a
configuration server that works with Cisco IOS CNS agents on the switch. The Configuration Service
delivers device and service configurations to the switch for initial configuration and mass
reconfiguration by logical groups. Switches receive their initial configuration from the Configuration
Service when they start up on the network for the first time.

The Configuration Service uses the CNS Event Service to send and receive configuration change events
and to send success and failure notifications.

The configuration server is a web server that uses configuration templates and the device-specific
configuration information stored in the embedded (standalone mode) or remote (server mode) directory.

Configuration templates are text files containing static configuration information in the form of CLI
commands. In the templates, variables are specified using lightweight directory access protocol (LDAP)
URLs that reference the device-specific configuration information stored in a directory.

The Cisco IOS agent can perform a syntax check on received configuration files and publish events to
show the success or failure of the syntax check. The configuration agent can either apply configurations
immediately or delay the application until receipt of a synchronization event from the configuration
server.

4-2

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 4 Configuring Cisco IOS CNS Agents

Event Service

The Cisco Configuration Engine uses the Event Service for receipt and generation of configuration
events. The event agent is on the switch and facilitates the communication between the switch and the
event gateway on the Configuration Engine.

The Event Service is a highly capable publish-and-subscribe communication method. The Event Service
uses subject-based addressing to send messages to their destinations. Subject-based addressing
conventions define a simple, uniform namespace for messages and their destinations.

NameSpace Mapper

The Configuration Engine includes the NameSpace Mapper (NSM) that provides a lookup service for
managing logical groups of devices based on application, device or group ID, and event.

Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS
software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate
events by using any desired naming convention. When you have populated your data store with your
subject names, NSM changes your event subject-name strings to those known by Cisco IOS.

For a subscriber, when given a unique device ID and event, the namespace mapping service returns a set
of events to which to subscribe. Similarly, for a publisher, when given a unique group ID, device ID, and
event, the mapping service returns a set of events on which to publish.

Understanding Cisco Configuration Engine Software

What You Should Know About the CNS IDs and Device Hostnames

The Cisco Configuration Engine assumes that a unique identifier is associated with each configured
switch. This unique identifier can take on multiple synonyms, where each synonym is unique within a
particular namespace. The event service uses namespace content for subject-based addressing of
messages.

The Configuration Engine intersects two namespaces, one for the event bus and the other for the
configuration server. Within the scope of the configuration server namespace, the term ConfigID is the
unique identifier for a device. Within the scope of the event bus namespace, the term DeviceID is the
CNS unique identifier for a device.

Because the Configuration Engine uses both the event bus and the configuration server to provide
configurations to devices, you must define both ConfigID and Device ID for each configured switch.

Within the scope of a single instance of the configuration server, no two configured switches can share
the same value for ConfigID. Within the scope of a single instance of the event bus, no two configured
switches can share the same value for DeviceID.

ConfigID

Each configured switch has a unique ConfigID, which serves as the key into the Configuration Engine
directory for the corresponding set of switch CLI attributes. The ConfigID defined on the switch must
match the ConfigID for the corresponding switch definition on the Configuration Engine.

The ConfigID is fixed at startup time and cannot be changed until the device restarts, even if the switch
hostname is reconfigured.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

4-3

Understanding Cisco Configuration Engine Software

DeviceID

Each configured switch participating on the event bus has a unique DeviceID, which is analogous to the
switch source address so that the switch can be targeted as a specific destination on the bus. All switches
configured with the cns config partial global configuration command must access the event bus.
Therefore, the DeviceID, as originated on the switch, must match the DeviceID of the corresponding
switch definition in the Configuration Engine.

The origin of the DeviceID is defined by the Cisco IOS hostname of the switch. However, the DeviceID
variable and its usage reside within the event gateway adjacent to the switch.

The logical Cisco IOS termination point on the event bus is embedded in the event gateway, which in
turn functions as a proxy on behalf of the switch. The event gateway represents the switch and its
corresponding DeviceID to the event bus.

The switch declares its hostname to the event gateway immediately after the successful connection to
the event gateway. The event gateway couples the DeviceID value to the Cisco IOS hostname each time
this connection is established. The event gateway caches this DeviceID value for the duration of its
connection to the switch.

Hostname and DeviceID

Chapter 4 Configuring Cisco IOS CNS Agents

The DeviceID is fixed at the time of the connection to the event gateway and does not change even when
the switch hostname is reconfigured.

When changing the switch hostname on the switch, the only way to refresh the DeviceID is to break the
connection between the switch and the event gateway. Enter the no cns event global configuration
command followed by the cns event global configuration command.

When the connection is re-established, the switch sends its modified hostname to the event gateway. The
event gateway redefines the DeviceID to the new value.

Caution When using the Configuration Engine user interface, you must first set the DeviceID field to the

hostname value that the switch acquires after–not before–you use the cns config initial global
configuration command at the switch. Otherwise, subsequent cns config partial global configuration
command operations malfunction.

Using Hostname, DeviceID, and ConfigID

In standalone mode, when a hostname value is set for a switch, the configuration server uses the
hostname as the DeviceID when an event is sent on hostname. If the hostname has not been set, the event
is sent on the cn=<value> of the device.

In server mode, the hostname is not used. In this mode, the unique DeviceID attribute is always used for
sending an event on the bus. If this attribute is not set, you cannot update the switch.

These and other associated attributes (tag value pairs) are set when you run Setup on the Configuration
Engine.

4-4

Note For more information about running the setup program on the Configuration Engine, see the

Configuration Engine setup and configuration guide at this URL on cisco.com:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_
guide_book09186a00803b59db.html

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 4 Configuring Cisco IOS CNS Agents

TFTP
server

DHCP relay agent
default gatewayDistribution layer

Configuration

Engine

Access layer

switches

DHCP
server

V

WAN

Understanding Cisco IOS Agents

The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and
works with the Cisco IOS agent. The Cisco IOS agent feature supports the switch by providing these
features:

• Initial Configuration, page 4-5

• Incremental (Partial) Configuration, page 4-6

• Synchronized Configuration, page 4-6

Initial Configuration

When the switch first comes up, it attempts to get an IP address by broadcasting a DHCP request on the
network. Assuming there is no DHCP server on the subnet, the distribution switch acts as a DHCP relay
agent and forwards the request to the DHCP server. Upon receiving the request, the DHCP server assigns
an IP address to the new switch and includes the TFTP server IP address, the path to the bootstrap
configuration file, and the default gateway IP address in a unicast reply to the DHCP relay agent. The
DHCP relay agent forwards the reply to the switch.

The switch automatically configures the assigned IP address on interface VLAN 1 (the default) and
downloads the bootstrap configuration file from the TFTP server. Upon successful download of the
bootstrap configuration file, the switch loads the file in its running configuration.

The Cisco IOS agents initiate communication with the Configuration Engine by using the appropriate
ConfigID and EventID. The Configuration Engine maps the Config ID to a template and downloads the
full configuration file to the switch.

Understanding Cisco IOS Agents

Figure 4-2 shows a sample network configuration for retrieving the initial bootstrap configuration file

by using DHCP-based autoconfiguration.

Figure 4-2 Initial Configuration Overview

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

4-5

Configuring Cisco IOS Agents

Incremental (Partial) Configuration

After the network is running, new services can be added by using the Cisco IOS agent. Incremental
(partial) configurations can be sent to the switch. The actual configuration can be sent as an event
payload by way of the event gateway (push operation) or as a signal event that triggers the switch to
initiate a pull operation.

The switch can check the syntax of the configuration before applying it. If the syntax is correct, the
switch applies the incremental configuration and publishes an event that signals success to the
configuration server. If the switch does not apply the incremental configuration, it publishes an event
showing an error status. When the switch has applied the incremental configuration, it can write it to
NVRAM or wait until signaled to do so.

Synchronized Configuration

When the switch receives a configuration, it can defer application of the configuration upon receipt of a
write-signal event. The write-signal event tells the switch not to save the updated configuration into its
NVRAM. The switch uses the updated configuration as its running configuration. This ensures that the
switch configuration is synchronized with other network activities before saving the configuration in
NVRAM for use at the next reboot.

Chapter 4 Configuring Cisco IOS CNS Agents

Configuring Cisco IOS Agents

The Cisco IOS agents embedded in the switch Cisco IOS software allow the switch to be connected and
automatically configured as described in the “Enabling Automated CNS Configuration” section on

page 4-6. If you want to change the configuration or install a custom configuration, see these sections

for instructions:

• Enabling the CNS Event Agent, page 4-7

• Enabling the Cisco IOS CNS Agent, page 4-8

Enabling Automated CNS Configuration

To enable automated CNS configuration of the switch, you must first complete the prerequisites in

Table 4-1. When you complete them, power on the switch. At the setup prompt, do nothing: The switch

begins the initial configuration as described in the “Initial Configuration” section on page 4-5. When the
full configuration file is loaded on your switch, you need to do nothing else.

Table 4-1 Prerequisites for Enabling Automatic Configuration

Device Required Configuration

Access switch Factory default (no configuration file)

Distribution switch

• IP helper address

• Enable DHCP relay agent

• IP routing (if used as default gateway)

4-6

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 4 Configuring Cisco IOS CNS Agents

Table 4-1 Prerequisites for Enabling Automatic Configuration (continued)

Device Required Configuration

DHCP server

TFTP server

CNS Configuration Engine One or more templates for each type of device, with the ConfigID

Configuring Cisco IOS Agents

• IP address assignment

• TFTP server IP address

• Path to bootstrap configuration file on the TFTP server

• Default gateway IP address

• A bootstrap configuration file that includes the CNS

configuration commands that enable the switch to
communicate with the Configuration Engine

• The switch configured to use either the switch MAC address

or the serial number (instead of the default hostname) to
generate the ConfigID and EventID

• The CNS event agent configured to push the configuration file

to the switch

of the device mapped to the template.

Note For more information about running the setup program and creating templates on the Configuration

Engine, see the Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux at this URL:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_
guide_book09186a00803b59db.html

Enabling the CNS Event Agent

Note You must enable the CNS event agent on the switch before you enable the CNS configuration agent.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

4-7

Configuring Cisco IOS Agents

Command Purpose

Step 1

Step 2

configure terminal Enter global configuration mode.

cns event {ip-address | hostname} [port-number]

[backup] [init-retry retry-count] [keepalive seconds
retry-count] [source ip-address]

Step 3

Step 4

Step 5

Step 6

end Return to privileged EXEC mode.

show cns event connections Verify information about the event agent.

show running-config Verify your entries.

copy running-config startup-config (Optional) Save your entries in the configuration file.

Chapter 4 Configuring Cisco IOS CNS Agents

Beginning in privileged EXEC mode, follow these steps to enable the CNS event agent on the switch:

Enable the event agent, and enter the gateway parameters.

• For {ip-address | hostname}, enter either the

IP address or the hostname of the event gateway.

• (Optional) For port number, enter the port number for

the event gateway. The default port number is 11011.

• (Optional) Enter backup to show that this is the

backup gateway. (If omitted, this is the primary
gateway.)

• (Optional) For init-retry retry-count, enter the

number of initial retries before switching to backup.
The default is 3.

• (Optional) For keepalive seconds, enter how often the

switch sends keepalive messages. For retry-count,
enter the number of unanswered keepalive messages
that the switch sends before the connection is
terminated. The default for each is 0.

• (Optional) For source ip-address, enter the source IP

address of this device.

Note Though visible in the command-line help string,

the encrypt and force-fmt1 keywords are not
supported.

To disable the CNS event agent, use the no cns event {ip-address | hostname} global configuration
command.

This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set
120 seconds as the keepalive interval, and set 10 as the retry count.

Switch(config)# cns event 10.180.1.27 keepalive 120 10

Enabling the Cisco IOS CNS Agent

After enabling the CNS event agent, start the Cisco IOS CNS agent on the switch. You can enable the
Cisco IOS agent with these commands:

• The cns config initial global configuration command enables the Cisco IOS agent and initiates an

initial configuration on the switch.

Catalyst 2928 Switch Software Configuration Guide

4-8

OL-23389-01

Chapter 4 Configuring Cisco IOS CNS Agents

• The cns config partial global configuration command enables the Cisco IOS agent and initiates a

partial configuration on the switch. You can then use the Configuration Engine to remotely send
incremental configurations to the switch.

Enabling an Initial Configuration

Beginning in privileged EXEC mode, follow these steps to enable the CNS configuration agent and
initiate an initial configuration on the switch:

Command Purpose

Step 1

Step 2

Step 3

configure terminal Enter global configuration mode.

cns config connect-intf interface-prefix
[ping-interval seconds] [retries num]

config-cli

or

line-cli

Configuring Cisco IOS Agents

Enter the connect-interface-config submode, and specify
the interface for connecting to the Configuration Engine.

• Enter the interface-prefix for the connecting interface.

You must specify the interface type but need not
specify the interface number.

• (Optional) For ping-interval seconds, enter the

interval between successive ping attempts. The range
is 1 to 30 seconds. The default is 10 seconds.

• (Optional) For retries num, enter the number of ping

retries. The range is 1 to 30. The default is 5.

Enter config-cli to connect to the Configuration Engine
through the interface defined in cns config connect-intf.
Enter line-cli to connect to the Configuration Engine
through modem dialup lines.

Step 4

Step 5

Step 6

Note The config-cli interface configuration command

accepts the special character & that acts as a
placeholder for the interface name. When the
configuration is applied, the & is replaced with the
interface name. For example, to connect through
FastEthernet0/1, the command

route 0.0.0.0 0.0.0.0 &
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1.

config-cli ip

generates the command

exit Return to global configuration mode.

hostname name Enter the hostname for the switch.

ip route network-number Establish a static route to the Configuration Engine whose

IP address is network-number.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

4-9

Configuring Cisco IOS Agents

Command Purpose

Step 7

cns id interface num {dns-reverse | ipaddress |
mac-address} [event]

or
cns id {hardware-serial | hostname | string string}
[event]

Step 8

cns config initial {ip-address | hostname}
[port-number] [event] [no-persist] [page page]
[source ip-address] [syntax-check]

Chapter 4 Configuring Cisco IOS CNS Agents

Set the unique EventID or ConfigID used by the
Configuration Engine.

• For interface num, enter the type of interface–for

example, Ethernet, Group-Async, Loopback, or
Virtual-Template. This setting specifies from which
interface the IP or MAC address should be retrieved to
define the unique ID.

• For {dns-reverse | ipaddress | mac-address} enter

dns-reverse to retrieve the hostname and assign it as

the unique ID, enter ipaddress to use the IP address, or
enter mac-address to use the MAC address as the
unique ID.

• (Optional) Enter event to set the ID to be the event-id

value used to identify the switch.

• For {hardware-serial | hostname| string string},

enter hardware-serial to set the switch serial number
as the unique ID, enter hostname (the default) to select
the switch hostname as the unique ID, or enter an
arbitrary text string for string string as the unique ID.

Enable the Cisco IOS agent, and initiate an initial
configuration.

• For {ip-address | hostname}, enter the IP address or

the hostname of the configuration server.

Step 9

• (Optional) For port-number, enter the port number of

the configuration server. The default port number is 80.

• (Optional) Enable event for configuration success,

failure, or warning messages when the configuration is
finished.

• (Optional) Enable no-persist to suppress the

automatic writing to NVRAM of the configuration
pulled as a result of entering the cns config initial
global configuration command. If the no-persist
keyword is not entered, using the cns config initial
command causes the resultant configuration to be
automatically written to NVRAM.

• (Optional) For page page, enter the web page of the

initial configuration. The default is /Config/config/asp.

• (Optional) Enter source ip-address to use for source IP

address.

• (Optional) Enable syntax-check to check the syntax

when this parameter is entered.

Note Though visible in the command-line help string,

the encrypt keyword is not supported.

end Return to privileged EXEC mode.

4-10

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 4 Configuring Cisco IOS CNS Agents

Command Purpose

Step 10

Step 11

show cns config connections Verify information about the configuration agent.

show running-config Verify your entries.

To disable the CNS Cisco IOS agent, use the no cns config initial {ip-address | hostname} global
configuration command.

This example shows how to configure an initial configuration on a remote switch. The switch hostname
is the unique ID. The Cisco Configuration Engine IP address is 172.28.129.22.

Switch(config)# cns config connect-intf serial ping-interval 1 retries 1
Switch(config-cns-conn-if)# config-cli ip address negotiated
Switch(config-cns-conn-if)# config-cli encapsulation ppp
Switch(config-cns-conn-if)# config-cli ip directed-broadcast
Switch(config-cns-conn-if)# config-cli no keepalive
Switch(config-cns-conn-if)# config-cli no shutdown
Switch(config-cns-conn-if)# exit
Switch(config)# hostname RemoteSwitch
RemoteSwitch(config)# ip route 10.1.1.1 255.255.255.255 11.11.11.1
RemoteSwitch(config)# cns id Ethernet 0 ipaddress
RemoteSwitch(config)# cns config initial 10.1.1.1 no-persist

Configuring Cisco IOS Agents

Enabling a Partial Configuration

Beginning in privileged EXEC mode, follow these steps to enable the Cisco IOS agent and to initiate a
partial configuration on the switch:

Command Purpose

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

configure terminal Enter global configuration mode.

cns config partial {ip-address | hostname}
[port-number] [source ip-address]

end Return to privileged EXEC mode.

show cns config stats

or

show cns config outstanding

show running-config Verify your entries.

copy running-config startup-config (Optional) Save your entries in the configuration file.

Enable the configuration agent, and initiate a partial
configuration.

• For {ip-address | hostname}, enter the IP address or

the hostname of the configuration server.

• (Optional) For port-number, enter the port number of

the configuration server. The default port number is 80.

• (Optional) Enter source ip-address to use for the

source IP address.

Note Though visible in the command-line help string,

the encrypt keyword is not supported.

Verify information about the configuration agent.

OL-23389-01

To disable the Cisco IOS agent, use the no cns config partial {ip-address | hostname} global
configuration command. To cancel a partial configuration, use the cns config cancel privileged EXEC
command.

Catalyst 2928 Switch Software Configuration Guide

4-11

Displaying CNS Configuration

Displaying CNS Configuration

You can use the privileged EXEC commands in Tab le 4-2 to display CNS configuration information.

Table 4-2 Displaying CNS Configuration

Command Purpose

show cns config connections Displays the status of the CNS Cisco IOS agent connections.

show cns config outstanding Displays information about incremental (partial) CNS

configurations that have started but are not yet completed.

show cns config stats Displays statistics about the Cisco IOS agent.

show cns event connections Displays the status of the CNS event agent connections.

show cns event stats Displays statistics about the CNS event agent.

show cns event subject Displays a list of event agent subjects that are subscribed to by

applications.

Chapter 4 Configuring Cisco IOS CNS Agents

4-12

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

CHAP T ER

5

Clustering Switches

This chapter provides the concepts and procedures to create and manage Catalyst 2928 switch clusters.
You can create and manage switch clusters by using the command-line interface (CLI) or SNMP. For
complete procedures, see the online help. For the CLI cluster commands, see the switch command
reference.

This chapter focuses on Catalyst 2928 switch clusters. It also includes guidelines and limitations for
clusters mixed with other cluster-capable Catalyst switches, but it does not provide complete
descriptions of the cluster features for these other switches. For complete cluster information for a
specific Catalyst platform, refer to the software configuration guide for that switch.

• Understanding Switch Clusters, page 5-1

• Planning a Switch Cluster, page 5-4

• Using the CLI to Manage Switch Clusters, page 5-13

• Using SNMP to Manage Switch Clusters, page 5-14

Note We do not recommend using the ip http access-class global configuration command to limit access to

specific hosts or networks. Access should be controlled through the cluster command switch.

Understanding Switch Clusters

A switch cluster is a set of up to 16 connected, cluster-capable Catalyst switches that are managed as a
single entity. The switches in the cluster use the switch clustering technology so that you can configure
and troubleshoot a group of different Catalyst desktop switch platforms through a single IP address.

In a switch cluster, 1 switch must be the cluster command switch and up to 15 other switches can be
cluster member switches. The total number of switches in a cluster cannot exceed 16 switches. The
cluster command switch is the single point of access used to configure, manage, and monitor the cluster
member switches. Cluster members can belong to only one cluster at a time.

The benefits of clustering switches include:

• Management of Catalyst switches regardless of their interconnection media and their physical

locations. The switches can be in the same location, or they can be distributed across a Layer 2 or
Layer 3 (if your cluster is using a Catalyst 3550, Catalyst 3560, or Catalyst 3750 switch as a Layer 3
router between the Layer 2 switches in the cluster) network.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

5-1

Understanding Switch Clusters

• Command-switch redundancy if a cluster command switch fails. One or more switches can be

• Management of a variety of Catalyst switches through a single IP address. This conserves on IP

Table 5-1 lists the Catalyst switches eligible for switch clustering, including which ones can be cluster

command switches and which ones can only be cluster member switches, and the required software
versions.

Table 5-1 Switch Software and Cluster Capability

Switch Cisco IOS Release Cluster Capability

Catalyst 3750 12.1(11)AX or later Member or command switch

Catalyst 3560 12.1(19)EA1b or later Member or command switch

Catalyst 3550 12.1(4)EA1 or later Member or command switch

Catalyst 2970 12.1(11)AX or later Member or command switch

Catalyst 2960 12.2(25)FX or later Member or command switch

Catalyst 2955 12.1(12c)EA1 or later Member or command switch

Catalyst 2950 12.0(5.2)WC(1) or later Member or command switch

Catalyst 2950 LRE 12.1(11)JY or later Member or command switch

Catalyst 2940 12.1(13)AY or later Member or command switch

Catalyst 3500 XL 12.0(5.1)XU or later Member or command switch

Catalyst 2900 XL (8-MB switches) 12.0(5.1)XU or later Member or command switch

Catalyst 2900 XL (4-MB switches) 11.2(8.5)SA6 (recommended) Member switch only

Catalyst 1900 and 2820 9.00(-A or -EN) or later Member switch only

Chapter 5 Clustering Switches

Cluster members are connected to the cluster command switch according to the connectivity
guidelines described in the “Automatic Discovery of Cluster Candidates and Members” section on

page 5-4. This section includes management VLAN considerations for the Catalyst 1900,

Catalyst 2820, Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL switches. For complete
information about these switches in a switch-cluster environment, refer to the software
configuration guide for that specific switch.

designated as standby cluster command switches to avoid loss of contact with cluster members. A
cluster standby group is a group of standby cluster command switches.

addresses, especially if you have a limited number of them. All communication with the switch
cluster is through the cluster command switch IP address.

Cluster Command Switch Characteristics

A cluster command switch must meet these requirements:

• It is running Cisco IOS Release 12.2(44)SE or later.

• It has an IP address.

• It has Cisco Discovery Protocol (CDP) version 2 enabled (the default).

• It is not a command or cluster member switch of another cluster.

• It is connected to the standby cluster command switches through the management VLAN and to the

cluster member switches through a common VLAN.

Catalyst 2928 Switch Software Configuration Guide

5-2

OL-23389-01

Chapter 5 Clustering Switches

Standby Cluster Command Switch Characteristics

A standby cluster command switch must meet these requirements:

• It is running Cisco IOS 12.2(44)SE or later.

• It has an IP address.

• It has CDP version 2 enabled.

• It is connected to the command switch and to other standby command switches through its

management VLAN.

• It is connected to all other cluster member switches (except the cluster command and standby

command switches) through a common VLAN.

• It is redundantly connected to the cluster so that connectivity to cluster member switches is

maintained.

• It is not a command or member switch of another cluster.

Note Standby cluster command switches must be the same type of switches as the cluster command

switch. For example, if the cluster command switch is a Catalyst switch, the standby cluster
command switches must also be Catalyst switches. Refer to the switch configuration guide of
other cluster-capable switches for their requirements on standby cluster command switches.

Understanding Switch Clusters

Candidate Switch and Cluster Member Switch Characteristics

Candidate switches are cluster-capable switches that have not yet been added to a cluster. Cluster
member switches are switches that have actually been added to a switch cluster. Although not required,
a candidate or cluster member switch can have its own IP address and password (for related
considerations, see the “IP Addresses” section on page 5-12 and “Passwords” section on page 5-12).

To join a cluster, a candidate switch must meet these requirements:

• It is running cluster-capable software.

• It has CDP version 2 enabled.

• It is not a command or cluster member switch of another cluster.

• If a cluster standby group exists, it is connected to every standby cluster command switch through

at least one common VLAN. The VLAN to each standby cluster command switch can be different.

• It is connected to the cluster command switch through at least one common VLAN.

Note Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL

candidate and cluster member switches must be connected through their management VLAN
to the cluster command switch and standby cluster command switches. For complete
information about these switches in a switch-cluster environment, refer to the software
configuration guide for that specific switch.

This requirement does not apply if you have a Catalyst 2970, Catalyst 3550, Catalyst 3560,
or Catalyst 3750 cluster command switch. Candidate and cluster member switches can
connect through any VLAN in common with the cluster command switch.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

5-3

Planning a Switch Cluster

Planning a Switch Cluster

Anticipating conflicts and compatibility issues is a high priority when you manage several switches
through a cluster. This section describes these guidelines, requirements, and caveats that you should
understand before you create the cluster:

• Automatic Discovery of Cluster Candidates and Members, page 5-4

• HSRP and Standby Cluster Command Switches, page 5-9

• IP Addresses, page 5-12

• Hostnames, page 5-12

• Passwords, page 5-12

• SNMP Community Strings, page 5-13

• TACACS+ and RADIUS, page 5-13

• LRE Profiles, page 5-13

Refer to the release notes for the list of Catalyst switches eligible for switch clustering, including which
ones can be cluster command switches and which ones can only be cluster member switches, and for the
required software versions and browser and Java plug-in configurations.

Chapter 5 Clustering Switches

Automatic Discovery of Cluster Candidates and Members

The cluster command switch uses Cisco Discovery Protocol (CDP) to discover cluster member switches,
candidate switches, neighboring switch clusters, and edge devices across multiple VLANs and in star or
cascaded topologies.

Note Do not disable CDP on the cluster command switch, on cluster members, or on any cluster-capable

switches that you might want a cluster command switch to discover. For more information about CDP,
see Chapter 23, “Configuring CDP.”

Following these connectivity guidelines ensures automatic discovery of the switch cluster, cluster
candidates, connected switch clusters, and neighboring edge devices:

• Discovery Through CDP Hops, page 5-4

• Discovery Through Non-CDP-Capable and Noncluster-Capable Devices, page 5-5

• Discovery Through Different VLANs, page 5-6

• Discovery Through Different Management VLANs, page 5-7

• Discovery of Newly Installed Switches, page 5-8

Discovery Through CDP Hops

By using CDP, a cluster command switch can discover switches up to seven CDP hops away (the default
is three hops) from the edge of the cluster. The edge of the cluster is where the last cluster member
switches are connected to the cluster and to candidate switches. For example, cluster member switches 9
and 10 in Figure 5-1 are at the edge of the cluster.

5-4

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01

Chapter 5 Clustering Switches

Command device

Member
device 10

Member
device 8

Member
device 9

VLAN 62

Edge of
cluster

VLAN 16

101321

Device 11

candidate

device

Candidate
devices

Device 12

Device 13

Device 14

Device 15

In Figure 5-1, the cluster command switch has ports assigned to VLANs 16 and 62. The CDP hop count
is three. The cluster command switch discovers switches 11, 12, 13, and 14 because they are within three
hops from the edge of the cluster. It does not discover switch 15 because it is four hops from the edge of
the cluster.

Figure 5-1 Discovery Through CDP Hops

Planning a Switch Cluster

Discovery Through Non-CDP-Capable and Noncluster-Capable Devices

If a cluster command switch is connected to a non-CDP-capable third-party hub (such as a non-Cisco
hub), it can discover cluster-enabled devices connected to that third-party hub. However, if the cluster
command switch is connected to a noncluster-capable Cisco device, it cannot discover a cluster-enabled
device connected beyond the noncluster-capable Cisco device.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

5-5

Planning a Switch Cluster

Command device

Catalyst 5000 switch
(noncluster-capable)

Third-party hub

(non-CDP-capable)

Candidate device Candidate device

89377

Chapter 5 Clustering Switches

Figure 5-2 shows that the cluster command switch discovers the switch that is connected to a third-party

hub. However, the cluster command switch does not discover the switch that is connected to a
Catalyst 5000 switch.

Figure 5-2 Discovery Through Non-CDP-Capable and Noncluster-Capable Devices

Discovery Through Different VLANs

If the cluster command switch is a Catalyst 2970, Catalyst 3550, Catalyst 3560, or Catalyst 3750 switch,
the cluster can have cluster member switches in different VLANs. As cluster member switches, they
must be connected through at least one VLAN in common with the cluster command switch. The cluster
command switch in Figure 5-3 has ports assigned to VLANs 9, 16, and 62 and therefore discovers the
switches in those VLANs. It does not discover the switch in VLAN 50. It also does not discover the
switch in VLAN 16 in the first column because the cluster command switch has no VLAN connectivity
to it.

Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL cluster member switches must be connected to
the cluster command switch through their management VLAN. For information about discovery through
management VLANs, see the “Discovery Through Different Management VLANs” section on page 5-7.
For more information about VLANs, see Chapter 13, “Configuring VLANs.”

Catalyst 2928 Switch Software Configuration Guide

5-6

OL-23389-01

Chapter 5 Clustering Switches

VLAN 62

VLAN 62

VLAN 16

VLAN trunk 9,16

Command device

VLAN 50

VLAN trunk 9,16

VLAN trunk 4,16

101322

Figure 5-3 Discovery Through Different VLANs

Planning a Switch Cluster

Discovery Through Different Management VLANs

Catalyst 2970, Catalyst 3550, Catalyst 3560, or Catalyst 3750 cluster command switches can discover
and manage cluster member switches in different VLANs and different management VLANs. As cluster
member switches, they must be connected through at least one VLAN in common with the cluster
command switch. They do not need to be connected to the cluster command switch through their
management VLAN. The default management VLAN is VLAN 1.

Note If the switch cluster has a Catalyst 3750 switch or switch stack, that switch or switch stack must be the

cluster command switch.

The cluster command switch and standby command switch in Figure 5-4 (assuming they are
Catalyst 2960 Catalyst 2970, Catalyst 3550, Catalyst 3560, or Catalyst 3750 cluster command switches)
have ports assigned to VLANs 9, 16, and 62. The management VLAN on the cluster command switch is
VLAN 9. Each cluster command switch discovers the switches in the different management VLANs
except these:

• Switches 7 and 10 (switches in management VLAN 4) because they are not connected through a

common VLAN (meaning VLANs 62 and 9) with the cluster command switch.

• Switch 9 because automatic discovery does not extend beyond a noncandidate device, which is

switch 7.

OL-23389-01

Catalyst 2928 Switch Software Configuration Guide

5-7

Planning a Switch Cluster

101323

VLAN 62

VLAN trunk 4, 62

VLAN 62

VLAN 16

VLAN 9

VLAN 16

VLAN 9

Standby command

device

Command

device

VLAN 9

Device 7
(management
VLAN 4)

Device 9
(management
VLAN 62)

VLAN 4

Device 3

(management

VLAN 16)

Device 4

(management

VLAN 16)

Device 10
(management
VLAN 4)

Device 8
(management
VLAN 9)

Device 6
(management
VLAN 9)

Device 5
(management
VLAN 62)

Chapter 5 Clustering Switches

Figure 5-4 Discovery Through Different Management VLANs with a Layer 3 Cluster Command

Switch

Discovery of Newly Installed Switches

5-8

To join a cluster, the new, out-of-the-box switch must be connected to the cluster through one of its
access ports. An access port (AP) carries the traffic of and belongs to only one VLAN. By default, the
new switch and its access ports are assigned to VLAN 1.

When the new switch joins a cluster, its default VLAN changes to the VLAN of the immediately
upstream neighbor. The new switch also configures its access port to belong to the VLAN of the
immediately upstream neighbor.

The cluster command switch in Figure 5-5 belongs to VLANs 9 and 16. When new cluster-capable
switches join the cluster:

• One cluster-capable switch and its access port are assigned to VLAN 9.

• The other cluster-capable switch and its access port are assigned to management VLAN 16.

Catalyst 2928 Switch Software Configuration Guide

OL-23389-01