How it Works
Cisco
Loading...
C
Loading...
Loading...
Catalyst 2928
Table of contents
Loading...

Cisco Catalyst 2928 Software Configuration Manual

Catalyst 2928 Switch Software Configuration Guide

Cisco IOS Release 12.2(55)EZ November 2010
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
Fax: 408 527-0883
Text Part Number: OL-23389-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1005R)
Catalyst 2928 Switch Software Configuration Guide
©2010 Cisco Systems, Inc. All rights reserved.

CONTENTS

Preface xxvii
Audience xxvii
Purpose xxvii
Conventions xxvii
Related Publications xxviii
Obtaining Documentation, Obtaining Support, and Security Guidelines xxix
CHAPTER
1 Overview 1-1
Features 1-1
Ease-of-Deployment and Ease-of-Use Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability Features 1-4 Availability and Redundancy Features 1-5 VLAN Features 1-5 Security Features 1-6 QoS and CoS Features 1-7 Power over Ethernet Features (WS-C2928-24LT-C only) 1-7 Monitoring Features 1-8
Default Settings After Initial Switch Configuration 1-8
Network Configuration Examples 1-11
Design Concepts for Using the Switch 1-11 Small to Medium-Sized Network Using Catalyst 2928 Switches 1-14 Campus Network Using Catalyst 2928 Switches 1-15
Where to Go Next 1-16
CHAPTER
OL-23389-01
2 Using the Command-Line Interface 2-1
Understanding Command Modes 2-1
Understanding the Help System 2-3
Understanding Abbreviated Commands 2-3
Understanding no and default Forms of Commands 2-4
Understanding CLI Error Messages 2-4
Using Configuration Logging 2-4
Catalyst 2928 Switch Software Configuration Guide
iii
Contents
Using Command History 2-5
Changing the Command History Buffer Size 2-5 Recalling Commands 2-6 Disabling the Command History Feature 2-6
Using Editing Features 2-6
Enabling and Disabling Editing Features 2-6 Editing Commands through Keystrokes 2-7 Editing Command Lines that Wrap 2-8
Searching and Filtering Output of show and more Commands 2-9
Accessing the CLI 2-9
Accessing the CLI through a Console Connection or through Telnet 2-9
CHAPTER
3 Assigning the Switch IP Address and Default Gateway 3-1
Understanding the Boot Process 3-1
Assigning Switch Information 3-2
Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3
DHCP Client Request Process 3-4
Understanding DHCP-based Autoconfiguration and Image Update 3-4
DHCP Autoconfiguration 3-5 DHCP Auto-Image Update 3-5 Limitations and Restrictions 3-5
Configuring DHCP-Based Autoconfiguration 3-6
DHCP Server Configuration Guidelines 3-6 Configuring the TFTP Server 3-7 Configuring the DNS 3-7 Configuring the Relay Device 3-7 Obtaining Configuration Files 3-8 Example Configuration 3-9
Configuring the DHCP Auto Configuration and Image Update Features 3-11
Configuring DHCP Autoconfiguration (Only Configuration File) 3-11 Configuring DHCP Auto-Image Update (Configuration File and Image) 3-12 Configuring the Client 3-13
Manually Assigning IP Information 3-14
iv
Checking and Saving the Running Configuration 3-14
Modifying the Startup Configuration 3-15
Default Boot Configuration 3-16 Automatically Downloading a Configuration File 3-16 Specifying the Filename to Read and Write the System Configuration 3-16
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Booting Manually 3-17 Booting a Specific Software Image 3-18 Controlling Environment Variables 3-18
Scheduling a Reload of the Software Image 3-20
Configuring a Scheduled Reload 3-20 Displaying Scheduled Reload Information 3-21
Contents
CHAPTER
4 Configuring Cisco IOS CNS Agents 4-1
Understanding Cisco Configuration Engine Software 4-1
Configuration Service 4-2 Event Service 4-3
NameSpace Mapper 4-3
What You Should Know About the CNS IDs and Device Hostnames 4-3
ConfigID 4-3 DeviceID 4-4 Hostname and DeviceID 4-4 Using Hostname, DeviceID, and ConfigID 4-4
Understanding Cisco IOS Agents 4-5
Initial Configuration 4-5 Incremental (Partial) Configuration 4-6 Synchronized Configuration 4-6
Configuring Cisco IOS Agents 4-6
Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-7 Enabling the Cisco IOS CNS Agent 4-8
Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11
CHAPTER
OL-23389-01
Displaying CNS Configuration 4-12
5 Clustering Switches 5-1
Understanding Switch Clusters 5-1
Cluster Command Switch Characteristics 5-2 Standby Cluster Command Switch Characteristics 5-3 Candidate Switch and Cluster Member Switch Characteristics 5-3
Planning a Switch Cluster 5-4
Automatic Discovery of Cluster Candidates and Members 5-4
Discovery Through CDP Hops 5-4 Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 5-5 Discovery Through Different VLANs 5-6
Catalyst 2928 Switch Software Configuration Guide
v
Contents
Discovery Through Different Management VLANs 5-7 Discovery of Newly Installed Switches 5-8
HSRP and Standby Cluster Command Switches 5-9
Virtual IP Addresses 5-10 Other Considerations for Cluster Standby Groups 5-10
Automatic Recovery of Cluster Configuration 5-11 IP Addresses 5-12 Hostnames 5-12 Passwords 5-12 SNMP Community Strings 5-13 TACACS+ and RADIUS 5-13 LRE Profiles 5-13
Using the CLI to Manage Switch Clusters 5-13
Catalyst 1900 and Catalyst 2820 CLI Considerations 5-14
Using SNMP to Manage Switch Clusters 5-14
CHAPTER
CHAPTER
6 Configuring SDM Templates 6-1
Understanding the SDM Templates 6-1
Configuring the Switch SDM Template 6-2
Default SDM Template 6-2 SDM Template Configuration Guidelines 6-2
Displaying the SDM Templates 6-3
7 Administering the Switch 7-1
Managing the System Time and Date 7-1
Understanding the System Clock 7-1 Understanding Network Time Protocol 7-2 Configuring NTP 7-4
Default NTP Configuration 7-4
Configuring NTP Authentication 7-4
Configuring NTP Associations 7-5
Configuring NTP Broadcast Service 7-6
Configuring NTP Access Restrictions 7-8
Configuring the Source IP Address for NTP Packets 7-10
Displaying the NTP Configuration 7-11 Configuring Time and Date Manually 7-11
Setting the System Clock 7-11
Displaying the Time and Date Configuration 7-12
vi
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Configuring the Time Zone 7-12 Configuring Summer Time (Daylight Saving Time) 7-13
Configuring a System Name and Prompt 7-14
Default System Name and Prompt Configuration 7-15 Configuring a System Name 7-15 Understanding DNS 7-15
Default DNS Configuration 7-16 Setting Up DNS 7-16 Displaying the DNS Configuration 7-17
Creating a Banner 7-17
Default Banner Configuration 7-17 Configuring a Message-of-the-Day Login Banner 7-17 Configuring a Login Banner 7-18
Managing the MAC Address Table 7-19
Building the Address Table 7-20 MAC Addresses and VLANs 7-20 Default MAC Address Table Configuration 7-20 Changing the Address Aging Time 7-20 Removing Dynamic Address Entries 7-21 Configuring MAC Address Notification Traps 7-21 Adding and Removing Static Address Entries 7-23 Configuring Unicast MAC Address Filtering 7-24 Displaying Address Table Entries 7-26
Contents
CHAPTER
OL-23389-01
Managing the ARP Table 7-26
8 Configuring Switch-Based Authentication 8-1
Preventing Unauthorized Access to Your Switch 8-1
Protecting Access to Privileged EXEC Commands 8-2
Default Password and Privilege Level Configuration 8-2 Setting or Changing a Static Enable Password 8-3 Protecting Enable and Enable Secret Passwords with Encryption 8-3 Disabling Password Recovery 8-5 Setting a Telnet Password for a Terminal Line 8-6 Configuring Username and Password Pairs 8-6 Configuring Multiple Privilege Levels 8-7
Setting the Privilege Level for a Command 8-8 Changing the Default Privilege Level for Lines 8-9 Logging into and Exiting a Privilege Level 8-9
Catalyst 2928 Switch Software Configuration Guide
vii
Contents
Controlling Switch Access with TACACS+ 8-10
Understanding TACACS+ 8-10 TACACS+ Operation 8-12 Configuring TACACS+ 8-12
Default TACACS+ Configuration 8-13
Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13
Configuring TACACS+ Login Authentication 8-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16
Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17
Controlling Switch Access with RADIUS 8-17
Understanding RADIUS 8-18 RADIUS Operation 8-19 Configuring RADIUS 8-20
Default RADIUS Configuration 8-20
Identifying the RADIUS Server Host 8-20
Configuring RADIUS Login Authentication 8-23
Defining AAA Server Groups 8-25
Configuring RADIUS Authorization for User Privileged Access and Network Services 8-27
Starting RADIUS Accounting 8-28
Configuring Settings for All RADIUS Servers 8-29
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-29
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-31 Displaying the RADIUS Configuration 8-31
viii
Configuring the Switch for Local Authentication and Authorization 8-32
Configuring the Switch for Secure Shell 8-33
Understanding SSH 8-33
SSH Servers, Integrated Clients, and Supported Versions 8-33
Limitations 8-34 Configuring SSH 8-34
Configuration Guidelines 8-34
Setting Up the Switch to Run SSH 8-35
Configuring the SSH Server 8-36 Displaying the SSH Configuration and Status 8-36
Configuring the Switch for Secure Socket Layer HTTP 8-37
Understanding Secure HTTP Servers and Clients 8-37
Certificate Authority Trustpoints 8-37
CipherSuites 8-39
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Configuring Secure HTTP Servers and Clients 8-39
Default SSL Configuration 8-39 SSL Configuration Guidelines 8-40 Configuring a CA Trustpoint 8-40 Configuring the Secure HTTP Server 8-41 Configuring the Secure HTTP Client 8-42
Displaying Secure HTTP Server and Client Status 8-43
Configuring the Switch for Secure Copy Protocol 8-43
Information About Secure Copy 8-44
Contents
CHAPTER
9 Configuring IEEE 802.1x Port-Based Authentication 9-1
Understanding IEEE 802.1x Port-Based Authentication 9-1
Device Roles 9-2 Authentication Process 9-3 Authentication Initiation and Message Exchange 9-5 Ports in Authorized and Unauthorized States 9-7 IEEE 802.1x Host Mode 9-7 IEEE 802.1x Accounting 9-8 IEEE 802.1x Accounting Attribute-Value Pairs 9-8 Using IEEE 802.1x Authentication with VLAN Assignment 9-9 Using IEEE 802.1x Authentication with Guest VLAN 9-11 Using IEEE 802.1x Authentication with Restricted VLAN 9-12 Using IEEE 802.1x Authentication with Voice VLAN Ports 9-13 Using IEEE 802.1x Authentication with Port Security 9-13 Using IEEE 802.1x Authentication with MAC Authentication Bypass 9-14
802.1x Authentication with Restricted VLAN 9-15 Common Session ID 9-16
Configuring IEEE 802.1x Authentication 9-17
Default IEEE 802.1x Authentication Configuration 9-17 IEEE 802.1x Authentication Configuration Guidelines 9-19
IEEE 802.1x Authentication 9-19 VLAN Assignment and Guest VLAN 9-20
MAC Authentication Bypass 9-20 Upgrading from a Previous Software Release 9-20 Configuring IEEE 802.1x Authentication 9-20 Configuring the Switch-to-RADIUS-Server Communication 9-22 Configuring the Host Mode 9-23 Configuring Periodic Re-Authentication 9-24 Manually Re-Authenticating a Client Connected to a Port 9-24
OL-23389-01
Catalyst 2928 Switch Software Configuration Guide
ix
Contents
Changing the Quiet Period 9-25 Changing the Switch-to-Client Retransmission Time 9-25 Setting the Switch-to-Client Frame-Retransmission Number 9-26 Setting the Re-Authentication Number 9-27 Configuring IEEE 802.1x Accounting 9-27 Configuring a Guest VLAN 9-28 Configuring a Restricted VLAN 9-29 Configuring MAC Authentication Bypass 9-31 Disabling IEEE 802.1x Authentication on the Port 9-31 Resetting the IEEE 802.1x Authentication Configuration to the Default Values 9-32
Displaying IEEE 802.1x Statistics and Status 9-32
CHAPTER
10 Configuring Web-Based Authentication 10-1
Understanding Web-Based Authentication 10-1
Device Roles 10-2 Host Detection 10-2 Session Creation 10-3 Authentication Process 10-3 Local Web Authentication Banner 10-4 Web Authentication Customizable Web Pages 10-6
Guidelines 10-6
Web-based Authentication Interactions with Other Features 10-7
Port Security 10-7 LAN Port IP 10-8 Gateway IP 10-8 ACLs 10-8 Context-Based Access Control 10-8
802.1x Authentication 10-8 EtherChannel 10-8
Configuring Web-Based Authentication 10-9
Default Web-Based Authentication Configuration 10-9 Web-Based Authentication Configuration Guidelines and Restrictions 10-9 Web-Based Authentication Configuration Task List 10-10 Configuring the Authentication Rule and Interfaces 10-10 Configuring AAA Authentication 10-11 Configuring Switch-to-RADIUS-Server Communication 10-11 Configuring the HTTP Server 10-13
Customizing the Authentication Proxy Web Pages 10-13 Specifying a Redirection URL for Successful Login 10-15
Catalyst 2928 Switch Software Configuration Guide
x
OL-23389-01
Configuring an AAA Fail Policy 10-15 Configuring the Web-Based Authentication Parameters 10-16 Configuring a Web Authentication Local Banner 10-16 Removing Web-Based Authentication Cache Entries 10-17
Displaying Web-Based Authentication Status 10-17
Contents
CHAPTER
CHAPTER
11 Configuring Portal-Based Authentication 11-1
Understanding Portal-Based Authentication 11-1
Configuring Portal-Based Authentication 11-2
Default Portal-Based Authentication Configuration 11-2 Enabling Portal-Based Authentication on the Switch 11-3 Enabling Portal-Based Authentication on an Interface 11-4 Configuring the Switch-to-RADIUS-Server Communication 11-4
Monitoring Portal-Based Authentication 11-6
12 Configuring Interface Characteristics 12-1
Understanding Interface Types 12-1
Port-Based VLANs 12-2 Switch Ports 12-2
Access Ports 12-2
Trunk Ports 12-3 Power over Ethernet (PoE) Ports (WS-C2928-24LT-C only) 12-4
Supported Protocols and Standards 12-4
Powered-Device Detection and Initial Power Allocation 12-5
Power Management Modes 12-5
Power Monitoring and Power Policing 12-6 Connecting Interfaces 12-9
OL-23389-01
Using Interface Configuration Mode 12-9
Procedures for Configuring Interfaces 12-10 Configuring a Range of Interfaces 12-10 Configuring and Using Interface Range Macros 12-12
Configuring Ethernet Interfaces 12-14
Default Ethernet Interface Configuration 12-14 Setting the Type of a Dual-Purpose Uplink Port 12-15 Configuring Interface Speed and Duplex Mode 12-17
Speed and Duplex Configuration Guidelines 12-17
Setting the Interface Speed and Duplex Parameters 12-18 Configuring IEEE 802.3x Flow Control 12-19 Configuring Auto-MDIX on an Interface 12-20
Catalyst 2928 Switch Software Configuration Guide
xi
Contents
Configuring a Power Management Mode on a PoE Port 12-21 Budgeting Power for Devices Connected to a PoE Port 12-22 Configuring Power Policing 12-24 Adding a Description for an Interface 12-25
Configuring the System MTU 12-26
Monitoring and Maintaining the Interfaces 12-27
Monitoring Interface Status 12-28 Clearing and Resetting Interfaces and Counters 12-28 Shutting Down and Restarting the Interface 12-29
CHAPTER
13 Configuring VLANs 13-1
Understanding VLANs 13-1
Supported VLANs 13-2 VLAN Port Membership Modes 13-3
Configuring Normal-Range VLANs 13-4
Token Ring VLANs 13-5 Normal-Range VLAN Configuration Guidelines 13-5 Saving VLAN Configuration 13-6 Default Ethernet VLAN Configuration 13-6 Creating or Modifying an Ethernet VLAN 13-7 Deleting a VLAN 13-8 Assigning Static-Access Ports to a VLAN 13-9
Configuring Extended-Range VLANs 13-10
Default VLAN Configuration 13-10 Extended-Range VLAN Configuration Guidelines 13-10 Creating an Extended-Range VLAN 13-11
Displaying VLANs 13-12
Configuring VLAN Trunks 13-12
Trunking Overview 13-12
IEEE 802.1Q Configuration Considerations 13-13 Default Layer 2 Ethernet Interface VLAN Configuration 13-14 Configuring an Ethernet Interface as a Trunk Port 13-14
Interaction with Other Features 13-14
Configuring a Trunk Port 13-15
Defining the Allowed VLANs on a Trunk 13-16
Changing the Pruning-Eligible List 13-17
Configuring the Native VLAN for Untagged Traffic 13-17
xii
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Configuring Trunk Ports for Load Sharing 13-18
Load Sharing Using STP Port Priorities 13-18 Load Sharing Using STP Path Cost 13-20
Configuring VMPS 13-21
Understanding VMPS 13-22
Dynamic-Access Port VLAN Membership 13-22 Default VMPS Client Configuration 13-23 VMPS Configuration Guidelines 13-23 Configuring the VMPS Client 13-24
Entering the IP Address of the VMPS 13-24
Configuring Dynamic-Access Ports on VMPS Clients 13-24
Reconfirming VLAN Memberships 13-25
Changing the Reconfirmation Interval 13-25
Changing the Retry Count 13-26 Monitoring the VMPS 13-26 Troubleshooting Dynamic-Access Port VLAN Membership 13-27 VMPS Configuration Example 13-27
Contents
CHAPTER
14 Configuring VTP 14-1
Understanding VTP 14-1
The VTP Domain 14-2 VTP Modes 14-3 VTP Advertisements 14-3 VTP Version 2 14-4 VTP Pruning 14-4
Configuring VTP 14-6
Default VTP Configuration 14-6 VTP Configuration Guidelines 14-7
Domain Names 14-7
Passwords 14-7
VTP Version 14-8
Configuration Requirements 14-8 Configuring a VTP Server 14-8 Configuring a VTP Client 14-9 Disabling VTP (VTP Transparent Mode) 14-10 Enabling VTP Version 2 14-11 Enabling VTP Pruning 14-12 Adding a VTP Client Switch to a VTP Domain 14-12
OL-23389-01
Monitoring VTP 14-14
Catalyst 2928 Switch Software Configuration Guide
xiii
Contents
CHAPTER
CHAPTER
15 Configuring Voice VLAN 15-1
Understanding Voice VLAN 15-1
Cisco IP Phone Voice Traffic 15-2 Cisco IP Phone Data Traffic 15-2
Configuring Voice VLAN 15-3
Default Voice VLAN Configuration 15-3 Voice VLAN Configuration Guidelines 15-3 Configuring a Port Connected to a Cisco 7960 IP Phone 15-4
Configuring Cisco IP Phone Voice Traffic 15-5
Displaying Voice VLAN 15-6
16 Configuring STP 16-1
Understanding Spanning-Tree Features 16-1
STP Overview 16-2 Spanning-Tree Topology and BPDUs 16-2 Bridge ID, Switch Priority, and Extended System ID 16-3 Spanning-Tree Interface States 16-4
Blocking State 16-5 Listening State 16-6 Learning State 16-6 Forwarding State 16-6
Disabled State 16-6 How a Switch or Port Becomes the Root Switch or Root Port 16-7 Spanning Tree and Redundant Connectivity 16-7 Spanning-Tree Address Management 16-8 Accelerated Aging to Retain Connectivity 16-8 Spanning-Tree Modes and Protocols 16-9 Supported Spanning-Tree Instances 16-9 Spanning-Tree Interoperability and Backward Compatibility 16-10 STP and IEEE 802.1Q Trunks 16-10
xiv
Configuring Spanning-Tree Features 16-10
Default Spanning-Tree Configuration 16-11 Spanning-Tree Configuration Guidelines 16-12 Changing the Spanning-Tree Mode. 16-13 Disabling Spanning Tree 16-14 Configuring the Root Switch 16-14 Configuring a Secondary Root Switch 16-16 Configuring Port Priority 16-16 Configuring Path Cost 16-18
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Configuring the Switch Priority of a VLAN 16-19 Configuring Spanning-Tree Timers 16-20
Configuring the Hello Time 16-20 Configuring the Forwarding-Delay Time for a VLAN 16-21 Configuring the Maximum-Aging Time for a VLAN 16-21 Configuring the Transmit Hold-Count 16-22
Displaying the Spanning-Tree Status 16-22
Contents
CHAPTER
17 Configuring MSTP 17-1
Understanding MSTP 17-2
Multiple Spanning-Tree Regions 17-2 IST, CIST, and CST 17-2
Operations Within an MST Region 17-3 Operations Between MST Regions 17-3
IEEE 802.1s Terminology 17-5 Hop Count 17-5 Boundary Ports 17-6 IEEE 802.1s Implementation 17-6
Port Role Naming Change 17-6
Interoperation Between Legacy and Standard Switches 17-7
Detecting Unidirectional Link Failure 17-7 Interoperability with IEEE 802.1D STP 17-8
Understanding RSTP 17-8
Port Roles and the Active Topology 17-9 Rapid Convergence 17-9 Synchronization of Port Roles 17-11 Bridge Protocol Data Unit Format and Processing 17-12
Processing Superior BPDU Information 17-12
Processing Inferior BPDU Information 17-13 Topology Changes 17-13
OL-23389-01
Configuring MSTP Features 17-13
Default MSTP Configuration 17-14 MSTP Configuration Guidelines 17-14 Specifying the MST Region Configuration and Enabling MSTP 17-15 Configuring the Root Switch 17-17 Configuring a Secondary Root Switch 17-18 Configuring Port Priority 17-19 Configuring Path Cost 17-20 Configuring the Switch Priority 17-21
Catalyst 2928 Switch Software Configuration Guide
xv
Contents
Configuring the Hello Time 17-22 Configuring the Forwarding-Delay Time 17-23 Configuring the Maximum-Aging Time 17-23 Configuring the Maximum-Hop Count 17-24 Specifying the Link Type to Ensure Rapid Transitions 17-24 Designating the Neighbor Type 17-25 Restarting the Protocol Migration Process 17-25
Displaying the MST Configuration and Status 17-26
CHAPTER
18 Configuring Optional Spanning-Tree Features 18-1
Understanding Optional Spanning-Tree Features 18-1
Understanding Port Fast 18-2 Understanding BPDU Guard 18-2 Understanding BPDU Filtering 18-3 Understanding UplinkFast 18-3 Understanding BackboneFast 18-5 Understanding EtherChannel Guard 18-7 Understanding Root Guard 18-8 Understanding Loop Guard 18-9
Configuring Optional Spanning-Tree Features 18-9
Default Optional Spanning-Tree Configuration 18-9 Optional Spanning-Tree Configuration Guidelines 18-10 Enabling Port Fast 18-10 Enabling BPDU Guard 18-11 Enabling BPDU Filtering 18-12 Enabling UplinkFast for Use with Redundant Links 18-13 Enabling BackboneFast 18-13 Enabling EtherChannel Guard 18-14 Enabling Root Guard 18-15 Enabling Loop Guard 18-15
CHAPTER
xvi
Displaying the Spanning-Tree Status 18-16
19 Configuring DHCP Features and IP Source Guard Features 19-1
Understanding DHCP Snooping 19-1
DHCP Server 19-2 DHCP Relay Agent 19-2 DHCP Snooping 19-2 Option-82 Data Insertion 19-4 DHCP Snooping Binding Database 19-7
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Configuring DHCP Snooping 19-8
Default DHCP Snooping Configuration 19-8 DHCP Snooping Configuration Guidelines 19-9 Configuring the DHCP Relay Agent 19-10 Enabling DHCP Snooping and Option 82 19-11 Enabling the DHCP Snooping Binding Database Agent 19-12
Displaying DHCP Snooping Information 19-13
Understanding IP Source Guard 19-13
Source IP Address Filtering 19-14 Source IP and MAC Address Filtering 19-14 IP Source Guard for Static Hosts 19-15
Configuring IP Source Guard 19-15
Default IP Source Guard Configuration 19-16 IP Source Guard Configuration Guidelines 19-16 Enabling IP Source Guard 19-16 Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port 19-18
Contents
CHAPTER
Displaying IP Source Guard Information 19-21
Understanding DHCP Server Port-Based Address Allocation 19-21
Configuring DHCP Server Port-Based Address Allocation 19-22
Default Port-Based Address Allocation Configuration 19-22 Port-Based Address Allocation Configuration Guidelines 19-22 Enabling DHCP Server Port-Based Address Allocation 19-23
Displaying DHCP Server Port-Based Address Allocation 19-25
20 Configuring Dynamic ARP Inspection 20-1
Understanding Dynamic ARP Inspection 20-1
Interface Trust States and Network Security 20-3 Rate Limiting of ARP Packets 20-4 Relative Priority of ARP ACLs and DHCP Snooping Entries 20-4 Logging of Dropped Packets 20-4
Configuring Dynamic ARP Inspection 20-5
Default Dynamic ARP Inspection Configuration 20-5 Dynamic ARP Inspection Configuration Guidelines 20-6 Configuring Dynamic ARP Inspection in DHCP Environments 20-7 Configuring ARP ACLs for Non-DHCP Environments 20-8 Limiting the Rate of Incoming ARP Packets 20-10 Performing Validation Checks 20-11 Configuring the Log Buffer 20-12
OL-23389-01
Catalyst 2928 Switch Software Configuration Guide
xvii
Contents
Displaying Dynamic ARP Inspection Information 20-14
CHAPTER
21 Configuring IGMP Snooping 21-1
Understanding IGMP Snooping 21-1
IGMP Versions 21-2 Joining a Multicast Group 21-3 Leaving a Multicast Group 21-4 Immediate Leave 21-5 IGMP Configurable-Leave Timer 21-5 IGMP Report Suppression 21-5
Configuring IGMP Snooping 21-6
Default IGMP Snooping Configuration 21-6 Enabling or Disabling IGMP Snooping 21-6 Setting the Snooping Method 21-7 Configuring a Multicast Router Port 21-8 Configuring a Host Statically to Join a Group 21-9 Enabling IGMP Immediate Leave 21-9 Configuring the IGMP Leave Timer 21-10 Configuring TCN-Related Commands 21-11
Controlling the Multicast Flooding Time After a TCN Event 21-11 Recovering from Flood Mode 21-12
Disabling Multicast Flooding During a TCN Event 21-12 Configuring the IGMP Snooping Querier 21-13 Disabling IGMP Report Suppression 21-14
CHAPTER
xviii
Displaying IGMP Snooping Information 21-14
Configuring IGMP Filtering and Throttling 21-16
Default IGMP Filtering and Throttling Configuration 21-16 Configuring IGMP Profiles 21-17 Applying IGMP Profiles 21-18 Setting the Maximum Number of IGMP Groups 21-19 Configuring the IGMP Throttling Action 21-19
Displaying IGMP Filtering and Throttling Configuration 21-20
22 Configuring Port-Based Traffic Control 22-1
Configuring Storm Control 22-1
Understanding Storm Control 22-1 Default Storm Control Configuration 22-3 Configuring Storm Control and Threshold Levels 22-3 Configuring Small-Frame Arrival Rate 22-5
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Configuring Protected Ports 22-6
Default Protected Port Configuration 22-6 Protected Port Configuration Guidelines 22-6 Configuring a Protected Port 22-7
Configuring Port Blocking 22-7
Default Port Blocking Configuration 22-7 Blocking Flooded Traffic on an Interface 22-7
Configuring Port Security 22-8
Understanding Port Security 22-9
Secure MAC Addresses 22-9
Security Violations 22-10 Default Port Security Configuration 22-11 Port Security Configuration Guidelines 22-11 Enabling and Configuring Port Security 22-12 Enabling and Configuring Port Security Aging 22-17 Displaying Port-Based Traffic Control Settings 22-18
Contents
CHAPTER
CHAPTER
23 Configuring CDP 23-1
Understanding CDP 23-1
Configuring CDP 23-2
Default CDP Configuration 23-2 Configuring the CDP Characteristics 23-2 Disabling and Enabling CDP 23-3 Disabling and Enabling CDP on an Interface 23-4
Monitoring and Maintaining CDP 23-5
24 Configuring LLDP and LLDP-MED 24-1
Understanding LLDP and LLDP-MED 24-1
LLDP 24-1 LLDP-MED 24-2
Configuring LLDP and LLDP-MED 24-3
Default LLDP Configuration 24-3 Configuration Guidelines 24-3 Enabling LLDP 24-4 Configuring LLDP Characteristics 24-4 Configuring LLDP-MED TLVs 24-5 Configuring Network-Policy TLV 24-6
OL-23389-01
Monitoring and Maintaining LLDP and LLDP-MED 24-8
Catalyst 2928 Switch Software Configuration Guide
xix
Contents
CHAPTER
CHAPTER
25 Configuring UDLD 25-1
Understanding UDLD 25-1
Modes of Operation 25-1 Methods to Detect Unidirectional Links 25-2
Configuring UDLD 25-3
Default UDLD Configuration 25-4 Configuration Guidelines 25-4 Enabling UDLD Globally 25-5 Enabling UDLD on an Interface 25-5 Resetting an Interface Disabled by UDLD 25-6
Displaying UDLD Status 25-6
26 Configuring SPAN 26-1
Understanding SPAN 26-1
Local SPAN 26-2 SPAN Concepts and Terminology 26-2
SPAN Sessions 26-2 Monitored Traffic 26-3 Source Ports 26-4 Source VLANs 26-4 VLAN Filtering 26-5 Destination Port 26-5
SPAN Interaction with Other Features 26-6
CHAPTER
xx
Configuring SPAN 26-7
Default SPAN Configuration 26-7 Configuring Local SPAN 26-7
SPAN Configuration Guidelines 26-7 Creating a Local SPAN Session 26-8 Creating a Local SPAN Session and Configuring Incoming Traffic 26-11 Specifying VLANs to Filter 26-12
Displaying SPAN Status 26-13
27 Configuring RMON 27-1
Understanding RMON 27-1
Configuring RMON 27-2
Default RMON Configuration 27-3 Configuring RMON Alarms and Events 27-3
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Collecting Group History Statistics on an Interface 27-5 Collecting Group Ethernet Statistics on an Interface 27-5
Displaying RMON Status 27-6
Contents
CHAPTER
28 Configuring System Message Logging 28-1
Understanding System Message Logging 28-1
Configuring System Message Logging 28-2
System Log Message Format 28-2 Default System Message Logging Configuration 28-3 Disabling Message Logging 28-3 Setting the Message Display Destination Device 28-4 Synchronizing Log Messages 28-5 Enabling and Disabling Time Stamps on Log Messages 28-7 Enabling and Disabling Sequence Numbers in Log Messages 28-7 Defining the Message Severity Level 28-8 Limiting Syslog Messages Sent to the History Table and to SNMP 28-9 Enabling the Configuration-Change Logger 28-10 Configuring UNIX Syslog Servers 28-11
Logging Messages to a UNIX Syslog Daemon 28-11
Configuring the UNIX System Logging Facility 28-12
Displaying the Logging Configuration 28-13
CHAPTER
OL-23389-01
29 Configuring SNMP 29-1
Understanding SNMP 29-1
SNMP Versions 29-2 SNMP Manager Functions 29-3 SNMP Agent Functions 29-4 SNMP Community Strings 29-4 Using SNMP to Access MIB Variables 29-4 SNMP Notifications 29-5 SNMP ifIndex MIB Object Values 29-5
Configuring SNMP 29-6
Default SNMP Configuration 29-6 SNMP Configuration Guidelines 29-7 Disabling the SNMP Agent 29-7 Configuring Community Strings 29-8 Configuring SNMP Groups and Users 29-9 Configuring SNMP Notifications 29-11 Setting the Agent Contact and Location Information 29-15
Catalyst 2928 Switch Software Configuration Guide
xxi
Contents
Limiting TFTP Servers Used Through SNMP 29-15 SNMP Examples 29-16
Displaying SNMP Status 29-17
CHAPTER
30 Configuring Network Security with ACLs 30-1
Understanding ACLs 30-1
ACL Overview 30-2
Port ACLs 30-2
Handling Fragmented and Unfragmented Traffic 30-3
Configuring IPv4 ACLs 30-4
Creating Standard and Extended IPv4 ACLs 30-5
Access List Numbers 30-5 Creating a Numbered Standard ACL 30-6 Creating a Numbered Extended ACL 30-7 Resequencing ACEs in an ACL 30-12 Creating Named Standard and Extended ACLs 30-12 Using Time Ranges with ACLs 30-14
Including Comments in ACLs 30-15 Applying an IPv4 ACL to a Terminal Line 30-16 Applying an IPv4 ACL to a VLAN Interface 30-16 Hardware and Software Treatment of IP ACLs 30-17 Troubleshooting ACLs 30-18 IPv4 ACL Configuration Examples 30-18
Numbered ACLs 30-19
Extended ACLs 30-19
Named ACLs 30-19
Time Range Applied to an IP ACL 30-20
Commented IP ACL Entries 30-20
CHAPTER
xxii
Displaying IPv4 ACL Configuration 30-21
31 Configuring QoS 31-1
Understanding QoS 31-1
Basic QoS Model 31-3 Classification 31-3 Queueing Overview 31-4
Weighted Tail Drop 31-4
Queueing on Ingress Queues 31-4
Queueing on Egress Queues 31-5 Packet Modification 31-6
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Configuring Standard QoS 31-6
Default Standard QoS Configuration 31-7
Default Ingress Queue Configuration 31-7
Default Egress Queue Configuration 31-7 General QoS Guidelines 31-8 Enabling QoS Globally 31-9 Configuring Classification Using Port Trust States 31-9
Configuring the Trust State on Ports within the QoS Domain 31-9
Configuring the CoS Value for an Interface 31-11
Enabling DSCP Transparency Mode 31-11 Configuring Ingress Queue Characteristics 31-12
Mapping CoS Values to an Ingress Queue 31-12
Configuring the Ingress Priority Queue 31-13 Configuring Egress Queue Characteristics 31-14
Configuration Guidelines 31-15
Mapping CoS Values to an Egress Queue and to a Threshold ID 31-15
Configuring the Egress Expedite Queue 31-16
Contents
CHAPTER
Displaying Standard QoS Information 31-17
32 Configuring EtherChannels 32-1
Understanding EtherChannels 32-1
EtherChannel Overview 32-2 Port-Channel Interfaces 32-3 Port Aggregation Protocol 32-4
PAgP Modes 32-4
PAgP Interaction with Other Features 32-5 Link Aggregation Control Protocol 32-5
LACP Modes 32-5
LACP Interaction with Other Features 32-6 EtherChannel On Mode 32-6 Load Balancing and Forwarding Methods 32-6
Configuring EtherChannels 32-8
Default EtherChannel Configuration 32-9 EtherChannel Configuration Guidelines 32-9 Configuring Layer 2 EtherChannels 32-10 Configuring EtherChannel Load Balancing 32-12 Configuring the PAgP Learn Method and Priority 32-13
OL-23389-01
Catalyst 2928 Switch Software Configuration Guide
xxiii
Contents
Configuring LACP Hot-Standby Ports 32-14
Configuring the LACP System Priority 32-15 Configuring the LACP Port Priority 32-15
Displaying EtherChannel, PAgP, and LACP Status 32-16
CHAPTER
33 Troubleshooting 33-1
Recovering from a Software Failure 33-2
Recovering from a Lost or Forgotten Password 33-3
Procedure with Password Recovery Enabled 33-4 Procedure with Password Recovery Disabled 33-6
Recovering from a Command Switch Failure 33-7
Replacing a Failed Command Switch with a Cluster Member 33-8 Replacing a Failed Command Switch with Another Switch 33-9
Recovering from Lost Cluster Member Connectivity 33-11
Preventing Autonegotiation Mismatches 33-11
Troubleshooting Power over Ethernet Switch Ports 33-11
Disabled Port Caused by Power Loss 33-12 Disabled Port Caused by False Link Up 33-12
SFP Module Security and Identification 33-12
Monitoring SFP Module Status 33-13
Using Ping 33-13
Understanding Ping 33-13 Executing Ping 33-13
xxiv
Using Layer 2 Traceroute 33-14
Understanding Layer 2 Traceroute 33-14 Usage Guidelines 33-15 Displaying the Physical Path 33-15
Using IP Traceroute 33-16
Understanding IP Traceroute 33-16 Executing IP Traceroute 33-17
Using TDR 33-18
Understanding TDR 33-18 Running TDR and Displaying the Results 33-18
Using Debug Commands 33-18
Enabling Debugging on a Specific Feature 33-19 Enabling All-System Diagnostics 33-19 Redirecting Debug and Error Message Output 33-20
Using the show platform forward Command 33-20
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Using the crashinfo Files 33-22
Basic crashinfo Files 33-22 Extended crashinfo Files 33-22
Memory Consistency Check Routines 33-23
Displaying TCAM Memory Consistency Check Errors 33-23
Troubleshooting Tables 33-24
Troubleshooting CPU Utilization 33-24
Possible Symptoms of High CPU Utilization 33-24
Verifying the Problem and Cause 33-24 Troubleshooting Power over Ethernet (PoE) 33-25
Contents
APPENDIX
APPENDIX
A Supported MIBs A-1
MIB List A-1
Using FTP to Access the MIB Files A-3
B Working with the Cisco IOS File System, Configuration Files, and Software Images B-1
Working with the Flash File System B-1
Displaying Available File Systems B-2 Setting the Default File System B-3 Displaying Information about Files on a File System B-3 Changing Directories and Displaying the Working Directory B-3 Creating and Removing Directories B-4 Copying Files B-4 Deleting Files B-5 Creating, Displaying, and Extracting tar Files B-5
Creating a tar File B-6
Displaying the Contents of a tar File B-6
Extracting a tar File B-7 Displaying the Contents of a File B-7
OL-23389-01
Working with Configuration Files B-8
Guidelines for Creating and Using Configuration Files B-8 Configuration File Types and Location B-9 Creating a Configuration File By Using a Text Editor B-9 Copying Configuration Files By Using TFTP B-10
Preparing to Download or Upload a Configuration File By Using TFTP B-10
Downloading the Configuration File By Using TFTP B-11
Uploading the Configuration File By Using TFTP B-11
Catalyst 2928 Switch Software Configuration Guide
xxv
Contents
Copying Configuration Files By Using FTP B-12
Preparing to Download or Upload a Configuration File By Using FTP B-12 Downloading a Configuration File By Using FTP B-13 Uploading a Configuration File By Using FTP B-14
Copying Configuration Files By Using RCP B-15
Preparing to Download or Upload a Configuration File By Using RCP B-16 Downloading a Configuration File By Using RCP B-16 Uploading a Configuration File By Using RCP B-17
Clearing Configuration Information B-18
Clearing the Startup Configuration File B-18 Deleting a Stored Configuration File B-18
Working with Software Images B-19
Image Location on the Switch B-20 tar File Format of Images on a Server or Cisco.com B-20 Copying Image Files By Using TFTP B-21
Preparing to Download or Upload an Image File By Using TFTP B-21 Downloading an Image File By Using TFTP B-22 Uploading an Image File By Using TFTP B-24
Copying Image Files By Using FTP B-24
Preparing to Download or Upload an Image File By Using FTP B-25 Downloading an Image File By Using FTP B-26 Uploading an Image File By Using FTP B-27
Copying Image Files By Using RCP B-28
Preparing to Download or Upload an Image File By Using RCP B-29 Downloading an Image File By Using RCP B-30 Uploading an Image File By Using RCP B-32
APPENDIX
xxvi
C Unsupported Commands in Cisco IOS Release 12.2(55)EZ C-1
Access Control Lists C-1
Unsupported Privileged EXEC Commands C-1 Unsupported Global Configuration Commands C-1 Unsupported Route-Map Configuration Commands C-1
Boot Loader Commands C-2
Unsupported Global Configuration Commands C-2
Debug Commands C-2
Unsupported Privileged EXEC Commands C-2
IEEE 802.1x Commands C-2
Unsupported Privileged EXEC Command C-2 Unsupported Global Configuration Command C-2
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
IGMP Snooping Commands C-2
Unsupported Global Configuration Commands C-2
Interface Commands C-2
Unsupported Privileged EXEC Commands C-2 Unsupported Global Configuration Commands C-3 Unsupported Interface Configuration Commands C-3
MAC Address Commands C-3
Unsupported Privileged EXEC Commands C-3 Unsupported Global Configuration Commands C-3
Miscellaneous C-4
Unsupported Privileged EXEC Commands C-4 Unsupported Global Configuration Commands C-4
Network Address Translation (NAT) Commands C-4
Unsupported Privileged EXEC Commands C-4
Contents
QoS C-4
Unsupported Global Configuration Command C-4 Unsupported Interface Configuration Commands C-4 Unsupported Policy-Map Configuration Command C-4
RADIUS C-5
Unsupported Global Configuration Commands C-5
SNMP C-5
Unsupported Global Configuration Commands C-5
Spanning Tree C-5
Unsupported Global Configuration Command C-5 Unsupported Interface Configuration Command C-5
VLAN C-5
Unsupported Global Configuration Command C-5 Unsupported vlan-config Command C-6 Unsupported User EXEC Commands C-6
VTP C-6
Unsupported Privileged EXEC Commands C-6
I
NDEX
OL-23389-01
Catalyst 2928 Switch Software Configuration Guide
xxvii
Contents
xxviii
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Audience
Purpose

Preface

This guide is for the networking professional managing the Catalyst 2928 switch, hereafter referred to as the switch. Before using this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of Ethernet and local area networking.
This guide provides the information that you need to configure Cisco IOS software features on your switch. The Catalyst 2928 software provides enterprise-class intelligent services.
This guide provides procedures for using the commands that have been created or changed for use with the Catalyst 2928 switch. It does not provide detailed information about these commands. For detailed information about these commands, see the Catalyst 2928 Switch Command Reference for this release. For information about the standard Cisco IOS Release 12.2 commands, see the Cisco IOS documentation set available from the Cisco.com home page at Technical Support & Documentation > Cisco IOS Software.
This guide does not provide detailed information on the graphical user interfaces (GUIs) for the embedded device manager that you can use to manage the switch. However, the concepts in this guide are applicable to the GUI user. For information about the device manager, see the switch online help. This guide does not describe system messages you might encounter or how to install your switch. For more information, see the Catalyst 2928 Switch System Message Guide for this release and the Catalyst 2928 Switch Hardware Installation Guide.
For documentation updates, see the release notes for this release.
Conventions
This publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
Commands and keywords are in boldface text.
Arguments for which you supply values are in italic.
OL-23389-01
Square brackets ([ ]) mean optional elements.
Catalyst 2928 Switch Software Configuration Guide
xxvii
Preface
Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
Interactive examples use these conventions:
Terminal sessions and system displays are in screen font.
Information you enter is in boldface screen font.
Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).
Notes, cautions, and timesavers use these conventions and symbols:
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Related Publications
These documents provide complete information about the switch and are available from this Cisco.com site:
http://www.cisco.com/web/CN/products/products_netsol/switches/products/ca2928/index.html
Release Notes for the Catalyst 2928 Switch
Note Before installing, configuring, or upgrading the switch, refer to the release notes on
Cisco.com for the latest information.
Catalyst 2928 Switch Software Configuration Guide
Catalyst 2928 Switch Command Reference
Catalyst 2928 Switch System Message Guide
Catalyst 2928 Switch Getting Started Guide
Catalyst 2928 Switch Hardware Installation Guide
Regulatory Compliance and Safety Information for the Catalyst 2928 Switch
Cisco Small Form-Factor Pluggable Modules Installation Notes
xxviii
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Loading...
+ 670 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use