Cisco Catalyst 2960, Catalyst 2960-S Software Configuration Manual

INDEX

abbreviating commands 2-3

AC (command switch) 6-9

access-class command 31-18

access control entries

See ACEs

access control entry (ACE)

access-denied response, VMPS 13-24

access groups

Layer 3

31-19

access groups, applying IPv4 ACLs to interfaces 31-19

accessing

clusters, switch

6-12

command switches 6-10

member switches 6-12

switch clusters 6-12

accessing stack members 7-22

access lists

See ACLs

access ports

in switch clusters

access ports, defined 12-3

accounting

with 802.1x

10-51

with IEEE 802.1x 10-16

with RADIUS 9-35

with TACACS+ 9-11, 9-17

ACEs

and QoS

33-8

defined 31-2

Ethernet 31-2

IP 31-2

37-3

6-8

ACLs

ACEs

31-2

any keyword 31-10

applying

time ranges to

31-15

to an interface 31-18, 37-7

to IPv6 interfaces 37-7

to QoS 33-8

classifying traffic for QoS 33-50

comments in 31-17

compiling 31-21

defined 31-1, 31-7

examples of 31-21, 33-50

extended IP, configuring for QoS classification 33-51

extended IPv4

creating

31-9

matching criteria 31-7

hardware and software handling 31-20

host keyword 31-11

creating

31-7

fragments and QoS guidelines 33-40

implicit deny 31-9, 31-13, 31-14

implicit masks 31-9

matching criteria 31-7

undefined 31-19

IPv4

applying to interfaces

31-18

creating 31-7

matching criteria 31-7

named 31-13

numbers 31-7

terminal lines, setting on 31-18

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-1

Index

unsupported features 31-6

IPv6

applying to interfaces

37-7

configuring 37-3, 37-4

displaying 37-8

interactions with other features 37-4

limitations 37-2, 37-3

matching criteria 37-3

named 37-2

precedence of 37-2

supported 37-2

unsupported features 37-3

MAC extended 31-23, 33-52

matching 31-7, 31-19, 37-3

monitoring 31-26, 37-8

named, IPv4 31-13

named, IPv6 37-2

names 37-4

number per QoS class map 33-40

port 31-2, 37-1

precedence of 31-2

QoS 33-8, 33-50

resequencing entries 31-13

router 31-2, 37-1

standard IP, configuring for QoS classification 33-50

standard IPv4

creating

31-8

matching criteria 31-7

support for 1-10

support in hardware 31-20

time ranges 31-15

types supported 31-2

unsupported features, IPv4 31-6

unsupported features, IPv6 37-3

active link 19-4, 19-5, 19-6

active links 19-2

active traffic monitoring, IP SLAs 32-1

address aliasing 21-2

addresses

displaying the MAC address table

5-24

dynamic

accelerated aging

16-9

changing the aging time 5-15

default aging 16-9

defined 5-13

learning 5-14

removing 5-16

IPv6 35-2

MAC, discovering 5-24

multicast, STP address management 16-9

static

adding and removing

5-20

defined 5-13

address resolution 5-24

Address Resolution Protocol

See ARP

See also HSRP

CNS

1-6

Configuration Engine

configID, deviceID, hostname

configuration service 4-2

described 4-1

event service 4-3

embedded agents

described

4-5

enabling automated configuration 4-6

enabling configuration agent 4-9

enabling event agent 4-7

management functions 1-6

CoA Request Commands 9-23

Coarse Wave Division Multiplexer

See CWDM SFPs

command-line interface

See CLI

command modes

2-1

commands

abbreviating

2-3

no and default 2-4

commands, setting privilege levels 9-8

command switch

accessing

6-10

active (AC) 6-9

configuration conflicts 39-12

defined 6-2

passive (PC) 6-9

password privilege levels 6-16

priority 6-9

recovery

from command-switch failure

4-3

6-9, 39-8

from lost member connectivity 39-12

redundant 6-9

replacing

with another switch

39-11

with cluster member 39-9

requirements 6-3

standby (SC) 6-9

See also candidate switch, cluster standby group, member switch, and standby command switch

community strings

configuring

6-13, 30-8

for cluster switches 30-4

in clusters 6-13

overview 30-4

SNMP 6-13

compatibility, feature 23-12

compatibility, software

See stacks, switch

config.text

3-18

configurable leave timer, IGMP 21-6

configuration, initial

defaults

1-16

Express Setup 1-1

configuration changes, logging 29-11

configuration conflicts, recovering from lost member connectivity

39-12

configuration examples, network 1-18

configuration files

archiving

A-20

clearing the startup configuration A-19

creating using a text editor A-10

default name 3-18

deleting a stored configuration A-19

described A-8

downloading

automatically

3-18

preparing A-11, A-13, A-16

reasons for A-8

using FTP A-13

IN-6

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

using RCP A-17

using TFTP A-11

guidelines for creating and using A-9

guidelines for replacing and rolling back A-21

invalid combinations when copying A-5

limiting TFTP server access 30-17

obtaining with DHCP 3-8

password recovery disable considerations 9-5

replacing a running configuration A-19, A-20

rolling back a running configuration A-19, A-21

specifying the filename 3-18

system contact and location information 30-17

types and location A-10

uploading

preparing

A-11, A-13, A-16

reasons for A-9

using FTP A-15

using RCP A-18

using TFTP A-12

configuration logger 29-11

configuration logging 2-4

configuration replacement A-19

configuration rollback A-19, A-20

configuration settings, saving 3-15

configure terminal command 12-17

configuring 802.1x user distribution 10-57

configuring port-based authentication violation modes

10-41

configuring small-frame arrival rate 23-5

conflicts, configuration 39-12

connections, secure remote 9-42

connectivity problems 39-14, 39-15, 39-17

consistency checks in VTP Version 2 14-5

console port, connecting to 2-10

control protocol, IP SLAs 32-4

corrupted software, recovery steps with Xmodem 39-2

CoS

in Layer 2 frames

33-2

override priority 15-6

trust priority 15-6

CoS input queue threshold map for QoS 33-16

CoS output queue threshold map for QoS 33-19

CoS-to-DSCP map for QoS 33-63

counters, clearing interface 12-41

CPU utilization, troubleshooting 39-28

crashinfo file 39-23

critical authentication, IEEE 802.1x 10-54

critical VLAN 10-24

critical voice VLAN

configuring

10-54

cross-stack EtherChannel

configuration guidelines

38-13

described 38-3

illustration 38-4

support for 1-8

cross-stack UplinkFast, STP

described

18-5

disabling 18-16

enabling 18-16

fast-convergence events 18-7

Fast Uplink Transition Protocol 18-6

normal-convergence events 18-7

support for 1-8

cryptographic software image

SSH

9-42

SSL 9-46

switch stack considerations 7-15

customjzeable web pages, web-based authentication 11-6

CWDM SFPs 1-24

DACL

See downloadable ACL

daylight saving time

debugging

enabling all system diagnostics

enabling for a specific feature 39-20

5-7

39-21

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-7

Index

redirecting error message output 39-21

using commands 39-20

default commands 2-4

default configuration

802.1x

10-35

auto-QoS 33-22

banners 5-11

CDP 25-2

DHCP 20-8

DHCP option 82 20-8

DHCP snooping 20-8

DHCP snooping binding database 20-8

DNS 5-10

dynamic ARP inspection 22-5

EtherChannel 38-11

Ethernet interfaces 12-24

Flex Links 19-8

IGMP filtering 21-25

IGMP snooping 21-7, 36-6

IGMP throttling 21-25

initial switch information 3-3

IP SLAs 32-5

IP source guard 20-15

IPv6 35-7

Layer 2 interfaces 12-24

LLDP 26-5

MAC address table 5-15

MAC address-table move update 19-8

MSTP 17-14

MVR 21-20

optional spanning-tree configuration 18-12

password and privilege level 9-2

RADIUS 9-27

RMON 28-3

RSPAN 27-10

SDM template 8-4

SNMP 30-7

SPAN 27-10

SSL 9-49

standard QoS 33-38

STP 16-13

switch stacks 7-17

system message logging 29-4

system name and prompt 5-9

TACACS+ 9-13

UDLD 24-4

VLAN, Layer 2 Ethernet interfaces 13-15

VLANs 13-7

VMPS 13-25

voice VLAN 15-3

VTP 14-9

default gateway 3-14

default web-based authentication configuration

802.1X

11-9

deleting VLANs 13-9

denial-of-service attack 23-1

description command 12-37

designing your network, examples 1-18

destination addresses

in IPv4 ACLs

31-10

in IPv6 ACLs 37-5

destination-IP address-based forwarding, EtherChannel

38-9

destination-MAC address forwarding, EtherChannel 38-9

detecting indirect link failures, STP 18-8

device A-24

device discovery protocol 25-1, 26-1

device manager

benefits

1-1

described 1-2, 1-5

in-band management 1-7

upgrading a switch A-24

DHCP

enabling

relay agent

20-9

DHCP-based autoconfiguration

client request message exchange

3-4

configuring

IN-8

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

client side 3-3

DNS 3-7

relay device 3-7

server side 3-6

TFTP server 3-7

example 3-9

lease options

for IP address information

3-6

for receiving the configuration file 3-6

overview 3-3

relationship to BOOTP 3-3

relay support 1-6

support for 1-6

DHCP-based autoconfiguration and image update

configuring

3-11 to 3-14

understanding 3-5

DHCP binding database

See DHCP snooping binding database

DHCP binding table

See DHCP snooping binding database

DHCP option 82

circuit ID suboption

20-5

configuration guidelines 20-8

default configuration 20-8

displaying 20-12

overview 20-3

packet format, suboption

circuit ID

20-5

remote ID 20-5

remote ID suboption 20-5

DHCP server port-based address allocation

configuration guidelines

20-21

default configuration 20-21

described 20-21

displaying 20-24

enabling 20-21

reserved addresses 20-22

DHCP server port-based address assignment

support for

1-6

DHCP snooping

accepting untrusted packets form edge switch

20-10

binding database

See DHCP snooping binding database

configuration guidelines

20-8

default configuration 20-8

displaying binding tables 20-12

message exchange process 20-4

option 82 data insertion 20-3

trusted interface 20-2

untrusted interface 20-2

untrusted messages 20-2

DHCP snooping binding database

adding bindings

20-11

binding entries, displaying 20-12

binding file

format

20-6

location 20-6

bindings 20-6

clearing agent statistics 20-12

configuration guidelines 20-9

configuring 20-11

default configuration 20-8

deleting

binding file

20-12

bindings 20-12

database agent 20-12

described 20-6

displaying 20-12

displaying status and statistics 20-12

enabling 20-11

entry 20-6

renewing database 20-12

resetting

delay value

20-12

timeout value 20-12

DHCP snooping binding table

See DHCP snooping binding database

20-3,

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-9

Index

Differentiated Services architecture, QoS 33-2

Differentiated Services Code Point 33-2

directed unicast requests 1-6

directories

changing

A-4

creating and removing A-4

displaying the working A-4

discovery, clusters

See automatic discovery

DNS

and DHCP-based autoconfiguration

3-7

default configuration 5-10

displaying the configuration 5-11

in IPv6 35-3

overview 5-9

setting up 5-10

support for 1-6

domain names

DNS

5-9

VTP 14-10

Domain Name System

See DNS

downloadable ACL

10-20, 10-22, 10-61

downloading

configuration files

preparing

A-11, A-13, A-16

reasons for A-8

using FTP A-13

using RCP A-17

using TFTP A-11

image files

deleting old image

A-28

preparing A-26, A-30, A-34

reasons for A-24

using CMS 1-2

using FTP A-31

using HTTP 1-2, A-24

using RCP A-35

using TFTP A-27

using the device manager or Network Assistant

A-24

DRP

support for

1-15

DSCP 1-13, 33-2

DSCP input queue threshold map for QoS 33-16

DSCP output queue threshold map for QoS 33-19

DSCP-to-CoS map for QoS 33-66

DSCP-to-DSCP-mutation map for QoS 33-67

DSCP transparency 33-46

DTP 1-9, 13-14

dual-action detection 38-6

dual IPv4 and IPv6 templates 35-5

dual protocol stacks

IPv4 and IPv6

35-5

SDM templates supporting 35-5

dual-purpose uplinks

defined

12-4

LEDs 12-5

link selection 12-4, 12-25

setting the type 12-25

dynamic access ports

characteristics

13-4

configuring 13-26

defined 12-3

dynamic addresses

See addresses

dynamic ARP inspection

ARP cache poisoning

22-1

ARP requests, described 22-1

ARP spoofing attack 22-1

clearing

log buffer

22-16

statistics 22-16

configuration guidelines 22-6

configuring

ACLs for non-DHCP environments

22-9

in DHCP environments 22-7

log buffer 22-13

IN-10

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

rate limit for incoming ARP packets 22-4, 22-11

default configuration 22-5

denial-of-service attacks, preventing 22-11

described 22-1

DHCP snooping binding database 22-2

displaying

ARP ACLs

22-15

configuration and operating state 22-15

log buffer 22-16

statistics 22-16

trust state and rate limit 22-15

error-disabled state for exceeding rate limit 22-4

function of 22-2

interface trust states 22-3

log buffer

clearing

22-16

configuring 22-13

displaying 22-16

logging of dropped packets, described 22-5

man-in-the middle attack, described 22-2

network security issues and interface trust states 22-3

priority of ARP ACLs and DHCP snooping entries

22-4

rate limiting of ARP packets

configuring

22-11

described 22-4

error-disabled state 22-4

statistics

clearing

22-16

displaying 22-16

validation checks, performing 22-12

dynamic auto trunking mode 13-14

dynamic desirable trunking mode 13-14

Dynamic Host Configuration Protocol

See DHCP-based autoconfiguration

dynamic port VLAN membership

described

13-24

reconfirming 13-27

troubleshooting 13-29

types of connections 13-26

Dynamic Trunking Protocol

See DTP

editing features

enabling and disabling

keystrokes used 2-7

wrapped lines 2-8

elections

See stack master

ELIN location

26-3

enable password 9-3

enable secret password 9-3

encryption, CipherSuite 9-48

encryption for passwords 9-3

environment variables, function of 3-22

error-disabled state, BPDU 18-2

error messages during command entry 2-4

EtherChannel

automatic creation of

channel groups

binding physical and logical interfaces

numbering of 38-4

configuration guidelines 38-12

configuring Layer 2 interfaces 38-13

default configuration 38-11

described 38-2

displaying status 38-21

forwarding methods 38-8, 38-16

IEEE 802.3ad, described 38-7

interaction

with STP

38-12

with VLANs 38-12

LACP

described

38-7

displaying status 38-21

hot-standby ports 38-18

2-6

38-5, 38-7

38-4

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-11

Index

interaction with other features 38-8

modes 38-7

port priority 38-19

system priority 38-19

load balancing 38-8, 38-16

PAgP

aggregate-port learners

compatibility with Catalyst 1900 38-17

described 38-5

displaying status 38-21

interaction with other features 38-7

interaction with virtual switches 38-6

learn method and priority configuration 38-16

modes 38-6

support for 1-4

with dual-action detection 38-6

port-channel interfaces

described

38-4

numbering of 38-4

port groups 12-4

stack changes, effects of 38-10

support for 1-4

EtherChannel guard

described

18-10

disabling 18-17

enabling 18-17

Ethernet management port

active link

12-22

and routing 12-22

and TFTP 12-23

configuring 12-23

default setting 12-22

described 12-21

for network management 12-21

specifying 12-23

supported features 12-22

unsupported features 12-23

Ethernet management port, internal

and routing

12-22

38-16

unsupported features 12-23

Ethernet VLANs

adding

13-8

defaults and ranges 13-8

modifying 13-8

EUI 35-3

events, RMON 28-4

examples

network configuration

1-18

expedite queue for QoS 33-80

Express Setup 1-1

See also IP information

ip igmp profile command

21-25

IP information

assigned

manually

3-14

through DHCP-based autoconfiguration 3-3

default configuration 3-3

IP phones

and QoS

15-1

automatic classification and queueing 33-21

configuring 15-4

ensuring port security with QoS 33-45

trusted boundary for QoS 33-45

IP Port Security for Static Hosts

on a Layer 2 access port

20-17

IP precedence 33-2

IP-precedence-to-DSCP map for QoS 33-64

IP protocols in ACLs 31-10

IP routing

disabling

34-4

enabling 34-4

IP Service Level Agreements

See IP SLAs

IP service levels, analyzing

32-1

IP SLAs

benefits

32-2

configuration guidelines 32-5

Control Protocol 32-4

default configuration 32-5

definition 32-1

measuring network performance 32-3

monitoring 32-6

operation 32-3

responder

described

32-4

enabling 32-6

response time 32-4

SNMP support 32-2

supported metrics 32-2

IN-16

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

IP source guard

and 802.1x

20-15

and DHCP snooping 20-13

and EtherChannels 20-15

and port security 20-15

and private VLANs 20-15

and routed ports 20-15

and TCAM entries 20-15

and trunk interfaces 20-15

and VRF 20-15

binding configuration

automatic

20-13

manual 20-13

binding table 20-13

configuration guidelines 20-15

default configuration 20-15

described 20-13

disabling 20-16

displaying

active IP or MAC bindings

bindings 20-20

configuration 20-20

enabling 20-16, 20-17

filtering

source IP address

20-13

source IP and MAC address 20-13

on provisioned switches 20-15

source IP address filtering 20-13

source IP and MAC address filtering 20-13

static bindings

adding

20-16, 20-17

deleting 20-16

static hosts 20-17

IP traceroute

executing

39-18

overview 39-17

IP unicast routing

assigning IP addresses to Layer 3 interfaces

configuring static routes 34-5

20-20

34-4

disabling 34-4

enabling 34-4

inter-VLAN 34-1

IP addressing

classes

34-4

configuring 34-4

steps to configure 34-3

subnet mask 34-4

with SVIs 34-3

IPv4 ACLs

applying to interfaces

extended, creating 31-9

named 31-13

standard, creating 31-8

IPv4 and IPv6

dual protocol stacks

IPv6

ACLs

displaying

37-8

limitations 37-2

matching criteria 37-3

port 37-1

precedence 37-2

router 37-1

supported 37-2

addresses 35-2

address formats 35-2

and switch stacks 35-6

applications 35-4

assigning address 35-7

autoconfiguration 35-4

configuring static routes 35-10

default configuration 35-7

defined 35-1

forwarding 35-7

ICMP 35-3

monitoring 35-11

neighbor discovery 35-4

SDM templates 36-1, 37-1

31-18

35-4

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-17

Index

stack master functions 35-6

Stateless Autoconfiguration 35-4

supported features 35-2

IPv6 traffic, filtering 37-3

join messages, IGMP 21-3

LACP

See EtherChannel

Layer 2 frames, classification with CoS

Layer 2 interfaces, default configuration 12-24

Layer 2 traceroute

and ARP

39-16

and CDP 39-16

broadcast traffic 39-16

described 39-16

IP addresses and subnets 39-16

MAC addresses and VLANs 39-16

multicast traffic 39-16

multiple devices on a port 39-17

unicast traffic 39-16

usage guidelines 39-16

Layer 3 features 1-15

Layer 3 interfaces

assigning IP addresses to

34-4

assigning IPv6 addresses to 35-7

changing from Layer 2 mode 34-4

Layer 3 packets, classification methods 33-2

LDAP 4-2

Leaking IGMP Reports 19-4

LEDs, switch

See hardware installation guide

lightweight directory access protocol

See LDAP

33-2

line configuration mode

2-2

Link Aggregation Control Protocol

See EtherChannel

link failure, detecting unidirectional

17-8

Link Layer Discovery Protocol

See CDP

link local unicast addresses

35-3

link redundancy

See Flex Links

links, unidirectional

24-1

link-state tracking

configuring

38-23

described 38-21

LLDP

configuring

26-5

characteristics 26-6

default configuration 26-5

enabling 26-6

monitoring and maintaining 26-11

overview 26-1

supported TLVs 26-2

switch stack considerations 26-2

transmission timer and holdtime, setting 26-6

LLDP-MED

configuring

procedures

26-5

TLVs 26-7

monitoring and maintaining 26-11

overview 26-1, 26-2

supported TLVs 26-2

LLDP Media Endpoint Discovery

See LLDP-MED

local SPAN

27-2

location TLV 26-3, 26-7

with RADIUS

9-30

with TACACS+ 9-14

log messages

IN-18

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

See system message logging

Long-Reach Ethernet (LRE) technology

1-20

loop guard

described

18-11

enabling 18-18

support for 1-9

LRE profiles, considerations in switch clusters 6-15

MAB

See MAC authentication bypass

MAB inactivity timer

default setting

range 10-38

MAC/PHY configuration status TLV 26-2

MAC addresses

aging time

and VLAN association 5-14

building the address table 5-14

default configuration 5-15

disabling learning on a VLAN 5-23

discovering 5-24

displaying 5-24

displaying in the IP source binding table 20-20

dynamic

learning

removing 5-16

in ACLs 31-23

static

adding

allowing 5-22, 5-23

characteristics of 5-20

dropping 5-22

removing 5-21

MAC address learning 1-6

MAC address learning, disabling on a VLAN 5-23

MAC address notification, support for 1-15

MAC address-table move update

10-36

5-15

5-14

5-21

configuration guidelines

19-8

configuring 19-12

default configuration 19-8

description 19-6

monitoring 19-14

MAC address-to-VLAN mapping 13-23

MAC authentication bypass 10-38

configuring 10-57

overview 10-17

MAC extended access lists

applying to Layer 2 interfaces

31-24

configuring for QoS 33-52

creating 31-23

defined 31-23

for QoS classification 33-5

magic packet 10-27

manageability features 1-6

management access

in-band

browser session

1-7

CLI session 1-7

device manager 1-7

SNMP 1-7

out-of-band console port connection 1-7

management address TLV 26-2

management options

CLI

2-1

clustering 1-3

CNS 4-1

Network Assistant 1-2

overview 1-5

management VLAN

considerations in switch clusters

6-7

discovery through different management VLANs 6-7

mapping tables for QoS

configuring

CoS-to-DSCP

33-63

DSCP 33-63

DSCP-to-CoS 33-66

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-19

Index

DSCP-to-DSCP-mutation 33-67

IP-precedence-to-DSCP 33-64

policed-DSCP 33-65

described 33-11

marking

action with aggregate policers

33-60

described 33-4, 33-9

matching

IPv6 ACLs

37-3

matching, IPv4 ACLs 31-7

maximum aging time

MSTP

17-25

STP 16-23

maximum hop count, MSTP 17-25

maximum number of allowed devices, port-based authentication

10-38

MDA

configuration guidelines

10-13

described 1-11, 10-12

exceptions with authentication process 10-5

membership mode, VLAN port 13-3

member switch

automatic discovery

6-5

defined 6-2

managing 6-15

passwords 6-12

recovering from lost connectivity 39-12

requirements 6-4

See also candidate switch, cluster standby group, and standby command switch

memory consistency check errors

example

39-27

memory consistency check routines 1-5, 39-26

memory consistency integrity 1-5, 39-26

messages, to users through banners 5-11

MIBs

overview

30-1

SNMP interaction with 30-5

mirroring traffic for analysis 27-1

mismatches, autonegotiation 39-12

module number 12-16

monitoring

access groups

31-26

cables for unidirectional links 24-1

CDP 25-5

features 1-15

Flex Links 19-14

IGMP

filters

21-29

snooping 21-16, 36-11

interfaces 12-40

IP SLAs operations 32-6

IPv4 ACL configuration 31-26

IPv6 35-11

IPv6 ACL configuration 37-8

MAC address-table move update 19-14

multicast router interfaces 21-17, 36-12

MVR 21-23

network traffic for analysis with probe 27-2

port

blocking

23-20

protection 23-20

SFP status 12-40, 39-14

speed and duplex mode 12-28

traffic flowing among switches 28-1

traffic suppression 23-20

VLANs 13-13

VMPS 13-28

VTP 14-18

mrouter Port 19-3

mrouter port 19-5

MSTP

boundary ports

configuration guidelines

17-15

described 17-6

BPDU filtering

described

18-3

enabling 18-14

BPDU guard

IN-20

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

described 18-2

enabling 18-13

CIST, described 17-3

CIST regional root 17-3

CIST root 17-5

configuration guidelines 17-15, 18-12

configuring

forward-delay time

17-24

hello time 17-24

link type for rapid convergence 17-25

maximum aging time 17-25

maximum hop count 17-25

MST region 17-16

neighbor type 17-26

path cost 17-22

port priority 17-20

root switch 17-18

secondary root switch 17-19

switch priority 17-23

CST

defined

17-3

operations between regions 17-4

default configuration 17-14

default optional feature configuration 18-12

displaying status 17-27

enabling the mode 17-16

EtherChannel guard

described

18-10

enabling 18-17

extended system ID

effects on root switch

17-18

effects on secondary root switch 17-19

unexpected behavior 17-18

IEEE 802.1s

implementation

17-6

port role naming change 17-7

terminology 17-5

instances supported 16-10

interface state, blocking to forwarding 18-2

interoperability and compatibility among modes

16-11

interoperability with IEEE 802.1D

described

17-9

restarting migration process 17-27

IST

defined

17-3

master 17-3

operations within a region 17-3

loop guard

described

18-11

enabling 18-18

mapping VLANs to MST instance 17-16

MST region

CIST

17-3

configuring 17-16

described 17-2

hop-count mechanism 17-5

IST 17-3

supported spanning-tree instances 17-2

optional features supported 1-8

overview 17-2

Port Fast

described

18-2

enabling 18-12

preventing root switch selection 18-10

root guard

described

18-10

enabling 18-18

root switch

configuring

17-18

effects of extended system ID 17-18

unexpected behavior 17-18

shutdown Port Fast-enabled port 18-2

stack changes, effects of 17-8

status, displaying 17-27

multiauth

support for inaccessible authentication bypass

multiauth mode

10-25

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-21

Index

See multiple-authentication mode

multicast groups

Immediate Leave

21-5

joining 21-3

leaving 21-5

static joins 21-10, 36-8

multicast router interfaces, monitoring 21-17, 36-12

multicast router ports, adding 21-9, 36-8

multicast storm 23-1

multicast storm-control command 23-4

multicast television application 21-18

multicast VLAN 21-17

Multicast VLAN Registration

See MVR

multidomain authentication

See MDA

multiple authentication

10-14

multiple authentication mode

configuring

10-44

MVR

and address aliasing

21-20

and IGMPv3 21-21

configuration guidelines 21-20

configuring interfaces 21-22

default configuration 21-20

described 21-17

example application 21-18

modes 21-21

monitoring 21-23

multicast television application 21-18

setting global parameters 21-21

support for 1-4

NAC

critical authentication

IEEE 802.1x authentication using a RADIUS server

10-58

10-24, 10-54

IEEE 802.1x validation using RADIUS server 10-58

inaccessible authentication bypass 10-54

Layer 2 IEEE 802.1x validation 1-12, 10-30, 10-58

named IPv4 ACLs 31-13

NameSpace Mapper

See NSM

native VLAN

configuring

13-19

default 13-19

NEAT

configuring

10-59

overview 10-31

neighbor discovery, IPv6 35-4

Network Admission Control

See NAC

Network Assistant

benefits

1-1

described 1-5

downloading image files 1-2

guide mode 1-2

management options 1-2

managing switch stacks 7-2, 7-15

upgrading a switch A-24

wizards 1-2

network configuration examples

cost-effective wiring closet

1-20

increasing network performance 1-19

long-distance, high-bandwidth transport 1-24

providing network services 1-19

server aggregation and Linux server cluster 1-22

small to medium-sized network 1-23

network design

performance

1-19

services 1-19

Network Edge Access Topology

See NEAT

network management

CDP

25-1

RMON 28-1

IN-22

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

SNMP 30-1

network performance, measuring with IP SLAs 32-3

network policy TLV 26-2, 26-7

Network Time Protocol

See NTP

no commands

2-4

nonhierarchical policy maps

described

33-10

non-IP traffic filtering 31-23

nontrunking mode 13-14

normal-range VLANs 13-4

configuration guidelines 13-6

configuring 13-4

defined 13-1

NSM 4-3

NTP

associations

defined

5-3

overview 5-3

stratum 5-3

support for 1-6

time

services

5-3

synchronizing 5-3

OBFL

configuring

described 39-24

displaying 39-26

offline configuration for switch stacks 7-7

off mode, VTP 14-4

on-board failure logging

See OBFL

online diagnostics

overview

running tests 40-3

understanding 40-1

39-25

40-1

open1x

configuring

10-64

open1x authentication

overview

10-31

optimizing system resources 8-1

options, management 1-5

out-of-profile markdown 1-14

packet modification, with QoS 33-20

PAgP

See EtherChannel

passwords

default configuration

disabling recovery of 9-5

encrypting 9-3

for security 1-10

in clusters 6-13

overview 9-1

recovery of 39-3

setting

enable

9-3

enable secret 9-3

Telnet 9-6

with usernames 9-6

VTP domain 14-10

path cost

MSTP

17-22

STP 16-20

PC (passive command switch) 6-9

performance, network design 1-19

performance features 1-4

persistent self-signed certificate 9-47

per-user ACLs and Filter-Ids 10-8

per-VLAN spanning-tree plus

See PVST+

physical ports

12-2

PIM-DVMRP, as snooping method 21-8

9-2

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-23

Index

ping

character output description

39-15

executing 39-15

overview 39-14

PoE

auto mode

12-7

CDP with power consumption, described 12-5

CDP with power negotiation, described 12-5

Cisco intelligent power management 12-5

configuring 12-31

cutoff power

determining

12-8

cutoff-power

support for

12-8

devices supported 12-5

high-power devices operating in low-power mode

12-5

IEEE power classification levels 12-6

monitoring 12-8

monitoring power 12-34

policing power consumption 12-34

policing power usage 12-8

power budgeting 12-32

power consumption 12-9, 12-32

powered-device detection and initial power allocation

12-6

power management modes 12-7

power monitoring 12-8

power negotiation extensions to CDP 12-5

power sensing 12-8

standards supported 12-5

static mode 12-7

total available power 12-10

troubleshooting 39-13

PoE+ 1-15, 12-5, 12-6, 12-31

policed-DSCP map for QoS 33-65

policers

configuring

for each matched traffic class

33-55

for more than one traffic class 33-60

described 33-4

displaying 33-81

number of 33-41

types of 33-10

policing

described

33-4

token-bucket algorithm 33-10

policy maps for QoS

characteristics of

33-55

described 33-8

displaying 33-82

nonhierarchical on physical ports

described

33-10

port ACLs

defined

31-2

types of 31-3

Port Aggregation Protocol

See EtherChannel

port-based authentication

accounting

10-16

authentication server

defined

10-3, 11-2

RADIUS server 10-3

client, defined 10-3, 11-2

configuration guidelines 10-36, 11-9

configuring

802.1x authentication

guest VLAN 10-52

host mode 10-44

inaccessible authentication bypass 10-54

manual re-authentication of a client 10-47

periodic re-authentication 10-46

quiet period 10-47

RADIUS server 10-44, 11-13

RADIUS server parameters on the switch 10-43,

11-11

restricted VLAN 10-53

10-42

IN-24

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

switch-to-client frame-retransmission number

10-48, 10-49

switch-to-client retransmission time 10-47

violation modes 10-41

default configuration 10-35, 11-9

described 10-1

device roles 10-3, 11-2

displaying statistics 10-66, 11-17

downloadable ACLs and redirect URLs

configuring

10-61 to 10-63, ?? to 10-63

overview 10-20 to 10-22

EAPOL-start frame 10-5

EAP-request/identity frame 10-5

EAP-response/identity frame 10-5

enabling

802.1X authentication

11-11

encapsulation 10-3

flexible authentication ordering

configuring

10-64

overview 10-30

guest VLAN

configuration guidelines

10-23, 10-24

described 10-22

host mode 10-12

inaccessible authentication bypass

configuring

10-54

described 10-24

guidelines 10-37

initiation and message exchange 10-5

magic packet 10-27

maximum number of allowed devices per port 10-38

method lists 10-42

multiple authentication 10-14

per-user ACLs

configuration tasks

10-20

described 10-19

RADIUS server attributes 10-19

ports

authorization state and dot1x port-control command

10-11

authorized and unauthorized 10-10

voice VLAN 10-27

port security

described

10-27

readiness check

configuring

10-38

described 10-17, 10-38

resetting to default values 10-66

stack changes, effects of 10-11

statistics, displaying 10-66

switch

as proxy

10-3, 11-2

RADIUS client 10-3

switch supplicant

configuring

10-59

overview 10-31

user distribution

guidelines

10-29

overview 10-29

VLAN assignment

AAA authorization

10-42

characteristics 10-18

configuration tasks 10-18

described 10-17

voice aware 802.1x security

configuring

10-39

described 10-31, 10-39

voice VLAN

described

10-27

PVID 10-27

VVID 10-27

wake-on-LAN, described 10-27

with ACLs and RADIUS Filter-Id attribute 10-33

port-based authentication methods, supported 10-7

port blocking 1-4, 23-7

port-channel

See EtherChannel

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-25

Index

port description TLV 26-2

Port Fast

described

18-2

enabling 18-12

mode, spanning tree 13-25

support for 1-8

port membership modes, VLAN 13-3

port priority

MSTP

17-20

STP 16-18

ports

access

12-3

blocking 23-7

dual-purpose uplink 12-4

dynamic access 13-4

protected 23-6

secure 23-9

static-access 13-3, 13-10

switch 12-2

trunks 13-3, 13-14

VLAN assignments 13-10

port security

aging

23-17

and QoS trusted boundary 33-45

and stacking 23-18

configuring 23-12

default configuration 23-11

described 23-8

displaying 23-20

on trunk ports 23-14

sticky learning 23-9

violations 23-10

with other features 23-11

port-shutdown response, VMPS 13-24

port VLAN ID TLV 26-2

power management TLV 26-3, 26-7

Power over Ethernet

See PoE

preemption, default configuration

19-8

preemption delay, default configuration 19-8

preferential treatment of traffic

See QoS

preventing unauthorized access

9-1

primary links 19-2

priority

overriding CoS

15-6

trusting CoS 15-6

private VLAN edge ports

See protected ports

privileged EXEC mode

2-2

privilege levels

changing the default for lines

9-9

command switch 6-16

exiting 9-9

logging into 9-9

mapping on member switches 6-16

overview 9-2, 9-7

setting a command with 9-8

protected ports 1-10, 23-6

protocol storm protection 23-18

provisioned switches and IP source guard 20-15

provisioning new members for a switch stack 7-7

proxy reports 19-4

pruning, VTP

disabling

in VTP domain

14-16

on a port 13-19

enabling

in VTP domain

14-16

on a port 13-18

examples 14-7

overview 14-6

pruning-eligible list

changing

13-18

for VTP pruning 14-6

VLANs 14-16

PVST+

described

16-10

IN-26

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

IEEE 802.1Q trunking interoperability 16-11

instances supported 16-10

QoS

and MQC commands

auto-QoS

categorizing traffic

configuration and defaults display 33-37

configuration guidelines 33-34

described 33-21

disabling 33-36

displaying generated commands 33-36

displaying the initial configuration 33-37

effects on running configuration 33-34

list of generated commands 33-25, 33-29

basic model 33-4

classification

class maps, described

defined 33-4

DSCP transparency, described 33-46

flowchart 33-7

forwarding treatment 33-3

in frames and packets 33-3

IP ACLs, described 33-6, 33-8

MAC ACLs, described 33-5, 33-8

options for IP traffic 33-6

options for non-IP traffic 33-5

policy maps, described 33-8

trust DSCP, described 33-5

trusted CoS, described 33-5

trust IP precedence, described 33-5

class maps

configuring

displaying 33-81

configuration guidelines

auto-QoS

33-34

standard QoS 33-40

33-1

33-22

33-8

33-53

configuring

aggregate policers

33-60

auto-QoS 33-21

default port CoS value 33-44

DSCP maps 33-63

DSCP transparency 33-46

DSCP trust states bordering another domain

33-47

egress queue characteristics 33-74

ingress queue characteristics 33-69

IP extended ACLs 33-51

IP standard ACLs 33-50

MAC ACLs 33-52

port trust states within the domain 33-42

trusted boundary 33-45

default auto configuration 33-22

default standard configuration 33-38

displaying statistics 33-81

DSCP transparency 33-46

egress queues

allocating buffer space

33-74

buffer allocation scheme, described 33-18

configuring shaped weights for SRR 33-78

configuring shared weights for SRR 33-79

described 33-4

displaying the threshold map 33-77

flowchart 33-18

mapping DSCP or CoS values 33-76

scheduling, described 33-4

setting WTD thresholds 33-74

WTD, described 33-19

enabling globally 33-42

flowcharts

classification

33-7

egress queueing and scheduling 33-18

ingress queueing and scheduling 33-15

policing and marking 33-11

implicit deny 33-8

ingress queues

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-27

Index

allocating bandwidth 33-72

allocating buffer space 33-71

buffer and bandwidth allocation, described 33-16

configuring shared weights for SRR 33-72

configuring the priority queue 33-73

described 33-4

displaying the threshold map 33-70

flowchart 33-15

mapping DSCP or CoS values 33-69

priority queue, described 33-17

scheduling, described 33-4

setting WTD thresholds 33-69

WTD, described 33-16

IP phones

automatic classification and queueing

detection and trusted settings 33-21, 33-45

limiting bandwidth on egress interface 33-80

mapping tables

CoS-to-DSCP

33-63

displaying 33-81

DSCP-to-CoS 33-66

DSCP-to-DSCP-mutation 33-67

IP-precedence-to-DSCP 33-64

policed-DSCP 33-65

types of 33-11

marked-down actions 33-58

marking, described 33-4, 33-9

overview 33-2

packet modification 33-20

policers

configuring

33-58, 33-61

described 33-9

displaying 33-81

number of 33-41

types of 33-10

policies, attaching to an interface 33-9

policing

described

33-4, 33-9

token bucket algorithm 33-10

33-21

policy maps

characteristics of

33-55

displaying 33-82

nonhierarchical on physical ports 33-55

QoS label, defined 33-4

queues

configuring egress characteristics

configuring ingress characteristics 33-69

high priority (expedite) 33-20, 33-80

location of 33-12

SRR, described 33-14

WTD, described 33-13

rewrites 33-20

support for 1-13

trust states

bordering another domain

described 33-5

trusted device 33-45

within the domain 33-42

quality of service

See QoS

queries, IGMP

21-4

query solicitation, IGMP 21-13

RADIUS

attributes

vendor-proprietary

vendor-specific 9-37

configuring

accounting

9-35

authentication 9-30

authorization 9-34

communication, global 9-27, 9-36

communication, per-server 9-27

multiple UDP ports 9-27

default configuration 9-27

defining AAA server groups 9-32

9-38

33-74

33-47

IN-28

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

Index

displaying the configuration 9-41

identifying the server 9-27

in clusters 6-15

limiting the services to the user 9-34

method list, defined 9-26

operation of 9-19

overview 9-18

server load balancing 9-40

suggested network environments 9-18

support for 1-12

tracking services accessed by user 9-35

RADIUS Change of Authorization 9-20

range

macro

12-19

of interfaces 12-18

rapid convergence 17-10

rapid per-VLAN spanning-tree plus

See rapid PVST+

rapid PVST+

described

16-10

IEEE 802.1Q trunking interoperability 16-11

instances supported 16-10

Rapid Spanning Tree Protocol

See RSTP

rcommand command

6-15

RCP

configuration files

downloading

A-17

overview A-16

preparing the server A-16

uploading A-18

image files

deleting old image

A-37

downloading A-35

preparing the server A-34

uploading A-37

readiness check

port-based authentication

configuring

10-38

described 10-17, 10-38

reconfirmation interval, VMPS, changing 13-27

reconfirming dynamic VLAN membership 13-27

recovery procedures 39-1

redirect URL 10-20, 10-21, 10-61

redundancy

EtherChannel

38-3

STP

backbone

16-8

multidrop backbone 18-5

path cost 13-22

port priority 13-20

redundant links and UplinkFast 18-15

reloading software 3-22

Remote Authentication Dial-In User Service

See RADIUS

Remote Copy Protocol

See RCP

Remote Network Monitoring

See RMON

Remote SPAN

See RSPAN

remote SPAN

27-3

report suppression, IGMP

described

21-6

disabling 21-16, 36-11

resequencing ACL entries 31-13

reserved addresses in DHCP pools 20-22

resetting a UDLD-shutdown interface 24-6

responder, IP SLAs

described

32-4

enabling 32-6

response time, measuring with IP SLAs 32-4

restricted VLAN

configuring

10-53

described 10-23

using with IEEE 802.1x 10-23

restricting access

overview

9-1

OL-26520-01

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

IN-29

Index

passwords and privilege levels 9-2

RADIUS 9-17

TACACS+ 9-10

retry count, VMPS, changing 13-28

RFC

1112, IP multicast and IGMP

1157, SNMPv1 30-2

1166, IP addresses 34-4

1305, NTP 5-3

1757, RMON 28-2

1901, SNMPv2C 30-2

1902 to 1907, SNMPv2 30-2

2236, IP multicast and IGMP 21-2

2273-2275, SNMPv3 30-2

RFC 5176 Compliance 9-21

RMON

default configuration

28-3

displaying status 28-6

enabling alarms and events 28-3

groups supported 28-2

overview 28-1

statistics

collecting group Ethernet

collecting group history 28-5

support for 1-15

root guard

described

18-10

enabling 18-18

support for 1-9

root switch

MSTP

17-18

STP 16-16

router ACLs

defined

31-2

types of 31-4

RSPAN

and stack changes

27-10

characteristics 27-9

configuration guidelines 27-17

21-2

28-6

default configuration 27-10

defined 27-3

destination ports 27-8

displaying status 27-23

in a switch stack 27-2

interaction with other features 27-9

monitored ports 27-6

monitoring ports 27-8

overview 1-15, 27-1

received traffic 27-5

sessions

creating

27-18

defined 27-4

limiting source traffic to specific VLANs 27-22

specifying monitored ports 27-18

with ingress traffic enabled 27-21

source ports 27-6

transmitted traffic 27-6

VLAN-based 27-7

RSTP

active topology

17-10

BPDU

format

17-12

processing 17-13

designated port, defined 17-9

designated switch, defined 17-9

interoperability with IEEE 802.1D

described

17-9

restarting migration process 17-27

topology changes 17-13

overview 17-9

port roles

described

17-9

synchronized 17-11

proposal-agreement handshake process 17-10

rapid convergence

cross-stack rapid convergence

described 17-10

edge ports and Port Fast 17-10

17-11

IN-30

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

OL-26520-01

+ 950 hidden pages

Cisco Catalyst 2960, Catalyst 2960-S Software Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

INDEX