Catalyst 2950 and Catalyst 2955 Switch
Software Configuration Guide
Cisco IOS Release 12.1(22)EA5
July 2005
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7811380=
Text Part Number: 78-11380-12
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn,
and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet
Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise,
the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX,
Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0502R)
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
Copyright © 2001–2005 Cisco Systems, Inc. All rights reserved.
Preface xxvii
Audience xxvii
Purpose xxvii
Conventions xxviii
Related Publications xxix
Obtaining Documentation xxix
Cisco.com xxx
Product Documentation DVD xxx
Ordering Documentation xxx
Documentation Feedback xxxi
Cisco Product Security Overview xxxi
Reporting Security Problems in Cisco Products xxxi
CONTENTS
CHAPTER
Obtaining Technical Assistance xxxii
Cisco Technical Support & Documentation Website xxxii
Submitting a Service Request xxxiii
Definitions of Service Request Severity xxxiii
Obtaining Additional Publications and Information xxxiii
1 Overview 1-1
Features 1-1
Ease of Use and Ease of Deployment 1-2
Performance 1-3
Manageability 1-4
Redundancy 1-5
VLAN Support 1-6
Security 1-6
Quality of Service and Class of Service 1-7
Monitoring 1-8
LRE Features (available only on Catalyst 2950 LRE switches) 1-8
Management Options 1-9
Management Interface Options 1-9
Advantages of Using Network Assistant and Clustering Switches 1-10
78-11380-12
Network Configuration Examples 1-11
Design Concepts for Using the Switch 1-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
iii
Contents
Small to Medium-Sized Network Configuration 1-15
Collapsed Backbone and Switch Cluster Configuration 1-16
Hotel Network Configuration 1-17
Service-Provider Central-Office Configuration 1-20
Large Campus Configuration 1-21
Multidwelling Network Using Catalyst 2950 Switches 1-22
Long-Distance, High-Bandwidth Transport Configuration 1-24
Where to Go Next 1-24
CHAPTER
2 Using the Command-Line Interface 2-1
Cisco IOS Command Modes 2-1
Getting Help 2-3
Abbreviating Commands 2-4
Using no and default Forms of Commands 2-4
Understanding CLI Messages 2-5
Using Command History 2-5
Changing the Command History Buffer Size 2-5
Recalling Commands 2-6
Disabling the Command History Feature 2-6
Using Editing Features 2-6
Enabling and Disabling Editing Features 2-6
Editing Commands through Keystrokes 2-7
Editing Command Lines that Wrap 2-8
Searching and Filtering Output of show and more Commands 2-9
Accessing the CLI 2-9
CHAPTER
iv
3 Configuring Catalyst 2955 Switch Alarms 3-1
Understanding Catalyst 2955 Switch Alarms 3-1
Global Status Monitoring Alarms 3-2
FCS Error Hysteresis Threshold 3-2
Port Status Monitoring Alarms 3-3
Triggering Alarm Options 3-3
Configuring Catalyst 2955 Switch Alarms 3-4
Default Catalyst 2955 Switch Alarm Configuration 3-4
Configuring the Power Supply Alarm 3-5
Setting the Power Mode 3-5
Setting the Power Supply Alarm Options 3-5
Configuring the Switch Temperature Alarms 3-6
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Setting a Secondary Temperature Threshold for the Switch 3-6
Associating the Temperature Alarms to a Relay 3-7
Configuring the FCS Bit Error Rate Alarm 3-7
Setting the FCS Error Threshold 3-8
Setting the FCS Error Hysteresis Threshold 3-8
Configuring Alarm Profiles 3-9
Creating or Modifying an Alarm Profile 3-9
Attaching an Alarm Profile to a Specific Port 3-10
Enabling SNMP Traps 3-11
Displaying Catalyst 2955 Switch Alarms Status 3-11
Contents
CHAPTER
4 Assigning the Switch IP Address and Default Gateway 4-1
Understanding the Boot Process 4-1
Assigning Switch Information 4-2
Default Switch Information 4-3
Understanding DHCP-Based Autoconfiguration 4-3
DHCP Client Request Process 4-4
Configuring DHCP-Based Autoconfiguration 4-5
DHCP Server Configuration Guidelines 4-5
Configuring the TFTP Server 4-6
Configuring the DNS 4-6
Configuring the Relay Device 4-7
Obtaining Configuration Files 4-8
Example Configuration 4-9
Manually Assigning IP Information 4-10
Checking and Saving the Running Configuration 4-11
Modifying the Startup Configuration 4-11
Default Boot Configuration 4-12
Automatically Downloading a Configuration File 4-12
Specifying the Filename to Read and Write the System Configuration 4-12
Booting Manually 4-13
Booting a Specific Software Image 4-13
Controlling Environment Variables 4-14
78-11380-12
Scheduling a Reload of the Software Image 4-16
Configuring a Scheduled Reload 4-16
Displaying Scheduled Reload Information 4-17
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
v
Contents
CHAPTER
5 Configuring IE2100 CNS Agents 5-1
Understanding IE2100 Series Configuration Registrar Software 5-1
CNS Configuration Service 5-2
CNS Event Service 5-3
NameSpace Mapper 5-3
What You Should Know About ConfigID, DeviceID, and Host Name 5-3
ConfigID 5-3
DeviceID 5-4
Host Name and DeviceID 5-4
Using Host Name, DeviceID, and ConfigID 5-4
Understanding CNS Embedded Agents 5-5
Initial Configuration 5-5
Incremental (Partial) Configuration 5-6
Synchronized Configuration 5-6
Configuring CNS Embedded Agents 5-6
Enabling Automated CNS Configuration 5-6
Enabling the CNS Event Agent 5-8
Enabling the CNS Configuration Agent 5-9
Enabling an Initial Configuration 5-9
Enabling a Partial Configuration 5-12
CHAPTER
CHAPTER
Displaying CNS Configuration 5-12
6 Clustering Switches 6-1
Understanding Switch Clusters 6-1
Clustering Overview 6-1
Cluster Command Switch Characteristics 6-2
Standby Command Switch Characteristics 6-2
Candidate Switch and Member Switch Characteristics 6-3
Using the CLI to Manage Switch Clusters 6-4
Catalyst 1900 and Catalyst 2820 CLI Considerations 6-4
Using SNMP to Manage Switch Clusters 6-4
7 Administering the Switch 7-1
Managing the System Time and Date 7-1
Understanding the System Clock 7-1
Understanding Network Time Protocol 7-2
Configuring NTP 7-3
Default NTP Configuration 7-4
vi
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Configuring NTP Authentication 7-4
Configuring NTP Associations 7-5
Configuring NTP Broadcast Service 7-6
Configuring NTP Access Restrictions 7-8
Configuring the Source IP Address for NTP Packets 7-10
Displaying the NTP Configuration 7-11
Configuring Time and Date Manually 7-11
Setting the System Clock 7-11
Displaying the Time and Date Configuration 7-12
Configuring the Time Zone 7-12
Configuring Summer Time (Daylight Saving Time) 7-13
Configuring a System Name and Prompt 7-14
Default System Name and Prompt Configuration 7-15
Configuring a System Name 7-15
Understanding DNS 7-15
Default DNS Configuration 7-16
Setting Up DNS 7-16
Displaying the DNS Configuration 7-17
Contents
CHAPTER
Creating a Banner 7-17
Default Banner Configuration 7-17
Configuring a Message-of-the-Day Login Banner 7-18
Configuring a Login Banner 7-19
Managing the MAC Address Table 7-19
Building the Address Table 7-20
MAC Addresses and VLANs 7-20
Default MAC Address Table Configuration 7-21
Changing the Address Aging Time 7-21
Removing Dynamic Address Entries 7-21
Configuring MAC Address Notification Traps 7-22
Adding and Removing Static Address Entries 7-24
Configuring Unicast MAC Address Filtering 7-25
Displaying Address Table Entries 7-26
Managing the ARP Table 7-26
8 Configuring Switch-Based Authentication 8-1
Preventing Unauthorized Access to Your Switch 8-1
78-11380-12
Protecting Access to Privileged EXEC Commands 8-2
Default Password and Privilege Level Configuration 8-2
Setting or Changing a Static Enable Password 8-3
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
vii
Contents
Protecting Enable and Enable Secret Passwords with Encryption 8-4
Disabling Password Recovery 8-5
Setting a Telnet Password for a Terminal Line 8-6
Configuring Username and Password Pairs 8-7
Configuring Multiple Privilege Levels 8-8
Setting the Privilege Level for a Command 8-8
Changing the Default Privilege Level for Lines 8-9
Logging into and Exiting a Privilege Level 8-10
Controlling Switch Access with TACACS+ 8-10
Understanding TACACS+ 8-10
TACACS+ Operation 8-12
Configuring TACACS+ 8-12
Default TACACS+ Configuration 8-13
Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13
Configuring TACACS+ Login Authentication 8-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16
Starting TACACS+ Accounting 8-17
Displaying the TACACS+ Configuration 8-17
Controlling Switch Access with RADIUS 8-17
Understanding RADIUS 8-18
RADIUS Operation 8-19
Configuring RADIUS 8-20
Default RADIUS Configuration 8-20
Identifying the RADIUS Server Host 8-20
Configuring RADIUS Login Authentication 8-23
Defining AAA Server Groups 8-25
Configuring RADIUS Authorization for User Privileged Access and Network Services 8-27
Starting RADIUS Accounting 8-28
Configuring Settings for All RADIUS Servers 8-29
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-29
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-30
Displaying the RADIUS Configuration 8-31
Configuring the Switch for Local Authentication and Authorization 8-32
Configuring the Switch for Secure Shell 8-33
Understanding SSH 8-33
SSH Servers, Integrated Clients, and Supported Versions 8-33
Limitations 8-34
Configuring SSH 8-34
Configuration Guidelines 8-34
viii
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Cryptographic Software Image Guidelines 8-35
Setting Up the Switch to Run SSH 8-35
Configuring the SSH Server 8-36
Displaying the SSH Configuration and Status 8-37
Configuring the Switch for Secure Copy Protocol 8-37
Contents
CHAPTER
9 Configuring IEEE 802.1x Port-Based Authentication 9-1
Understanding IEEE 802.1x Port-Based Authentication 9-1
Device Roles 9-2
Authentication Initiation and Message Exchange 9-3
Ports in Authorized and Unauthorized States 9-4
IEEE 802.1x Accounting 9-5
IEEE 802.1x Accounting Attribute-Value Pairs 9-5
IEEE 802.1x Host Mode 9-6
Using IEEE 802.1x with Port Security 9-7
Using IEEE 802.1x with Voice VLAN Ports 9-8
Using IEEE 802.1x with VLAN Assignment 9-8
Using IEEE 802.1x with Guest VLAN 9-9
Using IEEE 802.1x with Wake-on-LAN 9-10
Unidirectional State 9-10
Bidirectional State 9-10
Configuring IEEE 802.1x Authentication 9-11
Default IEEE 802.1x Configuration 9-11
IEEE 802.1x Configuration Guidelines 9-12
Upgrading from a Previous Software Release 9-13
Enabling IEEE 802.1x Authentication 9-14
Configuring the Switch-to-RADIUS-Server Communication 9-15
Configuring IEEE 802.1x Authentication Using a RADIUS Server 9-16
Enabling Periodic Re-Authentication 9-17
Manually Re-Authenticating a Client Connected to a Port 9-18
Changing the Quiet Period 9-18
Changing the Switch-to-Client Retransmission Time 9-19
Setting the Switch-to-Client Frame-Retransmission Number 9-19
Configuring the Host Mode 9-20
Configuring a Guest VLAN 9-21
Resetting the IEEE 802.1x Configuration to the Default Values 9-22
Configuring IEEE 802.1x Authentication 9-23
Configuring IEEE 802.1x Accounting 9-24
78-11380-12
Displaying IEEE 802.1x Statistics and Status 9-25
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
ix
Contents
CHAPTER
10 Configuring Interface Characteristics 10-1
Understanding Interface Types 10-1
Access Ports 10-2
Trunk Ports 10-2
Port-Based VLANs 10-3
EtherChannel Port Groups 10-3
Connecting Interfaces 10-4
Using the Interface Command 10-4
Procedures for Configuring Interfaces 10-5
Configuring a Range of Interfaces 10-6
Configuring and Using Interface-Range Macros 10-7
Configuring Ethernet Interfaces 10-9
Default Ethernet Interface Configuration 10-9
Configuring Interface Speed and Duplex Mode 10-10
Configuration Guidelines 10-11
Setting the Interface Speed and Duplex Parameters on a Non-LRE Switch Port 10-12
Setting the Interface Speed and Duplex Parameters on an LRE Switch Port 10-13
Configuring Media Types for Gigabit Ethernet Interfaces on LRE Switches 10-13
Configuring IEEE 802.3z Flow Control on Gigabit Ethernet Ports 10-13
Adding a Description for an Interface 10-15
Configuring Loopback Detection 10-15
CHAPTER
Monitoring and Maintaining the Interfaces 10-16
Monitoring Interface and Controller Status 10-16
Clearing and Resetting Interfaces and Counters 10-17
Shutting Down and Restarting the Interface 10-17
11 Configuring Smartports Macros 11-1
Understanding Smartports Macros 11-1
Configuring Smartports Macros 11-2
Default Smartports Macro Configuration 11-2
Smartports Macro Configuration Guidelines 11-3
Creating Smartports Macros 11-4
Applying Smartports Macros 11-5
Applying Cisco-Default Smartports Macros 11-6
Displaying Smartports Macros 11-8
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
x
78-11380-12
Contents
CHAPTER
12 Configuring LRE 12-1
Understanding LRE Features 12-1
Ports on the Catalyst 2950 LRE Switches 12-1
LRE Links and LRE Profiles 12-2
LRE Profiles 12-2
LRE Sequences 12-5
CPE Ethernet Links 12-6
LRE Link Monitor 12-7
LRE Message Logging Process 12-8
Configuring LRE Ports 12-8
Default LRE Configuration 12-9
Environmental Guidelines for LRE Links 12-9
Guidelines for Using LRE Profiles 12-10
CPE Ethernet Link Guidelines 12-11
Guidelines for Configuring Cisco 575 LRE CPEs and 576 LRE 997 CPEs 12-11
Guidelines for Configuring Cisco 585 LRE CPEs 12-12
Assigning a Global Profile to All LRE Ports 12-12
Assigning a Profile to a Specific LRE Port 12-13
Assigning a Global Sequence to All LRE Ports 12-13
Assigning a Sequence to a Specific LRE Port 12-14
Using Rate Selection to Automatically Assign Profiles 12-14
Precedence 12-15
Profile Locking 12-15
Link Qualification and SNR Margins 12-16
Configuring LRE Link Persistence 12-19
Configuring LRE Link Monitor 12-20
Configuring LRE Interleave 12-20
Configuring Upstream Power Back-Off 12-21
Configuring CPE Toggle 12-22
Configuring Syslog Export 12-23
78-11380-12
Upgrading LRE Switch Firmware 12-24
Configuring for an LRE Upgrade 12-24
Performing an LRE Upgrade 12-25
Global Configuration of LRE Upgrades 12-25
Controller Configuration of LRE Upgrades 12-25
LRE Upgrade Details 12-26
LRE Upgrade Example 12-27
Displaying LRE Status 12-27
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xi
Contents
CHAPTER
13 Configuring STP 13-1
Understanding Spanning-Tree Features 13-1
STP Overview 13-2
Spanning-Tree Topology and BPDUs 13-2
Bridge ID, Switch Priority, and Extended System ID 13-3
Spanning-Tree Interface States 13-4
Blocking State 13-6
Listening State 13-6
Learning State 13-6
Forwarding State 13-6
Disabled State 13-7
How a Switch or Port Becomes the Root Switch or Root Port 13-7
Spanning Tree and Redundant Connectivity 13-8
Spanning-Tree Address Management 13-8
Accelerated Aging to Retain Connectivity 13-8
Spanning-Tree Modes and Protocols 13-9
Supported Spanning-Tree Instances 13-9
Spanning-Tree Interoperability and Backward Compatibility 13-10
STP and IEEE 802.1Q Trunks 13-10
Configuring Spanning-Tree Features 13-11
Default Spanning-Tree Configuration 13-11
Spanning-Tree Configuration Guidelines 13-12
Changing the Spanning-Tree Mode 13-13
Disabling Spanning Tree 13-14
Configuring the Root Switch 13-14
Configuring a Secondary Root Switch 13-16
Configuring the Port Priority 13-17
Configuring the Path Cost 13-18
Configuring the Switch Priority of a VLAN 13-20
Configuring Spanning-Tree Timers 13-20
Configuring the Hello Time 13-21
Configuring the Forwarding-Delay Time for a VLAN 13-22
Configuring the Maximum-Aging Time for a VLAN 13-22
Configuring Spanning Tree for Use in a Cascaded Stack 13-23
Displaying the Spanning-Tree Status 13-24
xii
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Contents
CHAPTER
14 Configuring MSTP 14-1
Understanding MSTP 14-2
Multiple Spanning-Tree Regions 14-2
IST, CIST, and CST 14-3
Operations Within an MST Region 14-3
Operations Between MST Regions 14-4
Hop Count 14-5
Boundary Ports 14-5
Interoperability with IEEE 802.1D STP 14-5
Understanding RSTP 14-6
Port Roles and the Active Topology 14-6
Rapid Convergence 14-7
Synchronization of Port Roles 14-8
Bridge Protocol Data Unit Format and Processing 14-9
Processing Superior BPDU Information 14-10
Processing Inferior BPDU Information 14-10
Topology Changes 14-10
Configuring MSTP Features 14-11
Default MSTP Configuration 14-12
MSTP Configuration Guidelines 14-12
Specifying the MST Region Configuration and Enabling MSTP 14-13
Configuring the Root Switch 14-14
Configuring a Secondary Root Switch 14-16
Configuring the Port Priority 14-17
Configuring the Path Cost 14-18
Configuring the Switch Priority 14-19
Configuring the Hello Time 14-19
Configuring the Forwarding-Delay Time 14-20
Configuring the Maximum-Aging Time 14-21
Configuring the Maximum-Hop Count 14-21
Specifying the Link Type to Ensure Rapid Transitions 14-22
Restarting the Protocol Migration Process 14-22
CHAPTER
78-11380-12
Displaying the MST Configuration and Status 14-23
15 Configuring Optional Spanning-Tree Features 15-1
Understanding Optional Spanning-Tree Features 15-1
Understanding Port Fast 15-2
Understanding BPDU Guard 15-2
Understanding BPDU Filtering 15-3
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xiii
Contents
Understanding UplinkFast 15-3
Understanding Cross-Stack UplinkFast 15-5
How CSUF Works 15-6
Events that Cause Fast Convergence 15-7
Limitations 15-8
Connecting the Stack Ports 15-8
Understanding BackboneFast 15-9
Understanding EtherChannel Guard 15-12
Understanding Root Guard 15-12
Understanding Loop Guard 15-13
Configuring Optional Spanning-Tree Features 15-13
Default Optional Spanning-Tree Configuration 15-14
Optional Spanning-Tree Configuration Guidelines 15-14
Enabling Port Fast 15-14
Enabling BPDU Guard 15-15
Enabling BPDU Filtering 15-16
Enabling UplinkFast for Use with Redundant Links 15-17
Enabling Cross-Stack UplinkFast 15-18
Enabling BackboneFast 15-19
Enabling EtherChannel Guard 15-20
Enabling Root Guard 15-21
Enabling Loop Guard 15-21
CHAPTER
Displaying the Spanning-Tree Status 15-22
16 Configuring VLANs 16-1
Understanding VLANs 16-1
Supported VLANs 16-2
VLAN Port Membership Modes 16-3
Configuring Normal-Range VLANs 16-4
Token Ring VLANs 16-5
Normal-Range VLAN Configuration Guidelines 16-5
VLAN Configuration Mode Options 16-6
VLAN Configuration in config-vlan Mode 16-6
VLAN Configuration in VLAN Configuration Mode 16-6
Saving VLAN Configuration 16-7
Default Ethernet VLAN Configuration 16-7
Creating or Modifying an Ethernet VLAN 16-8
Deleting a VLAN 16-10
Assigning Static-Access Ports to a VLAN 16-11
xiv
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Configuring Extended-Range VLANs 16-11
Default VLAN Configuration 16-12
Extended-Range VLAN Configuration Guidelines 16-12
Creating an Extended-Range VLAN 16-13
Displaying VLANs 16-14
Configuring VLAN Trunks 16-14
Trunking Overview 16-14
IEEE 802.1Q Configuration Considerations 16-16
Default Layer 2 Ethernet Interface VLAN Configuration 16-17
Configuring an Ethernet Interface as a Trunk Port 16-17
Interaction with Other Features 16-17
Configuring a Trunk Port 16-18
Defining the Allowed VLANs on a Trunk 16-19
Changing the Pruning-Eligible List 16-20
Configuring the Native VLAN for Untagged Traffic 16-20
Load Sharing Using STP 16-21
Load Sharing Using STP Port Priorities 16-21
Load Sharing Using STP Path Cost 16-23
Contents
CHAPTER
Configuring VMPS 16-24
Understanding VMPS 16-25
Dynamic Port VLAN Membership 16-25
VMPS Database Configuration File 16-26
Default VMPS Client Configuration 16-26
VMPS Configuration Guidelines 16-26
Configuring the VMPS Client 16-27
Entering the IP Address of the VMPS 16-27
Configuring Dynamic Access Ports on VMPS Clients 16-28
Reconfirming VLAN Memberships 16-28
Changing the Reconfirmation Interval 16-29
Changing the Retry Count 16-29
Monitoring the VMPS 16-30
Troubleshooting Dynamic Port VLAN Membership 16-30
VMPS Configuration Example 16-31
17 Configuring VTP 17-1
Understanding VTP 17-1
The VTP Domain 17-2
VTP Modes 17-3
VTP Advertisements 17-3
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xv
Contents
VTP Version 2 17-4
VTP Pruning 17-4
Configuring VTP 17-6
Default VTP Configuration 17-6
VTP Configuration Options 17-7
VTP Configuration in Global Configuration Mode 17-7
VTP Configuration in VLAN Configuration Mode 17-7
VTP Configuration Guidelines 17-8
Domain Names 17-8
Passwords 17-8
Upgrading from Previous Software Releases 17-8
VTP Version 17-9
Configuration Requirements 17-9
Configuring a VTP Server 17-9
Configuring a VTP Client 17-11
Disabling VTP (VTP Transparent Mode) 17-12
Enabling VTP Version 2 17-13
Enabling VTP Pruning 17-14
Adding a VTP Client Switch to a VTP Domain 17-15
CHAPTER
CHAPTER
Monitoring VTP 17-16
18 Configuring Voice VLAN 18-1
Understanding Voice VLAN 18-1
Configuring Voice VLAN 18-2
Default Voice VLAN Configuration 18-2
Voice VLAN Configuration Guidelines 18-3
Configuring a Port to Connect to a Cisco 7960 IP Phone 18-3
Configuring Ports to Carry Voice Traffic in IEEE 802.1Q Frames 18-4
Configuring Ports to Carry Voice Traffic in IEEE 802.1p Priority-Tagged Frames 18-4
Overriding the CoS Priority of Incoming Data Frames 18-5
Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames 18-6
Displaying Voice VLAN 18-6
19 Configuring DHCP Features 19-1
Understanding DHCP Features 19-1
DHCP Server 19-2
DHCP Relay Agent 19-2
DHCP Snooping 19-2
Option-82 Data Insertion 19-3
xvi
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Configuring DHCP Features 19-5
Default DHCP Configuration 19-6
DHCP Snooping Configuration Guidelines 19-6
Configuring the DHCP Server 19-7
Enabling DHCP Snooping and Option 82 19-7
Displaying DHCP Information 19-8
Contents
CHAPTER
20 Configuring IGMP Snooping and MVR 20-1
Understanding IGMP Snooping 20-2
IGMP Versions 20-2
Joining a Multicast Group 20-3
Leaving a Multicast Group 20-5
Immediate-Leave Processing 20-5
IGMP Configurable-Leave Timer 20-5
IGMP Leave Timer Guidelines 20-6
IGMP Report Suppression 20-6
IGMP Snooping Querier Configuration Guidelines and Restrictions 20-6
Source-Only Networks 20-7
Configuring IGMP Snooping 20-7
Default IGMP Snooping Configuration 20-8
Enabling or Disabling IGMP Snooping 20-8
Setting the Snooping Method 20-9
Configuring a Multicast Router Port 20-10
Configuring a Host Statically to Join a Group 20-10
Enabling IGMP Immediate-Leave Processing 20-11
Configuring the IGMP Leave Timer 20-12
Disabling IGMP Report Suppression 20-12
Disabling IP Multicast-Source-Only Learning 20-13
Configuring the Aging Time 20-14
Configuring the IGMP Snooping Querier 20-14
78-11380-12
Displaying IGMP Snooping Information 20-15
Understanding Multicast VLAN Registration 20-16
Using MVR in a Multicast Television Application 20-17
Configuring MVR 20-19
Default MVR Configuration 20-19
MVR Configuration Guidelines and Limitations 20-19
Configuring MVR Global Parameters 20-20
Configuring MVR Interfaces 20-21
Displaying MVR Information 20-22
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xvii
Contents
Configuring IGMP Filtering and Throttling 20-23
Default IGMP Filtering and Throttling Configuration 20-23
Configuring IGMP Profiles 20-24
Applying IGMP Profiles 20-25
Setting the Maximum Number of IGMP Groups 20-26
Configuring the IGMP Throttling Action 20-26
Displaying IGMP Filtering and Throttling Configuration 20-28
CHAPTER
21 Configuring Port-Based Traffic Control 21-1
Configuring Storm Control 21-1
Understanding Storm Control 21-1
Default Storm Control Configuration 21-2
Configuring Storm Control and Threshold Levels 21-2
Configuring Protected Ports 21-4
Configuring Port Blocking 21-5
Blocking Flooded Traffic on an Interface 21-5
Resuming Normal Forwarding on a Port 21-6
Configuring Port Security 21-6
Understanding Port Security 21-6
Secure MAC Addresses 21-6
Security Violations 21-7
Default Port Security Configuration 21-8
Port Security Configuration Guidelines 21-8
Enabling and Configuring Port Security 21-9
Enabling and Configuring Port Security Aging 21-11
Displaying Port-Based Traffic Control Settings 21-13
CHAPTER
xviii
22 Configuring UDLD 22-1
Understanding UDLD 22-1
Modes of Operation 22-1
Methods to Detect Unidirectional Links 22-2
Configuring UDLD 22-4
Default UDLD Configuration 22-4
Configuration Guidelines 22-4
Enabling UDLD Globally 22-5
Enabling UDLD on an Interface 22-6
Resetting an Interface Shut Down by UDLD 22-6
Displaying UDLD Status 22-7
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Contents
CHAPTER
CHAPTER
23 Configuring CDP 23-1
Understanding CDP 23-1
Configuring CDP 23-2
Default CDP Configuration 23-2
Configuring the CDP Characteristics 23-2
Disabling and Enabling CDP 23-3
Disabling and Enabling CDP on an Interface 23-4
Monitoring and Maintaining CDP 23-5
24 Configuring SPAN and RSPAN 24-1
Understanding SPAN and RSPAN 24-1
SPAN and RSPAN Concepts and Terminology 24-3
SPAN Session 24-3
Traffic Types 24-3
Source Port 24-4
Destination Port 24-4
Reflector Port 24-5
SPAN Traffic 24-5
SPAN and RSPAN Interaction with Other Features 24-6
SPAN and RSPAN Session Limits 24-7
Default SPAN and RSPAN Configuration 24-7
CHAPTER
Configuring SPAN 24-7
SPAN Configuration Guidelines 24-7
Creating a SPAN Session and Specifying Ports to Monitor 24-8
Creating a SPAN Session and Enabling Ingress Traffic 24-9
Removing Ports from a SPAN Session 24-11
Configuring RSPAN 24-12
RSPAN Configuration Guidelines 24-12
Configuring a VLAN as an RSPAN VLAN 24-13
Creating an RSPAN Source Session 24-14
Creating an RSPAN Destination Session 24-15
Removing Ports from an RSPAN Session 24-16
Displaying SPAN and RSPAN Status 24-17
25 Configuring RMON 25-1
Understanding RMON 25-1
Configuring RMON 25-2
Default RMON Configuration 25-3
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xix
Contents
Configuring RMON Alarms and Events 25-3
Configuring RMON Collection on an Interface 25-5
Displaying RMON Status 25-6
CHAPTER
CHAPTER
26 Configuring System Message Logging 26-1
Understanding System Message Logging 26-1
Configuring System Message Logging 26-2
System Log Message Format 26-2
Default System Message Logging Configuration 26-3
Disabling and Enabling Message Logging 26-4
Setting the Message Display Destination Device 26-4
Synchronizing Log Messages 26-6
Enabling and Disabling Timestamps on Log Messages 26-7
Enabling and Disabling Sequence Numbers in Log Messages 26-8
Defining the Message Severity Level 26-8
Limiting Syslog Messages Sent to the History Table and to SNMP 26-9
Configuring UNIX Syslog Servers 26-10
Logging Messages to a UNIX Syslog Daemon 26-11
Configuring the UNIX System Logging Facility 26-11
Displaying the Logging Configuration 26-12
27 Configuring SNMP 27-1
xx
Understanding SNMP 27-1
SNMP Versions 27-2
SNMP Manager Functions 27-3
SNMP Agent Functions 27-4
SNMP Community Strings 27-4
Using SNMP to Access MIB Variables 27-4
SNMP Notifications 27-5
Configuring SNMP 27-6
Default SNMP Configuration 27-6
SNMP Configuration Guidelines 27-6
Disabling the SNMP Agent 27-7
Configuring Community Strings 27-8
Configuring SNMP Groups and Users 27-9
Configuring SNMP Notifications 27-11
Setting the Agent Contact and Location Information 27-14
Limiting TFTP Servers Used Through SNMP 27-14
SNMP Examples 27-15
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Displaying SNMP Status 27-16
Contents
CHAPTER
28 Configuring Network Security with ACLs 28-1
Understanding ACLs 28-2
Handling Fragmented and Unfragmented Traffic 28-3
Understanding Access Control Parameters 28-4
Guidelines for Applying ACLs to Physical Interfaces 28-6
Configuring ACLs 28-6
Unsupported Features 28-7
Creating Standard and Extended IP ACLs 28-7
ACL Numbers 28-8
Creating a Numbered Standard ACL 28-8
Creating a Numbered Extended ACL 28-10
Creating Named Standard and Extended ACLs 28-13
Applying Time Ranges to ACLs 28-14
Including Comments About Entries in ACLs 28-16
Creating Named MAC Extended ACLs 28-17
Creating MAC Access Groups 28-18
Applying ACLs to Terminal Lines or Physical Interfaces 28-18
Applying ACLs to a Terminal Line 28-19
Applying ACLs to a Physical Interface 28-20
CHAPTER
Displaying ACL Information 28-20
Displaying ACLs 28-20
Displaying Access Groups 28-22
Examples for Compiling ACLs 28-23
Numbered ACL Examples 28-24
Extended ACL Examples 28-24
Named ACL Example 28-24
Commented IP ACL Entry Examples 28-25
29 Configuring QoS 29-1
Understanding QoS 29-2
Basic QoS Model 29-4
Classification 29-5
Classification Based on QoS ACLs 29-5
Classification Based on Class Maps and Policy Maps 29-6
Policing and Marking 29-7
Mapping Tables 29-8
Queueing and Scheduling 29-8
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xxi
Contents
How Class of Service Works 29-8
Port Priority 29-8
Port Scheduling 29-9
Egress CoS Queues 29-9
Configuring Auto-QoS 29-10
Generated Auto-QoS Configuration 29-10
Effects of Auto-QoS on the Configuration 29-12
Configuration Guidelines 29-13
Upgrading from a Previous Software Release 29-13
Enabling Auto-QoS for VoIP 29-14
Displaying Auto-QoS Information 29-15
Auto-QoS Configuration Example 29-15
Configuring Standard QoS 29-18
Default Standard QoS Configuration 29-18
Configuration Guidelines 29-19
Configuring Classification Using Port Trust States 29-20
Configuring the Trust State on Ports within the QoS Domain 29-20
Configuring the CoS Value for an Interface 29-22
Configuring Trusted Boundary 29-23
Enabling Pass-Through Mode 29-25
Configuring a QoS Policy 29-26
Classifying Traffic by Using ACLs 29-27
Classifying Traffic by Using Class Maps 29-30
Classifying, Policing, and Marking Traffic by Using Policy Maps 29-31
Configuring CoS Maps 29-34
Configuring the CoS-to-DSCP Map 29-35
Configuring the DSCP-to-CoS Map 29-36
Configuring the Egress Queues 29-37
Configuring CoS Priority Queues 29-37
Configuring WRR Priority 29-38
Enabling the Expedite Queue and Configuring WRR Priority 29-38
CHAPTER
xxii
Displaying Standard QoS Information 29-39
Standard QoS Configuration Examples 29-39
QoS Configuration for the Existing Wiring Closet 29-40
QoS Configuration for the Intelligent Wiring Closet 29-41
30 Configuring EtherChannels 30-1
Understanding EtherChannels 30-1
Understanding Port-Channel Interfaces 30-2
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Understanding the Port Aggregation Protocol and Link Aggregation Protocol 30-3
PAgP and LACP Modes 30-4
Physical Learners and Aggregate-Port Learners 30-5
PAgP and LACP Interaction with Other Features 30-6
Understanding Load Balancing and Forwarding Methods 30-6
Configuring EtherChannels 30-7
Default EtherChannel Configuration 30-8
EtherChannel Configuration Guidelines 30-8
Configuring Layer 2 EtherChannels 30-9
Configuring EtherChannel Load Balancing 30-11
Configuring the PAgP Learn Method and Priority 30-12
Configuring the LACP Port Priority 30-12
Configuring Hot Standby Ports 30-13
Configuring the LACP System Priority 30-13
Displaying EtherChannel, PAgP, and LACP Status 30-14
Contents
CHAPTER
31 Troubleshooting 31-1
Using Recovery Procedures 31-1
Recovering from a Software Failure 31-2
Recovering from Lost or Forgotten Passwords on Non-LRE Catalyst 2950 Switches 31-2
Recovering from Lost or Forgotten Passwords on Catalyst 2950 LRE Switches 31-4
Password Recovery with Password Recovery Enabled 31-5
Procedure with Password Recovery Disabled 31-6
Recovering from Lost or Forgotten Passwords on Catalyst 2955 Switches 31-8
Recovering from a Command Switch Failure 31-10
Replacing a Failed Command Switch with a Cluster Member 31-10
Replacing a Failed Command Switch with Another Switch 31-12
Recovering from Lost Member Connectivity 31-13
Preventing Autonegotiation Mismatches 31-14
GBIC and SFP Module Security and Identification 31-14
Diagnosing Connectivity Problems 31-14
Using Ping 31-15
Understanding Ping 31-15
Executing Ping 31-15
Using Layer 2 Traceroute 31-16
Understanding Layer 2 Traceroute 31-16
Usage Guidelines 31-16
Displaying the Physical Path 31-17
78-11380-12
Diagnosing LRE Connection Problems 31-18
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xxiii
Contents
Using Debug Commands 31-19
Enabling Debugging on a Specific Feature 31-20
Enabling All-System Diagnostics 31-20
Redirecting Debug and Error Message Output 31-20
Using the debug auto qos Command 31-21
Using the show controllers Commands 31-22
Using the crashinfo File 31-22
APPENDIX
APPENDIX
A Supported MIBs A-1
MIB List A-1
Using FTP to Access the MIB Files A-3
B Working with the Cisco IOS File System, Configuration Files, and Software Images B-1
Working with the Flash File System B-1
Displaying Available File Systems B-2
Setting the Default File System B-3
Displaying Information about Files on a File System B-3
Changing Directories and Displaying the Working Directory B-4
Creating and Removing Directories B-4
Copying Files B-5
Deleting Files B-5
Creating, Displaying, and Extracting tar Files B-6
Creating a tar File B-6
Displaying the Contents of a tar File B-7
Extracting a tar File B-7
Displaying the Contents of a File B-8
xxiv
Working with Configuration Files B-8
Guidelines for Creating and Using Configuration Files B-9
Configuration File Types and Location B-10
Creating a Configuration File By Using a Text Editor B-10
Copying Configuration Files By Using TFTP B-10
Preparing to Download or Upload a Configuration File By Using TFTP B-10
Downloading the Configuration File By Using TFTP B-11
Uploading the Configuration File By Using TFTP B-12
Copying Configuration Files By Using FTP B-12
Preparing to Download or Upload a Configuration File By Using FTP B-13
Downloading a Configuration File By Using FTP B-13
Uploading a Configuration File By Using FTP B-14
Copying Configuration Files By Using RCP B-15
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Preparing to Download or Upload a Configuration File By Using RCP B-16
Downloading a Configuration File By Using RCP B-17
Uploading a Configuration File By Using RCP B-18
Clearing Configuration Information B-19
Clearing the Startup Configuration File B-19
Deleting a Stored Configuration File B-19
Working with Software Images B-19
Image Location on the Switch B-20
tar File Format of Images on a Server or Cisco.com B-20
Copying Image Files By Using TFTP B-21
Preparing to Download or Upload an Image File By Using TFTP B-22
Downloading an Image File By Using TFTP B-22
Uploading an Image File By Using TFTP B-24
Copying Image Files By Using FTP B-24
Preparing to Download or Upload an Image File By Using FTP B-25
Downloading an Image File By Using FTP B-26
Uploading an Image File By Using FTP B-27
Copying Image Files By Using RCP B-28
Preparing to Download or Upload an Image File By Using RCP B-29
Downloading an Image File By Using RCP B-30
Uploading an Image File By Using RCP B-32
Contents
I
NDEX
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xxv
Contents
xxvi
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Audience
Purpose
Preface
This guide is for the networking professional managing the Catalyst 2950 and 2955 switches, hereafter
referred to as the switches. Before using this guide, you should have experience working with the Cisco
IOS and be familiar with the concepts and terminology of Ethernet and local area networking.
This guide provides the information you need to configure software features on your switch. The
Catalyst 2950 switch is supported by either the standard software image (SI) or the enhanced software image
(EI). The Catalyst 2955 and Catalyst 2950 Long-Reach Ethernet (LRE) switches are supported only by the EI.
The EI provides a richer set of features, including access control lists (ACLs), enhanced quality of service
(QoS) features, extended-range VLANs, Remote Switched Port Analyzer (RSPAN), and unicast MAC
address filtering. The cryptographic EI provides support for the Secure Shell Protocol (SSP). For a list of
switches that support the SI and the EI, see Tabl e 1-1 in Chapter 1, “Overview.”
The Catalyst 2955 switch also supports an additional set of features that are described in Chapter 3,
“Configuring Catalyst 2955 Switch Alarms.” The switch has facilities to process alarms related to the
temperature, power supply conditions, and status of the Ethernet ports.
Use this guide with other documents for information about these topics:
• Requirements—This guide assumes that you have met the hardware and software requirements and
cluster compatibility requirements described in the release notes.
• Start-up information—This guide assumes that you have assigned switch IP information and
passwords by using the browser setup program described in the switch hardware installation guide.
• Embedded device manager and Network Assistant graphical user interfaces (GUIs)—This guide
does not provide detailed information on the GUIs. However, the concepts in this guide are
applicable to the GUI user. For information about the device manager, see the switch online help.
For information about Network Assistant, see the Getting Started with Cisco Network Assistant,
available on Cisco.com.
• Cluster configuration—For information about planning for, creating, and maintaining switch
clusters, see the Getting Started with Cisco Network Assistant, available on Cisco.com. For
information about the clustering-related command-line interface (CLI) commands, see the
command reference for this release.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xxvii
Conventions
This guide provides procedures for using the commands that have been created or changed for use with
the switch. It does not provide detailed information about these commands. For detailed information
about these commands, see the command reference for this release.
This guide does not repeat the concepts and CLI procedures provided in the standard Cisco IOS
Release 12.1 documentation. For information about the standard Cisco IOS Release 12.1 commands, see
the Cisco IOS documentation set available from the Cisco.com home page at Service and Support >
Technical Documents. On the Cisco Product Documentation home page, select Release 12.1 from the Cisco
IOS Software drop-down list.
This guide does not describe system messages you might encounter or how to install your switch. For
this information, see the system message guide for this release and to the hardware installation guide.
For documentation updates, see the release notes for this release.
Conventions
Preface
• CLI command information—This guide provides an overview for using the CLI. For complete
syntax and usage information about the commands that have been specifically created or changed
for the switches, see the command reference for this release.
This publication uses these conventions to convey instructions and information:
Command descriptions use these conventions:
• Commands and keywords are in boldface text.
• Arguments for which you supply values are in italic.
• Square brackets ([ ]) mean optional elements.
• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements.
• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional
element.
Interactive examples use these conventions:
• Terminal sessions and system displays are in screen font.
• Information you enter is in boldface screen font.
• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >).
Notes, cautions, and timesavers use these conventions and symbols:
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in
this manual.
Caution Means reader be careful. In this situation, you might do something that could result equipment damage
or loss of data.
xxviii
Timesaver Means the following will help you solve a problem. The tips information might not be troubleshooting
or even an action, but could be useful information.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Preface
Related Publications
These documents provide complete information about the switch and are available from this Cisco.com
site:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/index.htm
You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and
from the telephone numbers listed in the “Obtaining Documentation” section on page Boilerplate 1.
• Release Notes for the Catalyst 2950 and Catalyst 2955 Switches (not orderable but available on
Cisco.com)
Note Switch requirements and procedures for initial configurations and software upgrades tend to change and
therefore appear only in the release notes. Before installing, configuring, or upgrading the switch, see
the release notes on Cisco.com for the latest information.
For information about the switch, see these documents:
• Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide (order number
DOC-7811380=)
Related Publications
• Catalyst 2950 and Catalyst 2955 Switch Command Reference (order number DOC-7811381=)
• Catalyst 2950 and Catalyst 2955 Switch System Message Guide (order number DOC-7814233=)
• Device manager online help (available on the switch)
• Catalyst 2950 Switch Hardware Installation Guide (not orderable but available on Cisco.com)
• Catalyst 2950 Switch Getting Started Guide (order number DOC-1786521=)
• Regulatory Compliance and Safety Information for the Catalyst 2950 Switch (order number
DOC-7816625=)
• Catalyst 2955 Switch Hardware Installation Guide (order number DOC-7814944=)
For information about related products, see these documents:
• Getting Started with Cisco Network Assistant (not orderable but available on Cisco.com)
• Release Notes for Cisco Network Assistant (not orderable but available on Cisco.com)
• Catalyst GigaStack Gigabit Interface Converter Hardware Installation Guide
(order number DOC-786460=)
• CWDM Passive Optical System Installation Note (not orderable but is available on Cisco.com)
• 1000BASE-T Gigabit Interface Converter Installation Notes (not orderable but is available on
Cisco.com)
• Cisco Small Form-Factor Pluggable Modules Installation Notes (order number DOC-7815160=)
• Cisco CWDM GBIC and CWDM SFP Installation Note (not orderable but available on Cisco.com)
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several
ways to obtain technical assistance and other technical resources. These sections explain how to obtain
technical information from Cisco Systems.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xxix
Obtaining Documentation
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
Cisco documentation and additional literature are available in the Product Documentation DVD package,
which may have shipped with your product. The Product Documentation DVD is updated regularly and
may be more current than printed documentation.
The Product Documentation DVD is a comprehensive library of technical product documentation on
portable media. The DVD enables you to access multiple versions of hardware and software installation,
configuration, and command guides for Cisco products and to view technical documentation in HTML.
With the DVD, you have access to the same documentation that is found on the Cisco website without
being connected to the Internet. Certain products also have .pdf versions of the documentation available.
Preface
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com
users (Cisco direct customers) can order a Product Documentation DVD (product number
DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.
Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
Cisco Marketplace:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Beginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product
Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Cisco will continue to support documentation orders using the Ordering tool:
• Registered Cisco.com users (Cisco direct customers) can order documentation from the
Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
• Instructions for ordering documentation using the Ordering tool are at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
• Nonregistered Cisco.com users can order documentation through a local account representative by
calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in
North America, by calling 1 800 553-NETS (6387).
xxx
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Preface
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by completing the online feedback
form that appears with the technical documents on Cisco.com.
You can send comments about Cisco documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
Documentation Feedback
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
• Report security vulnerabilities in Cisco products.
• Obtain assistance with security incidents that involve Cisco products.
• Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is available at this URL:
http://www.cisco.com/go/psirt
If you prefer to see advisories and notices as they are updated in real time, you can access a Product
Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them,
and we strive to correct all vulnerabilities quickly. If you think that you might have identified a
vulnerability in a Cisco product, contact PSIRT:
• Emergencies— security-alert@cisco.com
An emergency is either a condition in which a system is under active attack or a condition for which
a severe and urgent security vulnerability should be reported. All other conditions are considered
nonemergencies.
• Nonemergencies— psirt@cisco.com
78-11380-12
In an emergency, you can also reach PSIRT by telephone:
• 1 877 228-7302
• 1 408 525-6532
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xxxi
Obtaining Technical Assistance
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive
information that you send to Cisco. PSIRT can work from encrypted information that is compatible with
PGP versions 2.x through 8.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence
with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page
at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.htm
The link on this page has the current PGP key ID in use.
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco
Technical Support & Documentation website on Cisco.com features extensive online support resources.
In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC)
engineers provide telephone support. If you do not have a valid Cisco service contract, contact your
reseller.
Preface
Cisco Technical Support & Documentation Website
The Cisco Technical Support & Documentation website provides online documents and tools for
troubleshooting and resolving technical issues with Cisco products and technologies. The website is
available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user
ID and password. If you have a valid service contract but do not have a user ID or password, you can
register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting
a web or phone request for service. You can access the CPI tool from the Cisco Technical Support &
Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose
Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco
Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by
product ID or model name; by tree view; or for certain products, by copying and pasting show command
output. Search results show an illustration of your product with the serial number label location
highlighted. Locate the serial number label on your product and record the information before placing a
service call.
xxxii
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Preface
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3
and S4 service requests are those in which your network is minimally impaired or for which you require
product information.) After you describe your situation, the TAC Service Request Tool provides
recommended solutions. If your issue is not resolved using the recommended resources, your service
request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone.
(S1 or S2 service requests are those in which your production network is down or severely degraded.)
Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business
operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Obtaining Additional Publications and Information
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity
definitions.
Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You
and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your
business operation are negatively affected by inadequate performance of Cisco products. You and Cisco
will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations
remain functional. You and Cisco will commit resources during normal business hours to restore service
to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or
configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.
• Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo
merchandise. Visit Cisco Marketplace, the company store, at this URL:
78-11380-12
http://www.cisco.com/go/marketplace/
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
xxxiii
Obtaining Additional Publications and Information
• Cisco Press publishes a wide range of general networking, training and certification titles. Both new
and experienced users will benefit from these publications. For current Cisco Press titles and other
information, go to Cisco Press at this URL:
http://www.ciscopress.com
• Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and
networking investments. Each quarter, Packet delivers coverage of the latest industry trends,
technology breakthroughs, and Cisco products and solutions, as well as network deployment and
troubleshooting tips, configuration examples, customer case studies, certification and training
information, and links to scores of in-depth online resources. You can access Packet magazine at
this URL:
http://www.cisco.com/packet
• iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies
learn how they can use technology to increase revenue, streamline their business, and expand
services. The publication identifies the challenges facing these companies and the technologies to
help solve them, using real-world case studies and business strategies to help readers make sound
technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
Preface
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering
professionals involved in designing, developing, and operating public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
• Networking products offered by Cisco Systems, as well as customer support services, can be
obtained at this URL:
http://www.cisco.com/en/US/products/index.html
• Networking Professionals Connection is an interactive website for networking professionals to share
questions, suggestions, and information about networking products and technologies with Cisco
experts and other networking professionals. Join a discussion at this URL:
http://www.cisco.com/discuss/networking
• World-class networking training is available from Cisco. You can view current offerings at
this URL:
http://www.cisco.com/en/US/learning/index.html
xxxiv
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Note In this document, IP refers to IP version 4 (IPv4). Layer 3 IP version 6 (IPv6) packets are treated as
Features
CHAPTER
Overview
This chapter provides these topics about the Catalyst 2950 and Catalyst 2955 switch software:
• Features, page 1-1
• Management Options, page 1-9
• Network Configuration Examples, page 1-11
• Where to Go Next, page 1-24
non-IP packets.
1
The switch software supports the switches listed in Table 1-1 and in the release notes.
Table 1-1 Switches Supported
Switch Software Image
Catalyst 2950-12 SI
Catalyst 2950-24 SI
Catalyst 2950C-24 EI
Catalyst 2950G-12-EI EI
Catalyst 2950G-24-EI EI
Catalyst 2950G-24-EI-DC EI
Catalyst 2950G-48-EI EI
Catalyst 2950ST-8 LRE EI
Catalyst 2950ST-24 LRE EI
Catalyst 2950ST-24 LRE 997 EI
Catalyst 2950SX-24 SI
Catalyst 2950SX-48-SI SI
Catalyst 2950T-24 EI
1
2
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-1
Features
Chapter 1 Overview
Table 1-1 Switches Supported (continued)
Switch Software Image
Catalyst 2950T-48-SI SI
Catalyst 2955C-12 EI
Catalyst 2955S-12 EI
Catalyst 2955T-12 EI
1. SI = standard software image
2. EI = enhanced software image
Certain Cisco Long-Reach Ethernet (LRE) customer premises equipment (CPE) devices are not
supported by certain Catalyst 2950 LRE switches. In Ta ble 1-2, Yes means that the CPE is supported by
the switch; No means that the CPE is not supported by the switch.
Table 1-2 LRE Switch and CPE Compatibility Matrix
Catalyst 2950ST-8 LRE
LRE Devices
Cisco 575 LRE
switch
Yes Yes No
CPE
Cisco 576 LRE 997
No No Yes
CPE
Cisco 585 LRE
Yes Yes No
CPE
This section describes the features supported in this release:
Note Some features require that you have the EI installed on your switch. For a list of the switches that support
the EI, see Tab le 1-1, or see the release notes for this release.
Ease of Use and Ease of Deployment
• Express Setup for quickly configuring a switch for the first time with basic IP information, contact
information, switch and Telnet passwords, and Simple Network Management Protocol (SNMP)
information through a browser-based program.
• User-defined Smartports macros for creating custom switch configurations for simplified
deployment across the network.
Catalyst 2950ST-24 LRE
switch
Catalyst 2950ST-24 LRE 997
switch
1-2
• Embedded device manager GUI for configuring and monitoring a single switch through a web
browser. For information about launching the device manager, see the getting started guide. For more
information about the device manager, see the switch online help.
• Network Assistant application for
–
Simplifying and minimizing switch and switch cluster management from anywhere in your
intranet.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
Features
–
Accomplishing multiple configuration tasks from a single window without needing to
remember command-line interface (CLI) commands to accomplish specific tasks.
–
Interactive guide mode that guides you in configuring complex features such as VLANs, ACLs,
and quality of service (QoS).
–
Automated configuration wizards that prompt you to provide only the minimum required
information to configure complex features such as QoS priorities for video traffic, priority
levels for data applications, and security.
–
Downloading an image to a switch by using TFTP.
–
Applying actions to multiple ports and multiple switches at the same time, such as VLAN and
QoS settings, inventory and statistic reports, link- and switch-level monitoring and
troubleshooting, and multiple switch software upgrades.
–
Viewing a topology of interconnected devices to identify existing switch clusters and eligible
switches that can join a cluster and to identify link information between switches.
• Real-time status monitoring of a switch or multiple switches from the LEDs on the front-panel
images from the device manager and from Network Assistant.
• Switch clustering technology for
–
Unified configuration, monitoring, authentication, and software upgrade of multiple switches
(see the release notes for a list of eligible cluster members).
–
Automatic discovery of candidate switches and creation of clusters of up to 16 switches that can
be managed through a single IP address.
–
Extended discovery of cluster candidates that are not directly connected to the command switch.
Performance
Note For the Network Assistant software requirements, and for more information about
clustering, see the Getting Started with Cisco Network Assistant, available on Cisco.com.
For clustering requirements, including supported Cisco IOS releases, see the release notes
for this release.
• Hot Standby Router Protocol (HSRP) for command-switch redundancy. The redundant command
switches used for HSRP must have compatible software releases.
• Autosensing of speed on the 10/100 and 10/100/1000 ports and autonegotiation of duplex mode on
the 10/100 ports for optimizing bandwidth
• IEEE 802.3x flow control on Gigabit Ethernet ports operating in full-duplex mode
• Fast EtherChannel and Gigabit EtherChannel for enhanced fault tolerance and for providing up
to 2 Gbps of bandwidth among switches, routers, and servers
• Support for frames larger than 1500 bytes. These switches support frame sizes from 1500 to
1530 bytes:
–
Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, and 2950G-48-EI switches running
Cisco IOS Release 12.1(6)EA2 or later
–
Catalyst 2950 LRE switches
–
Catalyst 2955 switches
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-3
Features
Chapter 1 Overview
• Port blocking on forwarding unknown unicast and multicast traffic (available only on the
Catalyst LRE switches and on the Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC,
2950G-48-EI, and 2955 switches)
• Per-port broadcast storm control for preventing faulty end stations from degrading overall system
performance with broadcast storms
• Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for automatic
creation of EtherChannel links
• Internet Group Management Protocol (IGMP) snooping for IGMP versions 1, 2, and 3 to limit
flooding of IP multicast traffic
• IGMP report suppression for sending only one IGMP report per multicast router query to the
multicast devices (supported only for IGMPv1 or IGMPv2 queries)
• IGMP snooping querier support to configure switch to generate periodic IGMP General Query
messages
• Multicast VLAN registration (MVR) to continuously send multicast streams in a multicast VLAN
while isolating the streams from subscriber VLANs for bandwidth and security reasons
• IGMP filtering for controlling the set of multicast groups to which hosts on a switch port can belong
• IGMP throttling for configuring the action when the maximum number of entries is in the IGMP
forwarding table
• Protected port (private VLAN edge port) option for restricting the forwarding of traffic to designated
ports on the same switch
• Dynamic address learning for enhanced security
Manageability
• Cisco Intelligence Engine 2100 (IE2100) Series Cisco Networking Services (CNS) embedded
agents for automating switch management, configuration storage and delivery (available only with
the EI)
• DHCP-based autoconfiguration for automatically configuring the switch during startup with IP
address information and a configuration file that it receives during DHCP-based autoconfiguration
Note DHCP replaces the Bootstrap Protocol (BOOTP) feature autoconfiguration to ensure
retrieval of configuration files by unicast TFTP messages. BOOTP is available in earlier
software releases for this switch.
• DHCP server for automatic assignment of IP addresses and other DHCP options to IP hosts
(available only on the Catalyst 2955 switch)
• Address Resolution Protocol (ARP) for identifying a switch through its IP address and its
corresponding MAC address
• Unicast MAC address filtering to drop packets with specific source or destination MAC addresses
(available only with the EI)
• Cisco Discovery Protocol (CDP) versions 1 and 2 for network topology discovery and mapping
between the switch and other Cisco devices on the network
• Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external
source
1-4
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
Features
• Directed unicast requests to a TFTP server for obtaining software upgrades from a TFTP server
• Default configuration storage in flash memory to ensure that the switch can be connected to a
network and can forward traffic with minimal user intervention
• In-band management access through the embedded device manager through a Netscape Navigator
or Internet Explorer session or through Network Assistant
• In-band management access through up to 16 simultaneous Telnet connections for multiple
command-line interface (CLI)-based sessions over the network
• In-band management access through up to five simultaneous, encrypted Secure Shell (SSH)
connections for multiple CLI-based sessions over the network (only available in the enhanced
cryptographic software image)
• In-band management access through SNMP versions 1, 2c, and 3 get and set requests
• Out-of-band management access through the switch console port to a directly-attached terminal or
to a remote terminal through a serial connection and a modem
Note For additional descriptions of the management interfaces, see the “Management Options”
section on page 1-9.
Redundancy
• HSRP for command-switch redundancy
• UniDirectional Link Detection (UDLD) on all Ethernet ports for detecting and disabling
unidirectional links on fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults
• IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free
networks.
–
Up to 64 spanning-tree instances supported
–
Per-VLAN spanning-tree plus (PVST+) for load balancing across VLANs
–
Rapid PVST+ for load balancing across VLANs
–
UplinkFast, cross-stack UplinkFast, and BackboneFast for fast convergence after a
spanning-tree topology change and for achieving load balancing among redundant uplinks,
including Gigabit uplinks and cross-stack Gigabit uplinks
• IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree
instance and for providing multiple forwarding paths for data traffic and load balancing and rapid
per-VLAN Spanning-Tree plus (rapid-PVST+), based on the IEEE 802.1w Rapid Spanning Tree
Protocol (RSTP) for rapid convergence of the spanning tree by immediately transitioning root and
designated ports to the forwarding state
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-5
Features
VLAN Support
Chapter 1 Overview
• Optional spanning-tree features available in the PVST+, rapid PVST+, and MSTP modes:
–
Port Fast for eliminating the forwarding delay by enabling a port to immediately transition from
the blocking state to the forwarding state
–
BPDU guard for shutting down Port Fast-enabled ports that receive BPDUs
–
BPDU filtering for preventing a Port Fast-enabled port from sending or receiving BPDUs
–
Root guard for preventing switches outside the network core from becoming the spanning-tree
root
–
Loop guard for preventing alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link
• The switches support 250 port-based VLANs for assigning users to VLANs associated with
appropriate network resources, traffic patterns, and bandwidth
Note The Catalyst 2950-12, Catalyst 2950-24, Catalyst 2950SX-24, Catalyst 2950SX-48-SI, and
Catalyst 2950T-48-SI switches support only 64 port-based VLANs.
Security
• The switch supports up to 4094 VLAN IDs to allow service provider networks to support the number of
VLANs allowed by the IEEE 802.1Q standard (available only with the EI)
• IEEE 802.1Q trunking protocol on all ports for network moves, adds, and changes; management and
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources
• VLAN Membership Policy Server (VMPS) for dynamic VLAN membership
• VLAN Trunking Protocol (VTP) pruning for reducing network traffic by restricting flooded traffic
to links destined for stations receiving the traffic
• Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used
• Voice VLAN for creating subnets for voice traffic from Cisco IP Phones
• VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames.
• Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an
invalid configuration occurs
• Protected port option for restricting the forwarding of traffic to designated ports on the same switch
1-6
• Password-protected access (read-only and read-write access) to management interfaces (device
manager, Network Assistant, and CLI) for protection against unauthorized configuration changes
• Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
• Port security aging to set the aging time for secure addresses on a port
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
• Multilevel security for a choice of security level, notification, and resulting actions
• MAC-based port-level security for restricting the use of a switch port to a specific group of source
addresses and preventing switch access from unauthorized stations
• TACACS+, a proprietary feature for managing network security through a TACACS server
• IEEE 802.1x port-based authentication to prevent unauthorized devices from gaining access to the
network
• IEEE 802.1x accounting to track network usage
• IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
specific Ethernet frame
• Standard and extended IP access control lists (ACLs) for defining security policies (available only
with the EI)
Quality of Service and Class of Service
• Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues (only available in the EI)
Features
• Classification
–
IEEE 802.1p class of service (CoS) with four priority queues on the switch 10/100 and LRE
ports and eight priority queues on the Gigabit ports for prioritizing mission-critical and
time-sensitive traffic from data, voice, and telephony applications
–
IP Differentiated Services Code Point (IP DSCP) and CoS marking priorities on a per-port basis
for protecting the performance of mission-critical applications (only available with the EI)
–
Flow-based packet classification (classification based on information in the MAC, IP, and
TCP/UDP headers) for high-performance quality of service at the network edge, allowing for
differentiated service levels for different types of network traffic and for prioritizing
mission-critical traffic in the network (only available in the EI)
–
Support for IEEE 802.1p CoS scheduling for classification and preferential treatment of
high-priority voice traffic
–
Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and
ensure port security. If the IP phone is not detected, disable the trusted setting on the port and
prevent misuse of a high-priority queue.)
• Policing
–
Traffic-policing policies on the switch port for allocating the amount of the port bandwidth to
a specific traffic flow
–
Policing traffic flows to restrict specific applications or traffic flows to metered, predefined
rates
–
Up to 60 policers on ingress Gigabit-capable Ethernet ports
Up to six policers on ingress 10/100 ports
Granularity of 1 Mbps on 10/100 ports and 8 Mbps on 10/100/1000 ports
–
Out-of-profile markdown for packets that exceed bandwidth utilization limits
78-11380-12
Note Policing is available only in the EI.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-7
Features
Monitoring
Chapter 1 Overview
• Egress Policing and Scheduling of Egress Queues—Four egress queues on all switch ports. Support
for strict priority and weighted round-robin (WRR) CoS policies
• Switch LEDs that show port and switch status
• Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) for traffic monitoring on any port or
VLAN
Note RSPAN is available only in the EI.
• SPAN support of Intrusion Detection Systems (IDSs) to monitor, repel, and report network security
violations
• Four groups (history, statistics, alarms, and events) of embedded remote monitoring (RMON) agents
for network monitoring and traffic analysis
• MAC address notification for tracking the MAC addresses that the switch has learned or removed
• Syslog facility for logging system messages about authentication or authorization errors, resource
issues, and time-out events
• Layer 2 traceroute to identify the physical path that a packet takes from a source device to a
destination device
• Facilities for processing alarms related to temperature, power-supply conditions, and the status of
the Ethernet ports (available only on the Catalyst 2955 switch)
LRE Features (available only on Catalyst 2950 LRE switches)
• Data, voice, and video transmission through categorized and noncategorized unshielded twisted-pair
cable (Category 1, 2, and 3 structured and unstructured cable, such as existing telephone lines) in
multi-unit, multidwelling, and multitenant buildings
• Up to 15 Mbps of bandwidth to remote Ethernet devices at distances of up to 4921 feet
(1500 meters) on each switch LRE port
• Compliance with American National Standards Institute (ANSI) and European Telecommunication
Standards Institute (ETSI) standards for spectral-mode compatibility with asymmetric digital
subscriber line (ADSL), Integrated Services Digital Network (ISDN), and digital telephone
networks
• Configuration and monitoring of connections between:
–
Switch LRE ports and the Ethernet ports on remote LRE customer premises equipment (CPE)
devices, such as the Cisco 575 LRE CPE or the Cisco 585 LRE CPE
–
CPE Ethernet ports and remote Ethernet devices, such as a PC
• Support for connecting to the public switched telephone network (PSTN) through plain old
telephone service (POTS) splitters such as the Cisco LRE 48 POTS Splitter
1-8
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
Management Options
• Support for the rate selection, a utility that allows for automatic selection of transmission rates
through sequences
• Support for Reed-Solomon error correction
• Support for a protected port on Cisco 585 CPE devices
• Support for small form-factor pluggable (SFP) modules instead of Gigabit Interface Converter
(GBIC) modules
• Support for configuring the interleave delay feature
• Support for DC-input power and compliance with the VDSL 997 band plan on Catalyst 2950ST-24
LRE 997 switches
• Upstream power back-off mechanism for normalization of the upstream receive power levels by
requiring the CPE devices on shorter lines to transmit at a lower power level than the CPEs on longer
lines
• Support for sending LRE debugging messages to the LRE message logging process and to the
system message logging process
Management Options
The switch is designed for plug-and-play operation: you only need to assign basic IP information to the
switch and connect it to the other devices in your network. If you have specific network needs, you can
configure and monitor the switch—on an individual basis or as part of a switch cluster—through its
various management interfaces.
Note For information about assigning an IP address by using the browser-based Express Setup program, see
the getting started guide. For information about assigning an IP address by using the CLI-based setup
program, see the hardware installation guide.
This section discusses these topics:
• Management Interface Options, page 1-9
• Advantages of Using Network Assistant and Clustering Switches, page 1-10
Management Interface Options
You can configure and monitor individual switches and switch clusters by using these interfaces:
• An embedded device manager—The device manager is a GUI that is integrated in the software
image. You use it to can configure and to monitor a single switch through a web browser. For more
information about the device manager, see the switch online help.
• Network Assistant—Network Assistant is a GUI that can be downloaded from Cisco.com. You use
it to manage a single switch or a cluster of switches. For more information about Network Assistant,
see the Getting Started with Cisco Network Assistant, available on Cisco.com.
• CLI—The switch Cisco IOS software supports desktop-switching features. You can access the CLI
either by connecting your management station directly to the switch console port or by using Telnet
or SSH from a remote management station.
78-11380-12
For more information about the CLI, see Chapter 2, “Using the Command-Line Interface.”
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-9
Management Options
• IE2100—Cisco Intelligence Engine 2100 Series Configuration Registrar is a network management
device that works with embedded CNS Agents in the switch software. You can automate initial
configurations and configuration updates by generating switch-specific configuration changes,
sending them to the switch, executing the configuration change, and logging the results.
For more information about IE2100, see Chapter 5, “Configuring IE2100 CNS Agents.”
• SNMP—SNMP provides a means to monitor and control the switch and switch cluster members.
You can manage switch configuration settings, performance, and security and collect statistics by
using SNMP management applications such as CiscoWorks2000 LAN Management Suite (LMS)
and HP OpenView.
You can manage the switch from an SNMP-compatible management station that is running
platforms such as HP OpenView or SunNet Manager. The switch supports a comprehensive set of
MIB extensions and four RMON groups.
For more information about using SNMP, see the Chapter 27, “Configuring SNMP.”
Advantages of Using Network Assistant and Clustering Switches
Using Network Assistant and switch clusters can simplify and minimize your configuration and
monitoring tasks. You can use Cisco switch clustering technology to manage up to 16 interconnected and
supported Catalyst switches through one IP address as if they were a single entity. This can conserve IP
addresses if you have a limited number of them. Network Assistant is the easiest interface to use and
makes switch and switch cluster management accessible to authorized users from any PC on your
network.
Chapter 1 Overview
By using switch clusters and Network Assistant, you can:
• Manage and monitor interconnected Catalyst switches (see the release notes for a list of supported
switches), regardless of their geographic proximity and interconnection media, including Ethernet,
Fast Ethernet, Fast EtherChannel, Cisco GigaStack GBIC, Gigabit Ethernet, and Gigabit
EtherChannel connections.
• Accomplish multiple configuration tasks from a single Network Assistant window without needing
to remember CLI commands to accomplish specific tasks.
• Apply actions from Network Assistant to multiple ports and multiple switches at the same time to
avoid re-entering the same commands for each individual port or switch. Here are some examples
of globally setting and managing multiple ports and switches:
–
Port configuration such as speed and duplex settings
–
Port and console port security settings
–
NTP, STP, VLAN, and quality of service (QoS) configurations
–
Inventory and statistic reporting and link and switch-level monitoring and troubleshooting
–
Group software upgrades
• View a topology of interconnected devices to identify existing switch clusters and eligible switches
that can join a cluster. You can also use the topology to quickly identify link information between
switches.
• Monitor real-time status of a switch or multiple switches from the LEDs on the front-panel images.
The system, redundant power system (RPS), and port LED colors on the images are similar to those
on the physical LEDs.
1-10
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
• Use an interactive mode that takes you step-by-step through configuring complex features such as
VLANs, ACLs, and QoS.
• Use a wizard that prompts you to provide the minimum required information to configure complex
features such as QoS priorities for video traffic, priority levels for data applications, and security.
For more information about Network Assistant and clustering, see the Getting Started with Cisco
Network Assistant, available on Cisco.com.
Network Configuration Examples
This section provides network configuration concepts and includes examples of using the switch to
create dedicated network segments and interconnecting the segments through Fast Ethernet and Gigabit
Ethernet connections.
• “Design Concepts for Using the Switch” section on page 1-12
• “Small to Medium-Sized Network Configuration” section on page 1-15
• “Collapsed Backbone and Switch Cluster Configuration” section on page 1-16
• “Hotel Network Configuration” section on page 1-17
Network Configuration Examples
• “Service-Provider Central-Office Configuration” section on page 1-20
• “Large Campus Configuration” section on page 1-21
• “Multidwelling Network Using Catalyst 2950 Switches” section on page 1-22
• “Long-Distance, High-Bandwidth Transport Configuration” section on page 1-24
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-11
Network Configuration Examples
Design Concepts for Using the Switch
As your network users compete for network bandwidth, it takes longer to send and receive data. When
you configure your network, consider the bandwidth required by your network users and the relative
priority of the network applications they use.
Table 1-3 describes what can cause network performance to degrade and how you can configure your
network to increase the bandwidth available to your network users.
Table 1-3 Increasing Network Performance
Network Demands Suggested Design Methods
Too many users on a single network segment
and a growing number of users accessing the
Internet
• Increased power of new PCs,
workstations, and servers
• High demand from networked
applications (such as e-mail with large
attached files) and from
bandwidth-intensive applications (such
as multimedia)
• Create smaller network segments so that fewer users share the
bandwidth, and use VLANs and IP subnets to place the network
resources in the same logical network as the users who access those
resources most.
• Use full-duplex operation between the switch and its connected
workstations.
• Connect global resources—such as servers and routers to which network
users require equal access—directly to the Fast Ethernet or Gigabit
Ethernet switch ports so that they have their own Fast Ethernet or Gigabit
Ethernet segment.
• Use the Fast EtherChannel or Gigabit EtherChannel feature between the
switch and its connected servers and routers.
Chapter 1 Overview
Bandwidth alone is not the only consideration when designing your network. As your network traffic
profiles evolve, consider providing network services that can support applications such as voice and data
integration and security.
Table 1-4 describes some network demands and how you can meet those demands.
Table 1-4 Providing Network Services
Network Demands Suggested Design Methods
High demand for multimedia support
High demand for protecting mission-critical
applications
• Use IGMP and MVR to efficiently forward multicast traffic.
• Use VLANs and protected ports to provide security and port isolation.
• Use VLAN trunks, cross-stack UplinkFast, and BackboneFast for
traffic-load balancing on the uplink ports so that the uplink port with a
lower relative port cost is selected to carry the VLAN traffic.
An evolving demand for IP telephony
• Use QoS to prioritize applications such as IP telephony during
congestion and to help control both delay and jitter within the network.
• Use switches that support at least two queues per port to prioritize voice
and data traffic as either high- or low-priority, based on 802.1p or
802.1Q.
A growing demand for using existing
infrastructure to transport data and voice from
a home or office to the Internet or an intranet at
• Use the Catalyst 2900 LRE XL or Catalyst 2950 LRE switches to
provide up to 15 Mb of IP connectivity over existing infrastructure
(existing telephone lines).
higher speeds
1-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
Network Configuration Examples
Figure 1-1 shows configuration examples of using the Catalyst switches to create these networks:
• Cost-effective wiring closet—A cost-effective way to connect many users to the wiring closet is to
connect up to nine Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches
through GigaStack GBIC connections. When you use a stack of Catalyst 2950G-48 switches, you
can connect up to 432 users. To preserve switch connectivity if one switch in the stack fails, connect
the bottom switch to the top switch to create a GigaStack loopback, and enable cross-stack
UplinkFast on the cross-stack Gigabit uplinks.
You can create backup paths by using Fast Ethernet, Gigabit, Fast EtherChannel, or Gigabit
EtherChannel links. Using Gigabit modules on two of the switches, you can have redundant uplink
connections to a Gigabit backbone switch such as the Catalyst 3550-12G switch. If one of the
redundant connections fails, the other can serve as a backup path. You can configure the stack
members and the Catalyst 3550-12G switch as a switch cluster to manage them through a single IP
address.
• High-performance workgroup—For users who require high-speed access to network resources, use
Gigabit modules to connect the switches directly to a backbone switch in a star configuration. Each
switch in this configuration provides users with a dedicated 1-Gbps connection to network resources
in the backbone. Compare this with the switches in a GigaStack configuration, where the 1-Gbps
connection is shared among the switches. With the high speed uplink to the distribution server, the
user can efficiently obtain and store data from servers. Using these Gigabit Ethernet modules also
provides flexibility in media and distance options:
–
1000BASE-T GBIC: copper connections of up to 328 feet (100 meters)
–
1000BASE-SX GBIC: fiber connections of up to 1804 feet (550 meters)
–
1000BASE-LX/LH GBIC: fiber connections of up to 32,808 feet (10 kilometers)
–
1000BASE-ZX GBIC: fiber connections of up to 328,084 feet (100 kilometers)
–
GigaStack GBIC module for creating a 1-Gbps stack configuration of up to nine supported
switches. The GigaStack GBIC supports one full-duplex link (in a point-to-point configuration)
or up to nine half-duplex links (in a stack configuration) to other Gigabit Ethernet devices.
Using the required Cisco proprietary signaling and cabling, the GigaStack GBIC-to-GigaStack
GBIC connection cannot exceed 3 feet (1 meter).
–
SFP modules: fiber and copper connections of up to 32,808 feet (10 kilometers) (supported only
on the Catalyst 2950 LRE switches)
• Redundant Gigabit backbone—Using HSRP, you can create backup paths between
Catalyst 3550-12T-L3 switches. To enhance network reliability and load balancing for different
VLANs and subnets, you can connect the Catalyst 2950 switches, again in a star configuration, to
two backbone switches. If one of the backbone switches fails, the second backbone switch preserves
connectivity between the switches and network resources.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-13
Network Configuration Examples
Figure 1-1 Example Configurations
Chapter 1 Overview
Catalyst 2950 switch
Cost-Effective
Wiring Closet
High-Performance
Workgroup
Catalyst 2900 XL, Catalyst 2950, Catalyst 2955,
Catalyst 3500 XL, and Catalyst 3550 cluster
Catalyst 3550-12T or
Catalyst 3550-12G switch
Si
Catalyst 3550-12T or
Catalyst 3550-12G switch
Si
Catalyst 3550-12G switch
1-Gbps HSRP
Catalyst 2900 XL,
Catalyst 2950,
Catalyst 3500 XL,
and Catalyst 3550
GigaStack cluster
Gigabit
server
Catalyst 3550-12T or
Si
1-14
Redundant Gigabit
Backbone
Catalyst 2900 XL, Catalyst 2950, Catalyst 2955,
Catalyst 3500 XL, and Catalyst 3550 cluster
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
60992
78-11380-12
Chapter 1 Overview
Small to Medium-Sized Network Configuration
Figure 1-2 shows a configuration for a network that has up to 250 users. Users in this network require
e-mail, file-sharing, database, and Internet access.
You optimize network performance by placing workstations on the same logical segment as the servers
they access most often. This divides the network into smaller segments (or workgroups) and reduces the
amount of traffic that travels over a network backbone, thereby increasing the bandwidth available to
each user and improving server response time.
Figure 1-2 Small to Medium-Sized Network Configuration
Cisco 2600 router
100 Mbps
(200 Mbps full duplex)
Gigabit
server
Network Configuration Examples
1 Gbps
(2 Gbps full duplex)
Catalyst 2900 XL,
Catalyst 2950,
Catalyst 3550, and
Catalyst 3500 XL
GigaStack cluster
10/100 Mbps
(20/200 Mbps full duplex)
Single workstations
Gigabit
server
60993
A network backbone is a high-bandwidth connection (such as Fast Ethernet or Gigabit Ethernet) that
interconnects segments and network resources. It is required if numerous segments require access to the
servers. The Catalyst 2900 XL, Catalyst 2950, Catalyst 3500 XL, and Catalyst 3550 switches in this
network are connected through a GigaStack GBIC on each switch to form a 1-Gbps network backbone.
This GigaStack can also be configured as a switch cluster, with primary and secondary command
switches for redundant cluster management.
78-11380-12
Workstations are connected directly to the 10/100 switch ports for their own 10- or 100-Mbps access to
network resources (such as web and mail servers). When a workstation is configured for full-duplex
operation, it receives up to 200 Mbps of dedicated bandwidth from the switch.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-15
Network Configuration Examples
Servers are connected to the GBIC module ports on the switches, allowing 1-Gbps throughput to users
when needed. When the switch and server ports are configured for full-duplex operation, the links
provide 2 Gbps of bandwidth. For networks that do not require Gigabit performance from a server,
connect the server to a Fast Ethernet or Fast EtherChannel switch port.
Connecting a router to a Fast Ethernet switch port provides multiple, simultaneous access to the Internet
through one line.
Collapsed Backbone and Switch Cluster Configuration
Figure 1-3 shows a configuration for a network of approximately 500 employees. This network uses a
collapsed backbone and switch clusters. A collapsed backbone has high-bandwidth uplinks from all
segments and subnetworks to a single device, such as a Gigabit switch, that serves as a single point for
monitoring and controlling the network. You can use a Catalyst 3550-12T-L3 switch, as shown, or a
Catalyst 3508G XL switch to create a Gigabit backbone. A Catalyst 3550-12T-L3 backbone switch
provides the benefits of inter-VLAN routing and allows the router to focus on WAN access.
The workgroups are created by clustering all the Catalyst switches except the Catalyst 4908G-L3 switch.
Using Network Assistant and Cisco switch clustering technology, you can group the switches into
multiple clusters, as shown, or into a single cluster. You can manage a cluster through the IP address of
its active and standby command switches, regardless of the geographic location of the cluster members.
Chapter 1 Overview
This network uses VLANs to segment the network logically into well-defined broadcast groups and for
security management. Data and multimedia traffic are configured on the same VLAN. Voice traffic from
the Cisco IP Phones are configured on separate voice VLAN IDs (VVIDs). You can have up to
four VVIDs per wiring closet. If data, multimedia, and voice traffic are assigned to the same VLAN, only
one VLAN can be configured per wiring closet. For any switch port connected to Cisco IP Phones,
802.1p or 802.1Q QoS gives forwarding priority to voice traffic over data traffic.
Grouping servers in a centralized location provides benefits such as security and easier maintenance. The
Gigabit connections to a server farm provide the workgroups full access to the network resources (such
as a call-processing server running Cisco CallManager software, a DHCP server, or an IP/TV multicast
server).
Cisco IP Phones are connected—using standard straight-through, twisted-pair cable with RJ-45
connectors—to the 10/100 inline-power ports on the Catalyst 3550-24PWR switches and to the
10/100 ports on the Catalyst 2950 switches. These multiservice switch ports automatically detect any IP
phones that are connected. Cisco CallManager controls call processing, routing, and IP phone features
and configuration. Users with workstations running Cisco SoftPhone software can place, receive, and
control calls from their PCs. Using Cisco IP Phones, Cisco CallManager software, and Cisco SoftPhone
software integrates telephony and IP networks, and the IP network supports both voice and data.
Each 10/100 inline-power port on the Catalyst 3550-24PWR switches provides –48 VDC power to the
Cisco IP Phone. The IP phone can receive redundant power when it is also connected to an AC power
source. IP phones not connected to the Catalyst 3550-24PWR switches receive power from an AC power
source.
1-16
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
Figure 1-3 Collapsed Backbone and Switch Cluster Configuration
Gigabit
servers
Cisco
CallManager
Catalyst 3550-12T or
Catalyst 3550-12G switch
Network Configuration Examples
(2 Gbps full duplex)
Catalyst 2950, 2900 XL,
3550, and 3500 XL
GigaStack cluster
Workstations running
Cisco SoftPhone software
1 Gbps
GigaStack cluster
Catalyst
2950,
2900 XL,
3550, and
3500 XL
Si
IP IP IP
Cisco IP Phones
Cisco 2600 router
200 Mbps
Fast EtherChannel
(400-Mbps full-duplex
Fast EtherChannel)
Catalyst 3550-24PWR
cluster
IP
IP
Cisco
IP Phones
60994
Hotel Network Configuration
Figure 1-4 shows Catalyst 2950ST-8 LRE and 2950ST-24 LRE switches in a hotel network environment
with approximately 200 rooms. This network includes a PBX switchboard, a router, and high-speed
servers.
Connected to the telephone line in each hotel room is an LRE CPE device, such as a Cisco LRE CPE
device. The LRE CPE device provides:
• Two RJ-11 ports, one for connecting to the telephone jack on the wall and one for connecting to a
POTS telephone.
• One or more RJ-45 Ethernet ports for connecting to devices such as a customer’s laptop, the room
IP phone, the television set-top box, or a room environmental control device. A Cisco 575 LRE CPE
provides one Ethernet connection; a Cisco 585 LRE CPE provides four.
When connected to the CPE device, the Ethernet devices and room telephone share the same telephone
line.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-17
Network Configuration Examples
Note All telephones not directly connected to the hotel room CPE device require microfilters with a 300-ohm
termination. Microfilters improve voice call quality when voice and data equipment are using the same
telephone line. They also prevent nonfiltered telephone rings and nonfiltered telephone transitions (such
as on-hook to off-hook) from interrupting the Ethernet connection.
Through a patch panel, the telephone line from each room connects to a nonhomologated POTS splitter,
such as the Cisco LRE 48 POTS Splitter. The splitter routes data (high-frequency) and voice
(low-frequency) traffic from the telephone line to a Catalyst 2950 LRE switch and digital private branch
exchange (PBX). The PBX routes voice traffic to the PSTN.
If a PBX is not on-site, a homologated POTS splitter is required to connect directly to the PSTN.
Note Consult the regulations for connecting to the PSTN in your area.
If a connection to a phone network is not required at all, a splitter is not needed, and the switch can
connect directly to the patch panel.
Chapter 1 Overview
Note Cisco LRE products can share lines with analog telephones, Integrated Services Digital Network (ISDN)
telephone network, and PBX switches that use the 0 to 700 kHz frequency range.
Data to and from the room devices (such as e-mail for the laptop and IP multicast traffic for the
television) are transferred through the LRE link, which is established between the CPE RJ-11 wall port
and the LRE port on an LRE switch. The upstream and downstream rates on the LRE link are controlled
by a profile configured on each LRE port. If the LRE switch was connected to the PSTN through a
homologated POTS splitter, all LRE ports would use an ANSI-compliant LRE profile named
LRE-998-15-4.
The Catalyst 2950 LRE switches are cascaded through their 10/100/1000 switch ports. Each switch also
has a 10/100/1000 connection to an aggregation switch, such as a Catalyst 3550-12G switch. The
aggregation switch can connect to these devices:
• Accounting, billing, and provisioning servers
• A router that provides Internet access to the premises
You can manage the switches as a switch cluster and through Network Assistant. You can also manage
and monitor the individual CPE devices from the LRE switches to which they are connected. The
Catalyst 2950 LRE switch ports support the same software features as 10/100/1000 switch ports. For
example, you can configure port-based VLANs on the LRE ports to provide individual port security and
protected ports to further prevent unwanted broadcasts within the VLANs.
1-18
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
Figure 1-4 Network Hotel Configuration
Network Configuration Examples
Rooms
and
users
Rooms
and
users
Set-top
box
TV
POTS telephone
Required
microfilter
Laptop
Cisco 575
LRE CPE
Laptop
Cisco 585
LRE CPE
POTS telephones
Required
microfilter
IP
phone
IP
Environmental
controls
Set-top
POTS telephone
box
TV
Cisco 575
LRE CPE
Required
microfilter
Laptop
POTS telephones
Laptop
IP
phone
IP
Environmental
Cisco 585
LRE CPE
Required
microfilter
Floor 4
controls
Floor 3
Patch panel
Cisco
LRE 48
POTS
splitters
PSTN
PBX
Catalyst 2950 or
Catalyst 3550 switch
Catalyst 2950ST-8 LRE and
2950ST-24 LRE switches
Servers
Cisco 2600 router
89514
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-19
Network Configuration Examples
Service-Provider Central-Office Configuration
Figure 1-5 shows the Catalyst 2950ST-24 LRE 997 switches in a service-provider central-office network
environment. The Catalyst 2950ST-24 LRE 997 switches have DC-input power supply and are compliant
with the VDSL 997 band plan. The Catalyst 2950 LRE switches are located in a central office and are
connected to the Cisco 576 LRE 997 CPE devices located in different buildings. The switches also
connect to a Cisco 7500 router.
You can use a POTS splitter to connect the switches to the CPE devices. The splitter routes data
(high-frequency) to a Catalyst 2950 LRE switch and voice (low-frequency) traffic from the telephone
line to a PSTN.
Connected to the telephone line in each office is an Cisco 576 LRE 997 CPE device. The LRE CPE
device provides:
• Two RJ-11 ports, one for connecting to the telephone jack on the wall and one for connecting to a
POTS telephone.
• One RJ-45 Ethernet port for connecting to devices such as a customer’s laptop, the office’s IP phone,
the television set-top box, or a office environmental control device. A Cisco 576 LRE 997 provides
one Ethernet connection.
Chapter 1 Overview
When connected to the CPE device, the Ethernet devices and office telephone share the same telephone
line.
Note All telephones not directly connected to the office CPE device require microfilters with a 300-ohm
termination. Microfilters improve voice call quality when voice and data equipment are using the same
telephone line. They also prevent nonfiltered telephone rings and nonfiltered telephone transitions (such
as on-hook to off-hook) from interrupting the Ethernet connection.
Note Cisco LRE products can share lines with analog telephones and Integrated Services Digital Network
(ISDN) telephone network that use the 0 to 120 kHz frequency range.
Data to and from the office devices (such as e-mail for the laptop and IP multicast traffic for the
television) are transferred through the LRE link, which is established between the CPE RJ-11 wall port
and the LRE port on an LRE switch. The upstream and downstream rates on the LRE link are controlled
by a profile configured on each LRE port.
The Catalyst 2950 LRE switches are cascaded through their 10/100/1000 switch ports. Each switch also
has a 10/100/1000 connection to an aggregation switch, such as a Catalyst 3550-12G switch or
Cisco 7600 router.
You can manage the switches as a switch cluster and through Network Assistant. You can also manage
and monitor the individual CPE devices from the LRE switches to which they are connected. The
Catalyst 2950 LRE switch ports support the same software features as 10/100/1000 switch ports. For
example, you can configure port-based VLANs on the LRE ports to provide individual port security and
protected ports to further prevent unwanted broadcasts within the VLANs.
1-20
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
Network Configuration Examples
Figure 1-5 Service Provider Central Office Configuration
Central office
Copper twisted pair
Cisco router
7500
POTS
splitter
POTS
splitter
Catalyst 2950ST-24
LRE 997 switches
(DC-input power)
Large Campus Configuration
Cisco 576 LRE 997 CPE
Building 1
Building 2
Building 3
Building 4
Laptop
Cisco 576
LRE 997
Offices and users
POTS telephones
Required
microfilter
89380
Figure 1-6 shows a configuration for a network of more than 1000 users. Because it can aggregate up to
130 Gigabit connections, a Catalyst 6500 multilayer switch is used as the backbone switch.
You can use the workgroup configurations shown in previous examples to create workgroups with
Gigabit uplinks to the Catalyst 6500 switch. For example, you can use switch clusters that have a mix of
Catalyst 2950 and Catalyst 2955 switches.
The Catalyst 6500 switch provides the workgroups with Gigabit access to core resources:
• Cisco 7000 series router for access to the WAN and the Internet.
• Server farm that includes a call-processing server running Cisco CallManager software. Cisco
CallManager controls call processing, routing, and IP phone features and configuration.
• Cisco Access gateway (such as Cisco Access Digital Trunk Gateway or Cisco Access Analog Trunk
Gateway) that connects the IP network to the Public Switched Telephone Network (PSTN) or to
users in an IP telephony network.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-21
Network Configuration Examples
Figure 1-6 Large Campus Configuration
Chapter 1 Overview
WAN
Cisco
CallManager
Catalyst 2950, 2900 XL,
3500 XL, and 3550
GigaStack cluster
Servers
Catalyst
6500 switch
Cisco 7200
or 7500 router
IP telephony
network or
PSTN
Cisco access
gateway
1 Gbps
(2 Gbps
full duplex)
Catalyst 3550-24PWR
cluster
IP
IP IP IP
Workstations running
Cisco SoftPhone software
Cisco IP Phones
Multidwelling Network Using Catalyst 2950 Switches
A growing segment of residential and commercial customers are requiring high-speed access to Ethernet
metropolitan-area networks (MANs). Figure 1-7 shows a configuration for a Gigabit Ethernet MAN ring
using Catalyst 3550 multilayer switches as aggregation switches in the mini-point-of-presence (POP)
location. These switches are connected through 1000BASE-X GBIC ports.
The resident switches can be Catalyst 2950 switches, providing customers with high-speed connections
to the MAN. Catalyst 2900 LRE XL or 2950 LRE Layer 2-only switches also can be used as residential
switches for customers requiring connectivity through existing telephone lines. The Catalyst LRE
switches can then connect to another residential switch or to an aggregation switch. For more
information about these switches, see the Catalyst 2950 Desktop Switch Hardware Installation Guide.
IP
Cisco IP Phones
60995
1-22
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
Network Configuration Examples
All ports on the residential Catalyst 2950 and 2955 switches (and Catalyst LRE switches if they are
included) are configured as 802.1Q trunks with protected port and STP root guard features enabled. The
protected port feature provides security and isolation between ports on the switch, ensuring that
subscribers cannot view packets destined for other subscribers. STP root guard prevents unauthorized
devices from becoming the STP root switch. All ports have IGMP snooping or CGMP enabled for
multicast traffic management. ACLs on the uplink ports to the aggregating Catalyst 3550 multilayer
switches provide security and bandwidth management.
The aggregating switches and routers provide services such as those described in the previous examples,
“Small to Medium-Sized Network Configuration” and “Large Campus Configuration.”
Figure 1-7 Catalyst 2950 Switches in a MAN Configuration
Cisco 12000
Gigabit switch routers
Catalyst 6500
switches
Catalyst 3550
multilayer
switches
Si
Catalyst
switches
Set-top box
Si Si
Si Si
Si Si
Si
Service
Provider
POP
Mini-POP
Gigabit MAN
Residential
location
Residential
gateway (hub)
78-11380-12
TV
Set-top box
PC
50833
TV
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-23
Where to Go Next
Long-Distance, High-Bandwidth Transport Configuration
Note To use the feature described in this section, you must have the EI installed on your switch.
Figure 1-8 shows a configuration for transporting 8 Gigabits of data over a single fiber-optic cable. The
Catalyst switches have Coarse Wave Division Multiplexer (CWDM) fiber-optic GBIC modules installed.
Depending on the CWDM GBIC module, data is sent at wavelengths from 1470 nm to 1610 nm. The
higher the wavelength, the farther the transmission can travel. A common wavelength used for
long-distance transmissions is 1550 nm.
The CWDM GBIC modules connect to CWDM optical add/drop multiplexer (OADM) modules over
distances of up to 393,701 feet (74.5 miles or 120 km). The CWDM OADM modules combine (or
multiplex) the different CWDM wavelengths, allowing them to travel simultaneously on the same
fiber-optic cable. The CWDM OADM modules on the receiving end separate (or demultiplex) the
different wavelengths.
For more information about the CWDM GBIC modules and CWDM OADM modules, see the Cisco
CWDM GBIC and CWDM SFP Installation Note.
Chapter 1 Overview
Figure 1-8 Long-Distance, High-Bandwidth Transport Configuration
Access layer
Catalyst switches
Where to Go Next
Before configuring the switch, review these sections for start up information:
• Chapter 2, “Using the Command-Line Interface”
Eight
1-Gbps
connections
CWDM
OADM
modules
8 Gbps
CWDM
OADM
modules
Aggregation layer
Catalyst 4500
multilayer
switches
95750
1-24
• Chapter 4, “Assigning the Switch IP Address and Default Gateway”
• Chapter 5, “Configuring IE2100 CNS Agents”
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
CHAPTER
2
Using the Command-Line Interface
This chapter describes the Cisco IOS command-line interface (CLI) that you can use to configure your
Catalyst 2950 and Catalyst 2955 switches. It contains these sections:
• Cisco IOS Command Modes, page 2-1
• Getting Help, page 2-3
• Abbreviating Commands, page 2-4
• Using no and default Forms of Commands, page 2-4
• Understanding CLI Messages, page 2-5
• Using Command History, page 2-5
• Using Editing Features, page 2-6
• Searching and Filtering Output of show and more Commands, page 2-9
• Accessing the CLI, page 2-9
Cisco IOS Command Modes
The user interface is divided into many different modes. The commands available to you depend on
which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of
commands available for each command mode.
When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a
limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC
commands are one-time commands, such as show commands, which show the current configuration
status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved
when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a
password to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC
command or enter global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to the running
configuration. If you save the configuration, these commands are stored and used when the switch
reboots. To access the various configuration modes, you must start at global configuration mode. From
global configuration mode, you can enter interface configuration mode and line configuration mode.
For information on accessing the CLI through the switch console port or through a Telnet session, see
the hardware installation guide or the getting started guide.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
2-1
Chapter 2 Using the Command-Line Interface
Cisco IOS Command Modes
Tabl e 2-1 describes the main command modes, how to access each one, the prompt you see in that mode, and
how to exit the mode. The examples in the table use the host name Switch.
Table 2-1 Command Mode Summary
Mode Access Method Prompt Exit Method About This Mode
User EXEC Begin a session with
your switch.
Privileged EXEC While in user EXEC
mode, enter the
enable command.
Global configuration While in privileged
EXEC mode, enter
the configure
command.
Config-vlan While in global
configuration mode,
enter the
vlan vlan-id
command.
VLAN configuration While in privileged
EXEC mode, enter
the vlan database
command.
Switch>
Switch#
Switch(config)#
Switch(config-vlan)#
Switch(vlan)#
Enter logout or quit. Use this mode to
• Change terminal
settings.
• Perform basic tests.
• Display system
information.
Enter disable to exit. Use this mode to verify
commands that you have
entered. Use a password to
protect access to this mode.
To exit to privileged
EXEC mode, enter
exit or end, or press
Use this mode to configure
parameters that apply to the
entire switch.
Ctrl-Z.
To exit to global
configuration mode,
enter the exit
command.
To return to
privileged EXEC
mode, press Ctrl-Z or
enter end.
To exit to privileged
EXEC mode, enter
exit.
Use this mode to configure
VLAN parameters. When
VTP mode is transparent,
you can create
extended-range VLANs
(VLAN IDs greater than
1005) and save
configurations in the switch
startup configuration file.
Use this mode to configure
VLAN parameters for
VLANs 1 to 1005 in the
VLAN database.
2-2
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 2 Using the Command-Line Interface
Table 2-1 Command Mode Summary (continued)
Mode Access Method Prompt Exit Method About This Mode
Interface
configuration
While in global
configuration mode,
enter the interface
command (with a
specific interface).
Line configuration While in global
configuration mode,
specify a line with
the line vty or line
console command.
Switch(config-if)#
Switch(config-line)#
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z or
enter end.
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z or
enter end.
Use this mode to configure
parameters for the switch
interfaces and Long-Reach
Ethernet (LRE) customer
premises equipment (CPE)
device interfaces.
To configure multiple
interfaces with the same
parameters, see the
“Configuring a Range of
Interfaces” section on
page 10-6.
Use this mode to configure
parameters for the terminal
line.
Getting Help
Getting Help
You can enter a question mark (?) at the system prompt to display a list of commands available for each
command mode. You can also obtain a list of associated keywords and arguments for any command, as
shown in Table 2-2.
Ta b l e 2 - 2 H el p S um m a ry
Command Purpose
help Obtain a brief description of the help system in any command mode.
abbreviated-command-entry? Obtain a list of commands that begin with a particular character string.
For example:
Switch# di?
dir disable disconnect
abbreviated-command-entry<Ta b> Complete a partial command name.
For example:
Switch# sh conf<tab>
Switch# show configuration
? List all commands available for a particular command mode.
For example:
Switch> ?
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
2-3
Abbreviating Commands
Table 2-2 Help Summary (continued)
Command Purpose
command ? List the associated keywords for a command.
For example:
Switch> show ?
command keyword ? List the associated arguments for a keyword.
For example:
Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver must keep this packet
Abbreviating Commands
You have to enter only enough characters for the switch to recognize the command as unique. This
example shows how to enter the show configuration privileged EXEC command:
Switch# show conf
Chapter 2 Using the Command-Line Interface
Using no and default Forms of Commands
Almost every configuration command also has a no form. In general, use the no form to disable a feature
or function or reverse the action of a command. For example, the no shutdown interface configuration
command reverses the shutdown of an interface. Use the command without the keyword no to re-enable
a disabled feature or to enable a feature that is disabled by default.
Configuration commands can also have a default form. The default form of a command returns the
command setting to its default. Most commands are disabled by default, so the default form is the same
as the no form. However, some commands are enabled by default and have variables set to certain default
values. In these cases, the default command enables the command and sets variables to their default
values.
2-4
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 2 Using the Command-Line Interface
Understanding CLI Messages
Table 2-3 lists some error messages that you might encounter while using the CLI to configure your
switch.
Table 2-3 Common CLI Error Messages
Error Message Meaning How to Get Help
% Ambiguous command:
"show con"
% Incomplete command.
% Invalid input detected
at ‘^’ marker.
You did not enter enough characters
for your switch to recognize the
command.
You did not enter all the keywords or
values required by this command.
You entered the command
incorrectly. The caret (^) marks the
point of the error.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that you can enter with the
command appear.
Re-enter the command followed by a question mark (?)
with a space between the command and the question
mark.
The possible keywords that you can enter with the
command appear.
Enter a question mark (?) to display all the commands
that are available in this command mode.
The possible keywords that you can enter with the
command appear.
Understanding CLI Messages
Using Command History
The software provides a history or record of commands that you have entered. This feature is particularly
useful for recalling long or complex commands or entries, including access lists. You can customize the
command history feature to suit your needs as described in these sections:
• Changing the Command History Buffer Size, page 2-5
• Recalling Commands, page 2-6
• Disabling the Command History Feature, page 2-6
Changing the Command History Buffer Size
By default, the switch records ten command lines in its history buffer. Beginning in privileged EXEC
mode, enter this command to change the number of command lines that the switch records during the
current terminal session:
Switch# terminal history [size
The range is from 0 to 256.
Beginning in line configuration mode, enter this command to configure the number of command lines
the switch records for all sessions on a particular line:
Switch(config-line)# history [size
The range is from 0 to 256.
number-of-lines
number-of-lines
]
]
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
2-5
Chapter 2 Using the Command-Line Interface
Using Editing Features
Recalling Commands
To recall commands from the history buffer, perform one of the actions listed in Ta b le 2-4:
Table 2-4 Recalling Commands
1
Action
Press Ctrl-P or the up arrow key. Recall commands in the history buffer, beginning with the most recent command.
Press Ctrl-N or the down arrow key. Return to more recent commands in the history buffer after recalling commands
show history While in privileged EXEC mode, list the last several commands that you just
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Result
Repeat the key sequence to recall successively older commands.
with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively
more recent commands.
entered. The number of commands that appear is determined by the setting of the
terminal history global configuration command and history line configuration
command.
Disabling the Command History Feature
The command history feature is automatically enabled.
To disable the feature during the current terminal session, enter the terminal no history privileged
EXEC command.
To disable command history for the line, enter the no history line configuration command.
Using Editing Features
This section describes the editing features that can help you manipulate the command line. It contains
these sections:
• Enabling and Disabling Editing Features, page 2-6
• Editing Commands through Keystrokes, page 2-7
• Editing Command Lines that Wrap, page 2-8
Enabling and Disabling Editing Features
Although enhanced editing mode is automatically enabled, you can disable it.
To re-enable the enhanced editing mode for the current terminal session, enter this command in
privileged EXEC mode:
Switch# terminal editing
2-6
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 2 Using the Command-Line Interface
To reconfigure a specific line to have enhanced editing mode, enter this command in line configuration
mode:
Switch(config-line)# editing
To globally disable enhanced editing mode, enter this command in line configuration mode:
Switch(config-line)# no editing
Editing Commands through Keystrokes
Table 2-5 shows the keystrokes that you need to edit command lines.
Table 2-5 Editing Commands through Keystrokes
Using Editing Features
Capability Keystroke
Move around the command line to
make changes or corrections.
Press Ctrl-B, or press the
left arrow key.
Press Ctrl-F, or press the
right arrow key.
Press Ctrl-A. Move the cursor to the beginning of the command line.
Press Ctrl-E. Move the cursor to the end of the command line.
Press Esc B. Move the cursor back one word.
Press Esc F. Move the cursor forward one word.
Press Ctrl-T. Transpose the character to the left of the cursor with the
Recall commands from the buffer and
paste them in the command line. The
switch provides a buffer with the last
Press Ctrl-Y. Recall the most recent entry in the buffer.
Press Esc Y. Recall the next buffer entry.
ten items that you deleted.
Delete entries if you make a mistake
or change your mind.
Press the Delete or
Backspace key.
Press Ctrl-D. Delete the character at the cursor.
Press Ctrl-K. Delete all characters from the cursor to the end of the
Press Ctrl-U or Ctrl-X. Delete all characters from the cursor to the beginning of
Press Ctrl-W. Delete the word to the left of the cursor.
Press Esc D. Delete from the cursor to the end of the word.
Capitalize or lowercase words or
capitalize a set of letters.
Press Esc C. Capitalize at the cursor.
Press Esc L. Change the word at the cursor to lowercase.
Press Esc U. Capitalize letters from the cursor to the end of the word.
Designate a particular keystroke as
Press Ctrl-V or Esc Q.
an executable command, perhaps as a
shortcut.
1
Purpose
Move the cursor back one character.
Move the cursor forward one character.
character located at the cursor.
The buffer contains only the last 10 items that you have
deleted or cut. If you press Esc Y more than ten times, you
cycle to the first buffer entry.
Erase the character to the left of the cursor.
command line.
the command line.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
2-7
Using Editing Features
Table 2-5 Editing Commands through Keystrokes (continued)
Chapter 2 Using the Command-Line Interface
Capability Keystroke
Scroll down a line or screen on
displays that are longer than the
terminal screen can display.
Note The More prompt is used for
Press the Return key. Scroll down one line.
Press the Space bar. Scroll down one screen.
1
any output that has more
lines than can be displayed
on the terminal screen,
including show command
output. You can use the
Return and Space bar
keystrokes whenever you see
the More prompt.
Redisplay the current command line
Press Ctrl-L or Ctrl-R. Redisplay the current command line.
if the switch suddenly sends a
message to your screen.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Editing Command Lines that Wrap
You can use a wraparound feature for commands that extend beyond a single line on the screen. When
the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the
first ten characters of the line, but you can scroll back and check the syntax at the beginning of the
command.
Purpose
To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You
can also press Ctrl-A to immediately move to the beginning of the line.
Note The arrow keys function only on ANSI-compatible terminals such as VT100s.
In this example, the access-list global configuration command entry extends beyond one line. When the
cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar
sign ($) shows that the line has been scrolled to the left. Each time the cursor reaches the end of the line,
the line is again shifted ten spaces to the left.
Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1
Switch(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25
Switch(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq
Switch(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45
After you complete the entry, press Ctrl-A to check the complete syntax before pressing the Return key
to execute the command. The dollar sign ($) appears at the end of the line to show that the line has been
scrolled to the right:
Switch(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$
The software assumes you have a terminal screen that is 80 columns wide. If you have a width other than
that, use the terminal width privileged EXEC command to set the width of your terminal.
2-8
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 2 Using the Command-Line Interface
Searching and Filtering Output of show and more Commands
Use line wrapping with the command history feature to recall and modify previous complex command
entries. For information about recalling previous command entries, see the “Editing Commands through
Keystrokes” section on page 2-7.
Searching and Filtering Output of show and more Commands
You can search and filter the output for show and more commands. This is useful when you need to sort
through large amounts of output or if you want to exclude output that you do not need to see.
To use this functionality, enter a show or more command followed by the pipe character (|), one of the
keywords begin, include, or exclude, and an expression that you want to search for or filter out:
command | {begin | include | exclude} regular-expression
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output
are not displayed, but the lines that contain Output appear.
This example shows how to include in the output display only lines where the expression protocol
appears:
Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
GigabitEthernet0/1 is up, line protocol is down
GigabitEthernet0/2 is up, line protocol is up
Accessing the CLI
Before you can access the CLI, you need to connect a terminal or PC to the switch console port and
power on the switch as described in the hardware installation guide that shipped with your switch. Then,
to understand the boot process and the options available for assigning IP information, see Chapter 4,
“Assigning the Switch IP Address and Default Gateway.”
If your switch is already configured, you can access the CLI through a local console connection or
through a remote Telnet session, but your switch must first be configured for this type of access. For
more information, see the “Setting a Telnet Password for a Terminal Line” section on page 8-6.
You can establish a connection with the switch by either
• Connecting the switch console port to a management station or dial-up modem. For information
about connecting to the console port, see the switch hardware installation guide.
• Using any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management
station. The switch must have network connectivity with the Telnet or SSH client, and the switch
must have an enable secret password configured.
For information about configuring the switch for Telnet access, see the “Setting a Telnet Password
for a Terminal Line” section on page 8-6. The switch supports up to 16 simultaneous Telnet sessions.
Changes made by one Telnet user are reflected in all other Telnet sessions.
For information about configuring the switch for SSH, see the “Configuring the Switch for Secure
Shell” section on page 8-33. The switch supports up to five simultaneous secure SSH sessions.
After you connect through the console port, or through a Telnet session, or through an SSH session, the
user EXEC prompt appears on the management station.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
2-9
Accessing the CLI
Chapter 2 Using the Command-Line Interface
2-10
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
CHAPTER
Configuring Catalyst 2955 Switch Alarms
This section describes how to configure the different alarms for the Catalyst 2955 switch.
Note The alarms described in this chapter are not available on the Catalyst 2950 switch.
For complete syntax and usage information for the commands used in this chapter, see the switch
command reference for this release.
This chapter consists of these sections:
• Understanding Catalyst 2955 Switch Alarms, page 3-1
• Configuring Catalyst 2955 Switch Alarms, page 3-4
• Displaying Catalyst 2955 Switch Alarms Status, page 3-11
3
Understanding Catalyst 2955 Switch Alarms
The Catalyst 2955 switch software monitors switch conditions on a per port or a switch basis. If the
conditions present on the switch or port do not match the parameters set by the user, the switch software
triggers an alarm or a system message. By default, the switch software sends the system messages to a
system message logging facility, or a syslog facility. You can also configure the switch to send Simple
Network Management Protocol (SNMP) traps to an SNMP server. You can configure the switch to
trigger an external alarm device by using the two independent alarm relays (major or minor). For more
information on how to configure the alarms, see the “Configuring Catalyst 2955 Switch Alarms” section
on page 3-4.
This section includes information about these topics:
• Global Status Monitoring Alarms, page 3-2
• FCS Error Hysteresis Threshold, page 3-2
• Port Status Monitoring Alarms, page 3-3
• Triggering Alarm Options, page 3-3
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
3-1
Chapter 3 Configuring Catalyst 2955 Switch Alarms
Understanding Catalyst 2955 Switch Alarms
Global Status Monitoring Alarms
The Catalyst 2955 switch contains facilities for processing alarms related to temperature and power
supply conditions. These are referred to as global or facility alarms. Tab le 3-1 lists the three global
alarms and their descriptions and functions.
Table 3-1 Catalyst 2955 Global Status Monitoring Alarms
Alarm Description
Power Supply Alarm The switch monitors dual DC power supply levels. If the system is configured to operate in a dual
power mode, an alarm triggers if a power supply fails or is missing. The alarm is automatically
cleared when both power supplies are present or working. You can configure the power supply
alarm to be connected to the hardware relays. For more information, see the “Configuring the
Power Supply Alarm” section on page 3-5.
Temperature Alarms The switch contains a temperature sensor that monitors the environmental conditions inside the
switch. The switch contains two alarms that are associated with temperature.
• The primary alarm is enabled automatically to trigger both at a low temperature (-20
high temperature (95
o
C) for the safe operation of the switch. It cannot be changed or disabled.
By default, the primary temperature alarm is associated with the major relay.
• You can use the secondary temperature alarm to trigger an alarm when the system temperature
is greater than the configured temperature threshold. The lower threshold is configurable
within the range of 40
o
C to the maximum threshold, 95oC. The secondary alarm is disabled by
default.
o
C) and a
For more information, see the “Configuring the Switch Temperature Alarms” section on page 3-6.
FCS Error Hysteresis Threshold
The Ethernet standard calls for a maximum bit error rate of 10-8. In the Catalyst 2955 switch, the bit error
rate configurable range is from 10
If you want to configure the bit error rate of 10
the FCS bit error rate is 10
You can set the FCS error hysteresis threshold to prevent the toggle of the alarm when the actual bit error
rate fluctuates near the configured bit error rate. The hysteresis threshold is defined as the ratio between
the alarm clear threshold to the alarm set threshold, expressed as a percentage value.
For example, if the FCS bit error rate alarm value is configured to 10
threshold. To set the alarm clear threshold at 5*10
h = alarm clear threshold / alarm set threshold
h = 5*10
The FCS hysteresis threshold is applied to all ports on the Catalyst 2955 switch. The allowable range is
from 1 to 10 percent. The default value is 10 percent. See the “Configuring the FCS Bit Error Rate
Alarm” section on page 3-7 for more information.
-10
/ 10-8 = 5*10-2 = 0.05 = 5 percent
-6
-11
to 10
-8
.
. The bit error rate input to the switch is a positive exponent.
-9
, then you enter the value 9 for the exponent. By default,
–8
-10
, the hysteresis, value h, is determined as follows:
, that value is the alarm set
3-2
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 3 Configuring Catalyst 2955 Switch Alarms
Port Status Monitoring Alarms
The Catalyst 2955 switch can also monitor the status of the Ethernet ports and generate alarm messages
based on the alarms listed in Table 3-2. To save user time and effort, the switch supports changing alarm
configurations by using alarm profiles. You can create a number of profiles and assign one of these
profiles to each Ethernet port.
Alarm profiles provide a mechanism for you to enable or disable alarm conditions for a port and
associate the alarm conditions with one or both alarm relays. You can also use alarm profiles to set alarm
conditions to send alarm traps to an SNMP server and system messages to a syslog server. The alarm
profile defaultPort is applied to all interfaces in the factory configuration (by default).
Note You can associate multiple alarms to one relay or one alarm to both relays.
Table 3-2 lists the port status monitoring alarms and their descriptions and functions. Each fault
condition is assigned a severity level based on the Cisco IOS System Error Message Severity Level.
Table 3-2 Catalyst 2955 Port Status Monitoring Alarms
Understanding Catalyst 2955 Switch Alarms
Alarm Description
Link Fault alarm The Catalyst 2955 switch generates a link fault alarm when there are problems with a port
physical layer that cause unreliable data transmission. A typical link fault condition is loss of
signal or clock. The link fault alarm is cleared automatically when the link fault condition is
cleared. The severity for this alarm is error condition, level 3.
Port not Forwarding alarm The switch generates a port not forwarding alarm when a port is not forwarding packets. This
alarm is cleared automatically when the port begins to forward packets. The severity for this
alarm is warning, level 4.
Port is not Operating alarm The switch generates a port is not operating alarm when it finds that a port is in a failed state
during the startup self-test. When triggered, the port is not operating alarm is only cleared
when the switch is restarted and the port is found to be operational. The severity for this alarm
is error condition, level 3.
FCS Bit Error Rate alarm The switch generates an FCS Bit Error Rate alarm when the actual FCS Bit Error Rate is close
to the configured FCS Bit Error Rate. You can set the FCS bit error rate by using the interface
configuration CLI for each of the ports. See the “Configuring the FCS Bit Error Rate Alarm”
section on page 3-7 for more information. The severity for this alarm is error condition, level
3.
Triggering Alarm Options
The switch supports three methods for triggering alarms:
78-11380-12
• Configurable Relays
The switch is equipped with two independent alarm relays that can be triggered by alarms for global
and port status conditions. The relays can be configured to send a fault signal to an external alarm
device, such as a bell, light, or other signaling device. You can associate any alarm condition with
either alarm relay or both relays. Each fault condition is assigned a severity level based on the Cisco
IOS System Error Message Severity Level.
See the “Configuring Catalyst 2955 Switch Alarms” section on page 3-4 for more information on
configuring the relays.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
3-3
Configuring Catalyst 2955 Switch Alarms
• SNMP Traps
SNMP is an application-layer protocol that provides a message format for communication between
managers and agents. The SNMP system consists of an SNMP manager, an SNMP agent, and a
management information base (MIB).
The snmp-server enable traps command can be modified in the Catalyst 2955 switch software to
allow the user to send alarm traps to an SNMP server. You can use alarm profiles to set
environmental or port status alarm conditions to send SNMP alarm traps. See the “Enabling SNMP
Traps” section on page 3-11 for more information.
• Syslog Messages
You can use alarm profiles to send system messages to a syslog server. See the “Configuring
Catalyst 2955 Switch Alarms” section on page 3-4 for more information.
Configuring Catalyst 2955 Switch Alarms
This section describes how to configure the Catalyst 2955 switch alarms:
• Default Catalyst 2955 Switch Alarm Configuration, page 3-4
• Configuring the Power Supply Alarm, page 3-5
Chapter 3 Configuring Catalyst 2955 Switch Alarms
• Configuring the Switch Temperature Alarms, page 3-6
• Configuring the FCS Bit Error Rate Alarm, page 3-7
• Configuring Alarm Profiles, page 3-9
• Enabling SNMP Traps, page 3-11
Default Catalyst 2955 Switch Alarm Configuration
Table 3-3 shows the default Catalyst 2955 switch alarms configuration.
Table 3-3 Default Catalyst 2955 Switch Alarm Configuration
Alarm Default Setting
Global Power Supply Alarm Enabled in switch single power mode. No alarm.
In dual power supply mode, the default alarm notification is a system
message to the console.
Primary Temperature Alarm Enabled for switch temperature range 95
The primary switch temperature alarm is associated with the major relay.
Secondary Temperature Alarm Disabled.
Port Link Fault Alarm Disabled on all interfaces.
Port not Forwarding Alarm Disabled on all interfaces.
Port is not Operating Alarm Enabled on all interfaces.
FCS Bit Error Rate Alarm Disabled on all interfaces.
0
C maximum to -20oC minimum.
3-4
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 3 Configuring Catalyst 2955 Switch Alarms
Configuring the Power Supply Alarm
This section describes how to configure the power supply alarm on your switch. It contains this
configuration information:
• Setting the Power Mode, page 3-5
• Setting the Power Supply Alarm Options, page 3-5
Setting the Power Mode
The Catalyst 2955 switch has two DC power inputs. By default, the system operates in the single power
mode. You can use the power-supply dual global configuration command to set the dual mode
operation. In dual-power mode, a second power supply gives power to the switch if the primary power
supply fails.
Beginning in privileged EXEC mode, follow these steps to set the switch to dual power mode operation:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
power-supply dual Set the system to dual mode operation.
end Return to privileged EXEC mode.
show alarm settings Verify the configuration.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Configuring Catalyst 2955 Switch Alarms
Use the no power-supply dual command to disable this alarm by setting the switch back to single power
mode operation.
Setting the Power Supply Alarm Options
Use the alarm facility power-supply global configuration command to associate the power supply
alarm to a relay. You can also configure all alarms and traps associated with the power supply alarm to
be sent to syslog and the SNMP server.
Beginning in privileged EXEC mode, follow these steps to associate the power supply alarm to a relay:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
configure terminal Enter global configuration mode.
alarm facility power-supply relay
Associate the power supply alarm to the major or minor relay.
{major | minor}
alarm facility power-supply notifies Configure sending power supply alarm traps to an SNMP server.
alarm facility power-supply syslog Configure sending power supply alarm traps to a syslog server.
end Return to privileged EXEC mode.
show alarm settings Verify the configuration.
copy running-config startup-config (Optional) Save your entries in the configuration file.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
3-5
Configuring Catalyst 2955 Switch Alarms
To disable sending the alarm to a relay, to syslog, or to an SNMP server, use the no alarm facility
power-supply relay, no alarm facility power-supply notifies, or no alarm facility power-supply
syslog global configuration commands.
Note Before you can use the notifies command to send alarm traps to an SNMP server, you must first set up
the SNMP server by using the snmp-server enable traps alarms global configuration command. See
the “Enabling SNMP Traps” section on page 3-11.
This example sets the power-supply monitoring alarm to the minor relay.
Switch(config) # alarm facility power-supply relay minor
Configuring the Switch Temperature Alarms
The temperature thresholds for the primary temperature alarm cannot be changed, but you can change
the association of the primary temperature alarm from the major relay to the minor relay. You can also
set a lower maximum temperature threshold for the secondary temperature alarm and associate the alarm
with either the major or minor relay.
Chapter 3 Configuring Catalyst 2955 Switch Alarms
This section describes how to configure the temperature alarms on your switch. It contains this
configuration information:
• Setting a Secondary Temperature Threshold for the Switch, page 3-6
• Associating the Temperature Alarms to a Relay, page 3-7
Setting a Secondary Temperature Threshold for the Switch
In global configuration mode, you can use the alarm facility temperature secondary command to set
a lower temperature threshold for the secondary temperature monitoring alarm. You can also use the
alarm facility temperature secondary command to associate the secondary temperature alarm to either
the major or minor alarm relay.
Beginning in privileged EXEC mode, follow these steps to set a lower temperature threshold:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
alarm facility temperature
secondary threshold
Set the secondary temperature threshold value. Enter values from 40 to 95 to
set threshold from 40
o
C to 95oC.
end Return to privileged EXEC mode.
show alarm settings Verify the configuration.
copy running-config startup-config (Optional) Save your entries in the configuration file.
3-6
Use the no alarm facility temperature secondary threshold global configuration command to disable
the secondary temperature threshold alarm.
This example disables the secondary temperature alarm.
Switch(config) # no alarm facility temperature secondary 45
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 3 Configuring Catalyst 2955 Switch Alarms
Associating the Temperature Alarms to a Relay
By default, the primary temperature alarm is associated to the major relay. You can use the alarm facility
temperature command to associate the primary temperature alarm to the minor relay, to an SNMP trap,
to a syslog message, or to associate the secondary temperature alarm to the major or minor relay, an
SNMP trap, or a syslog message.
Beginning in privileged EXEC mode, follow these steps to associate the secondary temperature alarm to
a relay:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
configure terminal Enter global configuration mode.
alarm facility temperature
Associate the primary or secondary temperature alarm to a relay
{primary | secondary} relay {major
| minor}
alarm facility temperature
{primary | secondary} notifies
alarm facility temperature
{primary | secondary} syslog
Configure sending primary or secondary temperature alarm traps to an
SNMP server.
Configure sending primary or secondary temperature alarm traps to a syslog
server.
end Return to privileged EXEC mode.
show alarm settings Verify the configuration.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Configuring Catalyst 2955 Switch Alarms
Note Before you can use the notifies command to send alarm traps to an SNMP server, you must first set up
the SNMP server by using the snmp-server enable traps alarms global configuration command. See
the “Enabling SNMP Traps” section on page 3-11.
Use the no alarm facility temperature secondary to disable the secondary temperature alarm.
This example sets the secondary temperature alarm to the minor relay, with a lower high temperature
threshold value of 45
o
C. All alarm and traps associated with this alarm will be sent to a syslog server
and an SNMP server.
Switch(config) # alarm facility temperature secondary 45
Switch(config) # alarm facility temperature secondary relay minor
Switch(config) # alarm facility temperature secondary syslog
Switch(config) # alarm facility temperature secondary notifies
This example sets the first (primary) temperature alarm to the major relay. All alarms and traps
associated with this alarm will be sent to a syslog server.
Switch(config) # alarm facility temperature primary syslog
Switch(config) # alarm facility temperature primary relay major
Configuring the FCS Bit Error Rate Alarm
This section describes how to configure the FCS bit error rate alarm on your switch:
• Setting the FCS Error Threshold, page 3-8
78-11380-12
• Setting the FCS Error Hysteresis Threshold, page 3-8
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
3-7
Configuring Catalyst 2955 Switch Alarms
Setting the FCS Error Threshold
The switch generates an FCS bit error rate alarm when the actual FCS bit error rate is close to the
configured FCS bit error rate. Use the fcs-threshold interface configuration command to set the FCS
error threshold.
Beginning in privileged EXEC mode, follow these steps to set the bit error rate value for a port:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
configure terminal Enter global configuration mode.
interface interface-id Enter the interface to be configured, and enter interface configuration mode.
fcs-threshold value Set the FCS error rate.
end Return to privileged EXEC mode.
show fcs-threshold Verify the setting.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Chapter 3 Configuring Catalyst 2955 Switch Alarms
For value, the range is 6 to 11 to set a maximum bit error rate of 10
By default, the FCS bit error rate is 10
-8
.
-6
to 10
-11
.
Use the no fcs-threshold interface configuration command to return to the default FCS threshold value.
This example shows how to set the FCS bit error rate for a port to 10
Switch# configure terminal
Switch(config)# interface fastethernet0/1
Switch(config-if) # fcs-threshold 10
Setting the FCS Error Hysteresis Threshold
The hysteresis setting prevents the toggle of an alarm when the actual bit error rate fluctuates near the
configured bit error rate. Use the alarm facility fcs-hysteresis global configuration command to set the
FCS error hysteresis threshold.
Note The FCS hysteresis threshold is applied to all ports of a Catalyst 2955 switch.
Beginning in privileged EXEC mode, follow these steps to set the FCS error hysteresis threshold for a
switch:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
alarm facility fcs-hysteresis
percentage
Set the hysteresis percentage for the switch.
For percentage, the range is 1 to 10. The default value is 10 percent.
end Return to privileged EXEC mode.
show running config Verify the configuration.
copy running-config startup-config (Optional) Save your entries in the configuration file.
-10
3-8
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 3 Configuring Catalyst 2955 Switch Alarms
Use the no alarm facility fcs-hysteresis command to set the FCS error hysteresis threshold to its default
value.
Note The show running config command displays any FCS error hysteresis that is not the default value.
This example shows how to set the FCS error hysteresis at 5 percent.
Switch(config) # alarm facility fcs-hysteresis 5
Configuring Alarm Profiles
This section describes how to configure alarm profiles on your switch. It contains this configuration
information:
• Creating or Modifying an Alarm Profile, page 3-9
• Attaching an Alarm Profile to a Specific Port, page 3-10
Creating or Modifying an Alarm Profile
Configuring Catalyst 2955 Switch Alarms
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
You can use the alarm profile global configuration command to create an alarm profile or to modify an
existing profile. When you create a new alarm profile, none of the alarms are enabled.
Note The only alarm enabled in the defaultPort profile is the Port is not Operating alarm.
Beginning in privileged EXEC mode, follow these steps to create an alarm profile:
Command Purpose
configure terminal Enter global configuration mode.
alarm profile name Create the new profile or identify an existing profile, and then enter alarm
profile configuration mode.
alarm alarm-id Add or modify alarm parameters for a specific alarm (see Table 3-4). The
values are 1 to 4. You an enter more than one alarm ID separated by a space.
notifies alarm-id (Optional) Configure the alarm to send an SNMP trap to an SNMP server.
relay-major alarm-id
relay-minor alarm-id
(Optional) Configure the alarm to send an alarm trap to the major relay.
(Optional) Configure the alarm to send an alarm trap to the minor relay.
syslog alarm-id (Optional) Configure the alarm to send an alarm trap to a syslog server.
end Return to privileged EXEC mode.
show alarm profile name Verify the configuration.
copy running-config startup-config (Optional) Save your entries in the configuration file.
78-11380-12
To delete an alarm profile, use the no alarm profile name global configuration command.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
3-9
Configuring Catalyst 2955 Switch Alarms
This example creates or modifies the alarm profile fastE for the fastEthernetPort with link-down
(alarmList ID 3) and an FCS error rate of 30 percent (alarmList ID 4) alarms enabled. The link-down
alarm is connected to the minor relay, and the FCS error rate alarm is connected to the major relay. These
alarms also send notifications to an SNMP server and send system messages to a syslog server.
Switch(config)# alarm profile fastE
Switch(config-alarm- prof)# alarm 3 4
Switch(config-alarm- prof)# relay major 4
Switch(config-alarm- prof)# relay minor 3
Switch(config-alarm- prof)# notifies 3 4
Switch(config-alarm- prof)# syslog 3 4
Note Before you can use the notifies command to send alarm traps to an SNMP server, you must first set up
the SNMP server by using the snmp-server enable traps alarms global configuration command. See
the “Enabling SNMP Traps” section on page 3-11.
Table 3-4 lists the alarmList IDs and their corresponding alarm definitions. For a description of these
alarms, see the “Port Status Monitoring Alarms” section on page 3-3.
Table 3-4 AlarmList ID Number Alarm Descriptions
Chapter 3 Configuring Catalyst 2955 Switch Alarms
AlarmList ID Alarm Description
1 Link fault
2 Port not forwarding
3 Port not operating
4 FCS error rate exceeds threshold
Attaching an Alarm Profile to a Specific Port
In interface configuration mode, you can use the alarm-profile command to attach an alarm profile to a
specific port.
Beginning in privileged EXEC mode, follow these steps to attach an alarm profile to a port:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
configure terminal Enter global configuration mode.
interface port interface Enter the number of the switch port to be configured, and the switch enters
interface configuration mode.
alarm-profile name Attach the specified profile to the interface.
end Return to privileged EXEC mode.
show alarm profile Verify the configuration.
copy running-config startup-config (Optional) Save your entries in the configuration file.
3-10
To detach an alarm profile from a specific port, use the no alarm-profile name interface configuration
command.
This example attaches an alarm profile named fastE to a port.
Switch(config)# interface fastethernet 0/2
Switch(config-if)# alarm profile fastE
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 3 Configuring Catalyst 2955 Switch Alarms
This example detaches an alarm profile named fastE from a port.
Switch(config)# interface FastEthernet 0/2
Switch(config-if)# no alarm profile fastE
Enabling SNMP Traps
Use the snmp-server enable traps alarms global configuration command to enable the switch to send
alarm traps.
Note Before using alarm profiles to set the switch to send SNMP alarm trap notifications to an SNMP server,
you must first enable SNMP by using the snmp-server enable traps alarms global configuration
command.
Beginning in privileged EXEC mode, follow these steps to enable the switch to send alarm traps:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
snmp-server enable traps alarms Enable the switch to send SNMP traps.
end Return to privileged EXEC mode.
show alarm settings Verify the configuration.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Displaying Catalyst 2955 Switch Alarms Status
Displaying Catalyst 2955 Switch Alarms Status
To display the global and port alarm status, use one or more of the privileged EXEC commands in
Table 3-5:
Table 3-5 Commands for Displaying Global and Port Alarm Status
Command Purpose
show alarm description port Displays an alarm number and its text description.
show alarm profile [name] Displays all alarm profiles in the system or a specified profile.
show alarm settings Displays all global alarm settings in the switch.
show env {all | power | temperature} Displays the status of environmental facilities on the Catalyst 2955 switch.
show alarm status [critical | info | major |
minor]
Displays generated alarms in the switch.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
3-11
Displaying Catalyst 2955 Switch Alarms Status
Chapter 3 Configuring Catalyst 2955 Switch Alarms
3-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
CHAPTER
4
Assigning the Switch IP Address and Default Gateway
This chapter describes how to create the initial switch configuration (for example, assign the switch IP
address and default gateway information) for the Catalyst 2950 or Catalyst 2955 switch by using a
variety of automatic and manual methods. It also describes how to modify the switch startup
configuration only on the Catalyst 2950 Long-Reach Ethernet (LRE) switches.
Note For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release and the Cisco IOS IP and IP Routing Command Reference, Release 12.1.
This chapter consists of these sections:
• Understanding the Boot Process, page 4-1
• Assigning Switch Information, page 4-2
• Checking and Saving the Running Configuration, page 4-11
• Modifying the Startup Configuration, page 4-11 (available only on the Catalyst 2950 LRE switch)
• Scheduling a Reload of the Software Image, page 4-16 (available only on the Catalyst 2950 LRE
switch)
Understanding the Boot Process
To start your switch, you need to follow the procedures in the hardware installation guide about installing
and powering on the switch, and setting up the initial configuration (IP address, subnet mask, default
gateway, secret and Telnet passwords, and so forth) of the switch.
The normal boot process involves the operation of the boot loader software, which performs these
activities:
• Performs low-level CPU initialization. It initializes the CPU registers, which control where physical
memory is mapped, its quantity, its speed, and so forth.
• Performs power-on self-test (POST) for the CPU subsystem. It tests the CPU DRAM and the portion
of the flash device that makes up the flash file system.
• Initializes the flash file system on the system board.
• Loads a default operating system software image into memory and boots the switch.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
4-1
Assigning Switch Information
The boot loader provides access to the flash file system before the operating system is loaded. Normally,
the boot loader is used only to load, uncompress, and launch the operating system. After the boot loader
gives the operating system control of the CPU, the boot loader is not active until the next system reset
or power on.
The boot loader also provides trap-door access into the system if the operating system has problems so
serious that it cannot be used. The trap-door mechanism provides enough access to the system so that if
it is necessary, you can format the flash file system, re-install the operating system software image by
using the XMODEM Protocol, recover from a lost or forgotten password, and finally restart the operating
system. For more information, see the “Recovering from a Software Failure” section on page 31-2, the
“Recovering from Lost or Forgotten Passwords on Non-LRE Catalyst 2950 Switches” section on
page 31-2, the “Recovering from Lost or Forgotten Passwords on Catalyst 2950 LRE Switches” section
on page 31-4, and the “Recovering from Lost or Forgotten Passwords on Catalyst 2955 Switches”
section on page 31-8.
Before you can assign switch information, make sure you have connected a PC or terminal to the console
port, and configured the PC or terminal-emulation software baud rate and character format to match
these of the switch console port:
• Baud rate default is 9600.
• Data bits default is 8.
Chapter 4 Assigning the Switch IP Address and Default Gateway
• Stop bits default is 1.
• Parity settings default is none.
Note If you are using Express Setup, do not connect any devices to the switch before starting Express Setup.
See your switch hardware installation guide for more information.
Note The Catalyst 2955 switches do not support Express Setup.
Assigning Switch Information
You can assign IP information through the switch Express Setup program, through the
command-line-interface (CLI)-based setup program, through a DHCP server, or manually by using the
CLI. If you are an experienced user familiar with the switch configuration steps, manually configure the
switch. Otherwise, use one of the setup programs.
Note The Catalyst 2955 switches do not support Express Setup.
Non-LRE Catalyst 2950 switches running a release prior to Cisco IOS Release 12.1(14)EA1 and
Catalyst 2950 LRE switches running a release prior to Cisco IOS Release 12.1(19)EA1 do not support
Express Setup.
4-2
Use the switch Express Setup or CLI-based setup program if you want to be prompted for specific IP
information. With these programs, you can also configure a default gateway, a host name, and a switch
(enable secret) password. You also have the option of assigning a Telnet password (to provide security
during remote management) and enabling Simple Network Management Protocol (SNMP). The
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 4 Assigning the Switch IP Address and Default Gateway
CLI-based setup program also allows you to configure your switch as a command or member switch of
a cluster or as a standalone switch. For more information about the Express Setup and CLI-based setup
programs, see the hardware installation guide for your switch.
Use a DHCP server for centralized control and automatic assignment of IP information after the server
is configured.
Note If you are using DHCP, do not respond to any of the questions in the setup program until the switch
receives the dynamically assigned IP address and reads the configuration file.
This section has this configuration information:
• Default Switch Information, page 4-3
• Understanding DHCP-Based Autoconfiguration, page 4-3
• Configuring DHCP-Based Autoconfiguration, page 4-5
• Manually Assigning IP Information, page 4-10
Assigning Switch Information
Default Switch Information
Table 4-1 shows the default switch information.
Table 4-1 Default Switch Information
Feature Default Setting
IP address and subnet mask No IP address or subnet mask are defined.
Default gateway No default gateway is defined.
Enable secret password No password is defined.
Hostname The factory-assigned default host name is Switch.
Telnet password No password is defined.
Cluster command switch functionality Disabled.
Cluster name No cluster name is defined.
Understanding DHCP-Based Autoconfiguration
DHCP provides configuration information to Internet hosts and internetworking devices. This protocol
consists of two components: one for delivering configuration parameters from a DHCP server to a device
and a mechanism for allocating network addresses to devices. DHCP is built on a client-server model,
in which designated DHCP servers allocate network addresses and deliver configuration parameters to
dynamically configured devices. The switch can act as both a DHCP client and a DHCP server.
78-11380-12
Note The DHCP server feature is only available on Catalyst 2955 switches.
During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at
startup with IP address information and a configuration file.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
4-3
Assigning Switch Information
With DHCP-based autoconfiguration, no DHCP client-side configuration is needed on your switch.
However, you need to configure the DHCP server for various lease options associated with IP addresses.
If you are using DHCP to relay the configuration file location on the network, you might also need to
configure a TFTP server and a Domain Name System (DNS) server.
The DHCP server for your switch can be on the same LAN or on a different LAN than the switch. If the
DHCP server is running on a different LAN, you should configure a DHCP relay device between your
switch and the DHCP server. A relay device forwards broadcast traffic between two directly connected
LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP
address in the received packet.
DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.
DHCP Client Request Process
When you boot your switch, the DHCP client is invoked and requests configuration information from a
DHCP server when the configuration file is not present on the switch.
DHCP autoconfiguration does not occur under these conditions:
• When a configuration file is present and the service config global configuration command is
disabled on the switch.
Chapter 4 Assigning the Switch IP Address and Default Gateway
• When a configuration file is present and the service config global configuration command is enabled
on the switch. In this case, the switch broadcasts TFTP requests for the configuration file.
Figure 4-1 shows the sequence of messages that are exchanged between the DHCP client and the DHCP
server.
Figure 4-1 DHCP Client and Server Message Exchange
DHCPDISCOVER (broadcast)
Switch A
DHCPOFFER (unicast)
DHCPREQUEST (broadcast)
DHCPACK (unicast)
DHCP server
51807
The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP
server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP
address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.
In a DHCPREQUEST broadcast message, the client returns a formal request for the offered
configuration information to the DHCP server. The formal request is broadcast so that all other DHCP
servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP
addresses that they offered to the client.
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK
unicast message to the client. With this message, the client and server are bound, and the client uses
configuration information received from the server. The amount of information the switch receives
depends on how you configure the DHCP server. For more information, see the “DHCP Server
Configuration Guidelines” section on page 4-5.
4-4
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a
configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 4 Assigning the Switch IP Address and Default Gateway
The DHCP server sends the client a DHCPNAK denial broadcast message, which means that the offered
configuration parameters have not been assigned, that an error has occurred during the negotiation of the
parameters, or that the client has been slow in responding to the DHCPOFFER message (the DHCP
server assigned the parameters to another client).
A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any of the
offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is
not a guarantee that the IP address is allocated to the client; however, the server usually reserves the
address until the client has had a chance to formally request the address. If the switch accepts replies
from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to
obtain the switch configuration file.
Configuring DHCP-Based Autoconfiguration
These sections describe how to configure DHCP-based autoconfiguration.
• DHCP Server Configuration Guidelines, page 4-5
• Configuring the TFTP Server, page 4-6
• Configuring the DNS, page 4-6
Assigning Switch Information
• Configuring the Relay Device, page 4-7
• Obtaining Configuration Files, page 4-8
• Example Configuration, page 4-9
If your DHCP server is a Cisco device, or if you are configuring the switch as a DHCP server, see the
“IP Addressing and Services” section in the Cisco IOS IP and IP Routing Configuration Guide for Cisco
IOS Release 12.1 for additional information about configuring DHCP.
DHCP Server Configuration Guidelines
Follow these guidelines if you are configuring a device as a DHCP server:
The switch can act as both the DHCP client and the DHCP server. By default, the Cisco IOS DHCP
server and relay agent features are enabled on your switch.
Note The DHCP server feature is only available on Catalyst 2955 switches.
You should configure the DHCP server with reserved leases that are bound to each switch by the switch
hardware address.
If you want the switch to receive IP address information, you must configure the DHCP server with these
lease options:
• IP address of the client (required)
78-11380-12
• Subnet mask of the client (required)
• DNS server IP address (optional)
• Router IP address (default gateway address to be used by the switch) (required)
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
4-5
Assigning Switch Information
If you want the switch to receive the configuration file from a TFTP server, you must configure the
DHCP server with these lease options:
• TFTP server name (required)
• Boot filename (the name of the configuration file that the client needs) (recommended)
• Host name (optional)
Depending on the settings of the DHCP server, the switch can receive IP address information, the
configuration file, or both.
If you do not configure the DHCP server with the lease options described previously, it replies to client
requests with only those parameters that are configured. If the IP address and subnet mask are not in the
reply, the switch is not configured. If the router IP address or TFTP server name are not found, the switch
might send broadcast, instead of unicast, TFTP requests. Unavailability of other lease options does not
affect autoconfiguration.
Configuring the TFTP Server
Based on the DHCP server configuration, the switch attempts to download one or more configuration
files from the TFTP server. If you configured the DHCP server to respond to the switch with all the
options required for IP connectivity to the TFTP server, and if you configured the DHCP server with a
TFTP server name, address, and configuration filename, the switch attempts to download the specified
configuration file from the specified TFTP server.
Chapter 4 Assigning the Switch IP Address and Default Gateway
If you did not specify the configuration filename, the TFTP server, or if the configuration file could not
be downloaded, the switch attempts to download a configuration file by using various combinations of
filenames and TFTP server addresses. The files include the specified configuration filename (if any) and
these files: network-config, cisconet.cfg, hostname.config, or hostname.cfg, where hostname is the
switch’s current hostname. The TFTP server addresses used include the specified TFTP server address
(if any) and the broadcast address (255.255.255.255).
For the switch to successfully download a configuration file, the TFTP server must contain one or more
configuration files in its base directory. The files can include these files:
• The configuration file named in the DHCP reply (the actual switch configuration file).
• The network-confg or the cisconet.cfg file (known as the default configuration files).
• The router-confg or the ciscortr.cfg file (These files contain commands common to all switches.
If you specify the TFTP server name in the DHCP server-lease database, you must also configure the
TFTP server name-to-IP-address mapping in the DNS-server database.
If the TFTP server to be used is on a different LAN from the switch, or if it is to be accessed by the switch
through the broadcast address (which occurs if the DHCP server response does not contain all the
required information described previously), a relay must be configured to forward the TFTP packets to
the TFTP server. For more information, see the “Configuring the Relay Device” section on page 4-7. The
preferred solution is to configure the DHCP server with all the required information.
Configuring the DNS
Normally, if the DHCP and TFTP servers are properly configured, these files are not accessed.)
4-6
The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must
configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the
configuration files for the switch.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 4 Assigning the Switch IP Address and Default Gateway
You can configure the IP addresses of the DNS servers in the lease database of the DHCP server from
where the DHCP replies will retrieve them. You can enter up to two DNS server IP addresses in the lease
database.
The DNS server can be on the same or on a different LAN as the switch. If it is on a different LAN, the
switch must be able to access it through a router.
Configuring the Relay Device
You must configure a relay device, also referred to an a relay agent, when a switch sends broadcast
packets that require a response from a host on a different LAN. Examples of broadcast packets that the
switch might send are DHCP, DNS, and in some cases, TFTP packets. You must configure this relay
device to forward received broadcast packets on an interface to the destination host.
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and
configure helper addresses by using the ip helper-address interface configuration command.
For example, in Figure 4-2, configure the router interfaces as follows:
On interface 10.0.0.2:
router(config-if)# ip helper-address 20.0.0.2
router(config-if)# ip helper-address 20.0.0.3
router(config-if)# ip helper-address 20.0.0.4
Assigning Switch Information
On interface 20.0.0.1
router(config-if)# ip helper-address 10.0.0.1
Figure 4-2 Relay Device Used in Autoconfiguration
Switch
(DHCP client)
10.0.0.1
20.0.0.2 20.0.0.3
DHCP server TFTP server DNS server
Cisco router
(Relay)
10.0.0.2
20.0.0.1
20.0.0.4
49068
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
4-7
Assigning Switch Information
Obtaining Configuration Files
Depending on the availability of the IP address and the configuration filename in the DHCP reserved
lease, the switch obtains its configuration information in these ways:
• The IP address and the configuration filename is reserved for the switch and provided in the DHCP
reply (one-file read method).
The switch receives its IP address, subnet mask, TFTP server address, and the configuration
filename from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve
the named configuration file from the base directory of the server, and upon receipt, it completes its
boot-up process.
• The IP address and the configuration filename is reserved for the switch, but the TFTP server
address is not provided in the DHCP reply (one-file read method).
The switch receives its IP address, subnet mask, and the configuration filename from the DHCP
server. The switch sends a broadcast message to a TFTP server to retrieve the named configuration
file from the base directory of the server, and upon receipt, it completes its boot-up process.
• Only the IP address is reserved for the switch and provided in the DHCP reply. The configuration
filename is not provided (two-file read method).
Chapter 4 Assigning the Switch IP Address and Default Gateway
The switch receives its IP address, subnet mask, and the TFTP server address from the DHCP server.
The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg
default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg
file.)
The default configuration file contains the host names-to-IP-address mapping for the switch. The
switch fills its host table with the information in the file and obtains its host name. If the host name
is not found in the file, the switch uses the host name in the DHCP reply. If the host name is not
specified in the DHCP reply, the switch uses the default Switch as its host name.
After obtaining its host name from the default configuration file or the DHCP reply, the switch reads
the configuration file that has the same name as its host name (hostname-confg or hostname.cfg,
depending on whether network-confg or cisconet.cfg was read earlier) from the TFTP server. If the
cisconet.cfg file is read, the filename of the host is truncated to eight characters.
If the switch cannot read the network-confg, cisconet.cfg, or the hostname file, it reads the
router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file.
Note The switch broadcasts TFTP server requests if the TFTP server is not obtained from the DHCP replies,
if all attempts to read the configuration file through unicast transmissions fail, or if the TFTP server
name cannot be resolved to an IP address.
4-8
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 4 Assigning the Switch IP Address and Default Gateway
Example Configuration
Figure 4-3 shows a sample network for retrieving IP information by using DHCP-based autoconfiguration.
Figure 4-3 DHCP-Based Autoconfiguration Network Example
Assigning Switch Information
Switch 1
00e0.9f1e.2001
Cisco router
10.0.0.10
DHCP server DNS server TFTP server
Switch 2
00e0.9f1e.2002
10.0.0.1
Switch 3
00e0.9f1e.2003
10.0.0.2 10.0.0.3
(tftpserver)
Switch 4
00e0.9f1e.2004
111394
Table 4-2 shows the configuration of the reserved leases on the DHCP server.
Table 4-2 DHCP Server Configuration
Switch-1 Switch-2 Switch-3 Switch-4
Binding key
00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004
(hardware address)
IP address 10.0.0.21 10.0.0.22 10.0.0.23 10.0.0.24
Subnet mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Router address 10.0.0.10 10.0.0.10 10.0.0.10 10.0.0.10
DNS server address 10.0.0.2 10.0.0.2 10.0.0.2 10.0.0.2
TFTP server name tftpserver or 10.0.0.3 tftpserver or 10.0.0.3 tftpserver or 10.0.0.3 tftpserver or 10.0.0.3
Boot filename
switcha-confg switchb-confg switchc-confg switchd-confg
(configuration file)
(optional)
Host name (optional) switcha switchb switchc switchd
78-11380-12
DNS Server Configuration
The DNS server maps the TFTP server name tftpserver to IP address 10.0.0.3.
TFTP Server Configuration (on UNIX)
The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file
used in the two-file read method. This file contains the host name to be assigned to the switch based on
its IP address. The base directory also contains a configuration file for each switch (switcha-confg,
switchb-confg, and so forth) as shown in this display:
prompt> cd /tftpserver/work/
prompt> ls
network-confg
switcha-confg
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
4-9
Assigning Switch Information
switchb-confg
switchc-confg
switchd-confg
prompt> cat network-confg
ip host switch1 10.0.0.21
ip host switch2 10.0.0.22
ip host switch3 10.0.0.23
ip host switch4 10.0.0.24
DHCP Client Configuration
No configuration file is present on Switch A through Switch D.
Configuration Explanation
In Figure 4-3, Switch A reads its configuration file as follows:
• It obtains its IP address 10.0.0.21 from the DHCP server.
• If no configuration filename is given in the DHCP server reply, Switch A reads the network-confg
file from the base directory of the TFTP server.
• It adds the contents of the network-confg file to its host table.
• It reads its host table by indexing its IP address 10.0.0.21 to its host name (switcha).
Chapter 4 Assigning the Switch IP Address and Default Gateway
• It reads the configuration file that corresponds to its host name; for example, it reads switch1-confg
from the TFTP server.
Switches B through D retrieve their configuration files and IP addresses in the same way.
Manually Assigning IP Information
Beginning in privileged EXEC mode, follow these steps to manually assign IP information to VLANs or
ports:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
configure terminal Enter global configuration mode.
interface vlan vlan-id Enter interface configuration mode, and enter the VLAN to which the IP
information is assigned. The range is 1 to 4094 when the enhanced
software image is installed and 1 to 1001 when the standard software
image is installed.
ip address ip-address subnet-mask Enter the IP address and subnet mask.
exit Return to global configuration mode.
ip default-gateway ip-address Enter the IP address of the next-hop router interface that is directly
connected to the switch where a default gateway is being configured. The
default gateway receives IP packets with unresolved destination IP
addresses from the switch.
Step 6
Step 7
4-10
Once the default gateway is configured, the switch has connectivity to the
remote networks with which a host needs to communicate.
Note When your switch is configured to route with IP, it does not need
to have a default gateway set.
end Return to privileged EXEC mode.
show interfaces vlan vlan-id Verify the configured IP address.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 4 Assigning the Switch IP Address and Default Gateway
Checking and Saving the Running Configuration
Command Purpose
Step 8
Step 9
show ip redirects Verify the configured default gateway.
copy running-config startup-config (Optional) Save your entries in the configuration file.
To remove the switch IP address, use the no ip address interface configuration command. If you are
removing the address through a Telnet session, your connection to the switch will be lost. To remove the
default gateway address, use the no ip default-gateway global configuration command.
For information on setting the switch system name, protecting access to privileged EXEC commands,
and setting time and calendar services, see Chapter 7, “Administering the Switch.”
Checking and Saving the Running Configuration
You can check the configuration settings you entered or changes you made by entering the show
running-config privileged EXEC command: For information about the output of this command, see the
Cisco IOS Configuration Fundamental Command Reference for Release 12.1.
To store the configuration or changes you have made to your startup configuration in flash memory, enter
the copy running-config startup-config privileged EXEC command. This command saves the
configuration settings that you made. If you fail to do this, your configuration will be lost the next time
you reload the system. To display information stored in the NVRAM section of flash memory, use the
show startup-config or more startup-config privileged EXEC command.
For more information about alternative locations from which to copy the configuration file on the
Catalyst 2950 LRE switches, see Appendix B, “Working with the Cisco IOS File System, Configuration
Files, and Software Images.”
Modifying the Startup Configuration
This section describes how to modify the switch startup configuration only on a Catalyst 2950 LRE
switch. It contains this configuration information:
• Default Boot Configuration, page 4-12
• Automatically Downloading a Configuration File, page 4-12
• Specifying the Filename to Read and Write the System Configuration, page 4-12
• Booting Manually, page 4-13
• Booting a Specific Software Image, page 4-13
• Controlling Environment Variables, page 4-14
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
4-11
Chapter 4 Assigning the Switch IP Address and Default Gateway
Modifying the Startup Configuration
Default Boot Configuration
Table 4-3 shows the default boot configuration.
Table 4-3 Default Boot Configuration
Feature Default Setting
Operating system software image The switch attempts to automatically boot the system using information in the BOOT
environment variable. If the variable is not set, the switch attempts to load and
execute the first executable image it can by performing a recursive, depth-first search
throughout the flash file system.
The software image is stored in a directory that has the same name as the image file
(excluding the .bin extension).
In a depth-first search of a directory, each encountered subdirectory is completely
searched before continuing the search in the original directory.
Configuration file Configured switches use the config.text file stored on the system board in flash
memory.
A new switch has no configuration file.
Automatically Downloading a Configuration File
You can automatically download a configuration file to your switch by using the DHCP-based
autoconfiguration feature. For more information, see the “Understanding DHCP-Based
Autoconfiguration” section on page 4-3.
Specifying the Filename to Read and Write the System Configuration
By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the
system configuration. However, you can specify a different filename that will be loaded during the next
boot cycle.
Beginning in privileged EXEC mode, follow these steps to specify a different configuration filename:
Command Purpose
Step 1
Step 2
configure terminal Enter global configuration mode.
boot config-file flash:/file-url Specify the configuration file to load during the next boot cycle.
For file-url, specify the path (directory) and the configuration
filename.
Step 3
Step 4
Step 5
4-12
Filenames and directory names are case sensitive.
end Return to privileged EXEC mode.
show boot Verify your entries.
The boot config-file global configuration command changes the
setting of the CONFIG_FILE environment variable.
copy running-config startup-config (Optional) Save your entries in the configuration file.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 4 Assigning the Switch IP Address and Default Gateway
To return to the default setting, use the no boot config-file global configuration command.
Booting Manually
By default, the switch automatically boots; however, you can configure it to manually boot.
Beginning in privileged EXEC mode, follow these steps to configure the switch to manually boot during
the next boot cycle:
Command Purpose
Step 1
Step 2
Step 3
Step 4
configure terminal Enter global configuration mode.
boot manual Enable the switch to manually boot during the next boot cycle.
end Return to privileged EXEC mode.
show boot Verify your entries.
Modifying the Startup Configuration
The boot manual global command changes the setting of the
MANUAL_BOOT environment variable.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
To disable manual booting, use the no boot manual global configuration command.
Booting a Specific Software Image
By default, the switch attempts to automatically boot the system using information in the BOOT
environment variable. If this variable is not set, the switch attempts to load and execute the first
executable image it can by performing a recursive, depth-first search throughout the flash file system. In
a depth-first search of a directory, each encountered subdirectory is completely searched before
continuing the search in the original directory. However, you can specify a specific image to boot.
The next time you reboot the system, the switch is in boot loader
mode, shown by the switch: prompt. To boot the system, use the
boot filesystem:/file-url boot loader command.
• For filesystem:, use flash: for the system board flash device.
• For file-url, specify the path (directory) and the name of the
bootable image.
Filenames and directory names are case sensitive.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
4-13
Modifying the Startup Configuration
Beginning in privileged EXEC mode, follow these steps to configure the switch to boot a specific image
during the next boot cycle:
Command Purpose
Step 1
Step 2
Step 3
Step 4
configure terminal Enter global configuration mode.
boot system filesystem:/file-url Configure the switch to boot a specific image in flash memory during the
end Return to privileged EXEC mode.
show boot Verify your entries.
Chapter 4 Assigning the Switch IP Address and Default Gateway
next boot cycle.
• For filesystem:, use flash: for the system board flash device.
• For file-url, specify the path (directory) and the name of the bootable
image.
Filenames and directory names are case sensitive.
The boot system global command changes the setting of the BOOT
environment variable.
During the next boot cycle, the switch attempts to automatically boot the
system using information in the BOOT environment variable.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
To return to the default setting, use the no boot system global configuration command.
Controlling Environment Variables
You enter the boot loader mode only through a switch console connection configured for 9600 bps.
Unplug the switch power cord, and press the switch Mode button while reconnecting the power cord.
Release the Mode button a second or two after the LED above port 1X turns off. Then the boot loader
switch: prompt appears.
The switch boot loader software provides support for nonvolatile environment variables, which can be
used to control how the boot loader, or any other software running on the system, behaves. Boot loader
environment variables are similar to environment variables that can be set on UNIX or DOS systems.
Environment variables that have values are stored in the flash file system in various files as shown in
Table 4-4.
Table 4-4 Environment Variables Storage Location
Environment Variable Location (file system:filename)
BAUD, ENABLE_BREAK, CONFIG_BUFSIZE,
CONFIG_FILE, MANUAL_BOOT, PS1
BOOT, BOOTHLPR, HELPER, HELPER_CONFIG_FILE flash:system_env_vars
flash:env_vars
4-14
Each line in these files contains an environment variable name and an equal sign followed by the value
of the variable. A variable has no value if it is not listed in this file; it has a value if it is listed in the file
even if the value is a null string. A variable that is set to a null string (for example, “ ”) is a variable with
a value. Many environment variables are predefined and have default values.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 4 Assigning the Switch IP Address and Default Gateway
Modifying the Startup Configuration
Environment variables store two kinds of data:
• Data that controls code, which does not read the Cisco IOS configuration file. For example, the name
of a boot loader helper file, which extends or patches the functionality of the boot loader can be
stored as an environment variable.
• Data that controls code, which is responsible for reading the Cisco IOS configuration file. For
example, the name of the Cisco IOS configuration file can be stored as an environment variable.
You can change the settings of the environment variables by accessing the boot loader or by using Cisco
IOS commands. It is not necessary to alter the setting of the environment variables.
Note For complete syntax and usage information for the boot loader commands and environment variables,
see the command reference for this release.
Table 4-5 describes the function of the most common environment variables.
Table 4-5 Environment Variables
Variable Boot Loader Command Cisco IOS Global Configuration Command
MANUAL_BOOT set MANUAL_BOOT yes
boot manual
Decides whether the switch automatically or
manually boots.
Valid values are 1, yes, 0, and no. If it is set
to no or 0, the boot loader attempts to
automatically boot the system. If it is set to
anything else, you must manually boot the
switch from the boot loader mode.
BOOT set BOOT filesystem:/file-url ...
A semicolon-separated list of executable
files to try to load and execute when
automatically booting. If the BOOT
environment variable is not set, the system
attempts to load and execute the first
executable image it can find by using a
recursive, depth-first search through the
flash file system. If the BOOT variable is set
but the specified images cannot be loaded,
the system attempts to boot the first bootable
file that it can find in the flash file system.
Enables manually booting the switch during
the next boot cycle and changes the setting of
the MANUAL_BOOT environment variable.
The next time you reboot the system, the
switch is in boot loader mode. To boot the
system, use the boot flash:filesystem:/file-url
boot loader command, and specify the name
of the bootable image.
boot system filesystem:/file-url
Specifies the software image to load during
the next boot cycle. This command changes
the setting of the BOOT environment
variable.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
4-15
Chapter 4 Assigning the Switch IP Address and Default Gateway
Scheduling a Reload of the Software Image
Table 4-5 Environment Variables (continued)
Variable Boot Loader Command Cisco IOS Global Configuration Command
CONFIG_FILE set CONFIG_FILE flash:/file-url
Changes the filename that the software uses
to read and write a nonvolatile copy of the
system configuration.
CONFIG_BUFSIZE set CONFIG_BUFSIZE size
Changes the buffer size that the software
uses to hold a copy of the configuration file
in memory. The configuration file cannot be
larger than the buffer size allocation. The
range is from 4096 to 524288 bytes.
boot config-file flash:/file-url
Specifies the filename that the software uses
to read and write a nonvolatile copy of the
system configuration. This command changes
the CONFIG_FILE environment variable.
boot buffersize size
Specifies the size of the file system-simulated
NVRAM in flash memory. The buffer holds a
copy of the configuration file in memory. This
command changes the setting of the
CONFIG_BUFSIZE environment variable.
You must reload the switch by using the
reload privileged EXEC command for this
command to take effect.
Scheduling a Reload of the Software Image
You can schedule a reload of the software image to occur only an LRE switch at a later time (for example,
late at night or during the weekend when the switch is used less), or you can synchronize a reload
network-wide (for example, to perform a software upgrade on all switches in the network).
Note A scheduled reload must take place within approximately 24 days.
Configuring a Scheduled Reload
To configure your switch to reload the software image at a later time, use one of these commands in
privileged EXEC mode:
• reload in [hh:]mm [text]
This command schedules a reload of the software to take affect in the specified minutes or hours and
minutes. The reload must take place within approximately 24 days. You can specify the reason for
the reload in a string up to 255 characters in length.
• reload at hh:mm [month day | day month] [text]
This command schedules a reload of the software to take place at the specified time (using a 24-hour
clock). If you specify the month and day, the reload is scheduled to take place at the specified time
and date. If you do not specify the month and day, the reload takes place at the specified time on the
current day (if the specified time is later than the current time) or on the next day (if the specified
time is earlier than the current time). Specifying 00:00 schedules the reload for midnight.
4-16
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 4 Assigning the Switch IP Address and Default Gateway
Note Use the at keyword only if the switch system clock has been set (through Network Time
Protocol (NTP), the hardware calendar, or manually). The time is relative to the configured
time zone on the switch. To schedule reloads across several switches to occur
simultaneously, the time on each switch must be synchronized with NTP.
The reload command halts the system. If the system is not set to manually boot, it reboots itself. Use the
reload command after you save the switch configuration information to the startup configuration (copy
running-config startup-config).
If your switch is configured for manual booting, do not reload it from a virtual terminal. This restriction
prevents the switch from entering the boot loader mode and thereby taking it from the remote user’s
control.
If you modify your configuration file, the switch prompts you to save the configuration before reloading.
During the save operation, the system requests whether you want to proceed with the save if the
CONFIG_FILE environment variable points to a startup configuration file that no longer exists. If you
proceed in this situation, the system enters setup mode upon reload.
This example shows how to reload the software on the switch on the current day at 7:30 p.m:
Switch# reload at 19:30
Reload scheduled for 19:30:00 UTC Wed Jun 5 1996 (in 2 hours and 25 minutes)
Proceed with reload? [confirm]
Scheduling a Reload of the Software Image
This example shows how to reload the software on the switch at a future time:
Switch# reload at 02:00 jun 20
Reload scheduled for 02:00:00 UTC Thu Jun 20 1996 (in 344 hours and 53 minutes)
Proceed with reload? [confirm]
To cancel a previously scheduled reload, use the reload cancel privileged EXEC command.
Displaying Scheduled Reload Information
To display information about a previously scheduled reload or to determine if a reload has been
scheduled on the switch, use the show reload privileged EXEC command.
It displays reload information including the time the reload is scheduled to occur and the reason for the
reload (if it was specified when the reload was scheduled).
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
4-17
Scheduling a Reload of the Software Image
Chapter 4 Assigning the Switch IP Address and Default Gateway
4-18
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
CHAPTER
5
Configuring IE2100 CNS Agents
This chapter describes how to configure the Intelligence Engine 2100 (IE2100) Series Cisco Networking
Services (CNS) embedded agents on your Catalyst 2950 or Catalyst 2955 switch. To use the feature
described in this chapter, you must have the enhanced software image (EI) installed on your switch.
Note For complete syntax and usage information for the commands used in this section, see the Cisco
Intelligence Engine 2100 Series Configuration Registrar Manual, and select Cisco IOS Software
Release 12.2 > New Feature Documentation > 12.2(2)T on Cisco.com.
This chapter consists of these sections:
• Understanding IE2100 Series Configuration Registrar Software, page 5-1
• Understanding CNS Embedded Agents, page 5-5
• Configuring CNS Embedded Agents, page 5-6
• Displaying CNS Configuration, page 5-12
Understanding IE2100 Series Configuration Registrar Software
The IE2100 Series Configuration Registrar is a network management device that acts as a configuration
service for automating the deployment and management of network devices and services
(see Figure 5-1). Each Configuration Registrar manages a group of Cisco IOS devices (switches and
routers) and the services that they deliver, storing their configurations and delivering them as needed.
The Configuration Registrar automates initial configurations and configuration updates by generating
device-specific configuration changes, sending them to the device, executing the configuration change,
and logging the results.
The Configuration Registrar supports standalone and server modes and has these CNS components:
• Configuration service (web server, file manager, and namespace mapping server)
• Event service (event gateway)
• Data service directory (data models and schema)
In standalone mode, the Configuration Registrar supports an embedded CNS Directory Service. In this
mode, no external directory or other data store is required. In server mode, the Configuration Registrar
supports the use of a user-defined external directory.
78-11380-12
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
5-1
Understanding IE2100 Series Configuration Registrar Software
Figure 5-1 Configuration Registrar Architectural Overview
Service provider network
Chapter 5 Configuring IE2100 CNS Agents
Configuration
registrar
Data service
directory
Configuration server
Event service
Web-based
user interface
Order entry
configuration management
These sections contain this conceptual information:
• CNS Configuration Service, page 5-2
• CNS Event Service, page 5-3
• What You Should Know About ConfigID, DeviceID, and Host Name, page 5-3
71444
CNS Configuration Service
The CNS Configuration Service is the core component of the Configuration Registrar. It consists of a
configuration server that works with CNS configuration agents located on the switch. The CNS
Configuration Service delivers device and service configurations to the switch for initial configuration
and mass reconfiguration by logical groups. Switches receive their initial configuration from the CNS
Configuration Service when they start up on the network for the first time.
The CNS Configuration Service uses the CNS Event Service to send and receive configuration change
events and to send success and failure notifications.
The configuration server is a web server that uses configuration templates and the device-specific
configuration information stored in the embedded (standalone mode) or remote (server mode) directory.
Configuration templates are text files containing static configuration information in the form of CLI
commands. In the templates, variables are specified using lightweight directory access protocol (LDAP)
URLs that reference the device-specific configuration information stored in a directory.
The configuration agent can perform a syntax check on received configuration files and publish events
to indicate the success or failure of the syntax check. The configuration agent can either apply
configurations immediately or delay the application until receipt of a synchronization event from the
configuration server.
5-2
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Loading...