Page is loading ...
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Catalyst 2960 and 2960-S Switch Software Configuration Guide
Copyright © 2004–2010 Cisco Systems, Inc. All rights reserved.
iii
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
CONTENTS
Preface xxxvii
Audience xxxvii
Purpose xxxvii
Conventions xxxviii
Related Publications xxxix
Obtaining Documentation, Obtaining Support, and Security Guidelines xl
CHAPTER
1 Overview 1-1
Features 1-1
Ease-of-Deployment and Ease-of-Use Features 1-2
Performance Features 1-4
Management Options 1-5
Manageability Features 1-6
Availability and Redundancy Features 1-8
VLAN Features 1-9
Security Features 1-10
QoS and CoS Features 1-13
Layer 3 Features 1-15
Power over Ethernet Features 1-15
Monitoring Features 1-15
Default Settings After Initial Switch Configuration 1-16
Network Configuration Examples 1-18
Design Concepts for Using the Switch 1-19
Small to Medium-Sized Network Using Catalyst 2960 and 2960-S Switches 1-22
Long-Distance, High-Bandwidth Transport Configuration 1-23
Where to Go Next 1-24
CHAPTER
2 Using the Command-Line Interface 2-1
Understanding Command Modes 2-1
Understanding the Help System 2-3
Understanding Abbreviated Commands 2-3
Understanding no and default Forms of Commands 2-4
Understanding CLI Error Messages 2-4
Contents
iv
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Using Configuration Logging 2-4
Using Command History 2-5
Changing the Command History Buffer Size 2-5
Recalling Commands 2-6
Disabling the Command History Feature 2-6
Using Editing Features 2-6
Enabling and Disabling Editing Features 2-6
Editing Commands through Keystrokes 2-7
Editing Command Lines that Wrap 2-8
Searching and Filtering Output of show and more Commands 2-9
Accessing the CLI 2-9
Accessing the CLI through a Console Connection or through Telnet 2-10
CHAPTER
3 Assigning the Switch IP Address and Default Gateway 3-1
Understanding the Boot Process 3-1
Assigning Switch Information 3-2
Default Switch Information 3-3
Understanding DHCP-Based Autoconfiguration 3-3
DHCP Client Request Process 3-4
Understanding DHCP-based Autoconfiguration and Image Update 3-5
DHCP Autoconfiguration 3-5
DHCP Auto-Image Update 3-5
Limitations and Restrictions 3-6
Configuring DHCP-Based Autoconfiguration 3-6
DHCP Server Configuration Guidelines 3-6
Configuring the TFTP Server 3-7
Configuring the DNS 3-8
Configuring the Relay Device 3-8
Obtaining Configuration Files 3-9
Example Configuration 3-10
Configuring the DHCP Auto Configuration and Image Update Features 3-11
Configuring DHCP Autoconfiguration (Only Configuration File) 3-11
Configuring DHCP Auto-Image Update (Configuration File and Image) 3-12
Configuring the Client 3-14
Manually Assigning IP Information 3-15
Checking and Saving the Running Configuration 3-15
Configuring the NVRAM Buffer Size 3-16
Modifying the Startup Configuration 3-17
Default Boot Configuration 3-18
Contents
v
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Automatically Downloading a Configuration File 3-18
Specifying the Filename to Read and Write the System Configuration 3-18
Booting Manually 3-19
Booting a Specific Software Image 3-20
Controlling Environment Variables 3-21
Scheduling a Reload of the Software Image 3-22
Configuring a Scheduled Reload 3-23
Displaying Scheduled Reload Information 3-24
CHAPTER
4 Configuring Cisco IOS Configuration Engine 4-1
Understanding Cisco Configuration Engine Software 4-1
Configuration Service 4-2
Event Service 4-3
NameSpace Mapper 4-3
What You Should Know About the CNS IDs and Device Hostnames 4-3
ConfigID 4-3
DeviceID 4-4
Hostname and DeviceID 4-4
Using Hostname, DeviceID, and ConfigID 4-4
Understanding Cisco IOS Agents 4-5
Initial Configuration 4-5
Incremental (Partial) Configuration 4-6
Synchronized Configuration 4-6
Configuring Cisco IOS Agents 4-6
Enabling Automated CNS Configuration 4-6
Enabling the CNS Event Agent 4-7
Enabling the Cisco IOS CNS Agent 4-9
Enabling an Initial Configuration 4-9
Enabling a Partial Configuration 4-12
Displaying CNS Configuration 4-13
CHAPTER
5 Administering the Switch 5-1
Identifying the Switch Image 5-1
Managing the System Time and Date 5-2
Understanding the System Clock 5-2
Understanding Network Time Protocol 5-3
Configuring NTP 5-5
Default NTP Configuration 5-5
Configuring NTP Authentication 5-5
Contents
vi
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Configuring NTP Associations 5-6
Configuring NTP Broadcast Service 5-7
Configuring NTP Access Restrictions 5-9
Configuring the Source IP Address for NTP Packets 5-11
Displaying the NTP Configuration 5-12
Configuring Time and Date Manually 5-12
Setting the System Clock 5-12
Displaying the Time and Date Configuration 5-13
Configuring the Time Zone 5-13
Configuring Summer Time (Daylight Saving Time) 5-14
Configuring a System Name and Prompt 5-15
Default System Name and Prompt Configuration 5-16
Configuring a System Name 5-16
Understanding DNS 5-16
Default DNS Configuration 5-17
Setting Up DNS 5-17
Displaying the DNS Configuration 5-18
Creating a Banner 5-18
Default Banner Configuration 5-18
Configuring a Message-of-the-Day Login Banner 5-19
Configuring a Login Banner 5-20
Managing the MAC Address Table 5-20
Building the Address Table 5-21
MAC Addresses and VLANs 5-21
MAC Addresses and Switch Stacks 5-22
Default MAC Address Table Configuration 5-22
Changing the Address Aging Time 5-22
Removing Dynamic Address Entries 5-23
Configuring MAC Address Change Notification Traps 5-23
Configuring MAC Address Move Notification Traps 5-25
Configuring MAC Threshold Notification Traps 5-26
Adding and Removing Static Address Entries 5-27
Configuring Unicast MAC Address Filtering 5-28
Disabling MAC Address Learning on a VLAN 5-29
Displaying Address Table Entries 5-30
Managing the ARP Table 5-31
CHAPTER
6 Clustering Switches 6-1
Understanding Switch Clusters 6-2
Contents
vii
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Cluster Command Switch Characteristics 6-3
Standby Cluster Command Switch Characteristics 6-3
Candidate Switch and Cluster Member Switch Characteristics 6-4
Planning a Switch Cluster 6-5
Automatic Discovery of Cluster Candidates and Members 6-5
Discovery Through CDP Hops 6-6
Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 6-7
Discovery Through Different VLANs 6-7
Discovery Through Different Management VLANs 6-8
Discovery of Newly Installed Switches 6-9
HSRP and Standby Cluster Command Switches 6-10
Virtual IP Addresses 6-11
Other Considerations for Cluster Standby Groups 6-11
Automatic Recovery of Cluster Configuration 6-12
IP Addresses 6-13
Hostnames 6-13
Passwords 6-13
SNMP Community Strings 6-14
Switch Clusters and Switch Stacks 6-14
TACACS+ and RADIUS 6-16
LRE Profiles 6-16
Using the CLI to Manage Switch Clusters 6-16
Using SNMP to Manage Switch Clusters 6-17
CHAPTER
7 Managing Switch Stacks 7-1
Understanding Stacks 7-1
Stack Membership 7-3
Master Election 7-5
Stack MAC Address 7-6
Member Numbers 7-6
Member Priority Values 7-7
Stack Offline Configuration 7-7
Effects of Adding a Provisioned Switch to a Stack 7-7
Effects of Replacing a Provisioned Switch in a Stack 7-9
Effects of Removing a Provisioned Switch from a Stack 7-9
Stack Software Compatibility Recommendations 7-9
Stack Protocol Version Compatibility 7-9
Major Version Number Incompatibility Among Switches 7-9
Minor Version Number Incompatibility Among Switches 7-10
Contents
viii
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Understanding Auto-Upgrade and Auto-Advise 7-10
Auto-Upgrade and Auto-Advise Example Messages 7-11
Incompatible Software and Member Image Upgrades 7-13
Stack Configuration Files 7-13
Additional Considerations for System-Wide Configuration on Switch Stacks 7-13
Stack Management Connectivity 7-14
Stack Through an IP Address 7-14
Stack Through an SSH Session 7-14
Stack Through Console Ports 7-15
Specific Members 7-15
Stack Configuration Scenarios 7-15
Data Recovery After Stack Topology Changes 7-16
Configuring the Switch Stack 7-16
Default Switch Stack Configuration 7-17
Enabling Persistent MAC Address 7-17
Assigning Stack Member Information 7-19
Assigning a Member Number 7-19
Setting the Member Priority Value 7-20
Provisioning a New Member for a Stack 7-20
Changing the Stack Membership 7-21
Accessing the CLI of a Specific Member 7-21
Displaying Stack Information 7-22
Troubleshooting Stacks 7-22
Manually Disabling a Stack Port 7-22
Re-Enabling a Stack Port While Another Member Starts 7-23
Understanding the show switch stack-ports summary Output 7-23
CHAPTER
8 Configuring SDM Templates 8-1
Understanding the SDM Templates 8-1
SDM Templates and Switch Stacks 8-2
Configuring the Switch SDM Template 8-3
Default SDM Template 8-3
SDM Template Configuration Guidelines 8-3
Setting the SDM Template 8-4
.Displaying the SDM Templates 8-5
CHAPTER
9 Configuring Switch-Based Authentication 9-1
Preventing Unauthorized Access to Your Switch 9-1
Contents
ix
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Protecting Access to Privileged EXEC Commands 9-2
Default Password and Privilege Level Configuration 9-2
Setting or Changing a Static Enable Password 9-3
Protecting Enable and Enable Secret Passwords with Encryption 9-3
Disabling Password Recovery 9-5
Setting a Telnet Password for a Terminal Line 9-6
Configuring Username and Password Pairs 9-7
Configuring Multiple Privilege Levels 9-8
Setting the Privilege Level for a Command 9-8
Changing the Default Privilege Level for Lines 9-9
Logging into and Exiting a Privilege Level 9-10
Controlling Switch Access with TACACS+ 9-10
Understanding TACACS+ 9-10
TACACS+ Operation 9-12
Configuring TACACS+ 9-13
Default TACACS+ Configuration 9-13
Identifying the TACACS+ Server Host and Setting the Authentication Key 9-13
Configuring TACACS+ Login Authentication 9-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 9-16
Starting TACACS+ Accounting 9-17
Establishing a Session with a Router if the AAA Server is Unreachable 9-18
Displaying the TACACS+ Configuration 9-18
Controlling Switch Access with RADIUS 9-18
Understanding RADIUS 9-18
RADIUS Operation 9-20
RADIUS Change of Authorization 9-20
Overview 9-20
Change-of-Authorization Requests 9-21
CoA Request Response Code 9-22
CoA Request Commands 9-23
Stacking Guidelines for Session Termination 9-26
Configuring RADIUS 9-27
Default RADIUS Configuration 9-27
Identifying the RADIUS Server Host 9-27
Configuring RADIUS Login Authentication 9-30
Defining AAA Server Groups 9-32
Configuring RADIUS Authorization for User Privileged Access and Network Services 9-34
Starting RADIUS Accounting 9-35
Establishing a Session with a Router if the AAA Server is Unreachable 9-36
Configuring Settings for All RADIUS Servers 9-36
Contents
x
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 9-36
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 9-38
Configuring CoA on the Switch 9-39
Monitoring and Troubleshooting CoA Functionality 9-40
Configuring RADIUS Server Load Balancing 9-40
Displaying the RADIUS Configuration 9-40
Configuring the Switch for Local Authentication and Authorization 9-40
Configuring the Switch for Secure Shell 9-41
Understanding SSH 9-42
SSH Servers, Integrated Clients, and Supported Versions 9-42
Limitations 9-43
Configuring SSH 9-43
Configuration Guidelines 9-43
Setting Up the Switch to Run SSH 9-43
Configuring the SSH Server 9-44
Displaying the SSH Configuration and Status 9-45
Configuring the Switch for Secure Socket Layer HTTP 9-46
Understanding Secure HTTP Servers and Clients 9-46
Certificate Authority Trustpoints 9-46
CipherSuites 9-48
Configuring Secure HTTP Servers and Clients 9-48
Default SSL Configuration 9-48
SSL Configuration Guidelines 9-49
Configuring a CA Trustpoint 9-49
Configuring the Secure HTTP Server 9-50
Configuring the Secure HTTP Client 9-51
Displaying Secure HTTP Server and Client Status 9-52
Configuring the Switch for Secure Copy Protocol 9-52
Information About Secure Copy 9-53
CHAPTER
10 Configuring IEEE 802.1x Port-Based Authentication 10-1
Understanding IEEE 802.1x Port-Based Authentication 10-1
Device Roles 10-3
Authentication Process 10-4
Authentication Initiation and Message Exchange 10-6
Authentication Manager 10-8
Port-Based Authentication Methods 10-8
Per-User ACLs and Filter-Ids 10-9
Authentication Manager CLI Commands 10-10
Contents
xi
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Ports in Authorized and Unauthorized States 10-11
802.1x Authentication and Switch Stacks 10-12
802.1x Host Mode 10-13
Multidomain Authentication 10-13
802.1x Multiple Authentication Mode 10-15
MAC Move 10-16
MAC Replace 10-16
802.1x Accounting 10-17
802.1x Accounting Attribute-Value Pairs 10-17
802.1x Readiness Check 10-18
802.1x Authentication with VLAN Assignment 10-19
Using 802.1x Authentication with Per-User ACLs 10-20
802.1x Authentication with Downloadable ACLs and Redirect URLs 10-21
Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL 10-23
Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs 10-23
VLAN ID-based MAC Authentication 10-23
802.1x Authentication with Guest VLAN 10-24
802.1x Authentication with Restricted VLAN 10-25
802.1x Authentication with Inaccessible Authentication Bypass 10-26
Support on Multiple-Authentication Ports 10-26
Authentication Results 10-26
Feature Interactions 10-27
802.1x Authentication with Voice VLAN Ports 10-27
802.1x Authentication with Port Security 10-28
802.1x Authentication with Wake-on-LAN 10-29
802.1x Authentication with MAC Authentication Bypass 10-30
802.1x User Distribution 10-31
802.1x User Distribution Configuration Guidelines 10-31
Network Admission Control Layer 2 802.1x Validation 10-32
Flexible Authentication Ordering 10-32
Open1x Authentication 10-33
Using Voice Aware 802.1x Security 10-33
802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT) 10-33
Guidelines 10-34
Using IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute 10-35
Common Session ID 10-35
Configuring 802.1x Authentication 10-36
Default 802.1x Authentication Configuration 10-37
802.1x Authentication Configuration Guidelines 10-38
802.1x Authentication 10-38
Contents
xii
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication
Bypass 10-39
MAC Authentication Bypass 10-40
Maximum Number of Allowed Devices Per Port 10-40
Configuring 802.1x Readiness Check 10-40
Configuring Voice Aware 802.1x Security 10-41
Configuring 802.1x Violation Modes 10-43
Configuring 802.1x Authentication 10-44
Configuring the Switch-to-RADIUS-Server Communication 10-45
Configuring the Host Mode 10-46
Configuring Periodic Re-Authentication 10-48
Manually Re-Authenticating a Client Connected to a Port 10-49
Changing the Quiet Period 10-49
Changing the Switch-to-Client Retransmission Time 10-50
Setting the Switch-to-Client Frame-Retransmission Number 10-50
Setting the Re-Authentication Number 10-51
Enabling MAC Move 10-52
Enabling MAC Replace 10-52
Configuring 802.1x Accounting 10-53
Configuring a Guest VLAN 10-54
Configuring a Restricted VLAN 10-55
Configuring the Inaccessible Authentication Bypass Feature 10-57
Configuring 802.1x Authentication with WoL 10-60
Configuring MAC Authentication Bypass 10-61
Configuring 802.1x User Distribution 10-62
Configuring NAC Layer 2 802.1x Validation 10-63
Configuring an Authenticator and a Supplicant Switch with NEAT 10-64
Configuring NEAT with Auto Smartports Macros 10-65
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs 10-65
Configuring Downloadable ACLs 10-66
Configuring a Downloadable Policy 10-66
Configuring VLAN ID-based MAC Authentication 10-68
Configuring Flexible Authentication Ordering 10-68
Configuring Open1x 10-69
Disabling 802.1x Authentication on the Port 10-70
Resetting the 802.1x Authentication Configuration to the Default Values 10-70
Displaying 802.1x Statistics and Status 10-71
CHAPTER
11 Configuring Web-Based Authentication 11-1
Understanding Web-Based Authentication 11-1
Contents
xiii
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Device Roles 11-2
Host Detection 11-2
Session Creation 11-3
Authentication Process 11-3
Local Web Authentication Banner 11-4
Web Authentication Customizable Web Pages 11-6
Guidelines 11-6
Web-based Authentication Interactions with Other Features 11-7
Port Security 11-7
LAN Port IP 11-8
Gateway IP 11-8
ACLs 11-8
Context-Based Access Control 11-8
802.1x Authentication 11-8
EtherChannel 11-8
Configuring Web-Based Authentication 11-9
Default Web-Based Authentication Configuration 11-9
Web-Based Authentication Configuration Guidelines and Restrictions 11-9
Web-Based Authentication Configuration Task List 11-10
Configuring the Authentication Rule and Interfaces 11-10
Configuring AAA Authentication 11-11
Configuring Switch-to-RADIUS-Server Communication 11-11
Configuring the HTTP Server 11-13
Customizing the Authentication Proxy Web Pages 11-13
Specifying a Redirection URL for Successful Login 11-15
Configuring an AAA Fail Policy 11-15
Configuring the Web-Based Authentication Parameters 11-16
Configuring a Web Authentication Local Banner 11-16
Removing Web-Based Authentication Cache Entries 11-17
Displaying Web-Based Authentication Status 11-17
CHAPTER
12 Configuring Interface Characteristics 12-1
Understanding Interface Types 12-1
Port-Based VLANs 12-2
Switch Ports 12-2
Access Ports 12-3
Trunk Ports 12-3
Switch Virtual Interfaces 12-4
EtherChannel Port Groups 12-4
Contents
xiv
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Dual-Purpose Uplink Ports 12-4
Power over Ethernet Ports 12-5
Supported Protocols and Standards 12-5
Powered-Device Detection and Initial Power Allocation 12-6
Power Management Modes 12-7
Power Monitoring and Power Policing 12-8
Connecting Interfaces 12-10
Using the Switch USB Ports (Catalyst 2960-S Switches Only) 12-11
USB Mini-Type B Console Port 12-11
Console Port Change Logs 12-11
Configuring the Console Media Type 12-12
Configuring the USB Inactivity Timeout 12-13
USB Type A Port 12-14
Using Interface Configuration Mode 12-15
Procedures for Configuring Interfaces 12-16
Configuring a Range of Interfaces 12-17
Configuring and Using Interface Range Macros 12-19
Using the Ethernet Management Port (Catalyst 2960-S Only) 12-20
Understanding the Ethernet Management Port 12-21
Supported Features on the Ethernet Management Port 12-21
Configuring the Ethernet Management Port 12-22
TFTP and the Ethernet Management Port 12-22
Configuring Ethernet Interfaces 12-23
Default Ethernet Interface Configuration 12-23
Setting the Type of a Dual-Purpose Uplink Port 12-25
Configuring Interface Speed and Duplex Mode 12-26
Speed and Duplex Configuration Guidelines 12-26
Setting the Interface Speed and Duplex Parameters 12-27
Configuring IEEE 802.3x Flow Control 12-28
Configuring Auto-MDIX on an Interface 12-29
Configuring a Power Management Mode on a PoE Port 12-30
Budgeting Power for Devices Connected to a PoE Port 12-31
Configuring Power Policing 12-33
Adding a Description for an Interface 12-34
Configuring Layer 3 SVIs 12-35
Configuring the System MTU 12-36
Monitoring and Maintaining the Interfaces 12-37
Monitoring Interface Status 12-38
Clearing and Resetting Interfaces and Counters 12-38
Contents
xv
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Shutting Down and Restarting the Interface 12-39
CHAPTER
13 Configuring VLANs 13-1
Understanding VLANs 13-1
Supported VLANs 13-2
VLAN Port Membership Modes 13-3
Configuring Normal-Range VLANs 13-4
Token Ring VLANs 13-5
Normal-Range VLAN Configuration Guidelines 13-6
Configuring Normal-Range VLANs 13-6
Default Ethernet VLAN Configuration 13-7
Creating or Modifying an Ethernet VLAN 13-8
Deleting a VLAN 13-9
Assigning Static-Access Ports to a VLAN 13-9
Configuring Extended-Range VLANs 13-10
Default VLAN Configuration 13-11
Extended-Range VLAN Configuration Guidelines 13-11
Creating an Extended-Range VLAN 13-11
Displaying VLANs 13-13
Configuring VLAN Trunks 13-13
Trunking Overview 13-13
IEEE 802.1Q Configuration Considerations 13-14
Default Layer 2 Ethernet Interface VLAN Configuration 13-15
Configuring an Ethernet Interface as a Trunk Port 13-15
Interaction with Other Features 13-15
Configuring a Trunk Port 13-16
Defining the Allowed VLANs on a Trunk 13-17
Changing the Pruning-Eligible List 13-18
Configuring the Native VLAN for Untagged Traffic 13-18
Configuring Trunk Ports for Load Sharing 13-19
Load Sharing Using STP Port Priorities 13-19
Load Sharing Using STP Path Cost 13-21
Configuring VMPS 13-22
Understanding VMPS 13-23
Dynamic-Access Port VLAN Membership 13-23
Default VMPS Client Configuration 13-24
VMPS Configuration Guidelines 13-24
Configuring the VMPS Client 13-25
Entering the IP Address of the VMPS 13-25
Contents
xvi
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Configuring Dynamic-Access Ports on VMPS Clients 13-25
Reconfirming VLAN Memberships 13-26
Changing the Reconfirmation Interval 13-26
Changing the Retry Count 13-27
Monitoring the VMPS 13-27
Troubleshooting Dynamic-Access Port VLAN Membership 13-28
VMPS Configuration Example 13-28
CHAPTER
14 Configuring VTP 14-1
Understanding VTP 14-1
The VTP Domain 14-2
VTP Modes 14-3
VTP Advertisements 14-4
VTP Version 2 14-5
VTP Version 3 14-5
VTP Pruning 14-6
VTP and Switch Stacks 14-8
Configuring VTP 14-8
Default VTP Configuration 14-9
VTP Configuration Guidelines 14-9
Domain Names 14-10
Passwords 14-10
VTP Version 14-10
Configuration Requirements 14-11
Configuring VTP Mode 14-11
Configuring a VTP Version 3 Password 14-14
Configuring a VTP Version 3 Primary Server 14-14
Enabling the VTP Version 14-15
Enabling VTP Pruning 14-16
Configuring VTP on a Per-Port Basis 14-16
Adding a VTP Client Switch to a VTP Domain 14-17
Monitoring VTP 14-18
CHAPTER
15 Configuring Voice VLAN 15-1
Understanding Voice VLAN 15-1
Cisco IP Phone Voice Traffic 15-2
Cisco IP Phone Data Traffic 15-2
Configuring Voice VLAN 15-3
Default Voice VLAN Configuration 15-3
Contents
xvii
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Voice VLAN Configuration Guidelines 15-3
Configuring a Port Connected to a Cisco 7960 IP Phone 15-4
Configuring Cisco IP Phone Voice Traffic 15-5
Configuring the Priority of Incoming Data Frames 15-6
Displaying Voice VLAN 15-7
CHAPTER
16 Configuring STP 16-1
Understanding Spanning-Tree Features 16-1
STP Overview 16-2
Spanning-Tree Topology and BPDUs 16-3
Bridge ID, Switch Priority, and Extended System ID 16-4
Spanning-Tree Interface States 16-5
Blocking State 16-6
Listening State 16-7
Learning State 16-7
Forwarding State 16-7
Disabled State 16-7
How a Switch or Port Becomes the Root Switch or Root Port 16-8
Spanning Tree and Redundant Connectivity 16-8
Spanning-Tree Address Management 16-9
Accelerated Aging to Retain Connectivity 16-9
Spanning-Tree Modes and Protocols 16-10
Supported Spanning-Tree Instances 16-10
Spanning-Tree Interoperability and Backward Compatibility 16-11
STP and IEEE 802.1Q Trunks 16-11
Spanning Tree and Switch Stacks 16-12
Configuring Spanning-Tree Features 16-12
Default Spanning-Tree Configuration 16-13
Spanning-Tree Configuration Guidelines 16-13
Changing the Spanning-Tree Mode 16-15
Disabling Spanning Tree 16-16
Configuring the Root Switch 16-16
Configuring a Secondary Root Switch 16-18
Configuring Port Priority 16-18
Configuring Path Cost 16-20
Configuring the Switch Priority of a VLAN 16-21
Configuring Spanning-Tree Timers 16-22
Configuring the Hello Time 16-22
Configuring the Forwarding-Delay Time for a VLAN 16-23
Contents
xviii
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Configuring the Maximum-Aging Time for a VLAN 16-23
Configuring the Transmit Hold-Count 16-24
Displaying the Spanning-Tree Status 16-24
CHAPTER
17 Configuring MSTP 17-1
Understanding MSTP 17-2
Multiple Spanning-Tree Regions 17-2
IST, CIST, and CST 17-3
Operations Within an MST Region 17-3
Operations Between MST Regions 17-4
IEEE 802.1s Terminology 17-5
Hop Count 17-6
Boundary Ports 17-6
IEEE 802.1s Implementation 17-7
Port Role Naming Change 17-7
Interoperation Between Legacy and Standard Switches 17-7
Detecting Unidirectional Link Failure 17-8
MSTP and Switch Stacks 17-9
Interoperability with IEEE 802.1D STP 17-9
Understanding RSTP 17-10
Port Roles and the Active Topology 17-10
Rapid Convergence 17-11
Synchronization of Port Roles 17-12
Bridge Protocol Data Unit Format and Processing 17-13
Processing Superior BPDU Information 17-14
Processing Inferior BPDU Information 17-14
Topology Changes 17-14
Configuring MSTP Features 17-15
Default MSTP Configuration 17-16
MSTP Configuration Guidelines 17-16
Specifying the MST Region Configuration and Enabling MSTP 17-17
Configuring the Root Switch 17-19
Configuring a Secondary Root Switch 17-20
Configuring Port Priority 17-21
Configuring Path Cost 17-23
Configuring the Switch Priority 17-24
Configuring the Hello Time 17-25
Configuring the Forwarding-Delay Time 17-25
Configuring the Maximum-Aging Time 17-26
Contents
xix
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Configuring the Maximum-Hop Count 17-26
Specifying the Link Type to Ensure Rapid Transitions 17-27
Designating the Neighbor Type 17-27
Restarting the Protocol Migration Process 17-28
Displaying the MST Configuration and Status 17-28
CHAPTER
18 Configuring Optional Spanning-Tree Features 18-1
Understanding Optional Spanning-Tree Features 18-1
Understanding Port Fast 18-2
Understanding BPDU Guard 18-2
Understanding BPDU Filtering 18-3
Understanding UplinkFast 18-3
Understanding Cross-Stack UplinkFast 18-5
How CSUF Works 18-6
Events that Cause Fast Convergence 18-7
Understanding BackboneFast 18-7
Understanding EtherChannel Guard 18-10
Understanding Root Guard 18-10
Understanding Loop Guard 18-11
Configuring Optional Spanning-Tree Features 18-12
Default Optional Spanning-Tree Configuration 18-12
Optional Spanning-Tree Configuration Guidelines 18-12
Enabling Port Fast 18-13
Enabling BPDU Guard 18-14
Enabling BPDU Filtering 18-15
Enabling UplinkFast for Use with Redundant Links 18-16
Enabling Cross-Stack UplinkFast 18-17
Enabling BackboneFast 18-17
Enabling EtherChannel Guard 18-18
Enabling Root Guard 18-18
Enabling Loop Guard 18-19
Displaying the Spanning-Tree Status 18-20
CHAPTER
19 Configuring Flex Links and the MAC Address-Table Move Update Feature 19-1
Understanding Flex Links and the MAC Address-Table Move Update 19-1
Flex Links 19-2
VLAN Flex Link Load Balancing and Support 19-3
Flex Link Multicast Fast Convergence 19-3
Learning the Other Flex Link Port as the mrouter Port 19-3
Contents
xx
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Generating IGMP Reports 19-4
Leaking IGMP Reports 19-4
Configuration Examples 19-4
MAC Address-Table Move Update 19-6
Configuring Flex Links and the MAC Address-Table Move Update 19-7
Default Configuration 19-8
Configuration Guidelines 19-8
Configuring Flex Links 19-9
Configuring VLAN Load Balancing on Flex Links 19-11
Configuring the MAC Address-Table Move Update Feature 19-12
Monitoring Flex Links and the MAC Address-Table Move Update 19-14
CHAPTER
20 Configuring DHCP Features and IP Source Guard Features 20-1
Understanding DHCP Snooping 20-2
DHCP Server 20-2
DHCP Relay Agent 20-2
DHCP Snooping 20-2
Option-82 Data Insertion 20-4
DHCP Snooping Binding Database 20-7
DHCP Snooping and Switch Stacks 20-8
Configuring DHCP Snooping 20-9
Default DHCP Snooping Configuration 20-9
DHCP Snooping Configuration Guidelines 20-9
Configuring the DHCP Relay Agent 20-11
Enabling DHCP Snooping and Option 82 20-11
Enabling the DHCP Snooping Binding Database Agent 20-13
Displaying DHCP Snooping Information 20-14
Understanding IP Source Guard 20-14
Source IP Address Filtering 20-15
Source IP and MAC Address Filtering 20-15
IP Source Guard for Static Hosts 20-15
Configuring IP Source Guard 20-16
Default IP Source Guard Configuration 20-16
IP Source Guard Configuration Guidelines 20-16
Enabling IP Source Guard 20-17
Configuring IP Source Guard for Static Hosts 20-18
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port 20-18
Displaying IP Source Guard Information 20-22
Understanding DHCP Server Port-Based Address Allocation 20-22
/