Transcription
Catalyst 2960 SwitchSoftware Configuration GuideCisco IOS Release 12.2(40)SERevised September 2007Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax: 408 527-0883Text Part Number: OL-8603-04
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALLSTATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUTWARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THATSHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSEOR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s publicdomain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITHALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUTLIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OFDEALING, USAGE, OR TRADE PRACTICE.IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCOOR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark ofCisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo,Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step,Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study,LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to IncreaseYour Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationshipbetween Cisco and any other company. (0708R)Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in thedocument are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.Catalyst 2960 Switch Software Configuration Guide 2006-2007 Cisco Systems, Inc. All rights reserved.
C O N T E N T elated PublicationsxxxObtaining Documentation, Obtaining Support, and Security GuidelinesCHAPTER1Overview1-1Features 1-1Ease-of-Deployment and Ease-of-Use FeaturesPerformance Features 1-2Management Options 1-3Manageability Features 1-4Availability and Redundancy Features 1-6VLAN Features 1-7Security Features 1-7QoS and CoS Features 1-9Monitoring Features 1-10Default Settings After Initial Switch Configuration1-11-10Network Configuration Examples 1-12Design Concepts for Using the Switch 1-12Small to Medium-Sized Network Using Catalyst 2960 SwitchesLong-Distance, High-Bandwidth Transport Configuration 1-17Where to Go NextCHAPTER2xxxii1-161-18Using the Command-Line InterfaceUnderstanding Command ModesUnderstanding the Help System2-12-12-3Understanding Abbreviated Commands2-4Understanding no and default Forms of CommandsUnderstanding CLI Error MessagesUsing Configuration Logging2-42-52-5Catalyst 2960 Switch Software Configuration GuideOL-8603-04iii
ContentsUsing Command History 2-6Changing the Command History Buffer Size 2-6Recalling Commands 2-6Disabling the Command History Feature 2-7Using Editing Features 2-7Enabling and Disabling Editing Features 2-7Editing Commands through Keystrokes 2-7Editing Command Lines that Wrap 2-9Searching and Filtering Output of show and more Commands2-10Accessing the CLI 2-10Accessing the CLI through a Console Connection or through TelnetCHAPTER3Assigning the Switch IP Address and Default GatewayUnderstanding the Boot Process2-103-13-1Assigning Switch Information 3-2Default Switch Information 3-3Understanding DHCP-Based Autoconfiguration 3-3DHCP Client Request Process 3-4Configuring DHCP-Based Autoconfiguration 3-5DHCP Server Configuration Guidelines 3-5Configuring the TFTP Server 3-6Configuring the DNS 3-6Configuring the Relay Device 3-6Obtaining Configuration Files 3-7Example Configuration 3-8Manually Assigning IP Information 3-10Checking and Saving the Running Configuration3-10Modifying the Startup Configuration 3-11Default Boot Configuration 3-12Automatically Downloading a Configuration File 3-12Specifying the Filename to Read and Write the System ConfigurationBooting Manually 3-13Booting a Specific Software Image 3-14Controlling Environment Variables 3-143-12Scheduling a Reload of the Software Image 3-16Configuring a Scheduled Reload 3-16Displaying Scheduled Reload Information 3-17Catalyst 2960 Switch Software Configuration GuideivOL-8603-04
ContentsCHAPTER4Configuring Cisco IOS CNS Agents4-1Understanding Cisco Configuration Engine Software 4-1Configuration Service 4-2Event Service 4-3NameSpace Mapper 4-3What You Should Know About the CNS IDs and Device HostnamesConfigID 4-3DeviceID 4-4Hostname and DeviceID 4-4Using Hostname, DeviceID, and ConfigID 4-4Understanding Cisco IOS Agents 4-5Initial Configuration 4-5Incremental (Partial) ConfigurationSynchronized Configuration 4-64-34-6Configuring Cisco IOS Agents 4-6Enabling Automated CNS Configuration 4-6Enabling the CNS Event Agent 4-8Enabling the Cisco IOS CNS Agent 4-9Enabling an Initial Configuration 4-9Enabling a Partial Configuration 4-11Displaying CNS ConfigurationCHAPTER5Clustering Switches4-125-1Understanding Switch Clusters 5-1Cluster Command Switch Characteristics 5-3Standby Cluster Command Switch Characteristics 5-3Candidate Switch and Cluster Member Switch Characteristics5-3Planning a Switch Cluster 5-4Automatic Discovery of Cluster Candidates and Members 5-4Discovery Through CDP Hops 5-5Discovery Through Non-CDP-Capable and Noncluster-Capable DevicesDiscovery Through Different VLANs 5-6Discovery Through Different Management VLANs 5-7Discovery of Newly Installed Switches 5-8HSRP and Standby Cluster Command Switches 5-9Virtual IP Addresses 5-10Other Considerations for Cluster Standby Groups 5-10Automatic Recovery of Cluster Configuration 5-11IP Addresses 5-125-6Catalyst 2960 Switch Software Configuration GuideOL-8603-04v
ContentsHostnames 5-12Passwords 5-13SNMP Community Strings 5-13TACACS and RADIUS 5-14LRE Profiles5-14Using the CLI to Manage Switch Clusters 5-14Catalyst 1900 and Catalyst 2820 CLI ConsiderationsUsing SNMP to Manage Switch ClustersCHAPTER6Administering the Switch5-145-156-1Managing the System Time and Date 6-1Understanding the System Clock 6-1Understanding Network Time Protocol 6-2Configuring NTP 6-3Default NTP Configuration 6-4Configuring NTP Authentication 6-4Configuring NTP Associations 6-5Configuring NTP Broadcast Service 6-6Configuring NTP Access Restrictions 6-8Configuring the Source IP Address for NTP Packets 6-10Displaying the NTP Configuration 6-11Configuring Time and Date Manually 6-11Setting the System Clock 6-11Displaying the Time and Date Configuration 6-12Configuring the Time Zone 6-12Configuring Summer Time (Daylight Saving Time) 6-13Configuring a System Name and Prompt 6-14Default System Name and Prompt ConfigurationConfiguring a System Name 6-15Understanding DNS 6-15Default DNS Configuration 6-16Setting Up DNS 6-16Displaying the DNS Configuration 6-17Creating a Banner 6-17Default Banner Configuration 6-17Configuring a Message-of-the-Day Login BannerConfiguring a Login Banner 6-196-156-18Managing the MAC Address Table 6-19Building the Address Table 6-20Catalyst 2960 Switch Software Configuration GuideviOL-8603-04
ContentsMAC Addresses and VLANs 6-20Default MAC Address Table Configuration 6-21Changing the Address Aging Time 6-21Removing Dynamic Address Entries 6-22Configuring MAC Address Notification Traps 6-22Adding and Removing Static Address Entries 6-24Configuring Unicast MAC Address Filtering 6-25Displaying Address Table Entries 6-26Managing the ARP TableCHAPTER7Configuring SDM Templates6-267-1Understanding the SDM Templates7-1Configuring the Switch SDM Template 7-2Default SDM Template 7-2SDM Template Configuration GuidelinesSetting the SDM Template 7-2.Displaying the SDM TemplatesCHAPTER87-27-3Configuring Switch-Based Authentication8-1Preventing Unauthorized Access to Your Switch8-1Protecting Access to Privileged EXEC Commands 8-2Default Password and Privilege Level Configuration 8-2Setting or Changing a Static Enable Password 8-3Protecting Enable and Enable Secret Passwords with EncryptionDisabling Password Recovery 8-5Setting a Telnet Password for a Terminal Line 8-6Configuring Username and Password Pairs 8-6Configuring Multiple Privilege Levels 8-7Setting the Privilege Level for a Command 8-8Changing the Default Privilege Level for Lines 8-9Logging into and Exiting a Privilege Level 8-98-3Controlling Switch Access with TACACS 8-10Understanding TACACS 8-10TACACS Operation 8-12Configuring TACACS 8-12Default TACACS Configuration 8-13Identifying the TACACS Server Host and Setting the Authentication Key 8-13Configuring TACACS Login Authentication 8-14Configuring TACACS Authorization for Privileged EXEC Access and Network Services8-16Catalyst 2960 Switch Software Configuration GuideOL-8603-04vii
ContentsStarting TACACS Accounting 8-17Displaying the TACACS Configuration 8-17Controlling Switch Access with RADIUS 8-17Understanding RADIUS 8-18RADIUS Operation 8-19Configuring RADIUS 8-19Default RADIUS Configuration 8-20Identifying the RADIUS Server Host 8-20Configuring RADIUS Login Authentication 8-23Defining AAA Server Groups 8-25Configuring RADIUS Authorization for User Privileged Access and Network Services 8-27Starting RADIUS Accounting 8-28Configuring Settings for All RADIUS Servers 8-29Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-29Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-31Displaying the RADIUS Configuration 8-31Configuring the Switch for Local Authentication and AuthorizationConfiguring the Switch for Secure Shell 8-33Understanding SSH 8-33SSH Servers, Integrated Clients, and Supported VersionsLimitations 8-34Configuring SSH 8-34Configuration Guidelines 8-34Setting Up the Switch to Run SSH 8-35Configuring the SSH Server 8-36Displaying the SSH Configuration and Status 8-378-328-33Configuring the Switch for Secure Socket Layer HTTP 8-37Understanding Secure HTTP Servers and Clients 8-37Certificate Authority Trustpoints 8-38CipherSuites 8-39Configuring Secure HTTP Servers and Clients 8-40Default SSL Configuration 8-40SSL Configuration Guidelines 8-40Configuring a CA Trustpoint 8-40Configuring the Secure HTTP Server 8-41Configuring the Secure HTTP Client 8-43Displaying Secure HTTP Server and Client Status 8-43Configuring the Switch for Secure Copy ProtocolInformation About Secure Copy 8-448-43Catalyst 2960 Switch Software Configuration GuideviiiOL-8603-04
ContentsCHAPTER9Configuring IEEE 802.1x Port-Based Authentication9-1Understanding IEEE 802.1x Port-Based Authentication 9-1Device Roles 9-2Authentication Process 9-3Authentication Initiation and Message Exchange 9-5Ports in Authorized and Unauthorized States 9-7IEEE 802.1x Host Mode 9-7IEEE 802.1x Accounting 9-8IEEE 802.1x Accounting Attribute-Value Pairs 9-8Using IEEE 802.1x Authentication with VLAN Assignment 9-9Using IEEE 802.1x Authentication with Guest VLAN 9-11Using IEEE 802.1x Authentication with Restricted VLAN 9-12Using IEEE 802.1x Authentication with Inaccessible Authentication BypassUsing IEEE 802.1x Authentication with Voice VLAN Ports 9-14Using IEEE 802.1x Authentication with Port Security 9-14Using IEEE 802.1x Authentication with Wake-on-LAN 9-15Using IEEE 802.1x Authentication with MAC Authentication Bypass 9-16Using Network Admission Control Layer 2 IEEE 802.1x Validation 9-17Using Web Authentication 9-17Web Authentication with Automatic MAC Check 9-189-13Configuring IEEE 802.1x Authentication 9-18Default IEEE 802.1x Authentication Configuration 9-19IEEE 802.1x Authentication Configuration Guidelines 9-20IEEE 802.1x Authentication 9-20VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible AuthenticationBypass 9-21MAC Authentication Bypass 9-22Upgrading from a Previous Software Release 9-22Configuring IEEE 802.1x Authentication 9-22Configuring the Switch-to-RADIUS-Server Communication 9-24Configuring the Host Mode 9-25Configuring Periodic Re-Authentication 9-25Manually Re-Authenticating a Client Connected to a Port 9-26Changing the Quiet Period 9-26Changing the Switch-to-Client Retransmission Time 9-27Setting the Switch-to-Client Frame-Retransmission Number 9-28Setting the Re-Authentication Number 9-28Configuring IEEE 802.1x Accounting 9-29Configuring a Guest VLAN 9-30Configuring a Restricted VLAN 9-31Catalyst 2960 Switch Software Configuration GuideOL-8603-04ix
ContentsConfiguring the Inaccessible Authentication Bypass Feature 9-33Configuring IEEE 802.1x Authentication with WoL 9-35Configuring MAC Authentication Bypass 9-36Configuring NAC Layer 2 IEEE 802.1x Validation 9-37Configuring Web Authentication 9-38Disabling IEEE 802.1x Authentication on the Port 9-40Resetting the IEEE 802.1x Authentication Configuration to the Default ValuesDisplaying IEEE 802.1x Statistics and StatusCHAPTER10Configuring Interface Characteristics9-419-4110-1Understanding Interface Types 10-1Port-Based VLANs 10-2Switch Ports 10-2Access Ports 10-2Trunk Ports 10-3EtherChannel Port Groups 10-3Dual-Purpose Uplink Ports 10-4Connecting Interfaces 10-4Using Interface Configuration Mode 10-4Procedures for Configuring Interfaces 10-5Configuring a Range of Interfaces 10-6Configuring and Using Interface Range Macros10-7Configuring Ethernet Interfaces 10-9Default Ethernet Interface Configuration 10-9Setting the Type of a Dual-Purpose Uplink Port 10-10Configuring Interface Speed and Duplex Mode 10-12Speed and Duplex Configuration Guidelines 10-12Setting the Interface Speed and Duplex ParametersConfiguring IEEE 802.3x Flow Control 10-14Configuring Auto-MDIX on an Interface 10-15Adding a Description for an Interface 10-16Configuring the System MTU10-1310-16Monitoring and Maintaining the Interfaces 10-18Monitoring Interface Status 10-18Clearing and Resetting Interfaces and Counters 10-19Shutting Down and Restarting the Interface 10-19CHAPTER11Configuring Smartports Macros11-1Understanding Smartports Macros11-1Catalyst 2960 Switch Software Configuration GuidexOL-8603-04
ContentsConfiguring Smartports Macros 11-2Default Smartports Macro Configuration 11-2Smartports Macro Configuration Guidelines 11-2Creating Smartports Macros 11-4Applying Smartports Macros 11-5Applying Cisco-Default Smartports Macros 11-6Displaying Smartports MacrosCHAPTER12Configuring VLANs11-812-1Understanding VLANs 12-1Supported VLANs 12-2VLAN Port Membership Modes12-3Configuring Normal-Range VLANs 12-4Token Ring VLANs 12-5Normal-Range VLAN Configuration Guidelines 12-5VLAN Configuration Mode Options 12-6VLAN Configuration in config-vlan Mode 12-6VLAN Configuration in VLAN Database Configuration ModeSaving VLAN Configuration 12-6Default Ethernet VLAN Configuration 12-7Creating or Modifying an Ethernet VLAN 12-8Deleting a VLAN 12-9Assigning Static-Access Ports to a VLAN 12-10Configuring Extended-Range VLANs 12-11Default VLAN Configuration 12-11Extended-Range VLAN Configuration GuidelinesCreating an Extended-Range VLAN 12-12Displaying VLANs12-612-1212-13Configuring VLAN Trunks 12-14Trunking Overview 12-14IEEE 802.1Q Configuration Considerations 12-15Default Layer 2 Ethernet Interface VLAN Configuration 12-16Configuring an Ethernet Interface as a Trunk Port 12-16Interaction with Other Features 12-16Configuring a Trunk Port 12-17Defining the Allowed VLANs on a Trunk 12-18Changing the Pruning-Eligible List 12-19Configuring the Native VLAN for Untagged Traffic 12-19Configuring Trunk Ports for Load Sharing 12-20Catalyst 2960 Switch Software Configuration GuideOL-8603-04xi
ContentsLoad Sharing Using STP Port Priorities 12-20Load Sharing Using STP Path Cost 12-22Configuring VMPS 12-23Understanding VMPS 12-24Dynamic-Access Port VLAN Membership 12-24Default VMPS Client Configuration 12-25VMPS Configuration Guidelines 12-25Configuring the VMPS Client 12-25Entering the IP Address of the VMPS 12-26Configuring Dynamic-Access Ports on VMPS Clients 12-26Reconfirming VLAN Memberships 12-27Changing the Reconfirmation Interval 12-27Changing the Retry Count 12-28Monitoring the VMPS 12-28Troubleshooting Dynamic-Access Port VLAN Membership 12-29VMPS Configuration Example 12-29CHAPTER13Configuring VTP13-1Understanding VTP 13-1The VTP Domain 13-2VTP Modes 13-3VTP Advertisements 13-3VTP Version 2 13-4VTP Pruning 13-4Configuring VTP 13-6Default VTP Configuration 13-6VTP Configuration Options 13-7VTP Configuration in Global Configuration Mode 13-7VTP Configuration in VLAN Database Configuration ModeVTP Configuration Guidelines 13-8Domain Names 13-8Passwords 13-8VTP Version 13-8Configuration Requirements 13-9Configuring a VTP Server 13-9Configuring a VTP Client 13-11Disabling VTP (VTP Transparent Mode) 13-12Enabling VTP Version 2 13-13Enabling VTP Pruning 13-1413-7Catalyst 2960 Switch Software Configuration GuidexiiOL-8603-04
ContentsAdding a VTP Client Switch to a VTP DomainMonitoring VTPCHAPTER1413-1413-16Configuring Voice VLAN14-1Understanding Voice VLAN 14-1Cisco IP Phone Voice Traffic 14-2Cisco IP Phone Data Traffic 14-2Configuring Voice VLAN 14-3Default Voice VLAN Configuration 14-3Voice VLAN Configuration Guidelines 14-3Configuring a Port Connected to a Cisco 7960 IP Phone 14-4Configuring Cisco IP Phone Voice Traffic 14-4Configuring the Priority of Incoming Data Frames 14-6Displaying Voice VLANCHAPTER15Configuring STP14-615-1Understanding Spanning-Tree Features 15-1STP Overview 15-2Spanning-Tree Topology and BPDUs 15-3Bridge ID, Switch Priority, and Extended System ID 15-4Spanning-Tree Interface States 15-4Blocking State 15-6Listening State 15-6Learning State 15-6Forwarding State 15-6Disabled State 15-7How a Switch or Port Becomes the Root Switch or Root Port 15-7Spanning Tree and Redundant Connectivity 15-8Spanning-Tree Address Management 15-8Accelerated Aging to Retain Connectivity 15-8Spanning-Tree Modes and Protocols 15-9Supported Spanning-Tree Instances 15-9Spanning-Tree Interoperability and Backward Compatibility 15-10STP and IEEE 802.1Q Trunks 15-10Configuring Spanning-Tree Features 15-10Default Spanning-Tree Configuration 15-11Spanning-Tree Configuration Guidelines 15-12Changing the Spanning-Tree Mode. 15-13Disabling Spanning Tree 15-14Catalyst 2960 Switch Software Configuration GuideOL-8603-04xiii
ContentsConfiguring the Root Switch 15-14Configuring a Secondary Root Switch 15-16Configuring Port Priority 15-16Configuring Path Cost 15-18Configuring the Switch Priority of a VLAN 15-19Configuring Spanning-Tree Timers 15-20Configuring the Hello Time 15-20Configuring the Forwarding-Delay Time for a VLAN 15-21Configuring the Maximum-Aging Time for a VLAN 15-21Configuring the Transmit Hold-Count 15-22Displaying the Spanning-Tree StatusCHAPTER16Configuring MSTP15-2216-1Understanding MSTP 16-2Multiple Spanning-Tree Regions 16-2IST, CIST, and CST 16-3Operations Within an MST Region 16-3Operations Between MST Regions 16-4IEEE 802.1s Terminology 16-5Hop Count 16-5Boundary Ports 16-6IEEE 802.1s Implementation 16-6Port Role Naming Change 16-7Interoperation Between Legacy and Standard SwitchesDetecting Unidirectional Link Failure 16-8Interoperability with IEEE 802.1D STP 16-816-7Understanding RSTP 16-8Port Roles and the Active Topology 16-9Rapid Convergence 16-10Synchronization of Port Roles 16-11Bridge Protocol Data Unit Format and Processing 16-12Processing Superior BPDU Information 16-13Processing Inferior BPDU Information 16-13Topology Changes 16-13Configuring MSTP Features 16-14Default MSTP Configuration 16-14MSTP Configuration Guidelines 16-15Specifying the MST Region Configuration and Enabling MSTPConfiguring the Root Switch 16-1716-16Catalyst 2960 Switch Software Configuration GuidexivOL-8603-04
ContentsConfiguring a Secondary Root Switch 16-18Configuring Port Priority 16-19Configuring Path Cost 16-20Configuring the Switch Priority 16-21Configuring the Hello Time 16-22Configuring the Forwarding-Delay Time 16-23Configuring the Maximum-Aging Time 16-23Configuring the Maximum-Hop Count 16-24Specifying the Link Type to Ensure Rapid TransitionsDesignating the Neighbor Type 16-25Restarting the Protocol Migration Process 16-25Displaying the MST Configuration and StatusCHAPTER1716-2416-26Configuring Optional Spanning-Tree Features17-1Understanding Optional Spanning-Tree FeaturesUnderstanding Port Fast 17-2Understanding BPDU Guard 17-2Understanding BPDU Filtering 17-3Understanding UplinkFast 17-3Understanding BackboneFast 17-5Understanding EtherChannel Guard 17-7Understanding Root Guard 17-8Understanding Loop Guard 17-917-1Configuring Optional Spanning-Tree Features 17-9Default Optional Spanning-Tree Configuration 17-9Optional Spanning-Tree Configuration Guidelines 17-10Enabling Port Fast 17-10Enabling BPDU Guard 17-11Enabling BPDU Filtering 17-12Enabling UplinkFast for Use with Redundant Links 17-13Enabling BackboneFast 17-13Enabling EtherChannel Guard 17-14Enabling Root Guard 17-15Enabling Loop Guard 17-15Displaying the Spanning-Tree StatusCHAPTER18Configuring IGMP Snooping and MVRUnderstanding IGMP SnoopingIGMP Versions 18-217-1618-118-1Catalyst 2960 Switch Software Configuration GuideOL-8603-04xv
ContentsJoining a Multicast Group 18-3Leaving a Multicast Group 18-5Immediate Leave 18-5IGMP Configurable-Leave Timer 18-5IGMP Report Suppression 18-6Configuring IGMP Snooping 18-6Default IGMP Snooping Configuration 18-6Enabling or Disabling IGMP Snooping 18-7Setting the Snooping Method 18-8Configuring a Multicast Router Port 18-9Configuring a Host Statically to Join a Group 18-10Enabling IGMP Immediate Leave 18-10Configuring the IGMP Leave Timer 18-11Configuring TCN-Related Commands 18-12Controlling the Multicast Flooding Time After a TCN EventRecovering from Flood Mode 18-12Disabling Multicast Flooding During a TCN Event 18-13Configuring the IGMP Snooping Querier 18-14Disabling IGMP Report Suppression 18-15Displaying IGMP Snooping Information18-15Understanding Multicast VLAN Registration 18-17Using MVR in a Multicast Television ApplicationConfiguring MVR 18-19Default MVR Configuration 18-19MVR Configuration Guidelines and LimitationsConfiguring MVR Global Parameters 18-20Configuring MVR Interfaces 18-21Displaying MVR Information18-1218-1818-2018-23Configuring IGMP Filtering and Throttling 18-23Default IGMP Filtering and Throttling Configuration 18-24Configuring IGMP Profiles 18-24Applying IGMP Profiles 18-25Setting the Maximum Number of IGMP Groups 18-26Configuring the IGMP Throttling Action 18-27Displaying IGMP Filtering and Throttling ConfigurationCHAPTER19Configuring Port-Based Traffic ControlConfiguring Storm Control 19-1Understanding Storm Control18-2819-119-1Catalyst 2960 Switch Software Configuration GuidexviOL-8603-04
ContentsDefault Storm Control Configuration 19-3Configuring Storm Control and Threshold Levels19-3Configuring Protected Ports 19-5Default Protected Port Configuration 19-6Protected Port Configuration Guidelines 19-6Configuring a Protected Port 19-6Configuring Port Blocking 19-7Default Port Blocking Configuration 19-7Blocking Flooded Traffic on an Interface 19-7Configuring Port Security 19-8Understanding Port Security 19-8Secure MAC Addresses 19-8Security Violations 19-9Default Port Security Configuration 19-10Port Security Configuration Guidelines 19-10Enabling and Configuring Port Security 19-11Enabling and Configuring Port Security Aging 19-16Displaying Port-Based Traffic Control SettingsCHAPTER20Configuring CDP19-1720-1Understanding CDP20-1Configuring CDP 20-2Default CDP Configuration 20-2Configuring the CDP Characteristics 20-2Disabling and Enabling CDP 20-3Disabling and Enabling CDP on an InterfaceMonitoring and Maintaining CDPCHAPTER21Configuring LLDP and LLDP-MED20-420-421-1Understanding LLDP and LLDP-MED 21-1Understanding LLDP 21-1Understanding LLDP-MED 21-2Configuring LLDP and LLDP-MED 21-3Default LLDP Configuration 21-3Configuring LLDP Characteristics 21-4Disabling and Enabling LLDP Globally 21-5Disabling and Enabling LLDP on an InterfaceConfiguring LLDP-MED TLVs 21-621-5Catalyst 2960 Switch Software Configuration GuideOL-8603-04xvii
ContentsMonitoring and Maintaining LLDP and LLDP-MEDCHAPTER22Configuring UDLD22-1Understanding UDLD 22-1Modes of Operation 22-1Methods to Detect Unidirectional LinksConfiguring UDLD 22-4Default UDLD Configuration 22-4Configuration Guidelines 22-4Enabling UDLD Globally 22-5Enabling UDLD on an Interface 22-5Resetting an Interface Disabled by UDLDDisplaying UDLD StatusCHAPTER2321-722-222-622-6Configuring SPAN and RSPAN23-1Understanding SPAN and RSPAN 23-1Local SPAN 23-2Remote SPAN 23-2SPAN and RSPAN Concepts and Terminology 23-3SPAN Sessions 23-3Monitored Traffic 23-4Source Ports 23-5Source VLANs 23-6VLAN Filtering 23-6Destination Port 23-6RSPAN VLAN 23-7SPAN and RSPAN Interaction with Other Features 23-8Configuring SPAN and RSPAN 23-9Default SPAN and RSPAN Configuration 23-9Configuring Local SPAN 23-9SPAN Configuration Guidelines 23-10Creating a Local SPAN Session 23-10Creating a Local SPAN Session and Configuring Incoming TrafficSpecifying VLANs to Filter 23-14Configuring RSPAN 23-15RSPAN Configuration Guidelines 23-16Configuring a VLAN as an RSPAN VLAN 23-16Creating an RSPAN Source Session 23-17Creating an RSPAN Destination Session 23-1923-13Catalyst 2960 Switch Software Configuration GuidexviiiOL-8603-04
ContentsCreating an RSPAN Destination Session and Configuring Incoming TrafficSpecifying VLANs to Filter 23-21Displaying SPAN and RSPAN StatusCHAPTER24Configuring RMON23-2023-2224-1Understanding RMON24-1Configuring RMON 24-2Default RMON Configuration 24-3Configuring RMON Alarms and Events 24-3Collecting Group History Statistics on an Interface 24-5Collecting Group Ethernet Statistics on an Interface 24-5Displaying RMON StatusCHAPTER2524-6Configuring System Message Logging25-1Understanding System Message Logging25-1Configuring System Message Logging 25-2System Log Message Format 25-2Default System Message Logging Configuration 25-3Disabling Message Logging 25-4Setting the Message Display Destination Device 25-5Synchronizing Log Messages 25-6Enabling and Disabling Time Stamps on Log Messages 25-7Enabling and Disabling Sequence Numbers in Log Messages 25-8Defining the Message Severity Level 25-8Limiting Syslog Messages Sent to the History Table and to SNMP 25-10Enabling the Configuration-Change Logger 25-10Configuring UNIX Syslog Servers 25-12Logging Messages to a UNIX Syslog Daemon 25-12Configuring the UNIX System Logging Facility 25-12Displaying the Logging ConfigurationCHAPTER26Configuring SNMP25-1326-1Understanding SNMP 26-1SNMP Versions 26-2SNMP Manager Functions 26-3SNMP Agent Functions 26-4SNMP Community Strings 26-4Using SNMP to Access MIB Variables26-4Catalyst 2960 Switch Software Configuration GuideOL-8603-04xix
ContentsSNMP Notifications 26-5SNMP ifIndex MIB Object Values26-6Configuring SNMP 26-6Default SNMP Configuration 26-7SNMP Configuration Guidelines 26-7Disabling the SNMP Agent 26-8Configuring Community Strings 26-8Configuring SNMP Groups and Users 26-10Configuring SNMP Notifications 26-12Setting the Agent Contact and Location InformationLimiting TFTP Servers Used Through SNMP 26-16SNMP Examples 26-17Displaying SNMP StatusCHAPTER2726-1526-18Configuring Cisco IOS IP SLAs Operations27-1Understanding Cisco IOS IP SLAs 27-1Using Cisco IOS IP SLAs to Measure Network PerformanceIP SLAs Responder and IP SLAs Control Protocol 27-3Response Time Computation for IP SLAs 27-4Configuring IP SLAs Operations 27-5Default Configuration 27-5Configuration Guidelines 27-5Configuring the IP SLAs ResponderMonitoring IP SLAs OperationsCHAPTER28Configuring QoS27-227-627-728-1Understanding QoS 28-1Basic QoS Model 28-3Classification 28-5Classification Based on QoS ACLs 28-7Classification Based on Class Maps and Policy MapsPolicing and Marking 28-8Policing on Physical Ports 28-9Mapping Tables 28-11Queueing and Scheduling Overview 28-12Weighted Tail Drop 28-12SRR Shaping and Sharing 28-13Queueing and Scheduling on Ingress Queues 28-14Queueing and Scheduling on Egress Queues 28-1628-7Catalyst 2960 Switch Software Configuration GuidexxOL-8603-04
ContentsPacket Modification28-18Configuring Auto-QoS 28-19Generated Auto-QoS Configuration 28-20Effects of Auto-QoS on the Configuration 28-24Auto-QoS Configuration Guidelines 28-25Enabling Auto-QoS for VoIP 28-25Auto-QoS Configuration Example 28-27Displaying Auto-QoS Information28-29Configuring Standard QoS 28-29Default Standard QoS Configuration 28-30Default Ingres
Contents v Catalyst 2960 Switch Software Configuration Guide OL-8603-04 CHAPTER 4 Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event Service 4-3 NameSpace Mapper 4-3 What You Should Know About the CNS IDs and Devi
