Software Configuration Guide
Page 6
... Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups 5-11 Automatic Recovery of Cluster Configuration 5-12 IP Addresses 5-13 Host Names 5-13 Passwords 5-14 SNMP Community Strings 5-14 TACACS+ and RADIUS 5-14 Access Modes in CMS 5-15 LRE Profiles 5-15 Availability of Switch... 5-20 Using the CLI to Manage Switch Clusters 5-21 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-22 Using SNMP to Manage Switch Clusters 5-22 Catalyst 3560 Switch Software Configuration Guide vi 78-16156-01
... Switches 5-9 HSRP and Standby Cluster Command Switches 5-10 Virtual IP Addresses 5-11 Other Considerations for Cluster Standby Groups 5-11 Automatic Recovery of Cluster Configuration 5-12 IP Addresses 5-13 Host Names 5-13 Passwords 5-14 SNMP Community Strings 5-14 TACACS+ and RADIUS 5-14 Access Modes in CMS 5-15 LRE Profiles 5-15 Availability of Switch... 5-20 Using the CLI to Manage Switch Clusters 5-21 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-22 Using SNMP to Manage Switch Clusters 5-22 Catalyst 3560 Switch Software Configuration Guide vi 78-16156-01
Software Configuration Guide
Page 8
... Switch 8-1 Protecting Access to Privileged EXEC Commands 8-2 Default Password and Privilege Level Configuration 8-2 Setting or Changing a Static Enable Password 8-3 Protecting Enable and Enable Secret Passwords with Encryption 8-4 Disabling Password Recovery 8-5 Setting a Telnet Password for a Terminal Line 8-6 Configuring Username and Password Pairs 8-7 Configuring Multiple Privilege Levels 8-8 Setting the Privilege ... Access and Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
... Switch 8-1 Protecting Access to Privileged EXEC Commands 8-2 Default Password and Privilege Level Configuration 8-2 Setting or Changing a Static Enable Password 8-3 Protecting Enable and Enable Secret Passwords with Encryption 8-4 Disabling Password Recovery 8-5 Setting a Telnet Password for a Terminal Line 8-6 Configuring Username and Password Pairs 8-7 Configuring Multiple Privilege Levels 8-8 Setting the Privilege ... Access and Network Services 8-16 Starting TACACS+ Accounting 8-17 Displaying the TACACS+ Configuration 8-17 Catalyst 3560 Switch Software Configuration Guide viii 78-16156-01
Software Configuration Guide
Page 29
... Maintaining Fallback Bridging 34-10 Troubleshooting 35-1 Recovering from Corrupted Software By Using the XMODEM Protocol 35-2 Recovering from a Lost or Forgotten Password 35-4 Procedure with Password Recovery Enabled 35-5 Procedure with Password Recovery Disabled 35-6 Recovering from a Command Switch Failure 35-8 Replacing a Failed Command Switch with a Cluster Member 35-8 Replacing a Failed Command Switch ...and Error Message Output 35-19 Using the show platform forward Command 35-19 Using the crashinfo File 35-22 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxix
... Maintaining Fallback Bridging 34-10 Troubleshooting 35-1 Recovering from Corrupted Software By Using the XMODEM Protocol 35-2 Recovering from a Lost or Forgotten Password 35-4 Procedure with Password Recovery Enabled 35-5 Procedure with Password Recovery Disabled 35-6 Recovering from a Command Switch Failure 35-8 Replacing a Failed Command Switch with a Cluster Member 35-8 Replacing a Failed Command Switch ...and Error Message Output 35-19 Using the show platform forward Command 35-19 Using the crashinfo File 35-22 Contents 78-16156-01 Catalyst 3560 Switch Software Configuration Guide xxix
Software Configuration Guide
Page 82
Before you can disable password recovery. Note You can assign switch information, make sure you are using the XMODEM Protocol, recover from a Lost or Forgotten Password" section on Cisco.com. Assigning Switch Information You can format the Flash file system, reinstall the ... system control of a cluster or as a standalone switch. For more information, see the "Disabling Password Recovery" section on page 35-2 and the "Recovering from a lost or forgotten password, and finally restart the operating system. Catalyst 3560 Switch Software Configuration Guide 4-2 78-16156-01
Before you can disable password recovery. Note You can assign switch information, make sure you are using the XMODEM Protocol, recover from a Lost or Forgotten Password" section on Cisco.com. Assigning Switch Information You can format the Flash file system, reinstall the ... system control of a cluster or as a standalone switch. For more information, see the "Disabling Password Recovery" section on page 35-2 and the "Recovering from a lost or forgotten password, and finally restart the operating system. Catalyst 3560 Switch Software Configuration Guide 4-2 78-16156-01
Software Configuration Guide
Page 119
...if a cluster command switch fails, see the "Disabling Password Recovery" section on the cluster member switch to return to the command-switch CLI. The command mode changes, and the Cisco IOS commands operate as usual. The Cisco IOS commands then operate as usual. For instructions on... console or Telnet connection) and to the online help. Enter the exit privileged EXEC command on page 8-5. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-21 For more information about the cluster commands, refer to the switch command reference. This example shows how...
...if a cluster command switch fails, see the "Disabling Password Recovery" section on the cluster member switch to return to the command-switch CLI. The command mode changes, and the Cisco IOS commands operate as usual. The Cisco IOS commands then operate as usual. For instructions on... console or Telnet connection) and to the online help. Enter the exit privileged EXEC command on page 8-5. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 5-21 For more information about the cluster commands, refer to the switch command reference. This example shows how...
Software Configuration Guide
Page 156
... Passwords with Encryption, page 8-4 • Disabling Password Recovery, page 8-5 • Setting a Telnet Password for Release 12.1. The default is defined. The password is encrypted before it is defined. This section describes how to control access to a network or network device. It contains this section, refer to the Cisco ... Protecting Access to Privileged EXEC Commands A simple way of providing terminal access control in the configuration file. No password is written to the configuration file. Catalyst 3560 Switch Software Configuration Guide 8-2 78-16156-01
... Passwords with Encryption, page 8-4 • Disabling Password Recovery, page 8-5 • Setting a Telnet Password for Release 12.1. The default is defined. The password is encrypted before it is defined. This section describes how to control access to a network or network device. It contains this section, refer to the Cisco ... Protecting Access to Privileged EXEC Commands A simple way of providing terminal access control in the configuration file. No password is written to the configuration file. Catalyst 3560 Switch Software Configuration Guide 8-2 78-16156-01
Software Configuration Guide
Page 159
...enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8 Disabling Password Recovery By default, any user. If the switch is operating in an area of the Flash memory that is accessible by the boot loader and the Cisco IOS image, but the configuration file (config....copy of the command output. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-5 To disable password encryption, use the no enable password [level level] or no service password-encryption global configuration command. Disable password recovery. Return to specify commands accessible at this level. This...
...enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8 Disabling Password Recovery By default, any user. If the switch is operating in an area of the Flash memory that is accessible by the boot loader and the Cisco IOS image, but the configuration file (config....copy of the command output. 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 8-5 To disable password encryption, use the no enable password [level level] or no service password-encryption global configuration command. Disable password recovery. Return to specify commands accessible at this level. This...
Software Configuration Guide
Page 160
... password recovery will not work if you can configure it now through a password. If you did not configure this password during the setup program, you have set the Telnet password to let45me67in89: Switch(config)# line vty 10 Switch(config-line)# password let45me67in89 Catalyst 3560 Switch... the command-line interface (CLI). To remove the password, use the service password-recovery global configuration command. Protecting Access to Privileged EXEC Commands Chapter 8 Configuring Switch-Based Authentication To re-enable password recovery, use the no parity. You might need to ...
... password recovery will not work if you can configure it now through a password. If you did not configure this password during the setup program, you have set the Telnet password to let45me67in89: Switch(config)# line vty 10 Switch(config-line)# password let45me67in89 Catalyst 3560 Switch... the command-line interface (CLI). To remove the password, use the service password-recovery global configuration command. Protecting Access to Privileged EXEC Commands Chapter 8 Configuring Switch-Based Authentication To re-enable password recovery, use the no parity. You might need to ...
Software Configuration Guide
Page 779
... By Using the XMODEM Protocol, page 35-2 • Recovering from a Lost or Forgotten Password, page 35-4 • Recovering from a Command Switch Failure, page 35-8 • Recovering from Lost Cluster Member Connectivity, page 35-11 Note Recovery procedures require that you can use the command-line interface (CLI) or the Cluster Management... solve problems. Additional troubleshooting information, such as LED descriptions, is provided in this chapter, refer to the command reference for this release and the Cisco IOS Command Summary for Release 12.1. Depending on the Catalyst 3560 switch.
... By Using the XMODEM Protocol, page 35-2 • Recovering from a Lost or Forgotten Password, page 35-4 • Recovering from a Command Switch Failure, page 35-8 • Recovering from Lost Cluster Member Connectivity, page 35-11 Note Recovery procedures require that you can use the command-line interface (CLI) or the Cluster Management... solve problems. Additional troubleshooting information, such as LED descriptions, is provided in this chapter, refer to the command reference for this release and the Cisco IOS Command Summary for Release 12.1. Depending on the Catalyst 3560 switch.
Software Configuration Guide
Page 782
... with physical access to the switch to recover from a lost the switch password. It provides two solutions: • Procedure with Password Recovery Enabled, page 35-5 • Procedure with reload? [confirm] y 35-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 You can disable some of the...or not. • If you see a message that begins with this feature by allowing an end user to reset a password only by using the service password-recovery global configuration command. Power off . Follow the steps in this during power-on page 35-6, and follow the steps. ...
... with physical access to the switch to recover from a lost the switch password. It provides two solutions: • Procedure with Password Recovery Enabled, page 35-5 • Procedure with reload? [confirm] y 35-4 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 You can disable some of the...or not. • If you see a message that begins with this feature by allowing an end user to reset a password only by using the service password-recovery global configuration command. Power off . Follow the steps in this during power-on page 35-6, and follow the steps. ...
Software Configuration Guide
Page 783
...16156-01 Catalyst 3560 Switch Software Configuration Guide 35-5 Load any helper files: switch: load_helper Display the contents of Flash memory: switch: dir flash: The switch file system appears: Directory of the switch console port. This file contains the password definition. switch... Change the emulation software line speed to initializing the flash file system. Enter N at the prompt: Continue with Password Recovery Enabled If the password-recovery mechanism is enabled, this message appears: The system has been interrupted prior to match that particular speed. The following...
...16156-01 Catalyst 3560 Switch Software Configuration Guide 35-5 Load any helper files: switch: load_helper Display the contents of Flash memory: switch: dir flash: The switch file system appears: Directory of the switch console port. This file contains the password definition. switch... Change the emulation software line speed to initializing the flash file system. Enter N at the prompt: Continue with Password Recovery Enabled If the password-recovery mechanism is enabled, this message appears: The system has been interrupted prior to match that particular speed. The following...
Software Configuration Guide
Page 784
...loader prompt can still be reset back to the default system configuration, access to 25 alphanumeric characters, can start with Password Recovery Disabled If the password-recovery mechanism is disabled, this message appears: The password-recovery mechanism has been triggered, but ignores leading spaces. Note This procedure is now reloaded, and you contact your system ... Press Return in the startup configuration. The configuration file is likely to verify if there are backup switch and VLAN configuration files. 35-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
...loader prompt can still be reset back to the default system configuration, access to 25 alphanumeric characters, can start with Password Recovery Disabled If the password-recovery mechanism is disabled, this message appears: The password-recovery mechanism has been triggered, but ignores leading spaces. Note This procedure is now reloaded, and you contact your system ... Press Return in the startup configuration. The configuration file is likely to verify if there are backup switch and VLAN configuration files. 35-6 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Software Configuration Guide
Page 785
...total (10003456 bytes free) Boot the system: Switch: boot You are deleted. Return to start with password recovery and lose the existing configuration: Would you can reset the password. Chapter 35 Troubleshooting Recovering from 1 to 25 alphanumeric characters, can start the setup program. You see ...file in Flash memory and the VLAN database file are prompted to privileged EXEC mode: Switch (config)# exit Switch# 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-7 you cannot access the boot loader prompt, and you enter n (no ]: N At the switch prompt...
...total (10003456 bytes free) Boot the system: Switch: boot You are deleted. Return to start with password recovery and lose the existing configuration: Would you can reset the password. Chapter 35 Troubleshooting Recovering from 1 to 25 alphanumeric characters, can start the setup program. You see ...file in Flash memory and the VLAN database file are prompted to privileged EXEC mode: Switch (config)# exit Switch# 78-16156-01 Catalyst 3560 Switch Software Configuration Guide 35-7 you cannot access the boot loader prompt, and you enter n (no ]: N At the switch prompt...
Software Configuration Guide
Page 786
...failed command switch, and duplicate its connections to the cluster members. 35-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 However, connectivity between the member switches ..., page 35-8 • Replacing a Failed Command Switch with Another Switch, page 35-10 These recovery procedures require that are still connected is in this state by using the Hot Standby Router Protocol ...file: Switch# copy running-config startup-config The new password is command-capable, making a note of the command-switch password, and cabling your switch virtual interface in some other ...
...failed command switch, and duplicate its connections to the cluster members. 35-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01 However, connectivity between the member switches ..., page 35-8 • Replacing a Failed Command Switch with Another Switch, page 35-10 These recovery procedures require that are still connected is in this state by using the Hot Standby Router Protocol ...file: Switch# copy running-config startup-config The new password is command-capable, making a note of the command-switch password, and cabling your switch virtual interface in some other ...
Software Configuration Guide
Page 849
...-rate-limit errdisable recovery cause dhcp-rate-limit errdisable recovery cause unicast flood service compress-config 78-16156-01 Catalyst 3560 Switch Software Configuration Guide C-11 Appendix C Unsupported Commands in Cisco IOS Release 12.1(19...)EA1 VTP Unsupported User EXEC Commands show running-config vlan show vlan ifindex show vlan private-vlan VTP Unsupported Privileged EXEC Commands vtp {password password...
...-rate-limit errdisable recovery cause dhcp-rate-limit errdisable recovery cause unicast flood service compress-config 78-16156-01 Catalyst 3560 Switch Software Configuration Guide C-11 Appendix C Unsupported Commands in Cisco IOS Release 12.1(19...)EA1 VTP Unsupported User EXEC Commands show running-config vlan show vlan ifindex show vlan private-vlan VTP Unsupported Privileged EXEC Commands vtp {password password...
Software Configuration Guide
Page 856
... adding member switches 5-17 automatic discovery 5-5 automatic recovery 5-10 IN-6 Catalyst 3560 Switch Software Configuration Guide clusters, switch (continued) ...benefits 1-2 command switch configuration 5-16 compatibility 5-4 creating 5-16 creating a cluster standby group 5-19 described 5-1 LRE profile considerations 5-15 managing through CLI 5-21 through SNMP 5-22 planning 5-4 planning considerations automatic discovery 5-5 automatic recovery 5-10 CLI 5-21 host names 5-13 IP addresses 5-13 LRE profiles 5-15 passwords...
... adding member switches 5-17 automatic discovery 5-5 automatic recovery 5-10 IN-6 Catalyst 3560 Switch Software Configuration Guide clusters, switch (continued) ...benefits 1-2 command switch configuration 5-16 compatibility 5-4 creating 5-16 creating a cluster standby group 5-19 described 5-1 LRE profile considerations 5-15 managing through CLI 5-21 through SNMP 5-22 planning 5-4 planning considerations automatic discovery 5-5 automatic recovery 5-10 CLI 5-21 host names 5-13 IP addresses 5-13 LRE profiles 5-15 passwords...
Software Configuration Guide
Page 857
... active (AC) 5-10, 5-19 command switch with HSRP disabled (CC) 5-19 configuration conflicts 35-11 defined 5-2 enabling 5-16 passive (PC) 5-10, 5-19 password privilege levels 5-22 priority 5-10 recovery from command-switch failure 5-10 from failure 35-8 from lost member connectivity 35-11 redundant 5-10, 5-19 78-16156-01 Index command switch... preparing B-10, B-13, B-16 reasons for B-8 using FTP B-13 using RCP B-17 using TFTP B-11 guidelines for creating and using B-9 invalid combinations when copying B-5 Catalyst 3560 Switch Software Configuration Guide IN-7
... active (AC) 5-10, 5-19 command switch with HSRP disabled (CC) 5-19 configuration conflicts 35-11 defined 5-2 enabling 5-16 passive (PC) 5-10, 5-19 password privilege levels 5-22 priority 5-10 recovery from command-switch failure 5-10 from failure 35-8 from lost member connectivity 35-11 redundant 5-10, 5-19 78-16156-01 Index command switch... preparing B-10, B-13, B-16 reasons for B-8 using FTP B-13 using RCP B-17 using TFTP B-11 guidelines for creating and using B-9 invalid combinations when copying B-5 Catalyst 3560 Switch Software Configuration Guide IN-7
Software Configuration Guide
Page 858
Index configuration files (continued) limiting TFTP server access 26-15 obtaining with DHCP 4-7 password recovery disable considerations 8-5 specifying the filename 4-12 system contact and location information 26-14 types ...2 13-4 console port, connecting to 2-9 conventions command xxxiv for examples xxxiv publication xxxiv text xxxiv corrupted software, recovery steps with XMODEM 35-2 CoS in Layer 2 frames 28-2 override priority 14-5 trust priority 14-5 CoS input queue...IP addressing, IP routing 30-4 IP multicast routing 32-8 IN-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Index configuration files (continued) limiting TFTP server access 26-15 obtaining with DHCP 4-7 password recovery disable considerations 8-5 specifying the filename 4-12 system contact and location information 26-14 types ...2 13-4 console port, connecting to 2-9 conventions command xxxiv for examples xxxiv publication xxxiv text xxxiv corrupted software, recovery steps with XMODEM 35-2 CoS in Layer 2 frames 28-2 override priority 14-5 trust priority 14-5 CoS input queue...IP addressing, IP routing 30-4 IP multicast routing 32-8 IN-8 Catalyst 3560 Switch Software Configuration Guide 78-16156-01
Software Configuration Guide
Page 874
... system resources 7-1 options, management 1-4 OSPF area parameters, configuring 30-32 configuring 30-30 default configuration IN-24 Catalyst 3560 Switch Software Configuration Guide OSPF (continued) metrics 30-34 route 30-34 settings 30-29 described 30-28 interface parameters,...parallel paths, in routing tables 30-64 passive interfaces configuring 30-74 OSPF 30-34 passwords default configuration 8-2 disabling recovery of 8-5 encrypting 8-4 for security 1-6 in clusters 5-14, 5-17 overview 8-1 recovery of 35-4 setting enable 8-3 enable secret 8-4 Telnet 8-6 with usernames 8-7 VTP domain...
... system resources 7-1 options, management 1-4 OSPF area parameters, configuring 30-32 configuring 30-30 default configuration IN-24 Catalyst 3560 Switch Software Configuration Guide OSPF (continued) metrics 30-34 route 30-34 settings 30-29 described 30-28 interface parameters,...parallel paths, in routing tables 30-64 passive interfaces configuring 30-74 OSPF 30-34 passwords default configuration 8-2 disabling recovery of 8-5 encrypting 8-4 for security 1-6 in clusters 5-14, 5-17 overview 8-1 recovery of 35-4 setting enable 8-3 enable secret 8-4 Telnet 8-6 with usernames 8-7 VTP domain...
Software Configuration Guide
Page 880
...downloading B-31 preparing the server B-29 uploading B-33 reconfirmation interval, VMPS, changing 12-31 recovery procedures 35-1 redundancy EtherChannel 29-2 HSRP 31-1 STP backbone 15-8 path cost 12-26 ...13 reliable transport protocol, EIGRP 30-37 reloading software 4-16 IN-30 Catalyst 3560 Switch Software Configuration Guide Remote Authentication Dial-In User Service See RADIUS Remote Copy... in BGP 30-49 resetting a UDLD-shutdown interface 22-6 restricting access NTP services 6-8 overview 8-1 passwords and privilege levels 8-2 RADIUS 8-18 TACACS+ 8-10 retry count, VMPS, changing 12-32 reverse...
...downloading B-31 preparing the server B-29 uploading B-33 reconfirmation interval, VMPS, changing 12-31 recovery procedures 35-1 redundancy EtherChannel 29-2 HSRP 31-1 STP backbone 15-8 path cost 12-26 ...13 reliable transport protocol, EIGRP 30-37 reloading software 4-16 IN-30 Catalyst 3560 Switch Software Configuration Guide Remote Authentication Dial-In User Service See RADIUS Remote Copy... in BGP 30-49 resetting a UDLD-shutdown interface 22-6 restricting access NTP services 6-8 overview 8-1 passwords and privilege levels 8-2 RADIUS 8-18 TACACS+ 8-10 retry count, VMPS, changing 12-32 reverse...