Software Guide
Page 1
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide Software Release 8.1 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7815486= Text Part Number: 78-15486-01
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide Software Release 8.1 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7815486= Text Part Number: 78-15486-01
Software Guide
Page 2
and/or its affiliates in this document or Web site are trademarks of Cisco Systems, Inc.; and certain other company. (0304R) Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide Copyright © 2000-2003, Cisco Systems, Inc. All rights reserved. All rights reserved. Copyright © 1981, Regents of the University of the UNIX operating system...
and/or its affiliates in this document or Web site are trademarks of Cisco Systems, Inc.; and certain other company. (0304R) Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide Copyright © 2000-2003, Cisco Systems, Inc. All rights reserved. All rights reserved. Copyright © 1981, Regents of the University of the UNIX operating system...
Software Guide
Page 3
... Ordering Documentation xxvii Documentation Feedback xxviii Obtaining Technical Assistance xxviii Cisco.com xxviii Technical Assistance Center xxix Obtaining Additional Publications and Information xxx Product Overview 1-1 Catalyst 4000 Series Switches 1-1 Catalyst 2948G Switch 1-2 Catalyst 2980G Switch 1-3 Supervisor Engine Software 1-3 Using the Command-Line Interface 2-1 Switch CLI Overview 2-1 Accessing the Switch CLI 2-2 Accessing the CLI Through the Console Port 2-2 Accessing the...
... Ordering Documentation xxvii Documentation Feedback xxviii Obtaining Technical Assistance xxviii Cisco.com xxviii Technical Assistance Center xxix Obtaining Additional Publications and Information xxx Product Overview 1-1 Catalyst 4000 Series Switches 1-1 Catalyst 2948G Switch 1-2 Catalyst 2980G Switch 1-3 Supervisor Engine Software 1-3 Using the Command-Line Interface 2-1 Switch CLI Overview 2-1 Accessing the Switch CLI 2-2 Accessing the CLI Through the Console Port 2-2 Accessing the...
Software Guide
Page 4
..., Host Names, and IP Aliases 2-8 ROM Monitor CLI 2-9 Example of a Catalyst 4003 Bootup Display 2-9 Configuring the Switch IP Address and Default Gateway 3-1 Understanding How the Switch Management Interfaces Work 3-1 Understanding How Automatic IP Configuration Works 3-2 Automatic IP Configuration ...an IP Address Configuration 3-9 Renewing and Releasing a DHCP-Assigned IP Address 3-10 Configuring Ethernet and Fast Ethernet Switching 4-1 Understanding How Ethernet Works 4-1 Ethernet Overview 4-1 Switching Frames Between Segments 4-2 Building the Address Table 4-2 Default Ethernet and Fast ...
..., Host Names, and IP Aliases 2-8 ROM Monitor CLI 2-9 Example of a Catalyst 4003 Bootup Display 2-9 Configuring the Switch IP Address and Default Gateway 3-1 Understanding How the Switch Management Interfaces Work 3-1 Understanding How Automatic IP Configuration Works 3-2 Automatic IP Configuration ...an IP Address Configuration 3-9 Renewing and Releasing a DHCP-Assigned IP Address 3-10 Configuring Ethernet and Fast Ethernet Switching 4-1 Understanding How Ethernet Works 4-1 Ethernet Overview 4-1 Switching Frames Between Segments 4-2 Building the Address Table 4-2 Default Ethernet and Fast ...
Software Guide
Page 5
... Port Negotiation 5-9 Configuring errdisable State Gigabit Ethernet Port Timeout Periods 5-9 Checking Gigabit Ethernet Port Connectivity 5-10 Configuring Fast EtherChannel and Gigabit EtherChannel 6-1 Understanding How EtherChannel Works 6-1 EtherChannel Overview 6-2 Understanding Frame Distribution...6-9 Displaying EtherChannel Configuration Information 6-10 Displaying EtherChannel Traffic Statistics 6-11 Displaying EtherChannel PAgP Statistics 6-12 EtherChannel Configuration Examples 6-12 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 v
... Port Negotiation 5-9 Configuring errdisable State Gigabit Ethernet Port Timeout Periods 5-9 Checking Gigabit Ethernet Port Connectivity 5-10 Configuring Fast EtherChannel and Gigabit EtherChannel 6-1 Understanding How EtherChannel Works 6-1 EtherChannel Overview 6-2 Understanding Frame Distribution...6-9 Displaying EtherChannel Configuration Information 6-10 Displaying EtherChannel Traffic Statistics 6-11 Displaying EtherChannel PAgP Statistics 6-12 EtherChannel Configuration Examples 6-12 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 v
Software Guide
Page 6
...22 7 C H A P T E R Configuring Spanning Tree 7-1 Understanding How STPs Work 7-2 Understanding How a Topology Is Created 7-2 Understanding How a Switch or Port Becomes the Root Switch or Root Port 7-3 Understanding BPDUs 7-4 Calculating and Assigning Port Costs 7-4 Understanding Spanning Tree Port States 7-5 Understanding How PVST+ and MISTP Modes Work 7-11...Tree Protocol 7-16 MST-to-SST Interoperability 7-17 Common Spanning Tree 7-18 MST Instances 7-18 MST Configuration 7-18 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 vi 78-15486-01
...22 7 C H A P T E R Configuring Spanning Tree 7-1 Understanding How STPs Work 7-2 Understanding How a Topology Is Created 7-2 Understanding How a Switch or Port Becomes the Root Switch or Root Port 7-3 Understanding BPDUs 7-4 Calculating and Assigning Port Costs 7-4 Understanding Spanning Tree Port States 7-5 Understanding How PVST+ and MISTP Modes Work 7-11...Tree Protocol 7-16 MST-to-SST Interoperability 7-17 Common Spanning Tree 7-18 MST Instances 7-18 MST Configuration 7-18 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 vi 78-15486-01
Software Guide
Page 7
...MISTP Instance 7-36 Disabling MISTP-PVST+ or MISTP 7-39 Configuring a Root Switch 7-39 Configuring a Primary Root Switch 7-39 Configuring a Secondary Root Switch 7-40 Configuring a Root Switch to Improve Convergence 7-41 Using Root Guard-Preventing Switches from Becoming Root 7-43 Displaying Spanning Tree BPDU Statistics 7-43 Configuring Spanning...57 Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast, BackboneFast, and Loop Guard 8-1 Understanding How PortFast Works 8-1 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 vii
...MISTP Instance 7-36 Disabling MISTP-PVST+ or MISTP 7-39 Configuring a Root Switch 7-39 Configuring a Primary Root Switch 7-39 Configuring a Secondary Root Switch 7-40 Configuring a Root Switch to Improve Convergence 7-41 Using Root Guard-Preventing Switches from Becoming Root 7-43 Displaying Spanning Tree BPDU Statistics 7-43 Configuring Spanning...57 Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast, BackboneFast, and Loop Guard 8-1 Understanding How PortFast Works 8-1 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 vii
Software Guide
Page 8
... Loop Guard Works 8-6 Configuring PortFast 8-8 Enabling PortFast on an Access Port 8-8 Enabling PortFast on a Trunk Port 8-9 Disabling PortFast 8-10 Resetting PortFast 8-11 Configuring PortFast BPDU Guard 8-11 Enabling PortFast BPDU Guard 8-11 Disabling PortFast BPDU Guard 8-12 Configuring PortFast BPDU Filtering... and Version 2 Configuration 9-5 VTP Version 1 and Version 2 Configuration Guidelines 9-6 Configuring VTP Version 1 and Version 2 9-6 Configuring a VTP Server 9-7 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 viii 78-15486-01
... Loop Guard Works 8-6 Configuring PortFast 8-8 Enabling PortFast on an Access Port 8-8 Enabling PortFast on a Trunk Port 8-9 Disabling PortFast 8-10 Resetting PortFast 8-11 Configuring PortFast BPDU Guard 8-11 Enabling PortFast BPDU Guard 8-11 Disabling PortFast BPDU Guard 8-12 Configuring PortFast BPDU Filtering... and Version 2 Configuration 9-5 VTP Version 1 and Version 2 Configuration Guidelines 9-6 Configuring VTP Version 1 and Version 2 9-6 Configuring a VTP Server 9-7 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 viii 78-15486-01
Software Guide
Page 9
... a Normal-Range Ethernet VLAN 10-7 Creating or Modifying an Extended-Range VLAN 10-9 Assigning Switch Ports to a VLAN 10-10 Mapping 802.1Q VLANs to ISL VLANs 10-11 Clearing 802.1Q-to-ISL VLAN Mappings 10-12 Deleting a VLAN 10-12 Configuring Auxiliary VLANs 10-13 Understanding Auxiliary VLANs 10-13 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release...
... a Normal-Range Ethernet VLAN 10-7 Creating or Modifying an Extended-Range VLAN 10-9 Assigning Switch Ports to a VLAN 10-10 Mapping 802.1Q VLANs to ISL VLANs 10-11 Clearing 802.1Q-to-ISL VLAN Mappings 10-12 Deleting a VLAN 10-12 Configuring Auxiliary VLANs 10-13 Understanding Auxiliary VLANs 10-13 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release...
Software Guide
Page 10
...A P T E R Configuring Private VLANs 10-16 Private VLAN Configuration Guidelines 10-17 Creating a Private VLAN 10-19 Viewing the Port Capability of a Private VLAN Port 10-22 Deleting a Private VLAN 10-22 Deleting an Isolated or Community VLAN 10-23 Deleting a Private VLAN Mapping 10-23 Configuring VLAN Trunks on Fast Ethernet and ... Clients 12-8 Monitoring VMPS 12-9 Maintaining VMPS 12-9 Configuring Static Ports 12-10 Troubleshooting VMPS and Dynamic Port VLAN Membership 12-11 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 x 78-15486-01
...A P T E R Configuring Private VLANs 10-16 Private VLAN Configuration Guidelines 10-17 Creating a Private VLAN 10-19 Viewing the Port Capability of a Private VLAN Port 10-22 Deleting a Private VLAN 10-22 Deleting an Isolated or Community VLAN 10-23 Deleting a Private VLAN Mapping 10-23 Configuring VLAN Trunks on Fast Ethernet and ... Clients 12-8 Monitoring VMPS 12-9 Maintaining VMPS 12-9 Configuring Static Ports 12-10 Troubleshooting VMPS and Dynamic Port VLAN Membership 12-11 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 x 78-15486-01
Software Guide
Page 11
...GVRP Works 13-1 GVRP Hardware and Software Requirements 13-1 Default GVRP Configuration 13-2 GVRP Configuration Guidelines 13-2 Configuring GVRP on the Switch 13-2 Enabling GVRP Globally 13-2 Enabling GVRP on Individual 802.1Q Trunk Ports 13-3 Enabling GVRP Dynamic VLAN Creation 13-4 ... Value for the Switch 14-5 Reverting to the Default Switch CoS Value 14-5 Mapping CoS Values to Transmit Queues and Drop Thresholds 14-6 Reverting to the Default CoS-to-Transmit Queue and Drop Threshold Mapping 14-6 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release...
...GVRP Works 13-1 GVRP Hardware and Software Requirements 13-1 Default GVRP Configuration 13-2 GVRP Configuration Guidelines 13-2 Configuring GVRP on the Switch 13-2 Enabling GVRP Globally 13-2 Enabling GVRP on Individual 802.1Q Trunk Ports 13-3 Enabling GVRP Dynamic VLAN Creation 13-4 ... Value for the Switch 14-5 Reverting to the Default Switch CoS Value 14-5 Mapping CoS Values to Transmit Queues and Drop Thresholds 14-6 Reverting to the Default CoS-to-Transmit Queue and Drop Threshold Mapping 14-6 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release...
Software Guide
Page 12
... Configuring GMRP 15-9 GMRP Software Requirements 15-9 Default GMRP Configuration 15-9 Enabling GMRP Globally 15-9 Enabling GMRP on Individual Switch Ports 15-10 Disabling GMRP on Individual Switch Ports 15-10 Enabling GMRP Forward-All Option 15-11 Disabling GMRP Forward-All Option 15-11 Configuring GMRP Registration 15-12 Setting the...Ports and Group Entries 15-15 Specifying Multicast Router Ports 15-16 Configuring Multicast Groups 15-16 Disabling Multicast Router Ports 15-17 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xii 78-15486-01
... Configuring GMRP 15-9 GMRP Software Requirements 15-9 Default GMRP Configuration 15-9 Enabling GMRP Globally 15-9 Enabling GMRP on Individual Switch Ports 15-10 Disabling GMRP on Individual Switch Ports 15-10 Enabling GMRP Forward-All Option 15-11 Disabling GMRP Forward-All Option 15-11 Configuring GMRP Registration 15-12 Setting the...Ports and Group Entries 15-15 Specifying Multicast Router Ports 15-16 Configuring Multicast Groups 15-16 Disabling Multicast Router Ports 15-17 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xii 78-15486-01
Software Guide
Page 13
...-8 Setting the Shutdown Time 16-9 Disabling Port Security 16-9 Restricting Traffic for a Host MAC Address 16-10 Monitoring Port Security 16-10 Configuring Unicast Flood Blocking 17-1 Understanding How Unicast Flood Blocking Works 17-1 Configuration Guidelines for Unicast Flood Blocking...Switch 17-2 Enabling Unicast Flood Blocking 17-2 Disabling Unicast Flood Blocking 17-3 Displaying Unicast Flood Blocking 17-3 Configuring the IP Permit List 18-1 Understanding How the IP Permit List Works 18-1 IP Permit List Default Configuration 18-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...
...-8 Setting the Shutdown Time 16-9 Disabling Port Security 16-9 Restricting Traffic for a Host MAC Address 16-10 Monitoring Port Security 16-10 Configuring Unicast Flood Blocking 17-1 Understanding How Unicast Flood Blocking Works 17-1 Configuration Guidelines for Unicast Flood Blocking...Switch 17-2 Enabling Unicast Flood Blocking 17-2 Disabling Unicast Flood Blocking 17-3 Displaying Unicast Flood Blocking 17-3 Configuring the IP Permit List 18-1 Understanding How the IP Permit List Works 18-1 IP Permit List Default Configuration 18-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...
Software Guide
Page 14
... Using Secure Shell Encryption for Telnet Sessions 20-7 Monitoring User Sessions 20-8 Using Ping 20-9 Understanding How Ping Works 20-9 Executing Ping 20-10 Using Layer 2 Traceroute 20-11 Layer 2 Traceroute Usage Guidelines 20-11 Identifying a Layer 2 Path 20-11 Using IP Traceroute 20-12 ...IP Traceroute 20-12 Configuring CDP 21-1 Understanding How CDP Works 21-1 Default CDP Configuration 21-2 Configuring CDP on the Switch 21-2 Setting the CDP Global Enable State 21-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xiv 78-15486-01
... Using Secure Shell Encryption for Telnet Sessions 20-7 Monitoring User Sessions 20-8 Using Ping 20-9 Understanding How Ping Works 20-9 Executing Ping 20-10 Using Layer 2 Traceroute 20-11 Layer 2 Traceroute Usage Guidelines 20-11 Identifying a Layer 2 Path 20-11 Using IP Traceroute 20-12 ...IP Traceroute 20-12 Configuring CDP 21-1 Understanding How CDP Works 21-1 Default CDP Configuration 21-2 Configuring CDP on the Switch 21-2 Setting the CDP Global Enable State 21-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xiv 78-15486-01
Software Guide
Page 220
... the auxiliary VLAN ID changes. - Configuring Auxiliary VLANs Chapter 10 Configuring VLANs Figure 10-2 Switch-to-Phone Connections Cisco IP Phone 7960 Catalyst switch 10/100 module Phone ASIC P2 P1 3-port P3 switch Access port Workstation/PC 38204 When the IP phone connects to a 10/100 port on the Catalyst 4500 series switch, the access port (PC-to-phone jack) of the...
... the auxiliary VLAN ID changes. - Configuring Auxiliary VLANs Chapter 10 Configuring VLANs Figure 10-2 Switch-to-Phone Connections Cisco IP Phone 7960 Catalyst switch 10/100 module Phone ASIC P2 P1 3-port P3 switch Access port Workstation/PC 38204 When the IP phone connects to a 10/100 port on the Catalyst 4500 series switch, the access port (PC-to-phone jack) of the...
Software Guide
Page 431
...stations, you daisy chain a second phone off the phone that support inline power. Table 28-3 Switch Components Supporting Inline Power Switch Chassis Catalyst 4006 Catalyst 4503 Catalyst 4506 Modules WS-X4148-RJ45V WS-X4148-RJ45V Power Supplies Catalyst 4000 Series Power Entry Module (PEM) 1300 W AC 2800 W AC 1400 W DC You... if the end station requires power. An access point or IP phone is 100 percent efficient. you need to the voice circuit. The Catalyst 4006 switch and the Catalyst 4500 series switches can also be connected to an AC power source and supply its own power...
...stations, you daisy chain a second phone off the phone that support inline power. Table 28-3 Switch Components Supporting Inline Power Switch Chassis Catalyst 4006 Catalyst 4503 Catalyst 4506 Modules WS-X4148-RJ45V WS-X4148-RJ45V Power Supplies Catalyst 4000 Series Power Entry Module (PEM) 1300 W AC 2800 W AC 1400 W DC You... if the end station requires power. An access point or IP phone is 100 percent efficient. you need to the voice circuit. The Catalyst 4006 switch and the Catalyst 4500 series switches can also be connected to an AC power source and supply its own power...
Software Guide
Page 434
... will not discover the powered device. Figure 28-1 Power Detection Summary Catalyst Switch Inline power switching module Cisco legacy powered device Switching module discovers the powered device using proprietary discovery mechanism Inline power switching module Inline power switching module Third party powered device Wall-power Switching module will not know about powered device unless powered device has a separate...
... will not discover the powered device. Figure 28-1 Power Detection Summary Catalyst Switch Inline power switching module Cisco legacy powered device Switching module discovers the powered device using proprietary discovery mechanism Inline power switching module Inline power switching module Third party powered device Wall-power Switching module will not know about powered device unless powered device has a separate...
Software Guide
Page 452
... None specified 5 sec 0 (servers not marked dead) 2 times 30-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Configuring Authentication Chapter 30 Configuring Switch Access Using AAA Figure 30-2 Non-Kerberized Telnet Connection Host (Telnet client) Kerberos server (contains KDC) 1 2 3 Catalyst switch 55510 Configuring Authentication The following sections describe how to...
... None specified 5 sec 0 (servers not marked dead) 2 times 30-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Configuring Authentication Chapter 30 Configuring Switch Access Using AAA Figure 30-2 Non-Kerberized Telnet Connection Host (Telnet client) Kerberos server (contains KDC) 1 2 3 Catalyst switch 55510 Configuring Authentication The following sections describe how to...
Software Guide
Page 500
...must support EAP within the native frame format. In this publication, we use host instead of supplicant because host is available in Cisco Secure Access Control Server version 3.0. it is used in the RADIUS format. The EAP frames are not modified or examined during...network have specific roles. (See Figure 31-1.) Figure 31-1 802.1x Device Roles Workstations (supplicants) Catalyst switch Authentication server (RADIUS) 79599 • Host-Requests access to the LAN and switch services and responds to the authentication server, the Ethernet header is stripped and the remaining EAP frame...
...must support EAP within the native frame format. In this publication, we use host instead of supplicant because host is available in Cisco Secure Access Control Server version 3.0. it is used in the RADIUS format. The EAP frames are not modified or examined during...network have specific roles. (See Figure 31-1.) Figure 31-1 802.1x Device Roles Workstations (supplicants) Catalyst switch Authentication server (RADIUS) 79599 • Host-Requests access to the LAN and switch services and responds to the authentication server, the Ethernet header is stripped and the remaining EAP frame...
Software Guide
Page 501
...31-4. Figure 31-2 shows a message exchange that the host has been successfully authenticated. Figure 31-2 Message Exchange Supplicant Catalyst switch Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success ... Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 79598 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 31-3 For more information, see the "Ports in the authorized state. ...
...31-4. Figure 31-2 shows a message exchange that the host has been successfully authenticated. Figure 31-2 Message Exchange Supplicant Catalyst switch Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success ... Access-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 79598 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 31-3 For more information, see the "Ports in the authorized state. ...