Software Guide
Page 1
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide Software Release 8.1 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7815486= Text Part Number: 78-15486-01
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide Software Release 8.1 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7815486= Text Part Number: 78-15486-01
Software Guide
Page 2
... ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. All rights reserved. All other company. (0304R) Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide Copyright © 2000-2003, Cisco Systems, Inc. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF...
... ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. All rights reserved. All other company. (0304R) Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide Copyright © 2000-2003, Cisco Systems, Inc. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF...
Software Guide
Page 3
... Ordering Documentation xxvii Documentation Feedback xxviii Obtaining Technical Assistance xxviii Cisco.com xxviii Technical Assistance Center xxix Obtaining Additional Publications and Information xxx Product Overview 1-1 Catalyst 4000 Series Switches 1-1 Catalyst 2948G Switch 1-2 Catalyst 2980G Switch 1-3 Supervisor Engine Software 1-3 Using the Command-Line Interface 2-1 Switch CLI Overview 2-1 Accessing the Switch CLI 2-2 Accessing the CLI Through the Console Port 2-2 Accessing the...
... Ordering Documentation xxvii Documentation Feedback xxviii Obtaining Technical Assistance xxviii Cisco.com xxviii Technical Assistance Center xxix Obtaining Additional Publications and Information xxx Product Overview 1-1 Catalyst 4000 Series Switches 1-1 Catalyst 2948G Switch 1-2 Catalyst 2980G Switch 1-3 Supervisor Engine Software 1-3 Using the Command-Line Interface 2-1 Switch CLI Overview 2-1 Accessing the Switch CLI 2-2 Accessing the CLI Through the Console Port 2-2 Accessing the...
Software Guide
Page 4
... 2-8 Specifying IP Addresses, Host Names, and IP Aliases 2-8 ROM Monitor CLI 2-9 Example of a Catalyst 4003 Bootup Display 2-9 Configuring the Switch IP Address and Default Gateway 3-1 Understanding How the Switch Management Interfaces Work 3-1 Understanding How Automatic IP Configuration Works 3-2 Automatic IP Configuration Overview 3-2 Understanding DHCP ... State Ethernet and Fast Ethernet Port Timeout Periods 4-7 Checking Ethernet and Fast Ethernet Port Connectivity 4-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 iv 78-15486-01
... 2-8 Specifying IP Addresses, Host Names, and IP Aliases 2-8 ROM Monitor CLI 2-9 Example of a Catalyst 4003 Bootup Display 2-9 Configuring the Switch IP Address and Default Gateway 3-1 Understanding How the Switch Management Interfaces Work 3-1 Understanding How Automatic IP Configuration Works 3-2 Automatic IP Configuration Overview 3-2 Understanding DHCP ... State Ethernet and Fast Ethernet Port Timeout Periods 4-7 Checking Ethernet and Fast Ethernet Port Connectivity 4-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 iv 78-15486-01
Software Guide
Page 5
Contents 5 C H A P T E R 6 C H A P T E R 78-15486-01 Configuring Gigabit Ethernet Switching 5-1 Understanding How Gigabit Ethernet Works 5-1 Understanding How Gigabit Ethernet Flow Control Works 5-1 Understanding How Port Negotiation Works 5-3 Understanding How Oversubscribed ...EtherChannel Bundle 6-9 Displaying EtherChannel Configuration Information 6-10 Displaying EtherChannel Traffic Statistics 6-11 Displaying EtherChannel PAgP Statistics 6-12 EtherChannel Configuration Examples 6-12 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 v
Contents 5 C H A P T E R 6 C H A P T E R 78-15486-01 Configuring Gigabit Ethernet Switching 5-1 Understanding How Gigabit Ethernet Works 5-1 Understanding How Gigabit Ethernet Flow Control Works 5-1 Understanding How Port Negotiation Works 5-3 Understanding How Oversubscribed ...EtherChannel Bundle 6-9 Displaying EtherChannel Configuration Information 6-10 Displaying EtherChannel Traffic Statistics 6-11 Displaying EtherChannel PAgP Statistics 6-12 EtherChannel Configuration Examples 6-12 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 v
Software Guide
Page 6
...22 7 C H A P T E R Configuring Spanning Tree 7-1 Understanding How STPs Work 7-2 Understanding How a Topology Is Created 7-2 Understanding How a Switch or Port Becomes the Root Switch or Root Port 7-3 Understanding BPDUs 7-4 Calculating and Assigning Port Costs 7-4 Understanding Spanning Tree Port States 7-5 Understanding How PVST+ and MISTP Modes Work 7-11...Tree Protocol 7-16 MST-to-SST Interoperability 7-17 Common Spanning Tree 7-18 MST Instances 7-18 MST Configuration 7-18 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 vi 78-15486-01
...22 7 C H A P T E R Configuring Spanning Tree 7-1 Understanding How STPs Work 7-2 Understanding How a Topology Is Created 7-2 Understanding How a Switch or Port Becomes the Root Switch or Root Port 7-3 Understanding BPDUs 7-4 Calculating and Assigning Port Costs 7-4 Understanding Spanning Tree Port States 7-5 Understanding How PVST+ and MISTP Modes Work 7-11...Tree Protocol 7-16 MST-to-SST Interoperability 7-17 Common Spanning Tree 7-18 MST Instances 7-18 MST Configuration 7-18 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 vi 78-15486-01
Software Guide
Page 7
...MISTP Instance 7-36 Disabling MISTP-PVST+ or MISTP 7-39 Configuring a Root Switch 7-39 Configuring a Primary Root Switch 7-39 Configuring a Secondary Root Switch 7-40 Configuring a Root Switch to Improve Convergence 7-41 Using Root Guard-Preventing Switches from Becoming Root 7-43 Displaying Spanning Tree BPDU Statistics 7-43 Configuring Spanning...57 Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast, BackboneFast, and Loop Guard 8-1 Understanding How PortFast Works 8-1 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 vii
...MISTP Instance 7-36 Disabling MISTP-PVST+ or MISTP 7-39 Configuring a Root Switch 7-39 Configuring a Primary Root Switch 7-39 Configuring a Secondary Root Switch 7-40 Configuring a Root Switch to Improve Convergence 7-41 Using Root Guard-Preventing Switches from Becoming Root 7-43 Displaying Spanning Tree BPDU Statistics 7-43 Configuring Spanning...57 Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast, BackboneFast, and Loop Guard 8-1 Understanding How PortFast Works 8-1 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 vii
Software Guide
Page 8
... VTP Version 2 9-3 Understanding VTP Pruning 9-4 Default VTP Version 1 and Version 2 Configuration 9-5 VTP Version 1 and Version 2 Configuration Guidelines 9-6 Configuring VTP Version 1 and Version 2 9-6 Configuring a VTP Server 9-7 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 viii 78-15486-01
... VTP Version 2 9-3 Understanding VTP Pruning 9-4 Default VTP Version 1 and Version 2 Configuration 9-5 VTP Version 1 and Version 2 Configuration Guidelines 9-6 Configuring VTP Version 1 and Version 2 9-6 Configuring a VTP Server 9-7 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 viii 78-15486-01
Software Guide
Page 9
... How VLANs Work 10-1 VLAN Ranges 10-3 Configurable VLAN Parameters 10-4 VLAN Default Configuration 10-4 VLAN Configuration Guidelines 10-5 Configuring VLANs on the Switch 10-6 Creating or Modifying an Ethernet VLAN 10-6 Creating or Modifying a Normal-Range Ethernet VLAN 10-7 Creating or Modifying an Extended-Range VLAN ...10-9 Assigning Switch Ports to a VLAN 10-10 Mapping 802.1Q VLANs to ISL VLANs 10-11 Clearing 802.1Q-to-ISL VLAN Mappings 10-12 Deleting...
... How VLANs Work 10-1 VLAN Ranges 10-3 Configurable VLAN Parameters 10-4 VLAN Default Configuration 10-4 VLAN Configuration Guidelines 10-5 Configuring VLANs on the Switch 10-6 Creating or Modifying an Ethernet VLAN 10-6 Creating or Modifying a Normal-Range Ethernet VLAN 10-7 Creating or Modifying an Extended-Range VLAN ...10-9 Assigning Switch Ports to a VLAN 10-10 Mapping 802.1Q VLANs to ISL VLANs 10-11 Clearing 802.1Q-to-ISL VLAN Mappings 10-12 Deleting...
Software Guide
Page 10
... 12-7 Configuring VMPS Clients 12-8 Monitoring VMPS 12-9 Maintaining VMPS 12-9 Configuring Static Ports 12-10 Troubleshooting VMPS and Dynamic Port VLAN Membership 12-11 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 x 78-15486-01
... 12-7 Configuring VMPS Clients 12-8 Monitoring VMPS 12-9 Maintaining VMPS 12-9 Configuring Static Ports 12-10 Troubleshooting VMPS and Dynamic Port VLAN Membership 12-11 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 x 78-15486-01
Software Guide
Page 11
...GVRP Works 13-1 GVRP Hardware and Software Requirements 13-1 Default GVRP Configuration 13-2 GVRP Configuration Guidelines 13-2 Configuring GVRP on the Switch 13-2 Enabling GVRP Globally 13-2 Enabling GVRP on Individual 802.1Q Trunk Ports 13-3 Enabling GVRP Dynamic VLAN Creation 13-4 ... Value for the Switch 14-5 Reverting to the Default Switch CoS Value 14-5 Mapping CoS Values to Transmit Queues and Drop Thresholds 14-6 Reverting to the Default CoS-to-Transmit Queue and Drop Threshold Mapping 14-6 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release...
...GVRP Works 13-1 GVRP Hardware and Software Requirements 13-1 Default GVRP Configuration 13-2 GVRP Configuration Guidelines 13-2 Configuring GVRP on the Switch 13-2 Enabling GVRP Globally 13-2 Enabling GVRP on Individual 802.1Q Trunk Ports 13-3 Enabling GVRP Dynamic VLAN Creation 13-4 ... Value for the Switch 14-5 Reverting to the Default Switch CoS Value 14-5 Mapping CoS Values to Transmit Queues and Drop Thresholds 14-6 Reverting to the Default CoS-to-Transmit Queue and Drop Threshold Mapping 14-6 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release...
Software Guide
Page 12
...15-8 Configuring GMRP 15-9 GMRP Software Requirements 15-9 Default GMRP Configuration 15-9 Enabling GMRP Globally 15-9 Enabling GMRP on Individual Switch Ports 15-10 Disabling GMRP on Individual Switch Ports 15-10 Enabling GMRP Forward-All Option 15-11 Disabling GMRP Forward-All Option 15-11 Configuring GMRP Registration 15-12... Router Ports and Group Entries 15-15 Specifying Multicast Router Ports 15-16 Configuring Multicast Groups 15-16 Disabling Multicast Router Ports 15-17 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xii 78-15486-01
...15-8 Configuring GMRP 15-9 GMRP Software Requirements 15-9 Default GMRP Configuration 15-9 Enabling GMRP Globally 15-9 Enabling GMRP on Individual Switch Ports 15-10 Disabling GMRP on Individual Switch Ports 15-10 Enabling GMRP Forward-All Option 15-11 Disabling GMRP Forward-All Option 15-11 Configuring GMRP Registration 15-12... Router Ports and Group Entries 15-15 Specifying Multicast Router Ports 15-16 Configuring Multicast Groups 15-16 Disabling Multicast Router Ports 15-17 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xii 78-15486-01
Software Guide
Page 13
...MAC Address 16-2 Blocking Unicast Flood Packets on Secure Ports 16-3 Port Security Configuration Guidelines 16-3 Configuring Port Security on the Switch 16-3 Enabling Port Security 16-3 Setting the Maximum Number of Secure MAC Addresses 16-4 Setting the Port Security Age Time 16-5... 17-1 Understanding How Unicast Flood Blocking Works 17-1 Configuration Guidelines for Unicast Flood Blocking 17-2 Configuring Unicast Flood Blocking on the Switch 17-2 Enabling Unicast Flood Blocking 17-2 Disabling Unicast Flood Blocking 17-3 Displaying Unicast Flood Blocking 17-3 Configuring the IP Permit List...
...MAC Address 16-2 Blocking Unicast Flood Packets on Secure Ports 16-3 Port Security Configuration Guidelines 16-3 Configuring Port Security on the Switch 16-3 Enabling Port Security 16-3 Setting the Maximum Number of Secure MAC Addresses 16-4 Setting the Port Security Age Time 16-5... 17-1 Understanding How Unicast Flood Blocking Works 17-1 Configuration Guidelines for Unicast Flood Blocking 17-2 Configuring Unicast Flood Blocking on the Switch 17-2 Enabling Unicast Flood Blocking 17-2 Disabling Unicast Flood Blocking 17-3 Displaying Unicast Flood Blocking 17-3 Configuring the IP Permit List...
Software Guide
Page 14
... Configuring Protocol Filtering 19-1 Understanding How Protocol Filtering Works 19-1 Default Protocol Filtering Configuration 19-2 Configuring Protocol Filtering on the Switch 19-2 Configuring Protocol Filtering 19-2 Disabling Protocol Filtering 19-3 Checking Status and Connectivity 20-1 Checking Module Status 20-1 Checking Port...CDP 21-1 Understanding How CDP Works 21-1 Default CDP Configuration 21-2 Configuring CDP on the Switch 21-2 Setting the CDP Global Enable State 21-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xiv 78-15486-01
... Configuring Protocol Filtering 19-1 Understanding How Protocol Filtering Works 19-1 Default Protocol Filtering Configuration 19-2 Configuring Protocol Filtering on the Switch 19-2 Configuring Protocol Filtering 19-2 Disabling Protocol Filtering 19-3 Checking Status and Connectivity 20-1 Checking Module Status 20-1 Checking Port...CDP 21-1 Understanding How CDP Works 21-1 Default CDP Configuration 21-2 Configuring CDP on the Switch 21-2 Setting the CDP Global Enable State 21-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xiv 78-15486-01
Software Guide
Page 220
... the quality of the switch. Reset the Cisco IP Phone if the auxiliary VLAN ID changes. - Configuring Auxiliary VLANs Chapter 10 Configuring VLANs Figure 10-2 Switch-to-Phone Connections Cisco IP Phone 7960 Catalyst switch 10/100 module Phone ASIC P2 P1 3-port P3 switch Access port Workstation/PC... 38204 When the IP phone connects to a 10/100 port on the Catalyst 4500 series switch, the access port (PC-to-...
... the quality of the switch. Reset the Cisco IP Phone if the auxiliary VLAN ID changes. - Configuring Auxiliary VLANs Chapter 10 Configuring VLANs Figure 10-2 Switch-to-Phone Connections Cisco IP Phone 7960 Catalyst switch 10/100 module Phone ASIC P2 P1 3-port P3 switch Access port Workstation/PC... 38204 When the IP phone connects to a 10/100 port on the Catalyst 4500 series switch, the access port (PC-to-...
Software Guide
Page 431
... module. • Maximum power that is available per port and is no power on the circuit. Table 28-3 Switch Components Supporting Inline Power Switch Chassis Catalyst 4006 Catalyst 4503 Catalyst 4506 Modules WS-X4148-RJ45V WS-X4148-RJ45V Power Supplies Catalyst 4000 Series Power Entry Module (PEM) 1300 W AC 2800 W AC 1400 W DC You can set each port...
... module. • Maximum power that is available per port and is no power on the circuit. Table 28-3 Switch Components Supporting Inline Power Switch Chassis Catalyst 4006 Catalyst 4503 Catalyst 4506 Modules WS-X4148-RJ45V WS-X4148-RJ45V Power Supplies Catalyst 4000 Series Power Entry Module (PEM) 1300 W AC 2800 W AC 1400 W DC You can set each port...
Software Guide
Page 434
... management mode set redundant mode on the Catalyst 4500 series switches and the Catalyst 4006 switch. Figure 28-1 Power Detection Summary Catalyst Switch Inline power switching module Cisco legacy powered device Switching module discovers the powered device using proprietary discovery mechanism Inline power switching module Inline power switching module Third party powered device Wall-power Switching module will not know about powered...
... management mode set redundant mode on the Catalyst 4500 series switches and the Catalyst 4006 switch. Figure 28-1 Power Detection Summary Catalyst Switch Inline power switching module Cisco legacy powered device Switching module discovers the powered device using proprietary discovery mechanism Inline power switching module Inline power switching module Third party powered device Wall-power Switching module will not know about powered...
Software Guide
Page 452
...None specified Port 1812 None specified 5 sec 0 (servers not marked dead) 2 times 30-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Authentication Default Configuration Table 30-2 shows the default configuration ...for authentication. Configuring Authentication Chapter 30 Configuring Switch Access Using AAA Figure 30-2 Non-Kerberized Telnet Connection Host (Telnet client) Kerberos server (contains KDC) 1 2 3 Catalyst switch 55510 Configuring Authentication The following sections describe how to...
...None specified Port 1812 None specified 5 sec 0 (servers not marked dead) 2 times 30-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Authentication Default Configuration Table 30-2 shows the default configuration ...for authentication. Configuring Authentication Chapter 30 Configuring Switch Access Using AAA Figure 30-2 Non-Kerberized Telnet Connection Host (Telnet client) Kerberos server (contains KDC) 1 2 3 Catalyst switch 55510 Configuring Authentication The following sections describe how to...
Software Guide
Page 500
... specific roles. (See Figure 31-1.) Figure 31-1 802.1x Device Roles Workstations (supplicants) Catalyst switch Authentication server (RADIUS) 79599 • Host-Requests access to the LAN and switch services and responds to requests from the authentication server, the server's frame header is removed,...is then encapsulated for client or host. You can restrict traffic in Cisco Secure Access Control Server version 3.0. RADIUS operates in a client/server model in which is reencapsulated in the Catalyst 4000 family CLI syntax. • Authentication server-Performs the actual ...
... specific roles. (See Figure 31-1.) Figure 31-1 802.1x Device Roles Workstations (supplicants) Catalyst switch Authentication server (RADIUS) 79599 • Host-Requests access to the LAN and switch services and responds to requests from the authentication server, the server's frame header is removed,...is then encapsulated for client or host. You can restrict traffic in Cisco Secure Access Control Server version 3.0. RADIUS operates in a client/server model in which is reencapsulated in the Catalyst 4000 family CLI syntax. • Authentication server-Performs the actual ...
Software Guide
Page 501
... network access device, any EAPOL frames from down to request the host's identity. Figure 31-2 Message Exchange Supplicant Catalyst switch Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success ...-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 79598 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 31-3 Chapter 31 Configuring 802.1x Authentication Understanding How 802.1x Authentication...
... network access device, any EAPOL frames from down to request the host's identity. Figure 31-2 Message Exchange Supplicant Catalyst switch Authentication server (RADIUS) EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/OTP EAP-Response/OTP EAP-Success ...-Challenge RADIUS Access-Request RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized 79598 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 31-3 Chapter 31 Configuring 802.1x Authentication Understanding How 802.1x Authentication...