Software Configuration Guide
Page 9
...Switch-Based Authentication 9-1 Preventing Unauthorized Access to Your Switch 9-1 Protecting Access to Privileged EXEC Commands 9-2 Default Password and Privilege Level Configuration 9-2 Setting or Changing a Static Enable Password 9-3 Protecting Enable and Enable Secret Passwords with Encryption 9-4 Disabling Password Recovery 9-5 Setting a Telnet Password for a Terminal Line 9-6 Configuring Username and Password... 9-17 Controlling Switch Access with RADIUS 9-18 Understanding RADIUS 9-18 RADIUS Operation 9-19 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide ix
...Switch-Based Authentication 9-1 Preventing Unauthorized Access to Your Switch 9-1 Protecting Access to Privileged EXEC Commands 9-2 Default Password and Privilege Level Configuration 9-2 Setting or Changing a Static Enable Password 9-3 Protecting Enable and Enable Secret Passwords with Encryption 9-4 Disabling Password Recovery 9-5 Setting a Telnet Password for a Terminal Line 9-6 Configuring Username and Password... 9-17 Controlling Switch Access with RADIUS 9-18 Understanding RADIUS 9-18 RADIUS Operation 9-19 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide ix
Software Configuration Guide
Page 17
...18-3 VTP Advertisements 18-3 VTP Version 2 18-4 VTP Pruning 18-4 Configuring VTP 18-6 Default VTP Configuration 18-6 VTP Configuration Options 18-7 VTP Configuration in Global Configuration Mode 18-7 ...VTP Configuration in VLAN Configuration Mode 18-7 VTP Configuration Guidelines 18-8 Domain Names 18-8 Passwords 18-8 Upgrading from Previous Software Releases 18-8 VTP Version 18-9 Configuration Requirements 18-9 Configuring ...14 Adding a VTP Client Switch to a VTP Domain 18-14 Monitoring VTP 18-16 Contents 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xvii
...18-3 VTP Advertisements 18-3 VTP Version 2 18-4 VTP Pruning 18-4 Configuring VTP 18-6 Default VTP Configuration 18-6 VTP Configuration Options 18-7 VTP Configuration in Global Configuration Mode 18-7 ...VTP Configuration in VLAN Configuration Mode 18-7 VTP Configuration Guidelines 18-8 Domain Names 18-8 Passwords 18-8 Upgrading from Previous Software Releases 18-8 VTP Version 18-9 Configuration Requirements 18-9 Configuring ...14 Adding a VTP Client Switch to a VTP Domain 18-14 Monitoring VTP 18-16 Contents 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xvii
Software Configuration Guide
Page 25
... 31-6 Understanding Load Balancing and Forwarding Methods 31-6 Configuring EtherChannels 31-7 Default EtherChannel Configuration 31-8 EtherChannel Configuration Guidelines 31-8 Configuring Layer 2 EtherChannels 31...Passwords on Non-LRE Catalyst 2950 Switches 32-2 Recovering from Lost or Forgotten Passwords on Catalyst 2950 LRE Switches 32-4 Password Recovery with Password Recovery Enabled 32-5 Procedure with Password Recovery Disabled 32-6 Recovering from Lost or Forgotten Passwords on Catalyst 2955 Switches 32-8 Recovering from a Command Switch Failure 32-10 Replacing a Failed Command Switch...
... 31-6 Understanding Load Balancing and Forwarding Methods 31-6 Configuring EtherChannels 31-7 Default EtherChannel Configuration 31-8 EtherChannel Configuration Guidelines 31-8 Configuring Layer 2 EtherChannels 31...Passwords on Non-LRE Catalyst 2950 Switches 32-2 Recovering from Lost or Forgotten Passwords on Catalyst 2950 LRE Switches 32-4 Password Recovery with Password Recovery Enabled 32-5 Procedure with Password Recovery Disabled 32-6 Recovering from Lost or Forgotten Passwords on Catalyst 2955 Switches 32-8 Recovering from a Command Switch Failure 32-10 Replacing a Failed Command Switch...
Software Configuration Guide
Page 57
...are not saved when the switch reboots. Using the configuration modes (global, interface, and line), you save the configuration, these sections: • Cisco IOS Command Modes, page 2-1 • Getting Help, page 2-3 • Abbreviating Commands, page 2-4 • Using no and default Forms of Commands, page... or interfaces. When you start at the system prompt to configure your Catalyst 2950 and Catalyst 2955 switches. To have access to all commands, you must enter a password to you depend on the switch, you can make changes to the running configuration. Normally, you must ...
...are not saved when the switch reboots. Using the configuration modes (global, interface, and line), you save the configuration, these sections: • Cisco IOS Command Modes, page 2-1 • Getting Help, page 2-3 • Abbreviating Commands, page 2-4 • Using no and default Forms of Commands, page... or interfaces. When you start at the system prompt to configure your Catalyst 2950 and Catalyst 2955 switches. To have access to all commands, you must enter a password to you depend on the switch, you can make changes to the running configuration. Normally, you must ...
Software Configuration Guide
Page 65
...section on the management station. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 2-9 For information about recalling previous command entries, see the "Configuring the Switch for a Terminal Line" section on the switch as described in all other Telnet sessions. For... "Setting a Telnet Password for Secure Shell" section on page 9-6. To use this type of access. For information about configuring the switch for Telnet access, see Chapter 5, "Assigning the Switch IP Address and Default Gateway." Then, to the switch hardware installation guide. ...
...section on the management station. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 2-9 For information about recalling previous command entries, see the "Configuring the Switch for a Terminal Line" section on the switch as described in all other Telnet sessions. For... "Setting a Telnet Password for Secure Shell" section on page 9-6. To use this type of access. For information about configuring the switch for Telnet access, see Chapter 5, "Assigning the Switch IP Address and Default Gateway." Then, to the switch hardware installation guide. ...
Software Configuration Guide
Page 87
... section on page 4-10. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-9 If you can have not configured a specific (nondefault) HTTP port and are using different Cisco IOS releases and that clusters can go to ...switch models using the enable password (or no password) for access to the switch, you have a mix of its Cisco IOS release for that switch appears (Catalyst 1900 and 2820 switches only). This is not registered with your browser first. Cisco IOS Release 12.1(6)EA1 or earlier - HTTP Access to CMS CMS uses the HTTP protocol (the default...
... section on page 4-10. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 4-9 If you can have not configured a specific (nondefault) HTTP port and are using different Cisco IOS releases and that clusters can go to ...switch models using the enable password (or no password) for access to the switch, you have a mix of its Cisco IOS release for that switch appears (Catalyst 1900 and 2820 switches only). This is not registered with your browser first. Cisco IOS Release 12.1(6)EA1 or earlier - HTTP Access to CMS CMS uses the HTTP protocol (the default...
Software Configuration Guide
Page 88
...default method of authentication (the enable password), you need to configure the HTTP server interface: Step 1 Step 2 Step 3 Step 4 Command configure terminal ip http authentication {enable | local | tacacs} end show running-config Purpose Enter global configuration mode. Beginning in the password field. 4-10 Catalyst 2950 and Catalyst 2955 Switch... you have configured the HTTP server interface, display the switch home page, as defined on the Cisco router or access server, is used. • tacacs-TACACS server is used on the switch. If no username is configured on page 4-10. ...
...default method of authentication (the enable password), you need to configure the HTTP server interface: Step 1 Step 2 Step 3 Step 4 Command configure terminal ip http authentication {enable | local | tacacs} end show running-config Purpose Enter global configuration mode. Beginning in the password field. 4-10 Catalyst 2950 and Catalyst 2955 Switch... you have configured the HTTP server interface, display the switch home page, as defined on the Cisco router or access server, is used. • tacacs-TACACS server is used on the switch. If no username is configured on page 4-10. ...
Software Configuration Guide
Page 95
... about installing and powering on self-test (POST) for the Catalyst 2950 or Catalyst 2955 switch by using a variety of the flash device that makes up the initial configuration (IP address, subnet mask, default gateway, secret and Telnet passwords, and so forth) of the Software Image, page 5-16 ... for this chapter, refer to create the initial switch configuration (for example, assign the switch IP address and default gateway information) for the CPU subsystem. It also describes how to follow the procedures in this release and the Cisco IOS IP and IP Routing Command Reference, Release...
... about installing and powering on self-test (POST) for the Catalyst 2950 or Catalyst 2955 switch by using a variety of the flash device that makes up the initial configuration (IP address, subnet mask, default gateway, secret and Telnet passwords, and so forth) of the Software Image, page 5-16 ... for this chapter, refer to create the initial switch configuration (for example, assign the switch IP address and default gateway information) for the CPU subsystem. It also describes how to follow the procedures in this release and the Cisco IOS IP and IP Routing Command Reference, Release...
Software Configuration Guide
Page 96
...manually by using the XMODEM Protocol, recover from Lost or Forgotten Passwords on Catalyst 2955 Switches" section on page 32-8. Non-LRE Catalyst 2950 switches running a release prior to Cisco IOS Release 12.1(14)EA1 and Catalyst 2950 LRE switches running a release prior to provide security during remote management) and ...using the CLI. With these of the setup programs. Note The Catalyst 2955 switches do not support Express Setup. If you can also configure a default gateway, a host name, and a switch (enable secret) password. You also have connected a PC or terminal to the console ...
...manually by using the XMODEM Protocol, recover from Lost or Forgotten Passwords on Catalyst 2955 Switches" section on page 32-8. Non-LRE Catalyst 2950 switches running a release prior to Cisco IOS Release 12.1(14)EA1 and Catalyst 2950 LRE switches running a release prior to provide security during remote management) and ...using the CLI. With these of the setup programs. Note The Catalyst 2955 switches do not support Express Setup. If you can also configure a default gateway, a host name, and a switch (enable secret) password. You also have connected a PC or terminal to the console ...
Software Configuration Guide
Page 97
... is defined. No default gateway is defined. No cluster name is defined. The switch can act as a standalone switch. Note If you to configure your switch (DHCP client) is automatically configured at startup with IP address information and a configuration file. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 5-3 Disabled. No password is Switch. Understanding DHCP-Based...
... is defined. No default gateway is defined. No cluster name is defined. The switch can act as a standalone switch. Note If you to configure your switch (DHCP client) is automatically configured at startup with IP address information and a configuration file. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 5-3 Disabled. No password is Switch. Understanding DHCP-Based...
Software Configuration Guide
Page 141
... from the command switch, was removed from the command-switch password and save the change, the switch is configured, the member switch inherits a null password. The switches support an unlimited number of the command switch in the new cluster (such as each switch joins the cluster. The default host name for those switches. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide...
... from the command switch, was removed from the command-switch password and save the change, the switch is configured, the member switch inherits a null password. The switches support an unlimited number of the command switch in the new cluster (such as each switch joins the cluster. The default host name for those switches. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide...
Software Configuration Guide
Page 142
...cluster has these member switches running Cisco IOS Release 12.1(6)EA1 or earlier For more information about TACACS+, see the "Controlling Switch Access with the management VLAN, which by default is configured on a...Catalyst 2950 member switches running Cisco IOS Release 12.0(5)WC2 or earlier - Catalyst 1900 and Catalyst 2820 - Similarly, if RADIUS is configured on a cluster member, it must be configured on page 4-7. The IP address is associated with RADIUS" section on page 9-10. Further, the same switch cluster cannot have some configuration windows for a user name and password...
...cluster has these member switches running Cisco IOS Release 12.1(6)EA1 or earlier For more information about TACACS+, see the "Controlling Switch Access with the management VLAN, which by default is configured on a...Catalyst 2950 member switches running Cisco IOS Release 12.0(5)WC2 or earlier - Catalyst 1900 and Catalyst 2820 - Similarly, if RADIUS is configured on a cluster member, it must be configured on page 4-7. The IP address is associated with RADIUS" section on page 9-10. Further, the same switch cluster cannot have some configuration windows for a user name and password...
Software Configuration Guide
Page 144
... a password to the command switch when you designate as described in the switch hardware installation guide, and followed the guidelines described in the cluster be the command switch: • If your switch cluster has a Catalyst 3550 switch, that switch should be the command switch. • If your switch cluster has Catalyst 2900 XL, Catalyst 2940, Catalyst 2950, Catalyst 2950 LRE, Catalyst 2955, and Catalyst 3500 XL switches, the Catalyst 2950 or Catalyst...
... a password to the command switch when you designate as described in the switch hardware installation guide, and followed the guidelines described in the cluster be the command switch: • If your switch cluster has a Catalyst 3550 switch, that switch should be the command switch. • If your switch cluster has Catalyst 2900 XL, Catalyst 2940, Catalyst 2950, Catalyst 2950 LRE, Catalyst 2955, and Catalyst 3500 XL switches, the Catalyst 2950 or Catalyst...
Software Configuration Guide
Page 150
...the command switch. Using SNMP to the access provided by default. Command-switch privilege levels map to the Catalyst 1900 and Catalyst 2820 member switches running Enterprise Edition Software. For more information about the Catalyst 1900 and Catalyst 2820 switches, refer to 14, the member switch is ...between the SNMP management station and the member switches. On Catalyst 1900 and Catalyst 2820 switches, SNMP is enabled if you are prompted for the password to the member switch. Using SNMP to communicate with the command switch if there is accessed at privilege level ...
...the command switch. Using SNMP to the access provided by default. Command-switch privilege levels map to the Catalyst 1900 and Catalyst 2820 member switches running Enterprise Edition Software. For more information about the Catalyst 1900 and Catalyst 2820 switches, refer to 14, the member switch is ...between the SNMP management station and the member switches. On Catalyst 1900 and Catalyst 2820 switches, SNMP is enabled if you are prompted for the password to the member switch. Using SNMP to communicate with the command switch if there is accessed at privilege level ...
Software Configuration Guide
Page 182
... commands users can enter after they have logged into a network device. Table 9-1 Default Password and Privilege Levels Feature Enable password and privilege level Enable secret password and privilege level Line password Default Setting No password is to use passwords and assign privilege levels. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-2 78-11380-10 Protecting Access to Privileged EXEC Commands Chapter...
... commands users can enter after they have logged into a network device. Table 9-1 Default Password and Privilege Levels Feature Enable password and privilege level Enable secret password and privilege level Line password Default Setting No password is to use passwords and assign privilege levels. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-2 78-11380-10 Protecting Access to Privileged EXEC Commands Chapter...
Software Configuration Guide
Page 183
... privileged EXEC mode. By default, no enable password global configuration command. It can contain the question mark (?) character if you precede the question mark with the Ctrl-v; When the system prompts you to level 15 (traditional privileged EXEC mode access): Switch(config)# enable password l1u2c3k4y5 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-3 The...
... privileged EXEC mode. By default, no enable password global configuration command. It can contain the question mark (?) character if you precede the question mark with the Ctrl-v; When the system prompts you to level 15 (traditional privileged EXEC mode access): Switch(config)# enable password l1u2c3k4y5 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-3 The...
Software Configuration Guide
Page 658
...on the remote server with the Cisco IOS File System, Configuration Files, and Software Images Step 4 Step 5 Step 6 Step 7 Command Purpose ip ftp username username (Optional) Change the default remote username. or copy ftp:[[[//[username[:password]@]location]/directory] /filename] nvram:....16.101.101/host1-confg system:running -config file. ip ftp password password (Optional) Change the default password. B-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Log into the switch through the console port or a Telnet session. The software copies the...
...on the remote server with the Cisco IOS File System, Configuration Files, and Software Images Step 4 Step 5 Step 6 Step 7 Command Purpose ip ftp username username (Optional) Change the default remote username. or copy ftp:[[[//[username[:password]@]location]/directory] /filename] nvram:....16.101.101/host1-confg system:running -config file. ip ftp password password (Optional) Change the default password. B-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Log into the switch through the console port or a Telnet session. The software copies the...
Software Configuration Guide
Page 659
...default remote username or password (see Steps 4, 5, and 6). You only need to write [switch2-confg]? end Return to have read permission on the source file and write permission on a server by using FTP to which is required only if you . 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch... files must support RCP. ip ftp username username (Optional) Change the default remote username. ip ftp password password (Optional) Change the default password. Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with TFTP. ...
...default remote username or password (see Steps 4, 5, and 6). You only need to write [switch2-confg]? end Return to have read permission on the source file and write permission on a server by using FTP to which is required only if you . 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch... files must support RCP. ip ftp username username (Optional) Change the default remote username. ip ftp password password (Optional) Change the default password. Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with TFTP. ...
Software Configuration Guide
Page 669
...image from an FTP server and overwrite the existing image. If you override the default remote username or password (see Steps 4, 5, and 6). (Optional) Change the default remote username. (Optional) Change the default password. This step is required only if you do not have a valid username, this... a directory structure, the image file is written to privileged EXEC mode. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-25 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the username on the server,...
...image from an FTP server and overwrite the existing image. If you override the default remote username or password (see Steps 4, 5, and 6). (Optional) Change the default remote username. (Optional) Change the default password. This step is required only if you do not have a valid username, this... a directory structure, the image file is written to privileged EXEC mode. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide B-25 Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the username on the server,...
Software Configuration Guide
Page 671
... file-url, enter the directory name of the same type. ip ftp password password (Optional) Change the default password. These must be uploaded. You can upload an image from the switch to be associated with Software Images The algorithm installs the downloaded image onto the... the Cisco IOS File System, Configuration Files, and Software Images Working with an account on the FTP server. ip ftp username username (Optional) Change the default remote username. The upload feature should be stored on the server. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software...
... file-url, enter the directory name of the same type. ip ftp password password (Optional) Change the default password. These must be uploaded. You can upload an image from the switch to be associated with Software Images The algorithm installs the downloaded image onto the... the Cisco IOS File System, Configuration Files, and Software Images Working with an account on the FTP server. ip ftp username username (Optional) Change the default remote username. The upload feature should be stored on the server. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software...