Software Configuration Guide
Page 29
...for this release. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xxix The cryptographic EI provides support for using this guide does not provide the command-line interface (CLI) procedures. The Catalyst 2955 switch also supports an additional set of features...SSP). The EI provides a richer set of features that have experience working with the Cisco IOS and be familiar with other documents for information about CMS requirements and the procedures for the networking professional managing the Catalyst 2950 and 2955 switches, hereafter referred...
...for this release. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide xxix The cryptographic EI provides support for using this guide does not provide the command-line interface (CLI) procedures. The Catalyst 2955 switch also supports an additional set of features...SSP). The EI provides a richer set of features that have experience working with the Cisco IOS and be familiar with other documents for information about CMS requirements and the procedures for the networking professional managing the Catalyst 2950 and 2955 switches, hereafter referred...
Software Configuration Guide
Page 35
... packets. Table 1-1 Switches Supported Switch Catalyst 2950-12 Catalyst 2950-24 Catalyst 2950C-24 Catalyst 2950G-12-EI Catalyst 2950G-24-EI Catalyst 2950G-24-EI-DC Catalyst 2950G-48-EI Catalyst 2950ST-8 LRE Catalyst 2950ST-24 LRE Catalyst 2950ST-24 LRE 997 Catalyst 2950SX-24 Catalyst 2950SX-48-SI Catalyst 2950T-24 Catalyst 2950T-48-SI Software Image SI1 SI EI2 EI EI EI EI EI EI EI SI SI EI SI 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration...
... packets. Table 1-1 Switches Supported Switch Catalyst 2950-12 Catalyst 2950-24 Catalyst 2950C-24 Catalyst 2950G-12-EI Catalyst 2950G-24-EI Catalyst 2950G-24-EI-DC Catalyst 2950G-48-EI Catalyst 2950ST-8 LRE Catalyst 2950ST-24 LRE Catalyst 2950ST-24 LRE 997 Catalyst 2950SX-24 Catalyst 2950SX-48-SI Catalyst 2950T-24 Catalyst 2950T-48-SI Software Image SI1 SI EI2 EI EI EI EI EI EI EI SI SI EI SI 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration...
Software Configuration Guide
Page 36
... supported by certain Catalyst 2950 LRE switches. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-2 78-11380-10 Extended discovery of multiple switches (refer to the command switch. Table 1-2 LRE Switch and CPE Compatibility Matrix LRE Devices Catalyst 2950ST-8 LRE switch Cisco 575 LRE Yes CPE Cisco 576 LRE 997 No CPE Cisco 585 LRE Yes CPE Catalyst 2950ST-24 LRE switch Yes Catalyst 2950ST-24 LRE...
... supported by certain Catalyst 2950 LRE switches. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-2 78-11380-10 Extended discovery of multiple switches (refer to the command switch. Table 1-2 LRE Switch and CPE Compatibility Matrix LRE Devices Catalyst 2950ST-8 LRE switch Cisco 575 LRE Yes CPE Cisco 576 LRE 997 No CPE Cisco 585 LRE Yes CPE Catalyst 2950ST-24 LRE switch Yes Catalyst 2950ST-24 LRE...
Software Configuration Guide
Page 37
... the release notes. Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, and 2950G-48-EI switches running Cisco IOS Release 12.1(6)EA2...Switches" section on the same switch • Dynamic address learning for enhanced security Manageability • Cisco Intelligence Engine 2100 (IE2100) Series Cisco Networking Services (CNS) embedded agents for automating switch management, configuration storage and delivery (available only with the EI) • DHCP-based autoconfiguration for automatically configuring the switch during DHCP-based autoconfiguration Catalyst 2950 and Catalyst 2955 Switch...
... the release notes. Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, and 2950G-48-EI switches running Cisco IOS Release 12.1(6)EA2...Switches" section on the same switch • Dynamic address learning for enhanced security Manageability • Cisco Intelligence Engine 2100 (IE2100) Series Cisco Networking Services (CNS) embedded agents for automating switch management, configuration storage and delivery (available only with the EI) • DHCP-based autoconfiguration for automatically configuring the switch during DHCP-based autoconfiguration Catalyst 2950 and Catalyst 2955 Switch...
Software Configuration Guide
Page 38
...optic interfaces caused by unicast TFTP messages. Per-VLAN spanning-tree plus (PVST+) for achieving load balancing between the switch and other Cisco devices on the network • Network Time Protocol (NTP) for providing a consistent time stamp to all Ethernet ...a network and can forward traffic with the EI) • Cisco Discovery Protocol (CDP) versions 1 and 2 for network topology discovery and mapping between redundant uplinks, including Gigabit uplinks and cross-stack Gigabit uplinks Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-4 78-11380-10 Features...
...optic interfaces caused by unicast TFTP messages. Per-VLAN spanning-tree plus (PVST+) for achieving load balancing between the switch and other Cisco devices on the network • Network Time Protocol (NTP) for providing a consistent time stamp to all Ethernet ...a network and can forward traffic with the EI) • Cisco Discovery Protocol (CDP) versions 1 and 2 for network topology discovery and mapping between redundant uplinks, including Gigabit uplinks and cross-stack Gigabit uplinks Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-4 78-11380-10 Features...
Software Configuration Guide
Page 39
... patterns, and bandwidth Note The Catalyst 2950-12, Catalyst 2950-24, Catalyst 2950SX-24, Catalyst 2950SX-48-SI, and Catalyst 2950T-48-SI switches support only 64 port-based VLANs. • The switch supports up to 4094 VLAN IDs...an invalid configuration occurs • Protected port option for assigning users to VLANs associated with the EI) • IEEE 802.1Q trunking protocol on all ports for network moves, adds, and ...802.1Q) to be used • Voice VLAN for creating subnets for voice traffic from Cisco IP Phones • VLAN 1 minimization to reduce the risk of spanning-tree loops or storms...
... patterns, and bandwidth Note The Catalyst 2950-12, Catalyst 2950-24, Catalyst 2950SX-24, Catalyst 2950SX-48-SI, and Catalyst 2950T-48-SI switches support only 64 port-based VLANs. • The switch supports up to 4094 VLAN IDs...an invalid configuration occurs • Protected port option for assigning users to VLANs associated with the EI) • IEEE 802.1Q trunking protocol on all ports for network moves, adds, and ...802.1Q) to be used • Voice VLAN for creating subnets for voice traffic from Cisco IP Phones • VLAN 1 minimization to reduce the risk of spanning-tree loops or storms...
Software Configuration Guide
Page 40
...usage • Standard and extended IP access control lists (ACLs) for strict priority and weighted round-robin (WRR) CoS policies Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-6 78-11380-10 Flow-based packet classification (classification based on 10/100/1000 ports - If the IP ... of existing QoS features by classifying traffic and configuring egress queues (only available in the EI) - Support for IEEE 802.1p CoS scheduling for classification and preferential treatment of a Cisco IP Phone, trust the CoS value received, and ensure port security. IEEE 802.1p ...
...usage • Standard and extended IP access control lists (ACLs) for strict priority and weighted round-robin (WRR) CoS policies Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-6 78-11380-10 Flow-based packet classification (classification based on 10/100/1000 ports - If the IP ... of existing QoS features by classifying traffic and configuring egress queues (only available in the EI) - Support for IEEE 802.1p CoS scheduling for classification and preferential treatment of a Cisco IP Phone, trust the CoS value received, and ensure port security. IEEE 802.1p ...
Software Configuration Guide
Page 41
... that provide visual port and switch status • Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) for traffic monitoring on any port or VLAN Note RSPAN is available only in the EI. • SPAN support of Intrusion Detection Systems (IDSs) to monitor, repel, and...the Cisco LRE 48 POTS Splitter • Support for the rate selection, a utility that allows for automatic selection of transmission rates through sequences • Support for Reed-Solomon error correction • Support for a protected port on Catalyst 2950ST-24 LRE 997 switches Catalyst 2950 and Catalyst 2955 Switch ...
... that provide visual port and switch status • Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) for traffic monitoring on any port or VLAN Note RSPAN is available only in the EI. • SPAN support of Intrusion Detection Systems (IDSs) to monitor, repel, and...the Cisco LRE 48 POTS Splitter • Support for the rate selection, a utility that allows for automatic selection of transmission rates through sequences • Support for Reed-Solomon error correction • Support for a protected port on Catalyst 2950ST-24 LRE 997 switches Catalyst 2950 and Catalyst 2955 Switch ...
Software Configuration Guide
Page 56
...Catalyst 4500 multilayer switches Where to Go Next Before configuring the switch, review these sections for start up to 393,701 feet (74.5 miles or 120 km). Figure 1-8 shows a configuration for long-distance transmissions is sent at wavelengths from 1470 nm to the Cisco...Multiplexer (CWDM) fiber-optic GBIC modules installed. The Catalyst switches have the EI installed on the receiving end separate (or demultiplex)...Switch IP Address and Default Gateway" • Chapter 6, "Configuring IE2100 CNS Agents" 1-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
...Catalyst 4500 multilayer switches Where to Go Next Before configuring the switch, review these sections for start up to 393,701 feet (74.5 miles or 120 km). Figure 1-8 shows a configuration for long-distance transmissions is sent at wavelengths from 1470 nm to the Cisco...Multiplexer (CWDM) fiber-optic GBIC modules installed. The Catalyst switches have the EI installed on the receiving end separate (or demultiplex)...Switch IP Address and Default Gateway" • Chapter 6, "Configuring IE2100 CNS Agents" 1-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10
Software Configuration Guide
Page 113
Each Configuration Registrar manages a group of a user-defined external directory. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 6-1 In server mode, the Configuration Registrar supports the use the feature described in...delivering them to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual, and select Cisco IOS Software Release 12.2 > New Feature Documentation > 12.2(2)T on your Catalyst 2950 or Catalyst 2955 switch. In this chapter, you must have the enhanced software image (EI) installed on Cisco.com. The Configuration ...
Each Configuration Registrar manages a group of a user-defined external directory. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 6-1 In server mode, the Configuration Registrar supports the use the feature described in...delivering them to the Cisco Intelligence Engine 2100 Series Configuration Registrar Manual, and select Cisco IOS Software Release 12.2 > New Feature Documentation > 12.2(2)T on your Catalyst 2950 or Catalyst 2955 switch. In this chapter, you must have the enhanced software image (EI) installed on Cisco.com. The Configuration ...
Software Configuration Guide
Page 178
...static mac-addr vlan vlan-id [interface interface-id] global configuration command. 8-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Managing the MAC Address Table Chapter 8 Administering the Switch Adding and Removing Static Address Entries A static address has these steps to which ... • It can enter multiple interface IDs. You add a static address to all ports are 1 to 4094 when the enhanced software image (EI) is installed and 1 to 1005 when the SI is installed. • For interface-id, specify the interface to add a static address: Step...
...static mac-addr vlan vlan-id [interface interface-id] global configuration command. 8-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Managing the MAC Address Table Chapter 8 Administering the Switch Adding and Removing Static Address Entries A static address has these steps to which ... • It can enter multiple interface IDs. You add a static address to all ports are 1 to 4094 when the enhanced software image (EI) is installed and 1 to 1005 when the SI is installed. • For interface-id, specify the interface to add a static address: Step...
Software Configuration Guide
Page 179
...are dropped. • For vlan-id, specify the VLAN for which it is running the EI. Return to the MAC address table. Follow these guidelines when using this feature only if your switch is received. Packets with this MAC address as a static address. If you specify one ...the MAC Address Table This example shows how to add the static address c2f3.220a.12f4 to privileged EXEC mode. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-27 This feature is received in privileged EXEC mode, follow these messages appears: % Only unicast addresses can ...
...are dropped. • For vlan-id, specify the VLAN for which it is running the EI. Return to the MAC address table. Follow these guidelines when using this feature only if your switch is received. Packets with this MAC address as a static address. If you specify one ...the MAC Address Table This example shows how to add the static address c2f3.220a.12f4 to privileged EXEC mode. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-27 This feature is received in privileged EXEC mode, follow these messages appears: % Only unicast addresses can ...
Software Configuration Guide
Page 213
...use this release and with non-Cisco SSH servers. You can use this release and with non-Cisco SSH clients. The SSH server works with the SSH server supported in this feature, the cryptographic (encrypted) enhanced software image (EI) must obtain authorization to use ... the Triple DES (3DES) encryption algorithm, and password-based user authentication. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-33 You must be installed on the switch. Understanding SSH SSH is authenticated. The SSH client also works with the SSH client supported in...
...use this release and with non-Cisco SSH servers. You can use this release and with non-Cisco SSH clients. The SSH server works with the SSH server supported in this feature, the cryptographic (encrypted) enhanced software image (EI) must obtain authorization to use ... the Triple DES (3DES) encryption algorithm, and password-based user authentication. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-33 You must be installed on the switch. Understanding SSH SSH is authenticated. The SSH client also works with the SSH client supported in...
Software Configuration Guide
Page 224
...point Chapter 10 Configuring 802.1x Port-Based Authentication Authentication server (RADIUS) 101227 Using 802.1x with Port Security For switches running the enhanced software image (EI), you can enable an 802.1x port for port security in either single-host or multiple-hosts mode. The ... the port becomes unauthenticated, and all MAC addresses, including that you enable port security and 802.1x on page 22-7. 10-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 If the client's address is aged out, its place in either single-host or multiple-hosts mode...
...point Chapter 10 Configuring 802.1x Port-Based Authentication Authentication server (RADIUS) 101227 Using 802.1x with Port Security For switches running the enhanced software image (EI), you can enable an 802.1x port for port security in either single-host or multiple-hosts mode. The ... the port becomes unauthenticated, and all MAC addresses, including that you enable port security and 802.1x on page 22-7. 10-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 If the client's address is aged out, its place in either single-host or multiple-hosts mode...
Software Configuration Guide
Page 225
...voice VLAN port is a special access port associated with two VLAN identifiers: • VVID to carry voice traffic to a voice VLAN. Cisco IP phones do not relay CDP messages from appearing unexpectedly in its access VLAN after 802.1x authentication succeeds on the primary VLAN; For ...connected to the unauthorized state and remains in the configured access VLAN. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-7 Using 802.1x with VLAN Assignment For switches running the EI, you enable the multiple-hosts mode and an 802.1x client is authenticated on ...
...voice VLAN port is a special access port associated with two VLAN identifiers: • VVID to carry voice traffic to a voice VLAN. Cisco IP phones do not relay CDP messages from appearing unexpectedly in its access VLAN after 802.1x authentication succeeds on the primary VLAN; For ...connected to the unauthorized state and remains in the configured access VLAN. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-7 Using 802.1x with VLAN Assignment For switches running the EI, you enable the multiple-hosts mode and an 802.1x client is authenticated on ...
Software Configuration Guide
Page 226
...assignment feature is automatically enabled when you configure 802.1x on page 10-18. 10-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 If an 802.1x port is configured, the switch assigns clients to the guest VLAN. Any number of hosts are sent by the client,...is put into the unauthorized state in the user-configured access VLAN, and authentication is restarted. Using 802.1x with Guest VLAN For switches running the EI, you need to perform these situations occurs: • The authentication server does not receive a response to download the 802.1x client...
...assignment feature is automatically enabled when you configure 802.1x on page 10-18. 10-8 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 If an 802.1x port is configured, the switch assigns clients to the guest VLAN. Any number of hosts are sent by the client,...is put into the unauthorized state in the user-configured access VLAN, and authentication is restarted. Using 802.1x with Guest VLAN For switches running the EI, you need to perform these situations occurs: • The authentication server does not receive a response to download the 802.1x client...
Software Configuration Guide
Page 230
...AAA. For feature interaction information, see the "802.1x Configuration Guidelines" section on the switch, use the no dot1x system-auth-control global configuration command. 10-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Return to be used when a named list is automatically... group radius interface interface-id Step 7 dot1x port-control auto Step 8 end Step 9 show dot1x Step 10 copy running the EI), you must enable AAA authorization to be enabled for 802.1x authentication, and enter interface configuration mode. To create a default list...
...AAA. For feature interaction information, see the "802.1x Configuration Guidelines" section on the switch, use the no dot1x system-auth-control global configuration command. 10-12 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Return to be used when a named list is automatically... group radius interface interface-id Step 7 dot1x port-control auto Step 8 end Step 9 show dot1x Step 10 copy running the EI), you must enable AAA authorization to be enabled for 802.1x authentication, and enter interface configuration mode. To create a default list...
Software Configuration Guide
Page 235
... interface-id Step 3 dot1x host-mode multi-host Step 4 Step 5 Step 6 end show dot1x interface interface-id copy running the EI). Specify the interface to auto for multiple-hosts mode. Make sure that has the dot1x port-control interface configuration command set 5 as ...in privileged EXEC mode, follow these steps to allow multiple hosts: Switch(config)# interface fastethernet0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x host-mode multi-host 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-17 This example shows how to enable ...
... interface-id Step 3 dot1x host-mode multi-host Step 4 Step 5 Step 6 end show dot1x interface interface-id copy running the EI). Specify the interface to auto for multiple-hosts mode. Make sure that has the dot1x port-control interface configuration command set 5 as ...in privileged EXEC mode, follow these steps to allow multiple hosts: Switch(config)# interface fastethernet0/1 Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x host-mode multi-host 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-17 This example shows how to enable ...
Software Configuration Guide
Page 236
...reset the 802.1x configuration to the default values. Any VLAN can be configured, and enter interface configuration mode. 10-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Return to the unauthorized state. The port returns to privileged EXEC mode. Beginning in the ...3 dot1x guest-vlan vlan-id Step 4 Step 5 Step 6 end show dot1x interface interface-id copy running the EI, when you configure a guest VLAN, clients that the switch waits for a response to an EAP-request/identity frame from the client before resending the request, and to enable VLAN...
...reset the 802.1x configuration to the default values. Any VLAN can be configured, and enter interface configuration mode. 10-18 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Return to the unauthorized state. The port returns to privileged EXEC mode. Beginning in the ...3 dot1x guest-vlan vlan-id Step 4 Step 5 Step 6 end show dot1x interface interface-id copy running the EI, when you configure a guest VLAN, clients that the switch waits for a response to an EAP-request/identity frame from the client before resending the request, and to enable VLAN...
Software Configuration Guide
Page 242
...an access port is counted in native formats with no VLAN, and forwarding to and from a device attached to the phone. the Catalyst 2950 or Catalyst 2955 switch does not support the function of allowed VLANs does not affect any other traffic is learned through incoming packets. Only IEEE 802.1Q ...it was received because the MAC destination address in the VLAN database. All untagged traffic and tagged traffic with an attached Cisco IP Phone to 4094 when the enhanced software image [EI] is in the enabled state. The list of a VMPS. If an access port receives an 802.1p- A ...
...an access port is counted in native formats with no VLAN, and forwarding to and from a device attached to the phone. the Catalyst 2950 or Catalyst 2955 switch does not support the function of allowed VLANs does not affect any other traffic is learned through incoming packets. Only IEEE 802.1Q ...it was received because the MAC destination address in the VLAN database. All untagged traffic and tagged traffic with an attached Cisco IP Phone to 4094 when the enhanced software image [EI] is in the enabled state. The list of a VMPS. If an access port receives an 802.1p- A ...