Software Configuration Guide
Page 1
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide Cisco IOS Release 12.1(20)EA2 May 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7811380= Text Part Number: 78-11380-10
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide Cisco IOS Release 12.1(20)EA2 May 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7811380= Text Part Number: 78-11380-10
Software Configuration Guide
Page 2
... United States and certain other company. (0403R) Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide Copyright © 2001-2004 Cisco Systems, Inc. Copyright © 1981, Regents of the University of the UNIX operating system. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED...THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of California. ...
... United States and certain other company. (0403R) Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide Copyright © 2001-2004 Cisco Systems, Inc. Copyright © 1981, Regents of the University of the UNIX operating system. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED...THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of California. ...
Software Configuration Guide
Page 42
...switch-on an individual basis or as part of a switch cluster-through a web browser such as Netscape Communicator or Microsoft Internet Explorer. Using CMS, you can automate initial configurations and configuration updates by generating switch-specific configuration changes, sending them to the switch... • IE2100-Cisco Intelligence Engine 2100 Series Configuration Registrar is a network management device that is already installed on the switch. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-8 78-11380-10 You can manage switch configuration settings, performance,...
...switch-on an individual basis or as part of a switch cluster-through a web browser such as Netscape Communicator or Microsoft Internet Explorer. Using CMS, you can automate initial configurations and configuration updates by generating switch-specific configuration changes, sending them to the switch... • IE2100-Cisco Intelligence Engine 2100 Series Configuration Registrar is a network management device that is already installed on the switch. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 1-8 78-11380-10 You can manage switch configuration settings, performance,...
Software Configuration Guide
Page 133
... command switch is connected to a noncluster-capable Cisco device, it can be part of cluster VLAN 62 Member switch 10 Switch 12 Switch 13 Candidate switches Switch 14 Switch 15 74047 Discovery through Non-CDP-Capable and Noncluster-Capable Devices Command switch Third-party hub (non-CDP-capable) Candidate switch 78-11380-10 89377 Catalyst 5000 switch (noncluster-capable) Candidate switch Catalyst 2950 and Catalyst 2955 Switch Software...
... command switch is connected to a noncluster-capable Cisco device, it can be part of cluster VLAN 62 Member switch 10 Switch 12 Switch 13 Candidate switches Switch 14 Switch 15 74047 Discovery through Non-CDP-Capable and Noncluster-Capable Devices Command switch Third-party hub (non-CDP-capable) Candidate switch 78-11380-10 89377 Catalyst 5000 switch (noncluster-capable) Candidate switch Catalyst 2950 and Catalyst 2955 Switch Software...
Software Configuration Guide
Page 166
... example, PDT) to be displayed when summer time is relative to standard time. show running -config startup-config (Optional) Save your entries. The first part of minutes to privileged EXEC mode. The start and end on a particular day of the week each year: Step 1 Step 2 Step 3 Step ... at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 8-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Managing the System Time and Date Chapter 8 Administering...
... example, PDT) to be displayed when summer time is relative to standard time. show running -config startup-config (Optional) Save your entries. The first part of minutes to privileged EXEC mode. The start and end on a particular day of the week each year: Step 1 Step 2 Step 3 Step ... at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 8-14 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Managing the System Time and Date Chapter 8 Administering...
Software Configuration Guide
Page 167
...; (Optional) For offset, specify the number of the clock summer-time global configuration command specifies when summer time begins, and the second part specifies when it ends. All times are in the southern hemisphere. To disable summer time, use the no clock summer-time global configuration ...that you are relative to start on October 12, 2000, at 02:00: Switch(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-15 If the starting month is relative to privileged EXEC mode....
...; (Optional) For offset, specify the number of the clock summer-time global configuration command specifies when summer time begins, and the second part specifies when it ends. All times are in the southern hemisphere. To disable summer time, use the no clock summer-time global configuration ...that you are relative to start on October 12, 2000, at 02:00: Switch(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 8-15 If the starting month is relative to privileged EXEC mode....
Software Configuration Guide
Page 185
... not available for non-LRE Catalyst 2950 switches or for a specific privilege level. Use the level keyword to specify commands accessible at this functionality. The password-recovery disable feature protects access to the switch password by entering a new password. When this feature is available only on and then by disabling part of the VLAN database...
... not available for non-LRE Catalyst 2950 switches or for a specific privilege level. Use the level keyword to specify commands accessible at this functionality. The password-recovery disable feature protects access to the switch password by entering a new password. When this feature is available only on and then by disabling part of the VLAN database...
Software Configuration Guide
Page 186
... spaces but it now through a password. You might need to press the Return key several times to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-6 78-11380-10 Configure the number of the display. Return to see the command-line prompt. Note Disabling... password recovery will not work if you can configure it is not part of the flash memory that you to configure your switch ...
... spaces but it now through a password. You might need to press the Return key several times to privileged EXEC mode. Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-6 78-11380-10 Configure the number of the display. Return to see the command-line prompt. Note Disabling... password recovery will not work if you can configure it is not part of the flash memory that you to configure your switch ...
Software Configuration Guide
Page 202
..., but spaces within and at the end of the key are part of the key. To configure the switch to recognize more than one host entry associated with RADIUS Chapter 9 Configuring Switch-Based Authentication Beginning in privileged EXEC mode, follow these steps to ...radius-server timeout global configuration command setting. If no radius-server host hostname | ip-address global configuration command. 9-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Set the timeout, retransmit, and encryption key values to privileged EXEC mode. Always configure...
..., but spaces within and at the end of the key are part of the key. To configure the switch to recognize more than one host entry associated with RADIUS Chapter 9 Configuring Switch-Based Authentication Beginning in privileged EXEC mode, follow these steps to ...radius-server timeout global configuration command setting. If no radius-server host hostname | ip-address global configuration command. 9-22 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 Set the timeout, retransmit, and encryption key values to privileged EXEC mode. Always configure...
Software Configuration Guide
Page 206
...the radius-server host command, the setting of times a RADIUS request is resent to use spaces in your entries. 9-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 This setting overrides the radius-server timeout global configuration command setting. The range is 1 to... with RADIUS Chapter 9 Configuring Switch-Based Authentication Beginning in privileged EXEC mode, follow these steps to reply before resending. Leading spaces are ignored, but spaces within and at the end of the key are part of the remote RADIUS server host. • (Optional) For...
...the radius-server host command, the setting of times a RADIUS request is resent to use spaces in your entries. 9-26 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 This setting overrides the radius-server timeout global configuration command setting. The range is 1 to... with RADIUS Chapter 9 Configuring Switch-Based Authentication Beginning in privileged EXEC mode, follow these steps to reply before resending. Leading spaces are ignored, but spaces within and at the end of the key are part of the remote RADIUS server host. • (Optional) For...
Software Configuration Guide
Page 209
... Protocol is a value of the Cisco protocol attribute for a particular type of these steps to configure global communication settings between the switch and all RADIUS servers. Leading spaces are used for RADIUS. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-29 Verify your ... Purpose Enter global configuration mode. Cisco's vendor-ID is 9, and the supported option has vendor-type 1, which is * for the retransmit, timeout, and deadtime, use . The value is 3; Attribute and value are part of seconds a switch waits for a reply to the...
... Protocol is a value of the Cisco protocol attribute for a particular type of these steps to configure global communication settings between the switch and all RADIUS servers. Leading spaces are used for RADIUS. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-29 Verify your ... Purpose Enter global configuration mode. Cisco's vendor-ID is 9, and the supported option has vendor-type 1, which is * for the retransmit, timeout, and deadtime, use . The value is 3; Attribute and value are part of seconds a switch waits for a reply to the...
Software Configuration Guide
Page 211
... use the show running-config copy running -config privileged EXEC command. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-31 Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS Beginning in privileged EXEC mode, follow these steps to encrypt passwords and...do not enclose the key in the configuration file. The switch and the RADIUS server use spaces in your entries in quotation marks unless the quotation marks are part of rad124 between the switch and the vendor-proprietary RADIUS server. To delete the vendor-...
... use the show running-config copy running -config privileged EXEC command. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-31 Chapter 9 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS Beginning in privileged EXEC mode, follow these steps to encrypt passwords and...do not enclose the key in the configuration file. The switch and the RADIUS server use spaces in your entries in quotation marks unless the quotation marks are part of rad124 between the switch and the vendor-proprietary RADIUS server. To delete the vendor-...
Software Configuration Guide
Page 231
...server host {hostname | ip-address} global configuration command. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-13 This key must match the encryption key used ....Switch# configure terminal Switch(config)# aaa new-model Switch(config)# aaa authentication dot1x default group radius Switch(config)# dot1x system-auth-control Switch(config)# interface fastethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# dot1x port-control auto Switch(config-if)# end Configuring the Switch-to-RADIUS-Server Communication RADIUS security servers are part...
...server host {hostname | ip-address} global configuration command. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 10-13 This key must match the encryption key used ....Switch# configure terminal Switch(config)# aaa new-model Switch(config)# aaa authentication dot1x default group radius Switch(config)# dot1x system-auth-control Switch(config)# interface fastethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# dot1x port-control auto Switch(config-if)# end Configuring the Switch-to-RADIUS-Server Communication RADIUS security servers are part...
Software Configuration Guide
Page 261
...or end commands or change the command mode by adding or deleting commands, the changes are Cisco-default Smartports macros embedded in the same configuration mode. • When creating a macro ... show running-config user EXEC command. When you create a macro. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-3 All matching occurrences of a larger string, is considered a ... on one interface, it is part of the keyword are not applied. • When a macro is applied globally to a switch or to a switch interface, all macros on the interface...
...or end commands or change the command mode by adding or deleting commands, the changes are Cisco-default Smartports macros embedded in the same configuration mode. • When creating a macro ... show running-config user EXEC command. When you create a macro. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 12-3 All matching occurrences of a larger string, is considered a ... on one interface, it is part of the keyword are not applied. • When a macro is applied globally to a switch or to a switch interface, all macros on the interface...
Software Configuration Guide
Page 296
... the standby path. The path cost value represents the media speed. 14-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 The STP uses a spanning-tree algorithm to function properly, only one switch of a redundantly connected network as the root of the port in the active... segment • Alternate-A blocked port providing an alternate path to each port based on a switch are connected to end stations, which cannot detect whether they are part of a loop, the spanning-tree port priority and path cost settings determine which interface is put in the ...
... the standby path. The path cost value represents the media speed. 14-2 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10 The STP uses a spanning-tree algorithm to function properly, only one switch of a redundantly connected network as the root of the port in the active... segment • Alternate-A blocked port providing an alternate path to each port based on a switch are connected to end stations, which cannot detect whether they are part of a loop, the spanning-tree port priority and path cost settings determine which interface is put in the ...
Software Configuration Guide
Page 317
...part of a cluster that are acceptable for these configurations. Chapter 14 Configuring STP Configuring Spanning-Tree Features To return the switch to a Layer 3 backbone 74621 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-23 Figure 14-4 shows switches...14-4 Gigabit Ethernet Stack Catalyst 3550 series switch Catalyst 2950, Cisco 7000 2955, or 3550 router switches Catalyst 2950, 2955, or 3550 switches Catalyst 2950, 2955, or 3550 switches Catalyst 3550 or 6000 series backbone Catalyst 6000 switch Layer 3 backbone Cisco 7000 router Option 1: ...
...part of a cluster that are acceptable for these configurations. Chapter 14 Configuring STP Configuring Spanning-Tree Features To return the switch to a Layer 3 backbone 74621 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 14-23 Figure 14-4 shows switches...14-4 Gigabit Ethernet Stack Catalyst 3550 series switch Catalyst 2950, Cisco 7000 2955, or 3550 router switches Catalyst 2950, 2955, or 3550 switches Catalyst 2950, 2955, or 3550 switches Catalyst 3550 or 6000 series backbone Catalyst 6000 switch Layer 3 backbone Cisco 7000 router Option 1: ...
Software Configuration Guide
Page 425
... commands used in this chapter, refer to the switch command reference for this release and the Cisco IOS Release Network Protocols Command Reference, Part 1, for a particular multicast group, 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-1 When the switch receives an IGMP report from a host for Cisco IOS Release 12.1. However, you should remove...
... commands used in this chapter, refer to the switch command reference for this release and the Cisco IOS Release Network Protocols Command Reference, Part 1, for a particular multicast group, 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-1 When the switch receives an IGMP report from a host for Cisco IOS Release 12.1. However, you should remove...
Software Configuration Guide
Page 445
...installed. The VLAN ID range is 1 to 1005 when the SI is installed and 1 to forward the multicast traffic. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-21 An IGMP profile can control the distribution of multicast services, such as IP/TV, based on this information:... - If an IGMP profile denying access to a multicast group is applied to the multicast group, the IGMP report from that the port is part of a VLAN. - You can contain one or more multicast groups and specifies whether access to receive IP multicast traffic from the port is ...
...installed. The VLAN ID range is 1 to 1005 when the SI is installed and 1 to forward the multicast traffic. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 21-21 An IGMP profile can control the distribution of multicast services, such as IP/TV, based on this information:... - If an IGMP profile denying access to a multicast group is applied to the multicast group, the IGMP report from that the port is part of a VLAN. - You can contain one or more multicast groups and specifies whether access to receive IP multicast traffic from the port is ...
Software Configuration Guide
Page 459
...-These are dynamically learned, stored only in the address table, and removed when the switch restarts. • Sticky secure MAC addresses-These can be manually configured, we do not automatically become part of available secure addresses on the switch is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and...; Static secure MAC addresses-These are manually configured by limiting and identifying MAC addresses of defined addresses. If sticky learning is 1024. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-7
...-These are dynamically learned, stored only in the address table, and removed when the switch restarts. • Sticky secure MAC addresses-These can be manually configured, we do not automatically become part of available secure addresses on the switch is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and...; Static secure MAC addresses-These are manually configured by limiting and identifying MAC addresses of defined addresses. If sticky learning is 1024. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 22-7
Software Configuration Guide
Page 463
... Switch(config)# interface fastethernet0/2 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 Switch(config-if)# switchport port-security mac-address sticky Switch(config-if)# end 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch ...static secure MAC addresses are configured, and sticky learning is enabled, the sticky secure addresses remain part of secure MAC addresses, use the no switchport port-security violation {protect | restrict} interface configuration command.
... Switch(config)# interface fastethernet0/2 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 Switch(config-if)# switchport port-security mac-address sticky Switch(config-if)# end 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch ...static secure MAC addresses are configured, and sticky learning is enabled, the sticky secure addresses remain part of secure MAC addresses, use the no switchport port-security violation {protect | restrict} interface configuration command.