Configuration Guide
Page 2
...MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco... the property of the word partner does not imply a partnership relationship between Cisco and any other company. (0110R) Catalyst 2950 Desktop Switch Software Configuration Guide Copyright © 2002, Cisco Systems, Inc. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY ...
...MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco... the property of the word partner does not imply a partnership relationship between Cisco and any other company. (0110R) Catalyst 2950 Desktop Switch Software Configuration Guide Copyright © 2002, Cisco Systems, Inc. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY ...
Configuration Guide
Page 6
... Switch-Specific Features in Switch Clusters 5-16 Creating a Switch Cluster 5-16 Enabling a Command Switch 5-17 Adding Member Switches 5-18 Creating a Cluster Standby Group 5-20 Verifying a Switch Cluster 5-22 Using the CLI to Manage Switch Clusters 5-23 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-23 Using SNMP to Manage Switch Clusters 5-24 Configuring the System 6-1 Changing IP Information 6-1 Manually Assigning and Removing Switch...
... Switch-Specific Features in Switch Clusters 5-16 Creating a Switch Cluster 5-16 Enabling a Command Switch 5-17 Adding Member Switches 5-18 Creating a Cluster Standby Group 5-20 Verifying a Switch Cluster 5-22 Using the CLI to Manage Switch Clusters 5-23 Catalyst 1900 and Catalyst 2820 CLI Considerations 5-23 Using SNMP to Manage Switch Clusters 5-24 Configuring the System 6-1 Changing IP Information 6-1 Manually Assigning and Removing Switch...
Configuration Guide
Page 8
...RADIUS Servers 6-35 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 6-35 Configuring the Switch for Vendor-Proprietary RADIUS Server ...Switch-to-RADIUS-Server Communication 7-9 Enabling Periodic Re-Authentication 7-10 Manually Re-Authenticating a Client Connected to a Port 7-11 Changing the Quiet Period 7-11 Changing the Switch-to-Client Retransmission Time 7-12 Setting the Switch...Configuring VLANs 8-1 Overview 8-1 Management VLANs 8-3 Changing the Management VLAN for a New Switch 8-3 Changing the Management VLAN Through a Telnet Connection 8-4 Assigning VLAN Port Membership Modes...
...RADIUS Servers 6-35 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 6-35 Configuring the Switch for Vendor-Proprietary RADIUS Server ...Switch-to-RADIUS-Server Communication 7-9 Enabling Periodic Re-Authentication 7-10 Manually Re-Authenticating a Client Connected to a Port 7-11 Changing the Quiet Period 7-11 Changing the Switch-to-Client Retransmission Time 7-12 Setting the Switch...Configuring VLANs 8-1 Overview 8-1 Management VLANs 8-3 Changing the Management VLAN for a New Switch 8-3 Changing the Management VLAN Through a Telnet Connection 8-4 Assigning VLAN Port Membership Modes...
Configuration Guide
Page 19
.... It also describes Multicast VLAN Registration (MVR), a local IGMP snooping feature available on the switch. With this manual. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide xix The online help provides the CMS procedures. Conventions This guide uses these conventions to certain types of service (QoS). The online ...
.... It also describes Multicast VLAN Registration (MVR), a local IGMP snooping feature available on the switch. With this manual. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide xix The online help provides the CMS procedures. Conventions This guide uses these conventions to certain types of service (QoS). The online ...
Configuration Guide
Page 21
...card behind the front cover of your document, or write to bug-doc@cisco.com. Cisco.com registered users have complete access to comment on the Cisco TAC Web Site. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide xxi The Documentation CD-ROM is available in this platform..., click Give Us Your Feedback. After you display the survey, select the manual that you wish to the ...
...card behind the front cover of your document, or write to bug-doc@cisco.com. Cisco.com registered users have complete access to comment on the Cisco TAC Web Site. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide xxi The Documentation CD-ROM is available in this platform..., click Give Us Your Feedback. After you display the survey, select the manual that you wish to the ...
Configuration Guide
Page 81
... ways: • Using the setup program, as described in the release notes • Manually assigning an IP address and password, as described in the release notes. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 3-9 For information about the Cisco Systems Access page, see the "SNMP Network Management Platforms" section on the management...
... ways: • Using the setup program, as described in the release notes • Manually assigning an IP address and password, as described in the release notes. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 3-9 For information about the Cisco Systems Access page, see the "SNMP Network Management Platforms" section on the management...
Configuration Guide
Page 119
...standard IOS Release 12.1 commands, refer to the IOS documentation set available from the Cisco IOS Software drop-down list. For complete syntax and usage information for the Catalyst 2950 switches. For information about configuring these ways: • Using the setup program, as... 3-9. Note If you enabled the DHCP feature, the switch assumes you manually enter (from the CMS or from Cluster Management Suite (CMS), refer to the Catalyst 2950 Desktop Switch Command Reference. For information about changing switch-wide configuration settings. To restart your CLI session through ...
...standard IOS Release 12.1 commands, refer to the IOS documentation set available from the Cisco IOS Software drop-down list. For complete syntax and usage information for the Catalyst 2950 switches. For information about configuring these ways: • Using the setup program, as... 3-9. Note If you enabled the DHCP feature, the switch assumes you manually enter (from the CMS or from Cluster Management Suite (CMS), refer to the Catalyst 2950 Desktop Switch Command Reference. For information about changing switch-wide configuration settings. To restart your CLI session through ...
Configuration Guide
Page 120
...mode disables the IP stack as well as a subnet mask. Changing IP Information Chapter 6 Configuring the System Manually Assigning and Removing Switch IP Information You can manually assign an IP address, mask, and default gateway to privileged EXEC mode. The broadcast address is then .... Note Using the no ip address ip_address subnet_mask end show running-config Verify that it receives during DHCP-based autoconfiguration. Catalyst 2950 Desktop Switch Software Configuration Guide 6-2 78-11380-03 When you can be automatically configured during bootup with IP address information and a ...
...mode disables the IP stack as well as a subnet mask. Changing IP Information Chapter 6 Configuring the System Manually Assigning and Removing Switch IP Information You can manually assign an IP address, mask, and default gateway to privileged EXEC mode. The broadcast address is then .... Note Using the no ip address ip_address subnet_mask end show running-config Verify that it receives during DHCP-based autoconfiguration. Catalyst 2950 Desktop Switch Software Configuration Guide 6-2 78-11380-03 When you can be automatically configured during bootup with IP address information and a ...
Configuration Guide
Page 128
...• enable password password (a less secure, unencrypted password) You must enter one of your switch in these ways: • Using the setup program, as described in the release notes • Manually assigning a password, as entered to the config.text file where you can also specify up ... Terminal Access Controller Access Control System Plus (TACACS+) protocol from a Lost or Forgotten Password" section on page 5-14. 6-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 We recommend that corresponds to the config.text file, and it is unreadable. If you enter...
...• enable password password (a less secure, unencrypted password) You must enter one of your switch in these ways: • Using the setup program, as described in the release notes • Manually assigning a password, as entered to the config.text file where you can also specify up ... Terminal Access Controller Access Control System Plus (TACACS+) protocol from a Lost or Forgotten Password" section on page 5-14. 6-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 We recommend that corresponds to the config.text file, and it is unreadable. If you enter...
Configuration Guide
Page 133
... rapid retrieval. Secure addresses do not age and must be forwarded to the table do not age. • Static address: a manually entered unicast or multicast address that does not age and that is learned or statically associated with the address. MAC Addresses and VLANs ...in each. Then the IP datagram is not in another . 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-15 Encapsulation of addresses: • Dynamic address: a source MAC address that the switch uses to the Cisco IOS Release 12.1 documentation on page 6-17. For CLI procedures, refer to ...
... rapid retrieval. Secure addresses do not age and must be forwarded to the table do not age. • Static address: a manually entered unicast or multicast address that does not age and that is learned or statically associated with the address. MAC Addresses and VLANs ...in each. Then the IP datagram is not in another . 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 6-15 Encapsulation of addresses: • Dynamic address: a source MAC address that the switch uses to the Cisco IOS Release 12.1 documentation on page 6-17. For CLI procedures, refer to ...
Configuration Guide
Page 136
...a specific interface for configuration, and enter interface configuration mode. Removing Secure Addresses Beginning in the address table and must be manually removed. • It can be rejected. no switchport port-security mac address mac-address Remove a secure address. Adding and... mac-address-table secure Verify your entry. A secure address is a manually entered unicast address or dynamically learnt address that is retained when the switch restarts. 6-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 You can be learned dynamically if the...
...a specific interface for configuration, and enter interface configuration mode. Removing Secure Addresses Beginning in the address table and must be manually removed. • It can be rejected. no switchport port-security mac address mac-address Remove a secure address. Adding and... mac-address-table secure Verify your entry. A secure address is a manually entered unicast address or dynamically learnt address that is retained when the switch restarts. 6-18 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 You can be learned dynamically if the...
Configuration Guide
Page 162
..., page 7-7 • Enabling 802.1X Authentication, page 7-8 (required) • Configuring the Switch-to-RADIUS-Server Communication, page 7-9 (required) • Enabling Periodic Re-Authentication, page 7-10 (optional) • Manually Re-Authenticating a Client Connected to a Port, page 7-11 (optional) • Changing the...authentication Number of the client. Disabled (force-authorized). Catalyst 2950 Desktop Switch Software Configuration Guide 7-6 78-11380-03 Disabled. 3600 seconds. 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication ...
..., page 7-7 • Enabling 802.1X Authentication, page 7-8 (required) • Configuring the Switch-to-RADIUS-Server Communication, page 7-9 (required) • Enabling Periodic Re-Authentication, page 7-10 (optional) • Manually Re-Authenticating a Client Connected to a Port, page 7-11 (optional) • Changing the...authentication Number of the client. Disabled (force-authorized). Catalyst 2950 Desktop Switch Software Configuration Guide 7-6 78-11380-03 Disabled. 3600 seconds. 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication ...
Configuration Guide
Page 166
...re-authentication attempts, use the no dot1x timeout re-authperiod global configuration command. 7-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 Set the number of the switch only if periodic re-authentication is 3600 seconds. Configuring 802.1X Authentication Chapter 7 ...the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands. To manually re-authenticate the client connected to a specific port, see the "Controlling Switch Access with IP address 172.20.39.46 as the RADIUS server, to a Port" section on...
...re-authentication attempts, use the no dot1x timeout re-authperiod global configuration command. 7-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 Set the number of the switch only if periodic re-authentication is 3600 seconds. Configuring 802.1X Authentication Chapter 7 ...the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands. To manually re-authenticate the client connected to a specific port, see the "Controlling Switch Access with IP address 172.20.39.46 as the RADIUS server, to a Port" section on...
Configuration Guide
Page 167
... seconds Step 3 Step 4 Step 5 end show dot1x copy running-config startup-config Purpose Enter global configuration mode. You can manually re-authenticate the client connected to a specific port at any time by entering the dot1x re-authenticate interface interface-id privileged EXEC...or diable periodic re-authentication, see the "Enabling Periodic Re-Authentication" section on the switch to 30 seconds: Switch(config)# dot1x timeout quiet-period 30 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 7-11 If you want to privileged EXEC mode. Chapter 7 Configuring ...
... seconds Step 3 Step 4 Step 5 end show dot1x copy running-config startup-config Purpose Enter global configuration mode. You can manually re-authenticate the client connected to a specific port at any time by entering the dot1x re-authenticate interface interface-id privileged EXEC...or diable periodic re-authentication, see the "Enabling Periodic Re-Authentication" section on the switch to 30 seconds: Switch(config)# dot1x timeout quiet-period 30 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 7-11 If you want to privileged EXEC mode. Chapter 7 Configuring ...
Configuration Guide
Page 175
..., all VLANs in the list. A trunk is manually assigned. Dynamic access A dynamic-access port can be a Catalyst 5000 series switch but membership can belong to a VLAN, the switch learns and manages the addresses associated with other switches over trunk links. For more information, see the...configuration messages with the port on page 6-15. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 8-5 You can be limited by default, but never a Catalyst 2950, Catalyst 2900 XL, or Catalyst 3500 XL switch. The VMPS can also modify the pruning-eligible list to block...
..., all VLANs in the list. A trunk is manually assigned. Dynamic access A dynamic-access port can be a Catalyst 5000 series switch but membership can belong to a VLAN, the switch learns and manages the addresses associated with other switches over trunk links. For more information, see the...configuration messages with the port on page 6-15. 78-11380-03 Catalyst 2950 Desktop Switch Software Configuration Guide 8-5 You can be limited by default, but never a Catalyst 2950, Catalyst 2900 XL, or Catalyst 3500 XL switch. The VMPS can also modify the pruning-eligible list to block...
Configuration Guide
Page 187
... 1 Translational bridge 2 VLAN state Default 1 VLANxxxx, where xxxx is upgraded automatically, but you cannot return to an earlier version of Cisco IOS after you upgrade to this section. For complete information on the commands and parameters that are written to the running-configuration file,...want to modify the VLAN configuration or VTP, use the interface configuration command mode to manually delete the vlan.dat file. The vlan.dat file is stored in the Catalyst 2950 Desktop Switch Command Reference. You use the VLAN database commands described in nonvolatile RAM. If you...
... 1 Translational bridge 2 VLAN state Default 1 VLANxxxx, where xxxx is upgraded automatically, but you cannot return to an earlier version of Cisco IOS after you upgrade to this section. For complete information on the commands and parameters that are written to the running-configuration file,...want to modify the VLAN configuration or VTP, use the interface configuration command mode to manually delete the vlan.dat file. The vlan.dat file is stored in the Catalyst 2950 Desktop Switch Command Reference. You use the VLAN database commands described in nonvolatile RAM. If you...
Configuration Guide
Page 191
... in the group must manually configure the neighboring interface as described in a port group ceases to be a trunk, all port cease to the group. IEEE 802.1Q Configuration Considerations IEEE 802.1Q trunks impose these parameters, the switch propagates the setting you ... Mode switchport mode trunk switchport nonegotiate Function Puts the interface into permanent trunking mode and negotiates to establish a trunk link. Note The Catalyst 2950 switches do not support ISL trunking. Table 8-8 Trunks Interacting with other end, spanning-tree loops might result. • Make sure your...
... in the group must manually configure the neighboring interface as described in a port group ceases to be a trunk, all port cease to the group. IEEE 802.1Q Configuration Considerations IEEE 802.1Q trunks impose these parameters, the switch propagates the setting you ... Mode switchport mode trunk switchport nonegotiate Function Puts the interface into permanent trunking mode and negotiates to establish a trunk link. Note The Catalyst 2950 switches do not support ISL trunking. Table 8-8 Trunks Interacting with other end, spanning-tree loops might result. • Make sure your...
Configuration Guide
Page 198
...Set the spanning-tree path cost to 30 for the VLAN name, the VMPS sends an access-denied or port-shutdown response. 8-28 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 If the VLAN is based on the secure mode of ports, the VMPS verifies the requesting port against... VLAN Membership Policy Server (VMPS) and communicates with it or just denies the port access to a group of the VMPS. The port must be manually reenabled by using the CLI, Cluster Management Suite, or SNMP. If you enter the none keyword for VLAN 4. Verify your entries. The server response...
...Set the spanning-tree path cost to 30 for the VLAN name, the VMPS sends an access-denied or port-shutdown response. 8-28 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 If the VLAN is based on the secure mode of ports, the VMPS verifies the requesting port against... VLAN Membership Policy Server (VMPS) and communicates with it or just denies the port access to a group of the VMPS. The port must be manually reenabled by using the CLI, Cluster Management Suite, or SNMP. If you enter the none keyword for VLAN 4. Verify your entries. The server response...
Configuration Guide
Page 216
...for STP to minimize the time access ports must manually put the interface back in the blocking state. Figure 9-4 Port Fast-Enabled Ports Catalyst 3550 series switch Catalyst 2950 switch Port Fast-enabled ports Workstations Catalyst 2950-T switch Server Port Fast-enabled port 60997 Workstations Understanding ... a secure response to all Port Fast-enabled interfaces. 9-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 Note Because the purpose of Port Fast is enabled on the switch, STP shuts down Port Fast-enabled interfaces that receive BPDUs rather...
...for STP to minimize the time access ports must manually put the interface back in the blocking state. Figure 9-4 Port Fast-Enabled Ports Catalyst 3550 series switch Catalyst 2950 switch Port Fast-enabled ports Workstations Catalyst 2950-T switch Server Port Fast-enabled port 60997 Workstations Understanding ... a secure response to all Port Fast-enabled interfaces. 9-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 Note Because the purpose of Port Fast is enabled on the switch, STP shuts down Port Fast-enabled interfaces that receive BPDUs rather...
Configuration Guide
Page 228
...configuration command to 1005. If any root switch for VLAN 100. Do not configure an access switch as the root switch. You can use the no spanning-tree vlan vlan-id root global configuration command. 9-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 Note ...-tree vlan 100 root primary global configuration command on a switch, it checks the switch priority of that you avoid manually configuring the hello time, forward-delay time, and maximum-age time after configuring the switch as the root switch: Step 1 Step 2 Command configure terminal spanning-tree vlan...
...configuration command to 1005. If any root switch for VLAN 100. Do not configure an access switch as the root switch. You can use the no spanning-tree vlan vlan-id root global configuration command. 9-22 Catalyst 2950 Desktop Switch Software Configuration Guide 78-11380-03 Note ...-tree vlan 100 root primary global configuration command on a switch, it checks the switch priority of that you avoid manually configuring the hello time, forward-delay time, and maximum-age time after configuring the switch as the root switch: Step 1 Step 2 Command configure terminal spanning-tree vlan...