Software Guide
Page 15
... Switch 23-3 Enabling UDLD Globally 23-3 Enabling UDLD on Individual Ports 23-4 Disabling UDLD on Individual Ports 23-4 Disabling UDLD Globally 23-4 Specifying the UDLD Message Interval 23-5 Enabling UDLD Aggressive Mode 23-5 Displaying the UDLD Configuration 23-6 Configuring SNMP 24-1 SNMP Terminology 24-1 Understanding How SNMP ... SNMPv2c Enhancements in Software Release 7.5(1) 24-8 Understanding SNMPv3 24-11 Benefits of SNMPv3 24-11 SNMP Entity 24-11 Configuring SNMPv3 from an NMS 24-14 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xv
... Switch 23-3 Enabling UDLD Globally 23-3 Enabling UDLD on Individual Ports 23-4 Disabling UDLD on Individual Ports 23-4 Disabling UDLD Globally 23-4 Specifying the UDLD Message Interval 23-5 Enabling UDLD Aggressive Mode 23-5 Displaying the UDLD Configuration 23-6 Configuring SNMP 24-1 SNMP Terminology 24-1 Understanding How SNMP ... SNMPv2c Enhancements in Software Release 7.5(1) 24-8 Understanding SNMPv3 24-11 Benefits of SNMPv3 24-11 SNMP Entity 24-11 Configuring SNMPv3 from an NMS 24-14 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 xv
Software Guide
Page 49
...Telnet to the switch or use Simple Network Management Protocol (SNMP) to manage the switch, you must assign an IP address to which the IP address belongs). If necessary, bring the interface up Verify the interface configuration. Console> (enable) set interface ...band (sc0) logical interface or the management Ethernet (me1) interface. Console> (enable) 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 3-5 Table 3-2 Switch IP Address and Default Gateway Default Configuration Feature In-band (sc0) interface Management ...
...Telnet to the switch or use Simple Network Management Protocol (SNMP) to manage the switch, you must assign an IP address to which the IP address belongs). If necessary, bring the interface up Verify the interface configuration. Console> (enable) set interface ...band (sc0) logical interface or the management Ethernet (me1) interface. Console> (enable) 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 3-5 Table 3-2 Switch IP Address and Default Gateway Default Configuration Feature In-band (sc0) interface Management ...
Software Guide
Page 50
...2 Step 3 Task Command Assign an IP address and subnet mask to the management set interface me1 up . Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 3-6 78-15486-01 Console> (enable) show interface sl0: flags=51 slip 0.0.0.0 dest 0.0.0.0 sc0: flags=63 vlan 1 inet 0.0.0.0 netmask 0.0.0.0 ...specify the VLAN assignment, assign an IP address, specify the subnet mask in dotted decimal format. The switch does not use SNMP to manage the switch, you can specify the subnet mask (netmask) using the number of subnet bits or using the ...
...2 Step 3 Task Command Assign an IP address and subnet mask to the management set interface me1 up . Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 3-6 78-15486-01 Console> (enable) show interface sl0: flags=51 slip 0.0.0.0 dest 0.0.0.0 sc0: flags=63 vlan 1 inet 0.0.0.0 netmask 0.0.0.0 ...specify the VLAN assignment, assign an IP address, specify the subnet mask in dotted decimal format. The switch does not use SNMP to manage the switch, you can specify the subnet mask (netmask) using the number of subnet bits or using the ...
Software Guide
Page 115
... Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 7-19 If the boundary flag is a boundary port. If one value is different, the MST BPDU is treated as that of the MST region. • An MST bridge that connects to enable rapid connectivity between two bridges. There is ...locks. We do not recommend partitioning the network into a large number of 4096 bytes. To form an MST region, bridges can use SNMP or the CLI to VLAN 4095 are redundantly connected, all the bridges inside the region must configure each byte manually. The IST port ...
... Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 7-19 If the boundary flag is a boundary port. If one value is different, the MST BPDU is treated as that of the MST region. • An MST bridge that connects to enable rapid connectivity between two bridges. There is ...locks. We do not recommend partitioning the network into a large number of 4096 bytes. To form an MST region, bridges can use SNMP or the CLI to VLAN 4095 are redundantly connected, all the bridges inside the region must configure each byte manually. The IST port ...
Software Guide
Page 310
... address of the packet is for restrictive mode, port 2/2 shuts down instead of MAC addresses that are associated to remain enabled during a security violation. Understanding How Port Security Works Chapter 16 Configuring Port Security After you allocate the maximum number of ...SNMP) manager. Note If you configure a secure port in restrictive mode shuts down instead of a port depends on the switch, the port in restrictive mode, and a station is sent only if you configure the port for unicast addresses only. 16-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...
... address of the packet is for restrictive mode, port 2/2 shuts down instead of MAC addresses that are associated to remain enabled during a security violation. Understanding How Port Security Works Chapter 16 Configuring Port Security After you allocate the maximum number of ...SNMP) manager. Note If you configure a secure port in restrictive mode shuts down instead of a port depends on the switch, the port in restrictive mode, and a station is sent only if you configure the port for unicast addresses only. 16-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...
Software Guide
Page 315
... following occurs: • When a packet is received from the CAM table when one of the switch with a new one • When the MAC address is set snmp trap enable macnotification 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 16-7 Verify the configuration. Command set cam notification interval time show cam...
... following occurs: • When a packet is received from the CAM table when one of the switch with a new one • When the MAC address is set snmp trap enable macnotification 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 16-7 Verify the configuration. Command set cam notification interval time show cam...
Software Guide
Page 316
... address change notification interval set to the port again. 16-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Console> (enable) Setting the Security Violation Action You can set snmp trap enable macnotification SNMP MAC notification trap enabled. MAC address change history log size = 300 MAC addresses added = 3 MAC addresses removed = 5 MAC addresses...
... address change notification interval set to the port again. 16-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Console> (enable) Setting the Security Violation Action You can set snmp trap enable macnotification SNMP MAC notification trap enabled. MAC address change history log size = 300 MAC addresses added = 3 MAC addresses removed = 5 MAC addresses...
Software Guide
Page 325
.... If you want to log unauthorized access attempts to the console or a syslog server, you must enable IP permit list (ippermit) SNMP traps, as described in this chapter, refer to the Catalyst 4500 Series, Catalyst 2948G, and Catalyst 2980G Switches Command Reference. You can configure up to 100 entries in dotted decimal format and information on...
.... If you want to log unauthorized access attempts to the console or a syslog server, you must enable IP permit list (ippermit) SNMP traps, as described in this chapter, refer to the Catalyst 4500 Series, Catalyst 2948G, and Catalyst 2980G Switches Command Reference. You can configure up to 100 entries in dotted decimal format and information on...
Software Guide
Page 326
... shows the default IP permit list configuration. show ip permit Telnet permit list disabled. 18-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Console> (enable) set permit lists more than one entry in the permit list if the masks are not ... that have the same effect (but different addresses) are different. The mask is applied to Snmp permit list. When you add such an address to Telnet permit list. Console> (enable) set ip permit 172.16.0.0 255.255.0.0 telnet 172.16.0.0 with mask 255.255.0.0 added...
... shows the default IP permit list configuration. show ip permit Telnet permit list disabled. 18-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Console> (enable) set permit lists more than one entry in the permit list if the masks are not ... that have the same effect (but different addresses) are different. The mask is applied to Snmp permit list. When you add such an address to Telnet permit list. Console> (enable) set ip permit 172.16.0.0 255.255.0.0 telnet 172.16.0.0 with mask 255.255.0.0 added...
Software Guide
Page 327
...permit Telnet permit list enabled. Permit List Mask Access-Type 172.16.0.0 255.255.0.0 telnet 172.20.0.0 255.255.0.0 snmp 172.20.52.0 255.255.255.224 ssh 172.20.52.3 telnet ssh snmp 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release... list, especially when configuring through SNMP. Ssh permit list enabled. Snmp permit list enabled. Snmp permit list disabled. Caution Before enabling the IP permit list, make sure that you add the IP address of your connection being dropped by the switch that you do so could result...
...permit Telnet permit list enabled. Permit List Mask Access-Type 172.16.0.0 255.255.0.0 telnet 172.20.0.0 255.255.0.0 snmp 172.20.52.0 255.255.255.224 ssh 172.20.52.3 telnet ssh snmp 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release... list, especially when configuring through SNMP. Ssh permit list enabled. Snmp permit list enabled. Snmp permit list disabled. Caution Before enabling the IP permit list, make sure that you add the IP address of your connection being dropped by the switch that you do so could result...
Software Guide
Page 328
...:23:05 Telnet Telnet Count 14 7 SNMP Count ---------- 1430 236 Console> (enable) show ip permit This example shows how to clear the IP address from, the IP address is deleted from being dropped by the switch you clear your current IP address. 18-4 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486...
...:23:05 Telnet Telnet Count 14 7 SNMP Count ---------- 1430 236 Console> (enable) show ip permit This example shows how to clear the IP address from, the IP address is deleted from being dropped by the switch you clear your current IP address. 18-4 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486...
Software Guide
Page 329
...] show ip permit This example shows how to remove from snmp permit list. Console> (enable) clear ip permit 172.100.101.102 172.100.101.102 cleared from telnet permit list. Console> (enable) 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 18-5 Chapter 18 Configuring the IP Permit List Configuring...
...] show ip permit This example shows how to remove from snmp permit list. Console> (enable) clear ip permit 172.100.101.102 172.100.101.102 cleared from telnet permit list. Console> (enable) 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 18-5 Chapter 18 Configuring the IP Permit List Configuring...
Software Guide
Page 371
...Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 24-3 Chapter 24 Configuring SNMP Understanding How SNMP Works Table 24-1 SNMP Terminology (continued) Term SNMP Version 2c (SNMPv2c) SNMP engine SNMP group SNMP user SNMP view trap write view Definition This second version of SNMP... find and solve network problems, and plan for those objects. SNMP enables network administrators to administration and security. Refer to a common SNMP list that are three versions of SNMP: • Version 1 (SNMPv1)-This is an application-layer ...
...Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 24-3 Chapter 24 Configuring SNMP Understanding How SNMP Works Table 24-1 SNMP Terminology (continued) Term SNMP Version 2c (SNMPv2c) SNMP engine SNMP group SNMP user SNMP view trap write view Definition This second version of SNMP... find and solve network problems, and plan for those objects. SNMP enables network administrators to administration and security. Refer to a common SNMP list that are three versions of SNMP: • Version 1 (SNMPv1)-This is an application-layer ...
Software Guide
Page 372
...the list of security models and levels mean. A security level is always enabled. Table 24-2 Security Model Combinations Model Level Authentication Encryption What Happens v1 noAuthNoPriv Community No ...SNMP packet. Understanding How SNMP Works Chapter 24 Configuring SNMP Security Models and Levels A security model is an authentication strategy that is set of module For Fast EtherChannel and Gigabit EtherChannel interfaces, the ifIndex value is only retained and used after a high-availability switchover. 24-4 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...
...the list of security models and levels mean. A security level is always enabled. Table 24-2 Security Model Combinations Model Level Authentication Encryption What Happens v1 noAuthNoPriv Community No ...SNMP packet. Understanding How SNMP Works Chapter 24 Configuring SNMP Security Models and Levels A security model is an authentication strategy that is set of module For Fast EtherChannel and Gigabit EtherChannel interfaces, the ifIndex value is only retained and used after a high-availability switchover. 24-4 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches...
Software Guide
Page 374
... Management System (NMS), refer to the Catalyst 4500 Series, Catalyst 2948G, and Catalyst 2980G Switches Command Reference. Note For enhanced SNMP features in Software Release 7.5(1)" section on page 24-17). SNMPv1 and SNMPv2c Default Configuration Table 24-3 describes the SNMP default configuration. The switch supports up to this URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk...
... Management System (NMS), refer to the Catalyst 4500 Series, Catalyst 2948G, and Catalyst 2980G Switches Command Reference. Note For enhanced SNMP features in Software Release 7.5(1)" section on page 24-17). SNMPv1 and SNMPv2c Default Configuration Table 24-3 describes the SNMP default configuration. The switch supports up to this URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk...
Software Guide
Page 375
... 1 Step 2 Step 3 Step 4 Task Command Define the SNMP community strings for the community string). 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 24-7 Console> (enable) set snmp community read-write-all Root SNMP read -write-all community string set to 'Root'. Console> (enable) set snmp trap 172.16.10.10 read -only community...
... 1 Step 2 Step 3 Step 4 Task Command Define the SNMP community strings for the community string). 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 24-7 Console> (enable) set snmp community read-write-all Root SNMP read -write-all community string set to 'Root'. Console> (enable) set snmp trap 172.16.10.10 read -only community...
Software Guide
Page 376
... read -write-all secret 24-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Command set snmp community-ext community_string {read-only | read-write | read-write-all} [view view_oid] [access access_number] show snmp This example shows how to set an additional SNMP community string: Console> (enable) set snmp community-ext public1 read-only...
... read -write-all secret 24-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Command set snmp community-ext community_string {read-only | read-write | read-write-all} [view view_oid] [access access_number] show snmp This example shows how to set an additional SNMP community string: Console> (enable) set snmp community-ext public1 read-only...
Software Guide
Page 377
...Access number 1 has been created with new IP Address 172.20.60.100 Console> (enable) set snmp access-list access_number IP_address [ipmask maskaddr] show snmp access-list These examples show snmp This example shows how to limit which hosts can specify a list of access numbers that... with new IP Address 172.20.60.100 mask 255.0.0.0 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 24-9 Step 2 Verify the SNMP configuration. Access- Command set snmp access-list 2 172.20.60.100 mask 255.0.0.0 Access number 2 has ...
...Access number 1 has been created with new IP Address 172.20.60.100 Console> (enable) set snmp access-list access_number IP_address [ipmask maskaddr] show snmp access-list These examples show snmp This example shows how to limit which hosts can specify a list of access numbers that... with new IP Address 172.20.60.100 mask 255.0.0.0 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 24-9 Step 2 Verify the SNMP configuration. Access- Command set snmp access-list 2 172.20.60.100 mask 255.0.0.0 Access number 2 has ...
Software Guide
Page 378
... Alias You can be up to display the SNMP configuration: Console> (enable) show snmp access-list Access-Number IP-Addresses/IP-Mask 1 172.20.60.100/255.0.0.0 1.1.1.1/- 2 172.20.60.7/- 2.2.2.2/- 3 2.2.2.2/155.0.0.0 4 1.1.1.1/2.1.2.4 2.2.2.2/- 2.2.2.5/- show snmp access-list These examples show snmp ifalias [ifIndex] 24-10 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Command...
... Alias You can be up to display the SNMP configuration: Console> (enable) show snmp access-list Access-Number IP-Addresses/IP-Mask 1 172.20.60.100/255.0.0.0 1.1.1.1/- 2 172.20.60.7/- 2.2.2.2/- 3 2.2.2.2/155.0.0.0 4 1.1.1.1/2.1.2.4 2.2.2.2/- 2.2.2.5/- show snmp access-list These examples show snmp ifalias [ifIndex] 24-10 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Command...
Software Guide
Page 388
... that RMON is enabled: Console> (enable) set snmp rmon enable show snmp RMON: Enabled Extended RMON: Extended RMON module is available only on page 24-17). To enable RMON, perform this procedure in privileged mode: Step 1 Step 2 Task Enable RMON. Command set snmp rmon enable SNMP RMON support enabled. however, CLI ...172.16.10.10 read-write 172.16.10.20 read-write-all Console> (enable) Viewing RMON Data Access to the Catalyst 4500 Series, Catalyst 2948G, and Catalyst 2980G Switches Command Reference). Supported RMON and RMON2 MIB Objects Table 25-1 lists the RMON and...
... that RMON is enabled: Console> (enable) set snmp rmon enable show snmp RMON: Enabled Extended RMON: Extended RMON module is available only on page 24-17). To enable RMON, perform this procedure in privileged mode: Step 1 Step 2 Task Enable RMON. Command set snmp rmon enable SNMP RMON support enabled. however, CLI ...172.16.10.10 read-write 172.16.10.20 read-write-all Console> (enable) Viewing RMON Data Access to the Catalyst 4500 Series, Catalyst 2948G, and Catalyst 2980G Switches Command Reference). Supported RMON and RMON2 MIB Objects Table 25-1 lists the RMON and...