Software Guide
Page 10
... H A P T E R 12 C H A P T E R Configuring Private VLANs 10-16 Private VLAN Configuration Guidelines 10-17 Creating a Private VLAN 10-19 Viewing the Port Capability of a Private VLAN Port 10-22 Deleting a Private VLAN 10-22 Deleting an Isolated or Community VLAN 10-23 Deleting a Private VLAN Mapping 10-23 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports 11-1 Understanding How VLAN Trunks Work 11-1 Trunking Overview 11-1 Trunking Modes and Encapsulation Types 11-2 Trunking Support 11-3 802.1Q Trunk Restrictions 11-4 Default Trunk Configuration 11-5 Configuring a Trunk Link 11...
... H A P T E R 12 C H A P T E R Configuring Private VLANs 10-16 Private VLAN Configuration Guidelines 10-17 Creating a Private VLAN 10-19 Viewing the Port Capability of a Private VLAN Port 10-22 Deleting a Private VLAN 10-22 Deleting an Isolated or Community VLAN 10-23 Deleting a Private VLAN Mapping 10-23 Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports 11-1 Understanding How VLAN Trunks Work 11-1 Trunking Overview 11-1 Trunking Modes and Encapsulation Types 11-2 Trunking Support 11-3 802.1Q Trunk Restrictions 11-4 Default Trunk Configuration 11-5 Configuring a Trunk Link 11...
Software Guide
Page 24
... Link Detection (UDLD) protocol on the switch. Configuring UDLD Describes how to configure IP permit list on the switch. xxiv Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Configuring Dynamic VLAN Membership with VMPS Describes how to configure quality of service (QoS). Configuring QoS Describes how to configure VLAN Membership Policy Server (VMPS) and dynamic ports on the switch. Configuring Port Security Describes how to check connectivity using ping, Telnet, and IP traceroute. Checking Status...
... Link Detection (UDLD) protocol on the switch. Configuring UDLD Describes how to configure IP permit list on the switch. xxiv Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Configuring Dynamic VLAN Membership with VMPS Describes how to configure quality of service (QoS). Configuring QoS Describes how to configure VLAN Membership Policy Server (VMPS) and dynamic ports on the switch. Configuring Port Security Describes how to check connectivity using ping, Telnet, and IP traceroute. Checking Status...
Software Guide
Page 36
... the hardware documentation for example, using a terminal emulation program on , power up the switch. Accessing the Switch CLI You can use set and clear commands. These sections describe how to access the switch CLI: • Accessing the CLI Through the Console Port, page 2-2 • Accessing the CLI Through Telnet, page 2-3 Accessing the CLI Through the Console Port Note For complete information on how to connect a terminal to the supervisor engine console port, refer to overwrite or erase configuration parameters. For more information, see the "Switch CLI Command Modes...
... the hardware documentation for example, using a terminal emulation program on , power up the switch. Accessing the Switch CLI You can use set and clear commands. These sections describe how to access the switch CLI: • Accessing the CLI Through the Console Port, page 2-2 • Accessing the CLI Through Telnet, page 2-3 Accessing the CLI Through the Console Port Note For complete information on how to connect a terminal to the supervisor engine console port, refer to overwrite or erase configuration parameters. For more information, see the "Switch CLI Command Modes...
Software Guide
Page 37
... Address and Default Gateway." To access the switch CLI from a remote host using the IP address or the DNS host name of operation: • Normal (also called login or user mode) • Privileged (also called enable mode) Both modes are password protected. For more information about setting the IP address and default gateway, see Chapter 38, "Configuring DNS.") This example shows how to use the telnet command to connect to change the configuration. unix_host% telnet Catalyst_1 Trying 172.16.10.10...
... Address and Default Gateway." To access the switch CLI from a remote host using the IP address or the DNS host name of operation: • Normal (also called login or user mode) • Privileged (also called enable mode) Both modes are password protected. For more information about setting the IP address and default gateway, see Chapter 38, "Configuring DNS.") This example shows how to use the telnet command to connect to change the configuration. unix_host% telnet Catalyst_1 Trying 172.16.10.10...
Software Guide
Page 38
... ? To enter and exit privileged command mode, follow these steps: Step 1 Step 2 Step 3 Connect to normal mode, enter the disable command. Console> enable Enter password: Console> (enable) To exit privileged mode and return to the switch CLI through the console port or using the wrong number of valid keywords and arguments for IP Address Set DNS information Set IP fragmentation enable/disable Set IP HTTP server information Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 2-4 78-15486-01 in...
... ? To enter and exit privileged command mode, follow these steps: Step 1 Step 2 Step 3 Connect to normal mode, enter the disable command. Console> enable Enter password: Console> (enable) To exit privileged mode and return to the switch CLI through the console port or using the wrong number of valid keywords and arguments for IP Address Set DNS information Set IP fragmentation enable/disable Set IP HTTP server information Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 2-4 78-15486-01 in...
Software Guide
Page 52
... series, Catalyst 2948G, or Catalyst 2980G switch, with Telnet. Console> (enable) show interface slip attach Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 3-8 78-15486-01 If you will lose the console port connection. Enable SLIP for the SLIP connection. Console> (enable) set ip route default 172.20.52.33 Route added. Set the console port SLIP address and the destination address of the attached host. Use Telnet to access the switch, enter privileged mode, and enter the slip detach command to restore the console port...
... series, Catalyst 2948G, or Catalyst 2980G switch, with Telnet. Console> (enable) show interface slip attach Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 3-8 78-15486-01 If you will lose the console port connection. Enable SLIP for the SLIP connection. Console> (enable) set ip route default 172.20.52.33 Route added. Set the console port SLIP address and the destination address of the attached host. Use Telnet to access the switch, enter privileged mode, and enter the slip detach command to restore the console port...
Software Guide
Page 67
... port speed. You cannot disable autonegotiation at the other ). You cannot disable port negotiation on the other end of a Gigabit Ethernet link must have the same setting. The ports on 1000BASE-T Gigabit Ethernet ports. Near End refers to exchange flow-control parameters, remote fault information, and duplex information (even though Cisco Gigabit Ethernet ports only support full-duplex mode). The following modules are set inconsistently (port negotiation enabled on one port and disabled on Gigabit Ethernet ports using the set port speed command. With this time...
... port speed. You cannot disable autonegotiation at the other ). You cannot disable port negotiation on the other end of a Gigabit Ethernet link must have the same setting. The ports on 1000BASE-T Gigabit Ethernet ports. Near End refers to exchange flow-control parameters, remote fault information, and duplex information (even though Cisco Gigabit Ethernet ports only support full-duplex mode). The following modules are set inconsistently (port negotiation enabled on one port and disabled on Gigabit Ethernet ports using the set port speed command. With this time...
Software Guide
Page 78
... if protocol filtering is set the EtherChannel mode for EtherChannel's interaction with other mode may be used by IGMP multicast filtering, you must set differently on the ports. • Cisco Discovery Protocol (CDP) runs on the physical port even after the port is enabled. Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 6-4 78-15486-01 Do not enable the port security feature for ports in a trunking EtherChannel. EtherChannel Interaction with...
... if protocol filtering is set the EtherChannel mode for EtherChannel's interaction with other mode may be used by IGMP multicast filtering, you must set differently on the ports. • Cisco Discovery Protocol (CDP) runs on the physical port even after the port is enabled. Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 6-4 78-15486-01 Do not enable the port security feature for ports in a trunking EtherChannel. EtherChannel Interaction with...
Software Guide
Page 260
... VMPS server specification: Console> (enable) set port membership 2/1 dynamic Spantree port fast start option enabled for ports 2/1. show port Port Name Status Vlan Level Duplex Speed 1/1 connect trunk normal full 100 1/2 connect trunk normal half 100 2/1 connect dyn normal full 155 3/1 connect dyn-5 normal half 10 Type 100 BASE-TX 100 BASE-TX OC3 MMF ATM 10 BASE-T 12-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Console> (enable) set vmps server 192.0.0.1 primary 192.0.0.1 added to VMPS table...
... VMPS server specification: Console> (enable) set port membership 2/1 dynamic Spantree port fast start option enabled for ports 2/1. show port Port Name Status Vlan Level Duplex Speed 1/1 connect trunk normal full 100 1/2 connect trunk normal half 100 2/1 connect dyn normal full 155 3/1 connect dyn-5 normal half 10 Type 100 BASE-TX 100 BASE-TX OC3 MMF ATM 10 BASE-T 12-8 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Console> (enable) set vmps server 192.0.0.1 primary 192.0.0.1 added to VMPS table...
Software Guide
Page 285
... and Multicast Services Operation CGMP, IGMP snooping, and GMRP manage multicast traffic in this chapter, refer to the Catalyst 4500 Series, Catalyst 2948G, and Catalyst 2980G Switches Command Reference. GMRP is forwarded only to configure multicast services, including Cisco Group Management Protocol (CGMP), Internet Group Management Protocol (IGMP) snooping, and GARP Multicast Registration Protocol (GMRP) on the Catalyst enterprise LAN switches. A CGMP/IGMP-capable IP multicast router sees all IGMP packets and can use CGMP, IGMP snooping, or GMRP to dynamically configure switch ports so...
... and Multicast Services Operation CGMP, IGMP snooping, and GMRP manage multicast traffic in this chapter, refer to the Catalyst 4500 Series, Catalyst 2948G, and Catalyst 2980G Switches Command Reference. GMRP is forwarded only to configure multicast services, including Cisco Group Management Protocol (CGMP), Internet Group Management Protocol (IGMP) snooping, and GARP Multicast Registration Protocol (GMRP) on the Catalyst enterprise LAN switches. A CGMP/IGMP-capable IP multicast router sees all IGMP packets and can use CGMP, IGMP snooping, or GMRP to dynamically configure switch ports so...
Software Guide
Page 300
... router is connected. To specify multicast router ports manually, perform this task in privileged mode: Step 1 Step 2 Task Manually specify a multicast router port. Console> (enable) show multicast group CGMP enabled IGMP disabled 15-16 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Console> (enable) set cam static 01-22-33-44-55-66 2/6-12 Static multicast entry added to CAM table. Console> (enable) show multicast router CGMP enabled IGMP disabled Port --------- 2/1 2/2 3/1 * Vlan 99 255 1 Total Number...
... router is connected. To specify multicast router ports manually, perform this task in privileged mode: Step 1 Step 2 Task Manually specify a multicast router port. Console> (enable) show multicast group CGMP enabled IGMP disabled 15-16 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 Console> (enable) set cam static 01-22-33-44-55-66 2/6-12 Static multicast entry added to CAM table. Console> (enable) show multicast router CGMP enabled IGMP disabled Port --------- 2/1 2/2 3/1 * Vlan 99 255 1 Total Number...
Software Guide
Page 301
... example shows how to all VLANs that are associated with a filtering and monitoring action. Command clear multicast router mod_num/port_num clear multicast router all manually configured multicast router ports. Chapter 15 Configuring Multicast Services Filtering IGMP Traffic VLAN ---1 1 1 1 Dest MAC/Route Des 01-00-11-22-33-44* 01-11-22-33-44-55* 01-22-33-44-55-66* 01-33-44-55-66-77* Destination Ports or VCs / [Protocol Type 2/6-12 2/6-12 2/6-12 2/6-12 Total Number of Entries = 4 Console> (enable) Disabling Multicast Router Ports To disable manually configured multicast router...
... example shows how to all VLANs that are associated with a filtering and monitoring action. Command clear multicast router mod_num/port_num clear multicast router all manually configured multicast router ports. Chapter 15 Configuring Multicast Services Filtering IGMP Traffic VLAN ---1 1 1 1 Dest MAC/Route Des 01-00-11-22-33-44* 01-11-22-33-44-55* 01-22-33-44-55-66* 01-33-44-55-66-77* Destination Ports or VCs / [Protocol Type 2/6-12 2/6-12 2/6-12 2/6-12 Total Number of Entries = 4 Console> (enable) Disabling Multicast Router Ports To disable manually configured multicast router...
Software Guide
Page 378
....7 mask 255.255.255.0 Console> (enable) This example shows how to 64 characters. Configuring SNMPv1 and SNMPv2c from the CLI, perform this task in privileged mode: Step 1 Step 2 Task Command Clear IP addresses that are associated with access-number 101 have been cleared. Display the interface alias. IP_address [[IP_address] ...] Verify the SNMP configuration. show snmp access-list These examples show snmp ifalias [ifIndex] 24-10 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486...
....7 mask 255.255.255.0 Console> (enable) This example shows how to 64 characters. Configuring SNMPv1 and SNMPv2c from the CLI, perform this task in privileged mode: Step 1 Step 2 Task Command Clear IP addresses that are associated with access-number 101 have been cleared. Display the interface alias. IP_address [[IP_address] ...] Verify the SNMP configuration. show snmp access-list These examples show snmp ifalias [ifIndex] 24-10 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486...
Software Guide
Page 382
... Catalyst 2980G Switches Command Reference. For detailed information on page 24-17). set snmp group [-hex] {groupname} user [-hex] {username} {security-model v1 | v2 | v3} [volatile | nonvolatile] Configure the community table for a group with a certain security model in the target address table. set snmp view [-hex] {viewname} {subtree} [mask] [included | excluded] [volatile | nonvolatile] Set the access rights for the system default part, which maps community strings of previous versions of SNMP to a group using...
... Catalyst 2980G Switches Command Reference. For detailed information on page 24-17). set snmp group [-hex] {groupname} user [-hex] {username} {security-model v1 | v2 | v3} [volatile | nonvolatile] Configure the community table for a group with a certain security model in the target address table. set snmp view [-hex] {viewname} {subtree} [mask] [included | excluded] [volatile | nonvolatile] Set the access rights for the system default part, which maps community strings of previous versions of SNMP to a group using...
Software Guide
Page 423
... is set the power budget to accommodate the chassis and inline power requirements when a system boots. Note If you use the 1400 W DC power supply with different types or wattages in your switch is P + (P * ratio). • See Table 28-1 on page 28-4 for a list of the maximum available power for chassis and inline power for using redundant mode in the Catalyst 4500 series switches: • By default, the power supplies in power supply...
... is set the power budget to accommodate the chassis and inline power requirements when a system boots. Note If you use the 1400 W DC power supply with different types or wattages in your switch is P + (P * ratio). • See Table 28-1 on page 28-4 for a list of the maximum available power for chassis and inline power for using redundant mode in the Catalyst 4500 series switches: • By default, the power supplies in power supply...
Software Guide
Page 446
... enable passwords to zero (0) disables login authentication. For example, you then disable all other authentication methods is reenabled automatically. The user is only attempted if the other authentication methods fail. 30-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 If the user fails to 43,200 seconds; Local authentication is allowed only a specific number of login attempts from the CLI and SNMP with the set authentication login attempt command...
... enable passwords to zero (0) disables login authentication. For example, you then disable all other authentication methods is reenabled automatically. The user is only attempted if the other authentication methods fail. 30-2 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 If the user fails to 43,200 seconds; Local authentication is allowed only a specific number of login attempts from the CLI and SNMP with the set authentication login attempt command...
Software Guide
Page 457
... Configuring Switch Access Using AAA Configuring Authentication Setting the Login Password The login password controls access to activate case sensitivity. Note Passwords that are set in privileged mode: Task Command Set the login password for local authentication, perform this task in software release 5.3 and earlier releases remain non-case sensitive. You must reset the password after installing software release 5.4 or a later release to the user mode CLI. Console> (enable) 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration...
... Configuring Switch Access Using AAA Configuring Authentication Setting the Login Password The login password controls access to activate case sensitivity. Note Passwords that are set in privileged mode: Task Command Set the login password for local authentication, perform this task in software release 5.3 and earlier releases remain non-case sensitive. You must reset the password after installing software release 5.4 or a later release to the user mode CLI. Console> (enable) 78-15486-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration...
Software Guide
Page 459
Chapter 30 Configuring Switch Access Using AAA Configuring Authentication Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Connect to reboot the switch. You cannot recover the password if you are connected to create a local user account and password, set the privilege level, and verify the configuration: Console> (enable) set localuser user picard password captain privilege 15 Added local user picard. Enter the reset system command to the switch through a Telnet connection. Enter privileged mode using the enable command. The enable password is null...
Chapter 30 Configuring Switch Access Using AAA Configuring Authentication Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Connect to reboot the switch. You cannot recover the password if you are connected to create a local user account and password, set the privilege level, and verify the configuration: Console> (enable) set localuser user picard password captain privilege 15 Added local user picard. Enter the reset system command to the switch through a Telnet connection. Enter privileged mode using the enable command. The enable password is null...
Software Guide
Page 480
... make Kerberos authentication mandatory and Kerberos authentication fails, the application attempts to authenticate users using the default method of security, you can configure the switch so that Kerberos clients are mandatory for a password. clear kerberos credentials forward 30-36 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 To configure clients to forward user credentials as they connect to other services on the network with Kerberized clients.
... make Kerberos authentication mandatory and Kerberos authentication fails, the application attempts to authenticate users using the default method of security, you can configure the switch so that Kerberos clients are mandatory for a password. clear kerberos credentials forward 30-36 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01 To configure clients to forward user credentials as they connect to other services on the network with Kerberized clients.
Software Guide
Page 527
...-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 33-3 This example shows a complete TFTP download procedure of the code on page 33-2. When the switch reboots, enter the show version 1 Mod Port Model Serial # Versions 1 0 WS-X4012 JAB03130104 Hw : 1.5 Gsp: 6.1(1.4) Nmp: 6.1(0.104) Console> (enable) copy tftp flash IP address or name of remote host []? 172.20.52.3 Name of file to check the version of a supervisor engine software image: Console> (enable) show version command to copy from a TFTP server...
...-01 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 33-3 This example shows a complete TFTP download procedure of the code on page 33-2. When the switch reboots, enter the show version 1 Mod Port Model Serial # Versions 1 0 WS-X4012 JAB03130104 Hw : 1.5 Gsp: 6.1(1.4) Nmp: 6.1(0.104) Console> (enable) copy tftp flash IP address or name of remote host []? 172.20.52.3 Name of file to check the version of a supervisor engine software image: Console> (enable) show version command to copy from a TFTP server...