Software Guide
Page 34
... the getting started guide. • User-defined and Cisco-default Smartports macros for creating custom switch configurations for simplified deployment across the network. • An embedded device manager GUI for optimizing bandwidth Catalyst 2960 Switch Software Configuration Guide 1-2 OL-8603-04 Features Chapter 1 Overview • Express Setup for quickly configuring a switch for - and switch-level monitoring and troubleshooting, and multiple switch software upgrades. - For information about Express Setup, see the release notes. - The system, redundant power system...
... the getting started guide. • User-defined and Cisco-default Smartports macros for creating custom switch configurations for simplified deployment across the network. • An embedded device manager GUI for optimizing bandwidth Catalyst 2960 Switch Software Configuration Guide 1-2 OL-8603-04 Features Chapter 1 Overview • Express Setup for quickly configuring a switch for - and switch-level monitoring and troubleshooting, and multiple switch software upgrades. - For information about Express Setup, see the release notes. - The system, redundant power system...
Software Guide
Page 35
... version 6 (IPv6) multicast data to clients and routers in a switched network • Multicast VLAN registration (MVR) to continuously send multicast streams in a multicast VLAN while isolating the streams from subscriber VLANs for bandwidth and security reasons • IGMP filtering for controlling the set of multicast groups to which hosts on 10/100/1000 BASE-TX SFP module interfaces that enables the interface to automatically detect the required cable connection type (straight-through or crossover) and to configure the connection...
... version 6 (IPv6) multicast data to clients and routers in a switched network • Multicast VLAN registration (MVR) to continuously send multicast streams in a multicast VLAN while isolating the streams from subscriber VLANs for bandwidth and security reasons • IGMP filtering for controlling the set of multicast groups to which hosts on 10/100/1000 BASE-TX SFP module interfaces that enables the interface to automatically detect the required cable connection type (straight-through or crossover) and to configure the connection...
Software Guide
Page 36
... [DNS] and TFTP server names) • DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address requests, from DHCP clients • DHCP server for automatic assignment of switch information (such as HP OpenView or SunNet Manager. You use it to manage a single switch, a cluster of switches, or a community of MIB extensions and four remote monitoring (RMON) groups. For more information about CNS, see Chapter 26, "Configuring SNMP." • CNS-Cisco Networking Services is network management software...
... [DNS] and TFTP server names) • DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address requests, from DHCP clients • DHCP server for automatic assignment of switch information (such as HP OpenView or SunNet Manager. You use it to manage a single switch, a cluster of switches, or a community of MIB extensions and four remote monitoring (RMON) groups. For more information about CNS, see Chapter 26, "Configuring SNMP." • CNS-Cisco Networking Services is network management software...
Software Guide
Page 39
... not support IEEE 802.1x functionality to be authenticated using a web browser • Password-protected access (read-only and read-write access) to management interfaces (device manager, Network Assistant, and the CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security • Protected port option for restricting the forwarding of traffic to designated ports on the same switch • Port security...
... not support IEEE 802.1x functionality to be authenticated using a web browser • Password-protected access (read-only and read-write access) to management interfaces (device manager, Network Assistant, and the CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security • Protected port option for restricting the forwarding of traffic to designated ports on the same switch • Port security...
Software Guide
Page 48
... firewall services, Network Address Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access. 1-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 Cisco CallManager controls call processing, routing, and Cisco IP Phone features and configuration. In addition to inter-VLAN routing, the routers provide QoS mechanisms such as DSCP priorities to workstations and local servers. Users with workstations running Cisco CallManager software. The switches are connected to prioritize the different types of high-priority traffic. Using...
... firewall services, Network Address Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access. 1-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 Cisco CallManager controls call processing, routing, and Cisco IP Phone features and configuration. In addition to inter-VLAN routing, the routers provide QoS mechanisms such as DSCP priorities to workstations and local servers. Users with workstations running Cisco CallManager software. The switches are connected to prioritize the different types of high-priority traffic. Using...
Software Guide
Page 63
... server. DHCP is Switch. No default gateway is defined. Understanding DHCP-Based Autoconfiguration DHCP provides configuration information to configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server. The switch can be on the same LAN or on the network, you should configure a DHCP relay device between two directly connected LANs. Table 3-1 Default Switch Information Feature IP address and subnet mask Default gateway Enable secret password Hostname Telnet password Cluster command switch functionality Cluster name Default Setting...
... server. DHCP is Switch. No default gateway is defined. Understanding DHCP-Based Autoconfiguration DHCP provides configuration information to configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server. The switch can be on the same LAN or on the network, you should configure a DHCP relay device between two directly connected LANs. Table 3-1 Default Switch Information Feature IP address and subnet mask Default gateway Enable secret password Hostname Telnet password Cluster command switch functionality Cluster name Default Setting...
Software Guide
Page 70
... the Switch IP Address and Default Gateway Manually Assigning IP Information Beginning in the configuration file. For information on setting the switch system name, protecting access to multiple switched virtual interfaces (SVIs): Step 1 Step 2 Command configure terminal interface vlan vlan-id Step 3 Step 4 Step 5 ip address ip-address subnet-mask exit ip default-gateway ip-address Step 6 Step 7 Step 8 Step 9 end show interfaces vlan vlan-id show running -config startup-config Purpose Enter global configuration mode. To remove the switch IP address, use the no service...
... the Switch IP Address and Default Gateway Manually Assigning IP Information Beginning in the configuration file. For information on setting the switch system name, protecting access to multiple switched virtual interfaces (SVIs): Step 1 Step 2 Command configure terminal interface vlan vlan-id Step 3 Step 4 Step 5 ip address ip-address subnet-mask exit ip default-gateway ip-address Step 6 Step 7 Step 8 Step 9 end show interfaces vlan vlan-id show running -config startup-config Purpose Enter global configuration mode. To remove the switch IP address, use the no service...
Software Guide
Page 107
... Table, page 6-26 Managing the System Time and Date You can then be set from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. This clock runs from the moment the system starts up and keeps track of the time service is the system clock. The system clock can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration...
... Table, page 6-26 Managing the System Time and Date You can then be set from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. This clock runs from the moment the system starts up and keeps track of the time service is the system clock. The system clock can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration...
Software Guide
Page 128
...default) to send SNMP traps to the NMS. mac address-table notification Enable the MAC address notification feature. 6-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 Though you can set a trap interval time to bundle the notification traps and reduce network traffic. snmp-server enable traps mac-notification Enable the switch to send MAC address traps to the host. MAC address notifications are not generated for dynamic and secure MAC addresses; Configuring MAC Address Notification Traps MAC address notification enables you have been removed, use the clear mac...
...default) to send SNMP traps to the NMS. mac address-table notification Enable the MAC address notification feature. 6-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 Though you can set a trap interval time to bundle the notification traps and reduce network traffic. snmp-server enable traps mac-notification Enable the switch to send MAC address traps to the host. MAC address notifications are not generated for dynamic and secure MAC addresses; Configuring MAC Address Notification Traps MAC address notification enables you have been removed, use the clear mac...
Software Guide
Page 130
... add a static address to the address table by specifying the destination MAC unicast address and the VLAN from which it is forwarded. Valid VLAN IDs are 1 to 4094. • For interface-id, specify the interface to which the packet with the same MAC address and VLAN ID. You can enter the command multiple times with the specified MAC address is forwarded to the specified port: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 6-24 Catalyst 2960 Switch Software Configuration Guide OL...
... add a static address to the address table by specifying the destination MAC unicast address and the VLAN from which it is forwarded. Valid VLAN IDs are 1 to 4094. • For interface-id, specify the interface to which the packet with the same MAC address and VLAN ID. You can enter the command multiple times with the specified MAC address is forwarded to the specified port: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 6-24 Catalyst 2960 Switch Software Configuration Guide OL...
Software Guide
Page 140
... another switch configuration. If you specify an encryption type, you must enter the enable secret password. If both the enable and enable secret passwords are defined, users must provide an encrypted password-an encrypted password that you specify the level and set a password, give the password only to users who need to all passwords including username passwords, authentication key passwords, the privileged command password, and console and virtual terminal line passwords. For more information, see the "Configuring Multiple...
... another switch configuration. If you specify an encryption type, you must enter the enable secret password. If both the enable and enable secret passwords are defined, users must provide an encrypted password-an encrypted password that you specify the level and set a password, give the password only to users who need to all passwords including username passwords, authentication key passwords, the privileged command password, and console and virtual terminal line passwords. For more information, see the "Configuring Multiple...
Software Guide
Page 143
... a username-based authentication system that an unencrypted password will follow. • For password, specify the password the user must enter to gain access to 25 characters, can assign it level 2 security and distribute the level 2 password fairly widely. By configuring multiple passwords, you can allow connections without a password, use the no login line configuration command. Enable local password checking at login time. Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of users. Level 1 gives user EXEC mode access. •...
... a username-based authentication system that an unencrypted password will follow. • For password, specify the password the user must enter to gain access to 25 characters, can assign it level 2 security and distribute the level 2 password fairly widely. By configuring multiple passwords, you can allow connections without a password, use the no login line configuration command. Enable local password checking at login time. Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of users. Level 1 gives user EXEC mode access. •...
Software Guide
Page 203
... accounting server. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-23 Re-authentication is automatically applied to configure IEEE 802.1x port-based authentication: Step 1 Step 2 Step 3 Command configure terminal aaa new-model aaa authentication dot1x {default} method1 Step 4 Step 5 Step 6 Step 7 dot1x system-auth-control aaa authorization network {default} group radius radius-server host ip-address radius-server key string Step 8 interface interface-id Step 9 switchport mode access Step 10 dot1x port-control auto Step...
... accounting server. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 9-23 Re-authentication is automatically applied to configure IEEE 802.1x port-based authentication: Step 1 Step 2 Step 3 Command configure terminal aaa new-model aaa authentication dot1x {default} method1 Step 4 Step 5 Step 6 Step 7 dot1x system-auth-control aaa authorization network {default} group radius radius-server host ip-address radius-server key string Step 8 interface interface-id Step 9 switchport mode access Step 10 dot1x port-control auto Step...
Software Guide
Page 226
... router Switch Host A Host B VLAN 20 VLAN 30 Using Interface Configuration Mode The switch supports these interface types: • Physical ports-switch ports • VLANs-switch virtual interfaces • Port channels-EtherChannel interfaces 10-4 Catalyst 2960 Switch Software Configuration Guide 46647 OL-8603-04 For more information about configuring speed and duplex settings for whichever connector is on for a dual-purpose uplink, see the hardware installation guide. The dual front ends are not redundant interfaces, and the switch activates only one shows the status...
... router Switch Host A Host B VLAN 20 VLAN 30 Using Interface Configuration Mode The switch supports these interface types: • Physical ports-switch ports • VLANs-switch virtual interfaces • Port channels-EtherChannel interfaces 10-4 Catalyst 2960 Switch Software Configuration Guide 46647 OL-8603-04 For more information about configuring speed and duplex settings for whichever connector is on for a dual-purpose uplink, see the hardware installation guide. The dual front ends are not redundant interfaces, and the switch activates only one shows the status...
Software Guide
Page 236
... not send, pause frames. Configuring IEEE 802.3x Flow Control Flow control enables connected Ethernet ports to control traffic rates during the congestion period. These rules apply to flow control settings on the device: • receive on local and remote ports, see the "Access Ports" section on page 10-2. Note For details on the command settings and the resulting flow control resolution on (or desired): The port cannot send pause frames...
... not send, pause frames. Configuring IEEE 802.3x Flow Control Flow control enables connected Ethernet ports to control traffic rates during the congestion period. These rules apply to flow control settings on the device: • receive on local and remote ports, see the "Access Ports" section on page 10-2. Note For details on the command settings and the resulting flow control resolution on (or desired): The port cannot send pause frames...
Software Guide
Page 237
... flow control, use the no mdix auto interface configuration command. show controllers ethernet-controller Verify the operational state of cable to connect to other devices, and the interface automatically corrects for any incorrect cabling. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-15 speed auto Configure the interface to be configured, and enter interface configuration mode. mdix auto Enable auto-MDIX on 1000BASE-SX or -LX SFP module interfaces. Table 10-2 Link Conditions and Auto-MDIX Settings Local Side Auto-MDIX On On Off Off Remote...
... flow control, use the no mdix auto interface configuration command. show controllers ethernet-controller Verify the operational state of cable to connect to other devices, and the interface automatically corrects for any incorrect cabling. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-15 speed auto Configure the interface to be configured, and enter interface configuration mode. mdix auto Enable auto-MDIX on 1000BASE-SX or -LX SFP module interfaces. Table 10-2 Link Conditions and Auto-MDIX Settings Local Side Auto-MDIX On On Off Off Remote...
Software Guide
Page 268
... | remove} vlan-list (Optional) Configure the list of the enabled VLAN. Do not enter any individual VLAN trunk link so that no user traffic (including spanning-tree advertisements) is set to 1, the port will be added to VLAN 1, regardless of the new VLAN. show interfaces interface-id switchport Verify your entries in the configuration file. 12-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 switchport trunk allowed vlan {add | all Cisco switches, and it is in privileged EXEC mode...
... | remove} vlan-list (Optional) Configure the list of the enabled VLAN. Do not enter any individual VLAN trunk link so that no user traffic (including spanning-tree advertisements) is set to 1, the port will be added to VLAN 1, regardless of the new VLAN. show interfaces interface-id switchport Verify your entries in the configuration file. 12-18 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 switchport trunk allowed vlan {add | all Cisco switches, and it is in privileged EXEC mode...
Software Guide
Page 409
...Control Configuring Port Security To return the interface to the default condition as not a secure port, use the no switchport port-security maximum value interface configuration command. The violation mode is the default, no static secure MAC addresses are configured, and sticky learning is enabled, the sticky secure addresses remain part of secure MAC addresses, use the no switchport port-security interface configuration command. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security Switch(config...
...Control Configuring Port Security To return the interface to the default condition as not a secure port, use the no switchport port-security maximum value interface configuration command. The violation mode is the default, no static secure MAC addresses are configured, and sticky learning is enabled, the sticky secure addresses remain part of secure MAC addresses, use the no switchport port-security interface configuration command. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security Switch(config...
Software Guide
Page 636
..., enter the show cable-diagnostics tdr interface interface-id privileged EXEC command. For this command to enable the debugging for this release. Debugging during troubleshooting sessions with Cisco technical support staff. For example, beginning in privileged EXEC mode, enter this reason, use debug commands only to troubleshoot specific problems or during these situations: • Replacing a switch • Setting up a wiring closet • Troubleshooting a connection between two devices when a link cannot be established or...
..., enter the show cable-diagnostics tdr interface interface-id privileged EXEC command. For this command to enable the debugging for this release. Debugging during troubleshooting sessions with Cisco technical support staff. For example, beginning in privileged EXEC mode, enter this reason, use debug commands only to troubleshoot specific problems or during these situations: • Replacing a switch • Setting up a wiring closet • Troubleshooting a connection between two devices when a link cannot be established or...
Software Guide
Page 700
...-15 types and location B-10 uploading preparing B-10, B-13, B-16 reasons for B-9 using FTP B-14 using RCP B-18 using TFTP B-12 configuration logger 25-10 configuration logging 2-5 configuration replacement B-19 configuration rollback B-19, B-20 configuration settings, saving 3-10 configure terminal command 10-5 config-vlan mode 2-2, 12-6 conflicts, configuration 32-11 connections, secure remote 8-33 connectivity problems 32-12, 32-14, 32-15 consistency checks in VTP Version 2 13-4 console port, connecting to 2-10 control protocol, IP SLAs 27-3 conventions command xxx for examples...
...-15 types and location B-10 uploading preparing B-10, B-13, B-16 reasons for B-9 using FTP B-14 using RCP B-18 using TFTP B-12 configuration logger 25-10 configuration logging 2-5 configuration replacement B-19 configuration rollback B-19, B-20 configuration settings, saving 3-10 configure terminal command 10-5 config-vlan mode 2-2, 12-6 conflicts, configuration 32-11 connections, secure remote 8-33 connectivity problems 32-12, 32-14, 32-15 consistency checks in VTP Version 2 13-4 console port, connecting to 2-10 control protocol, IP SLAs 27-3 conventions command xxx for examples...