Software Guide
Page 1
Catalyst 2960 Switch Software Configuration Guide Cisco IOS Release 12.2(40)SE Revised September 2007 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-8603-04
Catalyst 2960 Switch Software Configuration Guide Cisco IOS Release 12.2(40)SE Revised September 2007 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-8603-04
Software Guide
Page 2
... Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive...(UCB) as part of UCB's public domain version of Cisco Systems, Inc.; Catalyst 2960 Switch Software Configuration Guide © 2006-2007 Cisco Systems, Inc. CCVP, the Cisco logo, and the Cisco Square Bridge logo are the property of actual IP addresses...
... Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive...(UCB) as part of UCB's public domain version of Cisco Systems, Inc.; Catalyst 2960 Switch Software Configuration Guide © 2006-2007 Cisco Systems, Inc. CCVP, the Cisco logo, and the Cisco Square Bridge logo are the property of actual IP addresses...
Software Guide
Page 3
...Redundancy Features 1-6 VLAN Features 1-7 Security Features 1-7 QoS and CoS Features 1-9 Monitoring Features 1-10 Default Settings After Initial Switch Configuration 1-10 Network Configuration Examples 1-12 Design Concepts for Using the Switch 1-12 Small to Medium-Sized Network Using Catalyst 2960 Switches 1-16 Long-Distance,... High-Bandwidth Transport Configuration 1-17 Where to Go Next 1-18 Using the Command-Line Interface 2-1 Understanding Command Modes 2-1 Understanding the Help System 2-3...
...Redundancy Features 1-6 VLAN Features 1-7 Security Features 1-7 QoS and CoS Features 1-9 Monitoring Features 1-10 Default Settings After Initial Switch Configuration 1-10 Network Configuration Examples 1-12 Design Concepts for Using the Switch 1-12 Small to Medium-Sized Network Using Catalyst 2960 Switches 1-16 Long-Distance,... High-Bandwidth Transport Configuration 1-17 Where to Go Next 1-18 Using the Command-Line Interface 2-1 Understanding Command Modes 2-1 Understanding the Help System 2-3...
Software Guide
Page 4
...-Based Autoconfiguration 3-3 DHCP Client Request Process 3-4 Configuring DHCP-Based Autoconfiguration 3-5 DHCP Server Configuration Guidelines 3-5 Configuring the TFTP Server 3-6 Configuring the DNS 3-6 Configuring the Relay Device 3-6 Obtaining Configuration Files 3-7 Example Configuration 3-8 Manually Assigning IP Information 3-10 Checking and Saving the Running Configuration 3-10 Modifying the Startup Configuration 3-11 Default Boot Configuration 3-12 Automatically Downloading a Configuration File 3-12 Specifying the Filename to Read...
...-Based Autoconfiguration 3-3 DHCP Client Request Process 3-4 Configuring DHCP-Based Autoconfiguration 3-5 DHCP Server Configuration Guidelines 3-5 Configuring the TFTP Server 3-6 Configuring the DNS 3-6 Configuring the Relay Device 3-6 Obtaining Configuration Files 3-7 Example Configuration 3-8 Manually Assigning IP Information 3-10 Checking and Saving the Running Configuration 3-10 Modifying the Startup Configuration 3-11 Default Boot Configuration 3-12 Automatically Downloading a Configuration File 3-12 Specifying the Filename to Read...
Software Guide
Page 5
... 4-3 DeviceID 4-4 Hostname and DeviceID 4-4 Using Hostname, DeviceID, and ConfigID 4-4 Understanding Cisco IOS Agents 4-5 Initial Configuration 4-5 Incremental (Partial) Configuration 4-6 Synchronized Configuration 4-6 Configuring Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Clustering Switches 5-1 Understanding Switch Clusters 5-1 Cluster Command Switch Characteristics 5-3 Standby...
... 4-3 DeviceID 4-4 Hostname and DeviceID 4-4 Using Hostname, DeviceID, and ConfigID 4-4 Understanding Cisco IOS Agents 4-5 Initial Configuration 4-5 Incremental (Partial) Configuration 4-6 Synchronized Configuration 4-6 Configuring Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Clustering Switches 5-1 Understanding Switch Clusters 5-1 Cluster Command Switch Characteristics 5-3 Standby...
Software Guide
Page 6
... System Time and Date 6-1 Understanding the System Clock 6-1 Understanding Network Time Protocol 6-2 Configuring NTP 6-3 Default NTP Configuration 6-4 Configuring NTP Authentication 6-4 Configuring NTP Associations 6-5 Configuring NTP Broadcast Service 6-6 Configuring NTP Access Restrictions 6-8 Configuring the Source IP Address for NTP Packets 6-10 Displaying the NTP Configuration 6-11 Configuring Time and Date Manually 6-11 Setting the System Clock 6-11 Displaying the Time...
... System Time and Date 6-1 Understanding the System Clock 6-1 Understanding Network Time Protocol 6-2 Configuring NTP 6-3 Default NTP Configuration 6-4 Configuring NTP Authentication 6-4 Configuring NTP Associations 6-5 Configuring NTP Broadcast Service 6-6 Configuring NTP Access Restrictions 6-8 Configuring the Source IP Address for NTP Packets 6-10 Displaying the NTP Configuration 6-11 Configuring Time and Date Manually 6-11 Setting the System Clock 6-11 Displaying the Time...
Software Guide
Page 7
... or Changing a Static Enable Password 8-3 Protecting Enable and Enable Secret Passwords with Encryption 8-3 Disabling Password Recovery 8-5 Setting a Telnet Password for a Terminal Line 8-6 Configuring Username and Password Pairs 8-6 Configuring Multiple Privilege Levels 8-7 Setting the Privilege Level for a Command 8-8 Changing the Default Privilege Level for Lines 8-9 Logging into and Exiting a Privilege Level 8-9 Controlling Switch...
... or Changing a Static Enable Password 8-3 Protecting Enable and Enable Secret Passwords with Encryption 8-3 Disabling Password Recovery 8-5 Setting a Telnet Password for a Terminal Line 8-6 Configuring Username and Password Pairs 8-6 Configuring Multiple Privilege Levels 8-7 Setting the Privilege Level for a Command 8-8 Changing the Default Privilege Level for Lines 8-9 Logging into and Exiting a Privilege Level 8-9 Controlling Switch...
Software Guide
Page 8
...Clients, and Supported Versions 8-33 Limitations 8-34 Configuring SSH 8-34 Configuration Guidelines 8-34 Setting Up the Switch to Run SSH 8-35 Configuring the SSH Server 8-36 Displaying the SSH Configuration and Status 8-37 Configuring the Switch for Secure Socket Layer HTTP 8-37...Clients 8-37 Certificate Authority Trustpoints 8-38 CipherSuites 8-39 Configuring Secure HTTP Servers and Clients 8-40 Default SSL Configuration 8-40 SSL Configuration Guidelines 8-40 Configuring a CA Trustpoint 8-40 Configuring the Secure HTTP Server 8-41 Configuring the Secure HTTP Client 8-43 Displaying Secure HTTP ...
...Clients, and Supported Versions 8-33 Limitations 8-34 Configuring SSH 8-34 Configuration Guidelines 8-34 Setting Up the Switch to Run SSH 8-35 Configuring the SSH Server 8-36 Displaying the SSH Configuration and Status 8-37 Configuring the Switch for Secure Socket Layer HTTP 8-37...Clients 8-37 Certificate Authority Trustpoints 8-38 CipherSuites 8-39 Configuring Secure HTTP Servers and Clients 8-40 Default SSL Configuration 8-40 SSL Configuration Guidelines 8-40 Configuring a CA Trustpoint 8-40 Configuring the Secure HTTP Server 8-41 Configuring the Secure HTTP Client 8-43 Displaying Secure HTTP ...
Software Guide
Page 9
...Using Web Authentication 9-17 Web Authentication with Automatic MAC Check 9-18 Configuring IEEE 802.1x Authentication 9-18 Default IEEE 802.1x Authentication Configuration 9-19 IEEE 802.1x Authentication Configuration Guidelines 9-20 IEEE 802.1x Authentication 9-20 VLAN Assignment, Guest ...21 MAC Authentication Bypass 9-22 Upgrading from a Previous Software Release 9-22 Configuring IEEE 802.1x Authentication 9-22 Configuring the Switch-to-RADIUS-Server Communication 9-24 Configuring the Host Mode 9-25 Configuring Periodic Re-Authentication 9-25 Manually Re-Authenticating a Client Connected to a...
...Using Web Authentication 9-17 Web Authentication with Automatic MAC Check 9-18 Configuring IEEE 802.1x Authentication 9-18 Default IEEE 802.1x Authentication Configuration 9-19 IEEE 802.1x Authentication Configuration Guidelines 9-20 IEEE 802.1x Authentication 9-20 VLAN Assignment, Guest ...21 MAC Authentication Bypass 9-22 Upgrading from a Previous Software Release 9-22 Configuring IEEE 802.1x Authentication 9-22 Configuring the Switch-to-RADIUS-Server Communication 9-24 Configuring the Host Mode 9-25 Configuring Periodic Re-Authentication 9-25 Manually Re-Authenticating a Client Connected to a...
Software Guide
Page 10
...Authentication on the Port 9-40 Resetting the IEEE 802.1x Authentication Configuration to the Default Values 9-41 Displaying IEEE 802.1x Statistics and Status 9-41 10 C H A P T E R Configuring Interface Characteristics 10-1 Understanding Interface Types 10-1 Port-Based VLANs 10...Ports 10-4 Connecting Interfaces 10-4 Using Interface Configuration Mode 10-4 Procedures for Configuring Interfaces 10-5 Configuring a Range of Interfaces 10-6 Configuring and Using Interface Range Macros 10-7 Configuring Ethernet Interfaces 10-9 Default Ethernet Interface Configuration 10-9 Setting the Type of a Dual-...
...Authentication on the Port 9-40 Resetting the IEEE 802.1x Authentication Configuration to the Default Values 9-41 Displaying IEEE 802.1x Statistics and Status 9-41 10 C H A P T E R Configuring Interface Characteristics 10-1 Understanding Interface Types 10-1 Port-Based VLANs 10...Ports 10-4 Connecting Interfaces 10-4 Using Interface Configuration Mode 10-4 Procedures for Configuring Interfaces 10-5 Configuring a Range of Interfaces 10-6 Configuring and Using Interface Range Macros 10-7 Configuring Ethernet Interfaces 10-9 Default Ethernet Interface Configuration 10-9 Setting the Type of a Dual-...
Software Guide
Page 11
Contents 12 C H A P T E R OL-8603-04 Configuring Smartports Macros 11-2 Default Smartports Macro Configuration 11-2 Smartports Macro Configuration Guidelines 11-2 Creating Smartports Macros 11-4 Applying Smartports Macros 11-5 Applying Cisco-Default Smartports Macros 11-6 Displaying Smartports Macros 11-8 Configuring VLANs 12-1 Understanding VLANs 12-1 Supported VLANs 12-2 VLAN Port Membership Modes 12-3 Configuring Normal-Range VLANs 12-4 Token...
Contents 12 C H A P T E R OL-8603-04 Configuring Smartports Macros 11-2 Default Smartports Macro Configuration 11-2 Smartports Macro Configuration Guidelines 11-2 Creating Smartports Macros 11-4 Applying Smartports Macros 11-5 Applying Cisco-Default Smartports Macros 11-6 Displaying Smartports Macros 11-8 Configuring VLANs 12-1 Understanding VLANs 12-1 Supported VLANs 12-2 VLAN Port Membership Modes 12-3 Configuring Normal-Range VLANs 12-4 Token...
Software Guide
Page 12
...Count 12-28 Monitoring the VMPS 12-28 Troubleshooting Dynamic-Access Port VLAN Membership 12-29 VMPS Configuration Example 12-29 Configuring VTP 13-1 Understanding VTP 13-1 The VTP Domain 13-2 VTP Modes 13-3 VTP Advertisements 13-3 ... 13-4 Configuring VTP 13-6 Default VTP Configuration 13-6 VTP Configuration Options 13-7 VTP Configuration in Global Configuration Mode 13-7 VTP Configuration in VLAN Database Configuration Mode 13-7 VTP Configuration Guidelines 13-8 Domain Names 13-8 Passwords 13-8 VTP Version 13-8 Configuration Requirements 13-9 Configuring a VTP Server 13-9 Configuring a VTP...
...Count 12-28 Monitoring the VMPS 12-28 Troubleshooting Dynamic-Access Port VLAN Membership 12-29 VMPS Configuration Example 12-29 Configuring VTP 13-1 Understanding VTP 13-1 The VTP Domain 13-2 VTP Modes 13-3 VTP Advertisements 13-3 ... 13-4 Configuring VTP 13-6 Default VTP Configuration 13-6 VTP Configuration Options 13-7 VTP Configuration in Global Configuration Mode 13-7 VTP Configuration in VLAN Database Configuration Mode 13-7 VTP Configuration Guidelines 13-8 Domain Names 13-8 Passwords 13-8 VTP Version 13-8 Configuration Requirements 13-9 Configuring a VTP Server 13-9 Configuring a VTP...
Software Guide
Page 13
...-14 Monitoring VTP 13-16 Configuring Voice VLAN 14-1 Understanding Voice VLAN 14-1 Cisco IP Phone Voice Traffic 14-2 Cisco IP Phone Data Traffic 14-2 Configuring Voice VLAN 14-3 Default Voice VLAN Configuration 14-3 Voice VLAN Configuration Guidelines 14-3 Configuring a Port Connected to a Cisco 7960 IP Phone 14-4 Configuring Cisco IP Phone Voice Traffic 14-4 Configuring the Priority of Incoming Data...
...-14 Monitoring VTP 13-16 Configuring Voice VLAN 14-1 Understanding Voice VLAN 14-1 Cisco IP Phone Voice Traffic 14-2 Cisco IP Phone Data Traffic 14-2 Configuring Voice VLAN 14-3 Default Voice VLAN Configuration 14-3 Voice VLAN Configuration Guidelines 14-3 Configuring a Port Connected to a Cisco 7960 IP Phone 14-4 Configuring Cisco IP Phone Voice Traffic 14-4 Configuring the Priority of Incoming Data...
Software Guide
Page 14
Contents 16 C H A P T E R Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-16 Configuring Path Cost 15-18 Configuring the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 Configuring the Hello Time 15-20 Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN...
Contents 16 C H A P T E R Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-16 Configuring Path Cost 15-18 Configuring the Switch Priority of a VLAN 15-19 Configuring Spanning-Tree Timers 15-20 Configuring the Hello Time 15-20 Configuring the Forwarding-Delay Time for a VLAN 15-21 Configuring the Maximum-Aging Time for a VLAN...
Software Guide
Page 15
...16-24 Designating the Neighbor Type 16-25 Restarting the Protocol Migration Process 16-25 Displaying the MST Configuration and Status 16-26 Configuring Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU...-5 Understanding EtherChannel Guard 17-7 Understanding Root Guard 17-8 Understanding Loop Guard 17-9 Configuring Optional Spanning-Tree Features 17-9 Default Optional Spanning-Tree Configuration 17-9 Optional Spanning-Tree Configuration Guidelines 17-10 Enabling Port Fast 17-10 Enabling BPDU Guard 17-11 Enabling...
...16-24 Designating the Neighbor Type 16-25 Restarting the Protocol Migration Process 16-25 Displaying the MST Configuration and Status 16-26 Configuring Optional Spanning-Tree Features 17-1 Understanding Optional Spanning-Tree Features 17-1 Understanding Port Fast 17-2 Understanding BPDU...-5 Understanding EtherChannel Guard 17-7 Understanding Root Guard 17-8 Understanding Loop Guard 17-9 Configuring Optional Spanning-Tree Features 17-9 Default Optional Spanning-Tree Configuration 17-9 Optional Spanning-Tree Configuration Guidelines 17-10 Enabling Port Fast 17-10 Enabling BPDU Guard 17-11 Enabling...
Software Guide
Page 16
...Time After a TCN Event 18-12 Recovering from Flood Mode 18-12 Disabling Multicast Flooding During a TCN Event 18-13 Configuring the IGMP Snooping Querier 18-14 Disabling IGMP Report Suppression 18-15 Displaying IGMP Snooping Information 18-15 Understanding Multicast VLAN Registration...MVR in a Multicast Television Application 18-18 Configuring MVR 18-19 Default MVR Configuration 18-19 MVR Configuration Guidelines and Limitations 18-20 Configuring MVR Global Parameters 18-20 Configuring MVR Interfaces 18-21 Displaying MVR Information 18-23 Configuring IGMP Filtering and Throttling 18-23 Default ...
...Time After a TCN Event 18-12 Recovering from Flood Mode 18-12 Disabling Multicast Flooding During a TCN Event 18-13 Configuring the IGMP Snooping Querier 18-14 Disabling IGMP Report Suppression 18-15 Displaying IGMP Snooping Information 18-15 Understanding Multicast VLAN Registration...MVR in a Multicast Television Application 18-18 Configuring MVR 18-19 Default MVR Configuration 18-19 MVR Configuration Guidelines and Limitations 18-20 Configuring MVR Global Parameters 18-20 Configuring MVR Interfaces 18-21 Displaying MVR Information 18-23 Configuring IGMP Filtering and Throttling 18-23 Default ...
Software Guide
Page 17
... C H A P T E R 21 C H A P T E R OL-8603-04 Default Storm Control Configuration 19-3 Configuring Storm Control and Threshold Levels 19-3 Configuring Protected Ports 19-5 Default Protected Port Configuration 19-6 Protected Port Configuration Guidelines 19-6 Configuring a Protected Port 19-6 Configuring Port Blocking 19-7 Default Port Blocking Configuration 19-7 Blocking Flooded Traffic on an Interface 19-7 Configuring Port Security 19-8 Understanding Port Security 19-8 Secure...
... C H A P T E R 21 C H A P T E R OL-8603-04 Default Storm Control Configuration 19-3 Configuring Storm Control and Threshold Levels 19-3 Configuring Protected Ports 19-5 Default Protected Port Configuration 19-6 Protected Port Configuration Guidelines 19-6 Configuring a Protected Port 19-6 Configuring Port Blocking 19-7 Default Port Blocking Configuration 19-7 Blocking Flooded Traffic on an Interface 19-7 Configuring Port Security 19-8 Understanding Port Security 19-8 Secure...
Software Guide
Page 18
... Enabling UDLD on an Interface 22-5 Resetting an Interface Disabled by UDLD 22-6 Displaying UDLD Status 22-6 23 C H A P T E R Configuring SPAN and RSPAN 23-1 Understanding SPAN and RSPAN 23-1 Local SPAN 23-2 Remote SPAN 23-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions... Filtering 23-6 Destination Port 23-6 RSPAN VLAN 23-7 SPAN and RSPAN Interaction with Other Features 23-8 Configuring SPAN and RSPAN 23-9 Default SPAN and RSPAN Configuration 23-9 Configuring Local SPAN 23-9 SPAN Configuration Guidelines 23-10 Creating a Local SPAN Session 23-10 Creating a Local SPAN Session and...
... Enabling UDLD on an Interface 22-5 Resetting an Interface Disabled by UDLD 22-6 Displaying UDLD Status 22-6 23 C H A P T E R Configuring SPAN and RSPAN 23-1 Understanding SPAN and RSPAN 23-1 Local SPAN 23-2 Remote SPAN 23-2 SPAN and RSPAN Concepts and Terminology 23-3 SPAN Sessions... Filtering 23-6 Destination Port 23-6 RSPAN VLAN 23-7 SPAN and RSPAN Interaction with Other Features 23-8 Configuring SPAN and RSPAN 23-9 Default SPAN and RSPAN Configuration 23-9 Configuring Local SPAN 23-9 SPAN Configuration Guidelines 23-10 Creating a Local SPAN Session 23-10 Creating a Local SPAN Session and...
Software Guide
Page 19
...23-20 Specifying VLANs to Filter 23-21 Displaying SPAN and RSPAN Status 23-22 Configuring RMON 24-1 Understanding RMON 24-1 Configuring RMON 24-2 Default RMON Configuration 24-3 Configuring RMON Alarms and Events 24-3 Collecting Group History Statistics on an Interface 24-5 Collecting ...Statistics on an Interface 24-5 Displaying RMON Status 24-6 Configuring System Message Logging 25-1 Understanding System Message Logging 25-1 Configuring System Message Logging 25-2 System Log Message Format 25-2 Default System Message Logging Configuration 25-3 Disabling Message Logging 25-4 Setting the Message ...
...23-20 Specifying VLANs to Filter 23-21 Displaying SPAN and RSPAN Status 23-22 Configuring RMON 24-1 Understanding RMON 24-1 Configuring RMON 24-2 Default RMON Configuration 24-3 Configuring RMON Alarms and Events 24-3 Collecting Group History Statistics on an Interface 24-5 Collecting ...Statistics on an Interface 24-5 Displaying RMON Status 24-6 Configuring System Message Logging 25-1 Understanding System Message Logging 25-1 Configuring System Message Logging 25-2 System Log Message Format 25-2 Default System Message Logging Configuration 25-3 Disabling Message Logging 25-4 Setting the Message ...
Software Guide
Page 20
...-15 Limiting TFTP Servers Used Through SNMP 26-16 SNMP Examples 26-17 Displaying SNMP Status 26-18 27 C H A P T E R Configuring Cisco IOS IP SLAs Operations 27-1 Understanding Cisco IOS IP SLAs 27-1 Using Cisco IOS IP SLAs to Measure Network Performance 27-2 IP SLAs Responder and IP SLAs Control Protocol 27-3 Response Time Computation...
...-15 Limiting TFTP Servers Used Through SNMP 26-16 SNMP Examples 26-17 Displaying SNMP Status 26-18 27 C H A P T E R Configuring Cisco IOS IP SLAs Operations 27-1 Understanding Cisco IOS IP SLAs 27-1 Using Cisco IOS IP SLAs to Measure Network Performance 27-2 IP SLAs Responder and IP SLAs Control Protocol 27-3 Response Time Computation...