Software Guide
Page 34
... to the command switch. Unified configuration, monitoring, authentication, and software upgrade of multiple, cluster-capable switches, regardless of cluster-capable switches, see the switch online help. • Cisco Network Assistant (hereafter referred to accomplish specific tasks. - Simplifying and minimizing switch and switch cluster management from a single graphical interface without needing to remember command-line interface (CLI) commands to as VLAN and QoS settings, inventory and statistic reports, link- The system, redundant power system (RPS), and port LED colors on...
... to the command switch. Unified configuration, monitoring, authentication, and software upgrade of multiple, cluster-capable switches, regardless of cluster-capable switches, see the switch online help. • Cisco Network Assistant (hereafter referred to accomplish specific tasks. - Simplifying and minimizing switch and switch cluster management from a single graphical interface without needing to remember command-line interface (CLI) commands to as VLAN and QoS settings, inventory and statistic reports, link- The system, redundant power system (RPS), and port LED colors on...
Software Guide
Page 35
.../1000 BASE-TX SFP module interfaces that enables the interface to automatically detect the required cable connection type (straight-through or crossover) and to configure the connection appropriately • Support for up to 9000 bytes for frames that are bridged in hardware, and up to 8 Gb/s (Gigabit EtherChannel) or 800 Mb/s (Fast EtherChannel) full-duplex bandwidth among switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for...
.../1000 BASE-TX SFP module interfaces that enables the interface to automatically detect the required cable connection type (straight-through or crossover) and to configure the connection appropriately • Support for up to 9000 bytes for frames that are bridged in hardware, and up to 8 Gb/s (Gigabit EtherChannel) or 800 Mb/s (Fast EtherChannel) full-duplex bandwidth among switches, routers, and servers • Port Aggregation Protocol (PAgP) and Link Aggregation Control Protocol (LACP) for...
Software Guide
Page 36
... file systems that the switch uses Catalyst 2960 Switch Software Configuration Guide 1-4 OL-8603-04 For more information about CNS, see Chapter 2, "Using the Command-Line Interface." • SNMP-SNMP management applications such as IP address, default gateway, hostname, and Domain Name System [DNS] and TFTP server names) • DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address requests, from DHCP clients • DHCP server for automatic assignment of IP addresses and other Cisco devices on Cisco.com. • CLI-The Cisco IOS software supports...
... file systems that the switch uses Catalyst 2960 Switch Software Configuration Guide 1-4 OL-8603-04 For more information about CNS, see Chapter 2, "Using the Command-Line Interface." • SNMP-SNMP management applications such as IP address, default gateway, hostname, and Domain Name System [DNS] and TFTP server names) • DHCP relay for forwarding User Datagram Protocol (UDP) broadcasts, including IP address requests, from DHCP clients • DHCP server for automatic assignment of IP addresses and other Cisco devices on Cisco.com. • CLI-The Cisco IOS software supports...
Software Guide
Page 39
...-write access) to management interfaces (device manager, Network Assistant, and the CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security • Protected port option for restricting the forwarding of traffic to 4094 range as primary and backup links can load balance traffic based on the trunk. Security Features The switch ships with appropriate network resources, traffic patterns, and bandwidth • Support for VLAN IDs...
...-write access) to management interfaces (device manager, Network Assistant, and the CLI) for protection against unauthorized configuration changes • Multilevel security for a choice of security level, notification, and resulting actions • Static MAC addressing for ensuring security • Protected port option for restricting the forwarding of traffic to 4094 range as primary and backup links can load balance traffic based on the trunk. Security Features The switch ships with appropriate network resources, traffic patterns, and bandwidth • Support for VLAN IDs...
Software Guide
Page 48
... up to deliver high-priority traffic. The switches are connected to workstations and local servers. Using Cisco IP Phones, Cisco CallManager software, and Cisco SoftPhone software integrates telephony and IP networks, and the IP network supports both voice and data. The routers also provide firewall services, Network Address Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access. 1-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 Voice traffic from the Cisco IP Phones are configured on the same VLAN. When an end station...
... up to deliver high-priority traffic. The switches are connected to workstations and local servers. Using Cisco IP Phones, Cisco CallManager software, and Cisco SoftPhone software integrates telephony and IP networks, and the IP network supports both voice and data. The routers also provide firewall services, Network Address Translation (NAT) services, voice-over-IP (VoIP) gateway services, and WAN and Internet access. 1-16 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 Voice traffic from the Cisco IP Phones are configured on the same VLAN. When an end station...
Software Guide
Page 63
... configure the DHCP server for allocating network addresses to Internet hosts and internetworking devices. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-3 Disabled. If you should configure a DHCP relay device between two directly connected LANs. A router does not forward broadcast packets, but it forwards packets based on a client-server model, in the received packet. Table 3-1 Default Switch Information Feature IP address and subnet mask Default gateway Enable secret password Hostname Telnet password Cluster command switch functionality Cluster name Default Setting...
... configure the DHCP server for allocating network addresses to Internet hosts and internetworking devices. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 3-3 Disabled. If you should configure a DHCP relay device between two directly connected LANs. A router does not forward broadcast packets, but it forwards packets based on a client-server model, in the received packet. Table 3-1 Default Switch Information Feature IP address and subnet mask Default gateway Enable secret password Hostname Telnet password Cluster command switch functionality Cluster name Default Setting...
Software Guide
Page 70
...switch has connectivity to the remote networks with which the IP information is 1 to communicate. The VLAN range is assigned. Enter the IP address and subnet mask. To remove the default gateway address, use the no service password-encryption ! Checking and Saving the Running Configuration Chapter 3 Assigning the Switch IP Address and Default Gateway Manually Assigning IP Information Beginning in the configuration file. Enter interface configuration mode, and enter the VLAN to multiple switched virtual interfaces (SVIs): Step 1 Step 2 Command configure terminal interface vlan vlan...
...switch has connectivity to the remote networks with which the IP information is 1 to communicate. The VLAN range is assigned. Enter the IP address and subnet mask. To remove the default gateway address, use the no service password-encryption ! Checking and Saving the Running Configuration Chapter 3 Assigning the Switch IP Address and Default Gateway Manually Assigning IP Information Beginning in the configuration file. Enter interface configuration mode, and enter the VLAN to multiple switched virtual interfaces (SVIs): Step 1 Step 2 Command configure terminal interface vlan vlan...
Software Guide
Page 107
... • Creating a Banner, page 6-17 • Managing the MAC Address Table, page 6-19 • Managing the ARP Table, page 6-26 Managing the System Time and Date You can then be set from these sources: • NTP • Manual configuration OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-1 The system clock can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. 6 C H A P T E R Administering the Switch This chapter...
... • Creating a Banner, page 6-17 • Managing the MAC Address Table, page 6-19 • Managing the ARP Table, page 6-26 Managing the System Time and Date You can then be set from these sources: • NTP • Manual configuration OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 6-1 The system clock can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. 6 C H A P T E R Administering the Switch This chapter...
Software Guide
Page 128
... SNMP version to the NMS. mac address-table notification Enable the MAC address notification feature. 6-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 snmp-server enable traps mac-notification Enable the switch to send MAC address traps to support. events are generated for dynamic and secure MAC addresses; Version 1, the default, is enabled. Though you have been removed, use the show mac address-table dynamic privileged EXEC command. To verify that you define this string by using the snmp-server host command. • For notification-type, use the mac...
... SNMP version to the NMS. mac address-table notification Enable the MAC address notification feature. 6-22 Catalyst 2960 Switch Software Configuration Guide OL-8603-04 snmp-server enable traps mac-notification Enable the switch to send MAC address traps to support. events are generated for dynamic and secure MAC addresses; Version 1, the default, is enabled. Though you have been removed, use the show mac address-table dynamic privileged EXEC command. To verify that you define this string by using the snmp-server host command. • For notification-type, use the mac...
Software Guide
Page 130
... example shows how to add the static address c2f3.220a.12f4 to the address table. Managing the MAC Address Table Chapter 6 Administering the Switch Adding and Removing Static Address Entries A static address has these steps to the address table by specifying the destination MAC unicast address and the VLAN from which it is received. A packet with the interface-id option. Valid VLAN IDs are forwarded to the specified port: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 6-24 Catalyst 2960 Switch Software Configuration Guide...
... example shows how to add the static address c2f3.220a.12f4 to the address table. Managing the MAC Address Table Chapter 6 Administering the Switch Adding and Removing Static Address Entries A static address has these steps to the address table by specifying the destination MAC unicast address and the VLAN from which it is received. A packet with the interface-id option. Valid VLAN IDs are forwarded to the specified port: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet0/1 6-24 Catalyst 2960 Switch Software Configuration Guide...
Software Guide
Page 140
... passwords including username passwords, authentication key passwords, the privileged command password, and console and virtual terminal line passwords. After you must enter the enable secret password. Protecting Access to Privileged EXEC Commands Chapter 8 Configuring Switch-Based Authentication Beginning in the configuration file. Define a new password or change an existing password for access to define a password for enable and enable secret passwords: Step 1 Step 2 Command configure terminal enable password [level level] {password | encryption-type encrypted-password} or enable...
... passwords including username passwords, authentication key passwords, the privileged command password, and console and virtual terminal line passwords. After you must enter the enable secret password. Protecting Access to Privileged EXEC Commands Chapter 8 Configuring Switch-Based Authentication Beginning in the configuration file. Define a new password or change an existing password for access to define a password for enable and enable secret passwords: Step 1 Step 2 Command configure terminal enable password [level level] {password | encryption-type encrypted-password} or enable...
Software Guide
Page 143
... password, specify the password the user must enter to gain access to the switch. Enable local password checking at login time. For example, if you can contain embedded spaces, and must be the last option specified in Step 2. Enter the username, privilege level, and password for Lines, page 8-9 • Logging into and Exiting a Privilege Level, page 8-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-7 To disable password checking and allow different sets of password security: user...
... password, specify the password the user must enter to gain access to the switch. Enable local password checking at login time. For example, if you can contain embedded spaces, and must be the last option specified in Step 2. Enter the username, privilege level, and password for Lines, page 8-9 • Logging into and Exiting a Privilege Level, page 8-9 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 8-7 To disable password checking and allow different sets of password security: user...
Software Guide
Page 203
... group radius keywords to use the list of all RADIUS servers for IEEE 802.1x authentication, and enter interface configuration mode. (Optional) Set the port to the accounting server that is not specified in the configuration file. Enable AAA. To create a default list that is used between the switch and the RADIUS daemon running -config startup-config Purpose Enter global configuration mode. Beginning in the command-line help string, only the group radius keywords are supported...
... group radius keywords to use the list of all RADIUS servers for IEEE 802.1x authentication, and enter interface configuration mode. (Optional) Set the port to the accounting server that is not specified in the configuration file. Enable AAA. To create a default list that is used between the switch and the RADIUS daemon running -config startup-config Purpose Enter global configuration mode. Beginning in the command-line help string, only the group radius keywords are supported...
Software Guide
Page 226
...a dual-purpose uplink, see the hardware installation guide. For more information about configuring speed and duplex settings for whichever connector is considered as a single interface with Layer 2 Switches Cisco router Switch Host A Host B VLAN 20 VLAN 30 Using Interface Configuration Mode The switch supports these interface types: • Physical ports-switch ports • VLANs-switch virtual interfaces • Port channels-EtherChannel interfaces 10-4 Catalyst 2960 Switch Software Configuration Guide 46647 OL-8603-04 Figure 10-1 Connecting VLANs with dual front ends-an...
...a dual-purpose uplink, see the hardware installation guide. For more information about configuring speed and duplex settings for whichever connector is considered as a single interface with Layer 2 Switches Cisco router Switch Host A Host B VLAN 20 VLAN 30 Using Interface Configuration Mode The switch supports these interface types: • Physical ports-switch ports • VLANs-switch virtual interfaces • Port channels-EtherChannel interfaces 10-4 Catalyst 2960 Switch Software Configuration Guide 46647 OL-8603-04 Figure 10-1 Connecting VLANs with dual front ends-an...
Software Guide
Page 236
... interfaces gi0/1 to gi0/16, speed and duplex settings do not apply, as they are operating in SFP module mode. For more traffic, it notifies the other port by allowing congested nodes to stop sending until the condition clears. Configuring IEEE 802.3x Flow Control Flow control enables connected Ethernet ports to control traffic rates during the congestion period. Note Catalyst 2960 ports can receive, but can operate with an attached device...
... interfaces gi0/1 to gi0/16, speed and duplex settings do not apply, as they are operating in SFP module mode. For more traffic, it notifies the other port by allowing congested nodes to stop sending until the condition clears. Configuring IEEE 802.3x Flow Control Flow control enables connected Ethernet ports to control traffic rates during the congestion period. Note Catalyst 2960 ports can receive, but can operate with an attached device...
Software Guide
Page 237
...-SX or -LX SFP module interfaces. To disable auto-MDIX, use the flowcontrol receive off interface configuration command. This example shows how to auto so that result from auto-MDIX settings and correct and incorrect cabling. Auto-MDIX is not supported on all 10/100 and 10/100/1000-Mb/s interfaces. Auto-MDIX is enabled on the interface. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-15 Table 10-2 shows the link states that the...
...-SX or -LX SFP module interfaces. To disable auto-MDIX, use the flowcontrol receive off interface configuration command. This example shows how to auto so that result from auto-MDIX settings and correct and incorrect cabling. Auto-MDIX is not supported on all 10/100 and 10/100/1000-Mb/s interfaces. Auto-MDIX is enabled on the interface. OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 10-15 Table 10-2 shows the link states that the...
Software Guide
Page 268
... a VLAN if the VLAN is true for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), DTP, and VTP in privileged EXEC mode, follow these steps to the access VLAN. The same is enabled, if VTP knows of the switchport trunk allowed setting. A trunk port can remove VLANs from the allowed list, preventing traffic from those VLANs from the allowed list. Beginning in VLAN 1. For explanations about using the add, all Cisco switches, and...
... a VLAN if the VLAN is true for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), DTP, and VTP in privileged EXEC mode, follow these steps to the access VLAN. The same is enabled, if VTP knows of the switchport trunk allowed setting. A trunk port can remove VLANs from the allowed list, preventing traffic from those VLANs from the allowed list. Beginning in VLAN 1. For explanations about using the add, all Cisco switches, and...
Software Guide
Page 409
...security mac-address 0000.02000.0004 vlan 3 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-15 All addresses are configured, and sticky learning is enabled, the sticky secure addresses remain part of secure MAC addresses, use the no switchport port-security mac-address mac-address interface configuration command. Use the clear port-security {all secure addresses of secure addresses to the default condition (shutdown mode), use the no switchport port-security mac-address mac-address interface configuration command. You must specifically delete configured secure MAC...
...security mac-address 0000.02000.0004 vlan 3 OL-8603-04 Catalyst 2960 Switch Software Configuration Guide 19-15 All addresses are configured, and sticky learning is enabled, the sticky secure addresses remain part of secure MAC addresses, use the no switchport port-security mac-address mac-address interface configuration command. Use the clear port-security {all secure addresses of secure addresses to the default condition (shutdown mode), use the no switchport port-security mac-address mac-address interface configuration command. You must specifically delete configured secure MAC...
Software Guide
Page 636
... • Enabling All-System Diagnostics, page 32-19 • Redirecting Debug and Error Message Output, page 32-19 Caution Because debugging output is assigned high priority in the CPU process, it is best to use debug commands only to troubleshoot specific problems or during these situations: • Replacing a switch • Setting up a wiring closet • Troubleshooting a connection between two devices when a link cannot be...
... • Enabling All-System Diagnostics, page 32-19 • Redirecting Debug and Error Message Output, page 32-19 Caution Because debugging output is assigned high priority in the CPU process, it is best to use debug commands only to troubleshoot specific problems or during these situations: • Replacing a switch • Setting up a wiring closet • Troubleshooting a connection between two devices when a link cannot be...
Software Guide
Page 700
...-15 types and location B-10 uploading preparing B-10, B-13, B-16 reasons for B-9 using FTP B-14 using RCP B-18 using TFTP B-12 configuration logger 25-10 configuration logging 2-5 configuration replacement B-19 configuration rollback B-19, B-20 configuration settings, saving 3-10 configure terminal command 10-5 config-vlan mode 2-2, 12-6 conflicts, configuration 32-11 connections, secure remote 8-33 connectivity problems 32-12, 32-14, 32-15 consistency checks in VTP Version 2 13-4 console port, connecting to 2-10 control protocol, IP SLAs 27-3 conventions command xxx for examples...
...-15 types and location B-10 uploading preparing B-10, B-13, B-16 reasons for B-9 using FTP B-14 using RCP B-18 using TFTP B-12 configuration logger 25-10 configuration logging 2-5 configuration replacement B-19 configuration rollback B-19, B-20 configuration settings, saving 3-10 configure terminal command 10-5 config-vlan mode 2-2, 12-6 conflicts, configuration 32-11 connections, secure remote 8-33 connectivity problems 32-12, 32-14, 32-15 consistency checks in VTP Version 2 13-4 console port, connecting to 2-10 control protocol, IP SLAs 27-3 conventions command xxx for examples...