Guest

Cisco Catalyst 2940 Series Switches

Release Notes for the Catalyst 2955, Catalyst 2950, and Catalyst 2940 Switches, Cisco IOS Release 12.1(22)EA1 (Rev Nov 15, 2004)

  • Viewing Options

  • PDF (966.1 KB)
  • Feedback
Release Notes for the Catalyst 2955, Catalyst 2950, and Catalyst 2940 Switches, Cisco IOS Release 12.1(22)EA1

Table Of Contents

Release Notes for the Catalyst 2955, Catalyst 2950, and Catalyst 2940 Switches, Cisco IOS Release 12.1(22)EA1

Contents

System Requirements

Hardware Supported

Hardware Not Supported

Software Compatibility

Windows

Solaris

Cluster Compatibility

Downloading Software

Finding the Software Version and Feature Set

Deciding Which Files to Use

Upgrading a Switch by Using CMS

Upgrading a Switch by Using the CLI

Downloading the Software

Copying the Current Startup Configuration from the Switch to a PC or Server

Using the CLI to Upgrade a Catalyst 2950 LRE or Catalyst 2940 Switch

Using the CLI to Upgrade a Catalyst 2955 Switch or Non-LRE Catalyst 2950 Switch

Recovering from Software Failure

Installation Notes

New Features

New Hardware Features

New Software Features

Limitations and Restrictions

Cisco IOS Limitations and Restrictions

LRE Limitations and Restrictions

Cluster Limitations and Restrictions

CMS Limitations and Restrictions

Catalyst 2950 Hardware and Software Compatibility Matrixes

Important Notes

Cisco IOS Notes

CMS Notes

Open Caveats

Open Cisco IOS Caveats

Open CMS Caveats

Resolved Caveats

Cisco IOS Caveats Resolved in Cisco IOS Release 12.1(22)EA1

Cisco IOS Caveats Resolved in Cisco IOS Release 12.1(22)EA2

CMS Caveats Resolved in Cisco IOS Release 12.1(22)EA1

CMS Caveats Resolved in Cisco IOS Release 12.1(20)EA2

Documentation Updates

Additions to the System Messages Guides for All Switches

Addition to the Dynamic Trunking Protocol (DTP) Messages

Addition to the SW_VLAN Messages

Corrections for the Software Configuration Guides and Command References for All Switches

Correction to the Software Configuration Guides for All Switches

Revisions to the Catalyst 2950 and Catalyst 2955 Command Reference

duplex

show controllers utilization

show interfaces

speed

Revisions to the Catalyst 2940 Switch Software Configuration Guide

Configuring Extended-Range VLANs

Extended-Range VLAN Configuration Guidelines

Creating an Extended-Range VLAN

Full-Range of VLAN IDs Supported

Chapter 8, Configuring 802.1x Port-Based Authentication

Revisions to the Catalyst 2940 Command Reference

duplex

show controllers utilization

show interfaces

speed

Corrections and Additions to the Catalyst 2950 Hardware Installation Guide

Quick Setup Chapter

Installation Chapter

Corrections and Additions to the Catalyst 2940 Hardware Installation Guide

Quick Setup Chapter

Overview Chapter

Managing the Switch by Using the Cluster Management Suite Chapter

Related Documentation

Obtaining Documentation

Cisco.com

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco Technical Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Notes for the Catalyst 2955, Catalyst 2950, and Catalyst 2940 Switches, Cisco IOS Release 12.1(22)EA1


Revised April, 2005

Cisco IOS Release 12.1(22)EA1 runs on Catalyst 2955, Catalyst 2950, and Catalyst 2940 switches.

Review the new software features, open caveats, and resolved caveats sections for information specific to your switch. The information in this document refers to all the switches, unless otherwise noted.

These release notes include important information about this release and any limitations, restrictions, and caveats that apply to it. To verify that these are the correct release notes for your switch:

If you are installing a new switch, refer to the Cisco IOS release label on the rear panel of your switch.

If your switch is running, you can use the show version user EXEC command. See the "Finding the Software Version and Feature Set" section.

If you are upgrading to a new release, refer to the software upgrade filename for the Cisco IOS version.

For the complete list of Catalyst 2955, Catalyst 2950, and Catalyst 2940 switch documentation, see the "Related Documentation" section.

You can download the switch software from these sites:

http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml

(for registered Cisco.com users with a login password)

http://www.cisco.com/public/sw-center/sw-lan.shtml

(for nonregistered Cisco.com users)

This release is part of a special release of Cisco IOS software that is not released on the same 8-week maintenance cycle that is used for other platforms. As maintenance releases and future releases become available, they will be posted to Cisco.com (previously Cisco Connection Online [CCO]) in the Cisco IOS software area.

Contents

This information is in the release notes:

"System Requirements" section

"Downloading Software" section

"Installation Notes" section

"New Features" section

"Limitations and Restrictions" section

"Important Notes" section

"Open Caveats" section

"Resolved Caveats" section

"Documentation Updates" section

"Related Documentation" section

"Obtaining Documentation" section

"Documentation Updates" section

"Obtaining Technical Assistance" section

"Obtaining Additional Publications and Information" section

System Requirements

The system requirements for this release are described in these sections:

"Hardware Supported" section

"Hardware Not Supported" section

"Software Compatibility" section

"Cluster Compatibility" section

Hardware Supported

The Catalyst 2950 switch is supported by either the standard software image (SI) or the enhanced software image (EI). The Catalyst 2950 Long-Reach Ethernet (LRE) and Catalyst 2955 switches are supported only by the EI. The Catalyst 2940 switch supports some of the features supported by a Catalyst 2950 switch running the SI.

The EI provides a richer set of features, including access control lists (ACLs), enhanced quality of service (QoS) features, and extended-range VLANs. The enhanced cryptographic software image supports the Secure Shell Version 2 (SSHv2) protocol.

For information about the software releases that support the switches listed in Table 1, see the "Catalyst 2950 Hardware and Software Compatibility Matrixes" section.

Table 1 and Table 2 list the hardware supported by this software release:

Table 1 Catalyst 2940, Catalyst 2950, and Catalyst 2955 Hardware Supported 

Hardware
Software Image
Description

Catalyst 2940-8TT-S

1

8 10/100 Ethernet ports and 1 10/100/1000 Ethernet port

Catalyst 2940-8TF-S

—1

8 10/100 Ethernet ports, 1 SFP2 module slot, and 1 100BASE-FX port

Catalyst 2950-12

SI

12 fixed autosensing 10/100 Ethernet ports

Catalyst 2950-24

SI

24 fixed autosensing 10/100 Ethernet ports

Catalyst 2950C-24

EI

24 fixed autosensing 10/100 Ethernet ports and 2 100BASE-FX ports

Catalyst 2950G-12-EI

EI

12 fixed autosensing 10/100 Ethernet ports and 2 GBIC3 module slots

Catalyst 2950G-24-EI 

EI

24 fixed autosensing 10/100 Ethernet ports and 2 GBIC module slots

Catalyst 2950G-24-EI-DC

EI

24 fixed autosensing 10/100 Ethernet ports and 2 GBIC module slots with DC-input power

Catalyst 2950G-48-EI

EI

48 fixed autosensing 10/100 Ethernet ports and 2 GBIC module slots

Catalyst 2950ST-8 LRE

EI

8 LRE ports, 2 10/100/1000 Ethernet ports4 , and 2 SFP module slots

Catalyst 2950ST-24 LRE

EI

24 LRE ports, 2 10/100/1000 Ethernet ports4, and 2 SFP module slots

Catalyst 2950ST-24 LRE 997

EI

24 LRE ports, 2 10/100/1000 Ethernet ports4, and 2 SFP module slots with DC-input power

Catalyst 2950SX-24

SI

24 fixed autosensing 10/100 Ethernet ports and 2 1000BASE-SX ports

Catalyst 2950SX-48-SI

SI

48 fixed autosensing10/100 Ethernet ports and 2 1000BASE-SX ports

Catalyst 2950T-24

EI

24 fixed autosensing 10/100 Ethernet ports and 2 10/100/1000 Ethernet ports5

Catalyst 2950T-48-SI

SI

48 fixed autosensing 10/100 Ethernet ports and 2 10/100/1000 Ethernet ports

Catalyst 2955C-12

EI

12 fixed autosensing 10/100 ports and 2 MM6 100BASE-FX ports

Catalyst 2955S-12

EI

12 fixed autosensing 10/100 ports and 2 SM7 100BASE-LX ports

Catalyst 2955T-12

EI

12 fixed autosensing 10/100 ports and 2 10/100/1000 Ethernet ports4

1 The Catalyst 2940 switch supports some of the features supported by a Catalyst 2950 switch running the SI.

2 SFP = small form-factor pluggable

3 GBIC = Gigabit Interface Converter

4 The 10/100/1000 ports on a Catalyst 2950 LRE or Catalyst 2955T-12 switch operate at 10 or 100 Mbps in either full- or half-duplex mode and at 1000 Mbps only in full-duplex mode.

5 The 10/100/1000 interfaces on the Catalyst 2950T-24 switch do not support the half keyword in the duplex command.

6 MM = multimode

7 SM = single mode


Table 2 Other Hardware Supported  

Hardware
Software Image
Description

Cisco 575 LRE CPE1

1 fixed 10/100 port

Cisco 576 LRE CPE 997

1 fixed 10/100 port

Cisco 585 LRE CPE

4 fixed 10/100 ports

GBIC modules

1000BASE-SX GBIC

1000BASE-LX/LH GBIC

1000BASE-ZX GBIC

1000BASE-T GBIC (model WS-5483)

CWDM2 fiber-optic GBIC3

DWDM4 fiber-optic GBIC

GigaStack GBIC

Redundant power system

Cisco RPS 300 Redundant Power System

Cisco RPS 675 Redundant Power System

SFP devices

1000BASE-SX SFP module

1000BASE-LX\LH SFP module

1000BASE-ZX SFP module

1000BASE-T SFP module

CWDM

1 CPE = customer premises equipment

2 CDWM = coarse wavelength-division multiplexing

3 This feature is only supported when your switch is running the EI.

4 DWDM = dense wavelength-division multiplexing


Hardware Not Supported

Table 3 lists the hardware that is not supported by this release.

Table 3 Hardware Not Supported

Hardware
Description

GBIC module

1000BASE-T GBIC (model WS-G4582)

Redundant power system

Cisco RPS 600 Redundant Power System


Software Compatibility

For information about the recommended platforms for web-based management, operating systems and browser support, the Cluster Management Suite (CMS) plug-in guidelines, and installation procedures, refer to the "Getting Started with CMS" chapter of the software configuration guide.

Windows

This release uses a CMS plug-in (Windows only) to run CMS. You can download the latest CMS plug-in for Windows from this URL:

http://www.cisco.com/pcgi-bin/Support/ClusterMgmtSuite/cms_plugin_redirect.cgi?platform=windows&version=1.1

Solaris

This release uses a CMS plug-in (Solaris only) that replaces the Java plug-in. You must download the CMS plug-in to run CMS. You can download the latest CMS plug-in for Solaris from this URL:

http://www.cisco.com/pcgi-bin/Support/ClusterMgmtSuite/cms_plugin_redirect.cgi?platform=solaris&version=1.1

Cluster Compatibility

This section describes how to choose command and standby command switches when a cluster consists of a mixture of Catalyst switches. When creating a switch cluster or adding a switch to a cluster, follow these guidelines:

When you create a switch cluster, we recommend configuring the highest-end switch in your cluster as the command switch. Table 4 lists the cluster capabilities and Cisco IOS releases for the switches. The switches are listed from highest- to lowest-end switch.

If you are managing the cluster through CMS, the switch that has the latest software should be the command switch, unless your command switch is running Cisco IOS Release 12.1(19)EA1 or later.

The standby command switch must be the same type as the command switch. For example, if the command switch is a Catalyst 3750 switch, all standby command switches must be Catalyst 3750 switches.

Table 4 Switch Software and Cluster Capability 

Switch
Cisco IOS Release
Cluster Capability

Catalyst 3750

12.1(11)AX or later

Member or command switch

Catalyst 3750 Metro

12.1(14)AX or later

Member or command switch

Catalyst 3560

12.1(19)EA1b

Member or command switch

Catalyst 3550

12.1(4)EA1 or later

Member or command switch

Catalyst 2970

12.1(11)AX or later

Member or command switch

Catalyst 2955

12.1(12c)EA1 or later

Member or command switch

Catalyst 2950

12.0(5.2)WC(1) or later

Member or command switch

Catalyst 2950 LRE

12.1(11)JY or later

Member or command switch

Catalyst 2940

12.1(13)AY or later

Member or command switch

Catalyst 3500 XL

12.0(5.1)XU or later

Member or command switch

Catalyst 2900 XL (8-MB switches)

12.0(5.1)XU or later

Member or command switch

Catalyst 2900 XL (4-MB switches)

11.2(8.5)SA6 (recommended)

Member switch only1

Catalyst 1900 and 2820

9.00(-A or -EN) or later

Member switch only

1 Catalyst 2900 XL (4-MB) switches appear in the front-panel and topology views of the Cluster Management Suite (CMS). However, CMS does not support configuration or monitoring of these switches.


CMS is not forward-compatible on command switches running Cisco IOS Release 12.1(14)EA1 and earlier. This means that if a member switch is running a release that is earlier than the release running on the command switch, the new features are not available on the member switch. If the member switch is a new device running a release that is later than the release on the command switch, the command switch cannot recognize the member switch, and the Front Panel view displays it as an unknown device. You cannot configure any parameters or generate a report through CMS for that member; instead, you must launch the Device Manager application to configure and to obtain reports for that member.

Some versions of the Catalyst 2900 XL software do not support clustering, and if you have a cluster with switches that are running different versions of Cisco IOS software, software features added on the latest release might not be reflected on switches running the older releases. For example, if you start CMS on a Catalyst 2900 XL switch running Cisco IOS Release 11.2(8)SA6, the windows and functionality can be different from a switch running Cisco IOS Release 12.0(5)WC(1) or later.

Downloading Software

Before downloading software, read this section for important information. This section describes these procedures for downloading software:

"Finding the Software Version and Feature Set" section

"Deciding Which Files to Use" section

"Upgrading a Switch by Using CMS" section

"Upgrading a Switch by Using the CLI" section

"Recovering from Software Failure" section

For information about the software releases that support the switches, see the "Catalyst 2950 Hardware and Software Compatibility Matrixes" section.


Note The Catalyst 2950-12 and Catalyst 2950-24 switches cannot be upgraded to Cisco IOS Release 12.1(6)EA2, Cisco IOS Release 12.1(6)EA2a, or Cisco IOS Release 12.1(6)EA2b. They can be upgraded to Cisco IOS Release 12.1(6)EA2c or later.


When you upgrade a switch, the switch continues to operate while the new software is copied to flash memory. If flash memory has enough space, the new image is copied to the selected switch but does not replace the running image until you reboot the switch. If a failure occurs during the copy process, you can still reboot your switch by using the old image. If flash memory does not have enough space for two images, the new image is copied over the existing one. Features provided by the new software are not available until you reload the switch.

If a failure occurs while copying a new image to the switch, and the old image has already been deleted, refer to the "Recovering from Corrupted Software" section in the "Troubleshooting" chapter of the software configuration guide for this release.

For information about upgrading the LRE switch firmware, refer to the "Upgrading LRE Switch Firmware" section in the software configuration guide for this release.


Caution A bootloader upgrade occurs if you are upgrading Catalyst 2950 switches running Cisco IOS Release 12.1(9)EA1d or earlier to Cisco IOS Release 12.1(11)EA1 or later for both cryptographic and noncryptographic images. The bootloader can take up to 30 seconds to upgrade. Do not power cycle the switch while you are copying this image to the switch. If a power failure occurs when you are copying this image to the switch, call Cisco Systems immediately.


Caution Do not power cycle the switch while you are copying an image to the switch. If a power failure occurs while you are copying the software image to the switch, and there are no other images on the switch, refer to the "Troubleshooting" chapter in the software configuration guide for detailed recovery procedures.

Finding the Software Version and Feature Set

The image is stored as a bin file in a directory that is named with the Cisco IOS release. A subdirectory contains the files needed for web management. The image is stored on the system board flash device (flash:).

You can use the show version user EXEC command to see the software version that is running on your switch. In the display, check the line that begins with System image file is. This line shows the directory name in flash memory where the image is stored. A couple of lines below the image name, you see Running Enhanced Image if you are running the EI or Running Standard Image if you are running the SI.

You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.

Deciding Which Files to Use

The upgrade procedures in these release notes describe how to perform the upgrade by using a combined tar file. This file contains both the Cisco IOS image file and the CMS files. You must use the combined tar file to upgrade the switch through the CMS.

The tar file is an archive file from which you can extract files by using the archive tar command.


Note If you are upgrading a non-LRE Catalyst 2950 switch from a release earlier than Cisco IOS Release 12.1(6)EA2, use the tar command instead of the archive tar command.


Table 5 lists the software filenames for this Cisco IOS release.

Table 5 Catalyst 2955, 2950, and Catalyst 2940 Cisco IOS Software Files 

Filename
Description

c2955-i6k2l2q4-tar.121-22.EA1.tar

Catalyst 2955 EI files. This includes the cryptographic Cisco IOS image and the CMS files.

c2955-i6q4l2-tar.121-22.EA1.tar

Catalyst 2955 EI files. This includes the Cisco IOS image and the CMS files.

c2950-i6k2l2q4-tar.121-22.EA1.tar

Catalyst 2950 SI1 and EI files. This includes the cryptographic Cisco IOS image and the CMS files.

c2950-i6q4l2-tar.121-22.EA1.tar

Catalyst 2950 SI and EI files. This includes the Cisco IOS image and the CMS files.

c2950lre-i6k2l2q4-tar.121-22.EA1.tar

Catalyst 2950 LRE EI files. This includes the cryptographic Cisco IOS image and the CMS files.

c2950lre-i6l2q4-tar.121-22.EA1.tar

Catalyst 2950 LRE EI files. This includes the Cisco IOS image and the CMS files.

c2940-i6q4l2-tar.121-22.EA1.tar

Catalyst 2940 files. This includes the Cisco IOS image and the CMS files.

1 Switches that support only the SI cannot run the cryptographic image. For more information, see the SI-only switches listed in Table 1 and the "Cisco IOS Limitations and Restrictions" section.


Upgrading a Switch by Using CMS

You can upgrade switch software by using CMS. From the menu bar, select Administration > Software Upgrade. For detailed instructions, click Help.

Upgrading a Switch by Using the CLI

To upgrade the switch software by using the CLI, see Table 5 to decide which software files that you need, and then follow these procedures in this order:

1. Download the tar files from Cisco.com, as described in the "Downloading the Software" section.

2. Copy the current startup configuration file, as described in the "Copying the Current Startup Configuration from the Switch to a PC or Server" section.

3. Use the CLI to extract the image and the CMS files from the tar file:

If your switch is a Catalyst 2950 LRE or Catalyst 2940 switch, see the "Using the CLI to Upgrade a Catalyst 2950 LRE or Catalyst 2940 Switch" section

If your switch is a Catalyst 2955 or non-LRE Catalyst 2950, switch, see the "Using the CLI to Upgrade a Catalyst 2955 Switch or Non-LRE Catalyst 2950 Switch" section.

Downloading the Software

This procedure is for copying the combined tar file to a switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.

Follow these steps to download the software from Cisco.com to your management station:


Step 1 Download the files from one of these locations:

If you have a SmartNet support contract, go to this URL and log in to download the appropriate files:

http://www.cisco.com/kobayashi/sw-center/sw-lan.shtml

If you do not have a SmartNet contract, go to this URL follow the instructions to register on Cisco.com, and download the appropriate files:

http://www.cisco.com/public/sw-center/sw-lan.shtml

To download the files, click the link for your switch platform, and then follow the links on the page to select the correct tar image file.

Step 2 Use the CLI or web-based interface to perform a TFTP transfer of the file or files to the switch after you have downloaded them to your PC or workstation.

New features provided by the software are not available until you reload the software.


Copying the Current Startup Configuration from the Switch to a PC or Server

When you make changes to a switch configuration, your changes become part of the running configuration. When you enter the command to save those changes to the startup configuration, the switch copies the configuration to the config.text file in flash memory. To ensure that you can recreate the configuration if a switch fails, you might want to copy the config.text file from the switch to a TFTP server.

Beginning in privileged EXEC mode, follow these steps to copy a switch configuration file to the TFTP server.


Step 1 Copy the file in flash memory to the root directory of the TFTP server:

switch# copy flash:config.text tftp

Step 2 Enter the IP address of the device where the TFTP server resides:

Address or name of remote host []? ip_address

Step 3 Enter the name of the destination file (for example, config.text):

Destination filename [config.text]? yes/no

Step 4 Verify the copy by displaying the contents of the root directory on the TFTP server.


Using the CLI to Upgrade a Catalyst 2950 LRE or Catalyst 2940 Switch

Use this procedure for upgrading your Catalyst 2950 LRE or Catalyst 2940 switch by using the archive download-sw privileged EXEC command to automatically extract and download the Cisco IOS image and the CMS files to the switch. The archive download-sw command initiates this process:

It verifies adequate space on the flash memory before downloading the new set of images.

If there is insufficient space on the flash memory to hold both the old and the new images, it deletes the old set of images. The images are always stored in a subdirectory on the flash memory. The subdirectory name is the same as the image release name, for example, flash:/c2940-i6q412-tar.121.20.EA1/

It replaces the old set of images with the new set of images. The set includes the Cisco IOS image and the CMS files and, on Catalyst 2950 LRE switches, the LRE firmware files. You do not have to manually delete the CMS directory from flash memory.

After the new set of files is downloaded, it automatically sets the BOOT environment variable.

If you enter the command with the /reload or the /force-reload option, it automatically reloads the switch after the upgrade.

For further information on this command, see the command reference for this release.

Follow these steps to upgrade the switch software by using a TFTP transfer:


Step 1 If your PC or workstation cannot act as a TFTP server, copy the file to a TFTP server to which you have access.

Step 2 Log into the switch by starting a Telnet session or by connecting to the switch console port through the RS-232 connector.

To start a Telnet session on your PC or workstation, enter this command:

server% telnet switch_ip_address

Enter the Telnet password if you are prompted to do so.

Step 3 Enter privileged EXEC mode:

switch> enable 
switch#

Enter the password if you are prompted to do so.

Step 4 Ensure that you have IP connectivity to the TFTP server by using this privileged EXEC command:

Switch# ping tftp-server-address

For more information about assigning an IP address and default gateway to the switch, refer to the software configuration guide for this release.

Step 5 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by using this privileged EXEC command:

archive download-sw /overwrite /reload tftp:[[//location]/directory]/image-name.tar

The /overwrite option overwrites the software image in flash memory with the downloaded one.


Note You must use the /overwrite option when upgrading a Catalyst 2940 switch.


The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved.

For //location, specify the IP address of the TFTP server.

For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case-sensitive.

This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:

Switch# archive download-sw /overwrite tftp://198.30.20.19/c2940-i612-tar.121-20.EA1.tar

You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.

Your Telnet session ends when the switch reloads.

After the switch reboots, use Telnet to return to the switch, and enter the show version user EXEC command to verify the upgrade procedure. If you have a previously opened browser session to the upgraded switch, close the browser, and start it again to ensure that you are using the latest HTML files.


Using the CLI to Upgrade a Catalyst 2955 Switch or Non-LRE Catalyst 2950 Switch

Use this procedure for upgrading your Catalyst 2955 or non-LRE Catalyst 2950 switch by copying the tar file to the switch. You copy the Cisco IOS image and the CMS files to the switch from a TFTP server and then extract the files by entering the archive tar command, with these results:

Changes the name of the current image file to the name of the new file that you are copying and replaces the old image file with the new one. Perform this step only if you have space available on your switch.

Disables access to the CMS pages and deletes the existing CMS files before the software upgrade to avoid a conflict if users access the web pages during the software upgrade.

Reenables access to the CMS pages after the upgrade is complete.


Caution A bootloader upgrade occurs if you are upgrading Catalyst 2950 switches running Cisco IOS Release 12.1(9)EA1d or earlier to Cisco IOS Release 12.1(11)EA1 or later for both cryptographic and noncryptographic images. The bootloader can take up to 30 seconds to upgrade. Do not power cycle the switch while you are copying this image to the switch. If a power failure occurs when you are copying this image to the switch, call Cisco Systems immediately.

Before downloading the new image, use the dir user EXEC command to confirm that you have enough space on the flash. The new image and HTML files will be slightly larger than the size of the tar file.

If you do not have enough space on the flash for the tar file, delete any old unused IOS images. If that does not free up enough flash space, delete the HTML files.


Caution Do not delete the image that you are currently running on the switch. If the switch fails while downloading the new image, you will need to use this.Follow these steps to upgrade the switch software by using a TFTP transfer:


Step 1 If your PC or workstation cannot act as a TFTP server, copy the file to a TFTP server to which you have access.

Step 2 Log into the switch by starting a Telnet session or by connecting to the switch console port through the RS-232 connector.

To start a Telnet session on your PC or workstation, enter this command:

server% telnet switch_ip_address

Enter the Telnet password if you are prompted to do so.

Step 3 Enter privileged EXEC mode:

switch> enable 
switch#

Enter the password if you are prompted to do so.

Step 4 Remove the CMS files:

switch# delete flash:html/* 

Press Enter to confirm the deletion of each file. Do not press any other keys during this process.

Step 5 Enter this command to copy the new image and the CMS files to flash memory:


Caution In this step, the archive tar command copies the tar file that contains both the image and the CMS files. If you are upgrading from a release earlier than Cisco IOS Release 12.1(6)EA2, use the tar command instead of the archive tar command.

switch# archive tar /x tftp://server_ip_address/path/filename.tar flash: 
Loading /path/filename.tar from server_ip_address (via VLAN1):!) 
extracting info (110 bytes)
extracting c2950-i6q4l2-mz.121-13.EA1c.bin (2239579 bytes)!!!!!!!!!!!!!!!!!!!!
html/ (directory)
extracting html/Detective.html.gz (1139 bytes)!
extracting html/ieGraph.html.gz (553 bytes)
extracting html/DrawGraph.html.gz (787 bytes)
extracting html/GraphFrame.html.gz (802 bytes)!
... 

Depending on the TFTP server being used, you might need to enter only one slash (/) after the server_ip_address in the archive tar command.

Step 6 Display the name of the running (default) image file (BOOT path-list). This example shows the name in italic:

switch# show boot 
BOOT path-list:    flash:current_image 
Config file:       flash:config.text 
Enable Break:      1 
Manual Boot:       no 
HELPER path-list:  
NVRAM/Config file 
buffer size: 32768

Step 7 Enter global configuration mode:

switch# configure terminal 
Enter configuration commands, one per line. End with CNTL/Z. 

Step 8 Enter the boot command with the name of the new image filename:

switch(config)# boot system flash:new_image

For example:

switch(config)# boot system flash:c2950-i6q4l2-mz.121-13.EA1c.bin

Note If the show boot command entered in Step 6 displays no image name, you do not need to enter this command; the switch automatically finds the correct file to use when it resets.


Step 9 Return to privileged EXEC mode:

switch(config)# end

Step 10 Reload the new software with this command:

switch# reload 
System configuration has been modified. Save? [yes/no]:y 
Proceed with reload? [confirm] 

Step 11 Press Return to confirm the reload.

Your Telnet session ends when the switch reloads.

After the switch reboots, use Telnet to return to the switch, and enter the show version user EXEC command to verify the upgrade procedure. If you have a previously opened browser session to the upgraded switch, close the browser, and start it again to ensure that you are using the latest CMS files.


Recovering from Software Failure

If the software fails, you can reload the software. For detailed recovery procedures, refer to the "Troubleshooting" chapter in the software configuration guide for your switch.

Installation Notes

You can assign IP information to your switch by using one of these methods:

The Express Setup program on Catalyst 2950 (including Catalyst 2950 LRE switches) and Catalyst 2940 switches. The Express Setup program is not supported on Catalyst 2955 switches.

Refer to the "Quick Setup" chapter in the Catalyst 2950 and Catalyst 2940 hardware installation guides for more information about Express Setup.

The CLI-based setup program.

This procedure is described in the Catalyst 2955, Catalyst 2950, and Catalyst 2940 hardware installation guides.

The DHCP-based autoconfiguration. Refer to the software configuration guide for your switch.

Manually assigning an IP address. Refer to the software configuration guide for your switch.

New Features

These are the supported hardware and the software features provided in Cisco IOS Release 12.1(22)EA1.

New Hardware Features

For a complete list of supported hardware, see the "Hardware Supported" section.

New Software Features

This release contains these new Catalyst 2940 switch enhancements:

You can configure these new security features:

802.1x with guest VLAN to provide limited services to clients that might not be 802.1x-compliant

802.1x with dynamic VLAN assignment for restricting 802.1x-authenticated users to a specified VLAN

You can specify VLAN IDs in the full 1 to 4094 range allowed by the IEEE 802.1Q standard

You can set up to 12 spanning-tree instances and 12 active VLANs. If more VLANs are defined in the VTP than there are spanning-tree instances, you can enable per-VLAN spanning-tree plus (PVST+) or rapid PVST+ on only 12 VLANs.

You can use the show controllers utilization command to display the bandwidth utilization at the switch and port level.

This release contains these new Catalyst 2940, 2950, and 2955 switch enhancements:

You can configure the duplex setting when the speed is set to auto.

You can specify the speed at which a switch port autonegotiates.

You can verify the speed and duplex settings on a port by entering the show interfaces transceiver properties privileged EXEC command.

For more information about these feature enhancements, see the "Documentation Updates" section.

Limitations and Restrictions

You should review this section before you begin working with the switches. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.


Note These limitations and restrictions apply to all Catalyst 2955, Catalyst 2950, and Catalyst 2940 switches unless otherwise noted.


These are the limitations and restrictions:

"Cisco IOS Limitations and Restrictions" section

"LRE Limitations and Restrictions" section

"Cluster Limitations and Restrictions" section

"CMS Limitations and Restrictions" section

"Catalyst 2950 Hardware and Software Compatibility Matrixes" section

Cisco IOS Limitations and Restrictions

These limitations and restrictions apply to the Cisco IOS configuration:

Root guard is inconsistent when configured on a port that is in the STP blocked state at the time of configuration. (CSCdp85954)

Aging of dynamic addresses does not always occur exactly after the specified aging time elapses. It might take up to three times this time period before the entries are removed from the table. (CSCdr96565)

If the switch gets configured from the dynamic IP pool, a duplicate or different IP address might be assigned.

The workaround is to make sure that the DHCP server contains reserved addresses that are bound to each switch by the switch hardware address so that the switch does not obtain its IP address from the dynamic pool. (CSCds58369)

Internal loopback in half-duplex mode causes input errors. We recommend that you configure the PHY to operate in full duplex before setting the internal loopback. (CSCds20365)

A source-based distribution port group does not share the broadcast with all the group members. When the destination of the packets is a broadcast or unknown unicast or multicast, the packets are forwarded only on one port member of a port group, instead of being shared among all members of the port group. (CSCdt24814)

When you enter the show controllers ethernet-controller interface-id or show interfaces interface-id counters privileged EXEC command, if a large number of erroneous frames are received on an interface, the receive-error counts might be smaller than the actual values, and the receive-unicast frame count might be larger than the actual frame count. (CSCdt27223)

Two problems occur when a switch is in transparent mode:

If the switch is a leaf switch, any new VLANs added to it are not propagated upstream through VTP messages. As a result, the switch does not receive flooded traffic for that VLAN.

If the switch is connected to two VTP servers, it forwards their pruning messages. If the switch has a port on a VLAN that is not requested by other servers through their pruning messages, it does not receive flooded traffic for that VLAN.

There is no workaround. (CSCdt48011)

The receive count output for the show controllers ethernet-controller interface-id privileged EXEC command shows the incoming packets count before the ASIC makes a decision of whether to drop the packet or not. Therefore, for ports in the STP blocking states, even though the receive count shows incoming frames, the packet is not forwarded to the other port. (CSCdu83640)

In some network topologies, when UplinkFast is enabled on all switches and BackboneFast is not enabled on all switches, a temporary loop might be caused when the STP root switch is changed.

The workaround is to enable BackboneFast on all switches. (CSCdv02941)

At times, the Window XP pop-up window might not appear while authenticating a client (supplicant) because the user information is already stored in Windows XP. However, the Extensible Authentication Protocol over LAN (EAPOL) response to the switch (authenticator) might have an empty user ID that causes the 802.1x port to be unauthenticated.

The workaround is to manually re-initiate authentication by either logging off or detaching the link and then reconnecting it. (CSCdv19671)

If two Catalyst 2950 switches are used in a network and if access ports are used to connect two different VLANs whose VLAN IDs are separated by the correct multiple of 64, it is possible to create a situation where the two switches use the same bridge ID in the same spanning-tree instances. This might cause a loss of connectivity in the VLAN as the spanning tree blocks the ports that should be forwarding.

The workaround is to not cross-connect VLANs. For example, do not use an access port to connect VLAN 1 to VLAN 65 on either the same switch or from one switch to another switch. (CSCdv27247)

A command switch might not show the Catalyst 1900, Catalyst 2820, and Catalyst 2900 XL 4-MB (models C2908-XL, C2916M-XL, C2924C-XL, and C2924-XL) switches as candidates even though their management VLAN is the same as the command switch. This occurs only when their management VLAN is not VLAN 1. (CSCdv34505)

You can configure up to 256 Multicast VLAN Registration (MVR) groups by using the mvr vlan group interface configuration command, but only 255 groups are supported on a Catalyst 2950 switch at one time. If you statically add a 256th group, and 255 groups are already configured on the switch, it continues trying (and failing) to add the new group.

The workaround is to set the mode to dynamic for Catalyst 2950 switches that are connected to IGMP-capable devices. The new group can join the multicast stream if another stream is dynamically removed from the group. (CSCdv45190)

A Catalyst 2950 command switch can discover only the first Catalyst 3550 switch if the link between the Catalyst 3550 switches is an 802.1Q trunk and the native VLAN is not the same as the management VLAN of the Catalyst 2950 switch or if the link between the Catalyst 3550 switches is an Inter-Switch Link (ISL) trunk and the management VLAN is not VLAN 1.

The workaround is to connect Catalyst 3550 switches by using the access link on the command switches management VLAN or to configure an 802.1Q trunk with a native VLAN that is the same as the management VLAN of the command switch. (CSCdv49871)

There might be a link on the Fast Ethernet port of the Catalyst 2950 switch when it is forced to 10 Mbps and full-duplex mode and its link partner is forced to 100 Mbps and forced duplex mode. The LED on the Catalyst 2950 switch might display the link, and the error counters might increment.

The workaround is to configure both sides of a link to the same speed or use autonegotiation. (CSCdv62271)

The ip http authentication enable global configuration command is not saved to the configuration file because this is the default configuration. Therefore, this configuration is lost after a reboot.

The workaround is to manually enter the command again after a reboot. (CSCdv67047)

If a stack that has Catalyst 2955, Catalyst 2950, or Catalyst 2940 switches also has Catalyst 2900 XL or Catalyst 3500 XL switches, cross-stack UplinkFast (CSUF) does not function if the management VLAN on the Catalyst 2900 XL or Catalyst 3500 XL switches is changed to a VLAN other than VLAN 1 (the default).

The workaround is to make sure that the management VLANs of all Catalyst 2900 XL or 3500 XL switches in the stack are set to VLAN 1. (CSCdv82224)

If a port is configured as a secure port with the violation mode as restrict, the secure ports might process packets even after maximum limit of MAC addresses is reached, but those packets are not forwarded to other ports. (CSCdw02638)

The discarded frames count of the show controllers ethernet-controller privileged EXEC command output and the ignored count of the show controller ethernet privileged EXEC command output can increment for these reasons:

The source and destination ports are the same.

The spanning-tree state of the ingress port is not in the forwarding state.

Traffic is filtered because of unicast or multicast storms are on the port.

Traffic is dropped because a VLAN has not been assigned by VLAN Query Protocol (VQP).


Note This error occurs only on switches that can run Cisco IOS Release 12.0(5)WC2b or earlier.


There is no workaround. (CSCdw48441)

You can apply ACLs to a management VLAN or to any traffic that is going directly to the CPU, such as SNMP, Telnet, or web traffic. For information on creating ACLs for these interfaces, refer to the "Configuring IP Services" section of the Cisco IOS IP and IP Routing Configuration Guide for Cisco IOS Release 12.1 and the Cisco IOS IP and IP Routing Command Reference for Cisco IOS Release 12.1.

The SSH feature uses a large amount of switch memory, which limits the number of VLANs, trunk ports, and cluster members that you can configure on the switch. Before you download the cryptographic software image, your switch configuration must meet these conditions:

The number of trunk ports multiplied by the number of VLANs on the switch must be less than or equal to 128. These are examples of switch configurations that meet this condition:

If the switch has 2 trunk ports, it can have up to 64 VLANs.

If the switch has 32 VLANs, it can have up to 4 trunk ports.

If your switch is a cluster command switch, it can only support up to eight cluster members.


Note A switch that runs the SI cannot run the cryptographic image. If a cryptographic image is loaded on an SI-only switch, the switch will perform a forced reload.


If your switch has a saved configuration that does not meet the previous conditions and you upgrade the switch software to the cryptographic software image, the switch might run out of memory. If this happens, the switch does not operate properly. For example, it might continuously reload.

If the switch runs out of memory, this message appears:

%SYS-2-MALLOCFAIL: Memory allocation of (number_of_bytes) bytes failed ...

The workaround is to check your switch configuration and ensure that it meets the previous conditions. (CSCdw66805)

When you use the policy-map global configuration command to create a policy map, and you do not specify any action for a class map, the association between that class map and policy map is not saved when you exit policy-map configuration mode.

The workaround is to specify an action in the policy map. (CSCdx75308)

When the Internet Group Management Protocol (IGMP) Immediate Leave is configured, new ports are added to the group membership each time a join message is received, and ports are pruned (removed) each time a leave message is received.

If the join and leave messages arrive at high rate, the CPU can become busy processing these messages. For example, the CPU usage is approximately 50 percent when 50 pairs of join and leave messages are received each second. Depending on the rate at which join and leave messages are received, the CPU usage can go very high, even up to 100 percent, as the switch continues processing these messages.

The workaround is to only use the Immediate Leave processing feature on VLANs where a single host is connected to each port. (CSCdx95638)

A switch does not use the default gateway address in the DHCP offer packet from the server during automatic-install process.

The workaround is to manually assign an IP address to the switch. (CSCdy08716)

In a Remote Switched Port Analyzer (RSPAN) session, if at least one switch is used as an intermediate or destination switch and if traffic for a port is monitored in both directions, traffic does not reach the destination switch. (CSCdy38476)

These are the workarounds:

Use a Catalyst 3550 or Catalyst 6000 switch as an intermediate or destination switch.

Monitor traffic in only one direction if a Catalyst 2950 switch is used as an intermediate or destination switch.

If you assign a nonexistent VLAN ID to a static-access EtherChannel by setting the ciscoVlanMembershipMIB:vmVlan object, the switch does not create the VLAN in the VLAN database. (CSCdy65850)

When you configure a dynamic switch port by using the switchport access vlan dynamic interface configuration command, the port might allow unauthorized users to access network resources if the interface changes from access mode to trunk mode through Dynamic Trunking Protocol (DTP) negotiation.

The workaround is to configure the port as a static access port. (CSCdz32556)

The output from the show stack privileged EXEC command might show a large number of false interrupts.

There is no workaround. The number of interrupts does not affect the switch functionality. (CSCdz34545)

If you configure a static secure MAC address on an interface before enabling port security on the interface, the same MAC address is allowed on multiple interfaces. If the same MAC address is added on multiple ports before enabling port security and port security is later enabled on those ports, only the first MAC address can be added to the hardware database. If port security is first enabled on the interface, the same static MAC address is not allowed on multiple interfaces. (CSCdz74685)

In Cisco IOS Release 12.1(13)EA1 or later, these are the default settings for a IP Phone connected to a switch:

The port trust state is to not trust the priority of frames arriving on the IP Phone port from connected devices.

The CoS value of incoming traffic is overwritten and set to zero. (CSCdz76915)

If you press and hold the spacebar while the output of any show user EXEC command is being displayed, the Telnet session is stopped, and you can no longer communicate with the management VLAN. (CSCea12888)

These are the workarounds:

Enter the show commands from privileged EXEC mode, and use this command to set the terminal length to zero:

switch# terminal length 0

Open a Telnet session directly from a PC or workstation to the switch.

Do not hold down the spacebar while scrolling through the output of a show user EXEC command. Instead, slowly press and release the spacebar.

When you connect a switch to another switch through a trunk port and the number of VLANs on the first switch is lower than the number on the connected switch, interface errors are received on the management VLAN of the first switch.

The workaround is to match the configured VLANs on each side of the trunk port. (CSCea23138)

When you enable Port Fast on a static-access port and then change the port to dynamic, Port Fast remains enabled. However, if you change the port back to static, Port Fast is disabled.

The workaround is to configure Port Fast globally by using the spanning-tree portfast global configuration command. (CSCea24969)

When a switch sends a system message to an external syslog server, the switch adds a sequence number to the system message. (CSCea26598)

When using the SPAN feature, the monitoring port receives copies of sent and received traffic for all monitored ports. If the monitoring port is oversubscribed, it will probably become congested. This might also affect how one or more of the monitored ports forwards traffic.

When a 10/100 switch port is connected to a 10/00 port on a hub and another 10/100 port on the hub is connected to a 10/100 port on another switch, when one of the switches restarts, the link state might change from down to up, and these messages might appear:

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Then the switch that restarted does not forward traffic until the spanning-tree state enters the forwarding state. This can occur on a switch running Cisco IOS Release 12.1(13)EA1 or later. (CSCea47230)

A Fast Ethernet port that has been configured at 10 Mbps might stay linked up or flap after the device to which it has been linked has been shut down.

The workaround is to enter the shutdown and then the no shutdown interface configuration commands on the interface. (CSCeb36925)

After a topology change in STP, some terminals connected to the management VLAN can transfer data because the affected switch ports start forwarding before they move to the forwarding state.


Note If the terminal does not belong to management VLAN, this failure does not occur.


The workaround is to place the ports in static-access mode for a single VLAN, if the topology supports this configuration. (CSCec13986)

When you use only Catalyst 2950 switches for RSPAN, you cannot monitor traffic in the receive (Rx) direction. You can only monitor traffic in the transmit (Tx) direction.

There is no workaround. (CSCed19922)

When connected to some third-party devices that send early preambles, a switch port operating at 100 Mbps full duplex or 100 Mbps half duplex might bounce the line protocol up and down. The problem is observed only when the switch is receiving frames.

The workaround is to configure the port for 10 Mbps and half duplex or to connect a hub or a nonaffected device to the switch. (CSCed39091)

If a switch receives STP packets and non-STP packets that have a CoS value of 6 or 7 and all of these packets belong to the same management VLAN, a loop might occur. (CSCed88622)

These are the workarounds:

Change the CoS value of the non-STP packets to a value other than 6 or 7.

If the CoS value of the non-STP packets must be 6 or 7, configure these packets to belong to a VLAN other than the management VLAN.

Certain combinations of features and switches create conflicts with the port security feature. In Table 6, No means that port security cannot be enabled on a port on the referenced switch if the referenced feature is also running on the same port. Yes means that both port security and the referenced feature can be enabled on the same port on a switch at the same time. A dash means not applicable.

Table 6 Port Security Incompatibility with Other Switch Features 

 
Catalyst 2940
Catalyst 2950 and Catalyst 2955
Catalyst 2970
Catalyst 3550
Catalyst 3560 and Catalyst 3750

DTP1 port2

No

No

No

No

No

Trunk port

No

No

Yes

Yes

Yes

Dynamic-access port3

No

No

No

No

No

Routed port

No

No

SPAN source port

Yes

Yes

Yes

Yes

Yes

SPAN destination port

No

No

No

No

No

EtherChannel

No

No

No

No

No

Tunneling port

Yes

Protected port

Yes

Yes

Yes

Yes

Yes

802.1x port

Yes4

Yes

Yes

Yes

Voice VLAN port5

Yes

Yes

Yes

Yes

Yes

Private VLAN port

No6

IP source guard

Yes6

Dynamic ARP7 inspection

Yes6

Flex Links

Yes

Yes

1 DTP = Dynamic Trunking Protocol

2 A port configured with the switchport mode dynamic interface configuration command.

3 A VLAN Query Protocol (VQP) port configured with the switchport access vlan dynamic interface configuration command.

4 The switch must be running the enhanced software image (EI).

5 You must set the maximum allowed secure addresses on the port to two plus the maximum number of secure addresses allowed on the access VLAN.

6 The switch must be running the enhanced multilayer image (EMI).

7 ARP = Address Resolution Protocol


LRE Limitations and Restrictions

These limitations only apply to Catalyst 2950 LRE switches:

VLAN-tagged packets from multiple VLANs with the same source MAC address that are received on different Cisco 585 LRE CPE Ethernet ports create a single MAC address entry (ingress port entry). Any network designed with the assumption that MAC addresses are maintained per VLAN does not work.

There is no workaround. The Ethernet port on the Cisco 585 LRE CPE does not support VLANs. All the ports are assumed to be in the same VLAN. (CSCdx03708)

Maximum-sized ISL frames (frames between 1537 and 1544 bytes) are discarded by the CPE device on ingress interfaces. Some chips and switches on the CPE device support a maximum frame size of 1536 bytes, which causes any maximum-sized ISL frames coming into the CPE from an end device or from an LRE switch to be discarded.

There is no workaround. You must ensure that the network does not send ISL tagged frames of sizes between 1537 and 1544 bytes to an LRE switch. (CSCdx25940)

The system runs out of memory and fails after too many RMON buckets are requested.

There is no workaround; only 1000 buckets per interface are supported. (CSCdy38390)

The flow control autonegotiation settles in the incorrect outcome if you use a Cisco-made 1000BASE-T GBIC with any switch not listed in Table 1 of the 1000BASE-T GBIC Switch Compatibility Matrix:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/1000gbic/1000comp.htm.

The workaround is to use the Cisco 1000BASE-T GBIC only with compatible switches. (CSCdy53369)

The flash memory write operation is slower on LRE switches than on non-LRE switches. (CSCdy55897)

The Cisco 585 LRE CPE has four Fast Ethernet ports. When the CPE is connected to an LRE switch, the default value for the maximum number of secure MAC addresses is 1. You can use the show port-security command to display the current maximum value.

The workaround is to use the switchport port-security maximum value interface configuration command to change the default value. For interfaces connected to Cisco 575 LRE and Cisco 576 LRE 997 CPEs, the default value can be 1. For interfaces connected to Cisco 585 LRE CPEs, the value can be 5 because the CPE has four Fast Ethernet ports and one additional MAC address. (CSCdy73748)

The Cisco 575 LRE or the Cisco 576 LRE 997 CPE does not support all of the Fast Ethernet statistics displayed by the show controllers ethernet-controller longreachethernet interface-id cpe command. The Cisco 585 LRE CPE supports all the LRE and CPE Fast Ethernet statistics.

There is no workaround. These CPE Fast Ethernet statistics are supported by the Cisco 575 LRE CPE and the Cisco 576 LRE 997 CPE (CSCdy89348):

1 Transmit receive 0 bytes 
0 Bytes 
0 Unicast frames 
0 Broadcast frames
0 Pause frames
0 Alignment errors
0 One collision frames
0 Multiple collisions 
0 Undersize frames 
0 Late collisions 
0 Oversize frames 
0 Excess collisions 
0 FCS errors
0 Deferred frames

When the entPhysicalTable object is retrieved, the copper physical entry is not included.

There is no workaround. (CSCdz06748)

When an 802.1x protocol-enabled client attempts to connect to a Catalyst 2950 LRE switch through a Cisco 585 LRE CPE with 802.1x configured on a port, the client cannot be authenticated. This problem does not affect the Cisco 575 LRE CPE or the Cisco 576 LRE 997 CPE. The show dot1x interface interface configuration command displays the port state as unauthorized. (CSCdz22965)

When a Fast Ethernet port on a Cisco 585 LRE CPE is in half-duplex mode and the rate at which the port receives packets is higher than rate at which it can forward packets, the Pause Frames counter for the CPE port increments.

There is no workaround. (CSCea41362)

On a Catalyst 2950 LRE switch running Cisco IOS Release 12.1(11)YJ4 or later, a Cisco 575 LRE CPE or a Cisco 576 LRE 997 CPE that does not have an LRE link but is connected to a remote device through the Ethernet link might see repeated flaps on the Ethernet link. This does not occur on a Cisco 585 LRE CPE. (CSCeb01097)

When a Cisco Catalyst 2950 LRE running Cisco IOS 12.1(14)EA1 or Cisco IOS 12.1(11)YJ is connected to Cisco 575 LRE CPE, the Fast Ethernet link on the CPE port fails to activate if you change the CPE speed setting from 10 to 100 Mbps while the CPE duplex mode is set to half or full.

The workaround is to reset the CPE port by using the cpe shutdown followed by the no cpe shutdown interface configuration command. This activates the Fast Ethernet link on the CPE port. (CSCeb35007)

Cluster Limitations and Restrictions

These limitations and restrictions apply to the cluster configuration:

When a cluster of switches have Network Time Protocol (NTP) configured, the command switch is not synchronized with the rest of the switches. (CSCdz88305)

When the active switch fails in a switch cluster that uses Hot Standby Routing Protocol (HSRP) redundancy, the new active switch might not contain a full cluster member list.

The workaround is to ensure that the ports on the standby cluster members are not in the STP blocking state. Refer to the "Configuring STP" chapter in the software configuration guide for information about verifying port status. (CSCec31495)

CMS Limitations and Restrictions

These limitations apply to the Catalyst 2955, 2950, and 2940 switches:

CMS performance degrades if the Topology View is open for several hours on a Solaris machine. The cause might be a memory leak.The workaround is to close the browser, reopen it, and launch CMS again. (CSCds29230)

If you are printing a Topology View or Front Panel View that contains many devices and are running Solaris 2.6 with JDK1.2.2, you might get an Out of Memory error message. The workaround is to close the browser, re-open it, and launch CMS again. Before you perform any other task, open the view that you want to print, and click Print in the CMS menu. (CSCds80920)

A red border appears around the text-entering area of some CMS dialogs. The color of the border changes to green when text is entered. This is only a cosmetic error. The colored border does not prevent you from entering text. (CSCdv82352)

You cannot switch modes (for example, from Guide Mode to Expert Mode) for an open CMS window. The workaround is to close the open window, select the mode that you want, and then reopen the CMS window. For the mode change to take effect on any other CMS window that is open, you need to close that window and then reopen it after you select the new mode. (CSCdw87550)

If you open a window in which you can enter text, open another window, and return to the first window, right-clicking in the text field might make the cursor in this field disappear. You can still enter text in the field. (CSCdy44189)

CMS fails when a switch is running the cryptographic software image and the vty lines have been configured to use only SSH using the transport input ssh and line vty 0 15 global configuration commands. The workaround is to allow SSH and Telnet access through the vty lines by using the transport input ssh telnet and line vty 0 15 global configuration command. (CSCdz01037)

When you add a new member with a username and password that is different from the existing cluster member usernames and passwords, CMS produces an exception error because of an authentication failure. The workaround is to add the new member without any username and password. When the new member is added to the cluster, remove the existing username and password from the Username and Password fields, enter a new username and password, and then apply it to all cluster members. (CSCdz07957)

When the Link Graphs application has run for hours displaying packet drop and error information, sometimes the X-axis crosses the Y-axis at a negative y value instead of at y = 0. This condition occurs with all supported operating systems, browsers, and Java plug-ins. There is no workaround. (CSCdz32584)

After you click Apply or Refresh in the Simple Network Management Protocol (SNMP) window, the window size changes. (CSCdz75666, CSCdz84255)

When you enable log scaling for Link Graphs, the Y-axis scale becomes illegible. There is no workaround. (CSCdz81086)

The CMS window does not return to full size after resizing the browser when you are using Netscape version 6.xx on Solaris and Linux. This is a Netscape browser problem. There is no workaround. (CSCea01179)

CMS sometimes halts after you click Apply when using Netscape 4.7 on the Japanese version of Windows 98 or Windows ME. The workaround is to use Microsoft Internet Explorer or Netscape 6.0 or later. (CSCea27408)

Changing the password or current authentication while CMS is running causes HTTP requests to fail. The workaround is to close all browser sessions and then relaunch CMS. (CSCeb33995)

The CMS plug-in is not supported in Netscape 4.7x. The workaround is to use a supported browser, such as Netscape 7.1 or Internet Explorer 5.5 or 6.0. (CSCed21655)

When TACACS authentication is only enabled on a command switch, member switches cannot be configured. The workaround is to enable TACACS authentication on the member switches. (CSCed27723)

If an ACL is deleted from a device, all QoS classes that use this ACL for traffic classification become unusable (only on Catalyst 2970 and 3750 switches). The modification of these classes to use any other traffic classification (match statement) fails. The workaround is to delete the QoS class that uses the undefined ACL and then recreate it with the intended traffic classification (match statement). (CSCed40866)

When an Open Shortest Path First (OSPF) summary address is added for a 10.x.x.x network, a Windows exception error sometimes occurs.

The workaround is to add the address by using the router ospf <process-id>, area <area-id>, and range <address> <mask> configuration commands. (CSCed87031)

The Telnet link on the TOOLS page (select TOOLS from the switch home page) does not work on Solaris systems.

There is no workaround. (CSCee11710)

A Java exception error occurs when CMS is in read-only mode and you launch the Port Settings dialog. This only occurs on Catalyst 2900 XL, 3500 XL, and 2950 LRE switches.

The workaround is to open the Port Settings dialog with CMS in read-write mode. (CSCee25870)

Host names and Domain Name System (DNS) server names that contain commas on a cluster command switch, member switch, or candidate switch can cause CMS to behave unexpectedly. You can avoid this instability in the interface by not using commas in host names or DNS names. Do not enter commas when also entering multiple DNS names in the IP Configuration tab of the IP Management window in CMS.

Access control entries (ACEs) that contain the host keyword precede all other ACEs in standard ACLs. You can reposition the ACEs in a standard ACL with one restriction: No ACE with the any keyword or a wildcard mask can precede an ACE with the host keyword.

Catalyst 2950 Hardware and Software Compatibility Matrixes

Some Catalyst 2950 switches are not supported by certain software releases.

Table 7 lists the Catalyst 2950-12, 2950-24, 2950C-24, and 2950T-24 switches and the software releases supporting them. The serial numbers are on the switch rear panel. In this table, Yes means that the switch is supported by the software release; No means that the switch is not supported by the release.

The Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, and 2950G-48-EI switches are supported by Cisco IOS Release 12.1(6)EA2 or later.

The Catalyst 2950SX-24 switches are supported by Cisco IOS Release 12.1(9)EA1d or later.

The Catalyst 2955 switches are supported by Cisco IOS Release 12.1(12c)EA1 or later.

The Catalyst 2950ST-8 LRE and 2950ST-24 LRE switches are supported by Cisco IOS Release 12.1(11)YJ or later.

The Catalyst 2950ST-24 LRE 997 switches are supported by Cisco IOS Release 12.1(11)YJ4 or later.

Table 7 Catalyst 2950-12, 2950-24, 2950C-24, and 2950T-24 Switches 

Hardware
Serial Number
Cisco IOS Release 12.0(5)WC2b or Earlier
Cisco IOS Release 12.1(6)EA2, Cisco IOS Release 12.1(6)EA2a, and Cisco IOS Release 12.1(6)EA2b
Cisco IOS Release 12.1(6)EA2c
Cisco IOS Release 12.1(9)EA1 or Later

Catalyst 2950-12

Any serial number beginning with FAA or FAB

Yes

No

Yes

Yes

Lower than FOC0616W1H6 or
FHK0616W34M

Yes

No

Yes

Yes

FOC0616W1H6, FHK0616W34M, or higher

No

No

Yes

Yes

Catalyst 2950-24

Any serial number beginning with FAA or FAB

Yes

No

Yes

Yes

Lower than FOC0616Z1ZM or FHK0617Y0N3

Yes

No

Yes

Yes

FOC0616Z1ZM, FHK0617Y0N3,
or higher

No

No

Yes

Yes

Catalyst 2950C-24

Any serial number beginning with FAA or FAB

Yes

Yes

Yes

Yes

Lower than FOC0616TOJH or FHK0617W0YA

Yes

Yes

Yes

Yes

FOC0616TOJH, FHK0617W0YA,
or higher

No

No

Yes

Yes

Catalyst 2950T-24

Any serial number beginning with FAA or FAB

Yes

Yes

Yes

Yes

Lower than FOC0617X11P or FHK0617Y1M2

Yes

Yes

Yes

Yes

FOC0617X11P, FHK0617Y1M2,
or higher

No

No

Yes

Yes


The Cisco LRE CPE devices are not supported by certain Catalyst 2950 LRE switches. In Table 8, Yes means that the CPE is supported by the switch; No means that the CPE is not supported by the switch.

Table 8 LRE Switch and CPE Compatibility Matrix

LRE Devices
Catalyst 2950ST-8 LRE switch
Catalyst 2950ST-24 LRE switch
Catalyst 2950ST-24 LRE 997 switch

Cisco 575 LRE CPE

Yes

Yes

No

Cisco 576 LRE 997 CPE

No

No

Yes

Cisco 585 LRE CPE

Yes

Yes

No


Important Notes


Note These important notes apply to all Catalyst 2955, Catalyst 2950, and Catalyst 2940 switches unless otherwise noted.


This section describes important information related to this release. These sections are included:

"Cisco IOS Notes" section

"CMS Notes" section

Cisco IOS Notes

These notes applies to Cisco IOS configuration:

In Cisco IOS Release 12.1(14)EA1, the implementation for 802.1x changed from the previous release. Some global configuration commands became interface configuration commands, and new commands were added.

If you have 802.1x configured on the switch and you upgrade to Cisco IOS Release 12.1(14)EA1 or later, the configuration file will not contain the new commands, and 802.1x will not operate. After the upgrade is complete, make sure to globally enable 802.1x by using the dot1x system-auth-control global configuration command. For more information, refer to the software configuration guide for this release.

When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to 2 plus the maximum number of secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP Phone, the IP phone requires up to two MAC addresses. The IP address of the phone is learned on the voice VLAN, and it might or might not be learned on the access VLAN. Connecting a PC to the IP phone requires additional MAC addresses.

IGMP filtering controls only group specific query and membership reports, including join and leave reports. It does not control general IGMP queries.

The management interface configuration command is not supported in Cisco IOS Release 12.1(6)EA2 or later. To shut down the current management VLAN interface and to enable the new management VLAN interface, use the shutdown and no shutdown interface configuration commands. Refer to the Catalyst 2950 and Catalyst 2955 Switch Command Reference for information about using the shutdown interface configuration command.

When an 802.1x-authenticated client is disconnected from an IP phone, hub, or switch and does not send an EAPOL-Logoff message, the switch interface does not change to the unauthorized state. If this happens, it can take up to 60 minutes for the interface to change to the unauthorized state when the re-authentication time is the default value (3600 seconds).

The workaround is to change the number of seconds between re-authentication attempts by using the dot1x timeout re-authperiod seconds global configuration command. (CSCdz38483)

The guest VLAN might not assign a DHCP address to some clients. This is a problem with the 802.1x client, not with the switch.

The workaround is to either release and renew the IP address or to change the default timers. These examples show typical interface timer changes:

dot1x timeout quiet-period 3

dot1x timeout tx-period 5

CMS Notes

These notes apply to CMS configuration:

If you use CMS on Windows 2000, it might not apply configuration changes if the enable password is changed from the CLI during your CMS session. You have to restart CMS and enter the new password when prompted. Platforms other than Windows 2000 prompt you for the new enable password when it is changed.

CMS does not display QoS classes that are created through the CLI if these classes have multiple match statements. When using CMS, you cannot create classes that match more than one match statement. CMS does not display policies that have such classes.

If you use Internet Explorer Version 5.5 and select a URL with a nonstandard port at the end of the address (for example, www.cisco.com:84), you must enter http:// as the URL prefix. Otherwise, you cannot launch CMS.

Within an ACL, you can change the sequence of ACEs that have the host keyword. However, because such ACEs are independent of each other, the change has no effect on the way the ACL filters traffic.

If you have a proxy server configured on your web browser, CMS can run slowly and take 2 to 3 minutes to process each command that is entered.

If you use the Netscape browser to view the CMS GUI and you resize the browser window while CMS is initializing, CMS does not resize to fit the window.

The workaround is to resize the browser window again when CMS is not busy.

In the Front Panel view or Topology view, CMS does not display error messages in read-only mode for these switches:

Catalyst 2900 XL or Catalyst 3500 XL member switches running Cisco IOS Release 12.0(5)WC2 or earlier

Catalyst 2950 member switches running Cisco IOS Release 12.0(5)WC2 or earlier

Catalyst 3550 member switches running Cisco IOS Release 12.1(6)EA1 or earlier

In the Front Panel view, if the switch is running one of the software releases listed previously, the device LEDs do not appear. In Topology view, if the member is an LRE switch, the CPE devices that are connected to the switch do not appear. The Bandwidth and Link graphs also do not appear in these views.

Open Caveats

These are the open caveats in this release:

"Open Cisco IOS Caveats" section

"Open CMS Caveats" section


Note All open caveats listed in these sections apply to the Catalyst 2955, Catalyst 2950, and Catalyst 2940 switches unless otherwise noted.


Open Cisco IOS Caveats

These are the open Cisco IOS configuration caveats:

CSCdx95501

When a community string is assigned by the cluster command switch, you cannot get any dot1dBridge MIB objects by using a community string with a VLAN entity from a cluster member switch.

The workaround is to manually add the cluster community string with the VLAN entity on the member switches for all active VLANs shown in the show spanning-tree summary display. This is an example of such a change, where cluster member 3 has spanning-tree on vlan 1-3 and the cluster commander community string is public@es3.

Switch(config)#snmp community public@es3@1 RO 
Switch(config)#snmp community public@es3@2 RO 
Switch(config)#snmp community public@es3@3 RO 

CSCeb55987

When UplinkFast is configured on a Catalyst 2950 or Catalyst 3550 switch, the MAC address of the switch is not forwarded to the uplink switch through the new link. This temporarily interrupts communication with the management VLAN and delays convergence of UplinkFast.

There is no workaround.

CSCec55455

When a Catalyst 2950 is connected through a 100BASE-FX port to a media converter, it does not link up after being reloaded. You have to cycle power to the media converter to establish the link. This problem does not occur when the other device is a Catalyst 2950T or 3458-XL switch.

There is no workaround.

CSCed11617

On specified ingress ports on a Catalyst 2950 switch, DSCP values are not marked correctly.

There is no workaround.

CSCed46781

When the transmit period is configured to be greater than the quiet period, users can access a guest VLAN even though authentication of 802.1 x fails.

Workaround: Do not configure the transmit period to be greater than the quiet period.

CSCed87243

If the VTP password is configured but the VTP domain name is not configured and if the switch reloads twice, the switch does not retain the VLAN information.

Use one of these workarounds:

Delete the vlan.dat file, which deletes the VTP password.

Delete the VTP password by using the no vtp password global configuration command.

Assign a VTP domain name.

CSCed95103

If a 10/100/1000 port on a Catalyst 2950 switch is configured for 100 Mbps and full duplex and you change the flow-control configuration on the interface, the show interfaces privileged EXEC command output incorrectly shows the speed and duplex settings as 100 Mbps and half duplex. The show controllers privileged EXEC command output correctly shows the speed and duplex settings (100 Mbps and full duplex).

The workaround is to set the speed and duplex to autonegotiate.

CSCee57059

When you shut down the 100BASE-FX port on the Catalyst 2950 switch, the upstream switch does not detect loss of link and line protocol stays up/up.

There is no workaround to the issue itself. However aggressive mode UDLD can be used when suitable.

Open CMS Caveats

These are the open severity 3 CMS configuration caveats:

CSCed39693

When there are Catalyst 2950 and 2955 devices in a cluster, if you launch the QoS Queue Window to configure the devices and then try to view the settings for other devices by using the device selection menu, CMS halts after 20 to 30 selections.

The workaround is to close and then restart CMS.

CSCed88494

When you change the Spanning Tree Protocol (STP) mode from Rapid PVST+ to PVST+, a Java OutOfBoundsException error sometimes appears.

There is no workaround. The new STP mode is still configured even if the error message appears.

CSCee06206

When a Catalyst 3750 stack member leaves or joins the switch stack, the entire stack disappears from the Topology View. Only the stack member that has left the stack should disappear from the Topology view.

There is no workaround.

CSCee06244

When you select a remote device from the VLAN menu, the displayed table sometimes does not show all the connected links between the device selected in the Host Name and the Remote Device lists. This can also occur when you add a new device to a cluster and then open VLAN menu.

This is the workaround:

1. Click Refresh on the CMS toolbar two or three times, or select View > Refresh two or three times.

2. Click Refresh in VLAN Window.

CSCee15761

The Device Manager Launch button does not work for Catalyst 1900 and 2820 switches.

The workaround is to launch Device Manager for these devices outside of CMS by opening a new browser and manually entering the URL for the switch.

CSCee26671

When you click Refresh in the Stack Settings dialog, the latest information switch cluster does not appear.

The workaround is to close and then to reopen the Stack Settings dialog.

Resolved Caveats

These are the caveats that were resolved in this release:

"Cisco IOS Caveats Resolved in Cisco IOS Release 12.1(22)EA1" section

"Cisco IOS Caveats Resolved in Cisco IOS Release 12.1(22)EA2" section

"CMS Caveats Resolved in Cisco IOS Release 12.1(22)EA1" section

"CMS Caveats Resolved in Cisco IOS Release 12.1(20)EA2" section


Note All resolved caveats listed in these sections apply to the Catalyst 2955, Catalyst 2950, and Catalyst 2940 switches unless otherwise noted.


Cisco IOS Caveats Resolved in Cisco IOS Release 12.1(22)EA1

This Cisco IOS caveat was resolved in this release:

CSCea69056

The link no longer fails to activate when 10/100-Mbps ports are interconnected through media converters and 100BASE-FX media.

CSCed65285

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities.

Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml

CSCed65778

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.

Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml

CSCed76396

If you shut down the default management VLAN and configure another VLAN as the management VLAN, the output from the show ip aliases privileged EXEC command shows the correct IP address information.

CSCee41143

If you use the deny MAC access list configuration command to manually configure a MAC ACL, the MAC address list remains intact.

CSCee50402

When the 10/100 interfaces on a 2940 Catalyst switch are oversubscribed, packets are no longer dropped. Performance is improved on UDP-based applications that are running on TCP/IP.

CSCef01317

When outbound traffic exceeds interface speed, egress queuing is not supported on the Catalyst 2940 switch.

There is no workaround.

Cisco IOS Caveats Resolved in Cisco IOS Release 12.1(22)EA2

These Cisco IOS caveats were resolved in release:

CSCec11178

When you upgrade a Catalyst 2940 switch running Cisco IOS Release 12.1(13)AY, or downgrade a Catalyst 2940 switch to Cisco IOS Release 12.1(13)AY, the archive download-sw privileged EXEC command now works.

CSCed01591

You can now obtain VLAN statistics information from clustered switches.

CSCed10401

On a Catalyst 2950 or 2940 switch, these MIB entries no longer contain invalid characters:

entPhysicalHardwareRev
entPhysicalSerialNum

The switch can now be added to the CiscoWorks Resource Manager Essentials (RME) database.

CSCed11715

On a Catalyst 2950 switch, initiating a ping by using the CISCO-PING-MIB interface no longer returns an error message.

CSCed14768

When you create an RSPAN source session and the reflector port is configured on a port number higher than 24, the RSPAN session now works.

CSCed25122

The output from the show interfaces interface-id privileged EXEC command now shows the correct media types for the SFP modules.

CSCed54175

The switch now accepts duplicate remark statements in named ACLs.

CSCed87223

When port security is enabled on an interface and the interface receives IGMP packets, the switch now learns the secure MAC address of the connected device. If the interface receives other types of packets, such as ICMP packets, the switch also learns the secure MAC address of the connected device.

CMS Caveats Resolved in Cisco IOS Release 12.1(22)EA1

These severity 3 CMS caveats were resolved in this release:

CSCee26637

When you open the Port Settings dialog for a Power-over-Ethernet (PoE) switch that is a member of a switch stack and the stack master is not a PoE switch, a Java exception error no longer occurs.

CSCec61919

When a switch cluster has only one member switch and that member switch is down, CMS now displays the Remove From Cluster option.

CMS Caveats Resolved in Cisco IOS Release 12.1(20)EA2

These severity 3 CMS caveats were resolved in this release:

CSCec18805

In the IP Multicast Wizard, multicast-enabled member devices are now correctly listed in the Enabled Multicast list box instead of in the Current Candidate list box.

CSCed34582

The Front Panel View now correctly displays the port LEDs.

Documentation Updates

This section provides updates to the product documentation. These changes will be included in the next documentation revisions.

"Additions to the System Messages Guides for All Switches" section

"Corrections for the Software Configuration Guides and Command References for All Switches" section

"Correction to the Software Configuration Guides for All Switches" section

"Revisions to the Catalyst 2950 and Catalyst 2955 Command Reference" section

"Revisions to the Catalyst 2940 Switch Software Configuration Guide" section

"Revisions to the Catalyst 2940 Command Reference" section

"Corrections and Additions to the Catalyst 2950 Hardware Installation Guide" section

"Corrections and Additions to the Catalyst 2940 Hardware Installation Guide" section

Additions to the System Messages Guides for All Switches

These system messages are new for this release:

"Addition to the Dynamic Trunking Protocol (DTP) Messages" section

"Addition to the SW_VLAN Messages" section

Addition to the Dynamic Trunking Protocol (DTP) Messages

Error Message    DTP-5-DOMAINMISMATCH: Unable to perform trunk negotiation on port 
[chars] because of VTP domain mismatch. 

Explanation    The two ports involved in trunk negotiation belong to different VTP domains. Trunking is possible only when the ports involved belong to the same VTP domain. [chars] is the name of the interface.

Recommended Action    Ensure that the two ports that are involved in trunk negotiation belong to the same VTP domain.

Addition to the SW_VLAN Messages

Error Message    SW_VLAN-4-VTP_SEM_BUSY: VTP semaphore is unavailable for function 
[chars]. Semaphore locked by [chars].

Explanation    This message means that the VTP database is currently locked by another task and is not available. Retry the operation later. [chars] is the name of the function that has locked the VTP database.

Recommended Action    Find out more about the error by using the show tech-support privileged EXEC command and by copying the error message exactly as it appears on the console or system log and entering it in the Output Interpreter tool. Use the Bug Toolkit to look for similar reported problems. For more information about these online tools and about contacting Cisco, see the "Error Message Traceback Reports" section in Chapter 1 of the Catalyst 2940 Switch System Message Guide or the Catalyst 2950 and Catalyst 2955 Switch System Message Guide.

Corrections for the Software Configuration Guides and Command References for All Switches

This section provides updates to the product documentation for the Catalyst 2940 and Catalyst 2950 series switches. These changes will be included in the next revision of the documentation.

This information was omitted from the "Enabling Storm Control" section of the "Configuring Port-Based Traffic Control" chapter in the software configuration guides and from the "Usage Guidelines" section of the storm-control interface configuration command in the command references:

If you configure the action to be taken when a packet storm is detected as shutdown (the port is error-disabled during a storm), you must use the no shutdown interface configuration command to bring the interface out of this state. If you do not specify the shutdown action, specify the action as trap (the switch generates a trap when a storm is detected).

Correction to the Software Configuration Guides for All Switches

In the printed copies of the software configuration guides, the URL listed in the "Privilege Levels" section of the "Getting Started with CMS" chapter in the software configuration guides is incorrect. The section lists this URL:

http://ip_address/level/13

This is the correct URL (the closing "/" is required):

http://ip_address/level/13/

Revisions to the Catalyst 2950 and Catalyst 2955 Command Reference

These commands were added or revised to the Catalyst 2950 and Catalyst 2955 switch command reference:

duplex

show controllers utilization

show interfaces

speed

duplex

Use the duplex interface configuration command to specify the duplex mode of operation for switch ports. Use the no form of this command to return to the default setting.

duplex {auto | full | half}

no duplex

Syntax Description

auto

Port automatically detects whether it should run in full- or half-duplex mode.

full

Port is in full-duplex mode.

half

Port is in half-duplex mode.


Defaults

For Fast Ethernet and 10/100/1000 ports, the default is auto.

For the default duplex mode of the Gigabit Interface Converter (GBIC)-module ports, refer to the documentation that came with your GBIC module.

For small, form-factor pluggable (SFP) Gigabit Ethernet ports on Catalyst 2950 LRE switches, the default is auto.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(5.2)WC(1)

This command was introduced.


Usage Guidelines

Certain ports, such as GBIC module ports, can be configured to be either full duplex or half duplex. The applicability of this command depends on the device to which the switch is attached.

If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.

Beginning with Cisco IOS Release 12.1(22)EA1, you can configure the duplex setting when the speed is set to auto.

If both the speed and duplex are set to specific values, autonegotiation is disabled.

For Fast Ethernet ports, setting the port to auto has the same effect as specifying half if the attached device does not autonegotiate the duplex parameter.

The 100BASE-FX ports on Catalyst 2950C-24 switches do not support the duplex interface configuration command. These ports only operate in full duplex and at 100 Mbps.

You can configure the 10/100/1000 ports on the Catalyst 2950T-24 and Catalyst 2950T-48-SI switches to autonegotiate the duplex mode by using the duplex auto interface configuration command. You can manually set the duplex mode to full by using the duplex full command. The 10/100/1000 ports support the half keyword only when the interface speed is 10 or 100 Mbps.

On Catalyst 2950 Long-Reach Ethernet (LRE) switches, use the duplex command to configure both the MAC and LRE chipsets.

A 10/100/1000 LRE switch port autonegotiates with the device at the other end of the link for the duplex setting and then forces the duplex setting to the negotiated value. A fiber-optic connection (SFP) also autonegotiates with the device at the other end of the link but only accepts a connection at full duplex.

The duplex setting for an SFP module Gigabit Ethernet port has a close relationship to the setting for speed. Fiber-optic connections are always forced to 1000 Mbps and full-duplex mode. Copper connections can run at either full- or half-duplex mode for 10 or 100 Mbps but are can only run in full-duplex mode at 1000 Mbps. When you manually set the speed and duplex settings, autonegotiation is disabled, and speed and duplex settings can cause a mismatch.


Note For guidelines on setting the switch speed and duplex parameters, refer to the software configuration guide for this release.


Examples

This example shows how to set a port to half duplex:

Switch(config)# interface fastethernet0/1
Switch(config-if)# duplex half

This example shows how to set a port to full duplex:

Switch(config)# interface fastethernet0/1
Switch(config-if)# duplex full

You can verify your settings by entering the show interfaces transceiver properties or show running-config privileged EXEC command.

Related Commands

Command
Description

cpe duplex

Sets the duplex setting for customer premises equipment (CPE) Ethernet ports.

local duplex

Sets the duplex mode on an LRE port.

show running-config

Displays the configuration information running on the switch. For syntax information, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 > Cisco IOS File Management Commands > Configuration File Commands.

speed

Sets the port speed.


show controllers utilization

Use the show controllers utilization user EXEC command to display bandwidth utilization on the switch or specific ports.

show controllers [interface-id ] utilization [ | {begin | exclude | include} expression]

Syntax Description

interface-id

(Optional) ID of the switch interface.

| begin

(Optional) Display begins with the line that matches the specified expression.

| exclude

(Optional) Display excludes lines that match the specified expression.

| include

(Optional) Display includes lines that match the specified expression.

expression

Expression in the output to use as a reference point.


Command Modes

User EXEC

Command History

Release
Modification

12.1(22)EA1

This command was introduced.


Usage Guidelines

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.

Examples

This is an example of output from the show controllers utilization command. Table 9 describes the fields in the output.

Switch> show controllers utilization
Port       Receive Utilization  Transmit Utilization
Fa0/1              0                    0
Fa0/2              0                    0

<output truncated>

Total Ports : 9
Switch Receive Bandwidth Percentage Utilization  : 0
Switch Transmit Bandwidth Percentage Utilization : 0

Switch Fabric Percentage Utilization : 0

This is an example of output from the show controllers utilization command on a specific port:

Switch> show controllers Fa0/8 utilization
Receive Bandwidth Percentage Utilization   : 0
Transmit Bandwidth Percentage Utilization  : 0

Table 9 show controllers utilization Field Descriptions

Field
Description

Receive Bandwidth Percentage Utilization

Displays the received bandwidth usage of the switch, which is the sum of the received traffic on all the ports divided by the switch receive capacity.

Transmit Bandwidth Percentage Utilization

Displays the transmitted bandwidth usage of the switch, which is the sum of the transmitted traffic on all the ports divided it by the switch transmit capacity.

Fabric Percentage Utilization

Displays the average of the transmitted and received bandwidth usage of the switch.


Related Commands

Command
Description

show controllers ethernet-controller

Displays the interface internal registers.


show interfaces

Use the show interfaces privileged EXEC command to display the administrative and operational status of all interfaces or a specified interface.

show interfaces [interface-id | vlan vlan-id] [accounting | capabilities [module {module-number]} | cpe [port port-id] | description | etherchannel | flowcontrol | media [interface-id] | pruning | stats | status [err-disabled] | switchport | trunk] | [ transceiver properties ] [ | {begin | exclude | include} expression]

Syntax Description

interface-id

(Optional) Valid interfaces include physical ports (including type, slot, and port number) and port channels. The port-channel range is 1 to 6.

vlan vlan-id

(Optional) VLAN ID. The range is 1 to 1005 when the standard software image (SI) is installed and 1 to 4094 when the enhanced software image (EI) is installed.

accounting

(Optional) Display interface accounting information.

capabilities [module module-number]

(Optional) Display the capabilities of the specified interface or all interfaces on the switch. The module number is always 0. If you enter an interface ID, the module keyword is not visible.

cpe [port port-id]

(Optional) Display link status, speed, and duplex of all the customer premises equipment (CPE) Ethernet ports.You must enter an interface ID to display this keyword.

port port-id—Display only the designated CPE Ethernet port. The range is 1 to 4.

These keywords are available only on Long-Reach Ethernet (LRE) switches.

description

(Optional) Display the administrative status and description set for an interface.

etherchannel

(Optional) Display interface EtherChannel information.

flowcontrol

(Optional) Display interface flowcontrol information.

media [interface-id]

(Optional) Display the type of media connection. This keyword is available only on LRE switches.

pruning

(Optional) Display interface trunk VTP pruning information.

stats

(Optional) Display input and output packets by switching path for the interface.

status [err-disabled]

(Optional) Display the status of the interface, or display interfaces in error-disabled state.

switchport

(Optional) Display the administrative and operational status of a switching (nonrouting) port.

trunk

Display interface trunk information. If you do not specify an interface, information for only active trunking ports appears.

transceiver properties

(Optional) Display speed and duplex settings for an interface.

| begin

(Optional) Display begins with the line that matches the expression.

| exclude

(Optional) Display excludes lines that match the expression.

| include

(Optional) Display includes lines that match the specified expression.

expression

Expression in the output to use as a reference point.



Note Though visible in the command-line help strings, the crb, fair-queue, irb, mac-accounting, precedence, random-detect, rate-limit, and shape options are not supported.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(5.2)WC(1)

This command was introduced.

12.1(11)YJ

The cpe, port port-id, and media keywords were added.

12.1(12c)EA1

The capabilities keyword was added.

12.1(22)EA1

The transceiver and properties keywords were added.


Usage Guidelines

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.

Examples

This is an example of output from the show interfaces accounting command:

Switch# show interfaces accounting
Vlan1 
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                      IP      17950    2351279       3205     411175
                     ARP       8626     552064         62       3720
Interface Vlan5 is disabled

FastEthernet0/1 
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
           Spanning Tree    2956958  179218508      34383    2131700
                     CDP      14301    5777240      14307    5722418
                     VTP          0          0       1408     145908
                     DTP      28592    1572560          0          0

<output truncated>

This is an example of output from the show interfaces capabilities command:

Switch# show interfaces fastethernet0/1 capabilities 
FastEthernet0/1
  Model:                 WS-C2950G-48-EI
  Type:                  10/100BaseTX
  Speed:                 10,100,auto
  Duplex:                half,full,auto
  UDLD:                  yes
  Trunk encap. type:     802.1Q
  Trunk mode:            on,off,desirable,nonegotiate
  Channel:               yes
  Broadcast suppression: percentage(0-100)
  Flowcontrol:           rx-(none),tx-(none)
  Fast Start:            yes
  CoS rewrite:           yes
  ToS rewrite:           yes
  Inline power:          no
  SPAN:                  source/destination
  PortSecure:            Yes
  Dot1x:                 Yes

This is an example of output from the show interfaces command for a specified interface:

Switch# show interfaces fastethernet0/1 
FastEthernet0/1 is up, line protocol is down
  Hardware is Fast Ethernet, address is 0005.7428.09c1 (bia 0005.7428.09c1)
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed
  input flow-control is off, output flow-control is off
  Last input never, output 4d21h, output hang never
  Last clearing of "show interface" counters never
  Input queue:0/75/0/0 (size/max/drops/flushes); Total output drops:0
  Queueing strategy:fifo
  Output queue :0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1 packets input, 64 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     1 packets output, 64 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

This is an example of output from the show interfaces description command for an interface when the interface has been described as Connects to Marketing by using the description interface configuration command.

Switch# show interfaces gigabitethernet0/1 description
Interface Status         Protocol Description
Gi0/1 up             down     Connects to Marketing

This is an example of output from the show interfaces pruning command for an interface when pruning is enabled in the VTP domain:

Switch# show interfaces fastethernet0/1 pruning

Port      Vlans pruned for lack of request by neighbor
Fa0/1     4,196

Port      Vlan traffic requested of neighbor
Fa0/1     1,4

This is an example of output from the show interfaces stats command:

Switch# show interfaces stats
Vlan1
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor    3224706  223689126    3277307  280637322
             Route cache          0          0          0          0
                   Total    3224706  223689126    3277307  280637322
Interface Vlan5 is disabled

FastEthernet0/1
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor    3286423  231672787     179501   17431060
             Route cache          0          0          0          0
                   Total    3286423  231672787     179501   17431060

This is an example of output from the show interfaces status command. It displays the status of all interfaces.

Switch# show interfaces status
Port    Name               Status       Vlan       Duplex  Speed Type
Fa0/1                      notconnect   1            auto   auto 10/100BaseTX
Fa0/2                      notconnect   1            auto   auto 10/100BaseTX
Fa0/3                      disabled     100          auto   auto 10/100BaseTX
Fa0/4                      connected    trunk      a-full  a-100 10/100BaseTX
Fa0/5                      notconnect   1            auto   auto 10/100BaseTX
Fa0/6                      connected    trunk      a-full  a-100 10/100BaseTX

<output truncated>

This is an example of output from the show interfaces status err-disabled command. It displays the status of interfaces in error-disabled state.

switch# show interfaces fastethernet0/1 status err-disabled 

Port    Name               Status       Reason
Fa0/1                      err-disabled psecure-violation

This is an example of output from the show interfaces etherchannel command when port channels are configured on the switch:

Switch# show interfaces etherchannel
----
FastEthernet0/1:
Port state    = Up Mstr In-Bndl 
Channel group = 1           Mode = On/FEC     Gcchange = 0
Port-channel  = Po1         GC   = 0x00010001    Pseudo port-channel = Po1
Port index    = 0           Load = 0x00

Age of the port in the current state:00d:00h:06m:54s
----
Port-channel1:
Age of the Port-channel   = 09d:22h:45m:14s
Logical slot/port   = 1/0           Number of ports = 1
GC                  = 0x00010001      HotStandBy port = null
Port state          = Port-channel Ag-Inuse 

Ports in the Port-channel:

Index   Load   Port    EC state
------+------+------+------------
  0     00     Fa0/1    on         

Time since last port bundled:   00d:00h:06m:54s    Fa0/1

This is an example of output from the show interfaces flowcontrol command. Table 10 lists the fields in this display.

Switch# show interfaces flowcontrol
Port    Send FlowControl  Receive FlowControl  RxPause TxPause
        admin    oper     admin    oper
-----   -------- -------- -------- --------    ------- -------
Fa0/1   Unsupp.  Unsupp.  off      off         0       0
Fa0/2   Unsupp.  Unsupp.  off      off         0       0
<output truncated>
Gi0/1   desired  off      off      off         0       0

Table 10 show interfaces flowcontrol Field Descriptions 

Field
Description

Port

Displays the port name.

Send FlowControl

Admin

Displays the administrative (configured) setting for the flow control send mode.

Oper

Displays the operational (running) setting for the flow control send mode.

Receive FlowControl

Admin

Displays the administrative (configured) setting for the flow control receive mode.

Oper

Displays the operational (running) setting for the flow control receive mode.

RxPause

Displays the number of pause frames received.

TxPause

Displays the number of pause frames sent.

On

Flow control is enabled.

Off

Flow control is disabled.

Desired

Flow control is enabled if the other end supports it.

Unsupp.

Flow control is not supported.


This is an example of output from the show interfaces switchport command for a single interface. Table 11 describes the fields in the output.

Switch# show interfaces gigabitethernet0/1 switchport
Name: Gi0/1
Switchport:Enabled
Administrative Mode:dynamic desirable
Operational Mode:static access
Administrative Trunking Encapsulation:negotiate
Negotiation of Trunking:On
Access Mode VLAN:1 (default)
Trunking Native Mode VLAN:1 (default)
Voice VLAN:none
Administrative private-vlan host-association:none
Administrative private-vlan mapping:none
Operational private-vlan:none
Trunking VLANs Enabled:ALL
Pruning VLANs Enabled:2-1001
Capture Mode: Disabled
Capture VLANs Allowed:ALL

Protected:true
Unknown unicast blocked:disabled
Unknown multicast blocked:disabled

Voice VLAN:none (Inactive)
Appliance trust:none

Table 11 show interfaces switchport Field Descriptions 

Field
Description

Name

Displays the port name.

Switchport

Displays the administrative and operational status of the port. In this output, the port is in switchport mode.

Administrative Mode

Operational Mode

Displays the administrative and operational mode.

Administrative Trunking Encapsulation

Negotiation of Trunking

Displays the administrative and operational encapsulation method, and whether trunking negotiation is enabled.

Access Mode VLAN

Displays the VLAN ID to which the port is configured.

Trunking Native Mode VLAN

Trunking VLANs Enabled

Trunking VLANs Active

Lists the VLAN ID of the trunk that is in native mode. Lists the allowed VLANs on the trunk. Lists the active VLANs on the trunk.

Pruning VLANs Enabled

Lists the VLANs that are pruning-eligible.

Administrative private-vlan host-association >
Administrative private-vlan mapping
Operational private-vlan

Displays the administrative and operational status of the private VLAN, and displays the private-VLAN mapping.

Note Private VLANs are not supported on the switch.

Capture Mode

Captured VLANs Allowed

Displays the capture mode and the number of captured VLANs allowed.

Note Because the switch does not support the capture feature, the values for these fields do not change.

Protected

Displays whether or not protected port is enabled (True) or disabled (False) on the interface.

Voice VLAN

Displays the VLAN ID on which voice VLAN is enabled.

Appliance trust

Displays the class of service (CoS) setting of the data packets of the IP phone.


This is an example of output from the show interfaces trunk command:

Switch# show interfaces trunk
Port      Mode         Encapsulation  Status        Native vlan
Fa0/4     on           802.1q         trunking      1
Fa0/6     on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/4     1-4094
Fa0/6     1-4094

Port      Vlans allowed and active in management domain
Fa0/4     1-2,51-52
Fa0/6     1-2,51-52

Port      Vlans in spanning tree forwarding state and not pruned
Fa0/4     1
Fa0/6     1-2,51-52

This is an example of output from the show interfaces trunk command for an interface. It displays trunking information for the interface.

Switch# show interfaces fastethernet0/1 trunk
Port      Mode         Encapsulation  Status        Native vlan
Fa0/1     desirable    802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/1     1-4094

Port      Vlans allowed and active in management domain
Fa0/1     1,4,196,306

Port      Vlans in spanning tree forwarding state and not pruned
Fa0/1     1,306

This is an example of output from the show interfaces transceiver properties command. If you do not specify an interface, the output of the command shows the status on all switch ports:

Switch# show interfaces transceiver properties
Name : Fa0/1
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: N/A 
Administrative Power Inline: N/A
Operational Speed: 100
Operational Duplex: full
Operational Auto-MDIX: N/A 

Name : Fa0/2
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: N/A 
Administrative Power Inline: N/A
Operational Speed: 10
Operational Duplex: full
Operational Auto-MDIX: N/A 

Name : Fa0/3
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: N/A 
Administrative Power Inline: N/A
Operational Speed: 100
Operational Duplex: full
Operational Auto-MDIX: N/A 

<output truncated> 

This is an example of output from the show interfaces module number transceiver properties command for a specific interface:

Switch# show interfaces fastethernet0/1 transceiver properties
Name : Fa0/1
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: N/A 
Administrative Power Inline: N/A
Operational Speed: 100
Operational Duplex: full
Operational Auto-MDIX: N/A 

This is an example of output from the show interfaces command for an LRE port:

Switch# show interfaces longreachethernet0/5
LongReachEthernet0/5 is up, line protocol is up 
  Hardware is Ethernet over LRE, address is 0006.2871.5902 (bia 0006.2871.5902)
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Half-duplex, Auto Speed (10), 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:21, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     8272 packets input, 852898 bytes, 0 no buffer
     Received 1182 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 1182 multicast
     0 input packets with dribble condition detected
     61899 packets output, 17981033 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

This is an example of output from the show interfaces command for all interfaces on a CPE device:

Switch# show interfaces longreachethernet0/2 cpe
Port      Status      Speed   Duplex
----   ------------   -----   ------
  1    notconnected    auto       NA
  2    notconnected    auto       NA
  3    notconnected    auto       NA
  4    notconnected    auto       NA
  5    connected        100     half
Switch#

This is an example of output from the show interfaces command for a port on a CPE device:

Switch# show interfaces longreachethernet0/2 cpe port 5
Port      Status      Speed   Duplex
----   ------------   -----   ------
  5    connected        100     half
Switch#

This is an example of output from the show interfaces media command on an interface:

Switch# show interfaces gigabitethernet0/1 media
Port    Media-configured   Active      Attached
Gi0/1   auto-select        rj45        1000BaseSX-10/100/1000BaseTX
Switch#

This is an example of output from the show interfaces media command:

Switch# show interfaces media
Port    Media-configured   Active      Attached
Gi0/1   auto-select        rj45        1000BaseSX-10/100/1000BaseTX
Gi0/2   prefer-sfp         sfp         1000BaseSX-10/100/1000BaseTX

Related Commands

Command
Description

switchport access

Configures a port as a static-access or dynamic-access port.

switchport protected

Isolates Layer 2 unicast, multicast, and broadcast traffic from other protected ports on the same switch.

switchport trunk pruning

Configures the VLAN pruning-eligible list for ports in trunking mode.


speed

Use the speed interface configuration command to specify the speed of a port. Use the no form of this command to return to the default setting.

speed {10 | 100 | 1000 | auto [ 10 | 100 | 1000 ] | nonegotiate}

no speed


Note You cannot configure speed or duplex mode on Gigabit Interface Converter (GBIC) ports, but for certain types of GBICs, you can configure speed to not negotiate nonegotiate if they are connected to a device that does not support autonegotiation.


Syntax Description

10

Port runs at 10 Mbps.

100

Port runs at 100 Mbps.

1000

Port runs at 1000 Mbps (only valid for Gigabit Ethernet ports).

auto

Port automatically detects whether it should run at 10 or 100 Mbps on
Fast Ethernet ports or at 10, 100, or 1000 Mbps on 10/100/1000 and SFP-module ports. If you use the 10, 100, or 1000 keywords with the auto keyword, the port only autonegotiates at the specified speeds.

nonegotiate

Autonegotiation is disabled, and the port runs at 1000 Mbps. This option is valid and visible only on 1000BASE-X, -LX, and -ZX GBIC ports. Gigastack GBICs and 1000BASE-T GBICs do not support disabling of autonegotiation.


Defaults

For Fast Ethernet and 10/100/1000 ports, the default is auto.

For 100BASE-FX ports, the default is 100 Mbps.

For GBIC-module ports, the default is 1000 Mbps.

For small form-factor pluggable (SFP)-module ports, the default is auto.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(5.2)WC(1)

This command was introduced.

12.1(11)EA1

The nonegotiate keyword was added.

12.1(22)EA1

Support for the 10, 10, and 1000 keywords with the auto keyword was added.


Usage Guidelines

The applicability of this command depends on the switch on which you enter this command.

If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch. If both the speed and duplex are set to specific values, autonegotiation is disabled.

If the speed is set to auto and the 10, 100, or 1000 keywords are also used, the port only autonegotiates at the specified speeds.

On non-Long-Reach Ethernet (LRE) switches, Fast Ethernet ports, except for 100BASE-FX ports, can be configured at 10 or 100 Mbps. The 10/100/1000 Ethernet interfaces on the Catalyst 2950T-24, Catalyst 2950T-48-SI, and Catalyst 2955T-24 switches operate at 10 or 100 Mbps in either half- or full-duplex mode or at 1000 Mbps only in full-duplex mode.

You cannot configure the speed on GBIC interfaces, but you can configure the speed to not negotiate (nonegotiate) for the 1000BASE-SX, -LX, or -ZX GBICs if they are connected to devices that do not support autonegotiation. GBIC-module ports support only 1000 Mbps. The speed values of 10 Mbps and 100 Mbps are not supported.


Note The 100BASE-FX and SFP modules do not support the speed command. These ports operate only at 100 Mbps and in full-duplex mode.


On LRE switches, LRE Gigabit Ethernet ports are set to auto by default. A copper connection (10/100/1000) autonegotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. A fiber-optic SFP connection also autonegotiates with the device at the other end of the link but only accepts a connection at 1000 Mbps.

SFP modules only operate at 1000 Mbps, and those with a 1000 BASE-T module installed can only be configured for full-duplex mode.

On LRE switches, the speed setting for a Gigabit Ethernet port has a close relationship to the setting for duplex mode. Fiber-optic SFP-module ports are always forced to 1000 Mbps and to full-duplex mode. Copper ports can run in either full- or half-duplex module at 10 or 100 Mbps but are forced to run in full-duplex mode at 1000Mbps. When you configure the speed and duplex settings, autonegotiation is disabled, and speed and duplex settings can cause a mismatch.

The speed command is not supported on LRE interfaces. Use the cpe speed interface configuration command to set the speed of individual customer premises equipment (CPE) ports.


Note For guidelines on setting the switch speed and duplex parameters, refer to the "Configuring the Switch Interfaces" and the "Configuring LRE" chapters in the switch software configuration guide for this release.


Examples

This example shows how to set a port to 100 Mbps:

Switch(config)# interface fastethernet0/1
Switch(config-if)# speed 100

This example shows how to set a port to autonegotiate the speed:

Switch(config)# interface fastethernet0/1
Switch(config-if)# speed auto

This example shows how to set a port to autonegotiate at only 10 Mbps:

Switch(config)# interface fastethernet0/1
Switch(config-if)# speed auto 10

This example shows how to set a port to autonegotiate at only 10 or 100 Mbps:

Switch(config)# interface fastethernet0/1
Switch(config-if)# speed auto 10 100

You can verify your settings by entering the show interfaces transceiver properties or the show running-config privileged EXEC command.

Related Commands

Command
Description

cpe speed

Sets the speed of a CPE port.

duplex

Specifies the duplex mode of operation for switch ports.

show controllers lre status

Displays the status for rate selection. Use the sequence keyword to display the status of a sequence for an LRE interface.

show interfaces

Displays the administrative and operational status of all interfaces or a specified interface.

show running-config

Displays the current operating configuration. For syntax information, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 > Cisco IOS File Management Commands > Configuration File Commands.


Revisions to the Catalyst 2940 Switch Software Configuration Guide

The updates in this section should be added to Chapter 14, Configuring VLANs, before the "Displaying VLANs" section on page 14-10:

"Configuring Extended-Range VLANs" section

"Extended-Range VLAN Configuration Guidelines" section

"Creating an Extended-Range VLAN" section

"Full-Range of VLAN IDs Supported" section

"Chapter 8, Configuring 802.1x Port-Based Authentication" section

Configuring Extended-Range VLANs

When the switch is in VTP transparent mode (VTP disabled), you can create extended-range VLANs (in the range 1006 to 4094 for any switch port commands that allow VLAN IDs). Enter the vlan vlan-id global configuration command to access config-vlan mode and to configure extended-range VLANs. The VLAN database configuration mode (that you access by entering the vlan database privileged EXEC command) does not support the extended range.

Extended-range VLAN configurations are not stored in the VLAN database. Because VTP mode is transparent, they are stored in the switch running configuration file. You can save the configuration in the startup configuration file by using the copy running-config startup-config privileged EXEC command.

Default VLAN Configuration

Refer to Table 14-2 on page 14-7 of the Catalyst 2940 Software Configuration Guide for IOS Release 12.1(20)EA2 for the default configuration for Ethernet VLANs. You can change only the MTU size on extended-range VLANs; all other characteristics must remain at the default state.

Extended-Range VLAN Configuration Guidelines

Follow these guidelines when creating extended-range VLANs:

To add an extended-range VLAN, you must use the vlan vlan-id global configuration command and access config-vlan mode. You cannot add extended-range VLANs in VLAN database configuration mode (accessed by entering the vlan database privileged EXEC command).

VLAN IDs in the extended range are not saved in the VLAN database and are not recognized by VTP.

You cannot include extended-range VLANs in the pruning eligible range.

The switch must be in VTP transparent mode when you create extended-range VLANs. If VTP mode is server or client, an error message is generated, and the extended-range VLAN is rejected.

You can set the VTP mode to transparent in global configuration mode or in VLAN database configuration mode. You should save this configuration to the startup configuration so that the switch will boot up in VTP transparent mode. Otherwise, you will lose extended-range VLAN configuration if the switch resets.

VLANs in the extended range are not supported by VQP. They cannot be configured by VMPS.

STP is enabled by default on extended-range VLANs, but you can disable it by using the no spanning-tree vlan vlan-id global configuration command. When the maximum number of spanning-tree instances (10) are on the switch, spanning tree is disabled on any newly created VLANs. If the number of VLANs on the switch exceeds the maximum number of spanning tree instances, we recommend that you configure the IEEE 802.1S Multiple STP (MSTP) on your switch to map multiple VLANs to a single STP instance. For more information about MSTP, see Chapter 17, "Configuring MSTP."

Creating an Extended-Range VLAN

You create an extended-range VLAN in global configuration mode by entering the vlan global configuration command with a VLAN ID from 1006 to 4094. This command accesses the config-vlan mode. The extended-range VLAN has the default Ethernet VLAN characteristics and the MTU size is the only parameter you can change. Refer to the description of the vlan global configuration command in the command reference for defaults of all parameters. If you enter an extended-range VLAN ID when the switch is not in VTP transparent mode, an error message is generated when you exit from config-vlan mode, and the extended-range VLAN is not created.

Extended-range VLANs are not saved in the VLAN database; they are saved in the switch running configuration file. You can save the extended-range VLAN configuration in the switch startup configuration file by using the copy running-config startup-config privileged EXEC command.

Beginning in privileged EXEC mode, follow these steps to create an extended-range VLAN:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

vtp mode transparent

Configure the switch for VTP transparent mode, disabling VTP.

Step 3 

vlan vlan-id

Enter an extended-range VLAN ID and enter config-vlan mode. The range is 1006 to 4094.

Step 4 

mtu mtu-size

(Optional) Modify the VLAN by changing the MTU size.

Note Although all commands appear in the CLI help in config-vlan mode, only the mtu mtu-size command is supported for extended-range VLANs.

Step 5 

end

Return to privileged EXEC mode.

Step 6 

show vlan id vlan-id

Verify that the VLAN has been created.

Step 7 

copy running-config startup config

Save your entries in the switch startup configuration file. To save extended-range VLAN configurations, you need to save the VTP transparent mode configuration and the extended-range VLAN configuration in the switch startup configuration file. Otherwise, if the switch resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved.

To delete an extended-range VLAN, use the no vlan vlan-id global configuration command.

The procedure for assigning static-access ports to an extended-range VLAN is the same as for normal-range VLANs.

This example shows how to create a new extended-range VLAN with all default characteristics, enter config-vlan mode, and save the new VLAN in the switch startup configuration file:

Switch(config)# vtp mode transparent
Switch(config)# vlan 2000
Switch(config-vlan)# end
Switch# copy running-config startup config

Full-Range of VLAN IDs Supported

The software configuration guide has been updated throughout to reflect support for the full range of 1 to 4094 VLAN IDs that are allowed by the IEEE 802.1Q standard and support for 12 spanning-tree instances and 12 active VLANs.

Chapter 8, Configuring 802.1x Port-Based Authentication

The "Using 802.1x with Guest VLAN" section and the "Configuring a Guest VLAN" section in the software configuration guide has been updated to support 802.1x with guest VLAN:

"Using 802.1x with Guest VLAN" section

"Configuring a Guest VLAN" section

Using 802.1x with Guest VLAN

You can configure a guest VLAN for each 802.1x port on the switch to provide limited services to clients (for example, downloading the 802.1x client). These clients might be upgrading their system for 802.1x authentication, and some hosts, such as Windows 98 systems, might not be 802.1x-capable.

If an 802.1x port is configured, the switch assigns clients to a guest VLAN for the 802.1x port when one of these situations occurs:

The authentication server does not receive a response to its EAPOL request/identity frame.

802.1x EAPOL packets are not sent by the client.

New 802.1x EAPOL packets are sent by the client, but authentication fails.

Any number of hosts have access after the switch port is moved to the guest VLAN. If an 802.1x-capable host joins the same port on which the guest VLAN is configured, the port is put into the unauthorized state in the user-configured access VLAN, and authentication is restarted.

Guest VLANs are supported on 802.1x ports in single-host and multiple-hosts modes.

You can configure any VLAN, except RSPAN VLANs or voice VLAN IDs (VVIDs), as an 802.1x guest VLAN. The guest VLAN feature is not supported on trunk ports; it is supported only on access ports.

For configuration steps, see the "Configuring a Guest VLAN" section.

Configuring a Guest VLAN

When you configure a guest VLAN, clients that are not 802.1x-capable are put into the guest VLAN when the server does not receive a response to its EAPOL request/identity frame. Clients that are 802.1x-capable but fail authentication are not granted access to the network. The switch supports guest VLANs in single-host or multiple-hosts mode.

Beginning in privileged EXEC mode, follow these steps to configure a guest VLAN. This procedure is optional.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify the interface to be configured, and enter interface configuration mode. For the supported interface types, see the "802.1x Configuration Guidelines" section on page 8-11.

Step 3 

dot1x guest-vlan vlan-id

Specify an active VLAN as an 802.1x guest VLAN. The range is 1 to 4094.

Any VLAN can be configured as an 802.1x guest VLAN except RSPAN VLANs or voice VLANs.

Step 4 

end

Return to privileged EXEC mode.

Step 5 

show dot1x interface interface-id

Verify your entries.

Step 6 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To disable and remove the guest VLAN, use the no dot1x guest-vlan interface configuration command. The port returns to the unauthorized state.

This example shows how to enable VLAN 9 as an 802.1x guest VLAN on a port:

Switch(config)# interface fastethernet0/1
Switch(config-if)# dot1x guest-vlan 9

This example shows how to set 3 as the quiet time on the switch, to set 15 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request, and to enable VLAN 2 as an 802.1x guest VLAN when an 802.1x port is connected to a DHCP client:

Switch(config-if)# dot1x timeout quiet-period 3
Switch(config-if)# dot1x timeout tx-period 15
Switch(config-if)# dot1x guest-vlan 2

Revisions to the Catalyst 2940 Command Reference

This guide has been updated throughout to reflect support for the full range of 1 to 4094 VLAN IDs that are allowed by the IEEE 802.1Q standard and support for 12 spanning-tree instances and 12 active VLANs.

For most commands with a vlan vlan-id keyword, the valid VLAN ID range is now from 1 to 4094.

If VTP mode is transparent, you can use the vlan global configuration command to create extended VLANs (with VLAN IDs of 1006 to 4094) and enter config-vlan mode.


Note Although all commands are visible, the only config-vlan command supported on extended-range VLANs is mtu mtu-size. For extended-range VLANs, all other characteristics must remain at the default state.


The following commands were added or revised to the Catalyst 2940 switch command reference:

"duplex" section

"show controllers utilization" section

"show interfaces" section

"speed" section

duplex

Use the duplex interface configuration command to specify the duplex mode of operation for switch ports. Use the no form of this command to return to the default setting.

duplex {auto | full | half}

no duplex

Syntax Description

auto

Port automatically detects whether it should run in full- or half-duplex mode.

full

Port is in full-duplex mode.

half

Port is in half-duplex mode.


Defaults

For Fast Ethernet and 10/100/1000 ports, the default is auto.

For 100BASE-FX and small form-factor pluggable (SFP) modules, the default is full.

Command Modes

Interface configuration

Command History

Release
Modification

12.1(13)AY

This command was introduced.


Usage Guidelines

Certain ports, such as Fast Ethernet or 10/100/1000 ports, can be configured as either full duplex or half duplex. How you apply this command depends on the device to which the switch is attached.

If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.

Beginning with Cisco IOS Release 12.1(22)EA1, you can configure the duplex setting when the speed is set to auto.

If both the speed and duplex are set to specific values, autonegotiation is disabled.

For Fast Ethernet ports, setting the port to auto has the same effect as specifying half if the attached device does not autonegotiate the duplex parameter.

The 100BASE-FX ports do not support the duplex interface configuration command. These ports only operate in full-duplex mode and at 100 Mbps.


Note For guidelines on setting the switch speed and duplex parameters, refer to the software configuration guide for this release.


Examples

This example shows how to set a port to half duplex:

Switch(config)# interface fastethernet0/1
Switch(config-if)# duplex half

This example shows how to set a port to full duplex:

Switch(config)# interface fastethernet0/1
Switch(config-if)# duplex full

You can verify your settings by entering the show interfaces transceiver properties or show running-config privileged EXEC command.

Related Commands

Command
Description

show running-config

Displays the configuration information running on the switch. For syntax information, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 > Cisco IOS File Management Commands > Configuration File Commands.

speed

Sets the port speed.


show controllers utilization

Use the show controllers utilization user EXEC command to display bandwidth utilization on the switch or specific ports.

show controllers [interface-id ] utilization [ | {begin | exclude | include} expression]

Syntax Description

interface-id

(Optional) ID of the switch interface.

| begin

(Optional) Display begins with the line that matches the specified expression.

| exclude

(Optional) Display excludes lines that match the specified expression.

| include

(Optional) Display includes lines that match the specified expression.

expression

Expression in the output to use as a reference point.


Command Modes

User EXEC

Command History

Release
Modification

12.1(22)EA1

This command was introduced.


Usage Guidelines

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.

Examples

This is an example of output from the show controllers utilization command. Table 12 describes the fields in the output.

Switch> show controllers utilization
Port       Receive Utilization  Transmit Utilization
Fa0/1              0                    0
Fa0/2              0                    0

<output truncated>

Total Ports : 9
Switch Receive Bandwidth Percentage Utilization  : 0
Switch Transmit Bandwidth Percentage Utilization : 0

Switch Fabric Percentage Utilization : 0

This is an example of output from the show controllers utilization command on a specific port:

Switch> show controllers Fa0/8 utilization
Receive Bandwidth Percentage Utilization   : 0
Transmit Bandwidth Percentage Utilization  : 0

Table 12 show controllers utilization Field Descriptions

Field
Description

Receive Bandwidth Percentage Utilization

Displays the received bandwidth usage of the switch, which is the sum of the received traffic on all the ports divided by the switch receive capacity.

Transmit Bandwidth Percentage Utilization

Displays the transmitted bandwidth usage of the switch, which is the sum of the transmitted traffic on all the ports divided it by the switch transmit capacity.

Fabric Percentage Utilization

Displays the average of the transmitted and received bandwidth usage of the switch.


Related Commands

Command
Description

show controllers ethernet-controller

Displays the interface internal registers.


show interfaces

Use the show interfaces privileged EXEC command to display the administrative and operational status of all interfaces or a specified interface.

show interfaces [interface-id | vlan vlan-id] [accounting | capabilities [module {module-number]} | description | etherchannel | flowcontrol | pruning | stats | status [err-disabled] | switchport | trunk] | [ transceiver properties ] [ | {begin | exclude | include} expression]

Syntax Description

interface-id

(Optional) Valid interfaces include physical ports (including type, slot, and port number) and port channels. The port-channel range is 1 to 6.

vlan vlan-id

(Optional) VLAN ID. The range is 1 to 4094.

accounting

(Optional) Display interface accounting information.

capabilities [module module-number]

(Optional) Display the capabilities of the specified interface or all interfaces on the switch. The module number is always 0. If you enter an interface ID, the module keyword is not visible.

description

(Optional) Display the administrative status and description set for an interface.

etherchannel

(Optional) Display interface EtherChannel information.

flowcontrol

(Optional) Display interface flowcontrol information.

pruning

(Optional) Display interface trunk VTP pruning information.

stats

(Optional) Display input and output packets by switching path for the interface.

status [err-disabled]

(Optional) Display the status of the interface, or display interfaces in error-disabled state.

switchport

(Optional) Display the administrative and operational status of a switching (nonrouting) port.

trunk

Display interface trunk information. If you do not specify an interface, information for only active trunking ports appears.

transceiver properties

(Optional) Display speed and duplex settings for an interface.

| begin

(Optional) Display begins with the line that matches the expression.

| exclude

(Optional) Display excludes lines that match the expression.

| include

(Optional) Display includes lines that match the specified expression.

expression

Expression in the output to use as a reference point.



Note Though visible in the command-line help strings, the crb, fair-queue, irb, mac-accounting, precedence, random-detect, rate-limit, and shape options are not supported.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.1(13)AY

This command was introduced.

12.1(22)EA1

The transceiver and properties keywords were added.


Usage Guidelines

Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.

Examples

This is an example of output from the show interfaces accounting command:

Switch# show interfaces accounting
Vlan1 
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                      IP      17950    2351279       3205     411175
                     ARP       8626     552064         62       3720
Interface Vlan5 is disabled

FastEthernet0/1 
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
           Spanning Tree    2956958  179218508      34383    2131700
                     CDP      14301    5777240      14307    5722418
                     VTP          0          0       1408     145908
                     DTP      28592    1572560          0          0

<output truncated>

This is an example of output from the show interfaces capabilities command:

Switch# show interfaces fastethernet0/1 capabilities 
FastEthernet0/1
  Model:                 WS-C2940-8TF-S
  Type:                  10/100BaseTX
  Speed:                 10,100,auto
  Duplex:                half,full,auto
  UDLD:                  yes
  Trunk encap. type:     802.1Q
  Trunk mode:            on,off,desirable,nonegotiate
  Channel:               yes
  Broadcast suppression: percentage(0-100)
  Flowcontrol:           rx-(none),tx-(none)
  Fast Start:            yes
  CoS rewrite:           yes
  ToS rewrite:           yes
  Inline power:          no
  SPAN:                  source/destination
  PortSecure:            Yes
  Dot1x:                 Yes

This is an example of output from the show interfaces command for a specified interface:

Switch# show interfaces fastethernet0/1 
FastEthernet0/1 is up, line protocol is down
  Hardware is Fast Ethernet, address is 0005.7428.09c1 (bia 0005.7428.09c1)
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed
  input flow-control is off, output flow-control is off
  Last input never, output 4d21h, output hang never
  Last clearing of "show interface" counters never
  Input queue:0/75/0/0 (size/max/drops/flushes); Total output drops:0
  Queueing strategy:fifo
  Output queue :0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1 packets input, 64 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     1 packets output, 64 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

This is an example of output from the show interfaces description command for an interface when the interface has been described as Connects to Marketing by using the description interface configuration command.

Switch# show interfaces gigabitethernet0/1 description
Interface Status         Protocol Description
Gi0/1 up             down     Connects to Marketing

This is an example of output from the show interfaces pruning command for an interface when pruning is enabled in the VTP domain:

Switch# show interfaces fastethernet0/1 pruning
Port      Vlans pruned for lack of request by neighbor
Fa0/1     4,196

Port      Vlan traffic requested of neighbor
Fa0/1     1,4

This is an example of output from the show interfaces stats command:

Switch# show interfaces stats
Vlan1
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor    3224706  223689126    3277307  280637322
             Route cache          0          0          0          0
                   Total    3224706  223689126    3277307  280637322
Interface Vlan5 is disabled

FastEthernet0/1
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor    3286423  231672787     179501   17431060
             Route cache          0          0          0          0
                   Total    3286423  231672787     179501   17431060

This is an example of output from the show interfaces status command. It displays the status of all interfaces.

Switch# show interfaces status
Port    Name               Status       Vlan       Duplex  Speed Type
Fa0/1                      notconnect   1            auto   auto 10/100BaseTX
Fa0/2                      notconnect   1            auto   auto 10/100BaseTX
Fa0/3                      disabled     100          auto   auto 10/100BaseTX
Fa0/4                      connected    trunk      a-full  a-100 10/100BaseTX
Fa0/5                      notconnect   1            auto   auto 10/100BaseTX
Fa0/6                      connected    trunk      a-full  a-100 10/100BaseTX

<output truncated>

This is an example of output from the show interfaces status err-disabled command. It displays the status of interfaces in error-disabled state.

switch# show interfaces fastethernet0/1 status err-disabled 
Port    Name               Status       Reason
Fa0/1                      err-disabled psecure-violation

This is an example of output from the show interfaces etherchannel command when port channels are configured on the switch:

Switch# show interfaces etherchannel
----
FastEthernet0/1:
Port state    = Up Mstr In-Bndl 
Channel group = 1           Mode = On/FEC     Gcchange = 0
Port-channel  = Po1         GC   = 0x00010001    Pseudo port-channel = Po1
Port index    = 0           Load = 0x00

Age of the port in the current state:00d:00h:06m:54s
----
Port-channel1:
Age of the Port-channel   = 09d:22h:45m:14s
Logical slot/port   = 1/0           Number of ports = 1
GC                  = 0x00010001      HotStandBy port = null
Port state          = Port-channel Ag-Inuse 

Ports in the Port-channel:

Index   Load   Port    EC state
------+------+------+------------
  0     00     Fa0/1    on         

Time since last port bundled:   00d:00h:06m:54s    Fa0/1

This is an example of output from the show interfaces flowcontrol command. Table 13 lists the fields in this display.

Switch# show interfaces flowcontrol
Port    Send FlowControl  Receive FlowControl  RxPause TxPause
        admin    oper     admin    oper
-----   -------- -------- -------- --------    ------- -------
Fa0/1   Unsupp.  Unsupp.  off      off         0       0
Fa0/2   Unsupp.  Unsupp.  off      off         0       0
<output truncated>
Gi0/1   desired  off      off      off         0       0

Table 13 show interfaces flowcontrol Field Descriptions 

Field
Description

Port

Displays the port name.

Send FlowControl

Admin

Displays the administrative (configured) setting for the flow control send mode.

Oper

Displays the operational (running) setting for the flow control send mode.

Receive FlowControl

Admin

Displays the administrative (configured) setting for the flow control receive mode.

Oper

Displays the operational (running) setting for the flow control receive mode.

RxPause

Displays the number of pause frames received.

TxPause

Displays the number of pause frames sent.

On

Flow control is enabled.

Off

Flow control is disabled.

Desired

Flow control is enabled if the other end supports it.

Unsupp.

Flow control is not supported.


This is an example of output from the show interfaces switchport command for a single interface. Table 14 describes the fields in the output.

Switch# show interfaces gigabitethernet0/1 switchport
Name: Gi0/1
Switchport:Enabled
Administrative Mode:dynamic desirable
Operational Mode:static access
Administrative Trunking Encapsulation:negotiate
Negotiation of Trunking:On
Access Mode VLAN:1 (default)
Trunking Native Mode VLAN:1 (default)
Voice VLAN:none
Administrative private-vlan host-association:none
Administrative private-vlan mapping:none
Operational private-vlan:none
Trunking VLANs Enabled:ALL
Pruning VLANs Enabled:2-1001
Capture Mode: Disabled
Capture VLANs Allowed:ALL

Protected:true
Unknown unicast blocked:disabled
Unknown multicast blocked:disabled

Voice VLAN:none (Inactive)
Appliance trust:none

Table 14 show interfaces switchport Field Descriptions 

Field
Description

Name

Displays the port name.

Switchport

Displays the administrative and operational status of the port. In this output, the port is in switchport mode.

Administrative Mode

Operational Mode

Displays the administrative and operational mode.

Administrative Trunking Encapsulation

Negotiation of Trunking

Displays the administrative and operational encapsulation method, and whether trunking negotiation is enabled.

Access Mode VLAN

Displays the VLAN ID to which the port is configured.

Trunking Native Mode VLAN

Trunking VLANs Enabled

Trunking VLANs Active

Lists the VLAN ID of the trunk that is in native mode. Lists the allowed VLANs on the trunk. Lists the active VLANs on the trunk.

Pruning VLANs Enabled

Lists the VLANs that are pruning-eligible.

Administrative private-vlan host-association >
Administrative private-vlan mapping
Operational private-vlan

Displays the administrative and operational status of the private VLAN, and displays the private-VLAN mapping.

Note Private VLANs are not supported on the switch.

Capture Mode

Captured VLANs Allowed

Displays the capture mode and the number of captured VLANs allowed.

Note Because the switch does not support the capture feature, the values for these fields do not change.

Protected

Displays whether or not protected port is enabled (True) or disabled (False) on the interface.

Voice VLAN

Displays the VLAN ID on which voice VLAN is enabled.

Appliance trust

Displays the class of service (CoS) setting of the data packets of the IP phone.


This is an example of output from the show interfaces trunk command:

Switch# show interfaces trunk
Port      Mode         Encapsulation  Status        Native vlan
Fa0/4     on           802.1q         trunking      1
Fa0/6     on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/4     1-4094
Fa0/6     1-4094

Port      Vlans allowed and active in management domain
Fa0/4     1-2,51-52
Fa0/6     1-2,51-52

Port      Vlans in spanning tree forwarding state and not pruned
Fa0/4     1
Fa0/6     1-2,51-52

This is an example of output from the show interfaces trunk command for an interface. It displays trunking information for the interface.

Switch# show interfaces fastethernet0/1 trunk
Port      Mode         Encapsulation  Status        Native vlan
Fa0/1     desirable    802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/1     1-4094

Port      Vlans allowed and active in management domain
Fa0/1     1,4,196,306

Port      Vlans in spanning tree forwarding state and not pruned
Fa0/1     1,306

This is an example of output from the show interfaces transceiver properties command. If you do not specify an interface, the output of the command shows the status on all switch ports:

Switch# show interfaces transceiver properties
Name : Fa0/1
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: N/A 
Administrative Power Inline: N/A
Operational Speed: 100
Operational Duplex: full
Operational Auto-MDIX: N/A 

Name : Fa0/2
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: N/A 
Administrative Power Inline: N/A
Operational Speed: 10
Operational Duplex: full
Operational Auto-MDIX: N/A 

Name : Fa0/3
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: N/A 
Administrative Power Inline: N/A
Operational Speed: 100
Operational Duplex: full
Operational Auto-MDIX: N/A 

<output truncated> 

This is an example of output from the show interfaces module number transceiver properties command for a specific interface:

Switch# show interfaces fastethernet0/1 transceiver properties
Name : Fa0/1
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: N/A 
Administrative Power Inline: N/A
Operational Speed: 100
Operational Duplex: full
Operational Auto-MDIX: N/A 

Related Commands

Command
Description

switchport access

Configures a port as a static-access or dynamic-access port.

switchport protected

Isolates Layer 2 unicast, multicast, and broadcast traffic from other protected ports on the same switch.

switchport trunk pruning

Configures the VLAN pruning-eligible list for ports in trunking mode.


speed

Use the speed interface configuration command to specify the speed of a port. Use the no form of this command to return to the default setting.

speed {10 | 100 | 1000 | auto [ 10 | 100 | 1000 ] }

no speed

Syntax Description

10

Port runs at 10 Mbps.

100

Port runs at 100 Mbps.

1000

Port runs at 1000 Mbps (only valid for Gigabit Ethernet ports).

auto

Port automatically detects whether it should run at 10 or 100 Mbps on
Fast Ethernet ports or at 10, 100, or 1000 Mbps on 10/100/1000 and SFP-module ports. If you use the 10, 100, or 1000 keywords with the auto keyword, the port only autonegotiates at the specified speeds.


Defaults

For Fast Ethernet and 10/100/1000 ports, the default is auto.

For 100BASE-FX ports, the default is 100 Mbps.

For small form-factor pluggable (SFP) modules, the default is 1000 Mbps.

Command Modes

Interface configuration

Command History

Release
Modification

12.1(13)AY

This command was introduced.

12.1(22)EA1

Support for the 10, 10, and 1000 keywords with the auto keyword was added.


Usage Guidelines

The applicability of this command depends on the switch on which you enter this command.

Fast Ethernet ports, except for 100BASE-FX ports, can be configured at 10 or 100 Mbps in half- or full-duplex mode. The 10/100/1000 ports operate in half- or full-duplex mode at 10 or 100 Mbps and in full-duplex mode only at 1000 Mbps.

If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch. If both the speed and duplex are set to specific values, autonegotiation is disabled.

If the speed is set to auto and the 10, 100, or 1000 keywords are also used, the port only autonegotiates at the specified speeds.


Note The 100BASE-FX and SFP modules do not support the speed command. These ports operate only at 100 Mbps and in full-duplex mode.



Note For guidelines on setting the switch speed and duplex parameters, refer to the "Configuring the Switch Interfaces" chapter in the switch software configuration guide for this release.


Examples

This example shows how to set a port to 100 Mbps:

Switch(config)# interface fastethernet0/1
Switch(config-if)# speed 100

This example shows how to set a port to autonegotiate the speed:

Switch(config)# interface fastethernet0/1
Switch(config-if)# speed auto

This example shows how to set a port to autonegotiate at only 10 Mbps:

Switch(config)# interface fastethernet0/1
Switch(config-if)# speed auto 10

This example shows how to set a port to autonegotiate at only 10 or 100 Mbps:

Switch(config)# interface fastethernet0/1
Switch(config-if)# speed auto 10 100

You can verify your settings by entering the show interfaces transceiver properties or the show running-config privileged EXEC command.

Related Commands

Command
Description

show interfaces

Displays the administrative and operational status of all interfaces or a specified interface.

show running-config

Displays the current operating configuration. For syntax information, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 > Cisco IOS File Management Commands > Configuration File Commands.


Corrections and Additions to the Catalyst 2950 Hardware Installation Guide

These chapters have changed or have new information:

"Quick Setup Chapter" section

"Installation Chapter" section

Quick Setup Chapter

This is a correction to the "Quick Setup" section:

The chapter states that the Express Setup program is supported on Catalyst 2950 LRE switches running Cisco IOS Release 12.1(14)EA1 or later. Express Setup is only supported on Catalyst 2950 LRE switches running Cisco IOS Release 12.1(19)EA1 or later.

This is a new step in the "Configuring the Switch Settings" section:

Step 2

Enter a VLAN ID in the Management Interface (VLAN ID) field. This is the management interface through which you manage the switch and to which you assign IP information. The Management Interface field displays 1 by default. The VLAN ID range for this field is 1 to 1001.

Installation Chapter

This an addition to the "Installation Guidelines" section:

For sites requiring compliance to Telcordia GR-1089-CORE Intra-building Lightning requirements, all 10/100 and 10/100/1000 ports must be connected with shielded cable grounded at both ends.

This is a new section in the "Installation" chapter:

Installing the Optional AC Ground Kit for Catalyst 2950 Switches

For switches that require a two-hole lug for grounding, you can order a kit containing the ground lug and hardware (Cisco part number NEBS-LUG-3550=).


Note When you install the ground-lug kit, you cannot connect a redundant power system (RPS) to the switch.


To install the ground lug, you need these tools and equipment:

Ratcheting torque screwdriver with a Phillips head that exerts up to 15 pound-force inches (lbf-in.) or 240 ounce-force inches (ozf-in.) of pressure

Panduit crimping tool with optional controlled-cycle mechanism (model CT-700, CT-720, CT-920, CT-920CH, CT-930, or CT-940CH)

6-gauge copper ground wire (insulated or noninsulated)

Wire-stripping tool for stripping 6-gauge wires

To ground the switch to earth ground, follow these steps. Make sure to follow any grounding requirements at your site.


Step 1 Use the two Phillips pan-head screws to attach the RPS connector cover to the back of the switch as shown in Figure 1.

Figure 1 Attaching the RPS Connector Cover

Step 2 If your ground wire is insulated, use a wire stripping tool to strip the 6-gauge ground wire to 0.5 inch (12.7 mm) ± 0.02 inch (0.5 mm), as shown in Figure 2.

Figure 2 Stripping the Ground Wire

Step 3 Slide the open end of the ground lug over the exposed area of the 6-gauge wire.

Step 4 Using a Panduit crimping tool, crimp the ground lug to the 6-gauge wire, as shown in Figure 3.

Figure 3 Crimping the Ground Lug

Step 5 Use the two number-10-32 screws to attach the ground lug and wire assembly to the switch rear panel RPS connector cover, as shown in Figure 4.

Step 6 Using a ratcheting torque screwdriver, torque each ground-lug screw to 15 lbf-in. (240 ozf-in.)

Figure 4 Torquing Ground-Lug Screws


Corrections and Additions to the Catalyst 2940 Hardware Installation Guide

These chapters have changed or have new information:

"Quick Setup Chapter" section

"Overview Chapter" section

"Managing the Switch by Using the Cluster Management Suite Chapter" section

Quick Setup Chapter

This is a new step in the "Configuring the Switch Settings" section:

Step 2

Enter a VLAN ID in the Management Interface (VLAN ID) field. This is the management interface through which you manage the switch and to which you assign IP information. The Management Interface field displays 1 by default. The VLAN ID range for this field is 1 to 1001.

Overview Chapter

This is an addition to the "Features" section:

The Catalyst 2940-8TF-S switch now supports CWDM SFP modules.

Managing the Switch by Using the Cluster Management Suite Chapter

This is a correction to the "CMS Requirements" section:

The CMS requirements described are no longer correct. Refer to the "Getting Started with CMS" chapter of the software configuration guide for the latest CMS requirements.

Related Documentation

These documents provide complete information about the Catalyst 2955, 2950, and 2940 switches and are available at Cisco.com:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2940/index.htm

You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and from the telephone numbers listed in the "Obtaining Documentation" section.

These publications provide more information about the Catalyst 2955 and Catalyst 2950 switches:

Catalyst 2950 Desktop Switch Hardware Installation Guide (order number DOC-7811157=)

Catalyst 2955 Hardware Installation Guide (order number DOC-7814944=)

Catalyst 2950 and Catalyst 2955 Desktop Switch Software Configuration Guide (order number DOC-7811380=)

Catalyst 2950 and Catalyst 2955 Desktop Switch Command Reference (order number DOC-7811381=)

Catalyst 2950 and Catalyst 2955 Desktop Switch System Message Guide (order number DOC-7814233=)

These publications provide more information about the Catalyst 2940 switches:

Catalyst 2940 Switch Software Configuration Guide (order number DOC-7815507=)

Catalyst 2940 Switch Command Reference (order number DOC-7815505=)

Catalyst 2940 Switch System Message Guide (order number DOC-7815524=)

Cluster Management Suite (CMS) online help (available only from the switch CMS software)

Catalyst 2940 Switch Hardware Installation Guide (order number DOC-7815435=)

For other information about related products, refer to these documents:

1000BASE-T Gigabit Interface Converter Installation Notes (not orderable but is available on Cisco.com)

Catalyst GigaStack Gigabit Interface Converter Hardware Installation Guide (order number DOC-786460=)

Cisco LRE CPE Hardware Installation Guide (order number DOC-7811469=)

Cluster Management Suite (CMS) online help (available only from the switch CMS software)

CWDM Passive Optical System Installation Note (not orderable but is available on Cisco.com)

Installation Notes for the Catalyst Family Small-Form-Factor Pluggable Modules (order number DOC-7815160=)

Installation and Warranty Notes for the Cisco LRE 48 POTS Splitter (order number DOC-7812250=)

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/index.shtml

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can send comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.

Cisco Technical Support Website

The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool automatically provides recommended solutions. If your issue is not resolved using the recommended resources, your service request will be assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553 2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://cisco.com/univercd/cc/td/doc/pcat/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html