-
Catalyst 2940 Switch Software Configuration Guide, 12.1(22)EA2
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Clustering Switches
-
Administering the Switch
-
Configuring Switch-Based Authentication
-
Configuring 802.1X Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring SmartPort Macros
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring VLANs
-
Configuring VTP
-
Configuring Voice VLAN
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring UDLD
-
Configuring CDP
-
Configuring SPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring QoS
-
Configuring EtherChannels
-
Troubleshooting
-
Supported MIBs
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - P - Q - R - S - T - U - V - W - X -
Index
Numerics
802.1D
802.1Q
and trunk ports 8-2
configuration limitations 13-16
encapsulation 13-14
native VLAN for untagged traffic 13-20
802.1s
802.1w
802.1x
802.3x flow control 8-12
A
abbreviating commands 2-3
access control list
access-denied response, VMPS 13-25
access list
access ports
defined 8-2
accounting
with RADIUS 6-28
ACL 1-5
addresses
displaying the MAC address table 5-26
dynamic
accelerated aging 10-8
changing the aging time 5-22
default aging 10-8
defined 5-20
learning 5-21
removing 5-23
MAC, discovering 5-26
multicast STP address management 10-8
static
adding and removing 5-25
defined 5-20
address resolution 5-26
Address Resolution Protocol
advertisements
CDP 19-1
aggregated ports
aging, accelerating 10-8
aging time
accelerated
for MSTP 11-20
MAC address table 5-22
maximum
for MSTP 11-21
for STP 10-21
alarms, RMON 21-3
allowed-VLAN list 13-18
ARP table
address resolution 5-26
managing 5-26
attributes, RADIUS
vendor-proprietary 6-30
vendor-specific 6-29
audience xix
authentication
local mode with AAA 6-32
NTP associations 5-4
RADIUS
defined 6-18
key 6-21
login 6-23
TACACS+
defined 6-11
key 6-13
login 6-14
See also port-based authentication
authoritative time source, described 5-2
authorization
with RADIUS 6-27
authorized ports with 802.1x 7-4
autoconfiguration 3-3
autonegotiation
interface configuration guidelines 8-10
mismatches 26-10
auxiliary VLAN
B
BackboneFast
described 12-5
enabling 12-14
support for 1-4
banners
configuring
login 5-20
message-of-the-day login 5-18
default configuration 5-18
when displayed 5-18
booting
boot loader, function of 3-1
boot process 3-1
boot loader
described 3-1
trap-door mechanism 3-2
BPDU
error-disabled state 12-2
filtering 12-3
RSTP format 11-9
BPDU filtering
described 12-3
enabling 12-12
support for 1-4
BPDU guard
described 12-2
enabling 12-11
support for 1-4
broadcast storm control
C
cables, monitoring for unidirectional links 18-1
candidate switch
defined 4-2
requirements 4-2
See also command switch, cluster standby group, and member switch
caution, described xx
CDP
and trusted boundary 24-7
configuring 19-2
CDP (continued)default configuration 19-2
described 19-1
disabling for routing device 19-3, 19-4
enabling and disabling
on an interface 19-4
on a switch 19-3
monitoring 19-5
overview 19-1
transmission timer and holdtime, setting 19-2
updates 19-2
Cisco Access Analog Trunk Gateway 1-11
Cisco CallManager software 1-11
Cisco Discovery Protocol
Cisco IOS command-line interface
Cisco IP Phones 1-11
Cisco Network Assistant
Cisco SoftPhone software 1-11
clearing interfaces 8-15
CLI
abbreviating commands 2-3
command modes 2-1
described 1-6
editing features
enabling and disabling 2-6
keystroke editing 2-6
wrapped lines 2-7
error messages 2-4
getting help 2-3
history
changing the buffer size 2-4
described 2-4
disabling 2-5
recalling commands 2-5
managing clusters 4-3
CLI (continued)no and default forms of commands 2-3
client mode, VTP 14-3
clock
clusters, switch
described 4-1
managing
through CLI 4-3
through SNMP 4-4
planning considerations
CLI 4-3
SNMP 4-4
cluster standby group, requirements 4-2
command-line interface
command modes 2-1
commands
abbreviating 2-3
no and default 2-3
setting privilege levels 6-8
command switch
configuration conflicts 26-10
defined 4-1
password privilege levels 4-3
recovery
from failure 26-6
from lost member connectivity 26-10
replacing
with another switch 26-9
with cluster member 26-7
requirements 4-2
See also candidate switch, cluster standby group, member switch, and standby command switch
community strings
configuring 23-7
for cluster switches 23-4
overview 23-4
configuration conflicts, recovering from lost member connectivity 26-10
configuration examples, network
collapsed backbone and switch cluster 1-10
design concepts
network performance 1-8
network services 1-8
large campus 1-11
small to medium-sized network 1-9
configuration files
limiting TFTP server access 23-13
obtaining with DHCP 3-7
password recovery disable considerations 6-5
system contact and location information 23-13
VMPS database 13-25
configuration settings, saving 3-10
configure terminal command 8-5
conflicts, configuration 26-10
connections, secure remote 6-33
connectivity problems 26-11
consistency checks in VTP version 2 14-4
console port, connecting to 2-9
conventions
command xx
for examples xx
publication xx
text xx
CoS
configuring 24-2
configuring priority queues 24-9
defining 24-3
override priority 15-5
trust priority 15-5
counters, clearing interface 8-15
crashinfo file 26-16
D
daylight saving time 5-13
debugging
enabling all system diagnostics 26-15
enabling for a specific feature 26-14
redirecting error message output 26-15
using commands 26-14
default commands 2-3
default configuration
802.1x 7-9
banners 5-18
CDP 19-2
DNS 5-17
EtherChannel 25-8
IGMP filtering 16-21
IGMP snooping 16-7
IGMP throttling 16-21
initial switch information 3-3
Layer 2 interfaces 8-9
MAC address table 5-22
MSTP 11-12
MVR 16-16
NTP 5-4
optional spanning-tree features 12-10
password and privilege level 6-2
port security 17-6
QoS 24-4
RADIUS 6-20
RMON 21-3
RSPAN 20-5
SNMP 23-5
SPAN 20-5
storm control 17-2
STP 10-11
system message logging 22-3
system name and prompt 5-15
TACACS+ 6-13
UDLD 18-4
default configuration (continued)VLAN, Layer 2 Ethernet interfaces 13-16
VLANs 13-7
VMPS 13-26
voice VLAN 15-2
VTP 14-6
default gateway 3-10
deleting VLANs 13-9
description command 8-14
detecting indirect link failures, STP 12-5
device discovery protocol 19-1
device manager
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server-side 3-5
TFTP server 3-5
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-3
DNS
and DHCP-based autoconfiguration 3-6
default configuration 5-17
displaying the configuration 5-18
overview 5-16
setting up 5-17
documentation, related xx
document conventions xx
domain names
DNS 5-16
VTP 14-8
Domain Name System
downloading
image files
using HTTP 1-2
using Network Assistant 1-2
duplex mode, configuring 8-10
dynamic access ports
characteristics 13-3
configuring 13-27
defined 8-2
dynamic addresses
dynamic desirable trunking mode 13-15
dynamic port VLAN membership
described 13-25
reconfirming 13-28
troubleshooting 13-30
types of connections 13-27
VMPS database configuration file 13-25
Dynamic Trunking Protocol
E
editing features
enabling and disabling 2-6
keystrokes used 2-6
wrapped lines 2-7
enable password 6-4
enable secret password 6-4
encapsulation 24-2
encryption for passwords 6-4
error messages
during command entry 2-4
setting the display destination device 22-4
severity levels 22-8
system message format 22-2
EtherChannel
automatic creation of 25-3
configuration guidelines 25-8
default configuration 25-8
destination MAC address forwarding 25-6
displaying status 25-14
forwarding methods 25-11
number of interfaces per 25-2
overview 25-1
PAgP
aggregate-port learners 25-5
compatibility with Catalyst 1900 25-12
displaying status 25-14
interaction with other features 25-6
learn method and priority configuration 25-12
modes 25-4
overview 25-3
silent mode 25-4
support for 1-2
port-channel interfaces
described 25-2
numbering of 25-2
port groups 8-3
source MAC address forwarding 25-6
EtherChannel guard
described 12-7
enabling 12-14
Ethernet VLANs
adding 13-8
defaults and ranges 13-7
modifying 13-8
events, RMON 21-3
examples
conventions for xx
network configuration 1-8
extended-range VLANs
configuration guidelines 13-12
configuring 13-11
extended-range VLANs (continued)creating 13-12
defined 13-1
extended system ID
MSTP 11-14
Extensible Authentication Protocol over LAN 7-1
F
fallback VLAN name 13-26
fiber-optic, detecting unidirectional links 18-1
files, crashinfo
description 26-16
displaying the contents of 26-16
location 26-16
filtering show and more command output 2-8
flow control 8-12
forward-delay time
MSTP 11-20
forwarding
FTP
accessing MIB files A-2
G
GBICs
security and identification 26-11
get-bulk-request operation 23-3
get-next-request operation 23-3, 23-4
get-request operation 23-3, 23-4
get-response operation 23-3
global configuration mode 2-2
guide
audience xix
purpose of xix
guide mode 1-1
GUIs
See device manager and Network Assistant 1-6
H
hello time
MSTP 11-19
STP 10-20
help, for the command line 2-3
history
changing the buffer size 2-4
described 2-4
disabling 2-5
recalling commands 2-5
history table, level and number of syslog messages 22-10
hosts, limit on dynamic ports 13-30
HP OpenView 1-7
I
ICMP ping
executing 26-12
overview 26-11
IDS, using with SPAN 20-2
IEEE 802.1p 15-1
IGMP
joining multicast group 16-3
join messages 16-3
leave processing, enabling 16-10
leaving multicast group 16-5
queries 16-3
report suppression
described 16-5
disabling 16-11
throttling action 16-21
IGMP, joining multicast group 16-3
IGMP filtering
configuring 16-21
default configuration 16-21
described 16-20
monitoring 16-26
IGMP groups
configuring the throttling action 16-24
setting the maximum number 16-24
IGMP profile
applying 16-23
configuration mode 16-21
configuring 16-22
IGMP snooping
configuring 16-6
default configuration 16-7
definition 16-2
enabling and disabling 16-7
global configuration 16-7
Immediate Leave 16-5
method 16-8
monitoring 16-12
VLAN configuration 16-8
IGMP throttling
configuring 16-24
default configuration 16-21
described 16-21
displaying action 16-26
Immediate-Leave, IGMP 16-5
ingress port scheduling 24-3
interface
number 8-4
range macros 8-7
interface configuration mode 2-2
interfaces
Cisco IOS supported 1-6
configuration guidelines 8-10
configuring 8-5
configuring duplex mode 8-10
interfaces (continued)configuring speed 8-10
counters, clearing 8-15
described 8-14
descriptive name, adding 8-14
displaying information about 8-14
flow control 8-12
IOS supported 1-6
monitoring 8-14
naming 8-14
physical, identifying 8-4
range of 8-5
restarting 8-16
shutting down 8-16
supported 8-8
types of 8-1
interfaces range macro command 8-7
Intrusion Detection System
IP addresses
candidate or member 4-2
command switch 4-2
discovering 5-26
ip igmp profile command 16-21
IP information
assigned
manually 3-9
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing and IGMP snooping 16-2, 16-6
IP phones
and 802.1x authentication 7-7
and QoS 15-1
configuring 15-3
trusted boundary for QoS 24-7
IPv4 1-1
IPv6 1-1
IP version 4 1-1
IP version 6 1-1
J
join messages, IGMP 16-3
L
LACP
Layer 2 frames, classification with CoS 24-1
Layer 2 interfaces, default configuration 8-9
Layer 2 traceroute
and ARP 26-13
and CDP 26-13
described 26-13
IP addresses and subnets 26-13
MAC addresses and VLANs 26-13
multicast traffic 26-13
multiple devices on a port 26-14
unicast traffic 26-13
usage guidelines 26-13
leave processing, IGMP 16-10
line configuration mode 2-2
links, unidirectional 18-1
login authentication
with RADIUS 6-23
with TACACS+ 6-14
login banners 5-18
log messages
loop guard
described 12-9
enabling 12-16
support for 1-4
M
MAC addresses
aging time 5-22
and VLAN association 5-21
building the address table 5-21
default configuration 5-22
discovering 5-26
displaying 5-26
dynamic
learning 5-21
removing 5-23
static
adding 5-25
characteristics of 5-25
removing 5-25
sticky secure, adding 17-5
MAC address multicast entries, monitoring 16-13
MAC address-to-VLAN mapping 13-24
macros
management options
benefits
clustering 1-7
Network Assistant 1-7
CLI 2-1
Network Assistant 1-1
overview 1-6
maximum aging time
MSTP 11-21
STP 10-21
maximum hop count, MSTP 11-21
membership mode, VLAN port 13-3
member switch
defined 4-1
managing 4-3
recovering from lost connectivity 26-10
requirements 4-2
member switch (continued)See also candidate switch, cluster standby group, and standby command switch
messages to users through banners 5-18
MIBs
accessing files with FTP A-2
location of files A-2
overview 23-1
SNMP interaction with 23-4
supported A-1
mirroring traffic for analysis 20-1
mismatches, autonegotiation 26-10
monitoring
cables for unidirectional links 18-1
CDP 19-5
IGMP
filters 16-26
snooping 16-12
interfaces 8-14
multicast router interfaces 16-13
MVR 16-20
network traffic for analysis with probe 20-1
port protection 17-11
speed and duplex mode 8-11
traffic flowing among switches 21-1
traffic suppression 17-11
VLANs 13-13
VMPS 13-29
VTP 14-15
MSTP
boundary ports
configuration guidelines 11-12
described 11-5
BPDU filtering
described 12-3
enabling 12-12
MSTP (continued)BPDU guard
described 12-2
enabling 12-11
CIST, described 11-3
configuration guidelines 11-12, 12-10
configuring
forward-delay time 11-20
hello time 11-19
link type for rapid convergence 11-22
maximum aging time 11-21
maximum hop count 11-21
MST region 11-13
path cost 11-18
port priority 11-17
root switch 11-14
secondary root switch 11-16
switch priority 11-19
CST
defined 11-3
operations between regions 11-3
default configuration 11-12
default optional feature configuration 12-10
described 11-2
displaying status 11-23
enabling the mode 11-13
EtherChannel guard
described 12-7
enabling 12-14
extended system ID
effects on root switch 11-14
effects on secondary root switch 11-16
unexpected behavior 11-15
instances supported 10-9
interface state, blocking to forwarding 12-2
interoperability and compatibility among modes 10-10
interoperability with 802.1D
described 11-5
restarting migration process 11-22
MSTP (continued)IST
defined 11-2
master 11-3
operations within a region 11-3
loop guard
described 12-9
enabling 12-16
mapping VLANs to MST instance 11-13
MST region
described 11-2
hop-count mechanism 11-4
supported spanning-tree instances 11-2
Port Fast
described 12-2
enabling 12-10
preventing root switch selection 12-8
root guard
described 12-8
enabling 12-15
root switch
configuring 11-15
effects of extended system ID 11-14
unexpected behavior 11-15
shutdown Port Fast-enabled port 12-2
multicast groups
and IGMP snooping 16-6
Immediate Leave 16-5
joining 16-3
leaving 16-5
static joins 16-9
multicast router interfaces, monitoring 16-13
multicast router ports, adding 16-9
multicast storm control
Multicast VLAN Registration
Multiple Spanning Tree Protocol
MVR
configuring interfaces 16-18
default configuration 16-16
described 16-13
modes 16-17
monitoring 16-20
setting global parameters 16-17
N
native VLAN
configuring 13-20
default 13-20
Network Assistant
advantages with switch clustering 1-7
described 1-6
guide mode 1-1
management options 1-1
wizards 1-2
network examples
collapsed backbone and switch cluster 1-10
design concepts
network performance 1-8
network services 1-8
large campus 1-11
small to medium-sized network 1-9
network management
CDP 19-1
RMON 21-1
SNMP 23-1
Network Time Protocol
no commands 2-3
nontrunking mode 13-15
normal-range VLANs
configuration modes 13-6
defined 13-1
note, described xx
NTP
associations
authenticating 5-4
defined 5-2
enabling broadcast messages 5-6
peer 5-5
server 5-5
default configuration 5-4
displaying the configuration 5-10
overview 5-2
restricting access
creating an access group 5-8
disabling NTP services per interface 5-9
source IP address, configuring 5-10
stratum 5-2
synchronizing devices 5-5
time
services 5-2
synchronizing 5-2
P
PAgP
pass-through mode 24-8
passwords
default configuration 6-2
disabling recovery of 6-5
encrypting 6-4
overview 6-1
setting
enable 6-3
enable secret 6-4
Telnet 6-6
with usernames 6-7
VTP domain 14-8
path cost
MSTP 11-18
STP 10-18
per-VLAN spanning-tree plus
physical ports 8-1
PIM-DVMRP, as snooping method 16-8
ping
character output description 26-12
executing 26-12
overview 26-11
Port Aggregation Protocol
port-based authentication
accounting 7-5
accounting services 1-5
authentication server
defined 7-2
RADIUS server 7-2
client, defined 7-2
configuration guidelines 7-10
configuring
802.1x accounting 7-21
802.1x authentication 7-11, 7-19
guest VLAN 7-17
host mode 7-17
manual re-authentication of a client 7-14
periodic re-authentication 7-14
quiet period 7-15
RADIUS server 7-14
RADIUS server parameters on the switch 7-13
switch-to-client frame-retransmission number 7-16
switch-to-client retransmission time 7-15
default configuration 7-9
described 7-1
device roles 7-2
displaying statistics 7-22
EAPOL-start frame 7-3