The Catalyst 2960-L switches are Ethernet switches to which you can connect devices such as Cisco IP Phones, Cisco Wireless Access Points, workstations, and other network devices such as servers, routers, and other switches.
Table 1 Catalyst 2960-L Switch Models
Cisco IOS Image
Cisco Catalyst 2960-L switch with 8 10/100/1000 Ethernet ports and 2 SFP module slots
Cisco Catalyst 2960-L PoE switch with 8 10/100/1000 Ethernet ports and 2 SFP module slots
Cisco Catalyst 2960-L switch with 16 10/100/1000 Ethernet ports and 2 SFP module slots
Cisco Catalyst 2960-L PoE switch with 16 10/100/1000 Ethernet ports and 2 SFP module slots
Cisco Catalyst 2960-L switch with 24 10/100/1000 Ethernet ports and 4 SFP module slots
Cisco Catalyst 2960-L PoE switch with 24 10/100/1000 Ethernet ports and 4 SFP module slots
Cisco Catalyst 2960-L switch with 48 10/100/1000 Ethernet ports and 4 SFP module slots
Cisco Catalyst 2960-L PoE switch with 48 10/100/1000 Ethernet ports and 4 SFP module slots, without fan
Cisco Catalyst 2960-L switch with 24 10/100/1000 Ethernet ports and 4 SFP+ module slots
Cisco Catalyst 2960-L PoE switch with 24 10/100/1000 Ethernet ports and 4 SFP+ module slots
Cisco Catalyst 2960-L switch with 48 10/100/1000 Ethernet ports and 4 SFP+ module slots
Cisco Catalyst 2960-L PoE switch with 48 10/100/1000 Ethernet ports and 4 SFP+ module slots, without fan
The Catalyst 2960-L switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest SFP+ and SFP module compatibility information:
The following table lists the system requirements for a PC running Cisco Configuration Professional for Catalyst, including Web browser versions.
Table 2 System Requirements
Any of the following:
Mac OS 10.9.5
Microsoft Windows Version 7
Cisco CPC can be used with the following browsers:
Google Chrome 52 and later
Mozilla Firefox 48 and later
Apple Safari 9 and later
Internet Explorer 11 and later
1280 X 800 pixels or higher
Upgrading the Switch Software
Finding the Software Version and Feature Set
The Cisco IOS image is stored as a bin file in a directory that is named with the Cisco IOS release number. The files necessary for web management are contained in a subdirectory. The image is stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note Although the show version output always shows the software image running on the switch, the model name shown at the end of this display is the factory configuration and does not change if you upgrade the software license.
You can also use the dir filesystem : privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
If you have a service support contract and order a software license or if you order a switch, you receive the universal software image and a specific software license.
Table 3 Software Image for Cisco Catalyst 2960-L
LAN Lite image
LAN Lite cryptographic image with Device Manager.
If the Web UI does not load or work properly after the software upgrade, perform the following steps:
Step 1 Specify the authentication method for HTTP server users as local.
Device(config)# ip http authentication local
Step 2 Configure the username and password with privilege 15.
Device(config)# username user privilege 15 password password
Step 3 Clear the browser cache and relaunch the Web UI.
Step 4 Login by entering the privilege 15 username and password.
Features of the Switch
The Catalyst 2960-L switch supports the LAN Lite+ feature set. This provides standard Layer 2 security and quality of service (QoS) features, and up to 256 active VLANs. The switch models have reduced functionality and scalability with entry level features in Layer 2.
Specific differences between the two feature sets are described in the following sections.
Cisco Catalyst Smart Operations is a comprehensive set of features that simplify LAN deployment, configuration, and troubleshooting. Catalyst Smart Operations enable zero touch installation and replacement of switches and fast upgrade, as well as ease of troubleshooting with reduced operational cost. Catalyst Smart Operations is a set of features that includes Auto Smartports, Smart Configuration, and Smart Troubleshooting to enhance operational excellence:
– Cisco Auto Smartports provide automatic configuration as devices connect to the switch port, allowing auto detection and plug and play of the device onto the network.
– Cisco Smart Configuration provides a single point of management for a group of switches and in addition adds the ability to archive and back up configuration files to a file server or switch allowing seamless zero touch switch replacement.
– Cisco Smart Troubleshooting is an extensive array of debug diagnostic commands and system health checks within the switch, including Generic Online Diagnostics (GOLD) and Onboard Failure Logging (OBFL).
– Auto Configuration determines the level of network access provided to an endpoint based on the type of the endpoint device.
Cisco Prime Infrastructure is a set of tools that enables you to automate much of the management of your Cisco network. It is supported with device pack1 (2.1) 4.
Interface templates provide a mechanism to configure multiple commands at the same time and associate it with a target (such as an interface). An interface template is a container of configurations or policies that can be applied to specific ports.
The Cisco Catalyst 2960-L Series Switches provide a range of security features to limit access to the network and mitigate threats.
In Cisco IOS Release 15.2(7)E3 and later releases, SSH is enabled by default to connect to networks, and Telnet is disabled by default.
Port security secures the access to an access or trunk port based on MAC address. It limits the number of learned MAC addresses to deny MAC address flooding.
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers.
Dynamic ARP inspection (DAI) to prevent malicious attacks on the switch by not relaying invalid ARP requests and responses to other ports in the same VLAN.
Flexible authentication that supports multiple authentication mechanisms including 802.1X, MAC Authentication Bypass and web authentication using a single, consistent configuration.
Open mode that creates a user friendly environment for 802.1X operations.
Comprehensive RADIUS Change of Authorization capability for asynchronous policy management.
Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
Secure Shell (SSH) Protocol and Simple Network Management Protocol Version 3.
(SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Intrusion Detection.
TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts unauthorized users from altering the configuration.
MAC address notification allows administrators to be notified of users added to or removed from the network.
Multilevel security on console access prevents unauthorized users from altering the switch configuration.
Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
IGMP filtering provides multicast authentication by filtering out non-subscribers and limits the number of concurrent multicast streams available per port.
802.1x monitor mode allows companies to enable authentication across the wired infrastructure in an audit mode without affecting wired users or devices. It helps IT administrators smoothly manage 802.1x transitions by allowing access and logging system messages when a device requires reconfiguration or is missing an 802.1x supplicant.
Deployment and Control Features
Dynamic Host Configuration Protocol (DHCP) Auto-configuration of multiple switches through a boot server eases switch deployment.
Auto-negotiation on all ports automatically selects half- or full-duplex transmission mode to optimize bandwidth.
Dynamic Trunking Protocol (DTP) facilitates dynamic trunk configuration across all switch ports.
Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel groups and Gigabit groups.
Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad.
Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect wiring. Also, port faults can be detected and disabled on the interfaces.
Internet Group Management Protocol (IGMP) v1, v2, v3 Snooping for IPv4. MLD v1 and v2 Snooping provide fast client joins and leaves of multicast streams and limit bandwidth-intensive video traffic to only the requestors.
Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
The Embedded Remote Monitoring (RMON) software agent supports four RMON groups (history, statistics, alarms, and events) for enhanced traffic management, monitoring, and analysis.
Layer 2 traceroute eases troubleshooting by identifying the physical path that a packet takes from source to destination.
Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location.
Network Timing Protocol (NTP) provides an accurate and consistent timestamp to all intranet switches.
Storm control for unicast, broadcast and multicast traffic to prevent disruption in the network due to packet flooding on the LAN.
IEEE 802.1s/w Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) provide rapid spanning-tree convergence independent of spanning-tree timers and also offers the benefit of Layer 2 load balancing and distributed processing.
Switch-port auto-recovery (error-disable) automatically attempts to reactivate a link that is disabled because of a network error.
Limitations and Restrictions
There is limit of 384 ACEs for MAC/IPv4 and 256 ACEs for IPv6. For some scenarios, one ACE entry can lead to 2 TCAM entries. For IPv6, 512 TCAM entries are used per ASIC.
Extension header match options for IPv6 PACLs are not supported on the switch. Also, PACLs not supported in the out direction.
Storm control for multicast with PPS and % may not work.
Software Compatibility Matrix
New Software Features
Features Introduced in Cisco IOS Release 15.2(7)E5
Features Introduced in Cisco IOS Release 15.2(7)E4
Features Introduced in Cisco IOS Release 15.2(7)E3
Features Introduced in Cisco IOS Release 15.2(7)E2
Features Introduced in Cisco IOS Release 15.2(7)E1
Features Introduced in Cisco IOS Release 15.2(7)E0a
IPv6 RA Guard: Supports allowing the network administrator to block or reject unwanted or rogue router advertisement (RA) guard messages that arrive at the network device platform.
Dual Active Detection Using Enhanced PAgP: If the switch is connected to a Virtual Switch System (VSS) using a PAgP EtherChannel, it automatically serves as a VSS client, using enhanced PAgP on this EtherChannel for dual-active detection.
Sampled flow (sFlow): This feature allows you to monitor real-time traffic in data networks containing switches and routers. It uses the sampling mechanism in the sFlow agent software on switches to monitor traffic and to forward the sample data to the central data collector.
IP Source Guard support for EtherChannels: You can now configure IP source guard on EtherChannel interfaces.
SFTP: The device supports SSH File Transfer Protocol (SFTP). The SFTP client functionality is provided as part of the SSH component and is always enabled on the corresponding device. Therefore, any SFTP server user with the appropriate permission can copy files to and from the device.
Service and Support
Information About Caveats
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
The Bug Search Tool (BST), which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat listed in this document:
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.